Hugo | DevOps | CybersecurityJun 20

CVE-2026-47846 - Critical supply chain attack in Bitnami Cassandra containers. Default superuser cassandra:cassandra retained after custom admin setup. CVSS 9.8. Update all affected images immediately. #CVE #Bitnami #infosec

https://www.valtersit.com/cve/CVE-2026-47846/

CVE-2026-47846 | Bitnami | Valters IT Hub

Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CA...

Valters IT Hub
Patrice Ferlet aka MΣƬΛᄂ3DJun 7

On y est ! Après des mois de galère j'ai enfin pu passer #Mastodon en 4.5.11 - donc c'est à jour. La route a été longue, récupération massive de contenu, fixes de base de données, réécriture entière du Helm Chart pour virer #Bitnami et #Redis (pour utiliser un PostgreSQL naturel, et un ValKey plus proche de mes convictions par rapport aux licences)

Bref, ce fut fastidieux, mais j'ai enfin une instance propre, qui se mettra à jour plus proprement.

MikaJun 7
#Bitnami has removed their container images and #Helm charts from 'main' registries like #Docker hub and whatnot for a while now, thanks to fucking #Broadcom - in order to lock them behind some enterprise contract or some shit. But. They've always been 'secretly' available still on some other registries like #Amazon 's #AWS #ECR Public Gallery (public.ecr.aws). Not anymore, they're planning to remove them on June 10. These fucking bitches.

🔗 https://community.broadcom.com/tanzu/blogs/beltran-rueda-borrego/2026/05/20/important-update-transitioning-bitnami-offerings-o

Everyone in the #homelab/#DevOps community, please, mirror the shit out of their stuffs please before they're gone forever (June 10):

🔗 https://gallery.ecr.aws/bitnami

#Zot is one good OCI registry mirroring tool you could self-host to make this a lil easier:

🔗 https://github.com/project-zot/zot
Important Update: Transitioning Bitnami Offerings on AWS

MikaMay 7
One of my fears of homelabbing is the reliance on (3rd party) #Docker/#container images that could just be gone someday. I've already had it happen once, with #Bitnami images (fuck #Broadcom).

One way I previously thought to combat this is to manually pull the image bundle and host it in your own container registry. This works, but obviously not a reasonable effort to do and reproduce for more than ~1-2 images.

Then, the moment I discovered #Amazon/#AWS has such a thing that addresses this - pull through cache for their #ECR, I looked up on how I can have the same kind of setup on my #homelab, and sure enough, there are already several options. I went with #Zot, and it's working pretty freaking well. Now, anytime I pull any images from registries I've configured Zot to sync like #GitHub's ghcr.io, docker.io, public.ecr.aws, they'll all be pulled/cached first on my own Zot instance and stored for good there.

Man, I wish I looked into this much earlier - but better late than never.

🔗 https://github.com/project-zot/zot

🔗 https://docs.aws.amazon.com/AmazonECR/latest/userguide/pull-through-cache-creating-rule.html
GitHub - project-zot/zot: zot - A scale-out production-ready vendor-neutral OCI-native container image/artifact registry (purely based on OCI Distribution Specification)

zot - A scale-out production-ready vendor-neutral OCI-native container image/artifact registry (purely based on OCI Distribution Specification) - project-zot/zot

GitHub
Travis KJ5DCLApr 19
WEW #MASTODON ON CLOUDNATIVE-PG! FINALLY OFF #BITNAMI at least for #postgres. #cnpg
Show threadSem Schilder Apr 5
@pak21 It seems to be yet another #bitnami fuckover :(
```
ErrImagePull: rpc error: code = NotFound desc = failed to pull and unpack image "docker.io/bitnami/os-shell:12-debian-12-r15": failed to resolve reference "docker.io/bitnami/os-shell:12-debian-12-r15": docker.io/bitnami/os-shell:12-debian-12-r15: not found
```
Show threadSem Schilder Mar 27
Fuck #bitnami btw, they are made it infinitely harder by their change about the helm charts and docker images and what not. #boos #angry
 DorfCaninae[Andromeda]Mar 2
#Fedihelp #keycloak #HelmChart #k8s
I need a working helmchart for keycloak...
Does that exist? Please help aaaahhhhhhhh
#bitnami is outdated.... KeycloakX doesn't seem to work as well :( This sucks
SaustrupJan 22

The #MSTDNDK Mastodon instance just migrated away from Bitnami's #Redis helm chart and container images to #Valkey.

#Bitnami and Redis both seem to be exiting the open source community, which could prevent us from staying current, meaning always running the latest versions of the software components that make up this instance.

We understand the need to monetize software, but see that as an opportunity to add premium paid features, not take away existing ones from open source. Doing so will make your potential future customers look for other solutions. Looking at you, #MinIO, Redis and Bitnami.

Please report any issues you might experience as a result of the move to Valkey. So far it looks peachy.

ZtarbugDec 21, 2025

For anyone running web applications in need of #Keycloak as #IdP here is a #Helmfile showing how to run a simple setup. It is supposed to stay #FOSS forever (unlike #Bitnami). Comments, bug reports and PRs are very much appreciated.

https://github.com/starwit/keycloak-helmfile-template