This morning we unveiled new tiers for Stacksmith - our packaging and maintenance solution for your applications.
Stacksmith Public targets software creators working in open source. It can package your software for AWS and Azure with just a few clicks. By using the built-in application templates, or building from one of the many example applications we shipped today, going from code to running feature takes only a few minutes. Stacksmith’s full automation and maintenance features are included in the Stacksmith Public tier, which is free-to-use, other than infrastructure charges from your cloud provider.
Alongside the free, public tier, the team is proud to introduce Stacksmith Team and Stacksmith Enterprise. Stacksmith Team adds the ability to collaborate in private projects and includes dedicated support. Stacksmith Enterprise allows companies to deploy a dedicated server on their cloud of choice.
We are incredibly proud of the updates we released today, and we’re looking forward to adding new capabilities based on your input and experiences. Learn more about Stacksmith.
To kick off Oracle OpenWorld, we wanted to provide the Bitnami community with an update on all of the things we have been doing with Oracle!
Bitnami has provided Oracle with up-to-date and secure images on the Oracle Cloud Marketplace for over two years, which has led to the expansion of the relationship as Oracle continues to provide more and more options for users to test the power of their cloud infrastructure. Now, we are proud to announce that you can enjoy the security and consistency of Bitnami applications within Oracle’s new solutions and training environments mentioned below.
Our solutions allow you to demo our applications quickly, get training with hands-on exercises, and then easily deploying a production ready application to further your testing needs. Pick the option that suits your needs best.
Easily Demo Apps with Oracle Cloud Jump Start Demo Labs:
Test the power of the Oracle Cloud Infrastructure for free with the new Oracle Cloud Jump Start Demos. You’ll be able to try a pre-configured Bitnami Demo Lab within a matter of minutes, which will give you a glimpse into the possibilities that the Oracle Cloud can bring your team.
Educate Yourself with Oracle Jump Start Learning Labs:
These Self Paced Labs will give you the ability to learn about the Oracle Cloud Infrastructure while using one of the familiar Bitnami applications as the basis for your course. In these 1 hour courses, you’ll be able to launch an application, test the OCI features, and explore at your own pace with hands-on exercises. Get started today with Jenkins or Sonarqube.
Evaluate with the Power of Production-Ready Jump Start Launch:
Spin up a Jump Start Launch Image or Launch Stack for the full production experience as you continue your testing. The Jump Start Launch program provides great reliability and a solid foundation for your proof-of-concept. These deployment options will give your team the opportunity to evaluate the combination of the application’s features with the power of the Oracle Cloud Infrastructure without having to build everything from scratch.
The Oracle Cloud Marketplace will now be included within your Oracle Cloud Infrastructure console. In addition to this, Oracle has also added the ability to launch applications directly on your environment via a Partner Image Catalog.
Before the Partner Image Catalog, it could take days or weeks to spin up an application on your servers, but now it will only take you a few moments. The click-to-deploy option now gives you the freedom to get started with your Bitnami projects quickly and efficiently.
Login into your OCI console now, and check it out!
Production Ready Multi-Tier Applications
Bitnami Multi-Tier templates are now available in the Oracle Cloud Infrastructure. These Terraform architecture templates allow you to easily move your deployments from development to production while providing high availability and performance in medium/large size production environments.
Follow our guide as we walk you through the process of using the Terraform Provider plugin and the Terraform CLI to deploy the Bitnami MySQL with replication on an Oracle Cloud Infrastructure server. The guide will teach you how to configure the Terraform CLI, the OCI plugin and how to configure it with your OCI account for the best performance of your new Multi-Tier application.
See how easy it is to deploy Jenkins using a Terraform template below:
Check out the step-by-step tutorials for your use case below:
Kubeapps is a web-based UI for deploying and managing applications in Kubernetes clusters, which can now be used on OKE clusters to get access to hundreds of Helm apps.
The Bitnami Kubernetes team has been working hard to ensure that the Kubeapps experience on top of OKE clusters provides the same ease of use that you’ll find when running it on any other cluster.
It is recommended that you upgrade your Drupal application to Drupal 7.60 and Drupal 8.6.2. We highly recommend creating a backup before proceeding. You can follow our Drupal, CiviCRM or Open Atrium documentation to learn how to upgrade your application and address this security issue.
For new application deployments, including those through the Bitnami Launchpad, we released Drupal 7.60 and 8.6.2, CiviCRM and Open Atrium containers, installers, virtual machines and cloud images that include the necessary fix to address these vulnerabilities.
If you have further questions about Bitnami Drupal or this security issue, please post to our community forum, where we will be happy to help.
A new security vulnerability has been disclosed. All Git versions prior to 2.14.5, 2.15.3, 2.16.5, 2.17.2, 2.18.1 and 2.19.1 are affected.
The CVE-2018-17456 vulnerability allows an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with the flag --recurse-submodules:
When running "git clone --recurse-submodules", Git parses the supplied .gitmodules file for a URL field and blindly passes it as an argument to a "git clone" subprocess. If the URL field is set to a string that begins with a dash, this "git clone" subprocess interprets the URL as an option. This can lead to executing an arbitrary script shipped in the superproject as the user who ran "git clone".
Our team is working on updating all the affected solutions available in the Bitnami catalog. That way, all new installations and cloud launches will use a fixed Git version. If you have a running application that uses Git, you will need to migrate the content of your deployment to a secured one.
If you have installed Git using the system packages, please update the component when the new package is available for your operating system.
If you have any questions about the security issue or you need support to migrate your data, please post to our community support forum and we will be happy to help!
This blog post was updated with the steps to update Debian 8
----
A new vulnerability was discovered in the Linux Kernel. The recent Spectre attacks exploit speculative execution to allow the exfiltration of sensitive data across protection boundaries.
This is a new Spectre-class attack, also known as SpectreRSB (CVE-2018-15572), that exploits the return stack buffer (RSB), a common structure in modern CPUs used to predict return addresses. More information about this security vulnerability can be found in the official paper at https://www.usenix.org/conference/woot18/presentation/koruyeh.
Once a new, patched kernel is available from the operating system vendor, you can update it by following these instructions (depending on your distribution/operating system):
