Security notification: httpoxy A CGI application vulnerability (CVE-2016-5385, CVE-2016-5387, CVE-2016-1000110)

On July 18th, a vulnerability named ‘HTTPoxy’ was announced, affecting some server-side web applications that run in CGI or CGI-like environments, such as some FastCGI configurations. A number of CVEs have been assigned, covering specific languages and CGI implementations: CVE-2016-5385: PHP CVE-2016-5386: Go CVE-2016-5387: Apache HTTP Server CVE-2016-5388: Apache Tomcat CVE-2016-1000109: HHVM CVE-2016-1000110: Python More information about the vulnerability can be found on the ht... Read more

July 20, 2016

Develop Collaboratively with Eclipse Che, Now on Bitnami!

Eclipse Che is an open source cloud IDE and developer workspace server featuring containerized workspaces that accelerate agile software development. Containerized workspaces let developers bootstrap projects without having to install software, and collaborate on projects from anywhere. With Eclipse Che in Bitnami, you can now launch the application in your own cloud account on the most popular platforms like AWS, Google Cloud Platform, and Oracle, in just a few clicks. Shareable workspace ... Read more

June 27, 2016

Security Release: Node.js 4.4.6

The Node.js project has just released a new version that fixes a vulnerability under certain conditions: V8 may improperly expand memory allocations in the Zone::New function. This is related to the CVE-2016-1669. Read more about the security issue on the Node.js blog. We want to let Bitnami users know that Node.js 4.4.6 installers, virtual machines and cloud images have been updated and released. We strongly suggest that you update your Node.js applicati... Read more

June 25, 2016

Security Release: PHP 5.5.37

A PHP security issue that affects previous versions of PHP was recently announced. A signedness vulnerability (CVE-2015-8874) is present that allows remote attackers to cause a denial of service via a crafter imagefilltoborder call.  We want to let Bitnami users know that all MAMP, LAMP, WAMP Stacks installers, virtual machines and cloud images have been updated and released. We strongly suggest that you update your PHP stacks to the latest version. If you work ... Read more

June 25, 2016

Introducing Bitnami Development Containers

Folks who have known me for a while, know that I love to make things easy for developers. From my days as a usability engineer on the Visual Studio team, to my pet projects, to my tutorials and samples, making programming easy and fun has been a theme of my work since 1998. Now at Bitnami, I am happy to be working with a team who is as excited about this as I am. We have started a project that takes advantage of Docker to make developing with whatever framework you choose easy and fun. We ca... Read more

June 19, 2016

Security Release: Drupal 7 and 8

The Drupal project released a new update that fixes several security vulnerabilities. We strongly recommend upgrading your existing Drupal 7 and 8 sites. Information regarding the additional changes is available in the official security advisory. In response to the new Drupal version, we have released the following: Bitnami Drupal 7 and 8 installers, virtual machines, and cloud images. Two notable issues include: A vulnerability exists in the User module, where if some specific... Read more

June 16, 2016

Automated Container Delivery Using Stacksmith with GitHub

When developing with Docker containers, updates to an application’s stack or environment are rolled out by stopping outdated containers and replacing them with an updated container image. Docker is a popular toolchain for developing applications in containers that makes it incredibly easy to conduct these container image updates. However, the process of deploying updated container images is still a repetitive series of manual steps that can be mechanized. Bitnami built Stacksmith to automate... Read more

June 16, 2016

Security Release: Magento 2.0.6

The Magento project has released a new update that fixes several security vulnerabilities. A few of the notable fixes include: APPSEC1420: Magento no longer permits an unauthenticated user to remotely execute code on the server through APIs. APPSEC1421: The Magento installation code is no longer accessible once the installation process has completed. APPSEC1422: Magento no longer allows authenticated customers to change other customers' account information using eith... Read more

May 18, 2016

See more articles