From d09630b65f5773375f840fcf2a25154af3e9722e Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Wed, 17 Jun 2026 11:10:10 +0530
Subject: [PATCH 01/41] Release notes 7.0.37-20

---
 docs/release_notes/7.0.37-20.md | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 docs/release_notes/7.0.37-20.md

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
new file mode 100644
index 000000000..e69de29bb

From 255eac3e0eb16e13c9d7fc729e3da5bd20eff573 Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Wed, 17 Jun 2026 11:16:33 +0530
Subject: [PATCH 02/41] update the config files

---
 docs/release_notes/7.0.37-20.md | 18 ++++++++++++++++++
 mkdocs-base.yml                 |  1 +
 variables.yml                   |  3 ++-
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index e69de29bb..7c4454ddf 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -0,0 +1,18 @@
+# Percona Server for MongoDB {{ page.meta.version }} ({{date.7_0_37}})
+
+[Installation](../install/index.md){.md-button}
+[Upgrade from MongoDB Community](../install/upgrade-from-mongodb.md){.md-button}
+
+Percona Server for MongoDB {{ page.meta.version }} is an enhanced, source-available, and highly-scalable database that is a fully-compatible, drop-in replacement for MongoDB Community Edition.
+
+Percona Server for MongoDB **{{ page.meta.version }}** includes the improvements and bug fixes of: 
+
+- [MongoDB 7.0.37 Community Edition :octicons-link-external-16:](https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.37---june-11--2026){:target="_blank"}
+
+- Supports protocols and drivers of MongoDB Community **7.0.37**.
+
+
+## Security updates: CVE fixes from upstream MongoDB
+
+This release includes upstream MongoDB security fixes for the following vulnerabilities:
+
diff --git a/mkdocs-base.yml b/mkdocs-base.yml
index 15e594e8d..9e69ab387 100644
--- a/mkdocs-base.yml
+++ b/mkdocs-base.yml
@@ -240,6 +240,7 @@ nav:
       - install/uninstall.md
   - Release notes:
       - "Release notes index": "release_notes/index.md"
+      - release_notes/7.0.37-20.md
       - release_notes/7.0.34-19.md
       - release_notes/7.0.32-18.md
       - release_notes/7.0.31-17.md
diff --git a/variables.yml b/variables.yml
index 1855b8d5e..c1442a227 100644
--- a/variables.yml
+++ b/variables.yml
@@ -2,7 +2,7 @@
 # See also mkdocs.yml plugins.with-pdf.cover_subtitle and output_path
 
 
-release: '7.0.34-19'
+release: '7.0.37-20'
 version: '7.0'
 mongosh: '2.8.3'
 
@@ -12,6 +12,7 @@ product:
   psmdb_full_name:  Percona Server for MongoDB
 
 date:
+  7_0_37: '2026-06-23'
   7_0_34: '2026-05-20'
   7_0_32: '2026-05-07'
   7_0_31: '2026-03-30'

From 6301b9f112c32327b15af85b2e80cd500e3079db Mon Sep 17 00:00:00 2001
From: Rasika Chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Wed, 17 Jun 2026 11:27:25 +0530
Subject: [PATCH 03/41] Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---
 docs/release_notes/7.0.37-20.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 7c4454ddf..be534d6a3 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -1,3 +1,9 @@
+---
+title: "Percona Server for MongoDB 7.0.37-20 (2026-06-23)"
+summary: Learn about security vulnerabilities and bug fixes in this release
+version: 7.0.37-20
+---
+
 # Percona Server for MongoDB {{ page.meta.version }} ({{date.7_0_37}})
 
 [Installation](../install/index.md){.md-button}

From ec625cb709864d7c166bce7e8335dee5e5978944 Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Wed, 17 Jun 2026 11:47:12 +0530
Subject: [PATCH 04/41] Update 7.0.37-20.md

---
 docs/release_notes/7.0.37-20.md | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index be534d6a3..cc563ff49 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -1,9 +1,3 @@
----
-title: "Percona Server for MongoDB 7.0.37-20 (2026-06-23)"
-summary: Learn about security vulnerabilities and bug fixes in this release
-version: 7.0.37-20
----
-
 # Percona Server for MongoDB {{ page.meta.version }} ({{date.7_0_37}})
 
 [Installation](../install/index.md){.md-button}
@@ -22,3 +16,8 @@ Percona Server for MongoDB **{{ page.meta.version }}** includes the improvements
 
 This release includes upstream MongoDB security fixes for the following vulnerabilities:
 
+### High severity
+
+- [SERVER-125063 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-125063){:target="_blank"} **(CVE-2026-9740):** A vulnerability in the `BSON` validator allows an unauthenticated user to supply a specially crafted message. Improper handling of nested BSON binary data structures can trigger uncontrolled recursion during validation. This can cause the `mongod` process to terminate, resulting in a denial of service condition.
+
+- [SERVER-124959 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124959){:target="_blank"} **(CVE-2026-9753):** A vulnerability in the `$_internalApplyOplogUpdate `aggregation pipeline stage allows an authenticated user with access to the aggregate command to supply a specially crafted document diff. A malformed binary diff can trigger out-of-bounds memory access and cause the server to crash.
\ No newline at end of file

From 3c54392631e90ad6c6d239343bd65dcf0619d096 Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Wed, 17 Jun 2026 12:00:38 +0530
Subject: [PATCH 05/41] Update 7.0.37-20.md

---
 docs/release_notes/7.0.37-20.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index cc563ff49..a11a0b557 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -20,4 +20,10 @@ This release includes upstream MongoDB security fixes for the following vulnerab
 
 - [SERVER-125063 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-125063){:target="_blank"} **(CVE-2026-9740):** A vulnerability in the `BSON` validator allows an unauthenticated user to supply a specially crafted message. Improper handling of nested BSON binary data structures can trigger uncontrolled recursion during validation. This can cause the `mongod` process to terminate, resulting in a denial of service condition.
 
-- [SERVER-124959 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124959){:target="_blank"} **(CVE-2026-9753):** A vulnerability in the `$_internalApplyOplogUpdate `aggregation pipeline stage allows an authenticated user with access to the aggregate command to supply a specially crafted document diff. A malformed binary diff can trigger out-of-bounds memory access and cause the server to crash.
\ No newline at end of file
+- [SERVER-124959 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124959){:target="_blank"} **(CVE-2026-9753):** A vulnerability in the `$_internalApplyOplogUpdate `aggregation pipeline stage allows an authenticated user with access to the aggregate command to supply a specially crafted document diff. A malformed binary diff can trigger out-of-bounds memory access and cause the server to crash.
+
+- [SERVER-123440 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-ERVER-123440){:target="_blank"} **(CVE-2026-9752): Inserting a document into a collection with a `2dsphere` index can cause a server crash if the indexed field is a `GeoJSON GeometryCollection` containing a Polygon with a strict-winding CRS. During index key generation, the internal guard that rejects top-level strict-winding geometry is bypassed because the server fails to inspect individual collection members. This results in a null pointer being pushed to the region vector and subsequently dereferenced, terminating the server process.
+
+- [SERVER-123633 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123633){:target="_blank"} **(CVE-2026-9750): A vulnerability in query execution allows an authenticated user to create specially crafted documents that interfere with internal metadata processing. This can cause the server process to terminate unexpectedly and may result in incorrect query results.
+
+- [SERVER-124031 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124031){:target="_blank"} **(CVE-2026-9749): Aggregation pipelines that use the internal `$exchange `stage with key-range partitioning can trigger an unexpected condition when processing large numbers of documents for a single key range. This can cause the server process to terminate unexpectedly.
\ No newline at end of file

From d01ff6d33cc3cf2394b00855bb6874edeefe2bfc Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Wed, 17 Jun 2026 12:20:42 +0530
Subject: [PATCH 06/41] Added High Risk CVE's

---
 docs/release_notes/7.0.37-20.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index a11a0b557..edc2c4547 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -26,4 +26,10 @@ This release includes upstream MongoDB security fixes for the following vulnerab
 
 - [SERVER-123633 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123633){:target="_blank"} **(CVE-2026-9750): A vulnerability in query execution allows an authenticated user to create specially crafted documents that interfere with internal metadata processing. This can cause the server process to terminate unexpectedly and may result in incorrect query results.
 
