Modernize or Die® - CFML News for January 26th, 2021 - Episode 88
2021-01-26 Weekly News - Episode 88Watch the video version on YouTube at https://youtu.be/pTzk0Mdshqk Hosts:Gavin Pickin - Software Consultant for Ortus SolutionsEric Peterson - Software Consultant for Ortus SolutionsThanks to our Sponsor - Ortus SolutionsOne way to say thanks back to Ortus Solutions, is to support CFCasts, which is releasing new content every weekPatreon SupportWe have 34 patreons providing 62% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions. If you love our podcasts and all we do for the #coldfusion #cfml community considers chipping in, we are almost there!https://www.ortussolutions.com/blog/we-need-your-help News and EventsJan 2021 Updates for Java 11 and Java 8From Charlie Arehart’s blog postFolks using ColdFusion will want to be aware that last week (Jan 19, 2021) Oracle has released updates to Java 11 and Java 8, the current “Long-Term Support” versions of the Java JVM/JDK, which are supported by the various current and recent versions of CF. The downloads are available on the Adobe page where Adobe offers JVM updates. More about how to proceed to implement the update, in a moment.As is typical, the JVM update adds some modest features and addresses bug fixes and security issues. For more, see the release notes for Java 11.0.10 and for Java 8 update 281.https://coldfusion.adobe.com/2021/01/coldfusion-users-note-apply-new-updates-java-11-java-8/ New Lucee Release Candidate 5.3.8.139-RCThere is a new Release Candidate ( 5.3.8.139-RC ) available to download from our download page https://download.lucee.org or via the Lucee Admin.https://dev.lucee.org/t/new-release-candidate-5-3-8-139-rc/7861 New Book from Luis Majano in the next 2-3 weeks - 102 ColdBox HMVC Quick Tips and TricksComing soonElixir v3 Security UpdateOn January 12, 2021 we became aware of a security vulnerability in ColdBox Elixir. Read the details of what happened, how it may affect you, and how to mitigate the vulnerability.https://www.ortussolutions.com/blog/coldbox-elixir-v3-security-update New Lucee Spreadsheet Release v2.14.0Spreadsheet Library 2.14.0 released. Big changes: POI 5.0 and auto OSGi bundle loading for Lucee (no need for JavaLoader!) https://github.com/cfsimplicity/lucee-spreadsheet Introducing the new Ortus CommunityHi everyone, great news! Ortus is rolling out our new Ortus Community site to help consolidate all of our community support and interaction. As part of that effort, all our Google Group threads have been imported to the new Ortus Community and effective immediately, our Google Groups are closed for further posting.If you're a member of our Google groups, don't worry-- your user has already been imported into the community forum and as soon as you sign up, you will be automatically associated with all of your old posts so you can pick up your conversations right where you left off! We've even added single sign on options for Github, Facebook, Google, and Twitter (coming soon). If your new account is under a different E-mail address, let us know and we can merge your accounts together.https://community.ortussolutions.com/ ICYMI - Ortus Webinar - CommandBox Task RunnersFriday, January 22nd - 11:00 AM CDT (GMT -6:00)Have you ever wished you could create command-line programs using CFML, perhaps to automate a task or handle some long-running process? With CommandBox Task Runners, you easily can! Join Grant Copley for this month's webinar, where we take a close look at this powerful tool within CommandBox and how we can use it alongside our applications.with Grant Copleyhttps://www.ortussolutions.com/events/webinarsRecording coming to CFCasts tomorrow 1/27/21Online CF Meetup - "Securing a ColdFusion Application with Fixinator a FuseGuard", w/ Pete FreitagThursday, January 28, 202111:00 AM to 12:00 PM CSTIn this session we'll take a look at a ColdFusion application that is vulnerable to several security issues. We'll look at some of the security holes in the application, how they can be exploited. Finally we'll use FuseGuard to protect the application, and Fixinator to find and fix some of the vulnerabilities in the application.https://www.meetup.com/coldfusionmeetup/events/275825925/ ICYMI - Online CF Meetup - "Communication Skills for Technical Engineers a Developers", with Mark TakataThursday, January 21, 20215:00 PM to 6:00 PM CSTNo matter what language, framework or technical skillset you employ in your day-to-day work, the biggest differentiator among engineers, designers a developers is the ability to communicate and engage with end users, stakeholders and business