Thursday, August 17, 2017

Meet the Bitnami Team: Marko Mikulicic

The Bitnami team is a diverse group of talented people distributed all over the world. Get to know them better through this series of blog posts.

Marko Mikulicic is a Senior Engineer on Bitnami’s Toolchain team, and works remotely from Italy.

A brief bio

As a kid I liked to take everything apart to see how it works. But computers were different. When I was 8, putting my hands on one wasn't easy, given my track record. But once opened, the mystery just deepened.

Marko enjoying some time with his son

That machine, which allowed my father to stop keeping the neighbours awake with the clickety-clack of his old typewriter, was able to surprise me with its seemingly never ending amount of things it could do. Yet, all I could see was a bunch of quiet plastic bricks, not humming, not glowing, but nevertheless launching my 8-bit cannonballs over rasterized mountains hitting simulated walls of imaginary castles. Every game or application I saw triggered that instinct: take it apart and see how it works!

Like physicists discover how nature works, I was discovering the laws of this marvellous machine. I say discover, because while the knowledge was definitely out there, I first had to make sense of it: as a Croatian immigrant in the Italian-speaking part of Switzerland, I could only put my hands on the tech books from the country majority language. Thus, I co-learned German and C from the same book.

But C did no good. Non only it did not quench the thirst (too high level; what does the machine actually do!?), but the toolchain didn't fit in a single floppy drive. While forever flipping floppies on my shiny Amiga 500, I found a book about assembler and was happily programming in mc6800 assembly hereafter until hard drives finally came into town.

From there, I worked my way through a bit of everything: from academia to the industry, from applications to development tools, from writing compilers and interpreters to operating systems, from micro-optimizations to large scale design, from embedded development and hardware to working on the largest machine learning system on earth at Google.

Other than that, I lived in Switzerland, Croatia, Ireland and Italy. I have forgotten a lot of languages.

I have a 1 y/o son who makes me dream of sleeping.

Why you joined Bitnami and what excites you about working here?

I really like working on tools that make software engineers more productive, which is part of Bitnami’s overall mission. Software engineers love their tools and often have to build their own, either for fun or out of frustration. But there is not enough time to struggle with the same things over and over.

Nowadays most people don't assemble their own PCs and often they don't even install their OSs anymore; we can see how the same pattern can be applied further down on whole development and production environments, leaving you more time to actually focus on your own software and the many more interesting challenges you can face.

I believe Bitnami can make the difference here and give a lot of people that kickstart in productivity they need to build amazing things.

Plus, it's a fun place to work! I have worked in both small and large companies, so I know the pros and cons of both. Bitnami caught my attention because it is an interesting size, in an interesting moment, and has plenty of potential for solid foundations.

Bitnami is also full of people that come from very different experiences. Something that's new for you was well explored by someone else, and vice versa; this offers a lot of opportunities to stay curious and learn a lot of things.

Also, I had to relocate back to Italy for family reasons and I found that Bitnami had built a solid remote working culture that was compatible with my time zone.

What are you working on?

While Bitnami is sharing and contributing to lot of open source projects, like Helm, Kubeless and Cabin, the main thing is still the application catalog, packaged in many ways: VMs you can run on premises, cloud images readily available at your cloud provider of choice and containers you can run just everywhere.

These applications and infrastructure components which you can use to build your systems on are curated by skilled humans who try hard to make things just work so you can worry only about things that matter.

But then, we have hordes of little (software-based) Elves that do the grunt work of building, packaging, updating, testing, publishing, notifying, monitoring so that you can enjoy your click-to-deploy Mongodb cluster.

My job is to program those little subordinate clauses, telling them what to do and how to interact with each other, so that we can free up some valuable for humans to do what they (I mean, we) do better: be creative and apply judgement calls.

Building complex and dependable automation is fun and challenging. It's hard to draw the line between what should be automated and what not, and it's easy to fall in the trap of turning humans to log and graph watchers and mindless button pushers just because you cannot really trust the amazingly complex automation you just built. So much fun, much reward.

What do you like to do for fun?

I work for fun and live for a living.

Not work work, I mean, somehow I got dragged into this whole thing about farming and growing food, making my own olive oil etc; it's serious work! I even had to ferry donkeys across europe, twice.

Not wasting money on gyms; doing useful work as Joule intended instead!

I don't dismantle things anymore. Entropy does it for me.

When I had time, I used to be a musician. I also liked words.

When I grow up I want to be taller.

Interested in working with Bitnami and Marko? Apply for one of our open positions!

Security Release: Drupal 8.3.7

Drupal has released a new version that fixes three security vulnerabilities. These vulnerabilities affect Drupal versions prior to 8.3.7.

The vulnerabilities fixed in the latest version of Drupal (8.3.7) are the following:
  • Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass - Critical - CVE-2017-6925
  • Views - Access Bypass - Moderately Critical - CVE-2017-6923
  • REST API can bypass comment approval - Access Bypass - Moderately Critical - CVE-2017-6924

It is recommended that you update your Drupal application to the Drupal 8.3.7. You can follow our documentation to learn how to upgrade your application and ensure its security.

For new application deployments, including the Bitnami Launchpad, we have released Drupal 8.3.7 containers, installers, virtual machines and cloud images that includes the security fixes to address these vulnerabilities. If you deploy Bitnami Drupal via one of our cloud partner marketplaces and it is not yet updated to version 8.3.7, you will need to upgrade your application using our documentation.

If you have further questions about Bitnami Drupal or this security issue, please post to our community forum, and we will be happy to help you.

Friday, August 11, 2017

Security Issue (CVE-2017-1000117): Git, Subversion and Mercurial

A new version of Git has been released to address the following security vulnerability: CVE-2017-1000117.

This is an important issue-- A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.

This has been a coordinated release with Subversion and Mercurial that share a similar issue. CVE-2017-9800 and CVE-2017-1000116.

