Headline
CVE-2023-4009: Ops Manager Server Changelog — MongoDB Ops Manager 5.0
In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.
On this page
- Ops Manager Server 5.0
- Ops Manager Server 4.4
- Ops Manager Server 4.2
- Ops Manager Server 4.0
- Ops Manager Server 3.6
- Ops Manager Server 3.4
- Ops Manager Server 2.0
- Ops Manager Server 1.8
- Ops Manager Server 1.6
- MMS Onprem Server 1.5
- MMS OnPrem Server 1.4
- MMS OnPrem Server 1.3
- MMS OnPrem Server 1.2
Ops Manager Server 5.0¶
Ops Manager Server 5.0.22¶
Released 2023-07-31
- Updates JDK to jdk-11.0.20+8.
- Updates the MongoDB Agent to 11.0.27.7162.
- Includes MongoDB Database Tools 100.7.1.
- Fixes CVE-2023-4009: Privilege Escalation for Project Owner and Project User Admin roles in Ops Manager.
- In MongoDB Ops Manager 5.0 prior to 5.0.22, an authenticated user with Project Owner or Project User Admin access roles could generate an API key with the privileges of the Organization Owner role resulting in privilege escalation.
- CVSS Score: 7.2.
- CWE-648: Incorrect Use of Privileged APIs.
Ops Manager Server 5.0.21¶
Released 2023-06-1
- Updates JDK to jdk-11.0.19+7.
- Updates the MongoDB Agent to 11.0.26.7158.
- Includes BI Connector 2.14.6.
- Includes MongoDB Database Tools 100.7.0.
- Defaults the Multiple Workers option for a single file during backup to On.
- Snapshots now include a flag that indicates whether or not they are incremental.
- Fixes CVE-2023-0342.
Ops Manager Server 5.0.20¶
Released 2023-03-15
- Updates the MongoDB Agent to 11.0.25.7136.
- Updates Apache Commons FileUpload to 1.5 to address CVE-2023-24998.
- Adds an option to support using multiple workers for a single file during backups. You can enable this beta feature by doing the following:
- In the Settings page for your Project, click the Beta Features tab.
- Toggle Backup Multiple Workers Per File to enable the feature.
Ops Manager Server 5.0.18¶
Released 2023-02-02
- Updates JDK to jdk-11.0.18+10.
- Updates the MongoDB Agent to 11.0.23.7129.
Ops Manager Server 5.0.17¶
Released 2022-11-17
- Updates JDK to jdk-11.0.17+8.
- Updates the MongoDB Agent to 11.0.22.7120.
Ops Manager Server 5.0.15¶
Released 2022-09-19
- Removes spurious audit log rotation errors from the MongoDB Agent log files and corrects file suffix handling.
- Updates JDK to jdk-11.0.16.1+1.
- Updates the MongoDB Agent to 11.0.20.7108.
Ops Manager Server 5.0.14¶
Released 2022-08-04
Updates JDK to jdk-11.0.16+8.
Updates the MongoDB Agent to 11.0.19.7094.
Warning
Due to critical issue SERVER-68925, Ops Manager deployments using this version of the MongoDB Agent should not perform automated rolling index builds on clusters running the following MongoDB versions:
- MongoDB 4.2.19-4.2.22
- MongoDB 4.4.13-4.4.16
- MongoDB 5.0.6-5.0.11
- MongoDB 6.0.0-6.0.1
You can continue to perform manual rolling index builds safely on your clusters. To perform automated rolling index builds safely, upgrade your clusters to:
- MongoDB 4.2.23 or later
- MongoDB 4.4.17 or later
- MongoDB 5.0.12 or later
- MongoDB 6.0.2 or later
Ops Manager Server 5.0.13¶
Released 2022-07-21
Updates the MongoDB Agent to 11.0.18.7089.
Warning
Due to critical issue SERVER-68925, Ops Manager deployments using this version of the MongoDB Agent should not perform automated rolling index builds on clusters running the following MongoDB versions:
- MongoDB 4.2.19-4.2.22
- MongoDB 4.4.13-4.4.16
- MongoDB 5.0.6-5.0.11
- MongoDB 6.0.0-6.0.1
You can continue to perform manual rolling index builds safely on your clusters. To perform automated rolling index builds safely, upgrade your clusters to:
- MongoDB 4.2.23 or later
- MongoDB 4.4.17 or later
- MongoDB 5.0.12 or later
- MongoDB 6.0.2 or later
Fixes an issue that caused premature termination of sharded cluster snapshots when one shard completed its snapshot before the other shards.
Ops Manager Server 5.0.12¶
Released 2022-06-30
Updates log4j-over-slf4j to 1.7.36 to address CVE-2020-9493.
Fixes an issue where editing an Oplog Store’s name that contains dots (.) might have resulted in errors.
Compatible with MongoDB Database Tools 100.5.3.
Updates the MongoDB Agent to 11.0.17.7086.
Switches to the BCFIPS Java Security Provider library.
Switches from using /dev/random for random number generation to using /dev/urandom.
Warning
Due to critical issue SERVER-68925, Ops Manager deployments using this version of the MongoDB Agent should not perform automated rolling index builds on clusters running the following MongoDB versions:
- MongoDB 4.2.19-4.2.22
- MongoDB 4.4.13-4.4.16
- MongoDB 5.0.6-5.0.11
- MongoDB 6.0.0-6.0.1
You can continue to perform manual rolling index builds safely on your clusters. To perform automated rolling index builds safely, upgrade your clusters to:
- MongoDB 4.2.23 or later
- MongoDB 4.4.17 or later
- MongoDB 5.0.12 or later
- MongoDB 6.0.2 or later
Ops Manager Server 5.0.11¶
Released 2022-06-02
Adds support for the PagerDuty Events API V2. All new PagerDuty keys use their Events API v2.
Fixes an issue where updating MongoDB Agent versions via the API fails when you use controlled features.
Updates the MongoDB Agent to 11.0.16.7080.
Warning
Due to critical issue SERVER-68925, Ops Manager deployments using this version of the MongoDB Agent should not perform automated rolling index builds on clusters running the following MongoDB versions:
- MongoDB 4.2.19-4.2.22
- MongoDB 4.4.13-4.4.16
- MongoDB 5.0.6-5.0.11
- MongoDB 6.0.0-6.0.1
You can continue to perform manual rolling index builds safely on your clusters. To perform automated rolling index builds safely, upgrade your clusters to:
- MongoDB 4.2.23 or later
- MongoDB 4.4.17 or later
- MongoDB 5.0.12 or later
- MongoDB 6.0.2 or later
Ops Manager Server 5.0.10¶
Released 2022-05-05
Adds support for Debian 10 when you use the BI Connector.
Fixes an issue that occured when you changed the default server usage for organizations.
Updates the JDK to jdk-11.0.15+10.
Updates the MongoDB Agent to 11.0.15.7073.
Warning
Due to critical issue SERVER-68925, Ops Manager deployments using this version of the MongoDB Agent should not perform automated rolling index builds on clusters running the following MongoDB versions:
- MongoDB 4.2.19-4.2.22
- MongoDB 4.4.13-4.4.16
- MongoDB 5.0.6-5.0.11
- MongoDB 6.0.0-6.0.1
You can continue to perform manual rolling index builds safely on your clusters. To perform automated rolling index builds safely, upgrade your clusters to:
- MongoDB 4.2.23 or later
- MongoDB 4.4.17 or later
- MongoDB 5.0.12 or later
- MongoDB 6.0.2 or later
Ops Manager Server 5.0.9¶
Released 2022-04-07
- Adds support for concurrent MongoDB version 4.2+ snapshots and S3 snapshot store grooms.
- Fixes an incorrect link when filtering backup jobs on the admin pages.
- Fixes an issue where the MongoDB Agent erroneously rejects changes when you use controlled features.
- Changes how disk space is calculated for Cloud Live Migrations. Starting with this release, the migration process validates that the target MongoDB Atlas cluster has enough free disk based on the storage size of the compressed data. To learn more about data and storage sizes, see dbStats.
- Fixes an issue when creating LDAP group mappings through the API.
- Updates the MongoDB Agent to 11.0.14.7064.
- Compatible with MongoDB Database Tools 100.5.2.
Ops Manager Server 5.0.8¶
Released 2022-03-03
- Supports MongoDB log rotate configuration and commands for independent log rotation configuration for MongoDB Log and MongoDB Audit Log Files.
- Updates the MongoDB Agent to 11.0.13.7055.
- Compatible with MongoDB Database Tools 100.5.2.
Ops Manager Server 5.0.7¶
Released 2022-02-17
Removes support for running Ops Manager on:
- RHEL 7.x/8.x, and Ubuntu 16.x on PowerPC (ppc64le) architectures.
- RHEL 6.x/7.x, Ubuntu 18.x, and SUSE 12.x on zSeries (s390x) architectures.
To learn more about supported platforms for running Ops Manager on, see Ops Manager Software Requirements.
Fixes an issue where S3 Oplog Stores can leave behind S3 objects even after the configured retention window has elapsed.
Updates JDK to jdk-11.0.14.1+1
Keeps legacy monitoring and backup agents in sync with MongoDB agent configuration when making automationConfig API and UI updates.
Removes workaround to use an X.509 CommonName instead of a SAN.
Updates the MongoDB Agent to 11.0.12.7051
Compatible with MongoDB Database Tools 100.5.2.
Ops Manager Server 5.0.6¶
Released 2022-01-13
Improves storage size calculation for a Cloud Live Migration of a sharded cluster.
Fixes a bug that prevents Ops Manager from syncing user information from LDAP servers.
Fixes a bug where Ops Manager incorrectly escaped characters in LDAP search filters.
Updates the MongoDB Agent to 11.0.11.7036.
When taking a snapshot, allows the MongoDB Agent to slow the sending of data blocks when Ops Manager is overloaded, so that the snapshot can complete. Successful completion of snapshots is prioritized over speed.
Compatible with MongoDB Database Tools 100.5.1.
Ops Manager Server 5.0.5¶
Released 2021-12-02
- Upgrades the JDK to version 11.0.13.
- Updates the MongoDB Agent to 11.0.10.7021.
Ops Manager Server 5.0.4¶
Released 2021-11-04
- Fixed an issue where S3 oplog stores would not appear on the Oplog Storage page in the administration console in all configurations.
- Updates the MongoDB Agent to 11.0.9.7010.
- Removes support for RHEL 6.
Ops Manager Server 5.0.3¶
Released 2021-10-06
- Updates the MongoDB Agent to 11.0.8.7002.
Ops Manager Server 5.0.2¶
Released 2021-09-03
- Fixes a bug where, when running in local mode, with both PowerPC RHEL71 and RHEL81 builds of MongoDB present, the RHEL81 build would always be selected.
- Updates the MongoDB Agent to 11.0.7.6992.
- Upgrades the JDK to version 11.0.12, which restricts the use of insecure TLS versions 1.0 and 1.1. To learn more, see the JDK release notes.
- Compatible with MongoDB Database Tools 100.4.0.
Ops Manager Server 5.0.1¶
Released 2021-08-05
- Improves Log Collection Jobs.
- Adds a warning message when Ops Manager has less than 10GB of disk space available.
- Fixes a bug that prevents clusters’ Real-Time Panel tab from loading properly.
- Disables the continuous backup page when AppDB monitoring is enabled.
- Updates the MongoDB Agent to 11.0.6.6981.
- Compatible with MongoDB Database Tools 100.4.0.
Ops Manager Server 5.0.0¶
Released 2021-07-13
MongoDB Cloud Migration Service¶
Adds the MongoDB Cloud Migration Service. This service powers Live Migrations from Ops Manager or MongoDB Cloud Manager to MongoDB Atlas. The service runs when you use the Live Migration wizard in MongoDB Atlas. After preparing a target cluster in Atlas, provisioning a migration host in Ops Manager, and linking your Ops Manager or MongoDB Cloud Manager organization to your MongoDB Atlas organization, you can launch a Live Migration process in MongoDB Atlas for an existing cluster in Ops Manager or MongoDB Cloud Manager, and migrate all data from the source cluster to a target cluster in Atlas. You can also migrate a MongoDB Community to MongoDB Atlas.
