Security Release: JasperReports 6.4.0

TIBCO has published two security advisories reporting multiple server cross-site vulnerabilities (CVE-2017-5528) and library Information disclosure vulnerability (CVE-2017-5529) in multiple versions of JasperReports.

It is strongly recommended to update your JasperReports Server to the latest version, JasperReports 6.4.0. You can read our documentation to learn how to upgrade JasperReports Server to keep it secure. If you are using the Bitnami JasperReports Docker container image, please follow the documentation in our GitHub repository.

If you have further questions about Bitnami JasperReports or this security issue, please post to our community forum, and we will be happy to help you.

Meet the Bitnami team: Alejandro Ruiz

The Bitnami team is a diverse group of talented people distributed all over the world. Get to know them better through this series of blog posts.

Alejandro is one of our Engineers on the Tools team, and works in our Seville office.

                                                                                                        

Alejandro enjoying a hike in Yosemite during his trip to the US

A brief bio

I am from a small town in the south of Andalusia, Villamartín, but I’ve been living in Seville for the last 7 years. It was such a big change for me given all the things I can do here but it’s still a great place to live in.

I am passionate about technology in general, but have a love for computers and smartphones in particular. I got my first computer when I was 6 years old and since then I haven’t stopped learning about them. I like to ask myself why things works as they do, and apply logic to solve problems. I also like to customize the tools I use in my daily work, and I dedicate quite a lot of time to it.


Why did you join Bitnami and what excites you about working here?

My first experience with Bitnami was during Bitnami’s first bootcamp that took place almost 3 years ago. At the time, I was finishing my Telecommunication Engineering masters degree. This bootcamp was a challenging 1-month course that included daily classes that covered a wide variety of topics. We learned everything from the Linux command line basics to how to securely deploy and configure applications using the multiple stacks supported by Bitnami installers, in addition to how to operate cloud instances or use containers.

This course gave me the opportunity to learn a lot of new things, which is something that I truly appreciate. After the bootcamp, I was offered a job as an engineer and I’ve been here ever since.

This company has made me feel like I was a member of the team since day one, which creates a great and trusting work environment that I enjoy being a part of everyday.

What are you working on?

I am currently working on the CI/CD pipelines for our new assets. This is very exciting because I get to build tools that will make the life of our internal teams much easier. My work touches very different parts of our internal infrastructure, so I get to learn intimately how everything works together. In addition to my primary job, I work closely with other teams and actively participate in the design and planning sessions for our future products. It is important to have a global view of where the company is going so you can contribute effectively.

What do you like to do for fun?

I love to play football, but I rarely have time for it. In my spare time, I like to play computer games, watch TV series, and travel.

I’ve recently visited Germany and The Netherlands and both of them were awesome. Looking forward to my next adventure this summer!

Interested in working with Bitnami and Alejandro? Apply for one of our open positions!

Bitnami CEO to Deliver Keynote @ Oracle Code Mexico

Join Bitnami CEO Daniel Lopez Ridruejo via live stream for his Oracle Code Keynote 

Followed by a 1-hour LIVE Q&A session on Reddit

Keynote Details:

• What: Oracle Code 2017: Mexico
• When: June 29, 2017 - 9:05 – 9:55 am CDT
• Where – Live Stream at https://developer.oracle.com/
• Topic:

Containers and the Future of Application Development

There are significant advantages in automating the deployment of software on servers. This talk will cover the evolution of implementation technologies from the early days of the web to the latest container-based platforms. There are no silver bullets: understanding the strengths and limitations of each solution is the key to running and managing your infrastructure for constant change, whether in the cloud or anywhere else.

Reddit AMA (Ask Me Anything) Details:

• What: Developer Legends Reddit AMA Series Brought to You By Oracle
• When: June 29, 2017 – 1pm CDT
• Where: https://www.reddit.com/r/IAmA/
• Suggested topics to cover with Daniel:
• Technology: cloud platforms, cloud migration, containers, Kubernetes, cloud-native applications, application packaging, multi-tier applications, serverless computing, open source technologies

Meet the Bitnami Team: Tom McCafferty

Tom enjoying one of his favorite hobbies 

Meet one of the newest members of our team, Tom McCafferty, and learn why he choose to join the Bitnami Team as our VP of Marketing. 

