Sourced from github.com/google/tink's releases.

Tink 1.3.0-rc4

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink 1.3.0 Release Candidate 4.

Changes

The complete list of changes since 1.3.0-rc3 can be found here.

Changes of note include (from rc3 to rc4):

• Fix an inconsistency in the Envelope Encryption approach in the C++ implementation (8e4b5c700)

Please note that Tink JavaScript and Tink Python are not a part of this release. Moreover, streaming envelope encryption (for Java and C++) has been de-prioritized and also is not a part of this release.

Installation

C++ with prebuilt binaries

OS="$(uname | tr '[:upper:]' '[:lower:]')"
TARGET_DIR="/usr/local"
curl -L \
  "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.3.0-rc4.tar.gz" |
sudo tar -xz -C ${TARGET_DIR}

Obj-C with CocoaPods

The Obj-C artifacts are pending publication. This note will be removed once they are published.

cd /path/to/your/Xcode project/
pod init
pod 'Tink', '1.3.0-rc4'
pod install

Golang

To install Tink locally run:

go get github.com/google/tink/go/...

Java with Maven

<dependency>
</tr></table> ... (truncated)

• 1126e6f Version bump to 1.3.0-rc4.
• b982201 Bump Xcode and iOS version numbers to match the Kokoro environment.
• 8e4b5c7 Encrypt only DEK bytes for envelope encryption.
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)