upstream

.github/workflows/CI.yml

@@ -0,0 +1,53 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+
+jobs:
+  test:
+    name: Ruby ${{ matrix.ruby }} / ActiveRecord ${{ matrix.active_record }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - { active_record: '5.1', ruby: '2.7' }
+          - { active_record: '5.2', ruby: '2.7' }
+          - { active_record: '6.0', ruby: '2.7' }
+          - { active_record: '6.0', ruby: '3.0' }
+          - { active_record: '6.0', ruby: '3.1' }
+          - { active_record: '6.0', ruby: '3.2' }
+          - { active_record: '6.1', ruby: '2.7' }
+          - { active_record: '6.1', ruby: '3.0' }
+          - { active_record: '6.1', ruby: '3.1' }
+          - { active_record: '6.1', ruby: '3.2' }
+          - { active_record: '7.0', ruby: '2.7' }
+          - { active_record: '7.0', ruby: '3.0' }
+          - { active_record: '7.0', ruby: '3.1' }
+          - { active_record: '7.0', ruby: '3.2' }
+          - { active_record: '7.1', ruby: '2.7' }
+          - { active_record: '7.1', ruby: '3.0' }
+          - { active_record: '7.1', ruby: '3.1' }
+          - { active_record: '7.1', ruby: '3.2' }
+          - { active_record: '7.1', ruby: '3.3' }
+          - { active_record: '7.2', ruby: '3.1' }
+          - { active_record: '7.2', ruby: '3.2' }
+          - { active_record: '7.2', ruby: '3.3' }
+          - { active_record: '7.2', ruby: '3.4' }
+          - { active_record: '8.0', ruby: '3.2' }
+          - { active_record: '8.0', ruby: '3.3' }
+          - { active_record: '8.0', ruby: '3.4' }
+    env:
+      ACTIVERECORD: ${{ matrix.active_record }}
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true
+    - run: |
+        bundle exec rake test

CHANGELOG.md

@@ -1,6 +1,29 @@
-# attr_encrypted #
+# attr_encrypted
+
+## 4.2.0
+
+* Changed: Set minimum Ruby version as 2.7.
+* Added: Rails 7.2 and 8.0 support.
+* Fixed: Further removal of `datamapper` support.
+
+## 4.1.1
+
+* Fixed: Fix SystemStackError when extending the reload method with Module#prepend.
+
+## 4.1.0
+
+* Changed: Dropped support for `datamapper` which has not had a release since October 2011. This is in an attempt to make
+  maintenance and testing easier moving forward.
+
+## 4.0.0
+
+* Added: Support for Ruby >= 3.0.
+* Added: Rails 7 support.
+* Changed: Using `#encrypted_attributes` is no longer supported. Instead, use `#attr_encrypted_encrypted_attributes` to avoid
+  collision with Active Record 7 native encryption.
+
+## 3.1.0
 
-## 3.1.0 ##
 * Added: Abitilty to encrypt empty values. (@tamird)
 * Added: MIT license
 * Added: MRI 2.5.x support (@saghaulor)
@@ -11,23 +34,28 @@
 * Fixed: Only check empty on strings, allows for encrypting non-string type objects
 * Fixed: Fixed how accessors for db columns are defined in the ActiveRecord adapter, preventing premature definition. (@nagachika)
 
-## 3.0.3 ##
+## 3.0.3
+
 * Fixed: attr_was would decrypt the attribute upon every call. This is inefficient and introduces problems when the options change between decrypting an old value and encrypting a new value; for example, when rotating the encryption key. As such, the new approach caches the decrypted value of the old encrypted value such that the old options are no longer needed. (@johnny-lai) (@saghaulor)
 
-## 3.0.2 ##
+## 3.0.2
+
 * Changed: Removed alias_method_chain for compatibility with Rails v5.x (@grosser)
 * Changed: Updated Travis build matrix to include Rails 5. (@saghaulor) (@connorshea)
 * Changed: Removed `.silence_stream` from tests as it has been removed from Rails 5. (@sblackstone)
 
-## 3.0.1 ##
+## 3.0.1
+
 * Fixed: attr_was method no longer calls undefined methods. (@saghaulor)
 
-## 3.0.0 ##
+## 3.0.0
+
 * Changed: Updated gemspec to use Encryptor v3.0.0. (@saghaulor)
 * Changed: Updated README with instructions related to moving from v2.0.0 to v3.0.0. (@saghaulor)
 * Fixed: ActiveModel::Dirty methods in the ActiveRecord adapter. (@saghaulor)
 
