The example CVE linked in the article is plausible, though. The server was reportedly running 2.4.57 and the CVE was fixed in 2.4.60, so it’s definitely present in the software. Whether it would actually be exploitable is a different question.

Overall, I don’t get your point about stable releases and backports. Yes, security patches are backported, but that results in a new release (2.4.60 in this case) which still has to be updated to. It’s not like you can just stay on 2.4.57 and magically still have the fix, that’s just not how software versioning is done.

Bulk shipping requires storage and logistics infrastructure. Either way Temu and the likes will also be hit by increased costs, though I can’t say if the impact is comparable.

What’s the problem with that? In my previous team, we had a structure with four levels of nesting where we only ever needed to query the first two levels. At first we used Postgres with normalized tables, but it was just slow as hell. Switching to MongoDB actually made our performance issues vanish.

Of course it all depends on what kinds of queries you need to run, but I don’t think that large JSON documents are necessarily a problem.