<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 04:39:06 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-35192] Enforce that GETMORE operations can only be run under that cursor&apos;s session even without auth</title>
                <link>https://jira.mongodb.org/browse/SERVER-35192</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-28343&quot; title=&quot;Enforce that GETMORE operations can only be run under that cursor&amp;#39;s session&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-28343&quot;&gt;&lt;del&gt;SERVER-28343&lt;/del&gt;&lt;/a&gt; enforced that a cursor can only be iterated under the session that created it, but only applied that restriction if auth is turned on.  This led to some surprising behavior detailed in &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-34417&quot; title=&quot;parallelCollectionScan within a session errors under auth&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-34417&quot;&gt;&lt;del&gt;SERVER-34417&lt;/del&gt;&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;For consistency between auth and no-auth cases, cursors should always require the same session, regardless of whether auth is enabled.&lt;/p&gt;</description>
                <environment></environment>
        <key id="548298">SERVER-35192</key>
            <summary>Enforce that GETMORE operations can only be run under that cursor&apos;s session even without auth</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="2">Won&apos;t Fix</resolution>
                                        <assignee username="backlog-server-query">Backlog - Query Team</assignee>
                                    <reporter username="david.golden@mongodb.com">David Golden</reporter>
                        <labels>
                    </labels>
                <created>Wed, 23 May 2018 16:05:35 +0000</created>
                <updated>Tue, 6 Dec 2022 03:28:22 +0000</updated>
                            <resolved>Tue, 20 Nov 2018 15:38:36 +0000</resolved>
                                    <version>3.6.5</version>
                                                                        <votes>0</votes>
                                    <watches>9</watches>
                                                                                                                <comments>
                            <comment id="2067818" author="craig.homa" created="Tue, 20 Nov 2018 15:38:36 +0000"  >&lt;p&gt;This has been fixed this in 4.0+, it is unclear what the value of fixing this in 3.6 would be.&lt;/p&gt;

&lt;p&gt;Please let us know if you have any questions.&lt;/p&gt;</comment>
                            <comment id="1955768" author="david.golden" created="Tue, 24 Jul 2018 23:13:30 +0000"  >&lt;p&gt;I believe this is still an issue.  In the code path that (erroneously) sent getmore without a session ID, it succeeded in 3.6.5 with auth disabled and gave an error on 4.0.0-rc0 (with auth disabled).  I believe that with auth enabled, 3.6.5 would error just like 4.0.0.  This ticket requests that noauth 3.6 have the same constraints as auth 3.6.&lt;/p&gt;</comment>
                            <comment id="1955703" author="asya" created="Tue, 24 Jul 2018 21:51:34 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=david.golden&quot; class=&quot;user-hover&quot; rel=&quot;david.golden&quot;&gt;david.golden&lt;/a&gt; can you help me understand the likelihood of this being an issue in 3.6?&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</comment>
                            <comment id="1918720" author="asya" created="Tue, 12 Jun 2018 18:38:05 +0000"  >&lt;p&gt;Is parallelCollectionScan integral to creating the situation where this scenario happens?&lt;br/&gt;
I&apos;m trying to assess the likelihood and impact of this.&lt;/p&gt;

&lt;p&gt;Or is this any scenario where in 3.6 (and only when auth is off) you can run a query/establish a cursor from one session and then send a GETMORE for the same cursor from a different session/no session?&lt;/p&gt;</comment>
                            <comment id="1899770" author="david.golden" created="Wed, 23 May 2018 17:31:04 +0000"  >&lt;p&gt;The Perl bug I found in &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-34417&quot; title=&quot;parallelCollectionScan within a session errors under auth&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-34417&quot;&gt;&lt;del&gt;SERVER-34417&lt;/del&gt;&lt;/a&gt; created a cursor (via parallelCollectionScan) with a sessionID, but sent getmore without a session ID.  That ran fine &lt;b&gt;without&lt;/b&gt; auth, and only failed &lt;b&gt;with&lt;/b&gt; auth.  That was on a v3.6.3 replica set.  I just tested it on v4.0.0-rc0 and it does error without auth, with the error message in that commit you linked.&lt;/p&gt;

&lt;p&gt;That&apos;s good to know, but a comparable fix also should be made for 3.6.&lt;/p&gt;

&lt;p&gt;I doubled checked v3.6.5 and the test that failed with an error on v4.0.0-rc0 (without auth), succeeded on v3.6.5 (without auth).&lt;/p&gt;</comment>
                            <comment id="1899750" author="kaloian.manassiev" created="Wed, 23 May 2018 17:18:29 +0000"  >&lt;p&gt;Isn&apos;t this already in place - &lt;a href=&quot;https://github.com/mongodb/mongo/blob/e4e2162c489c1faa569463f51058ebc09368a5f9/src/mongo/db/commands/getmore_cmd.cpp#L77&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/blob/e4e2162c489c1faa569463f51058ebc09368a5f9/src/mongo/db/commands/getmore_cmd.cpp#L77&lt;/a&gt; ?&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="525314">SERVER-34417</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="365319">SERVER-28343</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>6.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                <customfield id="customfield_12751" key="com.atlassian.jira.plugin.system.customfieldtypes:multiselect">
                        <customfieldname>Assigned Teams</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="25143"><![CDATA[Query]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 23 May 2018 17:18:29 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        5 years, 12 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>alexander.golin@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            5 years, 12 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>asya.kamsky@mongodb.com</customfieldvalue>
            <customfieldvalue>backlog-server-query</customfieldvalue>
            <customfieldvalue>craig.homa@mongodb.com</customfieldvalue>
            <customfieldvalue>david.golden@mongodb.com</customfieldvalue>
            <customfieldvalue>kaloian.manassiev@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|htyt13:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hr8rrz:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|htyfaf:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>