Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
org.mongodb.scala:mongo-scala-bson_2.13
Advanced tools
A Scala wrapper / extension to the bson library
Release notes are available here.
Reference and API documentation for the Java driver is available here.
Reference and API documentation for the Kotlin driver is available here.
Reference and API documentation for the Scala driver is available here.
For tutorials on how to use the MongoDB JVM Drivers, please reference MongoDB University. Additional tutorials, videos, and code examples using both the Java Driver and the Kotlin Driver can also be found in the MongoDB Developer Center.
For issues with, questions about, or feedback for the MongoDB Java, Kotlin, and Scala drivers, please look into our support channels. Please do not email any of the driver developers directly with issues or questions - you're more likely to get an answer on the MongoDB Community Forums or StackOverflow.
At a minimum, please include in your description the exact version of the driver that you are using. If you are having connectivity issues, it's often also useful to paste in the line of code where you construct the MongoClient instance, along with the values of all parameters that you pass to the constructor. You should also check your application logs for any connectivity-related exceptions and post those as well.
Think you’ve found a bug in the Java, Kotlin, or Scala drivers? Want to see a new feature in the drivers? Please open a case in our issue management tool, JIRA:
Bug reports in JIRA for the driver and the Core Server (i.e. SERVER) project are public.
If you’ve identified a security vulnerability in a driver or any other MongoDB project, please report it according to the instructions here.
Major increments (such as 4.x -> 5.x) will occur when breaking changes are being made to the public API. All methods and classes removed in a major release will have been deprecated in a prior release of the previous major release branch, and/or otherwise called out in the release notes.
Minor 5.x increments (such as 5.1, 5.2, etc) will occur when non-trivial new functionality is added or significant enhancements or bug fixes occur that may have behavioral changes that may affect some edge cases (such as dependence on behavior resulting from a bug). An example of an enhancement is a method or class added to support new functionality added to the MongoDB server. Minor releases will almost always be binary compatible with prior minor releases from the same major release branch, except as noted below.
Patch 5.x.y increments (such as 5.0.0 -> 5.0.1, 5.1.1 -> 5.1.2, etc) will occur for bug fixes only and will always be binary compatible with prior patch releases of the same minor release branch.
APIs marked with the @Alpha
annotation are in the early stages of development, subject to incompatible changes,
or even removal, in a future release and may lack some intended features. An APIs bearing @Alpha
annotation may
contain known issues affecting functionality, performance, and stability. They are also exempt from any compatibility
guarantees made by its containing library.
It is inadvisable for applications to use Alpha APIs in production environments or for libraries (which get included on users' CLASSPATHs, outside the library developers' control) to depend on these APIs. Alpha APIs are intended for experimental purposes only.
APIs marked with the @Beta
annotation at the class or method level are subject to change. They can be modified in any way, or even
removed, at any time. If your code is a library itself (i.e. it is used on the CLASSPATH of users outside your own control), you should not
use beta APIs, unless you repackage them (e.g. by using shading, etc).
APIs marked with the @Deprecated
annotation at the class or method level will remain supported until the next major release but it is
recommended to stop using them.
All code inside the com.mongodb.internal.*
packages is considered private API and should not be relied upon at all. It can change at any
time.
Binaries and dependency information for Maven, Gradle, Ivy and others can be found at http://search.maven.org.
Example for Maven:
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongodb-driver-sync</artifactId>
<version>x.y.z</version>
</dependency>
Snapshot builds are also published regulary via Sonatype.
Example for Maven:
<repositories>
<repository>
<id>sonatype-snapshot</id>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</repository>
</repositories>
Java 17+ and git is required to build and compile the source. To build and test the driver:
$ git clone https://github.com/mongodb/mongo-java-driver.git
$ cd mongo-java-driver
$ ./gradlew check
The test suite requires mongod to be running with enableTestCommands
, which may be set with the --setParameter enableTestCommands=1
command-line parameter:
$ mkdir -p data/db
$ mongod --dbpath ./data/db --logpath ./data/mongod.log --port 27017 --logappend --fork --setParameter enableTestCommands=1
If you encounter "Too many open files"
errors when running the tests then you will need to increase
the number of available file descriptors prior to starting mongod as described in https://www.mongodb.com/docs/manual/reference/ulimit/
A couple of manual configuration steps are required to run the code in IntelliJ:
Java 17+ is required to build and compile the source.
Error: java: cannot find symbol: class SNIHostName location: package javax.net.ssl
Fix: Settings/Preferences > Build, Execution, Deployment > Compiler > Java Compiler - untick "Use '--release' option for
cross-compilation (Java 9 and later)"
Error: java: package com.mongodb.internal.build does not exist
Fixes: Any of the following:
generateBuildConfig
task: eg: ./gradlew generateBuildConfig
or via Gradle > driver-core > Tasks > buildconfig >
generateBuildConfiggenerateBuildConfig
to execute Before Build. via Gradle > Tasks > buildconfig > right click generateBuildConfig - click on
"Execute Before Build"FAQs
A Scala wrapper / extension to the bson library
We found that org.mongodb.scala:mongo-scala-bson_2.13 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.