Security Release: Parse Server 2.3.1-1

Bitnami has released Parse Server version 2.3.1-1 for containers, installers and virtual machines to implement authentication when connecting to the Parse dashboard. If you deploy a new Bitnami Parse Server via a Bitnami Launchpad, your application will be up-to-date and secure. When deploying via a partner cloud marketplace, please ensure version 2.3.1-1 is selected. If you are still using a Bitnami Parse Server version 2.3.1-0 or earlier you must take steps to secure your installation. Thi... Read more

February 8, 2017

Security Release: Jenkins 2.44/2.32.2

[UPDATE 2017-02-03] For new application deployments, Bitnami has released Jenkins 2.44 containers, and Jenkins 2.32.2 installers, virtual machines and cloud images that address these vulnerabilities. If you deploy Bitnami Jenkins via a Bitnami Launchpad, your application will be up-to-date and secure. If you deploy Bitnami Jenkins via one of our cloud partner marketplaces and it is not yet updated to version 2.32.2, you will need to upgrade your application using the documentation linked b... Read more

February 2, 2017

Security Release: WordPress 4.7.2

WordPress has released a new version that fixes three security vulnerabilities. It is strongly recommended that you update your WordPress application to the latest version, Wordpress 4.7.2. You can follow our documentation to learn how to upgrade your application and ensure its security. For new application deployments, Bitnami has released WordPress 4.7.2 containers, installers and virtual machines that address these vulnerabilities. If you deploy Bitnami WordPress via a Bitnami Launchpa... Read more

January 27, 2017

Elasticsearch Installation Security Incident

As of today, attackers have been reportedly scanning for and vandalizing unsecured Elasticsearch installations over the Internet. (See: http://www.pcworld.com/article/3157417/security/after-mongodb-ransomware-groups-hit-exposed-elasticsearch-clusters.html) Bitnami's security team has reviewed our image library. As a result, we have confirmed that Bitnami virtual machines and single-VM cloud images are not vulnerable to this attack because they do not expose Elasticsearch publicly by default;... Read more

January 14, 2017

CodeIgniter Security Issue CVE-2016-10131

[ UPDATE 2017-01-17 ] The Bitnami Team is happy to announce that the Bitnami Cloud Hosting images have been properly updated and they use the latest version of CodeIgniter. ---- The CodeIgniter project released a new update that contains an important security fix for a cross-site scripting vulnerability. We strongly recommend that all CodeIgniter developers using Bitnami LAMP installations or CodeIgniter Development container should upgrade to the latest version immediately. We released... Read more

January 13, 2017

PWNScriptum Security Issue

[ UPDATE 2017-01-16 ] The Magento team has published a new blog post about this security issue. They recommend to turn off the "Set Return-Path" setting (switch to "No") at "Stores-> Configuration-> Advanced-> System-> Mail Sending Settings-> Set Return-Path" We also want to inform you that the standard Bitnami Magento deployments are not affected as that field is set to "No" by default. https://magento.com/security/news/new-zend-framework-1-security-vulnerability ---- ... Read more

January 10, 2017

Bitnami Applications for Oracle Bare Metal Cloud Services

At Oracle World in 2015, Bitnami and Oracle jointly announced the availability of the Bitnami catalog of more than 150 applications for Oracle Cloud Platform. Fast forward a little more than a year later, and Bitnami is proud to be collaborating with the Oracle Bare Metal Cloud Services (BMCS) team to extend selected Bitnami offerings to BMCS, as well. We've worked with the Oracle BMCS team to select the first 21 applications, including Java-related infrastructure such as JBoss, Liferay, N... Read more

January 10, 2017

'MongoDB with Replication' Security Issue

[UPDATE 2017-01-11] The steps to restrict access to port 27017 on Google Cloud Platform have been updated [UPDATE 2017-01-10] The Bitnami Team has been working on creating new guides to securing the database and recovering the data using MongoDB Oplog. Please find below the "How to enable authentication for securing your installation" and "Restoring your database" sections below. ---- In the past few days, it has been reported that attackers have been scanning for and vandalizing... Read more

January 10, 2017

See more articles