v1.6.0
Added
- You can now aggregate values in nested object fields (#136)
Changed
- Result types for aggregation operations other than count are now nullable (#136)
Fixed
- Upgrade dependencies to get fix for RUSTSEC-2024-0421, a vulnerability in domain name comparisons (#138)
- Aggregations on empty document sets now produce
nullinstead of failing with an error (#136) - Handle collection validators with object fields that do not list properties (#140)
Fix for RUSTSEC-2024-0421 / CVE-2024-12224
Updates dependencies to upgrade the library, idna, to get a version that is not
affected by a vulnerability reported in [RUSTSEC-2024-0421][].
The vulnerability allows an attacker to craft a domain name that older versions
of idna interpret as identical to a legitimate domain name, but that is in fact
a different name. We do not expect that this impacts the MongoDB connector since
it uses the affected library exclusively to connect to MongoDB databases, and
database URLs are supplied by trusted administrators. But better to be safe than
sorry.
Validators with object fields that do not list properties
If a collection validator species an property of type object, but does not specify a list of nested properties for that object then we will infer the ExtendedJSON type for that property. For a collection created with this set of options would have the type ExtendedJSON for its reactions field:
{
"validator": {
"$jsonSchema": {
"bsonType": "object",
"properties": {
"reactions": { "bsonType": "object" },
}
}
}
}If the validator specifies a map of nested properties, but that map is empty, then we interpret that as an empty object type.
[RUSTSEC-2024-0421]: https://rustsec.org/advisories/RUSTSEC-2024-0421