diff --git a/source/auth/auth.md b/source/auth/auth.md index 20e6d8c55d..98458324ef 100644 --- a/source/auth/auth.md +++ b/source/auth/auth.md @@ -174,7 +174,7 @@ If the handshake response includes a `saslSupportedMechs` field, then drivers MU select a default mechanism as described later. If the command succeeds and the response does not include a `saslSupportedMechs` field, then drivers MUST use the legacy default mechanism rules for servers older than 4.0. -Drivers MUST NOT validate whether content of the `saslSupportedMechs` attribute of the initial handshake reply. Drivers +Drivers MUST NOT validate the contents of the `saslSupportedMechs` attribute of the initial handshake reply. Drivers MUST NOT raise an error if the `saslSupportedMechs` attribute of the reply includes an unknown mechanism. ### Single-credential drivers @@ -2053,7 +2053,7 @@ to EC2 instance metadata in ECS, for security reasons, Amazon states it's best p ## Changelog -- 2024-04-??: Clarify that driver should not validate `saslSupportedMechs` content. +- 2024-04-19: Clarify that driver should not validate `saslSupportedMechs` content. - 2024-04-03: Added GCP built-in OIDC provider integration. diff --git a/source/auth/auth.rst b/source/auth/auth.rst index 99ce1743f6..b9d5f6d6b3 100644 --- a/source/auth/auth.rst +++ b/source/auth/auth.rst @@ -217,7 +217,7 @@ to select a default mechanism as described later. If the command succeeds and the response does not include a ``saslSupportedMechs`` field, then drivers MUST use the legacy default mechanism rules for servers older than 4.0. -Drivers MUST NOT validate whether content of the ``saslSupportedMechs`` +Drivers MUST NOT validate the contents of the ``saslSupportedMechs`` attribute of the initial handshake reply. Drivers MUST NOT raise an error if the ``saslSupportedMechs`` attribute of the reply includes an unknown mechanism. @@ -1666,7 +1666,7 @@ Q: Should drivers support accessing Amazon EC2 instance metadata in Amazon ECS? Changelog ========= -:2024-04-??: Clarify that driver should not validate ``saslSupportedMechs`` content. +:2024-04-19: Clarify that driver should not validate ``saslSupportedMechs`` content. :2023-04-28: Added MONGODB-OIDC auth mechanism :2022-11-02: Require environment variables to be read dynamically. :2022-10-28: Recommend the use of AWS SDKs where available. diff --git a/source/mongodb-handshake/handshake.rst b/source/mongodb-handshake/handshake.rst index 338d19d823..2c232742f8 100644 --- a/source/mongodb-handshake/handshake.rst +++ b/source/mongodb-handshake/handshake.rst @@ -424,7 +424,7 @@ The ``speculativeAuthenticate`` reply has the same fields, except for the ``ok`` as seen in the conversation sections for MONGODB-X509, SCRAM-SHA-1 and SCRAM-SHA-256 in the `Driver Authentication spec <../auth/auth.md#supported-authentication-methods>`_. -Drivers MUST NOT validate whether content of the ``saslSupportedMechs`` attribute +Drivers MUST NOT validate the contents of the ``saslSupportedMechs`` attribute of the initial handshake reply. Drivers MUST NOT raise an error if the ``saslSupportedMechs`` attribute of the reply includes an unknown mechanism. @@ -679,4 +679,4 @@ Changelog :2023-04-03: Simplify truncation for metadata :2023-05-04: ``AWS_EXECUTION_ENV`` must start with ``"AWS_Lambda_"`` :2023-08-24: Added container awareness -:2024-04-??: Clarify that driver should not validate ``saslSupportedMechs`` content. +:2024-04-19: Clarify that driver should not validate ``saslSupportedMechs`` content.