Thursday, September 22, 2016

Security notification: OpenSSL OCSP Status Request Extension Unbounded Memory Growth (CVE-2016-6304)


[UPDATE 2016-10-13]

BCH images have been updated properly. You can now launch new servers that mitigate the vulnerability.

[UPDATE 2016-10-07]

All the affected cloud images, virtual machines and native installers have been successfully patched.

If you are using a Bitnami Cloud Hosting instance, you can easily patch it following the guide below while we upgrade the base images.

[UPDATE 2016-09-26]

The OpenSSL team announced the release of version 1.0.2j, which patches a missing CRL sanity check issue affecting only version 1.0.2i. As a result any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. (CVE-2016-7052)

To update to the new OpenSSL version, please follow the instructions in our documentation system. 

The Bitnami Team will continue working on updating the Cloud Images, Virtual Machines and Native Installers using the latest released version.

[UPDATE 2016-09-23]

The Bitnami Team is happy to announce that our images on Google, Azure, Oracle (Ubuntu) and AWS Marketplace images have been properly updated. Additionally, we will continue to work on releasing the images for our all of our cloud platform partners, virtual machines and the native installers.

----

A new security vulnerability was recently discovered in certain versions of OpenSSL. More information about the vulnerability is available on the OpenSSL website: https://www.openssl.org/news/secadv/20160922.txt

Any Bitnami-packaged applications using affected OpenSSL versions prior to 1.0.1u, 1.0.2i and 1.1.0a are vulnerable. 

To secure your server, you need to update the OpenSSL version included in the system and the OpenSSL library included into the Bitnami installation. Please take a moment to update your existing installations of Bitnami-packaged applications by following the instructions in our documentation system

If you have any questions about this process, please post to our community support forum and we will be happy to help!

Shopware Community Edition now in Bitnami!



We are pleased to announce that our newest software partner Shopware's Community Edition (CE) is now available in Bitnami! Shopware is one of the world’s leading e-commerce applications, with over 54,000 storefronts for a wide variety of businesses. Shopware Community Edition (CE) enables even the smallest company to have a sophisticated e-commerce presence, while still being powerful and scalable enough to be relied upon by some of the world’s most recognizable brands.


No  Coding Necessary
The Shopware CE backend was designed with usability in mind, enabling users with no coding experience to design and build beautiful online storefronts that automatically adapt to multiple devices and browsers. Its open-template design enables you to completely customize the look and feel of your ecommerce website, with a simple interface that displays only those elements which you are actually using. Also available for the Shopware CE backend are powerful marketing tools available through a large library of extensions in the Community Store, and built-in SEO tools that help deliver good rankings for your content.

Listing content is entered through an intuitive form.
Listing pages look beautiful, no matter what browser or device they’re displayed on.
Powerful Features for Advanced Users
Available for free under an AGPL license, Shopware Community Edition is supported by a large community. The codebase is lean and efficient, with a wide variety of plugins that extend both the frontend and backend while maintaining the ability to update/upgrade the software using a standard workflow. The application is based on PHP7 and comes pre-configured with Elasticsearch and an Open REST API out of the box.

Shopware Community Edition is now available in Bitnami to launch in just a few clicks in all your favorite cloud platforms, as a virtual machine, and as a native installer. Interested in a quick test drive? Try our one-hour demo in the cloud, complete with easy-to-install demo data, absolutely free!


Visit our docs to learn how to manage and scale your installation. Still have questions? Head to the Shopware Community Edition product page for more information.

Monday, September 19, 2016

Backendless Pro Now Available in Bitnami

Backendless, the API management platform and Mobile Backend as a Service we all know and love, has now released a major update called Backendless Pro! Available immediately in Bitnami, this new iteration of the popular Middleware application will also be coming soon to the AWS Marketplace.

Backendless has been a valued partner with Bitnami for over a year, and in that time has gone through an extraordinary transformation into a product that is now a more scalable, reliable, and intuitive way to streamline your application development than ever before.

Development Without Server-Side Coding
Backendless Pro is an API generation and management suite and Mobile Backend as a Service (mBaaS) that enables rapid development of mobile, desktop, and IoT applications. Deploying your code to the application enables you to automatically generate server-side functionality such as user registration and login, data persistence, geo location and geo fencing, and publish-subscribe messaging. All the functions that would normally require extensive development on the server side are automated, giving you the freedom to focus on client-side and business logic for your application.


