Artwork

Contenido proporcionado por Ortus Solutions. Todo el contenido del podcast, incluidos episodios, gráficos y descripciones de podcast, lo carga y proporciona directamente Ortus Solutions o su socio de plataforma de podcast. Si cree que alguien está utilizando su trabajo protegido por derechos de autor sin su permiso, puede seguir el proceso descrito aquí https://es.player.fm/legal.
Player FM : aplicación de podcast
¡Desconecta con la aplicación Player FM !

Modernize or Die® - CFML News Podcast for December 5th, 2023 - Episode 208

50:34
 
Compartir
 

Manage episode 387813186 series 2508132
Contenido proporcionado por Ortus Solutions. Todo el contenido del podcast, incluidos episodios, gráficos y descripciones de podcast, lo carga y proporciona directamente Ortus Solutions o su socio de plataforma de podcast. Si cree que alguien está utilizando su trabajo protegido por derechos de autor sin su permiso, puede seguir el proceso descrito aquí https://es.player.fm/legal.

2023-12-05 Weekly News — Episode 208

Watch the video version on YouTube at https://youtube.com/live/WHVwcHtf_gA?feature=share

Hosts:

  • Gavin Pickin - Senior Developer at Ortus Solutions
  • Grant Copley - Senior Developer at Ortus Solutions


Thanks to our Sponsor - Ortus Solutions

The makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there.
A few ways to say thanks back to Ortus Solutions:

Patreon Support ()

We have 42 patreons:
https://www.patreon.com/ortussolutions.

News and Announcements

Adobe ColdFusion flaw exploited in US government agency attacks
Adobe released a security update for the vulnerability (CVE-2023-26360) that the attackers exploited in March this year. At that time, the vulnerability was already used in zero-day attacks.
Following the FCEB agency’s investigation, analysis of network logs confirmed the compromise of at least two public-facing servers within the environment between June and July 2023.
https://stackdiary.com/adobe-coldfusion-flaw-exploited-in-us-government-agency-attacks/
https://www.cisa.gov/news-events/alerts/2023/12/05/cisa-releases-advisory-threat-actors-exploiting-cve-2023-26360-vulnerability-adobe-coldfusion

CISA has issued an alert regarding multiple vulnerabilities impacting Adobe ColdFusion.
CISA has issued an alert regarding multiple vulnerabilities impacting Adobe ColdFusion. The alert underscores that the exploitation of the vulnerabilities could grant threat actors control over affected systems, prompting organizations to take measures to protect their systems.

Adobe ColdFusion serves as a rapid scripting environment for developing dynamic internet applications on both web and mobile platforms, utilizing ColdFusion Markup Language (CFML).

The security update addresses a range of vulnerabilities, including critical, high, and medium severity issues. These vulnerabilities have the potential to enable threat actors to access specific endpoints or execute arbitrary code, without requiring user interaction.
https://socradar.io/cisa-alert-serious-vulnerabilities-in-adobe-coldfusion-cve-2023-44350-cve-2023-44351-cve-2023-44353-and-more/

Ben Nadel wrote a Book - Early Access: Feature Flags - From Concept To Cultural Revolution
Almost 3-months ago, I announced that I was writing a book on Feature Flags. This morning, I'm thrilled to announce that I have an early access version available for purchase. This is a PDF version; and, the formatting is a bit rough around the edges. But, the content is all there. And, if you pick-up the book now (at a deep discount), you'll automatically get access to future versions.
https://www.bennadel.com/blog/4531-early-access-feature-flags-from-concept-to-cultural-revolution.htm

New Releases and Updates

Update your servers with the below updates
ICYMI - Adobe November Updates - Security Fixes
Adobe for ColdFusion 2023 (update 6) and 2021 (update 12)
Previous versions no longer receive security updates!!!

CommandBox has already been updated

Security updates available for Adobe ColdFusion | APSB23-52 - https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html

https://community.adobe.com/t5/coldfusion-discussions/now-live-adobe-coldfusion-2023-and-2021-november-security-updates/m-p/14233917#M196421

Note: Reported WDDX related issues by some customers

More details from Charlie Arehart: https://www.carehart.org/blog/2023/11/14/cf_security_updates_nov_2023#more

ICYMI - ColdBox 7.2.0 Released

Welcome to ColdBox 7.2.0, which packs a big punch on stability and tons of new features.
Includes lots of updates for all the core products: ColdBox, WireBox, CacheBox, and LogBox.
ColdBox, 10 new features, 6 improvements and 4 bug fixes
LogBox has 3 new features, 4 improvements, 2 bug fixes and a task
With WireBox including a new feature and CacheBox has an Improvement.
https://coldbox.ortusbooks.com/readme/release-history/whats-new-with-7.2.0

Webinar / Meetups and Workshops

ColdFusion Security Training
Writing Secure CFML with Pete Freitag
A hands-on CFML / ColdFusion Security Training class for developers. Learn how to identify and fix security vulnerabilities in your ColdFusion / CFML applications.

Where: Online
When: Tuesday December 12, 2023 @ 11am-2pm EST & Wednesday December 13 @ 11am-2pm
Price: $899 per student
https://foundeo.com/consulting/coldfusion/security-training/

The class will be recorded, so if you cannot attend it fully online you will have access to a recording.

