Portworx Data Services (PDS) is our managed SaaS platform that makes it simple to deploy, scale, protect, and self-serve data services on Kubernetes—covering a broad catalog from Kafka and PostgreSQL to Redis, MongoDB, and more.
Below is a summary of what’s new in the PDS 26.01.01 release.
Fixed in Release
-
DS-15930: MongoDB CVE-2025-14847
-
When zlib decompression is enabled in MongoDB’s network protocol, a heap memory leak vulnerability (CVE-2025-14847) allows unauthenticated attackers to read sensitive server memory contents, including credentials, session tokens, and other confidential data.
-
All MongoDB deployments running versions prior to the patched releases are vulnerable to unauthenticated information disclosure attacks.
-
For MongoDB 8.0.x deployments, upgrade to MongoDB 8.0.17 resolves the issue.
For MongoDB 7.0.x deployments, upgrade to MongoDB 7.0.28 resolves the issue. -
New deployments should use these patched versions, and existing deployments running vulnerable versions must be upgraded to a patched release at the earliest opportunity using the standard PDS data service update workflow. For detailed steps, see Update data service version and build version.
-
Available now in the PDS SaaS at https://cloud.portworx.io/ .
-
Learn more
-
Release notes (26.01.01) : Full details, dates, and issue tracking.
-
PDS docs home: Concepts, supported services, getting started, and how-to guides.