DynamoDB Encryption Client Java - Release 1.15.2

Maintenance

• Upgrade AWS SDK
• Upgrade build dependencies
• Partially automate release process

DynamoDB Encryption Client Java - Release 2.0.3

Fixes

• load library version via local ClassLoader (#158)

Maintenance

• chore: upgrade BouncyCastle to 1.69 (#159)

DynamoDB Encryption Client Java - Release 2.0.2

Fixes

• fix: Allow reading old plaintext records after adding new encrypted field to schema (#152)
• fix: Update user agent string to correctly reflect version (#141)
• fix: Data model migration doc breadcrumb. (#139)

Maintenance

• chore: bump aws-java-sdk-bom from 1.11.460 to 1.12.51 (#154)
• chore: Add support policy (#149)
• CI: Create release builds that validate on multiple JDKs (#148)
• chore: Add format check to CI and format (#146)
• chore: Add example for MRKs (#145)
• chore: Add repo-sync actions (#143)
• chore: Add issue template (#142)

DynamoDB Encryption Client Java - Release 2.0.1

Bugfix

Fixes released jar files to ensure JDK 8 compatibility.

DynamoDB Encryption Client Java - Release 1.15.1

Bugfix

Fixes released jar files to ensure JDK 8 compatibility.

DynamoDB Encryption Client Java - Release 2.0.0

Removes MostRecentProvider. MostRecentProvider is replaced by CachingMostRecentProvider as of 1.15.0.

DynamoDB Encryption Client Java - Release 1.15.0

Adds the CachingMostRecentProvider and deprecates MostRecentProvider.

Time-based key reauthorization logic in MostRecentProvider did not re-authorize the use of the key after key usage permissions were changed at the key provider (for example AWS Key Management Service). This created the potential for keys to be used in the DynamoDB Encryption Client after permissions to do so were revoked.

CachingMostRecentProvider replaces MostRecentProvider and provides a cache entry TTL to reauthorize the key with the key provider.

MostRecentProvider is now deprecated, and is removed in 2.0.0. See https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/most-recent-provider.html#mrp-versions for more details.

1.15.0 also fixes interoperability issues between the Python and Java implementations of DynamoDB Encryption Client.

DynamoDB Encryption Client Java - Release 1.13.0

Minor Changes

• Add support for overriding the EncryptionContext in DynamoDBEncryptor #60

Documentation

• Update examples to use PUT instead of Clobber #60
• Document the minimum supported JDK version as JDK8 #57

Several small features and possible breaking change to AttributeEncryptor

This minor release contains a potentially breaking change related to the AttributeEncryptor.

Changes

• Dependency versions are updated
• Added MetaStore.replicate to make it easier to copy data-keys from one MetaStore to another
• Better support for non-standard JCA providers
• Fixed thread-safety issue in LRUCache
• AttributeEncryptor will now throw a DynamoDBMappingException if it is used with a SaveBehavior other than PUT or CLOBBER`. This is necessary to avoid risk of data-corruption. Please see inline documentation for explanation of cause.

Warn on use of Mapper without SaveBehavior.CLOBBER

It is important to use SaveBehavior.CLOBBER with AttributeEncryptor. If you do not do so you risk corrupting your signatures and encrypted data.

When CLOBBER is not specified, fields that are present in the record may not be passed down to the encryptor, which results in fields being left out of the record signature. This in turn can result in records failing to decrypt.

This version adds an ERROR-level log message to warn users that are at risk. A future version bump will introduce an exception in this case.

See also issue #32