Thursday, March 14, 2019

Rails security issue (CVE 2019-5418, 2019-5419, and 2019-5420)

New versions of Rails have been released recently to address several security issues:

It is highly recommended that you upgrade Rails to the new patched versions:,,,, and 6.0.0.beta3

Bitnami is publishing updates which will be available in all formats soon.

For more details about these security issues, please check the information provided in the official Ruby On Rails blog. If you have further questions about Ruby or this security issue, please post to our community forums and we will be happy to help you.

Thursday, March 7, 2019

JasperReports 7.1.1 security release

TIBCO JasperReports has recently been updated to fix five security vulnerabilities in the application.

Community Edition versions 7.1.0 and below are affected by four vulnerabilities that allow unauthenticated read access to the contents of the host system and a race-condition vulnerability that may allow any user with domain save privileges to gain superuser privileges. More information about these security issues can be found in the official advisories:

TIBCO has released an updated version of the application which addresses these issues. For new application deployments, including the Bitnami Launchpad, we have released JasperReports 7.1.1 containers, installers, virtual machines and cloud images that include the security fixes to address these vulnerabilities. Users launching Bitnami JasperReports via a cloud marketplace are advised to select version 7.1.1, once it is published.

In case you already have a JasperReports server, use the official documentation to upgrade the application and address these issues.

If you have further questions about this security issue or about Bitnami JasperReports, please post in our community forum. Our support team will be happy to help you there!

Bitnami's 5th Edition Bootcamp a Big Success

Over a five day period that wrapped up last Friday, Bitnami delivered a fast-paced course about managing cloud-native applications using Docker and Kubernetes. This event has served as a recruiting tool since 2014. Now it is the time for evaluating attendees’ projects and for identifying potential members of the Bitnami team! Read on to find out the highlights of the latest Bitnami Bootcamp. 

Why Kubernetes was the main topic of this Bootcamp? 

Since 2015, Bitnami has published and maintained a catalog of more than 130 containerized applications and has promoted Kubernetes as the preferred way to manage container workloads in production.

In addition, Bitnami has created or contributed to key projects in the Kubernetes landscape:

  • Helm: The most popular package manager for Kubernetes. Bitnami is one of its contributors and maintains its own [application repository]( 
  • Kubeapps: A web-based user interface used to deploy, monitor, upgrade or delete charts on Kubernetes.
  • Bitnami Kubernetes Production Runtime (BKPR): A collection of production-level infrastructure services for Kubernetes clusters. 
  • Kubeless: A Kubernetes native serverless framework. 
  • Kubecfg: A tool for managing complex enterprise Kubernetes environments as code. 
  • Sealed Secrets: A tool for safely storing and managing Kubernetes secrets in a public repository. 

Consistent with this view, last year we decided to move all our projects from dedicated servers to a centralized one that runs several Kubernetes clusters. We embraced the technology we promote to deliver our services and improve our internal operations. 

Bitnami Bootcamp is always oriented to the technology that Bitnami is using internally at the time, so it was no surprise that Kubernetes was the centerpiece of this edition.

Bitnami Bootcamps: sharing knowledge and recruiting talent

At Bitnami, we continuously share our knowledge by contributing to numerous  Kubernetes projects and by attending and speaking at prominent events such as KubeCon and Docker Summit. You can visit our Newsroom to see all the events that Bitnami has participated in.

As part of this collaborative philosophy, our bootcamps are designed as a way to share Bitnami’s know-how with the next generation of software developers. Since the first bootcamp in 2014, these courses have covered several areas related to system administration that range from cloud deployment on the main cloud providers platforms to server application deployment.

We are very happy with the success of this edition: we received more than 50 applications,  interviewed almost all candidates, and 16 were selected to participate. Their profile was a mixture of recent graduates and engineers with more than five years of experience working in software companies.

During this five day training, Bitnami engineers, Javier Salmerón, Juan Ariza, and Juan José Martos taught participants the most advanced practices for writing Dockerfiles, deploying containers, and managing a Kubernetes production cluster.

For their part, the bootcampers had to deliver four assessments and one final project. Once evaluated, we will be able to select the most skilled engineers to hire.  We are currently in the evaluation process, so stay tuned: the Bitnami team is about to grow!

5th Edition Bitnami Bootcamp attendees

Bootcamps are a good way to find new candidates, but not the only way that Bitnami recruits talent. If you are interested in joining a diverse and globally distributed team, check out our open positions and apply!