aws-dynamodb-encryption-java

Maintenance

• Upgrade AWS SDK
• Upgrade build dependencies
• Partially automate release process

Fixes

• load library version via local ClassLoader (#158)

Maintenance

• chore: upgrade BouncyCastle to 1.69 (#159)

Fixes

• fix: Allow reading old plaintext records after adding new encrypted field to schema (#152)
• fix: Update user agent string to correctly reflect version (#141)
• fix: Data model migration doc breadcrumb. (#139)

Maintenance

• chore: bump aws-java-sdk-bom from 1.11.460 to 1.12.51 (#154)
• chore: Add support policy (#149)
• CI: Create release builds that validate on multiple JDKs (#148)
• chore: Add format check to CI and format (#146)
• chore: Add example for MRKs (#145)
• chore: Add repo-sync actions (#143)
• chore: Add issue template (#142)

Bugfix

Fixes released jar files to ensure JDK 8 compatibility.

Bugfix

Fixes released jar files to ensure JDK 8 compatibility.

Removes MostRecentProvider. MostRecentProvider is replaced by CachingMostRecentProvider as of 1.15.0.

Adds the CachingMostRecentProvider and deprecates MostRecentProvider.

Time-based key reauthorization logic in MostRecentProvider did not re-authorize the use of the key after key usage permissions were changed at the key provider (for example AWS Key Management Service). This created the potential for keys to be used in the DynamoDB Encryption Client after permissions to do so were revoked.

CachingMostRecentProvider replaces MostRecentProvider and provides a cache entry TTL to reauthorize the key with the key provider.

MostRecentProvider is now deprecated, and is removed in 2.0.0. See https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/most-recent-provider.html#mrp-versions for more details.

1.15.0 also fixes interoperability issues between the Python and Java implementations of DynamoDB Encryption Client.

Minor Changes

• Add support for overriding the EncryptionContext in DynamoDBEncryptor #60

Documentation

• Update examples to use PUT instead of Clobber #60
• Document the minimum supported JDK version as JDK8 #57

This minor release contains a potentially breaking change related to the AttributeEncryptor.

Changes

• Dependency versions are updated
• Added MetaStore.replicate to make it easier to copy data-keys from one MetaStore to another
• Better support for non-standard JCA providers
• Fixed thread-safety issue in LRUCache
• AttributeEncryptor will now throw a DynamoDBMappingException if it is used with a SaveBehavior other than PUT or CLOBBER`. This is necessary to avoid risk of data-corruption. Please see inline documentation for explanation of cause.

It is important to use SaveBehavior.CLOBBER with AttributeEncryptor. If you do not do so you risk corrupting your signatures and encrypted data.

When CLOBBER is not specified, fields that are present in the record may not be passed down to the encryptor, which results in fields being left out of the record signature. This in turn can result in records failing to decrypt.

This version adds an ERROR-level log message to warn users that are at risk. A future version bump will introduce an exception in this case.

See also issue #32

Summary of changes since 1.11.0:

• Repository location updates in resources for move from awslabs to aws
• Bugfix to number of Bytes in DirectKmsMaterialProvider
  • https://github.com/aws/aws-dynamodb-encryption-java/commit/5045e9f657a51f28ead46eacf65d753a2c385aae
• DynamoDBLocal URL fix
• Examples
• Move to patch release of AWS SDK 1.11.315
• Additional tests

First official production release. Moves to SDK version 1.11.x and includes a fix related to mis-used of System.nanoTime() in MostRecentProvider.

Improved synchronization logic.

Added support for HandleUnknownAttributes and TableAadOverride

Fixed release version of 0.0.4-SNAPSHOT.

Adds support for new data types and ProviderStores.

First pre-release of aws-dynamodb-encryption-java.