MongoDB 7.0.6+ support to avoid security issues

flapdoodle-oss / de.flapdoodle.embed.mongo

...will provide a platform neutral way for running mongodb in unittests.

Apache License 2.0

910 stars 160 forks source link

MongoDB 7.0.6+ support to avoid security issues #513

Closed lsfischer closed 7 months ago

lsfischer commented 8 months ago

According to mongodb's release notes for version 7, versions 7.0.0 - 7.0.2 have critical dependencies and we should strive to use versions above 7.0.6.

However it seems the latest mongo version supported is 7.0.4

michaelmosmann commented 8 months ago

@lsfischer ah.. thanks.. will update soon..

XSpielinbox commented 7 months ago

Small reminder, in case it got forgotten. : )

CVE-2024-1351 affects all MongoDB versions prior to 7.0.6. In the meanwhile on Mar 18, 2024 MongoDB 7.0.7 released as well.

michaelmosmann commented 7 months ago

@XSpielinbox .. released 4.12.3, should be in maven central in some hours.. i will close this issue, reopen if needed

lsfischer commented 7 months ago

Thanks a lot @michaelmosmann !

XSpielinbox commented 7 months ago

Thanks @michaelmosmann

However, MongoDB just released a new version: 7.0.8 🙈

michaelmosmann commented 7 months ago

@XSpielinbox damn.. ok.. so i will make a new release soon ..

michaelmosmann commented 7 months ago

@XSpielinbox .. did a new release with mongodb 7.0.8

XSpielinbox commented 7 months ago

@michaelmosmann Thank you very much!