Name of the Vulnerable Software and Affected Versions: DynamoDB Encryption Client versions prior to 1.15.0

Description: The issue concerns users of MostRecentProvider in the DynamoDB Encryption Client with a key provider like AWS Key Management Service. When key usage permissions were changed at the key provider, time-based key reauthorization logic in MostRecentProvider did not reauthorize the use of the key, creating the potential for keys to be used after permissions to do so were revoked at the key provider.

Recommendations: For versions prior to 1.15.0, modify your code and adopt CachingMostRecentProvider to resolve the issue. As a temporary workaround for users who cannot upgrade to use the CachingMostRecentProvider, call clear() on the cache to manually flush all of its contents, which will force a re-validation to occur with the key provider on the next use of the key.