3.7.0 -- 2024-09-17

3.7.0 (2024-09-17)

Features

• bump to dafny 4.8.0 and mpl 1.6.0 (#1356) (fedc0ad)

Fixes

• remove usage of :| (#1320) (eeb3f51)

Maintenance

• add check only keyword action (#1327) (5d777d6)
• add ddb local to dafny interop test vectors (#1316) (6128a39)
• allow local testing (#1311) (e758e97)
• remove /// from smithy files (#1349) (303a8bd)
• remove assert to fix verification (#1360) (8849c1e)

3.6.2 -- 2024-08-22

3.6.2 (2024-08-22)

Fixes

• revert change in error type (#1304) (33d7ee4)

Maintenance

• ...the nightly build. Again. (#1297) (b7a91c9)
• add timing output to test vectors (#1298) (30dfaa8)
• Enable local testing (#1278) (7093266)
• fix ci mpl head gha (#1306) (c572d6a)
• fix dafny interop build steps (#1293) (c6ce809)
• fix nightly (#1300) (a445eff)
• GHA: add backwards interop dafny tests (#1279) (1e6be80)
• GHA: another gha fix (#1292) (df64b30)
• GHA: fix dafny_interop_java (#1283) (5a1c921)
• GHA: fix test vector dafny interop (#1291) (fdefaff)
• GHA: update nightlies for interop and interop action (#1287) (8bec538)

3.6.1 -- 2024-08-13

3.6.1 (2024-08-12)

Fixes

• allow multi-tenant queries with allow_plaintext (#1240) (1487d7e)
• TestVectors: define StartUpObject in csproj (#1231) (2f97bf3)
• update error message (#1270) (7157e4d)

Maintenance

• Add examples to examine contents of query error list (#1251) (b5705ee)
• CI: add smithy diff checker GHA (#1226) (86406f5)
• deps: bump actions/setup-dotnet from 3 to 4 in /.github/workflows (#1191) (c3b736e)
• deps: bump aws-actions/configure-aws-credentials (#1190) (becbd0a)
• deps: bump com.amazonaws:aws-java-sdk-dynamodb (#1230) (3aa25d0)
• deps: bump dafny-lang/setup-dafny-action in /.github/workflows (#1200) (5284f0b)
• deps: bump software.amazon.awssdk:bom (#1227) (abd1727)
• deps: bump software.amazon.awssdk:bom (#1229) (bf3e1c3)
• deps: bump software.amazon.awssdk:core (#1228) (9c67729)
• do not add beacons when FORCE_PLAINTEXT_WRITE is used. (#1232) (23c8a18)
• include bad item keys in query errors (#1244) (07bba8b)
• update version to snapshot (#1225) (c817b5b)

3.6.0 -- 2024-07-24

3.6.0 (2024-07-23)

Features

• allow indirect attribute names with MultiKeyStore (#1208) (4ab97bc)

Maintenance

• bump dafny verification version to 4.7 (#1181) (e7801ec)
• CI/CD: use latest conventional-changelog-conventionalcommits (#1195) (510227e)
• Fix nightly build (aside from verification) (#1029) (862420e)
• GHA: add action for testing against MPL HEAD (#1187) (b2f70ca)
• GHA: fix daily ci (#1194) (a1427e0)
• MPL: Bump MPL to 1.5.1 (#1201) (808a5b4)
• Sonatype Migration to User Tokens (#1216) (a3b4ef9)
• Try to update existing issues (31c6b98)
• Try to update existing issues (4471295)
• update project.properties to be SNAPSHOT (#1087) (6f2825e)

3.5.0 -- 2024-05-03

3.5.0 (2024-05-30)

Features

• DynamoDbEncryption: Add GetEncryptedDataKeyDescription operation (#856) (8f8471a)
• Bump MPL to 1.4 (#1067) (51bbab5). This provides three new KMSConfiguration options when constructing a KeyStore (see https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-hierarchical-keyring.html). To KmsKeyArn are added KmsMRKeyArn, Discovery and MrDiscovery.

Maintenance

• improve verification (#1020) (cbde4ef)
• simplify structured encryption (#866) (a70a569)
• allow Legacy to use subclass of DynamoDBEncryptor (#1073) (135acd9)
• Java-Release: update release commands and use SNAPSHOT builds (#995) (ac9b79e)
• reformat and enforce formatting (#1035) (8a76a9d)
• verify with Dafny 4.6 (#1072) (9db6e78)

3.4.0 -- 2024-05-02

Notes

.NET

• #797 (785481c) Enforces User input Constraints at Type Conversion.

