Skip to content

0.93.0, May 27th 2022
Compare
Choose a tag to compare
@Lagovas Lagovas released this 27 May 13:00
· 119 commits to master since this release
0.93.0
89f6bdd
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

0.93.0, May 27th 2022

This release brings type awareness which improves transparent encryption on AcraServer. Type awareness means that it's possible to tell AcraServer what are the original data types for fields. During decryption, AcraServer will convert decrypted fields to their original data types. No need to change client application code to work with "binary data".

It's also possible to choose a default value for each data field if its decryption failed. AcraServer can send a a default value like "<encrypted data>" instead of decryption errors, making developers' and users' life easier.

Core:

  • AcraServer:
    • Added type awareness and ability to map binary data to a certain data type when sending decrypted data back to the application. Extended encryptor_config which allow configure mapping application data type to proper database's type. #515, #517, #523, #519, #520
    • Extended encryptor_config with new parameters:
      • data_type - specify data type expected by application. Accept str, bytes, int64, int32 values. #515, #517
      • default_data_value - specify a placeholder (default value) to replace data that couldn't be decrypted. #515, #517
      • response_on_fail - specify action on decryption failure. Accepts ciphertext (returns encrypted data as is), default_value (returns values from default_data_value parameter), error (returns error as DB error with message like encoding error in column {column_name}). #521, #533
    • Deprecated tokenize parameter in encryptor_config and changed focus on token_type parameter. Now is enough to specify token_type parameter without tokenize: true to turn on tokenization. Read more in the documentation. #527
    • Removed auto-generation poison record's keys but leaved for acra-poisonrecordmaker. It improves decryption due to omitting extra key generation and poison record recognition. #516
    • Improvements in handling error cases on DB protocol layer. #511, #515, #517, #520, #528, #535, #537
    • Improved sql parser and support of set command. #534
    • Ignored legacy keys on startup loading to cache. #510, #522
    • Improved PostgreSQL/MySQL protocol support. #525, #526, #539, #540, #541, #542, #543, #544
  • AcraCensor:
    • Removed legacy IsForbidden field from acra-censor’s logs. Read more here in notes. #508
  • AcraKeys:
    • Removed duplicate entries in list command. #530
  • Other:
    • Makefile target install_dev_deps install required golang's dependencies for development and code generation. #531

Documentation:

  • Improved description of AcraServer's encryptor_config, adding details and examples about data processing options: encryption, searchable encryption, masking, tokenization, type awareness, etc.
  • Updated "Debugging and troubleshooting" section with more tips and tricks.

Example projects and demos:

Assets 2