Get Started

Knowledge Base

OSSpedia
OSSpedia 11 Mar 2025 WordPress: Stored XSS Vulnerability in Countdown Timer Plugin Business and Enterprise SolutionsCMSWOR
Data Management and Analytics 28 Feb 2025 Couchbase: A High-Performance NoSQL Database DatabaseCOU
Data Management and Analytics 20 Feb 2025 Unlock Scalable Backend Solutions with Supabase: A Comprehensive Overview of Features and Benefits Data AnalyticsSUP
OSSpedia 19 Feb 2025 WordPress: Unauthorized Access Vulnerability in Raptive Ads Plugin Business and Enterprise SolutionsCMSWOR
OSSpedia 19 Feb 2025 WordPress: Cross-Site Request Forgery Vulnerability in DeBounce Email Validator Plugin Business and Enterprise SolutionsCMSWOR
OSSpedia 19 Feb 2025 WordPress: Insecure Direct Object Reference in Education Addon for Elementor Plugin Business and Enterprise SolutionsCMSWOR
More articles
Articles
8 Jan 2025 Efficient Deployment and Management with Hossted VM Solutions

Why Choose the Hossted Instant Deployment Solution? Enterprises that rely on open-source applications often struggle with deployment, maintenance, and support, leading to operational complexity and resource-intensive management. Hossted solves these challenges by offering an instant deployment virtual machine with built-in self-monitoring, AI-powered insights, and enterprise-grade support. With Hossted Instant Deployment Solution, IT and DevOps teams […]

 Knowledge BaseArticles
25 Jan 2024 The Future of Open Source Software Management: Why Hossted is the Answer

In today’s digital age, open-source software (OSS) has become the backbone of many technological infrastructures. From startups to Fortune 500 companies, everyone is leveraging the power of open-source technologies. The reasons are clear: OSS offers flexibility, transparency, and a collaborative approach to software development. However, as with all good things, there are challenges that come […]

 Articles
27 Dec 2023 Hardened Images: Part 2: What exactly does that mean, and how does it work?

Ambiguity IT managers today are developing a soft spot for hardened images. The prospect of strengthening software images against continuously emerging vulnerabilities and cyber threats is an attractive one. We discussed in part one of this topic, the growing need for the hardening process in order to combat security threats to today’s companies. There’s just one question: […]

 Articles
27 Dec 2023 Hardened Images: Part 1: Why exactly are they needed?

Docker container images contain the code, runtime, system tools, system libraries and settings needed to run an application. According to the developer delivery platform, Section.io, Docker’s microservices architecture, its compatibility and cost effectiveness are among the reasons why Docker has become “the most wanted technology,” and has become “massively popular.” Ensuring the integrity of Docker […]

 Articles
26 Dec 2023 Shedding Light on the Darker Side of Open Source

Nobody wants to hear about the shortcomings of the hero, the champion, the savior of the story. It puts a real damper on the euphoria and the buzz generated by this spellbinding person of the hour. In many ways, open source software is the darling of the IT world. Crowds of fans tout the dramatic […]

 Articles
25 Dec 2023 Deep-Edge With k3s and Rancher

Autonomy, a word that holds so much promise yet hides so much complexity behind the scenes. One generally feels Tesla, Intel (Mobileye), and Waymo, from an operational and cloud-native standpoint, are out of reach and typically out of anyone’s league. Now my party-trick to bridge any gap of knowledge and experience, in any vertical, is […]

 Articles
More articles
How To
10 Jan 2025 How to configure a domain for Hossted VM application How To
22 Oct 2024 How to authorise through AWS Identity and Access Management (IAM) How To
17 Oct 2024 How to Deploy Hossted Kubernetes App on AWS How To
7 Oct 2024 How to Deploy Hossted Kubernetes App on Azure Marketplace How To
20 Dec 2023 Microservices development and CI-CD with dockers and git-submodules — GS3D How To
20 Dec 2023 Managing microservices with dockers and git-submodules — GS3D How To
More articles
Newsflash
21 Apr 2025 Data Management and Analytics
MySQL: High Privileged Attackers Can Cause DOS in MySQL Cluster

In MySQL Cluster versions 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0 a medium severity vulnerability CVE-2025-30710 was detected. This vulnerability allows high-privileged attackers with network access via multiple protocols to compromise MySQL Cluster, potentially causing a hang or repeatable crash (complete DOS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30710.

