[SERVER-17252] Upgrade PCRE Version from 8.30 to Latest Created: 11/Feb/15 Updated: 07/Jun/17 Resolved: 05/Mar/15 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Build, Internal Code |
| Affects Version/s: | 2.6.7, 3.0.0-rc8 |
| Fix Version/s: | 2.4.14, 2.6.9, 3.0.1, 3.1.0 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Victor Hooi | Assignee: | Mark Benvenuto |
| Resolution: | Done | Votes: | 0 |
| Labels: | asp, asp-cve, asp-sdl-reported, asp-vuln-dos | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Backwards Compatibility: | Minor Change | ||||||||||||||||
| Backport Completed: | |||||||||||||||||
| Participants: | |||||||||||||||||
| Description |
|
Issue Status as of Mar 10, 2015 ISSUE SUMMARY
When running with authentication, users need to be successfully authenticated into MongoDB to be able to exploit these vulnerabilities. USER IMPACT WORKAROUNDS AFFECTED VERSIONS FIX VERSION RESOLUTION DETAILS ADDITIONAL INFORMATION Original descriptionCurrently, MongoDB ships with version 8.30 of the PCRE library: This is somewhat out of date. It would be good to update this to the latest version, which at time of writing was 8.36 (released October 2014). |
| Comments |
| Comment by Daniel Pasette (Inactive) [ 07/Apr/15 ] |
|
There are no version of v2.4 that have the fix other than the nightly build. v2.6 and v3.0 both have the fix in production releases. |
| Comment by sheyda amini [ 07/Apr/15 ] |
|
I may have to rephrase my question, does this mean that other releases on v2.4.x have the fix? We are running 2.4.6. |
| Comment by sheyda amini [ 06/Apr/15 ] |
|
Thanks! Any idea when 2.4.14 will be released? |
| Comment by Daniel Pasette (Inactive) [ 04/Apr/15 ] |
|
the fix has been backported to the v2.4 branch, but the 2.4.14 version has not yet been released. |
| Comment by sheyda amini [ 03/Apr/15 ] |
|
Does Release 2.4.14 also contain the fix for security vulnerability that has been fixed in version 2.6.9 and later ? |
| Comment by Githook User [ 05/Mar/15 ] |
|
Author: {u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}Message: (cherry picked from commit 62c7c349095713d14e6035f356981398a16c55a6) |
| Comment by Githook User [ 05/Mar/15 ] |
|
Author: {u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}Message: (cherry picked from commit 69db0b402891afe1e91ce03cd82c0a3c15fca48e) |
| Comment by Githook User [ 05/Mar/15 ] |
|
Author: {u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}Message: (cherry picked from commit b3085ab4f62cb80a5a2f63afe5a0be687c799a96) |
| Comment by Githook User [ 05/Mar/15 ] |
|
Author: {u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}Message: (cherry picked from commit 558a019e51175b874de11f96c276f6be633fea91) |
| Comment by Githook User [ 05/Mar/15 ] |
|
Author: {u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}Message: (cherry picked from commit 21ab861effaa74362fc29fc7b20e3d413794f0ba) |
| Comment by Githook User [ 05/Mar/15 ] |
|
Author: {u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}Message: (cherry picked from commit 69db0b402891afe1e91ce03cd82c0a3c15fca48e) |
| Comment by Githook User [ 05/Mar/15 ] |
|
Author: {u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}Message: (cherry picked from commit b3085ab4f62cb80a5a2f63afe5a0be687c799a96) |
| Comment by Githook User [ 05/Mar/15 ] |
|
Author: {u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}Message: (cherry picked from commit 558a019e51175b874de11f96c276f6be633fea91) |
| Comment by Githook User [ 05/Mar/15 ] |
|
Author: {u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}Message: (cherry picked from commit 21ab861effaa74362fc29fc7b20e3d413794f0ba) |
| Comment by Githook User [ 05/Mar/15 ] |
|
Author: {u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}Message: |
| Comment by Githook User [ 05/Mar/15 ] |
|
Author: {u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}Message: (cherry picked from commit 69db0b402891afe1e91ce03cd82c0a3c15fca48e) |
| Comment by Githook User [ 05/Mar/15 ] |
|
Author: {u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}Message: (cherry picked from commit b3085ab4f62cb80a5a2f63afe5a0be687c799a96) |
| Comment by Githook User [ 05/Mar/15 ] |
|
Author: {u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}Message: (cherry picked from commit 558a019e51175b874de11f96c276f6be633fea91) |
| Comment by Githook User [ 05/Mar/15 ] |
|
Author: {u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}Message: (cherry picked from commit 21ab861effaa74362fc29fc7b20e3d413794f0ba) |
| Comment by Githook User [ 05/Mar/15 ] |
|
Author: {u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}Message: |
| Comment by Githook User [ 04/Mar/15 ] |
|
Author: {u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}Message: |
| Comment by Githook User [ 04/Mar/15 ] |
|
Author: {u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}Message: |
| Comment by Githook User [ 04/Mar/15 ] |
|
Author: {u'username': u'markbenvenuto', u'name': u'Mark Benvenuto', u'email': u'mark.benvenuto@mongodb.com'}Message: |