| Date |
Change |
| September 2016 |
Initial release |
| January 2017 |
Clarification on IP address limits in this solution. |
| March 2017 |
Additional guidance on creating a cache behavior; updated URLs for AWS Security
Blog posts. |
| June 2017 |
Added ALB support and updated product limits. |
| November 2017 |
Added rate-based rule support for HTTP flood protection; additional links for
storing resource access logs. |
| January 2018 |
Updated content on regional availability of AWS WAF for Application Load Balancers. |
| December 2018 |
Added IPv6 Support, expanded CIDR ranges, and added a monitoring dashboard. |
| April 2019 |
AWS WAF logs integration, Amazon Athena integration, and added a configurable log
parser. |
| December 2019 |
Added information on support for Node.js update. |
| February 2020 |
Bug fixes and update to the RequestThreshold parameter. |
| June 2020 |
Added Athena cost optimization using partitioning; updated README instruction;
fixed a potential DoS issue within Bad Bots X-Forward-For header. |
| July 2020 |
Upgraded from AWS WAF Classic to AWS WAFV2 service API. |
| November 2020 |
Release version 3.1.0: clarification on HTTP Flood Protection and Scanner &
Probe Protection rules for specific Regions; replaced S3 path-type with virtual-hosted
style; added partition variable to all ARNs; for more information, refer to the CHANGELOG.md file in the GitHub repository. |
| September 2021 |
Release version 3.2.0: Added IP retention support on Allowed and Denied IP Sets;
bug fixes. For more information, refer to the CHANGELOG.md file in the GitHub repository. |
| August 2022 |
Release version 3.2.1: Added support on WAF oversize handling for request
components; added support on WAF sensitivity levels for SQL injection rule statements.
For more information, refer to the CHANGELOG.md file in the GitHub repository. |
| September 2022 |
Updated documentation for customization outside of the solution’s CloudFormation
stack. |
| December 2022 |
Release version 3.2.2: Added integration with Service Catalog AppRegistry and AWS Systems Manager
Application Manager. For more information, refer to the CHANGELOG.md file in the GitHub repository. |
| December 2022 |
Release version 3.2.3: Add region as prefix to application attribute group name to
avoid conflict with name starting with AWS. For more information, refer to the CHANGELOG.md file in the GitHub repository. |
| February 2023 |
Release version 3.2.4: Upgraded pytest and requests to mitigate CVE. For more
information, refer to the CHANGELOG.md file in the GitHub repository. |
| March 2023 |
Updated documentation for upgrading solution from version 3.0 or 3.1 to 3.2 or
newer that has allowed or denied IP addresses. |
| April 2023 |
Release version 3.2.5: Mitigated impact caused by new default settings for Amazon S3
Object Ownership (ACLs disabled) for all new Amazon S3 buckets. For more information, refer
to the CHANGELOG.md file in the GitHub repository. |
| May 2023 |
Release version 4.0.0: Added support for new AWS Managed Rules rule groups and updated custom
rules. For more information, refer to the CHANGELOG.md file in the GitHub repository. |
| May 2023 |
Release version 4.0.1: Updated .gitignore file to resolve issue of
missing files. For more information, refer to the CHANGELOG.md file in the GitHub repository. |
| September 2023 |
Release version 4.0.2: Refactored code to improve quality. Patched request package
vulnerability. For more information, refer to the CHANGELOG.md file in the GitHub repository. |
| October 2023 |
Release version 4.0.3: Updated package versions to resolve security
vulnerabilities. For more information, refer to the CHANGELOG.md file in the GitHub repository. |
| November 2023 |
Documentation update: Added AWS Developer Support and merged Contact AWS Support
into the Troubleshooting section. |
| November 2023 |
Documentation update: Added Confirm cost tags associated
with the solution to the Monitoring the solution with AWS Service Catalog
AppRegistry section. |
| April 2024 |
Documentation update: Clarified instructions for adding an S3 bucket in deployment
step 3. |
| September 2024 |
Release version 4.0.4: Updated package versions to resolve security
vulnerabilities. For more information, refer to the CHANGELOG.md file in the GitHub repository. |
| October 2024 |
Release version 4.0.5: Used Poetry for dependency management. Replaced native
Python logger with aws_lambda_powertools logger. For more information, refer to the
CHANGELOG.md file in the GitHub repository. |
| December 2024 |
Release version 4.0.6: Update the lambda to python 3.12.
For more information, refer to the CHANGELOG.md file in the GitHub repository. |
