EPISODE · Dec 5, 2023 · 50 MIN
Modernize or Die® - CFML News Podcast for December 5th, 2023 - Episode 208
from Modernize or Die ® Podcast · host Ortus Solutions
2023-12-05 Weekly News — Episode 208Watch the video version on YouTube at https://youtube.com/live/WHVwcHtf_gA?feature=share Hosts: Gavin Pickin - Senior Developer at Ortus SolutionsGrant Copley - Senior Developer at Ortus SolutionsThanks to our Sponsor - Ortus SolutionsThe makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there. A few ways to say thanks back to Ortus Solutions:Buy Tickets to Into the Box 2024 in Washington DC https://www.intothebox.org/Like and subscribe to our videos on YouTube. Help ORTUS reach for the Stars - Star and Fork our ReposStar all of your Github Box Dependencies from CommandBox with https://www.forgebox.io/view/commandbox-github Subscribe to our Podcast on your Podcast Apps and leave us a review AND WE WILL READ IT ON THE SHOWSign up for a free or paid account on CFCasts, which is releasing new content regularlyBOXLife store: https://www.ortussolutions.com/about-us/shopBuy Ortus’s Books102 ColdBox HMVC Quick Tips and Tricks on GumRoad (http://gum.co/coldbox-tips)Now on Amazon!https://www.amazon.com/dp/B0CJHB712MLearn Modern ColdFusion (CFML) in 100+ Minutes - Free online https://modern-cfml.ortusbooks.com/ or buy an EBook or Paper copy https://www.ortussolutions.com/learn/books/coldfusion-in-100-minutes Patreon Support ()We have 42 patreons: https://www.patreon.com/ortussolutions. News and AnnouncementsAdobe ColdFusion flaw exploited in US government agency attacksAdobe released a security update for the vulnerability (CVE-2023-26360) that the attackers exploited in March this year. At that time, the vulnerability was already used in zero-day attacks.Following the FCEB agency’s investigation, analysis of network logs confirmed the compromise of at least two public-facing servers within the environment between June and July 2023.https://stackdiary.com/adobe-coldfusion-flaw-exploited-in-us-government-agency-attacks/ https://www.cisa.gov/news-events/alerts/2023/12/05/cisa-releases-advisory-threat-actors-exploiting-cve-2023-26360-vulnerability-adobe-coldfusion CISA has issued an alert regarding multiple vulnerabilities impacting Adobe ColdFusion.CISA has issued an alert regarding multiple vulnerabilities impacting Adobe ColdFusion. The alert underscores that the exploitation of the vulnerabilities could grant threat actors control over affected systems, prompting organizations to take measures to protect their systems.Adobe ColdFusion serves as a rapid scripting environment for developing dynamic internet applications on both web and mobile platforms, utilizing ColdFusion Markup Language (CFML).The security update addresses a range of vulnerabilities, including critical, high, and medium severity issues. These vulnerabilities have the potential to enable threat actors to access specific endpoints or execute arbitrary code, without requiring user interaction.https://socradar.io/cisa-alert-serious-vulnerabilities-in-adobe-coldfusion-cve-2023-44350-cve-2023-44351-cve-2023-44353-and-more/ Ben Nadel wrote a Book - Early Access: Feature Flags - From Concept To Cultural RevolutionAlmost 3-months ago, I announced that I was writing a book on Feature Flags. This morning, I'm thrilled to announce that I have an early access version available for purchase. This is a PDF version; and, the formatting is a bit rough around the edges. But, the content is all there. And, if you pick-up the book now (at a deep discount), you'll automatically get access to future versions.https://www.bennadel.com/blog/4531-early-access-feature-flags-from-concept-to-cultural-revolution.htm New Releases and UpdatesUpdate your servers with the below updatesICYMI - Adobe November Updates - Security FixesAdobe for ColdFusion 2023 (update 6) and 2021 (update 12)Previous versions