Releases: aws-solutions/aws-waf-security-automations
Releases · aws-solutions/aws-waf-security-automations
[4.0.6] - 2024-12-17
[4.0.6] - 2024-12-17
Changed
- Update the lambda to python 3.12
Fixed
- Added a check for payload for logging before sanitizing and logging Github issue 274
[4.0.5] - 2024-10-24
[4.0.5] - 2024-10-24
Changed
- Add poetry.lock to pin dependency versions for Python code
- Adapt build scripts to use Poetry for dependency management
- Replace native Python logger with aws_lambda_powertools logger
[4.0.4] - 2024-09-23
Fixed
- Patched dependency version of
requests
to2.32.3
to mitigate CVE-2024-3651 - Pinned all dependencies to specific versions for reproducable builds and enable security scanning
- Allow to install latest version of
urllib3
as transitive dependency
v4.0.3
[4.0.3] - 2023-10-25
Fixed
- Patched urllib3 vulnerability as it is possible for a user to specify a Cookie header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. For more details: CVE-2023-43804
v4.0.2
[4.0.2] - 2023-09-11
Fixed
- Update trademarked name. From aws-waf-security-automations.zip to security-automations-for-aws-waf.zip
- Refactor to reduce code complexity
- Patched requests package vulnerability leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. For more details: CVE-2023-32681 Github issue 248
v4.0.1
v4.0.0
Added
- Added support for 10 new AWS Managed Rules rule groups (AMR)
- Added support for country and URI configurations in HTTP Flood Athena log parser
- Added support for user-defined S3 prefix for application access log bucket
- Added support for CloudWatch log retention period configuration
- Added support for multiple solution deployments in the same account and region
- Added support for exporting CloudFormation stack output values
- Replaced the hard coded amazonaws.com with {AWS::URLSuffix} in BadBotHoneypot API endpoint
Fixed
- Avoid account-wide API Gateway logging setting change by deleting the solution stack GitHub issue 213
- Avoid creating a new logging bucket for an existing app access log bucket that already has logging enabled
v3.2.5
v3.2.4
[3.2.4] - 2023-02-06
Changed
- Upgraded pytest to mitigate CVE-2022-42969
- Upgraded requests and subsequently certifi to mitigate CVE-2022-23491
v3.2.3
[3.2.3] - 2022-12-13
Changed
- Add region as prefix to application attribute group name to avoid conflict with name starting with AWS.