Sign up to save your podcasts
Or
Share Modernize or Die® - CFML News for July 30th, 2019
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Modernize or Die® - CFML News for July 30th, 2019
Watch the full video Online on Youtube - https://youtu.be/ASLg8JGvD2Y
2019-07-30 Weekly News - Episode 12
Hosts:
- Gavin Pickin - Software Consultant for Ortus Solutions
- Brad Wood - Lead Architect for Ortus Solutions
News and Events
Security Alert - VE-2019-7839: COLDFUSION CODE EXECUTION THROUGH JNBRIDGE
July 25, 2019 | Trend Micro Research Team
A remote code execution vulnerability has been reported in Adobe ColdFusion. This vulnerability is due to the JNBridge binary protocol port being exposed without any authentication.
A remote unauthenticated attacker can exploit this vulnerability by sending a crafted JNBridge binary protocol message to an affected server. Successful exploitation results in remote code execution as the root or SYSTEM user.
Brad tweeted about this security alert
“#ColdFusion folks, hackers waste no time developing exploits for CF when a patch comes out. I hope you have the same sense of urgency when it comes to installing the patches! Also ensure your firewall is only allowing HTTP/S traffic through! #CFML”
https://www.zerodayinitiative.com/blog/2019/7/25/cve-2019-7839-coldfusion-code-execution-through-jnbridge
Pete Frietag from Foundeo released another CFML News Issue No 32
Go online to register and get those newsletters emailed to you. Great summary of everything CFML - highlighting the best blog posts and news.
https://tinyletter.com/cfml/letters/cfml-news-issue-32
CBORM Updated - Version 2 Released + New GitBook
A complete rewrite of the module to support a more modern and fluent approach to working with Hibernate/ColdFusion ORM. In this release we had to support 3 versions of Hibernate: 3 (Lucee), 4 (ACF 2016) and 5 (ACF 2018), which in itself proved to be a gargantuan task.
We also focused on bringing more functional programming aspects to working with collections of entities and even introduced cbStreams as part of the cborm module. This gives you the ability to produce streams out of any method that produces a collection of entities.
We also focused on converting the state of an object graph to a raw ColdFusion data struct as we live in the world of APIs. We include the mementifier module which allows every single entity to have a getMemento() method that will convert itself and its relationships to raw CF data constructs so you can take that state and either marshall it to another format (json,xml,excel) or audit the state.
https://coldbox-orm.ortusbooks.com/
New landing page for OrtusBooks.com - see all of our books
https://ortusbooks.com/
Time to get the word out
We’ve had 500+ views on Youtube with 100+ new subscribers
We’ve had 1000+ podcast downloads
But until this last week, Ben Nadel ( who has been blogging like a mad man about ColdFusion lately ) didn’t know we had a CFML podcast, let alone 2.
So i need everyone go to on twitter and tweet that you’re watching / listening to the #modernizeordie #cfmlnews #podcast and why you think others should watch / listen to it.
Adobe CF Summit early bird
Still available as of July 23rd - are they still available now? Get them before they go up.
Certificate Program + Conference Pass $498.00
ColdFusion Security Preconference + Conference Pass $348.00
Conference Pass $99.00
ColdFusion Docker Preconference + Conference Pass $348.00
Adobe CF Summit - Conference
- Las Vegas at the Mirage October 1-2 ( Tuesday + Wednesday )
- Biggest CFML Conference of the Year - 500+ people
- Great Adobe Party
- Register Now - Early bird was only $99
- https://cfsummit.adobeevents.com/
- Early-bird registration has been extended to June 30, 2019
- Call for Speakers is now closed!!!
