[
https://issues.apache.org/jira/browse/CASSANDRA-21146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18070530#comment-18070530
]
Bohdan Siryk commented on CASSANDRA-21146:
------------------------------------------
I have just realized that drivers could change their names after donation, and
it is not considered a breaking change, at least from my understanding of the
v1.7.0 Go driver release, in which the name was changed. There are a couple of
drivers that will change their names after donation: Python and Nodejs, so
mentioning this in cassandra.yml seems reasonable to me. Roughly something like
this:
{code:java}
# Minimum client driver versions. Connections from drivers whose version is
below
# the configured minimum will be warned or rejected. Connections that do not
report
# a driver name or version are considered valid. The map key is the driver name
# as reported in the native protocol STARTUP message. The value is the minimum
# version string.
# Note, drivers could change their names after donation to ASF, so be sure you
have included
# updated driver name bellow.
{code}
> Guardrail for client driver versions
> ------------------------------------
>
> Key: CASSANDRA-21146
> URL: https://issues.apache.org/jira/browse/CASSANDRA-21146
> Project: Apache Cassandra
> Issue Type: Improvement
> Components: Feature/Guardrails
> Reporter: Brad Schoening
> Assignee: Stefan Miklosovic
> Priority: Normal
> Time Spent: 1h
> Remaining Estimate: 0h
>
> Many application teams lag multiple years behind on Cassandra driver
> upgrades, which increases operational risk and complicates cluster upgrades
> and support. Today, there is no native mechanism to discourage or prevent
> clients from connecting with severely outdated drivers.
> Proposed New Feature
> Introduce an optional server-side guardrail that allows operators to WARN or
> FAIL client connections using drivers older than a configured minimum version
> (for example, rejecting Java drivers earlier than 3.11.5).
> Most environments have just a couple of driver type names (e.g., Java), and
> the guardrail would apply to declared type & version pairs.
> Key Characteristics
> * Disabled by default.
> * Configurable minimum supported driver version, scoped by driver type.
> * Intended primarily for non-production environments (dev / UAT), where
> stricter enforcement can be applied ahead of production rollouts.
> * Provides a clear, early failure signal to application teams that a driver
> upgrade is required.
> Benefits
> * Forces proactive driver upgrades before cluster upgrades.
> * Reduces risk from unsupported or poorly tested legacy drivers.
> * Improves overall fleet hygiene and operational predictability.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
