Skip to content

Releases: nowo-tech/DoctrineEncryptBundle

Release v2.2.3

Choose a tag to compare

@github-actions github-actions released this 09 Jul 11:11

Release v2.2.3

  • GitHub Spec Kit baseline (specs/001-baseline/, SPEC-KIT.md, Cursor skills)
  • CodeRabbit review integration
  • Twig |decrypt filter: auto-escape (removed isSafe: html)
  • MysqlAes: PHPDoc @deprecated since 2.1.0
  • composer.lock sync (root + demos)

See docs/UPGRADING.md#upgrading-to-223

Changelog

Added

  • GitHub Spec Kit: .specify/ tooling, Cursor Agent skills (.cursor/skills/speckit-*), and baseline spec in specs/001-baseline/ (100% src/ inventory). See SPEC-KIT.md and SPEC-DRIVEN-DEVELOPMENT.md.
  • CodeRabbit: review configuration (.coderabbit.yaml) and GitHub Actions workflow for automated PR review.

Changed

  • Documentation: SPEC-KIT.md (install, structure, Cursor usage); README link under Documentation.
  • MysqlAes: PHPDoc @deprecated since 2.1.0 — not recommended for new production deployments (AES-128-ECB); prefer Halite or Defuse. No runtime change.
  • Twig |decrypt filter: removed isSafe: ['html'] so decrypted output is auto-escaped by Twig (security fix). Use |raw only when the decrypted value is trusted HTML.
  • composer.lock: dependency sync for the bundle root and demo apps (symfony7, symfony8).

No configuration changes required. See UPGRADING.md.


Full Changelog: v2.2.1...v2.2.3

Release v2.2.2

Choose a tag to compare

@github-actions github-actions released this 11 Jun 12:41

Release v2.2.2

  • Functional tests: native lazy objects on PHP 8.4+ (Symfony 8 CI matrix)
  • No application changes

See docs/UPGRADING.md#upgrading-to-222

Changelog

Fixed

  • Functional tests (CI): enable Doctrine ORM native lazy objects on PHP 8.4+ when running the test suite with Symfony 8.x. Symfony 8 var-exporter no longer ships LazyGhost helpers; fixes 14 functional test errors on the PHP 8.4 × Symfony 8.0 / 8.1 matrix cells.

No application or configuration changes. See UPGRADING.md.


Full Changelog: v2.2.1...v2.2.2

Release v2.2.1

Choose a tag to compare

@github-actions github-actions released this 11 Jun 12:38

Release v2.2.1: composer.lock sync and CI Symfony 8 var-exporter fix.

Changelog

Fixed

  • composer.lock: platform.php and content-hash synced with composer.json (>=8.2); fixes composer validate --strict in CI.
  • CI: Symfony 8.0 / 8.1 matrix cells use matching symfony/var-exporter (^8.0 / ^8.1) instead of ^7.4, which blocked dependency resolution.

No application changes required. See UPGRADING.md.


Full Changelog: v2.2.0...v2.2.1

Release v2.2.0

Choose a tag to compare

@github-actions github-actions released this 11 Jun 12:31

Release v2.2.0: PHP 8.2+ and Symfony spec alignment.
Raise minimum PHP to 8.2, drop Symfony 6 from composer constraints, align CI matrix with 7.4/8.0/8.1, update docs and fix GenerateSecretKeyCommandTest for MysqlAes messages.
EOF
)"
git tag -a v2.2.0 -m "$(cat <<'EOF'
Release v2.2.0

  • PHP 8.2+ required; symfony/* ^7.0 || ^8.0
  • CI: Symfony 7.4, 8.0, 8.1 on PHP 8.2–8.5
  • Docs: README, INSTALLATION, UPGRADING, CHANGELOG, RELEASE
  • Fix: GenerateSecretKeyCommandTest MysqlAes messages
    See docs/UPGRADING.md#upgrading-to-220

Changelog

Fixed

  • GenerateSecretKeyCommandTest: assertions updated for MysqlAes in supported-encryptor messages (2.1.0 gap).

