- apparmor
-
- Fix deny exec of rpc_witness; (bsc#1225811).
* add apparmor-rpcd-witness.patch
- Add some misc fixes for samba-4.21.x denies; (bsc#1259441).
* add samba-misc-rpcd-spoolss.patch
- aws-cli
-
- Add ac_tighten-file-permissions.patch to fix cli_history database
not restricting file permissions on Unix systems (bsc#1261007)
- Update to 1.44.17
* api-change:``bedrock``: This change will increase TestCase guardContent input size from 1024 to
2028 characters and PolicyBuildDocumentDescription from 2000 to 4000 characters
* api-change:``datazone``: Adds support for IAM role subscriptions to Glue table listings via
CreateSubscriptionRequest API. Also adds owningIamPrincipalArn filter to List APIs and
subscriptionGrantCreationMode parameter to subscription target APIs for controlling grant creation
behavior.
- from version 1.44.16
* api-change:``billing``: Cost Categories filtering support to BillingView data filter expressions
through the new costCategories parameter, enabling users to filter billing views by AWS Cost
Categories for more granular cost management and allocation.
* api-change:``iot-managed-integrations``: This release introduces WiFi Simple Setup (WSS) enabling
device provisioning via barcode scanning with automated network discovery, authentication, and
credential provisioning. Additionally, it introduces 2P Device Capability Rediscovery for updating
hub-managed device capabilities post-onboarding.
* api-change:``sagemaker``: Added ultraServerType to the UltraServerInfo structure to support
server type identification for SageMaker HyperPod
* enhancement:``s3``: Adds new parameter ``--case-conflict`` that configures how case conflicts are
handled on case-insensitive filesystems
- from version 1.44.15
* api-change:``bedrock-agentcore-control``: Adds optional field "view" to GetMemory API input to
give customers control over whether CMK encrypted data such as strategy decryption or override
prompts is returned or not.
* api-change:``cloudfront``: Added EntityLimitExceeded exception handling to the following API
operations AssociateDistributionWebACL, AssociateDistributionTenantWebACL,
UpdateDistributionWithStagingConfig
* api-change:``glue``: Adding MaterializedViews task run APIs
* api-change:``medialive``: MediaPackage v2 output groups in MediaLive can now accept one
additional destination for single pipeline channels and up to two additional destinations for
standard channels. MediaPackage v2 destinations now support sending to cross region MediaPackage
channels.
* api-change:``transcribe``: Adds waiters to Amazon Transcribe.
- from version 1.44.14
* api-change:``workspaces``: Add StateMessage and ProgressPercentage fields to
DescribeCustomWorkspaceImageImport API response.
- from version 1.44.13
* api-change:``ce``: This release updates existing reservation recommendations API to support
deployment model.
* api-change:``emr-serverless``: Added support for enabling disk encryption using customer managed
AWS KMS keys to CreateApplication, UpdateApplication and StartJobRun APIs.
- from version 1.44.12
* api-change:``cleanroomsml``: AWS Clean Rooms ML now supports advanced Spark configurations to
optimize SQL performance when creating an MLInputChannel or an audience generation job.
- from version 1.44.11
* bugfix:``s3``: Reverts addition of ``--case-conflict`` feature which caused a performance
regression when copying from S3 to large local directories
- from version 1.44.10
* api-change:``cleanrooms``: Added support for publishing detailed metrics to CloudWatch for
operational monitoring of collaborations, including query performance and resource utilization.
* api-change:``identitystore``: This change introduces "Roles" attribute for User entities
supported by AWS Identity Store SDK.
- from version 1.44.9
* api-change:``connect``: Adds support for searching global contacts using the ActiveRegions
filter, and pagination support for ListSecurityProfileFlowModules and ListEntitySecurityProfiles.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``kafkaconnect``: This change sets the KafkaConnect GovCloud FIPS and FIPS DualStack
endpoints to use kafkaconnect instead of kafkaconnect-fips as the service name. This is done to
match the Kafka endpoints.
- from version 1.44.8
* api-change:``connect``: Changes for Contact for Global Search
* api-change:``quicksight``: This release adds support for quick users to be able to perform role
upgrades on their own. Additionally it allows admins to make this feature admin or auto approval
along with new self upgrade capability that can be restricted by Admins.
- from version 1.44.7
* api-change:``medialive``: AWS Elemental MediaLive now supports Pipeline Locking using Video
Alignment as well as linked single pipeline channels to enable cross-channel and cross-region
Pipeline Locking workflows.
- from version 1.44.6
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``geo-places``: Adds support for InferredSecondaryAddress place type, Designator in
SecondaryAddressComponent and Heading in ReverseGeocode.
* api-change:``pinpoint-sms-voice-v2``: This release adds support for the Registration Reviewer
feature, which provides generative AI feedback on a phone number or sender ID registration to
ensure completeness before sending to downstream (carrier) review.
* api-change:``s3``: Add additional validation to Outpost bucket names.
* enhancement:``s3``: Adds new parameter ``--case-conflict`` that configures how case conflicts are
handled on case-insensitive filesystems
- from version 1.44.5
* api-change:``config``: Added supported resourceTypes for Config from July to November 2025
* api-change:``ec2``: Adds support for linkedGroupId on the CreatePlacementGroup and
DescribePlacementGroups APIs. The linkedGroupId parameter is reserved for future use.
* api-change:``guardduty``: Make accountIds a required field in GetRemainingFreeTrialDays API to
reflect service behavior.
* api-change:``pcs``: Change API Reference Documentation for default Mode in Accounting and
SlurmRest
- from version 1.44.4
* api-change:``arc-region-switch``: Automatic Plan Execution Reports allow customers to maintain a
concise record of their Region switch Plan executions. This enables customer SREs and leadership
to have a clear view of their recovery posture based on the generated reports for their Plan
executions.
* api-change:``connect``: Adding support for Custom Metrics and Pre-Defined Attributes to
GetCurrentMetricData API.
* api-change:``emr-serverless``: Added JobLevelCostAllocationConfiguration field to enable cost
allocation reporting at the job level, providing more granular visibility into EMR Serverless
charges
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``iot``: This release adds event-based logging feature that enables granular event
logging controls for AWS IoT logs.
* api-change:``qbusiness``: It is a internal bug fix for region expansion
* api-change:``wickr``: AWS Wickr now provides a suite of admin APIs to allow you to
programmatically manage secure communication for Wickr networks at scale. These APIs enable you to
automate administrative workflows including user lifecycle management, network configuration, and
security group administration.
* api-change:``workspaces-web``: Add support for WebAuthn under user settings.
- from version 1.44.3
* api-change:``appstream``: Added support for new operating systems (1) Ubuntu 24.04 Pro LTS on
Elastic fleets, and (2) Microsoft Server 2025 on Always-On and On-Demand fleets
* api-change:``arc-region-switch``: New API to list Route 53 health checks created by ARC region
switch for a plan in a specific AWS Region using the Region switch Regional data plane.
* api-change:``artifact``: Add support for ListReportVersions API for the calling AWS account.
* api-change:``bedrock-agentcore-control``: Feature to support header exchanges between Bedrock
AgentCore Gateway Targets and client, along with propagating query parameter to the configured
targets.
* api-change:``bedrock-data-automation``: Blueprint Optimization (BPO) is a new Amazon Bedrock Data
Automation (BDA) capability that improves blueprint inference accuracy using example content assets
and ground truth data. BPO works by generating better instructions for fields in the Blueprint
using provided data.
* api-change:``cleanrooms``: Adding support for collaboration change requests requiring an approval
workflow. Adding support for change requests that grant or revoke results receiver ability and
modifying auto approved change types in an existing collaboration.
* api-change:``ec2``: This release adds AvailabilityZoneId support for CreateFleet, ModifyFleet,
DescribeFleets, RequestSpotFleet, ModifySpotFleetRequests and DescribeSpotFleetRequests APIs.
* api-change:``ecr``: Adds support for ECR Create On Push
* api-change:``ecs``: Adding support for Event Windows via a new ECS account setting
"fargateEventWindows". When enabled, ECS Fargate will use the configured event window for patching
tasks. Introducing "CapacityOptionType" for CreateCapacityProvider API, allowing support for Spot
capacity for ECS Managed Instances.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``iot``: This release adds message batching for the IoT Rules Engine HTTP action.
* api-change:``opensearch``: Amazon OpenSearch Service adds support for warm nodes, enabling new
multi-tier architecture.
* api-change:``sesv2``: Amazon SES introduces Email Validation feature which checks email addresses
for syntax errors, domain validity, and risky addresses to help maintain deliverability and protect
sender reputation. SES also adds resource tagging and ABAC support for EmailTemplates and
CustomVerificationEmailTemplates.
* api-change:``ssm-sap``: Added "Stopping" for the HANA Database Status.
* enhancement:cloudtrail: Fixed performance issue in cloudtrail validate-logs command by scoping S3
digest file listing to the trail's region instead of processing digest files from all regions.
- from version 1.44.2
* api-change:``gameliftstreams``: Added new stream group operation parameters for scale-on-demand
capacity with automatic prewarming. Added new Gen6 stream classes based on the EC2 G6 instance
family. Added new StartStreamSession parameter for exposure of real-time performance stats to
clients.
* api-change:``guardduty``: Add support for dbiResourceId in finding.
* api-change:``inspector-scan``: Adds an additional OutputFormat
* api-change:``kafkaconnect``: Support dual-stack network connectivity for connectors via
NetworkType field.
* api-change:``mediaconvert``: Adds support for tile encoding in HEVC and audio for video overlays.
* api-change:``mediapackagev2``: This release adds support for SPEKE V2 content key encryption in
MediaPackage v2 Origin Endpoints.
* api-change:``payment-cryptography``: Support for AS2805 standard. Modifications to import-key
and export-key to support AS2805 variants.
* api-change:``payment-cryptography-data``: Support for AS2805 standard. New API
GenerateAs2805KekValidation and changes to translate pin, GenerateMac and VerifyMac to support
AS2805 key variants.
* api-change:``sagemaker``: Adding the newly launched p6-b300.48xlarge ec2 instance support in
Sagemaker(Hyperpod,Training and Sceptor)
- from version 1.44.1
* api-change:``iot``: Add support for dynamic payloads in IoT Device Management Commands
* api-change:``timestream-influxdb``: This release adds support for rebooting InfluxDB DbInstances
and DbClusters
- from version 1.44.0
* api-change:``bedrock-agentcore-control``: This release updates broken links for AgentCore Policy
APIs in the AWS CLI and SDK resources.
* api-change:``connect``: Amazon Connect now supports outbound WhatsApp contacts via the Send
message block or StartOutboundChatContact API. Send proactive messages for surveys, reminders, and
updates. Offer customers the option to switch to WhatsApp while in queue, eliminating hold time.
* api-change:``ec2``: EC2 Capacity Manager now supports SpotTotalCount, SpotTotalInterruptions and
SpotInterruptionRate metrics for both vCPU and instance units.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``entityresolution``: Support Customer Profiles Integration for AWS Entity Resolution
* api-change:``glacier``: Documentation updates for Amazon Glacier's maintenance mode
* api-change:``health``: Updating Health API endpoint generation for dualstack only regions
* api-change:``logs``: This release allows you to import your historical CloudTrail Lake data into
CloudWatch with a few steps, enabling you to easily consolidate operational, security, and
compliance data in one place.
* api-change:``mediatailor``: Added support for Ad Decision Server Configuration enabling HTTP POST
requests with custom bodies, headers, GZIP compression, and dynamic variables. No changes required
for existing GET request configurations.
* api-change:``route53resolver``: Adds support for enabling detailed metrics on Route 53 Resolver
endpoints using RniEnhancedMetricsEnabled and TargetNameServerMetricsEnabled in the
CreateResolverEndpoint and UpdateResolverEndpoint APIs, providing enhanced visibility into Resolver
endpoint and target name server performance.
* api-change:``s3``: This release adds support for the new optional field 'LifecycleExpirationDate'
in S3 Inventory configurations.
* api-change:``service-quotas``: Add support for SQ Dashboard Api
* feature:Migration: Implement a ``--v2-debug`` flag and ``AWS_CLI_UPGRADE_DEBUG_MODE`` environment
variable that detects breaking changes for AWS CLI v2 for entered commands.
- from version 1.43.15
* api-change:``bcm-recommended-actions``: Added new freetier action types to RecommendedAction.type.
* api-change:``connect``: Amazon Connect now offers automated post-chat surveys triggered when
customers end conversations. This captures timely feedback while experience is fresh, using either
a no-code form builder or Amazon Lex-powered interactive surveys.
* api-change:``datasync``: Adds Enhanced mode support for NFS and SMB locations. SMB credentials
are now managed via Secrets Manager, and may be encrypted with service or customer managed keys.
Increases AgentArns maximum count to 8 (max 4 per TaskMode). Adds folder counters to
DescribeTaskExecution for Enhanced mode tasks.
* api-change:``workspaces-web``: Adds support for portal branding customization, enabling
administrators to personalize end-user portals with custom assets.
- from version 1.43.14
* api-change:``lambda``: Add Dotnet 10 (dotnet10) support to AWS Lambda.
* api-change:``organizations``: Add support for policy operations on the NETWORK SECURITY DIRECTOR
POLICY policy type.
* api-change:``quicksight``: This release adds new GetIdentityContext API, Dashboard customization
options for tables and pivot tables, Visual styling options- borders and decals, map
GeocodingPreferences, KeyPairCredentials for DataSourceCredentials. Snapshot APIs now support
registered users. Parameters limit increased to 400
* api-change:``secretsmanager``: Add SortBy parameter to ListSecrets
* api-change:``sesv2``: Update GetEmailIdentity and CreateEmailIdentity response to include
SigningHostedZone in DkimAttributes. Updated PutEmailIdentityDkimSigningAttributes Response to
include SigningHostedZone.
- from version 1.43.13
* api-change:``bedrock``: Automated Reasoning checks in Amazon Bedrock Guardrails is capable of
generating policy scenarios to validate policies. The
GetAutomatedReasoningPolicyBuildWorkflowResultAssets API now adds POLICY SCENARIO asset type,
allowing customers to retrieve scenarios generated by the build workflow.
* api-change:``billingconductor``: Launch itemized custom line item and service line item filter
* api-change:``cloudwatch``: This release introduces two additional protocols AWS JSON 1.1 and
Smithy RPC v2 CBOR, replacing the currently utilized one, AWSQuery. AWS SDKs will prioritize the
protocol that is the most performant for each language.
* api-change:``odb``: The following APIs now return CloudExadataInfrastructureArn and OdbNetworkArn
fields for improved resource identification and AWS service integration - GetCloudVmCluster,
ListCloudVmClusters, GetCloudAutonomousVmCluster, and ListCloudAutonomousVmClusters.
* api-change:``opensearch``: The CreateApplication API now supports an optional kms key arn
parameter to allow customers to specify a CMK for application encryption.
* api-change:``partnercentral-selling``: Adds support for the new Project.AwsPartition field on
Opportunity and AWS Opportunity Summary. Use this field to specify the AWS partition where the
opportunity will be deployed.
* api-change:``signer``: Adds support for Signer GetRevocationStatus with updated endpoints
- Refresh ac_relax-depends.patch
- Update Requires from setup.py
- Update to 1.43.12
* api-change:``account``: This release adds a new API (GetGovCloudAccountInformation) used to
retrieve information about a linked GovCloud account from the standard AWS partition.
* api-change:``appsync``: Update Event API to require EventConfig parameter in creation and update
requests.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``guardduty``: Adding support for Ec2LaunchTemplate Version field
* api-change:``ivs-realtime``: Token Exchange introduces seamless token exchange capabilities for
IVS RTX, enabling customers to upgrade or downgrade token capabilities and update token attributes
within the IVS client SDK without forcing clients to disconnect and reconnect.
* api-change:``mgn``: Added parameters encryption, IPv4/IPv6 protocol configuration, and enhanced
tagging support for replication operations.
* api-change:``route53``: Amazon Route 53 now supports the EU (Germany) Region (eusc-de-east-1) for
latency records, geoproximity records, and private DNS for Amazon VPCs in that region
- from version 1.43.11
* api-change:``ce``: Add support for Cost Category resource associations including filtering by
resource type on ListCostCategoryDefinitions and new ListCostCategoryResourceAssociations API.
* api-change:``ec2``: Amazon EC2 P6-B300 instances provide 8x NVIDIA Blackwell Ultra GPUs with 2.1
TB high bandwidth GPU memory, 6.4 Tbps EFA networking, 300 Gbps dedicated ENA throughput, and 4 TB
of system memory. Amazon EC2 C8a instances are powered by 5th Gen AMD EPYC processors with a
maximum frequency of 4.5 GHz.
* api-change:``identitystore``: Updating AWS Identity Store APIs to support Attribute Extensions
capability, with the first release adding Enterprise Attributes. This launch aligns Identity Store
APIs with SCIM for enterprise attributes, reducing cases when customers are forced to use SCIM due
to lack of SigV4 API support.
* api-change:``partnercentral-selling``: Deal Sizing Service for AI-based deal size estimation with
AWS service-level breakdown, supporting Expansion and Migration deals across Technology, and
Reseller partner cohorts, including Pricing Calculator AddOn for MAP deals and funding incentives.
* api-change:``rds``: Adding support for tagging RDS Instance/Cluster Automated Backups
* api-change:``redshift-serverless``: Added GetIdentityCenterAuthToken API to retrieve encrypted
authentication tokens for Identity Center integrated serverless workgroups. This API enables
programmatic access to secure Identity Center tokens with proper error handling and parameter
validation across supported SDK languages.
* api-change:``rolesanywhere``: Increases certificate string length for trust anchor source data to
support ML-DSA certificates.
* api-change:``sesv2``: Update Mail Manager Archive ARN validation
- from version 1.43.10
* api-change:``ecs``: Updating stop-task API to encapsulate containers with custom stop signal
* api-change:``iam``: Adding the ExpirationTime attribute to the delegation request resource.
* api-change:``inspector2``: This release adds a new ScanStatus called "Unsupported Code
Artifacts". This ScanStatus will be returned when a Lambda function was not code scanned because it
has unsupported code artifacts.
* api-change:``partnercentral-account``: Adding Verification API's to Partner Central Account SDK.
* api-change:``sesv2``: Updating the desired url for `PutEmailIdentityDkimSigningAttributes` from
v1 to v2
- from version 1.43.9
* api-change:``lambda``: Add DisallowedByVpcEncryptionControl to the LastUpdateStatusReasonCode and
StateReasonCode enums to represent failures caused by VPC Encryption Controls.
- from version 1.43.8
* api-change:``bedrock``: Adding support in Amazon Bedrock to customize models with reinforcement
fine-tuning (RFT) and support for updating the existing Custom Model Deployments.
* api-change:``sagemaker``: Introduces Serverless training: A fully managed compute infrastructure
that abstracts away all infrastructure complexity, allowing you to focus purely on model
development.
Added AI model customization assets used to train, refine, and evaluate custom models during the
model customization process.
- from version 1.43.7
* api-change:``bedrock``: Adds the audioDataDeliveryEnabled boolean field to the Model Invocation
Logging Configuration.
* api-change:``bedrock-agentcore``: Support for AgentCore Evaluations and Episodic memory strategy
for AgentCore Memory.
* api-change:``bedrock-agentcore-control``: Supports AgentCore Evaluations, Policy, Episodic Memory
Strategy, Resource Based Policy for Runtime and Gateway APIs, API Gateway Rest API Targets and
enhances JWT authorizer.
* api-change:``bedrock-runtime``: Adds support for Audio Blocks and Streaming Image Output plus new
Stop Reasons of malformed_model_output and malformed_tool_use.
* api-change:``ce``: This release updates existing Savings Plans Purchase Analyzer and
Recommendations APIs to support Database Savings Plans.
* api-change:``datazone``: Amazon DataZone now supports exporting Catalog datasets as Amazon S3
tables, and provides automatic business glossary term suggestions for data assets.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``fsx``: S3 Access Points support for FSx for NetApp ONTAP
* api-change:``guardduty``: Adding support for extended threat detection for Amazon EC2 and Amazon
ECS. Adding support for wild card suppression rules.
* api-change:``lambda``: Launching Lambda durable functions - a new feature to build reliable
multi-step applications and AI workflows natively within the Lambda developer experience.
* api-change:``logs``: CloudWatch Logs adds managed S3 Tables integration to access logs using
other analytical tools, as well as facets and field indexing to simplify log analytics in
CloudWatch Logs Insights.
* api-change:``nova-act``: Initial release of Nova Act SDK. The Nova Act service enables customers
to build and manage fleets of agents for automating production UI workflows with high reliability,
fastest time-to-value, and ease of implementation at scale.
* api-change:``observabilityadmin``: CloudWatch Observability Admin adds pipelines configuration
for third party log ingestion and transformation of all logs ingested, integration of CloudWatch
logs with S3 Tables, and AWS account or organization level enablement for 7 AWS services.
* api-change:``opensearch``: GPU-acceleration helps you build large-scale vector databases faster
and more efficiently. You can enable this feature on new OpenSearch domains and OpenSearch
Serverless collections. This feature uses GPU-acceleration to reduce the time needed to index data
into vector indexes.
* api-change:``opensearchserverless``: GPU-acceleration helps you build large-scale vector
databases faster and more efficiently. You can enable this feature on new OpenSearch domains and
OpenSearch Serverless collections. This feature uses GPU-acceleration to reduce the time needed to
index data into vector indexes.
* api-change:``rds``: RDS Oracle and SQL Server: Add support for adding, modifying, and removing
additional storage volumes, offering up to 256TiB storage; RDS SQL Server: Support Developer
Edition via custom engine versions for development and testing purposes; M7i/R7i instances with
Optimize CPU for cost savings.
* api-change:``s3``: New S3 Storage Class FSX_ONTAP
* api-change:``s3control``: Add support for S3 Storage Lens Advanced Performance Metrics, Expanded
Prefixes metrics report, and export to S3 Tables.
* api-change:``s3tables``: Add storage class, replication, and table record expiration features to
S3 Tables.
* api-change:``s3vectors``: Amazon S3 Vectors provides cost-effective, elastic, and durable vector
storage for queries based on semantic meaning and similarity.
* api-change:``sagemaker``: Added support for serverless MLflow Apps.
Added support for new HubContentTypes (DataSet and JsonDoc) in Private Hub for AI model
customization assets, enabling tracking and management of training datasets and evaluators (reward
functions/prompts) throughout the ML lifecycle.
* api-change:``savingsplans``: Added support for Amazon Database Savings Plans
* api-change:``securityhub``: ITSM enhancements: DRYRUN mode for testing ticket creation,
ServiceNow now uses AWS Secrets Manager for credentials, ConnectorRegistrationsV2 renamed to
RegisterConnectorV2, added ServiceQuotaExceededException error, and ConnectorStatus visibility in
CreateConnectorV2.
- from version 1.43.6
* api-change:``appintegrations``: This release adds support for MCP servers via the ApplicationType
field, allowing customers to register their Bedrock AgentCore gateways as third party applications.
* api-change:``bedrock-agent``: Support audio and video ingestion on Bedrock Knowledge Bases.
* api-change:``bedrock-agent-runtime``: Support audio and video content retrieval on Bedrock
Knowledge Bases.
* api-change:``cleanrooms``: AWS Clean Rooms now supports privacy-enhancing synthetic dataset
generation for custom ML training.
* api-change:``cleanroomsml``: AWS Clean Rooms ML now supports privacy-enhancing synthetic dataset
generation for custom ML training.
* api-change:``connect``: This is a combined re:Invent release for Amazon Connect.
* api-change:``connectcampaignsv2``: This release added support for new WhatsApp channel and
Journey type outbound campaign
* api-change:``connectparticipant``: Amazon Connect now supports message processing that intercepts
and processes chat messages before they reach any participant.
* api-change:``customer-profiles``: This release introduces, CRUD APIs for the DomainObjectType and
Recommender resources, APIs to offer statistical insights on Object Type Attributes, Changes to
SegmentDefinition APIs to support SQL queries to create Segments, and Changes to Domain APIs to
support Data Store.
* api-change:``eks``: This release adds support for EKS Capabilities
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``glue``: feature: Glue: Add support for Iceberg materialized view in Glue Data
Catalog, including updated CreateTable API to support materialized views and new APIs for managing
data refresh for materialized views.
feature: Glue: Add support for Iceberg table encryption keys and struct field defaults.
* api-change:``lambda``: Launching Lambda Managed Instances - a new feature to run Lambda on EC2.
* api-change:``lexv2-models``: Adds support for speech-to-speech models for human-like, adaptive,
and expressive voice interactions. Also adds support for speech model preference, allowing
customers to select which speech model they want to use for speech-to-text requests.
* api-change:``marketplace-agreement``: This release supports 1/multi-product transactions via
offer sets. DescribeAgreement and SearchAgreements APIs now return offer set IDs. SearchAgreements
also supports filtering by offer set ID and 2/variable payment pricing terms will be returned
through GetAgreementTerms.
* api-change:``marketplace-catalog``: This release introduces offer set entity in AWS Marketplace
Catalog API to enable multi-product transaction. Offer set enables sellers to group multiple
private offers into a single-click purchase experience, simplifying procurement for customers
purchasing multi-product solutions.
* api-change:``partnercentral-account``: Initial GA launch of Partner Central Account
* api-change:``partnercentral-benefits``: Initial GA launch of Partner Central Benefits
* api-change:``partnercentral-selling``: New Features:
Lead Management APIs for capturing and nurturing leads
Lead invitation support for partner collaboration
Lead-to-opportunity conversion operations
AWS Marketplace OfferSets support for opportunities
* api-change:``personalize``: This release adds support for includedDatasetColumns and
performIncrementalUpdate in solution APIs, and rankingInfluence in campaign and batch inference
APIs.
* api-change:``qconnect``: New AIAgent types: Orchestration for ModelContextProtocol tool
integration, CaseSummary for Amazon Connect Case summaries, NoteTaker for Agent Assistance notes.
Added ListSpans and Retrieve APIs. Enhanced Q in Connect AssistantAssociationType to support Bring
Your Own Bedrock Knowledge Bases.
* api-change:``route53globalresolver``: Add SDK for Amazon Route 53 Global Resolver, a fully
managed DNS resolver service that offers broad DNS-filtering security controls.
- from version 1.43.5
* api-change:``bedrock-runtime``: Bedrock Runtime Reserved Service Support
* api-change:``compute-optimizer``: Compute Optimizer now identifies idle NAT Gateway resources for
cost optimization based on traffic patterns and backup configuration analysis. Access
recommendations via the GetIdleRecommendations API.
* api-change:``cost-optimization-hub``: This release enables AWS Cost Optimization Hub to show cost
optimization recommendations for NAT Gateway.
- from version 1.43.4
* api-change:``ec2``: This release adds support to view Network firewall proxy appliances attached
to an existing NAT Gateway via DescribeNatGateways API NatGatewayAttachedAppliance structure.
* api-change:``network-firewall``: Network Firewall release of the Proxy feature.
* api-change:``organizations``: Add support for policy operations on the S3_POLICY and
BEDROCK_POLICY policy type.
* api-change:``route53``: Adds support for new route53 feature: accelerated recovery.
- Refresh ac_relax-depends.patch
- Update Requires from setup.py
- Update to 1.43.3
* api-change:``cloudfront``: Add TrustStore, ConnectionFunction APIs to CloudFront SDK
* api-change:``logs``: New CloudWatch Logs feature - LogGroup Deletion Protection, a capability
that allows customers to safeguard their critical CloudWatch log groups from accidental or
unintended deletion.
- from version 1.43.2
* api-change:``apigateway``: API Gateway supports VPC link V2 for REST APIs.
* api-change:``athena``: Introduces Spark workgroup features including log persistence,
S3/CloudWatch delivery, UI and History Server APIs, and SparkConnect 3.5.6 support. Adds DPU usage
limits at workgroup and query levels as well as DPU usage tracking for Capacity Reservation queries
to optimize performance and costs.
* api-change:``bedrock``: Add support to automatically enforce safeguards across accounts within an
AWS Organization.
* api-change:``bedrock-agentcore-control``: Support for agentcore gateway interceptor
configurations and NONE authorizer type
* api-change:``bedrock-data-automation-runtime``: Adding new fields to GetDataAutomationStatus:
jobSubmissionTime, jobCompletionTime, and jobDurationInSeconds
* api-change:``bedrock-runtime``: Add support to automatically enforce safeguards across accounts
within an AWS Organization.
* api-change:``cloudformation``: Adds the DependsOn field to the AutoDeployment configuration
parameter for CreateStackSet, UpdateStackSet, and DescribeStackSet APIs, allowing users to set and
read auto-deployment dependencies between StackSets
* api-change:``compute-optimizer-automation``: Initial release of AWS Compute Optimizer Automation.
Create automation rules to implement recommended actions on a recurring schedule based on your
specified criteria. Supported actions include: snapshot and delete unattached EBS volumes and
upgrade volume types to the latest generation.
* api-change:``connect``: New APIs to support aliases and versions for ContactFlowModule. Updated
ContactFlowModule APIs to support custom blocks.
* api-change:``controltower``: The manifest field is now optional for the AWS Control Tower
CreateLandingZone and UpdateLandingZone APIs for Landing Zone version 4.0
* api-change:``ec2``: This release adds a new capability to create and manage interruptible EC2
Capacity Reservations.
* api-change:``ecr``: Add support for ECR managed signing
* api-change:``eks``: Adds support for controlPlaneScalingConfig on EKS Clusters.
* api-change:``elbv2``: This release adds the health check log feature in ALB, allowing customers
to send detailed target health check log data directly to their designated Amazon S3 bucket.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``invoicing``: Added the CreateProcurementPortalPreference,
GetProcurementPortalPreference, PutProcurementPortalPreference,
UpdateProcurementPortalPreferenceStatus, ListProcurementPortalPreferences and
DeleteProcurementPortalPreference APIs for procurement portal preference management.
* api-change:``kinesisvideo``: This release adds support for Tiered Storage
* api-change:``kms``: Support for on-demand rotation of AWS KMS Multi-Region keys with imported key
material
* api-change:``lambda``: Launching Enhanced Error Handling and ESM Grouping capabilities for Kafka
ESMs
* api-change:``lexv2-models``: Adds support for Intent Disambiguation, allowing resolution of
ambiguous user inputs when multiple intents match by presenting clarifying questions to users. Also
adds Speech Detection Sensitivity configuration for optimizing voice activity detection sensitivity
levels in various noise environments.
* api-change:``mailmanager``: Add support for resources in the aws-eusc partition.
* api-change:``marketplace-entitlement``: Endpoint update for new region
* api-change:``mediapackagev2``: Adds support for excluding session key tags from HLS multivariant
playlists
* api-change:``meteringmarketplace``: Endpoint update for new region
* api-change:``odb``: Adds AssociateIamRoleToResource and DisassociateIamRoleFromResource APIs for
managing IAM roles. Enhances CreateOdbNetwork and UpdateOdbNetwork APIs with KMS, STS, and
cross-region S3 parameters. Adds OCI identity domain support to InitializeService API.
* api-change:``organizations``: Add support for policy operations on the UPGRADE_ROLLOUT_POLICY
policy type.
* api-change:``qconnect``: This release introduces two new messaging channel subtypes: Push,
WhatsApp, under MessageTemplate which is a resource in Amazon Q in Connect.
* api-change:``quicksight``: Amazon Quick Suite now supports QuickChat as an embedding type when
calling the GenerateEmbedUrlForRegisteredUser API, enabling developers to embed conversational AI
agents directly into their applications.
* api-change:``rds``: Add support for Upgrade Rollout Order
* api-change:``redshift``: Added support for Amazon Redshift Federated Permissions and AWS IAM
Identity Center trusted identity propagation.
* api-change:``redshift-serverless``: Added UpdateLakehouseConfiguration API to manage Amazon
Redshift Federated Permissions and AWS IAM Identity Center trusted identity propagation for
namespaces.
* api-change:``sagemaker``: Enhanced SageMaker HyperPod instance groups with support for
MinInstanceCount, CapacityRequirements (Spot/On-Demand), and KubernetesConfig (labels and taints).
Also Added speculative decoding and MaxInstanceCount for model optimization jobs.
* api-change:``security-ir``: Add ListInvestigations and SendFeedback APIs to support SecurityIR AI
agents
* api-change:``sesv2``: Added support for new SES regions - Asia Pacific (Malaysia) and Canada
(Calgary)
* api-change:``transfer``: Adds support for creating Webapps accessible from a VPC.
- from version 1.43.1
* api-change:``application-signals``: Amazon CloudWatch Application Signals now supports
un-instrumented services discovery, cross-account views, and change history, helping SRE and DevOps
teams monitor and troubleshoot their large-scale distributed applications.
* api-change:``autoscaling``: This release adds support for three new features: 1) Image ID
overrides in mixed instances policy, 2) Replace Root Volume - a new strategy for Instance Refresh,
and 3) Instance Lifecycle Policy for enhanced instance lifecycle management.
* api-change:``bedrock-agentcore``: Bedrock AgentCore Memory release for redriving memory
extraction jobs (StartMemoryExtractionJob and ListMemoryExtractionJob)
* api-change:``bedrock-data-automation``: Added support for Synchronous project type and PII
Detection and Redaction
* api-change:``bedrock-data-automation-runtime``: Bedrock Data Automation Runtime Sync API
* api-change:``braket``: Add support for Braket spending limits.
* api-change:``budgets``: Add BillingViewHealthStatusException to DescribeBudgetPerformanceHistory
and ServiceQuotaExceededException to UpdateBudget for improved error handling with Billing Views.
* api-change:``cloudfront``: This release adds support for bring your own IP (BYOIP) to
CloudFront's CreateAnycastIpList API through an optional IpamCidrConfigs field.
* api-change:``cloudtrail``: AWS launches CloudTrail aggregated events to simplify monitoring of
data events at scale. This feature delivers both granular and summarized data events for resources
like S3/Lambda, helping security teams identify patterns without custom aggregation logic.
* api-change:``connect``: Add optional ability to exclude users from send notification actions for
Contact Lens Rules.
* api-change:``datasync``: The partition value "aws-eusc" is now permitted for ARN (Amazon Resource
Name) fields.
* api-change:``devicefarm``: Add support for environment variables and an IAM execution role.
* api-change:``dms``: Added support for customer-managed KMS key (CMK) for encryption for import
private key certificate. Additionally added Amazon SageMaker Lakehouse endpoint used for zero-ETL
integrations with data warehouses.
* api-change:``dsql``: Added clusterVpcEndpoint field to GetVpcEndpointServiceName API response,
returning the VPC connection endpoint for the cluster
* api-change:``ec2``: This release adds support for multiple features including: VPC Encryption
Control for the status of traffic flow; S2S VPN BGP Logging; TGW Flexible Costs; IPAM allocation of
static IPs from IPAM pools to CF Anycast IP lists used on CloudFront distribution; and EBS Volume
Integration with Recycle Bin
* api-change:``ecs``: Launching Amazon ECS Express Mode - a new feature that enables developers to
quickly launch highly available, scalable containerized applications with a single command.
* api-change:``elbv2``: This release adds the target optimizer feature in ALB, enabling strict
concurrency enforcement on targets.
* api-change:``emr``: Add support for configuring S3 destination for step logs on a per-step basis.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``glue``: Added FunctionType parameter to Glue GetuserDefinedFunctions.
* api-change:``imagebuilder``: EC2 Image Builder now enables the distribution of existing AMIs,
retry distribution, and define distribution workflows. It also supports automatic versioning for
recipes and components, allowing automatic version increments and dynamic referencing in pipelines.
* api-change:``kinesis``: Kinesis Data Streams now supports up to 50 Enhance Fan-out consumers for
On-demand Advantage Streams. On-demand Standard and Provisioned streams will continue with the
existing limit of 20 consumers for Enhanced Fan-out.
* api-change:``lakeformation``: Added ServiceIntegrations as a request parameter for
CreateLakeFormationIdentityCenterConfigurationRequest and
UpdateLakeFormationIdentityCenterConfigurationRequest and response parameter for
DescribeLakeFormationIdentityCenterConfigurationResponse
* api-change:``license-manager``: Added cross-account resource aggregation via license asset groups
and expiry tracking for Self-Managed Licenses. Extended Org-Wide View to Self-Managed Licenses,
added reporting for license asset groups, and removed Athena/Glue dependencies for cross-account
resource discovery in commercial regions.
* api-change:``networkmanager``: This release adds support for Cloud WAN Routing Policy providing
customers sophisticated routing controls to better manage their global networks
* api-change:``organizations``: Added new APIs for Billing Transfer, new policy type
INSPECTOR_POLICY, and allow an account to transfer between organizations
* api-change:``quicksight``: Introducing comprehensive theme styling controls. New features include
border customization (radius, width, color), flexible padding controls, background styling for
cards and sheets, centralized typography management, and visual-level override support across
layouts.
* api-change:``rbin``: Add support for EBS volume in Recycle Bin
* api-change:``rds``: Add support for VPC Encryption Controls.
* api-change:``redshift-data``: Increasing the length limit of Statement Name from 500 to 2048.
* api-change:``s3``: Enable / Disable ABAC on a general purpose bucket.
* api-change:``sagemaker``: Added training plan support for inference endpoints. Added HyperPod
task governance with accelerator partition-based quota allocation. Added BatchRebootClusterNodes
and BatchReplaceClusterNodes APIs. Updated ListClusterNodes to include privateDnsHostName.
* api-change:``securityhub``: Release Findings and Resources Trends APIs- GetFindingsTrendsV2 and
GetResourcesTrendsV2. This supports time-series aggregated counts with composite filtering for
1-year of historical data analysis of Findings and Resources.
- from version 1.43.0
* api-change:``apigateway``: API Gateway now supports response streaming and new security policies
for REST APIs and custom domain names.
* api-change:``apigatewayv2``: Support for API Gateway portals and portal products.
* api-change:``backup``: Amazon GuardDuty Malware Protection now supports AWS Backup, extending
malware detection capabilities to EC2, EBS, and S3 backups.
* api-change:``bcm-pricing-calculator``: Add GroupSharingPreference,
CostCategoryGroupSharingPreferenceArn, and CostCategoryGroupSharingPreferenceEffectiveDate to Bill
Estimate. Add GroupSharingPreference and CostCategoryGroupSharingPreferenceArn to Bill Scenario.
* api-change:``bedrock-runtime``: This release includes support for Search Results.
* api-change:``billing``: Added name filtering support to ListBillingViews API through the new
names parameter to efficiently filter billing views by name.
* api-change:``billingconductor``: This release adds support for Billing Transfers, enabling
management of billing transfers with billing groups on AWS Billing Conductor.
* api-change:``ce``: Add support for COST_CATEGORY, TAG, and LINKED_ACCOUNT AWS managed cost
anomaly detection monitors
* api-change:``cloudtrail``: AWS CloudTrail now supports Insights for data events, expanding beyond
management events to automatically detect unusual activity on data plane operations.
* api-change:``connectcampaignsv2``: This release added support for ring timer configuration for
campaign calls.
* api-change:``cost-optimization-hub``: Release ListEfficiencyMetrics API
* api-change:``datazone``: Amazon DataZone now supports business metadata (readme and metadata
forms) at the individual attribute (column) level, a new rule type for glossary terms, and the
ability to update the owner of the root domain unit.
* api-change:``dynamodb``: Extended Global Secondary Index (GSI) composite keys to support up to 8
attributes.
* api-change:``ec2``: This launch adds support for two new features: Regional NAT Gateway and IPAM
Policies. IPAM policies offers customers central control for public IPv4 assignments across AWS
services. Regional NAT is a single NAT Gateway that automatically expands across AZs in a VPC to
maintain high availability.
* api-change:``ecr``: Add support for ECR archival storage class and Inspector org policy for
scanning
* api-change:``ecs``: Added support for Amazon ECS Managed Instances infrastructure optimization
configuration.
* api-change:``emr``: Add CloudWatch Logs integration for Spark driver, executor and step logs
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``fsx``: Adding File Server Resource Manager configuration to FSx Windows
* api-change:``guardduty``: Add support for scanning and viewing scan results for backup resource
types
* api-change:``health``: Adds actionability and personas properties to Health events exposed
through DescribeEvents, DescribeEventsForOrganization, DescribeEventDetails, and DescribeEventTypes
APIs. Adds filtering by actionabilities and personas in EventFilter, OrganizationEventFilter,
EventTypeFilter.
* api-change:``iam``: Added the EnableOutboundWebIdentityFederation,
DisableOutboundWebIdentityFederation and GetOutboundWebIdentityFederationInfo APIs for the IAM
outbound federation feature.
* api-change:``inspector2``: This release introduces BLOCKED_BY_ORGANIZATION_POLICY error code and
IMAGE_ARCHIVED scanStatusReason. BLOCKED_BY_ORGANIZATION_POLICY error code is returned when an
operation is blocked by an AWS Organizations policy. IMAGE_ARCHIVED scanStatusReason is returned
when an Image is archived in ECR.
* api-change:``invoicing``: Add support for adding Billing transfers in Invoice configuration
* api-change:``lambda``: Added support for creating and invoking Tenant Isolated functions in AWS
Lambda APIs.
* api-change:``logs``: Adding support for ocsf version 1.5, add optional parameter MappingVersion
* api-change:``mediaconnect``: This release adds support for global routing in AWS Elemental
MediaConnect. You can now use router inputs and router outputs to manage global video and audio
routing workflows both within the AWS-Cloud and over the public internet.
* api-change:``medialive``: MediaLive is adding support for MediaConnect Router by supporting a new
input type called MEDIACONNECT_ROUTER. This new input type will provide seamless encrypted
transport between MediaConnect Router and your MediaLive channel.
* api-change:``network-firewall``: Partner Managed Rulegroup feature support
* api-change:``networkflowmonitor``: Added new enum value (AWS::EKS::Cluster) for type field under
MonitorLocalResource
* api-change:``partnercentral-channel``: Initial GA launch of Partner Central Channel
* api-change:``route53``: Add dual-stack endpoint support for Route53
* api-change:``rum``: CloudWatch RUM now supports mobile application monitoring for Android and iOS
platforms
* api-change:``s3``: Adds support for blocking SSE-C writes to general purpose buckets.
* api-change:``sagemaker``: Added support for enhanced metrics for SageMaker AI Endpoints. This
features provides Utilization Metrics at instance and container granularity and also provides easy
configuration of metric publish frequency from 10 sec -> 5 mins
* api-change:``secretsmanager``: Adds support to create, update, retrieve, rotate, and delete
managed external secrets.
* api-change:``signin``: AWS Sign-In manages authentication for AWS services. This service provides
secure authentication flows for accessing AWS resources from the console and developer tools. This
release adds the CreateOAuth2Token API, which can be used to fetch OAuth2 access tokens and refresh
tokens from Sign-In.
* api-change:``stepfunctions``: Adds support to TestState for mocked results and exceptions, along
with additional inspection data.
* api-change:``sts``: IAM now supports outbound identity federation via the STS GetWebIdentityToken
API, enabling AWS workloads to securely authenticate with external services using short-lived JSON
Web Tokens.
* feature:credentials: Adds support for the login credential provider, allowing users to use AWS
Management Console credentials for authentication.
- from version 1.42.76
* api-change:``autoscaling``: This release adds the new LaunchInstances API, which can launch
instances synchronously in an AutoScaling group. The API also returns instances info and launch
error back immediately.
* api-change:``backup``: AWS Backup now supports a low-cost warm storage tier for Amazon S3 backup
data.
* api-change:``bedrock-runtime``: Amazon Bedrock Runtime Service Tier Support Launch
* api-change:``cloudformation``: New CloudFormation DescribeEvents API with operation ID tracking
and failure filtering capabilities to quickly identify root causes of deployment failures. Also, a
DeploymentMode parameter for the CreateChangeSet API that enables creation of drift-aware change
sets for safe drift management.
