MongoDB version 8.0.17 is not supported yet

[JakubKC]

Proposal

Please, add support for MongoDB version 8.0.17 which mitigates CVE-2025-14847 (https://www.cve.org/CVERecord?id=CVE-2025-14847). There is no MongoDB server image for version 8.0.17.

Use-Case

No response

Is this a feature you are interested in implementing yourself?

No

Anything else?

No response

[ErgjanJaha]

+1

[hors]

Hi @ErgjanJaha @JakubKC PSMDB team will release 8.0.17 next week at the same time, you can disable zlib to avoid this CVE.

The mitigation consists of entirely disabling the zlib protocol on the server side. Both mongod and mongos instances default to snappy,zstd,zlib compressors, in that order. Since the zlib protocol is the last one by default, it is highly likely not used (unless a non-default configuration is used) so there should be no impact to applications.
This explicitly lists only supported, non-vulnerable compressors and omits zlib entirely.

You can add (or modify) the compression section via CR:

net:
  compression:
    compressors: snappy,zstd

Many drivers negotiate compression automatically. If clients explicitly request zlib, they may decline to negotiate compression with your server or fall back to another compressor. Ensure clients prefer snappy or zstd and do not include zlib in their own configuration.