Details
-
Improvement
-
Resolution: Fixed
-
Major
-
None
-
None
-
None
-
Release Note
-
1
Description
Let the @Encrypted annotation read from unencrypted fields, so users can add encryption incrementally. (Previously, the read would fail).
Make it optional because enabling this feature would let an adversary to forge a field value simply by replacing an encrypted value with an unencrypted one.
Suggested release note text:
The `@Encrypted` annotation can now be used to migrate an existing field from unencrypted to encrypted. If you annotate a field with
@Encrypted(migration = Encrypted.Migration.FROM_UNENCRYPTED)
then either encrypted or unencrypted values will be accepted during deserialization.
Attachments
Issue Links
- relates to
-
DOC-8934 Java FLE: Document "migration" attribute of Encrypted annotation
- Resolved
- links to