From 31c95aa031ea6e5e7cd1bf8d08e3c6543f0ab2e7 Mon Sep 17 00:00:00 2001
From: James Lopez <james@jameslopez.es>
Date: Tue, 28 Jun 2016 09:55:19 +0200
Subject: [PATCH 1/2] add missing attribute to attr_encrypted so it is fully
 backwards-compatible

---
 app/models/ci/variable.rb         | 1 +
 app/models/project_import_data.rb | 1 +
 app/models/user.rb                | 1 +
 3 files changed, 3 insertions(+)

diff --git a/app/models/ci/variable.rb b/app/models/ci/variable.rb
index f8d5d4486fd..c9c47ec7419 100644
--- a/app/models/ci/variable.rb
+++ b/app/models/ci/variable.rb
@@ -13,6 +13,7 @@ module Ci
 
     attr_encrypted :value, 
        mode: :per_attribute_iv_and_salt,
+       insecure_mode: true,
        key: Gitlab::Application.secrets.db_key_base,
        algorithm: 'aes-256-cbc'
   end
diff --git a/app/models/project_import_data.rb b/app/models/project_import_data.rb
index ca8a9b4217b..331123a5a5b 100644
--- a/app/models/project_import_data.rb
+++ b/app/models/project_import_data.rb
@@ -7,6 +7,7 @@ class ProjectImportData < ActiveRecord::Base
                  marshal: true,
                  encode: true,
                  mode: :per_attribute_iv_and_salt,
+                 insecure_mode: true,
                  algorithm: 'aes-256-cbc'
 
   serialize :data, JSON
diff --git a/app/models/user.rb b/app/models/user.rb
index 599b2fb1191..767d6366c79 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -25,6 +25,7 @@ class User < ActiveRecord::Base
   attr_encrypted :otp_secret,
     key:       Gitlab::Application.config.secret_key_base,
     mode:      :per_attribute_iv_and_salt,
+    insecure_mode: true,
     algorithm: 'aes-256-cbc'
 
   devise :two_factor_authenticatable,

From ea441cf27ed5fb3009206de404545e3285b86dd0 Mon Sep 17 00:00:00 2001
From: James Lopez <james@jameslopez.es>
Date: Tue, 28 Jun 2016 09:57:13 +0200
Subject: [PATCH 2/2] add changelog

---
 CHANGELOG | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index 6506f49174a..9140e1a029f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -15,6 +15,9 @@ v 8.10.0 (unreleased)
   - Add API endpoint for a group issues !4520 (mahcsig)
   - Allow [ci skip] to be in any case and allow [skip ci]. !4785 (simon_w)
 
+v 8.9.3 (unreleased)
+  - Fix encrypted data backwards compatibility after upgrading attr_encrypted gem
+
 v 8.9.2
   - Fix visibility of snippets when searching.
   - Fix an information disclosure when requesting access to a group containing private projects.