Thursday, February 11, 2016

Node.js Security Release


Node.js has just updated all its release lines to address several security issues.

Versions 0.10.42, 0.12.10, 4.3.0 and 5.6.0 addresses HTTP related vulnerabilities and also update the bundled OpenSSL version.  



Specifically solves the following issues:

  • CVE-2016-2086 Request Smuggling Vulnerability
  • CVE-2016-2216 Response Splitting Vulnerability
  • CVE-2016-0701 DH small subgroups
  • CVE-2015-3197 SSLv2 doesn't block disabled ciphers
If you want to read more about these issues, you can check out the Node.js official announcement.

We have released new versions of Bitnami Node.js installers, virtual machines and Amazon EC2, Google, Oracle, VMware vCloud Air, DigitalOcean and Azure cloud images that fix these issues. We also released Bitnami MEAN stack and continue working on update other Node.js applications.

Have questions about Bitnami Node.js or the security issue? Post to our community forum, and we would be happy to help you.

Tuesday, February 9, 2016

Need a Parse Service Alternative? Try the New Bitnami Parse Self-hosted Server


If you’re one of the many affected by the recent announcement that Facebook’s Parse service is being discontinued, Bitnami is happy to offer an alternative.

In collaboration with our cloud partners, Bitnami is providing an open source Parse Server, ready to be deployed, either in the cloud or locally, with a single click.



Key Features: 
  • Bitnami Parse Server images are one-click to deploy and get you up and running immediately on Amazon AWS, Microsoft Azure, Oracle Cloud Platform, Digital Ocean, and the Google Cloud Platform launchpad. 
  • They’re also available as Linux installers or virtual machine images for local installation. Local images have parity with those hosted on cloud environments.
  • Bitnami images are consistent, kept up to date, and patched for security vulnerabilities that may arise. 
  • Bitnami Parse Server stack is based on MEAN: Node.js 4.1.2, MongoDB 3.0.9, Express 4.2.0, and Parse Server 2.0.6.

We’ve also created a great guide to Bitnami Parse Server, covering such critical topics as:


Thursday, February 4, 2016

Review Board Now Available Pre-installed with Power Pack!

Review Board and Bitnami go way back. Since it became a part of the library in 2012, thousands of Bitnami users have turned to Review Board to take the pain out of the vitally important task of reviewing code before releasing it.

We are excited to announce that the Review Board stack just got even better with the release of the new Bitnami Review Board + Power Pack stack! In addition to all the great Review Board features we know and love, especially after their recent major update, the pre-installed Power Pack module adds new functionality in four areas:

PDF document review: When you're reviewing the code for that great new feature, it can be just as important to review the documentation that goes with it. With Power Pack you can upload and review PDF documents exported from Word, Excel, PowerPoint, and more. Documents can be displayed in the browser without any plug-ins or extra software needed, and comments can be made for documents just like they are in your source code.



Management Reporting:  If you are wondering whether code review is being carried out efficiently and consistently across multiple developers and teams, Power Pack can help. Track workloads and get big-picture data on how well code reviews are working for your team with intuitive graphs, charts, and reports.



Github Enterprise & MS Team Foundation Server Integration: For anyone using these popular tools for managing source code within the secure confines of the enterprise data center, Power Pack makes it easy to integrate Review Board functionality. All you have to do is point Review Board to the URL of your Github or Team Foundation Server and connect with a login and password.

Enterprise Scalability: If your company scales into the thousands of engineers, it may become necessary to increase the number of servers running Review Board to maintain optimal speed and fault tolerance. With Power Pack you can move auxiliary data like SSH keys to the database instead of in the front-end server's file system, enabling you to scale up multiple servers as needed.

Interested in trying the new supercharged Bitnami Review Board + Power Pack stack? You can find local installers, virtual machines, and cloud images available at the Review Board + Power Pack stack page in Bitnami.

You can also launch an absolutely free one-hour demo server by clicking the button below!



WordPress 4.4.2-0 Security Release

                                                 
WordPress has just released a new version that resolves two security issues.

Version 4.4.2 addresses a possible SSRF for certain local URIs and an open redirection attack.

If you want to read more about these issues, you can check out the WordPress release news for the 4.4.2 version here.

Apart from the security issues mentioned, WordPress 4.4.2 also fixes several bugs from versions 4.4 and 4.4.1. For further information please check the list of changes.

