- Add Debian 12 packages
- Support named KMS providers.
- Add
arm64
Debian packages
- Fix
arm64
Alpine build.
- Fix
aarch64
packages for RHEL 8, RHEL 9, Amazon 2023, and Amazon 2
- Include packages for RHEL 8, RHEL 9, and Amazon 2023
- Fix possible leaks in Queryable Encryption in errors on malformed data.
- Bypass search index management commands in automatic encryption
This release adds stable support of the Queryable Encryption (QE) feature for the "Indexed" and "Unindexed" algorithms.
This release makes backwards breaking changes to Queryable Encryption (QE) behavior added in the 1.8.0-alpha0 release:
- Do not apply default to min/max values for int/long/date.
- Enable the QEv2 protocol by default. Remove function to enable QEv2.
- Support Queryable Encryption v2 protocol.
- Add toggle for Decimal128 Range Support.
- Fix i686 (32-bit) build.
- Fix 32-bit ARM build.
- Vendor Intel DFP library and allow using system DFP.
- Fix possible abort on base64 decode error of KMS messages.
- Fix ILP32-target builds.
- Fix LTO build.
- Fix IntelDFP to not require Git.
- Add encryptExpression helper
- Support for range index. NOTE: The Range algorithm is experimental only. It is not intended for public use.
- Support range index for decimal128. NOTE: The Range algorithm is experimental only. It is not intended for public use.
- Add encryptExpression helper
- Support range index for int32, int64, double, and date. NOTE: The Range algorithm is experimental only. It is not intended for public use.
- Fix build on FreeBSD.
- Set context error state during KMS provider validation.
- Fix libbson dependency in pkg-config for PPA.
- Support accessToken to authenticate with Azure.
- Use correct schema when
collMod
command includesvalidator.$jsonSchema
.
- Support accessToken to authenticate with GCP.
- Use CRLF, not LF, for HTTP request newlines.
- Include full body of HTTP errors in
mongocrypt_status_t
.
- Fix datakey decryption requiring multiple rounds of KMS requests.
- This release has a severe bug in the context returned by
mongocrypt_ctx_rewrap_many_datakey_init
that may result in data corruption. Please upgrade to 1.5.2 before usingmongocrypt_ctx_rewrap_many_datakey_init
.
- Update Java bindings to support remaining 1.5.0 API.
- This release has a severe bug in the context returned by
mongocrypt_ctx_rewrap_many_datakey_init
that may result in data corruption. Please upgrade to 1.5.2 before usingmongocrypt_ctx_rewrap_many_datakey_init
.
- Update to use new payload for FLE 2.0 find.
- Require contention factor.
- Fix handling of create command with $jsonSchema.
- Fix leak on encrypt or decrypt error.
- Accept string values for QueryType and IndexType.
- Add missing MONGOCRYPT_EXPORT to mongocrypt_ctx_provide_kms_providers
- Revert new payload for FLE 2.0 find.
- Do not send "create" and "createIndexes" to mongocryptd when bypassing query analysis.
- Account for shared library rename.
- Update to use new payload for FLE 2.0 find.
- Fix explain when using csfle shared library.
- Do not bypass "create" or "createIndexes" commands. Support "collMod".
- Bypass "hello", "buildInfo", "getCmdLineOpts", and "getLog" commands.
- Preserve $db in output command.
- Add missing MONGOCRYPT_EXPORT to mongocrypt_ctx_provide_kms_providers
- Pick a random contention factor on FLE 2.0 insert.
- Support FLE 2.0.
- Support FLE 1.0 Shared Library.
- Support Key Management API.
- Support on-demand credentials with
MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS
state andmongocrypt_ctx_provide_kms_providers
.
- Support on-demand AWS credentials with
MONGOCRYPT_CTX_NEED_KMS_CREDENTIALS
state andmongocrypt_ctx_provide_kms_providers
.
- Resolve 32 bit Windows compile errors.
- Support custom key material through
mongocrypt_ctx_setopt_key_material
.
- Fix deprecation warnings with OpenSSL 3.0.
- Resolve possible symbol conflicts with OpenSSL.
- Support "kmip" KMS provider.
- Add mongocrypt_kms_ctx_get_kms_provider.
- Apply default port to endpoints returned in mongocrypt_kms_ctx_endpoint
- Fix pkg-config and PPA build dependency on libbson.
- Fix JSON schema caching behavior when server reports no JSON schema.
- Fix possible crash when oauth credentials expire.
- Support AWS temporary credentials via session token.
- Add "=" padding to base64url encoding.
- Add ENABLE_PIC cmake option, set to ON by default, so static libraries build with -fPIC by default on relevant systems.
- Errors produced in all crypto callbacks are propagated to user.
- mongocrypt_setopt_kms_provider_aws and mongocrypt_setopt_kms_provider_local are deprecated in favor of the more flexible mongocrypt_setopt_kms_providers, which supports configuration of all KMS providers.
- mongocrypt_ctx_setopt_masterkey_aws, mongocrypt_ctx_setopt_masterkey_aws_endpoint, and mongocrypt_ctx_setopt_masterkey_local are deprecated in favor of the more flexible mongocrypt_ctx_setopt_key_encryption_key, which supports configuration for all KMS providers.
- Introduces a new crypto hook for signing the JSON Web Token (JWT) for Google Cloud Platform (GCP) requests:
- mongocrypt_setopt_crypto_hook_sign_rsaes_pkcs1_v1_5
- Introduces a CLI utility
csfle
to test the context state machine against live KMS, mongocryptd, and mongod. See ./test/util/README.md. - Introduces two new functions to the libmongocrypt API.
- mongocrypt_setopt_kms_providers To set the KMS providers.
- mongocrypt_ctx_setopt_key_encryption_key To set the key encryption key.
- Adds support for Azure and GCP KMS providers.