Get Started

Knowledge Base

OSSPedia
Communication and Collaboration 16 Apr 2024 Rocket.Jitsi Explored: Amplifying Video Conferencing with Community Edition Open-Source Application CommunicationROC
Communication and Collaboration 15 Apr 2024 Rocket.Chat OSS Tutorial: Revolutionizing Team Communication with Open-Source Excellence CommunicationROC
Project and Agile Management 15 Apr 2024 Redmine Revealed: Project Management Perfected with Open-Source Expertise Project ManagementRED
DevOps 14 Apr 2024 RabbitMQ Community Edition Open Source Walkthrough Application DevelopmentRAB
Data Management and Analytics 14 Apr 2024 Redash Community Edition OSS Guide: Harnessing Data Visualization with Open-Source Brilliance Data AnalyticsRED
Data Management and Analytics 13 Apr 2024 Prometheus Community OSS Application: Elevating Monitoring with Open-Source Vigilance Data AnalyticsPRO
More articles
Blog Posts
25 Jan 2024 The Future of Open Source Software Management: Why Hossted is the Answer

In today’s digital age, open-source software (OSS) has become the backbone of many technological infrastructures. From startups to Fortune 500 companies, everyone is leveraging the power of open-source technologies. The reasons are clear: OSS offers flexibility, transparency, and a collaborative approach to software development. However, as with all good things, there are challenges that come […]

 Blog Posts
27 Dec 2023 Hardened Images: Part 2: What exactly does that mean, and how does it work?

Ambiguity IT managers today are developing a soft spot for hardened images. The prospect of strengthening software images against continuously emerging vulnerabilities and cyber threats is an attractive one. We discussed in part one of this topic, the growing need for the hardening process in order to combat security threats to today’s companies. There’s just one question: […]

 Blog Posts
27 Dec 2023 Hardened Images: Part 1: Why exactly are they needed?

Docker container images contain the code, runtime, system tools, system libraries and settings needed to run an application. According to the developer delivery platform, Section.io, Docker’s microservices architecture, its compatibility and cost effectiveness are among the reasons why Docker has become “the most wanted technology,” and has become “massively popular.” Ensuring the integrity of Docker […]

 Blog Posts
26 Dec 2023 Shedding Light on the Darker Side of Open Source

Nobody wants to hear about the shortcomings of the hero, the champion, the savior of the story. It puts a real damper on the euphoria and the buzz generated by this spellbinding person of the hour. In many ways, open source software is the darling of the IT world. Crowds of fans tout the dramatic […]

 Blog Posts
25 Dec 2023 Deep-Edge With k3s and Rancher

Autonomy, a word that holds so much promise yet hides so much complexity behind the scenes. One generally feels Tesla, Intel (Mobileye), and Waymo, from an operational and cloud-native standpoint, are out of reach and typically out of anyone’s league. Now my party-trick to bridge any gap of knowledge and experience, in any vertical, is […]

 Blog Posts
23 Dec 2023 OpenideaL 3.0- Empowering and Streamlining the Ideation Process

Read this interview between Interviewee: Zohar Stolar, head of product at OpenideaL and Interviewer: Elroi Marom, CEO of Linnovate to learn how OpenideaL will empower and streamline the ideation process. Hi Zohar, I was happy to hear you launched a new version of OpenideaL, the popular open-source idea management platform.  What can you tell us about […]

 Blog Posts
More articles
How To
20 Dec 2023 Microservices development and CI-CD with dockers and git-submodules — GS3D How To
20 Dec 2023 Managing microservices with dockers and git-submodules — GS3D How To
20 Dec 2023 Video Tutorial: How to Deploy an App on the Azure Marketplace How To
20 Dec 2023 Jitsi JWT Tokens authentication How To
20 Dec 2023 Jitsi Load Testing How To
20 Dec 2023 Jitsi Performance Monitoring How To
More articles
Newsflash
28 Apr 2024 DevOps Security Vulnerability: Altered Requests Masked as Genuine

In HTTP/1.1 client for Node.js (Undici), a low severity vulnerability CVE-2024-30261, was detected. This vulnerability allows attackers to
change a setting to make their fake requests look real, allowing them to sneak in harmful alterations undetected. However, there’s no confidentiality or availability impact. The issue is fixed in versions 5.28.4 and 6.11.1. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-30261/.

 Read more Application Development
27 Apr 2024 DevOps System Crash Vulnerability via Malicious JUnit Test Report

In GitLab Enterprise Edition versions before 16.8.6, as well as versions starting from 16.9 before 16.9.4, and from 16.10 before 16.10.2, a medium vulnarability CVE-2023-6678, was detected. It allows attackers to crash a system by putting harmful stuff in a junit test report file. For more information, visit https://avd.aquasec.com/nvd/2023/cve-2023-6678/.

