<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:38:40 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[GODRIVER-2461] CVE-2021-38561 in golang.org/x/text</title>
                <link>https://jira.mongodb.org/browse/GODRIVER-2461</link>
                <project id="14289" key="GODRIVER">Go Driver</project>
                    <description>&lt;p&gt;We are getting scan hits on Mongo tools (bsondump, mongodump, mongoexport, mongofiles, mongoimport, mongorestore, mongostat, and mongotop) for CVE-2021-38561 affecting golang.org/x/text v0.3.5.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;This is fixed in golang.org/x/text v0.3.7&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;golang.org/x/text v0.3.5 is brought in transitively by the driver which then gets it via &lt;tt&gt;github.com/xdg-go/stringprep v1.0.2&lt;/tt&gt;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;&lt;tt&gt;github.com/xdg-go/stringprep&lt;/tt&gt; &lt;a href=&quot;https://github.com/xdg-go/stringprep/releases/tag/v1.0.3&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;v1.0.3 has been released&lt;/a&gt; specifically to address this CVE.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</description>
                <environment></environment>
        <key id="2070466">GODRIVER-2461</key>
            <summary>CVE-2021-38561 in golang.org/x/text</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="10300" iconUrl="https://jira.mongodb.org/images/icons/priorities/medium.svg">Unknown</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="3">Duplicate</resolution>
                                        <assignee username="matt.dale@mongodb.com">Matt Dale</assignee>
                                    <reporter username="bpfoster">Ben Foster</reporter>
                        <labels>
                    </labels>
                <created>Thu, 16 Jun 2022 12:56:40 +0000</created>
                <updated>Mon, 27 Jun 2022 20:40:00 +0000</updated>
                            <resolved>Mon, 27 Jun 2022 20:40:00 +0000</resolved>
                                                                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="4643222" author="JIRAUSER1259527" created="Mon, 27 Jun 2022 20:39:30 +0000"  >&lt;p&gt;Hey &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=bpfoster&quot; class=&quot;user-hover&quot; rel=&quot;bpfoster&quot;&gt;bpfoster&lt;/a&gt; thanks for the additional information about the available &lt;tt&gt;github.com/xdg-go/stringprep&lt;/tt&gt; update! This is a duplicate of existing ticket &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-2447&quot; title=&quot;Update golang.org/x/text to 0.3.7 or latest&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-2447&quot;&gt;&lt;del&gt;GODRIVER-2447&lt;/del&gt;&lt;/a&gt; which is currently in-progress. I&apos;m closing this ticket, but please watch &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-2447&quot; title=&quot;Update golang.org/x/text to 0.3.7 or latest&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-2447&quot;&gt;&lt;del&gt;GODRIVER-2447&lt;/del&gt;&lt;/a&gt; for updates. That fix is scheduled for release with the v1.9.2 and v1.10.0 drivers.&lt;/p&gt;</comment>
                            <comment id="4623553" author="esha.bhargava" created="Fri, 17 Jun 2022 13:47:16 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=bpfoster&quot; class=&quot;user-hover&quot; rel=&quot;bpfoster&quot;&gt;bpfoster&lt;/a&gt; Thank you for reporting this issue. We&apos;ll look into it and get back to you soon.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                            <outwardlinks description="duplicates">
                                        <issuelink>
            <issuekey id="2061086">GODRIVER-2447</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i0hs5k:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>