2020-11-24 Weekly News - Episode 80
Watch the video version on YouTube at
https://youtu.be/FdGFGx8Ht7c Hosts:
Gavin Pickin - Software Consultant for Ortus Solutions
Brad Wood - Software Consultant for Ortus Solutions
Thanks to our Sponsor - Ortus Solutions
Into the Box Latam Dec 3rd and 4th - English and Spanish
CFCasts is releasing new Free and Paid content every week
Patreon SupportWe have 34 patreons providing 58% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions. If you love our podcasts and all we do for the #coldfusion #cfml community considers chipping in, we are almost there!
https://www.ortussolutions.com/blog/we-need-your-help News and EventsSecurity Vulnerability Alert - Lucee
We are aware of a potential security vulnerability related to the Lucee Admin. Details of how to exploit this vulnerability will be made public on December 5th, 2020 by a third party, so we are alerting Lucee users to address this potential issue now.
If your Lucee Admin is already locked down, this is not an issue. To lock down your admin, follow the recommendations in the Lucee Lockdown Guide
In addition, we strongly recommend updating to one of the following stable releases which have been patched to address the vulnerability
https://dev.lucee.org/t/lucee-vulnerability-alert-november-2020/7643 TestBox v4.2 Released! - SECURITY UPDATEWe are excited to announce a new minor version release of TestBox version 4.2.x. To install just use CommandBox: install testbox --saveDev or to update your TestBox installation update testbox.
This release includes two important security updates just in case you have deployed TestBox or your tests to production (TESTBOX-294 and TESTBOX-293). Please note, that you should NEVER deploy TestBox and your tests to production. It is a library for development purposes and it has no purpose in being deployed to production servers.
In addition to updating your Testbox installation, you need to update any test browser files that may be in your tests folder. The current version of the Testbox test browser can be found here:
https://github.com/Ortus-Solutions/TestBox/blob/development/test-browser/index.cfm You can avoid installing testbox in production by using the install --production CommandBox command.
https://www.ortussolutions.com/blog/testbox-v42-released Breaking change in Adobe ColdFusion 2021Breaking change in CF2021, new dateformat mask of D may be serious problem for old code
Wow. Beware of this subtle breaking change in CF2021, something discovered since its release (was not documented as one of the "new" things, nor was it documented at all in the beta).
Consider this fragment, which could exist in similar form in millions of CFML templates:
dateformat("11-24-20","MM-DD-YY")
See anything wrong? Probably not. It will indeed "work fine" in CF2018 and before, producing 11-24-2020, as most would expect.
But that same code in CF2021 will produces instead 11-329-2020., which virtually no one would expect!
https://www.carehart.org/blog/client/index.cfm/2020/11/24/breaking_change_in_cf2021_dateformat_D_vs_d ColdFusion Builder 2016/2018 is NOT compatible with Big Sur#coldfusion #coldfusionbuilder #bigsur #macos ColdFusion Builder is NOT compatible with Big Sur. Before upgrading, check the support matrix. Refer to
https://helpx.adobe.com/coldfusion/kb/coldfusion-builder-big-sur.html We're working on this.
CFWheels 2.2 releasedIt’s been a while coming. Can I blame the pandemic? Lots of nice little tweaks and fixes in this version. Please see the changelog for all details. It should be an easy upgrade if you’re on 2.0 or 2.1, just swap out the wheels folder.
https://cfwheels.org/blog/cfwheels-2-2-released/ TryCF.com now supports Adobe ColdFusion 2021https://trycf.com/ Reminder: Updates to ColdFusion 2016 will end Feb 2021As Charlie Arehart states in his blog: Are you still running ColdFusion 2016? Did you know that its "core" support (meaning, public updates from Adobe) will end in just a couple of months, Feb 21 2021? Same for CFBuilder 2016.
The recent release of CF2021 is a great sign for the continued vitality of CF, but this looming deadline is a reminder that as the years roll on, we not only get new versions but we say good-bye to old ones.
Wondering what you can do? or when CF2018 or CF2021 support ends? And what's the difference between "core" and paid Adobe support plans? For more on these, as well as official Adobe documentation that discusses such things, read on.
https://www.carehart.org/blog/client/index.cfm/2020/11/23/cf2016_support_ends_feb_2021 Help us get CFML listed on Sentry.ioGiancarlo Gomez started a thread on Sentry.io to get CFML on the Create Project view. As he mentions in the thread, we have a couple of Sentry plugins available, one he created, and one by Brad.