 Read more Database
21 Apr 2025 Business and Enterprise Solutions
WordPress: Authenticated Users Can Delete Arbitrary Files Leading to RCE in Download Manager Plugin

In Download Manager plugin for WordPress versions up to and including 3.3.12 a high severity vulnerability (CVE-2025-3404) was detected. This vulnerability allows authenticated attackers with Author-level access or higher to delete arbitrary files on the server via insufficient file path validation in the savePackage function, potentially leading to remote code execution if critical files like wp-config.php are removed. To address this issue, users should update Download Manager plugin to versions 3.3.13 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3404.

 Read more CMS
21 Apr 2025 Data Management and Analytics
MySQL: mysqldump Vulnerability Allows Unauthorized Data Access and Modification in MySQL Client

In Oracle MySQL Client versions 8.0.0 through 8.0.41, 8.4.0 through 8.4.4 and 9.0.0 through 9.2.0 a medium severity vulnerability CVE-2025-30722 was detected in the mysqldump component. This vulnerability allows low-privileged attackers with network access via multiple protocols to gain unauthorized access to critical data or modify data accessible to the MySQL Client. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30722.

 Read more Database
21 Apr 2025 Business and Enterprise Solutions
WordPress: Stored XSS via Auto-Refresh Log in Debug Log Manager Plugin

In Debug Log Manager plugin for WordPress versions up to and including 2.3.4 a high severity vulnerability CVE-2025-3809 was detected. This vulnerability allows unauthenticated attackers to inject malicious JavaScript via the auto-refresh debug log due to insufficient input sanitization and output escaping. To address this issue, users should upgrade Debug Log Manager plugin to versions 2.3.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3809.

 Read more CMS
21 Apr 2025 Communication and Collaboration
Mattermost: Authenticated Users Can View Member Info from Archived Channels

In Mattermost versions 10.5.x ≤ 10.5.1, 10.4.x ≤ 10.4.3 and 9.11.x ≤ 9.11.9 a medium severity vulnerability CVE-2025-2564 was detected. This vulnerability allows authenticated users to view members and member information of archived channels even when the ‘Allow users to view/update archived channels’ setting is disabled. To address this issue, users should upgrade Mattermost to versions 10.5.2, 10.4.4, 9.11.10 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2564.

 Read more Communication
21 Apr 2025 DevOps
Stabilizing Docker Swarm Elections: Overcoming Raft Configuration Limitations in Version 1.13.1

Problem

The client encountered frequent master (manager) re-elections in their production Docker Swarm cluster, despite having the dispatcher-heartbeat value set to 2 minutes. These re-elections were happening within fractions of a second, causing concerns around Swarm stability and service availability. The client’s Docker environment was based on version 1.13.1 running on RHEL 7.9.

Key symptoms included:

  • Frequent and rapid re-elections of the Swarm manager node, even under minor network fluctuations.
  • No apparent way to change the heartbeat-tick and election-tick parameters via Docker CLI or configuration files.
  • Confusion between the purpose of dispatcher-heartbeat and Raft election parameters.

Process

Step 1: Initial Investigation

The expert began by reviewing the Docker Swarm cluster’s Raft configuration using docker info, which revealed the following settings:

  • Heartbeat Tick: 1
  • Election Tick: 3
  • Dispatcher Heartbeat Period: 5 seconds

This meant the effective election timeout was only 3 ticks, leading to unnecessary leader re-elections due to minor delays. However, since Docker 1.13.1 does not expose Raft internals for user modification, the expert identified that adjusting heartbeat-tick or election-tick was not feasible via CLI or daemon.json.

To address the client’s concerns, the expert explored alternative mitigation strategies:

  • Testing whether increasing dispatcher-heartbeat could indirectly reduce re-elections.
  • Attempting to change Raft parameters via docker swarm update and daemon.json (which failed).
  • Reviewing the Docker source code to confirm Raft values are hardcoded in version 1.13.1.
  • Advising on upgrading Docker to a version where Raft parameters are configurable.

Step 2: Troubleshooting & Fixes

Attempt to Change Election Timeout via CLI

The client attempted the following command based on initial guidance:

docker swarm update --heartbeat-tick 1 --election-tick 10

This resulted in an error because Docker 1.13.1 does not support modifying these values.

Testing dispatcher-heartbeat

To explore mitigation, the expert suggested increasing dispatcher-heartbeat using:

docker swarm update --dispatcher-heartbeat 20s

This command worked and was verified by reviewing updated docker info output. Further testing increased the value to 30 seconds successfully.

Clarification on Heartbeat vs. Dispatcher Heartbeat

The expert clarified that dispatcher-heartbeat only controls how often worker nodes report their health and does not impact manager node re-election timing, which is governed by heartbeat-tick × election-tick.

