|
| 1 | +title: Percona Server for MongoDB 8.0.19-7 ({{date.8_0_19}}) |
| 2 | +summary: Learn about improvements, new features, and bug and security vulnerability fixes in this release |
| 3 | +authors: |
| 4 | + - Rasika Chivate |
| 5 | +version: 8.0.19-7 |
| 6 | +--- |
| 7 | + |
| 8 | +# Percona Server for MongoDB {{ page.meta.version }} ({{date.8_0_19}}) |
| 9 | + |
| 10 | +[Install](../install/index.md){.md-button} |
| 11 | +[Upgrade from MongoDB Community](../install/upgrade-from-mongodb.md){.md-button} |
| 12 | + |
| 13 | +Percona Server for MongoDB {{ page.meta.version }} is an enhanced, source-available, and highly-scalable database that is a |
| 14 | +fully-compatible, drop-in replacement for MongoDB Community Edition. |
| 15 | + |
| 16 | +Percona Server for MongoDB {{ page.meta.version }} includes the improvements and bug fixes from: |
| 17 | + |
| 18 | +- [MongoDB 8.0.18 Community Edition](https://www.mongodb.com/docs/manual/release-notes/8.0/#8.0.18---jan-27--2026) |
| 19 | + |
| 20 | +- [MongoDB 8.0.19 Community Edition](https://www.mongodb.com/docs/manual/release-notes/8.0/#8.0.19---feb-10--2026) |
| 21 | + |
| 22 | +Percona Server for MongoDB {{ page.meta.version }} supports protocols and drivers of MongoDB Community **8.0.18** and **8.0.19**. |
| 23 | + |
| 24 | +## New feature |
| 25 | + |
| 26 | +- [PSMDB-1893](https://perconadev.atlassian.net/browse/PSMDB-1893): |
| 27 | +**Disable specific FTDC metric groups** |
| 28 | + |
| 29 | + Percona Server for MongoDB now permits administrators to disable specific diagnostic metric groups via two new server parameters: |
| 30 | + |
| 31 | + - **diagnosticDataCollectionEnableSystemMetricsDisks** |
| 32 | + - Enables or disables collection of disk-level statistics. |
| 33 | + - Type: Boolean (`true`/`false`) |
| 34 | + - Default: true (enabled) |
| 35 | + - Scope: Startup; runtime configurable via `setParameter` |
| 36 | + |
| 37 | + - **diagnosticDataCollectionEnableSystemMetricsMounts** |
| 38 | + - Enables or disables collection of mount-level statistics. |
| 39 | + - Type: Boolean (true/false) |
| 40 | + - Default: true (enabled) |
| 41 | + - Scope: Startup; runtime configurable via setParameter |
| 42 | + |
| 43 | + Database administrators can avoid delays in diagnostics caused by unstable or unresponsive mount points in NFS, FUSE, or autofs environments by excluding certain problematic groups like `systemMetrics`, `serverStatus.connections`, and `replSetGetStatus`. This way, the Full Time Diagnostic Data Capture (FTDC) can still deliver important insights into database performance, such as query efficiency and replication, without being hindered by system-level issues. |
| 44 | + |
| 45 | +Ready to explore this topic further? Check out our in-depth [documentation](https://docs.percona.com/percona-server-for-mongodb/8.0/set-parameter.html) |
| 46 | + |
| 47 | +## Security updates: CVE fixes from upstream MongoDB |
| 48 | + |
| 49 | +This release includes upstream MongoDB security fixes for the following vulnerabilities: |
| 50 | + |
| 51 | +### High severity |
| 52 | + |
| 53 | +- [SERVER-116210](https://jira.mongodb.org/browse/SERVER-116210) |
| 54 | +**(CVE-2026-25611):** Fixed an issue where a series of specifically crafted, unauthenticated messages could exhaust available system memory, leading to a server crash. |
| 55 | + |
| 56 | + |
| 57 | +- [SERVER-114838](https://jira.mongodb.org/browse/SERVER-114838) |
| 58 | + **(CVE-2026-25612):** Resolved a bug in the internal locking mechanism where specific resource encodings could cause unintended collisions between collections. This could lead to resource unavailability due to conflicting locks. |
| 59 | + |
