diff --git a/CHANGELOG.md b/CHANGELOG.md index 5baf981..93b5658 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.9.4] - 2024-10-03 + +### Security + +- Patched protobuf-java vulnerability + ## [1.9.3] - 2024-09-19 ### Security diff --git a/NOTICE.txt b/NOTICE.txt index fb4f055..76046ae 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -12,10 +12,10 @@ THIRD PARTY COMPONENTS ********************** This software includes third party software subject to the following copyrights: -@aws-solutions-constructs/aws-apigateway-kinesisstreams under the Apache License 2.0 -@aws-solutions-constructs/aws-apigateway-lambda under the Apache License 2.0 -@aws-solutions-constructs/aws-kinesisfirehose-s3 under the Apache License 2.0 -@aws-solutions-constructs/aws-kinesisstreams-lambda under the Apache License 2.0 +@aws-solutions-constructs/aws-apigateway-kinesisstreams under the Apache-2.0 license. +@aws-solutions-constructs/aws-apigateway-lambda under the Apache-2.0 license. +@aws-solutions-constructs/aws-kinesisfirehose-s3 under the Apache-2.0 license. +@aws-solutions-constructs/aws-kinesisstreams-lambda under the Apache-2.0 license. AWS CDK under the Apache License Version 2.0 AWS Java SDK :: Auth under the Apache License Version 2.0 AWS Java SDK :: HTTP Clients :: Netty Non Blocking I/O under the Apache License Version 2.0 @@ -48,16 +48,16 @@ SLF4J Simple Binding under the Massachusetts Institute of Technology (MIT) licen Source Map Support under the Massachusetts Institute of Technology (MIT) license TypeScript under the Apache License Version 2.0 attrs under the Massachusetts Institute of Technology (MIT) License -aws-cdk-lib under the Apache License 2.0 +aws-cdk-lib under the Apache-2.0 license. aws-sdk under the Apache License Version 2.0 aws-sdk-mock under the Apache License Version 2.0 awscli under the Apache License 2.0 -boto3 under the Apache Software License (Apache 2.0) -botocore under the Apache License 2.0 +boto3 under the Apache-2.0 license. +botocore under the Apache-2.0 license. chai under the Massachusetts Institute of Technology (MIT) license colorama under the BSD License -coverage under the Apache License 2.0 -crhelper under the Apache License Version 2.0 +coverage under the Apache-2.0 license. +crhelper under the Apache-2.0 license. defusedxml under the Apache License 2.0 docutils under the BSD License filelock under the The Unlicense @@ -68,14 +68,14 @@ py-serializable under the Apache License 2.0 pyasn1 under the Apache License 2.0 pytest under the Massachusetts Institute of Technology (MIT) License python-dateutil under the Apache Software License, BSD License (Dual License) -requests under the Apache License Version 2.0 +requests under the Apache-2.0 license. rsa under the Apache License 2.0 s3transfer under the Apache License 2.0 sinon under the BSD-3-Clause license -source-map-support under the Apache License 2.0 +source-map-support under the MIT license. ts-jest under the Massachusetts Institute of Technology (MIT) license ts-node under the Massachusetts Institute of Technology (MIT) license -cdk-nag under the Apache License 2.0 +cdk-nag under the Apache-2.0 license. typing_extensions under Python Software Foundation License boolean.py under BSD-2-Clause license-expression under Apache License Version 2.0 @@ -90,8 +90,8 @@ com.amazonaws/aws-java-sdk-s3 under the Apache-2.0 license com.amazonaws/aws-java-sdk-sts under the Apache-2.0 license com.amazonaws/jmespath-java under the Apache-2.0 license com.damnhandy/handy-uri-templates under the Apache-2.0 license -com.demo/aws-kda-flink-ml under the license -com.demo/aws-kpl-demo under the license +com.demo/aws-kda-flink-ml under the Apache-2.0 license +com.demo/aws-kpl-demo under the Apache-2.0 license com.fasterxml.jackson.core/jackson-annotations under the Apache-2.0 license com.fasterxml.jackson.core/jackson-core under the Apache-2.0 license com.fasterxml.jackson.core/jackson-databind under the Apache-2.0 license @@ -674,6 +674,30 @@ yaml under the ISC license yn under the MIT license yocto-queue under the MIT license urllib3 under the MIT license +graceful-fs under the ISC license. +semver under the ISC license. +source-map under the BSD-3-Clause license. +@babel/types under the MIT license. +expect under the MIT license. +@jest/types under the MIT license. +stack-utils under the MIT license. +prettier under the MIT license. +@typescript-eslint/parser under the BSD-2-Clause license. +globals under the MIT license. +@typescript-eslint/types under the MIT license. +@typescript-eslint/utils under the MIT license. +@pkgr/utils under the MIT license. +jest under the MIT