Friday, May 26, 2017

Bitnami Announces Kubernetes Training Offerings

Bitnami now offers Kubernetes training programs.

From publicly available sessions for individuals to customized courses for entire teams, we offer many different training options. These include in-person or virtual classes, and range from introductory to expert level curriculum. If you are interested in custom courses, our team would be happy to create curriculum based on your team’s needs.

Bitnami’s Senior Director of Cloud Technology and lead trainer, Sebastien Goasguen, has several years of experience designing and delivering Kubernetes training, as well as authoring the CNCF Kubernetes certification itself. Sebastien is well recognized for writing books such as:

  • Kubernetes Cookbook, O'Reilly Media 
  • Docker in the Cloud, O’Reilly Media 
  • Docker Cookbook, O’Reilly Media 
  • 60 Recipes for Apache CloudStack, O’Reilly Media 

Bitnami is recognized as one of the primary trainers for Kubernetes globally. This includes providing training at CNCF, KubeCon and Open Source Summit events.

During these training sessions, students will have a hands-on tour of Kubernetes core concepts and gain an understanding of how to use Kubernetes primitives to build a distributed application that can scale.

As the course comes to a close, students will have a clear understanding of how to take container images to production, build a complex distributed application, and manage it in the data center. Along with a general understanding of Kubernetes and containers with hands-on demos, they will also learn about real world deployments that Bitnami and other companies are running in production.

In short, they will be well positioned to embark into the world of Kubernetes.

Contact us for a proposal that will suit your needs, or check out the schedule of publicly available training offerings that we provide around the world.

Thursday, May 25, 2017

Meet the Bitnami Team: Sebastien Goasguen

The Bitnami team is a diverse group of talented people distributed all over the world. Get to know them better through this series of blog posts.

Sebastien Goasguen is our Senior Director of Cloud Technologies and an avid outdoor sports enthusiast.

Sebastien and his family enjoying a visit to Camp Nou
A brief bio: 

I am not a freshman anymore so I have done a few things. I spent a long time in academia, not only getting a Ph-D (2001), but after that I stuck around and only left in 2012 when I joined Citrix. I had the chance to work on some big grid computing projects in the US and in Europe, I spent couple summers at CERN working on their first cloud, then I worked on CloudStack for a while, before writing the O’Reilly Docker cookbook. That was the signal for me that it was time to take a chance.

I discovered Kubernetes while writing the book, fell in love with the system and decided to create Skippbox. It was a major challenge doing it out of Europe and with a handful of remote engineers, but I am very proud of what we managed to accomplish with almost nothing. As a fun bio fact, in 2009 , the European Space Agency recruited a new set of Astronauts. I applied and made it to the first selection in Hamburg, unfortunately I stopped there. Imagine, Bitnami could have had an engineer in space, talk about being remote!

Why you joined Bitnami and what excites you about working here? 

I joined Bitnami because it was a perfect fit to get Skippbox to the next level. I knew that we needed to grow to have a more significant impact (4 engineers is not enough). Bitnami has a strong foundation and is focusing on applications. When we look at our industry, I feel that the Cloud is fulfilling its promise to make infrastructure a utility, it is time to go back to applications. Containers and systems like Kubernetes make that switch natural. As you start using them you immediately forget about the infrastructure and think about the apps.

It is this focus on applications that I liked about Bitnami. They have delivered apps on bare-metal, VM, Clouds and now are delivering apps to new formats. I wanted to help them do that as well as pioneer some new applications framework like serverless.

I also have to admit that I liked the fact that Bitnami had strong european DNA and was operating for the long term, helping customers navigate these evolutions of technologies and software practices. It is not just about the latest fancy tech, it is about applications environments for the long term.

What are you working on? 

I lead our container and Kubernetes efforts. This involves everything related to building awesome containers: Make sure that we follow best practices, have small image sizes, are automatically updated and run well on any container platform. It also means all our Kubernetes upstream activities in the open source community, things like our involvement with Helm charts, Monocular, and of course Kubeless. Kubeless is our new serverless framework, that I started with Tuna at Skippbox. Kubeless fits well with the overall apps strategy of Bitnami so we are continuing our effort. We hope to build a solid community around it and stay close to the Kubernetes ecosystem.