-- [SERVER-124031 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124031){:target="_blank"} **(CVE-2026-9749): Aggregation pipelines that use the internal `$exchange `stage with key-range partitioning can trigger an unexpected condition when processing large numbers of documents for a single key range. This can cause the server process to terminate unexpectedly.
\ No newline at end of file
+- [SERVER-124031 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124031){:target="_blank"} **(CVE-2026-9749): Aggregation pipelines that use the internal `$exchange `stage with key-range partitioning can trigger an unexpected condition when processing large numbers of documents for a single key range. This can cause the server process to terminate unexpectedly.
+
+- [SERVER-123951 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123951){:target="_blank"} **(CVE-2026-9748):** Under specific conditions, using the internal `$_internalConvertBucketIndexStats` stage together with `$facet` can cause the mongod process to terminate unexpectedly.
+
+- [SERVER-123918 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123918){:target="_blank"} **(CVE-2026-9747):** A vulnerability triggered by using fromRouter: true together with runtimeConstants.userRoles can cause the mongod process to terminate unexpectedly.
+
+- [SERVER-124190 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124190){:target="_blank"} **(CVE-2026-9746):** 
\ No newline at end of file

From 99d2f1b23e189efdb71182360253954b2e5d94b7 Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Wed, 17 Jun 2026 13:24:40 +0530
Subject: [PATCH 07/41] Update 7.0.37-20.md

---
 docs/release_notes/7.0.37-20.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index edc2c4547..07b338058 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -32,4 +32,4 @@ This release includes upstream MongoDB security fixes for the following vulnerab
 
 - [SERVER-123918 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123918){:target="_blank"} **(CVE-2026-9747):** A vulnerability triggered by using fromRouter: true together with runtimeConstants.userRoles can cause the mongod process to terminate unexpectedly.
 
-- [SERVER-124190 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124190){:target="_blank"} **(CVE-2026-9746):** 
\ No newline at end of file
+- [SERVER-124190 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124190){:target="_blank"} **(CVE-2026-9746):** A vulnerability in the use of `$changeStream`, `$_requestReshardingResumeToken`, and the exchange option can cause the `mongod` process to terminate unexpectedly. An authenticated user can trigger this behavior without requiring any special privileges.
\ No newline at end of file

From 1d96eb47a9332e61dde2902e0042f9fa525a46ce Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Wed, 17 Jun 2026 13:47:01 +0530
Subject: [PATCH 08/41] Added medium severuty bugs as well

---
 docs/release_notes/7.0.37-20.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 07b338058..6d28fdd9b 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -32,4 +32,11 @@ This release includes upstream MongoDB security fixes for the following vulnerab
 
 - [SERVER-123918 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123918){:target="_blank"} **(CVE-2026-9747):** A vulnerability triggered by using fromRouter: true together with runtimeConstants.userRoles can cause the mongod process to terminate unexpectedly.
 
-- [SERVER-124190 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124190){:target="_blank"} **(CVE-2026-9746):** A vulnerability in the use of `$changeStream`, `$_requestReshardingResumeToken`, and the exchange option can cause the `mongod` process to terminate unexpectedly. An authenticated user can trigger this behavior without requiring any special privileges.
\ No newline at end of file
+- [SERVER-124190 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124190){:target="_blank"} **(CVE-2026-9746):** A vulnerability in the use of `$changeStream`, `$_requestReshardingResumeToken`, and the exchange option can cause the `mongod` process to terminate unexpectedly. An authenticated user can trigger this behavior without requiring any special privileges.
+
+- [SERVER-123507 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123507){:target="_blank"} **(CVE-2026-9741):** Queries using $`vectorSearch` with **Queryable Encryption (QE)** or **Client-Side Field Level Encryption (CSFLE)** can expose sensitive data. Encrypted field values in filter expressions might be transmitted as plaintext, compromising confidentiality.
+
+### Medium severity
+
+- [SERVER-123370 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123370){:target="_blank"} **(CVE-2026-9751):** When the `ldapQueryPassword` parameter is set using the runtime `setParameter` command, the new password value is written to `mongod.log` in plain text. This can expose sensitive credentials in log files.
+

From 70da28ae0e0544966e6a4de5320f7802cd3427c5 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 17 Jun 2026 08:22:43 +0000
Subject: [PATCH 09/41] Add 7.0.37-20 to release notes index

---
 docs/release_notes/index.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/release_notes/index.md b/docs/release_notes/index.md
index 92af1bc8c..b54eb2a74 100644
--- a/docs/release_notes/index.md
+++ b/docs/release_notes/index.md
@@ -1,6 +1,8 @@
 
 # Percona Server for MongoDB 7.0 release notes
 
+* [Percona Server for MongoDB 7.0.37-20 ({{date.7_0_37}})](7.0.37-20.md)
+
 * [Percona Server for MongoDB 7.0.34-19 ({{date.7_0_34}})](7.0.34-19.md)
 
 * [Percona Server for MongoDB 7.0.32-18 ({{date.7_0_32}})](7.0.32-18.md)

From 6fa025e5bce3813a938273b4bfa9e51b712e32da Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Wed, 17 Jun 2026 14:03:41 +0530
Subject: [PATCH 10/41] Update 7.0.37-20.md

---
 docs/release_notes/7.0.37-20.md | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 6d28fdd9b..d91226874 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -11,7 +11,6 @@ Percona Server for MongoDB **{{ page.meta.version }}** includes the improvements
 
 - Supports protocols and drivers of MongoDB Community **7.0.37**.
 
-
 ## Security updates: CVE fixes from upstream MongoDB
 
 This release includes upstream MongoDB security fixes for the following vulnerabilities:
@@ -40,3 +39,20 @@ This release includes upstream MongoDB security fixes for the following vulnerab
 
 - [SERVER-123370 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123370){:target="_blank"} **(CVE-2026-9751):** When the `ldapQueryPassword` parameter is set using the runtime `setParameter` command, the new password value is written to `mongod.log` in plain text. This can expose sensitive credentials in log files.
 
+## Bugs fixed
+
+[PSMDB-1977](https://perconadev.atlassian.net/browse/PSMDB-1977) : Resolved an issue where Docker-based MongoDB instances could fail to start when replication settings were defined in `mongod.conf`.
+
+### Affected versions
+
+These vulnerabilities affect the following versions of MongoDB Community Edition and Percona Server for MongoDB:
+
+- All Percona Server for MongoDB 7.0.x versions
+- MongoDB Community 7.0 versions prior to 7.0.37
+
+## Tools packaged with this release
+
+Percona Server for MongoDB packages the following MongoDB tools:
+
+- MongoDB Shell (mongosh): 2.8.3 — [upstream release notes :octicons-link-external-16:](https://www.mongodb.com/docs/mongodb-shell/changelog/#v2.8.3){:target="_blank"}
+

From 9500518ae478cabc9e39d978063f0b2141aa7889 Mon Sep 17 00:00:00 2001
From: Rasika Chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Wed, 17 Jun 2026 14:05:17 +0530
Subject: [PATCH 11/41] Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---
 docs/release_notes/7.0.37-20.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index d91226874..a9c46035e 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -1,3 +1,7 @@
+---
+version: 7.0.37-20
+---
+
 # Percona Server for MongoDB {{ page.meta.version }} ({{date.7_0_37}})
 
 [Installation](../install/index.md){.md-button}

From 5ced82b80ffd5ffafcbc412f2a34070afaf9eb83 Mon Sep 17 00:00:00 2001
From: Rasika Chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Wed, 17 Jun 2026 14:05:35 +0530
Subject: [PATCH 12/41] Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---
 docs/release_notes/7.0.37-20.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index a9c46035e..8ff8d6c80 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -23,7 +23,7 @@ This release includes upstream MongoDB security fixes for the following vulnerab
 
 - [SERVER-125063 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-125063){:target="_blank"} **(CVE-2026-9740):** A vulnerability in the `BSON` validator allows an unauthenticated user to supply a specially crafted message. Improper handling of nested BSON binary data structures can trigger uncontrolled recursion during validation. This can cause the `mongod` process to terminate, resulting in a denial of service condition.
 
