[
https://issues.apache.org/jira/browse/BEAM-9564?focusedWorklogId=407309&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-407309
]
ASF GitHub Bot logged work on BEAM-9564:
----------------------------------------
Author: ASF GitHub Bot
Created on: 20/Mar/20 22:57
Start Date: 20/Mar/20 22:57
Worklog Time Spent: 10m
Work Description: iemejia commented on pull request #11186: [BEAM-9564]
Remove insecure ssl options from MongoDBIO
URL: https://github.com/apache/beam/pull/11186
These changes are not backwards compatible but this is intended to solve the
potential security issues and also because MongoDBIO does not have strong
backwards compatibility yet (aka it is still tagged as `@Experimental`).
R: @alexvanboxel
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 407309)
Remaining Estimate: 0h
Time Spent: 10m
> Remove insecure ssl options from MongoDBIO
> ------------------------------------------
>
> Key: BEAM-9564
> URL: https://issues.apache.org/jira/browse/BEAM-9564
> Project: Beam
> Issue Type: Improvement
> Components: io-java-mongodb
> Affects Versions: 2.21.0
> Reporter: Ismaël Mejía
> Assignee: Ismaël Mejía
> Priority: Critical
> Labels: backward-incompatible
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The option MongoDBIO.withIgnoreSSLCertificate and
> withSSLInvalidHostNameAllowedslInvalidHostNameAllowed() are insecure by
> design. We should not encourage users to be able to use them so better to
> remove these options.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