Generally speaking, since we see applications moving towards a container format and a Kubernetes deployment environment, I lead all our efforts in that space to make sure we do a great job for our users and also help the community grow by contributing directly to the ecosystem.

What do you like to do for fun? 

I am a sports guy, a bit out of shape these days but sports is my definition of fun. I get out of my house and I go run, bike, hike, camp. I just bought a new mountain bike and I am slowly shaping up to be able to climb the Jura. If everything goes well I will be back in shape to run a half-marathon in the fall. I have ran 6 marathons dating back to Chicago in 2004. I ran the Chamonix Marathon in 2011, which was an 8 hour “fast” hike with 7500 feet of climb (2600+ meters). I also play golf a couple times a year, my wife being a Golf teacher we hang out at golf courses quite a bit, and I usually hit couple buckets of balls every week, it is good to get out of the office (or shall I say basement).

Interested in working with Bitnami and Sebastien? Apply for one of our open positions!

Wednesday, May 24, 2017

Introducing ksonnet, an Open Source configuration experience for Kubernetes


We are pleased to announce ksonnet today, an open source tool for configuring applications running on Kubernetes clusters that we have built in collaboration with our friends from Box, Microsoft and Heptio.

Bitnami's mission is to make awesome software available to everyone. We originally started providing easy to use native installers for popular open source server software. We've quickly expanded into providing virtual machines, cloud images and, more recently, containers.

Kubernetes has emerged as the leader in deploying production container workloads. Though Kubernetes can be thought of as an orchestration system, it has turned into a full-fledged platform that others can build on. A large ecosystem of contributors has emerged, providing tooling around monitoring, security, management and any other aspect of building and maintaining Kubernetes clusters. In particular, Bitnami has been involved with the Helm package manager and related projects such as Monocular and Kubeless, the Kubernetes-native serverless framework.

Internally, we have been early adopters of Kubernetes ourselves. In the process of migrating all of our infrastructure to Kubernetes, we ran into scenarios that pushed the limits of what current solutions could deal with. As a result, we have ended up creating our own tooling to help define and manage complex Kubernetes deployments. Around the same time, Heptio was working on a similar project and approached us to combine efforts, resulting in ksonnet.

ksonnet is an open source configuration tool for configuring applications in Kubernetes based on the jsonnet templating library. It is designed to be easy to use, yet extensible and powerful enough so it can cover as many scenarios as possible.

Our goal is that ksonnet will help lower the barrier of adoption for Kubernetes and will continue to evolve and integrate with the rest of the Kubernetes ecosystem. Though it has just been released, it is already being worked on by an active group of contributors that includes Red Hat, CoreOS, Box and Microsoft. We are particularly excited about the integration with the Helm project, allowing the generation of Helm charts that support ksonnet as an alternative to existing templates.

Heptio and us are excited to share ksonnet with the community, helping push Kubernetes further into the mainstream. Give it a try today and let us know what you think!

Thursday, May 18, 2017

Security Release: Joomla! 3.7.1


A critical SQL Injection vulnerability for Joomla! has been recently identified within version 3.7.0.  Joomla! version 3.7.1 is now published and available to address this vulnerability and other bug fixes.  You can find more information in regards to version 3.7.1 and the security vulnerability within version 3.7.0 in this Joomla! blog post.

The Joomla! team strongly encourages users to update their Joomla! site(s) to the version 3.7.1.  Bitnami has released Bitnami Joomla! 3.7.1 installers, virtual machines and cloud images for all platforms. You can find instructions on how to upgrade your Bitnami Joomla! application here.

Have questions about Bitnami Joomla! or the Joomla! security vulnerability? Post to our Community Forum, and we will be happy to help you.

