CHANGELOG.md

Changelog

3.0.1 (2024-06-12)

Fixes

• Add Locale.ROOT to String uppercase conversions (#1880) (9a9950e), closes #1879
• Update DecryptionMaterials code to support legacy custom CMMs (#2037) (8807d79)

Maintenance

• deprecate getMasterKeyIds() in CryptoResult (#1976) (1890ebb)
• deps: bump bcprov-jdk18on from 1.77 to 1.78.1 (#2032) (713ca11)
• deps: udpate org.bouncycastle to bcprov-jdk18on (#1891) (32a92a9)
• deps: update dependencies (#1973) (800bd01)
• Examples: Customize KMS Client (#2001) (e94ee85)
• fix release script (#1912) (57e8a0b)
• README: update README.md (#1940) (7a0899e)
• update node version in version step (#1959) (905385d)
• Update SUPPORT_POLICY.rst (#1924) (57e40b5)

3.0.0 (2023-12-06)

⚠ BREAKING CHANGES

• This feature update includes a breaking change that requires AWS SDK v2 Java as a hard dependency.

Features

• Integrate ESDK-Java with AWS Cryptographic Material Providers Library (MPL) for Keyring and CMM Support. (#1864) (9297e1b)

Maintenance

• CFN: remove unused policy (#1862) (43e078a)
• CFN: update CFN stack to add managed policies to ci and release role (#1856) (64c970f)
• deps: bump org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0 (#1717) (ec41ae2)
• fix release script (#1796) (3617210)
• fix release-ci (#1883) (92f29d0)
• tests: update ESDK tests to replace sun.security.* API (#1852) (ca4c763)
• update release process (#1888) (f222462)
• update the javadoc release script (#1857) (1870a08)

2.4.1 (2023-08-09)

Fixes

• ci: Quote commit statement to prevent errant YAML parsing (#581) (2166f2d)
• Fix errors in the example code in README.md (#1306) (b3f5b00)
• NOTICE.txt (#1617) (6dbf436)

