<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:24:41 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DRIVERS-2088] Limit BSON depth</title>
                <link>https://jira.mongodb.org/browse/DRIVERS-2088</link>
                <project id="10980" key="DRIVERS">Drivers</project>
                    <description>&lt;p&gt;Stitch has asked for Go to implement BSON depth tracking (&lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-502&quot; title=&quot;BSON Depth Tracking&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-502&quot;&gt;&lt;del&gt;GODRIVER-502&lt;/del&gt;&lt;/a&gt;) as a safeguard against malicious servers that could return deeply nested documents to force a stack overflow. Is this something we should consider specifying across drivers?&lt;/p&gt;</description>
                <environment></environment>
        <key id="984303">DRIVERS-2088</key>
            <summary>Limit BSON depth</summary>
                <type id="14901" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14700&amp;avatarType=issuetype">Spec Change</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="10038" iconUrl="https://jira.mongodb.org/images/icons/subtask.gif" description="">Backlog</status>
                    <statusCategory id="2" key="new" colorName="default"/>
                                    <resolution id="-1">Unresolved</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="divjot.arora@mongodb.com">Divjot Arora</reporter>
                        <labels>
                            <label>Stitch</label>
                    </labels>
                <created>Wed, 30 Oct 2019 20:11:09 +0000</created>
                <updated>Thu, 31 Mar 2022 13:51:03 +0000</updated>
                                                                <component>BSON</component>
                                        <votes>0</votes>
                                    <watches>3</watches>
                                                                                                                <comments>
                            <comment id="3308536" author="david.golden" created="Mon, 27 Jul 2020 23:38:32 +0000"  >&lt;p&gt;The server imposes a nesting limit of 100:&#160;&lt;a href=&quot;https://docs.mongodb.com/manual/reference/limits/index.html#Nested-Depth-for-BSON-Documents&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://docs.mongodb.com/manual/reference/limits/index.html#Nested-Depth-for-BSON-Documents&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The Extended JSON v2 spec imposes a limit of 100 when encoding and 200 when decoding (because of Extended JSON nesting):&#160;&lt;a href=&quot;https://github.com/mongodb/specifications/blob/master/source/extended-json.rst#of-parsers-and-generators&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/specifications/blob/master/source/extended-json.rst#of-parsers-and-generators&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;I suggest that drivers that don&apos;t already have a default should follow the server and limit to 100.&lt;/p&gt;

&lt;p&gt;I have a very minor preference that the limit be configurable, as otherwise, it&apos;s very hard for anyone to work with and fix a document that is over the limit (from source that doesn&apos;t respect it) &#8211; even if they know have sufficient memory not to explode the stack.&lt;/p&gt;</comment>
                            <comment id="3093850" author="behackett" created="Mon, 18 May 2020 21:03:24 +0000"  >&lt;p&gt;I think we should to this, but I&apos;m not sure we can unify the definition of &quot;too deep&quot;. PyMongo uses a set of &lt;a href=&quot;https://docs.python.org/3/c-api/exceptions.html#recursion-control&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;Python C API macros&lt;/a&gt; for this, that matches how pure python does depth tracking. Other languages probably have similar built in functionality, but with a different definition of &quot;too deep&quot;.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                                        </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                            <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10951" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Driver Changes</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10748"><![CDATA[Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hr6knj:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        </customfields>
    </item>
</channel>
</rss>