WordPress has the auto-upgrade functionality enabled, so your previous version of Bitnami should be automatically updated.

We have released new versions of Bitnami WordPress installers, virtual machines and Amazon EC2, Google, Oracle, VMware vCloud Air, DigitalOcean and Azure cloud images that fix these issues.

Have questions about Bitnami WordPress or the security issue? Post to our community forum, and we would be happy to help you.

Tuesday, February 2, 2016

Cloud Native Apps - SF Meetup sponsored by Bitnami!

Our San Francisco office has expanded, so we are now able to host our very own Meetups! Our focus will be on topics related to Cloud native application development: containers, clouds, microservices, CI/CD, orchestration, and other related technologies.





Monday, January 25, 2016

Check Out the New Productivity Features in eXo Platform Enterprise Version 4.3!

We are excited to announce that eXo Platform released a new version 4.3 in Bitnami! Now you can check out a host of exciting new features in the Bitnami eXo Platform Enterprise stack, available immediately to deploy in the cloud, as a VM, or locally.

eXo has always provided an awesome platform for collaborating with colleagues at work. While their last major updates focused on features to boost real-time collaboration and user engagement, this new release is all about something every business needs more of: productivity. Version 4.3's productivity enhancements will have your teams quickly realizing gains in sweet, sweet efficiency, leaving more time for them to come up with awesome new features for your product!

Here are some highlights of the new release:
  • Task Management: Easily keep track of and triage tasks with the new task management tool. 

  • Video calls have been improved, with better audio/video quality and more stability. New plugins enable easy video calls for Firefox and Internet Explorer, and native support on Chrome with no plugin!

  • You can now work more easily from different platforms, with the new responsive layout.
RESPONSIVE_img1_2.png
  • Easily share documents with the new sharing feature, with built in versioning to keep track of updates and not get them mixed up.

  • Connect with social networks: users can now easily login with any OAuth-compliant social network like Facebook, Google+, Twitter, Github, etc.
  • New administrative features like password reset and account deactivation.
  • eXo Platform now includes greater scalability with the inclusion of Tomcat in the package.
  • Support for Java 8 added.
  • Developers will be excited about a new RESTful API for the social layer in eXo Platform and standard Java EE component injection for portlets.
The new eXo Platform Enterprise is available now in Bitnami! Or check out an absolutely free one-hour demo by clicking below!


    Friday, January 22, 2016

    Security Notification: Linux kernel vulnerability (CVE-2016-0728)


    UPDATE: January 22, 2016


    As of this posting, all affected Bitnami virtual machines and cloud images have been patched for Linux kernel vulnerability CVE-2016-0728. This includes all downloadable virtual machines as as well as Bitnami images on Amazon AWS, Bitnami Cloud Hosting, Centurylink, Digital Ocean, Google Cloud Platform, Microsoft Azure, Oracle Cloud Platform, and VMware vCloud Air public clouds.

    For instructions on how to patch currently running systems, please see below.

    ------------------------------------

    A new security vulnerability in the linux kernel has been discovered. You can find out more information about it in this link.

    Any Bitnami-packaged image that was launched before January 20th, 2016 could be vulnerable if it has the version 3.8 of the kernel or later.


    We believe it is of the utmost importance to quickly address any security issues in applications distributed by Bitnami and our team is working to update all of the affected Virtual Machines and Cloud Images available through Bitnami for all Cloud Providers.


    Please take a moment to check if your image is vulnerable by following the instructions in our wiki:


    https://wiki.bitnami.com/security/2016-01-20_LINUX_KERNEL_VULNERABILITY_(CVE-2016-0728)


    You can update the version of the kernel running the following commands (you must run the command specific to your distribution):

    • Ubuntu 
    sudo apt-get update && sudo apt-get dist-upgrade

    You'll have the fixed version of the kernel after rebooting your server: 3.13.0-76-generic


    • Debian 
    sudo apt-get update && sudo apt-get dist-upgrade

    You'll have the fixed version of the kernel after rebooting your server: 3.16.7-ckt20-1

    • Oracle Linux 
    sudo yum update
    sudo yum upgrade

    You'll have the fixed version of the kernel after rebooting your server: 3.8.13-118.2.5.el6uek.x86_64


    • Amazon Linux 
    sudo yum clean all
    sudo yum update kernel

    You'll have the fixed version of the kernel after rebooting your server: 4.1.13-19.31.amzn1.x86_64
    • RedHat Linux. The version Red Hat 6.6 is not affected by this issue.

