
CAR file failure
CAR file does nothing when I try to import. The post CAR file failure appeared first on ColdFusion.
From: Adobe Coldfusion Blogs
CAR file does nothing when I try to import. The post CAR file failure appeared first on ColdFusion.
From: Adobe Coldfusion Blogs
Angular 15 is out. I've done an update to my main books and am working on the ones right now. Ivy is more mature now, and a lot of the external libraries worked fine without issue. With Angular 14 I had issues w/ external libs. I look forward to diving deep into stand alone components, and I'll be writing a chapter--and probably a few blog posts--about that early next year.
From: Jeffry Houser's Blog
This is part of an ongoing series of blog posts about our ever-evolving use of the Clojure CLI, deps.edn, and Polylith, with our monorepo at World Singles Networks.
This question comes in from a reader of one of my books, who was curious about how to deploy an Angular application to his ColdFusion server. The Learn with books primarily focus on the development process and I don't cover the dev ops or deployment side of things. My question: besides working locally while reading the book, I am assuming that I need to find a server that offers ColdFusion and allows me to work with Node, correct? This is what I told him. For local development, you can run both ColdFusion and NodeJS locally with no issue. The Angular CLI has a development server, and you can set up a proxy to call your local ColdFusion server. This is covered in the book. All the backend services to the books use the same approach, including PHP, Java, and NodeJS. If you want to deploy the app to a production server, you can create a production build with the Angular CLI and that will give you HTML/CSS/JS files you can push up to your existing web server. You do not need to install NodeJS on the server for this to work. Howeer, If you want to do automated deployments using Jenkins, docker, and/or microservices, things get a bit more complex. In that situation, my team uses an NGINX Docker Image as the base and we move the production version of the Angular code into the NGINX root directory, so even with our production build we do not have NodeJS running a web server. I've never delved deep into the process for running and deploying an application even though that is the approach most modern teams use. Often we set it up once and forget about it. I hope this helps someone.
From: Jeffry Houser's Blog
I will be giving my talk Taming the Top 25 Most Dangerous Software Weaknesses (for ColdFusion Developers) next Tuesday, December 6th 2022 at 1pm US Eastern Time. You will need to register with Adobe to join, it's free. Adobe is repeating many of the talks from the in person ColdFusion Summit that took place in October, if you weren't able to make it - this is a great way to see the presentations. Finally, if you are interested in the topic of ColdFusion Security, there are still a few seats left in my ColdFusion Security Training Class taking place on December 13th and 14th.
From: Pete Freitag's Homepage
Two years ago, I published this post detailing how I had refactored the Query of Query support in Lucee to be much better and also much faster: https://www.codersrevolution.com/blog/improving-lucees-query-of-query-support I removed the single-threaded HSQLDB callback for grouped/aggregate and distinct selects and tuned the performance. QoQ's are a bit of a polarizing feature in CFML. They've suffered in the past from poor support and poor performance which has caused a lot of people to avoid them. There are certainly places where queryMap(), queryFilter(), and queryReduce() are the best approach, but there are also times where you simply can't beat the readability and conciseness of an ordered, aggregated select. I know developers who tell me they never use "reduce" higher order functions because they are too confusing, but I've never met a developer who didn't understand "GROUP BY department"! I've got several other ideas to increase the feature set of QoQ in CFML including native support for INNER and OUTER joins as well as this idea of exposing CFML string, number, and date functions directly in QoQ. I've also put in a handful of tickets for Adobe ColdFusion to invite them to follow in the improvements I've added to Lucee. I'd send them pulls, if I could : (
From: Coders Revolution
Today I learned someone put together a chart to tell which version of NodeJS works best with which version of Angular. Check it out Here! I've never put too much thought into it, because I've never experienced incompatibilities with my local install of NodeJS and the version of Angular I'm using. We do have some different projects that require different versions of Node, though, and have been using Volta to manage that. I hope to get some posts about that in the coming months.
From: Jeffry Houser's Blog
Interested in finding the recordings of the Online version of the 2022 CF Summit? TLDR: recordings of the CF Summit Online are now being posted on the Adobe CF team Youtube channel, and we can expect to see soon other places listing all the recordings for the event, as a single playlist. I discuss each of these more, below. As you may have heard, Adobe has started offering a series of online webinars where they have the presenters from the […] The post Recordings of CF Summit Online sessions, finding them posted after each session appeared first on ColdFusion.
