Thursday, December 13, 2018

WordPress 5.0.1 Security Release

The WordPress security group just released 5.0.1 version. This is a security release for all versions since WordPress 3.7. It is strongly recommended to update your sites immediately.

The WordPress security team tried to mitigate all vulnerabilities without any back-compat breaks, but unfortunately there were a few cases where that was not possible. Plugin authors are encouraged to read the 5.0.1 developer notes for information on backwards-compatibility.

We have released Bitnami WordPress 5.0.1 (and Multisite version) installers, virtual machines and cloud images for all platforms as well as the WordPress containers and Helm Charts to deploy this version in Kubernetes.

WordPress already supports the auto-upgrade functionality. For minor versions like the current one, an already existing WordPress 5.0 has been automatically updated. If that was not the case, you can follow our docs for upgrading your WordPress installation.

Have questions about Bitnami WordPress or the security issue? Post to our community forum, and we would be happy to help you.

Friday, December 7, 2018

WordPress 5.0 is Now Available on Bitnami

WordPress, the most popular open source CMS, has just announced the biggest release of the year with WordPress 5.0. And now, it is available in the Bitnami catalog.

You can deploy Bitnami WordPress 5.0 in just a few clicks:

So, what's new in WordPress 5.0?

WordPress offers now a new content creator/editor called Gutenberg. This new core block builder will change how WordPress works, and replace the existing classic editor. Gutenberg will make the content writing and editing process more modern and faster. Create blocks, drag and drop elements, and adding media files is now easier than ever.

New Gutenberg WordPress Editor

WordPress 5.0 also includes the new minimal Twenty Nineteen theme, with full front and back-end Gutenberg support.

This release also includes other features like security updates, front-end editor improvements, mobile optimization and much more.

Twenty Nineteen WordPress theme

Get started with the new version of WordPress today! If you have any questions about how to update your Bitnami WordPress, check out our step-by-step guide or reach out to us on the community support forum. We'd be happy to help you! 

Wednesday, December 5, 2018

Security Alert: Jenkins Code Execution through Crafted URLs

The Jenkins project released a new version that fixes multiple security vulnerabilities. The most important one is the “Code execution through crafted URLs”. This vulnerability allows invoking methods that were never intended to be invoked in this way.

We recommend that you update your Jenkins installations to the latest version. Please follow our documentation to learn how to upgrade your application. If you are using the Bitnami Jenkins Docker container image, please follow the documentation in our GitHub repository.

You can find more information about this Jenkins security issue in the Jenkins Security Advisory.

Bitnami has released Jenkins version v2.150.1, in containers, Helm Charts, Multi-Tier solutions, installers, virtual machines, and cloud images to fix these vulnerabilities.

The Bitnami Jenkins stack offered in and in our cloud-specific launchpads has been updated to that new version. New launches of Bitnami Jenkins via our launchpads are secure and do not need to be updated further.

Users who launch Bitnami Jenkins via cloud marketplaces are advised to select the version v2.150.1 of Bitnami Jenkins, once it is published. Installations based on previous versions must be upgraded using the process described above.

If you have further questions or concerns about Bitnami Jenkins or about this security issue, please post to our community forum and we will be happy to help you.