- apparmor
-
- Fix deny exec of rpc_witness; (bsc#1225811).
* add apparmor-rpcd-witness.patch
- Add some misc fixes for samba-4.21.x denies; (bsc#1259441).
* add samba-misc-rpcd-spoolss.patch
- autofs
-
- fix deadlock on map entry removal (bsc#1246325)
* 0001-autofs-5.1.9-fix-get-parent-multi-mount-check-in-try.patch
* 0002-autofs-5.1.9-fix-deadlock-in-remount.patch
* 0003-CHANGELOG-add-a-few-missing-entries.patch
* 0004-autofs-5.1.9-quiet-possibly-noisy-log-message.patch
* 0005-autofs-5.1.9-fix-devid-update-on-reload.patch
* 0006-autofs-5.1.9-fix-cache-writelock-must-be-taken-in-up.patch
* 0007-autofs-5.1.9-fix-skip-valid-map-entries-on-expire-cl.patch
* 0008-autofs-5.1.9-remove-unnecessary-call-to-set_direct_m.patch
* 0009-autofs-5.1.9-remove-unnecessary-assignment-in-umount.patch
* 0010-autofs-5.1.9-fix-direct-mount-trigger-umount-failure.patch
* 0011-autofs-5.1.9-refactor-do_umount_autofs_direct.patch
* 0012-autofs-5.1.9-fix-stale-direct-mount-trigger-not-umou.patch
* 0013-autofs-5.1.9-add-function-table_lookup_ino.patch
* 0014-autofs-5.1.9-improve-handling-of-missing-map-entry-f.patch
- Fix autofs-5.1.1-dbus-udisks-monitor.patch (bsc#1246612) to account for:
* d2feac6784b6 autofs-5.1.6 - make autofs.a a shared library
* bcd8e1b642e9 autofs-5.0.7 - use LIBS for link libraries
- aws-cli
-
- Add ac_tighten-file-permissions.patch to fix cli_history database
not restricting file permissions on Unix systems (bsc#1261007)
- Update to 1.44.17
* api-change:``bedrock``: This change will increase TestCase guardContent input size from 1024 to
2028 characters and PolicyBuildDocumentDescription from 2000 to 4000 characters
* api-change:``datazone``: Adds support for IAM role subscriptions to Glue table listings via
CreateSubscriptionRequest API. Also adds owningIamPrincipalArn filter to List APIs and
subscriptionGrantCreationMode parameter to subscription target APIs for controlling grant creation
behavior.
- from version 1.44.16
* api-change:``billing``: Cost Categories filtering support to BillingView data filter expressions
through the new costCategories parameter, enabling users to filter billing views by AWS Cost
Categories for more granular cost management and allocation.
* api-change:``iot-managed-integrations``: This release introduces WiFi Simple Setup (WSS) enabling
device provisioning via barcode scanning with automated network discovery, authentication, and
credential provisioning. Additionally, it introduces 2P Device Capability Rediscovery for updating
hub-managed device capabilities post-onboarding.
* api-change:``sagemaker``: Added ultraServerType to the UltraServerInfo structure to support
server type identification for SageMaker HyperPod
* enhancement:``s3``: Adds new parameter ``--case-conflict`` that configures how case conflicts are
handled on case-insensitive filesystems
- from version 1.44.15
* api-change:``bedrock-agentcore-control``: Adds optional field "view" to GetMemory API input to
give customers control over whether CMK encrypted data such as strategy decryption or override
prompts is returned or not.
* api-change:``cloudfront``: Added EntityLimitExceeded exception handling to the following API
operations AssociateDistributionWebACL, AssociateDistributionTenantWebACL,
UpdateDistributionWithStagingConfig
* api-change:``glue``: Adding MaterializedViews task run APIs
* api-change:``medialive``: MediaPackage v2 output groups in MediaLive can now accept one
additional destination for single pipeline channels and up to two additional destinations for
standard channels. MediaPackage v2 destinations now support sending to cross region MediaPackage
channels.
* api-change:``transcribe``: Adds waiters to Amazon Transcribe.
- from version 1.44.14
* api-change:``workspaces``: Add StateMessage and ProgressPercentage fields to
DescribeCustomWorkspaceImageImport API response.
- from version 1.44.13
* api-change:``ce``: This release updates existing reservation recommendations API to support
deployment model.
* api-change:``emr-serverless``: Added support for enabling disk encryption using customer managed
AWS KMS keys to CreateApplication, UpdateApplication and StartJobRun APIs.
- from version 1.44.12
* api-change:``cleanroomsml``: AWS Clean Rooms ML now supports advanced Spark configurations to
optimize SQL performance when creating an MLInputChannel or an audience generation job.
- from version 1.44.11
* bugfix:``s3``: Reverts addition of ``--case-conflict`` feature which caused a performance
regression when copying from S3 to large local directories
- from version 1.44.10
* api-change:``cleanrooms``: Added support for publishing detailed metrics to CloudWatch for
operational monitoring of collaborations, including query performance and resource utilization.
* api-change:``identitystore``: This change introduces "Roles" attribute for User entities
supported by AWS Identity Store SDK.
- from version 1.44.9
* api-change:``connect``: Adds support for searching global contacts using the ActiveRegions
filter, and pagination support for ListSecurityProfileFlowModules and ListEntitySecurityProfiles.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``kafkaconnect``: This change sets the KafkaConnect GovCloud FIPS and FIPS DualStack
endpoints to use kafkaconnect instead of kafkaconnect-fips as the service name. This is done to
match the Kafka endpoints.
- from version 1.44.8
* api-change:``connect``: Changes for Contact for Global Search
* api-change:``quicksight``: This release adds support for quick users to be able to perform role
upgrades on their own. Additionally it allows admins to make this feature admin or auto approval
along with new self upgrade capability that can be restricted by Admins.
- from version 1.44.7
* api-change:``medialive``: AWS Elemental MediaLive now supports Pipeline Locking using Video
Alignment as well as linked single pipeline channels to enable cross-channel and cross-region
Pipeline Locking workflows.
- from version 1.44.6
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``geo-places``: Adds support for InferredSecondaryAddress place type, Designator in
SecondaryAddressComponent and Heading in ReverseGeocode.
* api-change:``pinpoint-sms-voice-v2``: This release adds support for the Registration Reviewer
feature, which provides generative AI feedback on a phone number or sender ID registration to
ensure completeness before sending to downstream (carrier) review.
* api-change:``s3``: Add additional validation to Outpost bucket names.
* enhancement:``s3``: Adds new parameter ``--case-conflict`` that configures how case conflicts are
handled on case-insensitive filesystems
- from version 1.44.5
* api-change:``config``: Added supported resourceTypes for Config from July to November 2025
* api-change:``ec2``: Adds support for linkedGroupId on the CreatePlacementGroup and
DescribePlacementGroups APIs. The linkedGroupId parameter is reserved for future use.
* api-change:``guardduty``: Make accountIds a required field in GetRemainingFreeTrialDays API to
reflect service behavior.
* api-change:``pcs``: Change API Reference Documentation for default Mode in Accounting and
SlurmRest
- from version 1.44.4
* api-change:``arc-region-switch``: Automatic Plan Execution Reports allow customers to maintain a
concise record of their Region switch Plan executions. This enables customer SREs and leadership
to have a clear view of their recovery posture based on the generated reports for their Plan
executions.
* api-change:``connect``: Adding support for Custom Metrics and Pre-Defined Attributes to
GetCurrentMetricData API.
* api-change:``emr-serverless``: Added JobLevelCostAllocationConfiguration field to enable cost
allocation reporting at the job level, providing more granular visibility into EMR Serverless
charges
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``iot``: This release adds event-based logging feature that enables granular event
logging controls for AWS IoT logs.
* api-change:``qbusiness``: It is a internal bug fix for region expansion
* api-change:``wickr``: AWS Wickr now provides a suite of admin APIs to allow you to
programmatically manage secure communication for Wickr networks at scale. These APIs enable you to
automate administrative workflows including user lifecycle management, network configuration, and
security group administration.
* api-change:``workspaces-web``: Add support for WebAuthn under user settings.
- from version 1.44.3
* api-change:``appstream``: Added support for new operating systems (1) Ubuntu 24.04 Pro LTS on
Elastic fleets, and (2) Microsoft Server 2025 on Always-On and On-Demand fleets
* api-change:``arc-region-switch``: New API to list Route 53 health checks created by ARC region
switch for a plan in a specific AWS Region using the Region switch Regional data plane.
* api-change:``artifact``: Add support for ListReportVersions API for the calling AWS account.
* api-change:``bedrock-agentcore-control``: Feature to support header exchanges between Bedrock
AgentCore Gateway Targets and client, along with propagating query parameter to the configured
targets.
* api-change:``bedrock-data-automation``: Blueprint Optimization (BPO) is a new Amazon Bedrock Data
Automation (BDA) capability that improves blueprint inference accuracy using example content assets
and ground truth data. BPO works by generating better instructions for fields in the Blueprint
using provided data.
* api-change:``cleanrooms``: Adding support for collaboration change requests requiring an approval
workflow. Adding support for change requests that grant or revoke results receiver ability and
modifying auto approved change types in an existing collaboration.
* api-change:``ec2``: This release adds AvailabilityZoneId support for CreateFleet, ModifyFleet,
DescribeFleets, RequestSpotFleet, ModifySpotFleetRequests and DescribeSpotFleetRequests APIs.
* api-change:``ecr``: Adds support for ECR Create On Push
* api-change:``ecs``: Adding support for Event Windows via a new ECS account setting
"fargateEventWindows". When enabled, ECS Fargate will use the configured event window for patching
tasks. Introducing "CapacityOptionType" for CreateCapacityProvider API, allowing support for Spot
capacity for ECS Managed Instances.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``iot``: This release adds message batching for the IoT Rules Engine HTTP action.
* api-change:``opensearch``: Amazon OpenSearch Service adds support for warm nodes, enabling new
multi-tier architecture.
* api-change:``sesv2``: Amazon SES introduces Email Validation feature which checks email addresses
for syntax errors, domain validity, and risky addresses to help maintain deliverability and protect
sender reputation. SES also adds resource tagging and ABAC support for EmailTemplates and
CustomVerificationEmailTemplates.
* api-change:``ssm-sap``: Added "Stopping" for the HANA Database Status.
* enhancement:cloudtrail: Fixed performance issue in cloudtrail validate-logs command by scoping S3
digest file listing to the trail's region instead of processing digest files from all regions.
- from version 1.44.2
* api-change:``gameliftstreams``: Added new stream group operation parameters for scale-on-demand
capacity with automatic prewarming. Added new Gen6 stream classes based on the EC2 G6 instance
family. Added new StartStreamSession parameter for exposure of real-time performance stats to
clients.
* api-change:``guardduty``: Add support for dbiResourceId in finding.
* api-change:``inspector-scan``: Adds an additional OutputFormat
* api-change:``kafkaconnect``: Support dual-stack network connectivity for connectors via
NetworkType field.
* api-change:``mediaconvert``: Adds support for tile encoding in HEVC and audio for video overlays.
* api-change:``mediapackagev2``: This release adds support for SPEKE V2 content key encryption in
MediaPackage v2 Origin Endpoints.
* api-change:``payment-cryptography``: Support for AS2805 standard. Modifications to import-key
and export-key to support AS2805 variants.
* api-change:``payment-cryptography-data``: Support for AS2805 standard. New API
GenerateAs2805KekValidation and changes to translate pin, GenerateMac and VerifyMac to support
AS2805 key variants.
* api-change:``sagemaker``: Adding the newly launched p6-b300.48xlarge ec2 instance support in
Sagemaker(Hyperpod,Training and Sceptor)
- from version 1.44.1
* api-change:``iot``: Add support for dynamic payloads in IoT Device Management Commands
* api-change:``timestream-influxdb``: This release adds support for rebooting InfluxDB DbInstances
and DbClusters
- from version 1.44.0
* api-change:``bedrock-agentcore-control``: This release updates broken links for AgentCore Policy
APIs in the AWS CLI and SDK resources.
* api-change:``connect``: Amazon Connect now supports outbound WhatsApp contacts via the Send
message block or StartOutboundChatContact API. Send proactive messages for surveys, reminders, and
updates. Offer customers the option to switch to WhatsApp while in queue, eliminating hold time.
* api-change:``ec2``: EC2 Capacity Manager now supports SpotTotalCount, SpotTotalInterruptions and
SpotInterruptionRate metrics for both vCPU and instance units.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``entityresolution``: Support Customer Profiles Integration for AWS Entity Resolution
* api-change:``glacier``: Documentation updates for Amazon Glacier's maintenance mode
* api-change:``health``: Updating Health API endpoint generation for dualstack only regions
* api-change:``logs``: This release allows you to import your historical CloudTrail Lake data into
CloudWatch with a few steps, enabling you to easily consolidate operational, security, and
compliance data in one place.
* api-change:``mediatailor``: Added support for Ad Decision Server Configuration enabling HTTP POST
requests with custom bodies, headers, GZIP compression, and dynamic variables. No changes required
for existing GET request configurations.
* api-change:``route53resolver``: Adds support for enabling detailed metrics on Route 53 Resolver
endpoints using RniEnhancedMetricsEnabled and TargetNameServerMetricsEnabled in the
CreateResolverEndpoint and UpdateResolverEndpoint APIs, providing enhanced visibility into Resolver
endpoint and target name server performance.
* api-change:``s3``: This release adds support for the new optional field 'LifecycleExpirationDate'
in S3 Inventory configurations.
* api-change:``service-quotas``: Add support for SQ Dashboard Api
* feature:Migration: Implement a ``--v2-debug`` flag and ``AWS_CLI_UPGRADE_DEBUG_MODE`` environment
variable that detects breaking changes for AWS CLI v2 for entered commands.
- from version 1.43.15
* api-change:``bcm-recommended-actions``: Added new freetier action types to RecommendedAction.type.
* api-change:``connect``: Amazon Connect now offers automated post-chat surveys triggered when
customers end conversations. This captures timely feedback while experience is fresh, using either
a no-code form builder or Amazon Lex-powered interactive surveys.
* api-change:``datasync``: Adds Enhanced mode support for NFS and SMB locations. SMB credentials
are now managed via Secrets Manager, and may be encrypted with service or customer managed keys.
Increases AgentArns maximum count to 8 (max 4 per TaskMode). Adds folder counters to
DescribeTaskExecution for Enhanced mode tasks.
* api-change:``workspaces-web``: Adds support for portal branding customization, enabling
administrators to personalize end-user portals with custom assets.
- from version 1.43.14
* api-change:``lambda``: Add Dotnet 10 (dotnet10) support to AWS Lambda.
* api-change:``organizations``: Add support for policy operations on the NETWORK SECURITY DIRECTOR
POLICY policy type.
* api-change:``quicksight``: This release adds new GetIdentityContext API, Dashboard customization
options for tables and pivot tables, Visual styling options- borders and decals, map
GeocodingPreferences, KeyPairCredentials for DataSourceCredentials. Snapshot APIs now support
registered users. Parameters limit increased to 400
* api-change:``secretsmanager``: Add SortBy parameter to ListSecrets
* api-change:``sesv2``: Update GetEmailIdentity and CreateEmailIdentity response to include
SigningHostedZone in DkimAttributes. Updated PutEmailIdentityDkimSigningAttributes Response to
include SigningHostedZone.
- from version 1.43.13
* api-change:``bedrock``: Automated Reasoning checks in Amazon Bedrock Guardrails is capable of
generating policy scenarios to validate policies. The
GetAutomatedReasoningPolicyBuildWorkflowResultAssets API now adds POLICY SCENARIO asset type,
allowing customers to retrieve scenarios generated by the build workflow.
* api-change:``billingconductor``: Launch itemized custom line item and service line item filter
* api-change:``cloudwatch``: This release introduces two additional protocols AWS JSON 1.1 and
Smithy RPC v2 CBOR, replacing the currently utilized one, AWSQuery. AWS SDKs will prioritize the
protocol that is the most performant for each language.
* api-change:``odb``: The following APIs now return CloudExadataInfrastructureArn and OdbNetworkArn
fields for improved resource identification and AWS service integration - GetCloudVmCluster,
ListCloudVmClusters, GetCloudAutonomousVmCluster, and ListCloudAutonomousVmClusters.
* api-change:``opensearch``: The CreateApplication API now supports an optional kms key arn
parameter to allow customers to specify a CMK for application encryption.
* api-change:``partnercentral-selling``: Adds support for the new Project.AwsPartition field on
Opportunity and AWS Opportunity Summary. Use this field to specify the AWS partition where the
opportunity will be deployed.
* api-change:``signer``: Adds support for Signer GetRevocationStatus with updated endpoints
- Refresh ac_relax-depends.patch
- Update Requires from setup.py
- Update to 1.43.12
* api-change:``account``: This release adds a new API (GetGovCloudAccountInformation) used to
retrieve information about a linked GovCloud account from the standard AWS partition.
* api-change:``appsync``: Update Event API to require EventConfig parameter in creation and update
requests.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``guardduty``: Adding support for Ec2LaunchTemplate Version field
* api-change:``ivs-realtime``: Token Exchange introduces seamless token exchange capabilities for
IVS RTX, enabling customers to upgrade or downgrade token capabilities and update token attributes
within the IVS client SDK without forcing clients to disconnect and reconnect.
* api-change:``mgn``: Added parameters encryption, IPv4/IPv6 protocol configuration, and enhanced
tagging support for replication operations.
* api-change:``route53``: Amazon Route 53 now supports the EU (Germany) Region (eusc-de-east-1) for
latency records, geoproximity records, and private DNS for Amazon VPCs in that region
- from version 1.43.11
* api-change:``ce``: Add support for Cost Category resource associations including filtering by
resource type on ListCostCategoryDefinitions and new ListCostCategoryResourceAssociations API.
* api-change:``ec2``: Amazon EC2 P6-B300 instances provide 8x NVIDIA Blackwell Ultra GPUs with 2.1
TB high bandwidth GPU memory, 6.4 Tbps EFA networking, 300 Gbps dedicated ENA throughput, and 4 TB
of system memory. Amazon EC2 C8a instances are powered by 5th Gen AMD EPYC processors with a
maximum frequency of 4.5 GHz.
