Releases: nowo-tech/DoctrineEncryptBundle
Release list
Release v2.2.3
Release v2.2.3
- GitHub Spec Kit baseline (specs/001-baseline/, SPEC-KIT.md, Cursor skills)
- CodeRabbit review integration
- Twig |decrypt filter: auto-escape (removed isSafe: html)
- MysqlAes: PHPDoc @deprecated since 2.1.0
- composer.lock sync (root + demos)
See docs/UPGRADING.md#upgrading-to-223
Changelog
Added
- GitHub Spec Kit:
.specify/tooling, Cursor Agent skills (.cursor/skills/speckit-*), and baseline spec inspecs/001-baseline/(100%src/inventory). See SPEC-KIT.md and SPEC-DRIVEN-DEVELOPMENT.md. - CodeRabbit: review configuration (
.coderabbit.yaml) and GitHub Actions workflow for automated PR review.
Changed
- Documentation: SPEC-KIT.md (install, structure, Cursor usage); README link under Documentation.
- MysqlAes: PHPDoc
@deprecated since 2.1.0— not recommended for new production deployments (AES-128-ECB); prefer Halite or Defuse. No runtime change. - Twig
|decryptfilter: removedisSafe: ['html']so decrypted output is auto-escaped by Twig (security fix). Use|rawonly when the decrypted value is trusted HTML. - composer.lock: dependency sync for the bundle root and demo apps (
symfony7,symfony8).
No configuration changes required. See UPGRADING.md.
Full Changelog: v2.2.1...v2.2.3
Release v2.2.2
Release v2.2.2
- Functional tests: native lazy objects on PHP 8.4+ (Symfony 8 CI matrix)
- No application changes
See docs/UPGRADING.md#upgrading-to-222
Changelog
Fixed
- Functional tests (CI): enable Doctrine ORM native lazy objects on PHP 8.4+ when running the test suite with Symfony 8.x. Symfony 8
var-exporterno longer ships LazyGhost helpers; fixes 14 functional test errors on the PHP 8.4 × Symfony 8.0 / 8.1 matrix cells.
No application or configuration changes. See UPGRADING.md.
Full Changelog: v2.2.1...v2.2.2
Release v2.2.1
Release v2.2.1: composer.lock sync and CI Symfony 8 var-exporter fix.
Changelog
Fixed
- composer.lock:
platform.phpandcontent-hashsynced withcomposer.json(>=8.2); fixescomposer validate --strictin CI. - CI: Symfony 8.0 / 8.1 matrix cells use matching
symfony/var-exporter(^8.0/^8.1) instead of^7.4, which blocked dependency resolution.
No application changes required. See UPGRADING.md.
Full Changelog: v2.2.0...v2.2.1
Release v2.2.0
Release v2.2.0: PHP 8.2+ and Symfony spec alignment.
Raise minimum PHP to 8.2, drop Symfony 6 from composer constraints, align CI matrix with 7.4/8.0/8.1, update docs and fix GenerateSecretKeyCommandTest for MysqlAes messages.
EOF
)"
git tag -a v2.2.0 -m "$(cat <<'EOF'
Release v2.2.0
- PHP 8.2+ required; symfony/* ^7.0 || ^8.0
- CI: Symfony 7.4, 8.0, 8.1 on PHP 8.2–8.5
- Docs: README, INSTALLATION, UPGRADING, CHANGELOG, RELEASE
- Fix: GenerateSecretKeyCommandTest MysqlAes messages
See docs/UPGRADING.md#upgrading-to-220
Changelog
Fixed
- GenerateSecretKeyCommandTest: assertions updated for MysqlAes in supported-encryptor messages (2.1.0 gap).
Changed
- Requirements (Nowo bundle specs): minimum PHP 8.2+;
symfony/*constraints ^7.0 || ^8.0 (Symfony 6 removed fromcomposer.json, aligned with 2.0 release notes). CI matrix tests Symfony 7.4, 8.0, and 8.1 on PHP 8.2–8.5. - Documentation: README badges and requirements, INSTALLATION.md, ROADMAP.md — PHP 8.2+ and Symfony 7.4 | 8.0 | 8.1+.
Removed
- Symfony 6 from declared
symfony/*Composer constraints (was still present incomposer.jsonafter 2.0).
Breaking: PHP 8.2+ is required; Symfony 6 is no longer installable with current constraints. See UPGRADING.md.
Full Changelog: v2.1.0...v2.2.0
Release v2.1.0
Release v2.1.0
Changelog
Added
MysqlAesencryptor — AES-128-ECB compatible with MySQLAES_ENCRYPT()/AES_DECRYPT()(defaultblock_encryption_mode). Configure withencryptor_class: MysqlAesand a passphrase (env or key file). See MYSQL_AES.md.doctrine:encrypt:generate-secret-key— generates a passphrase forMysqlAesconfigs.- Documentation: MYSQL_AES.md (native SQL, LIKE demos, preset fixtures); PERFORMANCE.md (encryptors and query patterns compared).
- Demos (Symfony 7 & 8):
/mysql-aes-note— Doctrine + repository SQL paths, LIKE filters, preset fixtures, DB values view (encrypted vs decrypted). Secret messages:/secret-message/db-valueswith the same raw/decrypted tabs. Demo Docker: optional MySQL 8 service,pdo_mysql, Bootstrap 5 form theme.
Changed
- Documentation: CONFIGURATION.md, USAGE.md, DEMO.md, ROADMAP.md, README — MysqlAes, performance notes, demo troubleshooting (Composer advisories, Symfony 7.4).
- Demos: Symfony 7 demo targets 7.4.*;
composer.locksynced (e.g. twig-inspector-bundle); entrypoint avoids restart loop on failedcomposer install.