    If you have any questions about this process, please post to our community support forum and we will be happy to help!

    Tuesday, January 12, 2016

    Check out the all-new Standalone Backendless in Bitnami!

    Once in awhile a Bitnami partner application makes an update so important, with so many new features, it is in effect a new release. We are excited to announce that our partner Backendless has done exactly that with the launch of their all-new Standalone Backendless. In addition to all the awesome new functionality, a single Standalone Backendless instance is now being offered free with zero restrictions!

    Standalone Backendless provides an incredibly intuitive, secure, and time saving platform for developing mobile, web-based, or enterprise applications. It simplifies the creation and development of applications by combining the crucial functions of a Mobile Backend as a Service (mBaaS), static and dynamic content host, and API engine into a single platform. There is also a brand new app store where you can both buy and sell plugins that solve real problems for developers trying new things on Backendless.



    Some key features of the new Standalone Backendless:

    Backendless mBaaS Services: A mobile backend environment providing out of the box implementation of the most common server-side functionality as native and REST API services.
    • Connectivity with MySQL, Oracle, SQL Server and PostgreSQL databases
    • Third-party services to enhance your backend
    • Code-generators
    • User Registration and Authentication APIs
    • Data Management APIs 
    • Publish/Subscribe Messaging API
    • Push Notifications for iOS, Android and FireOS
    • Geolocation API 
    • Geofencing functions
    • Code generators
    • REST Console
    Backendless API Engine: Deploy your own Java or PHP code and instantly turn it into a highly-scalable API service.
    • Code-to-Service generator
    • API Inspector
    • Client SDK generator
    Backendless Hosting: Host your web applications in a powerful, secure and reliable hosting and file storage solution.
    • Dynamic node.js scripting
    • File management API
    • File Browser
    Backendless Marketplace:  Enhance your Backendless backend with a wide variety of offerings from their server-side app store. Get new services, database connectors, code generators and many more. The Marketplace operates from a centralized location and can be used to enhance isolated deployment of Standalone Backendless.

    Launch Bitnami Standalone Backendless in just a few clicks with our Local Installers (available for Linux, Windows and Mac OS X), Virtual Machine images (VMs), or cloud images! If you are currently logged in to Bitnami, you can launch a free one-hour demo of Standalone Backendless in one click below!

    Monday, January 11, 2016

    Spring 2016 Bitnami Bootcamp Starting Soon. Apply Now!

    We are excited to hold our 4th Bitnami Bootcamp and looking forward to seeing some new faces in the Bitnami Sevilla office during our next session! So far, we have hired over 15 engineers from prior bootcamps and we can’t wait to see who will be joining our team next!



    The Bitnami Bootcamp will be from February 15th - 26th in our Seville, Spain office. During this bootcamp, our team will teach you about the following topics in Spanish:

    - Linux system administration: from the basics to advanced topics such as performance tuning.

    - Security administration: SSL/TLS, ssh, control access

    - Server deployment: Apache, nginx, MySQL, PostgreSQL

    - Server application deployment: Java, PHP, Python, Ruby and NodeJS runtimes

    - Cloud deployment on Amazon Web Services (AWS)

    - Containers deployment with Docker and Kubernetes

    - Modern software development with Phabricator, GIT

    This bootcamp gives you an opportunity to learn about all these awesome topics, and gives you the ability to show you skills directly to our team. If you perform well and seem like a great fit for our team, we will likely make you a job offer to join Bitnami at the end of the bootcamp.

    If Linux, Open Source, and the Cloud are your thing, then we’d love to hear from you!

    Slots are limited, so apply now.



    Don’t miss this chance to expand your knowledge, skills, and understanding of the cloud and container landscapes!


    Moodle 3.0.2 and 2.9.4 Security Release


                                                       
    The Moodle Project has just released new versions that resolve a number of security issues.

    Version 3.0.2 and 2.9.4 address these security vulnerabilities and include other fixes and improvements.

    If you want to read more about the issues, you can check out the Moodle release news for the 3.0.2 and 2.9.4 versions.

    We have released Bitnami Moodle installers, virtual machines and Amazon EC2, Google, Oracle, VMware vCloud Air, DigitalOcean and Azure cloud images that fix these issues.

