Monday, February 29, 2016

Stacksmith Update: Slack Integration, More Stacks

A new version of Stacksmith is now live, with several new features designed to improve its usefulness in container-oriented application delivery environments. If you're new to Stacksmith, check it out, or learn more about our recently released features:

Slack Integration

Stacksmith now has the capability of sending notifications to Slack when your stack or any component of it (runtime, framework, or OS) has an update available.

Whether you are committed to fully automated Slack Ops practices, or just use it for communication, this is a great way to let your team know that an update is available and actionable.

New Application Development Runtimes and Frameworks

We've recently added several new development runtimes and frameworks to make it easier to build a full container-based application using Stacksmith.

The most recent additions include CodeIgniter, Jetty, Apache, NGINX, MariaDB, Redis, memcahed, MongoDB, Wildfly, and PostgresSQL.

In addition to being available through the web UI, they're also available via through the API to allow for integration with your CI/CD and deployment platforms.

As of today, the complete list of Stacksmith-supported runtimes and frameworks is the following:

Java, Node, PHP, Ruby, GO, Tomcat, Express, Symfony, Rails, Debian, Ubuntu, Python, Django, CodeIgniter, Jetty, Apache, Nginx, MariaDB, Redis, Memcached, MongoDB, WildFly, PostgreSQL

Have a runtime or framework you'd like to add? Let us know!

Introducing the Bitnami Launchpad for 1&1 Cloud Platform

As the cloud grows, Bitnami wants to ensure that no one gets left behind.  To that end, we are happy to introduce the Bitnami Launchpad for 1&1 Cloud Platform. The 1&1 Cloud Platform provides access to Bitnami’s 130+ fully configured applications and development stacks. 

According to 1&1, the 1&1 Cloud Platform guarantees high performance for application deployments. Additional benefits, such as monitoring and 24/7 expert support come at no additional cost, meaning that users are only paying for servers that are in operation.

The Bitnami Launchpad is free for 1&1 Cloud Platform users.  1&1 users are only charged for the 1&1 infrastructure resources that are utilized.  There is no additional cost for the Bitnami solutions built on top of the 1&1 Cloud Platform.  In addition, new users get their first month of usage free! 

Want to get started? Here’s how: 
  • Sign up for a 1&1 Cloud Platform account
  • Create a free Bitnami account or sign in to your existing Bitnami account
  • Select an application image directly from the Bitnami Launchpad for 1&1 Cloud Platform
  • Configure and create your application in one click!

Watch the following video for a short tutorial on how to get up and running:

Friday, February 26, 2016

Cloud Native Apps SF, Meetup #1: Optimizing Cloud Native Deployments

Last night we were happy to host the first meeting of the new Cloud Native Apps SF group at the Bitnami San Francisco office.

The theme of the night was "Optimizing Cloud Native Deployments", focusing on ways to improve and optimize applications running in Kubernetes and container environments.

If you'd like to see the content, you can find links to the presentations below.  We'll also post a video as soon as we finish post-production work. Update: video link now live.

Talk #1: "Monitoring In Motion: Challenges of Monitoring Kubernetes and Containers"

Ilan Rabinovitch, Datadog

Talk #2: "Multi-tenant Kubernetes Networking with CNI plugins"

Chris Marino, Romana Project

Talk #3: "Deis -- Building a PaaS on Kubernetes"

Jason Hansen, Deis

Talk #4: "Maintaining Container Apps with Google Container Engine"

Kit Merker, Google

Thanks to all the speakers for making it a great night.

If you're interested in attending future events, please check out the Cloud Native Apps SF meetup page.

Security Release: Drupal 6, 7 and 8

The Drupal project released a new update that fixes several security vulnerabilities. We strongly recommend upgrading your existing Drupal 8, 7, and 6 sites.

A few of the notable fixes include:
  • File upload access bypass and denial of service (Drupal 7 and 8). Specifically, a vulnerability in the File module that allows a malicious user to view, delete, or substitute a link to a file that the victim has uploaded to a form, while the form has not yet been submitted and processed.
    • Brute force amplification attacks via XML-RPC (Drupal 6 and 7): the XML-RPC system allows a large number of calls to the same method to be made at once, which can be used as an enabling factor in brute force attacks.
    • Open redirect via path manipulation (Drupal 6, 7, and 8): the current path can be populated with an external URL.  