For more information, see Workflow for Live Migration in the Atlas documentation.
To live migrate your deployment from Ops Manager or MongoDB Cloud Manager to Atlas, see Migrate from Ops Manager to Atlas. To live migrate your MongoDB Community deployments to Atlas using Ops Manager, see Migrate a MongoDB Community Deployment to Atlas.
MongoDB Cluster Management¶
- Supports managing, monitoring, and backing up MongoDB 5.0 deployments.
- Highlights deployments running without best-practice security features enabled (TLS, authentication, authorization) in the Clusters page.
- Highlights changes to MongoDB clusters that result in processes restarts in the Review and Deploy confirmation modal.
Backup¶
- Improves snapshot resiliency to transient failures for clusters running MongoDB 4.2 or later.
- Improves performance for snapshots running MongoDB 4.2 or later.
- Improves metadata management and handling of large files.
Activity Feed¶
- Increases granularity of date filters in Activity Feed to the hour.
- Adds ability for admins to download a JSON view of the Activity Feed.
- Adds categories of events for improved filtering of Activity Feed items. These improvements exist in both the console and the API.
Deprecated Language¶
Changes all instances of the following terms in the activity feed, console, and API endpoint URLs:
- Whitelist or Blacklist to Access List
- slaveDelay to secondaryDelaySecs
Make sure to update any application code or scripts with these updated labels to reflect this change.
Performance Advisor¶
- Supports up to 200,000 logs.
- Doesn’t cap logs read at 10 MB.
- Suggests removing redundant, unused, or hidden indexes.
Monitoring¶
Adds new hardware charts for system level memory, swap, and network usage on RHEL Linux.
Kubernetes¶
Simplifies deploying Kubernetes MongoDB resources. This release adds a wizard-like interface to generate configuration files in the Ops Manager console. MongoDB Kubernetes Enterprise Operator improvements released separately.
Ops Manager Packaging¶
- Signs Ops Manager packages with PGP.
- Supports Ops Manager services on RedHat Enterprise Linux version 8 on the ppc64le architecture.
Security¶
Disables TLS versions 1.0 and 1.1 by default.
Ops Manager Server 4.4¶
Ops Manager Server 4.4.24¶
Released 2022-07-29
- Updates the JDK to jdk-11.0.16+8.
- Updates the MongoDB Agent to 10.14.35.6589.
Ops Manager Server 4.4.23¶
Released 2022-07-07
- Fixes an issue where editing an Oplog Store’s name that contains dots (.) might have resulted in errors.
- Updates the MongoDB Agent to 10.14.34.6588.
Ops Manager Server 4.4.22¶
Released 2022-05-05
- Adds support for Debian 10 when you use the BI Connector.
- Fixes an issue that occurred when you changed the default server usage for organizations.
- Updates the MongoDB Agent to 10.14.33.6581.
- Updates the JDK to jdk-11.0.15+10.
- Upgrades the com.google.protobuf:protobuf-java package to 3.19.4.
Ops Manager Server 4.4.21¶
Released 2022-02-17
Removes support for running Ops Manager on:
- RHEL 7.x/8.x, and Ubuntu 16.x on PowerPC (ppc64le) architectures.
- RHEL 6.x/7.x, Ubuntu 18.x, and SUSE 12.x on zSeries (s390x) architectures.
To learn more about supported platforms for running Ops Manager on, see Ops Manager Software Requirements.
Fixes an issue where S3 Oplog Stores can leave behind S3 objects even after the configured retention window has elapsed.
Updates the JDK to jdk-11.0.14.1+1.
Removes workaround to use an X.509 CommonName instead of a SAN.
Updates the MongoDB Agent to 10.14.32.6576.
Ops Manager Server 4.4.20¶
Released 2022-01-13
Updates the MongoDB Agent to 10.14.31.6566.
When taking a snapshot, allows the MongoDB Agent to slow the sending of data blocks when Ops Manager is overloaded, so that the snapshot can complete. Successful completion of snapshots is prioritized over speed.
Ops Manager Server 4.4.19¶
Released 2021-11-16
- Updates JDK to jdk-11.0.13+8.
- Updates the MongoDB Agent to 10.14.30.6552.
Ops Manager Server 4.4.18¶
Released 2021-11-04
- Updates the MongoDB Agent to 10.14.29.6548.
- Removes support for RHEL 6.
Ops Manager Server 4.4.17¶
Released 2021-09-03
- Fixes a bug where, when running in local mode, with both PowerPC RHEL71 and RHEL81 builds of MongoDB present, the RHEL81 build would always be selected.
- Updates the MongoDB Agent to 10.14.28.6532.
- Upgrades the JDK to version 11.0.12, which restricts the use of insecure TLS versions 1.0 and 1.1. To learn more, see the JDK release notes.
- Compatible with MongoDB Database Tools 100.5.0.
Ops Manager Server 4.4.16¶
Released 2021-08-05
- Fixes a bug that caused restore to fail due to an invalid ping from the backup agent.
- Adds a warning message when Ops Manager has less than 10GB of disk space available.
- Fixes a bug that caused the System Alerts UI to fail after a system alert was saved with a webhook URL.
- Updates the MongoDB Agent to 10.14.27.6524.
- Compatible with MongoDB Database Tools 100.3.1.
Ops Manager Server 4.4.15¶
Released 2021-07-01
- When creating a global owner, the generated API keys now also include the selected IP access list
- Compatible with MongoDB Database Tools 100.3.1.
Ops Manager Server 4.4.14¶
Released 2021-06-10
- Fixes a bug that caused restore to fail due to an invalid tar header for filesystem stores.
- Compatible with MongoDB Database Tools 100.3.1.
Ops Manager Server 4.4.13¶
Released 2021-06-03
- Upgrades JDK to jdk-11.0.11+9.
- Disables TLS versions 1.0 and 1.1.
- Fixes a bug that would re-enable Ops Manager instances for API writes during an upgrade of Ops Manager.
- Fixes a date formatting issue when listing logs in the admin user interface.
- Adds MongoDB server for RHEL 8.1 running on PowerPC to Ops Manager’s version manifest.
- Caches the computed list of MongoDB binaries available on disk in Local Mode.
- Updates the MongoDB Agent to 10.14.24.6508.
- Compatible with MongoDB Database Tools 100.3.1.
Ops Manager Server 4.4.12¶
Released 2021-05-06
- Fixed a bug that caused the User Authentication Method field on the Ops Manager Config page to not display a visual indicator that the setting is overwritten in the configuration file.
- Removed support for Ubuntu 16.04 since Ubuntu 16.04 is End OF Life (EOL) as of April 2021.
- Updates the MongoDB Agent to 10.14.23.6498.
- Compatible with MongoDB Database Tools 100.3.1.
Ops Manager Server 4.4.11¶
Released 2021-04-01
- Updates an outdated comment in the conf-mms.properties file. Even though Ops Manager 4.4.11 does not add any new parameters to this file, the upgrade process detects that the file had changed. To avoid having to manually reconfigure Ops Manager, ensure that Ops Manager uses the current version of this file after the upgrade. Create and store backup copies of all your configuration files, to avoid losing important Ops Manager configuration.
- For upgrades that use the .deb package, the upgrade process prompts you to choose which version of the conf-mms.properties file Ops Manager should use. Choose the current conf-mms.properties file.
- For upgrades that use the rpm package, the upgrade process saves the conf-mms.properties file as the conf-mms.properties.rpmsave file. Use the mv command to rename conf-mms.properties.rpmsave to conf-mms.properties. This ensures that Ops Manager uses the current file after the upgrade.
- Fixes a bug in the MongoDB usage report where backing databases are not correctly identified.
- Fixes a bug in the MongoDB usage report where Ops Manager could potentially find duplicate hosts based on network aliases.
- Fixes a bug that causes some MongoDB versions to be considered as custom builds when validating the Automation configuration.
- Fixes a bug that disallows configuring LDAP group names longer than 100 characters.
- Updates the MongoDB Agent to 10.14.22.6489.
- Requires MongoDB Database Tools 100.3.1.
- Changes the protocolVersion API parameter from an integer to a string. For example, previously, you could specify 1 for this parameter. Now, you must specify “1” for this parameter instead.
Ops Manager Server 4.4.10¶
Released 2021-03-04
- Allows you to choose either redact, or to not redact, sensitive information from the server usage report. If you choose to redact, Ops Manager redacts before it generates the report for download.
- Updates the MongoDB Agent to 10.14.21.6476.
- Requires MongoDB Database Tools 100.3.0.
Ops Manager Server 4.4.9¶
Released 2021-02-17
- Fixes a regression introduced in Ops Manager 4.4.8 that prevents the MongoDB Version Manifest from being updated.
- Updates the MongoDB Agent to 10.14.20.6466.
- Requires MongoDB Database Tools 100.2.0.
Ops Manager Server 4.4.7¶
Released 2021-01-11
- Fixes a bug that causes the Ops Manager Backup process to require excess memory when terminating the backup job.
- Fixes a bug that causes the backup process to fail to take new snapshots when using a File System Store during a backup of a MongoDB deployment on version 4.2 or later.
- Limits host ping information from active groups to when generating the diagnostic archives file.
- Limits backup logs based on the limit option when generating the diagnostic archives.
- Updates the MongoDB Agent to 10.14.18.6453.
- Requires MongoDB Database Tools 100.2.0.
Ops Manager Server 4.4.6¶
Released 2020-12-03
- Fixes a bug that prevents Ops Manager from correctly authenticating to an HTTP Proxy.
- Limits Tracking and Groom Jobs to the Backup Daemons set in the Backup Configuration. This applies to the project in which you set the configuration and run the jobs.
- Updates the MongoDB Agent to 10.14.17.6445
- Requires MongoDB Database Tools 100.2.0.
Ops Manager Server 4.4.5¶
Released 2020-11-05
- Updates the JDK to jdk-jdk-11.0.9.11.1.
- Supports viewing MongoDB Profiler entries with overlapping timestamps separately in the Visual Query Profiler.
- Updates the MongoDB Agent to 10.14.16.6437.
- Requires MongoDB Database Tools 100.2.0.
Ops Manager Server 4.4.4¶
Released 2020-10-07
- Adds JVM Arguments in the Ops Manager diagnostic archive.
- Adds a new configuration parameter Non Proxy Hosts which allows the Ops Manager Application Server to bypass the outgoing proxy you configured when accessing specific hosts.
- Fixes a bug that prevents users from changing their password.
- Updates the MongoDB Agent to 10.14.15.6432.
- Adds support for Ubuntu 20.04.
- Requires MongoDB Database Tools 100.1.0.
Ops Manager Server 4.4.3¶
Released 2020-09-23
- Fixes a high severity vulnerability in Ops Manager. CVE-2020-7927 is allocated for this issue.
- Fixes an issue that can prevent alert processing for monitored clusters with partial status information.
- Removes muninEnabled and muninPort fields from the Hosts API.
- Updates the MongoDB Agent to 10.14.14.6427.
- Requires MongoDB Database Tools 100.1.0.
Ops Manager Server 4.4.2¶
Released 2020-09-03
- Fixes unexpected errors that occur when:
- Editing a blockstore with one or more dots (.) in its name.
- Trying to update Global API Keys via the API with an invalid request.
- Trying to update a global whitelist IP.
- Includes MongoDB Business Intelligence Connector v2.14.0.
- Supports file system snapshot stores with MongoDB databases running FCV 4.2 or later.
- Updates the MongoDB Agent to 10.14.13.6423.
- Requires MongoDB Database Tools 100.1.0.
Ops Manager Server 4.4.1¶
Released 2020-08-05
- Allows replica sets to be force reconfigured using console.
- Fixes an issue with Organization-level API key returning HTTP error 500 when no roles are defined.
- Improves Ops Manager packaging.
- Updates MongoDB Agent to 10.14.12.6411.
- Requires MongoDB Database Tools 100.0.2.
Ops Manager Server 4.4.0¶
Released 2020-07-08
Supports management, monitoring and backup of MongoDB 4.4 deployments.
Can be deployed to Kubernetes using the MongoDB Enterprise Kubernetes Operator.
Improves summary and detailed views of MongoDB deployments.