From: Adobe Coldfusion Blogs
Are you taking the ColdBox Master Class on CFCasts? Some folks were asking where to find the Vandelay Forum app that I used in the video training.
From: South of Shasta: Software Development, Web Design, Training
Earlier this week I wrote about how the JavaScript includes() method works on a string. I followed it up on a post about how includes() works on an array. The short summary is that for strings we're looking for a partial match of the target string to exist in the source string. For an array, we are looking for an exact match between the target string and a single element within the source array. After writing the post about searching a string array, I wanted to explore a bit about object arrays. On paper, object arrays work exactly string arrays do, however the comparison can be a bit confusing to newcomers to JavaScript. Let's start with an array of objects: let myArrayWithObjects = [ { word: 'The'}, { word:'Quick'}, { word:'Brown'}, { word: 'Fox'}, { word: 'Jumped'}, { word: 'Over'}, { word: 'The'}, { word: 'Lazy'}, { word: 'Dogs'} ]; Each object contains a single property, `word`. Now we can use includes to search for for items in that array console.log(myArrayWithObjects.includes('The Quick Brown Fox Jumped Over The Lazy Dogs')); // returns false. This will output a false response, since no strings exist in the array; only objects. That is what we'd expect. Let's create a new object variable: let compareObject1 = { word: 'Fox'}; From our perspective, as a human reviewing code it looks like this object is equal to an object within the array. What happens if we perform the includes()? console.log(myArrayWithObjects.includes(compareObject1)); Try it, and you'll see that the response if also false How come? Because even though the two objects look similar they are two independent objects. JavaScript performs this compare by looking at the object's space in memory and these two objects that look similar occupy different places in memory. If we set our source string to a real value insdie the array and use that to compare, we should get a true result: console.log(myArrayWithObjects.includes(myArrayWithObjects[4])); This is because the the target value is pointed at the same object instance that resides inside the array. The comparison is true. Play with a Plunker here. Every once in a while I have a developer conversations and go on a weird tangent, writing a bunch of blog posts to drill into something that should be simple and intuitive. I think this is one of those times, but I'm always happy to explore and share those explorations.
From: Jeffry Houser's Blog
Earlier this week I wrote about how the JavaScript includes() method works on a string. It works a bit differently on an array, and I wanted to go into that. When processing it on a string, the includes() method performs a partial match. If the argument string exists in the source, true is returned. Otherwise false is returned. However, when using includes() on an array, an exact match is required. Not a match to the array, but a match between the object to search for and an item inside the array. You can use includes() on an array to search through an item in that array. Let's start with a variable that's an array: let myArray = ['The', 'Quick', 'Brown', 'Fox', 'Jumped', 'Over', 'The', 'Lazy', 'Dogs']; Now we can use includes to search for for items in that array console.log(myArray.includes('Fox')); // returns true This will output a true since the string Fox is an element in the array. We can try a full string comparison: console.log(myArray.includes('The Quick Brown Fox Jumped Over The Lazy Dogs')); This will return false, because even though each work in the string is part of the array, the full string is not a full element on the array. What happens if you search for something not in the original string? Techincally we did that above, but here is a check with a new word not in the original array. console.log(myArray.includes('Doggies')); The value will return false. Play with a Plunker here. I think I'm gonna be back next week to do some testing with an object full of arrays.
From: Jeffry Houser's Blog
Javascript and its derivatives are immensely flexible. I've used some variation of Javascript for pretty much every use case you can think of - desktop applications, mobile apps, APIs and entire backend processing systems. You can train a complete newbie on the basics incredibly quickly, and I love working with it. I've primarily been a Javascript developer my entire career and I started using typescript when I joined Pretty Little Thing back in 2020. I've been a big fan of the support that having a typed version of Javascript offers and you'll find almost all my blog posts use typescript in some capacity. Be that as it may, currently I find myself spending my weekends learning Rust.
Seeking help for the following issue: Our shop is running two Adobe ColdFusion servers, a development and a production. Production is on ColdFusion 2018 and development is on ColdFusion 2021. When upgrading the development server to 2021, we chose to migrate the server administrator panel settings manually and most likely missed several. We now have the following problem: In one of our web apps, a GET request (from superagent) is being made to a REST API URL to pull in some […] The post GET response content type settings in CF2021 appeared first on ColdFusion.
