Blogs

Important Update: Transitioning Bitnami Offerings on AWS

By Beltran Rueda Borrego posted yesterday
Be the first person to recommend this.
This blog summarizes some important changes to Bitnami content on Amazon Web Services. Effective June 10, 2026, Bitnami-packaged containers, Helm charts, and Amazon Machine Images (AMIs) will no longer be available through the AWS Marketplace, AWS Lightsail Blueprints, and Elastic Container Registry (ECR). Transition Timeline To ensure our community has time to prepare, we have established the following wind-down schedule: May 19th, 2026: Announcements from both AWS and Broadcom June 1, 2026: A 24-hour brownout will occur for the top 20 ECR container repositories to help users identify dependencies and raise awareness for those ...
0 comments

Critical NGINX RCE vulnerability CVE-2026-42945

By Beltran Rueda Borrego posted 6 days ago
Be the first person to recommend this.
A critical security issue, dubbed NGINX Rift and identified as CVE-2026-42945 , has been disclosed. This vulnerability affects both NGINX Open Source and NGINX Plus. We are publishing this post to provide immediate guidance and confirm the rapid release of patched images for all affected Bitnami customers. Understanding the Critical Flaw: NGINX Rift (CVE-2026-42945) The NGINX Rift vulnerability is a critical heap-based buffer overflow flaw discovered within the ngx_http_rewrite_module . This memory corruption issue has existed for 18 years and affects NGINX Open Source versions 0.6.27 through 1.30.0, as well as NGINX Plus R32 through R36. ...
0 comments

Critical Apache RCE Patched — Bitnami Ships Fixes in Under 24 Hours

By Carlos Rodriguez posted 15 days ago
Be the first person to recommend this.
A remotely exploitable memory corruption flaw in Apache HTTP Server's HTTP/2 stack was disclosed on May 4, 2026. The Bitnami catalog responded the same day, pushing a patched Apache container image within hours and completing downstream updates across five applications the following morning. The Vulnerability On May 4, 2026, the Apache Software Foundation released version 2.4.67 of the Apache HTTP Server, addressing CVE-2026-23918 — a critical double-free memory corruption bug rated HIGH . The flaw lives in Apache's HTTP/2 implementation. When a remote client sends an early reset on an HTTP/2 stream, it can trigger a double-free condition ...
0 comments

Building highly secure PHP applications with Bitnami Secure Images

By Jesus Benito posted Apr 14, 2026
Be the first person to recommend this.
A typical community-like PHP container image ships with ~400 packages, weighs around 500 MB, and carries dozens of known CVEs. Most of the packages (package managers, shells, libraries) have nothing to do with serving your application and are not required for it to run. They are simply dead weight that widens your attack surface In this post, you will learn how to use Bitnami Secure Images (BSI) to build a PHP container that is a fraction of that size and starts with zero known vulnerabilities. By the end, you will have a production-ready, multi-stage Dockerfile you can drop into any Composer-based PHP project. What Are Bitnami Secure Images (BSI)? Bitnami ...
0 comments

Security Update: Bitnami Secure Images and the Trivy CI/CD Incident

By Beltran Rueda Borrego posted Mar 21, 2026
Be the first person to recommend this.
In the world of cloud-native security, software supply chain integrity is paramount. Recently, a security incident involving Trivy , the widely-used vulnerability scanner, highlighted the sophisticated nature of modern supply chain attacks. We are publishing this post to provide transparency regarding the incident and to confirm that Bitnami Secure Images remain unaffected. Understanding the Incident: Pipeline vs. Source According to the official discussion within the Trivy community and the GHSA-69fq-xp46-6x23 , the security breach was not a traditional code injection. The malware payload was injected at the CI/CD build pipeline level ...
0 comments

Secure your Python deployments using Bitnami Secure Images minimal image

By Jota Martos posted Jan 29, 2026
Be the first person to recommend this.
Bitnami minimal images are distroless and optimized containers designed to include only the essential components required to run an application, excluding shells and package managers. Key benefits are: Performance : Smaller sizes lead to faster startup and pull times. Security : A reduced attack surface means fewer vulnerabilities and components for potential exploits. Efficiency : Simpler maintenance due to fewer dependencies requiring patches or updates. Best use cases include production environments where security and performance are critical, workloads that are regulated or highly sensitive to security risks, or applications built with ...
0 comments

Automate Your Helm Chart Assessment: Introducing the BSI Action for Renovate Pull Requests

