<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:24:30 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DRIVERS-2011] On-demand callback for AWS credentials</title>
                <link>https://jira.mongodb.org/browse/DRIVERS-2011</link>
                <project id="10980" key="DRIVERS">Drivers</project>
                    <description>&lt;div class=&quot;panel&quot; style=&quot;background-color: #fafbfc;border-width: 1px;&quot;&gt;&lt;div class=&quot;panelContent&quot; style=&quot;background-color: #fafbfc;&quot;&gt;
&lt;h3&gt;&lt;a name=&quot;Summary&quot;&gt;&lt;/a&gt;&lt;b&gt;Summary&lt;/b&gt;&lt;/h3&gt;

&lt;p&gt;Add a callback to supply AWS credentials on-demand.&lt;/p&gt;

&lt;p&gt;This is a request to specify an API equivalent to &lt;a href=&quot;https://jira.mongodb.org/browse/JAVA-4310&quot; title=&quot;AWS credential refreshing&quot; class=&quot;issue-link&quot; data-issue-key=&quot;JAVA-4310&quot;&gt;&lt;del&gt;JAVA-4310&lt;/del&gt;&lt;/a&gt;.&lt;/p&gt;
&lt;h3&gt;&lt;a name=&quot;Motivation&quot;&gt;&lt;/a&gt;&lt;b&gt;Motivation&lt;/b&gt;&lt;/h3&gt;

&lt;p&gt;The &lt;a href=&quot;https://github.com/mongodb/specifications/tree/master/source/auth/auth.rst&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;Driver Authentication specification&lt;/a&gt; describes four ways of obtaining credentials for the MONGODB-AWS authentication mechanism.&lt;/p&gt;

&lt;p&gt;1. From the URI username, password, and options.&lt;br/&gt;
2. From environment variables.&lt;br/&gt;
3. From querying an endpoint for credentials in ECS.&lt;br/&gt;
4. From querying an endpoint for credentials in EC2.&lt;/p&gt;

&lt;p&gt;A callback helps with these use cases:&lt;br/&gt;
1. Caching credentials. In (3) and (4) the endpoint is queried each time a connection handshake results in authentication. This may result in hitting rate limits.&lt;br/&gt;
2. Avoid session token expiration. The AWS session token set in (1) or (2) may be temporary and can expire. A callback enables passing and refreshing credentials in environments like EKS with assigned IAM roles.&lt;br/&gt;
3. Obtain credentials in EKS environments.&lt;/p&gt;

&lt;h4&gt;&lt;a name=&quot;Whoistheaffectedenduser%3F&quot;&gt;&lt;/a&gt;Who is the affected end user?&lt;/h4&gt;
&lt;p&gt;Users authenticating with MONGODB-AWS.&lt;/p&gt;

&lt;h4&gt;&lt;a name=&quot;Howdoesthisaffecttheenduser%3F&quot;&gt;&lt;/a&gt;How does this affect the end user?&lt;/h4&gt;

&lt;p&gt;I do not know if there is a workaround for hitting rate limits in ECS. Users may be blocked.&lt;/p&gt;

&lt;p&gt;If AWS credentials are passed through URI options, credentials may expire and result in failed authentication attempts. The workaround is requires recreating a MongoClient. The workaround is undesirable.&lt;/p&gt;

&lt;p&gt;Authenticating with AWS in EKS requires an undesirable workaround by passing URI options.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Howlikelyisitthatthisproblemorusecasewilloccur%3F&quot;&gt;&lt;/a&gt;How likely is it that this problem or use case will occur?&lt;/h4&gt;

&lt;p&gt;Likely for EKS users.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Iftheproblemdoesoccur%2Cwhataretheconsequencesandhowseverearethey%3F&quot;&gt;&lt;/a&gt;If the problem does occur, what are the consequences and how severe are they?&lt;/h4&gt;

&lt;p&gt;Hitting rate limits may result in temporary unavailability.&lt;/p&gt;

&lt;p&gt;Handling credential expiration is less severe. The workaround is to recreate the MongoClient. It is an undesirable workaround.&lt;/p&gt;