We have released all the affected containers and Helm charts for Kubernetes.
We continue working on releasing all stacks that ship Git, Subversion or Mercurial.

If you can not update or migrate to a new version, the workaround would be to disable the “ssh://” protocol of your web application. GitLab shows you how to do this via their workaround.

Have questions about this security vulnerability for Bitnami solutions that ship Git, Subversion or Mercurial? Post to our Community Forum, and we will be happy to help you.

Cloudy times ahead for SIs and MSPs?

As enterprise IT spending on cloud goes mainstream, how do more traditional SIs, consultancies and MSPs “go cloud”?

dreamstime_xxl_3042198.jpgFor Systems Integrators, IT consultancies, and Managed Service Providers, there has never been a better time for a client conversation about cloud migration. The drive for enterprises of all sizes to migrate to a modern cloud IT infrastructure is overwhelming. But if you don’t yet have the extensive experience or established reputation in building cloud solutions, how can you begin to deliver with greater repeatability, lower risk, and faster implementation.

Just how big is the opportunity?

In April, Forbes published a really useful “Roundup Of Cloud Computing Forecasts, 2017”. It compared and contrasted predictions from a range of analysts about the future growth of cloud computing, concluding that enterprise spending on cloud IT infrastructure will increase by 15% to 20% per year in the next five years – with most of that growth coming from public cloud infrastructure. Forbes’ claims are bolstered by staggering financials from the leading public cloud vendors: most recently (Q2 2017) Amazon Web Services’ (AWS) revenue surged 42 percent year-on-year (on an annual run rate of around $16 billion!) while Microsoft Azure's revenue jumped 97% year-on-year in the same period.

The shift in enterprise IT spending to cloud - now universally global, and across organizations of all sizes and sectors - represents a massive opportunity for SIs, consultancies and MSPs. Cloud specialists such as Cloudreach, Cloud Technology Partners (CTP), Logicworks and Nordcloud are already taking full advantage. They were either born in the cloud, or have fully transformed for the cloud era. They are part of a new generation of Public Cloud Infrastructure Managed Service Providers described in a new Gartner Magic Quadrant report published in March 2017. They each have a suite of well-honed capabilities, tools and processes to help customers transition to a more cloud-native, DevOps-oriented approach.

The challenges for traditional Integrators and MSPs

As the IT services market matures, enterprises of all sizes are expecting a wider range of consultancies and MSPs to meet their demands in helping transform their infrastructure. The cloud-hungry customers of tomorrow will be looking for in-depth knowledge of cloud platforms and the right processes to manage costs, sprawl, and security - but they may be looking for more than a pure cloud consultancy. These new opportunities may be long standing clients, new word-of-mouth recommendations, or companies looking for your industry-specific expertise. Whatever the reason, they will value your proven expertise in delivering solutions - but will need it delivered on the cloud. These increasing demands to deliver cloud-native solutions can present you with many challenges including:
  • Repeatability and consistency - can you deliver a repeatable practice, delivering predictable ROI, regulatory compliance, and enterprise-grade operations assurance? Or do you need to architect a complete solution from scratch for each new customer?
  • Efficiencies - do you have the necessary tools for rapid deployment of business workloads with overheads low enough for you to be competitive?
  • Credibility and confidence – without a wealth of customer references, how can you demonstrate your ability to deliver on the cloud? Can you recommend and articulate a clear path to success?
Maximizing efficiencies, minimizing risks

How can systems integrators and consultancies best operationalize to address this new opportunity with multiple moving parts & trends? How can you best develop the capability to deliver cloud projects faster, with less risk and make more money? Two clear ways of doing this are by leveraging open source technologies, and by taking advantage of greater levels of automation.
  1. Open source technologies
    Open source is now almost universally embraced, and to some degree mandated (for example in US Federal Government projects). Leveraging open source technologies allows you to efficiently build a solution from server applications (e.g. Drupal, edX) running on Linux, or to develop on top of infrastructure components (e.g. MongoDB, Node.js, PHP). This might be for a direct “lift-and-shift” of an open source-based application running in a datacenter, an extension of an existing system (e.g. a backend to support a new mobile app), or a new-and-improved alternative for an existing proprietary platform. Best-in-class open source components (created and maintained by passionate, innovative, expert communities) will provide the necessary functionality and infrastructure building blocks allowing you to focus on delighting clients with customer-specific features. They will also enable you to spin-up POCs more rapidly to demonstrate your capabilities to customers early in the sales cycle.

  2. In-house automation
    The use of in-house automation is essential. It will allow you to successfully deliver repeatable services with more efficiency and less risk. In the short term this, will help you reduce implementation time, but as the market develops it will be increasingly important to offer competitively priced services. Automating manually-intensive, repetitive tasks will help you to focus more on the client’s unique needs and help them fully realize the business benefits of migrating to cloud-native infrastructure.

    The best automation tools will also help you deliver solutions for your customers on multiple cloud platforms. In an evolving landscape, many enterprises want flexibility in their choice of cloud service. Being able to offer multiple options will help you stand out from your competitors.
Bitnami has vast experience in open source technologies - we deliver over 150 secure, trusted, and optimized applications and developer stacks for each of the leading cloud platforms (including AWS, Azure, Google Cloud and Oracle Cloud), and in multiple formats including Docker containers and Helm charts for Kubernetes. We operate at scale with more than one million deployments every month, driving tremendous value for our end users and cloud partners.

Updating and maintaining our images to the required high standard means we perform literally thousands of updates every month - CVE’s are patched and images are rebuilt/ tested/ published in the fastest possible time. The only way we can realistically achieve this is via our own efficient, reliable automated build and delivery platform. It’s so reliable and efficient we have based a successful business on it for many years.

We’ll soon be making this automation platform available for you to build and maintain custom images and templates for your customers. Find out how Bitnami can help with the heavy lifting for you to “go cloud."

