Blogs

Bitnami Ingress-nginx fix for critical CVE-2025-1974 or IngressNightmare

By Beltran Rueda Borrego posted 3 days ago
Be the first person to recommend this.
Wiz Research team discovered a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes . Today the Ingress-nginx team released a new version fixing critical security issues. The most critical one is the CVE-2025-1974 : ingress-nginx admission controller RCE escalation. Under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution (RCE) in the context of the ingress-nginx controller. This could lead to the disclosure of Secrets accessible to the controller. The CVE-2025-1974 means that anything on the Pod network has a good chance ...
0 comments

Introducing Minimal Application Runtimes in Tanzu Application Catalog and Bitnami Premium

By Carlos Rodriguez posted Feb 19, 2025
Be the first person to recommend this.
Recently, we announced the general availability of Bitnami Premium , a new commercial upgrade to Bitnami, as well as a new partnership with Arrow Electronics who facilitate a streamlined purchasing process and support experience. Today we are happy to announce an expansion of our commercial offerings with a new set of optimized, performant, minimal, and highly secure application runtimes for the most popular programming languages. This set of new minimal container images is available now and ready to use in the two commercial versions of Bitnami: Bitnami Premium built on Debian 12, and Tanzu Application Catalog (TAC) built on Photon OS. In this ...
0 comments

Announcing General Availability of Bitnami Premium

By Carlos Rodriguez posted Jan 14, 2025
Be the first person to recommend this.
Today the Bitnami team, part of VMware Tanzu, is thrilled to make two announcements. The first is that Bitnami Premium, a new commercial upgrade to the Bitnami Application Catalog containers and Helm charts, is now Generally Available. Second, we are kicking off a new endeavor with Arrow Electronics to facilitate a streamlined Bitnami Premium purchase and support experience. A new commercial version of Bitnami open source containers and Helm charts Enterprises that love Bitnami can now purchase a Bitnami Premium subscription from Arrow Electronics and consume the containers and Helm charts right in Docker Hub. Bitnami Premium users will get access to ...
0 comments

Bitnami Helm charts moving to OCI

By Carlos Rodriguez posted Jan 14, 2025
Be the first person to recommend this.
In January 2022, we announced the general availability of Helm charts in OCI registries, coinciding with the release of Helm version 3.8.0 . In January 2023, Bitnami began populating and distributing the largest and most up-to-date Open-Source catalog of Helm charts in OCI format in Docker Hub . Since then, the adoption of the Bitnami Helm charts in OCI format has proliferated. Because charts stored in container registries follow OCI standards, developers can use many of the same tools for Helm charts that they use with container images. This makes integrating Helm into automated pipelines easier and uses modern infrastructure-as-code and deployment ...
0 comments

regreSSHion: Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)

By Carlos Rodriguez posted Jan 14, 2025
Be the first person to recommend this.
The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) on glibc-based Linux systems. This vulnerability has been assigned CVE-2024-6387 . The vulnerability, caused by a signal handler race condition in OpenSSH’s server ( sshd ), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems, presenting a significant security risk. This race condition affects sshd in its default configuration. The Bitnami catalog is based on Debian, according to the Debian security tracker : Debian 11 (bullseye) is not affected. ...
0 comments

Enhancing the Bitnami Helm Charts Experience: Changelog, tags, and validation images

By Carlos Rodriguez posted Jan 14, 2025
Be the first person to recommend this.
Bitnami has recently rolled out several initiatives aimed at enhancing the user experience with Helm charts. These improvements focus on better traceability and smoother integrations. Read on to discover the latest updates: Improved Changelog and Tagging System One major initiative is the enhancement of change traceability for Bitnami Helm charts. This has been achieved by introducing a CHANGELOG.md file for every Helm chart and implementing git tags for every new version. Automated Changelog Updates With every pull request (PR) merge a new CHANGELOG.md file is automatically updated to list the changes included in that ...
0 comments

Bitnami Helm Charts are Now More Secure Than Ever

By Carlos Rodriguez posted Jan 14, 2025
Be the first person to recommend this.
Bitnami-packaged open-source software is loved by developers for its ease of use, which enables developers to directly pull a Bitnami package and seamlessly start using it with little effort. The fact that Bitnami-packaged open-source software accounts for over 3 billion pulls per year on DockerHub is a testament to its popularity among developers. But, apart from the ease of use, we also aim to make our software inherently more secure and reliable by updating packaging practices per industry standards. That’s why, over the past few weeks, our team has worked on improving the security of Bitnami-packaged Helm charts. As a starting point for these improvements, ...
0 comments

Bitnami-packaged containers and Helm charts in DockerHub are now signed by Notation

By Carlos Rodriguez posted Jan 14, 2025
Be the first person to recommend this.
Bitnami-packaged open-source software container images and Helm charts available in DockerHub are now signed by Notation , a Cloud Native Computing Foundation (CNCF) incubating project. In December 2023, we announced that the Tanzu Application Catalog, the enterprise edition of the Bitnami Application Catalog, started making use of Notation as a tool for signing and verifying the open container initiative (OCI) artifacts (e.g. container images, Helm charts, and metadata bundles) that we deliver. Now, we’re happy to announce the extension of this capability to the community edition of Bitnami-packaged container images in DockerHub as well. ...
0 comments

