Breaking Changes

The Mongodb Enterprise Database image now requires an init container. If using a private repository, the INIT_DATABASE_IMAGE_REPOSITORY environment variable must be configured in the operator deployment, and the new init container must exist inside this repository.

New features

AppDB can now be configured with SCRAM-SHA-256 authentication when using Ops Manager 4.4 or newer
Agent client certificate authentication can now be used in conjunction with any other authentication mechanism using the new configuration field
1. spec.security.authentication.requireClientTLSAuthentication
2. If enabling ClientTLSAuthentication, the client TLS certificate used by the MongoDB agents can be configured using spec.security.authentication.agents.clientCertificateSecretRef

Fixed an issue where the operator would choose an incorrect project name when creating MongoDBUsers.
Fixed an issue where the MongoDBOpsManager CRD had the CA path in the incorrect location.
Fixed an issue in which the parameters passed through spec.agent.startupOptions would not be correctly recognized by the agent
Fixed an issue which could cause a potential deadlock when certain configuration options were modified in parallel.

Changed the default permissions of volumes created from secret from 0644 to 0640
Changed the validation of the opsmanager spec.version field to allow for tags that do not match semver versioning. The field must start with the Major.Minor.Patch string that represent the OpsManager version

When enabling queryable backup, you will need to manually create two additional services: one exposing the queryable backup port (default: 25999) for the Ops Manager pod, and one for the backup daemon pod, to ensure that it is resolvable from the Ops Manager pod

A list of the packages installed, and any security vulnerabilities detected in our build process, are outlined here