Thursday, August 10, 2017

Bitnami Now Provides Secure Open Source Applications for AWS GovCloud

Today, we are excited to announce that Bitnami is a Launch Partner for AWS’ new GovCloud (US) Marketplace, bringing the Bitnami Application Catalog to qualified public sector customers in the US! GovCloud users can now deploy any of Bitnami’s 110+ packaged applications to “an isolated AWS region designed to host sensitive data and regulated workloads in the cloud.”

AWS GovCloud users can now easily deploy and maintain applications in the cloud with Bitnami. For public sector customers that may not be familiar with using open source software, Bitnami’s packaged application stacks provide added features and components to deliver everything you need out of the box. Bitnami ensures each application is:
  • Ready-to-Run – Pre-configured applications and development stacks 
  • Up-to-date – Bitnami’s Application Catalog is continuously updated and secure
  • Optimized – Consistently configured for best performance on any platform
  • Trusted – Over 1 million Bitnami packaged applications are deployed per month 
The AWS GovCloud helps customers comply with government security and regulatory requirements such as ITAR and FedRAMP, while enjoying the benefits and flexibility of using the cloud. GovCloud is only operated by Amazon employees who are U.S. citizens that reside within the United States, and is only accessible to US persons working at government agencies or in related industries.

Want to learn more about the AWS GovCloud or how to get started? Feel free to read more here.

Ghost 1.5.1 Released!

We are happy to announce that Ghost 1.5.1 is now available on Bitnami! Ghost is quickly becoming one of the most popular publishing platform with it's 100% open source tool that allows you to create your dream online publication with ease.
The new version of Ghost includes:
  • New editor
  • Refreshed UI
  • New default theme design
  • Night shift mode
  • Publication icons
  • And more!
If you already have a running version of Bitnami Ghost, you can update your application by following these simple steps:
1- First of all, make a backup of you Ghost content:
In your existing (pre v1.0.0) Ghost blog, navigate to YOURSITE/ghost/settings/labs/ (the settings->labs page in Ghost-Admin) and click on the Export button. It should look something like this:

lts labs page

This will download in your system your JSON export file that you need later. 2 - Launch a new Bitnami Ghost instance
3 - Import your content into your new Ghost instance:
On your new blog navigate to YOURSITE/ghost/#/settings/labs (the settings->labs page in Ghost-Admin), click Choose file and select the JSON export file created before from your system, then click on the Import button.

v1.0.0 labs page

Please note that Ghost importer will not import themes. You could see a warning that your themes have not been imported, that is the normal behaviour, you can continue to the next step. 4 - Move your images You need to copy/move your images from your existing directory <ghost-dir>/htdocs/content/images to the new instance directory <ghost-dir>/htdocs/current/content/images. 5 - Move/upload your themes
Navigate to YOURSITE/ghost/#/settings/design (the Settings->Design page in Ghost Admin) then click Upload a Theme button and follow the instructions. Now you have you system fully migrated to the newest Ghost version!

Upload a theme

Haven't tried Ghost yet? Not to fear!

You can easily get started with Ghost by launching it in the cloud, as a Virtual Machine, or native installer.

Wednesday, August 9, 2017

Meet the Bitnami Team: Jose Vazquez

The Bitnami team is a diverse group of talented people distributed all over the world. Get to know them better through this series of blog posts.

Jose Vazquez is Senior Backend Developer on Bitnami’s WebDev team, and works remotely from Madrid.

A brief bio

Technology is my passion, specially software, systems and all things digital. I started with C, but then I got into that “new shiny thing” (back then) called Java. I got my degree as a research student at HP Labs Bristol, working on Java distributed systems ideas that later became the “cloud”. Back in Spain I did quite some J2EE-style projects for various companies, some C/C++ and acquired experience with Linux, SQL & Relational Databases, Source Control systems, Javascript and yep, that was the time of all-things XML!

Jose enjoying a bike ride with his son
I've been following Go since its early days, I even made a contribution to the http package, early on. What can I say, I do prefer strongly typed languages generating static compiled binaries after all... Better get annoyed by the compiler at office hours than by page from a production system at 3AM!

In 2013 I moved to Dublin, to work for AWS DynamoDB, maybe the world's biggest NOSQL DB deployment? Keeping the service up & running, we enhanced service internals (Java), and the automation around it (Python & Java). There I made the switch to git, unit testing & code reviews and never looked back! After AWS, I worked for Canonical, delivering the Ubuntu images for “the big 3” and most other clouds. The team was distributed across countries and time zones! Work was mainly in Python & Jenkins.

Why you joined Bitnami and what excites you about working here?

Distributed Systems, cloud and lately containers define my favourite domains of the technology to work within and contribute to.

Bitnami’s focus on keeping hundreds of applications up to date for all consumer channels, especially the cloud and containers, will expose us to interesting problems to which we’ll have to provide state of the art solutions for. We are the first ones doing this, the leaders, at least at the scale Bitnami does it.

On the personal side, apart from the technologies, I was looking for a remote job, preferably more EU than US-centric. Bitnami provided just that, and also the opportunity for me to work with a highly professional and technological skilled group of people all over the world, from home. What else can you ask for?

What are you working on?

I work with the webdev team. Our focus within Bitnami is to deliver awesome applications prepared by the assets team to our cloud partners. Since I just recently started, I am personally focusing more on the backend of things, including amongst others, the on-boarding of new Cloud Service Providers: building and publishing cloud-images/multi-tier solutions to Marketplaces.

The goal of my team is to reach to all clouds and deliver our apps everywhere as flawlessly as possible, aiming for the greatest level of automation.

What do you like to do for fun?

I used to play basketball quite a lot, and ride bikes (a bit less often, I have to admit). Cinema (as an spectator ;-) has always been one of my passions. However, with family duties lately I consider myself lucky if the kids will go to sleep early enough, to let us watch a nice movie, from time to time.

But hey, I do also enjoy having the whole family going out, and maybe shortly watch movies, and even do some bike & basketball again with the kids!