&lt;p&gt;Authenticating with AWS in EKS is less severe. The workaround is to recreate the MongoClient. It is an undesirable workaround.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Isthisissueurgent%3F&quot;&gt;&lt;/a&gt;Is this issue urgent?&lt;/h4&gt;

&lt;p&gt;No.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Isthisticketrequiredbyadownstreamteam%3F&quot;&gt;&lt;/a&gt;Is this ticket required by a downstream team?&lt;/h4&gt;

&lt;p&gt;No.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Isthisticketonlyfortests%3F&quot;&gt;&lt;/a&gt;Is this ticket only for tests?&lt;/h4&gt;

&lt;p&gt;No.&lt;/p&gt;
&lt;/div&gt;&lt;/div&gt;</description>
                <environment></environment>
        <key id="1953998">DRIVERS-2011</key>
            <summary>On-demand callback for AWS credentials</summary>
                <type id="2" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14711&amp;avatarType=issuetype">New Feature</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="12300">Won&apos;t Do</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="kevin.albertson@mongodb.com">Kevin Albertson</reporter>
                        <labels>
                    </labels>
                <created>Sun, 19 Dec 2021 00:45:04 +0000</created>
                <updated>Mon, 19 Dec 2022 18:04:43 +0000</updated>
                            <resolved>Tue, 27 Sep 2022 18:26:39 +0000</resolved>
                                                        <component>Authentication</component>
                                        <votes>6</votes>
                                    <watches>30</watches>
                                                                                                                <comments>
                            <comment id="4859543" author="JIRAUSER1263031" created="Tue, 27 Sep 2022 18:26:39 +0000"  >&lt;p&gt;We prioritized &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2333&quot; title=&quot;Cache AWS Credentials Where Possible&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2333&quot;&gt;&lt;del&gt;DRIVERS-2333&lt;/del&gt;&lt;/a&gt; to handle the rate-limiting case and&#160;&lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-1746&quot; title=&quot;Add native support for AWS IAM Roles for service accounts, EKS in particular&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-1746&quot;&gt;&lt;del&gt;DRIVERS-1746&lt;/del&gt;&lt;/a&gt;&#160;to handle IAM roles for service accounts.&lt;/p&gt;</comment>
                            <comment id="4671701" author="JIRAUSER1263701" created="Mon, 11 Jul 2022 19:48:01 +0000"  >&lt;p&gt;Yes, I agree&lt;/p&gt;</comment>
                            <comment id="4617388" author="JIRAUSER1263701" created="Wed, 15 Jun 2022 13:18:58 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=qingyang.hu%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;qingyang.hu@mongodb.com&quot;&gt;qingyang.hu@mongodb.com&lt;/a&gt;, the concerns you raise are part of the reasons we have put this ticket on the backlog, and are instead pursuing other options for improving our support of AWS.&lt;/p&gt;</comment>
                            <comment id="4616080" author="JIRAUSER1268281" created="Tue, 14 Jun 2022 22:01:58 +0000"  >&lt;p&gt;The GO driver currently takes static strings for AWS token, access key, and key ID. To support callback without breaking changes, we need to introduce additional methods aside from the existing setting method. Therefore, we look for a priority among different setting methods in the specification. i.e., if static values and callbacks are given simultaneously, which one will be applied?&lt;/p&gt;</comment>
                            <comment id="4573308" author="JIRAUSER1263701" created="Wed, 25 May 2022 19:28:43 +0000"  >&lt;p&gt;It is public now, thanks for the heads up &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=rodolfo.matos%40forto.com&quot; class=&quot;user-hover&quot; rel=&quot;rodolfo.matos@forto.com&quot;&gt;rodolfo.matos@forto.com&lt;/a&gt;!&lt;/p&gt;</comment>
                            <comment id="4569357" author="JIRAUSER1265785" created="Tue, 24 May 2022 14:21:56 +0000"  >&lt;p&gt;Hey Steve, the &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-1746&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;https://jira.mongodb.org/browse/DRIVERS-1746&lt;/a&gt; ticket is not publicly visible. It is possible to make it publicly available?&lt;/p&gt;</comment>
                            <comment id="4569204" author="JIRAUSER1263701" created="Tue, 24 May 2022 13:46:14 +0000"  >&lt;p&gt;After further discussion, we are not going to implement this feature at this time.&#160;&lt;/p&gt;

