Wednesday, March 23, 2016

Join Bitnami at GCP Next 2016!

GCP NEXT 2016 begins today, and we are excited to announce that we are a proud partner. We will be demoing the latest additions to Stacksmith, which focus on combining easier, up-to-date container creation with integrations to CI systems (such as Jenkins) and container orchestration systems (like Kubernetes).

Stop by our booth (#8), and say hi to our engineers that are behind the project.




More information about GCP NEXT:

At GCP NEXT, you’ll have the opportunity to attend three visionary keynotes presented by GCP with industry leaders, 30 in-depth technical sessions, participate in self paced code labs, and hear how other IT leaders rely on GCP for mission critical cloud solutions.

The 2-day conference includes sessions designed to help you build on your cloud strategy:
  • From idea to market in less than 6 months: Creating a new product with GCP
  • IoT - from small data to big data: Building solutions with connected devices
  • Security analytics for today's cloud-ready enterprise 
  • Your new super power: Using machine learning to build applications that understand the world
Can’t make it to GCP NEXT in person? Don’t worry, you can live stream GCP NEXT for free. Register here: https://goo.gl/lrjTHV

Monday, March 21, 2016

Bitnami-powered Applications are now available through GoDaddy Cloud Servers


GoDaddy, the largest technology provider for small businesses, has announced that they will be expanding their hosting offerings to provide Cloud Servers and Bitnami-powered applications.  GoDaddy Cloud Servers are intended for customers who want to quickly build, test, and scale their cloud solutions. Bitnami’s mission has always been to do the same.  So, we are proud to partner with GoDaddy in order to help execute both our missions and help more customers.


Today, GoDaddy Cloud Servers’ customers will find more than 130 Bitnami-powered applications that are easy to download, configure, and install in just one click.  According to GoDaddy, “Bitnami-powered applications bring one-click optimized installation for application solutions like CMS (eg: Wordpress and Drupal), CRM (Odoo and Open ERP), and eCommerce (eg: OpenCart and Magento).” These customers will now be able to experience Bitnami’s consistent, secure, up-to-date, and optimized end-user experience on any platform.


Want to launch a Bitnami-powered application in GoDaddy’s Cloud Servers? Here’s how:
  1. Login or sign up for a GoDaddy Cloud Servers account
  2. Choose your Bitnami-powered application and configure your server
  3. Click ‘Finish’ and your application will start to build!


Still curious? Click here for more information or watch our quick video to see how to get running on GoDaddy Cloud Servers:


Tuesday, March 15, 2016

Security Release: Moodle

Moodle has just released an update to all supported versions that addresses several security issues. The security vulnerabilities have been discovered and fixed, in addition to a number of bug fixes and small improvements.

Specifically, the update solves the following issues:

  • MDL-48778 - Fixed problems with "assign quick grading" in case of multiple attempts
  • MDL-31635 - Changed course completion "grade" criteria to correctly show grades as points and not percents
  • MDL-21912 - Introduced new setting "Allow admin conflict resolution" for restoring a course from a different Moodle site
  • MDL-51702 - Restored ability to assign roles to blocks in Default Dashboard and My page
  • MDL-49807 - Changed wiki table of contents to correctly display headers created in Atto editor
To read more about these issues, check out Moodle's official announcement.

We have released new versions of Bitnami Moodle installersvirtual machines and Amazon EC2GoogleOracleVMware vCloud AirDigitalOcean and Azure cloud images that fix these issues. 

Do you have questions about Bitnami Moodle or the security issue? Post to our community forum, and we will be happy to help you.

Wednesday, March 2, 2016

Security Release: Django 1.8.10 and 1.9.3

The Django project has released new versions that fix two security issues:


  • CVE-2016-2512: Malicious redirect and possible XSS attack via user-supplied redirect URLs containing basic auth
  • CVE-2016-2513: User enumeration through timing difference on password hasher work factor upgrade

  • Read more about the security issues on the Django blog.

    We want to let Bitnami users know that Django 1.8.10 and Django 1.9.3 installers, virtual machines and cloud images have been updated and released. We strongly suggest that you update your Django applications to the latest version.

    Do you have questions about Bitnami Django or the security issues? Please post to our community forum and we will be happy to help.

    Tuesday, March 1, 2016

    Security Notification: OpenSSL Cross-Protocol Attack on TLS Using SSLv2 (DROWN) (CVE-2016-0800 and CVE-2016-0703)

    A new security vulnerability was recently discovered in certain versions of OpenSSL. More information about the vulnerability is available on the OpenSSL website: https://www.openssl.org/news/secadv/20160301.txt

    All the Bitnami-packaged applications are NOT VULNERABLE because Apache disables SSLv2 and EXPORT algorithms for HTTPS by default.

    Please take a moment to update existing Bitnami cloud images or virtual machines by following the instructions on our wiki:

    https://wiki.bitnami.com/security/2016-03-01_OpenSSL_Cross-protocol_attack_on_TLS_using_SSLv2_(DROWN)_(CVE-2016-0800_and_CVE-2016-0703)

    To check whether your server is vulnerable, use the following automatic DROWN Attack checker:

    https://drownattack.com/#check

    If you have any questions about this process, please post to our community support forum and we will be happy to help!