Interested in working with Bitnami and Jose? Apply for one of our open positions!

Tuesday, August 8, 2017

Container Trends – Bitnami User Survey 2017 (Part 1)

Each year Bitnami conducts a survey of our user base. This year, we’ve gathered quite a bit of data about orchestration, automation, application development, development environments, containers and of course some very specific data about the wants and needs of full-time developers. Over the course of the next few weeks, we plan to share some of the industry trend information that we’ve captured in a series of blog posts and infographics.

One of the key technologies that we’ve been tracking for the past few years has been containers. In this year’s survey, we were impressed by the growth in container interest and the rapid growth in production usage. The first evidence of the increased interest was that the number of developers who told us they were using containers grew more than 2x from 2016 to 2017. The second significant piece of information from our survey was the large shift to production usage, seeing only 27% of users with containers in production in 2016 grow to over 65% in 2017. This trend was also supported by a decline in users reporting that they are using containers only for dev/test use-cases with no intent to run in production.

This indicates not just a maturation among the early adopters of containers from 2016 but a growing user base that is rapidly adopting and moving from dev/test to production.

Figure 1. Container Usage Dev/Test-Only vs. Production - 2016 vs 2017 

  • More than 2x increase in production container usage
  • 50% decrease in dev/test-only usage YoY

Looking deeper into what “production” meant to our users and at what scale, our survey data showed that large scale production usage (defined as 50+ container host machines) grew more than 100% year over year while respondents with fewer than 50 container images grew more than 250% year over year.

Figure 2. Container Usage – Production Scale – 2016 vs 2017

We can clearly see that container usage is shifting from dev/test to production environments, and we’ve established that usage is starting to reach some critical mass at scale. Let’s look at where the usage is coming from. Breaking down our data and reviewing production container usage by company size shows us that it is well distributed regardless of the number of employees. Small companies of less than 50 employees make up the largest percentage of production usage, however mid-sized business (50-1,000 employees) and large businesses (1,000+ employees) are not that far behind in their usage of containers in production environments.

Figure 3. Container Usage by Company Size

The Bitnami User Survey clearly shows that container orchestration has moved rapidly from dev/test to real production in the last year and that rate of adoption is likely to accelerate further as the small-scale deployments scale up. Look for our next post in this series where we’ll review what tools are the most popular for container management and what platforms are being selected for container hosting.

To accelerate container usage in your company, be sure to check out Bitnami containers for the latest stable versions of your application stacks and development environments. If you are a Kubernetes user, be sure to visit to discover and launch Kubernetes-ready apps.

Security Release: Jenkins Plugins Vulnerabilities

The Jenkins project has published a security advisory due to some plugins vulnerabilities. These are the affected plugins:
  • Blue Ocean:
    • GitHub Pipeline for Blue Ocean up to and including 1.1.5, 1.2.0 beta releases up to and including 1.2.0-beta-3
    • REST Implementation for Blue Ocean up to and including 1.1.5, 1.2.0 beta releases and up to and including 1.2.0-beta-3
    • Bitbucket Pipeline for Blue Ocean 1.2.0-beta-3
  • Config File Provider Plugin up to and including 2.16.1
  • Datadog Plugin up to and including 0.5.6
  • Deploy to container Plugin up to and including 1.12
  • DRY Plugin up to and including 2.48
  • OWASP Dependency-Check Plugin up to and including
  • Pipeline: Groovy Plugin up to and including 2.38
  • Pipeline: Input Step Plugin up to and including 2.7
  • Script Security Plugin up to and including 1.30
  • Static Analysis Utilities Plugin up to and including 1.91
Bitnami deployments include some of these plugins by default. It is strongly recommended that you update your Jenkins plugins to the latest version, Jenkins 2.60.2-1. You can upgrade the plugins of your Bitnami Jenkins application following our documentation.

For new application deployments, Bitnami has released Jenkins 2.60.2-1 LTS installersvirtual machines and cloud images with the latest versions of the plugins that include the security fixes. If you deploy Bitnami Jenkins via one of our cloud partner marketplaces and it is not yet updated to 2.60.2-1, we strongly suggest that you update your Jenkins plugins to this latest version. If you are using the Bitnami Jenkins Docker container image, please follow the documentation in our GitHub repository to upgrade your deployment to the 2.73 Jenkins version with the latest plugins.

If you have further questions about Bitnami Jenkins or this security issue, please post to our community forums and we will be happy to help you.

Wednesday, August 2, 2017

Meet the Bitnami Team: Rick Spencer

The Bitnami team is a diverse group of talented people distributed all over the world. Get to know them better through this series of blog posts.

Rick is our VP of Engineering, and works remotely from Washington DC.

A Brief Bio

I graduated college with degree in Philosophy in 1990, though I studied a good deal of psychology as well. I wanted a career that was focused on service, so my first jobs were in Community Mental Health providing support to people with serious persistent mental illnesses, helping them stay in their homes in the community, and out of homelessness or the hospital. I burned out after a 5 years of that, though, and went back to graduate school and got a Master's Degree in Human Factors Engineering.

I got married to my wife in 1991, and we have 2 "kids", 22 and 18 years old now.

I started programming when I was about 12 years old, using my school's TSR-80 computers. Eventually my parents bought us kids a Commodore 64, so I continued programming that as well. I kept programming on the side, learning Pascal and C along the way, until I got recruited to Microsoft in 1997 to work as a Usability Engineer in Visual Studio. I spent almost 10 years at Microsoft in various roles, but during that time I discovered that I am always at my best when my end users are developers.

I left Microsoft to pursue my interest in Open Source. After a year, I landed a job as the Engineering Manager for the Ubuntu Desktop. I graduated from that to Director of Engineering and finally VP of Ubuntu when I left in early 2016.

I managed many disciplines during my years before joining Bitnami, including Engineering, Sales, Design, Usability, Documentation, Localization and others. I managed small teams and teams of over 300 people.