    Information regarding the additional changes is available in the official security advisory. In response to the new version we have released:

    Our new releases fix the security issues. There are no new features or non-security related bug fixes in these releases.

    Do you have questions about Bitnami Drupal or these security issues? Post to our community forum and we will be happy to help you.


    Thursday, February 25, 2016

    Security Release: Magento

    The Magento project has just released a new community version that includes a patch bundle, SUPEE-7405 v1.1. The patch bundle includes the latest security patches: SUPEE-7978, SUPEE-7822, and SUPEE-7882. 

    We highly recommend that you apply those patches or upgrade your application to Magento Community Edition For more information about the security issues fixed with these recently released patches, please check out Magento's helpful user guide.

    We have released Bitnami Magento installers, virtual machines and cloud images that fix the security issues.

    If you already have a running version of Bitnami Magento, you can upgrade the application by following the detailed steps on our wiki page:

    Do you have additional questions about Bitnami Magento? Post to our community forum, and we will be happy to help you.

    Wednesday, February 17, 2016

    Security Notification: glibc getaddrinfo() stack-based buffer overflow (CVE-2015-7547)

    It was discovered that the GNU C Library incorrectly handled receiving responses while performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. You can find more information about the issue in this post:

    All versions of glibc after 2.9 are vulnerable. Version 2.9 was introduced in May 2008.

    We believe it is of the utmost importance to quickly address any security issues in applications distributed by Bitnami. Our team is working to update all of the affected Virtual Machines and Cloud Images available through Bitnami for all Cloud Providers.

    Please take a moment to check if your image is vulnerable by following the instructions in our wiki:

    You can update your version of kernel by running one of the following commands that is specific to your distribution:

    • Ubuntu
    sudo apt-get update && sudo apt-get install unattended-upgrades && sudo unattended-upgrade  
    You will have the fixed version of the glibc library: 2.19-0ubuntu6.7

    • Debian 
    sudo apt-get update && sudo apt-get install unattended-upgrades && sudo unattended-upgrade 
    You will have the fixed version of the glibc library: 2.13-38+deb7u10

    • Oracle Linux 
    sudo yum update glibc 
    You will have the fixed version of the glibc library: 2.12-1.166.el6_7.7

    • Amazon Linux 
    sudo yum update glibc 
    You will have the fixed version of the glibc library: glibc-2.17-106.166.amzn1.x86_64

    • RedHat Linux
    sudo yum update glibc 
    You will have the fixed version of the glibc library: 2.12-1.166.el6_7.7

    If you have any questions about this process, please post to our community support forum and we will be happy to help!

    Tuesday, February 16, 2016

    PostgreSQL Security Release

    The PostgreSQL Group has released an update to all supported versions of their database system that fixes two security issues as well as other improvements.

    For this reason, we have updated our stacks to PostgreSQL 9.4.6, which specifically solves the following issues:

    • CVE-2016-0773, an issue with regular expression (regex) parsing.
    • CVE-2016-0766, a privilege escalation issue for users of PL/Java.
    If you want to read more about the issues, you can check out the PostgreSQL release news.

    We released Bitnami Postgre installers for Linux, Windows and OS X, virtual machines and cloud images that fix these issues.

    Have questions about Bitnami PostgreSQL or the security issue? Post to our community forum, and we would be happy to help you.

    Thursday, February 11, 2016

    Node.js Security Release

    Node.js has just updated all its release lines to address several security issues.

    Versions 0.10.42, 0.12.10, 4.3.0 and 5.6.0 addresses HTTP related vulnerabilities and also update the bundled OpenSSL version.  

    Specifically solves the following issues:
    • CVE-2016-2086 Request Smuggling Vulnerability
    • CVE-2016-2216 Response Splitting Vulnerability
    • CVE-2016-0701 DH small subgroups
    • CVE-2015-3197 SSLv2 doesn't block disabled ciphers
    If you want to read more about these issues, you can check out the Node.js official announcement.

    We have released new versions of Bitnami Node.js installers, virtual machines and Amazon EC2, Google, Oracle, VMware vCloud Air, DigitalOcean and Azure cloud images that fix these issues. We also released Bitnami MEAN stack and continue working on update other Node.js applications.