Wednesday, May 10, 2017

Newly Released Open edX Ficus Now Available in Bitnami

We are happy to announce the release of Ficus, the latest version of the popular Open edX online learning platform. Conceived by edX, a nonprofit online learning destination founded by Massachusetts Institute of Technology and Harvard University, Open edX is the chosen online learning solution for a wide variety of educational institutions, non-profits, and corporate training departments.
/Users/bradatbitnami/Desktop/Screen Shot 2017-05-08 at 10.33.21 AM.png
Bitnami’s Open edX package contains everything you need to run online learning courses out of the box. Some of the application’s main features include:
  • Open edX Studio to create the course structure and add content, including problems, videos, and other resources. Studio is also used to manage the course schedule and team, set grading policies, publish each part of a course, and more.
  • A Learning Management System (LMS) that learners use to access course content, including videos, textbooks, and problems, and to check their progress in the course. The LMS includes forum and wiki functionality for both learners and instructors.
  • Full customization, with themes that incorporate an organization’s logos, images, and color schemes. Themes for Open edX Studio and LMS can incorporate custom page templates and CSS for a truly unique look.

/Users/bradatbitnami/Desktop/Screen Shot 2017-05-08 at 10.34.19 AM.png
What’s New in Ficus

The latest version of Open edX includes many new features centered around the LMS, the studio, and course author tools. The edX team has also added enhanced course data for instructors and students, new third party authentication capability, and accessibility improvements.

For a complete list of new features in Ficus, take a look at the Open edX release blog post.
Interested in trying Open edX? You can launch a one-hour demo in the cloud, absolutely free! See how easy it is to get started with an Open edX cloud image by taking a free test drive.



You can also launch Open edX Ficus in your own cloud account, download a Virtual Machine, or download a native installer for Linux.

Visit our documentation to learn how to manage your installation. Still have questions? Head to our community pages for expert advice from our team.

Thursday, May 4, 2017

WordPress security issue: Unauthenticated Remote Code Execution (RCE)

A critical security WordPress vulnerability was recently published. The Remote Code Execution PoC exploit described in this advisory is based on version 4.6. However, other versions of WordPress prior to 4.7.1 may also be affected.

The WordPress team strongly encourages their users to update their Wordpress site(s) to the most recent version: 4.7.4.  If you already have a running version of Bitnami WordPress, the application can be updated from the admin panel. Note that the Automatic Background Upgrades functionality is enabled by default but upgrading from 4.6.x to 4.7.y is not automatic. You can confirm that the update has been done by checking the version from within your admin panel.

We have released Bitnami WordPress 4.7.4 (and Multisite version) installers, virtual machines and cloud images for all platforms.

Have questions about Bitnami WordPress or the security issue? Post to our Community Forum, and we would be happy to help you.

Friday, April 28, 2017

Security Release: Jenkins 2.57/2.46.2

The Jenkins project has released a new version that fixes multiple Cross-Site Request Forgery vulnerabilities, along with an unauthenticated remote code execution vulnerability & an impersonation issue.

It is strongly suggested that you update your Jenkins installations to the latest version. You can follow our documentation to learn how to upgrade your application. If you are using the Bitnami Jenkins Docker container image, please follow the documentation in our GitHub repository.

You can find more information about the Jenkins security issues in the Jenkins Security Advisory.


Bitnami has released Jenkins 2.57 containers, and Jenkins 2.46.2 installers, virtual machines and cloud images that address these vulnerabilities.

https://bitnami.com/stack/jenkins

The Bitnami Jenkins offered on Bitnami.com and on our cloud-specific launchpads has been updated to version 2.46.2. New launches of Bitnami Jenkins via our launchpad are secure and do not need to be further updated.

Users launching Bitnami Jenkins via a cloud marketplace are advised to select version 2.46.2 of Bitnami Jenkins, once it is published. Installations based on previous versions will need to be upgraded as described above.

If you have further questions about Bitnami Jenkins or this security issue, please post to our community forum and, we will be happy to help you.

Thursday, April 20, 2017

Drupal Security Issue SA-CORE-2017-002


Drupal’s core security team has discovered a new critical security vulnerability in the RESTful Web Services (rest) module, SA-CORE-2017-002.

