ArangoDB Technical & Security Alerts

This page lists critical and security issues affecting the ArangoDB suite of products. For a list of other known issues, please refer to the following pages: Known Issues 3.4 and Known Issues 3.3.

Make sure to subscribe to the ArangoDB Announcements Mailing List for important announcements.

dashed divider
right blob img min

Date AddedComponents Deployment Mode Description Affected Versions Fixed in Versions Reference
2022-02-03Synchronization Cluster Issue in shard synchronization 3.8.5 >= Technical Alert #7: Issue in shard synchronization
2021-07-20Replication Cluster Security issue in JavaScript dependencies & delayed shard replication problem 3.6.x, 3.7.x 3.6.15, 3.7.13 Technical Alert #6: Security issue in JavaScript dependencies & delayed shard replication problem.
2019-06-04 Agency ClusterData loss can happen for collections created with v3.4.6 3.4.6 3.4.6-1 Technical Alert #5: Possible data loss for collections created with v3.4.6
2019-05-28 ArangoSearchAllArangoSearch query may crash during internal lookup in some cases due to invalid index structure for exact input data 3.4.0 to 3.4.5 3.4.6 Technical Alert #4: ArangoSearch possibly corrupted index
2019-02-06 Security All Crash or Unauthorized access to ArangoDB 3.2.0 to 3.2.17, 3.3.0 to 3.3.21, 3.4.0 to 3.4.2 v3.2.18, v3.3.22 & v3.4.2-1 Security Alert # 2: VelocyPack Buffer Overflow
2018-11-30 arangodAll Wrong suggestion printed in the log on how to optimize an OS setting, if followed, could cause ArangoDB to run into problems as the number of memory mappings will keep growing 3.3.0 to 3.3.19 3.3.20 Technical Alert #3: Set Linux variable overcommit_memory to 0 or 1
2018-11-16 Backup/Restore All Users not included in the backup if –server.authentication = true 3.3.0 to 3.3.13 3.3.14 Technical Alert #2: Users not included in the backup
2018-11-03 Security All Unauthorized access to ArangoDB when using LDAP authentication 3.2.0 to 3.2.16 & 3.3.0 to 3.3.18 3.2.17 & 3.3.19 Security Alert #1: LDAP Authentication Issue
2018-04-09 StorageSingle InstanceData corruption could happen under Linux 3.3.0 3.3.1 Technical Alert #1: Important Note for Users running ArangoDB v. 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9 or 3.3.0 on Linux