<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:48:40 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CSHARP-4581] c# driver to auto register all explicitly mapped types as allowed</title>
                <link>https://jira.mongodb.org/browse/CSHARP-4581</link>
                <project id="10041" key="CSHARP">C# Driver</project>
                    <description>&lt;p&gt;I originally posted this &lt;a href=&quot;https://www.mongodb.com/community/forums/t/feature-request-c-driver-to-auto-register-all-explicitly-mapped-types-as-allowed/218839&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;here&lt;/a&gt; before realizing it should probably have gone in Jira as a feature request?&lt;/p&gt;

&lt;p&gt;&#160;&lt;br/&gt;
With release 2.19.0 we now have to register our types in order for them to be serialized. The suggestion in the release notes &lt;a href=&quot;https://www.mongodb.com/community/forums/t/net-driver-2-19-0-released/210854&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;here&lt;/a&gt; is to do the following&#8230;&lt;/p&gt;

&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;var objectSerializer = new ObjectSerializer(type =&amp;gt; ObjectSerializer.DefaultAllowedTypes(type) || type.FullName.StartsWith(&quot;MyNamespace&quot;));&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;BsonSerializer.RegisterSerializer(objectSerializer);&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;This works, however, at the company I work we explicitly register all our types using &lt;tt&gt;BsonClassMap.RegisterClassMap&amp;lt;T&amp;gt;(...)&lt;/tt&gt; to avoid accidents when serializing/deserializing.&lt;/p&gt;

&lt;p&gt;Given that we&#8217;re already being explicit about the types we want registered could the library note these types and add them to the allowed types automatically.&lt;/p&gt;</description>
                <environment></environment>
        <key id="2297183">CSHARP-4581</key>
            <summary>c# driver to auto register all explicitly mapped types as allowed</summary>
                <type id="2" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14711&amp;avatarType=issuetype">New Feature</type>
                                            <priority id="10300" iconUrl="https://jira.mongodb.org/images/icons/priorities/medium.svg">Unknown</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="2">Won&apos;t Fix</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="g.budden@quill.co.uk">Gareth Budden</reporter>
                        <labels>
                    </labels>
                <created>Fri, 24 Mar 2023 10:05:32 +0000</created>
                <updated>Tue, 18 Apr 2023 18:01:27 +0000</updated>
                            <resolved>Tue, 18 Apr 2023 18:01:27 +0000</resolved>
                                                                    <component>Serialization</component>
                                        <votes>1</votes>
                                    <watches>4</watches>
                                                                                                                <comments>
                            <comment id="5356527" author="james.kovacs" created="Tue, 18 Apr 2023 18:01:08 +0000"  >&lt;p&gt;Hi, Daniel,&lt;/p&gt;

&lt;p&gt;Apologies for the delay in response. The .NET/C# Driver uses a number of different serializers to perform BSON serialization. Which serializer is used depends on the actual and nominal types involved. If the actual type is &lt;tt&gt;MySagaData&lt;/tt&gt;, but the nominal type is &lt;tt&gt;IContainSagaData&lt;/tt&gt; (prior to your NServiceBus change), then the driver uses the &lt;tt&gt;DiscriminatedInterfaceSerializer&amp;lt;T&amp;gt;&lt;/tt&gt;, which internally uses the &lt;tt&gt;ObjectSerializer&lt;/tt&gt;. The &lt;tt&gt;ObjectSerializer&lt;/tt&gt; now requires configuration of allowed types starting in 2.19.0 to avoid the .NET Framework bug (CVE-2022-48282). See &lt;a href=&quot;https://jira.mongodb.org/browse/CSHARP-4475&quot; title=&quot;Add an AllowedTypes filter to ObjectSerializer&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CSHARP-4475&quot;&gt;&lt;del&gt;CSHARP-4475&lt;/del&gt;&lt;/a&gt; for more details.&lt;/p&gt;

&lt;p&gt;After the NServiceBus change, the driver uses the &lt;tt&gt;BsonClassMapSerializer&amp;lt;T&amp;gt;&lt;/tt&gt;, which is not affected by CVE-2022-48282. This is why after the NServiceBus change you do not need to register any types with explicitly registered class maps with the object serializer as being safe. The execution path no longer uses the &lt;tt&gt;ObjectSerializer&lt;/tt&gt;, but instead uses the configured &lt;tt&gt;BsonClassMapSerializer&amp;lt;T&amp;gt;&lt;/tt&gt;.&lt;/p&gt;

&lt;p&gt;I would encourage users of NServiceBus to upgrade to the newer version with this fix. If you are using another framework, I would suggest implementing a similar fix. If you cannot use a similar fix for whatever reason, please comment on this issue and we will reconsider this feature.&lt;/p&gt;

&lt;p&gt;Sincerely,&lt;br/&gt;
James&lt;/p&gt;</comment>
                            <comment id="5307628" author="JIRAUSER1273297" created="Tue, 28 Mar 2023 21:15:42 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=james.kovacs%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;james.kovacs@mongodb.com&quot;&gt;james.kovacs@mongodb.com&lt;/a&gt; Did you see my comment here?&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://www.mongodb.com/community/forums/t/feature-request-c-driver-to-auto-register-all-explicitly-mapped-types-as-allowed/218839/6?u=daniel_marbach&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://www.mongodb.com/community/forums/t/feature-request-c-driver-to-auto-register-all-explicitly-mapped-types-as-allowed/218839/6?u=daniel_marbach&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;It has been a while since I worked with the client, so please bear with me. But once I moved towards using the type-based overloads of the BsonSerializer that matches the class mapping we already had in place, the exceptions went away.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</comment>
                            <comment id="5303268" author="james.kovacs" created="Mon, 27 Mar 2023 16:25:41 +0000"  >&lt;p&gt;Thank you for filing this feature request. We internally call &lt;tt&gt;BsonClassMap.RegisterClassMap&amp;lt;T&amp;gt;(...)&lt;/tt&gt;. So we would have to implement a mechanism to differentiate between externally and internally configured &lt;tt&gt;BsonClassMap&lt;/tt&gt; instances. This is totally possible and something that we will consider to ease the use of &lt;tt&gt;ObjectSerializer.AllowedTypes&lt;/tt&gt; in an upcoming version. Please follow this ticket for updates.&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_14266" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Documentation Changes Summary</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;p&gt;1.  What would you like to communicate to the user about this feature?&lt;br/&gt;
2.  Would you like the user to see examples of the syntax and/or executable code and its output?&lt;br/&gt;
3.  Which versions of the driver/connector does this apply to?&lt;/p&gt;</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hr48xi:oasv1</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>