2.4.0 -- 2021-07-01

Deprecation Announcement

The AWS Encryption SDK for Python is discontinuing support for Python 2. Future major versions of this library will drop support for Python 2 and begin to adopt changes that are known to break Python 2.

Support for Python 3.4 will be removed at the same time. Moving forward, we will support Python 3.5+.

Security updates will still be available for the Encryption SDK 2.x line for the next 12 months, in accordance with our Support Policy.

2.3.0 -- 2021-06-16

Features

• AWS KMS multi-Region Key support (#350)

  Added new the master key MRKAwareKMSMasterKey
  and the new master key providers MRKAwareStrictAwsKmsMasterKeyProvider
  and MRKAwareDiscoveryAwsKmsMasterKeyProvider
  that support AWS KMS multi-Region Keys.

  See https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
  for more details about AWS KMS multi-Region Keys.
  See https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/configure.html#config-mrks
  for more details about how the AWS Encryption SDK interoperates
  with AWS KMS multi-Region keys.

2.2.0 -- 2021-05-27

Features

• Improvements to the message decryption process (#343)
  See GHSA-x5h4-9gqw-942j

1.9.0 -- 2021-05-27

Features

• Improvements to the message decryption process (#342)
  See GHSA-x5h4-9gqw-942j

2.1.0 -- 2020-04-20

Maintenance

• New minimum cryptography dependency 2.5.0 since we're using newer byte type checking #308
• New minimum boto dependency 1.10.0 to ensure KMS Decrypt APIs know about the KeyId parameter #317
• Add python 3.8 and 3.9 to CI and update setup.py to clarify we support them #329
• Update decrypt oracle and test vector handlers with 2.0.0 changes #303
• Added a number of CodeBuild specs to support integration tests and release processes

2.0.0 -- 2020-09-24

Features

• Updates to the AWS Encryption SDK 73cce71

Breaking Changes

• AWS KMS KeyIDs must be specified explicitly or Discovery mode explicitly chosen.
• Key committing suites are now default.
• CommitmentPolicy requires commitment by default.

See migration guide for more details: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/migration.html

1.7.1 -- 2020-09-24

Bugfix

• Reintroduce removed symbol in top-level aws_encryption_sdk module

1.7.0 -- 2020-09-24

Features

• Updates to the AWS Encryption SDK. ef90351

Deprecations

• KMSMasterKeyProvider is deprecated. Customers should move to StrictAwsKmsMasterKeyProvider with explicit key ids, or DiscoveryAwsKmsMasterKeyProvider to allow decryption of any ciphertext to which the application has access.
• The encrypt, decrypt, and stream methods in the aws_encryption_sdk module are deprecated. Customers should move to the identically named methods on the new EncryptionSDKClient class.

See migration guide: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/migration.html

1.4.1

1.4.1 -- 2019-09-20

Bugfixes

• Fix region configuration override in botocore sessions.
  #190
  #193

Minor

• Caching CMM must require that max age configuration value is greater than 0.
  #147
  #172

1.4.0 -- 2019-05-23

Minor

• Remove dependence on all source_stream APIs except for read(). #103

Potentially Backwards Incompatible

• Encryption streams no longer close the source_stream when they themselves close.
  If you are using context managers for all of your stream handling,
  this change will not affect you.
  However, if you have been relying on the StreamDecryptor
  or StreamEncryptor to close your source_stream for you,
  you will now need to close those streams yourself.
• StreamDecryptor.body_start and StreamDecryptor.body_end,
  deprecated in a prior release,
  have now been removed.

Maintenance

• Move all remaining unittest tests to pytest. #99

Bugfixes

• Fix MasterKeyprovider.decrypt_data_key_from_list error handling. #150