license. +@jest/core under the MIT license. +@babel/core under the MIT license. +istanbul-lib-coverage under the BSD-3-Clause license. +istanbul-lib-report under the BSD-3-Clause license. +istanbul-reports under the BSD-3-Clause license. +@sinonjs/fake-timers under the BSD-3-Clause license. +yargs under the MIT license. +yargs-parser under the ISC license. +@smithy/types under the Apache-2.0 license. +software.amazon.awssdk/annotations under the Apache-2.0 license. ******************** OPEN SOURCE LICENSES @@ -689,4 +713,5 @@ ISC - https://opensource.org/licenses/ISC MIT - https://opensource.org/licenses/MIT MIT-0 - https://github.com/aws/mit-0 Public Domain - https://github.com/stleary/JSON-java/blob/master/LICENSE -Unlicense - https://opensource.org/licenses/Unlicense \ No newline at end of file +Unlicense - https://opensource.org/licenses/Unlicense +Python-2.0 - https://spdx.org/licenses/Python-2.0.html \ No newline at end of file diff --git a/SECURITY.md b/SECURITY.md index 73feb89..004e849 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,6 +1,9 @@ -Reporting Security Issues ----------------------------------------------------------------------------------------------------------- -We take all security reports seriously. When we receive such reports, we will investigate and -subsequently address any potential vulnerabilities as quickly as possible. If you discover a potential -security issue in this project, please notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/) or -directly via email to [AWS Security](mailto:aws-security@amazon.com). Please do not create a public GitHub issue in this project. \ No newline at end of file +## Reporting Security Issues + +We take all security reports seriously. When we receive such reports, +we will investigate and subsequently address any potential vulnerabilities as +quickly as possible. If you discover a potential security issue in this project, +please notify AWS/Amazon Security via our [vulnerability reporting page] +(http://aws.amazon.com/security/vulnerability-reporting/) or directly via email +to [AWS Security](mailto:aws-security@amazon.com). +Please do *not* create a public GitHub issue in this project. \ No newline at end of file diff --git a/deployment/build-s3-dist.sh b/deployment/build-s3-dist.sh index 1b7a84d..88a6f8d 100755 --- a/deployment/build-s3-dist.sh +++ b/deployment/build-s3-dist.sh @@ -42,6 +42,7 @@ staging_dist_dir="$template_dir/staging" template_dist_dir="$template_dir/global-s3-assets" build_dist_dir="$template_dir/regional-s3-assets" source_dir="$template_dir/../source" +solution_root_dir="$template_dir/.." echo "------------------------------------------------------------------------------" echo "[Init] Remove any old dist files from previous runs" @@ -55,6 +56,19 @@ mkdir -p $build_dist_dir rm -rf $staging_dist_dir mkdir -p $staging_dist_dir +echo "------------------------------------------------------------------------------" +echo "[Create Solution Manifest] Create solution manifest file" +echo "------------------------------------------------------------------------------" +if [ ${SOLUTION_NAME} == "streaming-data-solution-for-amazon-kinesis" ]; then + echo "Creating Kinesis Solution Manifest" + cp ${solution_root_dir}/solution-manifest-kinesis.yaml ${solution_root_dir}/solution-manifest.yaml +elif [ ${SOLUTION_NAME} == "streaming-data-solution-for-amazon-msk" ]; then + echo "Creating MSK Solution Manifest" + cp ${solution_root_dir}/solution-manifest-msk.yaml ${solution_root_dir}/solution-manifest.yaml +else + echo "WARN: Cannot create solution-manifest.yaml." +fi + echo "------------------------------------------------------------------------------" echo "[Init] Get version of the AWS CDK" echo "------------------------------------------------------------------------------" diff --git a/source/kinesis/kda-flink-ml/pom.xml b/source/kinesis/kda-flink-ml/pom.xml index 5036d96..5904bcf 100644 --- a/source/kinesis/kda-flink-ml/pom.xml +++ b/source/kinesis/kda-flink-ml/pom.xml @@ -21,6 +21,13 @@ 3.2.4 + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + + + diff --git a/source/kinesis/kpl-demo/pom.xml b/source/kinesis/kpl-demo/pom.xml index 830f044..9fa9fb3 100644 --- a/source/kinesis/kpl-demo/pom.xml +++ b/source/kinesis/kpl-demo/pom.xml @@ -9,6 +9,13 @@ 1.6.0 jar + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + + + UTF-8 1.11 @@ -24,6 +31,11 @@ amazon-kinesis-producer 0.15.10 + + com.google.protobuf + protobuf-java + 3.25.5 + com.google.guava diff --git a/source/lambda/kds-lambda-consumer/package-lock.json b/source/lambda/kds-lambda-consumer/package-lock.json