Skip to content

Releases: aws-solutions/aws-waf-security-automations

[4.0.6] - 2024-12-17

17 Dec 19:34
321d3bf
Compare
Choose a tag to compare

[4.0.6] - 2024-12-17

Changed

  • Update the lambda to python 3.12

Fixed

  • Added a check for payload for logging before sanitizing and logging Github issue 274

[4.0.5] - 2024-10-24

29 Oct 14:27
885146e
Compare
Choose a tag to compare

[4.0.5] - 2024-10-24

Changed

  • Add poetry.lock to pin dependency versions for Python code
  • Adapt build scripts to use Poetry for dependency management
  • Replace native Python logger with aws_lambda_powertools logger

[4.0.4] - 2024-09-23

23 Sep 20:01
28b94cf
Compare
Choose a tag to compare

Fixed

  • Patched dependency version of requests to 2.32.3 to mitigate CVE-2024-3651
  • Pinned all dependencies to specific versions for reproducable builds and enable security scanning
  • Allow to install latest version of urllib3 as transitive dependency

v4.0.3

23 Oct 17:41
bf5ca0d
Compare
Choose a tag to compare

[4.0.3] - 2023-10-25

Fixed

  • Patched urllib3 vulnerability as it is possible for a user to specify a Cookie header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. For more details: CVE-2023-43804

v4.0.2

11 Sep 17:12
50ecbe0
Compare
Choose a tag to compare

[4.0.2] - 2023-09-11

Fixed

  • Update trademarked name. From aws-waf-security-automations.zip to security-automations-for-aws-waf.zip
  • Refactor to reduce code complexity
  • Patched requests package vulnerability leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. For more details: CVE-2023-32681 Github issue 248

v4.0.1

19 May 17:00
130ec1b
Compare
Choose a tag to compare

Fixed

  • Updated gitignore files to resolve the issue for missing files #243, #244, #245

v4.0.0

11 May 18:38
43bf6bd
Compare
Choose a tag to compare

Added

  • Added support for 10 new AWS Managed Rules rule groups (AMR)
  • Added support for country and URI configurations in HTTP Flood Athena log parser
  • Added support for user-defined S3 prefix for application access log bucket
  • Added support for CloudWatch log retention period configuration
  • Added support for multiple solution deployments in the same account and region
  • Added support for exporting CloudFormation stack output values
  • Replaced the hard coded amazonaws.com with {AWS::URLSuffix} in BadBotHoneypot API endpoint

Fixed

  • Avoid account-wide API Gateway logging setting change by deleting the solution stack GitHub issue 213
  • Avoid creating a new logging bucket for an existing app access log bucket that already has logging enabled

v3.2.5

17 Apr 22:49
313a0c6
Compare
Choose a tag to compare

[3.2.5] - 2023-04-18

Patched

  • Patch s3 logging bucket settings
  • Updated the timeout for requests

v3.2.4

01 Feb 21:35
bee15d7
Compare
Choose a tag to compare

[3.2.4] - 2023-02-06

Changed

v3.2.3

13 Dec 18:38
081acf4
Compare
Choose a tag to compare

[3.2.3] - 2022-12-13

Changed

  • Add region as prefix to application attribute group name to avoid conflict with name starting with AWS.