Details
-
Bug
-
Resolution: Done
-
Major - P3
-
None
-
None
-
None
-
None
-
ALL
Description
As per the License FAQ patches to MongoDB server are now licensed under the SSPL.
In general, Linux distributions have not been able to adopt these more recent releases of mongodb due to this license change. As such, these distributions still ship and try to maintain the older AGPL licensed mongodb release. However, given that this older release is no longer maintained it is now affected by numerous security vulnerabilities which cannot be patched in these distributions due to the aforementioned license change.
Would it be possible for MongoDB to dual-license just the specific CVE/security bug patches as AGPL to allow these distributions to incorporate those security fixes within their mongodb packages and hence provide this fundamental security support to their users?