Artwork

İçerik Ortus Solutions tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Ortus Solutions veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.
Player FM - Podcast Uygulaması
Player FM uygulamasıyla çevrimdışı Player FM !

Modernize or Die® - CFML News Podcast for January 24th, 2023 - Episode 181

56:50
 
Paylaş
 

Manage episode 353397403 series 2508132
İçerik Ortus Solutions tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Ortus Solutions veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.

2023-01-24 Weekly News - Episode 181

Watch the video version on YouTube at https://youtu.be/SrS95HqW8HQ

Hosts:

  • Gavin Pickin - Senior Developer at Ortus Solutions
  • Brad Wood - Senior Developer at Ortus Solutions

Thanks to our Sponsor - Ortus Solutions
The makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there.
A few ways to say thanks back to Ortus Solutions:

Patreon Support ( amazing )
Goal 1 - We have 42 patreons providing 100% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions.
Goal 2 - We are 37% of the way to fully fund the hosting of ForgeBox.io

News and Announcements

New updates released for Java 8, 11, 17, and 19 as of Jan 17 2023
Here's a heads-up that some will want to hear about: there are new JVM updates released today (Jan 17, 2023) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17, as well as the current interim update 19. (Note that prior to Java 9, releases of Java were known technically as 1.x, so 8 is referred to in resources below as 1.8.)

https://www.carehart.org/blog/2023/1/17/java_updates_Jan_2023

Beware that latest Oracle JDK installers will REMOVE older JDK installs of that version
Here's something new to beware if you may run the Oracle JDK installer for the recently updated Java 11 or 17, whether on Windows, macOS, or via RPM: the new Oracle jdk installer WILL REMOVE any older previous versions of that JVM version created by previous JDK installers of the same major version. (Note that this issue does not affect those who implement java by extracting it from a compressed file, like a zip or tar.gz.)
Fortunately for some, this issue does NOT affect those running Java 8 or below, or Java 19 or above

https://www.carehart.org/blog/2023/1/23/beware_latest_oracle_JDK_installers_will_remove_older_JDK_installs

CBWire Poll about a CFCasts Series
I’m in the planning stage of developing an ongoing video series for CBWIRE on https://cfcasts.com/. I have several ideas and would like to put it out to the community to vote what you’d like to see most. All series would feature 5-7 minute bit-sized videos posted regularly (probably weekly) until the series is finished.

https://community.ortussolutions.com/t/poll-cbwire-cfcasts-com-series/9513

New Releases and Updates

CBSecurity - V 3.0.0

This module will enhance your ColdBox applications by providing out-of-the-box security.
Now with a cool Security Visualizer too?

Change Log is packed - https://www.forgebox.io/view/cbsecurity#changeLog

Changed / COMPATIBILITY

  • Dropped ACF2016
  • Separated routes to it's own module Router
  • COMPAT New JwtAuthValidator instead of mixing concerns with the JwtService. You will have to update your configuration to use this validator instead of the JwtService
  • useSSL is now defaulted to true for all security relocations as the default
  • Encapsulation of jwt settings from the ModuleConfig to the JwtService
  • CBAuthValidator has been renamed to just AuthValidator this way it can be used with ANY authentication service instead of binding it to just cbauth. This validator just relies on the IAuthUser interface now.


Added

  • New AuthValidator now can validate permissions and roles according to our IAuthUser interface but can be used on ANY authentication service that implements IAuthService
  • New authorization and authentication delegates for usage in cb7
  • New ability for the firewall to log all action events to a database table.
  • New visualizer that can visualize all settings and all firewall events via the log table if enabled.
  • New Basic Auth validator and basic auth user credentials storage system. This will allow you to secure your apps where no database interaction is needed or required.
  • New global and rule action: block and the fireall will block the request with a 401 Unathorized page.
  • New event cbSecurity_onFirewallBlock announced whenever the firewall blocks a request into the system with a 403.
  • DBTokenStorage now rotates using async scheduler and not direct usage anymore.
  • Ability to set the cbcsrf module settings into the cbsecurity settings as csrf.
  • We now default the user service class and the auth token rotation events according to used authentication service (cbauth, etc), no need to duplicate work.
  • New rule based IP security. You can add a allowedIPs key into any rule and add which IP Addresses are allowed into the match. By default, it matches all IPs.
  • New rule based HTTP method security. You can add a httpMethods key into any rule and add which HTTP methods are allowed into the match. By default, it matches all HTTP Verbs.
  • New securityHeaders configuration to allow a developer to protect their apps from common exploits: xss, HSTS, Content Type Options, host header validation, ip validation, click jacking, non-SSL redirection and much more.
  • Authenticated user is now stored by the security firewall according to the prcUserVariable on authenticated calls via preProcess() no matter the validator used
  • Dynamic Custom Claims: You can pass a function/closure as the value for a custom claim and it will be evaluated at runtime passing in the current claims before being encoded
  • Allow passing in custom refresh token claims to attempt() and fromUser() and refreshToken() : refreshCustomClaims
  • Added TokenInvalidException and TokenExpiredException to the refreshToken endpoint

https://www.forgebox.io/view/cbsecurity

Webinar / Meetups and Workshops

Ortus Event Calendar for Google

https://cale...

  continue reading

220 bölüm

Artwork
iconPaylaş
 
Manage episode 353397403 series 2508132
İçerik Ortus Solutions tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Ortus Solutions veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.