-- [SERVER-124959 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124959){:target="_blank"} **(CVE-2026-9753):** A vulnerability in the `$_internalApplyOplogUpdate `aggregation pipeline stage allows an authenticated user with access to the aggregate command to supply a specially crafted document diff. A malformed binary diff can trigger out-of-bounds memory access and cause the server to crash.
+- [SERVER-124959 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124959){:target="_blank"} **(CVE-2026-9753):** A vulnerability in the `$_internalApplyOplogUpdate` aggregation pipeline stage allows an authenticated user with access to the aggregate command to supply a specially crafted document diff. A malformed binary diff can trigger out-of-bounds memory access and cause the server to crash.
 
 - [SERVER-123440 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-ERVER-123440){:target="_blank"} **(CVE-2026-9752): Inserting a document into a collection with a `2dsphere` index can cause a server crash if the indexed field is a `GeoJSON GeometryCollection` containing a Polygon with a strict-winding CRS. During index key generation, the internal guard that rejects top-level strict-winding geometry is bypassed because the server fails to inspect individual collection members. This results in a null pointer being pushed to the region vector and subsequently dereferenced, terminating the server process.
 

From ad6b14497174b31414bc43cb751b5ad0a9d9596b Mon Sep 17 00:00:00 2001
From: Rasika Chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Wed, 17 Jun 2026 14:05:48 +0530
Subject: [PATCH 13/41] Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---
 docs/release_notes/7.0.37-20.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 8ff8d6c80..03a9d266f 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -25,7 +25,7 @@ This release includes upstream MongoDB security fixes for the following vulnerab
 
 - [SERVER-124959 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124959){:target="_blank"} **(CVE-2026-9753):** A vulnerability in the `$_internalApplyOplogUpdate` aggregation pipeline stage allows an authenticated user with access to the aggregate command to supply a specially crafted document diff. A malformed binary diff can trigger out-of-bounds memory access and cause the server to crash.
 
-- [SERVER-123440 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-ERVER-123440){:target="_blank"} **(CVE-2026-9752): Inserting a document into a collection with a `2dsphere` index can cause a server crash if the indexed field is a `GeoJSON GeometryCollection` containing a Polygon with a strict-winding CRS. During index key generation, the internal guard that rejects top-level strict-winding geometry is bypassed because the server fails to inspect individual collection members. This results in a null pointer being pushed to the region vector and subsequently dereferenced, terminating the server process.
+- [SERVER-123440 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123440){:target="_blank"} **(CVE-2026-9752):** Inserting a document into a collection with a `2dsphere` index can cause a server crash if the indexed field is a `GeoJSON GeometryCollection` containing a Polygon with a strict-winding CRS. During index key generation, the internal guard that rejects top-level strict-winding geometry is bypassed because the server fails to inspect individual collection members. This results in a null pointer being pushed to the region vector and subsequently dereferenced, terminating the server process.
 
 - [SERVER-123633 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123633){:target="_blank"} **(CVE-2026-9750): A vulnerability in query execution allows an authenticated user to create specially crafted documents that interfere with internal metadata processing. This can cause the server process to terminate unexpectedly and may result in incorrect query results.
 

From 70d32410bd2ae532b13ffa90db0adff19f701fe5 Mon Sep 17 00:00:00 2001
From: Rasika Chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Wed, 17 Jun 2026 14:06:04 +0530
Subject: [PATCH 14/41] Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---
 docs/release_notes/7.0.37-20.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 03a9d266f..067fecd7b 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -27,7 +27,7 @@ This release includes upstream MongoDB security fixes for the following vulnerab
 
 - [SERVER-123440 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123440){:target="_blank"} **(CVE-2026-9752):** Inserting a document into a collection with a `2dsphere` index can cause a server crash if the indexed field is a `GeoJSON GeometryCollection` containing a Polygon with a strict-winding CRS. During index key generation, the internal guard that rejects top-level strict-winding geometry is bypassed because the server fails to inspect individual collection members. This results in a null pointer being pushed to the region vector and subsequently dereferenced, terminating the server process.
 
-- [SERVER-123633 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123633){:target="_blank"} **(CVE-2026-9750): A vulnerability in query execution allows an authenticated user to create specially crafted documents that interfere with internal metadata processing. This can cause the server process to terminate unexpectedly and may result in incorrect query results.
+- [SERVER-123633 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123633){:target="_blank"} **(CVE-2026-9750):** A vulnerability in query execution allows an authenticated user to create specially crafted documents that interfere with internal metadata processing. This can cause the server process to terminate unexpectedly and may result in incorrect query results.
 
 - [SERVER-124031 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124031){:target="_blank"} **(CVE-2026-9749): Aggregation pipelines that use the internal `$exchange `stage with key-range partitioning can trigger an unexpected condition when processing large numbers of documents for a single key range. This can cause the server process to terminate unexpectedly.
 

From 36a5291406b6ab97ba6ada3071a0587fecb9d30b Mon Sep 17 00:00:00 2001
From: Rasika Chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Wed, 17 Jun 2026 14:06:16 +0530
Subject: [PATCH 15/41] Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---
 docs/release_notes/7.0.37-20.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 067fecd7b..0cb2bad17 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -29,7 +29,7 @@ This release includes upstream MongoDB security fixes for the following vulnerab
 
 - [SERVER-123633 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123633){:target="_blank"} **(CVE-2026-9750):** A vulnerability in query execution allows an authenticated user to create specially crafted documents that interfere with internal metadata processing. This can cause the server process to terminate unexpectedly and may result in incorrect query results.
 
-- [SERVER-124031 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124031){:target="_blank"} **(CVE-2026-9749): Aggregation pipelines that use the internal `$exchange `stage with key-range partitioning can trigger an unexpected condition when processing large numbers of documents for a single key range. This can cause the server process to terminate unexpectedly.
+- [SERVER-124031 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124031){:target="_blank"} **(CVE-2026-9749):** Aggregation pipelines that use the internal `$exchange` stage with key-range partitioning can trigger an unexpected condition when processing large numbers of documents for a single key range. This can cause the server process to terminate unexpectedly.
 
 - [SERVER-123951 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123951){:target="_blank"} **(CVE-2026-9748):** Under specific conditions, using the internal `$_internalConvertBucketIndexStats` stage together with `$facet` can cause the mongod process to terminate unexpectedly.
 

From 45e5953627eee73e2f12545911fed6ca1843c739 Mon Sep 17 00:00:00 2001
From: Rasika Chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Wed, 17 Jun 2026 14:06:31 +0530
Subject: [PATCH 16/41] Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---
 docs/release_notes/7.0.37-20.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 0cb2bad17..d1609839a 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -37,7 +37,7 @@ This release includes upstream MongoDB security fixes for the following vulnerab
 
 - [SERVER-124190 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124190){:target="_blank"} **(CVE-2026-9746):** A vulnerability in the use of `$changeStream`, `$_requestReshardingResumeToken`, and the exchange option can cause the `mongod` process to terminate unexpectedly. An authenticated user can trigger this behavior without requiring any special privileges.
 
