From 71cb7edf5740e623307fe391535b4bcf6f54d29e Mon Sep 17 00:00:00 2001
From: Kevin Albertson <kevin.albertson@mongodb.com>
Date: Fri, 29 Jul 2022 11:43:46 -0400
Subject: [PATCH 1/7] DRIVERS-2408 error if RewrapManyDataKey is called with
 libmongocrypt < 1.5.2

---
 source/client-side-encryption/client-side-encryption.rst | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/source/client-side-encryption/client-side-encryption.rst b/source/client-side-encryption/client-side-encryption.rst
index 6603a5712a..661016d081 100644
--- a/source/client-side-encryption/client-side-encryption.rst
+++ b/source/client-side-encryption/client-side-encryption.rst
@@ -976,6 +976,13 @@ being created. If ``keyMaterial`` is given, the custom key material is used for
 encrypting and decrypting data. Otherwise, the key material for the new data key
 is generated from a cryptographically secure random device.
 
+rewrapManyDataKey
+-----------------
+
+Drivers MUST document users must upgrade if necessary to avoid being impacted by MONGOCRYPT-464.
+
+Drivers SHOULD return an error if rewrapManyDataKey is called with libmongocrypt 1.5.1 or older.
+
 RewrapManyDataKeyOpts
 ---------------------
 

From cf4b53cb59c94b3bac3dd90101a11dbdabfa1eec Mon Sep 17 00:00:00 2001
From: Kevin Albertson <kevin.albertson@mongodb.com>
Date: Fri, 29 Jul 2022 15:24:01 -0400
Subject: [PATCH 2/7] update changelog, last modified date, and version

---
 source/client-side-encryption/client-side-encryption.rst | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/source/client-side-encryption/client-side-encryption.rst b/source/client-side-encryption/client-side-encryption.rst
index 661016d081..5ae00b1754 100644
--- a/source/client-side-encryption/client-side-encryption.rst
+++ b/source/client-side-encryption/client-side-encryption.rst
@@ -10,8 +10,8 @@ Client Side Encryption
 :Status: Accepted
 :Type: Standards
 :Minimum Server Version: 4.2 (CSFLE), 6.0 (Queryable Encryption)
-:Last Modified: 2022-06-30
-:Version: 1.10.0
+:Last Modified: 2022-07-29
+:Version: 1.10.1
 
 .. _lmc-c-api: https://github.com/mongodb/libmongocrypt/blob/master/src/mongocrypt.h.in
 
@@ -2394,6 +2394,7 @@ Changelog
    :align: left
 
    Date, Description
+   22-07-29, Prohibit ``rewrapManyDataKey`` with libmongocrypt <= 1.5.1.
    22-06-30, Add behavior for automatic AWS credential loading in ``kmsProviders``.
    22-06-29, Clarify bulk write operation expectations for ``rewrapManyDataKey()``.
    22-06-27, Remove ``createKey``.

From 9ee1a5fc391bb163a3d1d53c4f6c36c377db44c8 Mon Sep 17 00:00:00 2001
From: Kevin Albertson <kevin.albertson@mongodb.com>
Date: Tue, 2 Aug 2022 09:44:54 -0400
Subject: [PATCH 3/7] clarify dependencies may need upgrade

---
 source/client-side-encryption/client-side-encryption.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/client-side-encryption/client-side-encryption.rst b/source/client-side-encryption/client-side-encryption.rst
index 5ae00b1754..6800d5b1ac 100644
--- a/source/client-side-encryption/client-side-encryption.rst
+++ b/source/client-side-encryption/client-side-encryption.rst
@@ -979,7 +979,7 @@ is generated from a cryptographically secure random device.
 rewrapManyDataKey
 -----------------
 
-Drivers MUST document users must upgrade if necessary to avoid being impacted by MONGOCRYPT-464.
+Drivers MUST document users must upgrade dependencies if necessary to avoid being impacted by MONGOCRYPT-464.
 
 Drivers SHOULD return an error if rewrapManyDataKey is called with libmongocrypt 1.5.1 or older.
 

