[DOCS-7589] Enable JavaScript Protection by default Created: 06/Apr/16  Updated: 04/Mar/23  Resolved: 14/Nov/16

Status: Closed
Project: Documentation
Component/s: manual
Affects Version/s: None
Fix Version/s: 3.4.0

Type: Task Priority: Major - P3
Reporter: Shane Harvey Assignee: Steve Renaker (Inactive)
Resolution: Done Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-23472 Enable JavaScript protection by default Closed
Related
related to DOCS-7207 Document new JavaScript protection sh... Closed
Participants:
Days since reply: 7 years, 13 weeks ago
Story Points: 1

 Description   

We are turning on --enableJavaScriptProtection in the mongo shell by default and introduced a new flag, --disableJavaScriptProtection, to keep the old behavior.

Need to document the behavior of the "--enableJavaScriptProtection" flag in the shell (which has been backported to 3.2). This flag prevents "Code" and "CodeWScope" BSON types from being automatically marshalled to JavaScript functions in the shell.



 Comments   
Comment by Githook User [ 17/Nov/16 ]

Author:

{u'username': u'kay-kim', u'name': u'kay', u'email': u'kay.kim@10gen.com'}

Message: DOCS-7589 add to rel notes
Branch: master
https://github.com/mongodb/docs/commit/6e1d3e64c7026e488ca22c2278bbc91b74313a15

Comment by Githook User [ 17/Nov/16 ]

Author:

{u'username': u'steveren', u'name': u'Steve Renaker', u'email': u'steve.renaker@mongodb.com'}

Message: DOCS-7589: Enable JavaScript Protection by default

Signed-off-by: kay <kay.kim@10gen.com>
Branch: master
https://github.com/mongodb/docs/commit/d76213d119b81769c3289dfb21cfeb9c26ad49d7

Comment by Githook User [ 17/Nov/16 ]

Author:

{u'username': u'steveren', u'name': u'Steve Renaker', u'email': u'steve.renaker@mongodb.com'}

Message: DOCS-7589: Enable JavaScript Protection by default

Signed-off-by: kay <kay.kim@10gen.com>
Branch: master
https://github.com/mongodb/docs/commit/4d96942f382c30104952a877181ec6f7d64ef244

Comment by Shane Harvey [ 04/Nov/16 ]

kyle.suarez, the --enableJavaScriptProtection flag was added in version 3.3.2 and backported to 3.2.4 as part of SERVER-9131.

Comment by Kyle Suarez [ 01/Nov/16 ]

shane.harvey, you say in this ticket that the --enableJavaScriptProtection flag has been backported to 3.2, but I don't see any commits nor fixVersion in SERVER-23472 that indicate what version of 3.2 has the fix. Could you please add that in, or link a different SERVER ticket if it was done elsewhere?

Generated at Thu Feb 08 07:54:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.