I joined Bitnami in the spring of 2016 as VP of Engineering.

I have lived in Alexandria, VA, Seattle, WA, Toulouse, France, and now am living in Washington, DC.

Why you joined Bitnami and what excites you about working here?

As I said, I always feel I am at my best when my end users are developers. I was strongly attracted to Bitnami's portfolio of offerings for developers. I liked Daniel and Erica's approach to running the company in a responsible, but non-risk averse way. I was also attracted to the remote working aspects of the role, and the opportunity to build a strong remote culture. I also knew Erica through personal connections, and I greatly admired her business acumen and her leadership style. I believed in Daniel's strong vision for the future of the company.

Enjoying some time with co-workers during the all-hands
What excites me about working here is that the engineering team is now structured for success across 3 major product lines that we are developing, and that there seems to be a huge appetite in the community for what we are building. Our images fill pretty much every cloud market place, and our new products are getting a ton of interest and traction. Across the board, we have a very smart team, and the team is executing. For a person in my role, this is the really fun.

I also very much enjoy working on Open Source projects, and so I love working with Seb and the rest of the Kubernetes Squad when I can.

What are you working on?

I divide my time into a few buckets. As VP of Engineering, I need to do a lot of work to help teams get their jobs done, help them work together effectively, and also help get the message out to partners, customers, and the community.

We have a fairly unsung team called the Web Dev team. These people are really the glue that holds Bitnami together, but because of their diligence, they make their job seem easy. This team is responsible, of course, for maintaining all of Bitnami's web sites and tools. But they are also critical in that they do work to integrate our image build systems with all the cloud marketplaces. This takes a lot of work to just figure out how to do the integration, and they often do it with crazy time pressures to help customers hit their deadlines. I don't spend too much time with this team because they are just so good at their jobs.

We have an Assets Team who has many responsibilities. One of the main ones is to design and build cloud images, VMs, containers, Multi-tier templates and other assets that end users can just use as is, or extend for their development environments. That team is responsible for making sure our users and our customers are very happy with what we are building. They are currently doing a great job at that, but they are also working every iteration to get more efficient and better at producing what they produce. I don't personally spend too much time with this team anymore, as they are really running well.

We are working on a lot of Kubernetes offerings, for example, Kubeless, Monocular, kubecfg, containers, etc... I spend a certain amount of time working with different communities on those projects, as well as explaining what we are doing to partners and potential future customers. So, I spend a lot of time advocating for this team.

I am spending a large amount of my time on our Enterprise product. We have a productized version of our own toolchain that we are developing for two different markets. I spend a lot of time working with this team to ensure that they have everything they need to achieve the vision, as well responding to feedback, input, scheduling difficulties, unexpected opportunities, etc... I spend a copious amount of time working with external partners and potential customers to understand how this toolchain will benefit them, though. The more traction we get in these discussions, the more time this takes.

Of course, the bulk of my job is listening to my team to help them strategize how to solve problems and achieve goals, to help ensure that the whole team is working together effectively, ensure everyone understands the strategy and help them align to it, etc... I spend a LOT of time in video conferences ;)

Finally, we are continuing to grow, so recruiting is, of course, a big focus for me.

What do you like to do for fun?

Honestly, I work a lot and I work hard. So, when I do have time for fun, I like to really relax. This might involve playing video games, or playing my Mandolin. My father made me a beautiful mountain dulcimer, so I am looking forward to spending some time to learn to play that. I am incredibly happy that Season 3 of Rick and Morty has started.

When I go on vacation, I like to go swim and get some sun. This summer I am going to Barbados to surf.

Interested in working with Rick at Bitnami? Apply for one of our open positions!

Thursday, July 27, 2017

Security Release: Codiad 2.8.4

The Codiad project has published a new version of the application that fixes a remote command execution vulnerability (CVE pending). This vulnerability affects any Codiad version prior to 2.8.4.

It is strongly recommended to update your Codiad installation to the latest version, Codiad 2.8.4. Codiad 2.8.4 has already published  and is available on You can read our documentation to learn how to upgrade Codiad application to keep it secure. If you are using the Bitnami Codiad Docker container image, please follow the documentation in our GitHub repository.

If you have further questions about Bitnami Codiad or this security issue, please post to our community forum, and we will be happy to help you.

Wednesday, July 26, 2017

Meet the Bitnami Team: Ara Pulido Manuel de Villena

The Bitnami team is a diverse group of talented people distributed all over the world. Get to know them better through this series of blog posts.

Ara is our Engineering Manager on the Kubernetes Squad, and works remotely from Malaga.

Enjoying a bike ride in Berlin’s Tempelhof
Park (old Tempelhof airport) last summer.

A Brief Bio

I was born and raised in Andalusia, in the south of Spain. Since I was little I enjoyed computers and I started some very simple programming (using BASIC) in a family owned Amstrad CPC when I was around 9. When I had to choose what to do in college, the answer was easy.

During my university years, I joined the local Linux user group and it was then when my interest on infrastructure and this operating system started. At the beginning of my professional career my duties were not related to Linux, though; I did things like web programming, .NET and Java on my first few jobs. After those, I joined Canonical to help with test automation of their Ubuntu devices and managed several engineering teams throughout the years. I joined Bitnami in June 2017.

I work remotely from Málaga, a city in Spain mainly known as the city where Picasso was born.

Why you joined Bitnami and what excites you about working here?

As I said before, infrastructure in general and Linux in particular are my main interests in computing. I was very interested in Bitnami when I heard what the company was creating, the customers they had and the way they improved how people deployed applications in the cloud.

When I heard the strategy they had for the next wave of deploying applications, with containers and Kubernetes, I was sold. It is super exciting to be working on cutting edge technologies that will become the standard of application deployment alongside such an excellent group of engineers, many of whom contribute regularly upstream to the different projects.

If this was not enough, you quickly understand how Bitnami has a clear and proven business model, making it a sustainable company that is here to stay.

What are you working on?

I manage the Kubernetes squad, where we focus on creating production ready container images that are optimized to run on Kubernetes. Apart from creating the images, we work on several Kubernetes open source projects that help teams deploy their applications to a Kubernetes clusters (Monocular, Helm charts, Kubeless, Ksonnet).

As part of the my team’s duties and to make sure we eat our own dogfood, we run our internal Kubernetes cluster that we use at Bitnami to deploy our different internal and external applications. As part of the effort of running our own cluster, we come up with ideas and tools on how to better deploy applications, that we then open source. Kubecfg, a tool to manage complex Kubernetes environments as code, was first created as part of that effort, to improve the way we managed our cluster.

What do you like to do for fun?

I love going out with friends for tapas-style lunch, while we enjoy Málaga’s great weather. I love listening to live music anywhere, from small theaters or venues, to big outdoors music festivals.

I enjoy nature: snorkeling during summer and hiking during autumn and spring. Málaga surroundings are great for both, with clean waters in the Maro area, and great hiking paths in the mountains nearby like Sierra de Las Nieves.

Interested in working with Ara at Bitnami? Apply for one of our open positions!

Monday, July 24, 2017

MariaDB Now Available in Bitnami

We are pleased to announce the release of MariaDB in Bitnami! MariaDB is a fully community-supported, 100% open source fork of MySQL. It is one of the most widely used SQL databases in the world, and Bitnami has been including it in the stack for a number of applications for years.

Responding to popular demand, we have now published a standalone MariaDB server that you can launch in the cloud, in the datacenter, or on your local machine!

Bitnami has put together a detailed set of documents  to help developers get started integrating the Bitnami MariaDB stack into their own applications. (Once you arrive at the docs page, select the platform you're running MariaDB on and then click "Infrastructure Stacks" to find MariaDB.)

In the docs you can learn: how to connect your FTP client to the MariaDB server to upload your data, how to connect to the database via SSH or with another machine, how to secure your server for production usage, how to back up your database, and much more.

The Bitnami MariaDB stack can be run in the cloud, as a Virtual Machine, or with a native installer for Linux. We've also got a popular MariaDB Docker container and a Helm chart for using MariaDB with Kubernetes. Whether you're looking for a database to use with your new application in development or you need a cluster of MariaDB containers running in production on Kubernetes, Bitnami's got you covered!

Thursday, July 20, 2017

Security Release: GitLab 9.3.8

[Update 2017-07-21]

GitLab 9.3.8 was affected by an infinite loop bug with the mudge/re2 library. The GitLab project released GitLab 9.3.9 that solves that issue.

Bitnami GitLab 9.3.9 virtual machines and cloud images are already available in Bitnami.


The GitLab project released a new update that contains several security fixes, including an important security fix for two authorization bypass vulnerabilities (post-authentication). We recommend that all GitLab installations be upgraded to GitLab's new version (GitLab 9.3.8) immediately.

We released new versions of Bitnami GitLab 9.3.8 virtual machines and cloud images that fix the following security issues.
  • Projects in subgroups authorization bypass with SQL wildcards (CVE-2017-11438)
    • An authenticated user could take advantage of a badly written SQL query to add themselves to any project inside a subgroup. Versions from 9.0 are affected but 9.3 and above are not vulnerable, so this issue does not affect the latest versions we released in
  • Unauthorized repository access by using project mirrors and CI (GitLab EE only) (CVE-2017-11437)
    • This vulnerability affects all versions of GitLab except GitLab 9.3.8 or newer.
More information about the issue can be found in the official blog post. There is not an available workaround for these vulnerabilities at the time.  Therefore, if you are running a GitLab instance with a version prior to 9.3.8, you will need to upgrade GitLab to its latest version by following this documentation (

Do you have questions about Bitnami GitLab or the security issue? Please post to our community forum, and we will be happy to help you.

Wednesday, July 19, 2017

Meet the Bitnami team: Simon Bennett

The Bitnami team is a diverse group of talented people distributed all over the world. Get to know them better through this series of blog posts.

Simon Bennett is our VP of Product, leading our product vision, engaging with customers and helping the engineering team deliver awesome product to our customers.

A brief bio

I originally hail from the UK where I studied computer science and began my professional career working on projects in retail, financial services and a long-extinct category of company called “dotcoms” 

The picture to the left was one of the first projects I worked on while finishing my degree at the University of Southampton. It felt very futuristic at the time.

I moved to the San Francisco Bay Area in 2002, lured by the huge number of software companies and the freedom to snowboard or surf at the weekend depending on the season.

Somewhere along the way I got interested in the “business side” and switched from pure engineering management to product management. I really enjoy working on building durable businesses that produce valuable software products for lots of people.

Why you joined Bitnami and what excites you about working here?

During my time at VMware working on the personal desktop products I loved being able to make hundreds of thousands of developers and professionals more productive. Working for large, well-known company has many benefits, but I missed the dynamic nature of smaller companies where an individual team’s results directly affects the health of the business as a whole.

At Bitnami, I feel like I have the best of both worlds - the ability to reach hundreds of thousands of users to make them more productive, plus, a dynamic and passionate team willing to experiment, execute, and learn what our users and partners need every single day.

The caliber and passion of the people at Bitnami means I’m always learning something new - whether it’s “how to run an excellent meetup” from our operations team, or “the latest trends in immutable software infrastructure” from our globally distributed team of architects and engineers.

What are you working on?

One of my current projects is analysing the results from our annual user survey. I’m trying to understand what our users love about Bitnami today and where we can improve. Our industry is being revolutionized by the move to cloud computing and it’s a privilege to have the insights from over 17,000 survey respondents to guide our strategy and investments.

I’m also spending time getting hands on with our automated packaging system, which has been significantly upgraded in the last few months. We intend to make parts of that system available outside Bitnami to tackle new use-cases. In doing so I’m learning that having a team distributed throughout the world means that Bitnami, in a literal sense, never sleeps.

