<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 09:01:01 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[JAVA-4014] Usage of broken hash algorithm detected</title>
                <link>https://jira.mongodb.org/browse/JAVA-4014</link>
                <project id="10006" key="JAVA">Java Driver</project>
                    <description>&lt;p&gt;In file&#160;&lt;a href=&quot;https://github.com/musasesay/mongo-java-driver/blob/033f4a7a0b369a641bf1e81352ee37b102c8ae4f/driver/src/main/com/mongodb/client/gridfs/GridFSUploadStreamImpl.java&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/musasesay/mongo-java-driver/blob/033f4a7a0b369a641bf1e81352ee37b102c8ae4f/driver/src/main/com/mongodb/client/gridfs/GridFSUploadStreamImpl.java&lt;/a&gt;&#160;(at Line 59) &quot;md5&quot; algorithm has been used.&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Security Impact&lt;/b&gt;:&lt;/p&gt;

&lt;p&gt;The MD5 Message-Digest Algorithm is not collision-resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Useful Resources&lt;/b&gt;:&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://www.cvedetails.com/cve/CVE-2004-2761/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://www.cvedetails.com/cve/CVE-2004-2761/&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Solution we suggest&lt;/b&gt;:&lt;/p&gt;

&lt;p&gt;Use Sha &amp;gt;= 256 algorithms instead&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Please share with us your opinions/comments if there is any&lt;/b&gt;:&lt;/p&gt;

&lt;p&gt;Is the bug report helpful?&lt;/p&gt;</description>
                <environment></environment>
        <key id="1622073">JAVA-4014</key>
            <summary>Usage of broken hash algorithm detected</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="mdmahirasefk@vt.edu">Mahir Kabir</reporter>
                        <labels>
                    </labels>
                <created>Fri, 12 Feb 2021 05:16:27 +0000</created>
                <updated>Fri, 12 Feb 2021 11:31:21 +0000</updated>
                            <resolved>Fri, 12 Feb 2021 11:29:14 +0000</resolved>
                                                                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="3613491" author="ross@10gen.com" created="Fri, 12 Feb 2021 11:30:58 +0000"  >&lt;p&gt;Please note the repository listed is an old outdated clone of the official repository. See: &lt;a href=&quot;https://github.com/mongodb/mongo-java-driver/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-java-driver/&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3613477" author="ross@10gen.com" created="Fri, 12 Feb 2021 11:08:37 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=mdmahirasefk%40vt.edu&quot; class=&quot;user-hover&quot; rel=&quot;mdmahirasefk@vt.edu&quot;&gt;mdmahirasefk@vt.edu&lt;/a&gt;,&lt;/p&gt;

&lt;p&gt;Originally MD5 was used as a checksum of the files content,  in &lt;a href=&quot;https://jira.mongodb.org/browse/JAVA-2761&quot; title=&quot;GridFS MD5 digest must be optional&quot; class=&quot;issue-link&quot; data-issue-key=&quot;JAVA-2761&quot;&gt;&lt;del&gt;JAVA-2761&lt;/del&gt;&lt;/a&gt; MD5 usage was made optional as per the &lt;a href=&quot;https://github.com/mongodb/specifications/blob/master/source/gridfs/gridfs-spec.rst&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;GridFS specifications&lt;/a&gt;. &lt;/p&gt;

&lt;p&gt;Then in the 4.0 driver MD5 usage was removed - see &lt;a href=&quot;https://jira.mongodb.org/browse/JAVA-3181&quot; title=&quot;Remove deprecated elements in com.mongodb.client.gridfs.model package (driver-core_main module)&quot; class=&quot;issue-link&quot; data-issue-key=&quot;JAVA-3181&quot;&gt;&lt;del&gt;JAVA-3181&lt;/del&gt;&lt;/a&gt;. So no action needed.&lt;/p&gt;

&lt;p&gt;All the best,&lt;/p&gt;

&lt;p&gt;Ross&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hygeuf:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>