&lt;p&gt;Instead, we will prioritize &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2333&quot; title=&quot;Cache AWS Credentials Where Possible&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2333&quot;&gt;&lt;del&gt;DRIVERS-2333&lt;/del&gt;&lt;/a&gt;(&lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2333&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;https://jira.mongodb.org/browse/DRIVERS-2333&lt;/a&gt;] to handle the rate-limiting case and &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-1746&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;DRIVERS-1746&lt;/a&gt; to handle IAM roles for service accounts.  &lt;/p&gt;

&lt;p&gt;The motivating factors are the fact that it would be confusing to have authorization refresh only available for one authentication type, and it would be currently impossible for us to provide warnings or errors if the server pool ended up in a state of mixed privileges.   The changes in &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-2333&quot; title=&quot;Cache AWS Credentials Where Possible&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-2333&quot;&gt;&lt;del&gt;DRIVERS-2333&lt;/del&gt;&lt;/a&gt; and &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-1746&quot; title=&quot;Add native support for AWS IAM Roles for service accounts, EKS in particular&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DRIVERS-1746&quot;&gt;&lt;del&gt;DRIVERS-1746&lt;/del&gt;&lt;/a&gt; are small in scope and transparent to the user.&lt;/p&gt;</comment>
                            <comment id="4554971" author="JIRAUSER1263701" created="Tue, 17 May 2022 22:48:57 +0000"  >&lt;p&gt;Good catch &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=daniel.lamando%40forto.com&quot; class=&quot;user-hover&quot; rel=&quot;daniel.lamando@forto.com&quot;&gt;daniel.lamando@forto.com&lt;/a&gt;, thank you!&#160; After doing some more digging today, here are my current thoughts:&lt;/p&gt;

&lt;p&gt;In general it seems like not providing username and password seems like the the best approach in environments where we can get that auth for the user.&#160; This includes EKS (which uses EC2 or Fargate nodes), EC2, ECS, and Lambda.&#160; In all cases we can get the credentials using link-local URI endpoints or from environment variables.&#160; These scenarios are already covered in the drivers &lt;a href=&quot;https://github.com/mongodb/specifications/blob/master/source/auth/auth.rst#obtaining-credentials&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;specification&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;For cases where this approach does not work, we have the problem that the user could inadvertently change to a new role with differing privileges.&#160; &#160; As a result, they may have access to some databases and not others, depending on which socket connection they are using for a given operation.&#160; Ideally we could verify that the ARN role does not change, but the credentials given do not allow us to inspect the ARN.&#160; We cannot guarantee that we can use the equivalent of &lt;tt&gt;aws sts get-caller-identity&lt;/tt&gt; from the client.&#160; However, the server will get the ARN back from the request it makes during authentication.&lt;/p&gt;

&lt;p&gt;This means that clients should require an &lt;tt&gt;AWS_ROLE_ARN&lt;/tt&gt; mechanism property that &lt;b&gt;may&lt;/b&gt; be enforced by the server (at some future date), when using a dynamic callback.&#160; &#160;&lt;/p&gt;

&lt;p&gt;The new proposed API is a function that accepts a &lt;tt&gt;MongoCredential&lt;/tt&gt; and returns a &lt;tt&gt;MongoCredential&lt;/tt&gt;, which is only supported for AWS auth.  The returned &lt;tt&gt;MongoCredential&lt;/tt&gt; must have the required &lt;tt&gt;AWS_ROLE_ARN&lt;/tt&gt; mechanism property set.&lt;/p&gt;</comment>
                            <comment id="4551551" author="JIRAUSER1269897" created="Mon, 16 May 2022 21:49:24 +0000"  >&lt;p&gt;Thanks for the public update, Steve!&lt;/p&gt;