Maintenance

• ci: add missing @Test annotation (#1333) (3f289ac)
• CommitmentPolicy: Detail Commitment Policy on Enum (#913) (753bf7d)
• deps-dev: bump junit-jupiter-api from 5.8.2 to 5.9.0 (#1022) (3706959)
• deps-dev: bump junit-jupiter-api from 5.9.0 to 5.9.1 (#1073) (a85666c)
• deps-dev: bump junit-jupiter-api from 5.9.1 to 5.9.2 (#1313) (1466784)
• deps-dev: bump junit-vintage-engine from 5.8.2 to 5.9.0 (#1050) (4a1222c)
• deps-dev: bump junit-vintage-engine from 5.9.0 to 5.9.1 (#1074) (55746cf)
• deps-dev: bump junit-vintage-engine from 5.9.1 to 5.9.3 (#1550) (14b6766)
• deps-dev: bump mockito-core from 4.10.0 to 4.11.0 (#1283) (5311392)
• deps-dev: bump mockito-core from 4.3.1 to 4.4.0 (#625) (3e6edf3)
• deps-dev: bump mockito-core from 4.4.0 to 4.6.1 (#918) (bf7978b)
• deps-dev: bump mockito-core from 4.6.1 to 4.8.0 (#1055) (d47e1de)
• deps-dev: bump mockito-core from 4.8.0 to 4.8.1 (#1147) (e2a0f52)
• deps-dev: bump mockito-core from 4.8.1 to 4.9.0 (#1194) (28c2e71)
• deps-dev: bump mockito-core from 4.9.0 to 4.10.0 (#1254) (07e2ed2)
• deps: bump actions/checkout from 2 to 3 (#558) (6652268)
• deps: bump aws-actions/configure-aws-credentials from 1 to 2 (#1437) (91a5811)
• deps: bump aws-java-sdk from 1.12.162 to 1.12.186 (#629) (ec38abe)
• deps: bump aws-java-sdk from 1.12.186 to 1.12.256 (#920) (ef4126b)
• deps: bump aws-java-sdk from 1.12.256 to 1.12.299 (#1047) (fdf0a6d)
• deps: bump aws-java-sdk from 1.12.299 to 1.12.301 (#1053) (718b3a2)
• deps: bump aws-java-sdk from 1.12.301 to 1.12.303 (#1059) (970e9db)
• deps: bump aws-java-sdk from 1.12.303 to 1.12.304 (#1063) (e8471dc)
• deps: bump aws-java-sdk from 1.12.304 to 1.12.305 (#1066) (5bc4b3b)
• deps: bump aws-java-sdk from 1.12.305 to 1.12.306 (#1071) (93c8314)
• deps: bump aws-java-sdk from 1.12.306 to 1.12.307 (#1076) (88f85f4)
• deps: bump aws-java-sdk from 1.12.307 to 1.12.308 (#1081) (53345b8)
• deps: bump aws-java-sdk from 1.12.308 to 1.12.309 (#1085) (658f9e9)
• deps: bump aws-java-sdk from 1.12.309 to 1.12.318 (#1121) (18443d4)
• deps: bump aws-java-sdk from 1.12.318 to 1.12.319 (#1124) (624c592)
• deps: bump aws-java-sdk from 1.12.319 to 1.12.323 (#1138) (74b3dd3)
• deps: bump aws-java-sdk from 1.12.323 to 1.12.335 (#1173) (b8b0d53)
• deps: bump aws-java-sdk from 1.12.335 to 1.12.337 (#1176) (fa92676)
• deps: bump aws-java-sdk from 1.12.337 to 1.12.350 (#1220) (35235a0)
• deps: bump aws-java-sdk from 1.12.350 to 1.12.366 (#1259) (456a4ad)
• deps: bump aws-java-sdk from 1.12.366 to 1.12.381 (#1308) (80ed0a6)
• deps: bump aws-java-sdk from 1.12.381 to 1.12.394 (#1351) (0445b9e)
• deps: bump BouncyCastle from 1.72 to 1.75 (#1670) (61b6260)
• deps: bump jacoco-maven-plugin from 0.8.7 to 0.8.8 (#655) (802946a)
• deps: bump kms from 2.17.136 to 2.17.226 (#916) (6a4011e)
• deps: bump kms from 2.17.226 to 2.17.259 (#1020) (6fc33b7)
• deps: bump kms from 2.17.259 to 2.17.273 (#1054) (d87cf16)
• deps: bump kms from 2.17.273 to 2.17.274 (#1058) (4ab03c4)
• deps: bump kms from 2.17.274 to 2.17.275 (#1062) (5a70da4)
• deps: bump kms from 2.17.275 to 2.17.276 (#1065) (a3d1fae)
• deps: bump kms from 2.17.276 to 2.17.277 (#1070) (7ca5c11)
• deps: bump kms from 2.17.277 to 2.17.278 (#1075) (cbac0a3)
• deps: bump kms from 2.17.278 to 2.17.279 (#1080) (558b2f4)
• deps: bump kms from 2.17.279 to 2.17.280 (#1086) (29774ad)
• deps: bump kms from 2.17.280 to 2.17.288 (#1118) (8d94a69)
• deps: bump kms from 2.17.288 to 2.17.289 (#1122) (d09ff99)
• deps: bump kms from 2.17.289 to 2.17.292 (ff69200)
• deps: bump kms from 2.17.292 to 2.18.8 (#1167) (fa16a2d)
• deps: bump kms from 2.18.12 to 2.18.38 (#1252) (e35cf06)
• deps: bump kms from 2.18.8 to 2.18.12 (#1177) (f514633)
• deps: bump maven-compiler-plugin from 3.9.0 to 3.10.1 (#582) (9e24357)
• deps: bump maven-javadoc-plugin from 3.3.1 to 3.3.2 (#525) (8489bd6)
• deps: bump maven-javadoc-plugin from 3.3.2 to 3.4.1 (#998) (44be313)
• deps: bump maven-surefire-plugin from 2.22.2 to 3.1.2 (#1632) (ea0a848)
• deps: bump nexus-staging-maven-plugin from 1.6.12 to 1.6.13 (#704) (15fab9f)
• deps: bump software.amazon.awssdk:bom from 2.17.136 to 2.17.228 (#925) (ae52cef)
• deps: bump software.amazon.awssdk:bom from 2.17.228 to 2.17.273 (#1056) (e40651c)
• deps: bump software.amazon.awssdk:bom from 2.17.273 to 2.17.274 (#1057) (35f38bd)
• deps: bump software.amazon.awssdk:bom from 2.17.274 to 2.17.275 (#1061) (18c8172)
• deps: bump software.amazon.awssdk:bom from 2.17.275 to 2.17.276 (#1067) (efd340d)
• deps: bump software.amazon.awssdk:bom from 2.17.276 to 2.17.277 (#1069) (5721a81)
• deps: bump software.amazon.awssdk:bom from 2.17.277 to 2.17.278 (#1077) (49b867e)
• deps: bump software.amazon.awssdk:bom from 2.17.278 to 2.17.280 (#1084) (cb2a92f)
• deps: bump software.amazon.awssdk:bom from 2.17.280 to 2.17.288 (#1116) (7ff4e14)
• deps: bump software.amazon.awssdk:bom from 2.17.288 to 2.17.292 (98236cd)
• deps: bump software.amazon.awssdk:bom from 2.17.292 to 2.18.1 (#1148) (f7f6088)
• deps: bump software.amazon.awssdk:bom from 2.18.1 to 2.18.8 (#1168) (12e5383)
• deps: bump software.amazon.awssdk:bom from 2.18.12 to 2.18.38 (#1251) (6593b98)
• deps: bump software.amazon.awssdk:bom from 2.18.38 to 2.19.11 (#1299) (cd08a3b)
• deps: bump software.amazon.awssdk:bom from 2.18.8 to 2.18.12 (#1178) (03bc7bd)
• deps: bump software.amazon.awssdk:bom from 2.19.11 to 2.19.26 (#1354) (7ee7f55)
• deps: bump software.amazon.awssdk:bom from 2.19.26 to 2.20.91 (#1667) (2b5f92a)
• Detail AWS SDK v2 support (#835) (5705e1f)
• Fix re-run CI workflows (#1219) (3bec521)
• remove mainline-1.x from dependabot (#1120) (3956822)
• Run CodeBuild CI from Github Actions (#1213) (ba726b5)
• SupportPolicy: Mark 1.x End-of-Support (#1026) (ff93eab)
• Update org.bouncycastle to bcprov-ext-jdk18on (#1572) (c56aff3)
• update node version in versioning cb step (#1712) (a34e0ad)
• use correct signing key for release (#928) (86332e4)
• use new signing keys for ci (#840) (6043417)