From: Adobe Coldfusion Blogs
I have a discussion with another developer about a section of code that had the use of the includes method on a string, and there was some confusion about what it did, and I thought I'd write this full blog post. The includes() JS method can be used on both strings and arrays, both with slightly different functionality. This post will focus on using it on a string. When using includes on a string it will look for the text you provide inside of a different string. You can use includes on a string to search through text in the source. Let's start with a variable that's a string: let myString = "The Quick Brown Fox Jumped Over The Lazy Dogs" Now we can use includes to search for other text in that string: console.log(myString.includes('Fox')); // returns true This will output a true since the word Fox is included as part of the full string. We can also do a full string comparison: console.log(myString.includes('The Quick Brown Fox Jumped Over The Lazy Dogs')); // returns true I do one comparisons here, using a string literal. We can also compare based on a different variable: console.log(myString.includes(myString)); // returns true What happens if you search for something not in the original string? The value will return false: console.log(myString.includes('Doggies')); // returns false The use case for this determine if an Angular interceptor should act on the current URL or not, but there are plenty of other use cases for this. My next post will talk about how includes works when you use it against an array. Play with a Plunker here.
From: Jeffry Houser's Blog
If you're active in social media you may have heard the news already, but for those who are not, Adobe has started to open the prerelease program for the next CF version, aka ColdFusion 2023--though known for now formally by its code name, Project Fortuna. You can find out more (and request to join) the prerelease program at its page on the Adobe prerelease site (where you will see as well as all kinds of prereleases for other Adobe products). For now, only the Alpha has been announced, and the number of registrants allowed may be limited. For more on that and about the prerelease (what can be gleaned/shared publicly), read on. [More]
I was recently working on an app where the user was entering one date, but the date was turning into something else. I hate it when this happens, and even had similar issues in the early versions of my Learn With book series. Usually this is a conversion issue between date entry in the UI, storage in backend service, and sending that data back to the UI. It drove me nuts, and I finally found a solution. I decided to store all dates in UTC format, and pass them on to the users in the same. When the user enters a date in the UI, you can turn it into UTC Format using the JS toISOString() function: let originalDate = new Date(); let isoString = originalDate.toISOString() console.log(isoString); You should see something like this in your console: 2022-11-09T14:41:56.202Z Now send this to your backend, and save it in your database as a date. All good! When your REST Services send that date string back to the UI, you can re-convert it into a date object for display: let dateObject = new Date(isoString); console.log(dateObject); The output should be something like this: Wed Nov 09 2022 09:41:56 GMT-0500 (Eastern Standard Time) I found this to be a great way to handle dates between the front end and backend of an application. Play with a Plunker here
From: Jeffry Houser's Blog
In the initial rendition of the LearnWith book series, I gave instructions on how to create a database and populate it with SQL, but left no instructions or details on how to set up or install a DB Server from scratch. That was beyond the scope of the book. About a year ago, I switched over from using a locally installed SQL Server to one powered by Docker. This would give my readers and myself a lot more flexibility, and one less thing to think about when reading my books to learn about Angular. In the process of creating the docker image for all to share, I took a ton of screenshots and a ton of notes but didn't have time to write it up until now. I'm using SQL Server as the basis however you should be able to morph these instructions for any type of Docker Image. Here are my instructions for how to create and publish a Docker Image. Create Your Docker Repo First, you'll want to create an account and docker repository on the Docker Website. Go here and you should see something like this: For the purposes of this article, I am not going to connect it to a Github or Bitbucket account, because auto build is out of the current scope of this article. Create the Docker Image You'll need to install Docker on your dev machine. From there, you can create your first container: docker run -e "ACCEPT_EULA=Y" -e "SA_PASSWORD=StrongPass#12" -e "MSSQL_PID=Express" -p 1433:1433 -d --name "learnwithdb" mcr.microsoft.com/mssql/server:2019-latest What does this command do? Let's dissect it: docker run: This command tells docker to start running something. e: The e argument is an environment variable, meaning you're passing some value into the Docker Image. In this case, I'm setting the default password and telling it to pre-accept the EULA. I'm also telling it which version of SQL Server to use--Express, the free version. p: The p argument is the port, it means the external port 1433, will redirect to the