Let’s get behind this thread, like, reply, and make a little noise for CFML.
https://forum.sentry.io/t/adding-coldfusion-as-a-platform/11875 RESCHEDULED - Seattle CFUG - Hands-on deep-dive into interacting with the Thinkific API.Wednesday, December 9th, 2020
6:00 PM to 7:30 PM PST
RESCHEDULED FROM Wednesday, November 11, 2020
Hosted by - William Frankhouser and Leon O'Daniel
This meeting features an hands-on deep-dive into interacting with the Thinkific API.
Thinkific is one of the top platforms for online course delivery. This meetup builds upon the concepts shared at the October 2020 Seattle ColdFusion User Group Meeting to provide a hands-on experience interacting with the Thinkific API.
https://www.meetup.com/Seattle-ColdFusion-User-Group/events/274050264/CFCasts Content Updates
We just got major updates!
1) Videos can now be filtered by language
2) A user's language preference is saved in their profile
3) We added a level field to series to specify the difficulty, and much more!
We value your feedback so don't hesitate to contact us
Before the month comes to an end, we have a surprise for you my friends. Our Zero to Hero workshop videos will be published THIS month! Be on the lookout for our updates.
Configure your CFML Servers with CFConfig
-
Service Layer - Practical Uses and Wrap-upSend your suggestions at
https://cfcasts.com/supportConferences and TrainingAWS re:Invent NOV. 30 – DEC. 18, 2020
Free
Amazon’s Premium Conference is also virtual, and a free 3-week event:
https://reinvent.awsevents.com/ ITB LatamDecember 3-4th
Live Virtual Conference in Spanish and English!!!
Price: $7.00
https://latam.intothebox.org/https://www.ortussolutions.com/events Google’s DevFest Silicon Valley. Saturday, December 5, 2020
10:00 AM to 2:00 PM PST
There will be 2 tracks over just 4 hours, with 4 sessions in each track and opening/closing remarks. Short and sweet, and the topics are ones that CFers may find interesting.
https://www.meetup.com/gdg-silicon-valley/events/274388593/ ColdFusion Security Training by Foundeo / Pete FreitagWriting Secure CFML
A hands-on CFML / ColdFusion Security Training class for developers. Learn how to identify and fix security vulnerabilities in your ColdFusion / CFML applications.
When: Thursday December 10, 2020 @ 11am-2pm & Friday December 11 @ 11am-2pm
(Eastern Standard Time, UTC -5) - 6 hours in total.
Where: Online / Web Conference
Who: Taught by Pete Freitag
Cost: $600 $475 (Early Bird Pricing through Dec 1st)
https://foundeo.com/consulting/coldfusion/security-training/ Adobe ColdFusion Certification now available Online
Adobe Certified Professional: Adobe ColdFusion is an industry-leading certification program from Adobe, for ColdFusion developers. The course consists of 50+ online videos and is designed for professionals who have basic to advanced level proficiency in any computer language and basic understanding of how web pages work. Successfully passing an assessment test at the end of the program will reward participants with a badge and certificate from Adobe.
Introductory Offer: $499
Blog:
https://coldfusion.adobe.com/2020/07/coldfusion-certification-online-now/Register:
https://www.adobe.com/products/coldfusion-family/certificate.htmlMore conferences:
https://confs.tech/Blogs, Tweets and Videos of the Week Blog - Charlie Arehart - Breaking change in CF2021, new dateformat mask of D may be serious problem for old codeWow. Beware of this subtle breaking change in CF2021, something discovered since its release (was not documented as one of the "new" things, nor was it documented at all in the beta).
Consider this fragment, which could exist in similar form in millions of CFML templates:
dateformat("11-24-20","MM-DD-YY")
See anything wrong? Probably not. It will indeed "work fine" in CF2018 and before, producing 11-24-2020, as most would expect.
But that same code in CF2021 will produces instead 11-329-2020., which virtually no one would expect!
https://www.carehart.org/blog/client/index.cfm/2020/11/24/breaking_change_in_cf2021_dateformat_D_vs_d Blog - Charlie Arehart - Be aware that updates to ColdFusion 2016 will end Feb 2021Are you still running ColdFusion 2016? Did you know that its "core" support (meaning, public updates from Adobe) will end in just a couple of months, Feb 21 2021? Same for CFBuilder 2016.
The recent release of CF2021 is a great sign for the continued vitality of CF, but this looming deadline is a reminder that as the years roll on, we not only get new versions but we say good-bye to old ones.
Wondering what you can do? or when CF2018 or CF2021 support ends? And what's the difference between "core" and paid Adobe support plans? For more on these, as well as official Adobe documentation that discusses such things, read on.
https://www.carehart.org/blog/client/index.cfm/2020/11/23/cf2016_support_ends_feb_2021 Blog - DopeFly Nathan Strutz - I teach coding to high school studentsLet me start by saying that we home school. And not just this year.