    Have questions about Bitnami Moodle or the security issue? Post to our community forum, and we would be happy to help you.

    Tuesday, December 22, 2015

    Joomla! 3.4.7 security issue


    The Joomla! project has just released a new version that fixes a session hardening issue and SQL injection.

    Version 3.4.7 addresses these two reported security vulnerabilities and includes security hardening of the MySQLi driver to help prevent object injection attacks.

    If you want to read more information about the issue you can check the Joomla! release news.

    We have released Bitnami Joomla! 3.4.7 installers, virtual machines and Amazon EC2, Google, Oracle, VMware vCloud Air, DigitalOcean and Azure cloud images that fix these issues.

    Have questions about Bitnami Joomla! or the security issue? Post to our community forum, and we would be happy to help you.

    Saturday, December 19, 2015

    New Bitnami Ruby Stacks

    We have just released new versions of the Bitnami Ruby stack, which fixes the CVE-2015-7551 security issue in all of the versions below.

    • Ruby 2.0.0-p648 
    • Ruby 2.1.8 
    • Ruby 2.2.4 

    In case you are not familiar with the Bitnami Ruby Stack, it includes the base Ruby runtime/libraries, and the most popular gems for building Rails applications such as Passenger, Nokogiri, Rake, RMagick, Thin and more. It also includes the latest stable versions of Rails, Apache, Nginx, MySQL, PostgreSQL, SQLite, Git, Sphinx, PHP, phpMyAdmin and phpPgAdmin.

    We have released new versions of the Bitnami Ruby Stack native installers for Linux, OS X, Windows, virtual machines and cloud images for Amazon EC2, Google Compute Engine, Microsoft Azure, vCloud Air, Digital Ocean and Oracle cloud platform.

    If you have any question about Bitnami RubyStack you can check our quick start guide or you can create a new post in our community forums.


    Friday, December 18, 2015

    Optimize MySQL and MariaDB Performance in Real Time with the Bitnami MONyog Stack


    Software developers and DBAs are constantly on the lookout for new tools that help them address the twin concerns of application performance and data security. That's where the Bitnami MONyog Stack comes in: it provides an enterprise-grade monitoring and performance optimization tool for MySQL and MariaDB, designed to give developers and DBAs deep insight into how to squeeze the most out of their database servers.

    The Bitnami MONyog Stack includes replication and deadlock monitoring, historical and trend analysis of performance data and a unified dashboard that aggregates data from multiple MySQL/MariaDB deployments. The coolest thing about MONyog, though, is its real-time monitoring feature. This real-time monitor lets developers and DBAs watch database activity in real time to identify long-running or problem queries, pinpoint areas for improvement, and deliver faster, more optimized applications.

    To use the real-time monitor, simply log in to MONyog and click the "Real-Time" tab in the top navigation bar. Select the server you wish to monitor and start a new monitoring session. The MONyog interface will rapidly fill up with a graph indicating database activity, color-coded by type of query. This lets you easily identify, for example, if the proportion of writes (INSERT, UPDATE and DELETE queries) outweighs the proportion of reads (SELECT queries). You can also zoom in to specific time ranges in the graph for more in-depth analysis.

    real-time.png

    If you're looking for optimization targets, the monitor provides a list of the most-used tables and databases, as well the top 200 most frequently-executed queries. You can also view slow queries, deadlocks and locking queries. If you're tasked with ongoing product maintenance, this lets you regularly target the most common problem queries and continuously enhance page load times.

    Sounds interesting? Read more about real-time monitoring here, visit MONyog's homepage, or spin up a MONyog server instantly and try it for yourself!

    Tuesday, December 15, 2015

    New Amazon T2.Nano Instances Now Supported

    Amazon recently announced their new T2.Nano instances. Bitnami has been working behind the scenes with Amazon on the technical preparations and is happy to now announce our support for T2.Nano instances, effective immediately.

    T2.Nano instances come with 1 vCPU and 512 MB of memory and are especially well-suited for PHP or other applications that can take benefit from burstable performance via CPU credits. In addition we’ve made a number of configuration tweaks to the images to improve their performance.

    The first set of images includes Wordpress, Drupal, and Joomla. We expect more images to follow in the weeks ahead.

    Take them for a test drive and let us know what you think.