Security release: Magento 2.3.1

The Magento project recently released new versions that fix several security vulnerabilities. The most important one is a critical SQL injection vulnerability, but these new versions also include over 30 security enhancements that help close cross-site scripting, arbitrary code execution, and sensitive data disclosure vulnerabilities as well as other security issues. A few of the notable fixes include:

• PRODSECBUG-2198: SQL Injection vulnerability through an unauthenticated user
• PRODSECBUG-2236: SQL Injection and cross-site scripting vulnerability in Catalog section (XSS)
• PRODSECBUG-2192: Remote code execution though crafted newsletter and email templates
• PRODSECBUG-2287: Remote code execution through email template

We highly recommend upgrading your existing Magento Community Edition 2.x sites. For more information about these security issues and many others fixed in Magento 2.3.1, please refer to this blog post in the Magento Security Center.

Bitnami has released Bitnami Magento 2.3.1 Helm charts, containers, installers, virtual machines, and cloud images in order to address these security vulnerabilities. If you already have Bitnami Magento running on any of these platforms, you can upgrade the application by following our documentation.

Users launching Bitnami Magento via a cloud provider's marketplace are advised to select version 2.3.1, once it is published. Installations based on previous versions will need to be upgraded as described above.

If you have additional questions about Bitnami Magento, post them in our community forum, and we will be happy to help you.

Security Release: Magento 2.2.3

Magento has released a new update that contains multiple security enhancements. These help to resolve, amongst others, the Cross-Site Scripting (XSS) and authenticated Admin user Remote Code Execution (RCE) vulnerabilities. Here is the complete list of security enhancements introduced by this new release:

APPSEC-1951: JavaScript execution in the administrator panel
APPSEC-1952: Remote Code Execution using media upload
APPSEC-1865: Cross-Site Scripting in customer information
APPSEC-1907: Cross-Site Scripting in Customer Address
APPSEC-1935: Cross-Site Scripting leading to Denial-of-Service

We highly recommend upgrading your existing Magento Community Edition 2.x sites. For more information about these security issues and many others fixed in Magento 2.2.3, please refer to this blog post in the Magento Security Center.

Bitnami has released Bitnami Magento 2.2.3 Helm charts, containers, installers, virtual machines, and cloud images in order to address these security vulnerabilities. If you already have Bitnami Magento running on any of these platforms, you can upgrade the application by following our documentation.

Users launching Bitnami Magento via a cloud provider's marketplace are advised to select version 2.2.3, once it is published. Installations based on previous versions will need to be upgraded as described above.

If you have additional questions about Bitnami Magento, post them in our community forum, and we will be happy to help you.

Security Release: Magento 2.1.7

The Magento project has released a new update that fixes several critical vulnerabilities. A few of the notable fixes include:

• APPSEC-1686: Remote Code Execution in the Admin panel
• APPSEC-1626: RCE in video upload
• APPSEC-1746: Zend Mail vulnerability - continued
• APPSEC-1565: Customer password hash exposed in admin
• APPSEC-1752: Stored XSS in admin panel
• APPSEC-1663: Mass actions do not follow ACL
• APPSEC-1661: UI controllers do not follow ACL
• APPSEC-1679: APIs vulnerable to CSRF
• APPSEC-1559: Possible remote code execution in email reminders
• APPSEC-1699: API tokens not invalidated after disabling admin user

We highly recommend upgrading your existing Magento Community Edition 2.0 sites. For more information about the security issues fixed within recently released update, Magento 2.1.7, please check out Magento's Security Center.

We have released Bitnami Magento 2.1.7 containers, installers, virtual machines and cloud images in order to address these security vulnerabilities. If you already have a running version of Bitnami Magento, you can upgrade the application by following the detailed steps through our documentation.

Users launching Bitnami Magento via a cloud marketplace are advised to select version 2.1.7, once it is published. Installations based on previous versions will need to be upgraded as described above.

