Ruby Implementation of the BSON Specification (2.0.0+)
APACHE-2.0 License
An implementation of the BSON specification in Ruby.
BSON can be installed via RubyGems:
> gem install bson
Or by adding it to your project's Gemfile:
gem 'bson'
Each release of the BSON library for Ruby after version 5.0.0 has been automatically built and signed using the team's GPG key.
To verify the bson gem file:
gpg --import ruby-driver.asc
.gem fetch bson
, or you can download it from the releases page on GitHub..sig
file with the same version number as the gem you wish to install.gpg --verify bson-X.Y.Z.gem.sig bson-X.Y.Z.gem
(replacing X.Y.Z
with the actual version number).You are looking for text like "Good signature from "MongoDB Ruby Driver Release Signing Key [email protected]" in the output. If you see that, the signature was found to correspond to the given gem file.
(Note that other output, like "This key is not certified with a trusted signature!", is related to web of trust and depends on how strongly you, personally, trust the ruby-driver.asc
key that you downloaded from us. To learn more, see https://www.gnupg.org/gph/en/manual/x334.html)
RubyGems' own gem signing is problematic, most significantly because there is no established chain of trust related to the keys used to sign gems. RubyGems' own documentation admits that "this method of signing gems is not widely used" (see https://guides.rubygems.org/security/). Discussions about this in the RubyGems community have been off-and-on for more than a decade, and while a solution will eventually arrive, we have settled on using GPG instead for the following reasons:
Ultimately, most users do not bother to verify gems, and will not be impacted by our choice of GPG over RubyGems' native method.
BSON is tested against MRI (2.7+) and JRuby (9.3+).
Current documentation can be found here.
The API Documentation is located at mongodb.com/docs.
The BSON specification is at bsonspec.org.
To report a bug in the bson
gem or request a feature:
BSON
in the Component/s field.When creating an issue, please keep in mind that all information in JIRA for the RUBY project, as well as the core server (the SERVER project), is publicly visible.
PLEASE DO:
bson
gem and/or Ruby driver and MongoDBPLEASE DO NOT:
If you have identified a potential security-related issue in the bson
gem
(or any other MongoDB product), please report it by following the
instructions here.
To request a feature which is not specific to the bson
gem, or which
affects more than the bson
gem and/or Ruby driver alone (for example, a
feature which requires MongoDB server support), please submit your idea through
the MongoDB Feedback Forum.
New library functionality is generally added in a backwards-compatible manner and results in new minor releases. Bug fixes are generally made on master first and are backported to the current minor library release. Exceptions may be made on a case-by-case basis, for example security fixes may be backported to older stable branches. Only the most recent minor release is officially supported. Customers should use the most recent release in their applications.
As of 2.0.0, this project adheres to the Semantic Versioning Specification.
Copyright (C) 2009-2020 MongoDB Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.