Technical and Security Alerts

ArangoDB Technical & Security Alerts

This page lists critical and security issues affecting the ArangoDB suite of products. For a list of other known issues, please refer to the following pages: Known Issues 3.4 and Known Issues 3.3.

Make sure to subscribe to the ArangoDB Announcements Mailing List for important announcements.

Date Added Components Deployment Mode Description Affected Versions Fixed in Versions Reference
2019-06-04 Agency Cluster Data loss can happen for collections created with v3.4.6 3.4.6 3.4.6-1 Technical Alert #5: Possible data loss for collections created with v3.4.6
2019-05-28 ArangoSearch All ArangoSearch query may crash during internal lookup in some cases due to invalid index structure for exact input data 3.4.0 to 3.4.5 3.4.6 Technical Alert #4: ArangoSearch possibly corrupted index
2019-02-06 Security All Crash or Unauthorized access to ArangoDB 3.2.0 to 3.2.17, 3.3.0 to 3.3.21, 3.4.0 to 3.4.2 v3.2.18, v3.3.22 & v3.4.2-1 Security Alert # 2: VelocyPack Buffer Overflow
2018-11-30 arangod All Wrong suggestion printed in the log on how to optimize an OS setting, if followed, could cause ArangoDB to run into problems as the number of memory mappings will keep growing 3.3.0 to 3.3.19 3.3.20 Technical Alert #3: Set Linux variable overcommit_memory to 0 or 1
2018-11-16 Backup/Restore All Users not included in the backup if –server.authentication = true 3.3.0 to 3.3.13 3.3.14 Technical Alert #2: Users not included in the backup
2018-11-03 Security All Unauthorized access to ArangoDB when using LDAP authentication 3.2.0 to 3.2.16 & 3.3.0 to 3.3.18 3.2.17 & 3.3.19 Security Alert #1: LDAP Authentication Issue
2018-04-09 Storage Single
Data corruption could happen under Linux 3.3.0 3.3.1 Technical Alert #1: Important Note for Users running ArangoDB v. 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9 or 3.3.0 on Linux

Do you like ArangoDB?
icon-githubStar this project on GitHub.