Improves the operational performance of managing large sharded clusters.
Example
Applies requested configuration changes across the cluster faster.
Improves rendering performance of the Metrics page.
Supports direct monitoring of the Ops Manager application database.
Supports fetching MongoDB binaries from a custom HTTP server.
Sets the Profiler to use MongoDB slow query logs as the default data source.
If you had not enabled the Profiler:
You now see the Profiler. Ops Manager sources the data points from your slow query logs. These data points have been logged since Ops Manager 4.2 through the Performance Advisor.
If you had enabled the Profiler:
You continue to see the Profiler. Ops Manager sources the data points from your slow query logs rather than through the MongoDB Profiler entries. (These entries continue to be ingested.) The MongoDB Profiler entries contain more detailed information than the slow query logs. To revert to using the profiler entries, toggle the Project’s feature flag Profiler Nds to OFF.
Introduces Schema Advisor for automatic identification of schema optimization opportunities.
Supports AWS IAM roles in S3 Snapshot Store configurations.
Upgrades OpenJDK to 11.0.8+10.
Requires MongoDB Database Tools 100.0.2.
Ops Manager Support Ends after 4.4 Series
- Support for running Ops Manager on the Windows platform ends after the 4.4 series.
- Ops Manager still supports managing MongoDB deployments that run on Windows 2016, 2019, 2020.
Ops Manager Server 4.2¶
Ops Manager Server 4.2.26¶
Released 2021-07-29
- Upgrades third-party dependencies and fixes minor bugs.
Ops Manager Server 4.2.25¶
Released 2021-06-03
- Upgrades JDK to jdk-11.0.11+9.
- Disables TLS versions 1.0 and 1.1.
- Fixes a bug that would re-enable Ops Manager instances for API writes during an upgrade of Ops Manager.
- Caches the computed list of MongoDB binaries available on disk in Local Mode.
- Updates the MongoDB Agent to 10.2.25.6010.
Ops Manager Server 4.2.24¶
Released 2021-05-05
- Fixes an issue where the MongoDB usage report might find duplicate hosts based on network aliases.
- Updates an outdated comment in the conf-mms.properties file that comes with Ops Manager. When you upgrade to this version, you receive a notification that the configuration file changed. For example, on Redhat systems: /opt/mongodb/mms/conf/conf-mms.properties saves as /opt/mongodb/mms/conf/conf-mms.properties.rpmsave. You can disregard this notification and keep using the existing or current configuration file. No new parameters are added.
- Adds further protections against CVE-2021-20335.
- Updates the MongoDB Agent to 10.2.24.6007.
Ops Manager Server 4.2.23¶
Released 2021-01-27
- Fixes a bug where Ops Manager reported a server error when trying to save an invalid configuration on the LDAP Admin configuration page.
- Generates diagnostic archives that contain:
- Host ping information only for active groups.
- Backup logs limited by the Backup log settings.
- Fixes a medium severity vulnerability in Ops Manager. CVE-2021-20335 is allocated for this issue.
CVE ID: CVE-2021-20335
Title
SSL may be unexpectedly disabled during upgrade of multiple-server MongoDB Ops Manager
Description
For MongoDB Ops Manager 4.2.X with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager 4.4.X triggers a bug where Automation thinks SSL is being turned off, and can disable SSL temporarily for members of the cluster. This issue is temporary and eventually corrects itself after MongoDB Ops Manager instances have finished upgrading to MongoDB Ops Manager 4.4. In addition, customers must be running with clientCertificateMode=OPTIONAL / allowConnectionsWithoutCertificates=true to be impacted.
CVSS score
6.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Affected versions
MongoDB Ops Manager 4.2, 4.2.0 to 4.2.22
Ops Manager Server 4.2.22¶
Released 2020-12-03
- Fixes a bug that prevents Ops Manager from correctly authenticating to an HTTP Proxy.
- Updates the MongoDB Agent to 10.2.22.6000.
Ops Manager Server 4.2.21¶
Released 2020-11-05
- Adds a migration that removes REPLICATION_OPLOG_WINDOW_RUNNING_OUT events when upgrading to Ops Manager 4.0 or 4.2. If any alerts or alert configurations of event type REPLICATION_OPLOG_WINDOW_RUNNING_OUT exist, global alerts throw the runtime exception “Alert job failed due to runtime error: No enum constant”.
- Updates the JDK to jdk-jdk-11.0.9.11.1.
- Updates the MongoDB Agent to 10.2.21.5995.
Ops Manager Server 4.2.20¶
Released 2020-10-07
- Adds a new configuration parameter (http.proxy.nonProxyHosts) which allows the Ops Manager Application Server to bypass the configured outgoing proxy when accessing specific hosts.
Ops Manager Server 4.2.19¶
Released 2020-09-25
- Fixes an issue that prevents rendering the All Clusters view for some users in Ops Manager 4.2.18.
- Adds support for Debian 10.
Ops Manager Server 4.2.18¶
Released 2020-09-23
- Fixes a high severity vulnerability in Ops Manager. CVE-2020-7927 is allocated for this issue.
Ops Manager Server 4.2.16¶
Released 2020-08-06
- Fixes an error when creating API Keys without roles.
- Updates the diagnostic archive filename to include the current date and time of the server when generated or downloaded.
- Updates JDK to AdoptOpenJDK 11.0.8+10.
- Updates MongoDB Agent to 10.2.20.5991.
Ops Manager Server 4.2.15¶
Released 2020-07-02
- Allows users to audit user creation / modification events through the API.
Fixes¶
- Fixes a bug that prevented Ops Manager upgrades when the Application Database is a sharded cluster.
- Fixes a bug with converting from LDAP Native Authentication to saslauthd.
- Fixes a bug where the Backup dashboard can be inaccessible while a snapshot is in progress for a MongoDB 4.2 deployment.
- Fixes an issue that can prevent a successful snapshot of a MongoDB 4.2 deployment that contains a large number of files.
Ops Manager Server 4.2.14¶
Released 2020-06-04
Alerts¶
- Fixes an issue with the BACKUP_AGENT_DOWN alert and MongoDB 4.2+ deployments.
Backup¶
- Removes enforcement of a minimum oplog window size on a replica set before you can enable Backup.
- Fixes an issue with snapshots of MongoDB 4.2+ running on Windows while the Ops Manager Application runs on Linux.
- Fixes an issue where a MongoDB 4.2+ queryable restore fails if the snapshot contains a large WiredTiger.wt file.
- Fixes an issue that caused snapshot generation of the CSRS of a sharded cluster to stall in certain arrangements of MongoDB Agents running the Backup module.
- Fixes an issue that prevented editing block stores in the Ops Manager Administration Console.
Ops Manager Server 4.2.13¶
Released 2020-05-14
Backup¶
- Supports point-in-time restores for MongoDB 4.2 deployments.
- Retries rather than fails when a transient network error to the KMIP server configured for Ops Manager occurs.
- Improves the algorithm for which MongoDB 4.2 replica set and shard members use to select for creating snapshots.
- Supports queryable restores for MongoDB 4.2 deployments.
- Supports incremental backup with MongoDB 4.2.6 or later.
Fixes¶
- Fixes bug that prevented creating a new group via the API when SAML is enabled.
- Fixes a console issue for managed deployments where a shard key’s fields can be displayed out of order.
- Fixes an issue for managed deployments on Windows with spaces in directory paths.
- Fixes an issue that could prevent enabling authentication on a managed deployment through the API.
- Fixes an issue that could prevent managed deployments from upgrading to a custom MongoDB build.
- Fixes issue in console for managed deployments where the Review and Deploy confirmation can mistakenly display that a sharded cluster CSRS is being removed from the deployment.
- Reduces impact of RTPP on backing MongoDB.
Backend¶
- Updates JDK to AdoptOpenJDK 11.0.8+10.
Ops Manager Server 4.2.11¶
Released 2020-04-06
- Bootstrapping a Backup initial sync using rsync can now complete when syncing from a hidden secondary.
- Logs are viewable in the Ops Manager Admin panel.
- Ensures initial sync can complete after FCV downgrades.
- Upgrades Agent: MongoDB Agent 10.2.15.5958.
Ops Manager Server 4.2.10¶
Released 2020-03-16
- No longer requires that JavaScript be enabled on the Ops Manager Application Database.
Ops Manager Server 4.2.9¶
Released 2020-03-05
- Fixes an issue which arose when toggling the authentication mechanism for a MongoDB user in the Deployment: Security: Users tab between SCRAM-SHA-256 and SCRAM-SHA-1.
- Adds the new version (2.13.4) for the MongoDB Business Intelligence Connector.
- Removes all uses of the MMAPv1 noPadding option for Ops Manager backing databases. This resolves issues encountered when upgrading Ops Manager backing databases from MongoDB version 4.0 to 4.2.
- Shows progress of backup snapshots for MongoDB version 4.2+ on the backup dashboard.
Ops Manager Server 4.2.8¶
Released 2020-02-06
- Allows you to manage the LDAP and SAML configuration for the Organization Project Creator and Project User Admin roles via the Ops Manager user interface.
- Fixes a bug that prevented the Backup Daemon from correctly working on RHEL8 when using a MongoDB 4.2 database.
- Updates JDK to AdoptOpenJDK 11.0.6+10.
- Upgrades Agent: MongoDB Agent 10.2.13.5943
Ops Manager Server 4.2.7¶
Released 2020-01-09
- Optimizes snapshots of MongoDB 4.2 and later clusters. This increases parallelism when sending bytes to the snapshot store for large files.
- Upgrades Agent: MongoDB Agent 10.2.12.5930.
Ops Manager Server 4.2.5¶
Released 2019-12-12
- Supports backup of MongoDB 4.2 sharded clusters.
- Ops Manager is now supported on RHEL8 and Debian 10.
- Upgrades Agent: MongoDB Agent 10.2.10.5921.
Ops Manager Server 4.2.3¶
Released 2019-10-10
- Removes the Version Behind alert if:
- The alert had been configured for deployments using the legacy Monitoring and Backup Agents, and
- Deployments using that alert were upgraded to using the MongoDB Agent.
- Upgrades Agent: MongoDB Agent 10.2.8.5901-1.
Ops Manager Server 4.2.1¶
Released 2019-09-05
- Fixes an issue in Ops Manager 4.2.0 that prevented Ops Manager versions 4.0.2, 4.0.3, 4.0.4 and 4.0.5 from being upgraded to Ops Manager 4.2.0. This is resolved in Ops Manager 4.2.1 such that all Ops Manager 4.0.x versions can be upgraded to Ops Manager 4.2.1+.
- Removes need for a persistent cookie to be set on login.
- Agent Upgrade: MongoDB Agent 10.2.6.5879-1.
Ops Manager Server 4.2.0¶
Released 2019-08-16
Supports management of MongoDB 4.2 deployments.
Merges Automation, Backup and Monitoring Agents into a single MongoDB Agent.
Replaces Personal API Keys with Programmatic API Keys. New users of the API should use Programmatic API Keys. Personal API Keys will be deprecated in a future release of Ops Manager.
Begins support for MongoDB 4.2 with “featureCompatibilityVersion” : 4.2. Backup of MongoDB 4.2 instances with FCV: 4.2 no longer require head databases within the Ops Manager installation.
Note
Support is incomplete; see release advisories.
Supports running and managing MongoDB in IPv6-only environments. For additional details, see the release advisories.
Allows you to track your usage of MongoDB instances in the Ops Manager Admin panel.
Allows you to upgrade Ops Manager without downtime of Monitoring or Alerting. This applies to upgrades from Ops Manager 4.2.0 and later versions.
Containerizes Ops Manager in a Docker Container for use with the MongoDB Enterprise Kubernetes Operator. This support is currently in alpha and not recommended for production use.
Supports SAML authentication.
Removes the Version Manager.
Disables weak TLS ciphers.
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Platform Support¶
- Ops Manager supports the following new platforms:
- SUSE Linux 15
- Ops Manager no longer supports the following platforms:
- Debian 8
- Ubuntu 14.04
- Windows Server 2008R2
- Ops Manager has deprecated the following platforms. These platforms will not be supported in a future Ops Manager release:
- Windows Server 2012
Ops Manager Server 4.0¶
Ops Manager Server 4.0.19¶
Released on 2020-08-06
- Fixes a bug with converting from LDAP Native Authentication to saslauthd.