Changed

  • Requirements (Nowo bundle specs): minimum PHP 8.2+; symfony/* constraints ^7.0 || ^8.0 (Symfony 6 removed from composer.json, aligned with 2.0 release notes). CI matrix tests Symfony 7.4, 8.0, and 8.1 on PHP 8.2–8.5.
  • Documentation: README badges and requirements, INSTALLATION.md, ROADMAP.md — PHP 8.2+ and Symfony 7.4 | 8.0 | 8.1+.

Removed

  • Symfony 6 from declared symfony/* Composer constraints (was still present in composer.json after 2.0).

Breaking: PHP 8.2+ is required; Symfony 6 is no longer installable with current constraints. See UPGRADING.md.


Full Changelog: v2.1.0...v2.2.0

Release v2.1.0

Choose a tag to compare

@github-actions github-actions released this 01 Jun 10:15

Release v2.1.0

Changelog

Added

  • MysqlAes encryptor — AES-128-ECB compatible with MySQL AES_ENCRYPT() / AES_DECRYPT() (default block_encryption_mode). Configure with encryptor_class: MysqlAes and a passphrase (env or key file). See MYSQL_AES.md.
  • doctrine:encrypt:generate-secret-key — generates a passphrase for MysqlAes configs.
  • Documentation: MYSQL_AES.md (native SQL, LIKE demos, preset fixtures); PERFORMANCE.md (encryptors and query patterns compared).
  • Demos (Symfony 7 & 8): /mysql-aes-note — Doctrine + repository SQL paths, LIKE filters, preset fixtures, DB values view (encrypted vs decrypted). Secret messages: /secret-message/db-values with the same raw/decrypted tabs. Demo Docker: optional MySQL 8 service, pdo_mysql, Bootstrap 5 form theme.

Changed

  • Documentation: CONFIGURATION.md, USAGE.md, DEMO.md, ROADMAP.md, README — MysqlAes, performance notes, demo troubleshooting (Composer advisories, Symfony 7.4).
  • Demos: Symfony 7 demo targets 7.4.*; composer.lock synced (e.g. twig-inspector-bundle); entrypoint avoids restart loop on failed composer install.

No breaking changes for existing Halite/Defuse configs. See UPGRADING.md.


Full Changelog: v2.0.10...v2.1.0

Release v2.0.10

Choose a tag to compare

@github-actions github-actions released this 25 Feb 12:52

Release v2.0.10

Changelog

Fixed

  • Symfony 7.1+: DoctrineEncryptExtension now extends Symfony\Component\DependencyInjection\Extension\Extension instead of Symfony\Component\HttpKernel\DependencyInjection\Extension. The latter is considered internal since Symfony 7.1 and will be deprecated in 8.1; this change removes the deprecation notice.

Changed

  • Documentation: COMMANDS.md — batchSize default for encrypt/decrypt database is documented as 5 (from config); link to CONFIGURATION added.

No upgrade steps required from 2.0.9. See UPGRADING.md.


Full Changelog: v2.0.9...v2.0.10

Release v2.0.9

Choose a tag to compare

@github-actions github-actions released this 21 Feb 22:05

Release v2.0.9

Changelog

Changed

  • Code style: PHP-CS-Fixer configuration updated and applied across the codebase (src, tests, demos).
  • Internal: Refactors in commands, encryptors, subscriber, mapping, Twig extensions and utilities; tests aligned with updated style and structure.
  • Demos: Symfony 7 and 8 demo apps updated (config, controllers, entities, forms, fixtures, bootstrap); added demo/Makefile for running demos.
  • CI & tooling: GitHub Actions workflow, root and demo Makefiles, and docker-compose adjustments.

No upgrade steps required from 2.0.8. See UPGRADING.md.


Full Changelog: v2.0.8...v2.0.9

Release v2.0.8

Choose a tag to compare

@github-actions github-actions released this 20 Feb 19:34

Release v2.0.8 - RotateKeysCommandTest fix for Symfony Console 7.0/8.0

Changelog

Fixed

  • Symfony Console 7.0 / 8.0: RotateKeysCommandTest no longer uses Application::add() (removed in Symfony Console 8.0). Tests now register commands via FactoryCommandLoader and setCommandLoader(), and set the application on the rotate command with setApplication() so subcommands resolve correctly. This fixes the 8 failing unit tests when running on PHP 8.4 with Symfony 7.0 (e.g. in CI).

