From 2660bd8af1f0faa04e14b728b43f3432abb1be62 Mon Sep 17 00:00:00 2001 From: ankitdas13 Date: Mon, 8 Jun 2026 11:47:02 +0530 Subject: [PATCH] bump version v2.9.3 Co-Authored-By: Claude Opus 4.6 (1M context) --- CHANGELOG.md | 3 +++ src/Api.php | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e0def57..66286a4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,9 @@ Changelog for Razorpay-PHP SDK. Follows [keepachangelog.com](https://keepachange ## Unreleased +## [2.9.3] - 2026-06-08 +- security: Fixed AES-GCM nonce reuse vulnerability in `generateOnboardingSignature` where the IV was statically derived from the encryption key. Now uses a cryptographically random nonce per call (NIST SP 800-38D compliant). + ## [2.9.2] - 2025-08-05 - fix: Content-Type header leakage in `Order::create()` where setting application/json globally caused subsequent API calls. - fix: Replaced deprecated `get_class()` usage in the `ErrorCode::exists()` method with the __CLASS__ constant to resolve PHP deprecation warnings. diff --git a/src/Api.php b/src/Api.php index 0cf3abd..ca59417 100644 --- a/src/Api.php +++ b/src/Api.php @@ -18,7 +18,7 @@ class Api */ public static $appsDetails = array(); - const VERSION = '2.9.2'; + const VERSION = '2.9.3'; /** * @param string $key