Prior to this fix, unset Integers defaulted to 0, and unset Booleans defaulted to false.

Now, all required fields MUST be set or a Runtime Exception will be thrown.

This particularly effects Searchable Encryption's
ConstructorPart, who's required field previously
would have defaulted to false.
Any configuration ever created for Searchable Encryption can be re-created with the fix, but they may look different.

Features

• feat(.NET): Validate user input #797 (785481c)

Maintenance

• format: enforce Dafny formatting (#865) (dfc0dbd)
• test: more test vectors (#959) (3ca15af)
• CI add verify test for test vectors (#897) (6c980e7)
• CI/CD: add semantic release automation (#949) (3f22abc)
• deps: bump actions/setup-dotnet from 3 to 4 in /.github/workflows (#943) (f5d9748)
• deps: bump aws-actions/configure-aws-credentials (#954) (90d7d78)
• deps(Java): bump io.github.gradle-nexus.publish-plugin (#903) (04c6cc4)
• deps(Java): bump org.projectlombok:lombok (#838) (56f1cd1)
• deps: bump rrainn/dynamodb-action in /.github/workflows (#932) (16e4d7b)
• docs: mention sign_and_include in javadoc for keyid supplier (#966) (2796693)
• docs: point to the correct readme (#845) (b950b4a)
• fix: repair json file names (#846) (3ca955a)
• test(.NET): "dotnet pack" in CI (#851) (75e44d0)
• test: add tests for attribute names that seem structured (#964) (c4c0886)
• deps(Java & .NET): Update MPL to 1.3.0 (#972) (3d8acae)

3.3.0 -- 2024-03-20

Features

• A fourth Crypto Action will be made available : SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT, to join the existing DO_NOTHING, SIGN_ONLY and ENCRYPT_AND_SIGN. SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT behaves like SIGN_ONLY, but also includes the value in the encryption context, making it available to the branch key selector.
• The Parsed Header, returned from EncryptItem and DecryptItem, now returns two more fields
  • encryptionContext : the full encryption context used for encryption
  • selectorContext : the encryption context as presented to the branch key selector
• The Java Enhanced Client now supports Single Table Design. When using the DynamoDbEnhancedTableEncryptionConfig builder, one can now specify schemaOnEncrypt multiple times, once for each class being modeled in the table.
• There was a hard limit of 100 on the size of maps and lists in Items to be encrypted. This limit has been removed.

3.2.0 -- 2024-01-16

Features

• support for .NET
• Beacon Styles :
  • PartOnly : save a little bit of space for a beacon that used as part of a Compound Beacon, but never alone
  • AsSet : turn a set of values into a set of beacons, rather than into a single beacon
  • Twinned : calculate beacons for one attribute to be compatible with those from a different attribute
  • TwinnedSet : both AsSet and Twinned
• Global Parts List : all compound beacons can now share a single list of Parts
• Test vectors to ensure cross language compatibility
• explicit error message when searching on a Compound Beacon that could never exist.
• New APIs : ResolveAttributes and GetVirtualFields to assist in development and debugging.

Fix

• String compare for client side filtering of Scan and Query results could somtimes produce the wrong result for certain characters.

3.1.2 -- 2023-11-13

Fix

Fixed an issue where, when using the DynamoDbEncryptionInterceptor,
an encrypted item in the Attributes field of a DeleteItem, PutItem, or UpdateItem
response was passed through unmodified instead of being decrypted.

3.1.1 -- 2023-11-07

Fix

Issue when a DynamoDB Set attribute is marked as SIGN_ONLY in the AWS Database Encryption SDK (DB-ESDK) for DynamoDB.

DB-ESDK for DynamoDB supports SIGN_ONLY and ENCRYPT_AND_SIGN attribute actions. In version 3.1.0 and below, when a Set type is assigned a SIGN_ONLY attribute action, there is a chance that signature validation of the record containing a Set will fail on read, even if the Set attributes contain the same values. The probability of a failure depends on the order of the elements in the Set combined with how DynamoDB returns this data, which is undefined.

This update addresses the issue by ensuring that any Set values are canonicalized in the same order while written to DynamoDB as when read back from DynamoDB.

See: https://github.com/aws/aws-database-encryption-sdk-dynamodb-java/DecryptWithPermute/README.md for additional details