* api-change:``identitystore``: Updating AWS Identity Store APIs to support Attribute Extensions
capability, with the first release adding Enterprise Attributes. This launch aligns Identity Store
APIs with SCIM for enterprise attributes, reducing cases when customers are forced to use SCIM due
to lack of SigV4 API support.
* api-change:``partnercentral-selling``: Deal Sizing Service for AI-based deal size estimation with
AWS service-level breakdown, supporting Expansion and Migration deals across Technology, and
Reseller partner cohorts, including Pricing Calculator AddOn for MAP deals and funding incentives.
* api-change:``rds``: Adding support for tagging RDS Instance/Cluster Automated Backups
* api-change:``redshift-serverless``: Added GetIdentityCenterAuthToken API to retrieve encrypted
authentication tokens for Identity Center integrated serverless workgroups. This API enables
programmatic access to secure Identity Center tokens with proper error handling and parameter
validation across supported SDK languages.
* api-change:``rolesanywhere``: Increases certificate string length for trust anchor source data to
support ML-DSA certificates.
* api-change:``sesv2``: Update Mail Manager Archive ARN validation
- from version 1.43.10
* api-change:``ecs``: Updating stop-task API to encapsulate containers with custom stop signal
* api-change:``iam``: Adding the ExpirationTime attribute to the delegation request resource.
* api-change:``inspector2``: This release adds a new ScanStatus called "Unsupported Code
Artifacts". This ScanStatus will be returned when a Lambda function was not code scanned because it
has unsupported code artifacts.
* api-change:``partnercentral-account``: Adding Verification API's to Partner Central Account SDK.
* api-change:``sesv2``: Updating the desired url for `PutEmailIdentityDkimSigningAttributes` from
v1 to v2
- from version 1.43.9
* api-change:``lambda``: Add DisallowedByVpcEncryptionControl to the LastUpdateStatusReasonCode and
StateReasonCode enums to represent failures caused by VPC Encryption Controls.
- from version 1.43.8
* api-change:``bedrock``: Adding support in Amazon Bedrock to customize models with reinforcement
fine-tuning (RFT) and support for updating the existing Custom Model Deployments.
* api-change:``sagemaker``: Introduces Serverless training: A fully managed compute infrastructure
that abstracts away all infrastructure complexity, allowing you to focus purely on model
development.
Added AI model customization assets used to train, refine, and evaluate custom models during the
model customization process.
- from version 1.43.7
* api-change:``bedrock``: Adds the audioDataDeliveryEnabled boolean field to the Model Invocation
Logging Configuration.
* api-change:``bedrock-agentcore``: Support for AgentCore Evaluations and Episodic memory strategy
for AgentCore Memory.
* api-change:``bedrock-agentcore-control``: Supports AgentCore Evaluations, Policy, Episodic Memory
Strategy, Resource Based Policy for Runtime and Gateway APIs, API Gateway Rest API Targets and
enhances JWT authorizer.
* api-change:``bedrock-runtime``: Adds support for Audio Blocks and Streaming Image Output plus new
Stop Reasons of malformed_model_output and malformed_tool_use.
* api-change:``ce``: This release updates existing Savings Plans Purchase Analyzer and
Recommendations APIs to support Database Savings Plans.
* api-change:``datazone``: Amazon DataZone now supports exporting Catalog datasets as Amazon S3
tables, and provides automatic business glossary term suggestions for data assets.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``fsx``: S3 Access Points support for FSx for NetApp ONTAP
* api-change:``guardduty``: Adding support for extended threat detection for Amazon EC2 and Amazon
ECS. Adding support for wild card suppression rules.
* api-change:``lambda``: Launching Lambda durable functions - a new feature to build reliable
multi-step applications and AI workflows natively within the Lambda developer experience.
* api-change:``logs``: CloudWatch Logs adds managed S3 Tables integration to access logs using
other analytical tools, as well as facets and field indexing to simplify log analytics in
CloudWatch Logs Insights.
* api-change:``nova-act``: Initial release of Nova Act SDK. The Nova Act service enables customers
to build and manage fleets of agents for automating production UI workflows with high reliability,
fastest time-to-value, and ease of implementation at scale.
* api-change:``observabilityadmin``: CloudWatch Observability Admin adds pipelines configuration
for third party log ingestion and transformation of all logs ingested, integration of CloudWatch
logs with S3 Tables, and AWS account or organization level enablement for 7 AWS services.
* api-change:``opensearch``: GPU-acceleration helps you build large-scale vector databases faster
and more efficiently. You can enable this feature on new OpenSearch domains and OpenSearch
Serverless collections. This feature uses GPU-acceleration to reduce the time needed to index data
into vector indexes.
* api-change:``opensearchserverless``: GPU-acceleration helps you build large-scale vector
databases faster and more efficiently. You can enable this feature on new OpenSearch domains and
OpenSearch Serverless collections. This feature uses GPU-acceleration to reduce the time needed to
index data into vector indexes.
* api-change:``rds``: RDS Oracle and SQL Server: Add support for adding, modifying, and removing
additional storage volumes, offering up to 256TiB storage; RDS SQL Server: Support Developer
Edition via custom engine versions for development and testing purposes; M7i/R7i instances with
Optimize CPU for cost savings.
* api-change:``s3``: New S3 Storage Class FSX_ONTAP
* api-change:``s3control``: Add support for S3 Storage Lens Advanced Performance Metrics, Expanded
Prefixes metrics report, and export to S3 Tables.
* api-change:``s3tables``: Add storage class, replication, and table record expiration features to
S3 Tables.
* api-change:``s3vectors``: Amazon S3 Vectors provides cost-effective, elastic, and durable vector
storage for queries based on semantic meaning and similarity.
* api-change:``sagemaker``: Added support for serverless MLflow Apps.
Added support for new HubContentTypes (DataSet and JsonDoc) in Private Hub for AI model
customization assets, enabling tracking and management of training datasets and evaluators (reward
functions/prompts) throughout the ML lifecycle.
* api-change:``savingsplans``: Added support for Amazon Database Savings Plans
* api-change:``securityhub``: ITSM enhancements: DRYRUN mode for testing ticket creation,
ServiceNow now uses AWS Secrets Manager for credentials, ConnectorRegistrationsV2 renamed to
RegisterConnectorV2, added ServiceQuotaExceededException error, and ConnectorStatus visibility in
CreateConnectorV2.
- from version 1.43.6
* api-change:``appintegrations``: This release adds support for MCP servers via the ApplicationType
field, allowing customers to register their Bedrock AgentCore gateways as third party applications.
* api-change:``bedrock-agent``: Support audio and video ingestion on Bedrock Knowledge Bases.
* api-change:``bedrock-agent-runtime``: Support audio and video content retrieval on Bedrock
Knowledge Bases.
* api-change:``cleanrooms``: AWS Clean Rooms now supports privacy-enhancing synthetic dataset
generation for custom ML training.
* api-change:``cleanroomsml``: AWS Clean Rooms ML now supports privacy-enhancing synthetic dataset
generation for custom ML training.
* api-change:``connect``: This is a combined re:Invent release for Amazon Connect.
* api-change:``connectcampaignsv2``: This release added support for new WhatsApp channel and
Journey type outbound campaign
* api-change:``connectparticipant``: Amazon Connect now supports message processing that intercepts
and processes chat messages before they reach any participant.
* api-change:``customer-profiles``: This release introduces, CRUD APIs for the DomainObjectType and
Recommender resources, APIs to offer statistical insights on Object Type Attributes, Changes to
SegmentDefinition APIs to support SQL queries to create Segments, and Changes to Domain APIs to
support Data Store.
* api-change:``eks``: This release adds support for EKS Capabilities
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``glue``: feature: Glue: Add support for Iceberg materialized view in Glue Data
Catalog, including updated CreateTable API to support materialized views and new APIs for managing
data refresh for materialized views.
feature: Glue: Add support for Iceberg table encryption keys and struct field defaults.
* api-change:``lambda``: Launching Lambda Managed Instances - a new feature to run Lambda on EC2.
* api-change:``lexv2-models``: Adds support for speech-to-speech models for human-like, adaptive,
and expressive voice interactions. Also adds support for speech model preference, allowing
customers to select which speech model they want to use for speech-to-text requests.
* api-change:``marketplace-agreement``: This release supports 1/multi-product transactions via
offer sets. DescribeAgreement and SearchAgreements APIs now return offer set IDs. SearchAgreements
also supports filtering by offer set ID and 2/variable payment pricing terms will be returned
through GetAgreementTerms.
* api-change:``marketplace-catalog``: This release introduces offer set entity in AWS Marketplace
Catalog API to enable multi-product transaction. Offer set enables sellers to group multiple
private offers into a single-click purchase experience, simplifying procurement for customers
purchasing multi-product solutions.
* api-change:``partnercentral-account``: Initial GA launch of Partner Central Account
* api-change:``partnercentral-benefits``: Initial GA launch of Partner Central Benefits
* api-change:``partnercentral-selling``: New Features:
Lead Management APIs for capturing and nurturing leads
Lead invitation support for partner collaboration
Lead-to-opportunity conversion operations
AWS Marketplace OfferSets support for opportunities
* api-change:``personalize``: This release adds support for includedDatasetColumns and
performIncrementalUpdate in solution APIs, and rankingInfluence in campaign and batch inference
APIs.
* api-change:``qconnect``: New AIAgent types: Orchestration for ModelContextProtocol tool
integration, CaseSummary for Amazon Connect Case summaries, NoteTaker for Agent Assistance notes.
Added ListSpans and Retrieve APIs. Enhanced Q in Connect AssistantAssociationType to support Bring
Your Own Bedrock Knowledge Bases.
* api-change:``route53globalresolver``: Add SDK for Amazon Route 53 Global Resolver, a fully
managed DNS resolver service that offers broad DNS-filtering security controls.
- from version 1.43.5
* api-change:``bedrock-runtime``: Bedrock Runtime Reserved Service Support
* api-change:``compute-optimizer``: Compute Optimizer now identifies idle NAT Gateway resources for
cost optimization based on traffic patterns and backup configuration analysis. Access
recommendations via the GetIdleRecommendations API.
* api-change:``cost-optimization-hub``: This release enables AWS Cost Optimization Hub to show cost
optimization recommendations for NAT Gateway.
- from version 1.43.4
* api-change:``ec2``: This release adds support to view Network firewall proxy appliances attached
to an existing NAT Gateway via DescribeNatGateways API NatGatewayAttachedAppliance structure.
* api-change:``network-firewall``: Network Firewall release of the Proxy feature.
* api-change:``organizations``: Add support for policy operations on the S3_POLICY and
BEDROCK_POLICY policy type.
* api-change:``route53``: Adds support for new route53 feature: accelerated recovery.
- Refresh ac_relax-depends.patch
- Update Requires from setup.py
- Update to 1.43.3
* api-change:``cloudfront``: Add TrustStore, ConnectionFunction APIs to CloudFront SDK
* api-change:``logs``: New CloudWatch Logs feature - LogGroup Deletion Protection, a capability
that allows customers to safeguard their critical CloudWatch log groups from accidental or
unintended deletion.
- from version 1.43.2
* api-change:``apigateway``: API Gateway supports VPC link V2 for REST APIs.
* api-change:``athena``: Introduces Spark workgroup features including log persistence,
S3/CloudWatch delivery, UI and History Server APIs, and SparkConnect 3.5.6 support. Adds DPU usage
limits at workgroup and query levels as well as DPU usage tracking for Capacity Reservation queries
to optimize performance and costs.
* api-change:``bedrock``: Add support to automatically enforce safeguards across accounts within an
AWS Organization.
* api-change:``bedrock-agentcore-control``: Support for agentcore gateway interceptor
configurations and NONE authorizer type
* api-change:``bedrock-data-automation-runtime``: Adding new fields to GetDataAutomationStatus:
jobSubmissionTime, jobCompletionTime, and jobDurationInSeconds
* api-change:``bedrock-runtime``: Add support to automatically enforce safeguards across accounts
within an AWS Organization.
* api-change:``cloudformation``: Adds the DependsOn field to the AutoDeployment configuration
parameter for CreateStackSet, UpdateStackSet, and DescribeStackSet APIs, allowing users to set and
read auto-deployment dependencies between StackSets
* api-change:``compute-optimizer-automation``: Initial release of AWS Compute Optimizer Automation.
Create automation rules to implement recommended actions on a recurring schedule based on your
specified criteria. Supported actions include: snapshot and delete unattached EBS volumes and
upgrade volume types to the latest generation.
* api-change:``connect``: New APIs to support aliases and versions for ContactFlowModule. Updated
ContactFlowModule APIs to support custom blocks.
* api-change:``controltower``: The manifest field is now optional for the AWS Control Tower
CreateLandingZone and UpdateLandingZone APIs for Landing Zone version 4.0
* api-change:``ec2``: This release adds a new capability to create and manage interruptible EC2
Capacity Reservations.
* api-change:``ecr``: Add support for ECR managed signing
* api-change:``eks``: Adds support for controlPlaneScalingConfig on EKS Clusters.
* api-change:``elbv2``: This release adds the health check log feature in ALB, allowing customers
to send detailed target health check log data directly to their designated Amazon S3 bucket.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``invoicing``: Added the CreateProcurementPortalPreference,
GetProcurementPortalPreference, PutProcurementPortalPreference,
UpdateProcurementPortalPreferenceStatus, ListProcurementPortalPreferences and
DeleteProcurementPortalPreference APIs for procurement portal preference management.
* api-change:``kinesisvideo``: This release adds support for Tiered Storage
* api-change:``kms``: Support for on-demand rotation of AWS KMS Multi-Region keys with imported key
material
* api-change:``lambda``: Launching Enhanced Error Handling and ESM Grouping capabilities for Kafka
ESMs
* api-change:``lexv2-models``: Adds support for Intent Disambiguation, allowing resolution of
ambiguous user inputs when multiple intents match by presenting clarifying questions to users. Also
adds Speech Detection Sensitivity configuration for optimizing voice activity detection sensitivity
levels in various noise environments.
* api-change:``mailmanager``: Add support for resources in the aws-eusc partition.
* api-change:``marketplace-entitlement``: Endpoint update for new region
* api-change:``mediapackagev2``: Adds support for excluding session key tags from HLS multivariant
playlists
* api-change:``meteringmarketplace``: Endpoint update for new region
* api-change:``odb``: Adds AssociateIamRoleToResource and DisassociateIamRoleFromResource APIs for
managing IAM roles. Enhances CreateOdbNetwork and UpdateOdbNetwork APIs with KMS, STS, and
cross-region S3 parameters. Adds OCI identity domain support to InitializeService API.
* api-change:``organizations``: Add support for policy operations on the UPGRADE_ROLLOUT_POLICY
policy type.
* api-change:``qconnect``: This release introduces two new messaging channel subtypes: Push,
WhatsApp, under MessageTemplate which is a resource in Amazon Q in Connect.
* api-change:``quicksight``: Amazon Quick Suite now supports QuickChat as an embedding type when
calling the GenerateEmbedUrlForRegisteredUser API, enabling developers to embed conversational AI
agents directly into their applications.
* api-change:``rds``: Add support for Upgrade Rollout Order
* api-change:``redshift``: Added support for Amazon Redshift Federated Permissions and AWS IAM
Identity Center trusted identity propagation.
* api-change:``redshift-serverless``: Added UpdateLakehouseConfiguration API to manage Amazon
Redshift Federated Permissions and AWS IAM Identity Center trusted identity propagation for
namespaces.
* api-change:``sagemaker``: Enhanced SageMaker HyperPod instance groups with support for
MinInstanceCount, CapacityRequirements (Spot/On-Demand), and KubernetesConfig (labels and taints).
Also Added speculative decoding and MaxInstanceCount for model optimization jobs.
* api-change:``security-ir``: Add ListInvestigations and SendFeedback APIs to support SecurityIR AI
agents
* api-change:``sesv2``: Added support for new SES regions - Asia Pacific (Malaysia) and Canada
(Calgary)
* api-change:``transfer``: Adds support for creating Webapps accessible from a VPC.
- from version 1.43.1
* api-change:``application-signals``: Amazon CloudWatch Application Signals now supports
un-instrumented services discovery, cross-account views, and change history, helping SRE and DevOps
teams monitor and troubleshoot their large-scale distributed applications.
* api-change:``autoscaling``: This release adds support for three new features: 1) Image ID
overrides in mixed instances policy, 2) Replace Root Volume - a new strategy for Instance Refresh,
and 3) Instance Lifecycle Policy for enhanced instance lifecycle management.
* api-change:``bedrock-agentcore``: Bedrock AgentCore Memory release for redriving memory
extraction jobs (StartMemoryExtractionJob and ListMemoryExtractionJob)
* api-change:``bedrock-data-automation``: Added support for Synchronous project type and PII
Detection and Redaction
* api-change:``bedrock-data-automation-runtime``: Bedrock Data Automation Runtime Sync API
* api-change:``braket``: Add support for Braket spending limits.
* api-change:``budgets``: Add BillingViewHealthStatusException to DescribeBudgetPerformanceHistory
and ServiceQuotaExceededException to UpdateBudget for improved error handling with Billing Views.
* api-change:``cloudfront``: This release adds support for bring your own IP (BYOIP) to
CloudFront's CreateAnycastIpList API through an optional IpamCidrConfigs field.
* api-change:``cloudtrail``: AWS launches CloudTrail aggregated events to simplify monitoring of
data events at scale. This feature delivers both granular and summarized data events for resources
like S3/Lambda, helping security teams identify patterns without custom aggregation logic.
* api-change:``connect``: Add optional ability to exclude users from send notification actions for
Contact Lens Rules.
* api-change:``datasync``: The partition value "aws-eusc" is now permitted for ARN (Amazon Resource
Name) fields.
* api-change:``devicefarm``: Add support for environment variables and an IAM execution role.
* api-change:``dms``: Added support for customer-managed KMS key (CMK) for encryption for import
private key certificate. Additionally added Amazon SageMaker Lakehouse endpoint used for zero-ETL
integrations with data warehouses.
