aws
diff --git a/‎CHANGELOG.rst
+17 b/‎CHANGELOG.rst
+17
diff --git a/‎examples/src/most_recent_provider_encrypted_table.py
+3-3 b/‎examples/src/most_recent_provider_encrypted_table.py
+3-3
diff --git a/‎setup.cfg
+1 b/‎setup.cfg
+1
diff --git a/‎src/dynamodb_encryption_sdk/identifiers.py
+1-1 b/‎src/dynamodb_encryption_sdk/identifiers.py
+1-1
@@ -2,6 +2,23 @@
 Changelog
 *********
 
+1.3.0 -- 2021-02-04
+===================
+Adds the CachingMostRecentProvider and deprecates MostRecentProvider.
+
+Time-based key reauthorization logic in MostRecentProvider did not reauthorize
+the use of the key after key usage permissions were changed at the key provider
+(for example AWS Key Management Service). This created the potential for keys
+to be used in the DynamoDB Encryption Client after permissions to do so were revoked.
+
+CachingMostRecentProvider replaces MostRecentProvider and provides a cache entry
+TTL to reauthorize the key with the key provider.
+
+MostRecentProvider is now deprecated, and is removed in 2.0.0. See
+https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/most-recent-provider.html
+for more details.
+
+
 1.2.0 -- 2019-10-10
 ===================
 
 
@@ -10,14 +10,14 @@
 # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
 # ANY KIND, either express or implied. See the License for the specific
 # language governing permissions and limitations under the License.
-"""Example showing use of MostRecentProvider backed by a MetaStore using an AWS KMS CMP, with EncryptedTable."""
+"""Example showing use of CachingMostRecentProvider backed by a MetaStore using an AWS KMS CMP, with EncryptedTable."""
 import boto3
 from boto3.dynamodb.types import Binary
 
 from dynamodb_encryption_sdk.encrypted.table import EncryptedTable
 from dynamodb_encryption_sdk.identifiers import CryptoAction
 from dynamodb_encryption_sdk.material_providers.aws_kms import AwsKmsCryptographicMaterialsProvider
-from dynamodb_encryption_sdk.material_providers.most_recent import MostRecentProvider
+from dynamodb_encryption_sdk.material_providers.most_recent import CachingMostRecentProvider
 from dynamodb_encryption_sdk.material_providers.store.meta import MetaStore
 from dynamodb_encryption_sdk.structures import AttributeActions
 
@@ -47,7 +47,7 @@ def encrypt_item(table_name, aws_cmk_id, meta_table_name, material_name):
     # Create a meta store using the AWS KMS crypto materials provider.
     meta_store = MetaStore(table=meta_table, materials_provider=aws_kms_cmp)
     # Create a most recent provider using the meta store.
-    most_recent_cmp = MostRecentProvider(
+    most_recent_cmp = CachingMostRecentProvider(
         provider_store=meta_store,
         material_name=material_name,
         version_ttl=600.0,  # Check for a new material version every five minutes.
 
@@ -21,6 +21,7 @@ markers =
     integ: mark a test as an integration test (requires network access)
     ddb_integ: mark a test as an integration test that requires a real DynamoDB table (requires network access and not used in CI)
     accept: mark a test as an acceptance test (requires network access)
+    generate: mark a test as a generator of test vectors (requires network access)
     examples: mark a test as an examples test (requires network access)
     hypothesis: mark a test as using hypothesis (will run many times for each pytest call)
     hypothesis_strategy: mark a test as testing a hypothesis strategy
 
@@ -14,7 +14,7 @@
 from enum import Enum
 
 __all__ = ("LOGGER_NAME", "CryptoAction", "EncryptionKeyType", "KeyEncodingType")
-__version__ = "1.2.0"
+__version__ = "1.3.0"
 
 LOGGER_NAME = "dynamodb_encryption_sdk"
 USER_AGENT_SUFFIX = "DynamodbEncryptionSdkPython/{}".format(__version__)