Security vulnerability found for mongodb version used in dockercompose

[ccf-saxenaa]

We run a local cbioportal instance.

A security vulnerability has been discovered for mongo version tagged in the latest release (mongodb ver 3.6) https://github.com/cBioPortal/session-service/blob/v0.6.1/docker-compose.yml and on HEAD at master (mongodb ver 4.2) https://github.com/cBioPortal/session-service/blob/master/docker-compose.yml

Here is the CVE: https://www.cve.org/CVERecord?id=CVE-2025-14847

We have to upgrade the mongo version we are running (3.6). Which version should we upgrade to? Would this break cbioportal or is that independent?