EPISODE · Mar 14, 2023 · 54 MIN
Modernize or Die® - CFML News Podcast for March 14th, 2023 - Episode 188
from Modernize or Die ® Podcast · host Ortus Solutions
2023-03-14 Weekly News - Episode 188Watch the video version on YouTube at https://youtube.com/live/v4vxEckWfYg?feature=share Hosts: Gavin Pickin - Senior Developer at Ortus SolutionsDaniel Garcia - Senior Developer at Ortus SolutionsThanks to our Sponsor - Ortus SolutionsThe makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there. A few ways to say thanks back to Ortus Solutions:Like and subscribe to our videos on YouTube. Help ORTUS reach for the Stars - Star and Fork our ReposStar all of your Github Box Dependencies from CommandBox with https://www.forgebox.io/view/commandbox-github Subscribe to our Podcast on your Podcast Apps and leave us a reviewSign up for a free or paid account on CFCasts, which is releasing new content every weekBOXLife store: https://www.ortussolutions.com/about-us/shopBuy Ortus’s Books102 ColdBox HMVC Quick Tips and Tricks on GumRoad (http://gum.co/coldbox-tips)Learn Modern ColdFusion (CFML) in 100+ Minutes - Free online https://modern-cfml.ortusbooks.com/ or buy an EBook or Paper copy https://www.ortussolutions.com/learn/books/coldfusion-in-100-minutes Join us for the 10th Into the Box - In person ONLY!!! Patreon Support ( Invigorating ) - UPDATED GOALSWe have 41 patreons: Goal 1 - 26% - This goal would help us to fully fund the hosting of ForgeBox.io (www.forgebox.io), the ColdFusion software directory.Goal 2 - 13% - This goal would fund the development of CommandBox CLI, so it can remain FREE and Open Source forever.Goal 3 - 6% - This goal would help us to fully fund the Modernize or Die podcasts.https://www.patreon.com/ortussolutions. News and AnnouncementsCritical Security Update for ColdFusion APSB23-25From Adobehttps://community.adobe.com/t5/coldfusion-discussions/released-coldfusion-2021-and-2018-march-2023-security-updates/td-p/13649873From FoundeoAdobe has just published a security bulletin APSB23-25, and has released security updates for ColdFusion 2018 and 2021.We recommend installing these update as soon as possible, because one of the vulnerabilities has been actively exploited by attackers already. https://helpx.adobe.com/security/products/coldfusion/apsb23-25.htmlhttps://helpx.adobe.com/coldfusion/kb/coldfusion-2018-update-16.htmlhttps://helpx.adobe.com/coldfusion/kb/coldfusion-2021-update-6.htmlHackMyCF has been updated to warn you if the hotfix is missing.It is important to note that if you are on ColdFusion 11, or 2016 that it is possible that your servers could be vulnerable to at least one of these issue as well. However, because these versions reached end of life they are no longer receiving security patches from Adobe.One thing you can do to mitigate one of these issues is to block requests containing a variable named _cfclient. Some of the filters in FuseGuard may help prevent some attack vectors when configured to. But the best solution is to upgrade to CF2018 or 2021 and apply the patch released today.--Foundeo Inc.ICYMI - Authentication Bypass Vulnerability in Mura CMS and Masa CMS (CVE-2022-47003 and CVE-2022-47002)Mura CMS is a popular content management system written in ColdFusion/CFML. While it was originally a commercial open source product, it was re-licensed as a closed source application with the release of Mura CMS v10 in 2020. There are forked open source projects based on the last open source release of Mura CMS, including Masa CMS - which is actively maintained.Multiple versions of Mura CMS and Masa CMS contain an authentication bypass vulnerability that can allow an unauthenticated attacker to login as any Site Member or System User.https://hoyahaxa.blogspot.com/2023/03/authentication-bypass-mura-masa.html ICYMI - State of the CF Union 2023 ReleasedHelp us find out the