[Doc] 3.4.1 RelNotes

documentation/docs/release-notes/3.4.1.md

@@ -0,0 +1,53 @@
+# Percona Monitoring and Management 3.4.1
+
+**Release date**: October 8th 2025
+
+Percona Monitoring and Management (PMM) is an open source database monitoring, management, and observability solution for MySQL, PostgreSQL, and MongoDB. PMM empowers you to:
+
+- monitor the health and performance of your database systems
+- identify patterns and trends in database behavior
+- diagnose and resolve issues faster with actionable insights
+- manage databases across on-premises, cloud, and hybrid environments
+
+## 🆕 Release summary
+
+PMM 3.4.1 is a maintenance release that addresses several security vulnerabilities and dependency upgrades to enhance stability and safety.
+
+## 🔒 Security updates
+
+### ⬆️ Nomad upgraded in response to CVE-2025-8959
+We've upgraded the integrated scheduling service to Nomad v1.10.5 in response to a high-severity DoS vulnerability in its SSH agent dependency. However, this latest version still contains the vulnerable Go crypto library because the upstream fix has been committed but not yet released with this version.
+
+Since Nomad is disabled by default in PMM, the vulnerability has minimal risk for typical deployments.
+
+We are monitoring the upstream project and will upgrade once a patched version becomes available.
+
+### 🔧 Fixed: DoS in Percona Toolkit (Logrus)
+Upgraded Percona Toolkit to v3.7.0-2 to resolve a high-severity DoS vulnerability found in the `github.com/sirupsen/logrus` dependency. This flaw could previo usly crash Percona Toolkit commands and disrupt PMM data collection.
+
+### ℹ️ Not affected: OpenSSL cipher processing vulnerability (CVE-2023-5363)
+PMM is not affected by this OpenSSL cipher processing vulnerability because `openssl-libs` package in the Oracle Linux 9 base OS already includes the security fix.
+
+Verified against the [Oracle Linux security advisory ELSA-2024-0627](https://linux.oracle.com/errata/ELSA-2024-0627.html).
+
+### ℹ️ Not affected: Remote code execution (RCE) in pypa/setuptools (CVE-2024-6345)
+PMM is not affected by this RCE vulnerability. 
+
+The PMM image's base OS, Oracle Linux 9, ships with `python3-setuptools 53.0.0-13.el9_6.1`, which already contains the necessary security patch,  confirmed in the [Oracle Linux security advisory ELSA-2024-5534](https://linux.oracle.com/errata/ELSA-2024-5534.html).
+
+### ⚠️  Accepted risk: OpenSSL buffer overflow vulnerabilities (CVE-2022-3786 and CVE-2022-3602)
+These vulnerabilities affect the `openssl-libs` package that comes with PMM's Oracle Linux 9 base image.
+
+Oracle has released patches for these vulnerabilities, but they are distributed only through Oracle Ksplice, their live patching service for Premier Support subscriptions. Because PMM uses only publicly available repositories, these Ksplice-only updates cannot be included.
+
+We assess this risk as low, as PMM is usually deployed in controlled environments. We will apply the updates as soon as Oracle releases them publicly for Oracle Linux.
+
+## 🚀 Ready to upgrade to PMM 3.4.1?
+
+- **New installation:** [Install PMM with our quickstart guide](../quickstart/quickstart.md)
+- **Upgrading from PMM 2:** [Migrate from PMM 2 to PMM 3](../pmm-upgrade/migrating_from_pmm_2.md)
+- **Upgrading PMM 3:** [Upgrade your existing PMM 3 installation](../pmm-upgrade/index.md) 
+
+## ❓ Questions or issues? 
+
+Visit our [community forum](https://forums.percona.com/c/percona-monitoring-and-management-pmm/pmm-3/84) or [open an issue](https://github.com/percona/pmm/issues) on GitHub.

documentation/docs/release-notes/index.md

@@ -1,5 +1,5 @@
 # Release notes
-
+- [Percona Monitoring and Management 3.4.1](3.4.1.md)
 - [Percona Monitoring and Management 3.4.0](3.4.0.md)
 - [Percona Monitoring and Management 3.3.1](3.3.1.md)
 - [Percona Monitoring and Management 3.3.0](3.3.0.md)

documentation/mkdocs-base.yml

@@ -331,6 +331,7 @@ nav:
 
   - Release notes:
       - Release notes index: release-notes/index.md
+      - "PMM 3.4.1 (2025-10-08)": release-notes/3.4.1.md
       - "PMM 3.4.0 (2025-09-15)": release-notes/3.4.0.md
       - "PMM 3.3.1 (2025-07-30)": release-notes/3.3.1.md
       - "PMM 3.3.0 (2025-07-09)": release-notes/3.3.0.md

documentation/mkdocs-pdf.yml

@@ -7,9 +7,9 @@ plugins:
     version_selector: false
   # https://github.com/orzih/mkdocs-with-pdf
   with-pdf:
-    output_path: "pdf/PerconaMonitoringAndManagement-3.4.0.pdf"
+    output_path: "pdf/PerconaMonitoringAndManagement-3.4.1.pdf"
     cover_title: "Percona Monitoring and Management Documentation"
-    cover_subtitle: 3.4.0 (September 15, 2025)
+    cover_subtitle: 3.4.1 (October 8, 2025)
     author: "Percona Technical Documentation Team"
     cover_logo: docs/images/Percona_Logo_Color.png
     custom_template_path: resources/templates

documentation/variables.yml

@@ -1,6 +1,6 @@
 # PMM Version for HTML
 # See also mkdocs.yml plugins.with-pdf.cover_subtitle and output_path
 
-release: '3.4.0'
-version: '3.4.0'
-release_date: 2025-09-15
+release: '3.4.1'
+version: '3.4.1'
+release_date: 2025-10-08