<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:38:07 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[GODRIVER-2233] vulnerability alert for github.com/gobuffalo/packr/v2 dependency</title>
                <link>https://jira.mongodb.org/browse/GODRIVER-2233</link>
                <project id="14289" key="GODRIVER">Go Driver</project>
                    <description>&lt;p&gt;Users of&#160; the go.mongodb.org/mongo-driver golang package are starting to see Snyk vulnerability alerts due to the github.com/gobuffalo/packr/v2 dependency.&lt;/p&gt;

&lt;p&gt;Snyk link: &lt;a href=&quot;https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOBUFFALOPACKRV2-1920670&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOBUFFALOPACKRV2-1920670&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;Per the Snyk vulnerability, version 2.3.2 of the packr/v2 package appears to be fixed.&lt;/p&gt;

&lt;p&gt;Please deliver a new version of the mongo-driver package that avoids this vulnerability.&lt;/p&gt;</description>
                <environment></environment>
        <key id="1926713">GODRIVER-2233</key>
            <summary>vulnerability alert for github.com/gobuffalo/packr/v2 dependency</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="1" iconUrl="https://jira.mongodb.org/images/icons/priorities/blocker.svg">Blocker - P1</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="3">Duplicate</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="padamstx@gmail.com">Phil Adams</reporter>
                        <labels>
                    </labels>
                <created>Tue, 16 Nov 2021 17:36:37 +0000</created>
                <updated>Tue, 30 Nov 2021 18:29:36 +0000</updated>
                            <resolved>Thu, 18 Nov 2021 22:10:38 +0000</resolved>
                                    <version>1.7.4</version>
                                    <fixVersion>1.8.0</fixVersion>
                    <fixVersion>1.7.5</fixVersion>
                                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="4199259" author="benji.rewis" created="Thu, 18 Nov 2021 22:10:38 +0000"  >&lt;p&gt;We&apos;ve conveniently just removed the &lt;tt&gt;packr&lt;/tt&gt; dependency as part of &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-2234&quot; title=&quot;Remove dependencies added by operationgen&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-2234&quot;&gt;&lt;del&gt;GODRIVER-2234&lt;/del&gt;&lt;/a&gt;, so this vulnerability shouldn&apos;t be an issue anymore. That removal will be available as part of the upcoming Go driver version 1.7.5 and 1.8.0.&lt;/p&gt;</comment>
                            <comment id="4196252" author="JIRAUSER1263372" created="Wed, 17 Nov 2021 21:12:18 +0000"  >&lt;p&gt;I&apos;ve submitted this PR to address this Jira:&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/pull/813&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/pull/813&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10520">
                    <name>Problem/Incident</name>
                                                                <inwardlinks description="is caused by">
                                        <issuelink>
            <issuekey id="1926867">GODRIVER-2234</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="1926867">GODRIVER-2234</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10257" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Documentation Changes</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="11861"><![CDATA[Not Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hztzjr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>