Fixed conflict

Author: Anthony Sansone

config/build_conf.yaml

@@ -10,7 +10,7 @@ project:
   branched: true
   siteroot: true
 version:
-  release: '4.0.0-rc5'
+  release: '4.0.0-rc6'
   branch: '4.0'
 system:
   files:

config/redirects

@@ -1428,6 +1428,8 @@ raw: /master/release-notes/3.0-general-improvements -> ${base}/release-notes/3.0
 [*]: /${version}/release-notes/2.8-general-improvements -> ${base}/${version}/release-notes/3.0
 [*]: /${version}/release-notes/2.8-changes -> ${base}/${version}/release-notes/3.0
 
+[v3.6-v3.6]:  /${version}/upcoming -> ${base}/master/release-notes/4.0/
+
 raw: /v2.8 -> ${base}/v3.0
 raw: /v2.8/release-notes/2.8-downgrade -> ${base}/v3.0/release-notes
 raw: /v2.8/release-notes/2.8-compatibility -> ${base}/v3.0/release-notes

source/changeStreams.txt

@@ -21,20 +21,61 @@ Change Streams
 Change streams allow applications to access real-time data changes
 without the complexity and risk of tailing the :term:`oplog`.
 Applications can use change streams to subscribe to all data changes on
-a collection and immediately react to them.
+a single collection, a database, or an entire deployment, and
+immediately react to them. Because change streams use the aggregation
+framework, applications can also filter for specific changes or
+transform the notifications at will.
+
+Change stream is available for :doc:`replica sets <replication>` and
+:doc:`sharded clusters </sharding>` that use :ref:`WiredTiger
+<storage-wiredtiger>` storage engine and replica set protocol version 1
+(:rsconf:`pv1 <protocolVersion>`). Change streams can also be used on
+deployments which employ MongoDB's
+:ref:`encryption-at-rest<encrypted-storage-engine>` feature.
+
+Watch Collection/Database/Deployment
+------------------------------------
+
+You can open change streams against:
+
+- A single collection (except ``system`` collections, or any
+  collections in the ``admin``, ``local``, and ``config`` databases)
+
+  See the :binary:`~bin.mongo` shell method
+  :method:`db.collection.watch()`.
+
+  For the corresponding MongoDB driver method, refer to your driver
+  documentation.
+
+- .. versionadded:: 4.0 
+
+     A database (excluding the ``admin``, ``local``, ``config``
+     databases). The change stream watches for changes to all
+     non-``system`` collections in the database.
+
+     :binary:`~bin.mongo` shell provides the method
+     :method:`db.watch()`. For the corresponding MongoDB driver method,
+     refer to your driver documentation.
+
+- .. versionadded:: 4.0
+
+     An entire deployment, either a replica set or a sharded cluster.
+     The change stream watches for changes to all non-``system``
+     collections across all databases, except for the ``admin``.
+     ``local``, and ``config`` databases.
+
+     :binary:`~bin.mongo` shell provides the
+     method :method:`Mongo.watch()`. For the corresponding MongoDB
+     driver method, refer to your driver documentation.
 
 Open A Change Stream
 --------------------
 
-You can only open a change stream against :doc:`replica sets
-<replication>` or :doc:`sharded clusters </sharding>`. For a sharded
-cluster, you must issue the open change stream operation against the
-:binary:`~bin.mongos`.
+For a replica set, you can open change stream for any of the
+data-bearing members.
 
-The replica set or the sharded cluster must use replica set protocol
-version 1 (:rsconf:`pv1 <protocolVersion>`) and :ref:`WiredTiger
-<storage-wiredtiger>` storage engine (can be :ref:`encrypted
-<encrypted-storage-engine>`).
+For a sharded cluster, you must issue the open change stream operation
+against the :binary:`~bin.mongos`.
 
 .. tabs-drivers::
 
@@ -89,9 +130,9 @@ version 1 (:rsconf:`pv1 <protocolVersion>`) and :ref:`WiredTiger
           <https://docs.mongodb.com/ruby-driver/master/tutorials/ruby-driver-create-client/>`__
           that contains an ``inventory`` collection.
 
-The following example opens a change stream against a replica set. The change stream is bound to a collection and
-change stream documents are iterated with a cursor. This cursor remains open until it is explicitly closed,
-as long as a connection to the MongoDB deployment remains open *and* the collection exists.
+The following example opens a change stream for a collection and iterates over the cursor to retrieve the 
+change stream documents . As long as the connection to the MongoDB deployment remains open *and* the collection exists, 
+this cursor remains open until it is explicitly closed.
 
 .. tabs-drivers::
 
@@ -611,8 +652,33 @@ Access Control
 --------------
 
 For deployments enforcing :ref:`authentication` and :ref:`authorization
-<authorization>`, applications can only open change streams against
-collections they have read access to.
+<authorization>`:
+
+- To open a change stream against specific collection, applications
+  must have privileges that grant :authaction:`changeStream` and
+  :authaction:`find` actions on the corresponding collection.
+
+  .. code-block:: javascript
+
+     { resource: { db: <dbname>, collection: <collection> }, actions: [ "find", "changeStream" ] }
+
+- To open a change stream on a single databases, applications must have
+  privileges that grant :authaction:`changeStream` and
+  :authaction:`find` actions on all non-``system`` collections in a
+  database.
+
+  .. code-block:: javascript
+
+     { resource: { db: <dbname>, collection: "" }, actions: [ "find", "changeStream" ] }
+
+- To open a change stream on an entire deployment, applications must
+  have privileges that grant :authaction:`changeStream` and
+  :authaction:`find` actions on all non-``system`` collections for all
+  databases in the deployment.
+
+  .. code-block:: javascript
+
+     { resource: { db: "", collection: "" }, actions: [ "find", "changeStream" ] }
 
 Event Notification
 ------------------

source/core/kerberos.txt

@@ -63,6 +63,8 @@ names have the form:
 For every user you want to authenticate using Kerberos, you must create
 a corresponding user in MongoDB in the ``$external`` database.
 