* api-change:``dsql``: Added clusterVpcEndpoint field to GetVpcEndpointServiceName API response,
returning the VPC connection endpoint for the cluster
* api-change:``ec2``: This release adds support for multiple features including: VPC Encryption
Control for the status of traffic flow; S2S VPN BGP Logging; TGW Flexible Costs; IPAM allocation of
static IPs from IPAM pools to CF Anycast IP lists used on CloudFront distribution; and EBS Volume
Integration with Recycle Bin
* api-change:``ecs``: Launching Amazon ECS Express Mode - a new feature that enables developers to
quickly launch highly available, scalable containerized applications with a single command.
* api-change:``elbv2``: This release adds the target optimizer feature in ALB, enabling strict
concurrency enforcement on targets.
* api-change:``emr``: Add support for configuring S3 destination for step logs on a per-step basis.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``glue``: Added FunctionType parameter to Glue GetuserDefinedFunctions.
* api-change:``imagebuilder``: EC2 Image Builder now enables the distribution of existing AMIs,
retry distribution, and define distribution workflows. It also supports automatic versioning for
recipes and components, allowing automatic version increments and dynamic referencing in pipelines.
* api-change:``kinesis``: Kinesis Data Streams now supports up to 50 Enhance Fan-out consumers for
On-demand Advantage Streams. On-demand Standard and Provisioned streams will continue with the
existing limit of 20 consumers for Enhanced Fan-out.
* api-change:``lakeformation``: Added ServiceIntegrations as a request parameter for
CreateLakeFormationIdentityCenterConfigurationRequest and
UpdateLakeFormationIdentityCenterConfigurationRequest and response parameter for
DescribeLakeFormationIdentityCenterConfigurationResponse
* api-change:``license-manager``: Added cross-account resource aggregation via license asset groups
and expiry tracking for Self-Managed Licenses. Extended Org-Wide View to Self-Managed Licenses,
added reporting for license asset groups, and removed Athena/Glue dependencies for cross-account
resource discovery in commercial regions.
* api-change:``networkmanager``: This release adds support for Cloud WAN Routing Policy providing
customers sophisticated routing controls to better manage their global networks
* api-change:``organizations``: Added new APIs for Billing Transfer, new policy type
INSPECTOR_POLICY, and allow an account to transfer between organizations
* api-change:``quicksight``: Introducing comprehensive theme styling controls. New features include
border customization (radius, width, color), flexible padding controls, background styling for
cards and sheets, centralized typography management, and visual-level override support across
layouts.
* api-change:``rbin``: Add support for EBS volume in Recycle Bin
* api-change:``rds``: Add support for VPC Encryption Controls.
* api-change:``redshift-data``: Increasing the length limit of Statement Name from 500 to 2048.
* api-change:``s3``: Enable / Disable ABAC on a general purpose bucket.
* api-change:``sagemaker``: Added training plan support for inference endpoints. Added HyperPod
task governance with accelerator partition-based quota allocation. Added BatchRebootClusterNodes
and BatchReplaceClusterNodes APIs. Updated ListClusterNodes to include privateDnsHostName.
* api-change:``securityhub``: Release Findings and Resources Trends APIs- GetFindingsTrendsV2 and
GetResourcesTrendsV2. This supports time-series aggregated counts with composite filtering for
1-year of historical data analysis of Findings and Resources.
- from version 1.43.0
* api-change:``apigateway``: API Gateway now supports response streaming and new security policies
for REST APIs and custom domain names.
* api-change:``apigatewayv2``: Support for API Gateway portals and portal products.
* api-change:``backup``: Amazon GuardDuty Malware Protection now supports AWS Backup, extending
malware detection capabilities to EC2, EBS, and S3 backups.
* api-change:``bcm-pricing-calculator``: Add GroupSharingPreference,
CostCategoryGroupSharingPreferenceArn, and CostCategoryGroupSharingPreferenceEffectiveDate to Bill
Estimate. Add GroupSharingPreference and CostCategoryGroupSharingPreferenceArn to Bill Scenario.
* api-change:``bedrock-runtime``: This release includes support for Search Results.
* api-change:``billing``: Added name filtering support to ListBillingViews API through the new
names parameter to efficiently filter billing views by name.
* api-change:``billingconductor``: This release adds support for Billing Transfers, enabling
management of billing transfers with billing groups on AWS Billing Conductor.
* api-change:``ce``: Add support for COST_CATEGORY, TAG, and LINKED_ACCOUNT AWS managed cost
anomaly detection monitors
* api-change:``cloudtrail``: AWS CloudTrail now supports Insights for data events, expanding beyond
management events to automatically detect unusual activity on data plane operations.
* api-change:``connectcampaignsv2``: This release added support for ring timer configuration for
campaign calls.
* api-change:``cost-optimization-hub``: Release ListEfficiencyMetrics API
* api-change:``datazone``: Amazon DataZone now supports business metadata (readme and metadata
forms) at the individual attribute (column) level, a new rule type for glossary terms, and the
ability to update the owner of the root domain unit.
* api-change:``dynamodb``: Extended Global Secondary Index (GSI) composite keys to support up to 8
attributes.
* api-change:``ec2``: This launch adds support for two new features: Regional NAT Gateway and IPAM
Policies. IPAM policies offers customers central control for public IPv4 assignments across AWS
services. Regional NAT is a single NAT Gateway that automatically expands across AZs in a VPC to
maintain high availability.
* api-change:``ecr``: Add support for ECR archival storage class and Inspector org policy for
scanning
* api-change:``ecs``: Added support for Amazon ECS Managed Instances infrastructure optimization
configuration.
* api-change:``emr``: Add CloudWatch Logs integration for Spark driver, executor and step logs
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``fsx``: Adding File Server Resource Manager configuration to FSx Windows
* api-change:``guardduty``: Add support for scanning and viewing scan results for backup resource
types
* api-change:``health``: Adds actionability and personas properties to Health events exposed
through DescribeEvents, DescribeEventsForOrganization, DescribeEventDetails, and DescribeEventTypes
APIs. Adds filtering by actionabilities and personas in EventFilter, OrganizationEventFilter,
EventTypeFilter.
* api-change:``iam``: Added the EnableOutboundWebIdentityFederation,
DisableOutboundWebIdentityFederation and GetOutboundWebIdentityFederationInfo APIs for the IAM
outbound federation feature.
* api-change:``inspector2``: This release introduces BLOCKED_BY_ORGANIZATION_POLICY error code and
IMAGE_ARCHIVED scanStatusReason. BLOCKED_BY_ORGANIZATION_POLICY error code is returned when an
operation is blocked by an AWS Organizations policy. IMAGE_ARCHIVED scanStatusReason is returned
when an Image is archived in ECR.
* api-change:``invoicing``: Add support for adding Billing transfers in Invoice configuration
* api-change:``lambda``: Added support for creating and invoking Tenant Isolated functions in AWS
Lambda APIs.
* api-change:``logs``: Adding support for ocsf version 1.5, add optional parameter MappingVersion
* api-change:``mediaconnect``: This release adds support for global routing in AWS Elemental
MediaConnect. You can now use router inputs and router outputs to manage global video and audio
routing workflows both within the AWS-Cloud and over the public internet.
* api-change:``medialive``: MediaLive is adding support for MediaConnect Router by supporting a new
input type called MEDIACONNECT_ROUTER. This new input type will provide seamless encrypted
transport between MediaConnect Router and your MediaLive channel.
* api-change:``network-firewall``: Partner Managed Rulegroup feature support
* api-change:``networkflowmonitor``: Added new enum value (AWS::EKS::Cluster) for type field under
MonitorLocalResource
* api-change:``partnercentral-channel``: Initial GA launch of Partner Central Channel
* api-change:``route53``: Add dual-stack endpoint support for Route53
* api-change:``rum``: CloudWatch RUM now supports mobile application monitoring for Android and iOS
platforms
* api-change:``s3``: Adds support for blocking SSE-C writes to general purpose buckets.
* api-change:``sagemaker``: Added support for enhanced metrics for SageMaker AI Endpoints. This
features provides Utilization Metrics at instance and container granularity and also provides easy
configuration of metric publish frequency from 10 sec -> 5 mins
* api-change:``secretsmanager``: Adds support to create, update, retrieve, rotate, and delete
managed external secrets.
* api-change:``signin``: AWS Sign-In manages authentication for AWS services. This service provides
secure authentication flows for accessing AWS resources from the console and developer tools. This
release adds the CreateOAuth2Token API, which can be used to fetch OAuth2 access tokens and refresh
tokens from Sign-In.
* api-change:``stepfunctions``: Adds support to TestState for mocked results and exceptions, along
with additional inspection data.
* api-change:``sts``: IAM now supports outbound identity federation via the STS GetWebIdentityToken
API, enabling AWS workloads to securely authenticate with external services using short-lived JSON
Web Tokens.
* feature:credentials: Adds support for the login credential provider, allowing users to use AWS
Management Console credentials for authentication.
- from version 1.42.76
* api-change:``autoscaling``: This release adds the new LaunchInstances API, which can launch
instances synchronously in an AutoScaling group. The API also returns instances info and launch
error back immediately.
* api-change:``backup``: AWS Backup now supports a low-cost warm storage tier for Amazon S3 backup
data.
* api-change:``bedrock-runtime``: Amazon Bedrock Runtime Service Tier Support Launch
* api-change:``cloudformation``: New CloudFormation DescribeEvents API with operation ID tracking
and failure filtering capabilities to quickly identify root causes of deployment failures. Also, a
DeploymentMode parameter for the CreateChangeSet API that enables creation of drift-aware change
sets for safe drift management.
* api-change:``connect``: This release added support for ring timer configuration for campaign
calls.
* api-change:``ec2``: AWS Site-to-Site VPN now supports VPN Concentrator, a new feature that
enables customers to connect multiple low-bandwidth sites connections through a single attachment,
simplifying multi-site connectivity for distributed enterprises.
* api-change:``iam``: Added the AssociateDelegationRequest, GetDelegationRequest,
AcceptDelegationRequest, RejectDelegatonRequest, ListDelegationRequests, UpdateDelegationRequest,
SendDelegationToken and GetHumanReadableSummary APIs for the IAM temporary delegation feature.
* api-change:``kafka``: Amazon MSK adds three new APIs, ListTopics, DescribeTopic, and
DescribeTopicPartitions for viewing Kafka topics in your MSK clusters.
* api-change:``logs``: CloudWatch Logs updates: Added capability to setup a recurring schedule for
log insights queries. Logs introduced Scheduled Queries (managed through
Create/Update/Get/Delete/List/History Scheduled Query APIs). For more information, see CloudWatch
Logs API documentation.
* api-change:``resourcegroupstaggingapi``: Add support for new ListRequiredTags API used to
retrieve the required tags specified in a customer's effective tag policy.
* api-change:``storagegateway``: Adds support for European Sovereign Cloud ARNs in Storage Gateway
API parameters.
* api-change:``wafv2``: AssociateWebACL, UpdateWebACL and PutLoggingConfiguration will now throw
WAFFeatureNotIncludedInPricingPlanException when the request contains a feature that is not
included in the CloudFront pricing plan of the WebACL.
- from version 1.42.75
* api-change:``appstream``: Adding support for additional instances and extended storage
* api-change:``backup``: AWS Backup now supports specifying a logically air-gapped backup vault as
a primary backup target in backup plans and on-demand backup jobs.
* api-change:``bedrock``: Automated Reasoning checks in Amazon Bedrock Guardrails now automatically
generate Q&A tests for new Automated Reasoning policies. The
GetAutomatedReasoningPolicyBuildWorkflowResultAssets API adds GENERATED_TEST_CASES asset type,
allowing customers to retrieve tests generated by the build workflow.
* api-change:``devicefarm``: This release adds support for interacting with devices during a remote
access session using the remoteDriverEndpoint interface
* api-change:``dms``: This release introduces the SAP ASE(Sybase) Data Provider for AWS Data
Migration Service (DMS). In addition, DMS Schema Conversion now supports this provider, enabling
customers to migrate SAP ASE(Sybase) databases to Amazon RDS for PostgreSQL or Aurora PostgreSQL
seamlessly.
* api-change:``ec2``: This release introduces new APIs: DescribeInstanceSqlHaStates,
DescribeInstanceSqlHaHistoryStates, EnableInstanceSqlHaStandbyDetections and
DisableInstanceSqlHaStandbyDetections on Amazon EC2, allowing customers to enroll and monitor SQL
Server licensing fee savings for their SQL HA EC2 instances.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``glue``: Amazon Glue Releasing 2 the new API ListIntegrationResourceProperties and
DeleteIntegrationResourceProperty along with minor improvement on existing API(s).
* api-change:``guardduty``: Add S3 On-Demand Object Scanning
* api-change:``lexv2-models``: Adds support for LLM as Primary, allowing usage of LLMs as the
default NLU system.
* api-change:``medialive``: Adds configurations for spatial/temporal adaptive quantization in AV1
codec, and conversion to HLG output color space in H265 codec.
* api-change:``mediapackagev2``: Add support for SCTE messages in Segment file output
* api-change:``mwaa-serverless``: Amazon MWAA now offers serverless deployment, eliminating
operational overhead while optimizing costs. The service supports YAML and Python-based workflows,
with 80+ AWS Operators. It provides isolated execution, IAM permissions, and automatic scaling with
pay-per-use pricing.
* api-change:``opensearch``: This release adds index operation APIs to support Automatic Semantic
Enrichment feature
* api-change:``pcs``: Added support for the managed Slurm REST API endpoint
* api-change:``route53resolver``: Adding DICTIONARY_DGA to dns-threat-protection as a new enum
type. Customers can now set rules for dictionary dga protection
- from version 1.42.74
* api-change:``datazone``: Adds support for granting read and write access to Amazon S3 general
purpose buckets using CreateSubscriptionRequest and AcceptSubscriptionRequest APIs. Also adds
search filters for SSOUser and SSOGroup to ListSubscriptions APIs and deprecates "sortBy" parameter
for ListSubscriptions APIs.
* api-change:``ec2``: This release adds AvailabilityZoneId support for
CreateInstanceConnectEndpoint, DescribeInstanceConnectEndpoints, and DeleteInstanceConnectEndpoint
APIs.
* api-change:``imagebuilder``: EC2 Image Builder now supports invoking Lambda functions and
executing Step Functions state machine through image workflows.
* api-change:``medialive``: Removed all the value constraint (min/max) for the shape definitions
(e.g. integerMin0Max3600) on the C2j models to get rid of the need to request an exemption from the
SDK team whenever a shape definition (e.g. integerMin0Max3600) is changed.
- from version 1.42.73
* api-change:``cloudformation``: CloudFormation now supports GetHookResult API with annotations to
retrieve structured compliance check results and remediation guidance for each evaluated resource,
replacing the previous single-message limitation with detailed validation outcomes.
* api-change:``controlcatalog``: Added support for related control mappings with new
RELATED_CONTROL mapping type in ListControlMappings API.
* api-change:``ec2``: Added support for new accelerator types ("media") and accelerator names
("L4", "L40s", "GAUDI_HL_205", "INFERENTIA2", "TRAINIUM", "TRAINIUM2", "U30") in Attributes Based
Instance Type Selection for launched instance types.
* api-change:``ecr``: Add Amazon ECR FIPS PrivateLink endpoint support
* api-change:``elbv2``: QUIC and TCP_QUIC protocol support for Network Load Balancer (NLB). This
capability enables customers to forward QUIC traffic to their targets with ultra-low latency while
maintaining session stickiness using QUIC Connection IDs.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``iotwireless``: Integration of Device Location with Amazon Sidewalk network for
Amazon Sidewalk enabled devices
* api-change:``mediaconvert``: Lowers minimum duration for black video generator. Adds support for
embedding and signing C2PA content credentials in DASH and CMAF HLS outputs.
* api-change:``rds``: Updated endpoint and service metadata
* api-change:``sagemaker``: Added support for minor version upgrades and AWS Identity Center
integration for SageMaker Hadron Partner Apps, enabling automated version management and IdC
group-based access control.
* api-change:``workspaces-web``: Support for managing web content filtering for defining, tracking
and regulating type of content accessed with WorkSpaces Secure Browser as part of browser settings.
- from version 1.42.72
* api-change:``amp``: Add VPC source configuration support enabling Amazon Managed Service for
Prometheus Collector to collect metrics from MSK clusters.
* api-change:``connect``: Updated Authentication Profile APIs to add support for automatic logout
on user inactivity
* api-change:``dms``: Added support of SQL statements creation, metadata model discovery and
selection rules transformation.
* api-change:``ec2``: Adds complete AMI ancestry tracing from immediate parent through each
preceding generation back to the root AMI
* api-change:``elbv2``: This release expands ALB Authentication to support JWT verification and
adds support for a new JWT validation action in listener rule.
* api-change:``redshift``: Added GetIdentityCenterAuthToken API to retrieve encrypted
authentication tokens for Identity Center integrated applications. This API enables programmatic
access to secure Identity Center tokens with proper error handling and parameter validation across
supported SDK languages.
* api-change:``s3tables``: Adds support for request metrics metrics APIs for S3 Tables
* api-change:``sagemaker``: Add support for trn2.3xlarge instance type for SageMaker Hyperpod
- from version 1.42.71
* api-change:``batch``: Documentation-only update: update API and doc descriptions per EKS
ImageType default value switch from AL2 to AL2023.
* api-change:``bedrock-data-automation``: Added support for Language Expansion feature for BDA
Audio modality.
* api-change:``ec2``: AWS Site-to-Site VPN now supports VPN connections with up to 5 Gbps bandwidth
per tunnel, a 4x improvement from existing limit of 1.25 Gbps.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``medical-imaging``: Added new fields in existing APIs.
* api-change:``rtbfabric``: Added LogSettings and LinkAttribute fields to external links
* api-change:``security-ir``: Added support for configuring communication preferences as well as
clearly displaying case comment author identities.
- from version 1.42.70
* api-change:``acm-pca``: Private Certificate Authority service now supports ML-DSA key algorithms.
* api-change:``appstream``: AWS Appstream support for IPv6
* api-change:``backup``: AWS Backup supports backups of Amazon EKS clusters, including Kubernetes
cluster state and persistent storage attached to the EKS cluster via a persistent volume claim (EBS
volumes, EFS file systems, and S3 buckets).