-## 2.0.0 ##
+## 2.0.0
+
 * Added: Now using Encryptor v2.0.0 (@saghaulor)
 * Added: Options are copied to the instance. (@saghaulor)
 * Added: Operation option is set during encryption/decryption to allow options to be evaluated in the context of the current operation. (@saghaulor)
@@ -48,51 +76,62 @@
 * Removed: Support for Rails < 3.x (@saghaulor)
 * Removed: Unnecessary use of `alias_method` from ActiveRecord adapter. (@saghaulor)
 
-## 1.4.0 ##
+## 1.4.0
+
 * Added: ActiveModel::Dirty#attribute_was (@saghaulor)
 * Added: ActiveModel::Dirty#attribute_changed? (@mwean)
 
-## 1.3.5 ##
+## 1.3.5
+
 * Changed: Fixed gemspec to explicitly depend on Encryptor v1.3.0 (@saghaulor)
 * Fixed: Evaluate `:mode` option as a symbol or proc. (@cheynewallace)
 
-## 1.3.4 ##
+## 1.3.4
+
 * Added: ActiveRecord::Base.reload support. (@rcook)
 * Fixed: ActiveRecord adapter no longer forces attribute hashes to be string-keyed. (@tamird)
 * Fixed: Mass assignment protection in ActiveRecord 4. (@tamird)
 * Changed: Now using rubygems over https. (@tamird)
 * Changed: Let ActiveRecord define attribute methods. (@saghaulor)
 
-## 1.3.3 ##
+## 1.3.3
+
 * Added: Alias attr_encryptor and attr_encrpted. (@Billy Monk)
 
-## 1.3.2 ##
+## 1.3.2
+
 * Fixed: Bug regarding strong parameters. (@S. Brent Faulkner)
 * Fixed: Bug regarding loading per instance IV and salt. (@S. Brent Faulkner)
 * Fixed: Bug regarding assigning nil. (@S. Brent Faulkner)
 * Added: Support for protected attributes. (@S. Brent Faulkner)
 * Added: Support for ActiveRecord 4. (@S. Brent Faulkner)
 
-## 1.3.1 ##
+## 1.3.1
+
 * Added: Support for Rails 2.3.x and 3.1.x. (@S. Brent Faulkner)
 
-## 1.3.0 ##
+## 1.3.0
+
 * Fixed: Serialization bug. (@Billy Monk)
 * Added: Support for :per_attribute_iv_and_salt mode. (@rcook)
 * Fixed: Added dependencies to gemspec. (@jmazzi)
 
-## 1.2.1 ##
+## 1.2.1
+
 * Added: Force encoding when not marshaling. (@mosaicxm)
 * Fixed: Issue specifying multiple attributes on the same line. (@austintaylor)
 * Added: Typecasting to String before encryption (@shuber)
 * Added: `"#{attribute}?"` method. (@shuber)
 
-## 1.2.0 ##
+## 1.2.0
+
 * Changed: General code refactoring (@shuber)
 
-## 1.1.2 ##
+## 1.1.2
+
 * No significant changes
 
-## 1.1.1 ##
+## 1.1.1
+
 * Changled: Updated README. (@shuber)
 * Added: `before_type_cast` alias to ActiveRecord adapter. (@shuber)

Gemfile

@@ -1,3 +1,5 @@
 source 'https://rubygems.org'
 
 gemspec
+
+gem "concurrent-ruby", "< 1.3.5"

README.md

@@ -1,22 +1,17 @@
-## Maintainer(s) wanted!!!
-
-**If you have an interest in maintaining this project... please see https://github.com/attr-encrypted/attr_encrypted/issues/379**
-
 # attr_encrypted
 
-[![Build Status](https://secure.travis-ci.org/attr-encrypted/attr_encrypted.svg)](https://travis-ci.org/attr-encrypted/attr_encrypted) [![Test Coverage](https://codeclimate.com/github/attr-encrypted/attr_encrypted/badges/coverage.svg)](https://codeclimate.com/github/attr-encrypted/attr_encrypted/coverage) [![Code Climate](https://codeclimate.com/github/attr-encrypted/attr_encrypted/badges/gpa.svg)](https://codeclimate.com/github/attr-encrypted/attr_encrypted) [![Gem Version](https://badge.fury.io/rb/attr_encrypted.svg)](https://badge.fury.io/rb/attr_encrypted) [![security](https://hakiri.io/github/attr-encrypted/attr_encrypted/master.svg)](https://hakiri.io/github/attr-encrypted/attr_encrypted/master)
+![workflow](https://github.com/attr-encrypted/attr_encrypted/actions/workflows/CI.yml/badge.svg) [![Gem Version](https://badge.fury.io/rb/attr_encrypted.svg)](https://badge.fury.io/rb/attr_encrypted)
 
 Generates attr_accessors that transparently encrypt and decrypt attributes.
 