What do you like to do for fun?

I typically have 3-4 different projects on the go at any given time, often an art, building or electronics project with one of my boys. When time permits, I’m likely to be outside - exploring the city, heading to the mountains or the beach.

Interested in working with Simon at Bitnami? Apply for one of our open positions!

Friday, July 14, 2017

Switching the Bitnami Launchpad for Microsoft Azure from Classic Deployment to ARM Deployments

Two weeks ago, the new Bitnami Launchpad for Microsoft Azure was made available to new Bitnami users.  The new Bitnami Launchpad for Microsoft Azure is based on the Azure Resource Manager (ARM) deployment model. For existing users, they were still redirected to the previous version of the Bitnami Launchpad for Microsoft Azure, which uses the classic Azure deployment model.

Although the web interface and the user experience for these two versions of the Bitnami Launchpad for Microsoft Azure are identical, the backend deployment technology in each launchpad version is thoroughly different and incompatible one with the other.

While Azure still supports classic model deployment, the ARM deployment model is the recommended option. The main benefit of the ARM deployment model is that ARM sees the infrastructure components for running the applications as part of a single entity (resource group) and allows you to deploy, manage and monitor them as a group. You can learn more about these technologies differences here.

On July 17th, all users will have access to the new Bitnami Launchpad for Microsoft Azure (ARM) at However, the Bitnami Launchpad for Microsoft Azure (Classic) will still be accessible at for current users until September 5th to ensure a seamless off-boarding.

On September 5th, the Bitnami Launchpad for Microsoft Azure (Classic) will be shutdown. After this date, users will no longer be able to manage their classic deployments through the Bitnami Launchpad for Microsoft Azure (Classic).  However, all the resources will still be accessible directly through the Azure Portal.

Please note: Below is the process and dates we will be working toward for the shutdown of the Bitnami Launchpad for Microsoft Azure (Classic):

Bitnami Launchpad for Microsoft Azure (ARM) available for all users
Monday, July 17th
Disable adding new subscriptions in the Bitnami Launchpad for Microsoft Azure (Classic)
Tuesday, July 25th
Disable the creation of new servers in the Bitnami Launchpad for Microsoft Azure (Classic)
Thursday, August 3rd
Bitnami Launchpad for Microsoft Azure (Classic) shutdown
Tuesday, September 5th

In order to use the Bitnami Launchpad for Microsoft Azure (ARM), users are required to connect their Azure and Bitnami accounts in the new launchpad. This process is outlined here.


Q1. When do I need to take action by?
Even though the Bitnami Launchpad for Microsoft Azure (Classic) will be available until September 5th, we encourage users to start using the new ARM one as soon as possible. After that date, the VMs launched with the classic deployment model will only be accessible through the Azure Portal.

After July 25th,  adding new Azure subscriptions for managing your servers through the Bitnami Launchpad for Microsoft Azure will only be supported through the ARM based launchpad. After that day, an account in the new Bitnami Launchpad for Microsoft Azure (ARM) will be required for adding new subscriptions.

After August 3rd, launching new servers through the Bitnami Launchpad for Microsoft Azure will only be supported through the ARM based launchpad. After that day, an account in the new Bitnami Launchpad for Microsoft Azure (ARM) will be required for launching new servers.

After September 5th,  An account for the new Bitnami Launchpad for Microsoft Azure (ARM) will be required in order to use the Bitnami Launchpad for Microsoft Azure. 

Q2. How does this affect my running instances launched through the Bitnami Launchpad for Azure?
Your current virtual machines are not affected by this switch-over.  They will continue to run as expected and can be started, stopped and deleted through the Azure Portal.

Q3. Can I still access my instances through the Azure portal without re-authenticating in Bitnami?

Q4. How does this affect my Azure subscription accounts?
No changes are being made to your Azure account. Your subscription will be unaffected. However in order to continue using them with Bitnami, you will need to connect your Azure and Bitnami accounts in the new ARM based launchpad.

Q5. Will I be able to access existing VMs through the Bitnami Launchpad for Azure after re-authenticating?
Existing VMs deployed with the classic deployment model will be shown in the new version of the launchpad until the Bitnami Launchpad for Microsoft Azure (Classic) shutdow on September 5th. After that, the Azure console within the Azure Portal must be used in order to stop or delete your VMS. 

Newly created VMs which use the ARM deployment model will have full functionality through the Bitnami Launchpad for Microsoft Azure after the shutdown.

Q6. Where can I get help?
If you need find any issue with your account or have further questions about the Bitnami Launchpad for Microsoft Azure switch-over, please contact the Bitnami helpdesk.

As always, for any questions related to the deployment or our Bitnami applications, we are glad to help through our community site.

Thursday, July 13, 2017

Security Release: Jenkins plugins vulnerabilities

The Jenkins project has published a security advisory due to some plugins vulnerabilities. These are the affected plugins:
  • Docker Commons Plugin up to and including version 1.7
  • Git Plugin up to and including version 3.3.1 and 2.4.0-beta-1
  • GitHub Branch Source Plugin up to and including version 2.0.7 and 2.2.0-beta-1
  • Parameterized Trigger Plugin up to and including version 2.34
  • Periodic Backup Plugin up to and including version 1.4
  • Pipeline: Build Step Plugin up to and including version 2.5
  • Pipeline: Groovy Plugin up to and including version 2.36
  • Poll SCM Plugin up to and including version 1.3
  • Role-based Authorization Strategy Plugin up to and including version 2.5.0
  • Script Security Plugin up to and including version 1.29
  • Sidebar Link Plugin up to and including version 1.8
  • SSH Plugin up to and including version 2.4
  • Subversion Plugin up to and including version 2.8
Bitnami deployments include some of these plugins by default. It is strongly recommended that you update your Jenkins plugins to the latest version. You can upgrade the plugins of your Bitnami Jenkins following our documentation.

