+1 on back porting it
> On Nov 5, 2024, at 8:51 AM, Štefan Miklošovič <smikloso...@apache.org> wrote:
>
> Backporting in such a way that all auth requests will still go to the same
> request executor as before is OK for me.
>
> On Tue, Nov 5, 2024 at 3:32 PM J. D. Jordan <jeremiah.jor...@gmail.com
> <mailto:jeremiah.jor...@gmail.com>> wrote:
>> If I read the ticket correctly, this is preventing bcrypt of incoming
>> credentials from causing a DOS?
>> I think that’s reasonable to backport. If we want to be conservative it
>> could be backported with added code that keeps the current behavior by
>> default?
>>
>>> On Nov 5, 2024, at 7:43 AM, Josh McKenzie <jmcken...@apache.org
>>> <mailto:jmcken...@apache.org>> wrote:
>>>
>>>
>>> I'm neutral to the backport. In terms of the letter of the law, I can see
>>> the argument either way of it being an improvement or a bugfix.
>>>
>>> Definitely wouldn't -1 a backport.
>>>
>>> On Tue, Nov 5, 2024, at 7:23 AM, Mick Semb Wever wrote:
>>>> Can you please put the ticket description in the email. Saves us having
>>>> to follow the link to know what you're talking about.
>>>>
>>>> Yes to backporting this.
>>>>
>>>> On Tue, 5 Nov 2024 at 10:27, Štefan Miklošovič <smikloso...@apache.org
>>>> <mailto:smikloso...@apache.org>> wrote:
>>>> Hello,
>>>>
>>>> I want to ask if there are objections for backporting CASSANDRA-17812 (1)
>>>> to 4.0.x and 4.1.x.
>>>>
>>>> There is a question already in that ticket about backporting from another
>>>> person and we keep being asked about this a lot. It seems to me that while
>>>> this is technically an improvement, it is so valuable that we should make
>>>> an exception here.
>>>>
>>>> It is even security related.
>>>>
>>>> (1) https://issues.apache.org/jira/browse/CASSANDRA-17812
>>>>
>>>> Regards
>>>