By Alfredo Garcia posted Jan 21, 2026
Be the first person to recommend this.
By Pablo Galego On a recent blog called Beyond the Pull Request: How to Confidently Assess a Bitnami Helm Chart Update for Your Production Cluster , we discussed that GitOps and automation tools have come a long way to facilitate frequent updates for production services, but, for all the gained simplicity, we will still face outages if the risks are not properly assessed. You may not know that Bitnami Secure Images (BSI) provides the pre-validated software for the update, and also the missing link for an informed engineering assessment. Through access to detailed metadata like SBOMs, VEX documents, and automated test reports, not only ...
0 comments

Seamless Transition: Migrating from Ingress API to Gateway API with NGINX Gateway Fabric

By Javier Salmeron posted Dec 18, 2025
Be the first person to recommend this.
The Kubernetes networking landscape is evolving, and the General Availability of the Gateway API in 2023 marked a significant step forward from the Ingress API. As the preferred mechanism for managing external access to services, the Gateway API offers greater expressiveness, role-based configuration, and better standardization. For those looking to future-proof their Kubernetes deployments, migrating from the Ingress API is a necessary and beneficial journey. The Bitnami Secure Images (BSI) catalog provides several Gateway API implementations, including Apache APISIX , Envoy Gateway , Contour , Kong , and NGINX Gateway Fabric ...
0 comments

Never miss an important update with Notification Providers

By Ivan Lopez posted Dec 15, 2025
1 person recommends this.
Managing a containerized application catalog shouldn't mean constantly checking dashboards for updates. Whether it's new applications, registry health changes, or critical patches, your team needs to know about important events as they happen, not hours or days later. The Bitnami team is excited to introduce Notification Providers , a flexible notification system that brings Bitnami Secure Images updates directly to where your team works. What are Notification Providers? Notification Providers are customizable notification channels that automatically alert you about important events in your Bitnami Secure Images catalog. Configure once, ...
0 comments

FIPS dynamic feature, a new convenient way to configure FIPS modes in your containers and charts

By Alvaro Neira posted Dec 02, 2025
1 person recommends this.
By Álvaro Neira and Gonzalo Gómez What is Dynamic FIPS Feature? Hardened Bitnami Secure Images (BSI) are delivered with comprehensive FIPS preparation, including OpenSSL FIPS and compatible runtime configurations. While this ensures high security, we realized that a hard default could inadvertently restrict users who don't require FIPS compliance. This might impact the experience of using Bitnami Secure Images due to friction with FIPS for products that do not require it. To address this, our Dynamic FIPS Feature was developed, empowering users to easily configure FIPS mode levels directly within their containers and Helm charts, optimizing for ...
0 comments

Helm 4 Has Arrived: Implications for the Bitnami Secure Images Charts Catalog

By Juan Ariza posted Nov 13, 2025
Be the first person to recommend this.
As announced during Atlanta’s KubeCon North America 2025, Helm 4 is finally available ! Helm v4 is a significant project milestone that introduces a series of architectural changes, enhanced features, and new patterns, while maintaining backward compatibility for existing charts . For a comprehensive understanding of all the details, we encourage you to consult the Official Helm 4 Overview . Is Helm 4 compatible with the Bitnami Secure Images (BSI) charts catalog? While Helm v4 has announced a Charts v3 specification in its roadmap, it is not yet available. Charts currently using the v2 specification, like those in the BSI charts ...
0 comments

Beyond the Pull Request: How to Confidently Assess a Bitnami Helm Chart Update for Your Production Cluster

By Alfredo Garcia posted Oct 28, 2025
Be the first person to recommend this.
GitOps has fundamentally changed how we deploy applications. With tools like ArgoCD and Renovate Bot , the deployment pipeline is reduced to a simple action: merging a Pull Request (PR). But what happens when that PR proposes an update to a critical production service, and you don't have a dedicated pre-production environment for testing? The real challenge in modern GitOps isn't automation—it's assessment . Every time an automated bot suggests a new version of a Bitnami Secure Images Helm chart, a DevOps engineer faces the "production update dilemma." Is the potential security gain worth the risk of disruption? This article walks ...
0 comments

NPM debug and chalk packages compromised

By Beltran Rueda Borrego posted Sep 09, 2025
Be the first person to recommend this.
On September the 8th, the main developer of multiple and very popular NPM packages, Josh Junon posted his NPM account has been compromised . The attacker used his account to publish new versions of packages that contain a piece of code that would be executed on the client of a website, which silently intercepts crypto and web3 activity in the browser, manipulates wallet interactions, and rewrites payment destinations so that funds and approvals are redirected to attacker-controlled accounts without any obvious signs to the user. The packages and versions identified with malware at the time of writing this post are the following ones: ansi-styles@6.2.2 ...
0 comments

Size vs Security: Why Bitnami Secure Image Minimal Node.js Image is the Optimal Choice

