Hi, I believe support for MongoDB 4.x is already implemented in https://issues.apache.org/jira/browse/IGNITE-10847. Also, I believe Ignite doesn't require a specific version of MongoDB. Have you tried to install the latest 3.4.x version?
Thanks, Stan On Sun, Aug 25, 2019 at 7:04 PM Ashfaq Ahamed MH <ashfaqahmed...@gmail.com> wrote: > Hi , > We have received the below vulnerability for the mongodb version - 3.4.4. > > VAMS :MongoDB Server 3.4.x < 3.4.22, 3.6.x < 3.6.13, 4.0.x < > 4.0.9, > 4.1.x < 4.1.9 - Improper Authorisation Vulnerability - > SERVER-38984(CVE-2019-2386): SVM-49539 > > After user deletion in MongoDB Server the improper invalidation of > authorisation sessions allows an authenticated user's session to persist > and > become conflated with new accounts, if those accounts reuse the names of > deleted ones. [CVE-2019-2386] > > Vendor Affected Components: > MongoDB Server 3.4.x < 3.4.22 > MongoDB Server 3.6.x < 3.6.13 > MongoDB Server 4.0.x < 4.0.9 > MongoDB Server 4.1.x < 4.1.9 > > > > I could see that the mongodb version supported in Ignite 2.7.5 is MongoDB > (version >=3.2.x <=3.4.15). > Is there any plans to upgrade the version of the MongoDB to mitigate the > vulnerability > > Regards >
