<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 05:16:38 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-48273] Backport CVE fixes from yaml-cpp v0.6.3 to v0.6.2</title>
                <link>https://jira.mongodb.org/browse/SERVER-48273</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;We had a request to upgrade yaml-cpp to 0.6.3+ to get some CVE fixes (see &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-44081&quot; title=&quot;Upgrade yaml-cpp to newer than 0.6.3&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-44081&quot;&gt;&lt;del&gt;SERVER-44081&lt;/del&gt;&lt;/a&gt;). Unfortunately, at least one unfixed breaking change is preventing us from doing that right now (see &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-43980&quot; title=&quot;yaml-cpp 0.6.3 test failure options_parser_test&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-43980&quot;&gt;&lt;del&gt;SERVER-43980&lt;/del&gt;&lt;/a&gt;). What we will do instead is to backport the CVE fixes and then see if we can work with the devloper to get a version 0.6.4+ released that we can build against.&lt;/p&gt;</description>
                <environment></environment>
        <key id="1354488">SERVER-48273</key>
            <summary>Backport CVE fixes from yaml-cpp v0.6.3 to v0.6.2</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="ryan.egesdahl@mongodb.com">Ryan Egesdahl</assignee>
                                    <reporter username="ryan.egesdahl@mongodb.com">Ryan Egesdahl</reporter>
                        <labels>
                    </labels>
                <created>Mon, 18 May 2020 17:17:10 +0000</created>
                <updated>Sun, 29 Oct 2023 22:08:04 +0000</updated>
                            <resolved>Wed, 20 May 2020 20:51:54 +0000</resolved>
                                    <version>4.5 Desired</version>
                                    <fixVersion>4.4.0-rc7</fixVersion>
                    <fixVersion>4.7.0</fixVersion>
                                    <component>Build</component>
                                        <votes>0</votes>
                                    <watches>1</watches>
                                                                                                                <comments>
                            <comment id="3098323" author="xgen-internal-githook" created="Wed, 20 May 2020 21:03:55 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Ryan Egesdahl&apos;, &apos;email&apos;: &apos;ryan.egesdahl@mongodb.com&apos;, &apos;username&apos;: &apos;deriamis&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-48273&quot; title=&quot;Backport CVE fixes from yaml-cpp v0.6.3 to v0.6.2&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-48273&quot;&gt;&lt;del&gt;SERVER-48273&lt;/del&gt;&lt;/a&gt; &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-48273&quot; title=&quot;Backport CVE fixes from yaml-cpp v0.6.3 to v0.6.2&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-48273&quot;&gt;&lt;del&gt;SERVER-48273&lt;/del&gt;&lt;/a&gt; Backport yaml-cpp CVE fixes from 0.6.3 to 0.6.2&lt;/p&gt;

&lt;p&gt;Backport the following yaml-cpp CVE fixes from version 0.6.3 to version 0.6.2:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;CVE-2019-6292&lt;/li&gt;
	&lt;li&gt;CVE-2019-6285&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Also, backport one fix from 0.6.3 for failing VS2017 builds.&lt;/p&gt;

&lt;p&gt;We were previously downloading a source archive for yaml-cpp. To support&lt;br/&gt;
easily backporting fixes, it&apos;s changed to use git instead.&lt;/p&gt;

&lt;p&gt;(cherry picked from commit 1845ea31140161354ff6308296bde3436d0bd5f9)&lt;br/&gt;
Branch: v4.4&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/3bb9020468cdb5a7ab028ece70604aa349e509df&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/3bb9020468cdb5a7ab028ece70604aa349e509df&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3098240" author="xgen-internal-githook" created="Wed, 20 May 2020 20:26:52 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Ryan Egesdahl&apos;, &apos;email&apos;: &apos;ryan.egesdahl@mongodb.com&apos;, &apos;username&apos;: &apos;deriamis&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-48273&quot; title=&quot;Backport CVE fixes from yaml-cpp v0.6.3 to v0.6.2&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-48273&quot;&gt;&lt;del&gt;SERVER-48273&lt;/del&gt;&lt;/a&gt; &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-48273&quot; title=&quot;Backport CVE fixes from yaml-cpp v0.6.3 to v0.6.2&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-48273&quot;&gt;&lt;del&gt;SERVER-48273&lt;/del&gt;&lt;/a&gt; Backport yaml-cpp CVE fixes from 0.6.3 to 0.6.2&lt;/p&gt;

&lt;p&gt;Backport the following yaml-cpp CVE fixes from version 0.6.3 to version 0.6.2:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;CVE-2019-6292&lt;/li&gt;
	&lt;li&gt;CVE-2019-6285&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;Also, backport one fix from 0.6.3 for failing VS2017 builds.&lt;/p&gt;

&lt;p&gt;We were previously downloading a source archive for yaml-cpp. To support&lt;br/&gt;
easily backporting fixes, it&apos;s changed to use git instead.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/1845ea31140161354ff6308296bde3436d0bd5f9&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/1845ea31140161354ff6308296bde3436d0bd5f9&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10420">
                    <name>Backports</name>
                                            <outwardlinks description="backported by">
                                                        </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="1361480">SERVER-48391</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 20 May 2020 20:26:52 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        3 years, 38 weeks ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_17050" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Downstream Team Attention</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16941"><![CDATA[Not Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            3 years, 38 weeks ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>ryan.egesdahl@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hxlrjb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hxaitz:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="3910">Dev Platform 2020-06-01</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hxldsn:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>