CSFLE - Java Driver - aggregation with lookup fails with 2 non-encrypted collections

An aggregation pipeline $lookup fails even if the 2 involved collections are not encrypted.
We are using a connection pool with 10 connections. Each connection in the pool is created with csfle options enabled. The same connection is used to work on the collections with the encrypted fields.
The understanding as per mongo official documentation is that behaviour should be based on which collections is being queried and if there is no encryption on any fields in the collection, there should not be any challenges on the queries w.r.t. those collections.
The collections which have encrypted fields will have the query constraints as documented in the official documentation.
But, aggregation with lookup, does not work which is not expected.
Exception received:
Exception in encryption library: Command failed with error 51204 (Location51204): ‘Pipeline over an encrypted collection cannot reference additional collections.’ on server localhost:27020. The full response is

{“ok”: 0.0, “errmsg”: “Pipeline over an encrypted collection cannot reference additional collections.”, “code”: 51204, “codeName”: “Location51204”}

However, the aggregation works fine if the connection is created without csfle options.

Has anyone come across this and has a work around or a fix?


Hi @Anu_Madan,

This is an aggregation bug reported by way of previous discussion on Automatic Client Side Field Level Encryption (CSFLE) Restricts Operations On Unencrypted Collections.

For updates, please watch/upvote SERVER-50092: [FLE] with encryption on collection and $lookup with two non-encrypted collections fails in the MongoDB issue tracker.

The only suggested workaround at the moment is to use a client connection without CSFLE options (which you’ve already discovered).


Thanks @Stennie
I have upvoted for the bug as suggested.
Is there a way to find out by when the bug will be resolved? This is a big blocker on the path of adopting CSFLE.


Hi @Anu_Madan,

Thanks for upvoting the issue - that is a helpful signal for the development team’s planning and prioritisation. Watching the issue in Jira (i.e. logging in and clicking on “Start watching this issue”) is the best way to follow progress.

This issue currently has a Fix Version of “Backlog” and an assignee of “Backlog - Query Team”, which means the issue has been assigned to the query team’s work backlog but has not been planned for a development sprint yet. As such, there is no further ETA available at the moment.

For some more information on the general development workflow, please see my comment on When will SERVER-25023 be released?.


This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.