&lt;p&gt;From my reading of this, the callback would return only a string for an updated &lt;tt&gt;AWS_SESSION_TOKEN&lt;/tt&gt;. I&apos;d like to point out that every call to the &lt;tt&gt;AssumeRole&lt;/tt&gt; or &lt;tt&gt;AssumeRoleWithWebIdentity&lt;/tt&gt; APIs returns a brand new set of credentials, where all three fields are different every time, not just &lt;tt&gt;AWS_SESSION_TOKEN&lt;/tt&gt;.&lt;/p&gt;

&lt;p&gt;I understand the desire to keep this callback feature limited in scope. However it seems that accepting a fresh &lt;tt&gt;MongoCredential&lt;/tt&gt; object (or similar) is unavoidable in the context of temporary AWS credentials.&lt;/p&gt;

&lt;p&gt;Also,&lt;/p&gt;
&lt;blockquote&gt;&lt;p&gt;eventually OIDC when we support it&lt;/p&gt;&lt;/blockquote&gt;
&lt;p&gt;Yes please :^)&lt;/p&gt;</comment>
                            <comment id="4549946" author="JIRAUSER1263701" created="Mon, 16 May 2022 15:08:50 +0000"  >&lt;p&gt;Current thoughts on this as I prepare to write the spec:&lt;/p&gt;

&lt;p&gt;We should only use this mechanism for token refresh, for AWS and eventually OIDC when we support it.  It would be too easy to misuse the feature otherwise.  It should be given as a parameter the &lt;tt&gt;MongoClient&lt;/tt&gt; constructor called &lt;tt&gt;dynamic_credential_callback&lt;/tt&gt; that accepts the current &lt;tt&gt;MongoCredential&lt;/tt&gt; object and returns a string representing the new token.   &lt;/p&gt;

&lt;p&gt;If the callback is given, we will use it to fetch the current token, ignoring any static value given for &lt;tt&gt;AWS_SESSION_TOKEN&lt;/tt&gt;.  &lt;/p&gt;

&lt;p&gt;If the callback is provided and the auth mechanism is not &lt;tt&gt;MONGODB-AWS&lt;/tt&gt;, the driver should raise an exception.&lt;/p&gt;</comment>
                            <comment id="4511029" author="behackett" created="Wed, 27 Apr 2022 19:48:26 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=kevincent%40tradestation.com&quot; class=&quot;user-hover&quot; rel=&quot;kevincent@tradestation.com&quot;&gt;kevincent@tradestation.com&lt;/a&gt;, our &quot;quarters&quot; follow MongoDB Inc. fiscal calendar. FY23Q2 starts May 2022.&lt;/p&gt;</comment>
                            <comment id="4508910" author="JIRAUSER1262734" created="Wed, 27 Apr 2022 08:01:51 +0000"  >&lt;p&gt;I understand the desire to improve the design/architecture of the driver, but EKS users are inadequately served compared to the lambda or ECS use cases. Do we have to wait a year to get the same level of integration support? As currently tagged it looks like FY23 is when we can expect it.&lt;/p&gt;

&lt;p&gt;I would kindly ask for a reconsideration of priority or perhaps allow for the less elegant solution so we can use an increasingly popular EKS runtime environment without resorting to our own driver hacks to leverage passwordless authentication. Please see my original post at &lt;a href=&quot;https://jira.mongodb.org/browse/DRIVERS-1941&quot; class=&quot;external-link&quot; rel=&quot;nofollow&quot;&gt;https://jira.mongodb.org/browse/DRIVERS-1941&lt;/a&gt; which was closed in favor of this.&lt;/p&gt;