2023-01-24 Weekly News - Episode 181

Watch the video version on YouTube at https://youtu.be/SrS95HqW8HQ

Hosts:

  • Gavin Pickin - Senior Developer at Ortus Solutions
  • Brad Wood - Senior Developer at Ortus Solutions

Thanks to our Sponsor - Ortus Solutions
The makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there.
A few ways to say thanks back to Ortus Solutions:

Patreon Support ( amazing )
Goal 1 - We have 42 patreons providing 100% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions.
Goal 2 - We are 37% of the way to fully fund the hosting of ForgeBox.io

News and Announcements

New updates released for Java 8, 11, 17, and 19 as of Jan 17 2023
Here's a heads-up that some will want to hear about: there are new JVM updates released today (Jan 17, 2023) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17, as well as the current interim update 19. (Note that prior to Java 9, releases of Java were known technically as 1.x, so 8 is referred to in resources below as 1.8.)

https://www.carehart.org/blog/2023/1/17/java_updates_Jan_2023

Beware that latest Oracle JDK installers will REMOVE older JDK installs of that version
Here's something new to beware if you may run the Oracle JDK installer for the recently updated Java 11 or 17, whether on Windows, macOS, or via RPM: the new Oracle jdk installer WILL REMOVE any older previous versions of that JVM version created by previous JDK installers of the same major version. (Note that this issue does not affect those who implement java by extracting it from a compressed file, like a zip or tar.gz.)
Fortunately for some, this issue does NOT affect those running Java 8 or below, or Java 19 or above

https://www.carehart.org/blog/2023/1/23/beware_latest_oracle_JDK_installers_will_remove_older_JDK_installs

CBWire Poll about a CFCasts Series
I’m in the planning stage of developing an ongoing video series for CBWIRE on https://cfcasts.com/. I have several ideas and would like to put it out to the community to vote what you’d like to see most. All series would feature 5-7 minute bit-sized videos posted regularly (probably weekly) until the series is finished.

https://community.ortussolutions.com/t/poll-cbwire-cfcasts-com-series/9513

New Releases and Updates

CBSecurity - V 3.0.0

This module will enhance your ColdBox applications by providing out-of-the-box security.
Now with a cool Security Visualizer too?

Change Log is packed - https://www.forgebox.io/view/cbsecurity#changeLog

Changed / COMPATIBILITY

  • Dropped ACF2016
  • Separated routes to it's own module Router
  • COMPAT New JwtAuthValidator instead of mixing concerns with the JwtService. You will have to update your configuration to use this validator instead of the JwtService
  • useSSL is now defaulted to true for all security relocations as the default
  • Encapsulation of jwt settings from the ModuleConfig to the JwtService
  • CBAuthValidator has been renamed to just AuthValidator this way it can be used with ANY authentication service instead of binding it to just cbauth. This validator just relies on the IAuthUser interface now.


Added

  • New AuthValidator now can validate permissions and roles according to our IAuthUser interface but can be used on ANY authentication service that implements IAuthService
  • New authorization and authentication delegates for usage in cb7
  • New ability for the firewall to log all action events to a database table.
  • New visualizer that can visualize all settings and all firewall events via the log table if enabled.
  • New Basic Auth validator and basic auth user credentials storage system. This will allow you to secure your apps where no database interaction is needed or required.
  • New global and rule action: block and the fireall will block the request with a 401 Unathorized page.
  • New event cbSecurity_onFirewallBlock announced whenever the firewall blocks a request into the system with a 403.
  • DBTokenStorage now rotates using async scheduler and not direct usage anymore.
  • Ability to set the cbcsrf module settings into the cbsecurity settings as csrf.
  • We now default the user service class and the auth token rotation events according to used authentication service (cbauth, etc), no need to duplicate work.
  • New rule based IP security. You can add a allowedIPs key into any rule and add which IP Addresses are allowed into the match. By default, it matches all IPs.
  • New rule based HTTP method security. You can add a httpMethods key into any rule and add which HTTP methods are allowed into the match. By default, it matches all HTTP Verbs.
  • New securityHeaders configuration to allow a developer to protect their apps from common exploits: xss, HSTS, Content Type Options, host header validation, ip validation, click jacking, non-SSL redirection and much more.
  • Authenticated user is now stored by the security firewall according to the prcUserVariable on authenticated calls via preProcess() no matter the validator used
  • Dynamic Custom Claims: You can pass a function/closure as the value for a custom claim and it will be evaluated at runtime passing in the current claims before being encoded
  • Allow passing in custom refresh token claims to attempt() and fromUser() and refreshToken() : refreshCustomClaims
  • Added TokenInvalidException and TokenExpiredException to the refreshToken endpoint

https://www.forgebox.io/view/cbsecurity

Webinar / Meetups and Workshops

Ortus Event Calendar for Google

https://cale...

  continue reading

220 bölüm

Semua episod

×
 
Loading …

Player FM'e Hoş Geldiniz!

Player FM şu anda sizin için internetteki yüksek kalitedeki podcast'leri arıyor. En iyi podcast uygulaması ve Android, iPhone ve internet üzerinde çalışıyor. Aboneliklerinizi cihazlar arasında eş zamanlamak için üye olun.

 

Hızlı referans rehberi