analysts. In this talk, Mark Takata will cover how to improve your ability to communicate with those folks, become an asset for your team a company, and widen the available paths for your future career.https://www.meetup.com/coldfusionmeetup/events/275712862/ Recording: https://www.youtube.com/watch?v=4TGoDejn8QM Conferences and TrainingVS Code DayJoin the VS Code team and community at a live event just for VS Code users. Get a glimpse of things to come and meet the team who works on VS Code every day.Watch live: January 27, 2021 from 8 AM to 10:30 AM PSTRe-stream (with live QaA): January 27, 2021 from 8 PM to 10:30 PM PSThttps://code.visualstudio.com/vscode-day DevnexusJoin the VIRTUAL ldev/golutionFeb 17 2021 - Onlinehttps://devnexus.com/Ortus Workshops - Dates coming soon- Quick - March? - CommandBox Zero to Hero - ColdBox Zero to Hero - ColdBox Hero to SuperHeroOrtus’ Possible Conferences for 2021Dates subject to changeDue to Online conference overload, we are thinking about not expanding the number of events, but more content in more timezones with a different format.ITB - Developer Week Style?? With some European Timezone Friendly slots from our European Community MembersMay or September 2021ITB LatamDecember 2021More conferencesNeed more conferences, this site has a huge list of conferences for almost any language/community.https://confs.tech/CFML Is now on the list - https://confs.tech/conferences/new PR - https://github.com/tech-conferences/conference-data/issues/1837Blogs, Tweets and Videos of the WeekBlog - Ben Nadel - Building reMatchGroups() Using reFind() In Adobe ColdFusion 2018 And Lucee CFML 5.3.7.47The other day, in my post about parsing strings like "5mb" into a number of bytes, I was griping about the fact that the ColdFusion language still doesn't have an reMatchGroups() function. To this, Adam Cameron mentioned that the reFind() function has had a "scope" argument since Adobe ColdFusion 2016 that will cause the Function to return all the matches in the input. I didn't realize this change. As such, I wanted to take a quick look at how reFind() can be used to build my reMatchGroups() function in Lucee CFML 5.3.7.47.https://www.bennadel.com/blog/3973-building-rematchgroups-using-refind-in-adobe-coldfusion-2018-and-lucee-cfml-5-3-7-47.htm Related blog post: https://www.bennadel.com/blog/3322-jregex-a-coldfusion-wrapper-around-javas-regular-expression-patterns.htmBlog - Charlie Arehart - ColdFusion users should note and apply new Jan 2021 updates for Java 11 and Java 8Folks using ColdFusion will want to be aware that last week (Jan 19, 2021) Oracle has released updates to Java 11 and Java 8, the current “Long-Term Support” versions of the Java JVM/JDK, which are supported by the various current and recent versions of CF. The downloads are available on the Adobe page where Adobe offers JVM updates. More about how to proceed to implement the update, in a moment.As is typical, the JVM update adds some modest features and addresses bug fixes and security issues. For more, see the release notes for Java 11.0.10 and for Java 8 update 281.https://coldfusion.adobe.com/2021/01/coldfusion-users-note-apply-new-updates-java-11-java-8/ Tweet - David Levin - Adobe doesn’t name it’s own language in Adobe Summit@AdobeSummit Excited for this year's Summit. Was surprised to not see Adobe's own development language, #ColdFusion, on the list of programming languages on the registration form! @coldfusion, you guys are still part of the Adobe family, right? #CFMLhttps://twitter.com/djlevin77/status/1353770115670495234 https://twitter.com/djlevin77/ Blog - Ben Nadel - Code Kata: Parsing Strings Like "5mb" Into A Number Of Bytes In Lucee CFML 5.3.7.47In yesterday's post about streaming an incremental ZIP file up to Amazon S3 in Lucee CFML, I had to wait until "chunks" were over 5mb (5 megabytes) in size before I could upload them. To do this, I literally calculated the number of bytes that equated to 5mb. Afterwards, I thought it would be nice if there were methods for converting between bytes and larger data-units. As a code kata, I wanted to see if I could create just functions in Lucee CFML 5.3.7.47.https://www.bennadel.com/blog/3972-code-kata-parsing-strings-like-5mb-into-a-number-of-bytes-in-lucee-cfml-5-3-7-47.htm Blog / Video - Ben Nadel - Generate And Incrementally Stream A ZIP Archive To Amazon S3 Using Multipart Uploads In Lucee CFML 5.3.7.47 Last week, I looked at using the ZipOutputStream Java class to generate and incrementally stream a Zip archive to the browser using Lucee CFML. In response to that, James Moberg and I were having a discussion about generating