[SERVER-52804] Upgrade libmongocrypt to v1.0.4+ Created: 12/Nov/20  Updated: 29/Oct/23  Resolved: 11/Jan/21

Status: Closed
Project: Core Server
Component/s: Build
Affects Version/s: None
Fix Version/s: 4.9.0

Type: Task Priority: Major - P3
Reporter: Ryan Egesdahl (Inactive) Assignee: Mark Benvenuto
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
Backwards Compatibility: Fully Compatible
Sprint: Security 2020-12-14, Security 2020-12-28, Security 2021-01-11, Dev Platform 2020-11-16, Security 2021-01-25
Participants:
Linked BF Score: 50

 Description   

The libmongocrypt library at src/third_party/kms-message is out of date. The current version is "1.0.1" and the newest version is "1.0.4" according to Black Duck. MongoDB policy requires all third-party software to be updated to the latest version on the master branch.



 Comments   
Comment by Githook User [ 11/Jan/21 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: SERVER-52804 Finish libmongocrypt upgrade by removing TODO
Branch: master
https://github.com/mongodb/mongo/commit/581e83753bc3f6042afd633a61aaf7b1e83e3aae

Comment by Mark Benvenuto [ 07/Jan/21 ]

Code Review URL: https://mongodbcr.appspot.com/742560001/

Comment by Ryan Egesdahl (Inactive) [ 20/Nov/20 ]

I've just added the suppression for the upgrade because it looks like there's going to be some work involved that's outside of the SDP team's scope. Passing over to the Security team to either complete the upgrade work or forward it on to the right place.

Comment by Githook User [ 20/Nov/20 ]

Author:

{'name': 'Ryan Egesdahl', 'email': 'ryan.egesdahl@mongodb.com', 'username': 'deriamis'}

Message: SERVER-52804 Suppress Black Duck warning for libmongocrypt v1.0.3
Branch: master
https://github.com/mongodb/mongo/commit/a64e0ac24cb6ce95c44350cce8b8cfc82f069cf9

Generated at Thu Feb 08 05:29:03 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.