v4.2.1

Fix deadlock after process fork, through a hook on Process.fork. It is not recommended to call fork while using the SDK, but such uses are now less likely to deadlock.

v4.2.0

• Add new OpenID Connect verification flow through the new OIDCAuthorizationCodeVerification method, see the updated guide for details
• OIDC is now a valid pre-verified verification method with the new PreverifiedOIDCVerification method
• Deprecate create_oidc_nonce, oidc_test_nonce=, and OIDCIDTokenVerification as they are now obsolete with the new OIDC verification flow
• Invalid responses that do not come from the Tanker backend can now result in a NetworkError, instead of an InternalError
• The Ruby SDK now requires Ruby >= 3.1, as Ruby 3.0 has stopped receiving security updates.

v4.1.0

This is a maintenance release, there are no external changes.

v4.0.0

This release is strictly speaking a semver break, but does not introduce any major API changes.

• The OIDCIDTokenVerificationMethod objects
  now contain the provider_id and provider_display_name attributes, corresponding to the verification method's OIDC provider.

v3.3.2

• Limit maximum number of resource IDs * recipients to 100 in a single call to share

v3.3.1

• The Ruby SDK now requires Ruby >= 3.0. Ruby 2.7 is no longer supported.
• The Ruby SDK now supports Faraday v1 and v2, in addition to v0.

If you switch to Faraday v2 in your project, and use persistent HTTP connections, you need to perform the following changes:

  # Gemfile
- gem 'net-http-persistent'
+ gem 'faraday-net_http_persistent'

 Ruby sources
+ require 'faraday/net_http_persistent'
  require 'tanker-core'

  config = Tanker::Core::Options.new(faraday_adapter: :net_http_persistent)
  tanker = Tanker::Core.new(config)

v3.3.0

Add support for SDK downgrade between compatible versions even in case of changes to the local storage schema, see manage sdk versions for more details.

v3.2.1

• Add support for Ruby 3.2
• Improve error messages for decrypt_utf8, decrypt_data, decrypt_stream, and get_resource_id when the given encrypted data is empty. Note that decrypt_utf8, decrypt_data, and decrypt_stream will throw an InvalidArgument exception when that happens, not a DecryptionFailed.
• Downgrade severity for logs related to internal storage and HTTP requests from Info to Debug
• Dependency upgrades

v3.2.0

This release enable the new "transparent session" encryption formats by default.

These formats optimize resource key usage. Encryption for the same recipients will reuse the same key for several hours.
As a result, performance of encrypt and decrypt operations should be improved, due to less network requests.

v3.1.1

• Update zlib to 1.2.13 to fix CVE-2022-37434.