Zip archives asynchronously. This got me thinking about pushing the Zip file up to Amazon S3. And, more specifically, if there was a way for me to incrementally stream the Zip archive to S3 as I was generating it. From what I can see, there's nothing about "streams" in the Java SDK for AWS. But, I have used S3's multipart upload workflow to break-apart a file transfer. As a fun experiment, I wanted to see if I could generate and incrementally stream a Zip archive to S3 using this multipart upload workflow in Lucee CFML 5.3.7.47.https://www.bennadel.com/blog/3971-generate-and-incrementally-stream-a-zip-archive-to-amazon-s3-using-multipart-uploads-in-lucee-cfml-5-3-7-47.htm Blog - Lucee - New Lucee Release Candidate 5.3.8.139-RCThere is a new Release Candidate ( 5.3.8.139-RC ) available to download from our download page https://download.lucee.org or via the Lucee Admin.https://dev.lucee.org/t/new-release-candidate-5-3-8-139-rc/7861 Blog - Gregory Alexander - Happy new YearI hope that everyone has a wonderful New Year and I wanted to provide a status update on Galaxie Blog.https://gregoryalexander.com/blog/2021/1/22/Happy-New-Year Blog - Pete Freitag - SessionInvalidate for JEE SessionsThe builtin CFML function sessionInvalidate() works great for invalidating or clearing a ColdFusion session (CFID/CFTOKEN). But it doesn't invalidate the underlying J2EE / JEE session (the JSESSIONID).https://www.petefreitag.com/item/913.cfm Live Stream - Matthew Clemente - Retaining Function Order When Reading CFC Metadata (Learning by Trial and Error)A few weeks (months?) ago I put together a CommandBox custom command to help generate CFC documentation, based on component metadata. I'm going to dive pack into that project to see if I can get it to retain the function order from the CFC, instead of alphabetizing by method name.https://www.youtube.com/watch?v=iwPN9H1mX3Yafeature=youtu.be Blog - Eric Peterson - Ortus Solutions - ColdBox Elixir v3 Security UpdateOn January 12, 2021 we became aware of a security vulnerability in ColdBox Elixir. If an application using ColdBox Elixir bundled any code that contained references to process.env without explicitly setting the value using the webpack.ProvidePlugin then the outputed bundle would contain an object of all the environment variables. This would happen even if it was a vendor library that checked for process.env.* which is very common - many libraries check for process.env.NODE_ENV to enable optimizations or additional development logging. Since JavaScript is shipped to user's browsers, these environment variables are leaked and should be considered comprimised. Many of our own environment variables used in our CI processes were leaked, including SSH keys, S3 credentials, and database credentials. We recommend that you rotate all keys that are in the environment resposible for bundling your code with ColdBox Elixir.https://www.ortussolutions.com/blog/coldbox-elixir-v3-security-update Blog - Pete Freitag - Updating Java on ColdFusion or LuceeAs a ColdFusion user you are probably aware that your CFML is compiled into Java byte code and executed by the Java Virtual Machine (JVM). Just like your Operating System or ColdFusion server needs to be patched for security issues, so does your JVM. Oracle typically releases a security patch for Java every quarter.How do you know when Java Security Patches are released?https://www.petefreitag.com/item/860.cfm Blog - Brad Wood - Ortus Solutions - Introducing the new Ortus CommunityHi everyone, great news! Ortus is rolling out our new Ortus Community site to help consolidate all of our community support and interaction. As part of that effort, all our Google Group threads have been imported to the new Ortus Community and effective immediately, our Google Groups are closed for further posting.https://community.ortussolutions.com/ https://www.ortussolutions.com/blog/introducing-the-new-ortus-community Blog - Brad Wood - Create your own Desktop "Toaster" Popups in CommandBox ServersHere's a quick one that I tried out for the first time today. Someone asked if it was possible for a CF app to have a desktop notification on the server it's running. CommandBox servers have a try icon that runs inside the JVM of the server that can create popups and even Swing windows. Turns out, it's actually really easy to tap into this to get a toaster popup on your desktop. Of course, this wouldn't work if you're running CommandBox as a Windows service or on a headless server like Linux with no GUI!http://wwvv.codersrevolution.com/blog/create-your-own-desktop-toaster-popups-in-commandbox-servers Podcast - Working