no longer receive security updates!!!CommandBox has already been updatedSecurity updates available for Adobe ColdFusion | APSB23-52 - https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html https://community.adobe.com/t5/coldfusion-discussions/now-live-adobe-coldfusion-2023-and-2021-november-security-updates/m-p/14233917#M196421 Note: Reported WDDX related issues by some customersMore details from Charlie Arehart: https://www.carehart.org/blog/2023/11/14/cf_security_updates_nov_2023#more ICYMI - ColdBox 7.2.0 ReleasedWelcome to ColdBox 7.2.0, which packs a big punch on stability and tons of new features.Includes lots of updates for all the core products: ColdBox, WireBox, CacheBox, and LogBox.ColdBox, 10 new features, 6 improvements and 4 bug fixesLogBox has 3 new features, 4 improvements, 2 bug fixes and a taskWith WireBox including a new feature and CacheBox has an Improvement.https://coldbox.ortusbooks.com/readme/release-history/whats-new-with-7.2.0 Webinar / Meetups and WorkshopsColdFusion Security TrainingWriting Secure CFML with Pete FreitagA hands-on CFML / ColdFusion Security Training class for developers. Learn how to identify and fix security vulnerabilities in your ColdFusion / CFML applications.Where: OnlineWhen: Tuesday December 12, 2023 @ 11am-2pm EST & Wednesday December 13 @ 11am-2pmPrice: $899 per studenthttps://foundeo.com/consulting/coldfusion/security-training/ The class will be recorded, so if you cannot attend it fully online you will have access to a recording.Hawaii ColdFusion Meetup Group - InertiaJS and ColdFusion with Eric PetersonDecember 15thInertiaJS is a new JavaScript framework made for people who don’t really need an API but want to use a modern JavaScript framework like React or Vue as their view layer. Inspired by libraries like Turbolinks, InteriaJS makes your app behave like a SPA while still being a fully sever-rendered app.https://www.meetup.c...
What this episode covers
2023-12-05 Weekly News — Episode 208Watch the video version on YouTube at https://youtube.com/live/WHVwcHtf_gA?feature=share Hosts: Gavin Pickin - Senior Developer at Ortus SolutionsGrant Copley - Senior Developer at Ortus SolutionsThanks to our Sponsor - Ortus SolutionsThe makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there. A few ways to say thanks back to Ortus Solutions:Buy Tickets to Into the Box 2024 in Washington DC https://www.intothebox.org/Like and subscribe to our videos on YouTube. Help ORTUS reach for the Stars - Star and Fork our ReposStar all of your Github Box Dependencies from CommandBox with https://www.forgebox.io/view/commandbox-github Subscribe to our Podcast on your Podcast Apps and leave us a review AND WE WILL READ IT ON THE SHOWSign up for a free or paid account on CFCasts, which is releasing new content regularlyBOXLife store: https://www.ortussolutions.com/about-us/shopBuy Ortus’s Books102 ColdBox HMVC Quick Tips and Tricks on GumRoad (http://gum.co/coldbox-tips)Now on Amazon!https://www.amazon.com/dp/B0CJHB712MLearn Modern ColdFusion (CFML) in 100+ Minutes - Free online https://modern-cfml.ortusbooks.com/ or buy an EBook or Paper copy https://www.ortussolutions.com/learn/books/coldfusion-in-100-minutes Patreon Support ()We have 42 patreons: https://www.patreon.com/ortussolutions. News and AnnouncementsAdobe ColdFusion flaw exploited in US government agency attacksAdobe released a security update for the vulnerability (CVE-2023-26360) that the attackers exploited in March this year. At that time, the vulnerability was already used in zero-day attacks.Following the FCEB agency’s investigation, analysis of network logs confirmed the compromise of at least two public-facing servers within the environment between June and July 2023.https://stackdiary.com/adobe-coldfusion-flaw-exploited-in-us-government-agency-attacks/ https://www.cisa.gov/news-events/alerts/2023/12/05/cisa-releases-advisory-threat-actors-exploiting-cve-2023-26360-vulnerability-adobe-coldfusion CISA has issued an alert regarding multiple vulnerabilities impacting Adobe ColdFusion.CISA has issued an alert regarding multiple vulnerabilities impacting Adobe ColdFusion. The alert underscores that the exploitation of the vulnerabilities could grant threat actors control over affected systems, prompting organizations to take measures to protect their systems.Adobe ColdFusion serves as a rapid scripting environment for developing dynamic internet applications on both web and mobile platforms, utilizing ColdFusion Markup Language (CFML).The security update addresses a range of vulnerabilities, including critical, high, and medium severity issues. These vulnerabilities have the potential to enable threat actors to access specific endpoints or execute arbitrary code, without requiring user interaction.https://socradar.io/cisa-alert-serious-vulnerabilities-in-adobe-coldfusion-cve-2023-44350-cve-2023-44351-cve-2023-44353-and-more/ Ben Nadel wrote a Book - Early Access: Feature Flags - From Concept To Cultural RevolutionAlmost 3-months ago, I announced that I was writing a book on Feature Flags. This morning, I'm thrilled to announce that I have an early access version available for purchase. This is a PDF version; and, the formatting is a bit rough around the edges. But, the content is all there. And, if you pick-up the book now (at a deep discount), you'll automatically get access to future versions.https://www.bennadel.com/blog/4531-early-access-feature-flags-from-concept-to-cultural-revolution.htm New Releases and UpdatesUpdate your servers with the below updatesICYMI - Adobe November Updates - Security FixesAdobe for ColdFusion 2023 (update 6) and 2021 (update 12)Previous versions no longer receive security updates!!!CommandBox has already been updatedSecurity updates available for Adobe ColdFusion | APSB23-52 - https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html https://community.adobe.com/t5/coldfusion-discussions/now-live-adobe-coldfusion-2023-and-2021-november-security-updates/m-p/14233917#M196421 Note: Reported WDDX related issues by some customersMore details from Charlie Arehart: https://www.carehart.org/blog/2023/11/14/cf_security_updates_nov_2023#more ICYMI - ColdBox 7.2.0 ReleasedWelcome to ColdBox 7.2.0, which packs a big punch on stability and tons of new features.Includes lots of updates for all the core products: ColdBox, WireBox, CacheBox, and LogBox.ColdBox, 10 new features, 6 improvements and 4 bug fixesLogBox has 3 new features, 4 improvements, 2 bug fixes and a taskWith WireBox including a new feature and CacheBox has an Improvement.https://coldbox.ortusbooks.com/readme/release-history/whats-new-with-7.2.0 Webinar / Meetups and WorkshopsColdFusion Security TrainingWriting Secure CFML with Pete FreitagA hands-on CFML / ColdFusion Security Training class for developers. Learn how to identify and fix security vulnerabilities in your ColdFusion / CFML applications.Where: OnlineWhen: Tuesday December 12, 2023 @ 11am-2pm EST & Wednesday December 13 @ 11am-2pmPrice: $899 per studenthttps://foundeo.com/consulting/coldfusion/security-training/ The class will be recorded, so if you cannot attend it fully online you will have access to a recording.Hawaii ColdFusion Meetup Group - InertiaJS and ColdFusion with Eric PetersonDecember 15thInertiaJS is a new JavaScript framework made for people who don’t really need an API but want to use a modern JavaScript framework like React or Vue as their view layer. Inspired by libraries like Turbolinks, InteriaJS makes your app behave like a SPA while still being a fully sever-rendered app.https://www.meetup.c...
NOW PLAYING
Modernize or Die® - CFML News Podcast for December 5th, 2023 - Episode 208
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Jan 2, 2026 ·47m
Dec 21, 2025 ·46m