Update Mongo to Address CVE-2025-14847#842
Merged
Conversation
Collaborator
Author
|
Performing additional testing at Liza's request; All of the following were performed from the docker compose context: importing data: 
Listing data: 
HTML report generation (haven't figured out a good way to retrieve the report): 
SNI beacon retrieval (to compensate for not getting the HTML report): 
|
Collaborator
Author
|
Figured out copying the report from a container. 
All looks good. |
lisaSW
added a commit
that referenced
this pull request
Jan 12, 2026
* De-master-ize the codebase ^____^ (#833) * Update Package Names (#835) * Add CODEOWNERS file * Remove duplicate import * Update package references to rita-legacy * Update CI/CD runner versions; Catch some straggling missing legacies (#837) * Revert golang from v1.22 to v1.17 (#843) * Update Mongo to Address CVE-2025-14847 (#842) * Bump mongo version to address CVE, also update golang version in Dockerfile * Update test.Dockerfile to also use Golang 1.22 * Revert golang version in PR --------- Co-authored-by: moth <moth@blackhillsinfosec.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bump Mongo version to 4.4.30 to address CVE-2025-14847.
Tested on an Ubuntu 18.04 DO droplet with the install script and a manually compiled RITA binary to make sure that the correct Mongo version is installed and the binary works properly (note that quay.io is only included below due to how we are tagging the image at build time; this was tested locally and not pulling from the Internet):
Also made sure that Docker images build properly and docker compose runs properly:
Also updated Dockerfile container versions to use go version 1.22, to reflect an upstream change to the
go.modfile.