Update Mongo To Address CVE (#845)

* De-master-ize the codebase ^____^ (#833)

* Update Package Names (#835)

* Add CODEOWNERS file

* Remove duplicate import

* Update package references to rita-legacy

* Update CI/CD runner versions; Catch some straggling missing legacies (#837)

* Revert golang from v1.22 to v1.17 (#843)

* Update Mongo to Address CVE-2025-14847 (#842)

* Bump mongo version to address CVE, also update golang version in Dockerfile

* Update test.Dockerfile to also use Golang 1.22

* Revert golang version in PR

---------

Co-authored-by: moth <moth@blackhillsinfosec.com>

Author: lisaSW

Makefile

@@ -35,7 +35,7 @@ docker-check:
 .PHONY: integration-test
 integration-test: docker-check
 # docker run should only get executed once on initialization using the cache trick
-integration-test: MONGO_EXE = $(shell docker run --rm -d mongo:4.2)
+integration-test: MONGO_EXE = $(shell docker run --rm -d mongo:4.4)
 integration-test: MONGO_ID = $(call cache,MONGO_EXE)
 integration-test: MONGO_IP = $(shell docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(MONGO_ID))
 integration-test:

database/db.go

@@ -23,7 +23,7 @@ var MinMongoDBVersion = semver.Version{
 // versions of MongoDB compatible with RITA
 var MaxMongoDBVersion = semver.Version{
 	Major: 4,
-	Minor: 3,
+	Minor: 5,
 	Patch: 0,
 }
 

docker-compose.yml

@@ -2,12 +2,12 @@ version: "3"
 
 services:
   db:
-    image: mongo:4.2
+    image: mongo:4.4.30
     volumes:
       - db:/data/db/
 
   rita:
-    image: quay.io/activecm/rita-legacy:${VERSION:-latest}
+    image: quay.io/activecm/rita:${VERSION:-latest}
     build: .
     links:
       # give db an alias of "localhost" so that RITA's default config works unchanged

install.sh

@@ -4,8 +4,8 @@
 # activecountermeasures.com
 
 # CONSTANTS
-_RITA_VERSION="v4.8.0"
-_MONGO_VERSION="4.2"
+_RITA_VERSION="v4.8.2"
+_MONGO_VERSION="4.4"
 _MONGO_MIN_UPDATE_VERSION="4.0"
 _NAME=$(basename "${0}")
 _FAILED="\e[91mFAILED\e[0m"