percona · catalinaadam · Oct 13, 2025 · Oct 1, 2025 · Oct 1, 2025 · Oct 2, 2025
@@ -0,0 +1,108 @@
+# Percona Monitoring and Management 3.4.1
+
+**Release date**: October 8th 2025
+
+Percona Monitoring and Management (PMM) is an open source database monitoring, management, and observability solution for MySQL, PostgreSQL, and MongoDB. PMM empowers you to:
+
+- monitor the health and performance of your database systems
+- identify patterns and trends in database behavior
+- diagnose and resolve issues faster with actionable insights
+- manage databases across on-premises, cloud, and hybrid environments
+
+## Release summary
+
+PMM 3.4.1 is a maintenance release that addresses several security vulnerabilities and updates Docker images and package dependencies.
+
+### Fixed denial of service (DoS) in Nomad (CVE-2025-8959)
+We've upgraded the integrated scheduling service to Nomad v1.10.5 to address a high-severity vulnerability (CVE-2025-8959). 
+
+This issue existed in a Nomad SSH agent dependency and could be exploited to cause a Nomad client crash (DoS) when processing unexpected data types.
+
+### Fixed denial of service (DoS) in Percona Toolkit (Logrus)
+Upgraded Percona Toolkit to v3.7.0-2 to resolve a high-severity DoS vulnerability found in the dependency `github.com/sirupsen/logrus`. This flaw could cause Percona Toolkit commands to crash, disrupting PMM's data collection.
+
+### Not affected: Remote code execution (RCE) in pypa/setuptools (CVE-2024-6345)
+
+PMM is not affected by this RCE vulnerability. The PMM image's base OS, Oracle Linux 9, ships with `python3-setuptools 53.0.0-13.el9_6.1`, which already contains the necessary security patch, as verified against the [Oracle Linux 9 changelog](https://linux.oracle.com/errata/ELSA-2024-5534.html).
+
+### Not affected: OpenSSL cipher processing vulnerability (CVE-2023-5363)
+PMM is not affected by this OpenSSL cipher processing vulnerability. The `openssl-libs` package in the Oracle Linux 9 base OS already contains the security patch, as verified against the [Oracle Linux 9 changelog](https://linux.oracle.com/errata/ELSA-2024-0627.html).
+
+### Accepted risk: Buffer overflow vulnerabilities in OpenSSL (CVE-2022-3786 and CVE-2022-3602)
+
+These vulnerabilities affect the `openssl-libs` package included in our Oracle Linux 9 base image.
+
+Oracle has released patches for these vulnerabilities, but they are distributed only through Oracle Ksplice, their live patching service that requires a Premier Support subscription.  
+Since PMM relies solely on public repositories, Ksplice-only updates cannot be included.
+
+The risk is currently assessed as low because PMM is usually deployed in controlled environments. These issues will be remediated once public Oracle Linux updates are available.
+
+## 🚀  Ready to upgrade to PMM 3.4.1?
+
+- **New installation:** [Install PMM with our quickstart guide](../quickstart/quickstart.md)
+- **Upgrading from PMM 2:** [Migrate from PMM 2 to PMM 3](../pmm-upgrade/migrating_from_pmm_2.md)
+- **Upgrading PMM 3:** [Upgrade your existing PMM 3 installation](../pmm-upgrade/index.md) (edited) 
+
+linux.oracle.comlinux.oracle.com
+linux.oracle.com | ELSA-2024-5534
+Oracle Linux Errata Details: ELSA-2024-5534
+
+linux.oracle.comlinux.oracle.com
+linux.oracle.com | ELSA-2024-0627
+Oracle Linux Errata Details: ELSA-2024-0627
+
+
+
+
+
+
+
+
+catalina.adam
+:no_entry:  12:16 PM
+to merge: https://github.com/percona/pmm/pull/3936/files
+
+
+catalina.adam
+:no_entry:  11:54 AM
+https://github.com/percona/pmm/pull/3511
+
+
+catalina.adam
+:no_entry:  11:50 AM
+https://github.com/percona/pmm/pull/4488
+
+
+catalina.adam
+:no_entry:  6:44 AM
+https://github.com/percona/pmm/pull/4443
+
+
+catalina.adam
+:no_entry:  4:32 PM
+# Percona Monitoring and Management 3.4.1
+**Release date**: October 8th 2025
+Percona Monitoring and Management (PMM) is an open source database monitoring, management, and observability solution for MySQL, PostgreSQL, and MongoDB. PMM empowers you to:
+- monitor the health and performance of your database systems
+- identify patterns and trends in database behavior
+- diagnose and resolve issues faster with actionable insights
+- manage databases across on-premises, cloud, and hybrid environments
+## Release summary
+PMM 3.4.1 is a maintenance release that addresses several security vulnerabilities and updates Docker images and package dependencies.
+### Fixed denial of service (DoS) in Nomad (CVE-2025-8959)
+We've upgraded the integrated scheduling service to Nomad v1.10.5 to address a high-severity vulnerability (CVE-2025-8959). This issue existed in a Nomad SSH agent dependency and could be exploited to cause a Nomad client crash (DoS) when processing unexpected data types.
+### Fixed denial of service (DoS) in Percona Toolkit (Logrus)
+Upgraded Percona Toolkit to v3.7.0-2 to resolve a high-severity DoS vulnerability found in the dependency `github.com/sirupsen/logrus`. This flaw could cause Percona Toolkit commands to crash, disrupting PMM's data collection.
+### Not affected: Remote code execution (RCE) in pypa/setuptools (CVE-2024-6345)
+PMM is not affected by this RCE vulnerability. The PMM image's base OS, Oracle Linux 9, ships with `python3-setuptools 53.0.0-13.el9_6.1`, which already contains the necessary security patch, as verified against the [Oracle Linux 9 changelog](https://linux.oracle.com/errata/ELSA-2024-5534.html).
+### Not affected: OpenSSL cipher processing vulnerability (CVE-2023-5363)
+PMM is **not affected** by this OpenSSL cipher processing vulnerability. The `openssl-libs` package in the Oracle Linux 9 base OS already contains the security patch, as verified against the [Oracle Linux 9 changelog](https://linux.oracle.com/errata/ELSA-2024-0627.html).
+### Accepted risk: Buffer overflow vulnerabilities in OpenSSL (CVE-2022-3786 and CVE-2022-3602)
+These vulnerabilities affect the `openssl-libs` package included in our Oracle Linux 9 base image.
+Oracle has released patches for these vulnerabilities, but they are distributed only through Oracle Ksplice, their live patching service that requires a Premier Support subscription.  Since PMM relies solely on public repositories, Ksplice-only updates cannot be included.
+The risk is currently assessed as low because PMM is usually deployed in controlled environments. These issues will be remediated once public Oracle Linux updates are available.
+## :rocket: Ready to upgrade to PMM 3.4.1?
+- **New installation:** [Install PMM with our quickstart guide](../quickstart/quickstart.md)
+- **Upgrading from PMM 2:** [Migrate from PMM 2 to PMM 3](../pmm-upgrade/migrating_from_pmm_2.md)
+- **Upgrading PMM 3:** [Upgrade your existing PMM 3 installation](../pmm-upgrade/index.md)
+