Ready to Scale
Backendless Pro has some awesome features that are suitable for the enterprise or for rapid scaling of a web, mobile, or IoT application. It has the ability to cluster multiple servers for failover and scaling, and to take advantage of cloud services like RDS, ELB, EFS and ElasticCache. It can integrate with a wide range of databases including Oracle, SQL Server, MySQL, PostgreSQL and others. With a robust marketplace of plugins and extensions, you will be hard pressed to find a service that cannot integrate with your app using Backendless Pro.


Backendless Pro is now available in Bitnami to launch in just a few clicks, in all your favorite cloud platforms, as a virtual machine, and as a native installer. Interested in a quick test drive? Try our one-hour demo in the cloud, absolutely free!


Visit our docs to learn how to manage and scale your installation. Still have questions? Head to the Backendless Pro product page for more information.

Thursday, September 15, 2016

Kong Now Available in Google Cloud Platform

Bitnami is excited to announce that we have partnered with Mashape and Google to package Kong for Google Cloud Platform! Now you can launch and scale your Kong instance in minutes through the Google Cloud Launcher or the Bitnami Launchpad for Google Cloud Platform.

Powerful Functionality for Your Software
Mashape’s Kong platform is a popular open source, scalable API gateway and microservices management layer that helps add common functionality on top of your web, mobile, or IoT application. It acts as a gateway for HTTP requests, while providing logging, authentication, rate-limiting, and a huge variety of additional functionality through plugins. Kong is built on NGINX and Cassandra, and is easily configurable for high availability, fault-tolerance, and clustering right out of the box.


Simple Clustering
The Bitnami Kong stack is easy to configure in a clustered topology - simply launch the number of instances you need, configure each node with the IP address and authentication settings for the Seed Node, and Kong does the rest! You can read more about clustering Kong with multiple instances in our documentation.


Launch Kong in Google Cloud Platform
Google Cloud Launcher is Google’s marketplace of preconfigured cloud images that enables you to launch Mashape’s Kong in Google Cloud Platform, in a configuration that makes sense for your application, in minutes. Kong is absolutely free- you only pay for the compute time.


Already a Bitnami user? The Bitnami launchpad for GCP enables you to deploy Kong to your cloud account, where it can be accessed in your GCP Console, in just a few clicks!

Give it a try, and add powerful functionality to your application now!

Tuesday, September 13, 2016

Announcing Bitnami / Eclipse Che Integration — Making Developer Workflows Better


Making Developer Workflows Better


Both had similar goals: to make it simpler for developers to get started with popular, but sometimes complex, development frameworks.  With Eclipse Che becoming an increasingly popular IDE for cloud-based and portable development, and Bitnami the leading source for open source applications amongst cloud providers, we thought we'd integrate the two to make a better workflow for developers everywhere.

Now it's here — by using the two together, you can combine Eclipse Che's cloud-based portable workspaces with Bitnami's trusted, always up-to-date, easy to use Development Containers, to get a faster, more stable, more seamless development workflow.

Just Click & Go: New Bitnami Development Containers for Eclipse Che


New Bitnami Developer workspaces in Eclipse Che

Eclipse Che now ships with Bitnami Development Containers (used to make Che workspaces), with the first release (we'll be adding more in the future) including:
  • Codeigniter
  • Express
  • Laravel
  • Play for Java
  • Rails
  • Swift
  • Symfony
To use them, you can either select them from the Stacks Library from within Eclipse Che (as shown in the screenshot above), or you can can launch Codenvy from any Bitnami Development Containers repository.


Questions or feedback? Drop us a line at containers@bitnami.com.

Monday, September 12, 2016

MySQL Security Issue (CVE-2016-6662)

A critical vulnerability that affects all MySQL version branches was recently announced.  

Affected versions are:
MySQL <= 5.7.15
               5.6.33
               5.5.52
MySQL clones (MariaDB, PerconaDB...) are also affected.

This issue allows attackers to inject malicious settings into a MySQL configuration locally and remotely. Both the authenticated access (network connection or web interface) or SQL Injection could be used as exploitation vectors to achieve Remote Root Code Execution. For more information, visit here.

Official patches are not available yet. As temporary mitigations, users should ensure that MySQL config files are not owned by mysql user, and create root-owned dummy my.cnf files that are not in use. This is not a complete solution, we will re-check new MySQL/MariaDB versions when they are available.

We want to let you know that Bitnami Stacks (VMs, Cloud Images, Docker containers and Native Installers) are not affected since our MySQL configuration is not owned by mysql user and we explicitly define the configuration file using the parameter below for starting the service:
             --defaults-files=/opt/bitnami/mysql/my.cnf

So, the creation of any other my.cnf file will be ignored.

Do you have questions about the security issue? Post to our community forum, and we will be happy to help you.