index 8405862..c9d19d2 100644 --- a/source/lambda/kds-lambda-consumer/package-lock.json +++ b/source/lambda/kds-lambda-consumer/package-lock.json @@ -1,12 +1,12 @@ { "name": "kds-lambda-consumer", - "version": "1.9.3", + "version": "1.9.4", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "kds-lambda-consumer", - "version": "1.9.3", + "version": "1.9.4", "license": "Apache-2.0", "devDependencies": { "chai": "4.3.4", diff --git a/source/lambda/kds-lambda-consumer/package.json b/source/lambda/kds-lambda-consumer/package.json index 5192bc8..3fa0eef 100644 --- a/source/lambda/kds-lambda-consumer/package.json +++ b/source/lambda/kds-lambda-consumer/package.json @@ -1,6 +1,6 @@ { "name": "kds-lambda-consumer", - "version": "1.9.3", + "version": "1.9.4", "description": "sample lambda consumer for KDS", "main": "index.js", "scripts": { diff --git a/source/lambda/msk-lambda-consumer/package-lock.json b/source/lambda/msk-lambda-consumer/package-lock.json index 89ea316..40526fe 100644 --- a/source/lambda/msk-lambda-consumer/package-lock.json +++ b/source/lambda/msk-lambda-consumer/package-lock.json @@ -1,12 +1,12 @@ { "name": "msk-lambda-consumer", - "version": "1.9.3", + "version": "1.9.4", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "msk-lambda-consumer", - "version": "1.9.3", + "version": "1.9.4", "license": "Apache-2.0", "devDependencies": { "chai": "4.3.4", diff --git a/source/lambda/msk-lambda-consumer/package.json b/source/lambda/msk-lambda-consumer/package.json index f337ba0..dbfb6b5 100644 --- a/source/lambda/msk-lambda-consumer/package.json +++ b/source/lambda/msk-lambda-consumer/package.json @@ -1,6 +1,6 @@ { "name": "msk-lambda-consumer", - "version": "1.9.3", + "version": "1.9.4", "description": "sample lambda consumer for MSK", "main": "index.js", "scripts": { diff --git a/source/lambda/msk-lambda-kdf/package-lock.json b/source/lambda/msk-lambda-kdf/package-lock.json index 974e2c1..6b1e61b 100644 --- a/source/lambda/msk-lambda-kdf/package-lock.json +++ b/source/lambda/msk-lambda-kdf/package-lock.json @@ -1,12 +1,12 @@ { "name": "msk-lambda-kdf", - "version": "1.9.3", + "version": "1.9.4", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "msk-lambda-kdf", - "version": "1.9.3", + "version": "1.9.4", "license": "Apache-2.0", "dependencies": { "@aws-sdk/client-firehose": "3.382.0" diff --git a/source/lambda/msk-lambda-kdf/package.json b/source/lambda/msk-lambda-kdf/package.json index 25006f9..4575449 100644 --- a/source/lambda/msk-lambda-kdf/package.json +++ b/source/lambda/msk-lambda-kdf/package.json @@ -1,6 +1,6 @@ { "name": "msk-lambda-kdf", - "version": "1.9.3", + "version": "1.9.4", "description": "lambda consumer that publishes MSK events to KDF", "main": "index.js", "scripts": { @@ -19,7 +19,7 @@ "jest": "^29.7.0", "sinon": "^18.0.1" }, - + "jest": { "testEnvironment": "node", "collectCoverage": true, diff --git a/source/lambda/taxi-fare-endpoint/package-lock.json b/source/lambda/taxi-fare-endpoint/package-lock.json index 2dea531..8aa7cee 100644 --- a/source/lambda/taxi-fare-endpoint/package-lock.json +++ b/source/lambda/taxi-fare-endpoint/package-lock.json @@ -1,12 +1,12 @@ { "name": "taxi-fare-endpoint", - "version": "1.9.3", + "version": "1.9.4", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "taxi-fare-endpoint", - "version": "1.9.3", + "version": "1.9.4", "license": "Apache-2.0", "devDependencies": { "chai": "4.3.4", diff --git a/source/lambda/taxi-fare-endpoint/package.json b/source/lambda/taxi-fare-endpoint/package.json index 2a0dcdd..65b444b 100644 --- a/source/lambda/taxi-fare-endpoint/package.json +++ b/source/lambda/taxi-fare-endpoint/package.json @@ -1,6 +1,6 @@ { "name": "taxi-fare-endpoint", - "version": "1.9.3", + "version": "1.9.4", "description": "sample endpoint for taxi fare prediction", "main": "index.js", "scripts": { diff --git a/source/package-lock.json b/source/package-lock.json index 909fe01..a7ec323 100644 --- a/source/package-lock.json +++ b/source/package-lock.json @@ -1,12 +1,12 @@ { "name": "streaming-data-solution", - "version": "1.9.3", + "version": "1.9.4", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "streaming-data-solution", - "version": "1.9.3", + "version": "1.9.4", "license": "Apache-2.0", "dependencies": { "@aws-solutions-constructs/aws-apigateway-kinesisstreams": "2.45.0", diff --git a/source/package.json b/source/package.json index 337a091..aa576ef 100644 --- a/source/package.json +++ b/source/package.json @@ -1,6 +1,6 @@ { "name": "streaming-data-solution", - "version": "1.9.3", + "version": "1.9.4", "bin": { "streaming-data-solution": "bin/streaming-data-solution.js" },