v2.11.1
Important
v2.11.1 finishes and hardens the encryption work that v2.11.0 led with.
Parts of the encrypted-fields API were documented but didn't work, the
AES-256-GCM → XChaCha20-Poly1305 upgrade path was unproven, and a few
correctness bugs are fixed. Anyone on v2.11.0 should move to v2.11.1.
Why v2.11.1
v2.11.0 made encryption its headline feature but shipped it half-finished:
- The documented API didn't match reality. Per-field algorithm selection was
silently ignored, encryption-status introspection reported every field as
unencrypted, and the guide referenced an option that was never implemented. - The upgrade path was unproven. Nothing demonstrated that turning on
XChaCha20-Poly1305 wouldn't strand existing AES-256-GCM data, and its
operational hazards were undocumented.
v2.11.1 makes that API behave as documented, proves the upgrade path with an
executable test, and documents the hazards — plus some unrelated correctness fixes.
What's Changed
Encryption
- Implement per-field algorithm override on encrypted_field (#334) by @delano in #339
- Clarify Registry.get error for a known-but-unavailable algorithm (#334 follow-up) by @delano in #340
- Add encryption upgrade proof: AES-256-GCM → XChaCha20-Poly1305 by @delano in #330
- Reject blank VERIFIABLE_ID_HMAC_SECRET, not just missing (#335) by @delano in #336
Correctness & diagnostics
- Fix DataType#exists? and StringKey size/empty? for deleted keys by @delano in #337
- Memory audit: diagnose #309 O(N) permission query + hunt per-process leaks by @delano in #338
- Prepare 2.11.1 release (encryption proof, per-field algorithm, exists? fix, memory audit) by @delano in #332
Tooling & CI
- Add bundler/gem_tasks requirement to Rakefile by @delano in #314
- ci: Claude model selection + workflow standardization by @delano in #315
- ci: workflow standardization (RuboCop lint, YARD rename, checkout, release Ruby, fork/bot guard) by @delano in #316
- Add CodeQL analysis workflow configuration by @delano in #318
- Configure Dependabot for GitHub Actions and Bundler by @delano in #319
Dependencies
- Bump concurrent-ruby from 1.3.6 to 1.3.7 by @dependabot[bot] in #317
- Bump concurrent-ruby from 1.3.6 to 1.3.7 by @dependabot[bot] in #328
- Bump ruby-prof from 2.0.4 to 2.0.5 by @dependabot[bot] in #327
- Bump rubocop from 1.85.1 to 1.88.0 by @dependabot[bot] in #323
- Bump actions/checkout from 4 to 7 by @dependabot[bot] in #324
- Bump irb from 1.15.3 to 1.18.0 by @dependabot[bot] in #326
- Bump actions/deploy-pages from 4 to 5 by @dependabot[bot] in #325
- Bump actions/upload-pages-artifact from 3 to 5 by @dependabot[bot] in #321
Full Changelog: v2.11.0...v2.11.1