This feature is disabled in all branches by default, only in trunk it is enabled - that is, characters to use. CASSANDRA-21389 by default solves the problem of path traversal and similar, that is something you can not turn off, but snapshot name validation is by default disabled (except trunk) so we do not introduce any discrepancies in existing deployments.
Sidecar's patch also offers a way to specify a custom character set for snapshot names, we might do something similar in Cassandra but I consider it a little bit of an overkill right now. The fact you can just turn off whole validation of names is enough, imho. On Thu, Jun 11, 2026 at 3:30 PM Francisco Guerrero <[email protected]> wrote: > > While I agree that this is restrictive to non-roman > alphabet users, the restrictions are consistent with > naming restrictions in other parts of Cassandra [1]. > > I'd prefer to have the proposed restrictions in place, > considering we are consistent with these restrictions. > > By the way, this work has already been merged [2] > as part of CASSANDRA-21389. > > Best, > - Francisco > > [1] > https://cassandra.apache.org/doc/4.1/cassandra/cql/ddl.html#common-definitions > [2] https://issues.apache.org/jira/browse/CASSANDRA-21389 > > On 2026/06/11 12:51:03 Jeremiah Jordan wrote: > > This seams restrictive to non roman alphabet users? I am not one, but I > > imagine if I was that I would want to be able to use my default character > > set to name snapshots. I’m not against the change, just wanted to bring up > > that drawback. > > > > On Jun 10, 2026 at 9:15:58 PM, Bernardo Botella < > > [email protected]> wrote: > > > > > +1 on this. > > > > > > El El lun, 25 may 2026 a las 15:49, Štefan Miklošovič < > > > [email protected]> escribió: > > > > > >> Hello, > > >> > > >> We want to validate snapshot names on the server side to prevent > > >> various issues with it (readers of private ML are aware of them). > > >> > > >> It is not enough to cover the most basic validation, we also want to > > >> validate snapshot length and we want to be sure that snapshots which > > >> are stored externally (e.g. on AWS S3 or similar) are called in such a > > >> way that it minimizes the probability of compatibility issues and > > >> similar. > > >> > > >> For AWS, there is a so-called Safe characters set (1) which is > > >> officially recognized by AWS S3 to be safe to use for the construction > > >> of object keys. > > >> > > >> In (2), I am validating snapshot names based on this character set. > > >> This safe character set is quite versatile and I already checked with > > >> other people that restricting snapshot names like this will not impede > > >> their operations. > > >> > > >> Double checking on ML there if people in general are OK with > > >> validating snapshot names like this? > > >> > > >> Regards > > >> > > >> (1) > > >> https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-guidelines > > >> (2) https://github.com/apache/cassandra/pull/4826/changes > > >> > > > > >
