Skip to content

Commit 52c0ebb

Browse files
Merge pull request #1142 from percona/RN-6.0.29-23
RN-6.0.29-23
2 parents 27e2c01 + 76e1ef2 commit 52c0ebb

5 files changed

Lines changed: 40 additions & 3 deletions

File tree

docs/_templates/pdf_cover_page.tpl

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,11 @@
33
<p>
44
<img src="_images/Percona_Logo_Color.png" />
55
</p>
6-
<h1>Server for MongoDB 6.0.28-22</h1>
6+
<h1>Server for MongoDB 6.0.29-23</h1>
77
{% if config.site_description %}
88
<h1>{{ config.site_description }}</h1>
99
{% endif %}
10-
<h2>6.0.28-22 (May 26, 2026)</h2>
10+
<h2>6.0.29-23 (June 24, 2026)</h2>
1111
<br>
1212
<br>
1313
<br>

docs/release_notes/6.0.29-23.md

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
version: 6.0.29-23
2+
---
3+
4+
# Percona Server for MongoDB {{ page.meta.version }} ({{date.6_0_29}})
5+
6+
[Installation](../install/index.md){.md-button}
7+
[Upgrade from MongoDB Community](../install/upgrade-from-mongodb.md){.md-button}
8+
9+
Percona Server for MongoDB {{ page.meta.version }} is an enhanced, source-available, and highly-scalable database that is a fully-compatible, drop-in replacement for MongoDB Community Edition.
10+
11+
Percona Server for MongoDB **{{ page.meta.version }}** includes the updates from [MongoDB 6.0.29 Community Edition :octicons-link-external-16:](https://www.mongodb.com/docs/v6.0/release-notes/6.0-changelog/#6.0.29-changelog){:target="_blank"}. It also supports the protocols and drivers of MongoDB Community **6.0.29**.
12+
13+
## Upgrade recommendation
14+
15+
This release contains a **high-severity security fix** affecting all Percona Server for MongoDB 6.0.x versions. We strongly recommend **upgrading to version {{ page.meta.version }}** as soon as possible.
16+
17+
## Security update
18+
19+
- [SERVER-128125 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-128125){:target="_blank"} **(CVE-2026-11933):** A **use-after-free** vulnerability was identified in MongoDB Server’s server-side JavaScript engine when converting `BSON` documents to JavaScript arrays. An authenticated user with read privileges who can execute server-side JavaScript (e.g., via `$where` or `$function`) may trigger access to freed memory, which could result in information disclosure from the `mongod` process memory or a denial of service through a server crash.
20+
21+
## Tools packaged with this release
22+
23+
Percona repackages the upstream MongoDB Shell (`mongosh`) as `percona-mongodb-mongosh`, updating all copyright, authorship, and branding under the full product name "Percona MongoDB Shell."
24+
25+
Percona also repackages and patches Mongo Tools. In this release, we've updated embedded Go libraries in the `mongodump` binary to address 15 security (severity from medium to critical) vulnerabilities:
26+
27+
- `golang.org/x/crypto` updated from **v0.45.0** to **v0.52.0** — fixes [CVE-2026-39827 :octicons-link-external-16:](https://nvd.nist.gov/vuln/detail/CVE-2026-39827){:target="_blank"}, [CVE-2026-39828 :octicons-link-external-16:](https://nvd.nist.gov/vuln/detail/CVE-2026-39828){:target="_blank"}, [CVE-2026-39829 :octicons-link-external-16:](https://nvd.nist.gov/vuln/detail/CVE-2026-39829){:target="_blank"}, [CVE-2026-39830 :octicons-link-external-16:](https://nvd.nist.gov/vuln/detail/CVE-2026-39830){:target="_blank"}, [CVE-2026-39835 :octicons-link-external-16:](https://nvd.nist.gov/vuln/detail/CVE-2026-39835){:target="_blank"}, [CVE-2026-42508 :octicons-link-external-16:](https://nvd.nist.gov/vuln/detail/CVE-2026-42508){:target="_blank"}, [CVE-2026-46595 :octicons-link-external-16:](https://nvd.nist.gov/vuln/detail/CVE-2026-46595){:target="_blank"}, [CVE-2026-46597 :octicons-link-external-16:](https://nvd.nist.gov/vuln/detail/CVE-2026-46597){:target="_blank"}
28+
- `golang.org/x/net` updated from **v0.47.0** to **v0.55.0** — fixes [CVE-2026-25680 :octicons-link-external-16:](https://nvd.nist.gov/vuln/detail/CVE-2026-25680){:target="_blank"}, [CVE-2026-25681 :octicons-link-external-16:](https://nvd.nist.gov/vuln/detail/CVE-2026-25681){:target="_blank"}, [CVE-2026-27136 :octicons-link-external-16:](https://nvd.nist.gov/vuln/detail/CVE-2026-27136){:target="_blank"}, [CVE-2026-33814 :octicons-link-external-16:](https://nvd.nist.gov/vuln/detail/CVE-2026-33814){:target="_blank"}, [CVE-2026-39821 :octicons-link-external-16:](https://nvd.nist.gov/vuln/detail/CVE-2026-39821){:target="_blank"}, [CVE-2026-42502 :octicons-link-external-16:](https://nvd.nist.gov/vuln/detail/CVE-2026-42502){:target="_blank"}, [CVE-2026-42506 :octicons-link-external-16:](https://nvd.nist.gov/vuln/detail/CVE-2026-42506){:target="_blank"}
29+
30+
| **Tool** | **Base version** | **Release notes** |
31+
|---|---|---|
32+
| MongoDB Shell (`mongosh`) | 2.8.3 | [upstream release notes :octicons-link-external-16:](https://www.mongodb.com/docs/mongodb-shell/changelog/#v2.8.3){:target="_blank"} |
33+
| Mongo Tools | 100.17.0 | [upstream release notes :octicons-link-external-16:](https://www.mongodb.com/docs/database-tools/release-notes/dbtools-100.17.0-changelog/){:target="_blank"} |

docs/release_notes/index.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
# Percona Server for MongoDB 6.0 Release Notes
22

3+
* [Percona Server for MongoDB 6.0.29-23 ({{date.6_0_29}})](6.0.29-23.md)
4+
35
* [Percona Server for MongoDB 6.0.28-22 ({{date.6_0_28}})](6.0.28-22.md)
46

57
* [Percona Server for MongoDB 6.0.27-21 ({{date.6_0_27}})](6.0.27-21.md)

mkdocs-base.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -228,6 +228,7 @@ nav:
228228
- install/uninstall.md
229229
- Release notes:
230230
- "Release notes index": "release_notes/index.md"
231+
- release_notes/6.0.29-23.md
231232
- release_notes/6.0.28-22.md
232233
- release_notes/6.0.27-21.md
233234
- release_notes/6.0.25-20.md

variables.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,15 @@
11
# PBM Variables set for HTML output
22
# See also mkdocs.yml plugins.with-pdf.cover_subtitle and output_path
33

4-
release: '6.0.28-22'
4+
release: '6.0.29-23'
55
version: '6.0'
66
mongosh: '2.8.3'
77

88
product:
99
psmdb_full_name: Percona Server for MongoDB
1010

1111
date:
12+
6_0_29: '2026-06-24'
1213
6_0_28: '2026-05-26'
1314
6_0_27: '2026-01-12'
1415
6_0_25: '2025-07-30'

0 commit comments

Comments
 (0)