&lt;p&gt;If the callback implementation is going to take another year, how long would it take to get &lt;em&gt;something&lt;/em&gt; that we can use in official drivers?&lt;/p&gt;</comment>
                            <comment id="4485027" author="JIRAUSER1268264" created="Fri, 15 Apr 2022 03:52:34 +0000"  >&lt;p&gt;@Rodolfo, we would be interested in this. We already did something like this for python. Looking for a similar solution with the node driver.&lt;/p&gt;</comment>
                            <comment id="4463873" author="JIRAUSER1265785" created="Thu, 7 Apr 2022 11:40:03 +0000"  >&lt;p&gt;Hello everyone, currently we are monkeypatching the MongoDBAWS class to get around this limitation. Would you be interested in a pull request upstream that implements the requirements defined in this ticket?&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                        <issuelink>
            <issuekey id="1931287">GODRIVER-2241</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                                                <inwardlinks description="is duplicated by">
                                        <issuelink>
            <issuekey id="1889470">DRIVERS-1941</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10620">
                    <name>Issue split</name>
                                            <outwardlinks description="split to">
                                        <issuelink>
            <issuekey id="2126461">CDRIVER-4467</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1975280">CSHARP-4033</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1975279">CXX-2437</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1975281">GODRIVER-2293</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1975282">JAVA-4464</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1975284">MOTOR-877</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1975283">NODE-3934</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1975286">PHPC-2048</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1975285">PYTHON-3091</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1975287">RUBY-2890</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1975288">RUST-1164</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="1881111">JAVA-4310</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2053282">DRIVERS-2333</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="1973459">DRIVERS-2179</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1710421">DRIVERS-1746</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="2026870">DRIVERS-2280</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1609259">RUBY-2512</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="1889470">DRIVERS-1941</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                            <customfield id="customfield_13552" key="com.go2group.jira.plugin.crm:crm_generic_field">
                        <customfieldname>Case</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[[5002K000012RsViQAK, 5002K000012SgoUQAS, 5006R00001qDwO5QAK]]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10951" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Driver Changes</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10940"><![CDATA[Not Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_23952" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Driver Compliance</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[<style type='text/css'>
         #scriptField, #scriptField *{
                border: 1px solid black;
            }

            #scriptField{
                border-collapse: collapse;
            }

            #scriptField td {
                text-align: center; /* Center-align text in table cells */
            }

            #scriptField td.key {
                text-align: left; /* Left-align text in the Key column */
            }

            #scriptField a {
                text-decoration: none; /* Remove underlines from links */
                border: none; /* Remove border from links */
            }
            
            /* Add green background color to cells with FixVersion */
            #scriptField td.hasFixVersion {
                background-color: #00FF00; /* Green color code */
            }

            /* Center-align the first row headers */
            #scriptField th {
                text-align: center;
            }
        </style>
<table id='scriptField'>
  <tr>
    <th>Key</th>
    <th>Status/Resolution</th>
    <th>FixVersion</th>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CXX-2437'>CXX-2437</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CSHARP-4033'>CSHARP-4033</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/GODRIVER-2293'>GODRIVER-2293</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/JAVA-4464'>JAVA-4464</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/NODE-3934'>NODE-3934</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/MOTOR-877'>MOTOR-877</a>
    </td>
    <td>Duplicate</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/PYTHON-3091'>PYTHON-3091</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/PHPC-2048'>PHPC-2048</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/RUBY-2890'>RUBY-2890</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/RUST-1164'>RUST-1164</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/SWIFT-1471'>SWIFT-1471</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
  <tr>
    <td class='key'>
      <a href='https://jira.mongodb.org/browse/CDRIVER-4467'>CDRIVER-4467</a>
    </td>
    <td>Won't Do</td>
    <td class=''></td>
  </tr>
</table>]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18362" key="com.atlassian.jira.plugin.system.customfieldtypes:userpicker">
                        <customfieldname>Engineering Lead</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>kevin.albertson@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_18358" key="com.atlassian.jira.plugin.system.customfieldtypes:userpicker">
                        <customfieldname>Product Manager</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>rachelle.palmer@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18359" key="com.atlassian.jira.plugin.system.customfieldtypes:userpicker">
                        <customfieldname>Program Manager</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>esha.bhargava@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hr1o2o:i4</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        </customfields>
    </item>
</channel>
</rss>