+.. include:: /includes/extracts/sessions-external-username-limit.rst
+
 For examples of adding a user to MongoDB as well as authenticating as
 that user, see
 :doc:`/tutorial/control-access-to-mongodb-with-kerberos-authentication`

source/core/read-isolation-consistency-recency.txt

@@ -41,7 +41,10 @@ the following behavior:
 
 .. include:: /includes/extracts/concurrent-operations-multi-document-writes-no-isolation.rst
 
-.. seealso:: :doc:`/core/write-operations-atomicity`
+Starting in version 4.0, for situations that require atomicity for
+updates to multiple documents or consistency between reads to multiple
+documents, MongoDB provides :doc:`multi-document transactions
+</core/transactions>` for replica sets.
 
 .. _faq-developers-isolate-cursors:
 
@@ -96,18 +99,19 @@ Client Sessions
 
 .. important::
 
+   The following discussion refers to client sessions, which are
+   separate from server sessions.
+
    To use client sessions:
 
-   - Clients require MongoDB drivers updated for MongoDB 3.6:
+   - Clients require MongoDB drivers updated for MongoDB 3.6 or later:
 
      .. include:: /includes/3.6-drivers.rst
 
    - ``featureCompatibilityVersion`` must be set to "3.6" or greater. For more
      information, see :ref:`view-fcv` and
      :dbcommand:`setFeatureCompatibilityVersion`.
 
-   The following discussion refers to client sessions, which are
-   separate from server sessions.
 
 To provide causal consistency, MongoDB 3.6 enables causal consistency
 in client sessions. A causally consistent session denotes that the
@@ -250,7 +254,7 @@ causally consistent:
      - Returns an error if the operation is associated with a causally
        consistent client session.
 
-   * - :dbcommand:`createIndex` with ``background: true`` option; i.e.
+   * - :dbcommand:`createIndexes` with ``background: true`` option; i.e.
        background index builds
 
      - 

source/core/security-encryption-at-rest.txt

@@ -34,13 +34,18 @@ read the data.
 Encryption Process
 ~~~~~~~~~~~~~~~~~~
 
+.. admonition:: Changed in version 4.0
+   :class: note
+
+   MongoDB Enterprise on Windows no longer supports ``AES256-GCM``.
+
 If encryption is enabled, the default encryption mode that MongoDB
 Enterprise uses is the ``AES256-CBC`` (or 256-bit Advanced Encryption
 Standard in Cipher Block Chaining mode) via OpenSSL. AES-256 uses a
 symmetric key; i.e. the same key to encrypt and decrypt text. MongoDB
-Enterprise also supports authenticated encryption ``AES256-GCM`` (or
-256-bit Advanced Encryption Standard in Galois/Counter Mode). FIPS mode
-encryption is also available.
+Enterprise for Linux also supports authenticated encryption
+``AES256-GCM`` (or 256-bit Advanced Encryption Standard in
+Galois/Counter Mode). FIPS mode encryption is also available.
 
 .. warning::
 
@@ -51,6 +56,7 @@ encryption is also available.
    :binary:`~bin.mongod` instance, the :binary:`~bin.mongod` instances may use
    the duplicate counter block values, voiding confidentiality and integrity
    guarantees.
+   
 
 The data encryption process includes:
 

source/core/security-ldap-external.txt

@@ -29,6 +29,8 @@ The LDAP Authorization process is summarized below:
    :ref:`authentication <authentication>` mechanism that
    :ref:`supports external authentication
    <security-ldap-external-compatibility>`.
+   
+   .. include:: /includes/extracts/sessions-external-username-limit.rst
 
 #. MongoDB binds to to the LDAP server specified with :setting:`security.ldap.servers`
    using the credentials specified with :setting:`security.ldap.bind.queryUser` and

source/core/security-ldap.txt

@@ -62,6 +62,8 @@ on the ``$external`` database whose name exactly matches the authentication
 username. Changes to a user on the LDAP server may require changes to the
 corresponding MongoDB ``$external`` user.
 
+.. include:: /includes/extracts/sessions-external-username-limit.rst
+
 .. example::
 
    A user authenticates as ``[email protected]``. The MongoDB server

source/core/security-x.509.txt

@@ -58,6 +58,8 @@ than one MongoDB user.
 Add the user in the ``$external`` database; i.e. the
 :ref:`authentication-database` is the ``$external`` database
 
+.. include:: /includes/extracts/sessions-external-username-limit.rst
+
 Authenticate
 ~~~~~~~~~~~~
 

source/core/transactions.txt

@@ -117,11 +117,16 @@ Transactions and Security
 
 - If running with :doc:`access control </core/authorization>`, you must
   have privileges for the :ref:`operations in the transaction
-  <transactions-operations>`.
+  <transactions-operations>`. [#username-external]_
 
 - If running with :doc:`auditing </core/auditing>`, operations in an
   aborted transaction are still audited.
 
+.. [#username-external]
+
+   If using ``$external`` authentication users (i.e. Kerberos, LDAP,
+   x.509 users), the usernames cannot be greater than 10k bytes.
+
 Transactions and Locks
 ----------------------