* api-change:``connect``: This release added support for ring timer configuration for campaign
calls.
* api-change:``ec2``: AWS Site-to-Site VPN now supports VPN Concentrator, a new feature that
enables customers to connect multiple low-bandwidth sites connections through a single attachment,
simplifying multi-site connectivity for distributed enterprises.
* api-change:``iam``: Added the AssociateDelegationRequest, GetDelegationRequest,
AcceptDelegationRequest, RejectDelegatonRequest, ListDelegationRequests, UpdateDelegationRequest,
SendDelegationToken and GetHumanReadableSummary APIs for the IAM temporary delegation feature.
* api-change:``kafka``: Amazon MSK adds three new APIs, ListTopics, DescribeTopic, and
DescribeTopicPartitions for viewing Kafka topics in your MSK clusters.
* api-change:``logs``: CloudWatch Logs updates: Added capability to setup a recurring schedule for
log insights queries. Logs introduced Scheduled Queries (managed through
Create/Update/Get/Delete/List/History Scheduled Query APIs). For more information, see CloudWatch
Logs API documentation.
* api-change:``resourcegroupstaggingapi``: Add support for new ListRequiredTags API used to
retrieve the required tags specified in a customer's effective tag policy.
* api-change:``storagegateway``: Adds support for European Sovereign Cloud ARNs in Storage Gateway
API parameters.
* api-change:``wafv2``: AssociateWebACL, UpdateWebACL and PutLoggingConfiguration will now throw
WAFFeatureNotIncludedInPricingPlanException when the request contains a feature that is not
included in the CloudFront pricing plan of the WebACL.
- from version 1.42.75
* api-change:``appstream``: Adding support for additional instances and extended storage
* api-change:``backup``: AWS Backup now supports specifying a logically air-gapped backup vault as
a primary backup target in backup plans and on-demand backup jobs.
* api-change:``bedrock``: Automated Reasoning checks in Amazon Bedrock Guardrails now automatically
generate Q&A tests for new Automated Reasoning policies. The
GetAutomatedReasoningPolicyBuildWorkflowResultAssets API adds GENERATED_TEST_CASES asset type,
allowing customers to retrieve tests generated by the build workflow.
* api-change:``devicefarm``: This release adds support for interacting with devices during a remote
access session using the remoteDriverEndpoint interface
* api-change:``dms``: This release introduces the SAP ASE(Sybase) Data Provider for AWS Data
Migration Service (DMS). In addition, DMS Schema Conversion now supports this provider, enabling
customers to migrate SAP ASE(Sybase) databases to Amazon RDS for PostgreSQL or Aurora PostgreSQL
seamlessly.
* api-change:``ec2``: This release introduces new APIs: DescribeInstanceSqlHaStates,
DescribeInstanceSqlHaHistoryStates, EnableInstanceSqlHaStandbyDetections and
DisableInstanceSqlHaStandbyDetections on Amazon EC2, allowing customers to enroll and monitor SQL
Server licensing fee savings for their SQL HA EC2 instances.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``glue``: Amazon Glue Releasing 2 the new API ListIntegrationResourceProperties and
DeleteIntegrationResourceProperty along with minor improvement on existing API(s).
* api-change:``guardduty``: Add S3 On-Demand Object Scanning
* api-change:``lexv2-models``: Adds support for LLM as Primary, allowing usage of LLMs as the
default NLU system.
* api-change:``medialive``: Adds configurations for spatial/temporal adaptive quantization in AV1
codec, and conversion to HLG output color space in H265 codec.
* api-change:``mediapackagev2``: Add support for SCTE messages in Segment file output
* api-change:``mwaa-serverless``: Amazon MWAA now offers serverless deployment, eliminating
operational overhead while optimizing costs. The service supports YAML and Python-based workflows,
with 80+ AWS Operators. It provides isolated execution, IAM permissions, and automatic scaling with
pay-per-use pricing.
* api-change:``opensearch``: This release adds index operation APIs to support Automatic Semantic
Enrichment feature
* api-change:``pcs``: Added support for the managed Slurm REST API endpoint
* api-change:``route53resolver``: Adding DICTIONARY_DGA to dns-threat-protection as a new enum
type. Customers can now set rules for dictionary dga protection
- from version 1.42.74
* api-change:``datazone``: Adds support for granting read and write access to Amazon S3 general
purpose buckets using CreateSubscriptionRequest and AcceptSubscriptionRequest APIs. Also adds
search filters for SSOUser and SSOGroup to ListSubscriptions APIs and deprecates "sortBy" parameter
for ListSubscriptions APIs.
* api-change:``ec2``: This release adds AvailabilityZoneId support for
CreateInstanceConnectEndpoint, DescribeInstanceConnectEndpoints, and DeleteInstanceConnectEndpoint
APIs.
* api-change:``imagebuilder``: EC2 Image Builder now supports invoking Lambda functions and
executing Step Functions state machine through image workflows.
* api-change:``medialive``: Removed all the value constraint (min/max) for the shape definitions
(e.g. integerMin0Max3600) on the C2j models to get rid of the need to request an exemption from the
SDK team whenever a shape definition (e.g. integerMin0Max3600) is changed.
- from version 1.42.73
* api-change:``cloudformation``: CloudFormation now supports GetHookResult API with annotations to
retrieve structured compliance check results and remediation guidance for each evaluated resource,
replacing the previous single-message limitation with detailed validation outcomes.
* api-change:``controlcatalog``: Added support for related control mappings with new
RELATED_CONTROL mapping type in ListControlMappings API.
* api-change:``ec2``: Added support for new accelerator types ("media") and accelerator names
("L4", "L40s", "GAUDI_HL_205", "INFERENTIA2", "TRAINIUM", "TRAINIUM2", "U30") in Attributes Based
Instance Type Selection for launched instance types.
* api-change:``ecr``: Add Amazon ECR FIPS PrivateLink endpoint support
* api-change:``elbv2``: QUIC and TCP_QUIC protocol support for Network Load Balancer (NLB). This
capability enables customers to forward QUIC traffic to their targets with ultra-low latency while
maintaining session stickiness using QUIC Connection IDs.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``iotwireless``: Integration of Device Location with Amazon Sidewalk network for
Amazon Sidewalk enabled devices
* api-change:``mediaconvert``: Lowers minimum duration for black video generator. Adds support for
embedding and signing C2PA content credentials in DASH and CMAF HLS outputs.
* api-change:``rds``: Updated endpoint and service metadata
* api-change:``sagemaker``: Added support for minor version upgrades and AWS Identity Center
integration for SageMaker Hadron Partner Apps, enabling automated version management and IdC
group-based access control.
* api-change:``workspaces-web``: Support for managing web content filtering for defining, tracking
and regulating type of content accessed with WorkSpaces Secure Browser as part of browser settings.
- from version 1.42.72
* api-change:``amp``: Add VPC source configuration support enabling Amazon Managed Service for
Prometheus Collector to collect metrics from MSK clusters.
* api-change:``connect``: Updated Authentication Profile APIs to add support for automatic logout
on user inactivity
* api-change:``dms``: Added support of SQL statements creation, metadata model discovery and
selection rules transformation.
* api-change:``ec2``: Adds complete AMI ancestry tracing from immediate parent through each
preceding generation back to the root AMI
* api-change:``elbv2``: This release expands ALB Authentication to support JWT verification and
adds support for a new JWT validation action in listener rule.
* api-change:``redshift``: Added GetIdentityCenterAuthToken API to retrieve encrypted
authentication tokens for Identity Center integrated applications. This API enables programmatic
access to secure Identity Center tokens with proper error handling and parameter validation across
supported SDK languages.
* api-change:``s3tables``: Adds support for request metrics metrics APIs for S3 Tables
* api-change:``sagemaker``: Add support for trn2.3xlarge instance type for SageMaker Hyperpod
- from version 1.42.71
* api-change:``batch``: Documentation-only update: update API and doc descriptions per EKS
ImageType default value switch from AL2 to AL2023.
* api-change:``bedrock-data-automation``: Added support for Language Expansion feature for BDA
Audio modality.
* api-change:``ec2``: AWS Site-to-Site VPN now supports VPN connections with up to 5 Gbps bandwidth
per tunnel, a 4x improvement from existing limit of 1.25 Gbps.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``medical-imaging``: Added new fields in existing APIs.
* api-change:``rtbfabric``: Added LogSettings and LinkAttribute fields to external links
* api-change:``security-ir``: Added support for configuring communication preferences as well as
clearly displaying case comment author identities.
- from version 1.42.70
* api-change:``acm-pca``: Private Certificate Authority service now supports ML-DSA key algorithms.
* api-change:``appstream``: AWS Appstream support for IPv6
* api-change:``backup``: AWS Backup supports backups of Amazon EKS clusters, including Kubernetes
cluster state and persistent storage attached to the EKS cluster via a persistent volume claim (EBS
volumes, EFS file systems, and S3 buckets).
* api-change:``braket``: Adds ExperimentalCapabilities field to CreateQuantumTask request and
GetQuantumTask response objects. Enables use of experimental software capabilities when creating
quantum tasks.
* api-change:``datazone``: Remove trackingServerName from DataZone Connection MLflowProperties
* api-change:``dsql``: Cluster endpoint added to CreateCluster and GetCluster API responses
* api-change:``ec2``: Amazon EC2 Fleet customers can now filter instance types based on
encryption-in-transit support using Attribute-Based Instance Type Selection (ABIS), eliminating the
manual effort of identifying and selecting compatible instance types for security-sensitive
workloads.
* api-change:``guardduty``: Include tags filed in CreatePublishingDestinationRequest and
DescribePublishingDestinationResponse.
* api-change:``iam``: Added CreateDelegationRequest API, which is not available for general use at
this time.
* api-change:``invoicing``: Added new invoicing get-invoice-pdf API Operation
* api-change:``kafka``: Amazon MSK now supports intelligent rebalancing for MSK Express brokers.
* api-change:``sts``: Added GetDelegatedAccessToken API, which is not available for general use at
this time.
* api-change:``verifiedpermissions``: Amazon Verified Permissions / Features : Adds support for
entity Cedar tags.
* api-change:``wafv2``: AWS WAF now supports CLOUDWATCH_TELEMETRY_RULE_MANAGED as a LogScope
option, enabling automated logging configuration through Amazon CloudWatch Logs for telemetry data
collection and analysis.
- from version 1.42.69
* api-change:``controltower``: Added Parent Identifier support to ListEnabledControls and
GetEnabledControl API. Implemented RemediationType support for Landing Zone operations:
CreateLandingZone, UpdateLandingZone and GetLandingZone APIs
* api-change:``ec2``: Adds PrivateDnsPreference and PrivateDnsSpecifiedDomains to control private
DNS resolution for resource and service network VPC endpoints and
IpamScopeExternalAuthorityConfiguration to integrate Amazon VPC IPAM with a third-party IPAM service
* api-change:``kms``: Added support for new ECC_NIST_EDWARDS25519 AWS KMS key spec
* api-change:``opensearch``: This release introduces the Default Application feature, allowing
users to set, change, or unset a preferred OpenSearch UI application on a per-region basis for a
streamlined and consistent user experience.
* api-change:``vpc-lattice``: Amazon VPC Lattice now supports custom domain name for resource
configurations
- from version 1.42.68
* api-change:``accessanalyzer``: New field totalActiveErrors added to getFindingsStatistics
response.
* api-change:``backup``: AWS Backup now supports customer-managed keys (CMK) for logically
air-gapped vaults, enabling customers to maintain full control over their encryption key lifecycle.
This feature helps organizations meet specific internal governance requirements or external
regulatory compliance standards.
* api-change:``connect``: Added support for Conditional Questions in Evaluation Forms. Introduced
Auto Evaluation capability for Evaluation Forms and Contact Evaluations. Added new API operations:
SearchEvaluationForms and SearchContactEvaluations.
* api-change:``ec2``: Add Amazon EC2 R8a instance types
* api-change:``gamelift``: Amazon GameLift Servers now supports game builds that use the Windows
2022 operating system.
* api-change:``identitystore``: IdentityStore API: added new KMSExceptionReason fields to the
Exception object; added multiple new fields to the User APIs - UserStatus, Birthdate, Website and
Photos; added multiple new metadata fields for User, Groups and Membership APIs - CreatedAt,
CreatedBy, UpdatedAt and UpdatedBy.
* api-change:``quicksight``: Support for New Data Prep Experience
* api-change:``s3tables``: Adds support for tagging APIs for S3 Tables
* api-change:``s3vectors``: Amazon S3 Vectors provides cost-effective, elastic, and durable vector
storage for queries based on semantic meaning and similarity.
* api-change:``sagemaker``: Added NodeProvisioningMode parameter to UpdateCluster API to determine
how instance provisioning is handled during cluster operations; in Continuous mode. Added VpcId
field in UpdateDomain request for SageMaker Unified Studio domains with no VPC to add a customer
VPC.
* api-change:``ssm``: Provides NoLongerSupportedException error message
- from version 1.42.67
* api-change:``cloudfront``: This release adds new and updated API operations. You can now use the
IpAddressType field to specify either ipv4 or dualstack for your Anycast static IP list. You can
also enable cross-account resource sharing to share your VPC origins with other AWS accounts
* api-change:``datazone``: Added support for Project Resource Tags
* api-change:``ec2``: This release adds AvailabilityZoneId support for
DescribeFastSnapshotRestores, DisableFastSnapshotRestores, and EnableFastSnapshotRestores APIs.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``fsx``: Amazon FSx now enables secure management of Active Directory credentials
through AWS Secrets Manager integration. Customers can use Secret ARNs instead of direct
credentials when joining resources to Active Directory domains.
* api-change:``groundstation``: Introduce CreateDataflowEndpointGroupV2 action
* api-change:``s3``: Launch IPv6 dual-stack support for S3 Express
* api-change:``sagemaker``: Add new fields in SageMaker Hyperpod DescribeCluster API response:
TargetStateCount, SoftwareUpdateStatus and ActiveSoftwareDeploymentConfig to provide AMI update
progress visibility .
- from version 1.42.66
* api-change:``pinpoint-sms-voice-v2``: This release adds support for the CarrierLookup API, which
returns information about a destination phone number including if the number is valid, the carrier,
and more.
- from version 1.42.65
* api-change:``bedrock-agentcore-control``: Adds support for direct code deploy with
CreateAgentRuntime and UpdateAgentRuntime
* api-change:``budgets``: Fix the AWS Budgets endpoint for the aws-eusc partition.
* api-change:``ec2``: Add Amazon EC2 trn2.3xlarge instance type.
* api-change:``ecs``: Documentation-only update for LINEAR and CANARY deployment strategies.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``kinesis``: Adds support for MinimumThroughputBillingCommitment with new
UpdateAccountSettings API. Adds support to configure warm throughput for on-demand streams in new
UpdateStreamWarmThroughput API and existing CreateStream API and UpdateStreamMode API.
- from version 1.42.64
* api-change:``connectcases``: Added two new case rule types: Parent Child Field Options (restricts
child field options based on parent field value) and Hidden (controls child field visibility based
on parent field value). Both enable dynamic field behavior within templates.
* api-change:``ec2``: Amazon VPC IP Address Manager (IPAM) now supports automated prefix list
management, allowing you to create rules that automatically populate customer-managed prefix lists
with CIDRs from your IPAM pools or AWS resources based on tags, Regions, or other criteria.
* api-change:``emr``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``fms``: Update endpoint ruleset parameters casing
* api-change:``fsx``: Update endpoint ruleset parameters casing
* api-change:``health``: Update endpoint ruleset parameters casing
* api-change:``kinesis``: Update endpoint ruleset parameters casing
* api-change:``lambda``: Add Python3.14 (python3.14) and Java 25 (java25) support to AWS Lambda
* api-change:``logs``: Update endpoint ruleset parameters casing
* api-change:``marketplace-catalog``: Update endpoint ruleset parameters casing
* api-change:``mediaconvert``: Adds SlowPalPitchCorrection to audio pitch correction settings.
Enables opacity for VideoOverlays. Adds REMUX_ALL option to enable multi-rendition passthrough to
VideoSelector for allow listed accounts.
* api-change:``omics``: Added WDL_LENIENT engine type that enables implicit typecasting of variable
values to its compatible declared types
* api-change:``payment-cryptography``: Allow additional characters in the CertificateSubject for
GetCertificateSigningRequest API.
* api-change:``redshift``: Update endpoint ruleset parameters casing
* api-change:``resourcegroupstaggingapi``: Update endpoint ruleset parameters casing
* api-change:``sagemaker``: Allow update of platform identifier via UpdateNotebookInstance
operation.
* api-change:``savingsplans``: Add dual-stack endpoint support for Savings Plans
* api-change:``snowball``: Update endpoint ruleset parameters casing
* api-change:``ssm-quicksetup``: Update endpoint ruleset parameters casing
* api-change:``textract``: Update endpoint ruleset parameters casing
* api-change:``waf``: Update endpoint ruleset parameters casing
- from version 1.42.63
* api-change:``amp``: Add Anomaly Detection APIs for Amazon Managed Prometheus
* api-change:``apigateway``: Update endpoint ruleset parameters casing
* api-change:``appconfig``: Update endpoint ruleset parameters casing
* api-change:``appflow``: Update endpoint ruleset parameters casing
* api-change:``applicationcostprofiler``: Update endpoint ruleset parameters casing
* api-change:``appmesh``: Update endpoint ruleset parameters casing
* api-change:``appsync``: Update endpoint ruleset parameters casing
* api-change:``artifact``: Update endpoint ruleset parameters casing
* api-change:``auditmanager``: Update endpoint ruleset parameters casing
* api-change:``bedrock-agent``: Update endpoint ruleset parameters casing
* api-change:``bedrock-agentcore-control``: Web-Bot-Auth support for AgentCore Browser tool to help
reduce captcha challenges.
* api-change:``chime``: Update endpoint ruleset parameters casing
* api-change:``cleanrooms``: Added support for advanced Spark configurations to optimize SQL
performance
* api-change:``cloudcontrol``: Update endpoint ruleset parameters casing
* api-change:``clouddirectory``: Update endpoint ruleset parameters casing
* api-change:``cloudsearch``: Update endpoint ruleset parameters casing
* api-change:``cloudwatch``: Update endpoint ruleset parameters casing
* api-change:``codecatalyst``: Update endpoint ruleset parameters casing
* api-change:``codecommit``: Update endpoint ruleset parameters casing
* api-change:``codedeploy``: Update endpoint ruleset parameters casing
* api-change:``cognito-sync``: Update endpoint ruleset parameters casing
* api-change:``compute-optimizer``: Update endpoint ruleset parameters casing
* api-change:``connectcases``: Update endpoint ruleset parameters casing
* api-change:``deadline``: Update endpoint ruleset parameters casing
* api-change:``devops-guru``: Update endpoint ruleset parameters casing
* api-change:``docdb``: Adding FailoverState and TagList to GlobalCluster and SynchronizationStatus
to GlobalClusterMember.
* api-change:``ecs``: Amazon ECS Service Connect now supports Envoy access logs, providing deeper
observability into request-level traffic patterns and service interactions.
* api-change:``eks-auth``: Update endpoint ruleset parameters casing
* api-change:``elasticache``: Update endpoint ruleset parameters casing
* api-change:``emr-serverless``: This release adds the capability to enable User Background
Sessions for customers running Trusted Identity Propagation enabled Interactive Sessions on EMR
Serverless Applications.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``firehose``: Update endpoint ruleset parameters casing
* api-change:``frauddetector``: Update endpoint ruleset parameters casing
* api-change:``geo-places``: Update endpoint ruleset parameters casing
* api-change:``glue``: This release adds the capability to enable User Background Sessions for
customers running Trusted Identity Propagation enabled Interactive Sessions on AWS Glue.
* api-change:``greengrassv2``: Update endpoint ruleset parameters casing
* api-change:``iotevents-data``: Update endpoint ruleset parameters casing
* api-change:``iot-managed-integrations``: Add a new GetManagedThingCertificate API to expose Iot
ManagedIntegrations (MI) device certificate, and add "-" support for name, properties, actions
and events in the CapabilityReportCapability object.
* api-change:``keyspacesstreams``: Update endpoint ruleset parameters casing
* api-change:``kms``: Add cross account VPC endpoint service connectivity support to CustomKeyStore.
* api-change:``license-manager-linux-subscriptions``: Update endpoint ruleset parameters casing
* api-change:``marketplace-reporting``: Update endpoint ruleset parameters casing
* api-change:``neptune``: Update endpoint ruleset parameters casing
* api-change:``rtbfabric``: RTB Fabric documentation update.
* api-change:``s3outposts``: Update endpoint ruleset parameters casing
* api-change:``sagemaker-runtime``: Update endpoint ruleset parameters casing
* api-change:``schemas``: Update endpoint ruleset parameters casing
* api-change:``serverlessrepo``: Update endpoint ruleset parameters casing
* api-change:``servicecatalog``: Update endpoint ruleset parameters casing
* api-change:``sso``: Update endpoint ruleset parameters casing
* api-change:``sts``: Update endpoint ruleset parameters casing
- from version 1.42.62
* api-change:``bedrock-runtime``: Add support for system tool and web citation response.
- from version 1.42.61
* api-change:``apigatewayv2``: Update endpoint ruleset parameters casing
* api-change:``application-signals``: Added support for CloudWatch Synthetics Canary resources in
ListAuditFindings API. This enhancement allows customers to retrieve audit findings specifically
for CloudWatch Synthetics canaries and enables service-canary correlation analysis.
* api-change:``backupsearch``: Update endpoint ruleset parameters casing
* api-change:``bcm-pricing-calculator``: Update endpoint ruleset parameters casing
* api-change:``bedrock-agent-runtime``: Update endpoint ruleset parameters casing
* api-change:``bedrock-runtime``: Update endpoint ruleset parameters casing
* api-change:``cleanroomsml``: Update endpoint ruleset parameters casing
* api-change:``cloud9``: Update endpoint ruleset parameters casing
* api-change:``cloudsearchdomain``: Update endpoint ruleset parameters casing
* api-change:``codeconnections``: Update endpoint ruleset parameters casing
* api-change:``codeguru-security``: Update endpoint ruleset parameters casing
* api-change:``detective``: Update endpoint ruleset parameters casing
* api-change:``ec2``: This released the DescribeCapacityReservationTopology API.
* api-change:``ecs``: Amazon ECS supports native linear and canary service deployments, allowing
you to shift traffic in increments for more control.
* api-change:``efs``: Update endpoint ruleset parameters casing
* api-change:``elastictranscoder``: Update endpoint ruleset parameters casing
* api-change:``emr-containers``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``gameliftstreams``: Add stream group expiration date and expired status
* api-change:``glacier``: Update endpoint ruleset parameters casing
* api-change:``groundstation``: Enable use of AzEl ephemerides
* api-change:``inspector-scan``: Update endpoint ruleset parameters casing
* api-change:``kafkaconnect``: Update endpoint ruleset parameters casing
* api-change:``kendra``: Update endpoint ruleset parameters casing
* api-change:``kinesisvideo``: Update endpoint ruleset parameters casing
* api-change:``lambda``: Added SerializedRequestEntityTooLargeException to Lambda Invoke API
* api-change:``marketplace-deployment``: Update endpoint ruleset parameters casing
* api-change:``mediapackage-vod``: Update endpoint ruleset parameters casing
* api-change:``migrationhuborchestrator``: Update endpoint ruleset parameters casing
* api-change:``notifications``: Update endpoint ruleset parameters casing
* api-change:``opensearch``: Update endpoint ruleset parameters casing
* api-change:``organizations``: Added Account State field to the ListDelegatedAdministrators API
response.
* api-change:``partnercentral-selling``: Update endpoint ruleset parameters casing
* api-change:``pipes``: Update endpoint ruleset parameters casing
* api-change:``ram``: Update endpoint ruleset parameters casing
* api-change:``resource-groups``: Update endpoint ruleset parameters casing
* api-change:``s3``: Amazon Simple Storage Service / Features: Add conditional writes in CopyObject
on destination key to prevent unintended object modifications.
* api-change:``s3control``: Update endpoint ruleset parameters casing
* api-change:``sagemaker``: Amazon SageMaker now supports deleting training and processing jobs in
a terminal status.
* api-change:``sagemaker-featurestore-runtime``: Update endpoint ruleset parameters casing
* api-change:``security-ir``: Update endpoint ruleset parameters casing
* api-change:``servicecatalog-appregistry``: Update endpoint ruleset parameters casing
* api-change:``sqs``: Update endpoint ruleset parameters casing
* api-change:``support-app``: Update endpoint ruleset parameters casing
* api-change:``taxsettings``: Update endpoint ruleset parameters casing
* api-change:``trustedadvisor``: Update endpoint ruleset parameters casing
* api-change:``workspaces``: Added IPv6 address support for WorkSpaces using Dual-Stack subnets
* api-change:``workspaces-instances``: Update endpoint ruleset parameters casing
* api-change:``xray``: Update endpoint ruleset parameters casing
- from version 1.42.60
* api-change:``accessanalyzer``: Update endpoint ruleset parameters casing
* api-change:``aiops``: Update endpoint ruleset parameters casing
* api-change:``athena``: Update endpoint ruleset parameters casing
* api-change:``backup-gateway``: Update endpoint ruleset parameters casing
* api-change:``bedrock-data-automation``: Update endpoint ruleset parameters casing
* api-change:``braket``: Update endpoint ruleset parameters casing
* api-change:``ce``: Updated endpoint for eusc-de-east-1 region.
* api-change:``chime-sdk-identity``: Update endpoint ruleset parameters casing
* api-change:``chime-sdk-media-pipelines``: Update endpoint ruleset parameters casing
* api-change:``codeartifact``: Update endpoint ruleset parameters casing
* api-change:``codeguruprofiler``: Update endpoint ruleset parameters casing
* api-change:``cognito-idp``: Update endpoint ruleset parameters casing
* api-change:``comprehend``: Update endpoint ruleset parameters casing
* api-change:``connectcampaigns``: Update endpoint ruleset parameters casing
* api-change:``controltower``: Update endpoint ruleset parameters casing
* api-change:``cost-optimization-hub``: Update endpoint ruleset parameters casing
* api-change:``dax``: Update endpoint ruleset parameters casing
* api-change:``elasticbeanstalk``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``entityresolution``: Update endpoint ruleset parameters casing
* api-change:``forecast``: Update endpoint ruleset parameters casing
* api-change:``greengrass``: Update endpoint ruleset parameters casing
* api-change:``iam``: Fixed missing SummaryMap keys in GetAccountSummary response that were being
filtered out during deserialization in AWS Java SDK v2
* api-change:``invoicing``: Update endpoint ruleset parameters casing
* api-change:``kinesis``: Adds support for record sizes up to 10MiB and introduces new
UpdateMaxRecordSize API to modify stream record size limits. Adds record size parameters to
existing CreateStream and DescribeStreamSummary APIs for request and response payloads respectively.
* api-change:``launch-wizard``: Update endpoint ruleset parameters casing
* api-change:``lex-runtime``: Update endpoint ruleset parameters casing
* api-change:``managedblockchain``: Update endpoint ruleset parameters casing
* api-change:``mturk``: Update endpoint ruleset parameters casing
* api-change:``neptune-graph``: Update endpoint ruleset parameters casing
* api-change:``outposts``: Update endpoint ruleset parameters casing
* api-change:``pinpoint``: Update endpoint ruleset parameters casing
* api-change:``rbin``: Update endpoint ruleset parameters casing
* api-change:``rds-data``: Update endpoint ruleset parameters casing
* api-change:``redshift-serverless``: Update endpoint ruleset parameters casing
* api-change:``rekognition``: Update endpoint ruleset parameters casing
* api-change:``repostspace``: Update endpoint ruleset parameters casing
* api-change:``route53profiles``: Update endpoint ruleset parameters casing
* api-change:``route53resolver``: Update endpoint ruleset parameters casing
* api-change:``s3vectors``: Update endpoint ruleset parameters casing
* api-change:``scheduler``: Update endpoint ruleset parameters casing
* api-change:``secretsmanager``: Update endpoint ruleset parameters casing
* api-change:``ses``: Update endpoint ruleset parameters casing
* api-change:``shield``: Update endpoint ruleset parameters casing
* api-change:``simspaceweaver``: Update endpoint ruleset parameters casing
* api-change:``socialmessaging``: Update endpoint ruleset parameters casing
* api-change:``ssm-sap``: Update endpoint ruleset parameters casing
* api-change:``sso-admin``: Update endpoint ruleset parameters casing
* api-change:``stepfunctions``: Update endpoint ruleset parameters casing
* api-change:``waf-regional``: Update endpoint ruleset parameters casing
* api-change:``workmailmessageflow``: Update endpoint ruleset parameters casing
- from version 1.42.59
* api-change:``acm``: Update endpoint ruleset parameters casing
* api-change:``amplifyuibuilder``: Update endpoint ruleset parameters casing
* api-change:``application-signals``: Update endpoint ruleset parameters casing
* api-change:``billing``: Update endpoint ruleset parameters casing
* api-change:``budgets``: Update endpoint ruleset parameters casing
* api-change:``chime-sdk-messaging``: Update endpoint ruleset parameters casing
* api-change:``cloudtrail``: Update endpoint ruleset parameters casing
* api-change:``codepipeline``: Update endpoint ruleset parameters casing
* api-change:``datapipeline``: Update endpoint ruleset parameters casing
* api-change:``datazone``: This release adds support for MLflow connections Creation in DataZone
* api-change:``docdb``: Update endpoint ruleset parameters casing
* api-change:``dynamodbstreams``: Update endpoint ruleset parameters casing
* api-change:``eks``: Update endpoint ruleset parameters casing
* api-change:``elb``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``evs``: Update endpoint ruleset parameters casing
* api-change:``fis``: Update endpoint ruleset parameters casing
* api-change:``gameliftstreams``: Add status reasons for TERMINATED stream sessions
* api-change:``geo-maps``: Added support for optional AdditionalFeatures parameter in the V2
GetTile API.
* api-change:``inspector``: Update endpoint ruleset parameters casing
* api-change:``iot-managed-integrations``: Update endpoint ruleset parameters casing
* api-change:``iotwireless``: Update endpoint ruleset parameters casing
* api-change:``kinesisanalytics``: Update endpoint ruleset parameters casing
* api-change:``kinesis-video-signaling``: Update endpoint ruleset parameters casing
* api-change:``location``: Added support for mobile app restrictions in Amazon Location API keys.
* api-change:``lookoutvision``: Update endpoint ruleset parameters casing
* api-change:``mediapackage``: Update endpoint ruleset parameters casing
* api-change:``mediastore``: Update endpoint ruleset parameters casing
* api-change:``mediastore-data``: Update endpoint ruleset parameters casing
* api-change:``migrationhubstrategy``: Update endpoint ruleset parameters casing
* api-change:``mq``: Update endpoint ruleset parameters casing
* api-change:``panorama``: Update endpoint ruleset parameters casing
* api-change:``payment-cryptography``: Update endpoint ruleset parameters casing
* api-change:``payment-cryptography-data``: Update endpoint ruleset parameters casing
* api-change:``pca-connector-ad``: Update endpoint ruleset parameters casing
* api-change:``qbusiness``: Update endpoint ruleset parameters casing
* api-change:``robomaker``: Update endpoint ruleset parameters casing
* api-change:``route53domains``: Update endpoint ruleset parameters casing
* api-change:``rtbfabric``: Add support for custom rate limits.
* api-change:``s3tables``: Update endpoint ruleset parameters casing
* api-change:``sagemaker``: Added inference components model data caching feature
* api-change:``sagemaker-metrics``: Update endpoint ruleset parameters casing
* api-change:``securityhub``: Release 3 layer filter support in GetFindingsV2,
GetFindingStatisticsV2, GetResourcesV2,GetResourcesStatisticsV2, AutomationRule V2 APIs. Update
filter casing in GetResourcesV2, GetResourcesStatisticsV2 APIs. Add new filters in GetFindingsV2,
GetFindingStatisticsV2, AutomationRule V2 APIs.
* api-change:``servicediscovery``: Update endpoint ruleset parameters casing
* api-change:``snow-device-management``: Update endpoint ruleset parameters casing
* api-change:``sso-oidc``: Update endpoint ruleset parameters casing
* api-change:``supplychain``: Update endpoint ruleset parameters casing
* api-change:``translate``: Update endpoint ruleset parameters casing
* api-change:``verifiedpermissions``: Update endpoint ruleset parameters casing
* api-change:``vpc-lattice``: Update endpoint ruleset parameters casing
* api-change:``wisdom``: Update endpoint ruleset parameters casing
* api-change:``workspaces-thin-client``: Update endpoint ruleset parameters casing
- from version 1.42.58
* api-change:``account``: Update endpoint ruleset parameters casing
* api-change:``application-autoscaling``: Update endpoint ruleset parameters casing
* api-change:``bedrock-agentcore``: Fixing the service documentation name
* api-change:``bedrock-agentcore-control``: Fixing the service documentation name
* api-change:``chime-sdk-voice``: Update endpoint ruleset parameters casing
* api-change:``cloudtrail-data``: Update endpoint ruleset parameters casing
* api-change:``codebuild``: Update endpoint ruleset parameters casing
* api-change:``codestar-connections``: Update endpoint ruleset parameters casing
* api-change:``config``: Update endpoint ruleset parameters casing
* api-change:``connect-contact-lens``: Update endpoint ruleset parameters casing
* api-change:``cur``: Update endpoint ruleset parameters casing
* api-change:``discovery``: Update endpoint ruleset parameters casing
* api-change:``dms``: Update endpoint ruleset parameters casing
* api-change:``docdb-elastic``: Update endpoint ruleset parameters casing
* api-change:``drs``: Update endpoint ruleset parameters casing
* api-change:``dsql``: Add support for resource-based policies for Aurora DSQL clusters. This will
enable you to implement Block Public Access (BPA) which will help restrict access to your Aurora
DSQL public or VPC endpoints.
* api-change:``ebs``: Update endpoint ruleset parameters casing
* api-change:``ecr``: Update endpoint ruleset parameters casing
* api-change:``ecr-public``: Update endpoint ruleset parameters casing
* api-change:``healthlake``: Update endpoint ruleset parameters casing
* api-change:``internetmonitor``: Update endpoint ruleset parameters casing
* api-change:``iotevents``: Update endpoint ruleset parameters casing
* api-change:``iot-jobs-data``: Update endpoint ruleset parameters casing
* api-change:``kinesis-video-archived-media``: Update endpoint ruleset parameters casing
* api-change:``kinesis-video-webrtc-storage``: Update endpoint ruleset parameters casing
* api-change:``lambda``: Add NodeJs 24 (nodejs24.x) support to AWS Lambda.
* api-change:``macie2``: Update endpoint ruleset parameters casing
* api-change:``managedblockchain-query``: Update endpoint ruleset parameters casing
* api-change:``marketplacecommerceanalytics``: Update endpoint ruleset parameters casing
* api-change:``mediatailor``: Update endpoint ruleset parameters casing
* api-change:``mgh``: Update endpoint ruleset parameters casing
* api-change:``mgn``: Update endpoint ruleset parameters casing
* api-change:``mpa``: Update endpoint ruleset parameters casing
* api-change:``neptunedata``: Update endpoint ruleset parameters casing
* api-change:``networkmonitor``: Update endpoint ruleset parameters casing
* api-change:``odb``: Doc-only update that removes duplicate values from descriptions of ODB
peering APIs.
* api-change:``omics``: Update endpoint ruleset parameters casing
* api-change:``opensearchserverless``: Update endpoint ruleset parameters casing
* api-change:``pca-connector-scep``: Update endpoint ruleset parameters casing
* api-change:``personalize-events``: Update endpoint ruleset parameters casing
* api-change:``pinpoint-email``: Update endpoint ruleset parameters casing
* api-change:``resiliencehub``: Update endpoint ruleset parameters casing
* api-change:``rum``: Update endpoint ruleset parameters casing
* api-change:``sagemaker``: Update endpoint ruleset parameters casing
* api-change:``sagemaker-edge``: Update endpoint ruleset parameters casing
* api-change:``savingsplans``: Update endpoint ruleset parameters casing
* api-change:``securitylake``: Update endpoint ruleset parameters casing
* api-change:``sesv2``: Update endpoint ruleset parameters casing
* api-change:``storagegateway``: Update endpoint ruleset parameters casing
* api-change:``synthetics``: Update endpoint ruleset parameters casing
- from version 1.42.57
* api-change:``appfabric``: Update endpoint ruleset parameters casing
* api-change:``autoscaling``: Update endpoint ruleset parameters casing
* api-change:``b2bi``: Update endpoint ruleset parameters casing
* api-change:``bcm-dashboards``: Update endpoint ruleset parameters casing
* api-change:``ce``: Update endpoint ruleset parameters casing
* api-change:``chatbot``: Update endpoint ruleset parameters casing
* api-change:``cloudformation``: Update endpoint ruleset parameters casing
* api-change:``cloudhsm``: Update endpoint ruleset parameters casing
* api-change:``cloudhsmv2``: Update endpoint ruleset parameters casing
* api-change:``codeguru-reviewer``: Update endpoint ruleset parameters casing
* api-change:``cognito-identity``: Update endpoint ruleset parameters casing
* api-change:``comprehendmedical``: Update endpoint ruleset parameters casing
* api-change:``connect``: This release added support for email address alias configuration and
outbound campaign preview mode.
* api-change:``connectcampaignsv2``: Updated Amazon Connect Outbound Campaigns V2 SDK to support
Preview Outbound Mode
* api-change:``connectparticipant``: Update endpoint ruleset parameters casing
* api-change:``devicefarm``: This release adds support for optionally including an app as part of a
CreateRemoteAccessSession request
* api-change:``directconnect``: Update endpoint ruleset parameters casing
* api-change:``ds-data``: Update endpoint ruleset parameters casing
* api-change:``ec2``: This release adds AvailabilityZoneId support for CreateNetworkInterface and
DescribeNetworkInterfaces APIs.
* api-change:``ec2-instance-connect``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``forecastquery``: Update endpoint ruleset parameters casing
* api-change:``iam``: Updated OIDC and SAML apis to reject multiple simultaneous requests to change
a unique object.
* api-change:``inspector2``: Update endpoint ruleset parameters casing
* api-change:``iot``: Update endpoint ruleset parameters casing
* api-change:``iotanalytics``: Update endpoint ruleset parameters casing
* api-change:``iotfleetwise``: Update endpoint ruleset parameters casing
* api-change:``iotsecuretunneling``: Update endpoint ruleset parameters casing
* api-change:``iotsitewise``: Update endpoint ruleset parameters casing
* api-change:``ivschat``: Update endpoint ruleset parameters casing
* api-change:``kinesisanalyticsv2``: Update endpoint ruleset parameters casing
* api-change:``lexv2-models``: Update endpoint ruleset parameters casing
* api-change:``mailmanager``: Update endpoint ruleset parameters casing
* api-change:``marketplace-agreement``: Update endpoint ruleset parameters casing
* api-change:``medialive``: Add 3 API operations for fetching alerts: ListAlerts (Channels),
ListClusterAlerts (MediaLive Anywhere), and ListMultiplexAlerts
* api-change:``mwaa``: Update endpoint ruleset parameters casing
* api-change:``notificationscontacts``: Update endpoint ruleset parameters casing
* api-change:``oam``: Update endpoint ruleset parameters casing
* api-change:``pcs``: Update endpoint ruleset parameters casing
* api-change:``pinpoint-sms-voice-v2``: Update endpoint ruleset parameters casing
* api-change:``redshift-data``: Update endpoint ruleset parameters casing
* api-change:``route53``: Amazon Route 53 now supports the ISOB West Region for private DNS for
Amazon VPCs and cloudwatch healthchecks.
* api-change:``route53-recovery-cluster``: Update endpoint ruleset parameters casing
* api-change:``rtbfabric``: Update for general availability of AWS RTB Fabric service.
* api-change:``sagemaker-a2i-runtime``: Update endpoint ruleset parameters casing
* api-change:``sns``: Update endpoint ruleset parameters casing
* api-change:``ssm-incidents``: Update endpoint ruleset parameters casing
* api-change:``workdocs``: Update endpoint ruleset parameters casing
* api-change:``workmail``: Update endpoint ruleset parameters casing
* api-change:``workspaces``: Update endpoint ruleset parameters casing
- from version 1.42.56
* api-change:``dynamodb``: Add AccountID based endpoint metric to endpoint rules.
* api-change:``emr``: Added RECONFIGURING to the InstanceFleetState convenience enum.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``mediaconvert``: This release adds the ability to set resolution for the black video
generator and also adds the StartJobsQuery and GetJobsQueryResults APIs which allow asynchronous
search of job history using new filters.
* api-change:``meteringmarketplace``: Added ClientToken parameter to MeterUsage API for specifying
idempotent requests.
* enhancement:timestamps: Add ``wire`` as a valid value for ``cli_timestamp_format``.
- from version 1.42.55
* api-change:``amp``: Update endpoint ruleset parameters casing
* api-change:``amplifybackend``: Update endpoint ruleset parameters casing
* api-change:``appconfigdata``: Update endpoint ruleset parameters casing
* api-change:``appintegrations``: Update endpoint ruleset parameters casing
* api-change:``application-insights``: Update endpoint ruleset parameters casing
* api-change:``arc-zonal-shift``: Update endpoint ruleset parameters casing
* api-change:``bcm-recommended-actions``: Update endpoint ruleset parameters casing
* api-change:``bedrock-data-automation-runtime``: Update endpoint ruleset parameters casing
* api-change:``chime-sdk-meetings``: Update endpoint ruleset parameters casing
* api-change:``cloudfront``: Update endpoint ruleset parameters casing
* api-change:``cloudfront-keyvaluestore``: Update endpoint ruleset parameters casing
* api-change:``codestar-notifications``: Update endpoint ruleset parameters casing
* api-change:``controlcatalog``: Update endpoint ruleset parameters casing
* api-change:``datasync``: Update endpoint ruleset parameters casing
* api-change:``ds``: Update endpoint ruleset parameters casing
* api-change:``dsql``: Update endpoint ruleset parameters casing
* api-change:``ec2``: Documentation updates for Amazon EC2.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``es``: Update endpoint ruleset parameters casing
* api-change:``events``: Update endpoint ruleset parameters casing
* api-change:``evidently``: Update endpoint ruleset parameters casing
* api-change:``finspace``: Update endpoint ruleset parameters casing
* api-change:``finspace-data``: Update endpoint ruleset parameters casing
* api-change:``gameliftstreams``: Updates documentation to clarify valid application binaries for
an Amazon GameLift Streams application and provide descriptions of stream session error status
reasons
* api-change:``geo-maps``: Added support for optional style parameters in maps, including Terrain,
ContourDensity, Traffic, and TravelModes.
* api-change:``imagebuilder``: Update endpoint ruleset parameters casing
* api-change:``iot-data``: Update endpoint ruleset parameters casing
* api-change:``iotdeviceadvisor``: Update endpoint ruleset parameters casing
* api-change:``iotthingsgraph``: Update endpoint ruleset parameters casing
* api-change:``iottwinmaker``: Update endpoint ruleset parameters casing
* api-change:``kendra-ranking``: Update endpoint ruleset parameters casing
* api-change:``kinesis-video-media``: Update endpoint ruleset parameters casing
* api-change:``lakeformation``: Update endpoint ruleset parameters casing
* api-change:``license-manager``: Update endpoint ruleset parameters casing
* api-change:``license-manager-user-subscriptions``: Update endpoint ruleset parameters casing
* api-change:``marketplace-catalog``: The ListEntities API now supports two new CAPI filters:
DeliveryOptionTypes for SaaS products and CompatibleAWSServices for Container products.