Why I joined Bitnami…

I’ve spent the bulk of my career in product marketing which means I’ve spent a lot of time telling stories to customers, prospects, writers, industry analysts and partners (anyone who would listen) about companies, products and technology trends. And most of the time, if done well, the narrative creates a grand perception of whomever/whatever the story is about. I’ve told stories of small startups disrupting industry giants, I’ve told stories of changing infrastructure dynamics, I’ve written extensively on the future of communications and the impact of virtualization, automation and cloud computing. The dirty secret of marketing is that more often than not, the stories are just that….stories. Ok, they are generally rooted in some truth or some future truth (roadmaps) but are rarely representative of the actual state of the product or company.

In the case of a startup, creating a meaningful story can be especially difficult. Most of the time the foundational elements are not fully covered:

1. Do they have proven product(s)?

2. Is there a market for their products? Have they identified it?

3. Do they have customers? Are they meaningful customers?

4. Are they making money? Is it a sustainable business model?

5. Are they innovating? Is there a future opportunity?

When a friend first introduced me to Bitnami, I was absolutely blown away by the story they have to tell. Not only are they the clear leader in application packaging, they’ve applied that expertise to delivering cloud-ready and cloud-native application catalogs for every leading cloud provider (check out the list) in the world driving over 1 million new deployments per month. And they’ve built a profitable and rapidly growing business doing that. They’ve also had the foresight to leverage their internal know-how in building and publishing applications to productize application packaging tools for enterprise developers and system integrators to help businesses on their cloud migration journey. If that weren’t enough, they’re also driving innovations in the container ecosystem with open source kubernetes projects centered on packaging and discovering applications as well. Those are just the things that I can share today, there is so much more to come.

As I complete my second week as VP of Marketing at Bitnami I’m collecting data on products and buyers (there are many), evaluating the landscape of competitors (there are few) and defining ways to hone the story here to continue the momentum and accelerate the success that this team has had to date. I’m used to being in a position where there are gaps in the answers to those 5 questions above, not great answers to all of them. I’m hesitant to say that this makes my job an easy one, but I can confidently say that I am extremely excited about the opportunity to help Bitnami tell their story to the world.

Interested in working with Bitnami and Tom? Apply for one of our open positions!

Meet the Bitnami Team: Beltran Rueda

The Bitnami team is a diverse group of talented people distributed all over the world. Get to know them better through this series of blog posts.

Beltran is the Engineering Manager for our internal and external Tools team, and works in our Seville office.

A brief bio

I am from a small town near Sevilla, Estepa, which you can see in the picture that includes my dog as well.

I started using computers by accident. When I was 14 I won the football lotto. The money from the lotto wasn’t a lot, but it was enough to buy my first computer. At the time, I was really just going to use the computer for video games. Little did I know this was going to be the start of my career.

I started with Linux when I was in the University. The first program I implemented was in C and I spent days and nights tinkering with it just to make it work properly. I would think about the problems that I needed to solve during the day, and suddenly stop what I was doing just to create a solution. There would even be times that I would stop eating lunch, so I could run to my computer and try out an idea.

Throughout the whole project, I enjoyed working on every aspect of it and I was amazed with all opportunities that coding provided. However, it was really hard to do since I didn’t have Internet when I went back home.

Since I didn’t have Internet all the time, I started learning more about Linux by reading books and running code examples from Linux magazines. One of the first examples was to implement and deploy a Python-based radio server.

Why did you join Bitnami and what excites you about working here?

Daniel Lopez, Bitnami’s founder and CEO, came to my University to talk about Open Source, the Apache Software Foundation and the projects he was working on. I really wanted to work on similar projects, so I took the opportunity to apply for their open position. Since I applied while I was in school, I started working at Bitnami even before finishing my Telecommunication engineering degree.

Bitnami gave me a great opportunity to learn new technologies and to grow professionally. I started simplifying the installation process for some of the first companies in the commercial Open Source ecosystem like MySQL, GroundWork, Zenoss, SugarCRM and more.

After 6 years, I decided to improve my management skills and I started a Master in Business Administration (MBA) in a Spanish Business School. At the same time, Bitnami was starting to grow the company, so I was excited to bring my new skill set to the team by adding more internal structure, teaching new developers and spreading the word about Bitnami at technical conferences.

What are you working on?

I manage the tools team, which focuses on improving our internal tools to ensure that all of our assets are easy to build, tested, and kept up-to-date. They include everything from installers for all operating systems, cloud images for all of our cloud partners, and all of our container/Helm charts. This is quite exciting because of the scale of the tasks (we regularly need to update thousands of apps across all platforms) but also because we get to touch every single technology out there, from system packaging to cloud APIs to Docker. Along with maintaining our internal tools, we also work to continuously simplify the deployment process for each of these target platforms by building out our automation pipeline.

What do you like to do for fun?