    Have questions about Bitnami Node.js or the security issue? Post to our community forum, and we would be happy to help you.

    Tuesday, February 9, 2016

    Need a Parse Service Alternative? Try the New Bitnami Parse Self-hosted Server

    If you’re one of the many affected by the recent announcement that Facebook’s Parse service is being discontinued, Bitnami is happy to offer an alternative.

    In collaboration with our cloud partners, Bitnami is providing an open source Parse Server, ready to be deployed, either in the cloud or locally, with a single click.

    Key Features: 
    • Bitnami Parse Server images are one-click to deploy and get you up and running immediately on Amazon AWS, Microsoft Azure, Oracle Cloud Platform, Digital Ocean, and the Google Cloud Platform launchpad. 
    • They’re also available as Linux installers or virtual machine images for local installation. Local images have parity with those hosted on cloud environments.
    • Bitnami images are consistent, kept up to date, and patched for security vulnerabilities that may arise. 
    • Bitnami Parse Server stack is based on MEAN: Node.js 4.1.2, MongoDB 3.0.9, Express 4.2.0, and Parse Server 2.0.6.
    We’ve also created a great guide to Bitnami Parse Server, covering such critical topics as:

    Thursday, February 4, 2016

    Review Board Now Available Pre-installed with Power Pack!

    Review Board and Bitnami go way back. Since it became a part of the library in 2012, thousands of Bitnami users have turned to Review Board to take the pain out of the vitally important task of reviewing code before releasing it.

    We are excited to announce that the Review Board stack just got even better with the release of the new Bitnami Review Board + Power Pack stack! In addition to all the great Review Board features we know and love, especially after their recent major update, the pre-installed Power Pack module adds new functionality in four areas:

    PDF document review: When you're reviewing the code for that great new feature, it can be just as important to review the documentation that goes with it. With Power Pack you can upload and review PDF documents exported from Word, Excel, PowerPoint, and more. Documents can be displayed in the browser without any plug-ins or extra software needed, and comments can be made for documents just like they are in your source code.

    Management Reporting:  If you are wondering whether code review is being carried out efficiently and consistently across multiple developers and teams, Power Pack can help. Track workloads and get big-picture data on how well code reviews are working for your team with intuitive graphs, charts, and reports.

    Github Enterprise & MS Team Foundation Server Integration: For anyone using these popular tools for managing source code within the secure confines of the enterprise data center, Power Pack makes it easy to integrate Review Board functionality. All you have to do is point Review Board to the URL of your Github or Team Foundation Server and connect with a login and password.

    Enterprise Scalability: If your company scales into the thousands of engineers, it may become necessary to increase the number of servers running Review Board to maintain optimal speed and fault tolerance. With Power Pack you can move auxiliary data like SSH keys to the database instead of in the front-end server's file system, enabling you to scale up multiple servers as needed.

    Interested in trying the new supercharged Bitnami Review Board + Power Pack stack? You can find local installers, virtual machines, and cloud images available at the Review Board + Power Pack stack page in Bitnami.

    You can also launch an absolutely free one-hour demo server by clicking the button below!

    WordPress 4.4.2-0 Security Release

    WordPress has just released a new version that resolves two security issues.

    Version 4.4.2 addresses a possible SSRF for certain local URIs and an open redirection attack.

    If you want to read more about these issues, you can check out the WordPress release news for the 4.4.2 version here.

    Apart from the security issues mentioned, WordPress 4.4.2 also fixes several bugs from versions 4.4 and 4.4.1. For further information please check the list of changes.

    WordPress has the auto-upgrade functionality enabled, so your previous version of Bitnami should be automatically updated.

    We have released new versions of Bitnami WordPress installers, virtual machines and Amazon EC2, Google, Oracle, VMware vCloud Air, DigitalOcean and Azure cloud images that fix these issues.

    Have questions about Bitnami WordPress or the security issue? Post to our community forum, and we would be happy to help you.

    Tuesday, February 2, 2016

    Cloud Native Apps - SF Meetup sponsored by Bitnami!

    Our San Francisco office has expanded, so we are now able to host our very own Meetups! Our focus will be on topics related to Cloud native application development: containers, clouds, microservices, CI/CD, orchestration, and other related technologies.