Skip to content

Releases: aws/aws-database-encryption-sdk-dynamodb

3.1.2 -- 2023-11-13

13 Nov 20:24
@lavaleri lavaleri
v3.1.2
ea42115
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.1.2 -- 2023-11-13

Fix

Fixed an issue where, when using the DynamoDbEncryptionInterceptor,
an encrypted item in the Attributes field of a DeleteItem, PutItem, or UpdateItem
response was passed through unmodified instead of being decrypted.

Loading

3.1.1 -- 2023-11-07

08 Nov 00:52
@lavaleri lavaleri
v3.1.1
5401b04
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.1.1 -- 2023-11-07

Fix

Issue when a DynamoDB Set attribute is marked as SIGN_ONLY in the AWS Database Encryption SDK (DB-ESDK) for DynamoDB.

DB-ESDK for DynamoDB supports SIGN_ONLY and ENCRYPT_AND_SIGN attribute actions. In version 3.1.0 and below, when a Set type is assigned a SIGN_ONLY attribute action, there is a chance that signature validation of the record containing a Set will fail on read, even if the Set attributes contain the same values. The probability of a failure depends on the order of the elements in the Set combined with how DynamoDB returns this data, which is undefined.

This update addresses the issue by ensuring that any Set values are canonicalized in the same order while written to DynamoDB as when read back from DynamoDB.

See: https://github.com/aws/aws-database-encryption-sdk-dynamodb-java/DecryptWithPermute/README.md for additional details

Loading

3.1.0 -- 2023-09-11

11 Sep 19:24
@lucasmcdonald3 lucasmcdonald3
v3.1.0
a331844
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.1.0 -- 2023-09-11

Features

  • Support underscores in DynamoDB expression attribute names

Maintenance

  • Upgrade various library dependencies
  • A variety of fixes to the library's CI and testing
Loading

3.0.0 -- 2023-07-24

24 Jul 20:18
@texastony texastony
v3.0.0
7fce0d2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.0.0 -- 2023-07-24

Features

  • Updates to the AWS Cryptographic Material Providers Library for Java,
    a pivotal dependency of the this library,
    introduce Thread Safe Cryptographic Materials Caches (CMCs):
    • Storm Tracking Cache
      Safe for use in a multi threaded environment,
      tries to prevent redundant or overly parallel backend calls.
      See Spec changes for details.
    • Multi Threaded Cache
      Safe for use in a multi threaded environment,
      but no extra functionality
  • Examples for using the Enhanced Client via Lombok Annotation and TableSchemaBuilder
  • Detection of ignored DynamoDB Encryption Configuration Tags due to Nested Data Models
  • Multi Threading Example

BREAKING CHANGES

  • Updates to the AWS Cryptographic Material Providers Library for Java,
    a pivotal dependency of the library,
    introduce the following breaking changes:
    • CMCs:
      • Original Cryptographic Materials Cache has been renamed to Single Threaded Cache
      • CreateCryptographicMaterialsCacheInput now ONLY accepts CacheType,
        which determines which, if any, of the three implemented CMCs will be returned.
      • The DefaultCache is StormTrackingCache
    • CreateAwsKmsHierarchicalKeyringInput:
      • no longer has a maxCacheSize field
      • now has an optional cache field for a CacheType
    • Hierarchical Keyring's Key Store:
      • The Hierarchical Keyring's Key Store's Data Structure has changed.
        As such, entries persisted in the Key Store with prior versions of this library are NOT compatible.
        Instead, we recommend Creating a new DynamoDB Table for this version of the Key Store.
      • The Key Store's CreateKeyInput now takes:
        • An Optional String branchKeyIdentifier
        • An Optional EncryptionContext encryptionContext
          • This encryptionContext will be added to the Encryption Context sent to KMS prefixed with aws-crypto-ec:
      • Creating a Key now also calls KMS:ReEncrypt
      • CreateKeyStore no longer creates a GSI
      • The Encryption Context used with KMS' GenerateDataKeyWithoutPlaintext no longer includes the discarded GSI's status.
      • More details about the Key Store's changes are available in our Specification:

Fix

  • With the Enhanced Client, Identify Only Index attributes for Sign Only,
    NOT all Key Attributes, such as Auto Generated Last Modified Time Stamp.

Maintenance

  • A variety of fixes to the libraries CI and testing
Loading

3.0.0-preview-2 -- 2023-06-09

09 Jun 21:25
@josecorella josecorella
v3.0.0-preview-2
f312e15
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.0.0-preview-2 -- 2023-06-09 Pre-release
Pre-release

Fix

  • Fixes generated pom.xml file such that it is compatible with mvn projects.
Loading

3.0.0-preview-1 -- 2023-06-09

09 Jun 21:28
@josecorella josecorella
v3.0.0-preview-1
c87a1b0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
3.0.0-preview-1 -- 2023-06-09 Pre-release
Pre-release

Features

  • Initial release of the AWS Database Encryption SDK.
    This release is considered a developer preview
    and is not intended for production use cases.
Loading