lystn

2023-03-07 Weekly News - Episode 187

Watch the video version on YouTube at https://youtube.com/live/6BZn9dCSHEs?feature=share

Hosts: 

• Gavin Pickin - Senior Developer at Ortus Solutions
• Grant Copley - Senior Developer at Ortus Solutions

Thanks to our Sponsor - Ortus Solutions

The makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there. 

A few ways  to say thanks back to Ortus Solutions:

• Like and subscribe to our videos on YouTube. 
• Help ORTUS reach for the Stars - Star and Fork our Repos
  • Star all of your Github Box Dependencies from CommandBox with https://www.forgebox.io/view/commandbox-github 
• Subscribe to our Podcast on your Podcast Apps and leave us a review
• Sign up for a free or paid account on CFCasts, which is releasing new content every week
• BOXLife store: https://www.ortussolutions.com/about-us/shop
• Buy Ortus’s Books
  • 102 ColdBox HMVC Quick Tips and Tricks on GumRoad (http://gum.co/coldbox-tips)
  • Learn Modern ColdFusion (CFML) in 100+ Minutes - Free online https://modern-cfml.ortusbooks.com/ or buy an EBook or Paper copy https://www.ortussolutions.com/learn/books/coldfusion-in-100-minutes 

 
Patreon Support ( BOXTACTULAR ) - UPDATED GOALS

We have 40 patreons:

Goal 1 - 25% -  This goal would help us to fully fund the hosting of ForgeBox.io (www.forgebox.io), the ColdFusion software directory.
Goal 2 - 12% - This goal would fund the development of CommandBox CLI, so it can remain FREE and Open Source forever.
Goal 3 - 6% - This goal would help us to fully fund the Modernize or Die podcasts.

https://www.patreon.com/ortussolutions.

News and Announcements

Authentication Bypass Vulnerability in Mura CMS and Masa CMS (CVE-2022-47003 and CVE-2022-47002)

Mura CMS is a popular content management system written in ColdFusion/CFML. While it was originally a commercial open source product, it was re-licensed as a closed source application with the release of Mura CMS v10 in 2020.  There are forked open source projects based on the last open source release of Mura CMS, including Masa CMS - which is actively maintained.

Multiple versions of Mura CMS and Masa CMS contain an authentication bypass vulnerability that can allow an unauthenticated attacker to login as any Site Member or System User.
https://hoyahaxa.blogspot.com/2023/03/authentication-bypass-mura-masa.html

ICYMI - State of the CF Union 2023 Released

Help us find out the state of the CF Union – what versions of CFML Engine do people use, what frameworks, tools etc.
https://teratech.com/state-of-the-cf-union-2023-survey

New Releases and Updates

CommandBox 5.8.0 Released!

We are pleased to announce the release of CommandBox 5.8.0, which comes with a handful of new features and some important library updates.

Now bundles commandbox-cfconfig, commandbox-dotenv, commandbox-update-check. Automatically installed or updated when you start CLI

Automcally sets the content type in the HTTP response for static file typesl. You can customize in server.json

Config and Module Sync - if you are authenticated to ForgeBox in the CLI, you can synchronize config settings to and from.
Web Server Case Sensitivty - forcing case sensitivity on Windows

REPL improvements

As usual, you can acquire the latest release from our download page or your favorite HomeBrew or apt/yum repo

https://www.ortussolutions.com/products/commandbox#download

https://www.ortussolutions.com/blog/commandbox-580-released

https://commandbox.ortusbooks.com/

ICYMI - First Lucee 6 Beta Released

Remember this is a BETA, so it’s not production ready, what we are looking for in this first BETA release, is for you to try and run your apps / test suites in locally and let us know how it goes for you.

https://dev.lucee.org/t/first-lucee-6-public-beta-is-available-6-0-0-346-beta/12195

Webinar / Meetups and Workshops

Ortus Event Calendar for Google

https://calendar.google.com/calendar/u/0?cid=Y181NjJhMWVmNjFjNGIxZTJlNmQ4OGVkNzg0NTcyOGQ1Njg5N2RkNGJiNjhjMTQwZjc3Mzc2ODk1MmIyOTQyMWVkQGdyb3VwLmNhbGVuZGFyLmdvb2dsZS5jb20

Ortus Webinar - March 17, 2023 - will confirm speaker and topic
Friday, March 17th, at 11am CST.