Initially it was out of a desire to keep our first kid ahead of the learning curve. This smart one was reading before kindergarten. Hey it worked - she graduated a year early and is making her way through college.
Something unexpected that came from this screwball 2020 year was the opportunity to teach a class at a home school co-op. This is essentially a one-day-a-week school experience that teaches those subjects that parents don’t want to do at home. We unashamedly use this for English classes, among a few other things. Families can pick up a class here or there, or build their entire curriculum out of it. There’s nothing home schoolers cherish more than the freedom to make educational choices for themselves, so this works for a lot of people.
https://www.dopefly.com/techblog/397/I-teach-coding-to-high-school-students Blog - Wil De Bruin - cbOrm: populating new objectsIn the past I’ve been using cborm a lot, since it makes handling coldfusion (hibernate) ORM so much easier. But lucee support for ORM was less than optimal in a multi-datasource environment, so I decided to rewrite this application more or less according to the fluent API approach as demonstrated by Gavin Pickin at ITB 2020. In this coding style I have two quite efficient ways of populating a new object
https://shiftinsert.nl/cborm-populating-new-objects/ Blog - Wil De Bruin - Arguments in argumentsI have to admit. This is not the most useful post I ever wrote, but today I discovered something funny but interesting when I tried to fix some small bug. I was working with the bcrypt module. If you don’t know what this module is doing: it is a very secure way for hashing passwords, and since checking the validity of your password is relatively slow it is quite useful to prevent password cracking. Before diving into bugfixing let’s see what bcrypt is doing. It is a coldbox module and only has a few relevant functions
https://shiftinsert.nl/arguments-in-arguments/ Blog - Wil De Bruin - Protecting your passwords with bCrypt.We all know. We should never ever store a plaintext password in a database. If a hacker gains access to your data you will be in serious trouble. There are many ways to protect your data, but at least you should make sure your passwords are not readable. In the past we did this by some simple hashing, but modern computers are so fast it is easy to do some password cracking. In time it even gets easier because processors are becoming faster and faster. Another disadvantage: simple hashing will reveal some records with the same passwords. These are often the easiest to guess or crack by brute force. So we need something better.
https://shiftinsert.nl/protecting-your-passwords-with-bcrypt/ Live stream - Matthew Clemente - Building a CommandBox Custom Command to Generate Markdown Docs (Learning by Trial and Error)At Adobe ColdFusion Summit this week, I gave a session on building tools with CommandBox. As a follow-up, I thought it might be worthwhile to live-stream while working on a Custom Command. So, I'll be working on a command to generate markdown documentation from CFCs (which will make it easier for me to document the API wrappers I write).
https://www.youtube.com/watch?v=R25ULWBwx6A&feature=youtu.be https://forgebox.io/view/commandbox-cfc-to-markdown-docsBlog - TeraTech - Adobe ColdFusion 2021, in the CloudIn case you missed it, Adobe has made a change, from CF 2020 to CF 2021.
Just a few days before ColdFusion Summit 2020, Adobe ColdFusion 2021 has seen the light of day. Without being pompous and without any huge announcement, we are seeing this new version, previously named Project Stratus. Let's see what we know so far, and what can we expect from it.
https://teratech.com/adobe-coldfusion-2021 Blog - Luis Majano - Ortus Solutions - TestBox v4.2 Released!We are excited to announce a new minor version release of TestBox version 4.2.x. To install just use CommandBox: install testbox --saveDev or to update your TestBox installation update testbox.
This release includes two important security updates just in case you have deployed TestBox or your tests to production (TESTBOX-294 and TESTBOX-293). Please note, that you should NEVER deploy TestBox and your tests to production. It is a library for development purposes and it has no purpose in being deployed to production servers.
In addition to updating your Testbox installation, you need to update any test browser files that may be in your tests folder. The current version of the Testbox test browser can be found here:
https://github.com/Ortus-Solutions/TestBox/blob/development/test-browser/index.cfm You can avoid installing testbox in production by using the install --production CommandBox command.
https://www.ortussolutions.com/blog/testbox-v42-released Blog - Ben Nadel - Lists - The Unsung Heroes Of ColdFusion And Lucee CFMLWhen you first start programming in ColdFusion, you tend to lean very heavily on the idea that "everything is a String". Then, as you become more experienced, you learn that String-manipulation is relatively slow; and, you start to use more complex data structures like Arrays and Structs where possible. But, as I was reminded yesterday in a conversation with fellow InVsion engineer, Shawn Grigson, Strings - and more specifically Lists - are an amazing part of the ColdFusion runtime. In fact, I'd go so far as to say they are the unsung heroes of the ColdFusion and Lucee CFML worlds. As such, I thought it would be fun to reflect on where I use lists in my day-to-day ColdFusion programming.
