<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:21:27 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CDRIVER-4624] Update zlib to 1.2.13+</title>
                <link>https://jira.mongodb.org/browse/CDRIVER-4624</link>
                <project id="10030" key="CDRIVER">C Driver</project>
                    <description>&lt;p&gt;The bundled version zlib 1.2.12 is outdated and is affected by a known vulnerability, CVE-2018-25032:&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-37434&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2018-25032&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The changelog of the recently released zlib 1.2.13 recommends to update.&lt;br/&gt;
Quote from&#160;&lt;a href=&quot;https://zlib.net/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://zlib.net/&lt;/a&gt;&lt;/p&gt;
&lt;blockquote&gt;&lt;p&gt;Version 1.2.13 has these key updates from 1.2.12:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;Fix a bug when getting a gzip header extra field with&#160;&lt;tt&gt;inflateGetHeader()&lt;/tt&gt;. This remedies&#160;&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-37434&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;CVE-2022-37434&lt;/a&gt;.&lt;/li&gt;
	&lt;li&gt;Fix a bug in block type selection when&#160;&lt;tt&gt;Z_FIXED&lt;/tt&gt;&#160;used. Now the smallest block type is selected, for better compression.&lt;/li&gt;
	&lt;li&gt;Fix a configure issue that discarded the provided CC definition.&lt;/li&gt;
	&lt;li&gt;Correct incorrect inputs provided to the CRC functions. This mitigates a bug in Java.&lt;/li&gt;
	&lt;li&gt;Repair prototypes and exporting of the new CRC functions.&lt;/li&gt;
	&lt;li&gt;Fix&#160;&lt;tt&gt;inflateBack&lt;/tt&gt;&#160;to detect invalid input with distances too far.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;&lt;em&gt;Due to the first bug fix, any installations of 1.2.12 or earlier should be replaced with 1.2.13.&lt;/em&gt;&lt;/p&gt;&lt;/blockquote&gt;</description>
                <environment></environment>
        <key id="2323898">CDRIVER-4624</key>
            <summary>Update zlib to 1.2.13+</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="10300" iconUrl="https://jira.mongodb.org/images/icons/priorities/medium.svg">Unknown</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="kevin.albertson@mongodb.com">Kevin Albertson</assignee>
                                    <reporter username="john.becker">John Becker</reporter>
                        <labels>
                    </labels>
                <created>Tue, 25 Apr 2023 19:18:24 +0000</created>
                <updated>Sat, 28 Oct 2023 11:27:52 +0000</updated>
                            <resolved>Tue, 2 May 2023 16:45:53 +0000</resolved>
                                    <version>1.22.1</version>
                                    <fixVersion>1.24.0</fixVersion>
                                                        <votes>0</votes>
                                    <watches>3</watches>
                                                                                                                <comments>
                            <comment id="5391898" author="xgen-internal-githook" created="Mon, 1 May 2023 19:19:00 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-4624&quot; title=&quot;Update zlib to 1.2.13+&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-4624&quot;&gt;&lt;del&gt;CDRIVER-4624&lt;/del&gt;&lt;/a&gt; upgrade zlib 1.2.12 to 1.2.13 (#1252)&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;add zlib-1.2.13&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;replace references of zlib-1.2.12 with zlib-1.2.13&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;remove zlib-1.2.12&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/7c625e7723f6e5b4e464c74481901a9c79691bd1&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/7c625e7723f6e5b4e464c74481901a9c79691bd1&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                            <comment id="5391098" author="kevin.albertson" created="Mon, 1 May 2023 15:30:17 +0000"  >&lt;p&gt;Thank you for the report.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-37434&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-37434&lt;/a&gt; notes:&lt;/p&gt;
&lt;blockquote&gt;
&lt;p&gt;only applications that call inflateGetHeader are affected.&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;I expect the C driver is not impacted by this issue. The C driver does not call `inflateGetHeader`.&lt;/p&gt;

&lt;p&gt;Regardless, upgrading to zlib 1.2.13 seems like an improvement.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                                        </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i1olg8:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>