Technical and Security Alerts - ArangoDB

Sign up for ArangoDB Cloud

Before signing up, please accept our terms & conditions and privacy policy.

What to expect after you signup
You can try out ArangoDB Cloud FREE for 14 days. No credit card required and you are not obligated to keep using ArangoDB Cloud.

At the end of your free trial, enter your credit card details to continue using ArangoDB Cloud.

If you decide that ArangoDB Cloud is not (yet) for you, you can simply leave and come back later.

Technical and Security Alerts

ArangoDB Technical & Security Alerts

This page lists critical and security issues affecting the ArangoDB suite of products. For a list of other known issues, please refer to the following pages: Known Issues 3.4 and Known Issues 3.3.

Make sure to subscribe to the ArangoDB Announcements Mailing List for important announcements.

Date Added Components Deployment Mode Description Affected Versions Fixed in Versions Reference
2022-02-03 Synchronization Cluster Issue in shard synchronization 3.8.5 >=3.8.5.1 Technical Alert #7: Issue in shard synchronization
2021-07-20 Replication Cluster Security issue in JavaScript dependencies & delayed shard replication problem 3.6.x, 3.7.x 3.6.15, 3.7.13 Technical Alert #6: Security issue in JavaScript dependencies & delayed shard replication problem.
2019-06-04 Agency Cluster Data loss can happen for collections created with v3.4.6 3.4.6 3.4.6-1 Technical Alert #5: Possible data loss for collections created with v3.4.6
2019-05-28 ArangoSearch All ArangoSearch query may crash during internal lookup in some cases due to invalid index structure for exact input data 3.4.0 to 3.4.5 3.4.6 Technical Alert #4: ArangoSearch possibly corrupted index
2019-02-06 Security All Crash or Unauthorized access to ArangoDB 3.2.0 to 3.2.17, 3.3.0 to 3.3.21, 3.4.0 to 3.4.2 v3.2.18, v3.3.22 & v3.4.2-1 Security Alert # 2: VelocyPack Buffer Overflow
2018-11-30 arangod All Wrong suggestion printed in the log on how to optimize an OS setting, if followed, could cause ArangoDB to run into problems as the number of memory mappings will keep growing 3.3.0 to 3.3.19 3.3.20 Technical Alert #3: Set Linux variable overcommit_memory to 0 or 1
2018-11-16 Backup/Restore All Users not included in the backup if –server.authentication = true 3.3.0 to 3.3.13 3.3.14 Technical Alert #2: Users not included in the backup
2018-11-03 Security All Unauthorized access to ArangoDB when using LDAP authentication 3.2.0 to 3.2.16 & 3.3.0 to 3.3.18 3.2.17 & 3.3.19 Security Alert #1: LDAP Authentication Issue
2018-04-09 Storage Single
Instance
Data corruption could happen under Linux 3.3.0 3.3.1 Technical Alert #1: Important Note for Users running ArangoDB v. 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9 or 3.3.0 on Linux

Secure Your Spot Today For ArangoDB Summit.

Join Team Avocado on October 4th and 5th, 2022 for our first ever two day industry event.
REGISTER NOW!
close-link
Click Me