<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:58:46 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[JAVA-3093] Connection string is displayed with password in logs if it contains an invalid key</title>
                <link>https://jira.mongodb.org/browse/JAVA-3093</link>
                <project id="10006" key="JAVA">Java Driver</project>
                    <description>&lt;p&gt;Sample Code to recreate:&lt;/p&gt;

&lt;p&gt;String&#160; mongoUriString= &quot;mongodb://username123:password123@abcmongo1.cloud,abcmongo2.cloud,abcmongo3.cloud/database123?replicaSet=mongorepl1&amp;amp;adsada=1000&quot;&lt;/p&gt;

&lt;p&gt;MongoClientURI mongoClientURI = new MongoClientURI(mongoUriString)&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;The above code will log,&lt;/p&gt;

&lt;p&gt;2018-11-14 15:18:53.692 WARN docgen &amp;#8212; &lt;span class=&quot;error&quot;&gt;&amp;#91;ost-startStop-1&amp;#93;&lt;/span&gt; org.mongodb.driver.uri : Unsupported option &apos;adsada&apos; in the connection string &apos;mongodb://username123:password123@abcmongo1.cloud,abcmongo2.cloud,abcmongo3.cloud/database123?replicaSet=mongorepl1&amp;amp;adsada=1000&apos;.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;I think we should not be logging the connection string in the log.&lt;/p&gt;</description>
                <environment></environment>
        <key id="634070">JAVA-3093</key>
            <summary>Connection string is displayed with password in logs if it contains an invalid key</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="jeff.yemin@mongodb.com">Jeffrey Yemin</assignee>
                                    <reporter username="ravinatesan">Ravi Natesan</reporter>
                        <labels>
                    </labels>
                <created>Wed, 14 Nov 2018 22:37:09 +0000</created>
                <updated>Sat, 28 Oct 2023 11:22:31 +0000</updated>
                            <resolved>Thu, 15 Nov 2018 12:13:41 +0000</resolved>
                                    <version>3.6.4</version>
                    <version>3.7.1</version>
                    <version>3.9.0</version>
                                    <fixVersion>3.9.1</fixVersion>
                                    <component>Security</component>
                                        <votes>0</votes>
                                    <watches>1</watches>
                                                                                                                <comments>
                            <comment id="2063238" author="ravinatesan" created="Thu, 15 Nov 2018 15:35:44 +0000"  >&lt;p&gt;Thanks Jeff for fixing it quickly!!&lt;/p&gt;</comment>
                            <comment id="2062967" author="xgen-internal-githook" created="Thu, 15 Nov 2018 12:13:17 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Jeff Yemin&apos;, &apos;email&apos;: &apos;jeff.yemin@10gen.com&apos;, &apos;username&apos;: &apos;jyemin&apos;}
&lt;p&gt;Message: Remove connection string from log message&lt;/p&gt;

&lt;p&gt;A connection string containing an unsupported option generates a log&lt;br/&gt;
message at warning level to the &quot;org.mongodb.driver.uri&quot; component. The&lt;br/&gt;
log message contains the full connection string.  As the connection&lt;br/&gt;
string may contain the credentials used to authenticate, it should not&lt;br/&gt;
be logged.  This commit removes the full connection string from the log&lt;br/&gt;
message, and instead just logs the name of the unsupported option.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/JAVA-3093&quot; title=&quot;Connection string is displayed with password in logs if it contains an invalid key&quot; class=&quot;issue-link&quot; data-issue-key=&quot;JAVA-3093&quot;&gt;&lt;del&gt;JAVA-3093&lt;/del&gt;&lt;/a&gt;&lt;br/&gt;
Branch: 3.9.x&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-java-driver/commit/dc3c177693d41b0495c9ca3b5d094fb9c3a23bf5&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-java-driver/commit/dc3c177693d41b0495c9ca3b5d094fb9c3a23bf5&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2062966" author="xgen-internal-githook" created="Thu, 15 Nov 2018 12:12:35 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Jeff Yemin&apos;, &apos;email&apos;: &apos;jeff.yemin@10gen.com&apos;, &apos;username&apos;: &apos;jyemin&apos;}
&lt;p&gt;Message: Remove connection string from log message&lt;/p&gt;

&lt;p&gt;A connection string containing an unsupported option generates a log&lt;br/&gt;
message at warning level to the &quot;org.mongodb.driver.uri&quot; component. The&lt;br/&gt;
log message contains the full connection string.  As the connection&lt;br/&gt;
string may contain the credentials used to authenticate, it should not&lt;br/&gt;
be logged.  This commit removes the full connection string from the log&lt;br/&gt;
message, and instead just logs the name of the unsupported option.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/JAVA-3093&quot; title=&quot;Connection string is displayed with password in logs if it contains an invalid key&quot; class=&quot;issue-link&quot; data-issue-key=&quot;JAVA-3093&quot;&gt;&lt;del&gt;JAVA-3093&lt;/del&gt;&lt;/a&gt;&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-java-driver/commit/be043577c9529d487783349f9688372f37818004&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-java-driver/commit/be043577c9529d487783349f9688372f37818004&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                                        </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10011"><![CDATA[Minor Change]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hspdsn:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>