2.4.0 (2022-03-09)

Features

• AWS SDK v2 support (006cdc4)

Fixes

• Revert "AWS Encryption SDK 2.4.0 Release -- $(date +%Y-%m-%d)" (7563a95)

Maintenance

• Add back removed CiphertextHeaders.deserialize method (#382) (c1f3e63)
• add build to support uploading artifacts (#379) (69e7914)
• Add CODEOWNERS file (#406) (b9adf9f)
• add javadoc update to batch build (#376) (d88190b)
• Adding semantic release config file (#346) (6201c1a)
• ci: change release vars (#578) (de99b56)
• deps-dev: bump junit-jupiter-api from 5.7.2 to 5.8.0 (#339) (6dfaef9)
• deps-dev: bump junit-jupiter-api from 5.8.0 to 5.8.1 (#347) (7d3bb0a)
• deps-dev: bump junit-jupiter-api from 5.8.1 to 5.8.2 (#427) (7de569a)
• deps-dev: bump junit-vintage-engine from 5.7.2 to 5.8.0 (#337) (2338b92)
• deps-dev: bump junit-vintage-engine from 5.8.0 to 5.8.1 (#348) (d0221cf)
• deps-dev: bump junit-vintage-engine from 5.8.1 to 5.8.2 (#426) (065ab94)
• deps-dev: bump mockito-core from 3.12.3 to 3.12.4 (#323) (0208d0d)
• deps-dev: bump mockito-core from 4.0.0 to 4.1.0 (#441) (8dfda1a)
• deps-dev: bump mockito-core from 4.1.0 to 4.2.0 (#458) (a1b1885)
• deps-dev: bump mockito-core from 4.2.0 to 4.3.1 (#500) (a709e69)
• deps: bump aws-java-sdk from 1.12.102 to 1.12.105 (#404) (b87d8c6)
• deps: bump aws-java-sdk from 1.12.105 to 1.12.106 (#405) (dd633c0)
• deps: bump aws-java-sdk from 1.12.106 to 1.12.127 (#436) (91f6ffc)
• deps: bump aws-java-sdk from 1.12.127 to 1.12.128 (#437) (37078ec)
• deps: bump aws-java-sdk from 1.12.128 to 1.12.129 (#447) (6872c63)
• deps: bump aws-java-sdk from 1.12.129 to 1.12.131 (#463) (a98a321)
• deps: bump aws-java-sdk from 1.12.131 to 1.12.150 (#508) (433dc1b)
• deps: bump aws-java-sdk from 1.12.150 to 1.12.151 (#510) (70257a5)
• deps: bump aws-java-sdk from 1.12.151 to 1.12.162 (#541) (22abc6c)
• deps: bump aws-java-sdk from 1.12.54 to 1.12.68 (#341) (291be0a)
• deps: bump aws-java-sdk from 1.12.68 to 1.12.73 (#350) (153a0b3)
• deps: bump aws-java-sdk from 1.12.73 to 1.12.74 (#351) (e5f3962)
• deps: bump aws-java-sdk from 1.12.74 to 1.12.75 (#353) (3339c20)
• deps: bump aws-java-sdk from 1.12.75 to 1.12.102 (#400) (98b079c)
• deps: bump bcprov-ext-jdk15on from 1.69 to 1.70 (#439) (969852a)
• deps: bump build-helper-maven-plugin from 3.2.0 to 3.3.0 (#473) (4f7d08c)
• deps: bump fmt-maven-plugin from 2.12 to 2.13 (#429) (e5d8c32)
• deps: bump maven-compiler-plugin from 3.8.1 to 3.9.0 (#481) (369a049)
• deps: bump maven-javadoc-plugin from 3.3.0 to 3.3.1 (#333) (693e43f)
• deps: bump nexus-staging-maven-plugin from 1.6.11 to 1.6.12 (#546) (6fa782b)
• deps: bump nexus-staging-maven-plugin from 1.6.8 to 1.6.11 (#535) (0ab1db0)
• docs: update README get started example (#423) (da0fe89)
• docs: updating broken javadoc link (#366) (487be4b)
• moving and renaming buildspec.yml (#360) (e259caf)
• release updates (#369) (4b9d932)
• source controlling cfn templates that will be used for our release process (#345) (456dda0)
• update dependabot to update mainline-1.x (#440) (960f3e5)
• update gh token (#412) (f8ada9b)
• update release process (#396) (c0ff093)
• update releaserc to include pom.xml file (#357) (63e2f05)
• update token name and timeout (#411) (c0d5a0e)
• updating prod template to remove resources and abstract ones (#354) (ecc17a6)
• Upgrade mockito to 4.0.0 (#438) (629dbfd)

