v2.4.4

[2.4.4] - 2025-09-24

Security

• Updated axios from 1.7.7 to 1.12.1 to mitigate CVE-2025-58754, a DoS vulnerability.
• Updated Python Lambda base image from public.ecr.aws/lambda/python:3.12.2025.09.02.19 to public.ecr.aws/lambda/python:3.12.2025.09.22.12 to address CVE-2025-24528, CVE-2025-3576, CVE-2025-7425, and CVE-2025-8058.
• Removed deprecated NPM package "fs" has been identified as potentially vulnerable to package takeover.

Fixed

• Fixed solution CloudFormation template deployment failures in AWS China partition by implementing partition-aware S3 URL generation Issue #338
• Fixed timeout issue with Get Agent status API by optimizing retry logic to work within AppSync's 30 second timeout limit

v2.4.3

[2.4.3] - 2025-09-03

Security

• Updated AWS Lambda container base image to address medium severity CVEs.

Fixed

• OpenSearch dashboard ID conflict issue for CloudFront and CloudTrail log pipelines that caused dashboard overwrites when multiple pipelines were created.

v2.4.2

[2.4.2] - 2025-08-04

Security

• Updated AWS Lambda container base image to address libxml2 vulnerability CVE-2025-49795

v2.4.1

[2.4.1] - 2025-07-29

Security

• Updated form-data package to address CVE-2025-7783
• Updated urllib3 package to address CVE-2025-50182
• Updated requests package to address CVE-2024-47081

v2.4.0

[2.4.0] - 2025-05-22

Added

• Anonymized operational metrics collection

Changed

• Added input validation to ensure Light Engine table name only contains alphanumeric characters, hyphens, and underscores
• Renamed PostgreSQL log field duration to query_time for consistency with existing MySQL log format

Fixed

• Issue where domains would display inconsistent metric values. Issue #277
• Enhanced OpenSearch API retry mechanism in Log processor Lambda to handle IAM role propagation delays

Security

• Updated setuptools package to address CVE-2025-47273

v2.3.3

[2.3.3] - 2025-04-30

Updated

• Cognito user invitation email template

Fixed

• NGINX service startup issue and optimized health check settings for OpenSearch Access Proxy instances
• OpenSearch bulk loading to split large payloads into smaller batches to comply with OpenSearch's HTTP request size limits
• PostgreSQL log ingestion parser to parse duration and log message into separate fields

Security

• Updated http-proxy-middleware to version 2.0.9
• Updated AWS CDK packages to latest versions

v2.3.2

[2.3.2] - 2025-03-14

Fixed

• Fixed an issue where Lambda Elastic Network Interface resources were not being properly cleaned up during CloudFormation stack deletion

Security

• Updated axios package to address CVE-2025-27152
• Updated Jinja2 package to address CVE-2025-27516
• Updated prismjs package to address CVE-2024-53382
• Updated Babel packages to address CVE-2025-27789

v2.3.1

[2.3.1] - 2025-02-24

Changed

• Migrated to Poetry for Python dependency management

Fixed

• Fixed S3 permission issue when creating cross-account Lambda log ingestion pipeline Issue #312
• Fixed STS credential expiration handling when ingesting logs from cross-account sources
• Fixed Opensearch index rollover timeout issue

Security

• Updated serialize-javascript package to address CVE-2024-11831
• Updated cryptography package to address CVE-2024-12797

v2.3.0

[2.3.0] - 2024-12-11

Added

• Add the architecture diagram of sampled WAF logs when creating WAF log pipeline. #132
• Add the support of ingesting Aurora/RDS PostgreSQL logs. #122

Changed

• Replace Amazon SQS with Amazon EventBridge to mitigate the Amazon S3 Event Notifications creation failure. #12
• Redesigned the log ingestion workflow to ingest logs from RDS without the dependency of CloudWatch Logs. #102
• Reordered pipeline creation workflow: log type and analytics engine selection now occur first for AWS service log pipelines. #309

Fixed

• Fix the sampling rate validation issue to allow only positive integers when creating CloudFront real-time logs. #302
• Fix the issue that the pipeline cannot be created due to a lack of "iam:TagRole" permission in some AWS Accounts. #279
• Fix the issue that the content of Log Config detail may exceed the maximum length of the window. #275
• Fix the issue that the EKS DaemonSet Guide is not refreshed after editing the log config. #241
• Fix the user interface issue that a wrong S3 bucket prefix is using when creating WAF log pipeline if the logging has already been enabled. #67

v2.2.2

[2.2.2] - 2024-08-23

Changed

• Support editing the auto-generated Regular Expression of Nginx and Apache log in the Log Config. #301
• Adjusted the error logs from info level to error level in the log-processor function. #305

Fixed

• Fixed failed to retrieve instance status due to too many instances in the Instance Group details page. #298
• Remove the redundant sign in alert dialog modal when user session expired. #303
• Fixed the Grafana url validation failed with spaces when import a Grafana Server. #304