Details
The MongoDB installation version, along with the patch level, should be the most recent that is compatible with the organization’s operational needs.
Rationale:
Using the most recent MongoDB software version along with all applicable patches helps limit the possibilities for vulnerabilities in the software. The installation version and/or patches applied should be selected according to the needs of the organization. At minimum, the software version should be supported.
Note that as of October 2016, only MongoDB versions 3.0 and 3.2 are still supported.
Solution
Upgrade to the latest version of the MongoDB software:
1. Backup the data set.
2. Download the binaries for the latest MongoDB revision from the MongoDB Download Page and store the binaries in a temporary location. The binaries download as compressed files that extract to the directory structure used by the MongoDB installation.
3. Shutdown the MongoDB instance.
4. Replace the existing MongoDB binaries with the downloaded binaries.
5. Restart the MongoDB instance.
Default Value:
Patches are not installed by default.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system MongoDB.