4.1.0 -- 2024-05-14

Notes

• (#646) Enforces input constraints.

Prior to this fix, the AWS Encryption SDK in .NET (ESDK-NET) failed to enforce user input constraints. Input shapes without required members set would always result in a NullReferenceException.
Now, the ESDK-NET will throw its own Exceptions when illegal user input
is submitted.

Fixes

• fix: throw an exception when MemoryStream instance has an empty backing array (#633)

Features

• feat: enforce input constraints (#646)

Maintenance

• fix(CI): Daily CI uses correct workflow (#641)
• chore(ci): fix role to assume (#622)
• chore(CI/CD): add semantic release automation (#647)
• chore: Adopt SmithyDafnyMakefile.mk, fix nightly build (#638)
• chore(CI): add interop tests to daily ci (#640)
• chore: only run net48 on windows and use node 17 to run integration-node (#639)
• chore(.NET): Add ESDK-Net v4.0.1 generated vectors(#636)
• chore(NET-SupportPolicy): Mark 3.x as Support (#631)
• chore: Add manual trigger for nightly_dafny.yml (#629)
• chore: split vc gen on some methods to migrate to Dafny 4.4 (#627)
• test: restore CODEOWNERS and daily CI (#624)
• chore: update template to point to public repo (#626)
• chore: remove unused release step in test-prod (#623)

4.0.1 -- 2023-11-21

Fixes

The ESDK-NET’s Message Header AAD
incorrectly appended two empty bytes
when using the DefaultCMM.
The HKDF invocation of non-committing algorithm suites
failed to include the Message ID in the info parameter.

Neither of these issues
effect the security of messages
written by the 4.0.0 release.

However,
these messages diverge
from the Encryption SDK Message Specification.
Thus:

• ESDK-NET v4.0.0 writes messages that only ESDK-NET v4.0.0 and greater can read.
• ESDK-NET v4.0.0 is ONLY able to read messages that are written by ESDK-NET v4.0.0

These issues are fixed in 4.0.1,
which writes messages according to the Encryption SDK Message Specification,
and are interoperable with other implementations of this library.

The option NetV4_RetryPolicy can be use to decrypt v4.0.0 messages.
See NetV4_0_0Example.cs on how to use the NetV4_RetryPolicy
and details on distributed applications.

4.0.0 -- 2023-10-11

BREAKING CHANGES

• AWS Encryption SDK for .NET now directly depends on the AWS Cryptographic Material Providers Library for .NET
• Required Encryption Context CMM generates messages that the Encryption SDK for .NET < 4.0.0 cannot read
  • This feature does not yet exist in other Encryption SDKs, as such, messages written using this feature are not interoperable
    with other runtimes.
• AWS Encryption SDK now only supports .NET 6.0 and later, and .NET Framework 4.8.0 and later.

Features

• Required Encryption Context CMM
• AWS KMS RSA Keyring
• AWS KMS Hierarchical Keyring

NuGet Rename

Added on October 16th, 2023
As of version 4.0.0, the AWS Encryption SDK for .NET is on NuGet as AWS.Cryptography.EncryptionSDK.

Prior versions are under AWS.EncryptionSDK.

3.1.0 -- 2022-09-07

3.1.0

Fixes

• chore: pack README for display on NuGet page (#585)
• fix: add DiscoveryFilter to MRK Discovery Keyring example (#581)
• docs: fix .NET ESDK link in README (#589)
• docs: fix .NET ESDK package name in README (#600)
• docs: link to macOS setup wiki in README (#601)

Maintenance

• chore: update generated KMS code (#580)
• chore: use public spec URL for submodule (#586)
• fix: use renamed directories for Duvet report (#587)
• chore: bump Newtonsoft.Json in test vector projects (#595)
• feat: add user agent to default KMS clients (#598)
• ci: use .NET 6.0 for release buildspecs (#602)

3.0.0 -- 2022-05-17

Initial launch of the AWS Encryption SDK for .NET.