state of the CF Union – what versions of CFML Engine do people use, what frameworks, tools etc.https://teratech.com/state-of-the-cf-union-2023-survey New Releases and UpdatesICYMI - CommandBox 5.8.0 Released!We are pleased to announce the release of CommandBox 5.8.0, which comes with a handful of new features and some important library updates.Now bundles commandbox-cfconfig, commandbox-dotenv, commandbox-update-check. Automatically installed or updated when you start CLIAutomatically sets the content type in the HTTP response for static file typesl. You can customize in server.jsonConfig and Module Sync - if you are authenticated to ForgeBox in the CLI, you can synchronize config settings to and from.Web Server Case Sensitivty - forcing case sensitivity on WindowsREPL improvementsAs usual, you can acquire the latest release from our download page or your favorite HomeBrew or apt/yum repohttps://www.ortussolutions.com/products/commandbox#download https://www.ortussolutions.com/blog/commandbox-580-released https://commandbox.ortusbooks.com/ICYMI - First Lucee 6 Beta ReleasedRemember this is a BETA, so it’s not production ready, what we are looking for in this first BETA release, is for you to try and run your apps / test suites in locally and let us know how it goes for you.https://dev.lucee.org/t/first-lucee-6-public-beta-is-available-6-0-0-346-beta/12195Webinar / Meetups and WorkshopsOrtus Event Calendar for Googlehttps://calendar.google.com/calendar/u/0?cid=Y181NjJhMWVmNjFjNGIxZTJlNmQ4OGVkNzg0NTcyOGQ1Njg5N2RkNGJiNjhjMTQwZjc3Mzc2ODk1MmIyOTQyMWVkQGdyb3VwLmNhbGVuZGFyLmdvb2dsZS5jb20 Ortus Webinar - March 17, 2023 - CBSecurity with Luis MajanoFriday, March 17th, at 3pm CST.Signup Now: https://us02web.zoom.us/meeting/register/tZAsf-6hrzsuE9POBoeyMYsFPY1AN-M2x29FOrtus Office Hours - Date TBDDue to spring break, good friday, lots of people at Dev Nexus and CF Summit East, we might pu...
What this episode covers
2023-03-14 Weekly News - Episode 188Watch the video version on YouTube at https://youtube.com/live/v4vxEckWfYg?feature=share Hosts: Gavin Pickin - Senior Developer at Ortus SolutionsDaniel Garcia - Senior Developer at Ortus SolutionsThanks to our Sponsor - Ortus SolutionsThe makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there. A few ways to say thanks back to Ortus Solutions:Like and subscribe to our videos on YouTube. Help ORTUS reach for the Stars - Star and Fork our ReposStar all of your Github Box Dependencies from CommandBox with https://www.forgebox.io/view/commandbox-github Subscribe to our Podcast on your Podcast Apps and leave us a reviewSign up for a free or paid account on CFCasts, which is releasing new content every weekBOXLife store: https://www.ortussolutions.com/about-us/shopBuy Ortus’s Books102 ColdBox HMVC Quick Tips and Tricks on GumRoad (http://gum.co/coldbox-tips)Learn Modern ColdFusion (CFML) in 100+ Minutes - Free online https://modern-cfml.ortusbooks.com/ or buy an EBook or Paper copy https://www.ortussolutions.com/learn/books/coldfusion-in-100-minutes Join us for the 10th Into the Box - In person ONLY!!! Patreon Support ( Invigorating ) - UPDATED GOALSWe have 41 patreons: Goal 1 - 26% - This goal would help us to fully fund the hosting of ForgeBox.io (www.forgebox.io), the ColdFusion software directory.Goal 2 - 13% - This goal would fund the development of CommandBox CLI, so it can remain FREE and Open Source forever.Goal 3 - 6% - This goal would help us to fully fund the Modernize or Die podcasts.https://www.patreon.com/ortussolutions. News and AnnouncementsCritical Security Update for ColdFusion APSB23-25From Adobehttps://community.adobe.com/t5/coldfusion-discussions/released-coldfusion-2021-and-2018-march-2023-security-updates/td-p/13649873From FoundeoAdobe has just published a security bulletin APSB23-25, and has released security updates for ColdFusion 2018 