Skip to content

v2.11.1

Choose a tag to compare

@delano delano released this 05 Jul 05:37
Immutable release. Only release title and notes can be modified.
ecd78da

Important

v2.11.1 finishes and hardens the encryption work that v2.11.0 led with.
Parts of the encrypted-fields API were documented but didn't work, the
AES-256-GCM → XChaCha20-Poly1305 upgrade path was unproven, and a few
correctness bugs are fixed. Anyone on v2.11.0 should move to v2.11.1.

Why v2.11.1

v2.11.0 made encryption its headline feature but shipped it half-finished:

  • The documented API didn't match reality. Per-field algorithm selection was
    silently ignored, encryption-status introspection reported every field as
    unencrypted, and the guide referenced an option that was never implemented.
  • The upgrade path was unproven. Nothing demonstrated that turning on
    XChaCha20-Poly1305 wouldn't strand existing AES-256-GCM data, and its
    operational hazards were undocumented.

v2.11.1 makes that API behave as documented, proves the upgrade path with an
executable test, and documents the hazards — plus some unrelated correctness fixes.

What's Changed

Encryption

  • Implement per-field algorithm override on encrypted_field (#334) by @delano in #339
  • Clarify Registry.get error for a known-but-unavailable algorithm (#334 follow-up) by @delano in #340
  • Add encryption upgrade proof: AES-256-GCM → XChaCha20-Poly1305 by @delano in #330
  • Reject blank VERIFIABLE_ID_HMAC_SECRET, not just missing (#335) by @delano in #336

Correctness & diagnostics

  • Fix DataType#exists? and StringKey size/empty? for deleted keys by @delano in #337
  • Memory audit: diagnose #309 O(N) permission query + hunt per-process leaks by @delano in #338
  • Prepare 2.11.1 release (encryption proof, per-field algorithm, exists? fix, memory audit) by @delano in #332

Tooling & CI

  • Add bundler/gem_tasks requirement to Rakefile by @delano in #314
  • ci: Claude model selection + workflow standardization by @delano in #315
  • ci: workflow standardization (RuboCop lint, YARD rename, checkout, release Ruby, fork/bot guard) by @delano in #316
  • Add CodeQL analysis workflow configuration by @delano in #318
  • Configure Dependabot for GitHub Actions and Bundler by @delano in #319

Dependencies

Full Changelog: v2.11.0...v2.11.1