CFCasts Content Updates

https://www.cfcasts.com

Recent Releases

• Mastering CommandBox 5 - 1 new videos - https://cfcasts.com/series/mastering-commandbox-5
  • Inline Tab Complete - https://cfcasts.com/series/mastering-commandbox-5/videos/inline-tab-complete 
• 2023 ForgeBox Module of the Week Series - 1 new Video https://cfcasts.com/series/2023-forgebox-modules-of-the-week 
• 2023 VS Code Hint tip and Trick of the Week Series - 1 new Video https://cfcasts.com/series/2023-vs-code-hint-tip-and-trick-of-the-week 

Coming Soon

• Brad with more CommandBox Videos
• More ForgeBox and VS Code Podcast snippet videos
• CBWire Series from Grant - Fill out the Poll here https://community.ortussolutions.com/t/poll-cbwire-cfcasts-com-series/9513 
• ColdBox Elixir from Eric
• Getting Started with ContentBox from Daniel Garcia

Conferences and Training

Github Galaxy
 
March 28th, 2023
Save the date for our global enterprise event focused on improving efficiency, security, and developer productivity.
GitHub Galaxy—formerly known as GitHub InFocus—is new and reimagined.
Virtual registration is right around the corner.
VIP summits: Join us in-person for a VIP summit near you, with breakout sessions, networking, and more for enterprise leaders.
https://galaxy.github.com/

Dev Nexus

April 4-6th, 2023 in Atlanta
Georgia World Congress Center
285 Andrew Young International Blvd NW
Atlanta, GA 30313
Kubernetes, Java, Software architecture, Kotlin, Performance Tuning
https://devnexus.com/

CFSummit East

Thursday, April 6, 2023
8:00am - 4:00pm
Marriott Marquis Washington, DC
Complimentary; breakfast and lunch will be provided
https://carahevents.carahsoft.com/Event/Details/341389-adobe
https://carahevents.carahsoft.com/Event/Details/344168-adobe

CFSummit East 2023 Training Workshop - ColdFusion MVC for Dummies.

Before the ColdFusion Summit East in Washington, D.C., on April 4th, 2023.
Luis Majano, the creator of The ColdBox Platform, will be leading this workshop, bringing you a deep dive 1-day workshop: ColdFusion MVC for Dummies.

The workshop will combine a variety of theories, hands-on coding, and best practices to give you all the tools needed to leave the workshop ready to build MVC-powered apps when you return to your office.
https://www.ortussolutions.com/blog/coldfusion-summit-east-2023-mvc-training-workshop

VueJS Live
 
MAY 12 & 15, 2023
ONLINE + LONDON, UK
CODE / CREATE / COMMUNICATE
35 SPEAKERS, 10 WORKSHOPS
10000+ JOINING ONLINE GLOBALLY
300 LUCKIES MEETING IN LONDON
https://vuejslive.com/

Into the Box 2023 - 10th Edition

May 17-19, 2023
The conference will be held in The Woodlands (Houston), Texas -
This year we will continue the tradition of training and offering a pre-conference hands-on training day on May 17th and our live Mariachi Band Party! However, we are back to our Spring schedule and beautiful weather in The Woodlands! Also, this 2023 will mark our 10 year anniversary. So we might have two live bands and much more!!!