If you have additional questions about Bitnami Magento, post to our community forum, and we will be happy to help you.

Security Release: Magento 2.0.6

The Magento project has released a new update that fixes several security vulnerabilities. A few of the notable fixes include:

• APPSEC1420: Magento no longer permits an unauthenticated user to remotely execute code on the server through APIs.

• APPSEC1421: The Magento installation code is no longer accessible once the installation process has completed.

• APPSEC1422: Magento no longer allows authenticated customers to change other customers' account information using either SOAP or REST calls.

We highly recommend upgrading your existing Magento Community Edition 2.0 sites. For more information about the security issues fixed with this recently released update, please check out Magento's Security Center.

We have released Bitnami Magento 2.0.6 installers, virtual machines and cloud images that fix the security issues.

If you already have a running version of Bitnami Magento, you can upgrade the application by following the detailed steps on our wiki page:

https://wiki.bitnami.com/Applications/BitNami_Magento#How_to_upgrade_Magento.3f

Do you have additional questions about Bitnami Magento? Post to our community forum, and we will be happy to help you.

Security Release: Magento 1.9.2.4

The Magento project has just released a new community version that includes a patch bundle, SUPEE-7405 v1.1. The patch bundle includes the latest security patches: SUPEE-7978, SUPEE-7822, and SUPEE-7882. 

We highly recommend that you apply those patches or upgrade your application to Magento Community Edition 1.9.2.4. For more information about the security issues fixed with these recently released patches, please check out Magento's helpful user guide.

We have released Bitnami Magento 1.9.2.4 installers, virtual machines and cloud images that fix the security issues.

If you already have a running version of Bitnami Magento, you can upgrade the application by following the detailed steps on our wiki page:

https://wiki.bitnami.com/Applications/BitNami_Magento#How_to_upgrade_Magento.3f

Do you have additional questions about Bitnami Magento? Post to our community forum, and we will be happy to help you.

Magento 1.9.2.2 security release

The Magento project has just released a new version that provides protection against several types of security-related issues, including remote code execution, information leaks and cross-site scripting.

It is strongly suggested that you update your Magento website to the latest version. Important! This patch breaks backward compatibility, and can impact extensions and customizations.

You can find more info about these issue at the Magento release news.

We have released Bitnami Magento 1.9.2.2 installers, virtual machines and Amazon EC2, Google, VMware vCloud Air, DigitalOcean and Azure cloud images that fix these issues. 

Do you already have a Magento installation? You can follow our guide about how to upgrade the application and you won't have to be worried about these vulnerabilities. 


Have questions about Bitnami Magento or the security issue? Post to our community forum, and we would be happy to help you.

Security Release: Magento 1.9.2.1

The Magento project has just released a new community version that includes the latest security patches: SUPEE-5344, SUPEE-5994, SUPEE-6237, SUPEE-6285, SUPEE-6482. It is recommended that you apply those patches or upgrade to the latest version of the application. For more information about the security issues fixed with those patches check out this helpful user guide. 

We have released Bitnami Magento 1.9.2.1 installers, virtual machines and Amazon EC2, Google, Azure and VMware vCloud Air cloud images that fix these issues.

If you already have a running version of Bitnami Magento, you can upgrade the application following the steps detailed on our wiki page.

To learn more about this new version, you can read about them on the Magento release notes. Have questions about Bitnami Magento? Post to our community forum, and we would be happy to help you. 

Security release: Magento 1.9.2

The Magento project has just released a new community version that includes the latest security patches: SUPEE-5344, SUPEE-5994, and SUPEE-6285. It is recommended that you apply those patches or upgrade to the latest version of the application. For more information about the security issues fixed with those patches check out this helpful user guide. 

We have released Bitnami Magento 1.9.2 installers, virtual machines and Amazon EC2, Google and Azure cloud images that fix these issues.

If you already have a running version of Bitnami Magento, you can upgrade the application following the steps detailed on our wiki page.