-It works with ANY class, however, you get a few extra features when you're using it with `ActiveRecord`, `DataMapper`, or `Sequel`.
-
+It works with ANY class, however, you get a few extra features when you're using it with `ActiveRecord` or `Sequel`.
 
 ## Installation
 
 Add attr_encrypted to your gemfile:
 
 ```ruby
-  gem "attr_encrypted", "~> 3.1.0"
+  gem "attr_encrypted"
 ```
 
 Then install the gem:
@@ -27,7 +22,7 @@ Then install the gem:
 
 ## Usage
 
-If you're using an ORM like `ActiveRecord`, `DataMapper`, or `Sequel`, using attr_encrypted is easy:
+If you're using an ORM like `ActiveRecord` or `Sequel`, using attr_encrypted is easy:
 
 ```ruby
   class User
@@ -368,7 +363,7 @@ NOTE: This only works if all records are encrypted with the same encryption key
 __NOTE: This feature is deprecated and will be removed in the next major release.__
 
 
-### DataMapper and Sequel
+### Sequel
 
 #### Default options
 
@@ -414,7 +409,7 @@ Then modify your models using attr\_encrypted to account for the changes in defa
 
 ## Upgrading from attr_encrypted v2.x to v3.x
 
-A bug was discovered in Encryptor v2.0.0 that inccorectly set the IV when using an AES-\*-GCM algorithm. Unfornately fixing this major security issue results in the inability to decrypt records encrypted using an AES-*-GCM algorithm from Encryptor v2.0.0. Please see [Upgrading to Encryptor v3.0.0](https://github.com/attr-encrypted/encryptor#upgrading-from-v200-to-v300) for more info.
+A bug was discovered in Encryptor v2.0.0 that incorrectly set the IV when using an AES-\*-GCM algorithm. Unfornately fixing this major security issue results in the inability to decrypt records encrypted using an AES-*-GCM algorithm from Encryptor v2.0.0. Please see [Upgrading to Encryptor v3.0.0](https://github.com/attr-encrypted/encryptor#upgrading-from-v200-to-v300) for more info.
 
 It is strongly advised that you re-encrypt your data encrypted with Encryptor v2.0.0. However, you'll have to take special care to re-encrypt. To decrypt data encrypted with Encryptor v2.0.0 using an AES-\*-GCM algorithm you can use the `:v2_gcm_iv` option.
 
@@ -425,7 +420,7 @@ It is recommended that you implement a strategy to insure that you do not mix th
     attr_encrypted :ssn, key: :encryption_key, v2_gcm_iv: is_decrypting?(:ssn)
 
     def is_decrypting?(attribute)
-      encrypted_attributes[attribute][:operation] == :decrypting
+      attr_encrypted_encrypted_attributes[attribute][:operation] == :decrypting
     end
   end
 
@@ -442,7 +437,7 @@ It is recommended that you implement a strategy to insure that you do not mix th
 While choosing to encrypt at the attribute level is the most secure solution, it is not without drawbacks. Namely, you cannot search the encrypted data, and because you can't search it, you can't index it either. You also can't use joins on the encrypted data. Data that is securely encrypted is effectively noise. So any operations that rely on the data not being noise will not work. If you need to do any of the aforementioned operations, please consider using database and file system encryption along with transport encryption as it moves through your stack.
 
 #### Data leaks
-Please also consider where your data leaks. If you're using attr_encrypted with Rails, it's highly likely that this data will enter your app as a request parameter. You'll want to be sure that you're filtering your request params from you logs or else your data is sitting in the clear in your logs. [Parameter Filtering in Rails](http://apidock.com/rails/ActionDispatch/Http/FilterParameters) Please also consider other possible leak points.
+Please also consider where your data leaks. If you're using attr_encrypted with Rails, it's highly likely that this data will enter your app as a request parameter. You'll want to be sure that you're filtering your request params from your logs or else your data is sitting in the clear in your logs. [Parameter Filtering in Rails](http://apidock.com/rails/ActionDispatch/Http/FilterParameters) Please also consider other possible leak points.
 
 #### Storage requirements
 When storing your encrypted data, please consider the length requirements of the db column that you're storing the cipher text in. Older versions of Mysql attempt to 'help' you by truncating strings that are too large for the column. When this happens, you will not be able to decrypt your data. [MySQL Strict Trans](http://www.davidpashley.com/2009/02/15/silently-truncated/)