By David Gomez posted Aug 26, 2025
Be the first person to recommend this.
The base image is a critical factor in determining a containerized application's overall responsiveness, resource efficiency, and security. A Bitnami Secure Image (BSI) Node.js Minimal provides a secure and efficient alternative to standard Node.js images. Let's explore why. What is a BSI Node.js Minimal Image? The BSI Node.js Minimal image ( bitnamisecure/node-min:latest ) is a specialized container that contains only the necessary components to run a Node.js application. This approach removes unnecessary binaries such as npm and yarn, along with other libraries and dependencies, making the image significantly smaller and more secure. ...
0 comments

Using Bitnami Secure Images to build minimal, distroless-based containers for Golang apps

By Juan Ariza posted Aug 19, 2025
Be the first person to recommend this.
Bitnami Secure Images (BSI) provides a secure, transparent, robust and reliable solution for deploying applications in containerized environments. By leveraging Bitnami Secure Images, developers and operations teams can deploy applications with confidence and transparency, knowing they are running on a secure, optimized, and well-maintained foundation and reducing NIST Accreditation time up to 80%. Community-Tier public catalog While production users should subscribe to Bitnami Secure Images for full version support, a limited community-tier subset of container images are publicly available at Docker Hub for development and trial for potential customer ...
0 comments

How to prepare for the Bitnami Changes coming soon

By Beltran Rueda Borrego posted Aug 18, 2025
Be the first person to recommend this.
Update After evaluating the impact and community feedback, the Bitnami team has postponed the deletion of the Bitnami public catalog ( docker.io/bitnami ) until September 29th to give users more time to adapt to the upcoming changes. To raise awareness before the registry deletion, we will run a series of brownouts over the coming weeks. During each brownout, a set of 10 container images from docker.io/bitnami will be temporarily unavailable for 24 hours. The scheduled brownouts are: August 28, 08:00 UTC → August 29, 08:00 UTC September 2, 08:00 UTC → September 3, 08:00 UTC September 17, 08:00 UTC → September 19, 08:00 UTC The list ...
0 comments

Unlocking Efficiency: When Bitnami Secure Image Java Minimal is the Perfect Fit

By Ivan Lopez posted Jul 22, 2025
Be the first person to recommend this.
In the world of containerized applications, selecting the right base image is crucial for performance, security, and resource management. While upstream Java images serve their purposes, there are specific use cases where a Bitnami Secure Image Java Minimal image can offer significant advantages. Let’s explore when opting for a minimal image is the optimal choice. What is a Bitnami Secure Image Java Minimal Image? A Bitnami Secure Image Java Minimal image is a streamlined container image designed to include only the essential components required to run a Java application. This stripped-down approach eliminates unnecessary libraries, tools, and dependencies, ...
0 comments

Enhancing OSS vulnerability response prioritization with Tanzu Application Catalog and VulnCheck

By Martin Perez posted Jun 10, 2025
Be the first person to recommend this.
In a moment where the number of vulnerabilities increases 38% YoY , having the ability to separate what matters from what does not and focus on the important issues is more crucial than ever. A few months ago, we added support for the CISA KEV catalog inside our Tanzu Application Catalog (TAC) product. This is a way to provide information on whether certain vulnerabilities are known to be exploited or not. In this blog post, we’ll go over a recent enhancement on this capability, which is our new integration with the VulnCheck vulnerability intelligence platform. One of the most important events in the CyberSecurity industry within the last ...
0 comments

Critical Security Fix Released for Python – CVE-2025-4517

By Carlos Rodriguez posted Jun 05, 2025
Be the first person to recommend this.
The Python project has released new versions across all supported branches to address a critical security vulnerability ( CVE-2025-4517 , CVSS 9.4/10). This vulnerability impacts core components of the Python runtime and could lead to unexpected behavior or potential exploitation in certain environments. The different versions containing the fix are: 3.13.4 3.12.11 3.11.13 3.10.18 3.9.23 Tanzu Application Catalog promptly built, tested, and published the updated container images across all supported platforms in under an hour after the official release , ensuring users had immediate access to the fixed version. ...
0 comments

Reducing vulnerabilities with Red Hat Minimal images

By Alvaro Neira posted Jun 02, 2025
Be the first person to recommend this.
One of the biggest headaches for any company’s security team is dealing with vulnerabilities. Imagine a huge company running thousands of products across tons of servers, each one potentially packed with vulnerabilities just waiting to be exploited. It’s a serious daily risk, and naturally, businesses want their products to have as few vulnerabilities as possible. At Tanzu Application Catalog, we take security seriously. We’ve put a lot of effort into building processes that help us release products with the lowest possible number of vulnerabilities, while making sure to track down and fix the critical ones. In this article, we’re going to walk you ...
0 comments