internal port 1433. d: This means the docker image runs in detached mode. It starts and returns you to your console, instead of showing you the console of the docker image. name: This argument is used to specify the name of our new docker image. I used learnwithdb, since I am creating a database to use with my learn with books. mcr.microsoft.com/mssql/server:2019-latest: The final piece of the command, isn't actually an argument; it is a reference to the docker image that we're making a copy of, in this case I'm copying the latest version of Microsoft's SQL Server 2019 docker image release. You should see something like this: No real response from the client, but once this was done, I was able to open up the server in SQL Server enterprise Manager, create the database, create the tables, populate it with some sample data. I'll refrain from going into details of this, since the focus on publishing a docker image. Turn your Container into an Image What we've created now is a container that is a copy of a default docker image provided by Microsoft. We need to turn that container into our own docker image. To do that we use the docker commit command: docker commit learnwithdb You should see something like this: I added a docker image ls at the end of the screenshot so we could see that the new image was indeed created. Grab the imageId and add a tag to it: docker tag 684de5ad80b4 learnwithdb You should see something like this: You may need to stop and delete the original running docker container before continuing. To stop it: docker stop learnwithdb And then delete it: docker rm learnwithdb When prepping for this, I neglected to grab screenshots of these two commands, sorry. Start your new Docker Image Now you can start up your new docker image: docker run -p 1433:1433 -d --name "learnwithdb" learnwithdb This run command is a lot simpler than our previous one. Let's see what is here: docker run: This command tells docker to start running something. p: The p argument is the port, it means the external port 1433, will redirect to the internal port 1433. d: This means the docker image runs in detached mode. It starts and returns you to your console, instead of showing you the console of the docker image. name: This argument is used to specify the name of our new docker image. I used learnwithdb, since I am creating a database to use with my learn with books. learnwithdb: The final piece of the command, isn't actually an argument; it is a reference to the docker image that we're making a copy of, in this case I'm creating a container based off the image we just created, learnwithdb. You should see something like this: I added a docker ps command, to show me all the running containers, and we see our new one running. Grab the container ID and add a tag: docker tag 684de5ad80b4 learnwith/learn-with:learnwithdb This tag will relate to how the image is found on the docker site, in this case it is found at https://hub.docker.com/repository/docker/learnwith/learn-with . I named it after my book series and then another one related to the DB. It should look something like this: I added an docker images at the end to listed all the images. You can see the original one we created, and the new tag. Make the Image Available Now, we can push image to repo with this command: docker push learnwith/learn-with:learnwithdb You'll see something like this: Now, jump over to hub.docker.com to see your repos: Now other people should be able to use or set up the image. Final Test I went ahead and used Docker Desktop to delete the images and containers I just created. Now try to run this: docker run -p 1433:1433 -d --name "learnwithdb" learnwith/learn-with:learnwithdb You should see something like this: Congratulations; you're done! You can find my custom image at https://hub.docker.com/repository/docker/learnwith/learn-with.
From: Jeffry Houser's Blog
The first session for the Adobe ColdFusion Summit Online has been announced. I had reported here last week that Adobe was going to start having all the speakers from Adobe’s CF Summit (in Vegas last month) offer their talks online, to be live-streamed and recorded. Well, it looks like I’m the lead-off batter. They’ve announced via twitter that I’ll be giving the online repeat of my session, “How the Adobe CF Docker Images Have Evolved” on Wed November 16 at 12pm […] The post Come learn “How the Adobe CF Docker Images Have Evolved”, launching CF Summit online appeared first on ColdFusion.
From: Adobe Coldfusion Blogs
This is part of an ongoing series of blog posts about our ever-evolving use of the Clojure CLI, deps.edn, and Polylith, with our monorepo at World Singles Networks.
If you may ever encounter problems trying to use regular expressions in CFML (which are actually PERL regex’s), did you know that you can tell CF to use Java regex’s instead? This has been possible since 2019, but you could have missed when the change was introduced via CF2018 update 5 in Sep 2019–and of course the option is also built into CF 2021. This is one of those settings which can be enabled/controlled at either: the server level: via […] The post Enabling CF to switch to using Java’s regex engine appeared first on ColdFusion.
From: Adobe Coldfusion Blogs
CFML developers that still say "I don't know how to use ColdBox", your excuses are now officially invalid. ;) The ColdBox Master Class video training series that I produced for Ortus Solutions is FREE for the rest of the year!
