From 6bbd25978f54ea35ca6c4c983cce86927a6c6aec Mon Sep 17 00:00:00 2001 From: Robert Young Date: Tue, 13 Aug 2024 16:06:40 +1200 Subject: [PATCH] Add Changelog entry for AES cipher fix Signed-off-by: Robert Young --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 85047be16a..cd3e648170 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ Format `: `. ## SNAPSHOT +* [#1401](https://github.com/kroxylicious/kroxylicious/issues/1401): Support a FIPs-certified cipher from an alternative provider * [#1416](https://github.com/kroxylicious/kroxylicious/pull/1416): Schema validation should not rely on the syntax validation * [#1393](https://github.com/kroxylicious/kroxylicious/pull/1393): Remove api versions service * [#1404](https://github.com/kroxylicious/kroxylicious/pull/1404): Move deprecated Context classes out of kroxylicious-api @@ -21,6 +22,9 @@ Format `: `. ### Changes, deprecations and removals +* The Record Encryption Filter now uses `AES/GCM/NoPadding` as the transformation String and checks the KMS +returns a 256bit DEK. This enables users to configure an alternative JCE Provider in their JRE configuration +that offers this algorithm. * FilterFactoryContext#eventLoop() is deprecated, replaced by FilterFactoryContext#filterDispatchExecutor(). This returns FilterDispatchExecutor, a new interface extending ScheduledExecutorService. FilterDispatchExecutor has methods to enable Filters to check if the current thread is the Filter Dispatch Thread and it offers