How are Security Updates carried out in Bitnami images?

Hi

I am using the latest Bitnami Moodle Stack, and it's very easy to install but I am wondering now how applications such as MySQl and PHP are updated for security/minor issues?

Is anything configured to run such updates automtically?

NOTE: This is about upgrades for the BitNami components, for system upgrades check this

/3965

There is no a way to update automatically the bundled components of our Stacks. However, it is quite easy to upgrade them manually. The process to upgrade a Stack or Virtual Appliance is described here

Just to clarify. Currently we don't provide updates for the base components. However we frequently update our stacks with the latest versions. For getting those updates you can install a new stack and them migrate your data as described in the link above.

I just fired up my first Bitnami stack. I read the documentation above and have been wondering about patches and updates. Just to be clear, am I hearing that Bitnami provides no real means for doing this, other than reloading the stack and restoring the data?

This is an older post - but I'd like an answer before I build any production server.

The response is the same. As you mention if you want update the base components you will need to create a new server and migrate your data. There is another option though if you are using BitNami Cloud Hosting. In the server options you can select RedHat or Amazon Linux for which you will use the native components and you can apply the system security fixes. However you will be able to use these servers (with native packages) if you are using PHP applications only.

With the current Heartbleed OpenSSL vulnerability, it would be really nice to be able to update the Bitnami packages on my LAMP stack. Or to tell the stack to use the built-in OpenSSL package that I am able to update.

At present, there isn’t even an updated Bitnami LAMP stack that I can upgrade to, that’s patched. They all seem to be running 1.0.1f. Not that I really want to upgrade my entire machine just to remove this vulnerability…

I spoke too soon:
https://wiki.bitnami.com/security/2014-04_Heartbleed_Bug

1 Like

We send an email to all Bitnami users about this issue. We released a patch installer to fix that vulnerability so please download and apply the fix as soon as possible. Please post if you find any issue or you have any questions or suggestions at Heartbleed and Bitnami

Do you send emails for all issues listed in https://wiki.bitnami.com/security
or do we need to check this routinely, or is there some other way of monitoring
when security updates are needed?

Thanks!

Kevin

Hi @kevin_kreger,

Thanks for your interest on using Bitnami!

For critical security issues, we email Bitnami Cloud Hosting users and even users with a bitnami.com account. Apart from that, we create both Wiki and Blog entries to inform about security issues and also mention them in our monthly newsletter. But for non critical issues, we do not send emails.

You can also subscribe to our RSS service at http://feeds2.feedburner.com/BitnamiBlog

Regards,
Gonzalo