Limitations of Docker 1.13.1

It was confirmed that Docker 1.13.1 does not support changing Raft parameters via CLI or configuration files. The expert validated this by examining the Docker source code and sharing relevant documentation links:

Recommendations for Resolution

The expert provided the following options:

  • Upgrade Docker: Recommended upgrading to Docker 20.10.4 or later, where Raft parameters are more configurable and include stability improvements.
  • Custom Build (Advanced Option): Modify Docker’s source code to increase the hardcoded Raft tick values. This would involve locating Raft constants in the Go source code, recompiling Docker, and deploying in a test environment first. (This approach was suggested but not tested by the expert.)
  • Improve Network Stability: Ensuring a highly stable, low-latency connection between manager nodes to avoid false re-election triggers.
  • Add More Manager Nodes: Increasing the number of manager nodes to improve resilience and reduce the risk of leader loss due to transient issues.

Solution

Ultimately, the client acknowledged the limitations of Docker 1.13.1 and agreed to upgrade Docker Swarm to a supported version where election timeouts could be tuned. The expert recommended Docker version 20.10.4 or higher, citing improvements specifically related to heartbeat handling and Raft configuration flexibility:

This solution addressed the root cause of rapid manager re-elections and enabled the client to apply more robust Swarm configurations moving forward.

Conclusion

The root issue stemmed from hardcoded Raft parameters in Docker 1.13.1, leading to rapid and frequent Swarm manager re-elections. Despite efforts to modify the configuration, these parameters were confirmed to be immutable in this version. The expert provided clear guidance and alternative mitigation steps, including:

  • Clarifying the distinction between dispatcher-heartbeat and Raft parameters.
  • Successfully adjusting dispatcher-heartbeat to improve worker node communication.
  • Recommending an upgrade path to unlock full configurability of election settings.

This structured engagement enabled the client to move toward a stable and tunable Swarm configuration, aligned with best practices for production environments.

 Read more Developer Tools
More articles
Case Studies
9 Apr 2025 Recurring Kafka Connector Failures: Diagnosing and Preventing Message Corruption

Problem: The client faced recurring Kafka sink connector failures (e.g., chf-cdr-sftp-sink-connector) in a Kubernetes environment (Kafka 3.2.0 with three brokers and ZooKeeper). The failures were caused by corrupt messages at specific offsets, leading to task crashes. Despite skipping corrupt offsets and restarting connectors, the issue persisted, requiring a more permanent solution. Process: Step 1: Environment […]

 Data Analytics
26 Mar 2025 Seamless Jenkins-Keycloak Integration: Overcoming API Authentication Challenges

Problem The client faced an issue integrating Jenkins with Keycloak for authentication. While the Jenkins UI successfully authenticated users via Keycloak, API calls from backend services were failing. According to Jenkins’ documentation, API requests should be authenticated using an API token, but despite following the recommended steps, the client encountered authentication failures (403 Forbidden & […]

 Developer Tools
19 Mar 2025 Docker Swarm Configuration and Container Recovery Issues

Problem: The client experienced issues with Docker Swarm configuration in production. Specifically, when a container restarted, the application failed to recover properly. The client requested a review of the configuration to identify the root cause and potential improvements to enhance the cluster’s functionality. Process: Step 1: Initial Investigation The client provided details of the Docker […]

 Developer Tools
17 Mar 2025 Seamless Upgrade Strategy for Apache Cassandra and OS on EC2

Problem: The client was using Apache Cassandra 4.1.5 installed via a tarball extraction on an AWS EC2 machine and wanted to upgrade both their Cassandra version and the operating system. The installation was done manually using the tarball method, and the client needed to understand the feasibility and potential challenges involved in upgrading the OS […]

 Database
14 Mar 2025 Resolving Row Count Inconsistencies in Apache Cassandra

Problem: The client experienced a failure in running repairs in Apache Cassandra due to corruption in hint files. Additionally, a node in the cluster went down and could not be brought back up, causing concerns about data consistency and cluster stability. Process: Step 1: Initial Investigation The client observed errors related to corrupted hint files, […]

 Database
7 Mar 2025 Optimizing PostgreSQL Query Performance and Resolving Locking Issues

Problem: The client experienced a problem with query slowness in their PostgreSQL database. Several queries were running slowly, and the application became unresponsive during the issue. The client required assistance in diagnosing and optimizing the queries contributing to the performance issues. Process: Step 1 – Initial Investigation The expert reviewed the PGAWR reports for the […]

 Database
More articles