-
Type: Improvement
-
Resolution: Won't Fix
-
Priority: Minor - P4
-
None
-
Affects Version/s: 2.4.8
-
Component/s: Security
-
Labels:None
Applying oplog entries creating or manipulating 2.6-style users will cause a fatal error in 2.4. If the secondaries are caught up past all user and role manipulations before the downgrade, they should be fine.
A solution may be to stop enforcing the form of user documents in 2.4, or to not enforce them during oplog application. This is risky because trivially malformed user documents in 2.4 can grant broad powers to users (i.e., misspelling "roles" as "roels" will lead to a 2.2-style read-write user).
- is related to
-
SERVER-11881 addUser crashing 2.4 mongod in mixed version replica set
- Closed