Website launched: https://intothebox.org
First Workshops added, more added soon.
Releasing the speaker list in waves!
https://itb2023.eventbrite.com/

VueConf.us

NEW ORLEANS, LA • MAY 24-26, 2023
Jazz. Code. Vue.
Workshop day: May 24
Main Conference: May 25-26
https://vueconf.us/

CFCamp is back

June 22-23rd, 2023
Marriott Hotel Munich Airport, Freising
Call for Speakers is now open through March 15!
https://www.papercall.io/cfcamp2023
https://www.cfcamp.org/

More conferences

Need more conferences, this site has a huge list of conferences for almost any language/community.
https://confs.tech/
https://github.com/scraly/developers-conferences-agenda

Blogs, Tweets, and Videos of the Week

3/1/2023 - Blog - Ben Nadel - Transcluding A Form Into A Turbo Frame Using Hotwire And Lucee CFML
In the Hotwire framework, we can use Turbo Frames to create small, independent, dynamic areas of a page. Turbo Frames can be used for things like lazy-loading user-specific content for better caching and including (or "transcluding") forms from one page into another page. This latter concept - transcluding forms - can unlock a lot of different user experiences. But, rendering a form inside a Turbo Frame can make post-submission redirections more complicated. Fortunately, I recently learned about creating custom Turbo Stream actions, which can help us bridge the redirection gap in our ColdFusion applications.

https://www.bennadel.com/blog/4418-transcluding-a-form-into-a-turbo-frame-using-hotwire-and-lucee-cfml.htm

3/2/2023 - Blog - Ben Nadel - The User Experience (UX) Of Disabled Form Buttons
By default, form buttons aren't disabled. When you render a form, everything "just works". That is, until, a web developer decides to get "clever" and starts disabling buttons, pending some desired form state. Unfortunately, many developers are not quite as clever as they think they are; and, buttons often remain disabled even when a form has been completed filled-out. This obviously leads to a terrible user experience (UX).

https://www.bennadel.com/blog/4419-the-user-experience-ux-of-disabled-form-buttons.htm

3/2/2023 - Blog - Ben Nadel - Dynamically Adding Stimulus Controllers To Static Content Using Hotwire And Lucee CFML
As I'm digging into the Hotwire framework, I'm trying to keep an eye on how I might eventually convert this ColdFusion blog over to using it. And, one of the things that I currently have to contend with (on this blog) is progressively enhancing the "static content" within each blog post (ex, resizing code-blocks on mouseenter). The "Stimulus way" seeks to create small, targeted controllers instead of large, over-reaching "page" controllers. As such, I wanted to see if I can dynamically attach Stimulus Controllers to targeted elements within my static content.
https://www.bennadel.com/blog/4420-dynamically-adding-stimulus-controllers-to-static-content-using-hotwire-and-lucee-cfml.htm

3/4/2023 - Blog - Ben Nadel - Rendering A Persistent Dismissible Banner Using Hotwire And Lucee CFML
When operating a Single Page Application (SPA) in Angular, I will often need to render a persistent banner across the top of page, alerting the user to some sort of state change or a call-to-action (CTA). Now that I know that Hotwire can define persistent Turbo Frames; and, that we can use custom Turbo Stream actions to visit those Turbo Frames; I wanted to see if I could use a persistent frame to render a dismissible banner in a Hotwire-enhanced ColdFusion application.

https://www.bennadel.com/blog/4421-rendering-a-persistent-dismissible-banner-using-hotwire-and-lucee-cfml.htm

3/4/2023 - Blog - Brad Wood - Ortus Solutions - CommandBox 5.8.0 Released!
We are pleased to announce the release of CommandBox 5.8.0, which comes with a handful of new features and some important library updates.
As usual, you can acquire the latest release from our download page or your favorite HomeBrew or apt/yum repo

https://www.ortussolutions.com/products/commandbox#download

https://www.ortussolutions.com/blog/commandbox-580-released
 

3/6/2023 - Blog - Brian Reilly - Authentication Bypass Vulnerability in Mura CMS and Masa CMS (CVE-2022-47003 and CVE-2022-47002)
Mura CMS is a popular content management system written in ColdFusion/CFML. While it was originally a commercial open source product, it was re-licensed as a closed source application with the release of Mura CMS v10 in 2020.  There are forked open source projects based on the last open source release of Mura CMS, including Masa CMS - which is actively maintained.