-- [SERVER-123507 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123507){:target="_blank"} **(CVE-2026-9741):** Queries using $`vectorSearch` with **Queryable Encryption (QE)** or **Client-Side Field Level Encryption (CSFLE)** can expose sensitive data. Encrypted field values in filter expressions might be transmitted as plaintext, compromising confidentiality.
+- [SERVER-123507 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123507){:target="_blank"} **(CVE-2026-9741):** Queries using `$vectorSearch` with **Queryable Encryption (QE)** or **Client-Side Field Level Encryption (CSFLE)** can expose sensitive data. Encrypted field values in filter expressions might be transmitted as plaintext, compromising confidentiality.
 
 ### Medium severity
 

From d73c2190eb51e625937f58836cfc26d0ba8b260e Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 17 Jun 2026 08:39:32 +0000
Subject: [PATCH 17/41] docs: add database tools version to 7.0.37-20 notes

---
 docs/release_notes/7.0.37-20.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index d1609839a..b5652493e 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -60,3 +60,4 @@ Percona Server for MongoDB packages the following MongoDB tools:
 
 - MongoDB Shell (mongosh): 2.8.3 — [upstream release notes :octicons-link-external-16:](https://www.mongodb.com/docs/mongodb-shell/changelog/#v2.8.3){:target="_blank"}
 
+- MongoDB Database Tools: 100.17.0 — [upstream release notes :octicons-link-external-16:](https://www.mongodb.com/docs/database-tools/release-notes/dbtools-100.17.0-changelog/){:target="_blank"}

From ad28d1e5665ed6c05a0d10d1812112b9ef2f6458 Mon Sep 17 00:00:00 2001
From: Rasika Chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Wed, 17 Jun 2026 14:09:37 +0530
Subject: [PATCH 18/41] Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---
 docs/release_notes/7.0.37-20.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index b5652493e..ef4684c4b 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -9,7 +9,7 @@ version: 7.0.37-20
 
 Percona Server for MongoDB {{ page.meta.version }} is an enhanced, source-available, and highly-scalable database that is a fully-compatible, drop-in replacement for MongoDB Community Edition.
 
-Percona Server for MongoDB **{{ page.meta.version }}** includes the improvements and bug fixes of: 
+Percona Server for MongoDB **{{ page.meta.version }}** includes the improvements and bug fixes of:
 
 - [MongoDB 7.0.37 Community Edition :octicons-link-external-16:](https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.37---june-11--2026){:target="_blank"}
 

From c1e56ddccaf03002cafdb134ed1be61bc271e91e Mon Sep 17 00:00:00 2001
From: Rasika Chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Wed, 17 Jun 2026 14:10:04 +0530
Subject: [PATCH 19/41] Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---
 docs/release_notes/7.0.37-20.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index ef4684c4b..25df70511 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -33,7 +33,7 @@ This release includes upstream MongoDB security fixes for the following vulnerab
 
 - [SERVER-123951 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123951){:target="_blank"} **(CVE-2026-9748):** Under specific conditions, using the internal `$_internalConvertBucketIndexStats` stage together with `$facet` can cause the mongod process to terminate unexpectedly.
 
-- [SERVER-123918 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123918){:target="_blank"} **(CVE-2026-9747):** A vulnerability triggered by using fromRouter: true together with runtimeConstants.userRoles can cause the mongod process to terminate unexpectedly.
+- [SERVER-123918 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123918){:target="_blank"} **(CVE-2026-9747):** A vulnerability triggered by using `fromRouter: true` together with `runtimeConstants.userRoles` can cause the mongod process to terminate unexpectedly.
 
 - [SERVER-124190 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124190){:target="_blank"} **(CVE-2026-9746):** A vulnerability in the use of `$changeStream`, `$_requestReshardingResumeToken`, and the exchange option can cause the `mongod` process to terminate unexpectedly. An authenticated user can trigger this behavior without requiring any special privileges.
 

From 9630fb563ea12cca2855cd528eaf08222b81fb4e Mon Sep 17 00:00:00 2001
From: Rasika Chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Wed, 17 Jun 2026 14:10:18 +0530
Subject: [PATCH 20/41] Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---
 docs/release_notes/7.0.37-20.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 25df70511..2f16aa70e 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -45,7 +45,7 @@ This release includes upstream MongoDB security fixes for the following vulnerab
 
 ## Bugs fixed
 
-[PSMDB-1977](https://perconadev.atlassian.net/browse/PSMDB-1977) : Resolved an issue where Docker-based MongoDB instances could fail to start when replication settings were defined in `mongod.conf`.
+[PSMDB-1977](https://perconadev.atlassian.net/browse/PSMDB-1977): Resolved an issue where Docker-based MongoDB instances could fail to start when replication settings were defined in `mongod.conf`.
 
 ### Affected versions
 

From 5884a970921bb0d963ef2c377ae8efc572a3665c Mon Sep 17 00:00:00 2001
From: Rasika Chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Wed, 17 Jun 2026 14:12:27 +0530
Subject: [PATCH 21/41] Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---
 docs/release_notes/7.0.37-20.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 2f16aa70e..c9c30c51c 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -45,7 +45,7 @@ This release includes upstream MongoDB security fixes for the following vulnerab
 
 ## Bugs fixed
 
-[PSMDB-1977](https://perconadev.atlassian.net/browse/PSMDB-1977): Resolved an issue where Docker-based MongoDB instances could fail to start when replication settings were defined in `mongod.conf`.
+- [PSMDB-1977](https://perconadev.atlassian.net/browse/PSMDB-1977): Resolved an issue where Docker-based MongoDB instances could fail to start when replication settings were defined in `mongod.conf`.
 
 ### Affected versions
 

From 9012eb01b7941c4105d3f29eea88ee675a5d36d3 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 17 Jun 2026 08:44:46 +0000
Subject: [PATCH 22/41] Move affected versions under security section

---
 docs/release_notes/7.0.37-20.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index c9c30c51c..962f6745e 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -43,10 +43,6 @@ This release includes upstream MongoDB security fixes for the following vulnerab
 
 - [SERVER-123370 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123370){:target="_blank"} **(CVE-2026-9751):** When the `ldapQueryPassword` parameter is set using the runtime `setParameter` command, the new password value is written to `mongod.log` in plain text. This can expose sensitive credentials in log files.
 
-## Bugs fixed
-
-- [PSMDB-1977](https://perconadev.atlassian.net/browse/PSMDB-1977): Resolved an issue where Docker-based MongoDB instances could fail to start when replication settings were defined in `mongod.conf`.
-
 ### Affected versions
 
 These vulnerabilities affect the following versions of MongoDB Community Edition and Percona Server for MongoDB:
@@ -54,6 +50,10 @@ These vulnerabilities affect the following versions of MongoDB Community Edition
 - All Percona Server for MongoDB 7.0.x versions
 - MongoDB Community 7.0 versions prior to 7.0.37
 
+## Bugs fixed
+
+- [PSMDB-1977](https://perconadev.atlassian.net/browse/PSMDB-1977): Resolved an issue where Docker-based MongoDB instances could fail to start when replication settings were defined in `mongod.conf`.
+
 ## Tools packaged with this release
 
 Percona Server for MongoDB packages the following MongoDB tools:

From ab760a567c2012e84ba0838a45538195b6e0e369 Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Wed, 17 Jun 2026 14:23:19 +0530
Subject: [PATCH 23/41] Update 7.0.37-20.md

---
 docs/release_notes/7.0.37-20.md | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index c9c30c51c..550ce5a4f 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -17,7 +17,12 @@ Percona Server for MongoDB **{{ page.meta.version }}** includes the improvements
 
 ## Security updates: CVE fixes from upstream MongoDB
 
-This release includes upstream MongoDB security fixes for the following vulnerabilities:
+### Affected versions
+
+These vulnerabilities affect the following versions:
+
+- All Percona Server for MongoDB 7.0.x versions
+- MongoDB Community 7.0 versions prior to 7.0.37
 
 ### High severity
 
@@ -47,13 +52,6 @@ This release includes upstream MongoDB security fixes for the following vulnerab
 
 - [PSMDB-1977](https://perconadev.atlassian.net/browse/PSMDB-1977): Resolved an issue where Docker-based MongoDB instances could fail to start when replication settings were defined in `mongod.conf`.
 
