This release includes 1 breaking change for platform teams planning a safe upgrade.
✓ No known CVEs patched in this version
Topics
+10 more
Affected surfaces
ReleasePort's take
Light signalThe upcoming v3.38.0 release will reject MongoDB connections from versions older than 4.2 during the connection test/save operation.
Why it matters: Patch to v3.38.0 immediately if you operate any MongoDB deployment on versions < 4.2; otherwise plan migration before upgrade.
Summary
AI summaryReject MongoDB versions older than 4.2 at connection test/save.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
Restrict rclone storage management to admin users only Restrict rclone storage management to admin users only Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Security | Medium |
Use random per-call AES-GCM nonce in encryption Use random per-call AES-GCM nonce in encryption Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Breaking | Medium |
Drop --db flag and unify MongoDB URI builder Drop --db flag and unify MongoDB URI builder Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Breaking | Medium |
Reject MongoDB versions older than 4.2 at connection test Reject MongoDB versions older than 4.2 at connection test Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Feature | Medium |
Add IsRestoreOwnership and IsRestorePrivileges toggles for PostgreSQL Add IsRestoreOwnership and IsRestorePrivileges toggles for PostgreSQL Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Feature | Medium |
Keep latest full WAL backup and cascade-delete segments Keep latest full WAL backup and cascade-delete segments Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Feature | Medium |
Add image.digest for container image pinning Add image.digest for container image pinning Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Bugfix | Medium |
Prevent hang from SaveFile failure if error happens early Prevent hang from SaveFile failure if error happens early Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Bugfix | Medium |
Correctly detect read-only MariaDB and MySQL users Correctly detect read-only MariaDB and MySQL users Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Bugfix | Medium |
Fix healthcheck failed attempts for agent Fix healthcheck failed attempts for agent Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Bugfix | Medium |
Stop endless basebackup loop preventing backup completion Stop endless basebackup loop preventing backup completion Source: llm_adapter@2026-05-21 Confidence: low |
— |
Full changelog
Changelog
[3.38.0] - 2026-05-12
✨ Features
- restores: add IsRestoreOwnership and IsRestorePrivileges toggles for PostgreSQL (247b8b9)
🐛 Bug Fixes
- backups: prevent hang from SaveFile failur if error happens early (e465205)
- mongodb: unify URI builder and drop --db flag (b15be46)
- databases: reject MongoDB <4.2 at connection test/save (09d4f80)
- storages: Restrict rclone storage management to admin users (9d89cd9)
- databases: correctly detect read-only MariaDB/MySQL users with SHOW CREATE ROUTINE grant (#568) (e18f0be)
- healthcheck: Fix heathcheck failed attempts for the agent (#538) (f10fb81)
- encryption: use random per-call AES-GCM nonce, drop unused itemID from FieldEncryptor (4429501)
- helm: add image.digest for container image pinning (d1c092f)
- backups: Keep latest full WAL backup and cascade-delete its WAL segments on retention (b2c7557)
- backups: Stop endless basebackup loop from issue #533 (643cb04)
🐳 Docker
- Image:
databasus/databasus:v3.38.0 - Platforms: linux/amd64, linux/arm64
Breaking Changes
- Reject MongoDB <4.2 at connection test/save
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Related tools
Beta — feedback welcome: [email protected]