[JAVA-4696] Upgrade libmongocrypt dependency to 1.5.2 Created: 29/Jul/22  Updated: 28/Oct/23  Resolved: 30/Jul/22

Status: Closed
Project: Java Driver
Component/s: Client Side Encryption
Affects Version/s: None
Fix Version/s: 4.7.1

Type: Task Priority: Blocker - P1
Reporter: PM Bot Assignee: Ross Lawley
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Issue split
Upstream Changes Summary:

DRIVERS-2403:
Release libmongocrypt bindings and/or drivers to use libmongocrypt 1.5.2 ASAP to provide a fix for MONGOCRYPT-464.

If possible, pull the affected bindings releases (using libmongocrypt 1.5.0 or 1.5.1) from package managers concurrently with releasing the new package.

Use the following blurb for release notes:

"""
Fix a potential data corruption bug in RewrapManyDataKey when rotating encrypted data encryption keys backed by GCP or Azure key services.

The following conditions will trigger this bug:

A GCP-backed or Azure-backed data encryption key being rewrapped requires fetching an access token for decryption of the data encryption key.

The result of this bug is that the key material for all data encryption keys being rewrapped is replaced by new randomly generated material, destroying the original key material.

To mitigate potential data corruption, upgrade to this version or higher before using RewrapManyDataKey to rotate Azure-backed or GCP-backed data encryption keys. A backup of the key vault collection should always be taken before key rotation.
"""

Upgrading to 1.5.2 will result in test failures in some CSFLE unified specification tests with an error like "The parameter is incorrect. HTTP status=400". See DRIVERS-2404 for instructions to update the tests.


 Description   

This ticket was split from DRIVERS-2403, please see that ticket for a detailed description.



 Comments   
Comment by Githook User [ 30/Jul/22 ]

Author:

{'name': 'Ross Lawley', 'email': 'ross.lawley@gmail.com', 'username': 'rozza'}

Message: Upgrade libmongocrypt dependency to 1.5.2

JAVA-4696
Branch: master
https://github.com/mongodb/mongo-java-driver/commit/00eadc00a4a0fa16ea30e976ea00e61991cd30f9

Generated at Thu Feb 08 09:02:44 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.