and 2021.We recommend installing these update as soon as possible, because one of the vulnerabilities has been actively exploited by attackers already. https://helpx.adobe.com/security/products/coldfusion/apsb23-25.htmlhttps://helpx.adobe.com/coldfusion/kb/coldfusion-2018-update-16.htmlhttps://helpx.adobe.com/coldfusion/kb/coldfusion-2021-update-6.htmlHackMyCF has been updated to warn you if the hotfix is missing.It is important to note that if you are on ColdFusion 11, or 2016 that it is possible that your servers could be vulnerable to at least one of these issue as well. However, because these versions reached end of life they are no longer receiving security patches from Adobe.One thing you can do to mitigate one of these issues is to block requests containing a variable named _cfclient. Some of the filters in FuseGuard may help prevent some attack vectors when configured to. But the best solution is to upgrade to CF2018 or 2021 and apply the patch released today.--Foundeo Inc.ICYMI - Authentication Bypass Vulnerability in Mura CMS and Masa CMS (CVE-2022-47003 and CVE-2022-47002)Mura CMS is a popular content management system written in ColdFusion/CFML. While it was originally a commercial open source product, it was re-licensed as a closed source application with the release of Mura CMS v10 in 2020. There are forked open source projects based on the last open source release of Mura CMS, including Masa CMS - which is actively maintained.Multiple versions of Mura CMS and Masa CMS contain an authentication bypass vulnerability that can allow an unauthenticated attacker to login as any Site Member or System User.https://hoyahaxa.blogspot.com/2023/03/authentication-bypass-mura-masa.html ICYMI - State of the CF Union 2023 ReleasedHelp us find out the state of the CF Union – what versions of CFML Engine do people use, what frameworks, tools etc.https://teratech.com/state-of-the-cf-union-2023-survey New Releases and UpdatesICYMI - CommandBox 5.8.0 Released!We are pleased to announce the release of CommandBox 5.8.0, which comes with a handful of new features and some important library updates.Now bundles commandbox-cfconfig, commandbox-dotenv, commandbox-update-check. Automatically installed or updated when you start CLIAutomatically sets the content type in the HTTP response for static file typesl. You can customize in server.jsonConfig and Module Sync - if you are authenticated to ForgeBox in the CLI, you can synchronize config settings to and from.Web Server Case Sensitivty - forcing case sensitivity on WindowsREPL improvementsAs usual, you can acquire the latest release from our download page or your favorite HomeBrew or apt/yum repohttps://www.ortussolutions.com/products/commandbox#download https://www.ortussolutions.com/blog/commandbox-580-released https://commandbox.ortusbooks.com/ICYMI - First Lucee 6 Beta ReleasedRemember this is a BETA, so it’s not production ready, what we are looking for in this first BETA release, is for you to try and run your apps / test suites in locally and let us know how it goes for you.https://dev.lucee.org/t/first-lucee-6-public-beta-is-available-6-0-0-346-beta/12195Webinar / Meetups and WorkshopsOrtus Event Calendar for Googlehttps://calendar.google.com/calendar/u/0?cid=Y181NjJhMWVmNjFjNGIxZTJlNmQ4OGVkNzg0NTcyOGQ1Njg5N2RkNGJiNjhjMTQwZjc3Mzc2ODk1MmIyOTQyMWVkQGdyb3VwLmNhbGVuZGFyLmdvb2dsZS5jb20 Ortus Webinar - March 17, 2023 - CBSecurity with Luis MajanoFriday, March 17th, at 3pm CST.Signup Now: https://us02web.zoom.us/meeting/register/tZAsf-6hrzsuE9POBoeyMYsFPY1AN-M2x29FOrtus Office Hours - Date TBDDue to spring break, good friday, lots of people at Dev Nexus and CF Summit East, we might pu...
NOW PLAYING
Modernize or Die® - CFML News Podcast for March 14th, 2023 - Episode 188
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Jan 2, 2026 ·47m
Dec 21, 2025 ·46m