Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-03-29 20:07:19 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

🔒 chore: Bump MongoDB from 8.0.17 to 8.0.20 in Docker Compose Files (#12399)

Browse source 
Addresses vulnerabilities disclosed in CERTFR-2026-AVI-0310:
- Improper object lifecycle management of MD5 hash state in core
  cryptographic operations (Blocker/P1)
- Use-after-free in ExpressionContext during pipeline cloning with
  nested $unionWith stages (Major/P3)
This commit is contained in:
Danny Avila 2026-03-25 13:56:43 -04:00 committed by GitHub
parent 221e49222d
commit 734239346b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
deploy-compose.yml
View file

@ -46,7 +46,7 @@ services:
container_name: chat-mongodb
# ports: # Uncomment this to access mongodb from outside docker, not safe in deployment
# - 27018:27017
image: mongo:8.0.17
image: mongo:8.0.20
restart: always
volumes:
- ./data-node:/data/db