Modernize or Die® - CFML News Podcast for January 24th, 2023 - Episode 181

2023-01-24 Weekly News - Episode 181Watch the video version on YouTube at https://youtu.be/SrS95HqW8HQ Hosts: Gavin Pickin - Senior Developer at Ortus SolutionsBrad Wood - Senior Developer at Ortus SolutionsThanks to our Sponsor - Ortus SolutionsThe makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there. A few ways  to say thanks back to Ortus Solutions:Like and subscribe to our videos on YouTube. Help ORTUS reach for the Stars - Star and Fork our ReposStar all of your Github Box Dependencies from CommandBox with https://www.forgebox.io/view/commandbox-github Subscribe to our Podcast on your Podcast Apps and leave us a reviewSign up for a free or paid account on CFCasts, which is releasing new content every weekBOXLife store: https://www.ortussolutions.com/about-us/shopBuy Ortus’s Books102 ColdBox HMVC Quick Tips and Tricks on GumRoad (http://gum.co/coldbox-tips)Learn Modern ColdFusion (CFML) in 100+ Minutes - Free online https://modern-cfml.ortusbooks.com/ or buy an EBook or Paper copy https://www.ortussolutions.com/learn/books/coldfusion-in-100-minutes Patreon Support ( amazing )Goal 1 - We have 42 patreons providing 100% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions. Goal 2 - We are 37% of the way to fully fund the hosting of ForgeBox.io News and AnnouncementsNew updates released for Java 8, 11, 17, and 19 as of Jan 17 2023Here's a heads-up that some will want to hear about: there are new JVM updates released today (Jan 17, 2023) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17, as well as the current interim update 19. (Note that prior to Java 9, releases of Java were known technically as 1.x, so 8 is referred to in resources below as 1.8.)https://www.carehart.org/blog/2023/1/17/java_updates_Jan_2023 Beware that latest Oracle JDK installers will REMOVE older JDK installs of that versionHere's something new to beware if you may run the Oracle JDK installer for the recently updated Java 11 or 17, whether on Windows, macOS, or via RPM: the new Oracle jdk installer WILL REMOVE any older previous versions of that JVM version created by previous JDK installers of the same major version. (Note that this issue does not affect those who implement java by extracting it from a compressed file, like a zip or tar.gz.)Fortunately for some, this issue does NOT affect those running Java 8 or below, or Java 19 or abovehttps://www.carehart.org/blog/2023/1/23/beware_latest_oracle_JDK_installers_will_remove_older_JDK_installs CBWire Poll about a CFCasts SeriesI’m in the planning stage of developing an ongoing video series for CBWIRE on https://cfcasts.com/. I have several ideas and would like to put it out to the community to vote what you’d like to see most. All series would feature 5-7 minute bit-sized videos posted regularly (probably weekly) until the series is finished.https://community.ortussolutions.com/t/poll-cbwire-cfcasts-com-series/9513 New Releases and UpdatesCBSecurity - V 3.0.0 This module will enhance your ColdBox applications by providing out-of-the-box security.Now with a cool Security Visualizer too?Change Log is packed - https://www.forgebox.io/view/cbsecurity#changeLog Changed / COMPATIBILITYDropped ACF2016Separated routes to it's own module RouterCOMPAT New JwtAuthValidator instead of mixing concerns with the JwtService. You will have to update your configuration to use this validator instead of the JwtServiceuseSSL is now defaulted to true for all security relocations as the defaultEncapsulation of jwt settings from the ModuleConfig to the JwtServiceCBAuthValidator has been renamed to just AuthValidator this way it can be used with ANY authentication service instead of binding it to just cbauth. This validator just relies on the IAuthUser interface now.AddedNew AuthValidator now can validate permissions and roles according to our IAuthUser interface but can be used on ANY authentication service that implements IAuthServiceNew authorization and authentication delegates for usage in cb7New ability for the firewall to log all action events to a database table.New visualizer that can visualize all settings and all firewall events via the log table if enabled.New Basic Auth validator and basic auth user credentials storage system. This will allow you to secure your apps where no database interaction is needed or required.New global and rule action: block and the fireall will block the request with a 401 Unathorized page.New event cbSecurity_onFirewallBlock announced whenever the firewall blocks a request into the system with a 403.DBTokenStorage now rotates using async scheduler and not direct usage anymore.Ability to set the cbcsrf module settings into the cbsecurity settings as csrf.We now default the user service class and the auth token rotation events according to used authentication service (cbauth, etc), no need to duplicate work.New rule based IP security. You can add a allowedIPs key into any rule and add which IP Addresses are allowed into the match. By default, it matches all IPs.New rule based HTTP method security. You can add a httpMethods key into any rule and add which HTTP methods are allowed into the match. By default, it matches all HTTP Verbs.New securityHeaders configuration to allow a developer to protect their apps from common exploits: xss, HSTS, Content Type Options, host header validation, ip validation, click jacking, non-SSL redirection and much more.Authenticated user is now stored by the security firewall according to the prcUserVariable on authenticated calls via preProcess() no matter the validator usedDynamic Custom Claims: You can pass a function/closure as the value for a custom claim and it will be evaluated at runtime passing in the current claims before being encodedAllow passing in custom refresh token claims to attempt() and fromUser() and refreshToken() : refreshCustomClaimsAdded TokenInvalidException and TokenExpiredException to the refreshToken endpointhttps://www.forgebox.io/view/cbsecurityWebinar / Meetups and WorkshopsOrtus Event Calendar for Googlehttps://cale...