No breaking changes for existing Halite/Defuse configs. See UPGRADING.md.
Full Changelog: v2.0.10...v2.1.0
Release v2.0.10
Release v2.0.10
Changelog
Fixed
- Symfony 7.1+:
DoctrineEncryptExtensionnow extendsSymfony\Component\DependencyInjection\Extension\Extensioninstead ofSymfony\Component\HttpKernel\DependencyInjection\Extension. The latter is considered internal since Symfony 7.1 and will be deprecated in 8.1; this change removes the deprecation notice.
Changed
- Documentation: COMMANDS.md — batchSize default for encrypt/decrypt database is documented as 5 (from config); link to CONFIGURATION added.
No upgrade steps required from 2.0.9. See UPGRADING.md.
Full Changelog: v2.0.9...v2.0.10
Release v2.0.9
Release v2.0.9
Changelog
Changed
- Code style: PHP-CS-Fixer configuration updated and applied across the codebase (src, tests, demos).
- Internal: Refactors in commands, encryptors, subscriber, mapping, Twig extensions and utilities; tests aligned with updated style and structure.
- Demos: Symfony 7 and 8 demo apps updated (config, controllers, entities, forms, fixtures, bootstrap); added
demo/Makefilefor running demos. - CI & tooling: GitHub Actions workflow, root and demo Makefiles, and docker-compose adjustments.
No upgrade steps required from 2.0.8. See UPGRADING.md.
Full Changelog: v2.0.8...v2.0.9
Release v2.0.8
Release v2.0.8 - RotateKeysCommandTest fix for Symfony Console 7.0/8.0
Changelog
Fixed
- Symfony Console 7.0 / 8.0:
RotateKeysCommandTestno longer usesApplication::add()(removed in Symfony Console 8.0). Tests now register commands viaFactoryCommandLoaderandsetCommandLoader(), and set the application on the rotate command withsetApplication()so subcommands resolve correctly. This fixes the 8 failing unit tests when running on PHP 8.4 with Symfony 7.0 (e.g. in CI).
No upgrade steps required from 2.0.7. See UPGRADING.md.
Full Changelog: v2.0.7...v2.0.8
Release v2.0.7
Release v2.0.7
Changelog
Added
- doctrine:encrypt:status: For each entity, lists which properties are encrypted and their config (e.g.
email (config: personal_data)). At the end, shows configured encryptor configs (config name, encryptor class Halite/Defuse, and which is default). - doctrine:encrypt:rotate-keys: New command to run the full key rotation: optional backup of key files (
--backup), full decrypt, key change (generate new key files or prompt for .env update), then re-encrypt. Each step asks for confirmation unless--no-interactionis used. See COMMANDS.md and KEY_ROTATION.md. - doctrine:encrypt:generate-secret-key: Option
--forceto overwrite existing key file(s) without asking. - doctrine:decrypt:database and doctrine:encrypt:database: Option
--forceto skip the confirmation prompt (useful when calling from scripts or fromrotate-keyswith--no-interaction). - Configuration:
nowo_doctrine_encrypt.batch_size(default5) for the default batch size of encrypt/decrypt database commands; overridable per run via thebatchSizeargument. - Documentation: INSTALLATION.md — new section FrankenPHP (runtime and worker mode): compatibility with FrankenPHP in both modes, no extra config; recommendations (e.g. limit requests per worker). README and DEMO.md reference FrankenPHP compatibility; demo Caddyfiles include a short comment.
Changed
- doctrine:decrypt:database and doctrine:encrypt:database: Use raw SQL for encrypt/decrypt (no Doctrine lifecycle events); default batch size is 5 (configurable via
nowo_doctrine_encrypt.batch_size). - Documentation: COMMANDS.md documents status output (per-entity properties and configs, configured configs), rotate-keys command, and
--forceon generate-secret-key, decrypt and encrypt. KEY_ROTATION.md and SECURITY.md reference the new rotate-keys command. README and INSTALLATION next steps mention rotate keys. ROADMAP updated. DEMO.md has a FrankenPHP subsection; demo Caddyfiles reference INSTALLATION § FrankenPHP.
Fixed
- RotateKeysCommandTest: Test for “no configs” now builds the command with
DoctrineEncryptSubscriber(null)andregistry = nullso that an empty registry is never passed to the subscriber (which would callgetDefault()and throw).
Tests
- Coverage: Unit tests added for
RotateKeysCommand(full rotation, backup with SQLite, backup-db-cmd, env configs, paused step, no configs), forAbstractCommand(getEncryptedTableInfo,getColumnNameFromMetadata,getRowValue), for decrypt/encrypt database commands (executeStatement path, row with null id, decrypt throw fallback), forDoctrineEncryptStatusCommand(registry null, configured configs, none), and forGenerateSecretKeyCommand(config argument with unsupported encryptor). Code coverage for lines is ≥ 95%.
No upgrade steps required from 2.0.6. See UPGRADING.md.
Full Changelog: v2.0.6...v2.0.7
Release v2.0.6
Release v2.0.6
Changelog
Added
- Tests: Unit test for
HaliteEncryptorwhen the key path is a directory (coversnormalizeKeyFile()early return). Unit test forGenerateSecretKeyCommandwhen the key file is created in a non-existent directory (coverscreateKey()withmkdir(..., true)). Improves code coverage (lines ≥ 95%).
Fixed
- PHPUnit: The unit test that uses a directory as key path no longer triggers a PHP Notice (Halite emits a notice when reading a path that is a directory); the test suppresses it with
@on the call that triggers it so the test suite runs without notices.
No upgrade steps required from 2.0.5. See UPGRADING.md.
Full Changelog: v2.0.5...v2.0.6