[SERVER-84617] Define a version for S2 Created: 05/Jan/24  Updated: 05/Feb/24

Status: In Progress
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Spencer Jackson Assignee: Will Buerger
Resolution: Unresolved Votes: 0
Labels: qi-geo, tech-debt
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File s2-diff.txt    
Issue Links:
Related
related to SERVER-85810 Investigate any known security vulner... In Progress
Assigned Teams:
Query Integration
Participants:

 Description   

When we vendor third party libraries, we must ensure that they've been sourced from known origins and possess meaningful version identifiers. We use version identifiers to track security vulnerabilities and their mitigations, and libraries without versions cannot be easily audited. As we work toward publishing an SBOM, this information will be made public so that our customers can make informed decisions about supply chain risk.

Library S2 doesn’t seem to be vendored from a specific release identified by a version identifier issued by its upstream vendor. Please either identify the release which originated the library and update README.third_party.md, update your library to a named release, or migrate to an alternative.

If you require an exception, please reach out to stacey.kingpoling@mongodb.com.


Generated at Thu Feb 08 06:55:31 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.