* api-change:``mediaconnect``: Update endpoint ruleset parameters casing
* api-change:``migration-hub-refactor-spaces``: Update endpoint ruleset parameters casing
* api-change:``network-firewall``: Update endpoint ruleset parameters casing
* api-change:``networkmanager``: Update endpoint ruleset parameters casing
* api-change:``organizations``: Update endpoint ruleset parameters casing
* api-change:``pi``: Update endpoint ruleset parameters casing
* api-change:``qapps``: Update endpoint ruleset parameters casing
* api-change:``rolesanywhere``: Update endpoint ruleset parameters casing
* api-change:``route53-recovery-readiness``: Update endpoint ruleset parameters casing
* api-change:``sagemaker-geospatial``: Update endpoint ruleset parameters casing
* api-change:``signer``: Update endpoint ruleset parameters casing
* api-change:``swf``: Releasing minor endpoint updates.
* api-change:``timestream-write``: Update endpoint ruleset parameters casing
* api-change:``tnb``: Update endpoint ruleset parameters casing
* api-change:``wellarchitected``: Update endpoint ruleset parameters casing
- from version 1.42.54
* api-change:``acm-pca``: Update endpoint ruleset parameters casing
* api-change:``amplify``: Update endpoint ruleset parameters casing
* api-change:``apigatewaymanagementapi``: Update endpoint ruleset parameters casing
* api-change:``apprunner``: Update endpoint ruleset parameters casing
* api-change:``apptest``: Update endpoint ruleset parameters casing
* api-change:``autoscaling-plans``: Updated FIPS endpoints for US GovCloud regions
* api-change:``batch``: Update endpoint ruleset parameters casing
* api-change:``bcm-data-exports``: Update endpoint ruleset parameters casing
* api-change:``billingconductor``: New feature: service flat CLI and first AWS managed pricing plan
(BasicPricingPlan)
* api-change:``customer-profiles``: Update endpoint ruleset parameters casing
* api-change:``databrew``: Update endpoint ruleset parameters casing
* api-change:``dataexchange``: Update endpoint ruleset parameters casing
* api-change:``dlm``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``freetier``: Update endpoint ruleset parameters casing
* api-change:``gamelift``: Update endpoint ruleset parameters casing
* api-change:``geo-routes``: Update endpoint ruleset parameters casing
* api-change:``globalaccelerator``: Update endpoint ruleset parameters casing
* api-change:``grafana``: Update endpoint ruleset parameters casing
* api-change:``identitystore``: Update endpoint ruleset parameters casing
* api-change:``ivs``: Update endpoint ruleset parameters casing
* api-change:``ivs-realtime``: Update endpoint ruleset parameters casing
* api-change:``kafka``: Update endpoint ruleset parameters casing
* api-change:``keyspaces``: Update endpoint ruleset parameters casing
* api-change:``kms``: Update endpoint ruleset parameters casing
* api-change:``lex-models``: Update endpoint ruleset parameters casing
* api-change:``lexv2-runtime``: Update endpoint ruleset parameters casing
* api-change:``lookoutequipment``: Update endpoint ruleset parameters casing
* api-change:``m2``: Update endpoint ruleset parameters casing
* api-change:``machinelearning``: Update endpoint ruleset parameters casing
* api-change:``marketplace-entitlement``: Update endpoint ruleset parameters casing
* api-change:``mediapackagev2``: Update endpoint ruleset parameters casing
* api-change:``medical-imaging``: Update endpoint ruleset parameters casing
* api-change:``memorydb``: Update endpoint ruleset parameters casing
* api-change:``migrationhub-config``: Update endpoint ruleset parameters casing
* api-change:``networkflowmonitor``: Update endpoint ruleset parameters casing
* api-change:``osis``: Update endpoint ruleset parameters casing
* api-change:``personalize``: Update endpoint ruleset parameters casing
* api-change:``personalize-runtime``: Update endpoint ruleset parameters casing
* api-change:``pinpoint-sms-voice``: Update endpoint ruleset parameters casing
* api-change:``polly``: Update endpoint ruleset parameters casing
* api-change:``pricing``: Update endpoint ruleset parameters casing
* api-change:``qldb``: Update endpoint ruleset parameters casing
* api-change:``qldb-session``: Update endpoint ruleset parameters casing
* api-change:``route53-recovery-control-config``: Update endpoint ruleset parameters casing
* api-change:``ssm``: Update endpoint ruleset parameters casing
* api-change:``ssm-contacts``: Update endpoint ruleset parameters casing
* api-change:``ssm-guiconnect``: Update endpoint ruleset parameters casing
* api-change:``timestream-query``: Update endpoint ruleset parameters casing
* api-change:``voice-id``: Update endpoint ruleset parameters casing
* api-change:``workspaces-web``: Update endpoint ruleset parameters casing
- from version 1.42.53
* api-change:``bedrock``: Amazon Bedrock Automated Reasoning Policy now offers enhanced AWS KMS
integration. The CreateAutomatedReasoningPolicy API includes a new kmsKeyId field, allowing
customers to specify their preferred KMS key for encryption, improving control and compliance with
AWS encryption mandates.
* api-change:``docdb``: Add support for NetworkType field in CreateDbCluster, ModifyDbCluster,
RestoreDbClusterFromSnapshot and RestoreDbClusterToPointInTime for DocumentDB.
* api-change:``ec2``: Introducing EC2 Capacity Manager for monitoring and analyzing capacity usage
across On-Demand Instances, Spot Instances, and Capacity Reservations.
* api-change:``elbv2``: This release expands Listener Rule Conditions to support RegexValues and
adds support for a new Transforms field in Listener Rules.
* api-change:``guardduty``: Added default pagination value for ListMalwareProtectionPlans API and
updated UpdateFindingsFeedback API
* api-change:``lightsail``: Add support for manage Lightsail Bucket CORS configuration
* api-change:``timestream-influxdb``: This release adds support for creating and managing InfluxDB
3 Core and Enterprise DbClusters.
- from version 1.42.52
* api-change:``appstream``: This release introduces support for Microsoft license included
applications streaming.
* api-change:``backup``: The AWS Backup job attribute extension enhancement helps customers better
understand the plan that initiated each job, and the properties of the resource each job creates.
* api-change:``connect``: SDK release for TaskTemplateInfo in Contact for DescribeContact response.
* api-change:``datazone``: Support creating scoped and trustedIdentityPropagation enabled
connections.
* api-change:``ec2``: This release adds support for creating instant, point-in-time copies of EBS
volumes within the same Availability Zone
* api-change:``transcribe``: Move UntagResource API body member to query parameter
* api-change:``transfer``: SFTP connectors now support routing connections via customers' VPC. This
enables connections to remote servers that are only accessible in a customer's VPC environment, and
to servers that are accessible over the internet but need connections coming from an IP address in
a customer VPC's CIDR range.
- from version 1.42.51
* api-change:``bedrock-agentcore``: Updated InvokeAgentRuntime API to accept account id optionally
and added CompleteResourceTokenAuth API.
* api-change:``bedrock-agentcore-control``: Updated http status code in control plane apis of
agentcore runtime, tools and identity. Additional included provider types for AgentCore Identity
* api-change:``ec2``: Release Amazon EC2 c8i, c8i-flex, m8a, and r8gb
* api-change:``observabilityadmin``: CloudWatch Observability Admin adds the ability to enable
Resource tags for telemetry in a customer account. The release introduces new APIs to enable,
disable and describe the status of Resource tags for telemetry feature. This new capability
simplifies monitoring AWS resources using tags.
- Refresh ac_relax-depends.patch
- Update Requires from setup.py
- bind
-
- Fix unbounded NSEC3 iterations when validating referrals to
unsigned delegations.
(CVE-2026-1519)
[bsc#1260805, bind-9.18-CVE-2026-1519.patch]
- crypto-policies
-
- Add PQC support for OpenSSH (bsc#1258311, bsc#1259825)
* Enable and prioritize sntrup761x25519-sha512 for OpenSSH by default
* Add crypto-policies-OpenSSH-PQC.patch
- curl
-
- Security fixes:
* CVE-2026-1965: Bad reuse of HTTP Negotiate connection (bsc#1259362)
* CVE-2026-3783: Token leak with redirect and netrc (bsc#1259363)
* CVE-2026-3784: Wrong proxy connection reuse with credentials (bsc#1259364)
* CVE-2026-3805: Use after free in SMB connection reuse (bsc#1259365)
* Add patches:
- curl-CVE-2026-1965.patch
- curl-CVE-2026-3783.patch
- curl-CVE-2026-3784.patch
- curl-CVE-2026-3805.patch
- dejavu-fonts
-
- use %license tag [bsc#1252142]
- docker
-
- Places a hard cap on the amount of mechanisms that can be specified and
encoded in the payload. (bsc#1253904, CVE-2025-58181)
* 0007-CVE-2025-58181-fix-vendor-crypto-ssh.patch
- glib2
-
- Add CVE fixes:
+ glib2-CVE-2026-1484.patch (bsc#1257355 CVE-2026-1484
glgo#GNOME/glib!4979).
+ glib2-CVE-2026-1485.patch (bsc#1257354 CVE-2026-1485
glgo#GNOME/glib!4981).
+ glib2-CVE-2026-1489.patch (bsc#1257353 CVE-2026-1489
glgo#GNOME/glib!4984).
- glibc
-
- resolv-count-resource-records.patch: resolv: Count records correctly
(CVE-2026-4437, bsc#1260078, BZ #34014)
- resolv-check-hostname.patch: resolv: Check hostname for validity
(CVE-2026-4438, bsc#1260082, BZ #34015)
- nss-missing-checks.patch: nss: Missing checks in __nss_configure_lookup,
__nss_database_get (bsc#1258319, BZ #28940)
- memalign-overflow-check.patch: memalign: reinstate alignment overflow
check (CVE-2026-0861, bsc#1256766, BZ #33796)
- nss-dns-getnetbyaddr.patch: resolv: Fix NSS DNS backend for getnetbyaddr
(CVE-2026-0915, bsc#1256822, BZ #33802)
- nptl-optimize-trylock.patch: nptl: Optimize trylock for high cache
contention workloads (bsc#1256437, BZ #33704)
- wordexp-wrde-reuse.patch: posix: Reset wordexp_t fields with WRDE_REUSE
(CVE-2025-15281, bsc#1257005, BZ #33814)
- gpg2
-
- Security fix [bsc#1257396, CVE-2026-24882]
- gpg2: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys
- Added gnupg-CVE-2026-24882.patch
- Security fix: [bsc#1256389] (gpg.fail/filename)
* GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field
* Add gnupg-accepts-path-separators-literal-data.patch
- grub2
-
- Fix PowerPC network boot prefix to correctly locate grub.cfg (bsc#1249385)
* 0001-ieee1275-Use-net-config-for-boot-location-instead-of.patch
- Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543)
* grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
* grub2-btrfs-09-get-default-subvolume.patch
- Backport upstream's commit to prevent BIOS assert (bsc#1258022)
* 0001-kern-efi-mm-Change-grub_efi_mm_add_regions-to-keep-t.patch
- Fix error "grub-core/script/lexer.c:352:out of memory" after PowerPC CAS
Reboot (bsc#1254299)
* 0001-Fix-PowerPC-CAS-reboot-to-evaluate-menu-context.patch
- iproute2
-
- add CVE fix (CVE-2024-58251 bsc#1254324)
* ss-escape-characters-in-command-name.patch
- kernel-default
-
- net/mana: Null service_wq on setup error to prevent double
destroy (git-fix).
- commit 4b21ba9
- crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (CVE-2025-71231 bsc#1258424).
- commit f8a95c7
- apparmor: fix race between freeing data and fs accessing it
(bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy
management (bsc#1258849).
- apparmor: Fix double free of ns_name in aa_replace_profiles()
(bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in
verify_dfa() (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage
(bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces
(bsc#1258849).
- apparmor: replace recursive profile removal with iterative
approach (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb
(bsc#1258849).
- commit 9f31a2e
- scsi: mpi3mr: Event processing debug improvement (bsc#1251186,
bsc#1258832).
- commit 4fde182
- net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes).
- net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes).
- PCI: hv: remove unnecessary module_init/exit functions (git-fixes).
- PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes).
- RDMA/mana_ib: Add device-memory support (git-fixes).
- RDMA/mana_ib: Take CQ type from the device type (git-fixes).
- net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472).
- RDMA/mana_ib: check cqe length for kernel CQs (git-fixes).
- net: mana: Fix use-after-free in reset service rescan path (git-fixes).
- Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes).
- Drivers: hv: remove stale comment (git-fixes).
- net: mana: Handle hardware recovery events when probing the device (bsc#1257466).
- net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes).
- net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes).
- net: mana: Add standard counter rx_missed_errors (git-fixes).
- net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes).
- net: mana: Support HW link state events (bsc#1253049).
- Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes).
- Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes).
- Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes).
- scsi: storvsc: Remove redundant ternary operators (git-fixes).
- RDMA/mana_ib: Extend modify QP (git-fixes).
- RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes).
- net: mana: Reduce waiting time if HWC not responding (bsc#1252266).
- RDMA/mana_ib: add support of multiple ports (bsc#1251135).
- RDMA/mana_ib: add additional port counters (bsc#1251135).
- RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).
- RDMA/mana_ib: Add device statistics support (git-fixes).
- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).
- net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971).
- net: mana: Handle unsupported HWC commands (git-fixes).
- net: mana: Fix warnings for missing export.h header inclusion (git-fixes).
- PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes).
- tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes).
- net: mana: Add support for auxiliary device servicing events (bsc#1251971).
- RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes).
- RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes).
- net: mana: Probe rdma device in mana driver (git-fixes).
- RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes).
- RDMA/mana_ib: support of the zero based MRs (bsc#1251135).
- RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135).
- RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135).
- RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690).
- net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690).
- RDMA/mana_ib: Use safer allocation function() (bsc#1251135).
- RDMA/mana_ib: Implement DMABUF MR support (git-fixes).
- RDMA/mana_ib: Fix error code in probe() (git-fixes).
- RDMA/mana_ib: Add port statistics support (git-fixes).
- RDMA/mana_ib: request error CQEs when supported (git-fixes).
- RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes).
- RDMA/mana_ib: indicate CM support (git-fixes).
- RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes).
- RDMA/mana_ib: extend mana QP table (git-fixes).
- RDMA/mana_ib: implement req_notify_cq (git-fixes).
- RDMA/mana_ib: UD/GSI work requests (git-fixes).
- RDMA/mana_ib: create/destroy AH (git-fixes).
- RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes).
- RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes).
- RDMA/mana_ib: create kernel-level CQs (git-fixes).
- RDMA/mana_ib: helpers to allocate kernel queues (git-fixes).
- RDMA/mana_ib: implement get_dma_mr (git-fixes).
- RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes).
- PCI: hv: Correct a comment (git-fixes).
- net: mana: Add metadata support for xdp mode (git-fixes).
- tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes).
- tools/hv: add a .gitignore file (git-fixes).
- tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes).
- hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes).
- net: mana: use ethtool string helpers (git-fixes).
- tools: hv: lsvmbus: change shebang to use python3 (git-fixes).
- RDMA/mana_ib: Set correct device into ib (git-fixes).
- RDMA/mana_ib: Process QP error events in mana_ib (git-fixes).
- RDMA/mana_ib: extend query device (git-fixes).
- RDMA/mana_ib: set node_guid (git-fixes).
- RDMA/mana_ib: Modify QP state (git-fixes).
- RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes).
- RDMA/mana_ib: Create and destroy RC QP (git-fixes).
- net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes).
- RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes).
- RDMA/mana_ib: boundary check before installing cq callbacks (git-fixes CVE-2024-38542 bsc#1226591).
- RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes).
- RDMA/mana_ib: create and destroy RNIC cqs (git-fixes).
- RDMA/mana_ib: create EQs for RNIC CQs (git-fixes).
- RDMA/mana_ib: Fix missing ret value (git-fixes).
- RDMA/mana_ib: Configure mac address in RNIC (git-fixes).
- RDMA/mana_ib: Adding and deleting GIDs (git-fixes).
- RDMA/mana_ib: Enable RoCE on port 1 (git-fixes).
- RDMA/mana_ib: Implement port parameters (git-fixes).
- RDMA/mana_ib: Create and destroy rnic adapter (git-fixes).
- RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes).
- RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes).
- RDMA/mana_ib: remove useless return values from dbg prints (git-fixes).
- RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes).
- RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes).
- RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes).
- RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git-fixes).
- hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git-fixes).
- RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes).
- RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes).
- RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes).
- commit 8690084
- s390/ctcm: Fix double-kfree (CVE-2025-40253 bsc#1255084).
- commit a33e581
- Update config files (bsc#1254306).
- commit 3c7bab7
- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).
- commit 165c4b3
- net/sched: ets: Always remove class from active list before
deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645).
- commit bd83957
- net/sched: cls_u32: use skb_header_pointer_careful()
(CVE-2026-23204 bsc#1258340).
In addition backport 13e00fdc9236b which introduces
skb_header_pointer_careful() helper which is required.
- commit 926e136
- cifs: add xid to query server interface call (git-fixes).
- Refresh
patches.suse/cifs-handle-when-server-starts-supporting-multichannel.patch.
- Refresh
patches.suse/cifs-make-sure-server-interfaces-are-requested-only-for-SMB3-.patch
(bsc#1258928,bsc#1259070).
- Refresh
patches.suse/cifs-do-not-disable-interface-polling-on-failure.patch.
- Refresh
patches.suse/cifs-add-xid-to-query-server-interface-call.patch.
- commit e67e831
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
(bsc#1249998 CVE-2025-39817).
- commit ccf2d31
- Add bugnumber to existing mana change (bsc#1251971).
- scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes).
- commit 425b20d
- Update
patches.suse/btrfs-do-not-strictly-require-dirty-metadata-thresho.patch
(stable-fixes CVE-2026-23157 bsc#1258376).
- Update
patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch
(bsc#1257473 CVE-2026-23054 bsc#1257732).
- Update
patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-handler.patch
(bsc#1257952 CVE-2026-23207 bsc#1258524).
- Update
patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_combined.patch
(bsc#1257952 CVE-2026-23202 bsc#1258338).
- commit 9f4fee7
- smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924,
CVE-2025-40103).
- commit 2028384
- cifs: parse_dfs_referrals: prevent oob on malformed input
(bsc#1252911, CVE-2025-40099).
- commit 821259f
- Refresh
patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch.
- commit 1325cd1
- dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (CVE-2026-23004 bsc#1257231).
- commit 3cd007f
- netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate() (CVE-2026-23111 bsc#1258181).
- commit 56db8af
- btrfs: send: check for inline extents in
range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141).
- commit b93c18b
- btrfs: reject new transactions if the fs is fully read-only
(bsc#1258464 CVE-2026-23214).
- commit c375a48
- macvlan: observe an RCU grace period in macvlan_common_newlink()
error path (CVE-2026-23209 bsc#1258518).
- macvlan: fix error recovery in macvlan_common_newlink()
(CVE-2026-23209 bsc#1258518).
- commit eaf1535
- scsi: mpi3mr: Synchronous access b/w reset and tm thread for
reply queue (CVE-2025-37861 bsc#1243055).
- commit 807000c
- ALSA: aloop: Fix racy access at PCM trigger (CVE-2026-23191
bsc#1258395).
- commit 114f0d2
- crypto: authencesn - reject too-short AAD (assoclen<8) to
match ESP/ESN spec (bsc#1257735 CVE-2026-23060).
- commit 9347d8b
- crypto: af_alg - zero initialize memory allocated via
sock_kmalloc (bsc#1256716 CVE-2025-71113).
- commit 449e0ae
- crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
(bsc#1254992 CVE-2023-53817).
- commit f8259ad
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
(bsc#1251966 CVE-2025-39964).
- commit 2a9a19a
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
(bsc#1251966 CVE-2025-39964).
Refresh patches.suse/crypto-add-suse_kabi_padding.patch.
- commit a6b1063
- net/sched: Enforce that teql can only be used as root qdisc
(CVE-2026-23074 bsc#1257749).
- commit 476e9b8
- spi: tegra210-quad: Protect curr_xfer check in IRQ handler (bsc#1257952)
- commit 54f273c
- spi: tegra210-quad: Protect curr_xfer clearing in (bsc#1257952)
- commit 1da9508
- spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (bsc#1257952)
- commit 25ff6b8
- spi: tegra210-quad: Protect curr_xfer assignment in (bsc#1257952)
- commit e3d34f8
- spi: tegra210-quad: Move curr_xfer read inside spinlock (bsc#1257952)
- commit 4658841
- spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed (bsc#1257952)
- commit 997844c
- workqueue: mark power efficient workqueue as unbounded if (bsc#1257891)
- commit a0e31fb
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
(CVE-2026-23089 bsc#1257790).
- commit c09ea34
- clocksource: Reduce watchdog readout delay limit to prevent
false positives (bsc#1241345).
- commit 6736e91
- clocksource: Print durations for sync check unconditionally
(bsc#1241345).
- commit 79738b2
- btrfs: scrub: always update btrfs_scrub_progress::last_physical
(git-fixes).
- commit b2c29ef
- mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP
allocations (bsc#1254447 bsc#1253087).
- commit e90ec28
- bpf/selftests: test_select_reuseport_kern: Remove unused header
(bsc#1257603).
- commit 3124f7b
- smb: client: short-circuit in open_cached_dir_by_dentry()
if !dentry (git-fixes).
- commit 82d6911
- smb: client: ensure open_cached_dir_by_dentry() only returns
valid cfid (git-fixes).
- commit d1feafe
- smb: client: split cached_fid bitfields to avoid shared-byte
RMW races (bsc#1250748,bsc#1257154).
- commit e7ce4ba
- scripts/python/git_sort/git_sort.yaml: add cifs for-next repository
- commit 0d24c51
- smb: improve directory cache reuse for readdir operations
(bsc#1252712).
- commit 20c0243
- smb: client: remove unused fid_lock (git-fixes).
- commit ed3cf07
- smb: client: update cfid->last_access_time in
open_cached_dir_by_dentry() (git-fixes).
- commit 1962196
- cifs: add new field to track the last access time of cfid
(git-fixes).
- commit 7328aa8
- smb: change return type of cached_dir_lease_break() to bool
(git-fixes).
- commit da8604d
- ipv6: Fix use-after-free in inet6_addr_del() (CVE-2026-23010
bsc#1257332).
- commit 0f213a3
- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377).
- commit 16880ae
- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792)
- commit b3a8e60
- Update
patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch
(git-fixes CVE-2025-40097 bsc#1252900).
- Update
patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch
(git-fixes CVE-2025-71081 bsc#1256609).
- Update
patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch
(git-fixes CVE-2025-71147 bsc#1257158).
- Update
patches.suse/btrfs-fix-adding-block-group-to-a-reclaim-list-and-t.patch
(git-fixes CVE-2024-42103 bsc#1228490).
- Update
patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch
(git-fixes CVE-2025-38243 bsc#1246184).
- Update
patches.suse/drm-stm-ltdc-fix-late-dereference-check.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53714
bsc#1254465).
- Update
patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch
(git-fixes CVE-2025-71083 bsc#1256610).
- Update
patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch
(bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307).
- Update
patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch
(git-fixes CVE-2025-71111 bsc#1256728).
- Update
patches.suse/ipmi-Rework-user-message-limit-handling.patch
(git-fixes CVE-2025-40202 bsc#1253451).
- Update
patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch
(git-fixes CVE-2025-71136 bsc#1256759).
- Update
patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch
(git-fixes CVE-2025-68819 bsc#1256664).
- Update
patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch
(git-fixes CVE-2025-68808 bsc#1256682).
- Update
patches.suse/perf-x86-intel-Fix-crash-in-icl_update_topdown_event.patch
(git-fixes CVE-2025-38322 bsc#1246447).
- Update
patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch
(git-fixes CVE-2025-68804 bsc#1256617).
- Update
patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch
(bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616).
- Update
patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch
(git-fixes CVE-2025-38379 bsc#1247030).
- Update
patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch
(bsc#1250705 CVE-2025-39913).
- Update
patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch
(bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082).
- Update
patches.suse/usb-dwc3-fix-fault-at-system-suspend-if-device-was-a.patch
(git-fixes CVE-2024-53070 bsc#1233563).
- Update
patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch
(git-fixes CVE-2024-53149 bsc#1234842).
- Update
patches.suse/usb-xhci-Fix-invalid-pointer-dereference-in-Etron-wo.patch
(git-fixes CVE-2025-37813 bsc#1242909).
- Update
patches.suse/x86-microcode-AMD-Fix-__apply_microcode_amd-s-return.patch
(bsc#1256528 CVE-2025-22047 bsc#1241437).
- commit fbc3d71
- macvlan: fix possible UAF in macvlan_forward_source()
(CVE-2026-23001 bsc#1257232).
- commit bcf0129
- btrfs: do not strictly require dirty metadata threshold for
metadata writepages (stable-fixes).
- commit b83c55a
- scripts: obsapi: Support URL trailing / in oscrc
- commit 596ed59
- scripts: uploader: Handle missing upstream in is_pr_open
- commit e7d7408
- net/sched: sch_qfq: do not free existing class in
qfq_change_class() (CVE-2026-22999 bsc#1257236).
- commit d911768
- shrink_slab_memcg: clear_bits of skipped shrinkers
(bsc#1256564).
- commit 1a156a1
- ipv6: BUG() in pskb_expand_head() as part of
calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623).
- commit 35a165f
- scripts: uploader: Fix no change condition for _maintainership.json
- commit 792d98c
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- commit b6299d5
- scripts: uploader: Only reset branch when there is no open PR
Resetting the branch closes any PR which is disruptive.
With project repositories that get a lot of changes this would reset too
often if reset was enabled causing unmergeable PRs.
Yet it is necessary to reset to be able to get up-to-date state for a
new PR.
With this branch reset can be enabled for maintainership update.
- commit 60e8156
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- remove an Intel CPU model change which is already part of the base kernel
- remove a bpf CVE change which is already part of the base kernel
- commit 6def8a1
- x86: make page fault handling disable interrupts properly
(git-fixes).
- commit e28ac6a
- iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089
bsc#1256612).
- commit 74dac8b
- net: hns3: add VLAN id validation before using (CVE-2025-71112
bsc#1256726).
- net/handshake: duplicate handshake cancellations leak socket
(CVE-2025-68775 bsc#1256665).
- commit 5f03ae0
- mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257
bsc#1254842).
- commit 83400eb
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token
in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779).
- commit 400a381
- scsi: sg: Do not sleep in atomic context (CVE-2025-40259
bsc#1254845).
- commit 386a47a
- ice: use netif_get_num_default_rss_queues() (bsc#1247712).
- commit eb0fac0
- ipvs: fix ipv4 null-ptr-deref in route error path
(CVE-2025-68813 bsc#1256641).
- commit 238038b
- libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401).
- commit fdc5baf
- sched: Increase sched_tick_remote timeout (bsc#1254510).
- commit 87d4295
- avahi
-
- Add avahi-CVE-2026-24401.patch: Fix unsolicited mDNS response
containing a recursive CNAME record (bsc#1257235).
- util-linux
-
- Recognize fuse "portal" as a virtual file system (boo#1234736,
util-linux-libmount-fuse-portal.patch).
- fdisk: Fix possible partition overlay and data corruption if EBR
gap is missing (boo#1222465,
util-linux-libfdisk-ebr-missing-gap-1.patch,
util-linux-tests-fdisk-ebr-missing-gap-1.patch,
util-linux-tests-fdisk-ebr-missing-gap-2.patch,
util-linux-libfdisk-ebr-missing-gap-2.patch,
util-linux-tests-fdisk-ebr-missing-gap-3.patch).
- Use full hostname for PAM to ensure correct access control for
"login -h" (bsc#1258859, CVE-2026-3184,
util-linux-CVE-2026-3184.patch).
- libcap
-
- CVE-2026-4878: Fixed a a potential TOCTOU race condition in cap_set_file() (bsc#1261809)
0001-Address-a-potential-TOCTOU-race-condition-in-cap_set.patch:
- expat
-
- security update:
* CVE-2026-32776: expat: libexpat: NULL pointer dereference when
processing empty external parameter entities inside an entity
declaration value (bsc#1259726)
- Added patch expat-CVE-2026-32776.patch
* CVE-2026-32777: expat: libexpat: denial of service due to
infinite loop in DTD content parsing (bsc#1259711)
- Added patch expat-CVE-2026-32777.patch
* CVE-2026-32778: expat: libexpat: NULL pointer dereference in
`setContext` on retry after an out-of-memory condition (bsc#1259729)
- Added patch expat-CVE-2026-32778.patch
- security update
- added patches
CVE-2026-24515 [bsc#1257144], NULL dereference (CWE-476) due to function XML_ExternalEntityParserCreate() failing to copy the encoding handler data passed to XML_SetUnknownEncodingHandler() from the parent to the subparser
* expat-CVE-2026-24515.patch
CVE-2026-25210 [bsc#1257496], lack of buffer size check can lead to an integer overflow
* expat-CVE-2026-25210.patch
- gcc15
-
- Add gcc14-bsc1257463.patch to fix bogus expression simplification
[bsc#1257463]
- gnutls
-
- Add the functionality to allow to specify the hash algorithm for
the PSK. This fixes a bug in the current implementation where the
binder is always calculated with SHA256.
* (bsc#1258083, jsc#PED-15752, jsc#PED-15753)
* lib/psk: Add gnutls_psk_allocate_{client,server}_credentials2
* tests/psk-file: Add testing for _credentials2 functions
* lib/psk: add null check for binder algo
* pre_shared_key: fix memleak when retrying with different binder algo
* pre_shared_key: add null check on pskcred
* Add patches:
- gnutls-PSK-hash.patch
- gnutls-PSK-hash-tests.patch
- gnutls-PSK-hash-NULL-check.patch
- gnutls-PSK-hash-NULL-check-pskcred.patch
- gnutls-PSK-hash-fix-memleak.patch
- Security fix:
* CVE-2025-14831: DoS via excessive resource consumption during
certificate verification (bsc#1257960)
* Add gnutls-CVE-2025-14831.patch
- openldap2
-
- jsc#PED-15735 - expose ldap_log.h in -devel
* 0246-Include-ldap_log.h-in-devel.patch
- retcon .changes to satisfy source validator
- multipath-tools
-
- Update to version 0.9.8+266+suse.53479977 (bsc#1257007):
* kpartx: fix segfault when operating on regular files
(bsc#1257244, bsc#1257153)
* multipathd: print path offline message even without a checker
(bsc#1254094)
* Fix command descriptions in the multipathd man page.
* Fix ISO C23 compatibility issue causing errors with new compilers.
* Fix memory leak caused by not joining the "init unwinder" thread.
* Fix memory leaks in kpartx.
* Print the warning "setting scsi timeouts is unsupported for protocol" only
once per protocol.
* Make sure multipath-tools is compiled with the compiler flag
`-fno-strict-aliasing`. (gh#opensvc/multipath-tools#130, bsc#1255285)
- ncurses
-
- Add patch fix-bsc1259924.patch (bsc#1259924, CVE-2025-69720)
* Backport from ncurses-6.5-20251213.patch
- nfs-utils
-
- Fix access checks when mounting subdirectories in NFSv3
(CVE-2025-12801 bsc#1259204)
- add Fix-access-checks-when-mounting-subdirectories-in-NFSv3.patch
- add NFS-export-symlink-vulnerability-fix.patch
- add configure-check-for-rpc_gss_seccreate.patch
- add mountd-Minor-refactor-of-get_rootfh.patch
- add mountd-Separate-lookup-of-the-exported-directory-and-the-m.patch
- add support-Add-a-mini-library-to-extract-and-apply-RPC-creden.patch
- Split legacy libnfsidmap0 into a separate spec file (bsc#1246505)
- nghttp2
-
- added patches
https://github.com/nghttp2/nghttp2/commit/61caf66f1b002105e5603fba030de57d445330a8
* nghttp2-TZ-fix-test-failure.patch
- added patches
CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845)
* nghttp2-CVE-2026-27135.patch
- openssl-1_1
-
- Security fix:
* CVE-2026-28390: NULL pointer dereference during processing of a crafted
CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678)
* Add openssl-CVE-2026-28390.patch
- Security fixes:
* CVE-2026-28387: Potential use-after-free in DANE client code
(bsc#1260441)
* CVE-2026-28388: NULL Pointer Dereference When Processing a
Delta (bsc#1260442)
* CVE-2026-28389: Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo (bsc#1260443)
* CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
(bsc#1260444)
* NULL pointer dereference when processing an
OCSP response (bsc#1260446)
* Add patches:
openssl-CVE-2026-28387.patch
openssl-CVE-2026-28388.patch
openssl-CVE-2026-28389.patch
openssl-CVE-2026-31789.patch
openssl-NULL-pointer-dereference-in-ocsp_find_signer_sk.patch
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795], [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
- openssl-3
-
- Enable MD2 in legacy provider (jsc#PED-15724)
- Security fix:
* CVE-2026-28390: NULL pointer dereference during processing of a crafted
CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678)
* Add openssl-CVE-2026-28390.patch
- Security fixes:
* CVE-2026-28387: Potential use-after-free in DANE client code
(bsc#1260441)
* CVE-2026-28388: NULL Pointer Dereference When Processing a
Delta (bsc#1260442)
* CVE-2026-28389: Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo (bsc#1260443)
* CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
(bsc#1260444)
* CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE
encapsulation (bsc#1260445)
* NULL pointer dereference when processing an OCSP response
(bsc#1260446)
* Add patches: openssl-CVE-2026-28387.patch
openssl-CVE-2026-28388.patch openssl-CVE-2026-28388-tests.patch
openssl-CVE-2026-28389.patch openssl-CVE-2026-31789.patch
openssl-CVE-2026-31790.patch openssl-CVE-2026-31790-tests.patch
openssl-NULL-pointer-dereference-in-ocsp_find_signer_sk.patch
- libpng16
-
- added patches
CVE-2026-34757: Information disclosure and data corruption via use-after-free vulnerability [bsc#1261957]
* libpng16-CVE-2026-34757.patch
- added patches
CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754)
* libpng16-CVE-2026-33416-1.patch
* libpng16-CVE-2026-33416-2.patch
* libpng16-CVE-2026-33416-3.patch
* libpng16-CVE-2026-33416-4.patch
CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755)
* libpng16-CVE-2026-33636.patch
- added patches
CVE-2026-25646: Heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020)
* libpng16-CVE-2026-25646.patch
- security update
- added patches
CVE-2025-28162 [bsc#1257364], memory leaks when running `pngimage`
CVE-2025-28164 [bsc#1257365], memory leaks when running `pngimage`
* libpng16-CVE-2025-28162,28164.patch
- polkit
-
- avoid reading endless amounts of memory (CVE-2026-4897 bsc#1260859)
0001-CVE-2026-4897-getline-string-overflow.patch
- python311
-
- Add CVE-2026-3479-pkgutil_get_data.patch pkgutil.get_data() has
the same security model as open(). The documented limitations
ensure compatibility with non-filesystem loaders; Python
doesn't check that. (bsc#1259989, CVE-2026-3479,
gh#python/cpython#146121).
- Add CVE-2026-4519-webbrowser-open-dashes.patch to reject
leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519,
gh#python/cpython#143930).
- Add CVE-2025-13462-tarinfo-header-parse.patch which skips
TarInfo DIRTYPE normalization during GNU long name handling
(bsc#1259611, CVE-2025-13462).
- Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding
unbound C recursion in conv_content_model in pyexpat.c
(bsc#1259735, CVE-2026-4224).
- Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject
control characters in http.cookies.Morsel.update() and
http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644).
- Fix changelog
- Add CVE-2026-2297-SourcelessFileLoader-io_open_code.patch
ensuring that `SourcelessFileLoader` uses `io.open_code` when
opening `.pyc` files (bsc#1259240, CVE-2026-2297).
- Update to 3.11.15:
- Security
- gh-144125: BytesGenerator will now refuse to serialize
(write) headers that are unsafely folded or delimited; see
verify_generated_headers. (Contributed by Bas Bloemsaat and
Petr Viktorin in gh-121650) (bsc#1257181, CVE-2026-1299).
- gh-143935: Fixed a bug in the folding of comments when
flattening an email message using a modern email policy.
Comments consisting of a very long sequence of non-foldable
characters could trigger a forced line wrap that omitted
the required leading space on the continuation line,
causing the remainder of the comment to be interpreted as
a new header field. This enabled header injection with
carefully crafted inputs (bsc#1257029 CVE-2025-11468).
- gh-143925: Reject control characters in data: URL media
types (bsc#1257046, CVE-2025-15282).
- gh-143919: Reject control characters in http.cookies.Morsel
fields and values (bsc#1257031, CVE-2026-0672).
- gh-143916: Reject C0 control characters within
wsgiref.headers.Headers fields, values, and parameters
(bsc#1257042, CVE-2026-0865).
- gh-142145: Remove quadratic behavior in xml.minidom node ID
cache clearing. In order to do this without breaking
existing users, we also add the ownerDocument attribute to
xml.dom.minidom elements and attributes created by directly
instantiating the Element or Attr class. Note that this way
of creating nodes is not supported; creator functions like
xml.dom.Document.documentElement() should be used instead
(bsc#1254997, CVE-2025-12084).
- gh-137836: Add support of the “plaintext” element, RAWTEXT
elements “xmp”, “iframe”, “noembed” and “noframes”, and
optionally RAWTEXT element “noscript” in
html.parser.HTMLParser.
- gh-136063: email.message: ensure linear complexity for
legacy HTTP parameters parsing. Patch by Bénédikt Tran.
- gh-136065: Fix quadratic complexity in
os.path.expandvars() (bsc#1252974, CVE-2025-6075).
- gh-119451: Fix a potential memory denial of service in the
http.client module. When connecting to a malicious server,
it could cause an arbitrary amount of memory to be
allocated. This could have led to symptoms including
a MemoryError, swapping, out of memory (OOM) killed
processes or containers, or even system crashes
(CVE-2025-13836, bsc#1254400).
- gh-119452: Fix a potential memory denial of service in the
http.server module. When a malicious user is connected to
the CGI server on Windows, it could cause an arbitrary
amount of memory to be allocated. This could have led to
symptoms including a MemoryError, swapping, out of memory
(OOM) killed processes or containers, or even system
crashes.
- gh-119342: Fix a potential memory denial of service in the
plistlib module. When reading a Plist file received from
untrusted source, it could cause an arbitrary amount of
memory to be allocated. This could have led to symptoms
including a MemoryError, swapping, out of memory (OOM)
killed processes or containers, or even system crashes
(bsc#1254401, CVE-2025-13837).
- Library
- gh-144833: Fixed a use-after-free in ssl when SSL_new()
returns NULL in newPySSLSocket(). The error was reported
via a dangling pointer after the object had already been
freed.
- gh-144363: Update bundled libexpat to 2.7.4
- gh-90949: Add SetAllocTrackerActivationThreshold() and
SetAllocTrackerMaximumAmplification() to xmlparser objects
to prevent use of disproportional amounts of dynamic memory
from within an Expat parser. Patch by Bénédikt Tran.
- Core and Builtins
- gh-120384: Fix an array out of bounds crash in
list_ass_subscript, which could be invoked via some
specificly tailored input: including concurrent
modification of a list object, where one thread assigns
a slice and another clears it.
- gh-120298: Fix use-after free in list_richcompare_impl
which can be invoked via some specificly tailored evil
input.
Remove upstreamed patches:
- CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2025-12084-minidom-quad-search.patch
- CVE-2025-13836-http-resp-cont-len.patch
- CVE-2025-13837-plistlib-mailicious-length.patch
- CVE-2025-6075-expandvars-perf-degrad.patch
- CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-11468: preserving parens when folding comments in
email headers (bsc#1257029, gh#python/cpython#143935).
CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15282: basically the same as the previous patch for
urllib library. (bsc#1257046, gh#python/cpython#143925)
CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- CVE-2025-12781: fix decoding with non-standard Base64 alphabet
(bsc#1257108, gh#python/cpython#125346)
CVE-2025-12781-b64decode-alt-chars.patch
- python3
-
- CVE-2025-11468: preserving parens when folding comments in
email headers (bsc#1257029, gh#python/cpython#143935).
CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15282: basically the same as the previous patch for
urllib library. (bsc#1257046, gh#python/cpython#143925)
CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- Modify CVE-2024-6923-email-hdr-inject.patch to also include
patch for bsc#1257181 (CVE-2026-1299).
- sqlite3
-
- Sync version 3.51.3 from Factory:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
- Sync version 3.51.2 from Factory:
* bsc#1259619, CVE-2025-70873: zipfile extension may disclose
uninitialized heap memory during inflation.
* bsc#1254670, CVE-2025-7709: Integer Overflow in FTS5 Extension
* bsc#1248586: Fix icu-enabled build.
- libssh
-
- CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler (bsc#1259377)
Added libssh-CVE-2026-3731.patch
- Security fixes:
* CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request() (bsc#1258049)
* CVE-2026-0965: Possible Denial of Service when parsing unexpected
configuration files (bsc#1258045)
* CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054)
* CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081)
* CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080)
* Add patches:
- libssh-CVE-2026-0964-scp-Reject-invalid-paths-received-thro.patch
- libssh-CVE-2026-0965-config-Do-not-attempt-to-read-non-regu.patch
- libssh-CVE-2026-0966-misc-Avoid-heap-buffer-underflow-in-ss.patch
- libssh-CVE-2026-0966-tests-Test-coverage-for-ssh_get_hexa.patch
- libssh-CVE-2026-0966-doc-Update-guided-tour-to-use-SHA256-f.patch
- libssh-CVE-2026-0967-match-Avoid-recursive-matching-ReDoS.patch
- libssh-CVE-2026-0968-sftp-Sanitize-input-handling-in-sftp_p.patch
- systemd
-
- Import commit c89ea566d98c8e3fb29a5b8edd4576b135b4bc92
a943e3ce2f machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105)
71593f77db udev: fix review mixup
73a89810b4 udev-builtin-net-id: print cescaped bad attributes
0f360bfdc0 udev-builtin-net_id: do not assume the current interface name is ethX
40905232e2 udev: ensure tag parsing stays within bounds
7bce9026e3 udev: ensure there is space for trailing NUL before calling sprintf
d018ac1ea3 udev: check for invalid chars in various fields received from the kernel (bsc#1259697)
- Import commit 626ffc7844795870235d15c6daab695f2d53a11e
aef6e11921 core/cgroup: avoid one unnecessary strjoina()
cc7426f38a sd-json: fix off-by-one issue when updating parent for array elements
26a748f727 core: validate input cgroup path more prudently (CVE-2026-29111 bsc#1259418)
99d8308fde core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs
- Name libsystemd-{shared,core} based on the major version of systemd and the
package release number (bsc#1228081 bsc#1256427)
This way, both the old and new versions of the shared libraries will be
present during the update. This should prevent issues during package updates
when incompatible changes are introduced in the new versions of the shared
libraries.
- Import commit 75eab961ea843dc161707d4af0789b018d499676
- 8bbac1d508 detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293)
- Import commit 5caaa71f4a7b00e6a6ceb396d08486af73687d45
9ecd162284 timer: rebase last_trigger timestamp if needed
cd4a9103ef timer: rebase the next elapse timestamp only if timer didn't already run
c3f4407e97 timer: don't run service immediately after restart of a timer (bsc#1254563)
05bcfe3295 test: check the next elapse timer timestamp after deserialization
fe8f656975 test: restarting elapsed timer shouldn't trigger the corresponding service
- Reintroduce systemd-network as a transitional dummy package containing no
files (bsc#1254202)
The contents of this package were split into two independent packages:
systemd-networkd and systemd-resolved. However, the initial replacement caused
both network services to be disabled. Consequently, the original package has
been restored as an empty transitional package to prevent the disabling of the
services. It can be safely removed once the update is complete.
- Import commit 00ba3646e6cb3ce40bb3de3e92f93ebec0adce6d
e4dd315b6c units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356)
b58e72215a units: add dep on systemd-logind.service by user@.service
97ceca445c detect-virt: add bare-metal support for GCE (bsc#1244449)
- tpm2-0-tss
-
- add Requires to libtss2-fapi to pull in the tss user (bsc#1258720).
Otherwise, when installing libtss2-fapi on its own, errors from
systemd-tmpfiles can appear.
- libxml2
-
- CVE-2026-0990: call stack overflow leading to application crash
due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811)
* Add patch libxml2-CVE-2026-0990.patch
- CVE-2026-0992: excessive resource consumption when processing XML
catalogs due to exponential behavior when handling `<nextCatalog>` elements (bsc#1256808, bsc#1256809, bsc#1256812)
* Add patch libxml2-CVE-2026-0992.patch
- CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858, bsc#1247850)
* Add patch libxml2-CVE-2025-8732.patch
- CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257593, bsc#1257594, bsc#1257595)
* Add patch libxml2-CVE-2026-1757.patch
- CVE-2025-10911: use-after-free with key data stored cross-RVT (bsc#1250553)
* Add patch libxml2-CVE-2025-10911.patch
- CVE-2026-0989: call stack exhaustion leading to application crash
due to RelaxNG parser not limiting the recursion depth when
resolving `<include>` directives (bsc#1256804, bsc#1256805, bsc#1256810)
* Add patch libxml2-CVE-2026-0989.patch
* https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
- libxslt
-
- CVE-2025-10911 will be fixed on libxml2 side instead [bsc#1250553]
- deleted patches
* libxslt-CVE-2025-10911.patch
- zlib
-
- Fix CVE-2026-27171, infinite loop via the crc32_combine64 and
crc32_combine_gen64 functions due to missing checks for negative
lengths (bsc#1258392)
* CVE-2026-27171.patch
- makedumpfile
-
- makedumpfile-Fix-data-race-in-multi-threading-mode.patch: Fix a
data race in multi-threading mode (--num-threads=N)
(bsc#1245569, bsc#1256455).
- mozilla-nss
-
- update to NSS 3.112.4
* bmo#2030135 - improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey.
* bmo#2029752 - Improving the allocation of S/MIME DecryptSymKey.
* bmo#2029462 - store email on subject cache_entry in NSS trust domain.
* bmo#2029425 - Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation.
* bmo#2029323 - Improve size calculations in CMS content buffering.
* bmo#2028001 - avoid integer overflow while escaping RFC822 Names.
* bmo#2027378 - Reject excessively large ASN.1 SEQUENCE OF in quickder.
* bmo#2027365 - Deep copy profile data in CERT_FindSMimeProfile.
* bmo#2027345 - Improve input validation in DSAU signature decoding.
* bmo#2026311 - avoid integer overflow in RSA_EMSAEncodePSS.
* bmo#2019357 - RSA_EMSAEncodePSS should validate the length of mHash.
* bmo#2026156 - Add a maximum cert uncompressed len and tests.
* bmo#2026089 - Clarify extension negotiation mechanism for TLS Handshakes.
* bmo#2023209 - ensure permittedSubtrees don't match wildcards that could be outside the permitted tree.
* bmo#2023207 - Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag.
* bmo#2019224 - Remove invalid PORT_Free().
* bmo#1964722 - free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed.
* bmo#1935995 - make ss->ssl3.hs.cookie an owned-copy of the cookie.
- update to NSS 3.112.3
* bmo#2009552 - avoid integer overflow in platform-independent ghash
- python-PyJWT
-
- Add CVE-2026-32597_crit-header.patch to reject the crit
(Critical) Header Parameter defined in RFC 7515 (bsc#1259616,
CVE-2026-32597).
- python-certifi
-
- Add python36-certifi provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-idna
-
- Add python36-idna provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-packaging
-
- Add python36-packaging provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-pyasn1
-
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803)
Add patch CVE-2026-30922.patch
- python-pycparser
-
- Add python36-pycparser provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-py
-
- Add python36-py provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-requests
-
- Add python36- provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-six
-
- Add python36-six provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-boto3
-
- Update to 1.42.27
* api-change:``bedrock``: [``botocore``] This change will increase TestCase guardContent input size
from 1024 to 2028 characters and PolicyBuildDocumentDescription from 2000 to 4000 characters
* api-change:``datazone``: [``botocore``] Adds support for IAM role subscriptions to Glue table
listings via CreateSubscriptionRequest API. Also adds owningIamPrincipalArn filter to List APIs and
subscriptionGrantCreationMode parameter to subscription target APIs for controlling grant creation
behavior.
- from version 1.42.26
* api-change:``billing``: [``botocore``] Cost Categories filtering support to BillingView data
filter expressions through the new costCategories parameter, enabling users to filter billing views
by AWS Cost Categories for more granular cost management and allocation.
* api-change:``iot-managed-integrations``: [``botocore``] This release introduces WiFi Simple Setup
(WSS) enabling device provisioning via barcode scanning with automated network discovery,
authentication, and credential provisioning. Additionally, it introduces 2P Device Capability
Rediscovery for updating hub-managed device capabilities post-onboarding.
* api-change:``sagemaker``: [``botocore``] Added ultraServerType to the UltraServerInfo structure
to support server type identification for SageMaker HyperPod
- from version 1.42.25
* api-change:``bedrock-agentcore-control``: [``botocore``] Adds optional field "view" to GetMemory
API input to give customers control over whether CMK encrypted data such as strategy decryption or
override prompts is returned or not.
* api-change:``cloudfront``: [``botocore``] Added EntityLimitExceeded exception handling to the
following API operations AssociateDistributionWebACL, AssociateDistributionTenantWebACL,
UpdateDistributionWithStagingConfig
* api-change:``glue``: [``botocore``] Adding MaterializedViews task run APIs
* api-change:``medialive``: [``botocore``] MediaPackage v2 output groups in MediaLive can now
accept one additional destination for single pipeline channels and up to two additional
destinations for standard channels. MediaPackage v2 destinations now support sending to cross
region MediaPackage channels.
* api-change:``transcribe``: [``botocore``] Adds waiters to Amazon Transcribe.
- from version 1.42.24
* api-change:``workspaces``: [``botocore``] Add StateMessage and ProgressPercentage fields to
DescribeCustomWorkspaceImageImport API response.
- from version 1.42.23
* api-change:``ce``: [``botocore``] This release updates existing reservation recommendations API
to support deployment model.
* api-change:``emr-serverless``: [``botocore``] Added support for enabling disk encryption using
customer managed AWS KMS keys to CreateApplication, UpdateApplication and StartJobRun APIs.
- from version 1.42.22
* api-change:``cleanroomsml``: [``botocore``] AWS Clean Rooms ML now supports advanced Spark
configurations to optimize SQL performance when creating an MLInputChannel or an audience
generation job.
- from version 1.42.21
* bugfix:``s3``: [``botocore``] Clarify ``payload_signing_enabled`` documentation to cover
interaction with ``request_checksum_calculation``
- from version 1.42.20
* api-change:``cleanrooms``: [``botocore``] Added support for publishing detailed metrics to
CloudWatch for operational monitoring of collaborations, including query performance and resource
utilization.
* api-change:``identitystore``: [``botocore``] This change introduces "Roles" attribute for User
entities supported by AWS Identity Store SDK.
- from version 1.42.19
* api-change:``connect``: [``botocore``] Adds support for searching global contacts using the
ActiveRegions filter, and pagination support for ListSecurityProfileFlowModules and
ListEntitySecurityProfiles.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``kafkaconnect``: [``botocore``] This change sets the KafkaConnect GovCloud FIPS and
FIPS DualStack endpoints to use kafkaconnect instead of kafkaconnect-fips as the service name. This
is done to match the Kafka endpoints.
- from version 1.42.18
* api-change:``connect``: [``botocore``] Changes for Contact for Global Search
* api-change:``elastictranscoder``: [``botocore``] The elastictranscoder client has been removed
following the deprecation of the service.
* api-change:``quicksight``: [``botocore``] This release adds support for quick users to be able to
perform role upgrades on their own. Additionally it allows admins to make this feature admin or
auto approval along with new self upgrade capability that can be restricted by Admins.
- from version 1.42.17
* api-change:``medialive``: [``botocore``] AWS Elemental MediaLive now supports Pipeline Locking
using Video Alignment as well as linked single pipeline channels to enable cross-channel and
cross-region Pipeline Locking workflows.
- from version 1.42.16
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``geo-places``: [``botocore``] Adds support for InferredSecondaryAddress place type,
Designator in SecondaryAddressComponent and Heading in ReverseGeocode.
* api-change:``pinpoint-sms-voice-v2``: [``botocore``] This release adds support for the
Registration Reviewer feature, which provides generative AI feedback on a phone number or sender ID
registration to ensure completeness before sending to downstream (carrier) review.
* api-change:``s3``: [``botocore``] Add additional validation to Outpost bucket names.
- from version 1.42.15
* api-change:``config``: [``botocore``] Added supported resourceTypes for Config from July to
November 2025
* api-change:``ec2``: [``botocore``] Adds support for linkedGroupId on the CreatePlacementGroup and
DescribePlacementGroups APIs. The linkedGroupId parameter is reserved for future use.
* api-change:``guardduty``: [``botocore``] Make accountIds a required field in
GetRemainingFreeTrialDays API to reflect service behavior.
* api-change:``pcs``: [``botocore``] Change API Reference Documentation for default Mode in
Accounting and SlurmRest
- from version 1.42.14
* api-change:``arc-region-switch``: [``botocore``] Automatic Plan Execution Reports allow customers
to maintain a concise record of their Region switch Plan executions. This enables customer SREs
and leadership to have a clear view of their recovery posture based on the generated reports for
their Plan executions.
* api-change:``connect``: [``botocore``] Adding support for Custom Metrics and Pre-Defined
Attributes to GetCurrentMetricData API.
* api-change:``emr-serverless``: [``botocore``] Added JobLevelCostAllocationConfiguration field to
enable cost allocation reporting at the job level, providing more granular visibility into EMR
Serverless charges
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``iot``: [``botocore``] This release adds event-based logging feature that enables
granular event logging controls for AWS IoT logs.
* api-change:``qbusiness``: [``botocore``] It is a internal bug fix for region expansion
* api-change:``wickr``: [``botocore``] AWS Wickr now provides a suite of admin APIs to allow you to
programmatically manage secure communication for Wickr networks at scale. These APIs enable you to
automate administrative workflows including user lifecycle management, network configuration, and
security group administration.
* api-change:``workspaces-web``: [``botocore``] Add support for WebAuthn under user settings.
- from version 1.42.13
* api-change:``appstream``: [``botocore``] Added support for new operating systems (1) Ubuntu 24.04
Pro LTS on Elastic fleets, and (2) Microsoft Server 2025 on Always-On and On-Demand fleets
* api-change:``arc-region-switch``: [``botocore``] New API to list Route 53 health checks created
by ARC region switch for a plan in a specific AWS Region using the Region switch Regional data
plane.
* api-change:``artifact``: [``botocore``] Add support for ListReportVersions API for the calling
AWS account.
* api-change:``bedrock-agentcore-control``: [``botocore``] Feature to support header exchanges
between Bedrock AgentCore Gateway Targets and client, along with propagating query parameter to the
configured targets.
* api-change:``bedrock-data-automation``: [``botocore``] Blueprint Optimization (BPO) is a new
Amazon Bedrock Data Automation (BDA) capability that improves blueprint inference accuracy using
example content assets and ground truth data. BPO works by generating better instructions for
fields in the Blueprint using provided data.
* api-change:``cleanrooms``: [``botocore``] Adding support for collaboration change requests
requiring an approval workflow. Adding support for change requests that grant or revoke results
receiver ability and modifying auto approved change types in an existing collaboration.
* api-change:``ec2``: [``botocore``] This release adds AvailabilityZoneId support for CreateFleet,
ModifyFleet, DescribeFleets, RequestSpotFleet, ModifySpotFleetRequests and
DescribeSpotFleetRequests APIs.
* api-change:``ecr``: [``botocore``] Adds support for ECR Create On Push
* api-change:``ecs``: [``botocore``] Adding support for Event Windows via a new ECS account setting
"fargateEventWindows". When enabled, ECS Fargate will use the configured event window for patching
tasks. Introducing "CapacityOptionType" for CreateCapacityProvider API, allowing support for Spot
capacity for ECS Managed Instances.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``iot``: [``botocore``] This release adds message batching for the IoT Rules Engine
HTTP action.
* api-change:``opensearch``: [``botocore``] Amazon OpenSearch Service adds support for warm nodes,
enabling new multi-tier architecture.
* api-change:``sesv2``: [``botocore``] Amazon SES introduces Email Validation feature which checks
email addresses for syntax errors, domain validity, and risky addresses to help maintain
deliverability and protect sender reputation. SES also adds resource tagging and ABAC support for
EmailTemplates and CustomVerificationEmailTemplates.
* api-change:``ssm-sap``: [``botocore``] Added "Stopping" for the HANA Database Status.
- from version 1.42.12
* api-change:``gameliftstreams``: [``botocore``] Added new stream group operation parameters for
scale-on-demand capacity with automatic prewarming. Added new Gen6 stream classes based on the EC2
G6 instance family. Added new StartStreamSession parameter for exposure of real-time performance
stats to clients.
* api-change:``guardduty``: [``botocore``] Add support for dbiResourceId in finding.
* api-change:``inspector-scan``: [``botocore``] Adds an additional OutputFormat
* api-change:``kafkaconnect``: [``botocore``] Support dual-stack network connectivity for
connectors via NetworkType field.
* api-change:``mediaconvert``: [``botocore``] Adds support for tile encoding in HEVC and audio for
video overlays.
* api-change:``mediapackagev2``: [``botocore``] This release adds support for SPEKE V2 content key
encryption in MediaPackage v2 Origin Endpoints.
* api-change:``payment-cryptography``: [``botocore``] Support for AS2805 standard. Modifications
to import-key and export-key to support AS2805 variants.
* api-change:``payment-cryptography-data``: [``botocore``] Support for AS2805 standard. New API
GenerateAs2805KekValidation and changes to translate pin, GenerateMac and VerifyMac to support
AS2805 key variants.
* api-change:``sagemaker``: [``botocore``] Adding the newly launched p6-b300.48xlarge ec2 instance
support in Sagemaker(Hyperpod,Training and Sceptor)
- from version 1.42.11
* api-change:``iot``: [``botocore``] Add support for dynamic payloads in IoT Device Management
Commands
* api-change:``timestream-influxdb``: [``botocore``] This release adds support for rebooting
InfluxDB DbInstances and DbClusters
- from version 1.42.10
* api-change:``bedrock-agentcore-control``: [``botocore``] This release updates broken links for
AgentCore Policy APIs in the AWS CLI and SDK resources.
* api-change:``connect``: [``botocore``] Amazon Connect now supports outbound WhatsApp contacts via
the Send message block or StartOutboundChatContact API. Send proactive messages for surveys,
reminders, and updates. Offer customers the option to switch to WhatsApp while in queue,
eliminating hold time.
* api-change:``ec2``: [``botocore``] EC2 Capacity Manager now supports SpotTotalCount,
SpotTotalInterruptions and SpotInterruptionRate metrics for both vCPU and instance units.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``entityresolution``: [``botocore``] Support Customer Profiles Integration for AWS
Entity Resolution
* api-change:``glacier``: [``botocore``] Documentation updates for Amazon Glacier's maintenance mode
* api-change:``health``: [``botocore``] Updating Health API endpoint generation for dualstack only
regions
* api-change:``logs``: [``botocore``] This release allows you to import your historical CloudTrail
Lake data into CloudWatch with a few steps, enabling you to easily consolidate operational,
security, and compliance data in one place.
* api-change:``mediatailor``: [``botocore``] Added support for Ad Decision Server Configuration
enabling HTTP POST requests with custom bodies, headers, GZIP compression, and dynamic variables.
No changes required for existing GET request configurations.
* api-change:``route53resolver``: [``botocore``] Adds support for enabling detailed metrics on
Route 53 Resolver endpoints using RniEnhancedMetricsEnabled and TargetNameServerMetricsEnabled in
the CreateResolverEndpoint and UpdateResolverEndpoint APIs, providing enhanced visibility into
Resolver endpoint and target name server performance.
* api-change:``s3``: [``botocore``] This release adds support for the new optional field
'LifecycleExpirationDate' in S3 Inventory configurations.
* api-change:``service-quotas``: [``botocore``] Add support for SQ Dashboard Api
- from version 1.42.9
* api-change:``bcm-recommended-actions``: [``botocore``] Added new freetier action types to
RecommendedAction.type.
* api-change:``connect``: [``botocore``] Amazon Connect now offers automated post-chat surveys
triggered when customers end conversations. This captures timely feedback while experience is
fresh, using either a no-code form builder or Amazon Lex-powered interactive surveys.
* api-change:``datasync``: [``botocore``] Adds Enhanced mode support for NFS and SMB locations. SMB
credentials are now managed via Secrets Manager, and may be encrypted with service or customer
managed keys. Increases AgentArns maximum count to 8 (max 4 per TaskMode). Adds folder counters to
DescribeTaskExecution for Enhanced mode tasks.
* api-change:``workspaces-web``: [``botocore``] Adds support for portal branding customization,
enabling administrators to personalize end-user portals with custom assets.
- from version 1.42.8
* api-change:``lambda``: [``botocore``] Add Dotnet 10 (dotnet10) support to AWS Lambda.
* api-change:``organizations``: [``botocore``] Add support for policy operations on the NETWORK
SECURITY DIRECTOR POLICY policy type.
* api-change:``quicksight``: [``botocore``] This release adds new GetIdentityContext API, Dashboard
customization options for tables and pivot tables, Visual styling options- borders and decals, map
GeocodingPreferences, KeyPairCredentials for DataSourceCredentials. Snapshot APIs now support
registered users. Parameters limit increased to 400
* api-change:``secretsmanager``: [``botocore``] Add SortBy parameter to ListSecrets
* api-change:``sesv2``: [``botocore``] Update GetEmailIdentity and CreateEmailIdentity response to
include SigningHostedZone in DkimAttributes. Updated PutEmailIdentityDkimSigningAttributes Response
to include SigningHostedZone.
- from version 1.42.7
* api-change:``bedrock``: [``botocore``] Automated Reasoning checks in Amazon Bedrock Guardrails is
capable of generating policy scenarios to validate policies. The
GetAutomatedReasoningPolicyBuildWorkflowResultAssets API now adds POLICY SCENARIO asset type,
allowing customers to retrieve scenarios generated by the build workflow.
* api-change:``billingconductor``: [``botocore``] Launch itemized custom line item and service line
item filter
* api-change:``cloudwatch``: [``botocore``] This release introduces two additional protocols AWS
JSON 1.1 and Smithy RPC v2 CBOR, replacing the currently utilized one, AWSQuery. AWS SDKs will
prioritize the protocol that is the most performant for each language.
* api-change:``odb``: [``botocore``] The following APIs now return CloudExadataInfrastructureArn
and OdbNetworkArn fields for improved resource identification and AWS service integration -
GetCloudVmCluster, ListCloudVmClusters, GetCloudAutonomousVmCluster, and
ListCloudAutonomousVmClusters.
* api-change:``opensearch``: [``botocore``] The CreateApplication API now supports an optional kms
key arn parameter to allow customers to specify a CMK for application encryption.
* api-change:``partnercentral-selling``: [``botocore``] Adds support for the new
Project.AwsPartition field on Opportunity and AWS Opportunity Summary. Use this field to specify
the AWS partition where the opportunity will be deployed.
* api-change:``signer``: [``botocore``] Adds support for Signer GetRevocationStatus with updated
endpoints
- from version 1.42.6
* api-change:``account``: [``botocore``] This release adds a new API
(GetGovCloudAccountInformation) used to retrieve information about a linked GovCloud account from
the standard AWS partition.
* api-change:``appsync``: [``botocore``] Update Event API to require EventConfig parameter in
creation and update requests.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``guardduty``: [``botocore``] Adding support for Ec2LaunchTemplate Version field
* api-change:``ivs-realtime``: [``botocore``] Token Exchange introduces seamless token exchange
capabilities for IVS RTX, enabling customers to upgrade or downgrade token capabilities and update
token attributes within the IVS client SDK without forcing clients to disconnect and reconnect.
* api-change:``mgn``: [``botocore``] Added parameters encryption, IPv4/IPv6 protocol configuration,
and enhanced tagging support for replication operations.
* api-change:``route53``: [``botocore``] Amazon Route 53 now supports the EU (Germany) Region
(eusc-de-east-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
region
- Update BuildRequires and Requires from setup.py
- Update to 1.42.5
* api-change:``ce``: [``botocore``] Add support for Cost Category resource associations including
filtering by resource type on ListCostCategoryDefinitions and new
ListCostCategoryResourceAssociations API.
* api-change:``ec2``: [``botocore``] Amazon EC2 P6-B300 instances provide 8x NVIDIA Blackwell Ultra
GPUs with 2.1 TB high bandwidth GPU memory, 6.4 Tbps EFA networking, 300 Gbps dedicated ENA
throughput, and 4 TB of system memory. Amazon EC2 C8a instances are powered by 5th Gen AMD EPYC
processors with a maximum frequency of 4.5 GHz.
* api-change:``identitystore``: [``botocore``] Updating AWS Identity Store APIs to support
Attribute Extensions capability, with the first release adding Enterprise Attributes. This launch
aligns Identity Store APIs with SCIM for enterprise attributes, reducing cases when customers are
forced to use SCIM due to lack of SigV4 API support.
* api-change:``partnercentral-selling``: [``botocore``] Deal Sizing Service for AI-based deal size
estimation with AWS service-level breakdown, supporting Expansion and Migration deals across
Technology, and Reseller partner cohorts, including Pricing Calculator AddOn for MAP deals and
funding incentives.
* api-change:``rds``: [``botocore``] Adding support for tagging RDS Instance/Cluster Automated
Backups
* api-change:``redshift-serverless``: [``botocore``] Added GetIdentityCenterAuthToken API to
retrieve encrypted authentication tokens for Identity Center integrated serverless workgroups. This
API enables programmatic access to secure Identity Center tokens with proper error handling and
parameter validation across supported SDK languages.
* api-change:``rolesanywhere``: [``botocore``] Increases certificate string length for trust anchor
source data to support ML-DSA certificates.
* api-change:``sesv2``: [``botocore``] Update Mail Manager Archive ARN validation
* enhancement:ContainerProvider: [``botocore``] The ContainerProvider now works with arbitray HTTPS
URLs for `AWS_CONTAINER_CREDENTIALS_FULL_URI`.
- from version 1.42.4
* api-change:``ecs``: [``botocore``] Updating stop-task API to encapsulate containers with custom
stop signal
* api-change:``iam``: [``botocore``] Adding the ExpirationTime attribute to the delegation request
resource.
* api-change:``inspector2``: [``botocore``] This release adds a new ScanStatus called "Unsupported
Code Artifacts". This ScanStatus will be returned when a Lambda function was not code scanned
because it has unsupported code artifacts.
* api-change:``partnercentral-account``: [``botocore``] Adding Verification API's to Partner
Central Account SDK.
* api-change:``sesv2``: [``botocore``] Updating the desired url for
`PutEmailIdentityDkimSigningAttributes` from v1 to v2
* enhancement:AWSCRT: [``botocore``] Update awscrt version to 0.29.2
- from version 1.42.3
* api-change:``lambda``: [``botocore``] Add DisallowedByVpcEncryptionControl to the
LastUpdateStatusReasonCode and StateReasonCode enums to represent failures caused by VPC Encryption
Controls.
- from version 1.42.2
* api-change:``bedrock``: [``botocore``] Adding support in Amazon Bedrock to customize models with
reinforcement fine-tuning (RFT) and support for updating the existing Custom Model Deployments.
* api-change:``sagemaker``: [``botocore``] Introduces Serverless training: A fully managed compute
infrastructure that abstracts away all infrastructure complexity, allowing you to focus purely on
model development.
Added AI model customization assets used to train, refine, and evaluate custom models during the
model customization process.
- from version 1.42.1
* api-change:``bedrock``: [``botocore``] Adds the audioDataDeliveryEnabled boolean field to the
Model Invocation Logging Configuration.
* api-change:``bedrock-agentcore``: [``botocore``] Support for AgentCore Evaluations and Episodic
memory strategy for AgentCore Memory.
* api-change:``bedrock-agentcore-control``: [``botocore``] Supports AgentCore Evaluations, Policy,
Episodic Memory Strategy, Resource Based Policy for Runtime and Gateway APIs, API Gateway Rest API
Targets and enhances JWT authorizer.
* api-change:``bedrock-runtime``: [``botocore``] Adds support for Audio Blocks and Streaming Image
Output plus new Stop Reasons of malformed_model_output and malformed_tool_use.
* api-change:``ce``: [``botocore``] This release updates existing Savings Plans Purchase Analyzer
and Recommendations APIs to support Database Savings Plans.
* api-change:``datazone``: [``botocore``] Amazon DataZone now supports exporting Catalog datasets
as Amazon S3 tables, and provides automatic business glossary term suggestions for data assets.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``fsx``: [``botocore``] S3 Access Points support for FSx for NetApp ONTAP
* api-change:``guardduty``: [``botocore``] Adding support for extended threat detection for Amazon
EC2 and Amazon ECS. Adding support for wild card suppression rules.
* api-change:``lambda``: [``botocore``] Launching Lambda durable functions - a new feature to build
reliable multi-step applications and AI workflows natively within the Lambda developer experience.
* api-change:``logs``: [``botocore``] CloudWatch Logs adds managed S3 Tables integration to access
logs using other analytical tools, as well as facets and field indexing to simplify log analytics
in CloudWatch Logs Insights.
* api-change:``nova-act``: [``botocore``] Initial release of Nova Act SDK. The Nova Act service
enables customers to build and manage fleets of agents for automating production UI workflows with
high reliability, fastest time-to-value, and ease of implementation at scale.
* api-change:``observabilityadmin``: [``botocore``] CloudWatch Observability Admin adds pipelines
configuration for third party log ingestion and transformation of all logs ingested, integration of
CloudWatch logs with S3 Tables, and AWS account or organization level enablement for 7 AWS services.
* api-change:``opensearch``: [``botocore``] GPU-acceleration helps you build large-scale vector
databases faster and more efficiently. You can enable this feature on new OpenSearch domains and
OpenSearch Serverless collections. This feature uses GPU-acceleration to reduce the time needed to
index data into vector indexes.
* api-change:``opensearchserverless``: [``botocore``] GPU-acceleration helps you build large-scale
vector databases faster and more efficiently. You can enable this feature on new OpenSearch domains
and OpenSearch Serverless collections. This feature uses GPU-acceleration to reduce the time needed
to index data into vector indexes.
* api-change:``rds``: [``botocore``] RDS Oracle and SQL Server: Add support for adding, modifying,
and removing additional storage volumes, offering up to 256TiB storage; RDS SQL Server: Support
Developer Edition via custom engine versions for development and testing purposes; M7i/R7i
instances with Optimize CPU for cost savings.
* api-change:``s3``: [``botocore``] New S3 Storage Class FSX_ONTAP
* api-change:``s3control``: [``botocore``] Add support for S3 Storage Lens Advanced Performance
Metrics, Expanded Prefixes metrics report, and export to S3 Tables.
* api-change:``s3tables``: [``botocore``] Add storage class, replication, and table record
expiration features to S3 Tables.
* api-change:``s3vectors``: [``botocore``] Amazon S3 Vectors provides cost-effective, elastic, and
durable vector storage for queries based on semantic meaning and similarity.
* api-change:``sagemaker``: [``botocore``] Added support for serverless MLflow Apps.
Added support for new HubContentTypes (DataSet and JsonDoc) in Private Hub for AI model
customization assets, enabling tracking and management of training datasets and evaluators (reward
functions/prompts) throughout the ML lifecycle.
* api-change:``savingsplans``: [``botocore``] Added support for Amazon Database Savings Plans
* api-change:``securityhub``: [``botocore``] ITSM enhancements: DRYRUN mode for testing ticket
creation, ServiceNow now uses AWS Secrets Manager for credentials, ConnectorRegistrationsV2 renamed
to RegisterConnectorV2, added ServiceQuotaExceededException error, and ConnectorStatus visibility
in CreateConnectorV2.
- from version 1.42.0
* api-change:``appintegrations``: [``botocore``] This release adds support for MCP servers via the
ApplicationType field, allowing customers to register their Bedrock AgentCore gateways as third
party applications.
* api-change:``bedrock-agent``: [``botocore``] Support audio and video ingestion on Bedrock
Knowledge Bases.
* api-change:``bedrock-agent-runtime``: [``botocore``] Support audio and video content retrieval on
Bedrock Knowledge Bases.
* api-change:``cleanrooms``: [``botocore``] AWS Clean Rooms now supports privacy-enhancing
synthetic dataset generation for custom ML training.
* api-change:``cleanroomsml``: [``botocore``] AWS Clean Rooms ML now supports privacy-enhancing
synthetic dataset generation for custom ML training.
* api-change:``connect``: [``botocore``] This is a combined re:Invent release for Amazon Connect.
* api-change:``connectcampaignsv2``: [``botocore``] This release added support for new WhatsApp
channel and Journey type outbound campaign
* api-change:``connectparticipant``: [``botocore``] Amazon Connect now supports message processing
that intercepts and processes chat messages before they reach any participant.
* api-change:``customer-profiles``: [``botocore``] This release introduces, CRUD APIs for the
DomainObjectType and Recommender resources, APIs to offer statistical insights on Object Type
Attributes, Changes to SegmentDefinition APIs to support SQL queries to create Segments, and
Changes to Domain APIs to support Data Store.
* api-change:``eks``: [``botocore``] This release adds support for EKS Capabilities
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``glue``: [``botocore``] feature: Glue: Add support for Iceberg materialized view in
Glue Data Catalog, including updated CreateTable API to support materialized views and new APIs for
managing data refresh for materialized views.
feature: Glue: Add support for Iceberg table encryption keys and struct field defaults.
* api-change:``lambda``: [``botocore``] Launching Lambda Managed Instances - a new feature to run
Lambda on EC2.
* api-change:``lexv2-models``: [``botocore``] Adds support for speech-to-speech models for
human-like, adaptive, and expressive voice interactions. Also adds support for speech model
preference, allowing customers to select which speech model they want to use for speech-to-text
requests.
* api-change:``marketplace-agreement``: [``botocore``] This release supports 1/multi-product
transactions via offer sets. DescribeAgreement and SearchAgreements APIs now return offer set IDs.
SearchAgreements also supports filtering by offer set ID and 2/variable payment pricing terms will
be returned through GetAgreementTerms.
* api-change:``marketplace-catalog``: [``botocore``] This release introduces offer set entity in
AWS Marketplace Catalog API to enable multi-product transaction. Offer set enables sellers to group
multiple private offers into a single-click purchase experience, simplifying procurement for
customers purchasing multi-product solutions.
* api-change:``partnercentral-account``: [``botocore``] Initial GA launch of Partner Central Account
* api-change:``partnercentral-benefits``: [``botocore``] Initial GA launch of Partner Central
Benefits
* api-change:``partnercentral-selling``: [``botocore``] New Features:
Lead Management APIs for capturing and nurturing leads
Lead invitation support for partner collaboration
Lead-to-opportunity conversion operations
AWS Marketplace OfferSets support for opportunities
* api-change:``personalize``: [``botocore``] This release adds support for includedDatasetColumns
and performIncrementalUpdate in solution APIs, and rankingInfluence in campaign and batch inference
APIs.
* api-change:``qconnect``: [``botocore``] New AIAgent types: Orchestration for ModelContextProtocol
tool integration, CaseSummary for Amazon Connect Case summaries, NoteTaker for Agent Assistance
notes. Added ListSpans and Retrieve APIs. Enhanced Q in Connect AssistantAssociationType to support
Bring Your Own Bedrock Knowledge Bases.
* api-change:``route53globalresolver``: [``botocore``] Add SDK for Amazon Route 53 Global Resolver,
a fully managed DNS resolver service that offers broad DNS-filtering security controls.
* enhancement:AWSCRT: [``botocore``] Update awscrt version to 0.29.1
* enhancement:``s3``: Adds partial ``TransferConfig`` support for CRT transfer managers.
* feature:``s3``: Added ``crt`` mode to ``preferred_transfer_client`` parameter in
``TransferConfig`` to enable CRT transfer client in all environments.
- from version 1.41.5
* api-change:``bedrock-runtime``: [``botocore``] Bedrock Runtime Reserved Service Support
* api-change:``compute-optimizer``: [``botocore``] Compute Optimizer now identifies idle NAT
Gateway resources for cost optimization based on traffic patterns and backup configuration
analysis. Access recommendations via the GetIdleRecommendations API.
* api-change:``cost-optimization-hub``: [``botocore``] This release enables AWS Cost Optimization
Hub to show cost optimization recommendations for NAT Gateway.
- from version 1.41.4
* api-change:``ec2``: [``botocore``] This release adds support to view Network firewall proxy
appliances attached to an existing NAT Gateway via DescribeNatGateways API
NatGatewayAttachedAppliance structure.
* api-change:``network-firewall``: [``botocore``] Network Firewall release of the Proxy feature.
* api-change:``organizations``: [``botocore``] Add support for policy operations on the S3_POLICY
and BEDROCK_POLICY policy type.
* api-change:``route53``: [``botocore``] Adds support for new route53 feature: accelerated recovery.
- Update BuildRequires and Requires from setup.py
- Update to 1.41.3
* api-change:``cloudfront``: [``botocore``] Add TrustStore, ConnectionFunction APIs to CloudFront
SDK
* api-change:``logs``: [``botocore``] New CloudWatch Logs feature - LogGroup Deletion Protection, a
capability that allows customers to safeguard their critical CloudWatch log groups from accidental
or unintended deletion.
* enhancement:awscrt: [``botocore``] Update awscrt version to 0.29.0
- from version 1.41.2
* api-change:``apigateway``: [``botocore``] API Gateway supports VPC link V2 for REST APIs.
* api-change:``athena``: [``botocore``] Introduces Spark workgroup features including log
persistence, S3/CloudWatch delivery, UI and History Server APIs, and SparkConnect 3.5.6 support.
Adds DPU usage limits at workgroup and query levels as well as DPU usage tracking for Capacity
Reservation queries to optimize performance and costs.
* api-change:``bedrock``: [``botocore``] Add support to automatically enforce safeguards across
accounts within an AWS Organization.
* api-change:``bedrock-agentcore-control``: [``botocore``] Support for agentcore gateway
interceptor configurations and NONE authorizer type
* api-change:``bedrock-data-automation-runtime``: [``botocore``] Adding new fields to
GetDataAutomationStatus: jobSubmissionTime, jobCompletionTime, and jobDurationInSeconds
* api-change:``bedrock-runtime``: [``botocore``] Add support to automatically enforce safeguards
across accounts within an AWS Organization.
* api-change:``cloudformation``: [``botocore``] Adds the DependsOn field to the AutoDeployment
configuration parameter for CreateStackSet, UpdateStackSet, and DescribeStackSet APIs, allowing
users to set and read auto-deployment dependencies between StackSets
* api-change:``compute-optimizer-automation``: [``botocore``] Initial release of AWS Compute
Optimizer Automation. Create automation rules to implement recommended actions on a recurring
schedule based on your specified criteria. Supported actions include: snapshot and delete
unattached EBS volumes and upgrade volume types to the latest generation.
* api-change:``connect``: [``botocore``] New APIs to support aliases and versions for
ContactFlowModule. Updated ContactFlowModule APIs to support custom blocks.
* api-change:``controltower``: [``botocore``] The manifest field is now optional for the AWS
Control Tower CreateLandingZone and UpdateLandingZone APIs for Landing Zone version 4.0
* api-change:``ec2``: [``botocore``] This release adds a new capability to create and manage
interruptible EC2 Capacity Reservations.
* api-change:``ecr``: [``botocore``] Add support for ECR managed signing
* api-change:``eks``: [``botocore``] Adds support for controlPlaneScalingConfig on EKS Clusters.
* api-change:``elbv2``: [``botocore``] This release adds the health check log feature in ALB,
allowing customers to send detailed target health check log data directly to their designated
Amazon S3 bucket.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``invoicing``: [``botocore``] Added the CreateProcurementPortalPreference,
GetProcurementPortalPreference, PutProcurementPortalPreference,
UpdateProcurementPortalPreferenceStatus, ListProcurementPortalPreferences and
DeleteProcurementPortalPreference APIs for procurement portal preference management.
* api-change:``kinesisvideo``: [``botocore``] This release adds support for Tiered Storage
* api-change:``kms``: [``botocore``] Support for on-demand rotation of AWS KMS Multi-Region keys
with imported key material
* api-change:``lambda``: [``botocore``] Launching Enhanced Error Handling and ESM Grouping
capabilities for Kafka ESMs
* api-change:``lexv2-models``: [``botocore``] Adds support for Intent Disambiguation, allowing
resolution of ambiguous user inputs when multiple intents match by presenting clarifying questions
to users. Also adds Speech Detection Sensitivity configuration for optimizing voice activity
detection sensitivity levels in various noise environments.
* api-change:``mailmanager``: [``botocore``] Add support for resources in the aws-eusc partition.
* api-change:``marketplace-entitlement``: [``botocore``] Endpoint update for new region
* api-change:``mediapackagev2``: [``botocore``] Adds support for excluding session key tags from
HLS multivariant playlists
* api-change:``meteringmarketplace``: [``botocore``] Endpoint update for new region
* api-change:``odb``: [``botocore``] Adds AssociateIamRoleToResource and
DisassociateIamRoleFromResource APIs for managing IAM roles. Enhances CreateOdbNetwork and
UpdateOdbNetwork APIs with KMS, STS, and cross-region S3 parameters. Adds OCI identity domain
support to InitializeService API.
* api-change:``organizations``: [``botocore``] Add support for policy operations on the
UPGRADE_ROLLOUT_POLICY policy type.
* api-change:``qconnect``: [``botocore``] This release introduces two new messaging channel
subtypes: Push, WhatsApp, under MessageTemplate which is a resource in Amazon Q in Connect.
* api-change:``quicksight``: [``botocore``] Amazon Quick Suite now supports QuickChat as an
embedding type when calling the GenerateEmbedUrlForRegisteredUser API, enabling developers to embed
conversational AI agents directly into their applications.
* api-change:``rds``: [``botocore``] Add support for Upgrade Rollout Order
* api-change:``redshift``: [``botocore``] Added support for Amazon Redshift Federated Permissions
and AWS IAM Identity Center trusted identity propagation.
* api-change:``redshift-serverless``: [``botocore``] Added UpdateLakehouseConfiguration API to
manage Amazon Redshift Federated Permissions and AWS IAM Identity Center trusted identity
propagation for namespaces.
* api-change:``sagemaker``: [``botocore``] Enhanced SageMaker HyperPod instance groups with support
for MinInstanceCount, CapacityRequirements (Spot/On-Demand), and KubernetesConfig (labels and
taints). Also Added speculative decoding and MaxInstanceCount for model optimization jobs.
* api-change:``security-ir``: [``botocore``] Add ListInvestigations and SendFeedback APIs to
support SecurityIR AI agents
* api-change:``sesv2``: [``botocore``] Added support for new SES regions - Asia Pacific (Malaysia)
and Canada (Calgary)
* api-change:``transfer``: [``botocore``] Adds support for creating Webapps accessible from a VPC.
- from version 1.41.1
* api-change:``application-signals``: [``botocore``] Amazon CloudWatch Application Signals now
supports un-instrumented services discovery, cross-account views, and change history, helping SRE
and DevOps teams monitor and troubleshoot their large-scale distributed applications.
* api-change:``autoscaling``: [``botocore``] This release adds support for three new features: 1)
Image ID overrides in mixed instances policy, 2) Replace Root Volume - a new strategy for Instance
Refresh, and 3) Instance Lifecycle Policy for enhanced instance lifecycle management.
* api-change:``bedrock-agentcore``: [``botocore``] Bedrock AgentCore Memory release for redriving
memory extraction jobs (StartMemoryExtractionJob and ListMemoryExtractionJob)
* api-change:``bedrock-data-automation``: [``botocore``] Added support for Synchronous project type
and PII Detection and Redaction
* api-change:``bedrock-data-automation-runtime``: [``botocore``] Bedrock Data Automation Runtime
Sync API
* api-change:``braket``: [``botocore``] Add support for Braket spending limits.
* api-change:``budgets``: [``botocore``] Add BillingViewHealthStatusException to
DescribeBudgetPerformanceHistory and ServiceQuotaExceededException to UpdateBudget for improved
error handling with Billing Views.
* api-change:``cloudfront``: [``botocore``] This release adds support for bring your own IP (BYOIP)
to CloudFront's CreateAnycastIpList API through an optional IpamCidrConfigs field.
* api-change:``cloudtrail``: [``botocore``] AWS launches CloudTrail aggregated events to simplify
monitoring of data events at scale. This feature delivers both granular and summarized data events
for resources like S3/Lambda, helping security teams identify patterns without custom aggregation
logic.
* api-change:``connect``: [``botocore``] Add optional ability to exclude users from send
notification actions for Contact Lens Rules.
* api-change:``datasync``: [``botocore``] The partition value "aws-eusc" is now permitted for ARN
(Amazon Resource Name) fields.
* api-change:``devicefarm``: [``botocore``] Add support for environment variables and an IAM
execution role.
* api-change:``dms``: [``botocore``] Added support for customer-managed KMS key (CMK) for
encryption for import private key certificate. Additionally added Amazon SageMaker Lakehouse
endpoint used for zero-ETL integrations with data warehouses.
* api-change:``dsql``: [``botocore``] Added clusterVpcEndpoint field to GetVpcEndpointServiceName
API response, returning the VPC connection endpoint for the cluster
* api-change:``ec2``: [``botocore``] This release adds support for multiple features including: VPC
Encryption Control for the status of traffic flow; S2S VPN BGP Logging; TGW Flexible Costs; IPAM
allocation of static IPs from IPAM pools to CF Anycast IP lists used on CloudFront distribution;
and EBS Volume Integration with Recycle Bin
* api-change:``ecs``: [``botocore``] Launching Amazon ECS Express Mode - a new feature that enables
developers to quickly launch highly available, scalable containerized applications with a single
command.
* api-change:``elbv2``: [``botocore``] This release adds the target optimizer feature in ALB,
enabling strict concurrency enforcement on targets.
* api-change:``emr``: [``botocore``] Add support for configuring S3 destination for step logs on a
per-step basis.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``glue``: [``botocore``] Added FunctionType parameter to Glue GetuserDefinedFunctions.
* api-change:``imagebuilder``: [``botocore``] EC2 Image Builder now enables the distribution of
existing AMIs, retry distribution, and define distribution workflows. It also supports automatic
versioning for recipes and components, allowing automatic version increments and dynamic
referencing in pipelines.
* api-change:``kinesis``: [``botocore``] Kinesis Data Streams now supports up to 50 Enhance Fan-out
consumers for On-demand Advantage Streams. On-demand Standard and Provisioned streams will continue
with the existing limit of 20 consumers for Enhanced Fan-out.
* api-change:``lakeformation``: [``botocore``] Added ServiceIntegrations as a request parameter for
CreateLakeFormationIdentityCenterConfigurationRequest and
UpdateLakeFormationIdentityCenterConfigurationRequest and response parameter for
DescribeLakeFormationIdentityCenterConfigurationResponse
* api-change:``license-manager``: [``botocore``] Added cross-account resource aggregation via
license asset groups and expiry tracking for Self-Managed Licenses. Extended Org-Wide View to
Self-Managed Licenses, added reporting for license asset groups, and removed Athena/Glue
dependencies for cross-account resource discovery in commercial regions.
* api-change:``networkmanager``: [``botocore``] This release adds support for Cloud WAN Routing
Policy providing customers sophisticated routing controls to better manage their global networks
* api-change:``organizations``: [``botocore``] Added new APIs for Billing Transfer, new policy type
INSPECTOR_POLICY, and allow an account to transfer between organizations
* api-change:``quicksight``: [``botocore``] Introducing comprehensive theme styling controls. New
features include border customization (radius, width, color), flexible padding controls, background
styling for cards and sheets, centralized typography management, and visual-level override support
across layouts.
* api-change:``rbin``: [``botocore``] Add support for EBS volume in Recycle Bin
* api-change:``rds``: [``botocore``] Add support for VPC Encryption Controls.
* api-change:``redshift-data``: [``botocore``] Increasing the length limit of Statement Name from
500 to 2048.
* api-change:``s3``: [``botocore``] Enable / Disable ABAC on a general purpose bucket.
* api-change:``sagemaker``: [``botocore``] Added training plan support for inference endpoints.
Added HyperPod task governance with accelerator partition-based quota allocation. Added
BatchRebootClusterNodes and BatchReplaceClusterNodes APIs. Updated ListClusterNodes to include
privateDnsHostName.
* api-change:``securityhub``: [``botocore``] Release Findings and Resources Trends APIs-
GetFindingsTrendsV2 and GetResourcesTrendsV2. This supports time-series aggregated counts with
composite filtering for 1-year of historical data analysis of Findings and Resources.
- from version 1.41.0
* api-change:``apigateway``: [``botocore``] API Gateway now supports response streaming and new
security policies for REST APIs and custom domain names.
* api-change:``apigatewayv2``: [``botocore``] Support for API Gateway portals and portal products.
* api-change:``backup``: [``botocore``] Amazon GuardDuty Malware Protection now supports AWS
Backup, extending malware detection capabilities to EC2, EBS, and S3 backups.
* api-change:``bcm-pricing-calculator``: [``botocore``] Add GroupSharingPreference,
CostCategoryGroupSharingPreferenceArn, and CostCategoryGroupSharingPreferenceEffectiveDate to Bill
Estimate. Add GroupSharingPreference and CostCategoryGroupSharingPreferenceArn to Bill Scenario.
* api-change:``bedrock-runtime``: [``botocore``] This release includes support for Search Results.
* api-change:``billing``: [``botocore``] Added name filtering support to ListBillingViews API
through the new names parameter to efficiently filter billing views by name.
* api-change:``billingconductor``: [``botocore``] This release adds support for Billing Transfers,
enabling management of billing transfers with billing groups on AWS Billing Conductor.
* api-change:``ce``: [``botocore``] Add support for COST_CATEGORY, TAG, and LINKED_ACCOUNT AWS
managed cost anomaly detection monitors
* api-change:``cloudtrail``: [``botocore``] AWS CloudTrail now supports Insights for data events,
expanding beyond management events to automatically detect unusual activity on data plane
operations.
* api-change:``connectcampaignsv2``: [``botocore``] This release added support for ring timer
configuration for campaign calls.
* api-change:``cost-optimization-hub``: [``botocore``] Release ListEfficiencyMetrics API
* api-change:``datazone``: [``botocore``] Amazon DataZone now supports business metadata (readme
and metadata forms) at the individual attribute (column) level, a new rule type for glossary terms,
and the ability to update the owner of the root domain unit.
* api-change:``dynamodb``: [``botocore``] Extended Global Secondary Index (GSI) composite keys to
support up to 8 attributes.
* api-change:``ec2``: [``botocore``] This launch adds support for two new features: Regional NAT
Gateway and IPAM Policies. IPAM policies offers customers central control for public IPv4
assignments across AWS services. Regional NAT is a single NAT Gateway that automatically expands
across AZs in a VPC to maintain high availability.
* api-change:``ecr``: [``botocore``] Add support for ECR archival storage class and Inspector org
policy for scanning
* api-change:``ecs``: [``botocore``] Added support for Amazon ECS Managed Instances infrastructure
optimization configuration.
* api-change:``emr``: [``botocore``] Add CloudWatch Logs integration for Spark driver, executor and
step logs
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``fsx``: [``botocore``] Adding File Server Resource Manager configuration to FSx
Windows
* api-change:``guardduty``: [``botocore``] Add support for scanning and viewing scan results for
backup resource types
* api-change:``health``: [``botocore``] Adds actionability and personas properties to Health events
exposed through DescribeEvents, DescribeEventsForOrganization, DescribeEventDetails, and
DescribeEventTypes APIs. Adds filtering by actionabilities and personas in EventFilter,
OrganizationEventFilter, EventTypeFilter.
* api-change:``iam``: [``botocore``] Added the EnableOutboundWebIdentityFederation,
DisableOutboundWebIdentityFederation and GetOutboundWebIdentityFederationInfo APIs for the IAM
outbound federation feature.
* api-change:``inspector2``: [``botocore``] This release introduces BLOCKED_BY_ORGANIZATION_POLICY
error code and IMAGE_ARCHIVED scanStatusReason. BLOCKED_BY_ORGANIZATION_POLICY error code is
returned when an operation is blocked by an AWS Organizations policy. IMAGE_ARCHIVED
scanStatusReason is returned when an Image is archived in ECR.
* api-change:``invoicing``: [``botocore``] Add support for adding Billing transfers in Invoice
configuration
* api-change:``lambda``: [``botocore``] Added support for creating and invoking Tenant Isolated
functions in AWS Lambda APIs.
* api-change:``logs``: [``botocore``] Adding support for ocsf version 1.5, add optional parameter
MappingVersion
* api-change:``mediaconnect``: [``botocore``] This release adds support for global routing in AWS
Elemental MediaConnect. You can now use router inputs and router outputs to manage global video and
audio routing workflows both within the AWS-Cloud and over the public internet.
* api-change:``medialive``: [``botocore``] MediaLive is adding support for MediaConnect Router by
supporting a new input type called MEDIACONNECT_ROUTER. This new input type will provide seamless
encrypted transport between MediaConnect Router and your MediaLive channel.
* api-change:``network-firewall``: [``botocore``] Partner Managed Rulegroup feature support
* api-change:``networkflowmonitor``: [``botocore``] Added new enum value (AWS::EKS::Cluster) for
type field under MonitorLocalResource
* api-change:``partnercentral-channel``: [``botocore``] Initial GA launch of Partner Central Channel
* api-change:``route53``: [``botocore``] Add dual-stack endpoint support for Route53
* api-change:``rum``: [``botocore``] CloudWatch RUM now supports mobile application monitoring for
Android and iOS platforms
* api-change:``s3``: [``botocore``] Adds support for blocking SSE-C writes to general purpose
buckets.
* api-change:``sagemaker``: [``botocore``] Added support for enhanced metrics for SageMaker AI
Endpoints. This features provides Utilization Metrics at instance and container granularity and
also provides easy configuration of metric publish frequency from 10 sec -> 5 mins
* api-change:``secretsmanager``: [``botocore``] Adds support to create, update, retrieve, rotate,
and delete managed external secrets.
* api-change:``signin``: [``botocore``] AWS Sign-In manages authentication for AWS services. This
service provides secure authentication flows for accessing AWS resources from the console and
developer tools. This release adds the CreateOAuth2Token API, which can be used to fetch OAuth2
access tokens and refresh tokens from Sign-In.
* api-change:``stepfunctions``: [``botocore``] Adds support to TestState for mocked results and
exceptions, along with additional inspection data.
* api-change:``sts``: [``botocore``] IAM now supports outbound identity federation via the STS
GetWebIdentityToken API, enabling AWS workloads to securely authenticate with external services
using short-lived JSON Web Tokens.
* feature:credentials: [``botocore``] Adds support for the login credential provider, allowing
users to use AWS Management Console credentials for authentication.
- from version 1.40.76
* api-change:``autoscaling``: [``botocore``] This release adds the new LaunchInstances API, which
can launch instances synchronously in an AutoScaling group. The API also returns instances info and
launch error back immediately.
* api-change:``backup``: [``botocore``] AWS Backup now supports a low-cost warm storage tier for
Amazon S3 backup data.
* api-change:``bedrock-runtime``: [``botocore``] Amazon Bedrock Runtime Service Tier Support Launch
* api-change:``cloudformation``: [``botocore``] New CloudFormation DescribeEvents API with
operation ID tracking and failure filtering capabilities to quickly identify root causes of
deployment failures. Also, a DeploymentMode parameter for the CreateChangeSet API that enables
creation of drift-aware change sets for safe drift management.
* api-change:``connect``: [``botocore``] This release added support for ring timer configuration
for campaign calls.
* api-change:``ec2``: [``botocore``] AWS Site-to-Site VPN now supports VPN Concentrator, a new
feature that enables customers to connect multiple low-bandwidth sites connections through a single
attachment, simplifying multi-site connectivity for distributed enterprises.
* api-change:``iam``: [``botocore``] Added the AssociateDelegationRequest, GetDelegationRequest,
AcceptDelegationRequest, RejectDelegatonRequest, ListDelegationRequests, UpdateDelegationRequest,
SendDelegationToken and GetHumanReadableSummary APIs for the IAM temporary delegation feature.
* api-change:``kafka``: [``botocore``] Amazon MSK adds three new APIs, ListTopics, DescribeTopic,
and DescribeTopicPartitions for viewing Kafka topics in your MSK clusters.
* api-change:``logs``: [``botocore``] CloudWatch Logs updates: Added capability to setup a
recurring schedule for log insights queries. Logs introduced Scheduled Queries (managed through
Create/Update/Get/Delete/List/History Scheduled Query APIs). For more information, see CloudWatch
Logs API documentation.
* api-change:``resourcegroupstaggingapi``: [``botocore``] Add support for new ListRequiredTags API
used to retrieve the required tags specified in a customer's effective tag policy.
* api-change:``storagegateway``: [``botocore``] Adds support for European Sovereign Cloud ARNs in
Storage Gateway API parameters.
* api-change:``wafv2``: [``botocore``] AssociateWebACL, UpdateWebACL and PutLoggingConfiguration
will now throw WAFFeatureNotIncludedInPricingPlanException when the request contains a feature that
is not included in the CloudFront pricing plan of the WebACL.
- from version 1.40.75
* api-change:``appstream``: [``botocore``] Adding support for additional instances and extended
storage
* api-change:``backup``: [``botocore``] AWS Backup now supports specifying a logically air-gapped
backup vault as a primary backup target in backup plans and on-demand backup jobs.
* api-change:``bedrock``: [``botocore``] Automated Reasoning checks in Amazon Bedrock Guardrails
now automatically generate Q&A tests for new Automated Reasoning policies. The
GetAutomatedReasoningPolicyBuildWorkflowResultAssets API adds GENERATED_TEST_CASES asset type,
allowing customers to retrieve tests generated by the build workflow.
* api-change:``devicefarm``: [``botocore``] This release adds support for interacting with devices
during a remote access session using the remoteDriverEndpoint interface
* api-change:``dms``: [``botocore``] This release introduces the SAP ASE(Sybase) Data Provider for
AWS Data Migration Service (DMS). In addition, DMS Schema Conversion now supports this provider,
enabling customers to migrate SAP ASE(Sybase) databases to Amazon RDS for PostgreSQL or Aurora
PostgreSQL seamlessly.
* api-change:``ec2``: [``botocore``] This release introduces new APIs: DescribeInstanceSqlHaStates,
DescribeInstanceSqlHaHistoryStates, EnableInstanceSqlHaStandbyDetections and
DisableInstanceSqlHaStandbyDetections on Amazon EC2, allowing customers to enroll and monitor SQL
Server licensing fee savings for their SQL HA EC2 instances.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``glue``: [``botocore``] Amazon Glue Releasing 2 the new API
ListIntegrationResourceProperties and DeleteIntegrationResourceProperty along with minor
improvement on existing API(s).
* api-change:``guardduty``: [``botocore``] Add S3 On-Demand Object Scanning
* api-change:``lexv2-models``: [``botocore``] Adds support for LLM as Primary, allowing usage of
LLMs as the default NLU system.
* api-change:``medialive``: [``botocore``] Adds configurations for spatial/temporal adaptive
quantization in AV1 codec, and conversion to HLG output color space in H265 codec.
* api-change:``mediapackagev2``: [``botocore``] Add support for SCTE messages in Segment file output
* api-change:``mwaa-serverless``: [``botocore``] Amazon MWAA now offers serverless deployment,
eliminating operational overhead while optimizing costs. The service supports YAML and Python-based
workflows, with 80+ AWS Operators. It provides isolated execution, IAM permissions, and automatic
scaling with pay-per-use pricing.
* api-change:``opensearch``: [``botocore``] This release adds index operation APIs to support
Automatic Semantic Enrichment feature
* api-change:``pcs``: [``botocore``] Added support for the managed Slurm REST API endpoint
* api-change:``route53resolver``: [``botocore``] Adding DICTIONARY_DGA to dns-threat-protection as
a new enum type. Customers can now set rules for dictionary dga protection
- from version 1.40.74
* api-change:``datazone``: [``botocore``] Adds support for granting read and write access to Amazon
S3 general purpose buckets using CreateSubscriptionRequest and AcceptSubscriptionRequest APIs. Also
adds search filters for SSOUser and SSOGroup to ListSubscriptions APIs and deprecates "sortBy"
parameter for ListSubscriptions APIs.
* api-change:``ec2``: [``botocore``] This release adds AvailabilityZoneId support for
CreateInstanceConnectEndpoint, DescribeInstanceConnectEndpoints, and DeleteInstanceConnectEndpoint
APIs.
* api-change:``imagebuilder``: [``botocore``] EC2 Image Builder now supports invoking Lambda
functions and executing Step Functions state machine through image workflows.
* api-change:``medialive``: [``botocore``] Removed all the value constraint (min/max) for the shape
definitions (e.g. integerMin0Max3600) on the C2j models to get rid of the need to request an
exemption from the SDK team whenever a shape definition (e.g. integerMin0Max3600) is changed.
* enhancement:AWSCRT: [``botocore``] Update awscrt version to 0.28.4
- from version 1.40.73
* api-change:``cloudformation``: [``botocore``] CloudFormation now supports GetHookResult API with
annotations to retrieve structured compliance check results and remediation guidance for each
evaluated resource, replacing the previous single-message limitation with detailed validation
outcomes.
* api-change:``controlcatalog``: [``botocore``] Added support for related control mappings with new
RELATED_CONTROL mapping type in ListControlMappings API.
* api-change:``ec2``: [``botocore``] Added support for new accelerator types ("media") and
accelerator names ("L4", "L40s", "GAUDI_HL_205", "INFERENTIA2", "TRAINIUM", "TRAINIUM2", "U30") in
Attributes Based Instance Type Selection for launched instance types.
* api-change:``ecr``: [``botocore``] Add Amazon ECR FIPS PrivateLink endpoint support
* api-change:``elbv2``: [``botocore``] QUIC and TCP_QUIC protocol support for Network Load Balancer
(NLB). This capability enables customers to forward QUIC traffic to their targets with ultra-low
latency while maintaining session stickiness using QUIC Connection IDs.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``iotwireless``: [``botocore``] Integration of Device Location with Amazon Sidewalk
network for Amazon Sidewalk enabled devices
* api-change:``mediaconvert``: [``botocore``] Lowers minimum duration for black video generator.
Adds support for embedding and signing C2PA content credentials in DASH and CMAF HLS outputs.
* api-change:``rds``: [``botocore``] Updated endpoint and service metadata
* api-change:``sagemaker``: [``botocore``] Added support for minor version upgrades and AWS
Identity Center integration for SageMaker Hadron Partner Apps, enabling automated version
management and IdC group-based access control.
* api-change:``workspaces-web``: [``botocore``] Support for managing web content filtering for
defining, tracking and regulating type of content accessed with WorkSpaces Secure Browser as part
of browser settings.
- from version 1.40.72
* api-change:``amp``: [``botocore``] Add VPC source configuration support enabling Amazon Managed
Service for Prometheus Collector to collect metrics from MSK clusters.
* api-change:``connect``: [``botocore``] Updated Authentication Profile APIs to add support for
automatic logout on user inactivity
* api-change:``dms``: [``botocore``] Added support of SQL statements creation, metadata model
discovery and selection rules transformation.
* api-change:``ec2``: [``botocore``] Adds complete AMI ancestry tracing from immediate parent
through each preceding generation back to the root AMI
* api-change:``elbv2``: [``botocore``] This release expands ALB Authentication to support JWT
verification and adds support for a new JWT validation action in listener rule.
* api-change:``redshift``: [``botocore``] Added GetIdentityCenterAuthToken API to retrieve
encrypted authentication tokens for Identity Center integrated applications. This API enables
programmatic access to secure Identity Center tokens with proper error handling and parameter
validation across supported SDK languages.
* api-change:``s3tables``: [``botocore``] Adds support for request metrics metrics APIs for S3
Tables
* api-change:``sagemaker``: [``botocore``] Add support for trn2.3xlarge instance type for SageMaker
Hyperpod
- from version 1.40.71
* api-change:``batch``: [``botocore``] Documentation-only update: update API and doc descriptions
per EKS ImageType default value switch from AL2 to AL2023.
* api-change:``bedrock-data-automation``: [``botocore``] Added support for Language Expansion
feature for BDA Audio modality.
* api-change:``ec2``: [``botocore``] AWS Site-to-Site VPN now supports VPN connections with up to 5
Gbps bandwidth per tunnel, a 4x improvement from existing limit of 1.25 Gbps.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``medical-imaging``: [``botocore``] Added new fields in existing APIs.
* api-change:``rtbfabric``: [``botocore``] Added LogSettings and LinkAttribute fields to external
links
* api-change:``security-ir``: [``botocore``] Added support for configuring communication
preferences as well as clearly displaying case comment author identities.
- from version 1.40.70
* api-change:``acm-pca``: [``botocore``] Private Certificate Authority service now supports ML-DSA
key algorithms.
* api-change:``appstream``: [``botocore``] AWS Appstream support for IPv6
* api-change:``backup``: [``botocore``] AWS Backup supports backups of Amazon EKS clusters,
including Kubernetes cluster state and persistent storage attached to the EKS cluster via a
persistent volume claim (EBS volumes, EFS file systems, and S3 buckets).
* api-change:``braket``: [``botocore``] Adds ExperimentalCapabilities field to CreateQuantumTask
request and GetQuantumTask response objects. Enables use of experimental software capabilities when
creating quantum tasks.
* api-change:``datazone``: [``botocore``] Remove trackingServerName from DataZone Connection
MLflowProperties
* api-change:``dsql``: [``botocore``] Cluster endpoint added to CreateCluster and GetCluster API
responses
* api-change:``ec2``: [``botocore``] Amazon EC2 Fleet customers can now filter instance types based
on encryption-in-transit support using Attribute-Based Instance Type Selection (ABIS), eliminating
the manual effort of identifying and selecting compatible instance types for security-sensitive
workloads.
* api-change:``guardduty``: [``botocore``] Include tags filed in CreatePublishingDestinationRequest
and DescribePublishingDestinationResponse.
* api-change:``iam``: [``botocore``] Added CreateDelegationRequest API, which is not available for
general use at this time.
* api-change:``invoicing``: [``botocore``] Added new invoicing get-invoice-pdf API Operation
* api-change:``kafka``: [``botocore``] Amazon MSK now supports intelligent rebalancing for MSK
Express brokers.
* api-change:``sts``: [``botocore``] Added GetDelegatedAccessToken API, which is not available for
general use at this time.
* api-change:``verifiedpermissions``: [``botocore``] Amazon Verified Permissions / Features : Adds
support for entity Cedar tags.
* api-change:``wafv2``: [``botocore``] AWS WAF now supports CLOUDWATCH_TELEMETRY_RULE_MANAGED as a
LogScope option, enabling automated logging configuration through Amazon CloudWatch Logs for
telemetry data collection and analysis.
- from version 1.40.69
* api-change:``controltower``: [``botocore``] Added Parent Identifier support to
ListEnabledControls and GetEnabledControl API. Implemented RemediationType support for Landing Zone
operations: CreateLandingZone, UpdateLandingZone and GetLandingZone APIs
* api-change:``ec2``: [``botocore``] Adds PrivateDnsPreference and PrivateDnsSpecifiedDomains to
control private DNS resolution for resource and service network VPC endpoints and
IpamScopeExternalAuthorityConfiguration to integrate Amazon VPC IPAM with a third-party IPAM service
* api-change:``kms``: [``botocore``] Added support for new ECC_NIST_EDWARDS25519 AWS KMS key spec
* api-change:``opensearch``: [``botocore``] This release introduces the Default Application
feature, allowing users to set, change, or unset a preferred OpenSearch UI application on a
per-region basis for a streamlined and consistent user experience.
* api-change:``vpc-lattice``: [``botocore``] Amazon VPC Lattice now supports custom domain name for
resource configurations
- from version 1.40.68
* api-change:``accessanalyzer``: [``botocore``] New field totalActiveErrors added to
getFindingsStatistics response.
* api-change:``backup``: [``botocore``] AWS Backup now supports customer-managed keys (CMK) for
logically air-gapped vaults, enabling customers to maintain full control over their encryption key
lifecycle. This feature helps organizations meet specific internal governance requirements or
external regulatory compliance standards.
* api-change:``connect``: [``botocore``] Added support for Conditional Questions in Evaluation
Forms. Introduced Auto Evaluation capability for Evaluation Forms and Contact Evaluations. Added
new API operations: SearchEvaluationForms and SearchContactEvaluations.
* api-change:``ec2``: [``botocore``] Add Amazon EC2 R8a instance types
* api-change:``gamelift``: [``botocore``] Amazon GameLift Servers now supports game builds that use
the Windows 2022 operating system.
* api-change:``identitystore``: [``botocore``] IdentityStore API: added new KMSExceptionReason
fields to the Exception object; added multiple new fields to the User APIs - UserStatus, Birthdate,
Website and Photos; added multiple new metadata fields for User, Groups and Membership APIs -
CreatedAt, CreatedBy, UpdatedAt and UpdatedBy.
* api-change:``quicksight``: [``botocore``] Support for New Data Prep Experience
* api-change:``s3tables``: [``botocore``] Adds support for tagging APIs for S3 Tables
* api-change:``s3vectors``: [``botocore``] Amazon S3 Vectors provides cost-effective, elastic, and
durable vector storage for queries based on semantic meaning and similarity.
* api-change:``sagemaker``: [``botocore``] Added NodeProvisioningMode parameter to UpdateCluster
API to determine how instance provisioning is handled during cluster operations; in Continuous
mode. Added VpcId field in UpdateDomain request for SageMaker Unified Studio domains with no VPC to
add a customer VPC.
* api-change:``ssm``: [``botocore``] Provides NoLongerSupportedException error message
- from version 1.40.67
* api-change:``cloudfront``: [``botocore``] This release adds new and updated API operations. You
can now use the IpAddressType field to specify either ipv4 or dualstack for your Anycast static IP
list. You can also enable cross-account resource sharing to share your VPC origins with other AWS
accounts
* api-change:``datazone``: [``botocore``] Added support for Project Resource Tags
* api-change:``ec2``: [``botocore``] This release adds AvailabilityZoneId support for
DescribeFastSnapshotRestores, DisableFastSnapshotRestores, and EnableFastSnapshotRestores APIs.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``fsx``: [``botocore``] Amazon FSx now enables secure management of Active Directory
credentials through AWS Secrets Manager integration. Customers can use Secret ARNs instead of
direct credentials when joining resources to Active Directory domains.
* api-change:``groundstation``: [``botocore``] Introduce CreateDataflowEndpointGroupV2 action
* api-change:``s3``: [``botocore``] Launch IPv6 dual-stack support for S3 Express
* api-change:``sagemaker``: [``botocore``] Add new fields in SageMaker Hyperpod DescribeCluster API
response: TargetStateCount, SoftwareUpdateStatus and ActiveSoftwareDeploymentConfig to provide AMI
update progress visibility .
- from version 1.40.66
* api-change:``pinpoint-sms-voice-v2``: [``botocore``] This release adds support for the
CarrierLookup API, which returns information about a destination phone number including if the
number is valid, the carrier, and more.
- from version 1.40.65
* api-change:``bedrock-agentcore-control``: [``botocore``] Adds support for direct code deploy with
CreateAgentRuntime and UpdateAgentRuntime
* api-change:``budgets``: [``botocore``] Fix the AWS Budgets endpoint for the aws-eusc partition.
* api-change:``ec2``: [``botocore``] Add Amazon EC2 trn2.3xlarge instance type.
* api-change:``ecs``: [``botocore``] Documentation-only update for LINEAR and CANARY deployment
strategies.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``kinesis``: [``botocore``] Adds support for MinimumThroughputBillingCommitment with
new UpdateAccountSettings API. Adds support to configure warm throughput for on-demand streams in
new UpdateStreamWarmThroughput API and existing CreateStream API and UpdateStreamMode API.
- from version 1.40.64
* api-change:``connectcases``: [``botocore``] Added two new case rule types: Parent Child Field
Options (restricts child field options based on parent field value) and Hidden (controls child
field visibility based on parent field value). Both enable dynamic field behavior within templates.
* api-change:``ec2``: [``botocore``] Amazon VPC IP Address Manager (IPAM) now supports automated
prefix list management, allowing you to create rules that automatically populate customer-managed
prefix lists with CIDRs from your IPAM pools or AWS resources based on tags, Regions, or other
criteria.
* api-change:``emr``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``fms``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``fsx``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``health``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kinesis``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``lambda``: [``botocore``] Add Python3.14 (python3.14) and Java 25 (java25) support to
AWS Lambda
* api-change:``logs``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``marketplace-catalog``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mediaconvert``: [``botocore``] Adds SlowPalPitchCorrection to audio pitch correction
settings. Enables opacity for VideoOverlays. Adds REMUX_ALL option to enable multi-rendition
passthrough to VideoSelector for allow listed accounts.
* api-change:``omics``: [``botocore``] Added WDL_LENIENT engine type that enables implicit
typecasting of variable values to its compatible declared types
* api-change:``payment-cryptography``: [``botocore``] Allow additional characters in the
CertificateSubject for GetCertificateSigningRequest API.
* api-change:``redshift``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``resourcegroupstaggingapi``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sagemaker``: [``botocore``] Allow update of platform identifier via
UpdateNotebookInstance operation.
* api-change:``savingsplans``: [``botocore``] Add dual-stack endpoint support for Savings Plans
* api-change:``snowball``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ssm-quicksetup``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``textract``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``waf``: [``botocore``] Update endpoint ruleset parameters casing
- from version 1.40.63
* api-change:``amp``: [``botocore``] Add Anomaly Detection APIs for Amazon Managed Prometheus
* api-change:``apigateway``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``appconfig``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``appflow``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``applicationcostprofiler``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``appmesh``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``appsync``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``artifact``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``auditmanager``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bedrock-agent``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bedrock-agentcore-control``: [``botocore``] Web-Bot-Auth support for AgentCore
Browser tool to help reduce captcha challenges.
* api-change:``chime``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cleanrooms``: [``botocore``] Added support for advanced Spark configurations to
optimize SQL performance
* api-change:``cloudcontrol``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``clouddirectory``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cloudsearch``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cloudwatch``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codecatalyst``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codecommit``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codedeploy``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cognito-sync``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``compute-optimizer``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``connectcases``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``deadline``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``devops-guru``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``docdb``: [``botocore``] Adding FailoverState and TagList to GlobalCluster and
SynchronizationStatus to GlobalClusterMember.
* api-change:``ecs``: [``botocore``] Amazon ECS Service Connect now supports Envoy access logs,
providing deeper observability into request-level traffic patterns and service interactions.
* api-change:``eks-auth``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``elasticache``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``emr-serverless``: [``botocore``] This release adds the capability to enable User
Background Sessions for customers running Trusted Identity Propagation enabled Interactive Sessions
on EMR Serverless Applications.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``firehose``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``frauddetector``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``geo-places``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``glue``: [``botocore``] This release adds the capability to enable User Background
Sessions for customers running Trusted Identity Propagation enabled Interactive Sessions on AWS
Glue.
* api-change:``greengrassv2``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iotevents-data``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iot-managed-integrations``: [``botocore``] Add a new GetManagedThingCertificate API
to expose Iot ManagedIntegrations (MI) device certificate, and add "-" support for name,
properties, actions and events in the CapabilityReportCapability object.
* api-change:``keyspacesstreams``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kms``: [``botocore``] Add cross account VPC endpoint service connectivity support to
CustomKeyStore.
* api-change:``license-manager-linux-subscriptions``: [``botocore``] Update endpoint ruleset
parameters casing
* api-change:``marketplace-reporting``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``neptune``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``rtbfabric``: [``botocore``] RTB Fabric documentation update.
* api-change:``s3outposts``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sagemaker-runtime``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``schemas``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``serverlessrepo``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``servicecatalog``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sso``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sts``: [``botocore``] Update endpoint ruleset parameters casing
- from version 1.40.62
* api-change:``bedrock-runtime``: [``botocore``] Add support for system tool and web citation
response.
- from version 1.40.61
* api-change:``apigatewayv2``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``application-signals``: [``botocore``] Added support for CloudWatch Synthetics Canary
resources in ListAuditFindings API. This enhancement allows customers to retrieve audit findings
specifically for CloudWatch Synthetics canaries and enables service-canary correlation analysis.
* api-change:``backupsearch``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bcm-pricing-calculator``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bedrock-agent-runtime``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bedrock-runtime``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cleanroomsml``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:clients: [``botocore``] The following clients have been removed per deprecation of the
services - qldb, qldb-session, robomaker, lookoutmetrics, lookoutvision, iotfleethub, apptest
* api-change:``cloud9``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cloudsearchdomain``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codeconnections``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codeguru-security``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``detective``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ec2``: [``botocore``] This released the DescribeCapacityReservationTopology API.
* api-change:``ecs``: [``botocore``] Amazon ECS supports native linear and canary service
deployments, allowing you to shift traffic in increments for more control.
* api-change:``efs``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``elastictranscoder``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``emr-containers``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``gameliftstreams``: [``botocore``] Add stream group expiration date and expired status
* api-change:``glacier``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``groundstation``: [``botocore``] Enable use of AzEl ephemerides
* api-change:``inspector-scan``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kafkaconnect``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kendra``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kinesisvideo``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``lambda``: [``botocore``] Added SerializedRequestEntityTooLargeException to Lambda
Invoke API
* api-change:``marketplace-deployment``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mediapackage-vod``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``migrationhuborchestrator``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``notifications``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``opensearch``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``organizations``: [``botocore``] Added Account State field to the
ListDelegatedAdministrators API response.
* api-change:``partnercentral-selling``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``pipes``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ram``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``resource-groups``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``s3``: [``botocore``] Amazon Simple Storage Service / Features: Add conditional
writes in CopyObject on destination key to prevent unintended object modifications.
* api-change:``s3control``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker now supports deleting training and
processing jobs in a terminal status.
* api-change:``sagemaker-featurestore-runtime``: [``botocore``] Update endpoint ruleset parameters
casing
* api-change:``security-ir``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``servicecatalog-appregistry``: [``botocore``] Update endpoint ruleset parameters
casing
* api-change:``sqs``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``support-app``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``taxsettings``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``trustedadvisor``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``workspaces``: [``botocore``] Added IPv6 address support for WorkSpaces using
Dual-Stack subnets
* api-change:``workspaces-instances``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``xray``: [``botocore``] Update endpoint ruleset parameters casing
- from version 1.40.60
* api-change:``accessanalyzer``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``aiops``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``athena``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``backup-gateway``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bedrock-data-automation``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``braket``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ce``: [``botocore``] Updated endpoint for eusc-de-east-1 region.
* api-change:``chime-sdk-identity``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``chime-sdk-media-pipelines``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codeartifact``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codeguruprofiler``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cognito-idp``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``comprehend``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``connectcampaigns``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``controltower``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cost-optimization-hub``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``dax``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``elasticbeanstalk``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``entityresolution``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``forecast``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``greengrass``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iam``: [``botocore``] Fixed missing SummaryMap keys in GetAccountSummary response
that were being filtered out during deserialization in AWS Java SDK v2
* api-change:``invoicing``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kinesis``: [``botocore``] Adds support for record sizes up to 10MiB and introduces
new UpdateMaxRecordSize API to modify stream record size limits. Adds record size parameters to
existing CreateStream and DescribeStreamSummary APIs for request and response payloads respectively.
* api-change:``launch-wizard``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``lex-runtime``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``managedblockchain``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mturk``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``neptune-graph``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``outposts``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``pinpoint``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``rbin``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``rds-data``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``redshift-serverless``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``rekognition``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``repostspace``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``route53profiles``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``route53resolver``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``s3vectors``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``scheduler``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``secretsmanager``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ses``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``shield``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``simspaceweaver``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``socialmessaging``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ssm-sap``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sso-admin``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``stepfunctions``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``waf-regional``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``workmailmessageflow``: [``botocore``] Update endpoint ruleset parameters casing
- from version 1.40.59
* api-change:``acm``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``amplifyuibuilder``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``application-signals``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``billing``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``budgets``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``chime-sdk-messaging``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cloudtrail``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codepipeline``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``datapipeline``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``datazone``: [``botocore``] This release adds support for MLflow connections Creation
in DataZone
* api-change:``docdb``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``dynamodbstreams``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``eks``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``elb``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``evs``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``fis``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``gameliftstreams``: [``botocore``] Add status reasons for TERMINATED stream sessions
* api-change:``geo-maps``: [``botocore``] Added support for optional AdditionalFeatures parameter
in the V2 GetTile API.
* api-change:``inspector``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iot-managed-integrations``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iotwireless``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kinesisanalytics``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kinesis-video-signaling``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``location``: [``botocore``] Added support for mobile app restrictions in Amazon
Location API keys.
* api-change:``lookoutvision``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mediapackage``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mediastore``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mediastore-data``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``migrationhubstrategy``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mq``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``panorama``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``payment-cryptography``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``payment-cryptography-data``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``pca-connector-ad``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``qbusiness``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``robomaker``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``route53domains``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``rtbfabric``: [``botocore``] Add support for custom rate limits.
* api-change:``s3tables``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sagemaker``: [``botocore``] Added inference components model data caching feature
* api-change:``sagemaker-metrics``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``securityhub``: [``botocore``] Release 3 layer filter support in GetFindingsV2,
GetFindingStatisticsV2, GetResourcesV2,GetResourcesStatisticsV2, AutomationRule V2 APIs. Update
filter casing in GetResourcesV2, GetResourcesStatisticsV2 APIs. Add new filters in GetFindingsV2,
GetFindingStatisticsV2, AutomationRule V2 APIs.
* api-change:``servicediscovery``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``snow-device-management``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sso-oidc``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``supplychain``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``translate``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``verifiedpermissions``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``vpc-lattice``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``wisdom``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``workspaces-thin-client``: [``botocore``] Update endpoint ruleset parameters casing
- from version 1.40.58
* api-change:``account``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``application-autoscaling``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bedrock-agentcore``: [``botocore``] Fixing the service documentation name
* api-change:``bedrock-agentcore-control``: [``botocore``] Fixing the service documentation name
* api-change:``chime-sdk-voice``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cloudtrail-data``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codebuild``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codestar-connections``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``config``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``connect-contact-lens``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cur``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``discovery``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``dms``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``docdb-elastic``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``drs``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``dsql``: [``botocore``] Add support for resource-based policies for Aurora DSQL
clusters. This will enable you to implement Block Public Access (BPA) which will help restrict
access to your Aurora DSQL public or VPC endpoints.
* api-change:``ebs``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ecr``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ecr-public``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``healthlake``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``internetmonitor``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iotevents``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iot-jobs-data``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kinesis-video-archived-media``: [``botocore``] Update endpoint ruleset parameters
casing
* api-change:``kinesis-video-webrtc-storage``: [``botocore``] Update endpoint ruleset parameters
casing
* api-change:``lambda``: [``botocore``] Add NodeJs 24 (nodejs24.x) support to AWS Lambda.
* api-change:``macie2``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``managedblockchain-query``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``marketplacecommerceanalytics``: [``botocore``] Update endpoint ruleset parameters
casing
* api-change:``mediatailor``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mgh``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mgn``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mpa``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``neptunedata``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``networkmonitor``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``odb``: [``botocore``] Doc-only update that removes duplicate values from
descriptions of ODB peering APIs.
* api-change:``omics``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``opensearchserverless``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``pca-connector-scep``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``personalize-events``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``pinpoint-email``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``resiliencehub``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``rum``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sagemaker``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sagemaker-edge``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``savingsplans``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``securitylake``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sesv2``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``storagegateway``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``synthetics``: [``botocore``] Update endpoint ruleset parameters casing
- from version 1.40.57
* api-change:``appfabric``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``autoscaling``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``b2bi``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bcm-dashboards``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ce``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``chatbot``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cloudformation``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cloudhsm``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cloudhsmv2``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codeguru-reviewer``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cognito-identity``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``comprehendmedical``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``connect``: [``botocore``] This release added support for email address alias
configuration and outbound campaign preview mode.
* api-change:``connectcampaignsv2``: [``botocore``] Updated Amazon Connect Outbound Campaigns V2
SDK to support Preview Outbound Mode
* api-change:``connectparticipant``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``devicefarm``: [``botocore``] This release adds support for optionally including an
app as part of a CreateRemoteAccessSession request
* api-change:``directconnect``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ds-data``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ec2``: [``botocore``] This release adds AvailabilityZoneId support for
CreateNetworkInterface and DescribeNetworkInterfaces APIs.
* api-change:``ec2-instance-connect``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``forecastquery``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iam``: [``botocore``] Updated OIDC and SAML apis to reject multiple simultaneous
requests to change a unique object.
* api-change:``inspector2``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iot``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iotanalytics``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iotfleetwise``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iotsecuretunneling``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iotsitewise``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ivschat``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kinesisanalyticsv2``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``lexv2-models``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mailmanager``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``marketplace-agreement``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``medialive``: [``botocore``] Add 3 API operations for fetching alerts: ListAlerts
(Channels), ListClusterAlerts (MediaLive Anywhere), and ListMultiplexAlerts
* api-change:``mwaa``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``notificationscontacts``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``oam``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``pcs``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``pinpoint-sms-voice-v2``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``redshift-data``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``route53``: [``botocore``] Amazon Route 53 now supports the ISOB West Region for
private DNS for Amazon VPCs and cloudwatch healthchecks.
* api-change:``route53-recovery-cluster``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``rtbfabric``: [``botocore``] Update for general availability of AWS RTB Fabric
service.
* api-change:``sagemaker-a2i-runtime``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sns``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ssm-incidents``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``workdocs``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``workmail``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``workspaces``: [``botocore``] Update endpoint ruleset parameters casing
- from version 1.40.56
* api-change:``dynamodb``: [``botocore``] Add AccountID based endpoint metric to endpoint rules.
* api-change:``emr``: [``botocore``] Added RECONFIGURING to the InstanceFleetState convenience enum.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``mediaconvert``: [``botocore``] This release adds the ability to set resolution for
the black video generator and also adds the StartJobsQuery and GetJobsQueryResults APIs which allow
asynchronous search of job history using new filters.
* api-change:``meteringmarketplace``: [``botocore``] Added ClientToken parameter to MeterUsage API
for specifying idempotent requests.
- from version 1.40.55
* api-change:``amp``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``amplifybackend``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``appconfigdata``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``appintegrations``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``application-insights``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``arc-zonal-shift``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bcm-recommended-actions``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bedrock-data-automation-runtime``: [``botocore``] Update endpoint ruleset parameters
casing
* api-change:``chime-sdk-meetings``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cloudfront``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cloudfront-keyvaluestore``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codestar-notifications``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``controlcatalog``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``datasync``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ds``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``dsql``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``es``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``events``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``evidently``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``finspace``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``finspace-data``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``gameliftstreams``: [``botocore``] Updates documentation to clarify valid application
binaries for an Amazon GameLift Streams application and provide descriptions of stream session
error status reasons
* api-change:``geo-maps``: [``botocore``] Added support for optional style parameters in maps,
including Terrain, ContourDensity, Traffic, and TravelModes.
* api-change:``imagebuilder``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iot-data``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iotdeviceadvisor``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iotthingsgraph``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iottwinmaker``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kendra-ranking``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kinesis-video-media``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``lakeformation``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``license-manager``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``license-manager-user-subscriptions``: [``botocore``] Update endpoint ruleset
parameters casing
* api-change:``marketplace-catalog``: [``botocore``] The ListEntities API now supports two new CAPI
filters: DeliveryOptionTypes for SaaS products and CompatibleAWSServices for Container products.
* api-change:``mediaconnect``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``migration-hub-refactor-spaces``: [``botocore``] Update endpoint ruleset parameters
casing
* api-change:``network-firewall``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``networkmanager``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``organizations``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``pi``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``qapps``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``rolesanywhere``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``route53-recovery-readiness``: [``botocore``] Update endpoint ruleset parameters
casing
* api-change:``sagemaker-geospatial``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``signer``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``swf``: [``botocore``] Releasing minor endpoint updates.
* api-change:``timestream-write``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``tnb``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``wellarchitected``: [``botocore``] Update endpoint ruleset parameters casing
- from version 1.40.54
* api-change:``acm-pca``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``amplify``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``apigatewaymanagementapi``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``apprunner``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``apptest``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``autoscaling-plans``: [``botocore``] Updated FIPS endpoints for US GovCloud regions
* api-change:``batch``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bcm-data-exports``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``billingconductor``: [``botocore``] New feature: service flat CLI and first AWS
managed pricing plan (BasicPricingPlan)
* api-change:``customer-profiles``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``databrew``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``dataexchange``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``dlm``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``freetier``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``gamelift``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``geo-routes``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``globalaccelerator``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``grafana``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``identitystore``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ivs``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ivs-realtime``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kafka``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``keyspaces``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kms``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``lex-models``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``lexv2-runtime``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``lookoutequipment``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``m2``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``machinelearning``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``marketplace-entitlement``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mediapackagev2``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``medical-imaging``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``memorydb``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``migrationhub-config``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``networkflowmonitor``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``osis``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``personalize``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``personalize-runtime``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``pinpoint-sms-voice``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``polly``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``pricing``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``qldb``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``qldb-session``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``route53-recovery-control-config``: [``botocore``] Update endpoint ruleset parameters
casing
* api-change:``ssm``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ssm-contacts``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ssm-guiconnect``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``timestream-query``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``voice-id``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``workspaces-web``: [``botocore``] Update endpoint ruleset parameters casing
- from version 1.40.53
* api-change:``bedrock``: [``botocore``] Amazon Bedrock Automated Reasoning Policy now offers
enhanced AWS KMS integration. The CreateAutomatedReasoningPolicy API includes a new kmsKeyId field,
allowing customers to specify their preferred KMS key for encryption, improving control and
compliance with AWS encryption mandates.
* api-change:``docdb``: [``botocore``] Add support for NetworkType field in CreateDbCluster,
ModifyDbCluster, RestoreDbClusterFromSnapshot and RestoreDbClusterToPointInTime for DocumentDB.
* api-change:``ec2``: [``botocore``] Introducing EC2 Capacity Manager for monitoring and analyzing
capacity usage across On-Demand Instances, Spot Instances, and Capacity Reservations.
* api-change:``elbv2``: [``botocore``] This release expands Listener Rule Conditions to support
RegexValues and adds support for a new Transforms field in Listener Rules.
* api-change:``guardduty``: [``botocore``] Added default pagination value for
ListMalwareProtectionPlans API and updated UpdateFindingsFeedback API
* api-change:``lightsail``: [``botocore``] Add support for manage Lightsail Bucket CORS
configuration
* api-change:``timestream-influxdb``: [``botocore``] This release adds support for creating and
managing InfluxDB 3 Core and Enterprise DbClusters.
- from version 1.40.52
* api-change:``appstream``: [``botocore``] This release introduces support for Microsoft license
included applications streaming.
* api-change:``backup``: [``botocore``] The AWS Backup job attribute extension enhancement helps
customers better understand the plan that initiated each job, and the properties of the resource
each job creates.
* api-change:``connect``: [``botocore``] SDK release for TaskTemplateInfo in Contact for
DescribeContact response.
* api-change:``datazone``: [``botocore``] Support creating scoped and trustedIdentityPropagation
enabled connections.
* api-change:``ec2``: [``botocore``] This release adds support for creating instant, point-in-time
copies of EBS volumes within the same Availability Zone
* api-change:``transcribe``: [``botocore``] Move UntagResource API body member to query parameter
* api-change:``transfer``: [``botocore``] SFTP connectors now support routing connections via
customers' VPC. This enables connections to remote servers that are only accessible in a customer's
VPC environment, and to servers that are accessible over the internet but need connections coming
from an IP address in a customer VPC's CIDR range.
- from version 1.40.51
* api-change:``bedrock-agentcore``: [``botocore``] Updated InvokeAgentRuntime API to accept account
id optionally and added CompleteResourceTokenAuth API.
* api-change:``bedrock-agentcore-control``: [``botocore``] Updated http status code in control
plane apis of agentcore runtime, tools and identity. Additional included provider types for
AgentCore Identity
* api-change:``ec2``: [``botocore``] Release Amazon EC2 c8i, c8i-flex, m8a, and r8gb
* api-change:``observabilityadmin``: [``botocore``] CloudWatch Observability Admin adds the ability
to enable Resource tags for telemetry in a customer account. The release introduces new APIs to
enable, disable and describe the status of Resource tags for telemetry feature. This new capability
simplifies monitoring AWS resources using tags.
- Update BuildRequires and Requires from setup.py
- python-botocore
-
- Update to 1.42.27
* api-change:``bedrock``: This change will increase TestCase guardContent input size from 1024 to
2028 characters and PolicyBuildDocumentDescription from 2000 to 4000 characters
* api-change:``datazone``: Adds support for IAM role subscriptions to Glue table listings via
CreateSubscriptionRequest API. Also adds owningIamPrincipalArn filter to List APIs and
subscriptionGrantCreationMode parameter to subscription target APIs for controlling grant creation
behavior.
- from version 1.42.26
* api-change:``billing``: Cost Categories filtering support to BillingView data filter expressions
through the new costCategories parameter, enabling users to filter billing views by AWS Cost
Categories for more granular cost management and allocation.
* api-change:``iot-managed-integrations``: This release introduces WiFi Simple Setup (WSS) enabling
device provisioning via barcode scanning with automated network discovery, authentication, and
credential provisioning. Additionally, it introduces 2P Device Capability Rediscovery for updating
hub-managed device capabilities post-onboarding.
* api-change:``sagemaker``: Added ultraServerType to the UltraServerInfo structure to support
server type identification for SageMaker HyperPod
- from version 1.42.25
* api-change:``bedrock-agentcore-control``: Adds optional field "view" to GetMemory API input to
give customers control over whether CMK encrypted data such as strategy decryption or override
prompts is returned or not.
* api-change:``cloudfront``: Added EntityLimitExceeded exception handling to the following API
operations AssociateDistributionWebACL, AssociateDistributionTenantWebACL,
UpdateDistributionWithStagingConfig
* api-change:``glue``: Adding MaterializedViews task run APIs
* api-change:``medialive``: MediaPackage v2 output groups in MediaLive can now accept one
additional destination for single pipeline channels and up to two additional destinations for
standard channels. MediaPackage v2 destinations now support sending to cross region MediaPackage
channels.
* api-change:``transcribe``: Adds waiters to Amazon Transcribe.
- from version 1.42.24
* api-change:``workspaces``: Add StateMessage and ProgressPercentage fields to
DescribeCustomWorkspaceImageImport API response.
- from version 1.42.23
* api-change:``ce``: This release updates existing reservation recommendations API to support
deployment model.
* api-change:``emr-serverless``: Added support for enabling disk encryption using customer managed
AWS KMS keys to CreateApplication, UpdateApplication and StartJobRun APIs.
- from version 1.42.22
* api-change:``cleanroomsml``: AWS Clean Rooms ML now supports advanced Spark configurations to
optimize SQL performance when creating an MLInputChannel or an audience generation job.
- from version 1.42.21
* bugfix:``s3``: Clarify ``payload_signing_enabled`` documentation to cover interaction with
``request_checksum_calculation``
- from version 1.42.20
* api-change:``cleanrooms``: Added support for publishing detailed metrics to CloudWatch for
operational monitoring of collaborations, including query performance and resource utilization.
* api-change:``identitystore``: This change introduces "Roles" attribute for User entities
supported by AWS Identity Store SDK.
- from version 1.42.19
* api-change:``connect``: Adds support for searching global contacts using the ActiveRegions
filter, and pagination support for ListSecurityProfileFlowModules and ListEntitySecurityProfiles.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``kafkaconnect``: This change sets the KafkaConnect GovCloud FIPS and FIPS DualStack
endpoints to use kafkaconnect instead of kafkaconnect-fips as the service name. This is done to
match the Kafka endpoints.
- from version 1.42.18
* api-change:``connect``: Changes for Contact for Global Search
* api-change:``elastictranscoder``: The elastictranscoder client has been removed following the
deprecation of the service.
* api-change:``quicksight``: This release adds support for quick users to be able to perform role
upgrades on their own. Additionally it allows admins to make this feature admin or auto approval
along with new self upgrade capability that can be restricted by Admins.
- from version 1.42.17
* api-change:``medialive``: AWS Elemental MediaLive now supports Pipeline Locking using Video
Alignment as well as linked single pipeline channels to enable cross-channel and cross-region
Pipeline Locking workflows.
- from version 1.42.16
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``geo-places``: Adds support for InferredSecondaryAddress place type, Designator in
SecondaryAddressComponent and Heading in ReverseGeocode.
* api-change:``pinpoint-sms-voice-v2``: This release adds support for the Registration Reviewer
feature, which provides generative AI feedback on a phone number or sender ID registration to
ensure completeness before sending to downstream (carrier) review.
* api-change:``s3``: Add additional validation to Outpost bucket names.
- from version 1.42.15
* api-change:``config``: Added supported resourceTypes for Config from July to November 2025
* api-change:``ec2``: Adds support for linkedGroupId on the CreatePlacementGroup and
DescribePlacementGroups APIs. The linkedGroupId parameter is reserved for future use.
* api-change:``guardduty``: Make accountIds a required field in GetRemainingFreeTrialDays API to
reflect service behavior.
* api-change:``pcs``: Change API Reference Documentation for default Mode in Accounting and
SlurmRest
- from version 1.42.14
* api-change:``arc-region-switch``: Automatic Plan Execution Reports allow customers to maintain a
concise record of their Region switch Plan executions. This enables customer SREs and leadership
to have a clear view of their recovery posture based on the generated reports for their Plan
executions.
* api-change:``connect``: Adding support for Custom Metrics and Pre-Defined Attributes to
GetCurrentMetricData API.
* api-change:``emr-serverless``: Added JobLevelCostAllocationConfiguration field to enable cost
allocation reporting at the job level, providing more granular visibility into EMR Serverless
charges
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``iot``: This release adds event-based logging feature that enables granular event
logging controls for AWS IoT logs.
* api-change:``qbusiness``: It is a internal bug fix for region expansion
* api-change:``wickr``: AWS Wickr now provides a suite of admin APIs to allow you to
programmatically manage secure communication for Wickr networks at scale. These APIs enable you to
automate administrative workflows including user lifecycle management, network configuration, and
security group administration.
* api-change:``workspaces-web``: Add support for WebAuthn under user settings.
- from version 1.42.13
* api-change:``appstream``: Added support for new operating systems (1) Ubuntu 24.04 Pro LTS on
Elastic fleets, and (2) Microsoft Server 2025 on Always-On and On-Demand fleets
* api-change:``arc-region-switch``: New API to list Route 53 health checks created by ARC region
switch for a plan in a specific AWS Region using the Region switch Regional data plane.
* api-change:``artifact``: Add support for ListReportVersions API for the calling AWS account.
* api-change:``bedrock-agentcore-control``: Feature to support header exchanges between Bedrock
AgentCore Gateway Targets and client, along with propagating query parameter to the configured
targets.
* api-change:``bedrock-data-automation``: Blueprint Optimization (BPO) is a new Amazon Bedrock Data
Automation (BDA) capability that improves blueprint inference accuracy using example content assets
and ground truth data. BPO works by generating better instructions for fields in the Blueprint
using provided data.
* api-change:``cleanrooms``: Adding support for collaboration change requests requiring an approval
workflow. Adding support for change requests that grant or revoke results receiver ability and
modifying auto approved change types in an existing collaboration.
* api-change:``ec2``: This release adds AvailabilityZoneId support for CreateFleet, ModifyFleet,
DescribeFleets, RequestSpotFleet, ModifySpotFleetRequests and DescribeSpotFleetRequests APIs.
* api-change:``ecr``: Adds support for ECR Create On Push
* api-change:``ecs``: Adding support for Event Windows via a new ECS account setting
"fargateEventWindows". When enabled, ECS Fargate will use the configured event window for patching
tasks. Introducing "CapacityOptionType" for CreateCapacityProvider API, allowing support for Spot
capacity for ECS Managed Instances.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``iot``: This release adds message batching for the IoT Rules Engine HTTP action.
* api-change:``opensearch``: Amazon OpenSearch Service adds support for warm nodes, enabling new
multi-tier architecture.
* api-change:``sesv2``: Amazon SES introduces Email Validation feature which checks email addresses
for syntax errors, domain validity, and risky addresses to help maintain deliverability and protect
sender reputation. SES also adds resource tagging and ABAC support for EmailTemplates and
CustomVerificationEmailTemplates.
* api-change:``ssm-sap``: Added "Stopping" for the HANA Database Status.
- from version 1.42.12
* api-change:``gameliftstreams``: Added new stream group operation parameters for scale-on-demand
capacity with automatic prewarming. Added new Gen6 stream classes based on the EC2 G6 instance
family. Added new StartStreamSession parameter for exposure of real-time performance stats to
clients.
* api-change:``guardduty``: Add support for dbiResourceId in finding.
* api-change:``inspector-scan``: Adds an additional OutputFormat
* api-change:``kafkaconnect``: Support dual-stack network connectivity for connectors via
NetworkType field.
* api-change:``mediaconvert``: Adds support for tile encoding in HEVC and audio for video overlays.
* api-change:``mediapackagev2``: This release adds support for SPEKE V2 content key encryption in
MediaPackage v2 Origin Endpoints.
* api-change:``payment-cryptography``: Support for AS2805 standard. Modifications to import-key
and export-key to support AS2805 variants.
* api-change:``payment-cryptography-data``: Support for AS2805 standard. New API
GenerateAs2805KekValidation and changes to translate pin, GenerateMac and VerifyMac to support
AS2805 key variants.
* api-change:``sagemaker``: Adding the newly launched p6-b300.48xlarge ec2 instance support in
Sagemaker(Hyperpod,Training and Sceptor)
- from version 1.42.11
* api-change:``iot``: Add support for dynamic payloads in IoT Device Management Commands
* api-change:``timestream-influxdb``: This release adds support for rebooting InfluxDB DbInstances
and DbClusters
- from version 1.42.10
* api-change:``bedrock-agentcore-control``: This release updates broken links for AgentCore Policy
APIs in the AWS CLI and SDK resources.
* api-change:``connect``: Amazon Connect now supports outbound WhatsApp contacts via the Send
message block or StartOutboundChatContact API. Send proactive messages for surveys, reminders, and
updates. Offer customers the option to switch to WhatsApp while in queue, eliminating hold time.
* api-change:``ec2``: EC2 Capacity Manager now supports SpotTotalCount, SpotTotalInterruptions and
SpotInterruptionRate metrics for both vCPU and instance units.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``entityresolution``: Support Customer Profiles Integration for AWS Entity Resolution
* api-change:``glacier``: Documentation updates for Amazon Glacier's maintenance mode
* api-change:``health``: Updating Health API endpoint generation for dualstack only regions
* api-change:``logs``: This release allows you to import your historical CloudTrail Lake data into
CloudWatch with a few steps, enabling you to easily consolidate operational, security, and
compliance data in one place.
* api-change:``mediatailor``: Added support for Ad Decision Server Configuration enabling HTTP POST
requests with custom bodies, headers, GZIP compression, and dynamic variables. No changes required
for existing GET request configurations.
* api-change:``route53resolver``: Adds support for enabling detailed metrics on Route 53 Resolver
endpoints using RniEnhancedMetricsEnabled and TargetNameServerMetricsEnabled in the
CreateResolverEndpoint and UpdateResolverEndpoint APIs, providing enhanced visibility into Resolver
endpoint and target name server performance.
* api-change:``s3``: This release adds support for the new optional field 'LifecycleExpirationDate'
in S3 Inventory configurations.
* api-change:``service-quotas``: Add support for SQ Dashboard Api
- from version 1.42.9
* api-change:``bcm-recommended-actions``: Added new freetier action types to RecommendedAction.type.
* api-change:``connect``: Amazon Connect now offers automated post-chat surveys triggered when
customers end conversations. This captures timely feedback while experience is fresh, using either
a no-code form builder or Amazon Lex-powered interactive surveys.
* api-change:``datasync``: Adds Enhanced mode support for NFS and SMB locations. SMB credentials
are now managed via Secrets Manager, and may be encrypted with service or customer managed keys.
Increases AgentArns maximum count to 8 (max 4 per TaskMode). Adds folder counters to
DescribeTaskExecution for Enhanced mode tasks.
* api-change:``workspaces-web``: Adds support for portal branding customization, enabling
administrators to personalize end-user portals with custom assets.
- from version 1.42.8
* api-change:``lambda``: Add Dotnet 10 (dotnet10) support to AWS Lambda.
* api-change:``organizations``: Add support for policy operations on the NETWORK SECURITY DIRECTOR
POLICY policy type.
* api-change:``quicksight``: This release adds new GetIdentityContext API, Dashboard customization
options for tables and pivot tables, Visual styling options- borders and decals, map
GeocodingPreferences, KeyPairCredentials for DataSourceCredentials. Snapshot APIs now support
registered users. Parameters limit increased to 400
* api-change:``secretsmanager``: Add SortBy parameter to ListSecrets
* api-change:``sesv2``: Update GetEmailIdentity and CreateEmailIdentity response to include
SigningHostedZone in DkimAttributes. Updated PutEmailIdentityDkimSigningAttributes Response to
include SigningHostedZone.
- from version 1.42.7
* api-change:``bedrock``: Automated Reasoning checks in Amazon Bedrock Guardrails is capable of
generating policy scenarios to validate policies. The
GetAutomatedReasoningPolicyBuildWorkflowResultAssets API now adds POLICY SCENARIO asset type,
allowing customers to retrieve scenarios generated by the build workflow.
* api-change:``billingconductor``: Launch itemized custom line item and service line item filter
* api-change:``cloudwatch``: This release introduces two additional protocols AWS JSON 1.1 and
Smithy RPC v2 CBOR, replacing the currently utilized one, AWSQuery. AWS SDKs will prioritize the
protocol that is the most performant for each language.
* api-change:``odb``: The following APIs now return CloudExadataInfrastructureArn and OdbNetworkArn
fields for improved resource identification and AWS service integration - GetCloudVmCluster,
ListCloudVmClusters, GetCloudAutonomousVmCluster, and ListCloudAutonomousVmClusters.
* api-change:``opensearch``: The CreateApplication API now supports an optional kms key arn
parameter to allow customers to specify a CMK for application encryption.
* api-change:``partnercentral-selling``: Adds support for the new Project.AwsPartition field on
Opportunity and AWS Opportunity Summary. Use this field to specify the AWS partition where the
opportunity will be deployed.
* api-change:``signer``: Adds support for Signer GetRevocationStatus with updated endpoints
- Update to 1.42.6
* api-change:``account``: This release adds a new API (GetGovCloudAccountInformation) used to
retrieve information about a linked GovCloud account from the standard AWS partition.
* api-change:``appsync``: Update Event API to require EventConfig parameter in creation and update
requests.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``guardduty``: Adding support for Ec2LaunchTemplate Version field
* api-change:``ivs-realtime``: Token Exchange introduces seamless token exchange capabilities for
IVS RTX, enabling customers to upgrade or downgrade token capabilities and update token attributes
within the IVS client SDK without forcing clients to disconnect and reconnect.
* api-change:``mgn``: Added parameters encryption, IPv4/IPv6 protocol configuration, and enhanced
tagging support for replication operations.
* api-change:``route53``: Amazon Route 53 now supports the EU (Germany) Region (eusc-de-east-1) for
latency records, geoproximity records, and private DNS for Amazon VPCs in that region
- Update to 1.42.5
* api-change:``ce``: Add support for Cost Category resource associations including filtering by
resource type on ListCostCategoryDefinitions and new ListCostCategoryResourceAssociations API.
* api-change:``ec2``: Amazon EC2 P6-B300 instances provide 8x NVIDIA Blackwell Ultra GPUs with 2.1
TB high bandwidth GPU memory, 6.4 Tbps EFA networking, 300 Gbps dedicated ENA throughput, and 4 TB
of system memory. Amazon EC2 C8a instances are powered by 5th Gen AMD EPYC processors with a
maximum frequency of 4.5 GHz.
* api-change:``identitystore``: Updating AWS Identity Store APIs to support Attribute Extensions
capability, with the first release adding Enterprise Attributes. This launch aligns Identity Store
APIs with SCIM for enterprise attributes, reducing cases when customers are forced to use SCIM due
to lack of SigV4 API support.
* api-change:``partnercentral-selling``: Deal Sizing Service for AI-based deal size estimation with
AWS service-level breakdown, supporting Expansion and Migration deals across Technology, and
Reseller partner cohorts, including Pricing Calculator AddOn for MAP deals and funding incentives.
* api-change:``rds``: Adding support for tagging RDS Instance/Cluster Automated Backups
* api-change:``redshift-serverless``: Added GetIdentityCenterAuthToken API to retrieve encrypted
authentication tokens for Identity Center integrated serverless workgroups. This API enables
programmatic access to secure Identity Center tokens with proper error handling and parameter
validation across supported SDK languages.
* api-change:``rolesanywhere``: Increases certificate string length for trust anchor source data to
support ML-DSA certificates.
* api-change:``sesv2``: Update Mail Manager Archive ARN validation
* enhancement:ContainerProvider: The ContainerProvider now works with arbitray HTTPS URLs for
`AWS_CONTAINER_CREDENTIALS_FULL_URI`.
- from version 1.42.4
* api-change:``ecs``: Updating stop-task API to encapsulate containers with custom stop signal
* api-change:``iam``: Adding the ExpirationTime attribute to the delegation request resource.
* api-change:``inspector2``: This release adds a new ScanStatus called "Unsupported Code
Artifacts". This ScanStatus will be returned when a Lambda function was not code scanned because it
has unsupported code artifacts.
* api-change:``partnercentral-account``: Adding Verification API's to Partner Central Account SDK.
* api-change:``sesv2``: Updating the desired url for `PutEmailIdentityDkimSigningAttributes` from
v1 to v2
* enhancement:AWSCRT: Update awscrt version to 0.29.2
- from version 1.42.3
* api-change:``lambda``: Add DisallowedByVpcEncryptionControl to the LastUpdateStatusReasonCode and
StateReasonCode enums to represent failures caused by VPC Encryption Controls.
- from version 1.42.2
* api-change:``bedrock``: Adding support in Amazon Bedrock to customize models with reinforcement
fine-tuning (RFT) and support for updating the existing Custom Model Deployments.
* api-change:``sagemaker``: Introduces Serverless training: A fully managed compute infrastructure
that abstracts away all infrastructure complexity, allowing you to focus purely on model
development.
Added AI model customization assets used to train, refine, and evaluate custom models during the
model customization process.
- from version 1.42.1
* api-change:``bedrock``: Adds the audioDataDeliveryEnabled boolean field to the Model Invocation
Logging Configuration.
* api-change:``bedrock-agentcore``: Support for AgentCore Evaluations and Episodic memory strategy
for AgentCore Memory.
* api-change:``bedrock-agentcore-control``: Supports AgentCore Evaluations, Policy, Episodic Memory
Strategy, Resource Based Policy for Runtime and Gateway APIs, API Gateway Rest API Targets and
enhances JWT authorizer.
* api-change:``bedrock-runtime``: Adds support for Audio Blocks and Streaming Image Output plus new
Stop Reasons of malformed_model_output and malformed_tool_use.
* api-change:``ce``: This release updates existing Savings Plans Purchase Analyzer and
Recommendations APIs to support Database Savings Plans.
* api-change:``datazone``: Amazon DataZone now supports exporting Catalog datasets as Amazon S3
tables, and provides automatic business glossary term suggestions for data assets.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``fsx``: S3 Access Points support for FSx for NetApp ONTAP
* api-change:``guardduty``: Adding support for extended threat detection for Amazon EC2 and Amazon
ECS. Adding support for wild card suppression rules.
* api-change:``lambda``: Launching Lambda durable functions - a new feature to build reliable
multi-step applications and AI workflows natively within the Lambda developer experience.
* api-change:``logs``: CloudWatch Logs adds managed S3 Tables integration to access logs using
other analytical tools, as well as facets and field indexing to simplify log analytics in
CloudWatch Logs Insights.
* api-change:``nova-act``: Initial release of Nova Act SDK. The Nova Act service enables customers
to build and manage fleets of agents for automating production UI workflows with high reliability,
fastest time-to-value, and ease of implementation at scale.
* api-change:``observabilityadmin``: CloudWatch Observability Admin adds pipelines configuration
for third party log ingestion and transformation of all logs ingested, integration of CloudWatch
logs with S3 Tables, and AWS account or organization level enablement for 7 AWS services.
* api-change:``opensearch``: GPU-acceleration helps you build large-scale vector databases faster
and more efficiently. You can enable this feature on new OpenSearch domains and OpenSearch
Serverless collections. This feature uses GPU-acceleration to reduce the time needed to index data
into vector indexes.
* api-change:``opensearchserverless``: GPU-acceleration helps you build large-scale vector
databases faster and more efficiently. You can enable this feature on new OpenSearch domains and
OpenSearch Serverless collections. This feature uses GPU-acceleration to reduce the time needed to
index data into vector indexes.
* api-change:``rds``: RDS Oracle and SQL Server: Add support for adding, modifying, and removing
additional storage volumes, offering up to 256TiB storage; RDS SQL Server: Support Developer
Edition via custom engine versions for development and testing purposes; M7i/R7i instances with
Optimize CPU for cost savings.
* api-change:``s3``: New S3 Storage Class FSX_ONTAP
* api-change:``s3control``: Add support for S3 Storage Lens Advanced Performance Metrics, Expanded
Prefixes metrics report, and export to S3 Tables.
* api-change:``s3tables``: Add storage class, replication, and table record expiration features to
S3 Tables.
* api-change:``s3vectors``: Amazon S3 Vectors provides cost-effective, elastic, and durable vector
storage for queries based on semantic meaning and similarity.
* api-change:``sagemaker``: Added support for serverless MLflow Apps.
Added support for new HubContentTypes (DataSet and JsonDoc) in Private Hub for AI model
customization assets, enabling tracking and management of training datasets and evaluators (reward
functions/prompts) throughout the ML lifecycle.
* api-change:``savingsplans``: Added support for Amazon Database Savings Plans
* api-change:``securityhub``: ITSM enhancements: DRYRUN mode for testing ticket creation,
ServiceNow now uses AWS Secrets Manager for credentials, ConnectorRegistrationsV2 renamed to
RegisterConnectorV2, added ServiceQuotaExceededException error, and ConnectorStatus visibility in
CreateConnectorV2.
- from version 1.41.6
* api-change:``appintegrations``: This release adds support for MCP servers via the ApplicationType
field, allowing customers to register their Bedrock AgentCore gateways as third party applications.
* api-change:``bedrock-agent``: Support audio and video ingestion on Bedrock Knowledge Bases.
* api-change:``bedrock-agent-runtime``: Support audio and video content retrieval on Bedrock
Knowledge Bases.
* api-change:``cleanrooms``: AWS Clean Rooms now supports privacy-enhancing synthetic dataset
generation for custom ML training.
* api-change:``cleanroomsml``: AWS Clean Rooms ML now supports privacy-enhancing synthetic dataset
generation for custom ML training.
* api-change:``connect``: This is a combined re:Invent release for Amazon Connect.
* api-change:``connectcampaignsv2``: This release added support for new WhatsApp channel and
Journey type outbound campaign
* api-change:``connectparticipant``: Amazon Connect now supports message processing that intercepts
and processes chat messages before they reach any participant.
* api-change:``customer-profiles``: This release introduces, CRUD APIs for the DomainObjectType and
Recommender resources, APIs to offer statistical insights on Object Type Attributes, Changes to
SegmentDefinition APIs to support SQL queries to create Segments, and Changes to Domain APIs to
support Data Store.
* api-change:``eks``: This release adds support for EKS Capabilities
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``glue``: feature: Glue: Add support for Iceberg materialized view in Glue Data
Catalog, including updated CreateTable API to support materialized views and new APIs for managing
data refresh for materialized views.
feature: Glue: Add support for Iceberg table encryption keys and struct field defaults.
* api-change:``lambda``: Launching Lambda Managed Instances - a new feature to run Lambda on EC2.
* api-change:``lexv2-models``: Adds support for speech-to-speech models for human-like, adaptive,
and expressive voice interactions. Also adds support for speech model preference, allowing
customers to select which speech model they want to use for speech-to-text requests.
* api-change:``marketplace-agreement``: This release supports 1/multi-product transactions via
offer sets. DescribeAgreement and SearchAgreements APIs now return offer set IDs. SearchAgreements
also supports filtering by offer set ID and 2/variable payment pricing terms will be returned
through GetAgreementTerms.
* api-change:``marketplace-catalog``: This release introduces offer set entity in AWS Marketplace
Catalog API to enable multi-product transaction. Offer set enables sellers to group multiple
private offers into a single-click purchase experience, simplifying procurement for customers
purchasing multi-product solutions.
* api-change:``partnercentral-account``: Initial GA launch of Partner Central Account
* api-change:``partnercentral-benefits``: Initial GA launch of Partner Central Benefits
* api-change:``partnercentral-selling``: New Features:
Lead Management APIs for capturing and nurturing leads
Lead invitation support for partner collaboration
Lead-to-opportunity conversion operations
AWS Marketplace OfferSets support for opportunities
* api-change:``personalize``: This release adds support for includedDatasetColumns and
performIncrementalUpdate in solution APIs, and rankingInfluence in campaign and batch inference
APIs.
* api-change:``qconnect``: New AIAgent types: Orchestration for ModelContextProtocol tool
integration, CaseSummary for Amazon Connect Case summaries, NoteTaker for Agent Assistance notes.
Added ListSpans and Retrieve APIs. Enhanced Q in Connect AssistantAssociationType to support Bring
Your Own Bedrock Knowledge Bases.
* api-change:``route53globalresolver``: Add SDK for Amazon Route 53 Global Resolver, a fully
managed DNS resolver service that offers broad DNS-filtering security controls.
* enhancement:AWSCRT: Update awscrt version to 0.29.1
- from version 1.41.5
* api-change:``bedrock-runtime``: Bedrock Runtime Reserved Service Support
* api-change:``compute-optimizer``: Compute Optimizer now identifies idle NAT Gateway resources for
cost optimization based on traffic patterns and backup configuration analysis. Access
recommendations via the GetIdleRecommendations API.
* api-change:``cost-optimization-hub``: This release enables AWS Cost Optimization Hub to show cost
optimization recommendations for NAT Gateway.
- from version 1.41.4
* api-change:``ec2``: This release adds support to view Network firewall proxy appliances attached
to an existing NAT Gateway via DescribeNatGateways API NatGatewayAttachedAppliance structure.
* api-change:``network-firewall``: Network Firewall release of the Proxy feature.
* api-change:``organizations``: Add support for policy operations on the S3_POLICY and
BEDROCK_POLICY policy type.
* api-change:``route53``: Adds support for new route53 feature: accelerated recovery.
- Update to 1.41.3
* api-change:``cloudfront``: Add TrustStore, ConnectionFunction APIs to CloudFront SDK
* api-change:``logs``: New CloudWatch Logs feature - LogGroup Deletion Protection, a capability
that allows customers to safeguard their critical CloudWatch log groups from accidental or
unintended deletion.
* enhancement:awscrt: Update awscrt version to 0.29.0
- from version 1.41.2
* api-change:``apigateway``: API Gateway supports VPC link V2 for REST APIs.
* api-change:``athena``: Introduces Spark workgroup features including log persistence,
S3/CloudWatch delivery, UI and History Server APIs, and SparkConnect 3.5.6 support. Adds DPU usage
limits at workgroup and query levels as well as DPU usage tracking for Capacity Reservation queries
to optimize performance and costs.
* api-change:``bedrock``: Add support to automatically enforce safeguards across accounts within an
AWS Organization.
* api-change:``bedrock-agentcore-control``: Support for agentcore gateway interceptor
configurations and NONE authorizer type
* api-change:``bedrock-data-automation-runtime``: Adding new fields to GetDataAutomationStatus:
jobSubmissionTime, jobCompletionTime, and jobDurationInSeconds
* api-change:``bedrock-runtime``: Add support to automatically enforce safeguards across accounts
within an AWS Organization.
* api-change:``cloudformation``: Adds the DependsOn field to the AutoDeployment configuration
parameter for CreateStackSet, UpdateStackSet, and DescribeStackSet APIs, allowing users to set and
read auto-deployment dependencies between StackSets
* api-change:``compute-optimizer-automation``: Initial release of AWS Compute Optimizer Automation.
Create automation rules to implement recommended actions on a recurring schedule based on your
specified criteria. Supported actions include: snapshot and delete unattached EBS volumes and
upgrade volume types to the latest generation.
* api-change:``connect``: New APIs to support aliases and versions for ContactFlowModule. Updated
ContactFlowModule APIs to support custom blocks.
* api-change:``controltower``: The manifest field is now optional for the AWS Control Tower
CreateLandingZone and UpdateLandingZone APIs for Landing Zone version 4.0
* api-change:``ec2``: This release adds a new capability to create and manage interruptible EC2
Capacity Reservations.
* api-change:``ecr``: Add support for ECR managed signing
* api-change:``eks``: Adds support for controlPlaneScalingConfig on EKS Clusters.
* api-change:``elbv2``: This release adds the health check log feature in ALB, allowing customers
to send detailed target health check log data directly to their designated Amazon S3 bucket.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``invoicing``: Added the CreateProcurementPortalPreference,
GetProcurementPortalPreference, PutProcurementPortalPreference,
UpdateProcurementPortalPreferenceStatus, ListProcurementPortalPreferences and
DeleteProcurementPortalPreference APIs for procurement portal preference management.
* api-change:``kinesisvideo``: This release adds support for Tiered Storage
* api-change:``kms``: Support for on-demand rotation of AWS KMS Multi-Region keys with imported key
material
* api-change:``lambda``: Launching Enhanced Error Handling and ESM Grouping capabilities for Kafka
ESMs
* api-change:``lexv2-models``: Adds support for Intent Disambiguation, allowing resolution of
ambiguous user inputs when multiple intents match by presenting clarifying questions to users. Also
adds Speech Detection Sensitivity configuration for optimizing voice activity detection sensitivity
levels in various noise environments.
* api-change:``mailmanager``: Add support for resources in the aws-eusc partition.
* api-change:``marketplace-entitlement``: Endpoint update for new region
* api-change:``mediapackagev2``: Adds support for excluding session key tags from HLS multivariant
playlists
* api-change:``meteringmarketplace``: Endpoint update for new region
* api-change:``odb``: Adds AssociateIamRoleToResource and DisassociateIamRoleFromResource APIs for
managing IAM roles. Enhances CreateOdbNetwork and UpdateOdbNetwork APIs with KMS, STS, and
cross-region S3 parameters. Adds OCI identity domain support to InitializeService API.
* api-change:``organizations``: Add support for policy operations on the UPGRADE_ROLLOUT_POLICY
policy type.
* api-change:``qconnect``: This release introduces two new messaging channel subtypes: Push,
WhatsApp, under MessageTemplate which is a resource in Amazon Q in Connect.
* api-change:``quicksight``: Amazon Quick Suite now supports QuickChat as an embedding type when
calling the GenerateEmbedUrlForRegisteredUser API, enabling developers to embed conversational AI
agents directly into their applications.
* api-change:``rds``: Add support for Upgrade Rollout Order
* api-change:``redshift``: Added support for Amazon Redshift Federated Permissions and AWS IAM
Identity Center trusted identity propagation.
* api-change:``redshift-serverless``: Added UpdateLakehouseConfiguration API to manage Amazon
Redshift Federated Permissions and AWS IAM Identity Center trusted identity propagation for
namespaces.
* api-change:``sagemaker``: Enhanced SageMaker HyperPod instance groups with support for
MinInstanceCount, CapacityRequirements (Spot/On-Demand), and KubernetesConfig (labels and taints).
Also Added speculative decoding and MaxInstanceCount for model optimization jobs.
* api-change:``security-ir``: Add ListInvestigations and SendFeedback APIs to support SecurityIR AI
agents
* api-change:``sesv2``: Added support for new SES regions - Asia Pacific (Malaysia) and Canada
(Calgary)
* api-change:``transfer``: Adds support for creating Webapps accessible from a VPC.
- from version 1.41.1
* api-change:``application-signals``: Amazon CloudWatch Application Signals now supports
un-instrumented services discovery, cross-account views, and change history, helping SRE and DevOps
teams monitor and troubleshoot their large-scale distributed applications.
* api-change:``autoscaling``: This release adds support for three new features: 1) Image ID
overrides in mixed instances policy, 2) Replace Root Volume - a new strategy for Instance Refresh,
and 3) Instance Lifecycle Policy for enhanced instance lifecycle management.
* api-change:``bedrock-agentcore``: Bedrock AgentCore Memory release for redriving memory
extraction jobs (StartMemoryExtractionJob and ListMemoryExtractionJob)
* api-change:``bedrock-data-automation``: Added support for Synchronous project type and PII
Detection and Redaction
* api-change:``bedrock-data-automation-runtime``: Bedrock Data Automation Runtime Sync API
* api-change:``braket``: Add support for Braket spending limits.
* api-change:``budgets``: Add BillingViewHealthStatusException to DescribeBudgetPerformanceHistory
and ServiceQuotaExceededException to UpdateBudget for improved error handling with Billing Views.
* api-change:``cloudfront``: This release adds support for bring your own IP (BYOIP) to
CloudFront's CreateAnycastIpList API through an optional IpamCidrConfigs field.
* api-change:``cloudtrail``: AWS launches CloudTrail aggregated events to simplify monitoring of
data events at scale. This feature delivers both granular and summarized data events for resources
like S3/Lambda, helping security teams identify patterns without custom aggregation logic.
* api-change:``connect``: Add optional ability to exclude users from send notification actions for
Contact Lens Rules.
* api-change:``datasync``: The partition value "aws-eusc" is now permitted for ARN (Amazon Resource
Name) fields.
* api-change:``devicefarm``: Add support for environment variables and an IAM execution role.
* api-change:``dms``: Added support for customer-managed KMS key (CMK) for encryption for import
private key certificate. Additionally added Amazon SageMaker Lakehouse endpoint used for zero-ETL
integrations with data warehouses.
* api-change:``dsql``: Added clusterVpcEndpoint field to GetVpcEndpointServiceName API response,
returning the VPC connection endpoint for the cluster
* api-change:``ec2``: This release adds support for multiple features including: VPC Encryption
Control for the status of traffic flow; S2S VPN BGP Logging; TGW Flexible Costs; IPAM allocation of
static IPs from IPAM pools to CF Anycast IP lists used on CloudFront distribution; and EBS Volume
Integration with Recycle Bin
* api-change:``ecs``: Launching Amazon ECS Express Mode - a new feature that enables developers to
quickly launch highly available, scalable containerized applications with a single command.
* api-change:``elbv2``: This release adds the target optimizer feature in ALB, enabling strict
concurrency enforcement on targets.
* api-change:``emr``: Add support for configuring S3 destination for step logs on a per-step basis.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``glue``: Added FunctionType parameter to Glue GetuserDefinedFunctions.
* api-change:``imagebuilder``: EC2 Image Builder now enables the distribution of existing AMIs,
retry distribution, and define distribution workflows. It also supports automatic versioning for
recipes and components, allowing automatic version increments and dynamic referencing in pipelines.
* api-change:``kinesis``: Kinesis Data Streams now supports up to 50 Enhance Fan-out consumers for
On-demand Advantage Streams. On-demand Standard and Provisioned streams will continue with the
existing limit of 20 consumers for Enhanced Fan-out.
* api-change:``lakeformation``: Added ServiceIntegrations as a request parameter for
CreateLakeFormationIdentityCenterConfigurationRequest and
UpdateLakeFormationIdentityCenterConfigurationRequest and response parameter for
DescribeLakeFormationIdentityCenterConfigurationResponse
* api-change:``license-manager``: Added cross-account resource aggregation via license asset groups
and expiry tracking for Self-Managed Licenses. Extended Org-Wide View to Self-Managed Licenses,
added reporting for license asset groups, and removed Athena/Glue dependencies for cross-account
resource discovery in commercial regions.
* api-change:``networkmanager``: This release adds support for Cloud WAN Routing Policy providing
customers sophisticated routing controls to better manage their global networks
* api-change:``organizations``: Added new APIs for Billing Transfer, new policy type
INSPECTOR_POLICY, and allow an account to transfer between organizations
* api-change:``quicksight``: Introducing comprehensive theme styling controls. New features include
border customization (radius, width, color), flexible padding controls, background styling for
cards and sheets, centralized typography management, and visual-level override support across
layouts.
* api-change:``rbin``: Add support for EBS volume in Recycle Bin
* api-change:``rds``: Add support for VPC Encryption Controls.
* api-change:``redshift-data``: Increasing the length limit of Statement Name from 500 to 2048.
* api-change:``s3``: Enable / Disable ABAC on a general purpose bucket.
* api-change:``sagemaker``: Added training plan support for inference endpoints. Added HyperPod
task governance with accelerator partition-based quota allocation. Added BatchRebootClusterNodes
and BatchReplaceClusterNodes APIs. Updated ListClusterNodes to include privateDnsHostName.
* api-change:``securityhub``: Release Findings and Resources Trends APIs- GetFindingsTrendsV2 and
GetResourcesTrendsV2. This supports time-series aggregated counts with composite filtering for
1-year of historical data analysis of Findings and Resources.
- from version 1.41.0
* api-change:``apigateway``: API Gateway now supports response streaming and new security policies
for REST APIs and custom domain names.
* api-change:``apigatewayv2``: Support for API Gateway portals and portal products.
* api-change:``backup``: Amazon GuardDuty Malware Protection now supports AWS Backup, extending
malware detection capabilities to EC2, EBS, and S3 backups.
* api-change:``bcm-pricing-calculator``: Add GroupSharingPreference,
CostCategoryGroupSharingPreferenceArn, and CostCategoryGroupSharingPreferenceEffectiveDate to Bill
Estimate. Add GroupSharingPreference and CostCategoryGroupSharingPreferenceArn to Bill Scenario.
* api-change:``bedrock-runtime``: This release includes support for Search Results.
* api-change:``billing``: Added name filtering support to ListBillingViews API through the new
names parameter to efficiently filter billing views by name.
* api-change:``billingconductor``: This release adds support for Billing Transfers, enabling
management of billing transfers with billing groups on AWS Billing Conductor.
* api-change:``ce``: Add support for COST_CATEGORY, TAG, and LINKED_ACCOUNT AWS managed cost
anomaly detection monitors
* api-change:``cloudtrail``: AWS CloudTrail now supports Insights for data events, expanding beyond
management events to automatically detect unusual activity on data plane operations.
* api-change:``connectcampaignsv2``: This release added support for ring timer configuration for
campaign calls.
* api-change:``cost-optimization-hub``: Release ListEfficiencyMetrics API
* api-change:``datazone``: Amazon DataZone now supports business metadata (readme and metadata
forms) at the individual attribute (column) level, a new rule type for glossary terms, and the
ability to update the owner of the root domain unit.
* api-change:``dynamodb``: Extended Global Secondary Index (GSI) composite keys to support up to 8
attributes.
* api-change:``ec2``: This launch adds support for two new features: Regional NAT Gateway and IPAM
Policies. IPAM policies offers customers central control for public IPv4 assignments across AWS
services. Regional NAT is a single NAT Gateway that automatically expands across AZs in a VPC to
maintain high availability.
* api-change:``ecr``: Add support for ECR archival storage class and Inspector org policy for
scanning
* api-change:``ecs``: Added support for Amazon ECS Managed Instances infrastructure optimization
configuration.
* api-change:``emr``: Add CloudWatch Logs integration for Spark driver, executor and step logs
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``fsx``: Adding File Server Resource Manager configuration to FSx Windows
* api-change:``guardduty``: Add support for scanning and viewing scan results for backup resource
types
* api-change:``health``: Adds actionability and personas properties to Health events exposed
through DescribeEvents, DescribeEventsForOrganization, DescribeEventDetails, and DescribeEventTypes
APIs. Adds filtering by actionabilities and personas in EventFilter, OrganizationEventFilter,
EventTypeFilter.
* api-change:``iam``: Added the EnableOutboundWebIdentityFederation,
DisableOutboundWebIdentityFederation and GetOutboundWebIdentityFederationInfo APIs for the IAM
outbound federation feature.
* api-change:``inspector2``: This release introduces BLOCKED_BY_ORGANIZATION_POLICY error code and
IMAGE_ARCHIVED scanStatusReason. BLOCKED_BY_ORGANIZATION_POLICY error code is returned when an
operation is blocked by an AWS Organizations policy. IMAGE_ARCHIVED scanStatusReason is returned
when an Image is archived in ECR.
* api-change:``invoicing``: Add support for adding Billing transfers in Invoice configuration
* api-change:``lambda``: Added support for creating and invoking Tenant Isolated functions in AWS
Lambda APIs.
* api-change:``logs``: Adding support for ocsf version 1.5, add optional parameter MappingVersion
* api-change:``mediaconnect``: This release adds support for global routing in AWS Elemental
MediaConnect. You can now use router inputs and router outputs to manage global video and audio
routing workflows both within the AWS-Cloud and over the public internet.
* api-change:``medialive``: MediaLive is adding support for MediaConnect Router by supporting a new
input type called MEDIACONNECT_ROUTER. This new input type will provide seamless encrypted
transport between MediaConnect Router and your MediaLive channel.
* api-change:``network-firewall``: Partner Managed Rulegroup feature support
* api-change:``networkflowmonitor``: Added new enum value (AWS::EKS::Cluster) for type field under
MonitorLocalResource
* api-change:``partnercentral-channel``: Initial GA launch of Partner Central Channel
* api-change:``route53``: Add dual-stack endpoint support for Route53
* api-change:``rum``: CloudWatch RUM now supports mobile application monitoring for Android and iOS
platforms
* api-change:``s3``: Adds support for blocking SSE-C writes to general purpose buckets.
* api-change:``sagemaker``: Added support for enhanced metrics for SageMaker AI Endpoints. This
features provides Utilization Metrics at instance and container granularity and also provides easy
configuration of metric publish frequency from 10 sec -> 5 mins
* api-change:``secretsmanager``: Adds support to create, update, retrieve, rotate, and delete
managed external secrets.
* api-change:``signin``: AWS Sign-In manages authentication for AWS services. This service provides
secure authentication flows for accessing AWS resources from the console and developer tools. This
release adds the CreateOAuth2Token API, which can be used to fetch OAuth2 access tokens and refresh
tokens from Sign-In.
* api-change:``stepfunctions``: Adds support to TestState for mocked results and exceptions, along
with additional inspection data.
* api-change:``sts``: IAM now supports outbound identity federation via the STS GetWebIdentityToken
API, enabling AWS workloads to securely authenticate with external services using short-lived JSON
Web Tokens.
* feature:credentials: Adds support for the login credential provider, allowing users to use AWS
Management Console credentials for authentication.
- from version 1.40.76
* api-change:``autoscaling``: This release adds the new LaunchInstances API, which can launch
instances synchronously in an AutoScaling group. The API also returns instances info and launch
error back immediately.
* api-change:``backup``: AWS Backup now supports a low-cost warm storage tier for Amazon S3 backup
data.
* api-change:``bedrock-runtime``: Amazon Bedrock Runtime Service Tier Support Launch
* api-change:``cloudformation``: New CloudFormation DescribeEvents API with operation ID tracking
and failure filtering capabilities to quickly identify root causes of deployment failures. Also, a
DeploymentMode parameter for the CreateChangeSet API that enables creation of drift-aware change
sets for safe drift management.
* api-change:``connect``: This release added support for ring timer configuration for campaign
calls.
* api-change:``ec2``: AWS Site-to-Site VPN now supports VPN Concentrator, a new feature that
enables customers to connect multiple low-bandwidth sites connections through a single attachment,
simplifying multi-site connectivity for distributed enterprises.
* api-change:``iam``: Added the AssociateDelegationRequest, GetDelegationRequest,
AcceptDelegationRequest, RejectDelegatonRequest, ListDelegationRequests, UpdateDelegationRequest,
SendDelegationToken and GetHumanReadableSummary APIs for the IAM temporary delegation feature.
* api-change:``kafka``: Amazon MSK adds three new APIs, ListTopics, DescribeTopic, and
DescribeTopicPartitions for viewing Kafka topics in your MSK clusters.
* api-change:``logs``: CloudWatch Logs updates: Added capability to setup a recurring schedule for
log insights queries. Logs introduced Scheduled Queries (managed through
Create/Update/Get/Delete/List/History Scheduled Query APIs). For more information, see CloudWatch
Logs API documentation.
* api-change:``resourcegroupstaggingapi``: Add support for new ListRequiredTags API used to
retrieve the required tags specified in a customer's effective tag policy.
* api-change:``storagegateway``: Adds support for European Sovereign Cloud ARNs in Storage Gateway
API parameters.
* api-change:``wafv2``: AssociateWebACL, UpdateWebACL and PutLoggingConfiguration will now throw
WAFFeatureNotIncludedInPricingPlanException when the request contains a feature that is not
included in the CloudFront pricing plan of the WebACL.
- from version 1.40.75
* api-change:``appstream``: Adding support for additional instances and extended storage
* api-change:``backup``: AWS Backup now supports specifying a logically air-gapped backup vault as
a primary backup target in backup plans and on-demand backup jobs.
* api-change:``bedrock``: Automated Reasoning checks in Amazon Bedrock Guardrails now automatically
generate Q&A tests for new Automated Reasoning policies. The
GetAutomatedReasoningPolicyBuildWorkflowResultAssets API adds GENERATED_TEST_CASES asset type,
allowing customers to retrieve tests generated by the build workflow.
* api-change:``devicefarm``: This release adds support for interacting with devices during a remote
access session using the remoteDriverEndpoint interface
* api-change:``dms``: This release introduces the SAP ASE(Sybase) Data Provider for AWS Data
Migration Service (DMS). In addition, DMS Schema Conversion now supports this provider, enabling
customers to migrate SAP ASE(Sybase) databases to Amazon RDS for PostgreSQL or Aurora PostgreSQL
seamlessly.
* api-change:``ec2``: This release introduces new APIs: DescribeInstanceSqlHaStates,
DescribeInstanceSqlHaHistoryStates, EnableInstanceSqlHaStandbyDetections and
DisableInstanceSqlHaStandbyDetections on Amazon EC2, allowing customers to enroll and monitor SQL
Server licensing fee savings for their SQL HA EC2 instances.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``glue``: Amazon Glue Releasing 2 the new API ListIntegrationResourceProperties and
DeleteIntegrationResourceProperty along with minor improvement on existing API(s).
* api-change:``guardduty``: Add S3 On-Demand Object Scanning
* api-change:``lexv2-models``: Adds support for LLM as Primary, allowing usage of LLMs as the
default NLU system.
* api-change:``medialive``: Adds configurations for spatial/temporal adaptive quantization in AV1
codec, and conversion to HLG output color space in H265 codec.
* api-change:``mediapackagev2``: Add support for SCTE messages in Segment file output
* api-change:``mwaa-serverless``: Amazon MWAA now offers serverless deployment, eliminating
operational overhead while optimizing costs. The service supports YAML and Python-based workflows,
with 80+ AWS Operators. It provides isolated execution, IAM permissions, and automatic scaling with
pay-per-use pricing.
* api-change:``opensearch``: This release adds index operation APIs to support Automatic Semantic
Enrichment feature
* api-change:``pcs``: Added support for the managed Slurm REST API endpoint
* api-change:``route53resolver``: Adding DICTIONARY_DGA to dns-threat-protection as a new enum
type. Customers can now set rules for dictionary dga protection
- from version 1.40.74
* api-change:``datazone``: Adds support for granting read and write access to Amazon S3 general
purpose buckets using CreateSubscriptionRequest and AcceptSubscriptionRequest APIs. Also adds
search filters for SSOUser and SSOGroup to ListSubscriptions APIs and deprecates "sortBy" parameter
for ListSubscriptions APIs.
* api-change:``ec2``: This release adds AvailabilityZoneId support for
CreateInstanceConnectEndpoint, DescribeInstanceConnectEndpoints, and DeleteInstanceConnectEndpoint
APIs.
* api-change:``imagebuilder``: EC2 Image Builder now supports invoking Lambda functions and
executing Step Functions state machine through image workflows.
* api-change:``medialive``: Removed all the value constraint (min/max) for the shape definitions
(e.g. integerMin0Max3600) on the C2j models to get rid of the need to request an exemption from the
SDK team whenever a shape definition (e.g. integerMin0Max3600) is changed.
* enhancement:AWSCRT: Update awscrt version to 0.28.4
- from version 1.40.73
* api-change:``cloudformation``: CloudFormation now supports GetHookResult API with annotations to
retrieve structured compliance check results and remediation guidance for each evaluated resource,
replacing the previous single-message limitation with detailed validation outcomes.
* api-change:``controlcatalog``: Added support for related control mappings with new
RELATED_CONTROL mapping type in ListControlMappings API.
* api-change:``ec2``: Added support for new accelerator types ("media") and accelerator names
("L4", "L40s", "GAUDI_HL_205", "INFERENTIA2", "TRAINIUM", "TRAINIUM2", "U30") in Attributes Based
Instance Type Selection for launched instance types.
* api-change:``ecr``: Add Amazon ECR FIPS PrivateLink endpoint support
* api-change:``elbv2``: QUIC and TCP_QUIC protocol support for Network Load Balancer (NLB). This
capability enables customers to forward QUIC traffic to their targets with ultra-low latency while
maintaining session stickiness using QUIC Connection IDs.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``iotwireless``: Integration of Device Location with Amazon Sidewalk network for
Amazon Sidewalk enabled devices
* api-change:``mediaconvert``: Lowers minimum duration for black video generator. Adds support for
embedding and signing C2PA content credentials in DASH and CMAF HLS outputs.
* api-change:``rds``: Updated endpoint and service metadata
* api-change:``sagemaker``: Added support for minor version upgrades and AWS Identity Center
integration for SageMaker Hadron Partner Apps, enabling automated version management and IdC
group-based access control.
* api-change:``workspaces-web``: Support for managing web content filtering for defining, tracking
and regulating type of content accessed with WorkSpaces Secure Browser as part of browser settings.
- from version 1.40.72
* api-change:``amp``: Add VPC source configuration support enabling Amazon Managed Service for
Prometheus Collector to collect metrics from MSK clusters.
* api-change:``connect``: Updated Authentication Profile APIs to add support for automatic logout
on user inactivity
* api-change:``dms``: Added support of SQL statements creation, metadata model discovery and
selection rules transformation.
* api-change:``ec2``: Adds complete AMI ancestry tracing from immediate parent through each
preceding generation back to the root AMI
* api-change:``elbv2``: This release expands ALB Authentication to support JWT verification and
adds support for a new JWT validation action in listener rule.
* api-change:``redshift``: Added GetIdentityCenterAuthToken API to retrieve encrypted
authentication tokens for Identity Center integrated applications. This API enables programmatic
access to secure Identity Center tokens with proper error handling and parameter validation across
supported SDK languages.
* api-change:``s3tables``: Adds support for request metrics metrics APIs for S3 Tables
* api-change:``sagemaker``: Add support for trn2.3xlarge instance type for SageMaker Hyperpod
- from version 1.40.71
* api-change:``batch``: Documentation-only update: update API and doc descriptions per EKS
ImageType default value switch from AL2 to AL2023.
* api-change:``bedrock-data-automation``: Added support for Language Expansion feature for BDA
Audio modality.
* api-change:``ec2``: AWS Site-to-Site VPN now supports VPN connections with up to 5 Gbps bandwidth
per tunnel, a 4x improvement from existing limit of 1.25 Gbps.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``medical-imaging``: Added new fields in existing APIs.
* api-change:``rtbfabric``: Added LogSettings and LinkAttribute fields to external links
* api-change:``security-ir``: Added support for configuring communication preferences as well as
clearly displaying case comment author identities.
- from version 1.40.70
* api-change:``acm-pca``: Private Certificate Authority service now supports ML-DSA key algorithms.
* api-change:``appstream``: AWS Appstream support for IPv6
* api-change:``backup``: AWS Backup supports backups of Amazon EKS clusters, including Kubernetes
cluster state and persistent storage attached to the EKS cluster via a persistent volume claim (EBS
volumes, EFS file systems, and S3 buckets).
* api-change:``braket``: Adds ExperimentalCapabilities field to CreateQuantumTask request and
GetQuantumTask response objects. Enables use of experimental software capabilities when creating
quantum tasks.
* api-change:``datazone``: Remove trackingServerName from DataZone Connection MLflowProperties
* api-change:``dsql``: Cluster endpoint added to CreateCluster and GetCluster API responses
* api-change:``ec2``: Amazon EC2 Fleet customers can now filter instance types based on
encryption-in-transit support using Attribute-Based Instance Type Selection (ABIS), eliminating the
manual effort of identifying and selecting compatible instance types for security-sensitive
workloads.
* api-change:``guardduty``: Include tags filed in CreatePublishingDestinationRequest and
DescribePublishingDestinationResponse.
* api-change:``iam``: Added CreateDelegationRequest API, which is not available for general use at
this time.
* api-change:``invoicing``: Added new invoicing get-invoice-pdf API Operation
* api-change:``kafka``: Amazon MSK now supports intelligent rebalancing for MSK Express brokers.
* api-change:``sts``: Added GetDelegatedAccessToken API, which is not available for general use at
this time.
* api-change:``verifiedpermissions``: Amazon Verified Permissions / Features : Adds support for
entity Cedar tags.
* api-change:``wafv2``: AWS WAF now supports CLOUDWATCH_TELEMETRY_RULE_MANAGED as a LogScope
option, enabling automated logging configuration through Amazon CloudWatch Logs for telemetry data
collection and analysis.
- from version 1.40.69
* api-change:``controltower``: Added Parent Identifier support to ListEnabledControls and
GetEnabledControl API. Implemented RemediationType support for Landing Zone operations:
CreateLandingZone, UpdateLandingZone and GetLandingZone APIs
* api-change:``ec2``: Adds PrivateDnsPreference and PrivateDnsSpecifiedDomains to control private
DNS resolution for resource and service network VPC endpoints and
IpamScopeExternalAuthorityConfiguration to integrate Amazon VPC IPAM with a third-party IPAM service
* api-change:``kms``: Added support for new ECC_NIST_EDWARDS25519 AWS KMS key spec
* api-change:``opensearch``: This release introduces the Default Application feature, allowing
users to set, change, or unset a preferred OpenSearch UI application on a per-region basis for a
streamlined and consistent user experience.
* api-change:``vpc-lattice``: Amazon VPC Lattice now supports custom domain name for resource
configurations
- from version 1.40.68
* api-change:``accessanalyzer``: New field totalActiveErrors added to getFindingsStatistics
response.
* api-change:``backup``: AWS Backup now supports customer-managed keys (CMK) for logically
air-gapped vaults, enabling customers to maintain full control over their encryption key lifecycle.
This feature helps organizations meet specific internal governance requirements or external
regulatory compliance standards.
* api-change:``connect``: Added support for Conditional Questions in Evaluation Forms. Introduced
Auto Evaluation capability for Evaluation Forms and Contact Evaluations. Added new API operations:
SearchEvaluationForms and SearchContactEvaluations.
* api-change:``ec2``: Add Amazon EC2 R8a instance types
* api-change:``gamelift``: Amazon GameLift Servers now supports game builds that use the Windows
2022 operating system.
* api-change:``identitystore``: IdentityStore API: added new KMSExceptionReason fields to the
Exception object; added multiple new fields to the User APIs - UserStatus, Birthdate, Website and
Photos; added multiple new metadata fields for User, Groups and Membership APIs - CreatedAt,
CreatedBy, UpdatedAt and UpdatedBy.
* api-change:``quicksight``: Support for New Data Prep Experience
* api-change:``s3tables``: Adds support for tagging APIs for S3 Tables
* api-change:``s3vectors``: Amazon S3 Vectors provides cost-effective, elastic, and durable vector
storage for queries based on semantic meaning and similarity.
* api-change:``sagemaker``: Added NodeProvisioningMode parameter to UpdateCluster API to determine
how instance provisioning is handled during cluster operations; in Continuous mode. Added VpcId
field in UpdateDomain request for SageMaker Unified Studio domains with no VPC to add a customer
VPC.
* api-change:``ssm``: Provides NoLongerSupportedException error message
- from version 1.40.67
* api-change:``cloudfront``: This release adds new and updated API operations. You can now use the
IpAddressType field to specify either ipv4 or dualstack for your Anycast static IP list. You can
also enable cross-account resource sharing to share your VPC origins with other AWS accounts
* api-change:``datazone``: Added support for Project Resource Tags
* api-change:``ec2``: This release adds AvailabilityZoneId support for
DescribeFastSnapshotRestores, DisableFastSnapshotRestores, and EnableFastSnapshotRestores APIs.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``fsx``: Amazon FSx now enables secure management of Active Directory credentials
through AWS Secrets Manager integration. Customers can use Secret ARNs instead of direct
credentials when joining resources to Active Directory domains.
* api-change:``groundstation``: Introduce CreateDataflowEndpointGroupV2 action
* api-change:``s3``: Launch IPv6 dual-stack support for S3 Express
* api-change:``sagemaker``: Add new fields in SageMaker Hyperpod DescribeCluster API response:
TargetStateCount, SoftwareUpdateStatus and ActiveSoftwareDeploymentConfig to provide AMI update
progress visibility .
- from version 1.40.66
* api-change:``pinpoint-sms-voice-v2``: This release adds support for the CarrierLookup API, which
returns information about a destination phone number including if the number is valid, the carrier,
and more.
- from version 1.40.65
* api-change:``bedrock-agentcore-control``: Adds support for direct code deploy with
CreateAgentRuntime and UpdateAgentRuntime
* api-change:``budgets``: Fix the AWS Budgets endpoint for the aws-eusc partition.
* api-change:``ec2``: Add Amazon EC2 trn2.3xlarge instance type.
* api-change:``ecs``: Documentation-only update for LINEAR and CANARY deployment strategies.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``kinesis``: Adds support for MinimumThroughputBillingCommitment with new
UpdateAccountSettings API. Adds support to configure warm throughput for on-demand streams in new
UpdateStreamWarmThroughput API and existing CreateStream API and UpdateStreamMode API.
- from version 1.40.64
* api-change:``connectcases``: Added two new case rule types: Parent Child Field Options (restricts
child field options based on parent field value) and Hidden (controls child field visibility based
on parent field value). Both enable dynamic field behavior within templates.
* api-change:``ec2``: Amazon VPC IP Address Manager (IPAM) now supports automated prefix list
management, allowing you to create rules that automatically populate customer-managed prefix lists
with CIDRs from your IPAM pools or AWS resources based on tags, Regions, or other criteria.
* api-change:``emr``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``fms``: Update endpoint ruleset parameters casing
* api-change:``fsx``: Update endpoint ruleset parameters casing
* api-change:``health``: Update endpoint ruleset parameters casing
* api-change:``kinesis``: Update endpoint ruleset parameters casing
* api-change:``lambda``: Add Python3.14 (python3.14) and Java 25 (java25) support to AWS Lambda
* api-change:``logs``: Update endpoint ruleset parameters casing
* api-change:``marketplace-catalog``: Update endpoint ruleset parameters casing
* api-change:``mediaconvert``: Adds SlowPalPitchCorrection to audio pitch correction settings.
Enables opacity for VideoOverlays. Adds REMUX_ALL option to enable multi-rendition passthrough to
VideoSelector for allow listed accounts.
* api-change:``omics``: Added WDL_LENIENT engine type that enables implicit typecasting of variable
values to its compatible declared types
* api-change:``payment-cryptography``: Allow additional characters in the CertificateSubject for
GetCertificateSigningRequest API.
* api-change:``redshift``: Update endpoint ruleset parameters casing
* api-change:``resourcegroupstaggingapi``: Update endpoint ruleset parameters casing
* api-change:``sagemaker``: Allow update of platform identifier via UpdateNotebookInstance
operation.
* api-change:``savingsplans``: Add dual-stack endpoint support for Savings Plans
* api-change:``snowball``: Update endpoint ruleset parameters casing
* api-change:``ssm-quicksetup``: Update endpoint ruleset parameters casing
* api-change:``textract``: Update endpoint ruleset parameters casing
* api-change:``waf``: Update endpoint ruleset parameters casing
- from version 1.40.63
* api-change:``amp``: Add Anomaly Detection APIs for Amazon Managed Prometheus
* api-change:``apigateway``: Update endpoint ruleset parameters casing
* api-change:``appconfig``: Update endpoint ruleset parameters casing
* api-change:``appflow``: Update endpoint ruleset parameters casing
* api-change:``applicationcostprofiler``: Update endpoint ruleset parameters casing
* api-change:``appmesh``: Update endpoint ruleset parameters casing
* api-change:``appsync``: Update endpoint ruleset parameters casing
* api-change:``artifact``: Update endpoint ruleset parameters casing
* api-change:``auditmanager``: Update endpoint ruleset parameters casing
* api-change:``bedrock-agent``: Update endpoint ruleset parameters casing
* api-change:``bedrock-agentcore-control``: Web-Bot-Auth support for AgentCore Browser tool to help
reduce captcha challenges.
* api-change:``chime``: Update endpoint ruleset parameters casing
* api-change:``cleanrooms``: Added support for advanced Spark configurations to optimize SQL
performance
* api-change:``cloudcontrol``: Update endpoint ruleset parameters casing
* api-change:``clouddirectory``: Update endpoint ruleset parameters casing
* api-change:``cloudsearch``: Update endpoint ruleset parameters casing
* api-change:``cloudwatch``: Update endpoint ruleset parameters casing
* api-change:``codecatalyst``: Update endpoint ruleset parameters casing
* api-change:``codecommit``: Update endpoint ruleset parameters casing
* api-change:``codedeploy``: Update endpoint ruleset parameters casing
* api-change:``cognito-sync``: Update endpoint ruleset parameters casing
* api-change:``compute-optimizer``: Update endpoint ruleset parameters casing
* api-change:``connectcases``: Update endpoint ruleset parameters casing
* api-change:``deadline``: Update endpoint ruleset parameters casing
* api-change:``devops-guru``: Update endpoint ruleset parameters casing
* api-change:``docdb``: Adding FailoverState and TagList to GlobalCluster and SynchronizationStatus
to GlobalClusterMember.
* api-change:``ecs``: Amazon ECS Service Connect now supports Envoy access logs, providing deeper
observability into request-level traffic patterns and service interactions.
* api-change:``eks-auth``: Update endpoint ruleset parameters casing
* api-change:``elasticache``: Update endpoint ruleset parameters casing
* api-change:``emr-serverless``: This release adds the capability to enable User Background
Sessions for customers running Trusted Identity Propagation enabled Interactive Sessions on EMR
Serverless Applications.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``firehose``: Update endpoint ruleset parameters casing
* api-change:``frauddetector``: Update endpoint ruleset parameters casing
* api-change:``geo-places``: Update endpoint ruleset parameters casing
* api-change:``glue``: This release adds the capability to enable User Background Sessions for
customers running Trusted Identity Propagation enabled Interactive Sessions on AWS Glue.
* api-change:``greengrassv2``: Update endpoint ruleset parameters casing
* api-change:``iotevents-data``: Update endpoint ruleset parameters casing
* api-change:``iot-managed-integrations``: Add a new GetManagedThingCertificate API to expose Iot
ManagedIntegrations (MI) device certificate, and add "-" support for name, properties, actions
and events in the CapabilityReportCapability object.
* api-change:``keyspacesstreams``: Update endpoint ruleset parameters casing
* api-change:``kms``: Add cross account VPC endpoint service connectivity support to CustomKeyStore.
* api-change:``license-manager-linux-subscriptions``: Update endpoint ruleset parameters casing
* api-change:``marketplace-reporting``: Update endpoint ruleset parameters casing
* api-change:``neptune``: Update endpoint ruleset parameters casing
* api-change:``rtbfabric``: RTB Fabric documentation update.
* api-change:``s3outposts``: Update endpoint ruleset parameters casing
* api-change:``sagemaker-runtime``: Update endpoint ruleset parameters casing
* api-change:``schemas``: Update endpoint ruleset parameters casing
* api-change:``serverlessrepo``: Update endpoint ruleset parameters casing
* api-change:``servicecatalog``: Update endpoint ruleset parameters casing
* api-change:``sso``: Update endpoint ruleset parameters casing
* api-change:``sts``: Update endpoint ruleset parameters casing
- from version 1.40.62
* api-change:``bedrock-runtime``: Add support for system tool and web citation response.
- from version 1.40.61
* api-change:``apigatewayv2``: Update endpoint ruleset parameters casing
* api-change:``application-signals``: Added support for CloudWatch Synthetics Canary resources in
ListAuditFindings API. This enhancement allows customers to retrieve audit findings specifically
for CloudWatch Synthetics canaries and enables service-canary correlation analysis.
* api-change:``backupsearch``: Update endpoint ruleset parameters casing
* api-change:``bcm-pricing-calculator``: Update endpoint ruleset parameters casing
* api-change:``bedrock-agent-runtime``: Update endpoint ruleset parameters casing
* api-change:``bedrock-runtime``: Update endpoint ruleset parameters casing
* api-change:``cleanroomsml``: Update endpoint ruleset parameters casing
* api-change:clients: The following clients have been removed per deprecation of the services -
qldb, qldb-session, robomaker, lookoutmetrics, lookoutvision, iotfleethub, apptest
* api-change:``cloud9``: Update endpoint ruleset parameters casing
* api-change:``cloudsearchdomain``: Update endpoint ruleset parameters casing
* api-change:``codeconnections``: Update endpoint ruleset parameters casing
* api-change:``codeguru-security``: Update endpoint ruleset parameters casing
* api-change:``detective``: Update endpoint ruleset parameters casing
* api-change:``ec2``: This released the DescribeCapacityReservationTopology API.
* api-change:``ecs``: Amazon ECS supports native linear and canary service deployments, allowing
you to shift traffic in increments for more control.
* api-change:``efs``: Update endpoint ruleset parameters casing
* api-change:``elastictranscoder``: Update endpoint ruleset parameters casing
* api-change:``emr-containers``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``gameliftstreams``: Add stream group expiration date and expired status
* api-change:``glacier``: Update endpoint ruleset parameters casing
* api-change:``groundstation``: Enable use of AzEl ephemerides
* api-change:``inspector-scan``: Update endpoint ruleset parameters casing
* api-change:``kafkaconnect``: Update endpoint ruleset parameters casing
* api-change:``kendra``: Update endpoint ruleset parameters casing
* api-change:``kinesisvideo``: Update endpoint ruleset parameters casing
* api-change:``lambda``: Added SerializedRequestEntityTooLargeException to Lambda Invoke API
* api-change:``marketplace-deployment``: Update endpoint ruleset parameters casing
* api-change:``mediapackage-vod``: Update endpoint ruleset parameters casing
* api-change:``migrationhuborchestrator``: Update endpoint ruleset parameters casing
* api-change:``notifications``: Update endpoint ruleset parameters casing
* api-change:``opensearch``: Update endpoint ruleset parameters casing
* api-change:``organizations``: Added Account State field to the ListDelegatedAdministrators API
response.
* api-change:``partnercentral-selling``: Update endpoint ruleset parameters casing
* api-change:``pipes``: Update endpoint ruleset parameters casing
* api-change:``ram``: Update endpoint ruleset parameters casing
* api-change:``resource-groups``: Update endpoint ruleset parameters casing
* api-change:``s3``: Amazon Simple Storage Service / Features: Add conditional writes in CopyObject
on destination key to prevent unintended object modifications.
* api-change:``s3control``: Update endpoint ruleset parameters casing
* api-change:``sagemaker``: Amazon SageMaker now supports deleting training and processing jobs in
a terminal status.
* api-change:``sagemaker-featurestore-runtime``: Update endpoint ruleset parameters casing
* api-change:``security-ir``: Update endpoint ruleset parameters casing
* api-change:``servicecatalog-appregistry``: Update endpoint ruleset parameters casing
* api-change:``sqs``: Update endpoint ruleset parameters casing
* api-change:``support-app``: Update endpoint ruleset parameters casing
* api-change:``taxsettings``: Update endpoint ruleset parameters casing
* api-change:``trustedadvisor``: Update endpoint ruleset parameters casing
* api-change:``workspaces``: Added IPv6 address support for WorkSpaces using Dual-Stack subnets
* api-change:``workspaces-instances``: Update endpoint ruleset parameters casing
* api-change:``xray``: Update endpoint ruleset parameters casing
- from version 1.40.60
* api-change:``accessanalyzer``: Update endpoint ruleset parameters casing
* api-change:``aiops``: Update endpoint ruleset parameters casing
* api-change:``athena``: Update endpoint ruleset parameters casing
* api-change:``backup-gateway``: Update endpoint ruleset parameters casing
* api-change:``bedrock-data-automation``: Update endpoint ruleset parameters casing
* api-change:``braket``: Update endpoint ruleset parameters casing
* api-change:``ce``: Updated endpoint for eusc-de-east-1 region.
* api-change:``chime-sdk-identity``: Update endpoint ruleset parameters casing
* api-change:``chime-sdk-media-pipelines``: Update endpoint ruleset parameters casing
* api-change:``codeartifact``: Update endpoint ruleset parameters casing
* api-change:``codeguruprofiler``: Update endpoint ruleset parameters casing
* api-change:``cognito-idp``: Update endpoint ruleset parameters casing
* api-change:``comprehend``: Update endpoint ruleset parameters casing
* api-change:``connectcampaigns``: Update endpoint ruleset parameters casing
* api-change:``controltower``: Update endpoint ruleset parameters casing
* api-change:``cost-optimization-hub``: Update endpoint ruleset parameters casing
* api-change:``dax``: Update endpoint ruleset parameters casing
* api-change:``elasticbeanstalk``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``entityresolution``: Update endpoint ruleset parameters casing
* api-change:``forecast``: Update endpoint ruleset parameters casing
* api-change:``greengrass``: Update endpoint ruleset parameters casing
* api-change:``iam``: Fixed missing SummaryMap keys in GetAccountSummary response that were being
filtered out during deserialization in AWS Java SDK v2
* api-change:``invoicing``: Update endpoint ruleset parameters casing
* api-change:``kinesis``: Adds support for record sizes up to 10MiB and introduces new
UpdateMaxRecordSize API to modify stream record size limits. Adds record size parameters to
existing CreateStream and DescribeStreamSummary APIs for request and response payloads respectively.
* api-change:``launch-wizard``: Update endpoint ruleset parameters casing
* api-change:``lex-runtime``: Update endpoint ruleset parameters casing
* api-change:``managedblockchain``: Update endpoint ruleset parameters casing
* api-change:``mturk``: Update endpoint ruleset parameters casing
* api-change:``neptune-graph``: Update endpoint ruleset parameters casing
* api-change:``outposts``: Update endpoint ruleset parameters casing
* api-change:``pinpoint``: Update endpoint ruleset parameters casing
* api-change:``rbin``: Update endpoint ruleset parameters casing
* api-change:``rds-data``: Update endpoint ruleset parameters casing
* api-change:``redshift-serverless``: Update endpoint ruleset parameters casing
* api-change:``rekognition``: Update endpoint ruleset parameters casing
* api-change:``repostspace``: Update endpoint ruleset parameters casing
* api-change:``route53profiles``: Update endpoint ruleset parameters casing
* api-change:``route53resolver``: Update endpoint ruleset parameters casing
* api-change:``s3vectors``: Update endpoint ruleset parameters casing
* api-change:``scheduler``: Update endpoint ruleset parameters casing
* api-change:``secretsmanager``: Update endpoint ruleset parameters casing
* api-change:``ses``: Update endpoint ruleset parameters casing
* api-change:``shield``: Update endpoint ruleset parameters casing
* api-change:``simspaceweaver``: Update endpoint ruleset parameters casing
* api-change:``socialmessaging``: Update endpoint ruleset parameters casing
* api-change:``ssm-sap``: Update endpoint ruleset parameters casing
* api-change:``sso-admin``: Update endpoint ruleset parameters casing
* api-change:``stepfunctions``: Update endpoint ruleset parameters casing
* api-change:``waf-regional``: Update endpoint ruleset parameters casing
* api-change:``workmailmessageflow``: Update endpoint ruleset parameters casing
- from version 1.40.59
* api-change:``acm``: Update endpoint ruleset parameters casing
* api-change:``amplifyuibuilder``: Update endpoint ruleset parameters casing
* api-change:``application-signals``: Update endpoint ruleset parameters casing
* api-change:``billing``: Update endpoint ruleset parameters casing
* api-change:``budgets``: Update endpoint ruleset parameters casing
* api-change:``chime-sdk-messaging``: Update endpoint ruleset parameters casing
* api-change:``cloudtrail``: Update endpoint ruleset parameters casing
* api-change:``codepipeline``: Update endpoint ruleset parameters casing
* api-change:``datapipeline``: Update endpoint ruleset parameters casing
* api-change:``datazone``: This release adds support for MLflow connections Creation in DataZone
* api-change:``docdb``: Update endpoint ruleset parameters casing
* api-change:``dynamodbstreams``: Update endpoint ruleset parameters casing
* api-change:``eks``: Update endpoint ruleset parameters casing
* api-change:``elb``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``evs``: Update endpoint ruleset parameters casing
* api-change:``fis``: Update endpoint ruleset parameters casing
* api-change:``gameliftstreams``: Add status reasons for TERMINATED stream sessions
* api-change:``geo-maps``: Added support for optional AdditionalFeatures parameter in the V2
GetTile API.
* api-change:``inspector``: Update endpoint ruleset parameters casing
* api-change:``iot-managed-integrations``: Update endpoint ruleset parameters casing
* api-change:``iotwireless``: Update endpoint ruleset parameters casing
* api-change:``kinesisanalytics``: Update endpoint ruleset parameters casing
* api-change:``kinesis-video-signaling``: Update endpoint ruleset parameters casing
* api-change:``location``: Added support for mobile app restrictions in Amazon Location API keys.
* api-change:``lookoutvision``: Update endpoint ruleset parameters casing
* api-change:``mediapackage``: Update endpoint ruleset parameters casing
* api-change:``mediastore``: Update endpoint ruleset parameters casing
* api-change:``mediastore-data``: Update endpoint ruleset parameters casing
* api-change:``migrationhubstrategy``: Update endpoint ruleset parameters casing
* api-change:``mq``: Update endpoint ruleset parameters casing
* api-change:``panorama``: Update endpoint ruleset parameters casing
* api-change:``payment-cryptography``: Update endpoint ruleset parameters casing
* api-change:``payment-cryptography-data``: Update endpoint ruleset parameters casing
* api-change:``pca-connector-ad``: Update endpoint ruleset parameters casing
* api-change:``qbusiness``: Update endpoint ruleset parameters casing
* api-change:``robomaker``: Update endpoint ruleset parameters casing
* api-change:``route53domains``: Update endpoint ruleset parameters casing
* api-change:``rtbfabric``: Add support for custom rate limits.
* api-change:``s3tables``: Update endpoint ruleset parameters casing
* api-change:``sagemaker``: Added inference components model data caching feature
* api-change:``sagemaker-metrics``: Update endpoint ruleset parameters casing
* api-change:``securityhub``: Release 3 layer filter support in GetFindingsV2,
GetFindingStatisticsV2, GetResourcesV2,GetResourcesStatisticsV2, AutomationRule V2 APIs. Update
filter casing in GetResourcesV2, GetResourcesStatisticsV2 APIs. Add new filters in GetFindingsV2,
GetFindingStatisticsV2, AutomationRule V2 APIs.
* api-change:``servicediscovery``: Update endpoint ruleset parameters casing
* api-change:``snow-device-management``: Update endpoint ruleset parameters casing
* api-change:``sso-oidc``: Update endpoint ruleset parameters casing
* api-change:``supplychain``: Update endpoint ruleset parameters casing
* api-change:``translate``: Update endpoint ruleset parameters casing
* api-change:``verifiedpermissions``: Update endpoint ruleset parameters casing
* api-change:``vpc-lattice``: Update endpoint ruleset parameters casing
* api-change:``wisdom``: Update endpoint ruleset parameters casing
* api-change:``workspaces-thin-client``: Update endpoint ruleset parameters casing
- from version 1.40.58
* api-change:``account``: Update endpoint ruleset parameters casing
* api-change:``application-autoscaling``: Update endpoint ruleset parameters casing
* api-change:``bedrock-agentcore``: Fixing the service documentation name
* api-change:``bedrock-agentcore-control``: Fixing the service documentation name
* api-change:``chime-sdk-voice``: Update endpoint ruleset parameters casing
* api-change:``cloudtrail-data``: Update endpoint ruleset parameters casing
* api-change:``codebuild``: Update endpoint ruleset parameters casing
* api-change:``codestar-connections``: Update endpoint ruleset parameters casing
* api-change:``config``: Update endpoint ruleset parameters casing
* api-change:``connect-contact-lens``: Update endpoint ruleset parameters casing
* api-change:``cur``: Update endpoint ruleset parameters casing
* api-change:``discovery``: Update endpoint ruleset parameters casing
* api-change:``dms``: Update endpoint ruleset parameters casing
* api-change:``docdb-elastic``: Update endpoint ruleset parameters casing
* api-change:``drs``: Update endpoint ruleset parameters casing
* api-change:``dsql``: Add support for resource-based policies for Aurora DSQL clusters. This will
enable you to implement Block Public Access (BPA) which will help restrict access to your Aurora
DSQL public or VPC endpoints.
* api-change:``ebs``: Update endpoint ruleset parameters casing
* api-change:``ecr``: Update endpoint ruleset parameters casing
* api-change:``ecr-public``: Update endpoint ruleset parameters casing
* api-change:``healthlake``: Update endpoint ruleset parameters casing
* api-change:``internetmonitor``: Update endpoint ruleset parameters casing
* api-change:``iotevents``: Update endpoint ruleset parameters casing
* api-change:``iot-jobs-data``: Update endpoint ruleset parameters casing
* api-change:``kinesis-video-archived-media``: Update endpoint ruleset parameters casing
* api-change:``kinesis-video-webrtc-storage``: Update endpoint ruleset parameters casing
* api-change:``lambda``: Add NodeJs 24 (nodejs24.x) support to AWS Lambda.
* api-change:``macie2``: Update endpoint ruleset parameters casing
* api-change:``managedblockchain-query``: Update endpoint ruleset parameters casing
* api-change:``marketplacecommerceanalytics``: Update endpoint ruleset parameters casing
* api-change:``mediatailor``: Update endpoint ruleset parameters casing
* api-change:``mgh``: Update endpoint ruleset parameters casing
* api-change:``mgn``: Update endpoint ruleset parameters casing
* api-change:``mpa``: Update endpoint ruleset parameters casing
* api-change:``neptunedata``: Update endpoint ruleset parameters casing
* api-change:``networkmonitor``: Update endpoint ruleset parameters casing
* api-change:``odb``: Doc-only update that removes duplicate values from descriptions of ODB
peering APIs.
* api-change:``omics``: Update endpoint ruleset parameters casing
* api-change:``opensearchserverless``: Update endpoint ruleset parameters casing
* api-change:``pca-connector-scep``: Update endpoint ruleset parameters casing
* api-change:``personalize-events``: Update endpoint ruleset parameters casing
* api-change:``pinpoint-email``: Update endpoint ruleset parameters casing
* api-change:``resiliencehub``: Update endpoint ruleset parameters casing
* api-change:``rum``: Update endpoint ruleset parameters casing
* api-change:``sagemaker``: Update endpoint ruleset parameters casing
* api-change:``sagemaker-edge``: Update endpoint ruleset parameters casing
* api-change:``savingsplans``: Update endpoint ruleset parameters casing
* api-change:``securitylake``: Update endpoint ruleset parameters casing
* api-change:``sesv2``: Update endpoint ruleset parameters casing
* api-change:``storagegateway``: Update endpoint ruleset parameters casing
* api-change:``synthetics``: Update endpoint ruleset parameters casing
- from version 1.40.57
* api-change:``appfabric``: Update endpoint ruleset parameters casing
* api-change:``autoscaling``: Update endpoint ruleset parameters casing
* api-change:``b2bi``: Update endpoint ruleset parameters casing
* api-change:``bcm-dashboards``: Update endpoint ruleset parameters casing
* api-change:``ce``: Update endpoint ruleset parameters casing
* api-change:``chatbot``: Update endpoint ruleset parameters casing
* api-change:``cloudformation``: Update endpoint ruleset parameters casing
* api-change:``cloudhsm``: Update endpoint ruleset parameters casing
* api-change:``cloudhsmv2``: Update endpoint ruleset parameters casing
* api-change:``codeguru-reviewer``: Update endpoint ruleset parameters casing
* api-change:``cognito-identity``: Update endpoint ruleset parameters casing
* api-change:``comprehendmedical``: Update endpoint ruleset parameters casing
* api-change:``connect``: This release added support for email address alias configuration and
outbound campaign preview mode.
* api-change:``connectcampaignsv2``: Updated Amazon Connect Outbound Campaigns V2 SDK to support
Preview Outbound Mode
* api-change:``connectparticipant``: Update endpoint ruleset parameters casing
* api-change:``devicefarm``: This release adds support for optionally including an app as part of a
CreateRemoteAccessSession request
* api-change:``directconnect``: Update endpoint ruleset parameters casing
* api-change:``ds-data``: Update endpoint ruleset parameters casing
* api-change:``ec2``: This release adds AvailabilityZoneId support for CreateNetworkInterface and
DescribeNetworkInterfaces APIs.
* api-change:``ec2-instance-connect``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``forecastquery``: Update endpoint ruleset parameters casing
* api-change:``iam``: Updated OIDC and SAML apis to reject multiple simultaneous requests to change
a unique object.
* api-change:``inspector2``: Update endpoint ruleset parameters casing
* api-change:``iot``: Update endpoint ruleset parameters casing
* api-change:``iotanalytics``: Update endpoint ruleset parameters casing
* api-change:``iotfleetwise``: Update endpoint ruleset parameters casing
* api-change:``iotsecuretunneling``: Update endpoint ruleset parameters casing
* api-change:``iotsitewise``: Update endpoint ruleset parameters casing
* api-change:``ivschat``: Update endpoint ruleset parameters casing
* api-change:``kinesisanalyticsv2``: Update endpoint ruleset parameters casing
* api-change:``lexv2-models``: Update endpoint ruleset parameters casing
* api-change:``mailmanager``: Update endpoint ruleset parameters casing
* api-change:``marketplace-agreement``: Update endpoint ruleset parameters casing
* api-change:``medialive``: Add 3 API operations for fetching alerts: ListAlerts (Channels),
ListClusterAlerts (MediaLive Anywhere), and ListMultiplexAlerts
* api-change:``mwaa``: Update endpoint ruleset parameters casing
* api-change:``notificationscontacts``: Update endpoint ruleset parameters casing
* api-change:``oam``: Update endpoint ruleset parameters casing
* api-change:``pcs``: Update endpoint ruleset parameters casing
* api-change:``pinpoint-sms-voice-v2``: Update endpoint ruleset parameters casing
* api-change:``redshift-data``: Update endpoint ruleset parameters casing
* api-change:``route53``: Amazon Route 53 now supports the ISOB West Region for private DNS for
Amazon VPCs and cloudwatch healthchecks.
* api-change:``route53-recovery-cluster``: Update endpoint ruleset parameters casing
* api-change:``rtbfabric``: Update for general availability of AWS RTB Fabric service.
* api-change:``sagemaker-a2i-runtime``: Update endpoint ruleset parameters casing
* api-change:``sns``: Update endpoint ruleset parameters casing
* api-change:``ssm-incidents``: Update endpoint ruleset parameters casing
* api-change:``workdocs``: Update endpoint ruleset parameters casing
* api-change:``workmail``: Update endpoint ruleset parameters casing
* api-change:``workspaces``: Update endpoint ruleset parameters casing
- from version 1.40.56
* api-change:``dynamodb``: Add AccountID based endpoint metric to endpoint rules.
* api-change:``emr``: Added RECONFIGURING to the InstanceFleetState convenience enum.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``mediaconvert``: This release adds the ability to set resolution for the black video
generator and also adds the StartJobsQuery and GetJobsQueryResults APIs which allow asynchronous
search of job history using new filters.
* api-change:``meteringmarketplace``: Added ClientToken parameter to MeterUsage API for specifying
idempotent requests.
- from version 1.40.55
* api-change:``amp``: Update endpoint ruleset parameters casing
* api-change:``amplifybackend``: Update endpoint ruleset parameters casing
* api-change:``appconfigdata``: Update endpoint ruleset parameters casing
* api-change:``appintegrations``: Update endpoint ruleset parameters casing
* api-change:``application-insights``: Update endpoint ruleset parameters casing
* api-change:``arc-zonal-shift``: Update endpoint ruleset parameters casing
* api-change:``bcm-recommended-actions``: Update endpoint ruleset parameters casing
* api-change:``bedrock-data-automation-runtime``: Update endpoint ruleset parameters casing
* api-change:``chime-sdk-meetings``: Update endpoint ruleset parameters casing
* api-change:``cloudfront``: Update endpoint ruleset parameters casing
* api-change:``cloudfront-keyvaluestore``: Update endpoint ruleset parameters casing
* api-change:``codestar-notifications``: Update endpoint ruleset parameters casing
* api-change:``controlcatalog``: Update endpoint ruleset parameters casing
* api-change:``datasync``: Update endpoint ruleset parameters casing
* api-change:``ds``: Update endpoint ruleset parameters casing
* api-change:``dsql``: Update endpoint ruleset parameters casing
* api-change:``ec2``: Documentation updates for Amazon EC2.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``es``: Update endpoint ruleset parameters casing
* api-change:``events``: Update endpoint ruleset parameters casing
* api-change:``evidently``: Update endpoint ruleset parameters casing
* api-change:``finspace``: Update endpoint ruleset parameters casing
* api-change:``finspace-data``: Update endpoint ruleset parameters casing
* api-change:``gameliftstreams``: Updates documentation to clarify valid application binaries for
an Amazon GameLift Streams application and provide descriptions of stream session error status
reasons
* api-change:``geo-maps``: Added support for optional style parameters in maps, including Terrain,
ContourDensity, Traffic, and TravelModes.