This module is not enabled by default in the Bitnami Drupal application. If you do not use the RESTful Web Services module, you do not need to take any action.

If you have the RESTful Web Services module enabled, your Drupal application is affected if all of the following conditions are met:
  • The version of the application is prior to 8.3.1 (Drupal 7.x is not affected).
  • The site allows PATCH requests.
  • An attacker can get or register a user account on the site.
If your Drupal installation meets those requirements it is recommended to update your Drupal application to the latest version, Drupal 8.3.1. You can follow our documentation to learn how to upgrade your application and ensure its security.

For new application deployments, Bitnami has released Drupal 8.3.1 containers, installers, virtual machines and cloud images that address this vulnerability. If you deploy Bitnami Drupal via a Bitnami Launchpad, your application will be up-to-date and secure. If you deploy Bitnami Drupal via one of our cloud partner marketplaces and it is not yet updated to version 8.3.1, you will need to upgrade your application using the documentation linked above.

If you have further questions about Bitnami Drupal or this security issue, please post to our  community forums, and we will be happy to help you.

Tuesday, April 18, 2017

Drupal Security Issue SA-CONTRIB-2017-38

A new critical security vulnerability in the References module has been discovered by Drupal's core security team as SA-CONTRIB-2017-38. Although this module is no longer maintained, it is currently used within over 120,000 installations.

If you use the References module, it is advised to uninstall it. In order to maintain equivalent functionality, it is recommended to try the Entity Reference module. If you do not use the References module, you do not need to take any action.

The References module is only supported by Drupal 7.x versions. The Bitnami Drupal stack does not include the References module by default.  Therefore, it is not affected by this issue.

If you have further questions about Bitnami Drupal or this security issue, please post to our community forum, and we will be happy to help you.

Wednesday, March 22, 2017

Moodle Security Issue CVE-2017-2641

[UPDATE 2017-03-23]

For new application deployments, Bitnami has released Moodle 3.2.2 installers, containers, virtual machines and cloud images that address these vulnerabilities. If you deploy Bitnami Moodle via a Bitnami Launchpad, your application will be up-to-date and secure. If you deploy Bitnami Moodle via one of our cloud partner marketplaces and it is not yet updated to version 3.2.2, you should apply the workaround explained below.

----

The Moodle project has just released new versions that contain an important security fix for a SQL injection vulnerability via user preferences that can lead to remote code execution (CVE-2017-2641).

Moodle has released versions 3.2.2, 3.1.5, 3.0.9 and 2.7.19 that fix the issue. We believe it is of the utmost importance to quickly address any security issues in applications distributed by Bitnami. Our team is working to update all of the affected Moodle packages available through Bitnami as quickly as possible.

Workaround


In the meantime, we strongly encourage all Moodle administrators to apply the security patch published by the Moodle maintainers. In order to do so, log in to your Moodle installation and run the following commands:

$ curl -L -o /tmp/security.path 'https://git.moodle.org/gw?p=moodle.git;a=patch;h=6e65554ea19f4e90c09864081e47424f8efca02e'
$ cd /opt/bitnami/apps/moodle/htdocs
$ sudo patch -p1 < /tmp/security.patch
$ rm /tmp/security.patch

If you have further questions about Bitnami Moodle or this security issue, please post to our community forum, and we will be happy to help you.

Thursday, March 16, 2017

Security Release: Drupal 8.2.7



Drupal has released a new version that fixes three security vulnerabilities.

It is recommended that you update your Drupal application to the latest version, Drupal 8.2.7. You can follow our documentation to learn how to upgrade your application and ensure its security.

The vulnerabilities fixed in the latest version of Drupal are the following:

  • Editor module incorrectly checks access to inline private files - Access Bypass - Critical - CVE-2017-6377
  • Some admin paths were not protected with a CSRF token - Cross Site Request Forgery - Moderately Critical - CVE-2017-6379
  • Remote code execution - Moderately Critical - CVE-2017-6381


For new application deployments, Bitnami has released Drupal 8.2.7 containers, installers, virtual machines and cloud images that address these vulnerabilities. If you deploy Bitnami Drupal via a Bitnami Launchpad, your application will be up-to-date and secure. If you deploy Bitnami Drupal via one of our cloud partner marketplaces and it is not yet updated to version 8.2.7, you will need to upgrade your application using the documentation linked above.

