Skip to content

Releases: aws-solutions/aws-waf-security-automations

[4.0.5] - 2024-10-24

29 Oct 14:27
@tbelmega tbelmega
v4.0.5
885146e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
[4.0.5] - 2024-10-24 Latest
Latest

[4.0.5] - 2024-10-24

Changed

  • Add poetry.lock to pin dependency versions for Python code
  • Adapt build scripts to use Poetry for dependency management
  • Replace native Python logger with aws_lambda_powertools logger
Assets 2
Loading

[4.0.4] - 2024-09-23

23 Sep 20:01
@tbelmega tbelmega
v4.0.4
28b94cf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
[4.0.4] - 2024-09-23

Fixed

  • Patched dependency version of requests to 2.32.3 to mitigate CVE-2024-3651
  • Pinned all dependencies to specific versions for reproducable builds and enable security scanning
  • Allow to install latest version of urllib3 as transitive dependency
Assets 2
Loading

v4.0.3

23 Oct 17:41
@aijunpeng aijunpeng
v4.0.3
bf5ca0d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v4.0.3

[4.0.3] - 2023-10-25

Fixed

  • Patched urllib3 vulnerability as it is possible for a user to specify a Cookie header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. For more details: CVE-2023-43804
Assets 2
Loading

v4.0.2

11 Sep 17:12
@fhoueto-amz fhoueto-amz
v4.0.2
50ecbe0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v4.0.2

[4.0.2] - 2023-09-11

Fixed

  • Update trademarked name. From aws-waf-security-automations.zip to security-automations-for-aws-waf.zip
  • Refactor to reduce code complexity
  • Patched requests package vulnerability leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. For more details: CVE-2023-32681 Github issue 248
Assets 2
Loading

v4.0.1

19 May 17:00
@knihit knihit
v4.0.1
130ec1b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v4.0.1

Fixed

  • Updated gitignore files to resolve the issue for missing files #243, #244, #245
Assets 2
Loading

v4.0.0

11 May 18:38
@knihit knihit
v4.0.0
43bf6bd
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v4.0.0

Added

  • Added support for 10 new AWS Managed Rules rule groups (AMR)
  • Added support for country and URI configurations in HTTP Flood Athena log parser
  • Added support for user-defined S3 prefix for application access log bucket
  • Added support for CloudWatch log retention period configuration
  • Added support for multiple solution deployments in the same account and region
  • Added support for exporting CloudFormation stack output values
  • Replaced the hard coded amazonaws.com with {AWS::URLSuffix} in BadBotHoneypot API endpoint

Fixed

  • Avoid account-wide API Gateway logging setting change by deleting the solution stack GitHub issue 213
  • Avoid creating a new logging bucket for an existing app access log bucket that already has logging enabled
Assets 2
Loading

v3.2.5

17 Apr 22:49
@aijunpeng aijunpeng
v3.2.5
313a0c6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v3.2.5

[3.2.5] - 2023-04-18

Patched

  • Patch s3 logging bucket settings
  • Updated the timeout for requests
Assets 2
Loading

v3.2.4

01 Feb 21:35
@aijunpeng aijunpeng
v3.2.4
bee15d7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v3.2.4

[3.2.4] - 2023-02-06

Changed

Assets 2
Loading

v3.2.3

13 Dec 18:38
@groverlalit groverlalit
v3.2.3
081acf4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v3.2.3

[3.2.3] - 2022-12-13

Changed

  • Add region as prefix to application attribute group name to avoid conflict with name starting with AWS.
Assets 2
Loading

v3.2.2

05 Dec 18:09
@groverlalit groverlalit
v3.2.2
d411a9e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v3.2.2

[3.2.2] - 2022-12-05

Added

  • Added AppRegistry integration
Assets 2
Loading