https://www.bennadel.com/blog/3928-lists-the-unsung-heroes-of-coldfusion-and-lucee-cfml.htm Blog - Fusion Reactor - ColdFusion 2018 vs Lucee ComparisonAdobe ColdFusion and Lucee are two leading web application development tools based on CFML (ColdFusion Markup Language) code. Adobe ColdFusion was initially developed to connect HTML and the database easily. With the release of Adobe ColdFusion 2018, a full-blown scripting language with CFML is incorporated along with an IDE. Further, the platform has been updated and enhanced to build more modularized, maintainable, and responsive web applications.
The popularity of CF led to the development of many open-sourced platforms, among which Lucee became a strong competitor for Adobe ColdFusion. Lucee stands up as an alternative CFML engine that employs dynamically typed scripting language for the Java Virtual Machine for the rapid development of web applications.
This article shall give you a briefing on both software by comparing and contrasting each other based on the below concerns.
http://www.fusion-reactor.com/blog/adobe-coldfusion-2018-versus-lucee/ CFML JobsSeveral positions available on
https://www.getcfmljobs.com/Listing over 45 ColdFusion positions from 29 companies across 24 locations in 5 Countries since July 1st
3 new jobs this week.
Full-Time - REMOTE ColdFusion Developer at Frederick - United States
Posted Nov 21
https://www.getcfmljobs.com/jobs/index.cfm/united-states/Remote-CFDev-US/11137 Full-Time - Senior Full Stack Developer at Remote - Canada
Posted Nov 20
https://www.getcfmljobs.com/jobs/index.cfm/canada/Sr-FullStackDev/11136 Full-Time - Coldfusion Developer_Immediate Joiners Only!! at Bengaluru, ..- India
Posted Nov 19
https://www.getcfmljobs.com/jobs/index.cfm/india/Coldfusion-DeveloperImmediate-Joiners-Only-at-Bengaluru-Karnataka/11135 Ortus is hiring: Senior ColdFusion CFML DeveloperAt Ortus you will be:
Modernizing web applications and helping companies move out of legacy hell
Teaming up with ColdFusion Experts in order to solve complex web development problems.
Testing and integrating new web technologies in order to create custom business implementations
Pushed to innovate constantly and create new solutions to web development problems
Leading project teams that deliver software that matters
US Timezone availability is a must
US Citizen or Resident or Work Visa is a must
https://www.ortussolutions.com/about-us/careersForgeBox Module of the WeekOrm Reload Interceptor by Eric PetersonORMReload with a URL flag - Just like you can add fwreinit=my_passsword to the URL to reload your ColdBox application, this module adds an interceptor that lets you specify ormreload=my_orm_reload_password.
The interceptor will work out of the box with no password set.
f you want to set the reload password, override the interceptor in your config/Coldbox.cfc settings
ORMReload on FWReinit - Installing this module will also automatically call ormReload() on a fwreinit (?fwreinit=1). You can override this setting by overriding the interceptor in your config/Coldbox.cfc settings, as well
box install orm-reload-interceptor
https://www.forgebox.io/view/orm-reload-interceptor VS Code Hint Tips and Tricks of the Week
Auto Rename Tag by Jun Han
4 million + installs
Automatically rename paired HTML/XML tag, same as Visual Studio IDE does.
https://marketplace.visualstudio.com/items?itemName=formulahendry.auto-rename-tag Thank you to all of our Patreon SupportersThese individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox, ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox.
You can support us on Patreon here
https://www.patreon.com/ortussolutionsBen Nadel
Brett DeLine
Carl Von Stetten
Charlie Arehart
Da Li
Dan Card
Daniel Garcia
David Belanger
Didier Lesnicki
Don Bellamy
Edgardo Cabezas
Erick Hoffman
Gary Knight
Giancarlo Gomez
Jan Jannek
Jason Daiger
Jeff McClain
Jeremy Adams
Jonas Erickson
Jordan Clark
Joseph Lamoree
Kai Koenig
Laksma Tirtohadi
Mario Rodrigues
Matthew Darby
Matthew Clemente
Mingo Hagen
Patrick Flynn
Ross Phillips
Scott Steinbeck
Shawn Oden
Steven Klotz
Synaptrix
Yogesh Mathur
You can see an up to date list of all sponsors on Ortus Solutions' Website
https://ortussolutions.com/about-us/sponsors