 Read more Developer Tools
26 Apr 2024 DevOps Exploiting Stored XSS Vulnerability: Unauthorized Actions in the System

In GitLab CE/EE all versions starting from 16.7 to 16.8.6, from 16.9 before 16.9.4, and from 16.10 before 16.10.2, a high severity vulnerability CVE-2024-2279, was detected. Due to this vulnerability attackers could trick the system into executing harmful actions on behalf of other users without their knowledge through a method called stored XSS (cross-site scripting). For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-2279/.

 Read more Developer Tools
25 Apr 2024 Infrastructure and Network Security Implications of Certificate Status Checking in Vault

In Vault and Vault Enterprise versions 1.14.0 and newer, a medium severity vulnerability CVE-2024-2660, was detected. This vulnerability affects how Vault checks for certificate status, potentially letting someone with network access use a fake certificate to get unauthorized access. The issue is resolved in Vault version 1.16.0 and Vault Enterprise versions 1.16.1, 1.15.7, and 1.14.11. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-2660/.

 Read more Security
24 Apr 2024 Project and Agile Management Critical Jinja2 Template Injection in Ansible Opens Door to Remote Code Execution in Celery

In Ansible versions v3.0.0-v3.10.6, a critical security vulnerability CVE-2024-29202, was detected. This vulnerability allows attackers to steal sensitive data. To address this issue, users are advised to upgrade to v3.10.7. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-29202.

 Read more IT Business Management
23 Apr 2024 Business and Enterprise Solutions Critical Vulnerability in Dolibarr

In Dolibarr, a critical security vulnerability CVE-2024-29477, was detected. This vulnarability allows attackers to access your network and execute malicious code during installation. The issue is resolved in Dolibarr version 19.0.1 or newer. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-29477.

 Read more ERP
More articles
Case Studies
26 Apr 2024 Understanding Label Usage in Prometheus Alerts

Problem: The client has encountered an issue where a label, specifically “app_kubernetes_io_part_of”, is not being evaluated in the alert description or labels despite being present in the metric. They seek clarification on whether this behavior aligns with the expected functionality of Prometheus alerts. Process: The client provided a Prometheus rule with an alert definition that […]

 Data Analytics
25 Apr 2024 Clarification Needed: Understanding Cassandra Replication Factor (RF) in Multi-Data Center Configurations

Problem: The issue stems from confusion surrounding the Replication Factor (RF) in Apache Cassandra, where the documentation implies RF determines the quantity of data copies, but clarity on this matter is lacking. Process: To address this issue, in-depth investigation took place. The team explored the information provided by the client: Cassandra Configurations: Cassandra Version: 4.0.1 […]

 Database
24 Apr 2024 Resolving PostgreSQL Replication Alert Discrepancies

Problem: The system is generating alerts indicating replication lag on the “productCatalog” PostgreSQL instance, specifically targeting the machine “pa3fnd02.” However, upon DBA investigation, there is no observable lag in the cluster, with both the leader (pa3fnd02) and the sync standby (pa3fnd01) reporting no lag. The discrepancy raises concerns about the persistence of alerts despite the […]

 Database
23 Apr 2024 Capturing Logout Events in Cassandra 4.0.x Audit Logs

Problem: The organization is using Cassandra 4.0.x in its Production environment and requires tracking login and logout details from the Cassandra Audit logs. However, the Audit logs only record LOGIN_SUCCESS, LOGIN_ERROR, and UNAUTHORIZED_ATTEMPT events, with no mention of LOGOUT events. The organization seeks clarification on mechanisms for capturing logout-related entries. Solution: Cassandra does not inherently […]

 Database
22 Apr 2024 Ceph Storage Capacity Issue: OSDs Limited Space Despite Expected Availability

Problem: Ceph Storage Almost Full but Should Have Space. The client reported that the Ceph storage is nearly full, even though there should be sufficient space available. The output of ceph osd status indicates that some OSDs have limited available space. The most common cause identified is not deleting the lost+found directory after a crash […]

 Storage
22 Apr 2024 Resolving High CPU Utilization Issue on RHEL 7.5 Nexus Server

Problem: The client reported sudden high CPU utilization on their RHEL 7.5 Nexus server. Despite disabling tasks and restarting the server, the issue persisted. Logs indicated that the Nexus process was the top contributor to CPU utilization. Process: Steps and measures undertaken to investigate the issue: Requesting Information: Furnished JVM logs, Nexus application logs, and […]

 Developer Tools
More articles