* api-change:``braket``: Adds ExperimentalCapabilities field to CreateQuantumTask request and
GetQuantumTask response objects. Enables use of experimental software capabilities when creating
quantum tasks.
* api-change:``datazone``: Remove trackingServerName from DataZone Connection MLflowProperties
* api-change:``dsql``: Cluster endpoint added to CreateCluster and GetCluster API responses
* api-change:``ec2``: Amazon EC2 Fleet customers can now filter instance types based on
encryption-in-transit support using Attribute-Based Instance Type Selection (ABIS), eliminating the
manual effort of identifying and selecting compatible instance types for security-sensitive
workloads.
* api-change:``guardduty``: Include tags filed in CreatePublishingDestinationRequest and
DescribePublishingDestinationResponse.
* api-change:``iam``: Added CreateDelegationRequest API, which is not available for general use at
this time.
* api-change:``invoicing``: Added new invoicing get-invoice-pdf API Operation
* api-change:``kafka``: Amazon MSK now supports intelligent rebalancing for MSK Express brokers.
* api-change:``sts``: Added GetDelegatedAccessToken API, which is not available for general use at
this time.
* api-change:``verifiedpermissions``: Amazon Verified Permissions / Features : Adds support for
entity Cedar tags.
* api-change:``wafv2``: AWS WAF now supports CLOUDWATCH_TELEMETRY_RULE_MANAGED as a LogScope
option, enabling automated logging configuration through Amazon CloudWatch Logs for telemetry data
collection and analysis.
- from version 1.42.69
* api-change:``controltower``: Added Parent Identifier support to ListEnabledControls and
GetEnabledControl API. Implemented RemediationType support for Landing Zone operations:
CreateLandingZone, UpdateLandingZone and GetLandingZone APIs
* api-change:``ec2``: Adds PrivateDnsPreference and PrivateDnsSpecifiedDomains to control private
DNS resolution for resource and service network VPC endpoints and
IpamScopeExternalAuthorityConfiguration to integrate Amazon VPC IPAM with a third-party IPAM service
* api-change:``kms``: Added support for new ECC_NIST_EDWARDS25519 AWS KMS key spec
* api-change:``opensearch``: This release introduces the Default Application feature, allowing
users to set, change, or unset a preferred OpenSearch UI application on a per-region basis for a
streamlined and consistent user experience.
* api-change:``vpc-lattice``: Amazon VPC Lattice now supports custom domain name for resource
configurations
- from version 1.42.68
* api-change:``accessanalyzer``: New field totalActiveErrors added to getFindingsStatistics
response.
* api-change:``backup``: AWS Backup now supports customer-managed keys (CMK) for logically
air-gapped vaults, enabling customers to maintain full control over their encryption key lifecycle.
This feature helps organizations meet specific internal governance requirements or external
regulatory compliance standards.
* api-change:``connect``: Added support for Conditional Questions in Evaluation Forms. Introduced
Auto Evaluation capability for Evaluation Forms and Contact Evaluations. Added new API operations:
SearchEvaluationForms and SearchContactEvaluations.
* api-change:``ec2``: Add Amazon EC2 R8a instance types
* api-change:``gamelift``: Amazon GameLift Servers now supports game builds that use the Windows
2022 operating system.
* api-change:``identitystore``: IdentityStore API: added new KMSExceptionReason fields to the
Exception object; added multiple new fields to the User APIs - UserStatus, Birthdate, Website and
Photos; added multiple new metadata fields for User, Groups and Membership APIs - CreatedAt,
CreatedBy, UpdatedAt and UpdatedBy.
* api-change:``quicksight``: Support for New Data Prep Experience
* api-change:``s3tables``: Adds support for tagging APIs for S3 Tables
* api-change:``s3vectors``: Amazon S3 Vectors provides cost-effective, elastic, and durable vector
storage for queries based on semantic meaning and similarity.
* api-change:``sagemaker``: Added NodeProvisioningMode parameter to UpdateCluster API to determine
how instance provisioning is handled during cluster operations; in Continuous mode. Added VpcId
field in UpdateDomain request for SageMaker Unified Studio domains with no VPC to add a customer
VPC.
* api-change:``ssm``: Provides NoLongerSupportedException error message
- from version 1.42.67
* api-change:``cloudfront``: This release adds new and updated API operations. You can now use the
IpAddressType field to specify either ipv4 or dualstack for your Anycast static IP list. You can
also enable cross-account resource sharing to share your VPC origins with other AWS accounts
* api-change:``datazone``: Added support for Project Resource Tags
* api-change:``ec2``: This release adds AvailabilityZoneId support for
DescribeFastSnapshotRestores, DisableFastSnapshotRestores, and EnableFastSnapshotRestores APIs.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``fsx``: Amazon FSx now enables secure management of Active Directory credentials
through AWS Secrets Manager integration. Customers can use Secret ARNs instead of direct
credentials when joining resources to Active Directory domains.
* api-change:``groundstation``: Introduce CreateDataflowEndpointGroupV2 action
* api-change:``s3``: Launch IPv6 dual-stack support for S3 Express
* api-change:``sagemaker``: Add new fields in SageMaker Hyperpod DescribeCluster API response:
TargetStateCount, SoftwareUpdateStatus and ActiveSoftwareDeploymentConfig to provide AMI update
progress visibility .
- from version 1.42.66
* api-change:``pinpoint-sms-voice-v2``: This release adds support for the CarrierLookup API, which
returns information about a destination phone number including if the number is valid, the carrier,
and more.
- from version 1.42.65
* api-change:``bedrock-agentcore-control``: Adds support for direct code deploy with
CreateAgentRuntime and UpdateAgentRuntime
* api-change:``budgets``: Fix the AWS Budgets endpoint for the aws-eusc partition.
* api-change:``ec2``: Add Amazon EC2 trn2.3xlarge instance type.
* api-change:``ecs``: Documentation-only update for LINEAR and CANARY deployment strategies.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``kinesis``: Adds support for MinimumThroughputBillingCommitment with new
UpdateAccountSettings API. Adds support to configure warm throughput for on-demand streams in new
UpdateStreamWarmThroughput API and existing CreateStream API and UpdateStreamMode API.
- from version 1.42.64
* api-change:``connectcases``: Added two new case rule types: Parent Child Field Options (restricts
child field options based on parent field value) and Hidden (controls child field visibility based
on parent field value). Both enable dynamic field behavior within templates.
* api-change:``ec2``: Amazon VPC IP Address Manager (IPAM) now supports automated prefix list
management, allowing you to create rules that automatically populate customer-managed prefix lists
with CIDRs from your IPAM pools or AWS resources based on tags, Regions, or other criteria.
* api-change:``emr``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``fms``: Update endpoint ruleset parameters casing
* api-change:``fsx``: Update endpoint ruleset parameters casing
* api-change:``health``: Update endpoint ruleset parameters casing
* api-change:``kinesis``: Update endpoint ruleset parameters casing
* api-change:``lambda``: Add Python3.14 (python3.14) and Java 25 (java25) support to AWS Lambda
* api-change:``logs``: Update endpoint ruleset parameters casing
* api-change:``marketplace-catalog``: Update endpoint ruleset parameters casing
* api-change:``mediaconvert``: Adds SlowPalPitchCorrection to audio pitch correction settings.
Enables opacity for VideoOverlays. Adds REMUX_ALL option to enable multi-rendition passthrough to
VideoSelector for allow listed accounts.
* api-change:``omics``: Added WDL_LENIENT engine type that enables implicit typecasting of variable
values to its compatible declared types
* api-change:``payment-cryptography``: Allow additional characters in the CertificateSubject for
GetCertificateSigningRequest API.
* api-change:``redshift``: Update endpoint ruleset parameters casing
* api-change:``resourcegroupstaggingapi``: Update endpoint ruleset parameters casing
* api-change:``sagemaker``: Allow update of platform identifier via UpdateNotebookInstance
operation.
* api-change:``savingsplans``: Add dual-stack endpoint support for Savings Plans
* api-change:``snowball``: Update endpoint ruleset parameters casing
* api-change:``ssm-quicksetup``: Update endpoint ruleset parameters casing
* api-change:``textract``: Update endpoint ruleset parameters casing
* api-change:``waf``: Update endpoint ruleset parameters casing
- from version 1.42.63
* api-change:``amp``: Add Anomaly Detection APIs for Amazon Managed Prometheus
* api-change:``apigateway``: Update endpoint ruleset parameters casing
* api-change:``appconfig``: Update endpoint ruleset parameters casing
* api-change:``appflow``: Update endpoint ruleset parameters casing
* api-change:``applicationcostprofiler``: Update endpoint ruleset parameters casing
* api-change:``appmesh``: Update endpoint ruleset parameters casing
* api-change:``appsync``: Update endpoint ruleset parameters casing
* api-change:``artifact``: Update endpoint ruleset parameters casing
* api-change:``auditmanager``: Update endpoint ruleset parameters casing
* api-change:``bedrock-agent``: Update endpoint ruleset parameters casing
* api-change:``bedrock-agentcore-control``: Web-Bot-Auth support for AgentCore Browser tool to help
reduce captcha challenges.
* api-change:``chime``: Update endpoint ruleset parameters casing
* api-change:``cleanrooms``: Added support for advanced Spark configurations to optimize SQL
performance
* api-change:``cloudcontrol``: Update endpoint ruleset parameters casing
* api-change:``clouddirectory``: Update endpoint ruleset parameters casing
* api-change:``cloudsearch``: Update endpoint ruleset parameters casing
* api-change:``cloudwatch``: Update endpoint ruleset parameters casing
* api-change:``codecatalyst``: Update endpoint ruleset parameters casing
* api-change:``codecommit``: Update endpoint ruleset parameters casing
* api-change:``codedeploy``: Update endpoint ruleset parameters casing
* api-change:``cognito-sync``: Update endpoint ruleset parameters casing
* api-change:``compute-optimizer``: Update endpoint ruleset parameters casing
* api-change:``connectcases``: Update endpoint ruleset parameters casing
* api-change:``deadline``: Update endpoint ruleset parameters casing
* api-change:``devops-guru``: Update endpoint ruleset parameters casing
* api-change:``docdb``: Adding FailoverState and TagList to GlobalCluster and SynchronizationStatus
to GlobalClusterMember.
* api-change:``ecs``: Amazon ECS Service Connect now supports Envoy access logs, providing deeper
observability into request-level traffic patterns and service interactions.
* api-change:``eks-auth``: Update endpoint ruleset parameters casing
* api-change:``elasticache``: Update endpoint ruleset parameters casing
* api-change:``emr-serverless``: This release adds the capability to enable User Background
Sessions for customers running Trusted Identity Propagation enabled Interactive Sessions on EMR
Serverless Applications.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``firehose``: Update endpoint ruleset parameters casing
* api-change:``frauddetector``: Update endpoint ruleset parameters casing
* api-change:``geo-places``: Update endpoint ruleset parameters casing
* api-change:``glue``: This release adds the capability to enable User Background Sessions for
customers running Trusted Identity Propagation enabled Interactive Sessions on AWS Glue.
* api-change:``greengrassv2``: Update endpoint ruleset parameters casing
* api-change:``iotevents-data``: Update endpoint ruleset parameters casing
* api-change:``iot-managed-integrations``: Add a new GetManagedThingCertificate API to expose Iot
ManagedIntegrations (MI) device certificate, and add "-" support for name, properties, actions
and events in the CapabilityReportCapability object.
* api-change:``keyspacesstreams``: Update endpoint ruleset parameters casing
* api-change:``kms``: Add cross account VPC endpoint service connectivity support to CustomKeyStore.
* api-change:``license-manager-linux-subscriptions``: Update endpoint ruleset parameters casing
* api-change:``marketplace-reporting``: Update endpoint ruleset parameters casing
* api-change:``neptune``: Update endpoint ruleset parameters casing
* api-change:``rtbfabric``: RTB Fabric documentation update.
* api-change:``s3outposts``: Update endpoint ruleset parameters casing
* api-change:``sagemaker-runtime``: Update endpoint ruleset parameters casing
* api-change:``schemas``: Update endpoint ruleset parameters casing
* api-change:``serverlessrepo``: Update endpoint ruleset parameters casing
* api-change:``servicecatalog``: Update endpoint ruleset parameters casing
* api-change:``sso``: Update endpoint ruleset parameters casing
* api-change:``sts``: Update endpoint ruleset parameters casing
- from version 1.42.62
* api-change:``bedrock-runtime``: Add support for system tool and web citation response.
- from version 1.42.61
* api-change:``apigatewayv2``: Update endpoint ruleset parameters casing
* api-change:``application-signals``: Added support for CloudWatch Synthetics Canary resources in
ListAuditFindings API. This enhancement allows customers to retrieve audit findings specifically
for CloudWatch Synthetics canaries and enables service-canary correlation analysis.
* api-change:``backupsearch``: Update endpoint ruleset parameters casing
* api-change:``bcm-pricing-calculator``: Update endpoint ruleset parameters casing
* api-change:``bedrock-agent-runtime``: Update endpoint ruleset parameters casing
* api-change:``bedrock-runtime``: Update endpoint ruleset parameters casing
* api-change:``cleanroomsml``: Update endpoint ruleset parameters casing
* api-change:``cloud9``: Update endpoint ruleset parameters casing
* api-change:``cloudsearchdomain``: Update endpoint ruleset parameters casing
* api-change:``codeconnections``: Update endpoint ruleset parameters casing
* api-change:``codeguru-security``: Update endpoint ruleset parameters casing
* api-change:``detective``: Update endpoint ruleset parameters casing
* api-change:``ec2``: This released the DescribeCapacityReservationTopology API.
* api-change:``ecs``: Amazon ECS supports native linear and canary service deployments, allowing
you to shift traffic in increments for more control.
* api-change:``efs``: Update endpoint ruleset parameters casing
* api-change:``elastictranscoder``: Update endpoint ruleset parameters casing
* api-change:``emr-containers``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``gameliftstreams``: Add stream group expiration date and expired status
* api-change:``glacier``: Update endpoint ruleset parameters casing
* api-change:``groundstation``: Enable use of AzEl ephemerides
* api-change:``inspector-scan``: Update endpoint ruleset parameters casing
* api-change:``kafkaconnect``: Update endpoint ruleset parameters casing
* api-change:``kendra``: Update endpoint ruleset parameters casing
* api-change:``kinesisvideo``: Update endpoint ruleset parameters casing
* api-change:``lambda``: Added SerializedRequestEntityTooLargeException to Lambda Invoke API
* api-change:``marketplace-deployment``: Update endpoint ruleset parameters casing
* api-change:``mediapackage-vod``: Update endpoint ruleset parameters casing
* api-change:``migrationhuborchestrator``: Update endpoint ruleset parameters casing
* api-change:``notifications``: Update endpoint ruleset parameters casing
* api-change:``opensearch``: Update endpoint ruleset parameters casing
* api-change:``organizations``: Added Account State field to the ListDelegatedAdministrators API
response.
* api-change:``partnercentral-selling``: Update endpoint ruleset parameters casing
* api-change:``pipes``: Update endpoint ruleset parameters casing
* api-change:``ram``: Update endpoint ruleset parameters casing
* api-change:``resource-groups``: Update endpoint ruleset parameters casing
* api-change:``s3``: Amazon Simple Storage Service / Features: Add conditional writes in CopyObject
on destination key to prevent unintended object modifications.
* api-change:``s3control``: Update endpoint ruleset parameters casing
* api-change:``sagemaker``: Amazon SageMaker now supports deleting training and processing jobs in
a terminal status.
* api-change:``sagemaker-featurestore-runtime``: Update endpoint ruleset parameters casing
* api-change:``security-ir``: Update endpoint ruleset parameters casing
* api-change:``servicecatalog-appregistry``: Update endpoint ruleset parameters casing
* api-change:``sqs``: Update endpoint ruleset parameters casing
* api-change:``support-app``: Update endpoint ruleset parameters casing
* api-change:``taxsettings``: Update endpoint ruleset parameters casing
* api-change:``trustedadvisor``: Update endpoint ruleset parameters casing
* api-change:``workspaces``: Added IPv6 address support for WorkSpaces using Dual-Stack subnets
* api-change:``workspaces-instances``: Update endpoint ruleset parameters casing
* api-change:``xray``: Update endpoint ruleset parameters casing
- from version 1.42.60
* api-change:``accessanalyzer``: Update endpoint ruleset parameters casing
* api-change:``aiops``: Update endpoint ruleset parameters casing
* api-change:``athena``: Update endpoint ruleset parameters casing
* api-change:``backup-gateway``: Update endpoint ruleset parameters casing
* api-change:``bedrock-data-automation``: Update endpoint ruleset parameters casing
* api-change:``braket``: Update endpoint ruleset parameters casing
* api-change:``ce``: Updated endpoint for eusc-de-east-1 region.
* api-change:``chime-sdk-identity``: Update endpoint ruleset parameters casing
* api-change:``chime-sdk-media-pipelines``: Update endpoint ruleset parameters casing
* api-change:``codeartifact``: Update endpoint ruleset parameters casing
* api-change:``codeguruprofiler``: Update endpoint ruleset parameters casing
* api-change:``cognito-idp``: Update endpoint ruleset parameters casing
* api-change:``comprehend``: Update endpoint ruleset parameters casing
* api-change:``connectcampaigns``: Update endpoint ruleset parameters casing
* api-change:``controltower``: Update endpoint ruleset parameters casing
* api-change:``cost-optimization-hub``: Update endpoint ruleset parameters casing
* api-change:``dax``: Update endpoint ruleset parameters casing
* api-change:``elasticbeanstalk``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``entityresolution``: Update endpoint ruleset parameters casing
* api-change:``forecast``: Update endpoint ruleset parameters casing
* api-change:``greengrass``: Update endpoint ruleset parameters casing
* api-change:``iam``: Fixed missing SummaryMap keys in GetAccountSummary response that were being
filtered out during deserialization in AWS Java SDK v2
* api-change:``invoicing``: Update endpoint ruleset parameters casing
* api-change:``kinesis``: Adds support for record sizes up to 10MiB and introduces new
UpdateMaxRecordSize API to modify stream record size limits. Adds record size parameters to
existing CreateStream and DescribeStreamSummary APIs for request and response payloads respectively.
* api-change:``launch-wizard``: Update endpoint ruleset parameters casing
* api-change:``lex-runtime``: Update endpoint ruleset parameters casing
* api-change:``managedblockchain``: Update endpoint ruleset parameters casing
* api-change:``mturk``: Update endpoint ruleset parameters casing
* api-change:``neptune-graph``: Update endpoint ruleset parameters casing
* api-change:``outposts``: Update endpoint ruleset parameters casing
* api-change:``pinpoint``: Update endpoint ruleset parameters casing
* api-change:``rbin``: Update endpoint ruleset parameters casing
* api-change:``rds-data``: Update endpoint ruleset parameters casing
* api-change:``redshift-serverless``: Update endpoint ruleset parameters casing
* api-change:``rekognition``: Update endpoint ruleset parameters casing
* api-change:``repostspace``: Update endpoint ruleset parameters casing
* api-change:``route53profiles``: Update endpoint ruleset parameters casing
* api-change:``route53resolver``: Update endpoint ruleset parameters casing
* api-change:``s3vectors``: Update endpoint ruleset parameters casing
* api-change:``scheduler``: Update endpoint ruleset parameters casing
* api-change:``secretsmanager``: Update endpoint ruleset parameters casing
* api-change:``ses``: Update endpoint ruleset parameters casing
* api-change:``shield``: Update endpoint ruleset parameters casing
* api-change:``simspaceweaver``: Update endpoint ruleset parameters casing
* api-change:``socialmessaging``: Update endpoint ruleset parameters casing
* api-change:``ssm-sap``: Update endpoint ruleset parameters casing
* api-change:``sso-admin``: Update endpoint ruleset parameters casing
* api-change:``stepfunctions``: Update endpoint ruleset parameters casing
* api-change:``waf-regional``: Update endpoint ruleset parameters casing
* api-change:``workmailmessageflow``: Update endpoint ruleset parameters casing
- from version 1.42.59
* api-change:``acm``: Update endpoint ruleset parameters casing
* api-change:``amplifyuibuilder``: Update endpoint ruleset parameters casing
* api-change:``application-signals``: Update endpoint ruleset parameters casing
* api-change:``billing``: Update endpoint ruleset parameters casing
* api-change:``budgets``: Update endpoint ruleset parameters casing
* api-change:``chime-sdk-messaging``: Update endpoint ruleset parameters casing
* api-change:``cloudtrail``: Update endpoint ruleset parameters casing
* api-change:``codepipeline``: Update endpoint ruleset parameters casing
* api-change:``datapipeline``: Update endpoint ruleset parameters casing
* api-change:``datazone``: This release adds support for MLflow connections Creation in DataZone
* api-change:``docdb``: Update endpoint ruleset parameters casing
* api-change:``dynamodbstreams``: Update endpoint ruleset parameters casing
* api-change:``eks``: Update endpoint ruleset parameters casing
* api-change:``elb``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``evs``: Update endpoint ruleset parameters casing
* api-change:``fis``: Update endpoint ruleset parameters casing
* api-change:``gameliftstreams``: Add status reasons for TERMINATED stream sessions
* api-change:``geo-maps``: Added support for optional AdditionalFeatures parameter in the V2
GetTile API.
* api-change:``inspector``: Update endpoint ruleset parameters casing
* api-change:``iot-managed-integrations``: Update endpoint ruleset parameters casing
* api-change:``iotwireless``: Update endpoint ruleset parameters casing
* api-change:``kinesisanalytics``: Update endpoint ruleset parameters casing
* api-change:``kinesis-video-signaling``: Update endpoint ruleset parameters casing
* api-change:``location``: Added support for mobile app restrictions in Amazon Location API keys.
* api-change:``lookoutvision``: Update endpoint ruleset parameters casing
* api-change:``mediapackage``: Update endpoint ruleset parameters casing
* api-change:``mediastore``: Update endpoint ruleset parameters casing
* api-change:``mediastore-data``: Update endpoint ruleset parameters casing
* api-change:``migrationhubstrategy``: Update endpoint ruleset parameters casing
* api-change:``mq``: Update endpoint ruleset parameters casing
* api-change:``panorama``: Update endpoint ruleset parameters casing
* api-change:``payment-cryptography``: Update endpoint ruleset parameters casing
* api-change:``payment-cryptography-data``: Update endpoint ruleset parameters casing
* api-change:``pca-connector-ad``: Update endpoint ruleset parameters casing
* api-change:``qbusiness``: Update endpoint ruleset parameters casing
* api-change:``robomaker``: Update endpoint ruleset parameters casing
* api-change:``route53domains``: Update endpoint ruleset parameters casing
* api-change:``rtbfabric``: Add support for custom rate limits.
* api-change:``s3tables``: Update endpoint ruleset parameters casing
* api-change:``sagemaker``: Added inference components model data caching feature
* api-change:``sagemaker-metrics``: Update endpoint ruleset parameters casing
* api-change:``securityhub``: Release 3 layer filter support in GetFindingsV2,
GetFindingStatisticsV2, GetResourcesV2,GetResourcesStatisticsV2, AutomationRule V2 APIs. Update
filter casing in GetResourcesV2, GetResourcesStatisticsV2 APIs. Add new filters in GetFindingsV2,
GetFindingStatisticsV2, AutomationRule V2 APIs.
* api-change:``servicediscovery``: Update endpoint ruleset parameters casing
* api-change:``snow-device-management``: Update endpoint ruleset parameters casing
* api-change:``sso-oidc``: Update endpoint ruleset parameters casing
* api-change:``supplychain``: Update endpoint ruleset parameters casing
* api-change:``translate``: Update endpoint ruleset parameters casing
* api-change:``verifiedpermissions``: Update endpoint ruleset parameters casing
* api-change:``vpc-lattice``: Update endpoint ruleset parameters casing
* api-change:``wisdom``: Update endpoint ruleset parameters casing
* api-change:``workspaces-thin-client``: Update endpoint ruleset parameters casing
- from version 1.42.58
* api-change:``account``: Update endpoint ruleset parameters casing
* api-change:``application-autoscaling``: Update endpoint ruleset parameters casing
* api-change:``bedrock-agentcore``: Fixing the service documentation name
* api-change:``bedrock-agentcore-control``: Fixing the service documentation name
* api-change:``chime-sdk-voice``: Update endpoint ruleset parameters casing
* api-change:``cloudtrail-data``: Update endpoint ruleset parameters casing
* api-change:``codebuild``: Update endpoint ruleset parameters casing
* api-change:``codestar-connections``: Update endpoint ruleset parameters casing
* api-change:``config``: Update endpoint ruleset parameters casing
* api-change:``connect-contact-lens``: Update endpoint ruleset parameters casing
* api-change:``cur``: Update endpoint ruleset parameters casing
* api-change:``discovery``: Update endpoint ruleset parameters casing
* api-change:``dms``: Update endpoint ruleset parameters casing
* api-change:``docdb-elastic``: Update endpoint ruleset parameters casing
* api-change:``drs``: Update endpoint ruleset parameters casing
* api-change:``dsql``: Add support for resource-based policies for Aurora DSQL clusters. This will
enable you to implement Block Public Access (BPA) which will help restrict access to your Aurora
DSQL public or VPC endpoints.
* api-change:``ebs``: Update endpoint ruleset parameters casing
* api-change:``ecr``: Update endpoint ruleset parameters casing
* api-change:``ecr-public``: Update endpoint ruleset parameters casing
* api-change:``healthlake``: Update endpoint ruleset parameters casing
* api-change:``internetmonitor``: Update endpoint ruleset parameters casing
* api-change:``iotevents``: Update endpoint ruleset parameters casing
* api-change:``iot-jobs-data``: Update endpoint ruleset parameters casing
* api-change:``kinesis-video-archived-media``: Update endpoint ruleset parameters casing
* api-change:``kinesis-video-webrtc-storage``: Update endpoint ruleset parameters casing
* api-change:``lambda``: Add NodeJs 24 (nodejs24.x) support to AWS Lambda.
* api-change:``macie2``: Update endpoint ruleset parameters casing
* api-change:``managedblockchain-query``: Update endpoint ruleset parameters casing
* api-change:``marketplacecommerceanalytics``: Update endpoint ruleset parameters casing
* api-change:``mediatailor``: Update endpoint ruleset parameters casing
* api-change:``mgh``: Update endpoint ruleset parameters casing
* api-change:``mgn``: Update endpoint ruleset parameters casing
* api-change:``mpa``: Update endpoint ruleset parameters casing
* api-change:``neptunedata``: Update endpoint ruleset parameters casing
* api-change:``networkmonitor``: Update endpoint ruleset parameters casing
* api-change:``odb``: Doc-only update that removes duplicate values from descriptions of ODB
peering APIs.
* api-change:``omics``: Update endpoint ruleset parameters casing
* api-change:``opensearchserverless``: Update endpoint ruleset parameters casing
* api-change:``pca-connector-scep``: Update endpoint ruleset parameters casing
* api-change:``personalize-events``: Update endpoint ruleset parameters casing
* api-change:``pinpoint-email``: Update endpoint ruleset parameters casing
* api-change:``resiliencehub``: Update endpoint ruleset parameters casing
* api-change:``rum``: Update endpoint ruleset parameters casing
* api-change:``sagemaker``: Update endpoint ruleset parameters casing
* api-change:``sagemaker-edge``: Update endpoint ruleset parameters casing
* api-change:``savingsplans``: Update endpoint ruleset parameters casing
* api-change:``securitylake``: Update endpoint ruleset parameters casing
* api-change:``sesv2``: Update endpoint ruleset parameters casing
* api-change:``storagegateway``: Update endpoint ruleset parameters casing
* api-change:``synthetics``: Update endpoint ruleset parameters casing
- from version 1.42.57
* api-change:``appfabric``: Update endpoint ruleset parameters casing
* api-change:``autoscaling``: Update endpoint ruleset parameters casing
* api-change:``b2bi``: Update endpoint ruleset parameters casing
* api-change:``bcm-dashboards``: Update endpoint ruleset parameters casing
* api-change:``ce``: Update endpoint ruleset parameters casing
* api-change:``chatbot``: Update endpoint ruleset parameters casing
* api-change:``cloudformation``: Update endpoint ruleset parameters casing
* api-change:``cloudhsm``: Update endpoint ruleset parameters casing
* api-change:``cloudhsmv2``: Update endpoint ruleset parameters casing
* api-change:``codeguru-reviewer``: Update endpoint ruleset parameters casing
* api-change:``cognito-identity``: Update endpoint ruleset parameters casing
* api-change:``comprehendmedical``: Update endpoint ruleset parameters casing
* api-change:``connect``: This release added support for email address alias configuration and
outbound campaign preview mode.
* api-change:``connectcampaignsv2``: Updated Amazon Connect Outbound Campaigns V2 SDK to support
Preview Outbound Mode
* api-change:``connectparticipant``: Update endpoint ruleset parameters casing
* api-change:``devicefarm``: This release adds support for optionally including an app as part of a
CreateRemoteAccessSession request
* api-change:``directconnect``: Update endpoint ruleset parameters casing
* api-change:``ds-data``: Update endpoint ruleset parameters casing
* api-change:``ec2``: This release adds AvailabilityZoneId support for CreateNetworkInterface and
DescribeNetworkInterfaces APIs.
* api-change:``ec2-instance-connect``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``forecastquery``: Update endpoint ruleset parameters casing
* api-change:``iam``: Updated OIDC and SAML apis to reject multiple simultaneous requests to change
a unique object.
* api-change:``inspector2``: Update endpoint ruleset parameters casing
* api-change:``iot``: Update endpoint ruleset parameters casing
* api-change:``iotanalytics``: Update endpoint ruleset parameters casing
* api-change:``iotfleetwise``: Update endpoint ruleset parameters casing
* api-change:``iotsecuretunneling``: Update endpoint ruleset parameters casing
* api-change:``iotsitewise``: Update endpoint ruleset parameters casing
* api-change:``ivschat``: Update endpoint ruleset parameters casing
* api-change:``kinesisanalyticsv2``: Update endpoint ruleset parameters casing
* api-change:``lexv2-models``: Update endpoint ruleset parameters casing
* api-change:``mailmanager``: Update endpoint ruleset parameters casing
* api-change:``marketplace-agreement``: Update endpoint ruleset parameters casing
* api-change:``medialive``: Add 3 API operations for fetching alerts: ListAlerts (Channels),
ListClusterAlerts (MediaLive Anywhere), and ListMultiplexAlerts
* api-change:``mwaa``: Update endpoint ruleset parameters casing
* api-change:``notificationscontacts``: Update endpoint ruleset parameters casing
* api-change:``oam``: Update endpoint ruleset parameters casing
* api-change:``pcs``: Update endpoint ruleset parameters casing
* api-change:``pinpoint-sms-voice-v2``: Update endpoint ruleset parameters casing
* api-change:``redshift-data``: Update endpoint ruleset parameters casing
* api-change:``route53``: Amazon Route 53 now supports the ISOB West Region for private DNS for
Amazon VPCs and cloudwatch healthchecks.
* api-change:``route53-recovery-cluster``: Update endpoint ruleset parameters casing
* api-change:``rtbfabric``: Update for general availability of AWS RTB Fabric service.
* api-change:``sagemaker-a2i-runtime``: Update endpoint ruleset parameters casing
* api-change:``sns``: Update endpoint ruleset parameters casing
* api-change:``ssm-incidents``: Update endpoint ruleset parameters casing
* api-change:``workdocs``: Update endpoint ruleset parameters casing
* api-change:``workmail``: Update endpoint ruleset parameters casing
* api-change:``workspaces``: Update endpoint ruleset parameters casing
- from version 1.42.56
* api-change:``dynamodb``: Add AccountID based endpoint metric to endpoint rules.
* api-change:``emr``: Added RECONFIGURING to the InstanceFleetState convenience enum.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``mediaconvert``: This release adds the ability to set resolution for the black video
generator and also adds the StartJobsQuery and GetJobsQueryResults APIs which allow asynchronous
search of job history using new filters.
* api-change:``meteringmarketplace``: Added ClientToken parameter to MeterUsage API for specifying
idempotent requests.
* enhancement:timestamps: Add ``wire`` as a valid value for ``cli_timestamp_format``.
- from version 1.42.55
* api-change:``amp``: Update endpoint ruleset parameters casing
* api-change:``amplifybackend``: Update endpoint ruleset parameters casing
* api-change:``appconfigdata``: Update endpoint ruleset parameters casing
* api-change:``appintegrations``: Update endpoint ruleset parameters casing
* api-change:``application-insights``: Update endpoint ruleset parameters casing
* api-change:``arc-zonal-shift``: Update endpoint ruleset parameters casing
* api-change:``bcm-recommended-actions``: Update endpoint ruleset parameters casing
* api-change:``bedrock-data-automation-runtime``: Update endpoint ruleset parameters casing
* api-change:``chime-sdk-meetings``: Update endpoint ruleset parameters casing
* api-change:``cloudfront``: Update endpoint ruleset parameters casing
* api-change:``cloudfront-keyvaluestore``: Update endpoint ruleset parameters casing
* api-change:``codestar-notifications``: Update endpoint ruleset parameters casing
* api-change:``controlcatalog``: Update endpoint ruleset parameters casing
* api-change:``datasync``: Update endpoint ruleset parameters casing
* api-change:``ds``: Update endpoint ruleset parameters casing
* api-change:``dsql``: Update endpoint ruleset parameters casing
* api-change:``ec2``: Documentation updates for Amazon EC2.
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``es``: Update endpoint ruleset parameters casing
* api-change:``events``: Update endpoint ruleset parameters casing
* api-change:``evidently``: Update endpoint ruleset parameters casing
* api-change:``finspace``: Update endpoint ruleset parameters casing
* api-change:``finspace-data``: Update endpoint ruleset parameters casing
* api-change:``gameliftstreams``: Updates documentation to clarify valid application binaries for
an Amazon GameLift Streams application and provide descriptions of stream session error status
reasons
* api-change:``geo-maps``: Added support for optional style parameters in maps, including Terrain,
ContourDensity, Traffic, and TravelModes.
* api-change:``imagebuilder``: Update endpoint ruleset parameters casing
* api-change:``iot-data``: Update endpoint ruleset parameters casing
* api-change:``iotdeviceadvisor``: Update endpoint ruleset parameters casing
* api-change:``iotthingsgraph``: Update endpoint ruleset parameters casing
* api-change:``iottwinmaker``: Update endpoint ruleset parameters casing
* api-change:``kendra-ranking``: Update endpoint ruleset parameters casing
* api-change:``kinesis-video-media``: Update endpoint ruleset parameters casing
* api-change:``lakeformation``: Update endpoint ruleset parameters casing
* api-change:``license-manager``: Update endpoint ruleset parameters casing
* api-change:``license-manager-user-subscriptions``: Update endpoint ruleset parameters casing
* api-change:``marketplace-catalog``: The ListEntities API now supports two new CAPI filters:
DeliveryOptionTypes for SaaS products and CompatibleAWSServices for Container products.
* api-change:``mediaconnect``: Update endpoint ruleset parameters casing
* api-change:``migration-hub-refactor-spaces``: Update endpoint ruleset parameters casing
* api-change:``network-firewall``: Update endpoint ruleset parameters casing
* api-change:``networkmanager``: Update endpoint ruleset parameters casing
* api-change:``organizations``: Update endpoint ruleset parameters casing
* api-change:``pi``: Update endpoint ruleset parameters casing
* api-change:``qapps``: Update endpoint ruleset parameters casing
* api-change:``rolesanywhere``: Update endpoint ruleset parameters casing
* api-change:``route53-recovery-readiness``: Update endpoint ruleset parameters casing
* api-change:``sagemaker-geospatial``: Update endpoint ruleset parameters casing
* api-change:``signer``: Update endpoint ruleset parameters casing
* api-change:``swf``: Releasing minor endpoint updates.
* api-change:``timestream-write``: Update endpoint ruleset parameters casing
* api-change:``tnb``: Update endpoint ruleset parameters casing
* api-change:``wellarchitected``: Update endpoint ruleset parameters casing
- from version 1.42.54
* api-change:``acm-pca``: Update endpoint ruleset parameters casing
* api-change:``amplify``: Update endpoint ruleset parameters casing
* api-change:``apigatewaymanagementapi``: Update endpoint ruleset parameters casing
* api-change:``apprunner``: Update endpoint ruleset parameters casing
* api-change:``apptest``: Update endpoint ruleset parameters casing
* api-change:``autoscaling-plans``: Updated FIPS endpoints for US GovCloud regions
* api-change:``batch``: Update endpoint ruleset parameters casing
* api-change:``bcm-data-exports``: Update endpoint ruleset parameters casing
* api-change:``billingconductor``: New feature: service flat CLI and first AWS managed pricing plan
(BasicPricingPlan)
* api-change:``customer-profiles``: Update endpoint ruleset parameters casing
* api-change:``databrew``: Update endpoint ruleset parameters casing
* api-change:``dataexchange``: Update endpoint ruleset parameters casing
* api-change:``dlm``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules command to latest version
* api-change:``freetier``: Update endpoint ruleset parameters casing
* api-change:``gamelift``: Update endpoint ruleset parameters casing
* api-change:``geo-routes``: Update endpoint ruleset parameters casing
* api-change:``globalaccelerator``: Update endpoint ruleset parameters casing
* api-change:``grafana``: Update endpoint ruleset parameters casing
* api-change:``identitystore``: Update endpoint ruleset parameters casing
* api-change:``ivs``: Update endpoint ruleset parameters casing
* api-change:``ivs-realtime``: Update endpoint ruleset parameters casing
* api-change:``kafka``: Update endpoint ruleset parameters casing
* api-change:``keyspaces``: Update endpoint ruleset parameters casing
* api-change:``kms``: Update endpoint ruleset parameters casing
* api-change:``lex-models``: Update endpoint ruleset parameters casing
* api-change:``lexv2-runtime``: Update endpoint ruleset parameters casing
* api-change:``lookoutequipment``: Update endpoint ruleset parameters casing
* api-change:``m2``: Update endpoint ruleset parameters casing
* api-change:``machinelearning``: Update endpoint ruleset parameters casing
* api-change:``marketplace-entitlement``: Update endpoint ruleset parameters casing
* api-change:``mediapackagev2``: Update endpoint ruleset parameters casing
* api-change:``medical-imaging``: Update endpoint ruleset parameters casing
* api-change:``memorydb``: Update endpoint ruleset parameters casing
* api-change:``migrationhub-config``: Update endpoint ruleset parameters casing
* api-change:``networkflowmonitor``: Update endpoint ruleset parameters casing
* api-change:``osis``: Update endpoint ruleset parameters casing
* api-change:``personalize``: Update endpoint ruleset parameters casing
* api-change:``personalize-runtime``: Update endpoint ruleset parameters casing
* api-change:``pinpoint-sms-voice``: Update endpoint ruleset parameters casing
* api-change:``polly``: Update endpoint ruleset parameters casing
* api-change:``pricing``: Update endpoint ruleset parameters casing
* api-change:``qldb``: Update endpoint ruleset parameters casing
* api-change:``qldb-session``: Update endpoint ruleset parameters casing
* api-change:``route53-recovery-control-config``: Update endpoint ruleset parameters casing
* api-change:``ssm``: Update endpoint ruleset parameters casing
* api-change:``ssm-contacts``: Update endpoint ruleset parameters casing
* api-change:``ssm-guiconnect``: Update endpoint ruleset parameters casing
* api-change:``timestream-query``: Update endpoint ruleset parameters casing
* api-change:``voice-id``: Update endpoint ruleset parameters casing
* api-change:``workspaces-web``: Update endpoint ruleset parameters casing
- from version 1.42.53
* api-change:``bedrock``: Amazon Bedrock Automated Reasoning Policy now offers enhanced AWS KMS
integration. The CreateAutomatedReasoningPolicy API includes a new kmsKeyId field, allowing
customers to specify their preferred KMS key for encryption, improving control and compliance with
AWS encryption mandates.
* api-change:``docdb``: Add support for NetworkType field in CreateDbCluster, ModifyDbCluster,
RestoreDbClusterFromSnapshot and RestoreDbClusterToPointInTime for DocumentDB.
* api-change:``ec2``: Introducing EC2 Capacity Manager for monitoring and analyzing capacity usage
across On-Demand Instances, Spot Instances, and Capacity Reservations.
* api-change:``elbv2``: This release expands Listener Rule Conditions to support RegexValues and
adds support for a new Transforms field in Listener Rules.
* api-change:``guardduty``: Added default pagination value for ListMalwareProtectionPlans API and
updated UpdateFindingsFeedback API
* api-change:``lightsail``: Add support for manage Lightsail Bucket CORS configuration
* api-change:``timestream-influxdb``: This release adds support for creating and managing InfluxDB
3 Core and Enterprise DbClusters.
- from version 1.42.52
* api-change:``appstream``: This release introduces support for Microsoft license included
applications streaming.
* api-change:``backup``: The AWS Backup job attribute extension enhancement helps customers better
understand the plan that initiated each job, and the properties of the resource each job creates.
* api-change:``connect``: SDK release for TaskTemplateInfo in Contact for DescribeContact response.
* api-change:``datazone``: Support creating scoped and trustedIdentityPropagation enabled
connections.
* api-change:``ec2``: This release adds support for creating instant, point-in-time copies of EBS
volumes within the same Availability Zone
* api-change:``transcribe``: Move UntagResource API body member to query parameter
* api-change:``transfer``: SFTP connectors now support routing connections via customers' VPC. This
enables connections to remote servers that are only accessible in a customer's VPC environment, and
to servers that are accessible over the internet but need connections coming from an IP address in
a customer VPC's CIDR range.
- from version 1.42.51
* api-change:``bedrock-agentcore``: Updated InvokeAgentRuntime API to accept account id optionally
and added CompleteResourceTokenAuth API.
* api-change:``bedrock-agentcore-control``: Updated http status code in control plane apis of
agentcore runtime, tools and identity. Additional included provider types for AgentCore Identity
* api-change:``ec2``: Release Amazon EC2 c8i, c8i-flex, m8a, and r8gb
* api-change:``observabilityadmin``: CloudWatch Observability Admin adds the ability to enable
Resource tags for telemetry in a customer account. The release introduces new APIs to enable,
disable and describe the status of Resource tags for telemetry feature. This new capability
simplifies monitoring AWS resources using tags.
- Refresh ac_relax-depends.patch
- Update Requires from setup.py
- bind
-
- Upgrade to release 9.20.21
Security Fixes:
* Fix unbounded NSEC3 iterations when validating referrals to
unsigned delegations.
(CVE-2026-1519)
[bsc#1260805]
* Fix memory leaks in code preparing DNSSEC proofs of
non-existence.
(CVE-2026-3104)
[bsc#1260567]
* Prevent a crash in code processing queries containing a TKEY
record.
(CVE-2026-3119)
[bsc#1260568]
* Fix a stack use-after-return flaw in SIG(0) handling code.
(CVE-2026-3591)
[bsc#1260569]
* Fix a use-after-free error in dns_client_resolve() triggered by
a DNAME response. This issue only affected the delv tool and it
has now been fixed.
[bsc#1259202]
Feature Changes:
* Record query time for all dnstap responses.
* Optimize TCP source port selection on Linux.
Bug Fixes:
* Fix the handling of key statements defined inside views.
* Fix an assertion failure triggered by non-minimal IXFRs.
* Fix a crash when retrying a NOTIFY over TCP.
* Fetch loop detection improvements.
* Randomize nameserver selection.
* Fix dnstap logging of forwarded queries.
* A stale answer could have been served in case of multiple
upstream failures when following CNAME chains. This has been
fixed.
* Fail DNSKEY validation when supported but invalid DS is found.
* Importing an invalid SKR file might corrupt stack memory.
* Return FORMERR for queries with the EDNS Client Subnet FAMILY
field set to 0.
* Fix inbound IXFR performance regression.
* Make catalog zone names and member zones' entry names
case-insensitive.
* Fix implementation of BRID and HHIT record types.
* Fix implementation of DSYNC record type.
* Fix response policy and catalog zones to work with $INCLUDE
directive.
- crash
-
- Enable ARM64 64K page support (bsc##1248074)
* crash-arm64-fix-64K-page-and-52-bits-VA-support.patch
* crash-arm64-rewrite-the-arm64_get_vmcoreinfo_ul-to-arm64_g.patch
* crash-arm64-support-HW-Tag-Based-KASAN-MTE-mode.patch
* crash-arm64-Add-support-for-vmemmap-symbol-in-vmcoreinfo.patch
* crash-arm64-fix-the-determination-of-vmemmap-and-struct_pa.patch
* crash-arm64-Add-gdb-stack-unwind-support.patch
* crash-symbols-expand-all-kernel-module-symtable-if-not-all.patch
* crash-Add-LoongArch64-framework-code-support.patch
* crash-LoongArch64-Fixed-link-errors-when-build-on-LOONGARC.patch
* crash-gdb-fix-p-command-to-print-module-variables-correctl.patch
* crash-ppc64-Add-gdb-stack-unwind-support.patch
* crash-Preparing-for-gdb-stack-unwind-support.patch
* crash-x86_64-Add-gdb-stack-unwind-support.patch
* crash-gcore-update-set_context-with-upstream-counterpart.patch
- In some kernel modules such as libie.ko, the mem[MOD_TEXT].size
may be zero, currently crash will only check its value to determine
if the module is valid, otherwise it fails to load kernel module with
the following warning and error:
mod: cannot access vmalloc'd module memory
Lets count the module size to check if the module is valid, that will
avoid the current failure. (bsc#1237501)
* crash-fix-for-failing-to-load-kernel-module.patch
- crypto-policies
-
- Add PQC support for OpenSSH (bsc#1258311, bsc#1259825)
* Enable and prioritize sntrup761x25519-sha512 for OpenSSH by default
* Add crypto-policies-OpenSSH-PQC.patch
- curl
-
- Security fixes:
* CVE-2026-1965: Bad reuse of HTTP Negotiate connection (bsc#1259362)
* CVE-2026-3783: Token leak with redirect and netrc (bsc#1259363)
* CVE-2026-3784: Wrong proxy connection reuse with credentials (bsc#1259364)
* CVE-2026-3805: Use after free in SMB connection reuse (bsc#1259365)
* Add patches:
- curl-CVE-2026-1965.patch
- curl-CVE-2026-3783.patch
- curl-CVE-2026-3784.patch
- curl-CVE-2026-3805.patch
- dejavu-fonts
-
- use %license tag [bsc#1252142]
- lvm2
-
- L3: LVM_SUPPRESS_FD_WARNINGS is no longer effective (bsc#1257661)
* Add upstream patch
+ bug-1257661-libdaemon-fix-suppressing-stray-fd-warnings.patch
- docker
-
- Places a hard cap on the amount of mechanisms that can be specified and
encoded in the payload. (bsc#1253904, CVE-2025-58181)
* 0007-CVE-2025-58181-fix-vendor-crypto-ssh.patch
- glibc
-
- resolv-count-resource-records.patch: resolv: Count records correctly
(CVE-2026-4437, bsc#1260078, BZ #34014)
- resolv-check-hostname.patch: resolv: Check hostname for validity
(CVE-2026-4438, bsc#1260082, BZ #34015)
- nss-missing-checks.patch: nss: Missing checks in __nss_configure_lookup,
__nss_database_get (bsc#1258319, BZ #28940)
- grub2
-
- Fix missing install device check in grub2-install on PowerPC which could lead
to bootlist corruption (bsc#1221126)
* 0001-Mandatory-install-device-check-for-PowerPC.patch
- Fix PowerPC network boot prefix to correctly locate grub.cfg (bsc#1249385)
* 0001-ieee1275-Use-net-config-for-boot-location-instead-of.patch
- Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543)
* grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
* grub2-btrfs-09-get-default-subvolume.patch
- Support dm multipath bootlist on PowerPC (bsc#1254415)
* 0001-ieee1275-support-dm-multipath-bootlist.patch
- Backport upstream's commit to prevent BIOS assert (bsc#1258022)
* 0001-kern-efi-mm-Change-grub_efi_mm_add_regions-to-keep-t.patch
- Fix error "grub-core/script/lexer.c:352:out of memory" after PowerPC CAS
Reboot (bsc#1254299)
* 0001-Fix-PowerPC-CAS-reboot-to-evaluate-menu-context.patch
- iproute2
-
- add CVE fix (CVE-2024-58251 bsc#1254324)
* ss-escape-characters-in-command-name.patch
- kernel-default
-
- crypto: authencesn - Fix src offset when decrypting in-place
(bsc#1262573 CVE-2026-31431).
- commit 4921c60
- crypto: authencesn - Do not place hiseq at end of dst for
out-of-place decryption (bsc#1262573 CVE-2026-31431).
- commit 2c8047b
- crypto: authenc - use memcpy_sglist() instead of null skcipher
(bsc#1262573 CVE-2026-31431).
- Refresh
patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch
- commit 24731ba
- kABI: Restore af_alg_{count,pull}_tsgl() signatures (bsc#1262573
CVE-2026-31431).
- commit b418ef6
- crypto: algif_aead - Revert to operating out-of-place
(bsc#1262573 CVE-2026-31431).
- commit eb1a8c9
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher
(bsc#1262573 CVE-2026-31431).
- commit 8a67d67
- crypto: scatterwalk - Fix memcpy_sglist() to always succeed
(bsc#1262573 CVE-2026-31431).
- commit c2ad254
- crypto: scatterwalk - Add memcpy_sglist (bsc#1262573
CVE-2026-31431).
- commit 28aed48
- soc: aspeed: socinfo: Mask table entries for accurate SoC ID
matching (git-fixes).
- commit df6cd61
- net/sched: teql: fix NULL pointer dereference in iptunnel_xmit
on TEQL slave xmit (CVE-2026-23277 bsc#1259997).
- commit 852cc2c
- scsi: target: Fix recursive locking in __configfs_open_file()
(CVE-2026-23292 bsc#1260500).
- scsi: target: iscsi: Fix use-after-free in
iscsit_dec_session_usage_count() (CVE-2026-23193 bsc#1258414).
- scsi: target: iscsi: Fix use-after-free in
iscsit_dec_conn_usage_count() (CVE-2026-23216 bsc#1258447).
- commit e7b5dcd
- net/sched: Only allow act_ct to bind to clsact/ingress qdiscs
and shared blocks (CVE-2026-23270 bsc#1259886).
- commit 00821f1
- watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (bsc#1256504).
- commit c8a645c
- net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled
(CVE-2026-23381 bsc#1260471).
- commit 21aa5bd
- clsact: Fix use-after-free in init/destroy rollback asymmetry
(CVE-2026-23413 bsc#1261498).
- commit eaf3b22
- icmp: fix NULL pointer dereference in icmp_tag_validation()
(CVE-2026-23398 bsc#1260730).
- net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled
(CVE-2026-23293 bsc#1260486).
- commit 05f5f64
- net/sched: ets: fix divide by zero in the offload path
(CVE-2026-23379 bsc#1260481).
- commit 3672900
- tls: Purge async_hold in tls_decrypt_async_wait() (CVE-2026-23414
bsc#1261496).
- commit 1058925
- usb: core: phy: avoid double use of 'usb3-phy' (git-fixes).
- commit 4e8787e
- usb: gadget: uvc: fix NULL pointer dereference during unbind
race (git-fixes).
- commit 4a9ee96
- misc: fastrpc: possible double-free of cctx->remote_heap
(git-fixes).
- comedi: Reinit dev->spinlock between attachments to low-level
drivers (git-fixes).
- comedi: me_daq: Fix potential overrun of firmware buffer
(git-fixes).
- comedi: me4000: Fix potential overrun of firmware buffer
(git-fixes).
- comedi: ni_atmio16d: Fix invalid clean-up after failed attach
(git-fixes).
- iio: dac: ad5770r: fix error return in ad5770r_read_raw()
(git-fixes).
- iio: accel: fix ADXL355 temperature signature value (git-fixes).
- iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes).
- iio: adc: ti-adc161s626: fix buffer read on big-endian
(git-fixes).
- iio: imu: bmi160: Remove potential undefined behavior in
bmi160_config_pin() (git-fixes).
- iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one
(git-fixes).
- iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes).
- iio: gyro: mpu3050: Move iio_device_register() to correct
location (git-fixes).
- iio: gyro: mpu3050: Fix irq resource leak (git-fixes).
- iio: gyro: mpu3050: Fix incorrect free_irq() variable
(git-fixes).
- iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and
gyroscope only (git-fixes).
- usb: cdns3: gadget: fix state inconsistency on gadget init
failure (git-fixes).
- usb: ulpi: fix double free in ulpi_register_interface() error
path (git-fixes).
- usb: cdns3: gadget: fix NULL pointer dereference in ep_queue
(git-fixes).
- usb: gadget: f_rndis: Protect RNDIS options with mutex
(git-fixes).
- usb: gadget: f_subset: Fix unbalanced refcnt in geth_free
(git-fixes).
- usb: dwc2: gadget: Fix spin_lock/unlock mismatch in
dwc2_hsotg_udc_stop() (git-fixes).
- usb: ehci-brcm: fix sleep during atomic (git-fixes).
- USB: dummy-hcd: Fix interrupt synchronization error (git-fixes).
- USB: dummy-hcd: Fix locking/synchronization error (git-fixes).
- usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes).
- usb: gadget: u_ether: Fix race between gether_disconnect and
eth_stop (git-fixes).
- thunderbolt: Fix property read in nhi_wake_supported()
(git-fixes).
- commit 4e3d5c2
- Input: synaptics-rmi4 - fix a locking bug in an error path
(git-fixes).
- hwmon: (occ) Fix missing newline in occ_show_extended()
(git-fixes).
- hwmon: (occ) Fix division by zero in occ_show_power_1()
(git-fixes).
- hwmon: (tps53679) Fix device ID comparison and printing in
tps53676_identify() (git-fixes).
- hwmon: (pxe1610) Check return value of page-select write in
probe (git-fixes).
- commit 08cee84
- Revert "drm: Fix use-after-free on framebuffers and property
blobs when calling drm_dev_unplug" (git-fixes).
- drm/i915/dsi: Don't do DSC horizontal timing adjustments in
command mode (git-fixes).
- drm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB
(git-fixes).
- commit 79130c8
- gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes).
- drm/ioc32: stop speculation on the drm_compat_ioctl path
(git-fixes).
- drm/ast: dp501: Fix initialization of SCU2C (git-fixes).
- accel/qaic: Handle DBC deactivation if the owner went away
(git-fixes).
- drm/i915/dp: Use crtc_state->enhanced_framing properly on
ivb/hsw CPU eDP (git-fixes).
- crypto: af-alg - fix NULL pointer dereference in scatterwalk
(git-fixes).
- crypto: caam - fix overflow on long hmac keys (git-fixes).
- crypto: caam - fix DMA corruption on long hmac keys (git-fixes).
- commit 376a907
- mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D
mode (stable-fixes).
- commit 2d1bac8
- Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync
(git-fixes).
- wifi: ath11k: Pass the correct value of each TID during a stop
AMPDU session (git-fixes).
- ASoC: Intel: boards: fix unmet dependency on PINCTRL
(git-fixes).
- drm/amdgpu: prevent immediate PASID reuse case (stable-fixes).
- usb: core: new quirk to handle devices with zero configurations
(stable-fixes).
- drm/amdgpu: fix gpu idle power consumption issue for gfx v12
(stable-fixes).
- drm/ttm/tests: Fix build failure on PREEMPT_RT (stable-fixes).
- commit 7612e81
- net/x25: Fix overflow when accumulating packets (git-fixes).
- net/x25: Fix potential double free of skb (git-fixes).
- Bluetooth: SMP: derive legacy responder STK authentication
from MITM state (git-fixes).
- Bluetooth: SMP: force responder MITM requirements before
building the pairing response (git-fixes).
- Bluetooth: MGMT: validate mesh send advertising payload length
(git-fixes).
- Bluetooth: hci_event: fix potential UAF in
hci_le_remote_conn_param_req_evt (git-fixes).
- Bluetooth: MGMT: validate LTK enc_size on load (git-fixes).
- Bluetooth: SCO: fix race conditions in sco_sock_connect()
(git-fixes).
- Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if
immediate (git-fixes).
- NFC: pn533: bound the UART receive buffer (git-fixes).
- wifi: iwlwifi: mvm: fix potential out-of-bounds read in
iwl_mvm_nd_match_info_handler() (git-fixes).
- wifi: wilc1000: fix u8 overflow in SSID scan buffer size
calculation (git-fixes).
- ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add
rollback on failure (git-fixes).
- ALSA: caiaq: fix stack out-of-bounds read in init_card
(git-fixes).
- dmaengine: idxd: Fix freeing the allocated ida too late
(git-fixes).
- Bluetooth: btintel: serialize btintel_hw_error() with
hci_req_sync_lock (git-fixes).
- hwmon: axi-fan: don't use driver_override as IRQ name
(git-fixes).
- ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390
(stable-fixes).
- ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk
(stable-fixes).
- ASoC: fsl_easrc: Fix event generation in
fsl_easrc_iec958_set_reg() (stable-fixes).
- ASoC: fsl_easrc: Fix event generation in
fsl_easrc_iec958_put_bits() (stable-fixes).
- HID: mcp2221: cancel last I2C command on read error
(stable-fixes).
- HID: asus: avoid memory leak in asus_report_fixup()
(stable-fixes).
- HID: magicmouse: avoid memory leak in magicmouse_report_fixup()
(stable-fixes).
- HID: apple: avoid memory leak in apple_report_fixup()
(stable-fixes).
- platform/x86: intel-hid: Enable 5-button array on ThinkPad X1
Fold 16 Gen 1 (stable-fixes).
- platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to
dmi_vgbs_allow_list (stable-fixes).
- platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix
touchscreen on SUPI S10 (stable-fixes).
- mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D
mode (stable-fixes).
- Bluetooth: hci_sync: Remove remaining dependencies of
hci_request (stable-fixes).
- Bluetooth: Remove 3 repeated macro definitions (stable-fixes).
- hwmon: (axi-fan-control) Make use of dev_err_probe()
(stable-fixes).
- hwmon: (axi-fan-control) Use device firmware agnostic API
(stable-fixes).
- dmaengine: idxd: Remove usage of the deprecated ida_simple_xx()
API (stable-fixes).
- commit a6c10e6
- smb: client: fix krb5 mount with username option (git-fixes).
- commit 0e79d63
- cifs: make default value of retrans as zero (git-fixes).
- commit 5d4b8c7
- smb: client: fix in-place encryption corruption in SMB2_write()
(git-fixes).
- commit e7144ea
- smb: client: fix broken multichannel with krb5+signing
(git-fixes).
- commit c4e64ff
- smb: client: fix cifs_pick_channel when channels are equally
loaded (git-fixes).
- commit dfa0ecd
- cifs: some missing initializations on replay (git-fixes).
- commit d98e800
- smb: client: prevent races in ->query_interfaces() (git-fixes).
- commit 78bd9b1
- smb: client: add proper locking around ses->iface_last_update
(git-fixes).
- commit 2b9d663
- cifs: force interface update before a fresh session setup
(git-fixes).
- commit 99b8edb
- cifs: Fix locking usage for tcon fields (git-fixes).
- commit 2b819dd
- cpufreq/amd-pstate: Set the initial min_freq to
lowest_nonlinear_freq (bsc#1252803).
- commit 6223a40
- cpufreq/amd-pstate: Remove the redundant verify() function
(bsc#1252803).
- commit 2b46ac7
- net: add proper RCU protection to /proc/net/ptype
(CVE-2026-23255 bsc#1259891).
- commit 970622a
- netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels
(CVE-2026-23274 bsc#1260005).
- commit b61cf0b
- netfilter: nf_tables: always walk all pending catchall elements
(CVE-2026-23278 bsc#1259998).
- commit bde2f22
- netfilter: nf_tables: unconditionally bump set->nelems before
insertion (CVE-2026-23272 bsc#1260009).
- commit 4898783
- io_uring/rw: free potentially allocated iovec on cache put
failure (CVE-2026-23259 bsc#1259866).
- commit 1144130
- btrfs: fix zero size inode with non-zero size after log replay
(git-fixes).
- commit f810098
- btrfs: log new dentries when logging parent dir of a conflicting
inode (git-fixes).
- commit 2a2fe4a
- bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim
(CVE-2026-23319 bsc#1260735).
- commit afdc54a
- bpf: export bpf_link_inc_not_zero (CVE-2026-23319 bsc#1260735).
- commit 3c0dee1
- Refresh patches.suse/nvme-add-partial_nid-quirk.patch.
- commit a0ca140
- net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).
- net: mana: fix use-after-free in add_adev() error path (git-fixes).
- commit dd3433a
- btrfs: fix reservation leak in some error paths when inserting
inline extent (CVE-2025-71268 bsc#1259865).
- commit f586cfb
- btrfs: do not free data reservation in fallback from inline
due to -ENOSPC (CVE-2025-71269 bsc#1259889).
- commit 2f2ec59
- kABI fix for ipvlan: Make the addrs_lock be per port
(CVE-2026-23103 bsc#1257773).
- ipvlan: Make the addrs_lock be per port (CVE-2026-23103
bsc#1257773).
- commit 546f802
- btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777).
- commit 5f963b7
- rename Hyper-v patch files to simplify further SP6-SP7 merges
- commit aa72668
- rename Hyper-v patch files to simplify further SP6-SP7 merges
- commit a92902d
- Move upstreamed mana patch into sorted section
- commit 7835c5b
- net/mlx5: Fix crash when moving to switchdev mode (git-fixes).
- bonding: do not set usable_slaves for broadcast mode
(git-fixes).
- idpf: nullify pointers after they are freed (git-fixes).
- gve: fix incorrect buffer cleanup in
gve_tx_clean_pending_packets for QPL (CVE-2026-23386
bsc#1260799).
- commit 1051a48
- xen/privcmd: unregister xenstore notifier on module exit
(git-fixes).
- commit 0c94fec
- xen/privcmd: restrict usage in unprivileged domU (bsc#1259707
CVE-2026-31788).
- commit 0c51260
- dmaengine: idxd: Fix freeing the allocated ida too late
(git-fixes).
- irqchip/qcom-mpm: Add missing mailbox TX done acknowledgment
(git-fixes).
- commit 8028a3b
- phy: ti: j721e-wiz: Fix device node reference leak in
wiz_get_lane_phy_types() (git-fixes).
- dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction
(git-fixes).
- dmaengine: xilinx: xilinx_dma: Fix residue calculation for
cyclic DMA (git-fixes).
- dmaengine: xilinx: xilinx_dma: Fix dma_device directions
(git-fixes).
- dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock
(git-fixes).
- dmaengine: sh: rz-dmac: Protect the driver specific lists
(git-fixes).
- dmaengine: idxd: fix possible wrong descriptor completion in
llist_abort_desc() (git-fixes).
- dmaengine: xilinx: xdma: Fix regmap init error handling
(git-fixes).
- dmaengine: idxd: Fix leaking event log memory (git-fixes).
- dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes).
- dmaengine: idxd: Fix not releasing workqueue on .release()
(git-fixes).
- commit f22ea44
- drm/vmwgfx: Return the correct value in vmw_translate_ptr
functions (CVE-2026-23317 bsc#1260562).
- commit 62d1ba3
- PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
(CVE-2026-23361 bsc#1260732).
- commit e28de60
- Delete
patches.suse/scsi-Fix-sas_user_scan-to-handle-wildcard-and-multi-channe.patch.
See bsc#1257506.
The git-fix being removed had issues and needs to be redesigned.
In the mean time, reverting this addresses the problem.
See:
> https://bugzilla.suse.com/show_bug.cgi?id=1257506#c47
- commit 14d63c6
- drm/i915/dp_tunnel: Fix error handling when clearing stream
BW in atomic state (git-fixes).
- drm/amd/display: Do not skip unrelated mode changes in DSC
validation (git-fixes).
- commit 4a5f1c3
- hwmon: (adm1177) fix sysfs ABI violation and current unit
conversion (git-fixes).
- hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible()
(git-fixes).
- hwmon: (peci/cputemp) Fix crit_hyst returning delta instead
of absolute temperature (git-fixes).
- hwmon: (pmbus/isl68137) Add mutex protection for AVS enable
sysfs attributes (git-fixes).
- drm/i915/gmbus: fix spurious timeout on 512-byte burst reads
(git-fixes).
- drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib
(git-fixes).
- spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes).
- regmap: Synchronize cache for the page selector (git-fixes).
- ASoC: SOF: ipc4-topology: Allow bytes controls without initial
payload (git-fixes).
- ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes).
- ASoC: adau1372: Fix unchecked clk_prepare_enable() return value
(git-fixes).
- ASoC: Intel: catpt: Fix the device initialization (git-fixes).
- ALSA: firewire-lib: fix uninitialized local variable
(git-fixes).
- commit a2172e0
- libceph: reset sparse-read state in osd_fault() (CVE-2026-23136 bsc#1258303).
- commit 7606f01
- wifi: libertas: fix use-after-free in lbs_free_adapter()
(CVE-2026-23281 bsc#1260464).
- commit 43b8c42
- Bluetooth: btintel: serialize btintel_hw_error() with
hci_req_sync_lock (git-fixes).
- Bluetooth: L2CAP: Fix stack-out-of-bounds read in
l2cap_ecred_conn_req (git-fixes).
- drm/xe: Open-code GGTT MMIO access protection (git-fixes).
- drm/xe/oa: Allow reading after disabling OA stream (git-fixes).
- drm/amdgpu/mmhub4.1.0: add bounds checking for cid
(stable-fixes).
- drm/amd: fix dcn 2.01 check (git-fixes).
- drm/amd/display: Wrap dcn32_override_min_req_memclk() in
DC_FP_{START, END} (git-fixes).
- drm: Fix use-after-free on framebuffers and property blobs
when calling drm_dev_unplug (git-fixes).
- drm/imagination: Fix deadlock in soft reset sequence
(git-fixes).
- mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN
stations (stable-fixes).
- Bluetooth: qca: fix ROM version reading on WCN3998 chips
(git-fixes).
- Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
(git-fixes).
- Bluetooth: MGMT: Fix list corruption and UAF in command complete
handlers (git-fixes).
- Bluetooth: ISO: Fix defer tests being unstable (git-fixes).
- USB: add QUIRK_NO_BOS for video capture several devices
(stable-fixes).
- drm/i915/dsc: Add helper for writing DSC Selective Update ET
parameters (stable-fixes).
- drm/i915/dsc: Add Selective Update register definitions
(stable-fixes).
- drm/amd/pm: remove invalid gpu_metrics.energy_accumulator on
smu v13.0.x (stable-fixes).
- drm/amd/display: Fallback to boot snapshot for dispclk
(stable-fixes).
- ASoC: cs42l43: Report insert for exotic peripherals
(stable-fixes).
- drm/amdgpu/vcn5: Add SMU dpm interface type (stable-fixes).
- commit 11a085d
- serial: 8250: Add late synchronize_irq() to shutdown to handle
DW UART BUSY (git-fixes).
- serial: 8250_pci: add support for the AX99100 (stable-fixes).
- serial: uartlite: fix PM runtime usage count underflow on probe
(git-fixes).
- serial: 8250: Fix TX deadlock when using DMA (git-fixes).
- spi: fix statistics allocation (git-fixes).
- spi: fix use-after-free on controller registration failure
(git-fixes).
- wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is
not enough headroom (git-fixes).
- wifi: mac80211: fix NULL deref in mesh_matches_local()
(git-fixes).
- wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down
(git-fixes).
- wifi: mac80211: Fix static_branch_dec() underflow for
aql_disable (git-fixes).
- soc: fsl: qbman: fix race condition in qman_destroy_fq
(git-fixes).
- USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb
speed (stable-fixes).
- usb: dwc3: pci: add support for the Intel Nova Lake -H
(stable-fixes).
- usb/core/quirks: Add Huawei ME906S-device to wakeup quirk
(stable-fixes).
- usb: xhci: Prevent interrupt storm on host controller error
(HCE) (stable-fixes).
- usb: cdc-acm: Restore CAP_BRK functionnality to CH343
(git-fixes).
- usb: misc: uss720: properly clean up reference in uss720_probe()
(stable-fixes).
- usb: image: mdc800: kill download URB on timeout (stable-fixes).
- usb: mdc800: handle signal and read racing (stable-fixes).
- usb: yurex: fix race in probe (stable-fixes).
- staging: rtl8723bs: properly validate the data in
rtw_get_ie_ex() (stable-fixes).
- wifi: mac80211: set default WMM parameters on all links
(stable-fixes).
- usb: cdns3: fix role switching during resume (git-fixes).
- USB: serial: f81232: fix incomplete serial port generation
(stable-fixes).
- usb: cdns3: call cdns_power_is_lost() only once in cdns_resume()
(stable-fixes).
- usb: cdns3: remove redundant if branch (stable-fixes).
- commit 9cd434e
- nfc: nci: fix circular locking dependency in nci_close_device
(git-fixes).
- pinctrl: mediatek: common: Fix probe failure for devices
without EINT (git-fixes).
- pinctrl: qcom: spmi-gpio: implement .get_direction()
(git-fixes).
- platform/x86: ISST: Correct locked bit width (git-fixes).
- platform/olpc: olpc-xo175-ec: Fix overflow error message to
print inlen (git-fixes).
- mmc: sdhci: fix timing selection for 1-bit bus width
(git-fixes).
- mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes).
- mtd: rawnand: pl353: make sure optimal timings are applied
(git-fixes).
- mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes).
- mtd: rawnand: serialize lock/unlock against other NAND
operations (git-fixes).
- mtd: rawnand: cadence: Fix error check for dma_alloc_coherent()
in cadence_nand_init() (git-fixes).
- mtd: Avoid boot crash in RedBoot partition table parser
(git-fixes).
- NFC: nxp-nci: allow GPIOs to sleep (git-fixes).
- net: usb: aqc111: Do not perform PM inside suspend callback
(git-fixes).
- net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check
(git-fixes).
- net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check
(git-fixes).
- net/rose: fix NULL pointer dereference in rose_transmit_link
on reconnect (git-fixes).
- PM: runtime: Fix a race condition related to device removal
(git-fixes).
- regulator: pca9450: Correct interrupt type (git-fixes).
- platform/x86: dell-wmi: Add audio/mic mute key codes
(stable-fixes).
- pinctrl: equilibrium: fix warning trace on load (git-fixes).
- pinctrl: equilibrium: rename irq_chip function callbacks
(stable-fixes).
- net: usb: pegasus: validate USB endpoints (stable-fixes).
- mfd: omap-usb-host: Fix OF populate on driver rebind
(git-fixes).
- mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes).
- regulator: pca9450: Make IRQ optional (stable-fixes).
- PCI: Update BAR # and window messages (stable-fixes).
- mfd: qcom-pm8xxx: Convert to platform remove callback returning
void (stable-fixes).
- commit ec2548e
- can: isotp: fix tx.buf use-after-free in isotp_sendmsg()
(git-fixes).
- can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes).
- media: mc, v4l2: serialize REINIT and REQBUFS with
req_queue_mutex (git-fixes).
- i2c: pxa: defer reset on Armada 3700 when recovery is used
(git-fixes).
- i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes).
- i2c: cp2615: fix serial string NULL-deref at probe (git-fixes).
- hwmon: (pmbus/isl68137) Fix unchecked return value and use
sysfs_emit() (git-fixes).
- drm/radeon: apply state adjust rules to some additional HAINAN
vairants (stable-fixes).
- drm/amdgpu: apply state adjust rules to some additional HAINAN
vairants (stable-fixes).
- drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub3.0.2: add bounds checking for cid
(stable-fixes).
- drm/amdgpu/mmhub3.0.1: add bounds checking for cid
(stable-fixes).
- drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes).
- drm/amd/display: Fix DisplayID not-found handling in
parse_edid_displayid_vrr() (git-fixes).
- drm/i915/gt: Check set_default_submission() before deferencing
(git-fixes).
- firmware: arm_scpi: Fix device_node reference leak in probe path
(git-fixes).
