Tuesday, January 15, 2019

Supporting Enterprise Architectures with Azure Database Services

Authored by Michael Murphy, Product Marketing Manager

Bitnami supports Microsoft enterprise customers in multi-tier environments in numerous ways, and actively works with the Azure Database Services team to provide enterprise solutions and promote best practices across our portfolio of products and projects. In light of the recent announcement regarding the availability of two new Bitnami packaged solutions pre-configured with Azure Database for MariaDB, I wanted to write this accompanying blog post to provide a bit more detail. Not only about the new offerings, but also about how Bitnami supports Azure Database Services across our product and project portfolio. Here’s how we make it easy for you to add Azure Database Services to your applications and projects.

Open source applications in the Azure Marketplace


As a long time Microsoft partner, Bitnami provides a wide range of pre-packaged, easy to deploy open-source applications and development stacks to the Azure Marketplace. ‘Bitnami Certified’ has become synonymous with ‘trusted, secure, and easy to deploy’. Many of these are multi-tier solutions.
What we just announced extends this support for enterprise architectures. We worked with the Azure Services Database team to further simplify the deployment of two of the most popular and widely deployed applications, WordPress and Drupal. While both of these applications have long been packaged and available from Bitnami in the Azure Marketplace, these new packages offer the applications pre-configured as a multi-tier solution that include Azure Database for MariaDB support.

These packages take the complexity out of configuring what would typically be a sophisticated configuration setup. Deploying one of these applications is now as easy as scrolling through the Azure Marketplace, selecting the offering, and clicking ‘launch’.

Launching one of these application packages lets you leverage the stability and security of Bitnami’s production grade application package while harnessing the power of a fully managed Azure Database, allowing you to scale quickly and reach global distribution without worrying about costly downtime.

Your applications with Stacksmith on Azure and AKS


Stacksmith, from Bitnami, is a product for packaging your own multi-tier applications. Stacksmith lets you enforce best practices during packaging, including your configuration requirements for the use of Azure Database Services, including CosmosDB and Azure Database for MariaDB.

Stacksmith provides reference architectures for Java Tomcat, .NET Core and other Linux applications that include Azure Database Service configuration with an ARM Template out-of-the-box. These architectures are customizable to your requirements, or you can define your own best practices and deployment policies. Stacksmith then codifies them into the packaging process, ensuring that your best practices for using Azure Database Services, including their settings for geo-redundancy, retention policies, tagging and networking configuration are included. Once defined, Stacksmith can apply and maintain these policies and best practices over time across your application portfolio, applying them every time the application is packaged or updated.

Doing so simplifies the process via automation, and enables you to implement and enforce database best practices for your applications. And since Stacksmith includes multi-format support, you can utilize a single packaging process to create artifacts and their database configurations for deployment to Azure and / or AKS / Kubernetes.

Check out the video below for a quick demo: 



Containers / Kubernetes applications on AKS


There are numerous ways Bitnami helps enterprise customers connect database services on AKS. As I mentioned above - Stacksmith can be used to package your applications for multi-tier deployments to your Kubernetes clusters.

You can also use Kubeapps with Open Service Broker for Azure and Stacksmith, in the following way. Kubeapps is an open source project with a web-based graphical user interface that helps you to discover Kubernetes applications and deploy them to your Kubernetes cluster on AKS. Microsoft has partnered with Bitnami to integrate Kubeapps with Open Service Broker for Azure, to allow you to create and present Helm charts that leverage Azure-native PaaS services as part of the architecture. For example, you can deploy your application tier on AKS and an Azure Database Services backend, getting the best of both worlds - a highly scalable application with a highly available database. To maintain your application with this database configuration to ensure it stays up to date and secure over time, you can use Stacksmith. You can read more about Open Service Broker for Azure here.

As you can see, we have been busy supporting our enterprise customers and continue to expand the scope of this support to make it ever easier to set-up and deploy complex environments that leverage first party Azure services.

To learn more, register for the “Create an Application-Centric DevOps Experience with Stacksmith and Azure OSS Database Services” webinar with Andrea Lam, Product Manager of Azure Database for MySQL/MariaDB at Microsoft, on January 29th at 9:00 am.

Systemd journald security vulnerabilities

Three security vulnerabilities have been found in the systemd package, a system and service manager used in most major Linux distributions.

These new vulnerabilities can lead to memory corruption attacks (CVE-2018-16864 and CVE-2018-16865) and an out of bounds error that can leak data (CVE-2018-16866). You can learn more about these vulnerabilities in the official announcement.

We believe it is of the utmost importance to quickly address any security issues in applications distributed by Bitnami. Our team is currently working on packaging the updated solutions, and will make these new versions available through our catalog and our cloud partner marketplaces .

The different Linux distributions published the patched version of the systemd package, so you can update them easily by using your system’s package manager. The patched versions are the following:


  • Ubuntu 16: 229-4ubuntu21.15
  • Debian 9: 232-25+deb9u7
  • Oracle Linux 7: 219-62.0.4.el7_6.2
  • RedHat 7: 219-62.el7_6.2
  • CentOS 7: 219-62.el7_6.2


If you have further questions about this security issue, please post to our community forum and we will be happy to help you.

Wednesday, January 9, 2019

Jenkins security release: Script Security sandbox bypass

The Jenkins security team has published a Jenkins Security Advisory announcing a new vulnerability in some Jenkins plugins. This vulnerability bypasses the Jenkins sandbox protection in the Script Security Plugin and Pipeline Plugins, which allows an attacker to execute arbitrary code on the Jenkins master.



It is strongly recommended that you update your Jenkins’ plugins to their latest versions. You can follow our documentation to learn how to upgrade them. Below is the list of affected plugins and the versions you should upgrade to:


  • Pipeline: Declarative Plugin should be updated to version 1.3.4.1
  • Pipeline: Groovy Plugin should be updated to version 2.61.1
  • Script Security Plugin should be updated to version 1.50

You can find more information about the Jenkins security announcement in the Jenkins Security Advisory.

We believe it is of the utmost importance to quickly address any security issues in applications distributed by Bitnami. Our team has already updated our different solutions with the new versions of each plugin and we are working on updating the different marketplaces as soon as possible.

If you have further questions about Bitnami Jenkins or this security issue, please post to our community forum and we will be happy to help you.