We have identified issues that can cause sharded multi-document transactions to return incorrect data and possibly miss writes. These issues may manifest when using any of the following:
while concurrently executing any of the following operations:
MongoDB 4.4.29, 5.0.25, 6.0.14, 7.0.8, and Rapid Release 7.3.1 contain fixes for these issues.
A sharded multi-document transaction may miss reads and writes if the data it is referencing is affected by a concurrently executing command which modifies sharding metadata. Multi-document transactions are implicitly leveraged by Queryable Encryption, making this feature susceptible to being impacted in sharded environments.
The necessary preconditions for one or more of these issues to manifest are the following (all must be met):
As a result of these issues:
See below for more information on the specific commands that can modify sharding metadata:
MongoDB 4.4.29, 5.0.25, 6.0.14, 7.0.8, and Rapid Release 7.3.1 contain fixes for these issues.
If your workload utilizes multi-document transactions on a Sharded cluster meeting the criteria above, we recommend that you upgrade to MongoDB version 4.4.29, 5.0.25, 6.0.14, 7.0.8, or rapid release 7.3.1 (or later).
If you are on MongoDB Atlas, your cluster has already been upgraded.
If you are not able to upgrade immediately:
Avoid issuing commands that modify sharding metadata concurrently with multi-document transactions. Specifically, avoid using the commands:
Disable the sharded cluster balancer via using the command sh.stopBalancer() command to disable the balancer.
As soon as possible, upgrade to MongoDB version 4.4.29, 5.0.25, 6.0.14, 7.0.8, or rapid release 7.3.1 (or later).
Re-enable the balancer using sh.startBalancer().
See the remediation section below.
The sections below offer guidance for specific feature usage. All implicated commands record entries in the changelog collection in the config database. The changelog collection can be inspected to determine when these commands may have been issued in the past. This collection is capped at 200mb by default; users may consult backups for further history. Please review the sections relevant to your environment and examine the changelog collection as needed.
Queryable Encryption can be impacted by SERVER-84723, SERVER-87061 and SERVER-82353.
An environment that leverages Queryable Encryption may be impacted if ALL of the following are met:
If you are a user of Queryable Encryption and meet the criteria above, please reach out to MongoDB Support for further assistance.
A client explicitly leveraging sharded multi-document transactions can be impacted by any of SERVER-77506, SERVER-84723, SERVER-87061 or SERVER-82353.
An environment with a workload that explicitly leverages multi-document transactions may be impacted only if ALL of the following are met:
If your environment and workload meet these criteria, we recommend that you:
Review your application with a focus on how missed reads or writes in a transaction could impact your application. Consult the specific tickets linked in the appendix to better understand how each of these issues can manifest.
Determine when any of the metadata modifying operations referenced above were issued on collections referenced by these multi-document transactions. Consult the appendix below for additional detail on how each of the issues above may manifest.
Consult your application logs to assess which documents may have been affected.
Review the contents of these documents to assess if they are logically consistent from the perspective of your application. You may also want to consider how other collections / documents may have been impacted if reads or writes may not have been applied correctly.
For more information about the issues summarized here, please see the individual tickets below: