Prowler 3.16.12 - Back in the Village

What's Changed

Chores

• chore(v3): update latest changes from v4 by @sergargar in #4459
  • fix(glue): add getters for connection attributes (#4445)
  • fix(iam_avoid_root_usage): change timestamp format (#4446)
  • fix(entra): Change to correct service in entra_user_with_vm_access_has_mfa metadata (#4454)

Dependencies

• chore(deps): bump boto3 from 1.34.143 to 1.34.144 by @dependabot in #4452
• chore(deps): bump botocore from 1.34.143 to 1.34.144 by @dependabot in #4443
• chore(deps): bump google-api-python-client from 2.136.0 to 2.137.0 by @dependabot in #4418
• chore(deps): bump jsonschema from 4.22.0 to 4.23.0 by @dependabot in #4406
• chore(deps): bump msgraph-sdk from 1.4.0 to 1.5.2 by @dependabot in #4430
• chore(deps): bump slack-sdk from 3.30.0 to 3.31.0 by @dependabot in #4381
• chore(deps-dev): bump coverage from 7.5.4 to 7.6.0 by @dependabot in #4436
• chore(deps-dev): bump moto from 5.0.10 to 5.0.11 by @dependabot in #4408
• chore(deps-dev): bump safety from 3.2.3 to 3.2.4 by @dependabot in #4382

Full Changelog: 3.16.11...3.16.12

Prowler 3.16.11 - Back in the Village

What's Changed

• chore(deps): bump google-api-python-client from 2.135.0 to 2.136.0 by @dependabot in #4365
• chore(deps): bump botocore from 1.34.138 to 1.34.139 by @dependabot in #4374
• chore(deps): bump boto3 from 1.34.137 to 1.34.139 by @dependabot in #4376
• chore(acm): add ignore unused services feature by @sergargar in #4371

Full Changelog: 3.16.10...3.16.11

Prowler 3.16.10 - Back in the Village

What's Changed

Chores

• chore(v3): include latest v4 changes by @sergargar in #4350
  • chore(acm): Improve near-expiration certificates check (#4207)
  • chore(network): Reduce network watchers azure check findings (#4242)
  • fix(aws): aws check and metadata fixes (#4251)
  • chore(s3): reduce false positive in s3 public check (#4281)
  • fix(rds): handle not existing endpoint (#4285)
  • fix(csv-outputs): compliance outputs not showing consistents values (#4287)
  • fix(codebuild): enhance service functions (#4319)
  • fix(aws): parallelize functions per resource (#4323)
  • fix(s3): handle empty Action in bucket policy (#4328)

Dependencies

• chore(deps): bump azure-identity from 1.16.1 to 1.17.1 by @dependabot in #4312
• chore(deps): bump azure-mgmt-cosmosdb from 9.5.0 to 9.5.1 by @dependabot in #4306
• chore(deps): bump azure-mgmt-storage from 21.2.0 to 21.2.1 by @dependabot in #4340
• chore(deps): bump azure-mgmt-web from 7.2.0 to 7.3.0 by @dependabot in #4304
• chore(deps): bump boto3 from 1.34.132 to 1.34.136 by @dependabot in #4354
• chore(deps): bump botocore from 1.34.136 to 1.34.137 by @dependabot in #4353
• chore(deps): bump docker/build-push-action from 5 to 6 by @dependabot in #4262
• chore(deps): bump google-api-python-client from 2.134.0 to 2.135.0 by @dependabot in #4338
• chore(deps): bump pydantic from 1.10.16 to 1.10.17 by @dependabot in #4307
• chore(deps): bump requests from 2.32.2 to 2.32.3 by @dependabot in #4341
• chore(deps): bump slack-sdk from 3.29.0 to 3.30.0 by @dependabot in #4309
• chore(deps): bump trufflesecurity/trufflehog from 3.78.2 to 3.79.0 by @dependabot in #4336
• chore(deps): Upgrade requests to 2.32.2 by @jfagoagas in #4314
• chore(deps-dev): bump bandit from 1.7.8 to 1.7.9 by @dependabot in #4268
• chore(deps-dev): bump coverage from 7.5.3 to 7.5.4 by @dependabot in #4302
• chore(deps-dev): bump flake8 from 7.0.0 to 7.1.0 by @dependabot in #4267
• chore(deps-dev): bump moto from 5.0.9 to 5.0.10 by @dependabot in #4346
• chore(deps-dev): bump pylint from 3.2.3 to 3.2.5 by @dependabot in #4348
• chore(deps-dev): bump pytest from 8.2.1 to 8.2.2 by @dependabot in #4216
• chore(deps-dev): bump safety from 3.2.0 to 3.2.3 by @dependabot in #4221
• chore(python): update vulnerable anyio library by @jfagoagas in #4349

Full Changelog: 3.16.9...3.16.10

Prowler 4.2.4 - 2 Minutes to Midnight

What's Changed

Fixes

• fix(compliance): check if custom check has compliance metadata by @sergargar in #4208
• fix(encoding): handle encoding issues and improve error handling in config and HTML file loading functions by @lshw54 in #4203
• fix(custom): execute custom checks by @sejimhp in #4202
• fix(dashboard): fix styles in overview page by @pedrooot in #4204
• fix(html): fix status from HTML outputs by @pedrooot in #4206

Chores

• chore(acm): Improve near-expiration certificates check by @puchy22 in #4207
• chore(regions_update): Changes in regions for AWS services. by @jfagoagas in #4205

New Contributors

• @sejimhp made their first contribution in #4202
• @lshw54 made their first contribution in #4203

Full Changelog: 4.2.3...4.2.4

Prowler 4.2.3 - 2 Minutes to Midnight

What's Changed

Fixes

• fix(elasticache): handle empty cluster subnets by @sergargar in #4192
• fix(glue): check if get dev endpoints call is supported by @sergargar in #4193
• fix(rds): handle not existing parameter values by @sergargar in #4191
• fix(s3): check if account is signed up by @sergargar in #4194
• fix(html): resolve html changing finding status by @pedrooot in #4199
• fix(html): handle muted status to html outputs by @pedrooot in #4195

Documentation

• docs(reporting): fix mapping of json-ocsf field cloud.account.type by @kagahd in #4186
• docs(index): fix docu about output modes by @kagahd in #4187

Full Changelog: 4.2.2...4.2.3

Prowler 3.16.9 - Back in the Village

What's Changed

Chores

• chore(backport): update v3 with latest changes by @sergargar in #4198
  • chore(regions_update): Changes in regions for AWS services. (#4178)
  • fix(rds): handle not existing parameter values (#4191)
  • fix(elasticache): handle empty cluster subnets (#4192)
  • fix(glue): check if get dev endpoints call is supported (#4193)
  • fix(s3): check if account is signed up (#4194)
• chore(deps): bump boto3 from 1.34.109 to 1.34.113 by @dependabot in #4173
• chore(deps): bump botocore from 1.34.113 to 1.34.118 by @dependabot in #4176
• chore(deps): bump google-api-python-client from 2.130.0 to 2.131.0 by @dependabot in #4174
• chore(deps): bump trufflesecurity/trufflehog from 3.76.3 to 3.77.0 by @dependabot in #4168
• chore(deps-dev): bump coverage from 7.5.2 to 7.5.3 by @dependabot in #4175
• chore(deps-dev): bump mkdocs-git-revision-date-localized-plugin from 1.2.5 to 1.2.6 by @dependabot in #4172
• chore(deps-dev): bump moto from 5.0.8 to 5.0.9 by @dependabot in #4171

Full Changelog: 3.16.8...3.16.9

Prowler 4.2.2 - 2 Minutes to Midnight

What's Changed

Fixes

• fix(cloudtrail): check if trails exist in service by @sergargar in #4161
• fix(cloudtrail): trail.region must be home region by @jfagoagas in #4153
• fix(defender): Add new parameter required by new API version by @puchy22 in #4147
• fix(dependencies): ignore jinja vulnerability by @pedrooot in #4154
• fix(html): add correct color for manual findings by @pedrooot in #4184
• fix(html): make Prowler logo resizable by @pedrooot in #4185
• fix(mutelist): Handle items starting by * by @jfagoagas in #4136
• fix(mutelist): return False if something fails by @jfagoagas in #4139
• fix(mutelist): Split code for AWS and the rest of providers by @jfagoagas in #4143
• fix(rds): Handle DBParameterGroupNotFound by @jfagoagas in #4148
• fix(rds): use correct API call for cluster parameters by @sergargar in #4150
• fix(trustedadvisor): handle AccessDenied exception by @sergargar in #4158

Chores

• chore(AWS): allow ingress to any port for user defined network interface types by @kagahd in #4094
• chore(cloudformation): Update related URL by @rieck-srlabs in #4134
• chore(deps): bump boto3 from 1.34.109 to 1.34.113 by @dependabot in #4165
• chore(deps): bump botocore from 1.34.113 to 1.34.118 by @dependabot in #4170
• chore(deps): bump google-api-python-client from 2.130.0 to 2.131.0 by @dependabot in #4166
• chore(deps): bump trufflesecurity/trufflehog from 3.76.3 to 3.77.0 by @dependabot in #4163
• chore(deps-dev): bump coverage from 7.5.2 to 7.5.3 by @dependabot in #4167
• chore(deps-dev): bump mkdocs-git-revision-date-localized-plugin from 1.2.5 to 1.2.6 by @dependabot in #4164
• chore(deps-dev): bump moto from 5.0.8 to 5.0.9 by @dependabot in #4169
• chore(ec2): add scan unused services logic to SG check by @sergargar in #4138
• chore(favicon): update favicon logo by @sergargar in #4151
• chore(iam): Downgrade AWS IAM check severity by @rieck-srlabs in #4149
• chore(regions_update): Changes in regions for AWS services. by @jfagoagas in #4178
• chore(version): update Prowler version by @sergargar in #4131
• chore(vpc): add scan unused services logic to VPC checks by @sergargar in #4137
• refactor(banner): remove unneeded arguments by @jfagoagas in #4155
• refactor(run_check): Simplify and add tests by @jfagoagas in #4183
• refactor(Slack): create class by @jfagoagas in #4127

Full Changelog: 4.2.1...4.2.2

Prowler 3.16.8 - Back in the Village

What's Changed

Fixes

• fix(cloudtrail): check if trails exist in service by @sergargar in #4162

Full Changelog: 3.16.7...3.16.8

Prowler 3.16.7 - Back in the Village

What's Changed

Chores

• chore(backport): include latest changes of v4 by @sergargar in #4159
  • fix(defender): Add new parameter required by new API version (#4147)
  • chore(iam): Downgrade AWS IAM check severity (#4149)
  • fix(rds): use correct API call for cluster parameters (#4150)
  • fix(dependencies): ignore jinja vulnerability (#4154)
  • fix(cloudtrail): trail.region must be home region (#4153)
  • fix(trustedadvisor): handle AccessDenied exception (#4158)

Full Changelog: 3.16.6...3.16.7

Prowler 3.16.6 - Back in the Village

What's Changed

Fixes

• fix(allowlist): Handle items starting by * by @jfagoagas in #4135
• fix(allowlist): return False if something fails by @jfagoagas in #4140

Chores

• chore(backport): put latest changes of v4 to v3 by @sergargar in #4144
  • chore(aws): Add failed_checks to track (#4018)
  • feat(rds): Add AWS RDS clusters to transport encryption check (#4028)
  • fix(gcp): handle projects API Call error (#4055)
  • fix(doc): mapping of extra748 and add extra74 (#4059)
  • chore(IAM): Improve IAM checks for Azure (#4061)
  • chore(regions_update): Changes in regions for AWS services. (#4071)
  • chore(slack): change Slack channel name env variable (#4080)
  • fix(rds): solve ParameterValue KeyError (#4085)
  • fix(opensearch): handle non existing SAMLOptions in domain (#4086)
  • fix(rds): ParameterValue MySQL and MariaDB RDS Instances (#4116)
  • chore(regions_update): Changes in regions for AWS services. (#4126)
  • chore(cloudformation): Update related URL (#4134)
  • chore(vpc): add scan unused services logic to VPC checks (#4137)
  • fix(allowlist): return False if something fails (#4140)
  • fix(outputs): fill compliance field for outputs (#4054)
  • chore(ec2): add scan unused services logic to SG check (#4138)

Dependencies

• chore(deps): bump azure-mgmt-resource from 23.0.1 to 23.1.1 by @dependabot in #3998
• chore(deps): bump microsoft-kiota-abstractions from 1.3.2 to 1.3.3 by @dependabot in #4097
• chore(deps-dev): bump coverage from 7.5.1 to 7.5.2 by @dependabot in #4099
• chore(deps-dev): bump moto from 5.0.7 to 5.0.8 by @dependabot in #4100
• chore(deps): bump boto3 from 1.34.105 to 1.34.109 by @dependabot in #4101
• chore(deps-dev): bump docker from 7.0.0 to 7.1.0 by @dependabot in #4102
• chore(deps): bump google-api-python-client from 2.129.0 to 2.130.0 by @dependabot in #4098
• chore(deps): bump botocore from 1.34.109 to 1.34.113 by @dependabot in #4103
• chore(deps): bump azure-mgmt-network from 25.3.0 to 25.4.0 by @dependabot in #4105

Full Changelog: 3.16.5...3.16.6