2.3.3 -- 2021-08-26

Maintenance

• chore(deps): bump aws-java-sdk from 1.12.26 to 1.12.54 (#299) (#301) (#302) (#301) (#311) (#312) (#315) (#317) (#319) (#321)
• chore: Bump fmt-maven-plugin from 2.11 to 2.12 (#318)
• chore: Bump mockito-core from 3.11.2 to 3.12.3 (#316) (#320)
• CI: Compilation with OpenJDK11 and validation with other JDKs (#293)

2.3.2 -- 2021-07-20

Maintenance

• Bump maven-gpg-plugin from 1.6 to 3.0.1 (#259)
• chore(deps): bump aws-java-sdk from 1.11.704 to 1.12.26 (#284) (#281) (#280) (#278)
• Bump maven-javadoc-plugin from 3.0.1 to 3.3.0 (#267)
• chore: Bump maven-compiler-plugin from 3.8.0 to 3.8.1 (#276)
• chore: Bump fmt-maven-plugin from 2.10 to 2.11 (#275)
• chore: Bump junit-vintage-engine from 5.7.1 to 5.7.2 (#268)
• chore: Bump mockito-core from 3.8.0 to 3.11.2 (#270)
• chore: Add support policy (#274)

2.3.1 -- 2021-06-29

• fix: read project properties from package's own ClassLoader (PR #269)

2.3.0 -- 2021-06-16

• feat: AWS KMS multi-Region Key support

  Added new the master key AwsKmsMrkAwareMasterKey and the new master key provider AwsKmsMrkAwareMasterKeyProvider that support AWS KMS multi-Region Keys.

  See https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html for more details about AWS KMS multi-Region Keys.

  See https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/configure.html#config-mrks for more details about how the AWS Encryption SDK interoperates with AWS KMS multi-Region keys.

2.2.0 -- 2021-05-27

• feat: Improvements to the message decryption process.

  See https://github.com/aws/aws-encryption-sdk-java/security/advisories/GHSA-55xh-53m6-936r

2.0.0 -- 2020-09-24

• feat!: Updates to the AWS Encryption SDK. 4678ffa

BREAKING CHANGES

• AWS KMS KeyIDs must be specified explicitly or Discovery mode explicitly chosen. Key committing suites are now default. CommitmentPolicy requires commitment by default.