If you have further questions about Bitnami Drupal or this security issue, please post to our community forum, and we will be happy to help you.

Tuesday, March 7, 2017

Security release: WordPress 4.7.3

WordPress has released a new version that fixes six security vulnerabilities.

It is recommended that you update your WordPress application to the latest version, Wordpress 4.7.3. You can follow our documentation to learn how to upgrade your application and ensure its security.

For new application deployments, Bitnami has released WordPress 4.7.3 containers, installers, virtual machines and cloud images that address these vulnerabilities. If you deploy Bitnami WordPress via a Bitnami Launchpad, your application will be up-to-date and secure. If you deploy Bitnami WordPress via one of our cloud partner marketplaces and it is not yet updated to version 4.7.3, you will need to upgrade your application using the documentation linked above.

If you have further questions about Bitnami WordPress or this security issue, please post to our community forum, and we will be happy to help you.

Bitnami Announces Skippbox Acquisition

Those of you who follow Bitnami closely may have noticed that Bitnami has been ramping up our development of container-based applications, and, more recently, our efforts to make Kubernetes-based application deployment easier via Helm Charts and the Monocular project.

Thus, it’s probably not a big surprise that we are enthusiastic about the future of containers, and when it comes to orchestration, very excited about the momentum that has built around Kubernetes as the leading solution for running containers in production.

Therefore, we’re happy to announce the acquisition of Skippbox, Ltd.

With the Skippbox acquisition, we’re vastly upgrading our container and Kubernetes expertise.  While much is still in the “stay tuned” category, some immediate announcements include:

  • We’re now offering Kubernetes training, the first session of which will be at KubeCon EU, in Berlin.  For additional information on future training offerings, please check out our new training page.
  • Our new Senior Director of Cloud Technologies, Sebastien Goasguen, will be speaking on “Scheduling Containers with Kubernetes” at the upcoming O’Reilly Velocity Conference, June 21, 2017.
  • Bitnami has joined the Cloud Native Computing Foundation (CNCF), which is a perfect fit for our increased investments in containers and Kubernetes.

If you have any questions, we love to hear from you.  In the meantime, stay tuned for more container and Kubernetes developments in the very near future. 

Monday, February 27, 2017

Security notification: XSS and sandbox escape vulnerability in Plone

The Plone project has released a new patch that fixes a XSS and a sandbox escape vulnerability in the application.

You can find more info about these issues on the Plone Security Announcements page.

All supported Plone versions (4.3.11 and any earlier 4.x version, 5.0.6 and any earlier 5.x version) are affected. Previous versions could be affected but have not been fully tested. We highly recommend patching your existing Plone sites by following the steps below:

1. Create a backup of your current installation of the application

https://docs.bitnami.com/?page=apps&name=plone&section=how-to-create-a-full-backup-of-plone

2. Download the available patch at the security page

https://plone.org/security/hotfix/20170117

3. Unpack the zip file at /opt/bitnami/apps/plone/zeocluster/products

4. Modify the permissions of the files

    sudo chown -R plone:plone /opt/bitnami/apps/plone/zeocluster/products

5. Restart the Plone service

    sudo /opt/bitnami/ctlscript.sh restart plone

6. Check that the application has been restarted properly. You should see these lines in the /opt/bitnami/apps/plone/zeoclustervar/client1/event.log file

------
2017-02-27T11:04:58 INFO Products.PloneHotfix20170117 Applied zmi patch
------
2017-02-27T11:04:58 INFO Products.PloneHotfix20170117 Applied strformat patch
------
2017-02-27T11:04:58 INFO Products.PloneHotfix20170117 Hotfix installed

Do you have additional questions about Bitnami Plone or the security vulnerability? Please post to our community forum and we will be happy to help you.