Ops Manager Server 4.0.18¶
Released on 2020-05-14
- Upgrade from urllib3 1.15.8 to 1.25.2 due to a Denial of Service (DoS) vulnerability.
- Resolves issue when toggling the authentication mechanism for a MongoDB User in the Deployment arrow right icon Security arrow right icon Users tab between SCRAM-SHA-256 and SCRAM-SHA-1.
- Updates JDK to AdoptOpenJDK 1.8.0-252.
Ops Manager Server 4.0.16¶
Released on 2019-11-07
- Improves backup initial sync time for MMAPv1 collections in which there is a high rate of change during the backup initial sync.
- Improves handling of operations that modify the data directory (restores, storage engine changes, etc.) for deployments where the MongoDB journal directory is mounted on a separate partition.
- Includes various security improvements.
- Upgrades the JDK to 1.8.232.
- Agent Upgrades: Automation Agent 5.4.23.5559, Backup Agent 6.8.8.1027, and Monitoring Agent 6.6.3.469
Ops Manager Server 4.0.15¶
Released on 2019-09-05
- Loosens validations to allow for spaces in replica set names.
- Agent Upgrades: Automation Agent 5.4.22.5547
Ops Manager Server 4.0.14¶
Released on 2019-07-31
Dependency Update: Updates org.quartz-scheduler:quartz to 2.3.1 to address CVE-2018-20433.
Fix: Backup Daemons on Amazon Linux 2 and SUSE 12/15 can successfully download required MongoDB builds.
Note
This problem was introduced in Ops Manager 4.0.13 and resolved in Ops Manager 4.0.14.
Fix: Fixes a bug which prevented the following two algorithms to be disabled by default when using SSL connections with Ops Manager:
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
These algorithms are now disabled by default.
Improves performance when downloading multiple restores concurrently.
Agent Upgrades: Automation Agent 5.4.21.5544
Ops Manager Server 4.0.12¶
Released on 2019-06-06
- Fix: Authentication & TLS/SSL settings allows removal of PEM key file and password no matter the tlsMode.
- Fix: Fixes support for the security.clusterIpSourceWhitelist MongoDB configuration option.
- Dependency Update: Updates jetty to 9.4.18.
- Agent Upgrades: Automation Agent 5.4.19.5537
- EOL: Ops Manager support for Ubuntu 14.04 has ended. Ops Manager 4.0.12 is not supported on Ubuntu 14.04.
Ops Manager Server 4.0.11¶
Released on 2019-05-02
Provides a new option to bypass invitations so you can add users to organizations and projects immediately, without requiring them to accept an invitation. Organization and project owners can enable this setting in the User Authentication section of the Ops Manager Config wizard.
This setting is only available when managing user accounts in the Application Database. The invitation bypass option is available for users added via the UI and the API.
Fix: When enabling MongoDB profiling from the Profile tab, ensure that the pending changes banner is shown without requiring a browser refresh.
Updated JDK to version 8u212. On Windows, Ops Manager now requires the Visual C++ Redistributable Packages for Visual Studio 2013.
Ops Manager Server 4.0.10¶
Released on 2019-04-04
- Fix: Creating new projects now succeeds in Firefox.
- Fix: When managing authentication for a deployment, the MongoDB keyfile parameter is not required if all processes set the clusterAuthMode parameter to x509.
- Fix: A backup initial sync of MongoDB 3.4 can misapply oplogs in rare circumstances in which mongod returns a partial applyOps result array.
- Fix: Hidden secondaries display the correct icon in the user interface.
- Improved the durability of backup data in the event that a head database experiences an unclean shutdown.
- Improved performance for the Deployment page for deployments with many items.
- Easier to disable TLS/SSL when managing TLS/SSL configuration for a deployment.
- Update BI Connector to 2.10.
Ops Manager Server 4.0.9¶
Released on 2019-03-09
- Add support for managing MongoDB deployments on IBM zSeries for the Ubuntu 18.04, SUSE12 and RHEL7 operating systems.
- Fix: Add validation for allowed characters for the names of filesystem snapshot stores, S3 snapshot stores and MongoDB blockstore snapshot stores.
- Fix: Do not remind users to configure two-factor authentication, if two-factor authentication has been disabled for the Ops Manager installation.
- Fix: Ensure that all redirects are always relative URIs.
Ops Manager Server 4.0.8¶
Released on 2019-02-07
- Updated JDK to AdoptOpenJDK 8u202.
- Fix: For queryable restores, the configurable expiration value (brs.queryable.expiration) now also applies to MongoDB authentication requests.
- Fix: Improve password verification for sensitive actions within Ops Manager, for Ops Manager installations using LDAP for user authentication, and ActiveDirectory as the LDAP server.
- Agent Upgrades: Automation Agent 5.4.16.5515
Ops Manager Server 4.0.6¶
Released 2018-12-10
- Bug fix: When a project is deleted, remove any open Global Alerts.
- Bug fix: Authentication & TLS/SSL Settings allows removal of PEM key file and password no matter the sslMode.
- Bug fix: Restore ability to rotate the KMIP master key.
- Increase timeout for starting queryable restore jobs. This increases robustness for data sets with large numbers of namespaces.
- Various optimizations to allow faster backup restores.
- Visual Query Profiler can handle value of Infinity.
- Agent Upgrades: Automation Agent 5.4.14.5509
Ops Manager Server 4.0.5¶
Released 2018-11-01
- Fix: Removed memory leak in proxy server used for queryable restores.
- Fix: Removed race condition that could cause a backup initial sync to be required when the featureCompatibilityVersion is updated on the source replica set.
- Fix: Automatic download of MongoDB binaries fails when hybrid mode is enabled for MongoDB binary management.
- Fix: When importing a cluster into Ops Manager, ignore the value of pidFilePath if it set to the CentOS default in /var/run.
- Updated JDK to 8u192.
- Updated bundled version of the BI Connector to 2.7.0.
- Agent Upgrades: Automation Agent 5.4.13.5505
Ops Manager Server 4.0.4¶
Released 2018-10-12
- Critical Fix: When running in local mode for MongoDB binary management, the Backup Daemon may try to use MongoDB binaries for the wrong operating system.
- Agent Upgrades: Automation Agent 5.4.12.5501
Ops Manager Server 4.0.3¶
Released 2018-10-04
- Critical Fix: Backup initial syncs may fail with an error during the oplog application phase, if retryable writes are executed on the source cluster during the backup initial sync.
- Fix: Log collection fails for log files greater than approximately 2.2 GB.
- LDAP connections will now use a connection pool. This reduces load on LDAP servers.
- Update bundled version of the MongoDB Connector for BI to version 2.6.1.
Ops Manager Server 4.0.2¶
Released 2018-09-06
- Adds support for management of MongoDB processes on Ubuntu 18.04.
- User alerts are now available.
- Fix: When performing a point in time restore for MongoDB 4.0, drop the minOptimeRecovery document before bringing up the target cluster.
- Show MongoDB start-up warnings on the cluster overview page.
- Log Collection was unable to complete if one of the requested files was an empty file.
- Real Time Performance Panel adds support for killing sessions in MongoDB 4.0+.
- Support additional schema-related options when configuring the MongoDB BI Connector.
- Perform additional validations for deployments managed by external orchestration platforms (such as the MongoDB Enterprise Operator for Kubernetes).
- Agent Upgrades: Automation Agent 5.4.10.5496
Ops Manager Server 4.0.1¶
Released 2018-08-02
- Critical Fix: Allow removal of processes from Deployment arrow right icon List view.
- Critical Fix: Avoid failures to upgrade from Ops Manager 3.4 when using local mode for MongoDB version management.
- Critical Fix: Fix issue which caused the All Clusters page to fail to display content.
- During a backup initial sync, ensure that the UUID of the system.views collection is preserved.
- In Local Mode, the Backup Daemon will now unpack MongoDB tarballs. Administrators no longer need to unpack them themselves.
- Reinstate support for security.encryptionKeyFile parameter.
- Security patches for third-party library dependencies.
- Updates Ops Manager JDK (x86_64) to 8u181, which enables endpoint identification by default.
- When configuring MongoDB LDAP authentication, allow setting the User to Distinguished Name Mapping without setting the Authorization Query Template.
- Agent Upgrades: Automation Agent 5.4.9.5483, Backup Agent 6.8.4.1009
- Critical Fix: Set TasksMax=infinity and TasksAccounting=false in systemd scripts for SUSE 12 versions of Ops Manager.
Ops Manager Server 4.0.0¶
Released 2018-06-27
Revised Ops Manager interface for deployment management.
Added new CRUD features to Data Explorer.
Improved the Real-Time Performance Panel.
Added integrations for:
- Pivotal Cloud Foundry
- Kubernetes (beta)
Improved Monitoring
- Added alert for rollback.
Updated Public API
Added endpoints for Public API Keys.
Added endpoints to manage Agent API keys.
Removed support for Agent API keys created before Ops Manager 3.4.
The change to the Agent API Key model is described in the v3.6 documentation.
Provided new option to only have Ops Manager connect to the internet to download MongoDB installer binaries.
Deprecated Server Pools.
- In Ops Manager 4.0, Server Pools are disabled by default.
- If you are currently using Server Pools, they will continue to work as expected after upgrading to Ops Manager 4.0.
Added platform support to include:
- Amazon Linux 2
- Debian 9
- SLES 12
Deprecated platform support for:
- Windows 2008 R2
- MongoDB 2.6, 3.0
Note
Support for these platforms will be removed in a future Ops Manager release.
Removed platform support for:
- Ubuntu 12.04
- SLES 11
- Debian 7
Added support for PowerPC hardware using the following Linux distros:
- Ubuntu 16.04
- RHEL 7.x
Agent Upgrades: Automation Agent 5.4.6.5465, Backup Agent 6.8.3.1002, Monitoring Agent 6.6.2.464
Ops Manager Server 3.6¶
Ops Manager Server 3.6.12¶
Released on 2019-05-02
- Logging improvements.
- Updated JDK to version 8u212. On Windows, Ops Manager now requires the Visual C++ Redistributable Packages for Visual Studio 2013.
- EOL: Ops Manager support for Ubuntu 14.04 has ended. Ops Manager 3.6.12 is not supported on Ubuntu 14.04.
Ops Manager Server 3.6.11¶
Released on 2019-02-07
- Updated JDK to AdoptOpenJDK 8u202.
- Fix: For queryable restores, the configurable expiration value (brs.queryable.expiration) now also applies to MongoDB authentication requests.
- Fix: Resolve transient inability to restore a snapshot if a backup data pruning job (garbage collection) is running during the restore.
- Fix: Improve password verification for sensitive actions within Ops Manager, for Ops Manager installations using LDAP for user authentication, and ActiveDirectory as the LDAP server.
Ops Manager Server 3.6.9¶
Released on 2018-11-01
- Critical Fix: Backup initial syncs may fail with an error during the oplog application phase, if retryable writes are executed on the source cluster during the backup initial sync.
- Fix: Log Collection was unable to complete if one of the requested files was an empty file.
- LDAP connections will now use a connection pool. This should reduce load on LDAP servers.
- Update JDK to 8u192.
- Agent Upgrades: Automation Agent 4.5.16.5284-1.
Ops Manager Server 3.6.8¶
Released on 2018-08-02
- Critical Fix: Avoid failures to upgrade from Ops Manager 3.4 when using local mode for MongoDB version management.
- Improve support for global diagnostic download for large deployments.
- Updates Ops Manager JDK (x86_64) to 8u181, which enables endpoint identification by default.
- When configuring MongoDB LDAP authentication, allow setting the User to Distinguished Name Mapping without setting the Authorization Query Template.
- Agent Upgrades: Automation Agent 5.4.9.5483, Backup Agent 6.0.10.976
- Critical Fix: Set TasksMax=infinity and TasksAccounting=false in systemd scripts for SUSE 12 versions of Ops Manager.
Ops Manager Server 3.6.6¶
Released on 2018-05-03
- At the completion of an automated restore of a sharded cluster, ensure that the balancer is enabled.