- Speakers are listed on the website
Adobe CF Summit Speakers Announced - 31 so far
https://cfsummit.adobeevents.com/speakers/
- Lots of Ortus Speakers
- Luis Majano
- Brad Wood
- Eric Peterson
- Gavin Pickin
- Adobe Speakers 5+
- Rakshith Naresh
- Uday Ogra
- Kailash Bihani
- Piyush Kumar Nayak
- Suchika Singh
- Lots of other great community speakers 15+
Including but not limited to:- Pete Frietag
- George Murphy
- Brian Klaas
- Matt Clemente
- Giancarlo Gomez
- Matt Gifford
- Carl Von Stetten
- Daniel Fredericks
- Uma Ghotikar
- Abram Adams
- Dan Wilson
- David Tattersal ( Fusion Reactor )
- Charlie Arehart
- Dave Ferguson
Adobe CF Summit - Workshops
Adobe ColdFusion Specialist Certificate Program
From the CF Summit Website:
The Adobe ColdFusion Specialist is a full-day certificate classroom program, delivered by top Adobe ColdFusion experts. You will be enrolled into the course as soon as you register and will receive course instructions and prep materials two weeks prior to the on-site program date. Following the training you will complete an online assessment – upon successful completion, you will receive your Adobe ColdFusion Specialist certificate.
Register: https://cfsummit.adobeevents.com/adobe-coldfusion-specialist/
Location
The Mirage, Las Vegas
3400 S Las Vegas Blvd
Las Vegas, Nevada, United States
89109
Dates:
Monday September 30, 2019 - 8:00 AM - 5:00 PM
Price: $399.00 - early bird pricing
- Pre-conference Training 1: Hands-on ColdFusion Security Workshop
Trainer : Pete Freitag, Principal Consultant, Foundeo Inc. - Pre-conference Training 2: Going from Zero to 60 with Docker and ColdFusion images
Trainer: Charlie Arehart, Independent Consultant, Carehart
https://cfsummit.adobeevents.com/register/registration/select
Ortus Solutions Training Workshops at CF Summit after the Conference
Ortus will be doing 2 2-day trainings on Thursday October 3rd, and Friday October the 4th.
We have two great workshops to select from and they will be held in a much more exclusive and comfortable environment that will ...
View all episodes
By Ortus Solutions
5
77 ratings
Watch the full video Online on Youtube - https://youtu.be/ASLg8JGvD2Y
2019-07-30 Weekly News - Episode 12
Hosts:
- Gavin Pickin - Software Consultant for Ortus Solutions
- Brad Wood - Lead Architect for Ortus Solutions
News and Events
Security Alert - VE-2019-7839: COLDFUSION CODE EXECUTION THROUGH JNBRIDGE
July 25, 2019 | Trend Micro Research Team
A remote code execution vulnerability has been reported in Adobe ColdFusion. This vulnerability is due to the JNBridge binary protocol port being exposed without any authentication.
A remote unauthenticated attacker can exploit this vulnerability by sending a crafted JNBridge binary protocol message to an affected server. Successful exploitation results in remote code execution as the root or SYSTEM user.
Brad tweeted about this security alert
“#ColdFusion folks, hackers waste no time developing exploits for CF when a patch comes out. I hope you have the same sense of urgency when it comes to installing the patches! Also ensure your firewall is only allowing HTTP/S traffic through! #CFML”
https://www.zerodayinitiative.com/blog/2019/7/25/cve-2019-7839-coldfusion-code-execution-through-jnbridge
Pete Frietag from Foundeo released another CFML News Issue No 32
Go online to register and get those newsletters emailed to you. Great summary of everything CFML - highlighting the best blog posts and news.
https://tinyletter.com/cfml/letters/cfml-news-issue-32
CBORM Updated - Version 2 Released + New GitBook
A complete rewrite of the module to support a more modern and fluent approach to working with Hibernate/ColdFusion ORM. In this release we had to support 3 versions of Hibernate: 3 (Lucee), 4 (ACF 2016) and 5 (ACF 2018), which in itself proved to be a gargantuan task.
