NServiceBus.Storage.MongoDB 3.0.3 and 2.3.3 – Patch releases available

Hi everyone,

We’ve just released NServiceBus.Storage.MongoDB 3.0.3 and 2.3.3.

Fixed bugs

  • #608 Newer versions of MongoDB.Driver cannot be used
  • #603 CVE-2022-48282: Version range allows vulnerable version of MongoDB.Driver to be used


  • The 3.0.3 version of this release includes a fix for CVE-2022-48282 that prevents vulnerable versions of MongoDB.Driver from being used.
  • The 2.3.3 release is not able to fix the CVE because the unaffected versions of MongoDB.Driver would require a breaking change on the .NET Framework dependency. Users on .NET Framework are encouraged to use at least .NET Framework 4.7.2 and update the MongoDB.Driver package to version 2.19.0 or greater as recommended in the CVE.

How to know if you are affected

You are affected if you are attempting to upgrade MongoDB.Driver to a newer version.


The endpoint cannot be started because the cluster transaction mode is unknown.

When to upgrade

You should upgrade during your next maintenance window.

Where to get it

You can install the new versions of NServiceBus.Storage.MongoDB from NuGet.

With thanks,
The team in Particular

Please read our release policy for more details.