In AesEncryptor.cipher you’re initializing a Cipher instance with a static IV2 which is insecure.
One possible solution would be to generate the initialization vector using SecureRandom:
Assigned this to gdt as he is usually checking security issues. Feel free to reassign to Dave or leave it unassigned.
Unfortunately, it is not quite as simple as the ticket suggests; the IV is required to decrypt the text, too - which means it must be persisted, presumably in `conf/security.xml`.
On reflection, each property should have it's own IV, so the PR adds a column to the DB to save it.