For new application deployments, Bitnami has released Jenkins 2.60.1 LTS installers, virtual machines and cloud images with the latest versions of the plugins that include the security fixes. If you deploy Bitnami Jenkins via one of our cloud partner marketplaces and it is not yet updated to 2.60.1, we strongly sugges that you update your Jenkins plugins to the latest version. If you are using the Bitnami Jenkins Docker container image, please follow the documentation in our GitHub repository to upgrade your deployment to the 2.69 Jenkins version with the latest plugins.

If you have further questions about Bitnami Jenkins or this security issue, please post to our community forums and we will be happy to help you.

Wednesday, July 12, 2017

Meet the Bitnami Team: Michael Nelson

The Bitnami team is a diverse group of talented people distributed all over the world. Get to know them better through this series of blog posts.

Michael is a Senior Engineer on the Tools team, and works remotely from Australia.

Michael working from one of his favorite view points
A brief bio

I love learning from others and helping people learn - whether it's technology, science or otherwise. I came originally from a computer science and physics background and have been engineering software in a different contexts for years, more recently around devops and cloud automation tooling. Like most software engineers, I'm always curious to see if we can find a simple(r) solution to a complex problem.

Why you joined Bitnami and what excites you about working here?

Technologies, people, and working from home.

I've come from a great company but one which had very specific tooling and technologies (and specifically no Kubernetes or cloud platforms outside of OpenStack in my role, at the time), so I was very keen to join one of the companies at the forefront of Kubernetes, with projects like Kubeless - a Kubernetes native serverless framework, as well as tooling in a plethora of cloud platforms.

I also had a number of contacts already at Bitnami who had mentioned how friendly the team at Bitnami is, as well as the approachability of the founders. And in my first two months that has been the case - the people and teams I've interacted with have been incredibly helpful getting me settled in, contributing code and get organised for a trip to the office - despite time-zone difficulties.

Finally, I've been working from home for nearly ten years now and although it does have some drawbacks, personally the benefits outweigh the drawbacks by a large margin. Bitnami is gradually supporting a larger proportion of remote workers and is very focussed on remote-friendly communication - whether that be ensuring meeting recordings are available quickly after the event or encouraging all discussions via email and slack so remote employees don't miss out.

And no, I don't generally work from a look-out as shown in the photo, but do sit and work from cafes or a library with similar views :)

What are you working on?

I'm currently part of a team that is focused on creating a new product to simplify cloud migration and automate some of the software delivery process for enterprise developers. Using the internal tooling that automates the build, release and maintenance of Bitnami’s catalog of containers and virtual-machine images for every major cloud provider, we are designing a solution that will allow software developers to apply automation to their own in-house applications.

This project requires that I review and repackage existing code and tools in collaboration with Bitnami engineers spread across multiple offices and remote locations.

What do you like to do for fun?

It would be hard to live in the Blue Mountains near Sydney and not enjoy getting outdoors, hiking, bike riding and the like. In addition to these things I love playing Ultimate Frisbee once a week with a bunch of other people who work locally (I find I need strategies like this to get out when I enjoy the work I do from home), experimenting with new technology, sharing books with my kids and baking sourdough breads.

Interested in working with Michael and Bridget? Apply for one of our open positions!

Wednesday, July 5, 2017

Meet the Bitnami Team: Bridget McErlean

The Bitnami team is a diverse group of talented people distributed all over the world. Get to know them better through this series of blog posts.

Bridget is an Engineer on the Tools team, and works remotely from Bristol in the UK.

Bridget enjoying a hike in Yosemite  
A brief bio

I grew up Northern Ireland and moved to Bristol in 2007 to study Computer Science. I had been interested in computers and technology from a young age but I actually didn't start programming until I started my degree. Once I got started though, I knew that that was what I wanted to do!

After graduation, I decided to stay in Bristol as I really loved the city. I joined SN Systems (a subsidiary of Sony Computer Entertainment) to work on the toolchain for PlayStation consoles having developed an interest in compiler technology while at university. I learned a lot during my time there but as I attended more and more meetups in the area, I realised that there was still so much for me to learn. I started to hear more about cloud and container technologies and so I made the decision to look for a new opportunity and later joined ClusterHQ and then Bitnami.

Why did you join Bitnami and what excites you about working here?

Over the course of my career, I have become interested not only in how we develop tools but also in the impact of user and developer experience when using them. I found it really exciting to be able to join a company that is working to make it easy for users to get started with the software they want to use. I wanted to contribute to creating that great experience.

Bitnami also seemed like the perfect opportunity for me to use the skills that I had learnt through previous roles and build upon them. There are challenging problems to solve, new technologies to learn, and a fantastic team to work with and learn from, all of which I find really motivating.

I was a bit nervous joining as a remote employee but I really shouldn’t have been. Everyone has worked hard to make me feel welcome and part of the team, and they are always searching for ways to improve and make that experience better. The welcome GIF that my team made for me for my first day is still one of my favourite things!

What are you working on?

During my time at Bitnami, I’ve primarily focused on improving the internal tools that we use for testing the applications that we package. Since Bitnami packages applications for so many different platforms, it’s important to make our testing consistent so that the experience is consistent for our users regardless of which platform they use. My team works closely with the team responsible for testing those packaged applications and keeping them up to date to try and make that testing process as easy as possible. I will soon be joining a new team to contribute to the development of the tools that we use to automate the build and release of our containers and I’m looking forward to the opportunity to work with new people and learn about new technologies.

What do you like to do for fun?

I really enjoy crafts, particularly knitting and crochet, and have also recently been dabbling in calligraphy. I have a tendency though to collect more supplies than I will need! I also like to travel and recently had a trip to the US where I got to hike in some of the beautiful national parks, go on some amazing roller coasters, and see a rocket launch at the Kennedy Space Center!

Interested in working with Bitnami and Bridget? Apply for one of our open positions!