Hi , We have received the below vulnerability for the mongodb version - 3.4.4.
VAMS :MongoDB Server 3.4.x < 3.4.22, 3.6.x < 3.6.13, 4.0.x < 4.0.9, 4.1.x < 4.1.9 - Improper Authorisation Vulnerability - SERVER-38984(CVE-2019-2386): SVM-49539 After user deletion in MongoDB Server the improper invalidation of authorisation sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. [CVE-2019-2386] Vendor Affected Components: MongoDB Server 3.4.x < 3.4.22 MongoDB Server 3.6.x < 3.6.13 MongoDB Server 4.0.x < 4.0.9 MongoDB Server 4.1.x < 4.1.9 I could see that the mongodb version supported in Ignite 2.7.5 is MongoDB (version >=3.2.x <=3.4.15). Is there any plans to upgrade the version of the MongoDB to mitigate the vulnerability Regards
