Security Release: Magento 2.0.6

The Magento project has released a new update that fixes several security vulnerabilities. A few of the notable fixes include: APPSEC1420: Magento no longer permits an unauthenticated user to remotely execute code on the server through APIs. APPSEC1421: The Magento installation code is no longer accessible once the installation process has completed. APPSEC1422: Magento no longer allows authenticated customers to change other customers' account information using eith... Read more

May 18, 2016

Security Release: Gitlab 8.7.4

The Gitlab project released a new update that contains security fixes, including one for an XSS vulnerability via faulty URI scheme sanitization, and we strongly recommend that all GitLab installations be upgraded to the new version immediately. We released new versions of Bitnami Gitlab 8.7.4 installers, virtual machines and cloud images that fix the security issues. Additional information regarding XSS vulnerability via faulty URI scheme sanitization: The URI scheme of user-suppli... Read more

May 11, 2016

PHP Security Issue: libgd CVE-2016-3074

A PHP security issue that affects previous versions of PHP was recently announced. A signedness vulnerability (CVE-2016-3074) exists in libgd 2.1.1, which may result in a heap overflow when processing compressed gd2 data. [Update: 2016/05/11] We want to let you know that the Bitnami Team worked on updating all the native installers, virtual machines and the cloud providers images of all the affected applications and all of them are already available. We will continue working on updat... Read more

May 11, 2016

Security Release: WordPress 4.5.2

The WordPress project has just released a new version due to two security vulnerabilities: WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files.  WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. The WordPress team strongly encourages their users to update thei... Read more

May 10, 2016

WordPress Stack with PHP7

WordPress announced a few months ago that it is fully compatible with the latest version of the PHP framework, PHP7. Nowadays most of the popular plugins are already compatible and WordPress has also published a developer guide about how to update WordPress plugins to support PHP7. Here, at Bitnami, we baked a new WordPress stack based on PHP7 to help you run the latest, shiniest and fastest software. WordPress + PHP7 is faster than ever before. But that's not all... Read more

May 10, 2016

Zero to Clustered Application on Kubernetes with Bitnami

Kubernetes, a popular Docker container orchestration platform, promises to make deploying and managing containerized applications simple. This post walks through configuring and deploying a widely used web application, the Redmine issue tracking application, packaged as Docker containers. This tutorial is aimed at developers and operators interested in learning about containerizing applications on Kubernetes and looking for solutions to common concerns including configurability, application ... Read more

May 9, 2016

ImageMagick: Remote execution vulnerability (CVE-2016–3714)

Several security vulnerabilities have been recently discovered for certain ImageMagick coders. Specifically, the vulnerabilities include possible remote code execution and the ability to render files on the local system. A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP’s Imagick, Ruby’s RMagick and Paperclip, and nodejs’s imagemagick. More information about the vulnerability can be found on the ImageMagick website. (Updated 05/05&n... Read more

May 3, 2016

Security notification: OpenSSL 1.0.2h / 1.0.1t

A new security vulnerability was recently discovered in certain versions of OpenSSL. More information about the vulnerability is available on the OpenSSL website: https://www.openssl.org/news/secadv/20160503.txt There are two high security issues that do not affect Bitnami installations: 1. Memory corruption in the ASN.1 encoder (CVE-2016-2108). All of the currently released Bitnami stacks use an OpenSSL version greater than the affected versions: 1.0.2c or 1.0.1o. 2. P... Read more

May 3, 2016

See more articles