Percona Server for MongoDB 7.0.15-9 has been released

Percona Server for MongoDB 7.0.15-9 has been released on November 27, 2024.

This release includes a fix for a security vulnerability CVE-2024-10921. This vulnerability allowed an authorized user to trigger server crashes or receive the contents of the buffer over-reads of the server memory by sending specially crafted requests that constructed malformed BSON in MongoDB.

Users running any minor version of Percona Server for MongoDB 7.0.x before 7.0.15 should upgrade to this latest version as soon as possible.

This release is also of interest to users who use data-at-rest encryption with the Vault key management server. Before putting a new master encryption key as the versioned secret to Vault, Percona Server for MongoDB now checks if the secret's version reached the defined maximum. This prevents the loss of the old secret and the master encryption key it stores on the Vault server.

Make sure Percona Server for MongoDB has read permissions for the secret’s metadata and the secrets engine configuration. For details, refer to the documentation.

Learn more about these improvements and other changes in Percona Server for MongoDB 7.0.15-9 release notes.