I love nature. I usually go to the mountains with my wife, dogs and sometimes with my nephews. I am not a sportsman, but I enjoy hiking or biking. Thanks to the good weather in the south of Spain, I love going out with friends to have some our traditional “tapas” over the weekend.

I usually attend technical meetups in and around Seville, so if you see me in one of them stop by and say hello!

Interested in working with Bitnami and Beltran? Apply for one of our open positions!

Now Available in Bitnami: SonarQube!

We are pleased to announce the release of SonarQube, the open source continuous code quality review suite used by enterprise development teams across the globe!

SonarQube is able to deeply analyze code on multiple dimensions for over twenty of the most popular languages such as Java, C, and PHP.

Combining static and dynamic analysis tools, SonarQube continuously monitors code along seven axes such as coding standards, potential bugs, code duplication, and complexity. It has built-in dashboards that enable managers and developers to efficiently find problem areas in their code.

SonarQube is available to launch now in Bitnami. To get started taking your code to the next level in just a few clicks, you can deploy SonarQube in the cloud, as a virtual machine, or with a native installer. 

You can also launch a one-hour demo in the cloud, absolutely free, by clicking the link below (requires a Bitnami account).



If you have any questions about using SonarQube, check out the Bitnami Documentation or post a message in our Community Forums. 

Meet the Bitnami Team: James Westby

The Bitnami team is a diverse group of talented people distributed all over the world. Get to know them better through this series of blog posts.

James Westby is a Senior Engineer working remotely from Bristol, UK.

James and his wife enjoying a vacation in Iceland

A brief bio

I am always keen to learn new things and I’ve been lucky that my career so far has allowed me to work in different areas of software. Most of my time was spent at Canonical where I started working on Ubuntu itself, dealing more different languages and build systems than I can remember, and on the Bazaar version control system where I was able to learn Python in more depth. Over the next few years I spent time working with Linaro, and then on web service development and deployment, with a couple of spells as a team lead. After Canonical I spent a short time at an ill-fated Docker startup.




Why you joined Bitnami and what excites you about working here?

I joined Bitnami as I am excited by the opportunities that Bitnami has. The technology, partnerships and leadership are almost unrivalled, and that presents a great opportunity for my work to have greater impact. The range of work that Bitnami does also provides a great learning opportunity to me. Since joining I’ve already learned Ruby, nodejs, Go and Kubernetes, and that’s just the beginning. Lastly the capacity for change within the company is huge, it’s always improving in many different ways. This was particularly important to me as when I joined there were few remote employees, but the company has put the time and effort into improving the experience for us. There’s still of course many places we can improve, but every new person that joins brings fresh ideas, and the company is willing to adapt to incorporate them.

What are you working on?

Currently I am working on improving the automation of how we build our containers and cloud images. We need to be able to add more applications to our catalog and produce more types of images for each with sub-linear growth in the manual work that is involved. We are always working on this in some manner, but currently we have a team working on a big change in this area. For me it involves working on many different areas, involving scripts and build systems, web services, docker containers, automated testing and documentation and training.

What do you like to do for fun?

I’m currently spending a lot of time running and cycling as I’m trying to improve my fitness and my 5k and 10k personal bests. Otherwise I really enjoy food, beer, gaming and travel. My wife and I recently travelled to Iceland, which had amazing sights, as well as some great food and beer.

Interested in working with Bitnami and James? Apply for one of our open positions!

PostgreSQL supports for Bitnami Docker Redmine

We are thrilled to announce that the Bitnami Docker Redmine container has been recently released with support for PostgreSQL databases. 

Selecting between MariaDB or PostgreSQL is now possible via the following environment variables:

- REDMINE_DB_MYSQL
- REDMINE_DB_POSTGRES

You can use the following docker-compose.yml file to deploy our Bitnami Redmine container using a PostgreSQL database:

version: '2'
services:
  postgresql:
    image: 'bitnami/postgresql:latest'
    volumes:
      - 'postgresql_data:/bitnami/postgresql'
  redmine:
    image: 'bitnami/redmine:latest'
    ports:
      - '80:3000'
    environment:
      - REDMINE_DB_POSTGRES=postgresql
    volumes:
      - 'redmine_data:/bitnami/redmine'
    depends_on:
      - postgresql
volumes:
  postgresql_data:
    driver: local
  redmine_data:
    driver: local

Test it by running the following commands:

$ git clone https://github.com/bitnami/bitnami-docker-redmine
$ cd bitnami-docker-redmine
$ docker-compose -f docker-compose-postgresql.yml up

If you'd like to find the Redmine Docker Compose files for both MariaDB and PostgreSQL databases, please check the Bitnami Docker Redmine repository.