We also focused on bringing more functional programming aspects to working with collections of entities and even introduced cbStreams as part of the cborm module. This gives you the ability to produce streams out of any method that produces a collection of entities.
We also focused on converting the state of an object graph to a raw ColdFusion data struct as we live in the world of APIs. We include the mementifier module which allows every single entity to have a getMemento() method that will convert itself and its relationships to raw CF data constructs so you can take that state and either marshall it to another format (json,xml,excel) or audit the state.
https://coldbox-orm.ortusbooks.com/
New landing page for OrtusBooks.com - see all of our books
https://ortusbooks.com/
Time to get the word out
We’ve had 500+ views on Youtube with 100+ new subscribers
We’ve had 1000+ podcast downloads
But until this last week, Ben Nadel ( who has been blogging like a mad man about ColdFusion lately ) didn’t know we had a CFML podcast, let alone 2.
So i need everyone go to on twitter and tweet that you’re watching / listening to the #modernizeordie #cfmlnews #podcast and why you think others should watch / listen to it.
Adobe CF Summit early bird
Still available as of July 23rd - are they still available now? Get them before they go up.
Certificate Program + Conference Pass $498.00
ColdFusion Security Preconference + Conference Pass $348.00
Conference Pass $99.00
ColdFusion Docker Preconference + Conference Pass $348.00
Adobe CF Summit - Conference
- Las Vegas at the Mirage October 1-2 ( Tuesday + Wednesday )
- Biggest CFML Conference of the Year - 500+ people
- Great Adobe Party
- Register Now - Early bird was only $99
- https://cfsummit.adobeevents.com/
- Early-bird registration has been extended to June 30, 2019
- Call for Speakers is now closed!!!
- Speakers are listed on the website
Adobe CF Summit Speakers Announced - 31 so far
https://cfsummit.adobeevents.com/speakers/
- Lots of Ortus Speakers
- Luis Majano
- Brad Wood
- Eric Peterson
- Gavin Pickin
- Adobe Speakers 5+
- Rakshith Naresh
- Uday Ogra
- Kailash Bihani
- Piyush Kumar Nayak
- Suchika Singh
- Lots of other great community speakers 15+
Including but not limited to:- Pete Frietag
- George Murphy
- Brian Klaas
- Matt Clemente
- Giancarlo Gomez
- Matt Gifford
- Carl Von Stetten
- Daniel Fredericks
- Uma Ghotikar
- Abram Adams
- Dan Wilson
- David Tattersal ( Fusion Reactor )
- Charlie Arehart
- Dave Ferguson
Adobe CF Summit - Workshops
Adobe ColdFusion Specialist Certificate Program
From the CF Summit Website:
The Adobe ColdFusion Specialist is a full-day certificate classroom program, delivered by top Adobe ColdFusion experts. You will be enrolled into the course as soon as you register and will receive course instructions and prep materials two weeks prior to the on-site program date. Following the training you will complete an online assessment – upon successful completion, you will receive your Adobe ColdFusion Specialist certificate.
Register: https://cfsummit.adobeevents.com/adobe-coldfusion-specialist/
Location
The Mirage, Las Vegas
3400 S Las Vegas Blvd
Las Vegas, Nevada, United States
89109
Dates:
Monday September 30, 2019 - 8:00 AM - 5:00 PM
Price: $399.00 - early bird pricing
- Pre-conference Training 1: Hands-on ColdFusion Security Workshop
Trainer : Pete Freitag, Principal Consultant, Foundeo Inc. - Pre-conference Training 2: Going from Zero to 60 with Docker and ColdFusion images
Trainer: Charlie Arehart, Independent Consultant, Carehart
https://cfsummit.adobeevents.com/register/registration/select
Ortus Solutions Training Workshops at CF Summit after the Conference
Ortus will be doing 2 2-day trainings on Thursday October 3rd, and Friday October the 4th.
We have two great workshops to select from and they will be held in a much more exclusive and comfortable environment that will ...