Hello,
A vulnerability in MongoDB was reported over the Christmas break and I have been asked to update the MongoDB instance used by our Horde deployment. We deployed Horde using the MSI bundled with Unreal 5.6. From what I can see it comes with MongoDB 4.2.8.
What would be the best course of action to deploy a MongoDB version not affected by the vulnerability?
- The vulnerability report indicates that all v4.2 versions are affected and there does not seem to be a fix available for 4.2 versions. Does Horde support different MongoDB versions (e.g. 4.4)? If so, how do I tell the Horde service to spawn a MongoDB instance other than the one bundled with the MSI?
- There is also the possibility of disabling zlib as a temporary workaround (see instructions below)? I don’t really know where to set this option in Horde.
- If you cannot upgrade immediately, disable zlib compression on the MongoDB Server by starting mongod or mongos with a networkMessageCompressors or a net.compression.compressors option that explicitly omits zlib. Example safe values include snappy,zstd or disabled
Thank you,
Clement
[Attachment Removed]