-### Affected versions
-
-These vulnerabilities affect the following versions of MongoDB Community Edition and Percona Server for MongoDB:
-
-- All Percona Server for MongoDB 7.0.x versions
-- MongoDB Community 7.0 versions prior to 7.0.37
-
 ## Tools packaged with this release
 
 Percona Server for MongoDB packages the following MongoDB tools:

From a2cc8b63e434834474d3eb92d9626a6acf656f86 Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Thu, 18 Jun 2026 11:56:19 +0530
Subject: [PATCH 24/41] Update 7.0.37-20.md

---
 docs/release_notes/7.0.37-20.md | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 550ce5a4f..086f7e3fc 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -15,6 +15,10 @@ Percona Server for MongoDB **{{ page.meta.version }}** includes the improvements
 
 - Supports protocols and drivers of MongoDB Community **7.0.37**.
 
+## Upgrade recommendation
+
+This release contains multiple high-severity security fixes affecting all Percona Server for MongoDB 7.0.x versions. We strongly recommend upgrading to version 7.0.37 as soon as possible.
+
 ## Security updates: CVE fixes from upstream MongoDB
 
 ### Affected versions
@@ -26,23 +30,23 @@ These vulnerabilities affect the following versions:
 
 ### High severity
 
-- [SERVER-125063 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-125063){:target="_blank"} **(CVE-2026-9740):** A vulnerability in the `BSON` validator allows an unauthenticated user to supply a specially crafted message. Improper handling of nested BSON binary data structures can trigger uncontrolled recursion during validation. This can cause the `mongod` process to terminate, resulting in a denial of service condition.
+- [SERVER-125063 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-125063){:target="_blank"} **(CVE-2026-9740):** A vulnerability in the `BSON` validator allows an unauthenticated user to supply specially crafted input that could cause the `mongod` process to terminate unexpectedly, resulting in a denial-of-service condition.
 
-- [SERVER-124959 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124959){:target="_blank"} **(CVE-2026-9753):** A vulnerability in the `$_internalApplyOplogUpdate` aggregation pipeline stage allows an authenticated user with access to the aggregate command to supply a specially crafted document diff. A malformed binary diff can trigger out-of-bounds memory access and cause the server to crash.
+- [SERVER-124959 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124959){:target="_blank"} **(CVE-2026-9753):** A vulnerability in the `$_internalApplyOplogUpdate` aggregation stage allows an authenticated user to supply specially crafted input that could cause the server process to terminate unexpectedly.
 
-- [SERVER-123440 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123440){:target="_blank"} **(CVE-2026-9752):** Inserting a document into a collection with a `2dsphere` index can cause a server crash if the indexed field is a `GeoJSON GeometryCollection` containing a Polygon with a strict-winding CRS. During index key generation, the internal guard that rejects top-level strict-winding geometry is bypassed because the server fails to inspect individual collection members. This results in a null pointer being pushed to the region vector and subsequently dereferenced, terminating the server process.
+- [SERVER-123440 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123440){:target="_blank"} **(CVE-2026-9752):** Inserting specially crafted documents into a collection with a `2dsphere` index could cause the `mongod` process to terminate unexpectedly, leading to a server crash.
 
 - [SERVER-123633 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123633){:target="_blank"} **(CVE-2026-9750):** A vulnerability in query execution allows an authenticated user to create specially crafted documents that interfere with internal metadata processing. This can cause the server process to terminate unexpectedly and may result in incorrect query results.
 
 - [SERVER-124031 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124031){:target="_blank"} **(CVE-2026-9749):** Aggregation pipelines that use the internal `$exchange` stage with key-range partitioning can trigger an unexpected condition when processing large numbers of documents for a single key range. This can cause the server process to terminate unexpectedly.
 
-- [SERVER-123951 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123951){:target="_blank"} **(CVE-2026-9748):** Under specific conditions, using the internal `$_internalConvertBucketIndexStats` stage together with `$facet` can cause the mongod process to terminate unexpectedly.
+- [SERVER-123951 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123951){:target="_blank"} **(CVE-2026-9748):** Under specific conditions, using the internal `$_internalConvertBucketIndexStats` stage together with `$facet` can cause the `mongod` process to terminate unexpectedly.
 
-- [SERVER-123918 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123918){:target="_blank"} **(CVE-2026-9747):** A vulnerability triggered by using `fromRouter: true` together with `runtimeConstants.userRoles` can cause the mongod process to terminate unexpectedly.
+- [SERVER-123918 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123918){:target="_blank"} **(CVE-2026-9747):** A vulnerability triggered by using `fromRouter: true` together with `runtimeConstants.userRoles` can cause the `mongod` process to terminate unexpectedly.
 
 - [SERVER-124190 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124190){:target="_blank"} **(CVE-2026-9746):** A vulnerability in the use of `$changeStream`, `$_requestReshardingResumeToken`, and the exchange option can cause the `mongod` process to terminate unexpectedly. An authenticated user can trigger this behavior without requiring any special privileges.
 
-- [SERVER-123507 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123507){:target="_blank"} **(CVE-2026-9741):** Queries using `$vectorSearch` with **Queryable Encryption (QE)** or **Client-Side Field Level Encryption (CSFLE)** can expose sensitive data. Encrypted field values in filter expressions might be transmitted as plaintext, compromising confidentiality.
+- [SERVER-123507 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123507){:target="_blank"} **(CVE-2026-9741):** Queries using `$vectorSearch` with Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) could transmit encrypted field values in filter expressions as plaintext instead of ciphertext. This could expose sensitive data.
 
 ### Medium severity
 

From acf6a2b67760a5df666a338ba26c3209170630d7 Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Thu, 18 Jun 2026 14:02:12 +0530
Subject: [PATCH 25/41] Update pdf_cover_page.tpl

---
 docs/_templates/pdf_cover_page.tpl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/_templates/pdf_cover_page.tpl b/docs/_templates/pdf_cover_page.tpl
index 45a5aa35c..788195e79 100644
--- a/docs/_templates/pdf_cover_page.tpl
+++ b/docs/_templates/pdf_cover_page.tpl
@@ -3,10 +3,10 @@
 <p>
 <img src="_images/Percona_Color_Dark.svg" alt="Percona logo" />
 </p>
-<h1>Server for MongoDB 7.0.34-19</h1>
+<h1>Server for MongoDB 7.0.37-20</h1>
 {% if config.site_description %}
 <h1>{{ config.site_description }}</h1>
 {% endif %} 
-<h2>7.0.34-19 (May 20, 2026)</h2>
+<h2>7.0.37-20 (May 23, 2026)</h2>
 <br>
 <br>

From 058f69c87f0e018cdb957572abbb4b320c7ff13c Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Thu, 18 Jun 2026 14:02:36 +0530
Subject: [PATCH 26/41] Update pdf_cover_page.tpl

