diff --git a/CHANGELOG.md b/CHANGELOG.md
index c5b3bc7..34bb254 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,18 @@
## V 2.x.x (NEXT)
+## V 2.3.0 Bugfix Release
+
+This releases fixes a security issue (#50) where encrypted, but not signed archives could be modified.
+Some background on MDC and why it's important security-wise: https://gpgtools.tenderapp.com/kb/faq/modification-detection-code-mdc-errors
+
+* Fix: Do not expose logback as compile-time dependency (#41)
+* Fix: java.io.EOFException: Unexpected end of ZIP input stream using 2.2.0 version for PGP file (#46)
+* Fix: KeyFlag#extractPublicKeyFlags throws NullPointerException if called on an older public key with no hashed subpackets (#48)
+* Fix: Encrypting with keys that don't have a KeyFlags subpacket (#50)
+* Fix: MDC (integrity checksum) is not verified when decrypting (#45)
+* Enh: Bump Bouncy Castle to 1.67
+
+
## V 2.2.0 Key generation
* new: Add key generation (initial version by Paul Schaub [@vanitasvitae])
diff --git a/README.md b/README.md
index eb7a3b6..96e9454 100644
--- a/README.md
+++ b/README.md
@@ -215,10 +215,10 @@ dependencies {
name.neuhalfen.projects.crypto.bouncycastle.openpgp
bouncy-gpg
- 2.2.0
-
+ 2.3.0
+
```
-
+
### Install Provider
```java
diff --git a/TODO.md b/TODO.md
index 6eafab5..01c7747 100644
--- a/TODO.md
+++ b/TODO.md
@@ -4,10 +4,9 @@ Open TODOs
Version 3.0
--------------
-Version 2.2
+Version 2.4
-------------
-- [ ] Key generation
- [ ] Key generation key expiration
- [ ] Key generation documentation
- [ ] Add decryptor.getResult() for decryption result
@@ -16,6 +15,15 @@ Version 2.2
- [ ] Unit tests: iterate different DefaultPGPAlgorithmSuites.secureSuiteForGnuPG() (incl. compression & no signature!)
- [ ] Extend documentation of key derivation
+Version 2.3
+-------------
+- [x] Bugfixes
+
+
+Version 2.2
+-------------
+- [x] Key generation
+
Version 2.1
-------------
diff --git a/build.gradle b/build.gradle
index ae89776..6ad763b 100644
--- a/build.gradle
+++ b/build.gradle
@@ -87,7 +87,7 @@ sourceCompatibility = 8
targetCompatibility = 8
group = 'name.neuhalfen.projects.crypto.bouncycastle.openpgp'
-version = '2.2.0'
+version = '2.3.0'
repositories {
jcenter()
@@ -127,7 +127,6 @@ dependencies {
compile 'org.bouncycastle:bcpg-jdk15on:1.67'
compile 'org.slf4j:slf4j-api:1.7.30'
- compile 'ch.qos.logback:logback-classic:1.2.3'
// @Nullable and friends are not needed at runtime
compile 'com.google.code.findbugs:jsr305:3.0.2'
@@ -136,6 +135,8 @@ dependencies {
testCompile 'org.hamcrest:hamcrest-all:1.3'
testCompile 'org.mockito:mockito-core:3.2.4'
testCompile 'org.concordion:concordion-api-documentation-extension:0.0.4'
+ testCompile 'ch.qos.logback:logback-classic:1.2.3'
+
}
diff --git a/examples/decrypt/build.gradle b/examples/decrypt/build.gradle
index 92fb0ef..6523137 100644
--- a/examples/decrypt/build.gradle
+++ b/examples/decrypt/build.gradle
@@ -27,7 +27,7 @@ dependencies {
compile 'org.bouncycastle:bcprov-jdk15on:1.67'
compile 'org.bouncycastle:bcpg-jdk15on:1.67'
- compile 'name.neuhalfen.projects.crypto.bouncycastle.openpgp:bouncy-gpg:2.2.0'
+ compile 'name.neuhalfen.projects.crypto.bouncycastle.openpgp:bouncy-gpg:2.3.0'
compile 'org.slf4j:slf4j-api:1.7.25'
compile 'ch.qos.logback:logback-classic:1.2.3'
diff --git a/examples/maven/pom.xml b/examples/maven/pom.xml
index 7c569de..69a42ba 100644
--- a/examples/maven/pom.xml
+++ b/examples/maven/pom.xml
@@ -42,7 +42,7 @@
name.neuhalfen.projects.crypto.bouncycastle.openpgp
bouncy-gpg
- 2.2.0
+ 2.3.0
ch.qos.logback
diff --git a/examples/reencrypt/build.gradle b/examples/reencrypt/build.gradle
index edb1c60..37ec4be 100644
--- a/examples/reencrypt/build.gradle
+++ b/examples/reencrypt/build.gradle
@@ -27,7 +27,7 @@ dependencies {
compile 'org.bouncycastle:bcprov-jdk15on:1.67'
compile 'org.bouncycastle:bcpg-jdk15on:1.67'
- compile 'name.neuhalfen.projects.crypto.bouncycastle.openpgp:bouncy-gpg:2.2.0'
+ compile 'name.neuhalfen.projects.crypto.bouncycastle.openpgp:bouncy-gpg:2.3.0'
compile 'org.slf4j:slf4j-api:1.7.22'
compile 'ch.qos.logback:logback-classic:1.2.1'