Skip to content

Disable MongoDB exporter for Ubuntu 20.04, 22.04, and 24.04 packages. #21403

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Ferroin merged 1 commit into from
Dec 5, 2025
Merged

Disable MongoDB exporter for Ubuntu 20.04, 22.04, and 24.04 packages. #21403

Ferroin merged 1 commit into from
Dec 5, 2025

Conversation

@Ferroin
Copy link
Member

@Ferroin Ferroin commented Dec 4, 2025
edited
Loading

Summary

The version of libbson that is available without Ubuntu Pro in these versions of Ubuntu has multiple known security issues (CVE-2024-6381, CVE-2024-6383, CVE-2025-0755). libbson is a mandatory dependency for our MongoDB exporter, and thus Netdata’s native packages being installed on a system running one of these versions of Ubuntu without Ubuntu Pro will cause the system to fail certain types of security audits.

As our MongoDB exporter appears to not be widely used, we’re simply disabling it for native package builds for affected platforms. Users on these platforms who need the MongoDB exporter are encouraged to use our static builds instead, which do not suffer from these security issues.

Test Plan

CI passes on this PR.

@github-actions github-actions bot added the area/packaging Packaging and operating systems support label Dec 4, 2025
@Ferroin Ferroin marked this pull request as ready for review December 4, 2025 16:32
@Ferroin Ferroin requested a review from a team as a code owner December 4, 2025 16:32
@Ferroin Ferroin requested a review from a team December 4, 2025 16:32
cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Dec 4, 2025
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

thiagoftsm
thiagoftsm approved these changes Dec 5, 2025
View reviewed changes
Copy link
Contributor

@thiagoftsm thiagoftsm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After generate packages for Ubuntu 20.04, I installed it and I did not observe netdata linked with mongoc. In addition to this, I received a warning libmogo-c is not necessary in my VM. LGTM!

@Ferroin Ferroin merged commit 739cd71 into netdata:master Dec 5, 2025
144 of 145 checks passed
@Ferroin Ferroin deleted the ubuntu-no-mongo branch December 5, 2025 11:54
stelfrag pushed a commit to stelfrag/netdata that referenced this pull request Dec 5, 2025
@Ferroin @stelfrag
Disable MongoDB exporter for Ubuntu 20.04, 22.04, and 24.04 packages. (
905af50 
…netdata#21403)

(cherry picked from commit 739cd71)
@stelfrag stelfrag mentioned this pull request Dec 5, 2025
Merged
Ferroin added a commit that referenced this pull request Dec 15, 2025
@Ferroin
Disable MongoDB exporter for Ubuntu 20.04, 22.04, and 24.04 packages. (
05dabcd 
…#21403)

(cherry picked from commit 739cd71)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@thiagoftsm thiagoftsm thiagoftsm approved these changes

Assignees

No one assigned

Labels

area/packaging Packaging and operating systems support

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Ferroin @thiagoftsm