In addition, the stable Redmine Helm chart has also been updated to support this new feature. You can read more on how to deploy your Redmine application on top of a Kubernetes cluster using Helm in the Kubernetes Charts repository.

If you have any other questions in regards to Bitnami containers, Kubernetes, or Helm Charts, feel free to check out or documention at docs.bitnami.com or ask one of our engineers at community.bitnami.com!

Security Release: Magento 2.1.7

The Magento project has released a new update that fixes several critical vulnerabilities. A few of the notable fixes include:

• APPSEC-1686: Remote Code Execution in the Admin panel
• APPSEC-1626: RCE in video upload
• APPSEC-1746: Zend Mail vulnerability - continued
• APPSEC-1565: Customer password hash exposed in admin
• APPSEC-1752: Stored XSS in admin panel
• APPSEC-1663: Mass actions do not follow ACL
• APPSEC-1661: UI controllers do not follow ACL
• APPSEC-1679: APIs vulnerable to CSRF
• APPSEC-1559: Possible remote code execution in email reminders
• APPSEC-1699: API tokens not invalidated after disabling admin user

We highly recommend upgrading your existing Magento Community Edition 2.0 sites. For more information about the security issues fixed within recently released update, Magento 2.1.7, please check out Magento's Security Center.

We have released Bitnami Magento 2.1.7 containers, installers, virtual machines and cloud images in order to address these security vulnerabilities. If you already have a running version of Bitnami Magento, you can upgrade the application by following the detailed steps through our documentation.

Users launching Bitnami Magento via a cloud marketplace are advised to select version 2.1.7, once it is published. Installations based on previous versions will need to be upgraded as described above.

If you have additional questions about Bitnami Magento, post to our community forum, and we will be happy to help you.

Meet the Bitnami Team: Angus Lees

The Bitnami team is a diverse group of talented people distributed all over the world. Get to know them better through this series of blog posts.

Angus Lees is one of our Senior Engineers who works remotely from Australia.

A brief bio

I have been lucky enough to spend my entire career working with Linux and Free Software (since 1995), and in a lot of ways Bitnami is a return to my early interests.

From early university days running the Linux user group “installfests”, I have been a proud member of the Debian project since about 2000. From university, I worked for a string of small Australian companies as a sysadmin / programmer / everything-else-guy. One of the more interesting projects involved driving over sand dunes in the hottest Australian desert to install our Linux-based routers on poles with solar panels and a two-way satellite dish.

In 2005, I moved to Ireland to work for Google on one of the original SRE teams. We looked after the main search engine and common networking infrastructure. I and 2 others built ipv6.google.com and as part of the following rollout, my home was the first place to ever receive a AAAA response from www.google.com. I eventually moved back to the new Google Sydney office to work on a new storage system and finally as a team lead and manager for some of the parts of the new Google cloud overlay network.

By this point, it was becoming obvious that a number of the engineering candidates I was interviewing were mentioning projects and tools that I had never heard of. My eldest daughter was about to start university and talked about leaving home soon, and so I took the rather unusual step of leaving Google to work from home on OpenStack with Rackspace. I accidentally got involved in Kubernetes quite early (v0.15) by writing the Kubernetes OpenStack cloud provider plugin and some related pieces and really enjoyed the experience. The opportunity to work on Kubernetes full time for Bitnami came up and I jumped at it.

Why did you join Bitnami and what excites you about working here?

I have always had a fascination with compilers, toolchains, and the low-level details of how applications interact with kernel and hardware. Bitnami has been working in this space for many years, and so it seemed an obvious fit.

For me, Bitnami is almost the perfect combination of: working from home, on free software, on something new and exciting, without big corporate bureaucracy, and with an excellent bunch of colleagues.

What are you working on?

I am currently working on “ksonnet” - a set of related tools to make it easier to manage more complex services on Kubernetes. This grew out of personal experience setting up and managing multiple internal Kubernetes clusters within Bitnami, and a decade of something similar within Google. I feel Kubernetes is rapidly moving from “demo” to “production” for many people, so I am happy to be able to share tools and a workflow that can really take advantage of the Kubernetes design.

What do you like to do for fun?

I like food. I have a small vegetable garden and a few chickens. With no daily commute, I like to spend that little bit of extra time in the evenings cooking and enjoying a nice meal with my family.

I have never been a sporting person, but I have also recently started playing soccer/football.

Interested in working with Bitnami and Angus? Apply for one of our open positions!