Elasticsearch Installation Security Incident

As of today, attackers have been reportedly scanning for and vandalizing unsecured Elasticsearch installations over the Internet. (See: http://www.pcworld.com/article/3157417/security/after-mongodb-ransomware-groups-hit-exposed-elasticsearch-clusters.html) Bitnami's security team has reviewed our image library. As a result, we have confirmed that Bitnami virtual machines and single-VM cloud images are not vulnerable to this attack because they do not expose Elasticsearch publicly by default;... Read more

January 14, 2017

CodeIgniter Security Issue CVE-2016-10131

[ UPDATE 2017-01-17 ] The Bitnami Team is happy to announce that the Bitnami Cloud Hosting images have been properly updated and they use the latest version of CodeIgniter. ---- The CodeIgniter project released a new update that contains an important security fix for a cross-site scripting vulnerability. We strongly recommend that all CodeIgniter developers using Bitnami LAMP installations or CodeIgniter Development container should upgrade to the latest version immediately. We released... Read more

January 13, 2017

PWNScriptum Security Issue

[ UPDATE 2017-01-16 ] The Magento team has published a new blog post about this security issue. They recommend to turn off the "Set Return-Path" setting (switch to "No") at "Stores-> Configuration-> Advanced-> System-> Mail Sending Settings-> Set Return-Path" We also want to inform you that the standard Bitnami Magento deployments are not affected as that field is set to "No" by default. https://magento.com/security/news/new-zend-framework-1-security-vulnerability ---- ... Read more

January 10, 2017

Bitnami Applications for Oracle Bare Metal Cloud Services

At Oracle World in 2015, Bitnami and Oracle jointly announced the availability of the Bitnami catalog of more than 150 applications for Oracle Cloud Platform. Fast forward a little more than a year later, and Bitnami is proud to be collaborating with the Oracle Bare Metal Cloud Services (BMCS) team to extend selected Bitnami offerings to BMCS, as well. We've worked with the Oracle BMCS team to select the first 21 applications, including Java-related infrastructure such as JBoss, Liferay, N... Read more

January 10, 2017

'MongoDB with Replication' Security Issue

[UPDATE 2017-01-11] The steps to restrict access to port 27017 on Google Cloud Platform have been updated [UPDATE 2017-01-10] The Bitnami Team has been working on creating new guides to securing the database and recovering the data using MongoDB Oplog. Please find below the "How to enable authentication for securing your installation" and "Restoring your database" sections below. ---- In the past few days, it has been reported that attackers have been scanning for and vandalizing... Read more

January 10, 2017

Joomla! 3.6.5 Security Release (CVE-2016-9838)

The Joomla! project has just released a new version that fixes three security vulnerabilities. This is a security release for the 3.x series and it only contains the security fixes, no other changes have been made. It is strongly suggested that you update your Joomla! website to the latest version. You can find more info about these issue at the Joomla! release news page. We have released Bitnami Joomla! 3.6.5 Docker image, cloud images, installers and virtual machines that fix these iss... Read more

December 20, 2016

WordPress 4.7 “Vaughan” ‒ Now Available from Bitnami

Version 4.7 of WordPress, named “Vaughan” in honor of legendary jazz vocalist Sarah “Sassy” Vaughan, is now available from Bitnami. If you are already using a Bitnami WordPress image, you can simply upgrade your version from your WordPress admin panel. Not familiar with Bitnami WordPress? In short, it is the easiest way to install your own WordPress instance. We've packaged WordPress as a self-contained and incredibly fast distribution that is simple to deploy. To get started with Bitnami ... Read more

December 10, 2016

Security Release: GitLab 8.14.3 (CVE-2016-9469)

The GitLab project released a new update that contains an important security fix for a critical denial-of-service and data corruption vulnerability, and we strongly recommend that all affected GitLab installations be upgraded to the latest version immediately. We released new versions of Bitnami Gitlab 8.14.3 installers, virtual machines and cloud images that fix this security issue. Further details regarding the security issue are explained below: Denial-of-Service and Data Corruption V... Read more

December 6, 2016

See more articles