Bitnami applications unaffected by recently announced CUPS server vulnerabilities

By Carlos Rodriguez posted Jan 14, 2025
Be the first person to recommend this.
Several critical vulnerabilities for UNIX systems targeting the CUPS server were discovered and disclosed today. The researcher who discovered them published a technical report at https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/ The vulnerabilities are listed below: CVE-2024-47176 | cups-browsed <= 2.0.1 binds on UDP INADDR_ANY:631 trusting any packet from any source to trigger a Get-Printer-Attributes IPP request to an attacker controlled URL. CVE-2024-47076 | libcupsfilters <= 2.1b1 cfGetPrinterAttributes5 does not validate or sanitize the IPP attributes returned from an IPP server, providing ...
0 comments

Spring Boot 3.3.0-M2’s Support for Bitnami Container Images: Developer’s Guide

By Carlos Rodriguez posted Jan 14, 2025
Be the first person to recommend this.
As you may already know, starting from version 3.1, Spring Boot has provided Docker Compose support for our projects. What does that mean for us as developers? Simply put, it means that we can easily bootstrap our application infrastructure from an existing docker-compose.yaml or compose.yaml in our source folder root, and Spring Boot will automatically wire this infrastructure with our application at runtime. Hmmm...does that still sound a bit abstract? Let’s clarify. It means that if we have a docker-compose.yaml in our source folder, which defines a PostgreSQL database, Spring Boot will run the docker-compose.yaml when starting the app ...
0 comments

Debian 12 is now the base operating system of Bitnami packages

By Carlos Rodriguez posted Jan 14, 2025
Be the first person to recommend this.
We are happy to share that we have updated the base operating system (OS) of the community edition of all Bitnami-packaged containers and Helm charts to Debian 12 (bookworm) from Debian 11 (bullseye). This update in our containers and Helm charts helps us keep system packages more updated and reduces the number of unfixed/unpatched vulnerabilities reported by vulnerability scanners. Although we regularly update our images with the latest system packages, certain CVEs may persist until they are patched in the OS. So, changing to a newer distro will allow us to speed up the updates on our catalog. You can learn more about our CVE policy here . Users looking ...
0 comments

Bitnami Vulnerability Database integrated with Trivy

By Carlos Rodriguez posted Jan 14, 2025
Be the first person to recommend this.
A journey towards comprehensive vulnerability assessment Bitnami images and the CVE Security Feed for Bitnami Components Bitnami-packaged container images are well-known and trusted for being secure, hardened, and ready to use. They are built with best practices, put through extensive automated tests and verifications to run in their target platforms with the expected behavior and performance, and delivered as ready-to-use packages. Furthermore, they are kept up to date with the latest official upstream application versions and this has enabled Bitnami to offer updates including security fixes even before CVEs were announced or detected by the scanners on ...
0 comments

Distributing Helm Charts is Now Easier Than Ever with This New Helm Plugin

By Carlos Rodriguez posted Jan 14, 2025
Be the first person to recommend this.
TL;DR Bitnami’s Helm charts (which are available in the Tanzu Application Catalog as well) can now be moved across OCI repositories with two simple commands - no configuration or extra steps are needed; air gap-friendly. Keep reading to learn more. Introducing the Distribution Tooling for the Helm OSS project The distribution tooling for Helm , a.k.a. dt , is a new open source Helm Plugin that distributes a set of utilities for making offline work with Helm charts easier. It is meant to be used for creating reproducible and relocatable packages for Helm charts that can be easily moved across registries without hassles. This ...
0 comments

Bitnami packaged applications are now available in the new Microsoft Azure Marketplace Kubernetes apps format

By Carlos Rodriguez posted Jan 14, 2025
Be the first person to recommend this.
Last year Microsoft announced the release of Kubernetes apps in Microsoft Cloud Marketplace , to provide users with a seamless deployment experience by enabling easy one-click deployments to Microsoft Azure Kubernetes Services (AKS) clusters. Bitnami has been publishing Kubernetes solutions as Helm Charts in Azure Marketplace for years now. Today, we are happy to announce that we are adopting the new Azure Marketplace Kubernetes apps format to provide a click-through deployment experience into Azure Kubernetes Service from Azure Marketplace. Enhanced user experience with Azure Marketplace and Kubernetes Applications Azure Marketplace ...
0 comments

Bitnami ARM containers available at Docker Hub

By Carlos Rodriguez posted Jan 14, 2025
Be the first person to recommend this.
VMware’s Bitnami team has achieved another big step in moving further its commitment to the development ecosystem: 🎉🎉 Bitnami containers have support for ARM and they are available at Docker Hub ! 🎉🎉 Our Catalog has more than 200 million monthly pulls of our containers just from Docker Hub (and growing), so we had to make this effort thinking about our users. On the other hand, the team did its best to support the current catalog but in some cases, for example, MongoDB, wasn’t able because there are no ARM binaries available for Debian 11. More than a year and a half ago (mid-2021), Bitnami users started requesting ...
0 comments