---
 docs/_templates/pdf_cover_page.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/_templates/pdf_cover_page.tpl b/docs/_templates/pdf_cover_page.tpl
index 788195e79..4e94ec59b 100644
--- a/docs/_templates/pdf_cover_page.tpl
+++ b/docs/_templates/pdf_cover_page.tpl
@@ -7,6 +7,6 @@
 {% if config.site_description %}
 <h1>{{ config.site_description }}</h1>
 {% endif %} 
-<h2>7.0.37-20 (May 23, 2026)</h2>
+<h2>7.0.37-20 (June 23, 2026)</h2>
 <br>
 <br>

From e9357c8ddb91a1634cbda3ddbfa6946a199d8fc8 Mon Sep 17 00:00:00 2001
From: Rasika Chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Thu, 18 Jun 2026 14:18:09 +0530
Subject: [PATCH 27/41] Update docs/release_notes/7.0.37-20.md

Co-authored-by: Radoslaw Szulgo <radoslaw.szulgo@percona.com>
---
 docs/release_notes/7.0.37-20.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 086f7e3fc..abc80d0e5 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -17,7 +17,7 @@ Percona Server for MongoDB **{{ page.meta.version }}** includes the improvements
 
 ## Upgrade recommendation
 
-This release contains multiple high-severity security fixes affecting all Percona Server for MongoDB 7.0.x versions. We strongly recommend upgrading to version 7.0.37 as soon as possible.
+This release contains multiple high-severity security fixes affecting all Percona Server for MongoDB 7.0.x versions. We strongly recommend upgrading to version 7.0.37-20 as soon as possible.
 
 ## Security updates: CVE fixes from upstream MongoDB
 

From 229d050d63898868e39d745dadeee041dc4e304f Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Thu, 18 Jun 2026 14:25:40 +0530
Subject: [PATCH 28/41] Update 7.0.37-20.md

---
 docs/release_notes/7.0.37-20.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 086f7e3fc..9d6a51807 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -11,7 +11,7 @@ Percona Server for MongoDB {{ page.meta.version }} is an enhanced, source-availa
 
 Percona Server for MongoDB **{{ page.meta.version }}** includes the improvements and bug fixes of:
 
-- [MongoDB 7.0.37 Community Edition :octicons-link-external-16:](https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.37---june-11--2026){:target="_blank"}
+- [MongoDB 7.0.37, 7.0.36, and 7.0.35 Community Edition :octicons-link-external-16:](https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.37---june-11--2026){:target="_blank"}
 
 - Supports protocols and drivers of MongoDB Community **7.0.37**.
 
@@ -26,7 +26,6 @@ This release contains multiple high-severity security fixes affecting all Percon
 These vulnerabilities affect the following versions:
 
 - All Percona Server for MongoDB 7.0.x versions
-- MongoDB Community 7.0 versions prior to 7.0.37
 
 ### High severity
 

From e410d21e6308e459b7d5b895624e74395ab4aea2 Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Thu, 18 Jun 2026 14:26:12 +0530
Subject: [PATCH 29/41] Update 7.0.37-20.md

---
 docs/release_notes/7.0.37-20.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index eb73ed6f6..93d45458c 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -17,7 +17,7 @@ Percona Server for MongoDB **{{ page.meta.version }}** includes the improvements
 
 ## Upgrade recommendation
 
-This release contains multiple high-severity security fixes affecting all Percona Server for MongoDB 7.0.x versions. We strongly recommend upgrading to version 7.0.37-20 as soon as possible.
+This release contains multiple high-severity security fixes affecting all Percona Server for MongoDB 7.0.x versions. We strongly recommend upgrading to version {{ page.meta.version }} as soon as possible.
 
 ## Security updates: CVE fixes from upstream MongoDB
 

From ea8de6872164f944726119b60444387d5eed7ec1 Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Thu, 18 Jun 2026 17:45:40 +0530
Subject: [PATCH 30/41] added CVE-2026-11933

---
 docs/release_notes/7.0.37-20.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 93d45458c..0207b04d2 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -29,6 +29,8 @@ These vulnerabilities affect the following versions:
 
 ### High severity
 
+- [SERVER-128125 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-128125){:target="_blank"} **(CVE-2026-11933):** A **use-after-free** vulnerability was identified in MongoDB Server’s server-side JavaScript engine when converting `BSON` documents to JavaScript arrays. An authenticated user with read privileges who can execute server-side JavaScript (e.g., via `$where` or `$function`) may trigger access to freed memory, which could result in information disclosure from the `mongod` process memory or a denial of service through a server crash.
+
 - [SERVER-125063 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-125063){:target="_blank"} **(CVE-2026-9740):** A vulnerability in the `BSON` validator allows an unauthenticated user to supply specially crafted input that could cause the `mongod` process to terminate unexpectedly, resulting in a denial-of-service condition.
 
 - [SERVER-124959 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124959){:target="_blank"} **(CVE-2026-9753):** A vulnerability in the `$_internalApplyOplogUpdate` aggregation stage allows an authenticated user to supply specially crafted input that could cause the server process to terminate unexpectedly.

From 154c6c23552a4077cea91b94870b82e94924e4fe Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Thu, 18 Jun 2026 18:19:20 +0530
Subject: [PATCH 31/41] Update 7.0.37-20.md

---
 docs/release_notes/7.0.37-20.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 0207b04d2..17d937afd 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -47,8 +47,6 @@ These vulnerabilities affect the following versions:
 
 - [SERVER-124190 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-124190){:target="_blank"} **(CVE-2026-9746):** A vulnerability in the use of `$changeStream`, `$_requestReshardingResumeToken`, and the exchange option can cause the `mongod` process to terminate unexpectedly. An authenticated user can trigger this behavior without requiring any special privileges.
 
-- [SERVER-123507 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123507){:target="_blank"} **(CVE-2026-9741):** Queries using `$vectorSearch` with Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) could transmit encrypted field values in filter expressions as plaintext instead of ciphertext. This could expose sensitive data.
-
 ### Medium severity
 
 - [SERVER-123370 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123370){:target="_blank"} **(CVE-2026-9751):** When the `ldapQueryPassword` parameter is set using the runtime `setParameter` command, the new password value is written to `mongod.log` in plain text. This can expose sensitive credentials in log files.

From 4e55325c7f11d4eb7c70e4e4f2cf7bb5670c1ef8 Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Fri, 19 Jun 2026 14:12:59 +0530
Subject: [PATCH 32/41] Added imrpovements

---
 docs/release_notes/7.0.37-20.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 17d937afd..2c19a68b9 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -19,6 +19,10 @@ Percona Server for MongoDB **{{ page.meta.version }}** includes the improvements
 
 This release contains multiple high-severity security fixes affecting all Percona Server for MongoDB 7.0.x versions. We strongly recommend upgrading to version {{ page.meta.version }} as soon as possible.
 
