<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:39:32 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[GODRIVER-2869] Protocol validations to reduce client denial of service risks</title>
                <link>https://jira.mongodb.org/browse/GODRIVER-2869</link>
                <project id="14289" key="GODRIVER">Go Driver</project>
                    <description>&lt;p&gt;Tracking&#160;&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/pull/1291&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;PR #1291&lt;/a&gt; to fix two possible conditions which could result in a potential denial of service of a client connected to a malicious MongoDB server.&lt;/p&gt;
&lt;ol&gt;
	&lt;li&gt;&lt;tt&gt;readLengthBytes&lt;/tt&gt; requires 4 bytes for the length to be included. Previously when reading a document from the wire this could result in a tight loop where an empty struct is appended to a slice repeatedly until the service runs out of memory (both CPU and memory consumption).&lt;/li&gt;
	&lt;li&gt;Fix a large memory allocation condition with Snappy decompression if a large size is encoded in the Snappy compressed / encoded portion of the bytes.&lt;/li&gt;
&lt;/ol&gt;
</description>
                <environment></environment>
        <key id="2365776">GODRIVER-2869</key>
            <summary>Protocol validations to reduce client denial of service risks</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="10300" iconUrl="https://jira.mongodb.org/images/icons/priorities/medium.svg">Unknown</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="qingyang.hu@mongodb.com">Qingyang Hu</assignee>
                                    <reporter username="qingyang.hu@mongodb.com">Qingyang Hu</reporter>
                        <labels>
                    </labels>
                <created>Mon, 12 Jun 2023 20:11:06 +0000</created>
                <updated>Sat, 28 Oct 2023 11:37:16 +0000</updated>
                            <resolved>Wed, 28 Jun 2023 19:21:03 +0000</resolved>
                                                    <fixVersion>1.12.1</fixVersion>
                                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="5605499" author="xgen-internal-githook" created="Tue, 1 Aug 2023 17:15:55 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;Qingyang Hu&apos;, &apos;email&apos;: &apos;103950869+qingyang-hu@users.noreply.github.com&apos;, &apos;username&apos;: &apos;qingyang-hu&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-2869&quot; title=&quot;Protocol validations to reduce client denial of service risks&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-2869&quot;&gt;&lt;del&gt;GODRIVER-2869&lt;/del&gt;&lt;/a&gt; Test touchup (#1307)&lt;br/&gt;
Branch: release/1.12&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/commit/9318bc286d4ae3c2618fb3b17cac16ce548bc836&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/commit/9318bc286d4ae3c2618fb3b17cac16ce548bc836&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="5605498" author="xgen-internal-githook" created="Tue, 1 Aug 2023 17:15:53 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;Mike Jensen&apos;, &apos;email&apos;: &apos;jentfoo@users.noreply.github.com&apos;, &apos;username&apos;: &apos;jentfoo&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-2869&quot; title=&quot;Protocol validations to reduce client denial of service risks&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-2869&quot;&gt;&lt;del&gt;GODRIVER-2869&lt;/del&gt;&lt;/a&gt; Two protocol validations to reduce client denial of service risks (#1291)&lt;/p&gt;

&lt;p&gt;Co-authored-by: Alan Parra &amp;lt;alan.parra@goteleport.com&amp;gt;&lt;br/&gt;
Co-authored-by: Qingyang Hu &amp;lt;103950869+qingyang-hu@users.noreply.github.com&amp;gt;&lt;br/&gt;
Branch: release/1.12&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/commit/436a9821764514d48feb3362d67133e82df05963&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/commit/436a9821764514d48feb3362d67133e82df05963&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="5532132" author="xgen-internal-githook" created="Wed, 28 Jun 2023 19:20:23 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;Qingyang Hu&apos;, &apos;email&apos;: &apos;103950869+qingyang-hu@users.noreply.github.com&apos;, &apos;username&apos;: &apos;qingyang-hu&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-2869&quot; title=&quot;Protocol validations to reduce client denial of service risks&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-2869&quot;&gt;&lt;del&gt;GODRIVER-2869&lt;/del&gt;&lt;/a&gt; Test touchup (#1307)&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/commit/8489898c64a2d8c2e2160006eb851a11a9db9e9d&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/commit/8489898c64a2d8c2e2160006eb851a11a9db9e9d&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="5519682" author="xgen-internal-githook" created="Thu, 22 Jun 2023 21:22:16 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;Mike Jensen&apos;, &apos;email&apos;: &apos;jentfoo@users.noreply.github.com&apos;, &apos;username&apos;: &apos;jentfoo&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-2869&quot; title=&quot;Protocol validations to reduce client denial of service risks&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-2869&quot;&gt;&lt;del&gt;GODRIVER-2869&lt;/del&gt;&lt;/a&gt; Two protocol validations to reduce client denial of service risks (#1291)&lt;/p&gt;

&lt;p&gt;Co-authored-by: Alan Parra &amp;lt;alan.parra@goteleport.com&amp;gt;&lt;br/&gt;
Co-authored-by: Qingyang Hu &amp;lt;103950869+qingyang-hu@users.noreply.github.com&amp;gt;&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/commit/a888dc6678b7a91301018a6e1bf04bdd3d22a63b&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/commit/a888dc6678b7a91301018a6e1bf04bdd3d22a63b&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10257" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Documentation Changes</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="11861"><![CDATA[Not Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_14266" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Documentation Changes Summary</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;p&gt;1.  What would you like to communicate to the user about this feature?&lt;br/&gt;
2.  Would you like the user to see examples of the syntax and/or executable code and its output?&lt;br/&gt;
3.  Which versions of the driver/connector does this apply to?&lt;/p&gt;</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i1vnzc:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>