Percona Monitoring and Management 3.4.1 has been released

We're pleased to announce the release of Percona Monitoring and Management 3.4.1, available since Monday, October 13, 2025.

This maintenance release focuses on security improvements, addressing several high-severity vulnerabilities and upgrading critical dependencies to enhance the stability and security of your monitoring infrastructure.

Get hands-on with PMM 3.4.1 by setting up your instance using our quickstart guide.

Here's a summary of the main changes in this release:

• Nomad DoS vulnerability mitigation (CVE-2025-8959) with upgrade to Nomad v1.10.5 and minimal risk for default deployments where Nomad is disabled
• Fixed DoS vulnerability in Percona Toolkit by upgrading to v3.7.0-2, resolving the Logrus dependency issue that could disrupt data collection
• Clarification on false-positive CVEs including OpenSSL cipher processing (CVE-2023-5363), Python Setuptools RCE (CVE-2024-6345), and ClickHouse/Go runtime vulnerabilities (CVE-2024-24790)
• Removed clickhouse-diagnostics package to eliminate potential exposure from unused diagnostic utility
• Transparent disclosure of accepted risks for OpenSSL buffer overflow vulnerabilities (CVE-2022-3786 and CVE-2022-3602) pending public Oracle Linux patches

You can find the full list of changes in the Release Notes.