+## Improvements
+
+[PSMDB-2038](https://perconadev.atlassian.net/browse/PSMDB-2038): Percona Server for MongoDB now exposes LDAP `userToDN` cache statistics through the serverStatus command. These metrics provide visibility into cache utilization and effectiveness, helping administrators troubleshoot LDAP authentication latency, validate cache behavior after configuration changes, and optimize cache sizing for their workloads. The new `ldap.userToDNCache` section reports runtime information such as cache usage, hits, misses, and invalidations, making LDAP authentication performance easier to monitor and tune.
+
 ## Security updates: CVE fixes from upstream MongoDB
 
 ### Affected versions

From 321c6b3e4d3dca2503e6499949d1b10737eb9155 Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Fri, 19 Jun 2026 14:15:00 +0530
Subject: [PATCH 33/41] Update 7.0.37-20.md

---
 docs/release_notes/7.0.37-20.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 2c19a68b9..f0a89f61e 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -21,7 +21,7 @@ This release contains multiple high-severity security fixes affecting all Percon
 
 ## Improvements
 
-[PSMDB-2038](https://perconadev.atlassian.net/browse/PSMDB-2038): Percona Server for MongoDB now exposes LDAP `userToDN` cache statistics through the serverStatus command. These metrics provide visibility into cache utilization and effectiveness, helping administrators troubleshoot LDAP authentication latency, validate cache behavior after configuration changes, and optimize cache sizing for their workloads. The new `ldap.userToDNCache` section reports runtime information such as cache usage, hits, misses, and invalidations, making LDAP authentication performance easier to monitor and tune.
+- [PSMDB-2038](https://perconadev.atlassian.net/browse/PSMDB-2038): Percona Server for MongoDB now exposes LDAP `userToDN` cache statistics through the serverStatus command. These metrics provide visibility into cache utilization and effectiveness, helping administrators troubleshoot LDAP authentication latency, validate cache behavior after configuration changes, and optimize cache sizing for their workloads. The new `ldap.userToDNCache` section reports runtime information such as cache usage, hits, misses, and invalidations, making LDAP authentication performance easier to monitor and tune.
 
 ## Security updates: CVE fixes from upstream MongoDB
 

From c2d4886b0561370a5f703dac75997a0d928a47f5 Mon Sep 17 00:00:00 2001
From: Rasika Chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Mon, 22 Jun 2026 17:02:29 +0530
Subject: [PATCH 34/41] Update docs/release_notes/7.0.37-20.md

Co-authored-by: Radoslaw Szulgo <radoslaw.szulgo@percona.com>
---
 docs/release_notes/7.0.37-20.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index f0a89f61e..11374227f 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -21,7 +21,7 @@ This release contains multiple high-severity security fixes affecting all Percon
 
 ## Improvements
 
-- [PSMDB-2038](https://perconadev.atlassian.net/browse/PSMDB-2038): Percona Server for MongoDB now exposes LDAP `userToDN` cache statistics through the serverStatus command. These metrics provide visibility into cache utilization and effectiveness, helping administrators troubleshoot LDAP authentication latency, validate cache behavior after configuration changes, and optimize cache sizing for their workloads. The new `ldap.userToDNCache` section reports runtime information such as cache usage, hits, misses, and invalidations, making LDAP authentication performance easier to monitor and tune.
+- [PSMDB-2038](https://perconadev.atlassian.net/browse/PSMDB-2038): Percona Server for MongoDB now exposes LDAP `userToDN` cache statistics through the `serverStatus` command. These metrics provide visibility into cache utilization and effectiveness, helping administrators troubleshoot LDAP authentication latency, validate cache behavior after configuration changes, and optimize cache sizing for their workloads. The new `ldap.userToDNCache` section reports runtime information such as cache usage, hits, misses, and invalidations, making LDAP authentication performance easier to monitor and tune.
 
 ## Security updates: CVE fixes from upstream MongoDB
 

From ef2240ecb6ae32edd17e599f9e30f4b7f5545d59 Mon Sep 17 00:00:00 2001
From: Rasika Chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Mon, 22 Jun 2026 17:02:55 +0530
Subject: [PATCH 35/41] Update docs/release_notes/7.0.37-20.md

Co-authored-by: Radoslaw Szulgo <radoslaw.szulgo@percona.com>
---
 docs/release_notes/7.0.37-20.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 11374227f..60fa29acf 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -23,7 +23,7 @@ This release contains multiple high-severity security fixes affecting all Percon
 
 - [PSMDB-2038](https://perconadev.atlassian.net/browse/PSMDB-2038): Percona Server for MongoDB now exposes LDAP `userToDN` cache statistics through the `serverStatus` command. These metrics provide visibility into cache utilization and effectiveness, helping administrators troubleshoot LDAP authentication latency, validate cache behavior after configuration changes, and optimize cache sizing for their workloads. The new `ldap.userToDNCache` section reports runtime information such as cache usage, hits, misses, and invalidations, making LDAP authentication performance easier to monitor and tune.
 
-## Security updates: CVE fixes from upstream MongoDB
+## Security updates
 
 ### Affected versions
 

From 30e923732aafeacc101b7bd4cff646dea2a27109 Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Mon, 22 Jun 2026 17:27:17 +0530
Subject: [PATCH 36/41] Update 7.0.37-20.md

---
 docs/release_notes/7.0.37-20.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 60fa29acf..9b5f7661b 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -11,7 +11,7 @@ Percona Server for MongoDB {{ page.meta.version }} is an enhanced, source-availa
 
 Percona Server for MongoDB **{{ page.meta.version }}** includes the improvements and bug fixes of:
 
-- [MongoDB 7.0.37, 7.0.36, and 7.0.35 Community Edition :octicons-link-external-16:](https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.37---june-11--2026){:target="_blank"}
+- [MongoDB 7.0.37 Community Edition :octicons-link-external-16:](https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.37---june-11--2026){:target="_blank"}, [7.0.36 Community Edition :octicons-link-external-16:](https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.36---june-10--2026){:target="_blank"}, and [7.0.35 Community Edition :octicons-link-external-16:]{:target="_blank"}(https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.35---june-9--2026){:target="_blank"}.
 
 - Supports protocols and drivers of MongoDB Community **7.0.37**.
 
@@ -21,9 +21,9 @@ This release contains multiple high-severity security fixes affecting all Percon
 
 ## Improvements
 
-- [PSMDB-2038](https://perconadev.atlassian.net/browse/PSMDB-2038): Percona Server for MongoDB now exposes LDAP `userToDN` cache statistics through the `serverStatus` command. These metrics provide visibility into cache utilization and effectiveness, helping administrators troubleshoot LDAP authentication latency, validate cache behavior after configuration changes, and optimize cache sizing for their workloads. The new `ldap.userToDNCache` section reports runtime information such as cache usage, hits, misses, and invalidations, making LDAP authentication performance easier to monitor and tune.
+- [PSMDB-2038](https://perconadev.atlassian.net/browse/PSMDB-2038): Percona Server for MongoDB now exposes LDAP `userToDN` cache statistics through the serverStatus command. These metrics provide visibility into cache utilization and effectiveness, helping administrators troubleshoot LDAP authentication latency, validate cache behavior after configuration changes, and optimize cache sizing for their workloads. The new `ldap.userToDNCache` section reports runtime information such as cache usage, hits, misses, and invalidations, making LDAP authentication performance easier to monitor and tune.
 
-## Security updates
+## Security updates: CVE fixes from upstream MongoDB
 
 ### Affected versions
 

From 5702d72f6692d78247ce88a9dabb36b5337635d8 Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Mon, 22 Jun 2026 17:28:53 +0530
Subject: [PATCH 37/41] Update 7.0.37-20.md

---
 docs/release_notes/7.0.37-20.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 9b5f7661b..63ed5c30f 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -23,7 +23,7 @@ This release contains multiple high-severity security fixes affecting all Percon
 
 - [PSMDB-2038](https://perconadev.atlassian.net/browse/PSMDB-2038): Percona Server for MongoDB now exposes LDAP `userToDN` cache statistics through the serverStatus command. These metrics provide visibility into cache utilization and effectiveness, helping administrators troubleshoot LDAP authentication latency, validate cache behavior after configuration changes, and optimize cache sizing for their workloads. The new `ldap.userToDNCache` section reports runtime information such as cache usage, hits, misses, and invalidations, making LDAP authentication performance easier to monitor and tune.
 
-## Security updates: CVE fixes from upstream MongoDB
+## Security updates
 
 ### Affected versions
 
@@ -59,6 +59,8 @@ These vulnerabilities affect the following versions:
 
 - [PSMDB-1977](https://perconadev.atlassian.net/browse/PSMDB-1977): Resolved an issue where Docker-based MongoDB instances could fail to start when replication settings were defined in `mongod.conf`.
 
