Our team will be performing an upgrade on the bastion hosts for all Shared Stacks. The expected impact is that Ephemeral SSH sessions and Database Tunnels will be disconnected, but should immediately be available to reconnect.
Dedicated stacks will not be impacted at this time, and that maintenance will be scheduled separately for a later date. Posted on
Dec 30, 2025 - 15:56 EST
Our team will be performing an upgrade on the bastion hosts for all Dedicated Stacks at January 6th at 10PM EST. The expected impact is that Ephemeral SSH sessions and Database Tunnels will be disconnected, but should immediately be available to reconnect. Operation logs being streamed via the CLI will also be interrupted, but the operations will continue without being impacted. App connectivity, Database connectivity, and internet connectivity will not be impacted by this maintenance. While the maintenance window to complete all upgrades is scheduled for 2 hours, the expected duration of impact of each stack is approximately 5 minutes. Posted on
Dec 30, 2025 - 16:04 EST
Resolved -
This incident has been resolved.
Dec 30, 12:15 EST
Monitoring -
The Aptible Security Team is aware of the recently disclosed vulnerability CVE-2025-14847 (https://github.com/advisories/GHSA-4742-mr57-2r9j) affected all MongoDB versions. The vulnerability could allow an attacker with network access to a MongoDB database to exfiltrate data, including sensitive data and/or credentials, without authenticating to the database.
In response to the vulnerability, we have updated our supported MongoDB versions to prevent exploitations of this vulnerability. In addition, we have proactively restarted databases matching either of the following criteria, to ensure they are running on the latest protected versions:
* All databases in shared-tenancy stacks, and * All databases with customer-created public endpoints that do not have access restricted to an IP allow list
Since Aptible databases run on private networks by default, most Aptible managed MongoDB databases are not accessible from the internet or by other Aptible customers, and so are not vulnerable to CVE-2025-14847. As such, we did not proactively restart these databases. Customers may restart their databases at any time to update to the latest protected versions.
Dec 29, 21:14 EST