- Improved handling of MongoDB Server Parameters with boolean values. Accept all of true, “true” and 1 as the boolean value true.
- Network charts now display physical bytes in/out instead of logical bytes in/out. That is, if network compression is enabled for MongoDB, the network charts will now show the compressed bytes in/out.
- Ops Manager now properly handles LDAP names which contain special characters.
- Fix: Performance Advisor now supports ingesting MongoDB logs using ISO8601-UTC timestamps.
- Fix: Include the script needed to seed a secondary when creating a TAR.GZ restore for a config server replica set.
- Fix: Retrieving logs via the Ops Manager UI succeeds when the Server Pools feature is also in use.
- Upgrade the bundled JDK to 8u172.
- Agent Upgrades: Automation Agent 4.5.14.5266, Backup Agent 6.0.9.969
Ops Manager Server 3.6.5¶
Released on 2018-04-05
- Allow Projects to be deleted from the admin pages, and from Project settings.
- Allow queryable restores for compressed snapshots stored in MongoDB blockstore snapshot storage.
- Automation support for the new security.ldap.validateLDAPServerConfig (MongoDB 3.4.14+)
- Enable log rotation for Backup HEAD dbs.
- Never save localhost/127.0.0.1 as a host mapping.
- Show agent out of date warnings for manually managed Monitoring and Backup Agents.
- Support for the MongoDB Connector for BI, version 2.4.1.
- When importing replica sets into Automation, include information on replica set tags.
- Agent Upgrades: Automation Agent 4.5.13.5261, Monitoring Agent 6.1.3.436, Backup Agent 6.0.8.960
Ops Manager Server 3.6.4¶
Released on 2018-03-01
- Fix: Avoid failures in alert processing when monitoring topology for disk partitions cannot be derived correctly.
- Fix: Changes to the admin.system.version collection on documents other than the featureCompatibilityVersion document should not abort an initial sync of a backup.
- Fix: Prevent the deletion of the last Global Owner of an Ops Manager installation.
- Fix: Suggested Indexes for nested predicate and sort should not ignore the predicate.
- Support for version 2.4.0 of the MongoDB Business Intelligence Connector.
- Agent Upgrades: Automation Agent 4.5.12.2514, Backup Agent 6.0.8.752
Ops Manager Server 3.6.3¶
Released on 2018-02-01
- Fix: Email delivery of System Alerts was suppressed and is now enabled.
- Security improvements.
- Add new API for administrators to configure Backup infrastructure
- The bundled JDK is version 8u162.
- Add new property (mms.ignoreInitialUiSetup) that allows full automation of Ops Manager installation and configuration.
- Agent Upgrades: Automation Agent 4.5.11.2453, Backup Agent 6.0.6.724
Ops Manager Server 3.6.2¶
Released on 2018-01-11
- Add support for MongoDB 3.6.1.
- Add BI Connector information to the Diagnostic Archive.
- Allow Project User Admin to set team roles and remove teams from projects.
- Allow user to specify sampleRefreshIntervalSecs BI Connector flag.
- Avoid “Inconsistent backup configuration” message when Monitoring Agent fails to communicate with MongoDB.
- Improve parsing of queries by Performance Advisor.
- Log Collection now collects log files from mongos instances.
- Log the list of TLS ciphers in use and any disabled by config.
- MongoDB Enterprise 3.6.2+ is needed on daemons to perform queryable restores of 3.6 sharded clusters.
- Fix: Bug that prevented backups on an S3-compatible snapshot store from being terminated.
- Restrict downgrading clusterAuthMode in the Automation Agent UI.
- Upgrade jackson-databind to 2.9.3.
- When doing an automated restore, only allow restoring to clusters that have a higher FCV than the snapshot and where all mongod versions support the snapshots FCV.
- Expand access for the Automation Agent user by adding the restore@admin role.
Fixes¶
- Fix: Bug where Performance Advisor could display “A server error has occurred”.
- Fix: PIT restores of inactive replica sets.
- Fix: Add timeouts to Queryable Restores.
- Fix: Always set the correct From and Reply-To fields in System Alert emails.
- Fix: Extra System Alerts are no longer created.
- Fix: Version Manifest no longer reverts to the on-disk version.
- Fix: MongoDB 3.6 sharded cluster import no longer blocked.
- Fix: Set correct Maximum Number of Connections for MongoDB 3.6 for Alerting.
Ops Manager Server 3.6.1¶
Released on 2017-12-19
- Agent Upgrades: Automation Agent 4.5.9.2403
- Fix: Point in time automated restores now downloads the correct utility.
- Fix: When Ops Manager is configured to use LDAP for user authentication, do not allow users to be invited.
- Fix: Allow MongoDB Advanced Options to be edited for an entire sharded cluster.
- Fix: Allow clusterAuthMode independently of X509 auth.
- Fix: Allow import of deployments using the net.ssl.allowConnectionsWithoutCertificates parameter.
- Fix: Explicitly specify the collation {locale: “simple”} in createIndex during initial sync.
- Fix: Users should be able to convert from LDAP native to saslauthd using the UI.
- Performance improvements for queryable restores.
- Security enhancements.
Ops Manager Server 3.6.0¶
Released 2017-12-05
Added support for a new organizations and projects hierarchy to facilitate the management of your Ops Manager deployments. Groups are now known as Projects. You can put multiple Projects under an Organization.
Added support for nested LDAP groups via the member field when configuring Ops Manager to use LDAP for Ops Manager authentication.
Although Ops Manager 3.6 supports the use of either member or memberOf for configuration, support for LDAP via the memberOf field will be removed in a future version of Ops Manager. When possible, use member instead.
Added support for a new Agent API Key model. Multiple Agent API Keys can now be associated with a project. This gives users the ability to perform Agent key rotation.
The bundled JDK is version 8u152.
Automation¶
- Added support for management of the MongoDB Connector for Business Intelligence. The MongoDB Connector for Business Intelligence allows you to query a MongoDB database using SQL commands to aid in data analysis. It translates SQL queries from data analysis tools to MongoDB aggregation pipelines on MongoDB database.
- Added the ability to retrieve the on-disk logs for all MongoDB and Ops Manager Agent processes. The logs are sent to the Ops Manager server and available for download by Ops Manager administrators.
- Ended support for the seedSecondary.sh script. You cannot run the seedSecondary.sh script on any MongoDB database running MongoDB 3.6 or later. To learn more about restoring a snapshot, see Restore a Completed Snapshot.
- Agent Upgrade: Automation Agent 4.5.7.2375
Backup¶
Added support for queryable backups. This functionality allows you to query specific backup snapshot. You can use the queryable backups to:
- Restore a subset of data within the MongoDB deployment.
- Compare previous versions of data against the current data.
- Identify the best point in time to restore a system by comparing data from multiple snapshots.
Added support for IBM Cloud Object Storage and DellEMC Elastic Cloud Storage for S3 blockstore snapshot storage
Added support for performing automated restores from one Project to another Project.
Added the ability to reschedule the expiration time of a snapshot.
Added support for automated restores via the Public API.
Agent Upgrade: Backup Agent 6.0.3.689.
Monitoring¶
- Added Real-Time Metrics.
- Added the Performance Advisor. The Performance Advisor monitors any operation with a query predicate that MongoDB considers slow and suggests new indexes to improve query performance.
- Added the Data Explorer. This feature provides the ability to introspect collections in your managed MongoDB deployments via the Data Explorer view.
- Agent Upgrade: Monitoring Agent 6.1.1.395.
Release Advisories for Ops Manager 3.6¶
Before upgrading Ops Manager from 3.4 to 3.6, complete the following actions:
Upgrade all backing databases to MongoDB 3.2 or later.
Upgrade the monitoring schema.
To monitor the schema upgrade:
Click Admin.
Click Ops Manager Config.
Click the Miscellaneous tab.
The progress should be shown before the Default Monitoring Data Retention heading.
Change mms.minimumTLSVersion if you must support older TLS versions.
Ops Manager Application supports TLS 1.2 only by default.
To re-enable ciphers which have been disabled, change mms.disableCiphers.
Warning
Consider the security implications carefully before doing this.
Deprecation¶
- MongoDB 2.4 is no longer supported for Automation and Backups:
- All MongoDB 2.4 processes in Automation will be unmanaged.
- All MongoDB 2.4 backups will be stopped.
- MongoDB 3.0 is no longer supported as a backing store for Ops Manager.
Upcoming Incompatibilities¶
- Support for MongoDB 3.2 as a backing store for Ops Manager will be removed in Ops Manager 4.0.
- Support for restores delivered by SCP will be removed in Ops Manager 4.0.
- Support for LDAP via the memberOf field will be removed in Ops Manager 4.0. Use member instead. In Ops Manager 3.6, you may use either member or memberOf.
- Support for the older Agent API Key model will be removed in Ops Manager 4.0. Instead, use the new-style keys. In Ops Manager 3.6, the new-style keys are preferred, the but the older keys will still work.
Ops Manager Server 3.4¶
Ops Manager Server 3.4.15¶
Released on 2018-08-02
- Updates Ops Manager JDK (x86_64) to 8u181, which enables endpoint identification by default.
Ops Manager Server 3.4.14¶
Released on 2018-05-03
- Fix: At the completion of an automated restore of a sharded cluster, Ops Manager ensures that the balancer is enabled.
- Fix: Network charts now display physical bytes in/out instead of logical bytes in/out. That is, if network compression is enabled for MongoDB, the network charts shows the compressed bytes in/out.
- Upgrade: Bundled JDK to 8u172.
- Agent Upgrades: Automation Agent 3.2.18.4938-1
Ops Manager Server 3.4.11¶
Released on 2017-12-20
- Fix: Issue importing a process into Automation running on a custom build.
- Fix: Explicitly specify the collation {locale: simple} in createIndex during the initial sync of a backup.
- Fix: Allow clusterAuthMode to be configured when deployment does not use MONGODB-X509 authentication.
- Fix: Allow importing a process into Automation using the allowConnectionsWithoutCertificates parameter.
- Security enhancements.
Ops Manager Server 3.4.10¶
Released on 2017-11-02
- Agent Upgrades: Automation Agent 3.2.16.2263
- Fix: credentialstool and encryptiontool load dependencies correctly.
- Fix: Backup groom jobs no longer get stuck on partially-deleted snapshots.
- Fix: Some of the Cloud Manager interface no longer shown when creating groups.
- Fix: where sorting during deletion of backups could run out of memory.
- Reduce memory usage of backup snapshot deletion.
- Remove a restriction where a shard key range could not have an equal minimum and maximum.
- Update JDK to 8u152.
Ops Manager Server 3.4.9¶
Released on 2017-10-05
- Agent Upgrades: Automation Agent 3.2.15.2257, Backup Agent 5.0.11.663
- Fix: Allow the mongos autoSplit configuration parameter to be removed simultaneously with a major version upgrade from MongoDB 3.2 to 3.4.
- Fix: During the initial sync of a new backup, documents with a compound _id that are moved on disk at the source during the initial sync may be omitted from the backup under rare conditions. This issue affects only MMAPv1.
- Increase the expiration period for snapshots downloaded during an automated restore and make the expiration periods a configurable parameter.
- Reduce the amount of memory used when a backup is terminated.
Ops Manager Server 3.4.8¶
Released on 2017-09-07
Allow session timeouts to be configured to a fraction of an hour.
Fix: Downloading the global diagnostic archive could fail if more than 32 MB of agent logs were stored.
Fix: Inconsistent Backup Configuration alert runs for config servers.
Special Advisory
After upgrading to Ops Manager 3.4.8, the Inconsistent Backup Configuration alert may be triggered for config servers. The backup for these config servers should be resynchonized.
- Click Backup.
- From the config server row, click on the Option menu [ ellipsis h icon ].
- Click Resync.
Do not resync the entire sharded cluster if a config server triggers this alert. Resync the config server in question only.
Fix: Changes to the storage engine for a config server backup are applied on resync.
Fix: Validation for Backup Agent authentication mechanism failed if MONGODB-X509 was implicitly enabled.
Fix: In Local Mode, checks during Ops Manager startup allow configurations of deleted Groups to require MongoDB versions which are not present.
Security enhancements.
