Skip to content
PERCONA MONITORING AND MANAGEMENT DOCUMENTATION

For help, click the link below to get free database assistance or contact our experts for personalized support.

Get help from Percona

Percona Monitoring and Management 3.4.1

Release date: October 8th 2025

Percona Monitoring and Management (PMM) is an open source database monitoring, management, and observability solution for MySQL, PostgreSQL, and MongoDB. PMM empowers you to:

  • monitor the health and performance of your database systems
  • identify patterns and trends in database behavior
  • diagnose and resolve issues faster with actionable insights
  • manage databases across on-premises, cloud, and hybrid environments

Release summary

PMM 3.4.1 is a maintenance release that addresses several security vulnerabilities and dependency upgrades.

What’s new

Nomad upgraded in response to CVE-2025-8959

We’ve upgraded the integrated scheduling service to Nomad v1.10.5 in response to a high-severity DoS vulnerability in its SSH agent dependency. However, this latest version still contains the vulnerable Go crypto library because the upstream fix has been committed but not yet released with this version.

Since Nomad is disabled by default in PMM, the vulnerability has minimal risk for typical deployments.

We are monitoring the upstream project and will upgrade once a patched version becomes available.

Fixed: DoS in Percona Toolkit (Logrus)

Upgraded Percona Toolkit to v3.7.0-2 to resolve a high-severity DoS vulnerability found in the github.com/sirupsen/logrus dependency. This flaw could previously crash Percona Toolkit commands and disrupt PMM data collection.

Not affected: Remote code execution (RCE) in pypa/setuptools (CVE-2024-6345)

PMM is not affected by this RCE vulnerability.

The PMM image’s base OS, Oracle Linux 9, ships with python3-setuptools 53.0.0-13.el9_6.1, which already contains the necessary security patch, confirmed in the Oracle Linux security advisory ELSA-2024-5534.

Not affected: OpenSSL cipher processing vulnerability (CVE-2023-5363)

PMM is not affected by this OpenSSL cipher processing vulnerability because openssl-libs package in the Oracle Linux 9 base OS already includes the security fix.

Verified against the Oracle Linux security advisory ELSA-2024-0627.

Accepted risk: OpenSSL buffer overflow vulnerabilities (CVE-2022-3786 and CVE-2022-3602)

These vulnerabilities affect the openssl-libs package that comes with PMM’s Oracle Linux 9 base image.

Oracle has released patches for these vulnerabilities, but they are distributed only through Oracle Ksplice, their live patching service for Premier Support subscriptions. Because PMM uses only publicly available repositories, these Ksplice-only updates cannot be included.

We assess this risk as low, as PMM is usually deployed in controlled environments. We will apply the updates as soon as Oracle releases them publicly for Oracle Linux.

🚀 Ready to upgrade to PMM 3.4.1?