Code Podcast - Episode 006: Hopes For 2021Oxford Dictionary included "doomscrolling" in their "word of the year" report for 2020; we're all feeling pandemic fatigue; many people still believe in wide-spread election fraud; the Georgia senate race was a nail-biter; and - oh yeah - we recorded this show the day after the storming of the United States capitol building.It's all been more-than-a-little-bit surreal.But, in the face of such physically and emotionally trying times, we look forward to a new year of possibility. Whether it's taking control of our finances, finding ways to be more active, building up our personal brand, or becoming the blacksmiths that we always knew we could be, the crew shares their personal and professional / technical goals for this burgeoning new year. As the Phoenix rose from the ashes, so too - we hope - 2021 will rise from the smoldering dumpster fire that was 2020.https://www.bennadel.com/blog/3969-working-code-podcast-episode-006-hopes-for-2021.htm Blog - David Byers - Framework Training – Part 3 – Learning How to develop using the ColdBox FrameworkMy journey into breaking my perceptions of frameworks as cumbersome, and my experience with the Ortus Solutions ColdBox training.This is the final part of a three part series on my experience with ColdBox training from Ortus Solutions.https://coldfusion.adobe.com/2021/01/framework-training-part-3-learning-develop-using-coldbox-framework/ Blog - Luis Majano - Ortus Solutions - ColdBox i18n Localization Module v2 Released After many many months of development, testing and waiting, we are finally able to release a major major update to our localization and internationalization library for ColdBox: cbi18n version 2.x. This release is a huuuge advancement for building localized applications and websites and partly thanks to Mr Wil de Bruin (shiftinsert.nl). This release introduces the ability to use json resource bundles, multiple bundles per module, cbStorages for tracking locales, property inheritance and so much more! There are a few compatibility issues, so make sure you read them to upgrade to version 2.x if not you can easily update using CommandBox:https://www.ortussolutions.com/blog/coldbox-i18n-localization-module-v2-released CFML JobsSeveral positions available on https://www.getcfmljobs.com/Listing over 80 ColdFusion positions from 46 companies across 44 locations in 5 Countries since July 1st 20202 new jobs this weekFull-Time - ColdFusion Sr. Developer at Stennis Space Center, MS - United States Posted Jan 26https://www.getcfmljobs.com/jobs/index.cfm/united-states/ColdFusion-Sr-Developer-at-Stennis-Space-Center-MS/11172 Full-Time - ColdFusion Application Developer at Bengaluru, Karnataka - India Posted Jan 19https://www.getcfmljobs.com/jobs/index.cfm/india/ColdFusion-Application-Developer-at-Bengaluru-Karnataka/11171 ForgeBox Module of the WeekREST over STOMP by Brad and Ortus SolutionsA ColdBox module to expose remote events via a STOMP websocket over RabbitMQhttps://www.forgebox.io/view/rest-over-stomp VS Code Hint Tips and Tricks of the WeekVisual Studio IntelliCode by MicrosoftThe Visual Studio IntelliCode extension provides AI-assisted development features for Python, TypeScript/JavaScript and Java developers in Visual Studio Code, with insights based on understanding your code context combined with machine learning.For each supported language, please refer to the "Getting Started" section below to understand any other pre-requisites you'll need to install and configure to get IntelliCode completions.For TypeScript/JavaScript users:That's it -- just open a TypeScript or JavaScript file, and start editing.https://marketplace.visualstudio.com/items?itemName=VisualStudioExptTeam.vscodeintellicode Thank you to all of our Patreon SupportersNew Patreon Supporter: Leon SeremelisThese individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox, ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox. You can support us on Patreon here https://www.patreon.com/ortussolutionsBen NadelBrett DeLineCarl Von StettenCharlie ArehartDa LiDan CardDaniel GarciaDavid BelangerDidier LesnickiDon BellamyEdgardo CabezasErick HoffmanGary KnightGiancarlo GomezJan JannekJason DaigerJeff McClainJeremy AdamsJonas EricksonJordan ClarkJoseph LamoreeKai Koenig Laksma TirtohadiLeon SeremelisMario Rodrigues Matthew DarbyMatthew Clemente Mingo HagenPatrick FlynnRoss PhillipsScott SteinbeckShawn Oden Steven KlotzJohn Wilson - Synaptrix Yogesh MathurYou can see an up to date list of all sponsors on Ortus Solutions' Websitehttps://ortussolutions.com/about-us/sponsors★ Support this podcast on Patreon ★