Multiple versions of Mura CMS and Masa CMS contain an authentication bypass vulnerability that can allow an unauthenticated attacker to login as any Site Member or System User.
https://hoyahaxa.blogspot.com/2023/03/authentication-bypass-mura-masa.html

3/7/2023 - Blog - Ben Nadel - Styling Submit Buttons During Form Submission With Hotwire And Lucee CFML
When you submit a form in a Hotwire enhanced ColdFusion application, several things happen: The progress bar may be rendered if the request takes a while; the targeted submit button will be disabled (in order to prevent double-submissions); and, as of the Turbo v7.3.0 release, you can now alter the innerHTML of the targeted submit button while the form is being processed. Since I haven't explored these latter behaviors yet, I wanted to put together a quick demo using Lucee CFML.

https://www.bennadel.com/blog/4422-styling-submit-buttons-during-form-submission-with-hotwire-and-lucee-cfml.htm

CFML Jobs

Several positions available on https://www.getcfmljobs.com/

Listing over 52 ColdFusion positions from 32 companies across 25 locations in 5 Countries.

0 new job listed this week

Other Job Links

• There is a jobs channel in the CFML slack team, and in the Box team slack now too

ForgeBox Module of the Week

CBWIRE

CBWIRE is a ColdBox module that makes building reactive, dynamic, and modern interfaces delightfully easy without leaving the comfort of CFML.- This is not CFClient

Building modern CFML apps is a pain. ColdBox makes creating server-side apps easy, but what about the client-side? Front-end JavaScript frameworks like Vue and React are powerful, yet they also introduce complexity and a significant learning curve when creating our apps.

What if you could create apps that look and feel like your Vue and React web apps but are written with CFML. Impossible, you say? Nay, we say!

Introducing CBWIRE: Power-up your CFML!

https://www.forgebox.io/view/cbwire

VS Code Hint Tips and Tricks of the Week

ChatGPT

Use browser or official API integration for OpenAI ChatGPT, GPT3.5, GPT3 and Codex. Create new files & projects with one click. Copilot to learn code, add tests via GPT models. Google LaMDA Bard integration is work-in-progress.

➕ ChatGPT Turbo support with GPT3.5 models
???? ChatGPT web conversation history within VS Code. Switch between past conversations, continue them, or export all conversations to markdown.
???? Streaming conversation support for both browser and API Key method. Stop the response to save your tokens.
???? Create files/projects or fix your code with one click or with keyboard shortcuts.
???? Zero-Config setup. Simply login to OpenAI as usual. Or use OpenAI's official GPT3 APIs.
➡️ Export all your conversation history at once in Markdown format.

https://marketplace.visualstudio.com/items?itemName=gencay.vscode-chatgpt

Thank you to all of our Patreon Supporters

These individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox,  ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox.

You can support us on Patreon here https://www.patreon.com/ortussolutions

Don’t forget, we have Annual Memberships, pay for the year and save 10% - great for businesses.

• Bronze Packages and up, now get a ForgeBox Pro and CFCasts subscriptions as a perk for their Patreon Subscription.
• All Patreon supporters have a Profile badge on the Community Website
• All Patreon supporters have their own Private Forum access on the Community Website
• All Patreon supporters have their own Private Channel access BoxTeam Slack

https://community.ortussolutions.com/

Top Patreons ( BOXTACTULAR )

• John Wilson - Synaptrix
• Tomorrows Guides
• Jordan Clark
• Gary Knight
• Mario Rodrigues
• Giancarlo Gomez 
• David Belanger  
• Dan Card
• Jeffry McGee - Sunstar Media
• Dean Maunder
• Nolan Erck 
• Abdul Raheen

And many more Patreons

You can see an up to date list of all sponsors on Ortus Solutions' Website
https://ortussolutions.com/about-us/sponsors

Thanks everyone!!!