* api-change:``imagebuilder``: Update endpoint ruleset parameters casing
* api-change:``iot-data``: Update endpoint ruleset parameters casing
* api-change:``iotdeviceadvisor``: Update endpoint ruleset parameters casing
* api-change:``iotthingsgraph``: Update endpoint ruleset parameters casing
* api-change:``iottwinmaker``: Update endpoint ruleset parameters casing
* api-change:``kendra-ranking``: Update endpoint ruleset parameters casing
* api-change:``kinesis-video-media``: Update endpoint ruleset parameters casing
* api-change:``lakeformation``: Update endpoint ruleset parameters casing
* api-change:``license-manager``: Update endpoint ruleset parameters casing
* api-change:``license-manager-user-subscriptions``: Update endpoint ruleset parameters casing
* api-change:``marketplace-catalog``: The ListEntities API now supports two new CAPI filters:
DeliveryOptionTypes for SaaS products and CompatibleAWSServices for Container products.
* api-change:``mediaconnect``: Update endpoint ruleset parameters casing
* api-change:``migration-hub-refactor-spaces``: Update endpoint ruleset parameters casing
* api-change:``network-firewall``: Update endpoint ruleset parameters casing
* api-change:``networkmanager``: Update endpoint ruleset parameters casing
* api-change:``organizations``: Update endpoint ruleset parameters casing
* api-change:``pi``: Update endpoint ruleset parameters casing
* api-change:``qapps``: Update endpoint ruleset parameters casing
* api-change:``rolesanywhere``: Update endpoint ruleset parameters casing
* api-change:``route53-recovery-readiness``: Update endpoint ruleset parameters casing
* api-change:``sagemaker-geospatial``: Update endpoint ruleset parameters casing
* api-change:``signer``: Update endpoint ruleset parameters casing
* api-change:``swf``: Releasing minor endpoint updates.
* api-change:``timestream-write``: Update endpoint ruleset parameters casing
* api-change:``tnb``: Update endpoint ruleset parameters casing
* api-change:``wellarchitected``: Update endpoint ruleset parameters casing
- from version 1.40.54
* api-change:``acm-pca``: Update endpoint ruleset parameters casing
* api-change:``amplify``: Update endpoint ruleset parameters casing
* api-change:``apigatewaymanagementapi``: Update endpoint ruleset parameters casing
* api-change:``apprunner``: Update endpoint ruleset parameters casing
* api-change:``apptest``: Update endpoint ruleset parameters casing
* api-change:``autoscaling-plans``: Updated FIPS endpoints for US GovCloud regions
* api-change:``batch``: Update endpoint ruleset parameters casing
* api-change:``bcm-data-exports``: Update endpoint ruleset parameters casing
* api-change:``billingconductor``: New feature: service flat CLI and first AWS managed pricing plan
(BasicPricingPlan)
* api-change:``customer-profiles``: Update endpoint ruleset parameters casing
* api-change:``databrew``: Update endpoint ruleset parameters casing
* api-change:``dataexchange``: Update endpoint ruleset parameters casing
* api-change:``dlm``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``freetier``: Update endpoint ruleset parameters casing
* api-change:``gamelift``: Update endpoint ruleset parameters casing
* api-change:``geo-routes``: Update endpoint ruleset parameters casing
* api-change:``globalaccelerator``: Update endpoint ruleset parameters casing
* api-change:``grafana``: Update endpoint ruleset parameters casing
* api-change:``identitystore``: Update endpoint ruleset parameters casing
* api-change:``ivs``: Update endpoint ruleset parameters casing
* api-change:``ivs-realtime``: Update endpoint ruleset parameters casing
* api-change:``kafka``: Update endpoint ruleset parameters casing
* api-change:``keyspaces``: Update endpoint ruleset parameters casing
* api-change:``kms``: Update endpoint ruleset parameters casing
* api-change:``lex-models``: Update endpoint ruleset parameters casing
* api-change:``lexv2-runtime``: Update endpoint ruleset parameters casing
* api-change:``lookoutequipment``: Update endpoint ruleset parameters casing
* api-change:``m2``: Update endpoint ruleset parameters casing
* api-change:``machinelearning``: Update endpoint ruleset parameters casing
* api-change:``marketplace-entitlement``: Update endpoint ruleset parameters casing
* api-change:``mediapackagev2``: Update endpoint ruleset parameters casing
* api-change:``medical-imaging``: Update endpoint ruleset parameters casing
* api-change:``memorydb``: Update endpoint ruleset parameters casing
* api-change:``migrationhub-config``: Update endpoint ruleset parameters casing
* api-change:``networkflowmonitor``: Update endpoint ruleset parameters casing
* api-change:``osis``: Update endpoint ruleset parameters casing
* api-change:``personalize``: Update endpoint ruleset parameters casing
* api-change:``personalize-runtime``: Update endpoint ruleset parameters casing
* api-change:``pinpoint-sms-voice``: Update endpoint ruleset parameters casing
* api-change:``polly``: Update endpoint ruleset parameters casing
* api-change:``pricing``: Update endpoint ruleset parameters casing
* api-change:``qldb``: Update endpoint ruleset parameters casing
* api-change:``qldb-session``: Update endpoint ruleset parameters casing
* api-change:``route53-recovery-control-config``: Update endpoint ruleset parameters casing
* api-change:``ssm``: Update endpoint ruleset parameters casing
* api-change:``ssm-contacts``: Update endpoint ruleset parameters casing
* api-change:``ssm-guiconnect``: Update endpoint ruleset parameters casing
* api-change:``timestream-query``: Update endpoint ruleset parameters casing
* api-change:``voice-id``: Update endpoint ruleset parameters casing
* api-change:``workspaces-web``: Update endpoint ruleset parameters casing
- from version 1.40.53
* api-change:``bedrock``: Amazon Bedrock Automated Reasoning Policy now offers enhanced AWS KMS
integration. The CreateAutomatedReasoningPolicy API includes a new kmsKeyId field, allowing
customers to specify their preferred KMS key for encryption, improving control and compliance with
AWS encryption mandates.
* api-change:``docdb``: Add support for NetworkType field in CreateDbCluster, ModifyDbCluster,
RestoreDbClusterFromSnapshot and RestoreDbClusterToPointInTime for DocumentDB.
* api-change:``ec2``: Introducing EC2 Capacity Manager for monitoring and analyzing capacity usage
across On-Demand Instances, Spot Instances, and Capacity Reservations.
* api-change:``elbv2``: This release expands Listener Rule Conditions to support RegexValues and
adds support for a new Transforms field in Listener Rules.
* api-change:``guardduty``: Added default pagination value for ListMalwareProtectionPlans API and
updated UpdateFindingsFeedback API
* api-change:``lightsail``: Add support for manage Lightsail Bucket CORS configuration
* api-change:``timestream-influxdb``: This release adds support for creating and managing InfluxDB
3 Core and Enterprise DbClusters.
- from version 1.40.52
* api-change:``appstream``: This release introduces support for Microsoft license included
applications streaming.
* api-change:``backup``: The AWS Backup job attribute extension enhancement helps customers better
understand the plan that initiated each job, and the properties of the resource each job creates.
* api-change:``connect``: SDK release for TaskTemplateInfo in Contact for DescribeContact response.
* api-change:``datazone``: Support creating scoped and trustedIdentityPropagation enabled
connections.
* api-change:``ec2``: This release adds support for creating instant, point-in-time copies of EBS
volumes within the same Availability Zone
* api-change:``transcribe``: Move UntagResource API body member to query parameter
* api-change:``transfer``: SFTP connectors now support routing connections via customers' VPC. This
enables connections to remote servers that are only accessible in a customer's VPC environment, and
to servers that are accessible over the internet but need connections coming from an IP address in
a customer VPC's CIDR range.
- from version 1.40.51
* api-change:``bedrock-agentcore``: Updated InvokeAgentRuntime API to accept account id optionally
and added CompleteResourceTokenAuth API.
* api-change:``bedrock-agentcore-control``: Updated http status code in control plane apis of
agentcore runtime, tools and identity. Additional included provider types for AgentCore Identity
* api-change:``ec2``: Release Amazon EC2 c8i, c8i-flex, m8a, and r8gb
* api-change:``observabilityadmin``: CloudWatch Observability Admin adds the ability to enable
Resource tags for telemetry in a customer account. The release introduces new APIs to enable,
disable and describe the status of Resource tags for telemetry feature. This new capability
simplifies monitoring AWS resources using tags.
- python-pyOpenSSL
-
- CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808)
Add patch CVE-2026-27459.patch
- CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804)
Add patch CVE-2026-27448.patch
- python-s3transfer
-
- Update to version 0.16.0
* feature:``awscrt``: ``CRTTransferManager`` now supports the following
``TransferConfig`` options - ``multipart_threshold``, ``multipart_chunksize``,
``max_request_concurrency``
- Update to version 0.15.0
* feature:``CopyPartTask``: Validate ETag of stored object during multipart copies
- qemu
-
- Bug and CVE fixes:
* cryptodev-builtin: Limit the maximum size (bsc#1255400, CVE-2025-14876)
* hw/virtio/virtio-crypto: verify asym request size (bsc#1255400, CVE-2025-14876)
* hw/i386/kvm: fix PIRQ bounds check in xen_physdev_map_pirq() (bsc#1256484, CVE-2026-0665)
- More spec file cleanup:
* [openSUSE][RPM} spec: delete old specfile constructs
- We *always* want a display driver in x86 too:
* [openSUSE][RPM] spec: require qemu-hw-display-virtio-gpu-pci for x86 too
- release-notes-sles
-
- 15.6.20260227 (tracked in bsc#933411)
- Added libstoragemgmt update note (jsc#PED-7948)
- Added note about kdump maxcpus change (bsc#1218180)
- Added note about KubeVirt support (bsc#1219730)
- Added list of cgroup attributes that are deprecated (bsc#1220963)
- Added PostgreSQL 16 note (jsc#DOCTEAM-1502)
- Added note about firewalld (jsc#PED-13827)
- Added note about unsupported clang and llvm17 (jsc#DOCTEAM-1402)
- Updated kernel limits (bsc#1256789)
- shim
-
- Add Microsoft-signed 16.1 shim
- shim.spec: Temporarily disable nx-shim
- We still need time to test nx (non-executable) shim and develop
the script for delivery. We will not support nx-shim on all Leap
and SLE distros because the function should also be supported by
grub2 and kernel.
- shim.spec: Remove the reproducibility check for the shim binary
- The binutils on Leap 15.6 and SLE-15-SP3 has been upgraded to 2.45
when we are waiting shim-review and Microsoft signing. It causes
that the shim binary is NOT reproducible on build services.
- We just direct use the Microsoft signed-back shim binaries
because we build this binary before and have the logs to prove it.
Before we find a good approach to save/restore the build service
environment, let’s directly use the Microsoft signed-back shim for
delivery.
- Certificates: Add Microsoft UEFI CA files to the target certificates
array in pretrans script.
- Certificates: Convert the SUSE certificates from PEM to DER format
- timestamp.pl: fix the size of checksum in PE Optional Header
- shim.spec: Workaround the string comparison issue in elif directive
- shim.spec: Specify the certificate format in openssl commands
- shim.spec: Use io.open instead of pcall rpm.open in pretrans lua script
- Add a pretrans script to verify that the UEFI db should have the
necessary certificate to allow the shim binary to boot. The installation
will be aborted if the db is missing the target certificate. To proceed,
the user must enroll the target certificate in the db or disable UEFI
Secure Boot.
- Update to 16.1
- Patches (git log --oneline --reverse 16.0..16.1)
4040ec4 shim_start_image(): fix guid/handle pairing when uninstalling protocols
39c0aa1 str2ip6(): parsing of "uncompressed" ipv6 addresses
3133d19 test-mock-variables: make our filter list entries safer.
d44405e mock-variables: remove unused variable
0e8459f Update CI to use ubuntu-24.04 instead of ubuntu-20.04
d16a5a6 SbatLevel_Variable.txt: minor typo fix.
32804cf Realloc() needs one more byte for sprintf()
431d370 IPv6: Add more check to avoid multiple double colon and illegal char
5e4d93c Loader Proto: make freeing of bprop.buffer conditional.
33deac2 Prepare to move things from shim.c to verify.c
030e7df Move a bunch of stuff from shim.c to verify.c
f3ddda7 handle_image(): make verification conditional
774f226 Cache sections of a loaded image and sub-images from them.
eb0d20b loader-protocol: handle sub-section loading for UKIs
2f64bb9 loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages
1abc7ca loader-protocol: NULL output variable in load_image on failure
fb77b44 Generate Authenticode for the entire PE file
b86b909 README: mention new loader protocol and interaction with UKIs
8522612 ci: add mkosi configuration and CI
9ebab84 mkosi workflow: fix the branch name for main.
72a4c41 shim: change automatically enable MOK_POLICY_REQUIRE_NX
a2f0dfa This is an organizational patch to move some things around in mok.c
54b9946 Update to the shim-16.1 branch of gnu-efi to get AsciiSPrint()
a5a6922 get_max_var_sz(): add more debugging for apple platforms
77a2922 Add a "VariableInfo" variable to mok-variables.
efc71c9 build: Avoid passing *FLAGS to sub-make
7670932 Fixes for 'make TOPDIR=... clean'
13ab598 add SbatLevel entry 2025051000 for PSA-2025-00012-1
617aed5 Update version to 16.1~rc1
d316ba8 format_variable_info(): fix wrong size test.
f5fad0e _do_sha256_sum(): Fix missing error check.
3a9734d doc: add howto for running mkosi locally
ced5f71 mkosi: remove spurious slashes from script
0076155 ci: update mkosi commit
5481105 fix http boot
121cddf loader-protocol: Handle UnloadImage after StartImage properly
6a1d1a9 loader-protocol: Fix memory leaks
27a5d22 gitignore: add more mkosi dirs and vscode dir
346ed15 mkosi: disable repository key check on Fedora
afc4955 Update version to 16.1
- 16.1 release note https://github.com/rhboot/shim/releases
shim_start_image(): fix guid/handle pairing when uninstalling protocols by @vathpela in #738
Fix uncompressed ipv6 netboot by @hrvach in #742
fix test segfaults caused by uninitialized memory by @Fabian-Gruenbichler in #739
Update CI to use ubuntu-24.04 instead of ubuntu-20.04 by @vathpela in #749
SbatLevel_Variable.txt: minor typo fix. by @vathpela in #751
Realloc() needs to allocate one more byte for sprintf() by @dennis-tseng99 in #746
IPv6: Add more check to avoid multiple double colon and illegal char by @dennis-tseng99 in #753
Loader proto v2 by @vathpela in #748
loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages by @bluca in #750
Generate Authenticode for the entire PE file by @esnowberg in #604
README: mention new loader protocol and interaction with UKIs by @bluca in #755
ci: add mkosi configuration and CI by @bluca in #764
shim: change automatically enable MOK_POLICY_REQUIRE_NX by @vathpela in #761
Save var info by @vathpela in #763
build: Avoid passing *FLAGS to sub-make by @rosslagerwall in #758
Fixes for 'make TOPDIR=... clean' by @bluca in #762
add SbatLevel entry 2025051000 for PSA-2025-00012-1 by @Fabian-Gruenbichler in #766
Coverity fixes 20250804 by @vathpela in #767
ci: fixlets and docs for mkosi workflow by @bluca in #768
fix http boot by @jsetje in #770
Fix double free and leak in the loader protocol by @rosslagerwall in #769
gitignore: add more mkosi dirs and vscode dir by @bluca in #771
- Drop upstreamed patch:
The following patches are merged to 16.1
- shim-alloc-one-more-byte-for-sprintf.patch
- 32804cf5d9 Realloc() needs one more byte for sprintf() [16.1]
- shim-change-automatically-enable-MOK_POLICY_REQUIRE_NX.patch
- 72a4c41877 shim: change automatically enable MOK_POLICY_REQUIRE_NX [16.1]
- Building with the latest version of gcc in the codebase:
- We prefer that building shim with the latest version of gcc in
codebase.
- Set the minimum version is gcc-13.
if gcc_version < 13
define gcc_version 13
endif
(bsc#1247432)
- SLE shim should includes vendor-dbx-sles.esl instead of
vendor-dbx-opensuse.esl. Fixed it in shim.spec.
verify='SUSE Linux Enterprise Secure Boot CA1'
- vendor_dbx='vendor-dbx-opensuse.esl'
+ vendor_dbx='vendor-dbx-sles.esl'
- Using gcc12 for building shim/shim-nx
- The gcc12 can workaround dxe_get_mem_attrs() hsi_status problem
- Add the following changes to shim.spec :
define gcc_version 12
global cc_compiler /usr/bin/gcc-%{gcc_version}
BuildRequires gcc%{gcc_version}
make CC=%{cc_compiler} RELEASE=0
- Remove shim-disable-dxe-get-mem-attrs.patch
- This downstream patch can be removed after moving to gcc12
(bsc#1247432)
- Add shim-disable-dxe-get-mem-attrs.patch
- On old edk2-stable202308 ovmf, running dxe_get_mem_attrs() causes
get_hsi_mem_info() confusion on hsi_status. It looks that hsi_status
has a copy after running dxe_get_mem_attrs(). Those elements in
hsi_nx_is_enforced(), HEAPX|STACKX|ROW can NOT set into hsi_status.
Let's disabling the approach of DXE get memory attributes until
we found the root cause.
(bsc#1247432)
- Building out shim.nx.efi for supporting non-executable
- Building additional shim with POST_PROCESS_PE_FLAGS=-n to set
the PE NX-compatibility DLL. (NxCompatible field in DllCharacteristics)
- Packaging shim.nx.efi to shim-nx RPM.
- Add MS signatures for shim.nx
- signature-opensuse-nx.x86_64.asc
signature-sles-nx.x86_64.asc
signature-opensuse-nx.aarch64.asc
signature-sles-nx.aarch64.asc
- We direc copy signatures of shim for shim.nx before we got
signatures from Microsoft.
- Building MokManager.efi and fallback.efi with POST_PROCESS_PE_FLAGS=-n
(bsc#1205588)
Factory: Fri Jul 25 05:44:51 UTC 2025 - Joey Lee <jlee@suse.com>
- Add shim-change-automatically-enable-MOK_POLICY_REQUIRE_NX.patch
- shim: change automatically enable MOK_POLICY_REQUIRE_NX (PR #761)
(bsc#1205588)
Factory: Wed May 28 03:37:04 UTC 2025 - Tseng <dennis.tseng@suse.com>
- add revoked-openSUSE-UEFI-SIGN-Certificate-2022-06.crt into dbx
- build shim with EKU enable flag (ENABLE_CODESIGN_EKU)
Factory: Tue May 6 06:19:02 UTC 2025 - Dennis <dennis.tseng@suse.com>
- Update to version 16.0
- https://github.com/rhboot/shim/releases/download/16.0/shim-16.0.tar.bz2
- remove shim-bsc1177315-verify-eku-codesign.patch
remove it because shim github upstream has accepted it (PR #664)
- add revoked-SLES-UEFI-SIGN-Certificate-2022-05.crt to revoked certificates for dbx
SLES-UEFI-SIGN-Certificate-20220525.crt can be blacklisted,
and can be added to the vendor dbx.
- add shim-alloc-one-more-byte-for-sprintf.patch (bsc#1240871)
The codes already submitted to git upstream (PR #746)
In generate_sbat_var_defs.c, realloc() should allocate one more byte for
the end of string '\0' when running sprintf() later.
- Patches (git log --oneline --reverse 15.8..16.0)
126a07e Validate that a supplied vendor cert is not in PEM format
63edf92 sbat: Add grub.peimage,2 to latest (CVE-2024-2312)
3e1394e sbat: Also bump latest for grub,4 (and to todays date)
470a8cd undo change that limits certificate files to a single file
0287c6b shim: don't set second_stage to the empty string
3685b13 Fix SBAT.md for today's consensus about numbers
dc07432 Realize the suggestions as part of PR #672
e064e7d Update Code of Conduct contact address
e68f4ca make-certs: Handle missing OpenSSL installation
74a1f29 Update MokVars.txt - Update documented mirrored variable attributes from RT to BS,RT - Add missing MokSBStateRT - Clarify that MokIgnoreDB is a mirror of MokDBState - Add missing attributes for MokPWStore
f6674fe export DEFINES for sub makefile
47bbb5e Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition
338fded Null-terminate 'arguments' in fallback
3d1dcd4 Fix "Verifiying" typo in error message
b5d359a CI: use checkout@v4
1d8365f CI: work around ownership issue on github
20094ca Update fedora CI targets
3cf0e09 Force gcc to produce DWARF4 so that gdb can use it
5f54182 includes: work around CLANG_PREREQ() double-definition
ab06527 Makefile: don't warn about clang when building compile_commands.json
0c9249d Suppress some warnings even harder in Cryptlib and OpenSSL.
fd7e16f Add building compile_commands.json to CI
314aecf Discard load-options that start with WINDOWS
ac85ba4 Fix the issue that the gBS->LoadImage pointer was empty.
d8c86b7 shim: Allow data after the end of device path node in load options
d197220 Backport EFI_HTTP_ERROR status code
6410312 netboot: Convert TFTP error codes to EFI status codes
ef8e729 httpboot: Convert HTTP status codes to EFI status codes
2a1cbe6 Update gnu-efi submodule for EFI_HTTP_ERROR
196cbb9 Increase EFI file alignment
ad8692e avoid EFIv2 runtime services on Apple x86 machines
0345331 Improve shortcut performance when comparing two boolean expressions
27562ea Fix bad reference to PathName in image loading
1508ece Move is_removable_media_path() to a shared location.
7864c10 Provide better error message when MokManager is not found
3e60895 tpm: Boot with a warning if the event log is full
b560c52 MokManager: remove redundant logical constraints
9229e7c Make mock_set_variable() correctly account for resource usage.
f7e1d72 tests: make it possible to use different limits for variable space
67efdfc test-mok-mirror: refactor the validation of test_mok_mirror_0
70366a2 test-mok-mirror: add a test case where MokListRT won't fit.
3caa75e test-mok-mirror: minor bug fix
dc45aa6 lib/simple_file.c: Allocate zeroed pool for SimpleFS entries
9415d3c simple_file: Allow to form a volume name from DevicePath
d6076cb simple_file: Use second variable to create filesystem entries
f99749a Ignore a minor clang-tidy nit
98173f0 Fall back to default loader when encountering errors on network boot
e42c319 test.mk: don't use a temporary random.bin
c66c157 pe: Enhance debug report for update_mem_attrs
1125212 Fix leak in error path
2daf1db Load concatenated EFI_SIGNATURE_LISTs from shim_certificate.efi
eeca60a Update SbatLevel_Variable.txt with peimage CVE-2024-2312 revocation
743f3fa Add generate_sbat_var_defs utility program
5ae408a Generate and use generated_sbat_var_defs.h
e886fb3 SbatLevel_Variable.txt: clarify where and how revocation data is tracked
15c1a9a Implement the CodeSign EKU check to fulfill the requirements of NIAP OS_PP.
eb02afc Optionally enabling codesign EKU check in compiling time.
7ae0ee6 Add docs for ENABLE_CODESIGN_EKU
38dfa37 Create utils file
83850cd Add configuration option to boot an alternative 2nd stage
bb114a3 Implement shim image load protocol
e7b3598 Move some stuff around
0322e10 Implement the rest of the loader protocol functions
e43aea8 Add EFI_LOAD_FILE2_PROTOCOL to gnu-efi
2bff460 loader-proto: Add support for loading files from disk to LoadImage()
5d17278 loader-proto: Mark load_image()'s handle_image() call as "in_protocol"
fe2ad36 Don't print full screen error dialog from handle_image() when called in_protocol
c57af36 loader-proto: Respect optional DevicePath parameter to load_image()
2b49dc1 Suppress file open failures for some netboot cases
3c3295d netboot: process revocations.efi as revocations not shim_certificate
c66ce2a Allow indepdent SkuSi and SBAT revocation updates
6b8e40c netboot can try to load shim_certificate_[0..9].efi
301cf52 Document how revocations can be delivered
7cde2cc post-process-pe: add tests to validate NX compliance
1294b47 regression: out of bounds read in CopyMem() in ad8692e
765f294 compiler.h: minor ALIGN_... fixes
5c1e6e4 Move error logging decls out of shim.h
d972515 Save the debug and error logs in mok-variables
e3f0338 Silence minor nit in load-options parsing debug output
3d7c057 get_mem_attrs(): ensure an error code is set on failure
49db3de mok: add MOK_VARIABLE_CONFIG_ONLY
887c0ed mok variables: add a format callback
e4857b4 Make test-mok-error failures *slightly* more clear.
589c3f2 Move memory attribute support to its own file.
848667d shim: add HSIStatus feature
e136e64 mock-variables: fix debugging printf format specifier oopsie
f0958ba test-mock-variables: improve some debug prints
b216543 Move mok state variable data flag definitions to the header.
fc0cfac Mirror some more efi variables to mok-variables
eeda3fa gnu-efi: add some DXE services.
c41b1f0 Add support for DXE memory attribute updates.
9269e9b Add DXE Services information to HSI
c868d54 hexdump: give a different debug log for size==0
1baf1ef HSI: Add decode_hsi_bits() for easier reading of the debug log
3bce118 pe: read_header(): allow skipping SecDir content validation
89e6150 Add shim's current NX_COMPAT status to HSIStatus
c5c5287 peimage.h: minor whitespace fixes
5007d83 peimage: add a bunch of comments to read_header()
489af5e README.tpm: reflect that vendor_db is in fact logged as "vendor_db"
1958b0f reject message with different values in multiple Content-Length header field
9c423e0 Some save_logs() improvements.
81d40e3 Disable log saving for now.
498b149 fallback: don't add new boot order entries backwards
06d8dec makefiles: Make GITTAG swizzle tildes to dashes
f02b2c1 make-archive: some minor housekeeping
794d237 Update version to 16.0~rc1
d45c610 SetSecureVariable(): free Cert on failure
76fab7b generate_sbat_var_defs: run clang-format on readfile()
6dadb70 generate_sbat_var_defs: Fix memory leak on realloc failure and fd leak.
f58c77e generate_sbat_var_defs: Ensure revlistentry->revocations is initialized.
b427a34 mirror_mok_db(): get rid of an unused variable+allocation
92630f2 mirror_one_mok_variable(): fix a memory leak on TPM log error.
38f0a9c mirror_mok_db(): Free our mok variable name correctly
db04321 shim_load_image(): initialize the buffer fully
7b75382 simple_dir_filter(): test our 'next' pointer
db1f1da Make 'make fanalyzer' work again.
28d8871 README.tpm: Update MokList entry to MokListRT
8932527 SBAT Level update for February 2025 GRUB CVEs
18d98bf Update version to 16.0
Factory: Tue Jun 25 04:12:39 UTC 2024 - Dennis Tseng <dennis.tseng@suse.com>
- Update asc files of shim-15.8 after being signed back from
Microsoft, including:
signature-opensuse.x86_64.asc,
signature-opensuse.aarch64.asc
- asc files of shim-15.8 for sles is already updated on Apr 18, 2024
signature-sles.x86_64.asc,
signature-sles.aarch64.asc.
Factory: Mon Feb 26 13:09:29 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Use %autosetup macro. Allows to eliminate the usage of deprecated
PatchN.
Factory: Sat Feb 17 07:51:01 UTC 2024 - Joey Lee <jlee@suse.com>
- Modified shim.spec file to add suffix string of project to filename
of included certificates. e.g.
rpm -pql shim-15.8-lp155.6.1.x86_64.rpm
/etc/uefi
/etc/uefi/certs
/etc/uefi/certs/2B697CB1-shim-devel.crt
/etc/uefi/certs/4659838C-shim-opensuse.crt
/etc/uefi/certs/BCA4E38E-shim-sles.crt
The original name of crt files are:
/etc/uefi/certs/2B697CB1-shim.crt
/etc/uefi/certs/4659838C-shim.crt
/etc/uefi/certs/BCA4E38E-shim.crt
It can indicate the souce project of certificates.
- sudo
-
- CVE-2026-35535: potential privilege escalation when running
the mailer (bsc#1261420)
* fix-CVE-2026-35535.patch
- suse-module-tools
-
- Update to version 15.6.14:
* 80-hotplug-cpu-mem.rules: remount tmpfs on "online" uevents
(bsc#1254264)
* udev: use systemd service to remount tmpfs (bsc#1253679)
- suseconnect-ng
-
- Update version to 1.21.1:
- Fix nil token handling (bsc#1261155)
- Switch to using go1.24-openssl as the default Go version to
install to support building the package (jsc#SCC-585).
- Update version to 1.21:
- Add expanded metric collection for kernel modules and hardware
detection (jsc#TEL-226).
- Support new profile based metric collection
- Fix ignored --root parameter hanbling when reading and
writing configuration (bsc#1257667)
- Add expanded metric collection for system vendor/manfacturer
(jsc#TEL-260).
- Removed backport patch: fix-libsuseconnect-and-pci.patch
- Add missing product id to allow yast2-registration to not break (bsc#1257825)
- Fix libsuseconnect APIError detection logic (bsc#1257825)
- Regressions found during QA test runs:
- Ignore product in announce call (bsc#1257490)
- Registration to SMT server with failed (bsc#1257625)
- Backported by PATCH: fix-libsuseconnect-and-pci.patch
- Update version to 1.20:
- Update error message for Public Cloud instances with registercloudguest
installed. SUSEConnect -d is disabled on PYAG and BYOS when the
registercloudguest command is available. (bsc#1230861)
- Enhanced SAP detected. Take TREX into account and remove empty values when
only /usr/sap but no installation exists (bsc#1241002)
- Fixed modules and extension link to point to version less documentation. (bsc#1239439)
- Fixed SAP instance detection (bsc#1244550)
- Remove link to extensions documentation (bsc#1239439)
- Migrate to the public library
- Version 1.14 public library release
This version is only available on Github as a tag to release the
new golang public library which can be consumed without the need
to interface with SUSEConnect directly.
- syslogd
-
- Drop last sysvinit Requirement/Provide (PED-13698)
- tar
-
- Fix bsc#1246399 / CVE-2025-45582.
- Add patch:
* CVE-2025-45582.patch
- vim
-
- Fix bsc#1261191 / CVE-2026-34714.
- Fix bsc#1261271 / CVE-2026-34982.
- Fix bsc#1259985 / CVE-2026-33412.
- Update to 9.2.0280:
* patch 9.2.0280: [security]: path traversal issue in zip.vim
* patch 9.2.0279: terminal: out-of-bounds write with overlong CSI argument list
* patch 9.2.0278: viminfo: heap buffer overflow when reading viminfo file
* patch 9.2.0277: tests: test_modeline.vim fails
* patch 9.2.0276: [security]: modeline security bypass
* patch 9.2.0275: tests: test_options.vim fails
* patch 9.2.0274: BSU/ESU are output directly to the terminal
* patch 9.2.0273: tabpanel: undefined behaviour with large tabpanelop columns
* patch 9.2.0272: [security]: 'tabpanel' can be set in a modeline
* patch 9.2.0271: buffer underflow in vim_fgets()
* patch 9.2.0270: test: trailing spaces used in tests
* patch 9.2.0269: configure: Link error on Solaris
* patch 9.2.0268: memory leak in call_oc_method()
* patch 9.2.0267: 'autowrite' not triggered for :term
* patch 9.2.0266: typeahead buffer overflow during mouse drag event
* patch 9.2.0265: unnecessary restrictions for defining dictionary function names
* patch 9.2.0264: Cannot disable kitty keyboard protocol in vim :terminal
* patch 9.2.0263: hlset() cannot handle attributes with spaces
* patch 9.2.0262: invalid lnum when pasting text copied blockwise
* patch 9.2.0261: terminal: redraws are slow
* patch 9.2.0260: statusline not redrawn after closing a popup window
* patch 9.2.0259: tabpanel: corrupted display during scrolling causing flicker
* patch 9.2.0258: memory leak in add_mark()
* patch 9.2.0257: unnecessary memory allocation in set_callback()
* patch 9.2.0256: visual selection size not shown in showcmd during test
* patch 9.2.0255: tests: Test_popup_opacity_vsplit() fails in a wide terminal
* patch 9.2.0254: w_locked can be bypassed when setting recursively
* patch 9.2.0253: various issues with wrong b_nwindows after closing buffers
* patch 9.2.0252: Crash when ending Visual mode after curbuf was unloaded
* patch 9.2.0251: Link error when building without channel feature
* patch 9.2.0250: system() does not support bypassing the shell
* patch 9.2.0249: clipboard: provider reacts to autoselect feature
* patch 9.2.0248: json_decode() is not strict enough
* patch 9.2.0247: popup: popups may not wrap as expected
* patch 9.2.0246: memory leak in globpath()
* patch 9.2.0245: xxd: color output detection is broken
* patch 9.2.0244: memory leak in eval8()
* patch 9.2.0243: memory leak in change_indent()
* patch 9.2.0242: memory leak in check_for_cryptkey()
* patch 9.2.0241: tests: Test_visual_block_hl_with_autosel() is flaky
* patch 9.2.0240: syn_name2id() is slow due to linear search
* patch 9.2.0239: signcolumn may cause flicker
* patch 9.2.0238: showmode message may not be displayed
* patch 9.2.0237: filetype: ObjectScript routines are not recognized
* patch 9.2.0236: stack-overflow with deeply nested data in json_encode/decode()
* patch 9.2.0235: filetype: wks files are not recognized.
* patch 9.2.0234: test: Test_close_handle() is flaky
* patch 9.2.0233: Compiler warning in strings.c
* patch 9.2.0232: fileinfo not shown after :bd of last listed buffer
* patch 9.2.0231: Amiga: Link error for missing HAVE_LOCALE_H
* patch 9.2.0230: popup: opacity not working accross vert splits
* patch 9.2.0229: keypad keys may overwrite keycode for another key
* patch 9.2.0228: still possible flicker
* patch 9.2.0227: MS-Windows: CSI sequences may be written to screen
* patch 9.2.0226: No 'incsearch' highlighting support for :uniq
* patch 9.2.0225: runtime(compiler): No compiler plugin for just
* patch 9.2.0224: channel: 2 issues with out/err callbacks
* patch 9.2.0223: Option handling for key:value suboptions is limited
* patch 9.2.0222: "zb" scrolls incorrectly with cursor on fold
* patch 9.2.0221: Visual selection drawn incorrectly with "autoselect"
* patch 9.2.0220: MS-Windows: some defined cannot be set on Cygwin/Mingw
* patch 9.2.0219: call stack can be corrupted
* patch 9.2.0218: visual selection highlighting in X11 GUI is wrong.
* patch 9.2.0217: filetype: cto files are not recognized
* patch 9.2.0216: MS-Windows: Rendering artifacts with DirectX
* patch 9.2.0215: MS-Windows: several tests fail in the Windows CUI.
* patch 9.2.0214: tests: Test_gui_system_term_scroll() is flaky
* patch 9.2.0213: Crash when using a partial or lambda as a clipboard provider
* patch 9.2.0212: MS-Windows: version packing may overflow
* patch 9.2.0211: possible crash when setting 'winhighlight'
* patch 9.2.0210: tests: Test_xxd tests are failing
* patch 9.2.0209: freeze during wildmenu completion
* patch 9.2.0208: MS-Windows: excessive scroll-behaviour with go+=!
* patch 9.2.0207: MS-Windows: freeze on second :hardcopy
* patch 9.2.0206: MS-Window: stripping all CSI sequences
* patch 9.2.0205: xxd: Cannot NUL terminate the C include file style
* patch 9.2.0204: filetype: cps files are not recognized
* patch 9.2.0203: Patch v9.2.0185 was wrong
* patch 9.2.0202: [security]: command injection via newline in glob()
* patch 9.2.0201: filetype: Wireguard config files not recognized
* patch 9.2.0200: term: DECRQM codes are sent too early
* patch 9.2.0199: tests: test_startup.vim fails
* patch 9.2.0198: cscope: can escape from restricted mode
* patch 9.2.0197: tabpanel: frame width not updated for existing tab pages
* patch 9.2.0196: textprop: negative IDs and can cause a crash
* patch 9.2.0195: CI: test-suite gets killed for taking too long
* patch 9.2.0194: tests: test_startup.vim leaves temp.txt around
* patch 9.2.0193: using copy_option_part() can be improved
* patch 9.2.0192: not correctly recognizing raw key codes
* patch 9.2.0191: Not possible to know if Vim was compiled with Android support
* patch 9.2.0190: Status line height mismatch in vertical splits
* patch 9.2.0189: MS-Windows: opacity popups flicker during redraw in the console
* patch 9.2.0188: Can set environment variables in restricted mode
* patch 9.2.0187: MS-Windows: rendering artifacts with DirectX renderer
* patch 9.2.0186: heap buffer overflow with long generic function name
* patch 9.2.0185: buffer overflow when redrawing custom tabline
* patch 9.2.0184: MS-Windows: screen flicker with termguicolors and visualbell
* patch 9.2.0183: channel: using deprecated networking APIs
* patch 9.2.0182: autocmds may leave windows with w_locked set
* patch 9.2.0181: line('w0') moves cursor in terminal-normal mode
* patch 9.2.0180: possible crash with winminheight=0
* patch 9.2.0179: MS-Windows: Compiler warning for converting from size_t to int
* patch 9.2.0178: DEC mode requests are sent even when not in raw mode
* patch 9.2.0177: Vim9: Can set environment variables in restricted mode
* patch 9.2.0176: external diff is allowed in restricted mode
* patch 9.2.0175: No tests for what v9.2.0141 and v9.2.0156 fixes
* patch 9.2.0174: diff: inline word-diffs can be fragmented
* patch 9.2.0173: tests: Test_balloon_eval_term_visual is flaky
* patch 9.2.0172: Missing semicolon in os_mac_conv.c
* patch 9.2.0171: MS-Windows: version detection is deprecated
* patch 9.2.0170: channel: some issues in ch_listen()
* patch 9.2.0169: assertion failure in syn_id2attr()
* patch 9.2.0168: invalid pointer casting in string_convert() arguments
* patch 9.2.0167: terminal: setting buftype=terminal may cause a crash
* patch 9.2.0166: Coverity warning for potential NULL dereference
* patch 9.2.0165: tests: perleval fails in the sandbox
* patch 9.2.0164: build error when XCLIPBOARD is not defined
* patch 9.2.0163: MS-Windows: Compile warning for unused variable
* patch 9.2.0162: tests: unnecessary CheckRunVimInTerminal in test_quickfix
* patch 9.2.0161: intro message disappears on startup in some terminals
* patch 9.2.0160: terminal DEC mode handling is overly complex
* patch 9.2.0159: Crash when reading quickfix line
* patch 9.2.0158: Visual highlighting might be incorrect
* patch 9.2.0157: Vim9: concatenation can be improved
* patch 9.2.0156: perleval() and rubyeval() ignore security settings
* patch 9.2.0155: filetype: ObjectScript are not recognized
* patch 9.2.0154: if_lua: runtime error with lua 5.5
* patch 9.2.0153: No support to act as a channel server
* patch 9.2.0152: concatenating strings is slow
* patch 9.2.0151: blob_from_string() is slow for long strings
* patch 9.2.0150: synchronized terminal update may cause display artifacts
* patch 9.2.0149: Vim9: segfault when unletting an imported variable
* patch 9.2.0148: Compile error when FEAT_DIFF is not defined
* patch 9.2.0147: blob: concatenation can be improved
* patch 9.2.0146: dictionary lookups can be improved
* patch 9.2.0145: UTF-8 decoding and length calculation can be improved
* patch 9.2.0144: 'statuslineopt' is a global only option
* patch 9.2.0143: termdebug: no support for thread and condition in :Break
* patch 9.2.0142: Coverity: Dead code warning
* patch 9.2.0141: :perl ex commands allowed in restricted mode
* patch 9.2.0140: file reading performance can be improved
* patch 9.2.0139: Cannot configure terminal resize event
* patch 9.2.0138: winhighlight option handling can be improved
* patch 9.2.0137: [security]: crash with composing char in collection range
* patch 9.2.0136: memory leak in add_interface_from_super_class()
* patch 9.2.0135: memory leak in eval_tuple()
* patch 9.2.0134: memory leak in socket_server_send_reply()
* patch 9.2.0133: memory leak in netbeans_file_activated()
* patch 9.2.0132: tests: Test_recover_corrupted_swap_file1 fails on be systems
* patch 9.2.0131: potential buffer overflow in regdump()
* patch 9.2.0130: missing range flags for the :tab command
* patch 9.2.0129: popup: wrong handling of wide-chars and opacity:0
* patch 9.2.0128: Wayland: using _Boolean instead of bool type
* patch 9.2.0127: line('w0') and line('w$') return wrong values in a terminal
* patch 9.2.0126: String handling can be improved
* patch 9.2.0125: tests: test_textformat.vim leaves swapfiles behind
* patch 9.2.0124: auto-format may swallow white space
* patch 9.2.0123: GTK: using deprecated gdk_pixbuf_new_from_xpm_data()
* patch 9.2.0122: Vim still supports compiling on NeXTSTEP
* patch 9.2.0120: tests: test_normal fails
* patch 9.2.0119: incorrect highlight initialization in win_init()
* patch 9.2.0118: memory leak in w_hl when reusing a popup window
* patch 9.2.0117: tests: test_wayland.vim fails
* patch 9.2.0116: terminal: synchronized output sequences are buffered
* patch 9.2.0115: popup: screen flickering possible during async callbacks
* patch 9.2.0114: MS-Windows: terminal output may go to wrong terminal
* patch 9.2.0113: winhighlight pointer may be used uninitialized
* patch 9.2.0112: popup: windows flicker when updating text
* patch 9.2.0111: 'winhighlight' option not always applied
* Update Vim to version 9.2.0110 (from 9.2.0045).
* Specifically, this fixes bsc#1259051 / CVE-2026-28417.
* Update Vim to version 9.2.0045 (from 9.1.1629).
* Fix bsc#1258229 CVE-2026-26269 as 9.2.0045 is not impacted (fixed
upstream).
* Fix bsc#1246602 CVE-2025-53906 as 9.2.0045 is not impacted (fixed
upstream).
* Drop obsolete or upstreamed patches:
- vim-7.3-filetype_spec.patch
- vim-7.4-filetype_apparmor.patch
- vim-8.2.2411-globalvimrc.patch
- vim-9.1.1683-avoid-null-dereference.patch
* Refresh the following patches:
- vim-7.3-filetype_changes.patch
- vim-7.3-filetype_ftl.patch
- vim-7.3-sh_is_bash.patch
- vim-9.1.1134-revert-putty-terminal-colors.patch
* Remove autoconf BuildRequires and drop the autoconf call in %build.
* Add --with-wayland=no to COMMON_OPTIONS to explicitly disable wayland.
* Package new Swedish (sv) man pages and clean up duplicate encodings
(sv.ISO8859-1 and sv.UTF-8) during %install.
- virtiofsd
-
- Add CVE-2026-25727.patch: Avoid denial of service when parsing
Rfc2822(bsc#1257912 CVE-2026-25727).
- xen
-
- bsc#1259247 - VUL-0: CVE-2026-23554: xen: Use after free of
paging structures in EPT (XSA-480)
xsa480.patch
- bsc#1259248 - VUL-0: CVE-2026-23555: xen: Xenstored DoS by
unprivileged domain (XSA-481)
xsa481.patch