Skip to content

v1.7.1
Compare
Choose a tag to compare
@github-actions github-actions released this 24 Mar 11:07
v1.7.1
763db17
This commit was signed with the committer’s verified signature.
fabritsius Anton
GPG key ID: C3F8113E6A06B132
Verified
Learn about vigilant mode.

MongoDB Atlas Operator v1.7.1

Operator Changes

  • Atlas operator now won't print credentials in logs #907

Fixes CVE-2023-0436: Secret logging may occur in debug mode of Atlas Operator

The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0.
Please note that this is reported on an EOL version of the product, and users are advised to upgrade to the latest supported version.
Required Configuration:

DEBUG logging is not enabled by default, and must be configured by the end-user. To check the log-level of the Operator, review the flags passed in your deployment configuration (eg. https://github.com/mongodb/mongodb-atlas-kubernetes/blob/main/config/manager/manager.yaml#L27)

CVSS: 4.5
CWE-532 Insertion of Sensitive Information into Log File

AtlasBackupSchedule Resource

  • Fixed broken export field #897

The images can be found in:
https://quay.io/mongodb/mongodb-atlas-kubernetes-operator

Assets 3
Loading