Ops Manager Server 3.4.7¶
Released on 2017-08-03
- Agent Upgrades: Automation Agent 3.2.14.2187, Backup Agent 5.0.10.634.
- Update JDK to 8u144.
- Additional logging for oplog extensions due to delayed backups.
- Additional logging for backup snapshots that retry due to unexpected file changes.
- Fix: Ability to restore SCCC sharded clusters without a healthy mongos.
- Fix: Race condition between snapshots and schedule update requests.
- Fix: Do not query arbiters when executing an administrative error retrieval task.
- Security improvements.
Ops Manager Server 3.4.6¶
Released on 2017-07-06
- Agent Upgrades: Automation Agent 3.2.13.2141, Backup Agent 5.0.8.601.
- Fix: Server Pool servers can get stuck in cleaning state if server is reimaged.
- Fix: Make Backup ingestion collection stats calls idempotent.
- Fix: Avoid skipping storage measurement rollups if customers have a database named hm.
- Fix: Cause Discovery to update shard ID when shard is repurposed to arbiter.
- Fix: Following upgrade from 2.x to 3.4.x, show progress of monitoring data migration.
- Fix: Make all metrics available to cluster view.
- Fix: Delay in Metric alerts check when opening and closing alerts for oplog metrics.
- Fix: Metric alerts check may miss system measurements.
Ops Manager Server 3.4.5¶
Released on 2017-05-18
- Agent Upgrades: Automation Agent 3.2.12.2107, Monitoring Agent 5.4.5.370, Backup Agent 5.0.7.494.
- Ability to disable daily/weekly/monthly snapshots through the API.
- Fix validation error for automated restores where the source or target cluster uses the storage.wiredTiger.directoryForIndexes parameter.
- Fix validation errors when using LDAP Authorization along with LDAP and SCRAM-SHA1 authentication.
- Various security enhancements.
Ops Manager Server 3.4.4¶
Released on 2017-03-30
- Agent Upgrades: Automation Agent 3.2.11.2025, Backup Agent 5.0.6.486
- Fix for premature forceful shutdown of the HEAD mongod instances for Ops Manager Backup Daemons running on Windows.
- Fix problem with shutdown of mongod processes during an automated restores on Windows.
- Fix for issues using Automation in multi-server deployments using SSL and encrypted PEM key files.
- Fix for restores of backup snapshots stored unencrypted using file system storage.
- Expose newest AWS regions as a storage option for S3 blockstores.
- Optimization: Performance optimization for sending monitoring data to New Relic.
- Security enhancement: Set X-Frame-Options: DENY HTTP headers for all authenticated requests.
- Security enhancement: New option to allow enablement of HTTP Strict Transport Security (HSTS) with configurable maximum age.
- Security enhancement: New option to allow use of browser session cookies, rather than time-limited persistent cookies.
- Security enhancement: New option to disable all browser caching.
Ops Manager Server 3.4.3¶
Released on 2017-02-17
- Agent Upgrades: Automation Agent 3.2.10.1997, Backup Agent 5.0.6.477, Monitoring Agent 5.4.4.366
- Fix resource leak preventing successful backups when Ops Manager Backup is running on Windows.
- Fix bug in removal of shards for sharded clusters on MongoDB 3.4.
- Various security enhancements.
- Support for running Automation, Backup and Monitoring Agents on MacOS Sierra.
- Support for MongoDB Enterprise builds for Debian 7.1.
- Fix import into Automation for deployments using LDAP authorization and SCRAM-SHA1 authentication.
- Automation will deploy SSL-capable Windows builds for MongoDB 3.2.12+ and 3.4.2+.
- Fix possible stall in the oplog application phase of Ops Manager Backups of MongoDB 3.4.
Ops Manager Server 3.4.2¶
Released on 2017-01-19
- Agent Upgrades: Automation Agent 3.2.9.1985, Backup Agent 5.0.5.472
- Fixed PageDuty notifications failing to send for System Alerts.
- Fixed issue creating deployments with overlapping replica set / shard names of other deployments.
- Fixed Global Alert UI validation being incorrect for some roles.
- Fixed failure configuring MONGODB-CR + LDAP auth mechanisms + LDAP authz.
- Added option to disable checksums during restores.
- Upgrade to JDK8u121.
Ops Manager Server 3.4.1¶
Released on 2016-12-27
- Agent Upgrades: Automation Agent 3.2.8.1942, Monitoring Agent 5.4.3.361, Backup Agent 5.0.4.469
- Support for Ops Manager using Active Directory to authenticate to application databases.
- Fixed roles info being lost when editting a database user.
- Fixed issue starting backup when ‘net.compression’ is in use.
- Prevent Ops Manager URLs from having a double forward slash when the URL configured by the user ends in a forward slash.
- Fixed editing LDAP group mappings.
- Fixed new OM 3.4.0 being unable to start for the first time without internet connectivity
Ops Manager Server 3.4.0¶
Released on 2016-11-29
General¶
- Added support to monitor, back up, and automate MongoDB 3.4 deployments.
- Added support for deploying Ops Manager on SUSE12.
- Added support for Automation Agents, Backup Agents and Monitoring Agents on Ubuntu 16.x Power (ppc64le) and RHEL 7 Power (ppc64le).
- Added support for mutual TLS/SSL between all Agents and Ops Manager.
- Added the ability to assign tags to Projects and to filter global alerts by tags.
- Added the ability to change a the name of a Project.
Automation¶
- Includes more flexible handling of MongoDB User and Roles; specifically:
- Ability to choose whether or not specific users and roles are managed, and
- Ability to choose whether or not to allow MongoDB Users and Roles to be managed externally from Ops Manager.
- Added the ability to manage sharded collections and zones.
- Added support for MongoDB 3.4 LDAP Authorization.
- Added support for Kerberos Authentication on Windows.
Backup¶
- Added support for uncompressed WiredTiger snapshots on the filesystem.
- Added support for storing snapshots in S3.
- Added support for WiredTiger encryption at rest.
- Added the ability to control the reference time for the snapshot schedule; e.g., specify that snapshots are taken every 6 hours, starting at 12:00:00 AM.
- Added support for all data-format affecting MongoDB configuration options: directoryPerDB, smallfiles, etc.
Monitoring¶
- Provides high resolution monitoring: metrics are now captured every 10 seconds.
- Supports flexible retention monitoring: metrics at each resolution can be retained for a configurable amount of time.
- Allows hardware metrics to be collected for any managed MongoDB process (i.e. any process that is managed by an Automation Agent).
- Provides new API endpoint to retrieve all metrics for a particular MongoDB process in one API call.
Provisioning¶
- Added support for maintaining a pool of provisioned servers from which users in a group can request servers to host new MongoDB deployments.
Release Advisories for Ops Manager 3.4¶
Before upgrading Ops Manager from 2.0.x to 3.4, complete the following actions:
Upgrade backing databases to at least MongoDB 3.0.8. MongoDB 2.6 is no longer allowed as a backing store.
Ensure the data partitions for the Ops Manager Application Database have at least 50% free disk space.
Once the Ops Manager upgrade to 3.4 completes, Ops Manager begins migrating of all monitoring data to a new schema in the background. This migration requires significant free disk space.
Add necessary IP addresses or CIDR blocks for to the access lists for any API clients connecting to the Automation configuration endpoints.
Back up the mms.conf file in your current installation if you have modified it.
This is not a regular practice as mms.conf contains platform and network administration settings for Java VM and Ops Manager network port settings. You must use the new mms.conf file the upgrade installs. Reapply any modifications from your backed up copy to the new mms.conf after completing the upgrade.
For procedures to upgrade to 3.4, see Upgrade Ops Manager.
Ops Manager Server 2.0¶
Ops Manager Server 2.0.10¶
Released on 2017-08-03
- Update JDK to 8u144.
- Fix: Backup should compute size of incomplete snapshots.
Ops Manager Server 2.0.8¶
Released on 2017-01-19
- Fixed minimum oplog check when starting backup from failing on RECOVERING members.
- Fixed restores on expired, but not yet deleted, snapshots.
- Upgrade to JDK8u121.
Ops Manager Server 2.0.7¶
Released on 2016-11-03
- Agent Upgrades: Automation Agent 2.5.22.1876
- Improve filesystem backup performance by increasing disk buffer size.
- Fixed backup initial sync failures due to inefficient query on oplogs.
- Fixed starting backup when MongoDB was using Kerberos auth and Automation was not in use.
- Fixed old application settings appearing as overrides on the Ops Manager settings page
- Fixed publish failure due to weakCertificateValidation improperly being set based on the allowConnectionsWithoutCertificates setting.
- Support for Windows Server 2016 and Windows 10.
- Upgrade to JDK8u112. Unlimited strength encryption policy included by default.
Ops Manager Server 2.0.6¶
Released on 2016-08-18
- Agent Upgrades: Automation Agent 2.5.20.1755
- Fixed case where acknowledged alerts could be opened again.
- Fixed issue where DNS failures on the hostname(s) of the Ops Manager application database cause Ops Manager to shutdown.
- File system snapshot stores can be used in group specific snapshot store filters.
- Fixed issue where an unconfigured Backup Daemon could be assigned a backup job.
- Upgrade to JDK8u102.
Ops Manager Server 2.0.5¶
Released on 2016-07-14
- Agent Upgrades: Automation Agent 2.5.19.1732, Monitoring Agent 3.9.1.326
- Fixed credentialstool on Windows, which is used to encrypt passwords in the config file.
- Fixed Backup Daemon auto-download of RHEL platform specific builds.
- Added support for LDAP referrals for Ops Manager user authentication.
- Added support for changing LDAP search attribute for Ops Manager user authentication.
- Fixed index creation UI in Firefox and IE11.
Ops Manager Server 2.0.4¶
Released on 2016-05-20
- Agent Upgrades: Automation Agent 2.5.18.1647, Backup Agent 3.9.1.382
- Fixed failure to generate diagnostics archive due to large amount of log data.
- Validate Automation sslMode changes at publish time instead of draft.
- Allow Automation to transition from sslMode disabled to not having a sslMode.
- Fixed false positive auth mechanism validation failures when starting backup.
- Fixed issue with processing some types of aggregation queries when calculating suggested indexes.
- Fixed exception during a backup restore if that data previously was on a blockstore that has since been deleted.
- Removed Ubuntu 14.04 enterprise builds for MongoDB 2.4.X that were erroneously in the version manifest.
- Ability to edit LDAP Projects for Automation Admin was accidentally hidden.
- Fixed javascript error on empty profiler view.
- Upgrade to JDK8u92.
Ops Manager Server 2.0.3¶
Released on 2016-03-24
- Agent Upgrades: Automation Agent 2.5.17.1604
- Fixed critical bug in conversion to config server replica sets. Conversions to config server replica sets should be not performed with Ops Manager 2.0.2.
- Fixed Ops Manager not recording HTTP access logs.
- Fixed LDAP PEM settings from failing pre-flight checks even when LDAP wasn’t in use.
- Fixed Automated Point-In-Time restores of Sharded Cluster with config server replica sets.
- Fixed removing SSL for a Deployment
- Email configuration changes no longer require a restart of the Ops Manager service.
- Allow specifying a temporary port for use during conversion to config server replica sets.
- Added Automation support for net.ssl.disabledProtocols.
- Allow control over the compression level of the File System Snapshot Store.
Ops Manager Server 2.0.2¶
Released on 2016-03-01
- Agent Upgrades: Automation Agent 2.5.16.1552
- Added support rolling upgrades to config servers as a replica set (requires MongoDB 3.2.4+).
- Added support for running Agents, the Ops Manager server, and MongoDB on SUSE12.
- Added support for Slack and Flowdock notifications as system alerts.
- Fixed Automation Admin Role missing from group LDAP configuration.
- Fixed charting problem on Chrome 48+.
- Fixed issue deleting processes that were part of a config server replica set.
- Fixed issue where deployment drafts could prevent Ops Manager from starting in local mode.
- Fixed issue where disabling 2FA in Ops Manager still required 2FA for users that had it configured.
- Ops Manager upgrades on Windows require an uninstall of the previous version. This restriction was added to prevent issues that could occur on upgrade that are still unresolved without uninstall.