See: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/migration.html

1.7.0 -- 2020-09-24

• feat: Updates to the AWS Encryption SDK. a6be12a

1.6.2 -- 2020-05-26

Patches

• Validate final frame length does not exceed the frame size in the message header PR #166
• Validate entire ciphertext has been processed before returning PR #191

Maintenance

• Update AWS Java SDK version from 1.11.561 to 1.11.704. PR #186
• Upgrade Bouncy Castle from 1.61 to 1.65 PR #179

1.6.1 -- 2019-10-29

Deprecation Warnings

• Deprecated AwsCrypto.encryptString() and AwsCrypto.decryptString(). Replace your calls to these methods with calls to AwsCrypto.encryptData() and AwsCrypto.decryptData(). Unlike the deprecated methods, these methods don't perform any Base64 encoding or decoding, so they are fully compatible with other language implementations of the AWS Encryption SDK.

  If you need Base64 encoding or decoding for your application, you can add it outside of the AWS Encryption SDK. PR #120

Patches

• Correctly validate version PR #116
• ParsedCiphertext now handles truncated input properly PR #119

Maintenance

• Add support for standard test vectors via testVectorZip system property. PR #127
• Remove all explicit cryptographic dependencies on BouncyCastle. The AWS Encryption SDK for Java still uses Bouncy Castle for other tasks. PRs #128, #129, #130, #131, and #132.

1.6.0 -- 2019-05-31

Minor Changes

• Remove dependency on Apache Commons Codec 1.12.
• Use Base64 encoder from Bouncy Castle.
• Introduce and use utility methods for Base64 encoding/decoding so that switching the codec provider needs to be done only in one place next time.

1.5.0 -- 2019-05-30

Minor Changes

• Added dependency on Apache Commons Codec 1.12.
• Use org.apache.commons.codec.binary.Base64 instead of java.util.Base64 so that the SDK can be used on systems that do not have java.util.Base64 but support Java 8 language features.

Maintenance

• Upgrade AWS Java SDK version from 1.11.169 to 1.11.561.
• Upgrade Mockito from 2.23.4 to 2.28.1.
• Upgrade Apache Commons Lang from 3.4 to 3.9.

1.4.1 -- 2019-05-10

Patches

• Cast ByteBuffer to Buffer prior to using some methods so that it works properly in Java 8.

1.4.0 -- 2019-05-10

Minor Changes

• Increased BouncyCastle dependency version to 1.61
• Removed explicit use of BouncyCastle from all cryptography except for EC key generation and RSA encryption/decryption

Maintenance

• Increased Mockito test dependency version to 2.23.4

1.3.6 -- 2018-12-10

Patches

• Fixed typos in Exception messages (excryption -> encryption) #78
• Fixed DecryptionMaterialsRequest.Builder to copy EncryptionContext #77

Maintenance

• JML Specifications for CipherBlockHeaders #74
• Minor Java code cleanup #73
• Added JML specs in #72
• Ensure that KeyBlob treats field lengths as unsigned shorts #71

1.3.5

Minor Changes

• Restored the KMS client cache with a fix for the memory leak.
• When using a master key provider that can only service a subset of regions (e.g. using the deprecated constructors), and requesting a master key from a region not servicable by that MKP, the exception will now be thrown on first use of the MK, rather than at getMasterKey time.

1.3.4

Minor Changes

• Removed the KMS client cache, which could result in a memory leak when decrypting certain malformed ciphertexts. This may reduce performance slightly in some scenarios.

1.3.3

Minor Changes

• Move the aws-encryption-sdk-java repository from awslabs to aws.
• Log a warning when an unsupported asymmetric algorithm is used with JceMasterKey
• Make JceMasterKey case insensitive
• Fix bare aliases not using default region

1.3.2

Minor Changes

• Frame size restriction removed again
• Support Builders for use with AWS KMS
• Fix estimateCipherText when used with cached data keys
• Do not automatically set a default region in KmsMasterKeyProvider

1.3.1

Minor changes

• Frame sizes are once again required to be aligned to 16 bytes This restriction was relaxed in 1.3.0, but due to compatibility concerns we'll put this restriction back in for the time being.

1.3.0

Major changes

• Synchronized version numbers with the Python release
• Added cryptographic materials managers
• Added data key caching
• Moved to deterministic IV generation

Minor changes

• Added changelog
• Made elliptic curve signatures length deterministic
• Various minor improvements