No upgrade steps required from 2.0.7. See UPGRADING.md.


Full Changelog: v2.0.7...v2.0.8

Release v2.0.7

Choose a tag to compare

@github-actions github-actions released this 20 Feb 12:19

Release v2.0.7

Changelog

Added

  • doctrine:encrypt:status: For each entity, lists which properties are encrypted and their config (e.g. email (config: personal_data)). At the end, shows configured encryptor configs (config name, encryptor class Halite/Defuse, and which is default).
  • doctrine:encrypt:rotate-keys: New command to run the full key rotation: optional backup of key files (--backup), full decrypt, key change (generate new key files or prompt for .env update), then re-encrypt. Each step asks for confirmation unless --no-interaction is used. See COMMANDS.md and KEY_ROTATION.md.
  • doctrine:encrypt:generate-secret-key: Option --force to overwrite existing key file(s) without asking.
  • doctrine:decrypt:database and doctrine:encrypt:database: Option --force to skip the confirmation prompt (useful when calling from scripts or from rotate-keys with --no-interaction).
  • Configuration: nowo_doctrine_encrypt.batch_size (default 5) for the default batch size of encrypt/decrypt database commands; overridable per run via the batchSize argument.
  • Documentation: INSTALLATION.md — new section FrankenPHP (runtime and worker mode): compatibility with FrankenPHP in both modes, no extra config; recommendations (e.g. limit requests per worker). README and DEMO.md reference FrankenPHP compatibility; demo Caddyfiles include a short comment.

Changed

  • doctrine:decrypt:database and doctrine:encrypt:database: Use raw SQL for encrypt/decrypt (no Doctrine lifecycle events); default batch size is 5 (configurable via nowo_doctrine_encrypt.batch_size).
  • Documentation: COMMANDS.md documents status output (per-entity properties and configs, configured configs), rotate-keys command, and --force on generate-secret-key, decrypt and encrypt. KEY_ROTATION.md and SECURITY.md reference the new rotate-keys command. README and INSTALLATION next steps mention rotate keys. ROADMAP updated. DEMO.md has a FrankenPHP subsection; demo Caddyfiles reference INSTALLATION § FrankenPHP.

Fixed

  • RotateKeysCommandTest: Test for “no configs” now builds the command with DoctrineEncryptSubscriber(null) and registry = null so that an empty registry is never passed to the subscriber (which would call getDefault() and throw).

Tests

  • Coverage: Unit tests added for RotateKeysCommand (full rotation, backup with SQLite, backup-db-cmd, env configs, paused step, no configs), for AbstractCommand (getEncryptedTableInfo, getColumnNameFromMetadata, getRowValue), for decrypt/encrypt database commands (executeStatement path, row with null id, decrypt throw fallback), for DoctrineEncryptStatusCommand (registry null, configured configs, none), and for GenerateSecretKeyCommand (config argument with unsupported encryptor). Code coverage for lines is ≥ 95%.

No upgrade steps required from 2.0.6. See UPGRADING.md.


Full Changelog: v2.0.6...v2.0.7

Release v2.0.6

Choose a tag to compare

@github-actions github-actions released this 20 Feb 09:49

Release v2.0.6

Changelog

Added

  • Tests: Unit test for HaliteEncryptor when the key path is a directory (covers normalizeKeyFile() early return). Unit test for GenerateSecretKeyCommand when the key file is created in a non-existent directory (covers createKey() with mkdir(..., true)). Improves code coverage (lines ≥ 95%).

Fixed

  • PHPUnit: The unit test that uses a directory as key path no longer triggers a PHP Notice (Halite emits a notice when reading a path that is a directory); the test suppresses it with @ on the call that triggers it so the test suite runs without notices.

No upgrade steps required from 2.0.5. See UPGRADING.md.


Full Changelog: v2.0.5...v2.0.6