ArangoDB Technical & Security Alerts
This page lists critical and security issues affecting the ArangoDB suite of products. For a list of other known issues, please refer to the following pages: Known Issues 3.4 and Known Issues 3.3.
Make sure to subscribe to the ArangoDB Announcements Mailing List for important announcements.
| Date Added | Components | Deployment Mode | Description | Affected Versions | Fixed in Versions | Reference |
|---|---|---|---|---|---|---|
| 2022-02-03 | Synchronization | Cluster | Issue in shard synchronization | 3.8.5 | >=3.8.5.1 | Technical Alert #7: Issue in shard synchronization |
| 2021-07-20 | Replication | Cluster | Security issue in JavaScript dependencies & delayed shard replication problem | 3.6.x, 3.7.x | 3.6.15, 3.7.13 | Technical Alert #6: Security issue in JavaScript dependencies & delayed shard replication problem. |
| 2019-06-04 | Agency | Cluster | Data loss can happen for collections created with v3.4.6 | 3.4.6 | 3.4.6-1 | Technical Alert #5: Possible data loss for collections created with v3.4.6 |
| 2019-05-28 | ArangoSearch | All | ArangoSearch query may crash during internal lookup in some cases due to invalid index structure for exact input data | 3.4.0 to 3.4.5 | 3.4.6 | Technical Alert #4: ArangoSearch possibly corrupted index |
| 2019-02-06 | Security | All | Crash or Unauthorized access to ArangoDB | 3.2.0 to 3.2.17, 3.3.0 to 3.3.21, 3.4.0 to 3.4.2 | v3.2.18, v3.3.22 & v3.4.2-1 | Security Alert # 2: VelocyPack Buffer Overflow |
| 2018-11-30 | arangod | All | Wrong suggestion printed in the log on how to optimize an OS setting, if followed, could cause ArangoDB to run into problems as the number of memory mappings will keep growing | 3.3.0 to 3.3.19 | 3.3.20 | Technical Alert #3: Set Linux variable overcommit_memory to 0 or 1 |
| 2018-11-16 | Backup/Restore | All | Users not included in the backup if –server.authentication = true | 3.3.0 to 3.3.13 | 3.3.14 | Technical Alert #2: Users not included in the backup |
| 2018-11-03 | Security | All | Unauthorized access to ArangoDB when using LDAP authentication | 3.2.0 to 3.2.16 & 3.3.0 to 3.3.18 | 3.2.17 & 3.3.19 | Security Alert #1: LDAP Authentication Issue |
| 2018-04-09 | Storage | Single Instance | Data corruption could happen under Linux | 3.3.0 | 3.3.1 | Technical Alert #1: Important Note for Users running ArangoDB v. 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9 or 3.3.0 on Linux |