From: South of Shasta: Software Development, Web Design, Training
As of the Oct 2022 CF updates (CF2021 update 5 and CF2018 update 15), Adobe has chosen to remove the CF Admin feature to view, search, download, and delete CF logs, due to asserted (but as-yet undocumented) security concerns. What if you want it back? In this post, I explain what changed, why, and how to get the functionality back--albeit at your own risk. For more, read on. [More]
I've had a several people asking me about the openssl vulnerabilities that were patched this week: CVE-2022-3602 and CVE-2022-3786 aka Spooky SSL. ColdFusion / Lucee and OpenSSL As far as I know both ColdFusion and Lucee do not use openssl for any of its crypto operations by default. Both ColdFusion and Lucee use the Java Cryptographic Extension (JCE) layer which provides an api to access crypto algorithm implementations. Adobe ColdFusion Enterprise is using RSA BSafe CryptoJ provider, which has FIPS compliant implementations of many crypto algorithms. The standard version, and Lucee would likely just use the default provider that ships with java. Adobe's Product Support Manager mentioned on the CFML slack on November 4, 2022 that Adobe ColdFusion is not impacted: Hi All, Just want to update everyone that CF is not impacted by OpenSSL vulnerability. Tomcat and OpenSSL Tomcat - which ships with ColdFusion, can actually use openssl libraries to provide a SSL / TLS / HTTPS connector for the tomcat web server. This feature is called Tomcat Native. So if you have Tomcat configured with SSL/TLS you should check and see if it is using Tomcat Native with the OpenSSL Library. You would see something like this in your catalina.out file: 01-Nov-2022 10:22:42.105 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 3.0.4-dev 3 May 2022] If you find that you are using OpenSSL version 3, you need to upgrade to the most recently patched version of OpenSSL 3. From the OpenSSL Security Advisory: OpenSSL 3.0 users should upgrade to OpenSSL 3.0.7. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue. Or you can also remove the Tomcat Native AprLifecycleListener from your server.xml file: <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> It appears that you can alternatively set UseOpenSSL="false" on the <Listener> tag of the AprLifecycleListener. After making one of the above changes, double check your tomcat logs and make sure OpenSSL 3 is no longer output on server startup. IIS and OpenSSL IIS uses MSCAPI to perform crypto operations, so you should be ok at the web server level if you are using IIS. Apache or nginx and OpenSSL Most linux based web servers such as Apache or nginx would be using OpenSSL, however there is a good chance that your server is not using Openssl 3 yet. You can check the version of openssl installed by running: openssl version Check the list of software affected / unaffected Here is a handy list of software that has been marked as vulnerable or not vulnerable to this issue. Disclaimer: The content (and links) on this page are provided as is, without warranty of any kind. Use at your own risk. You should consult with your software vendors to ensure that you are properly protected.
From: Pete Freitag's Homepage
Early bird registration is open for my ColdFusion Security Training deep dive class in December. If you've ever attended one of my conference sessions on ColdFusion Security at Adobe ColdFusion Summit or Into The Box (or even cf.Objective() or CFUnited :-) you know that it is hard cover a wide variety of issues in a one hour session. It is an online class that takes place over Zoom on Tuesday December 13, 2022 and Wednesday December 14 from 11am-2pm each day. I find that two three hour chunks each day is a good amount of time to get hands on and in depth, but not so long that your brain is completely toasted. It also leaves some time for you to get some of your typical work done on those days if you are so inclined. Here's an outline of the topics that will be covered in the course: Remote Code Execution Path Traversals & File Path Vulnerabilities File Upload Vulnerabilities Cross Site Scripting Cross Site Request Forgery Session Hijacking Cookie Security Password Storage Authentication Authorization Content Security Policy SQL Injection Timing Attacks Scope Injection LDAP Injection XML Security Issues Core Security Principals Proactive Coding Guidelines OWASP Top 10 Security Tools: OWASP Zap, Fixinator And more! The course covers a wide range of vulnerabilities that CFML web developers should be aware of. For each vulnerability the students will learn about it, attempt to exploit it, and last but certainly not least learn how to fix or mitigate the vulnerability. I would love to have you attend, so please sign up while seats are still available and before the price increases on December 1st.
From: Pete Freitag's Homepage
[Posted Nov 1, 2022; Updated Nov 10th and 4th, 2022] Adobe announced Nov 1 that the “ColdFusion Summit Online” would begin soon, where they would be having presenters offer their sessions again from the CF Summit last month, to be live-streamed and recorded (since that couldn’t be done in Vegas). Update Nov 4: Adobe has started announcing sessions. I said I would try to keep this list up-to-date as they had not yet offered such a post here. Now I […] The post Join Adobe for “ColdFusion Summit Online”, re-presenting sessions over the next several weeks appeared first on ColdFusion.
From: Adobe Coldfusion Blogs