| 60 | +- [SERVER-113685](https://jira.mongodb.org/browse/SERVER-113685) |
| 61 | + **(CVE-2026-25613):** Fixed a vulnerability where an authorized user could crash the server by querying a collection containing an invalid compound wildcard index. |
| 62 | + |
| 63 | +- [SERVER-102364](https://jira.mongodb.org/browse/SERVER-102364) |
| 64 | + **(CVE-2026-1849):** Addressed an Out-Of-Memory (OOM) failure during the evaluation of expressions that produce deeply nested documents. The server now properly validates recursion depth to prevent unchecked memory consumption. |
| 65 | + |
| 66 | +- [SERVER-114126](https://jira.mongodb.org/browse/SERVER-114126) |
| 67 | + **(CVE-2026-1850):** Fixed an issue where complex boolean expression simplifications within the Query Planner by an authorized user could lead to excessive memory usage and an OOM crash. |
| 68 | + |
| 69 | +- [SERVER-99119](https://jira.mongodb.org/browse/SERVER-99119) **(CVE-2026-25610):** Resolved a vulnerability where an authorized user could trigger a server crash by executing a `$geoNear` aggregation pipeline with specific invalid index hints. |
| 70 | + |
| 71 | +- [SERVER-114695](https://jira.mongodb.org/browse/SERVER-114695) |
| 72 | + **(CVE-2026-1848):** Resolved a vulnerability where connections received on the proxy port (pending proxy protocol headers) were excluded from the `maxConns` limit. This flaw exposed the server to resource exhaustion and OOM (Out-of-Memory) crashes during high-traffic bursts. |
| 73 | + |
| 74 | +- [SERVER-113532](https://jira.mongodb.org/browse/SERVER-113532) |
| 75 | + **(CVE-2026-1847):** Resolved an issue where inserting specific large documents could prevent secondaries from fetching the oplog from the primary. This could stall replication and potentially lead to node instability. |
| 76 | + |
| 77 | +### Medium severity |
| 78 | + |
| 79 | +- [SERVER-112952](https://jira.mongodb.org/browse/SERVER-112952) |
| 80 | + **(CVE-2026-25609):** Corrected an issue where improper validation of the profile command caused requests altering the `filter` to be incorrectly treated as read-only. |
| 81 | + |
| 82 | + |
| 83 | +### Affected versions |
| 84 | + |
| 85 | +These vulnerabilities affect the following versions of MongoDB Community Edition and Percona Server for MongoDB: |
| 86 | + |
| 87 | +- All Percona Server for MongoDB 8.0.x versions |
| 88 | +- MongoDB Community 8.0 versions prior to 8.0.18 |
| 89 | + |
| 90 | + |
| 91 | +These issues are fixed in the upstream MongoDB 8.0 patch line and are included in **Percona Server for MongoDB 8.0.19-7**. We strongly recommend upgrading to **8.0.19-7** to ensure your deployments include the latest security fixes. |
| 92 | + |
| 93 | +## Tools packaged with this release |
| 94 | + |
| 95 | +Percona Server for MongoDB packages the following MongoDB tools: |
| 96 | + |
| 97 | +- MongoDB Shell (mongosh): 2.6.0 — [upstream changelog :octicons-link-external-16:](https://www.mongodb.com/docs/mongodb-shell/changelog/){:target="_blank"} |
| 98 | + |
| 99 | +- MongoDB Database Tools: 100.14.1 — [upstream release notes :octicons-link-external-16:](https://www.mongodb.com/docs/database-tools/release-notes/database-tools-changelog/){:target="_blank"} |
| 100 | + |
| 101 | +## Bugs fixed |
| 102 | + |
| 103 | +- [PSMDB-1922](https://perconadev.atlassian.net/browse/PSMDB-1922): Resolved an issue where the `auditGetOptions` command could be executed by users with any privilege level. Access is now strictly restricted to users with **admin privileges**, aligning its security requirements with the `getParameter` command to prevent unauthorized access to audit configuration options. |
0 commit comments