Database Tools 100.9.5 Released

Working with Data Developer Tools
, ,
1

We are pleased to announce version 100.9.5 of the MongoDB Database Tools.

For this release we have updated many of our third-party dependencies, as well adding third-party dependency vulnerability scanning, static analysis, and other tooling to comply with MongoDB’s Software Security Development Lifecycle initiative. Notably, all releases now ship with a Software Bill of Materials (SBOM). Look for a file ending with .cdx.json in the archive. For OS packages, this file should be installed in an appropriate location for each package, like /usr/share/docs for deb packages.

The Database Tools are available on the MongoDB Download Center. Installation instructions and documentation can be found on docs.mongodb.com/database-tools. Questions and inquiries can be asked on the MongoDB Developer Community Forum. Please make sure to tag forum posts with database-tools. Bugs and feature requests can be reported in the Database Tools Jira where a list of current issues can be found.

Investigation

  • [TOOLS-3486] - Investigate changes in SERVER-81378: Change classic behavior: equality to null should not match undefined
  • [TOOLS-3498] - Investigate changes in SERVER-86928: Local Privilege Escalation via Untrusted Directory | mongodbldap.exe
  • [TOOLS-3500] - Investigate changes in SERVER-88071: Deprecate filemd5 with the intent of eventual removal

Bug

  • [TOOLS-3519] - mongodump/mongoreplay docs don't include a disclaimer against using --oplog/--oplogReplay in sharded clusters
  • [TOOLS-3554] - Security Vulnerability in mongodb db tools packages

Task

  • [TOOLS-3499] - Clean up release code to remove unused tags and remove libsasl.dll from MSI
  • [TOOLS-3526] - Artifact: Authorized publication on distribution channels for DB Tools 7.0.x*
  • [TOOLS-3527] - Artifact: Third Party Dependencies Report for DB Tools 7.0.x*
  • [TOOLS-3528] - Prep for Silk Onboarding: Add DB Tools to Silk Inventory
  • [TOOLS-3532] - Onboard DB Tools to Papertrail Service for SSDLC Compliance
  • [TOOLS-3534] - Integrate this project with Snyk for third-party vulnerability scanning
  • [TOOLS-3535] - Add gosec as a linter and add minimal precious config
  • [TOOLS-3550] - Create augmented SBOM file and add it to the release artifacts
  • [TOOLS-3551] - Fix integration test failures with MongoDB 8.0 RC release
  • [TOOLS-3555] - Remove support for Debian 8
  • [TOOLS-3559] - Include the Augmented SBOM in all release artifacts
  • [TOOLS-3565] - Artifact: Static Code Analysis Report for DB Tools 7.0.x*
2 Likes