Percona Monitoring and Management 2.37.1¶
|Release date:||Jun 5, 2023|
|Installation:||Installing Percona Monitoring and Management|
Percona Monitoring and Management (PMM) is an open source database monitoring, management, and observability solution for MySQL, PostgreSQL, and MongoDB.
We recommend using the latest version of PMM. This ensures that you have access to the latest PMM features and that your environment runs on the latest version of the underlying components, such as VictoriaMetrics, with all the bug fixes in place.
We have identified and fixed CVE-2023-34409 in PMM 2.37.1:
PMM-12182: PMM authentication bypass vulnerability
If you are unable to update PMM you can resolve this issue as follows:
Make changes to the NGINX configuration on the running PMM instance. To do so, create a Bash script with the code from this script on GitHub.
Apply the code using this
dockercommand on a server running the PMM Docker container (as root or using sudo):
docker exec -it pmm-server bash -c 'curl -fsSL https://raw.githubusercontent.com/percona/pmm/main/scripts/authfix.sh | /bin/bash '
- If you are running PMM via a virtual appliance (OVF or AMI), use SSH to shell into the PMM server and run this command:
curl -fsSL https://raw.githubusercontent.com/percona/pmm/main/scripts/authfix.sh | /bin/bash
For more details see, blogpost.
An Enterprise Linux 9 (el9) version of PMM was released through oversight. This was intended to be a technical preview. There are several known issues with this el9-based version. Thus, we do not recommend running it in production until the official GA announcement.
The images from the
perconaDocker repository have been removed. However, those who want to test them can locate them in the perconalab Docker repository.