To learn more about this new version, you can read about them on the Magento blog. Have questions about Bitnami Magento? Post to our community forum, and we would be happy to help you. 

Install Magento 2 in just a few clicks

We are happy to announce that Magento 2 is now on the Bitnami Library!

Magento 2 is an open-source content management system for e-commerce web sites, and a major version built on a new and modern technology stack. This is a Beta version, currently under development, but already features notable improvements with performance, scalability and modularity.

The Bitnami Magento stack provides a one-click install solution for Magento 2, with compiling, configuring and all of its dependencies (third-party libraries, runtime, and database) taken care of so that it works out-of-the-box. The Bitnami Magento stack includes ready-to-run versions of Apache, MySQL, PHP and Magento.

Magento 2 is now ready to install in a few clicks with the Bitnami Magento installers (available for Linux, Windows and Mac OS X), Virtual Machine images (VMs) and cloud images for Amazon EC2 and Microsoft Azure.

Want to learn more about the Bitnami Magento stack? Post your question in our community forum, and a member of the Bitnami team will help you.

Security fix for Magento: 1.9.1.0-2 released

A critical vulnerability remote code execution vulnerability in Magento was recently published. You can view the SUPEE-5344 patch that addresses the flaws here, which was released on February 9, 2015.

We have released Bitnami Magento 1.9.1.0-2 installers, virtual machines and Amazon EC2, Google and Windows Azure cloud images that fix this issue. If you already have a running version of Bitnami Magento, you can apply the fix directly.

1. Download the SUPEE-5344 patch
2. Upload the patch to the server
3. Copy the patch to "/opt/bitnami/apps/magento/htdocs"
4. Execute the patch:

$ chmod 755 PATCH_SUPEE-5344_CE_1.8.0.0_v1-2015-02-10-08-10-38.sh

$ ./PATCH_SUPEE-5344_CE_1.8.0.0_v1-2015-02-10-08-10-38.sh

Checking if patch can be applied/reverted successfully...

Patch was applied/reverted successfully.

Once that is done, refresh the cache in the Admin under "System > Cache Management" so that the changes will be reflected.

If you have any questions, please post to our community forum and our team will help you there. 

First Annual Meet Magento Conference in USA

This first annual Meet Magento Conference will be taking place in New York City from September 22nd to September 23rd 2014. If you are a part of the Magento Community, you won't want to miss out on this event!

• Listen to knowledgeable speakers
• Learn about hot topics: Omni Channel, Responsive, Conversion Rate, Optmization, ... And more!
• Network with Magento professionals
• Attend "Speed Dating" to find a Magento agency or vendor
• Enjoy the Opening Night Party with DJ Red Alert.

Purchase your tickets now and get a 20% discount entering our DISCOUNT CODE: Btnami20MM

BitNami Makes it Easy to Try Infoworld's BOSSIE-Award Winning Apps

At BitNami, we carefully select what we believe to be the best open source applications across a range of categories, so you know that any app that you get from BitNami will be of the highest quality. It seems that Infoworld agrees with our selections - out of 25 applications selected for the 2012 Infoworld Bossie Awards (Best of Open Source Software,) 10 are available on BitNami and an 11th is already in the works!

We would like to congratulate the teams building the following BitNami-packaged applications for earning Bossie Awards:

• WordPress
• Joomla!
• Drupal
• Typo3
• Alfresco
• Gallery
• SugarCRM
• Magento
• Spree
• Liferay

As with all BitNami Stacks, all of the above applications are available free of charge as native installers, virtual appliances (VMs) and AMIs for the Amazon Cloud. In particular, the VMs and AMIs make it incredibly easy to test these best-of-breed applications in minutes without actually installing them in your system. Even if you choose to use the native installers, you will see that they are completely self-contained and install all of their dependencies in their own directory, so they won't interfere with other software installed on your system.

Do you agree with Infoworld's list? If you think there is a great open source business application that isn't available in the BitNami library, let us know in the comments.