Hawaii ColdFusion Meetup Group - InertiaJS and ColdFusion with Eric Peterson
December 15th
InertiaJS is a new JavaScript framework made for people who don’t really need an API but want to use a modern JavaScript framework like React or Vue as their view layer. Inspired by libraries like Turbolinks, InteriaJS makes your app behave like a SPA while still being a fully sever-rendered app.
https://www.meetup.c...

  continue reading

224 episodios

Artwork
iconCompartir
 
Manage episode 387813186 series 2508132
Contenido proporcionado por Ortus Solutions. Todo el contenido del podcast, incluidos episodios, gráficos y descripciones de podcast, lo carga y proporciona directamente Ortus Solutions o su socio de plataforma de podcast. Si cree que alguien está utilizando su trabajo protegido por derechos de autor sin su permiso, puede seguir el proceso descrito aquí https://es.player.fm/legal.

2023-12-05 Weekly News — Episode 208

Watch the video version on YouTube at https://youtube.com/live/WHVwcHtf_gA?feature=share

Hosts:

  • Gavin Pickin - Senior Developer at Ortus Solutions
  • Grant Copley - Senior Developer at Ortus Solutions


Thanks to our Sponsor - Ortus Solutions

The makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there.
A few ways to say thanks back to Ortus Solutions:

Patreon Support ()

We have 42 patreons:
https://www.patreon.com/ortussolutions.

News and Announcements

Adobe ColdFusion flaw exploited in US government agency attacks
Adobe released a security update for the vulnerability (CVE-2023-26360) that the attackers exploited in March this year. At that time, the vulnerability was already used in zero-day attacks.
Following the FCEB agency’s investigation, analysis of network logs confirmed the compromise of at least two public-facing servers within the environment between June and July 2023.
https://stackdiary.com/adobe-coldfusion-flaw-exploited-in-us-government-agency-attacks/
https://www.cisa.gov/news-events/alerts/2023/12/05/cisa-releases-advisory-threat-actors-exploiting-cve-2023-26360-vulnerability-adobe-coldfusion

CISA has issued an alert regarding multiple vulnerabilities impacting Adobe ColdFusion.
CISA has issued an alert regarding multiple vulnerabilities impacting Adobe ColdFusion. The alert underscores that the exploitation of the vulnerabilities could grant threat actors control over affected systems, prompting organizations to take measures to protect their systems.

Adobe ColdFusion serves as a rapid scripting environment for developing dynamic internet applications on both web and mobile platforms, utilizing ColdFusion Markup Language (CFML).

The security update addresses a range of vulnerabilities, including critical, high, and medium severity issues. These vulnerabilities have the potential to enable threat actors to access specific endpoints or execute arbitrary code, without requiring user interaction.
https://socradar.io/cisa-alert-serious-vulnerabilities-in-adobe-coldfusion-cve-2023-44350-cve-2023-44351-cve-2023-44353-and-more/

Ben Nadel wrote a Book - Early Access: Feature Flags - From Concept To Cultural Revolution
Almost 3-months ago, I announced that I was writing a book on Feature Flags. This morning, I'm thrilled to announce that I have an early access version available for purchase. This is a PDF version; and, the formatting is a bit rough around the edges. But, the content is all there. And, if you pick-up the book now (at a deep discount), you'll automatically get access to future versions.
https://www.bennadel.com/blog/4531-early-access-feature-flags-from-concept-to-cultural-revolution.htm

New Releases and Updates

Update your servers with the below updates
ICYMI - Adobe November Updates - Security Fixes
Adobe for ColdFusion 2023 (update 6) and 2021 (update 12)
Previous versions no longer receive security updates!!!

CommandBox has already been updated

Security updates available for Adobe ColdFusion | APSB23-52 - https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html

https://community.adobe.com/t5/coldfusion-discussions/now-live-adobe-coldfusion-2023-and-2021-november-security-updates/m-p/14233917#M196421

Note: Reported WDDX related issues by some customers

More details from Charlie Arehart: https://www.carehart.org/blog/2023/11/14/cf_security_updates_nov_2023#more

ICYMI - ColdBox 7.2.0 Released

Welcome to ColdBox 7.2.0, which packs a big punch on stability and tons of new features.
Includes lots of updates for all the core products: ColdBox, WireBox, CacheBox, and LogBox.
ColdBox, 10 new features, 6 improvements and 4 bug fixes
LogBox has 3 new features, 4 improvements, 2 bug fixes and a task
With WireBox including a new feature and CacheBox has an Improvement.
https://coldbox.ortusbooks.com/readme/release-history/whats-new-with-7.2.0

Webinar / Meetups and Workshops

ColdFusion Security Training
Writing Secure CFML with Pete Freitag
A hands-on CFML / ColdFusion Security Training class for developers. Learn how to identify and fix security vulnerabilities in your ColdFusion / CFML applications.

Where: Online
When: Tuesday December 12, 2023 @ 11am-2pm EST & Wednesday December 13 @ 11am-2pm
Price: $899 per student
https://foundeo.com/consulting/coldfusion/security-training/

The class will be recorded, so if you cannot attend it fully online you will have access to a recording.

Hawaii ColdFusion Meetup Group - InertiaJS and ColdFusion with Eric Peterson
December 15th
InertiaJS is a new JavaScript framework made for people who don’t really need an API but want to use a modern JavaScript framework like React or Vue as their view layer. Inspired by libraries like Turbolinks, InteriaJS makes your app behave like a SPA while still being a fully sever-rendered app.
https://www.meetup.c...

  continue reading

224 episodios

Todos los episodios

×
 
Loading …

Bienvenido a Player FM!

Player FM está escaneando la web en busca de podcasts de alta calidad para que los disfrutes en este momento. Es la mejor aplicación de podcast y funciona en Android, iPhone y la web. Regístrate para sincronizar suscripciones a través de dispositivos.

 

Guia de referencia rapida