|
| 1 | +.. _opsmgr-server-7.0.15: |
| 2 | + |
| 3 | +|onprem| Server 7.0.15 |
| 4 | +~~~~~~~~~~~~~~~~~~~~~~ |
| 5 | + |
| 6 | +*Released 2025-04-03* |
| 7 | + |
| 8 | +- Updates the {+mdbagent+} to 107.0.15.8741-1. |
| 9 | +- Releases ``mongosh`` 2.4.0 to |mms|. |
| 10 | +- Adds support for |bic-full| 2.14.22. |
| 11 | +- Compatible with :dbtools:`MongoDB Database Tools 100.11.0 |
| 12 | + </release-notes/database-tools-changelog/#100.11.0-changelog>`. |
| 13 | +- Upgrades Jetty library to 11.0.25. |
| 14 | +- Reduces the maximum session length (:setting:`mms.session.maxHours`) |
| 15 | + from two months to one week to improve security. |
| 16 | +- Adds a new ``mms.cookies.sameSite`` setting to configure cookie behavior: |
| 17 | + |
| 18 | + - ``Lax`` allows top-level navigation cookies. |
| 19 | + - ``Strict`` restricts cookies to same-site requests. |
| 20 | + - ``None`` permits all cross-site cookies over HTTPS. |
| 21 | + |
| 22 | + All cookies are now ``httpOnly`` and marked as secure when |
| 23 | + using HTTPS. |
| 24 | + |
| 25 | +- Adds support for configuing multiple passwords in :setting:`security.ldap.bind.queryPassword` |
| 26 | + so that users can ensure that MongoDB won't disconnect from LDAP after a restart when |
| 27 | + performing an LDAP credential rotation. To learn more, see :ref:`security-ldap`. |
| 28 | + |
| 29 | +- Improves handling of misconfigured core/max pool sizes. |
| 30 | + |
| 31 | +- Adds the ability for |mms| to recognize dashes (``-``) in deployment names. |
| 32 | + |
| 33 | +- Exports all stored telemetry data into the related files in the diagnostic logs. |
| 34 | + |
| 35 | +- Improves error handling to prevent ``mongodb-mms-stop`` from crashing |
| 36 | + with ``Mongodb-mms-backup-daemon`` errors when the pid file doesn't exist. |
| 37 | + |
| 38 | +- Fixes the following issues: |
| 39 | + |
| 40 | + - Fixes possibly innacurate |fcv| change timestamp warnings. |
| 41 | + - Fixes incorrect redirection to an |idp-full|\s entity ID for |
| 42 | + |idp-full|\s that don't have single logout (SLO) configured. |
| 43 | + |
| 44 | + After logging out of |mms|, users are now reminded to also log out of the |
| 45 | + |idp-full| to complete the logout process. |
| 46 | + |
| 47 | + - Fixes inaccurate restore job statuses when cancelled. |
| 48 | + |
| 49 | + - Fixes an issue where the user interface passes incorrect values |
| 50 | + for ``pemFilePwd`` for the ``verifyTLSCertificate`` job. |
| 51 | + |
| 52 | + - Fixes an issue where the {+mdbagent+} ignores the Windows |
| 53 | + {+mdbagent+} Certificate File information and uses the Linux path instead. |
| 54 | + |
| 55 | + - Fixes a broken documentation link for :guilabel:`Create API Key > Add Access List Entry`. |
| 56 | + |
| 57 | + - Fixes saving custom parameter settings due to ``mms.mail.transport``. |
| 58 | + |
| 59 | +- Fixes the following |cve|\s: |
| 60 | + |
| 61 | + - `CVE-2021-32050 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=/CVE-2021-32050>`__. |
| 62 | + - `CVE-2023-26159 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=/CVE-2023-26159>`__. |
| 63 | + - `CVE-2023-42282 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=/CVE-2023-42282>`__. |
| 64 | + - `CVE-2024-11831 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=/CVE-2024-11831>`__. |
| 65 | + - `CVE-2024-12905 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=/CVE-2024-12905>`__. |
| 66 | + - `CVE-2024-21536 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=/CVE-2024-21536>`__. |
| 67 | + - `CVE-2024-21538 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=/CVE-2024-21538>`__. |
| 68 | + - `CVE-2024-28849 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=/CVE-2024-28849>`__. |
| 69 | + - `CVE-2024-29180 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=/CVE-2024-29180>`__. |
| 70 | + - `CVE-2024-37890 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=/CVE-2024-37890>`__. |
| 71 | + - `CVE-2024-47535 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=/CVE-2024-47535>`__. |
| 72 | + - `CVE-2025-22868 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=/CVE-2025-22868>`__. |
| 73 | + - `CVE-2025-22869 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=/CVE-2025-22869>`__. |
| 74 | + - `CVE-2025-22870 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=/CVE-2025-22870>`__. |
| 75 | + - `CVE-2025-24970 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=/CVE-2025-24970>`__. |
| 76 | + - `CVE-2025-27789 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=/CVE-2025-27789>`__. |
| 77 | + - `CVE-2025-30204 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=/CVE-2025-30204>`__. |
| 78 | + |
1 | 79 | .. _opsmgr-server-7.0.14:
|
2 | 80 |
|
3 | 81 | |onprem| Server 7.0.14
|
|
0 commit comments