+- [PSMDB-2039](https://perconadev.atlassian.net/browse/PSMDB-2039): Fixed an issue where PSMDB packages built on a newer Amazon Linux 2023 release failed to install on systems running older AL2023 updates. Package installation now works as expected across supported Amazon Linux 2023 versions.
+
 ## Tools packaged with this release
 
 Percona Server for MongoDB packages the following MongoDB tools:

From dd56384d0051f3fcf65bbf78467159e4b64dc9c8 Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Mon, 22 Jun 2026 17:48:04 +0530
Subject: [PATCH 38/41] Update 7.0.37-20.md

---
 docs/release_notes/7.0.37-20.md | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 63ed5c30f..1b852192b 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -23,6 +23,14 @@ This release contains multiple high-severity security fixes affecting all Percon
 
 - [PSMDB-2038](https://perconadev.atlassian.net/browse/PSMDB-2038): Percona Server for MongoDB now exposes LDAP `userToDN` cache statistics through the serverStatus command. These metrics provide visibility into cache utilization and effectiveness, helping administrators troubleshoot LDAP authentication latency, validate cache behavior after configuration changes, and optimize cache sizing for their workloads. The new `ldap.userToDNCache` section reports runtime information such as cache usage, hits, misses, and invalidations, making LDAP authentication performance easier to monitor and tune.
 
+- [PSMDB-2071](https://perconadev.atlassian.net/browse/PSMDB-2071): Improved oplog record parsing in backup cursor operations, increasing resilience when processing non-standard oplog entries.
+
+## Bugs fixed
+
+- [PSMDB-1977](https://perconadev.atlassian.net/browse/PSMDB-1977): Resolved an issue where Docker-based MongoDB instances could fail to start when replication settings were defined in `mongod.conf`.
+
+- [PSMDB-2039](https://perconadev.atlassian.net/browse/PSMDB-2039): Fixed an issue where PSMDB packages built on a newer Amazon Linux 2023 release failed to install on systems running older AL2023 updates. Package installation now works as expected across supported Amazon Linux 2023 versions.
+
 ## Security updates
 
 ### Affected versions
@@ -53,13 +61,9 @@ These vulnerabilities affect the following versions:
 
 ### Medium severity
 
-- [SERVER-123370 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123370){:target="_blank"} **(CVE-2026-9751):** When the `ldapQueryPassword` parameter is set using the runtime `setParameter` command, the new password value is written to `mongod.log` in plain text. This can expose sensitive credentials in log files.
-
-## Bugs fixed
-
-- [PSMDB-1977](https://perconadev.atlassian.net/browse/PSMDB-1977): Resolved an issue where Docker-based MongoDB instances could fail to start when replication settings were defined in `mongod.conf`.
+- [SERVER-123370 :octicons-link-external-16:](https://jira.mongodb.org/browse/SERVER-123370){:target="_blank"} **(CVE-2026-9751):** Percona Server for MongoDB no longer logs sensitive parameter values when they are modified using the runtime `setParameter` command. Previously, parameters such as `ldapQueryPassword` could be written to `mongod.log` in plain text, potentially exposing credentials.
 
-- [PSMDB-2039](https://perconadev.atlassian.net/browse/PSMDB-2039): Fixed an issue where PSMDB packages built on a newer Amazon Linux 2023 release failed to install on systems running older AL2023 updates. Package installation now works as expected across supported Amazon Linux 2023 versions.
+    This applies to all `setParameter` operations. Parameters marked as sensitive are automatically redacted from log output, and values associated with unrecognized parameter names are also redacted to prevent accidental exposure caused by typographical errors.
 
 ## Tools packaged with this release
 

From 74469453cbefb0673387a1c02599a51d2c27e0d4 Mon Sep 17 00:00:00 2001
From: Rasika Chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Mon, 22 Jun 2026 17:52:18 +0530
Subject: [PATCH 39/41] Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---
 docs/release_notes/7.0.37-20.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index 1b852192b..ec9e4a5d7 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -11,7 +11,7 @@ Percona Server for MongoDB {{ page.meta.version }} is an enhanced, source-availa
 
 Percona Server for MongoDB **{{ page.meta.version }}** includes the improvements and bug fixes of:
 
-- [MongoDB 7.0.37 Community Edition :octicons-link-external-16:](https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.37---june-11--2026){:target="_blank"}, [7.0.36 Community Edition :octicons-link-external-16:](https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.36---june-10--2026){:target="_blank"}, and [7.0.35 Community Edition :octicons-link-external-16:]{:target="_blank"}(https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.35---june-9--2026){:target="_blank"}.
+- [MongoDB 7.0.37 Community Edition :octicons-link-external-16:](https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.37---june-11--2026){:target="_blank"}, [7.0.36 Community Edition :octicons-link-external-16:](https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.36---june-10--2026){:target="_blank"}, and [7.0.35 Community Edition :octicons-link-external-16:](https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.35---june-9--2026){:target="_blank"}.
 
 - Supports protocols and drivers of MongoDB Community **7.0.37**.
 

From 06aa36b62d4846ffff47f53db8ded5d52137be39 Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Mon, 22 Jun 2026 17:55:26 +0530
Subject: [PATCH 40/41] Update 7.0.37-20.md

---
 docs/release_notes/7.0.37-20.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index ec9e4a5d7..f8b168af0 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -17,7 +17,7 @@ Percona Server for MongoDB **{{ page.meta.version }}** includes the improvements
 
 ## Upgrade recommendation
 
-This release contains multiple high-severity security fixes affecting all Percona Server for MongoDB 7.0.x versions. We strongly recommend upgrading to version {{ page.meta.version }} as soon as possible.
+This release contains multiple high-severity security fixes affecting all Percona Server for MongoDB 7.0.x versions. We strongly recommend **upgrading to version {{ page.meta.version }}** as soon as possible.
 
 ## Improvements
 

From 9e0037584bb3aa07cada74eb445cf13313d482c7 Mon Sep 17 00:00:00 2001
From: rasika-chivate <95711051+rasika-chivate@users.noreply.github.com>
Date: Mon, 22 Jun 2026 18:11:48 +0530
Subject: [PATCH 41/41] Update 7.0.37-20.md

---
 docs/release_notes/7.0.37-20.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/release_notes/7.0.37-20.md b/docs/release_notes/7.0.37-20.md
index f8b168af0..bb8f9a91e 100644
--- a/docs/release_notes/7.0.37-20.md
+++ b/docs/release_notes/7.0.37-20.md
@@ -23,7 +23,7 @@ This release contains multiple high-severity security fixes affecting all Percon
 
 - [PSMDB-2038](https://perconadev.atlassian.net/browse/PSMDB-2038): Percona Server for MongoDB now exposes LDAP `userToDN` cache statistics through the serverStatus command. These metrics provide visibility into cache utilization and effectiveness, helping administrators troubleshoot LDAP authentication latency, validate cache behavior after configuration changes, and optimize cache sizing for their workloads. The new `ldap.userToDNCache` section reports runtime information such as cache usage, hits, misses, and invalidations, making LDAP authentication performance easier to monitor and tune.
 
-- [PSMDB-2071](https://perconadev.atlassian.net/browse/PSMDB-2071): Improved oplog record parsing in backup cursor operations, increasing resilience when processing non-standard oplog entries.
+- [PSMDB-2071](https://perconadev.atlassian.net/browse/PSMDB-2071): Enhanced oplog record parsing to better handle legacy oplog entries that may be present after upgrades from older major versions. This improvement increases compatibility with upgraded deployments by correctly processing oplog records that contain fields no longer used in current releases.
 
 ## Bugs fixed