Skip to content

Commit 1c76f7e

Browse files
Release v2.2.3: Spec Kit, Twig decrypt escape fix, MysqlAes deprecation.
Co-authored-by: Cursor <cursoragent@cursor.com>
1 parent 30364ca commit 1c76f7e

3 files changed

Lines changed: 51 additions & 0 deletions

File tree

docs/CHANGELOG.md

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,24 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
99

1010
---
1111

12+
## [2.2.3] - 2026-07-09
13+
14+
### Added
15+
16+
- **GitHub Spec Kit:** `.specify/` tooling, Cursor Agent skills (`.cursor/skills/speckit-*`), and baseline spec in `specs/001-baseline/` (100% `src/` inventory). See [SPEC-KIT.md](SPEC-KIT.md) and [SPEC-DRIVEN-DEVELOPMENT.md](SPEC-DRIVEN-DEVELOPMENT.md).
17+
- **CodeRabbit:** review configuration (`.coderabbit.yaml`) and GitHub Actions workflow for automated PR review.
18+
19+
### Changed
20+
21+
- **Documentation:** [SPEC-KIT.md](SPEC-KIT.md) (install, structure, Cursor usage); README link under Documentation.
22+
- **MysqlAes:** PHPDoc `@deprecated since 2.1.0` — not recommended for new production deployments (AES-128-ECB); prefer Halite or Defuse. No runtime change.
23+
- **Twig `|decrypt` filter:** removed `isSafe: ['html']` so decrypted output is auto-escaped by Twig (security fix). Use `|raw` only when the decrypted value is trusted HTML.
24+
- **composer.lock:** dependency sync for the bundle root and demo apps (`symfony7`, `symfony8`).
25+
26+
No configuration changes required. See [UPGRADING.md](UPGRADING.md#upgrading-to-223).
27+
28+
---
29+
1230
## [2.2.2] - 2026-06-11
1331

1432
### Fixed

docs/RELEASE.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,13 @@
3434

3535
---
3636

37+
## v2.2.3 (2026-07-09)
38+
39+
- **Scope:** GitHub Spec Kit (`.specify/`, baseline `specs/001-baseline/`, Cursor skills, SPEC-KIT.md); CodeRabbit CI; Twig `|decrypt` auto-escape fix; MysqlAes PHPDoc `@deprecated`; composer.lock sync (root + demos).
40+
- **Checklist:** CHANGELOG and UPGRADING updated; `make test`; commit release notes; tag `v2.2.3`; push branch and tag.
41+
42+
---
43+
3744
## v2.2.2 (2026-06-11)
3845

3946
- **Scope:** Functional tests — native lazy objects on PHP 8.4+ for Symfony 8 CI matrix (LazyGhost unavailable in `symfony/var-exporter` 8.x).

docs/UPGRADING.md

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,32 @@ This guide explains how to upgrade the Doctrine Encrypt Bundle between versions.
2929

3030
---
3131

32+
## Upgrading to 2.2.3
33+
34+
No breaking changes. Patch release (Spec Kit maintainer tooling, Twig `|decrypt` auto-escape fix, MysqlAes PHPDoc deprecation, composer.lock sync).
35+
36+
If your Twig templates relied on the `|decrypt` filter **not** being escaped (previous incorrect `isSafe: ['html']` marking), apply `|raw` only when the decrypted content is trusted HTML:
37+
38+
```twig
39+
{# Before (implicit unescaped output — incorrect) #}
40+
{{ value|decrypt }}
41+
42+
{# After — default: escaped (recommended) #}
43+
{{ value|decrypt }}
44+
45+
{# Only if decrypted HTML is trusted #}
46+
{{ value|decrypt|raw }}
47+
```
48+
49+
Update as usual:
50+
51+
```bash
52+
composer update nowo-tech/doctrine-encrypt-bundle
53+
php bin/console cache:clear
54+
```
55+
56+
---
57+
3258
## Upgrading to 2.2.2
3359

3460
No breaking changes. Patch release only (functional test / CI fix for PHP 8.4 + Symfony 8). **No changes required** in your application.

0 commit comments

Comments
 (0)