- Upgrade to JDK8u74.
Ops Manager Server 2.0.1¶
Released 2016-01-21
- Agent Upgrades: Automation Agent 2.5.15.1526.
- Stability and performance improvements for restores via automation.
- Support restores via automation for shared clusters with config server replica sets.
- Fixed editing of managed users not promoting to re-enter password (Relevant only to imported SCRAM-SHA1 users.)
- Fixed old errors from imports to automation impacting new imports.
- Automation now updates the location of the keyfile according to the defined downloadBase.
- Fixed cases where suggested indexes did not handle unexpected profiling data.
- Fixed issue with filesystem snapshots failing when trying to resume a snapshot after restart.
- Fixed LDAP form validation not allowing “ldaps”.
- Fixed the Backup Daemon not recognizing Windows MongoDB Enterprise builds.
- Fixed cases where global diagnostic archive would fail if it was too large.
- Fixed importing into automation with SSL always requiring client certificates.
Ops Manager Server 2.0.0¶
Released 2015-12-08
General¶
Added support to monitor, back up, and automate MongoDB 3.2 deployments.
Single Ops Manager Package: there is no longer a separate package for the Backup Daemon. The single Ops Manager package installs both the Ops Manager Application and the Backup Daemon. You can configure any server with Ops Manager to handle backups through the Backup Admin interface.
Configuration in the Database: the Ops Manager application configuration is now stored in the application database rather than in configuration files. This allows for central configuration management.
Each Ops Manager instance, on each server, must be configured with information on how to connect to the Application Database. Local config files override the information in the database: as such, switching to configuration in the database is not required, but is recommended.
Backup agent port change: Ops Manager no longer requires a separate port for backup traffic. All HTTP traffic is now over a single port. By default, Ops Manager uses port 8080.
Ops Manager 2.0 updates the admin interface to show the topology of Ops Manager software, the application database, and any backup databases.
Added support to convert to LDAP authentication for Ops Manager users at any time, with no downtime.
Upgraded to JDK8u66.
Automation¶
- Added support for X.509 member authentication.
- Improved handling of adding members to replica sets: to avoid disrupting majority writes, new members are now added to replica sets as priority=0, votes=0 until they reach secondary state, after which Ops Manager automatically updates the configuration to match the priority and votes value specified in the deployment.
- Added the ability to manage indexes from the Ops Manager UI.
- Improved index creation: indexes are now created in a rolling fashion.
- Added Automation support for Windows MongoDB instances.
Monitoring¶
- Added a new profiler with Suggested Indexes.
- Added support for maintenance windows during which time Ops Manager does not send alert notifications.
Backup¶
Filesystem snapshot storage: added the ability to store snapshots on a plain shared file system instead of a MongoDB instance. With filesystem storage, Ops Manager stores snapshots in a directory hierarchy and the data files themselves are compressed using gzip.
Backup agent port change: Ops Manager no longer requires a separate port for backup traffic. All HTTP traffic is now over a single port. By default, Ops Manager uses port 8080
Ops Manager will automatically update any Backup Agents managed by Automation to use the new port. You will need to manually update any Backup Agents set up manually after upgrading Ops Manager. The upgrade instructions describe how to configure the mothership field in the configuration files of non-automated Backup Agents.
Sync store no longer required: a dedicated sync store is no longer required: Backup initial syncs are “streamed” to the Backup Daemon and only use a small amount of temporary space in the oplog store.
Automated restores: added a new option to automatically restore a backup to a running replica set or sharded cluster.
Added support for namespace whitelisting, which allows you to back up only a subset of your data.
Added the ability to manage HTTP restore link expiration from the Ops Manager UI and through the API for each individual restore request.
Added support for the Backup Daemon to download required MongoDB binaries from the Ops Manager web server when they are not available locally.
Release Advisories for Ops Manager 2.0¶
Before upgrading to Ops Manager 2.0, ensure the following are true:
Backup Database
Databases that store the Snapshot Storage must be online.
There are data migrations that touch the various backup data stores that make up the Snapshot Storage. Any data stores that are no longer in use should be deleted through the Ops Manager UI before upgrading.
Backup Daemon
The Ops Manager package installs the Backup Daemon. When started, the Ops Manager package automatically starts two services: the Ops Manager Application and the Backup Daemon. You choose on which hosts to “activate” the Backup Daemon. The daemon always runs, but performs no operations until activated.
After upgrading to 2.0, a host that runs only the Ops Manager Application continues also runs a “dormant” Backup Daemon service. The Backup Daemon remains dormant as long as you do not activate it.
A host that runs only a Backup Daemon runs Ops Manager with an “activated” Backup Daemon and a “dormant” Ops Manager Application. The Ops Manager Application remains dormant as long as you do not direct HTTP traffic to it.
Backup HTTP Service
Change the mothership setting in all Backup Agent configuration files for any manually installed agents to use port 8080. Any manually installed Backup Agents that are not set to use port 8080 cannot connect to Ops Manager You must have access to the hosts running any manually installed Backup Agents.
Beginning with Ops Manager 2.0, there is no Backup HTTP Service on port 8081. Any Backup Agents that Automation manages are updated to use the new port (8080) automatically.
Agent Updates
The agents have not been updated before the Ops Manager Application has been upgraded. If you use Automation, Ops Manager prompts you to update the agents after you upgrade. Follow the prompts to update the agents through the Ops Manager Application. Do not update the agents manually.
conf-mms.properties
Beginning in 2.0, Ops Manager stores global configuration settings in the Ops Manager Application Database and stores only local settings in the Ops Manager host’s conf-mms.properties file. The upgrade procedure uses the existing conf-mms.properties file to connect to the Ops Manager Application Database before replacing the existing file with the new, smaller 2.0 file.
Restore properties
The following properties no longer apply and are replaced by settings specified when initiating a restore:
mms.backup.restore.linkExpirationHours
mms.backup.restore.linkUnlimitedUses
If you have modified the mms.conf file in your current installation, you have backed it up.
This is not a regular practice as mms.conf contains platform and network administration settings for Java VM and Ops Manager network port settings. You must use the new mms.conf file the upgrade installs. Reapply any modifications from your backed up copy to the new mms.conf after completing the upgrade.
See: Upgrade Ops Manager for upgrade instructions for your operating system.
Ops Manager Server 1.8¶
Ops Manager Server 1.8.3¶
Released 2015-12-15
- Fixed issue where monitoring settings for existing servers were not always editable.
- Support for additional Amazon Simple Email Server regions. To specify regions other than the default US-EAST, see aws.ses.endpoint.
- Fixed SNMP notification mechanism for System Alerts.
- Fixed user privileges for MongoDB 3.0 missing from UI on Users & Roles page.
- Upgraded to JDK8u66.
Ops Manager Server 1.8.2¶
Released 2015-10-20
- Agent Updates: Automation Agent 2.0.14.1398, Monitoring Agent 3.7.1.227, and Backup Agent 3.4.2.314.
- MONGODB-X509 authentication mechanism no longer requires MongoDB Enterprise.
- Fixed system alerts failing to connect to Application Database and Backup Databases running with SSL.
- Fixed issue where Backup resync of a Config Server could cause the Backup Job to get stuck.
Ops Manager Server 1.8.1¶
Released 2015-08-17
- Agent Updates: Automation Agent 2.0.12.1238, Monitoring Agent 3.7.0.212
- Updated Backup seedSecondary script for MongoDB 3.0.
- Fixed adding users with GLOBAL roles to individual groups.
- Fixed Host Down alerts not firing correctly for arbiters.
- Fixed error when trying to enable X.509 authentication for Monitoring only (without Automation).
- Fixed error when trying to enable host log collection.
- Fixed case where an acknowledged Alert can be re-opened when Alert processing is behind.
- Fixed case where monitoring classified a Config Server as a Standalone when there were no mongos services.
Ops Manager Server 1.8.0¶
Released 2015-06-23
Security¶
Automation now supports SSL and MongoDB Enterprise authentication mechanisms: Kerberos, LDAP, and X.509.
Ops Manager 1.8 can start new MongoDB instances using SSL and enterprise authentication mechanisms and import existing instances using SSL and enterprise authentication for management.
Added the ability to specify a proxy server for Ops Manager to use to access external services.
Added support for self-signed CAs and client certificates when using SSL LDAP for Ops Manager user authentication.
Alerts¶
- System Alerts: system alerts allow an Ops Manager Administrator to receive alerts when the state of the software itself is unhealthy.
- Global Alerts: global alerts allow an Ops Manager administrator to monitor any set of Ops Manager groups without needing to configure the alerts on a group-by-group basis.
- Added the ability to deliver Project, Global, and System alerts via an HTTP webhook.
- Lowered the alerting check frequency from five minutes to one minute, allowing for more responsive alerts.
Automation¶
Automation now uses distribution-specific builds for MongoDB Community Edition when one is available for the operating system and version in use. Previously, Automation used the generic MongoDB Community Edition build.
Upgrading the Automation Agent and Ops Manager to the new version will not automatically change your MongoDB deployments to a distribution- specific build: if you wish to use the distribution-specific build, you will need to update the MongoDB version.
Added support to change the storage engine for a MongoDB deployment using Automation.
Beta: Added Automation support for Windows MongoDB instances. This feature must be enabled for an Ops Manager group for it to be available.
Monitoring¶
- Standby Monitoring Agents now check in with Ops Manager more frequently. You can now configure the Monitoring Agent session timeout to allow for faster failover. See: Monitoring Failover for more information.
Backup¶
- Added the ability to configure the Backup Database’s block size. The Configure Block Size in a Blockstore tutorial describes how to configure the size of the blocks in the Backup Database’s blockstore.
- Added the ability to initiate backup SCP restores through the Public API. See: Restore Jobs.
Considerations for Upgrade (v1.8)¶
Ops Manager 1.8 requires that the Ops Manager Application Database and Snapshot Storage run MongoDB 2.6 or later. Ops Manager will not start after upgrade if your backing databases are using an earlier version of MongoDB. The MongoDB Manual provides upgrade tutorials with each release. To upgrade from MongoDB 2.4 to 2.6, see: Upgrade MongoDB to 2.6.
When you upgrade to Ops Manager 1.8, Ops Manager disables all Automation Agents until they are upgraded to Automation Agent 2.0.9.1201. You can upgrade the Automation Agents by clicking the link that appears in the Please upgrade your agents banner that will appear on the Deployment page in the Ops Manager interface.
Direct upgrade is only allowed from Ops Manager 1.5 and Ops Manager 1.6. To upgrade to Ops Manager 1.8 from an earlier version of MongoDB, you must first upgrade to Ops Manager 1.6, and then to 1.8.
In Ops Manager 1.8, mms.multiFactorAuth.level replaces the deprecated mms.multiFactorAuth.require setting. mms.multiFactorAuth.level supports more values than its predecessor.
Ops Manager will not start with mms.multiFactorAuth.require in the properties file, but will report an error indicating that the setting has been deprecated, and that you must update your configuration.
Ops Manager 1.8 does not include the Backup HTTP Service: its functionality is now part of System Alerts and Global Alerts.
System Alerts give new insight into the health of Ops Manager and may immediately trigger on upgrade if Ops Manager is not in the expected state. For example, if your Application or Backup databases have startup warnings or if the connection strings to those databases point to any unreachable MongoDB instances, Ops Manager will issue an alert.
The Ops Manager Deployment user interface has been streamlined such that the View Mode and Edit Mode dual views have been merged into a unified view.
Ops Manager Server 1.6¶
Ops Manager Server 1.6.4¶
Released 2015-08-17
- Ops Manager no longer shuts down if the Ops Manager Application Database is unreachable. (This issue was erroneously reported as resolved in Ops Manager 1.6.3.)
Ops Manager Server 1.6.3¶
Released 2015-06-23
- Agent updates: Automation Agent 1.4.18.1199-1
- Added full support for restores of WiredTiger backups. Previously, Ops Manager only supported SCP Individual File restores for WiredTiger backups.
- Added optimization to prevent some Backup Daemon background tasks from doing excessive logging when databases are down.
- Fixed a user interface issue when displaying an empty Automation diff.
