You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ignite.apache.org by Ashfaq Ahamed MH <as...@gmail.com> on 2019/08/25 16:04:25 UTC
Support for latest version of MongoDB in Ignite web console
Hi ,
We have received the below vulnerability for the mongodb version - 3.4.4.
VAMS :MongoDB Server 3.4.x < 3.4.22, 3.6.x < 3.6.13, 4.0.x < 4.0.9,
4.1.x < 4.1.9 - Improper Authorisation Vulnerability -
SERVER-38984(CVE-2019-2386): SVM-49539
After user deletion in MongoDB Server the improper invalidation of
authorisation sessions allows an authenticated user's session to persist and
become conflated with new accounts, if those accounts reuse the names of
deleted ones. [CVE-2019-2386]
Vendor Affected Components:
MongoDB Server 3.4.x < 3.4.22
MongoDB Server 3.6.x < 3.6.13
MongoDB Server 4.0.x < 4.0.9
MongoDB Server 4.1.x < 4.1.9
I could see that the mongodb version supported in Ignite 2.7.5 is MongoDB
(version >=3.2.x <=3.4.15).
Is there any plans to upgrade the version of the MongoDB to mitigate the
vulnerability
Regards
Re: Support for latest version of MongoDB in Ignite web console
Posted by Denis Magda <dm...@apache.org>.
GridGain is going to release WebConsole 8.8 soon that will be available
free of charge for on-prem and Docker installations. That version doesn't
go with any MongoDB-dependencies. Stay tuned.
-
Denis
On Mon, Aug 26, 2019 at 3:10 AM Stanislav Lukyanov <st...@gmail.com>
wrote:
> Hi,
>
> I believe support for MongoDB 4.x is already implemented in
> https://issues.apache.org/jira/browse/IGNITE-10847.
> Also, I believe Ignite doesn't require a specific version of MongoDB. Have
> you tried to install the latest 3.4.x version?
>
> Thanks,
> Stan
>
> On Sun, Aug 25, 2019 at 7:04 PM Ashfaq Ahamed MH <as...@gmail.com>
> wrote:
>
>> Hi ,
>> We have received the below vulnerability for the mongodb version - 3.4.4.
>>
>> VAMS :MongoDB Server 3.4.x < 3.4.22, 3.6.x < 3.6.13, 4.0.x <
>> 4.0.9,
>> 4.1.x < 4.1.9 - Improper Authorisation Vulnerability -
>> SERVER-38984(CVE-2019-2386): SVM-49539
>>
>> After user deletion in MongoDB Server the improper invalidation of
>> authorisation sessions allows an authenticated user's session to persist
>> and
>> become conflated with new accounts, if those accounts reuse the names of
>> deleted ones. [CVE-2019-2386]
>>
>> Vendor Affected Components:
>> MongoDB Server 3.4.x < 3.4.22
>> MongoDB Server 3.6.x < 3.6.13
>> MongoDB Server 4.0.x < 4.0.9
>> MongoDB Server 4.1.x < 4.1.9
>>
>>
>>
>> I could see that the mongodb version supported in Ignite 2.7.5 is MongoDB
>> (version >=3.2.x <=3.4.15).
>> Is there any plans to upgrade the version of the MongoDB to mitigate the
>> vulnerability
>>
>> Regards
>>
>
Re: Support for latest version of MongoDB in Ignite web console
Posted by Stanislav Lukyanov <st...@gmail.com>.
Hi,
I believe support for MongoDB 4.x is already implemented in
https://issues.apache.org/jira/browse/IGNITE-10847.
Also, I believe Ignite doesn't require a specific version of MongoDB. Have
you tried to install the latest 3.4.x version?
Thanks,
Stan
On Sun, Aug 25, 2019 at 7:04 PM Ashfaq Ahamed MH <as...@gmail.com>
wrote:
> Hi ,
> We have received the below vulnerability for the mongodb version - 3.4.4.
>
> VAMS :MongoDB Server 3.4.x < 3.4.22, 3.6.x < 3.6.13, 4.0.x <
> 4.0.9,
> 4.1.x < 4.1.9 - Improper Authorisation Vulnerability -
> SERVER-38984(CVE-2019-2386): SVM-49539
>
> After user deletion in MongoDB Server the improper invalidation of
> authorisation sessions allows an authenticated user's session to persist
> and
> become conflated with new accounts, if those accounts reuse the names of
> deleted ones. [CVE-2019-2386]
>
> Vendor Affected Components:
> MongoDB Server 3.4.x < 3.4.22
> MongoDB Server 3.6.x < 3.6.13
> MongoDB Server 4.0.x < 4.0.9
> MongoDB Server 4.1.x < 4.1.9
>
>
>
> I could see that the mongodb version supported in Ignite 2.7.5 is MongoDB
> (version >=3.2.x <=3.4.15).
> Is there any plans to upgrade the version of the MongoDB to mitigate the
> vulnerability
>
> Regards
>