From f92d030894ddff17aa75d3b185d233d13636ff82 Mon Sep 17 00:00:00 2001
From: Kevin Albertson <kevin.albertson@mongodb.com>
Date: Tue, 2 Aug 2022 09:45:47 -0400
Subject: [PATCH 4/7] Add "If applicable"

This may not be applicable to drivers that have separate bindings releases.
---
 source/client-side-encryption/client-side-encryption.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source/client-side-encryption/client-side-encryption.rst b/source/client-side-encryption/client-side-encryption.rst
index 6800d5b1ac..8919642d55 100644
--- a/source/client-side-encryption/client-side-encryption.rst
+++ b/source/client-side-encryption/client-side-encryption.rst
@@ -979,9 +979,9 @@ is generated from a cryptographically secure random device.
 rewrapManyDataKey
 -----------------
 
-Drivers MUST document users must upgrade dependencies if necessary to avoid being impacted by MONGOCRYPT-464.
+If applicable, drivers MUST document users must upgrade dependencies if necessary to avoid being impacted by MONGOCRYPT-464.
 
-Drivers SHOULD return an error if rewrapManyDataKey is called with libmongocrypt 1.5.1 or older.
+If applicable, drivers SHOULD return an error if rewrapManyDataKey is called with libmongocrypt 1.5.1 or older.
 
 RewrapManyDataKeyOpts
 ---------------------

From 9df8d13f73261496d66a691a49d667bd7bec45d3 Mon Sep 17 00:00:00 2001
From: Kevin Albertson <kevin.albertson@mongodb.com>
Date: Tue, 2 Aug 2022 09:46:03 -0400
Subject: [PATCH 5/7] use MUST, not SHOULD

---
 source/client-side-encryption/client-side-encryption.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/client-side-encryption/client-side-encryption.rst b/source/client-side-encryption/client-side-encryption.rst
index 8919642d55..5eda0fd445 100644
--- a/source/client-side-encryption/client-side-encryption.rst
+++ b/source/client-side-encryption/client-side-encryption.rst
@@ -981,7 +981,7 @@ rewrapManyDataKey
 
 If applicable, drivers MUST document users must upgrade dependencies if necessary to avoid being impacted by MONGOCRYPT-464.
 
-If applicable, drivers SHOULD return an error if rewrapManyDataKey is called with libmongocrypt 1.5.1 or older.
+If applicable, drivers MUST return an error if rewrapManyDataKey is called with libmongocrypt 1.5.1 or older.
 
 RewrapManyDataKeyOpts
 ---------------------

From ef64242fbc0ccf9ae095dff217340047595a91b7 Mon Sep 17 00:00:00 2001
From: Kevin Albertson <kevin.albertson@mongodb.com>
Date: Tue, 2 Aug 2022 10:51:24 -0400
Subject: [PATCH 6/7] specify versions 1.5.1 or 1.5.0 are only versions
 affected

---
 source/client-side-encryption/client-side-encryption.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/client-side-encryption/client-side-encryption.rst b/source/client-side-encryption/client-side-encryption.rst
index 5eda0fd445..3aec530a61 100644
--- a/source/client-side-encryption/client-side-encryption.rst
+++ b/source/client-side-encryption/client-side-encryption.rst
@@ -981,7 +981,7 @@ rewrapManyDataKey
 
 If applicable, drivers MUST document users must upgrade dependencies if necessary to avoid being impacted by MONGOCRYPT-464.
 
-If applicable, drivers MUST return an error if rewrapManyDataKey is called with libmongocrypt 1.5.1 or older.
+If applicable, drivers MUST return an error if rewrapManyDataKey is called with libmongocrypt 1.5.1 or 1.5.0.
 
 RewrapManyDataKeyOpts
 ---------------------

From b8b8e78fc74988bac9be359fc3637948f6c3dde9 Mon Sep 17 00:00:00 2001
From: Kevin Albertson <kevin.albertson@mongodb.com>
Date: Tue, 2 Aug 2022 10:51:31 -0400
Subject: [PATCH 7/7] include missing "that"

---
 source/client-side-encryption/client-side-encryption.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/client-side-encryption/client-side-encryption.rst b/source/client-side-encryption/client-side-encryption.rst
index 3aec530a61..d86cdd22b3 100644
--- a/source/client-side-encryption/client-side-encryption.rst
+++ b/source/client-side-encryption/client-side-encryption.rst
@@ -979,7 +979,7 @@ is generated from a cryptographically secure random device.
 rewrapManyDataKey
 -----------------
 
-If applicable, drivers MUST document users must upgrade dependencies if necessary to avoid being impacted by MONGOCRYPT-464.
+If applicable, drivers MUST document that users must upgrade dependencies if necessary to avoid being impacted by MONGOCRYPT-464.
 
 If applicable, drivers MUST return an error if rewrapManyDataKey is called with libmongocrypt 1.5.1 or 1.5.0.