(DOCSP-24131): v1.5.4 release notes (#228)

* (DOSP-24131): v1.5.4 release notes

* wording

* Update source/changelog.txt

Co-authored-by: Anna Henningsen <[email protected]>

* review fixes

Co-authored-by: Anna Henningsen <[email protected]>

Author: jeff-allen-mongo

snooty.toml

@@ -14,7 +14,7 @@ toc_landing_pages = ["/run-commands",
 
 [constants]
 
-version = "1.5.3"
+version = "1.5.4"
 mdb-version = "6.0"
 pgp-version = "{+mdb-version+}"
 

source/changelog.txt

@@ -12,6 +12,28 @@ Release Notes
    :depth: 1
    :class: singlecol
 
+v1.5.4
+------
+
+*Released July 31, 2022*
+
+Fixes a potential data corruption bug in
+:method:`KeyVault.rewrapManyDataKey()` when rotating encrypted data
+encryption keys backed by Azure or GCP key services.
+
+In previous versions of ``mongosh``, this bug occurs when an
+Azure-backed or GCP-backed data encryption key being rewrapped requires
+fetching an access token for decryption of the data encryption key.
+
+As a result of this bug, all data encryption keys being rewrapped are
+replaced by new randomly generated material, destroying the original key
+material.
+
+To mitigate potential data corruption, upgrade ``mongosh`` to v1.5.4 or
+higher before using :method:`KeyVault.rewrapManyDataKey()` to rotate
+Azure-backed or GCP-backed data encryption keys. You should always
+create a backup of the key vault collection before key rotation.
+
 v1.5.3
 ------