Thursday, November 16, 2017

TIBCO JasperReports 6.4.2 security release

TIBCO JasperReports has recently been updated to fix two security vulnerabilities in the application.

Versions 6.4.0, 6.3.2, 6.3.1, 6.3.0 and 6.2.3 and below contain a vulnerability which may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. Version 6.4.0 is also affected by a vulnerability which fails to prevent remote access to the contents of the web application, including key configuration files. More information about these security issues can be found in the official advisories:

https://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-2017-5532
https://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-server-2017

TIBCO has released updated versions of the affected components which address these issues. For new application deployments, including the Bitnami Launchpad, we have released JasperReports 6.4.2 containers, installers, virtual machines and cloud images that include the security fixes to address these vulnerabilities. Users launching Bitnami JasperReports via a cloud marketplace are advised to select version 6.4.2, once it is published.

If you have further questions about this security issue or about Bitnami JasperReports, please post in our community forum. Our support team will be happy to help you there!

WordPress 4.9 is now available on Bitnami

WordPress, the most popular open source CMS has just released the “best release ever” in their own words (188 enhancements and new features has been added). And now, WordPress 4.9 is available in the Bitnami catalogue. 



Here are some of the most remarkable new features and enhancements included in this WordPress version:

New widgets and improvements

In addition to the new media widgets included in the prior version, version 4.9 also includes a Gallery widget for adding galleries both in the post content and in the sidebar.


New Gallery widget for post content and sidebar


We can highlight that this new version (at last!) support shortcodes in the text widget. The theme switching has also been enhanced.

Improvements for customizing sites

WordPress has improved the experience of discover, install and preview new themes on the customizer. The Nav Menu side has been also upgraded: a more clear menu panel that facilitates adding a new menu to the desired location.

Changes on the Nav Menu based on user experience tests


Code with more security and reliability 

WordPress has reintroduced syntax highlighting and includes linting and auto-completion by incorporating the CodeMirror library. Apart from this, the Additional CSS Integration also incorporates the detention of syntax errors.

CodeMirror supports linting to detect errors in your code


This new version has a bunch of updates that you can’t miss.  New interesting changes for developers in WordPress Multisite (which is also available in the Bitnami catalogue) or new capabilities for plugins and language files amongst others, are waiting for you.

You can deploy Bitnami WordPress 4.9 in just a few clicks:



And for the most demanding environments, you can also try Bitnami WordPress Multi-Tier which separates the application code from the database. It is available on Google Cloud Platform, Azure or AWS.

Friday, November 10, 2017

Roundcube 1.3.3 security release

The RoundCube project has recently discovered a file disclosure vulnerability in Roundcube Webmail.

Apparently this zero-day exploit is already being used by hackers to read Roundcube’s configuration files. It requires a valid username/password as the exploit only works with a valid session. More details will be published soon under CVE-2017-16651. RoundCube versions 1.1.x are affected by this vulnerability. However, versions 1.0.x, that are not affected by it, have been patched with the same fix as well.


We advise you to check your Roundcube installation to see if it has been compromised. Please check the Apache access logs (installdir/apache2/logs/access_log) for requests like:

?_task=settings&_action=upload-display&_from=timezone 


More information about this vulnerability can be found in the official announcement.

For new application deployments, including the Bitnami Launchpad, we have released Roundcube 1.3.3 installers, virtual machines and cloud images that include the security fixes to address this vulnerability. Users launching Bitnami Roundcube via a cloud marketplace are advised to select version 1.3.3, once it is published.

If you have further questions about this security issue or about Bitnami Roundcube, please post to our community forum. Our support team will be happy to help you there!