Ops Manager Server 1.6.2¶
Released 2015-04-28
- Fixed issue with grooms on a WiredTiger backup blockstore.
- Fixed a possible connection leak with the SCP Individual File restore type.
- LDAP users are now periodically synced with the LDAP server to prevent communications after a user is removed from a group.
- Fixed an issue with backups of MongoDB 3.0 mongod instances running with the --setParameter failIndexKeyTooLong=0 option.
Ops Manager Server 1.6.1¶
Released 2015-03-26
- Agent updates: Automation Agent 1.4.15.999.
- Security Update: resolved an issue where users removed from LDAP groups were not always removed from corresponding Ops Manager groups. This upgrade is highly recommended for anyone using LDAP authentication.
- Selecting wildcards in the Version Manager is no longer supported when automation.versions.source is set to local.
- Added a 1 hour timeout to kill a Backup head database if it does not shutdown cleanly. You must perform a resync following a hard kill.
- Windows support for Backup Daemon using Windows 64-bit 2008 R2+ MongoDB builds.
- Fix for Backups stored in WiredTiger format in which a single collection grows from under 8 GB to over 8 GB in size.
- The time before an unreachable mongos process is deactivated is now configurable on a per group basis. See Admin Project Settings.
- The time before a standby Monitoring Agent takes over after the primary Monitoring Agent stops responding is now configurable to a minimum of 90 seconds. See the mms.monitoring.agent.session.timeoutMillis setting in Ops Manager Configuration Settings.
- For Backup HTTP pull restore, the link expiration and the number of allowed uses of a link are now configurable.
Ops Manager Server 1.6.0¶
Released 2015-03-02
New Features¶
Initial release of Automation. Automation manages many basic administrative tasks for MongoDB deployments, including version upgrades, adding replica set members, adding shards, and changing oplog size. You can both import existing deployments into Automation and create new deployments on your provisioned hardware.
Windows support (Monitoring and Backup only). You can Install Ops Manager on Microsoft Windows using MSI files. Ops Manager supports Windows Server 2008 R2 and above.
Support for MongoDB 3.0, including support for backups that use the WiredTiger storage engine.
To monitor or back up MongoDB 3.0 deployments, you must install Ops Manager 1.6 or higher. To monitor a MongoDB 3.0 deployment, you must also run Monitoring Agent version 2.7.0 or higher.
Support for using the SSL and MONGODB-X509 authentication mechanisms for the backing MongoDB databases. See Configure the Connections to the Application Database.
Public API endpoints to manage Automation configuration. For more information, see Automation in the API documentation.
Improvements¶
- The Ops Manager’s Administration interface provides more information to make it easier to monitor the health of the Ops Manager installation.
- The Ops Manager Deployment tab now displays all deployment information on one page, with icons for selecting view options. The new Topology View groups all hosts by the replica set or sharded cluster they are part of. The new Servers View shows information about MongoDB processes and Ops Manager agents grouped by server.
- Fixed an issue (MMS-2273) where, in certain situations, the Backup Agent was not reporting a cluster snapshot as potentially inconsistent.
- Improved handling of cursor timeouts by the Backup Agent. To use this improvement, upgrade to the latest Backup Agent, which is included with Ops Manager. The improvement became available with Backup Agent 2.3.3.209-1.
Considerations for Upgrade to 1.6¶
- Ops Manager 1.8.0, when released, will not support MongoDB 2.4 for the Ops Manager Application Database and Snapshot Storage. Ops Manager Server 1.8.0 will continue to support MongoDB 2.4 for your monitored and backed-up databases.
- Ops Manager 1.6.0 supports direct upgrades only from MMS On Prem 1.3 and above.
- The procedure to configure Ops Manager to run with HTTPS has changed and is greatly simplified. The previous procedure no longer works. For the new procedure, see Configure TLS Connections to Ops Manager.
- The connection string to the backup blockstore database is now configured through the Administration interface’s Blockstores page and not through the mongo.backupdb.mongoUri field in the conf-daemon.properties configuration file.
- Ops Manager no longer requires you to supply the replica set name of the backing MongoDB instances. The mongo.replicaSet and mongo.backupdb.replicaSet properties have been removed from the configuration files. These properties had previously controlled whether Ops Manager treated a connection to a backing instance as a standalone or replica set, for the purpose of setting the write concern. Ops Manager now sets write concern based on how many hosts are supplied in the connection string.
- You can disable Automation for the entire Ops Manager installation through the mms.featureFlag.automation setting in the conf-daemon.properties configuration file.
- Removed the Dashboards view from the Ops Manager UI. You can view monitoring metrics from the Deployment tab. See: View Deployment Metrics for an overview of the available metrics and how to access them.
MMS Onprem Server 1.5¶
MMS Onprem Server 1.5.5¶
Released 2015-03-26
- Security Update: resolved issue where users removed from LDAP groups were not always removed from corresponding Ops Manager groups. This upgrade is highly recommended for anyone using LDAP authentication.
MMS Onprem Server 1.5.4¶
Released 2015-03-18
- Fixed race condition that could cause the Backup Daemon to hang when the MongoDB process for a head database fails to start.
- Fixed an issue where a rollback occurring shortly after a terminate could step on the terminate.
- The time before an unreachable mongos process is deactivated is now configurable on a per group basis. See Admin Project Settings.
- The time before a standby Monitoring Agent takes over after the primary Monitoring Agent stops responding is now configurable to a minimum of 90 seconds. See the mms.monitoring.agent.session.timeoutMillis setting in Ops Manager Configuration Settings.
- For Backup HTTP pull restore, the link expiration and the number of allowed uses of a link are now configurable.
MMS OnPrem Server 1.5.3¶
Released 2014-12-17
Significant improvements in performance for the processing of MMS OnPrem Monitoring data for MMS OnPrem Projects with a large number of hosts
MMS OnPrem Server 1.5.2¶
Released 2014-11-18
- Added Support for archive restores (.tar.gz) for databases whose filenames exceed 100 characters.
- API: Skip missed points in metrics data, instead of returning empty data.
- API: Return correct number of data points when querying metric data with the period option.
- Backup Agent update to 2.3.3.209-1
MMS OnPrem Server 1.5.1¶
Released 2014-09-26
- Fix cases where replica set member alerts (e.g. no primary, number of healthy members) could send false positives.
- Skip backup-daemon rootDirectory and mongo.backupdb.mongoUri overlap check when the mongo.backupdb.mongoUri is on a different host.
- mms-gen-key script handles user’s effective group being different than the username.
- Security enhancements.
MMS OnPrem Server 1.5.0¶
Released 2014-09-02
Considerations for Upgrade¶
MMS OnPrem only supports direct upgrades from 1.3 and 1.4.
Change in configurations and policy for 2FA: Two-factor authentication must now be explicitly enabled using the mms.multiFactorAuth.require setting.
The default LDAP group separator became ;;. Previously the separator was ,. See the LDAP configuration documentation for more information.
Suppressed hosts will only remain suppressed for 30 minutes.
Previously, if after deleting a host, from MMS OnPrem Monitoring the hostname and port combination would be added to a suppression list with an infinite lifetime. The suppression list prevented a race condition where host in a cluster would be auto-discovered by another member of a deployment before the host could was fully removed. Now, hostname and port combinations remain on the suppression list for only 30 minutes.
Set the mms.remoteIp.header in the conf-mms.properties file if clients access the MMS OnPrem Application via a load balancer.
mongo.backupdb.mongoUri is no longer in conf-mms.properties. This was previously a required field in this file. It remains in the backup daemons’s conf-daemon.properties.
Stored MongoDB profile data is not transferred between OnPrem 1.4 and OnPrem 1.5 during the upgrade process.
Improvements¶
- When an MMS OnPrem Backup job fails to bind, the system periodically and automatically retries.
- All MMS OnPrem Backup jobs will retry indefinitely.
- Point in Time restores are now available with one second granularity.
New Features¶
- MMS OnPrem Public API.
- Explicit support for multiple MMS OnPrem backup blockstore databases and the ability to pin MMS OnPrem Projects to specific backup daemons and databases. See Assign Snapshot Stores to Specific Data Centers.
- MMS OnPrem can authenticate using LDAP to both the database backing MMS OnPrem and the monitored and backed up MongoDB deployments. See Configure Ops Manager Users for LDAP Authentication and Authorization.
- Enhanced auditing. See Audit Events for more information.
- Ability to acknowledge alerts with comments.
- New cluster page that shows individual, sum or average metrics for all shards in a cluster.
MMS OnPrem Server 1.4¶
MMS OnPrem Server 1.4.3¶
Released 2014-07-22
- Addressed issues related to Backup Job assignment for 2.6.x clusters that used the clusterMonitor role to support MMS OnPrem Monitoring.
- Fixed problem importing email addresses for users for deployments that use LDAP integration.
- Fixed rare race condition caused high CPU usage in the MMS OnPrem HTTP Service if the application cannot connect to one of the backing databases.
- Additional security enhancements.
MMS OnPrem Server 1.4.2¶
Released 2014-05-29
Critical bug fix for backing up MongoDB 2.6 deployments that include user or custom role definitions:
- The system.version collection in the admin database will be included in all future snapshots.
- The system.roles collection in the admin database will be included after a new initial sync is performed.
Users capturing backups of MongoDB 2.6 replica sets or clusters with MMS OnPrem that include custom role definitions should perform a new initial sync. Taking a new initial sync will ensure that the role definitions are included in the backup.
Disable MongoDB usePowerOf2Sizes for insert-only MMS OnPrem Backup collections.
Speed optimization for MMS OnPrem Backup HTTP pull restores.
Fix for LDAP integration, MMS OnPrem now passes full dn correctly when authenticating the user.
MMS OnPrem Server 1.4.1¶
Released 2014-04-28
- Ability to Backup replica sets or clusters using Kerberos authentication.
- Ability to Backup replica sets or clusters running specific custom MongoDB builds provided by MongoDB, Inc.
- Fix validation issue preventing Backup of MongoDB 2.6.0 clusters.
- Reduced log noise from Monitoring Agent when monitoring MongoDB 2.0 or unreachable mongods.
MMS OnPrem Server 1.4.0¶
Released 2014-04-08
- Includes MMS OnPrem Backup: continuous backup with point-in-time recovery of replica sets and cluster-wide snapshots of sharded clusters.
- Finer-grained roles and permissions.
- Improved user interface for alerts.
- Enhanced Activity Feed for auditing of all activity.
- Monitoring Agent distributed as OS-specific binary. Python dependency removed.
- LDAP integration for managing users and groups.
MMS OnPrem 1.4.0 requires MongoDB 2.4.9+ instances for backing storage.
MMS OnPrem Server 1.3¶
Released 2013-12-01
- Packaging/support for Debian and SUSE Linux.
- Kerberos authentication support between MMS OnPrem server and backing MongoDBs, as well as between Monitoring Agent and the MongoDBs it monitors.
- OnPrem users can be overall site administrators. (MMS OnPrem Admins)
- New admin section where MMS OnPrem Admins can manage user roles and message banners.
- Tunable advanced password and session management configurations.
- Encryption key rotation, more specific CORS policy, auth tokens removed from chart URLs, and other security enhancements.
MMS OnPrem Server 1.2¶
Released 2013-07-24
- Redesigned user interface and enhanced algorithm to auto-discover hosts and derive host topology.
- SNMP monitoring.
- Ability to export charts.
- Option to store encrypted authentication credentials in the mmsDb property in the configuration file.
- Ability to classify users within an MMS OnPrem Project as group administrators or read-only users.
Related news
Gentoo Linux Security Advisory 202402-16 - Multiple vulnerabilities have been discovered in Apache Log4j, the worst of which can lead to remote code execution. Versions less than or equal to 1.2.17 are affected.
IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. This vulnerability is due to an incomplete fix for CVE-2022-34352. IBM X-Force ID: 266808.
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138
Red Hat Security Advisory 2023-4909-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section. Issues addressed include denial of service, information leakage, and integer overflow vulnerabilities.
Red Hat JBoss Web Server 5.7.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-28331: A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a ma...
An update is now available for Red Hat JBoss Web Server 5.7.4 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2023-24998: A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to...
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12
MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12
MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12
MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12
MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12
MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.
Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.
Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting.
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.