Thursday, January 17, 2019

Drupal 8.6.7 and 7.63 critical security releases

Drupal has released new versions that fix critical security vulnerabilities. We strongly recommend that you upgrade your existing Drupal 7 and 8 sites.

This security release includes two vulnerabilities separated into two different advisories:

  • SA-CORE-2019-001: An update of the third-party PEAR Archive_Tar library that recently released a security update. 
  • SA-CORE-2019-002: A remote code execution vulnerability when performing file operations on an untrusted phar:// URI.

You can learn more about these vulnerabilities in the Drupal official announcements. It is suggested that you upgrade your Drupal application to Drupal 7.63 or later, and Drupal 8.6.7 or later. You can follow our documentation to learn how to upgrade your application to strengthen its security. We highly recommend creating a backup before performing the upgrade.

For new application deployments, including those made from the Bitnami Launchpad, we released Drupal 7.63 and 8.6.7 versions for containers, installers, virtual machines, cloud images, and Multi-Tier solutions. We also updated the Drupal based solutions (CiviCRM and OpenAtrium). These include all the necessary fixes to address the vulnerabilities listed above. If you deploy Bitnami any of those applications and it is not yet updated to the latest version, you will need to upgrade by following our documentation.

If you have further questions about this security issue, please post to our community forum, where we will be happy to help.

Wednesday, January 16, 2019

Automattic, the Expert Behind WordPress, Partners with Bitnami to Bring the Official WordPress Image to AWS Marketplace

Authored by Kevin Franklin, Director of Business Development

WordPress powers 33% of the internet. With over 45,000 themes and plugins, it is the world’s most popular content management system.

Every month, WordPress certified and published by Bitnami on AWS is launched tens of thousands of times. When a user launches an application certified by Bitnami, they are confidently launching the most up-to-date and secure version of the application. Bitnami’s expertise in packaging reliable, secure solutions means they will have the best possible WordPress user experience available on any cloud marketplace.

We are delighted to announce that Automattic, the expert in WordPress and creator of, has partnered with Bitnami to provide the official WordPress image to the AWS Marketplace. The Official WordPress image, “WordPress Certified by Bitnami and Automattic,” is now available on AWS Marketplace.

This new marketplace listing includes the Jetpack plugin giving users access to additional professional themes, performance improvements, scanning, site activity and marketing tools. The listing also includes the new Gutenberg editor.

WordPress Certified by Bitnami and Automattic is the first step in supporting WordPress in the AWS Marketplace. Soon, you’ll see tutorials, webinars and other materials to help you get even more out of your WordPress implementation.

Stay tuned for more updates about this partnership by following us on twitter or LinkedIn!

Official WordPress listing on AWS Marketplace

Tuesday, January 15, 2019

Supporting Enterprise Architectures with Azure Database Services

Authored by Michael Murphy, Product Marketing Manager

Bitnami supports Microsoft enterprise customers in multi-tier environments in numerous ways, and actively works with the Azure Database Services team to provide enterprise solutions and promote best practices across our portfolio of products and projects. In light of the recent announcement regarding the availability of two new Bitnami packaged solutions pre-configured with Azure Database for MariaDB, I wanted to write this accompanying blog post to provide a bit more detail. Not only about the new offerings, but also about how Bitnami supports Azure Database Services across our product and project portfolio. Here’s how we make it easy for you to add Azure Database Services to your applications and projects.

Open source applications in the Azure Marketplace

As a long time Microsoft partner, Bitnami provides a wide range of pre-packaged, easy to deploy open-source applications and development stacks to the Azure Marketplace. ‘Bitnami Certified’ has become synonymous with ‘trusted, secure, and easy to deploy’. Many of these are multi-tier solutions.
What we just announced extends this support for enterprise architectures. We worked with the Azure Database Services team to further simplify the deployment of two of the most popular and widely deployed applications, WordPress and Drupal. While both of these applications have long been packaged and available from Bitnami in the Azure Marketplace, these new packages offer the applications pre-configured as a multi-tier solution that include Azure Database for MariaDB support.

These packages take the complexity out of configuring what would typically be a sophisticated configuration setup. Deploying one of these applications is now as easy as scrolling through the Azure Marketplace, selecting the offering, and clicking ‘launch’.

Launching one of these application packages lets you leverage the stability and security of Bitnami’s production grade application package while harnessing the power of a fully managed Azure Database, allowing you to scale quickly and reach global distribution without worrying about costly downtime.

Your applications with Stacksmith on Azure and AKS

Stacksmith, from Bitnami, is a product for packaging your own multi-tier applications. Stacksmith lets you enforce best practices during packaging, including your configuration requirements for the use of Azure Database Services, including CosmosDB and Azure Database for MariaDB.

Stacksmith provides reference architectures for Java Tomcat, .NET Core and other Linux applications that include Azure Database Service configuration with an ARM Template out-of-the-box. These architectures are customizable to your requirements, or you can define your own best practices and deployment policies. Stacksmith then codifies them into the packaging process, ensuring that your best practices for using Azure Database Services, including their settings for geo-redundancy, retention policies, tagging and networking configuration are included. Once defined, Stacksmith can apply and maintain these policies and best practices over time across your application portfolio, applying them every time the application is packaged or updated.

Doing so simplifies the process via automation, and enables you to implement and enforce database best practices for your applications. And since Stacksmith includes multi-format support, you can utilize a single packaging process to create artifacts and their database configurations for deployment to Azure and / or AKS / Kubernetes.

Check out the video below for a quick demo: 

Containers / Kubernetes applications on AKS

There are numerous ways Bitnami helps enterprise customers connect database services on AKS. As I mentioned above - Stacksmith can be used to package your applications for multi-tier deployments to your Kubernetes clusters.

You can also use Kubeapps with Open Service Broker for Azure and Stacksmith, in the following way. Kubeapps is an open source project with a web-based graphical user interface that helps you to discover Kubernetes applications and deploy them to your Kubernetes cluster on AKS. Microsoft has partnered with Bitnami to integrate Kubeapps with Open Service Broker for Azure, to allow you to create and present Helm charts that leverage Azure-native PaaS services as part of the architecture. For example, you can deploy your application tier on AKS and an Azure Database Services backend, getting the best of both worlds - a highly scalable application with a highly available database. To maintain your application with this database configuration to ensure it stays up to date and secure over time, you can use Stacksmith. You can read more about Open Service Broker for Azure here.

As you can see, we have been busy supporting our enterprise customers and continue to expand the scope of this support to make it ever easier to set-up and deploy complex environments that leverage first party Azure services.

To learn more, register for the “Create an Application-Centric DevOps Experience with Stacksmith and Azure OSS Database Services” webinar with Andrea Lam, Product Manager of Azure Database for MySQL/MariaDB at Microsoft, on January 29th at 9:00 am PST.