- drm/amd: Set num IP blocks to 0 if discovery fails
(stable-fixes).
- drm/msm/dsi: fix pclk rate calculation for bonded dsi
(git-fixes).
- drm/msm/dsi: fix hdisplay calculation when programming dsi
registers (git-fixes).
- drm/amdgpu: Fix use-after-free race in VM acquire
(stable-fixes).
- HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks
missing them (stable-fixes).
- drm/amdgpu: keep vga memory on MacBooks with switchable graphics
(stable-fixes).
- drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode
with HPD (stable-fixes).
- drm/amd/display: Add pixel_clock to amd_pp_display_configuration
(stable-fixes).
- drm/msm/dsi: Document DSC related pclk_rate and hdisplay
calculations (stable-fixes).
- mfd: omap-usb-host: Convert to platform remove callback
returning void (stable-fixes).
- media: tegra-video: Use accessors for pad config 'try_*' fields
(stable-fixes).
- i2c: cp2615: replace deprecated strncpy with strscpy
(stable-fixes).
- commit 19fcdc7
- Bluetooth: btusb: clamp SCO altsetting table indices
(git-fixes).
- Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite
loop (git-fixes).
- Bluetooth: L2CAP: Fix send LE flow credits in ACL link
(git-fixes).
- Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb
(git-fixes).
- Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes).
- Bluetooth: MGMT: Fix dangling pointer on
mgmt_add_adv_patterns_monitor_complete (git-fixes).
- Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to
missing sock_hold (git-fixes).
- Bluetooth: L2CAP: Validate PDU length before reading SDU length
in l2cap_ecred_data_rcv() (git-fixes).
- commit d4b4294
- ACPI: EC: clean up handlers on probe failure in acpi_ec_setup()
(git-fixes).
- Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before
access (git-fixes).
- Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp()
(git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user
(git-fixes).
- Bluetooth: HIDP: Fix possible UAF (git-fixes).
- Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes).
- Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes).
- Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed
SDU (git-fixes).
- Bluetooth: LE L2CAP: Disconnect if received packet's SDU
exceeds IMTU (git-fixes).
- ACPI: processor: Fix previous acpi_processor_errata_piix4()
fix (git-fixes).
- ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2
mixer interfaces (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA
(stable-fixes).
- ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table
(stable-fixes).
- ALSA: hda: cs35l56: Fix signedness error in
cs35l56_hda_posture_put() (git-fixes).
- ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes).
- ACPI: OSI: Add DMI quirk for Acer Aspire One D255
(stable-fixes).
- ALSA: hda/conexant: Fix headphone jack handling on Acer Swift
SF314 (stable-fixes).
- ALSA: hda/conexant: Add quirk for HP ZBook Studio G4
(stable-fixes).
- ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes).
- commit d930c45
- ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337 CVE-2026-23201).
- commit c1d531a
- libceph: make calc_target() set t->paused, not just clear it (bsc#1257682 CVE-2026-23047).
- commit 9134bbf
- x86/platform/uv: Handle deconfigured sockets (bsc#1260347).
- commit f09c977
- Update config files.
Pure run_oldconfig -- dismiss removed configs like
CONFIG_TEST_LIVEPATCH.
- commit 9d0caee
- RDMA/umad: Reject negative data_len in ib_umad_write (CVE-2026-23243 bsc#1259797)
- commit b964f1d
- RDMA/siw: Fix potential NULL pointer dereference in header processing (CVE-2026-23242 bsc#1259795)
- commit b14d408
- drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129).
- commit a1c1b16
- Revert "drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129)."
This reverts commit 7b00832607c6c999e43cce72e2a7feaf7db3bbfa.
- commit 6e3ca09
- Update kabi files (jsc#PED-15582).
- commit c06e238
- bpf, test_run: Subtract size of xdp_frame from allowed metadata
size (CVE-2026-23140 bsc#1258305).
- commit 2fff83a
- scsi: scsi_transport_sas: Fix the maximum channel scanning issue
(bsc#1255687, git-fixes).
- commit 7ef9035
- scsi: hisi_sas: Fix NULL pointer exception during user_scan()
(bsc#1255687).
- commit 0bea95d
- s390/debug: Pass in and enforce output buffer size for format
handlers (jsc#PED-15582).
- Refresh
patches.suse/s390-pci-Add-pci_msg-debug-view-to-PCI-report.patch.
- commit d8dd9c7
- netfilter: nf_tables: fix use-after-free in nf_tables_addchain()
(CVE-2026-23231 bsc#1259188).
- netfilter: nf_tables: register hooks last when adding new
chain/flowtable (CVE-2026-23231 bsc#1259188).
- commit fd540e6
- Refresh azure config files, no runtime changes intended.
- commit 5cf84bb
- x86/vmware: Fix hypercall clobbers (CVE-2026-23215 bsc#1258476).
- commit 1c8c139
- nvme: fix memory leak in quirks_param_set() (bsc#1243208).
- nvme: add support for dynamic quirk configuration via module
parameter (bsc#1243208).
- nvme: expose active quirks in sysfs (bsc#1243208).
Refresh:
- patches.suse/nvme-add-partial_nid-quirk.patch
- commit c6a41b6
- scsi: target: target_core_configfs: Add length check to avoid
buffer overflow (CVE-2025-39998 bsc#1252073).
- commit dff8745
- l2tp: avoid one data-race in l2tp_tunnel_del_work() (CVE-2026-23120 bsc#1258280)
- commit 975023c
- pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (CVE-2026-23187 bsc#1258330)
- commit 4b333af
- phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (CVE-2026-23030 bsc#1257561)
- commit 4c335f0
- Use unified maintainers' email address
- commit d015f19
- Use unified maintainers' email address
- commit e7955e0
- Use unified maintainers' email address
- commit 3c803fb
- vhost: fix caching attributes of MMIO regions by setting them
explicitly (git-fixes).
- commit 08a5f81
- vmw_vsock: bypass false-positive Wnonnull warning with gcc-16
(git-fixes).
- commit 096a8f1
- xenbus: Use .freeze/.thaw to handle xenbus devices (git-fixes).
- commit da0ad33
- net/mana: Null service_wq on setup error to prevent double
destroy (git-fix).
- commit 4b21ba9
- iomap: adjust read range correctly for non-block-aligned positions (CVE-2025-68794 bsc#1256647)
- commit bad6b8a
- net: mana: fix use-after-free in mana_hwc_destroy_channel()
by reordering teardown (git-fixes).
- net/mana: Null service_wq on setup error to prevent double
destroy (git-fixes).
- commit 679a815
- Refresh
patches.suse/selftests-bpf-add-verifier-sign-extension-bound-comp.patch.
Updated expected BPF verifier message to align with those output by
SLE15-SP7 kernel.
- commit bc643c5
- usb: cdc-acm: Restore CAP_BRK functionnality to CH343
(git-fixes).
- commit 4484921
- usb: roles: get usb role switch from parent only for
usb-b-connector (git-fixes).
- usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes).
- usb: class: cdc-wdm: fix reordering issue in read code path
(git-fixes).
- usb: renesas_usbhs: fix use-after-free in ISR during device
removal (git-fixes).
- usb: gadget: f_mass_storage: Fix potential integer overflow
in check_command_size_in_blocks() (git-fixes).
- USB: core: Limit the length of unkillable synchronous timeouts
(git-fixes).
- USB: usbtmc: Use usb_bulk_msg_killable() with user-specified
timeouts (git-fixes).
- USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes).
- usb: core: don't power off roothub PHYs if phy_set_mode()
fails (git-fixes).
- iio: gyro: mpu3050-core: fix pm_runtime error handling
(git-fixes).
- iio: gyro: mpu3050-i2c: fix pm_runtime error handling
(git-fixes).
- iio: chemical: sps30_serial: fix buffer size in
sps30_serial_read_meas() (git-fixes).
- iio: chemical: sps30_i2c: fix buffer size in
sps30_i2c_read_meas() (git-fixes).
- iio: chemical: bme680: Fix measurement wait duration calculation
(git-fixes).
- iio: dac: ds4424: reject -128 RAW value (git-fixes).
- iio: potentiometer: mcp4131: fix double application of wiper
shift (git-fixes).
- iio: frequency: adf4377: Fix duplicated soft reset mask
(git-fixes).
- iio: imu: inv_icm42600: fix odr switch to the same value
(git-fixes).
- commit 4702653
- drm/amdkfd: Unreserve bo if queue update failed (git-fixes).
- drm/amdgpu: Fix kernel-doc comments for some LUT properties
(git-fixes).
- drm/amd/pm: add missing od setting PP_OD_FEATURE_ZERO_FAN_BIT
for smu v14 (git-fixes).
- drm/msm/dsi: fix pclk rate calculation for bonded dsi
(git-fixes).
- drm/msm: Fix dma_free_attrs() buffer size (git-fixes).
- drm/msm/dsi: fix hdisplay calculation when programming dsi
registers (git-fixes).
- drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes).
- drm/xe: Do not preempt fence signaling CS instructions
(git-fixes).
- drm/exynos: vidi: use ctx->lock to protect struct vidi_context
member variables related to memory alloc/free (stable-fixes).
- drm/exynos: vidi: fix to avoid directly dereferencing user
pointer (stable-fixes).
- drm/exynos/vidi: Remove redundant error handling in
vidi_get_modes() (stable-fixes).
- commit 56adb0e
- drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding
(git-fixes).
- ASoC: amd: acp-mach-common: Add missing error check for clock
acquisition (git-fixes).
- ASoC: detect empty DMI strings (git-fixes).
- ASoC: amd: acp3x-rt5682-max9836: Add missing error check for
clock acquisition (git-fixes).
- ASoC: soc-core: flush delayed work before removing DAIs and
widgets (git-fixes).
- ASoC: soc-core: drop delayed_work_pending() check before flush
(git-fixes).
- ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop
and start (git-fixes).
- ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (git-fixes).
- commit 1a186d1
- crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (CVE-2025-71231 bsc#1258424).
- commit f8a95c7
- sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT
(CVE-2026-23125 bsc#1258293).
- commit 6e65546
- Add bugnumber to existing mana changes (bsc#1259558 bsc#1259580).
- Drivers: hv: Fix warnings for missing export.h header inclusion (git-fixes).
- Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary (git-fixes).
- Drivers: hv: Fix bad pointer dereference in hv_get_partition_id (git-fixes).
- hyperv: Convert hypercall statuses to linux error codes (git-fixes).
- drivers/hv: add CPU offlining support (git-fixes).
- drivers/hv: introduce vmbus_channel_set_cpu() (git-fixes).
- cpu: export lockdep_assert_cpus_held() (git-fixes).
- hyperv: Move arch/x86/hyperv/hv_proc.c to drivers/hv (git-fixes).
- hyperv: Move hv_current_partition_id to arch-generic code (git-fixes).
- commit 7492ec1
- ACPI: OSL: fix __iomem type on return from
acpi_os_map_generic_address() (git-fixes).
- can: hi311x: hi3110_open(): add check for hi3110_power_enable()
return value (git-fixes).
- net: usb: lan78xx: fix TX byte statistics for small packets
(git-fixes).
- net: usb: lan78xx: fix silent drop of packets with checksum
errors (git-fixes).
- qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size
(git-fixes).
- remoteproc: sysmon: Correct subsys_name_len type in QMI request
(git-fixes).
- commit 5d32ac9
- apparmor: fix race between freeing data and fs accessing it
(bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy
management (bsc#1258849).
- apparmor: Fix double free of ns_name in aa_replace_profiles()
(bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in
verify_dfa() (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage
(bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces
(bsc#1258849).
- apparmor: replace recursive profile removal with iterative
approach (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb
(bsc#1258849).
- commit 9f31a2e
- scsi: mpi3mr: Event processing debug improvement (bsc#1251186,
bsc#1258832).
- commit 4fde182
- RDMA/rtrs-clt: For conn rejection use actual err number (git-fixes)
- commit c91403f
- net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes).
- net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes).
- PCI: hv: remove unnecessary module_init/exit functions (git-fixes).
- PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes).
- RDMA/mana_ib: Add device-memory support (git-fixes).
- RDMA/mana_ib: Take CQ type from the device type (git-fixes).
- net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472).
- RDMA/mana_ib: check cqe length for kernel CQs (git-fixes).
- net: mana: Fix use-after-free in reset service rescan path (git-fixes).
- Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes).
- Drivers: hv: remove stale comment (git-fixes).
- net: mana: Handle hardware recovery events when probing the device (bsc#1257466).
- net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes).
- net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes).
- net: mana: Add standard counter rx_missed_errors (git-fixes).
- net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes).
- net: mana: Support HW link state events (bsc#1253049).
- Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes).
- Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes).
- Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes).
- scsi: storvsc: Remove redundant ternary operators (git-fixes).
- RDMA/mana_ib: Extend modify QP (git-fixes).
- RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes).
- net: mana: Reduce waiting time if HWC not responding (bsc#1252266).
- RDMA/mana_ib: add support of multiple ports (bsc#1251135).
- RDMA/mana_ib: add additional port counters (bsc#1251135).
- RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).
- RDMA/mana_ib: Add device statistics support (git-fixes).
- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).
- net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971).
- net: mana: Handle unsupported HWC commands (git-fixes).
- net: mana: Fix warnings for missing export.h header inclusion (git-fixes).
- PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes).
- tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes).
- net: mana: Add support for auxiliary device servicing events (bsc#1251971).
- RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes).
- RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes).
- net: mana: Probe rdma device in mana driver (git-fixes).
- RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes).
- RDMA/mana_ib: support of the zero based MRs (bsc#1251135).
- RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135).
- RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135).
- RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690).
- net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690).
- RDMA/mana_ib: Use safer allocation function() (bsc#1251135).
- RDMA/mana_ib: Implement DMABUF MR support (git-fixes).
- RDMA/mana_ib: Fix error code in probe() (git-fixes).
- RDMA/mana_ib: Add port statistics support (git-fixes).
- RDMA/mana_ib: request error CQEs when supported (git-fixes).
- RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes).
- RDMA/mana_ib: indicate CM support (git-fixes).
- RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes).
- RDMA/mana_ib: extend mana QP table (git-fixes).
- RDMA/mana_ib: implement req_notify_cq (git-fixes).
- RDMA/mana_ib: UD/GSI work requests (git-fixes).
- RDMA/mana_ib: create/destroy AH (git-fixes).
- RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes).
- RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes).
- RDMA/mana_ib: create kernel-level CQs (git-fixes).
- RDMA/mana_ib: helpers to allocate kernel queues (git-fixes).
- RDMA/mana_ib: implement get_dma_mr (git-fixes).
- RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes).
- PCI: hv: Correct a comment (git-fixes).
- net: mana: Add metadata support for xdp mode (git-fixes).
- tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes).
- tools/hv: add a .gitignore file (git-fixes).
- tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes).
- hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes).
- net: mana: use ethtool string helpers (git-fixes).
- tools: hv: lsvmbus: change shebang to use python3 (git-fixes).
- RDMA/mana_ib: Set correct device into ib (git-fixes).
- RDMA/mana_ib: Process QP error events in mana_ib (git-fixes).
- RDMA/mana_ib: extend query device (git-fixes).
- RDMA/mana_ib: set node_guid (git-fixes).
- RDMA/mana_ib: Modify QP state (git-fixes).
- RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes).
- RDMA/mana_ib: Create and destroy RC QP (git-fixes).
- net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes).
- RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes).
- RDMA/mana_ib: boundary check before installing cq callbacks (git-fixes CVE-2024-38542 bsc#1226591).
- RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes).
- RDMA/mana_ib: create and destroy RNIC cqs (git-fixes).
- RDMA/mana_ib: create EQs for RNIC CQs (git-fixes).
- RDMA/mana_ib: Fix missing ret value (git-fixes).
- RDMA/mana_ib: Configure mac address in RNIC (git-fixes).
- RDMA/mana_ib: Adding and deleting GIDs (git-fixes).
- RDMA/mana_ib: Enable RoCE on port 1 (git-fixes).
- RDMA/mana_ib: Implement port parameters (git-fixes).
- RDMA/mana_ib: Create and destroy rnic adapter (git-fixes).
- RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes).
- RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes).
- RDMA/mana_ib: remove useless return values from dbg prints (git-fixes).
- RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes).
- RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes).
- RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes).
- RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git-fixes).
- hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git-fixes).
- RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes).
- RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes).
- RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes).
- commit 8690084
- s390/ctcm: Fix double-kfree (CVE-2025-40253 bsc#1255084).
- commit a33e581
- s390/ctcm: Fix double-kfree (CVE-2025-40253 bsc#1255084).
- commit c330474
- cgroup: Fix incorrect WARN_ON_ONCE() in css_release_work_fn()
(bsc#1256564 bsc#1259130).
- commit af50ef7
- s390/ipl: Clear SBP flag when bootprog is set (bsc#1258176).
- commit bad7291
- Update config files (bsc#1254306).
- commit 6305722
- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).
- commit 43c578c
- Update config files (bsc#1254306).
- commit 3c7bab7
- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).
- commit 165c4b3
- kabi: cgroup.stat fixup (bsc#1256564 bsc#1259130).
- commit 6ccb250
- cgroup: Show # of subsystem CSSes in cgroup.stat (bsc#1256564
bsc#1259130).
- commit e9ca9e6
- selftests/bpf: add verifier sign extension bound computation
tests (git-fixes).
- bpf: verifier improvement in 32bit shift sign extension pattern
(git-fixes).
- commit cbb7102
- Add bugnumber to existing mana changes (bsc#1245728 bsc#1251971 bsc#1252266 bsc#1257466)
- net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes).
- PCI: hv: remove unnecessary module_init/exit functions (git-fixes).
- PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes).
- RDMA/mana_ib: Add device-memory support (git-fixes).
- RDMA/mana_ib: Take CQ type from the device type (git-fixes).
- net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472).
- Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() (git-fixes).
- Drivers: hv: use kmalloc_array() instead of kmalloc() (git-fixes).
- Drivers: hv: Use kmalloc_array() instead of kmalloc() (git-fixes).
- Drivers: hv: Resolve ambiguity in hypervisor version log (git-fixes).
- Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes).
- Drivers: hv: remove stale comment (git-fixes).
- net: mana: Support HW link state events (bsc#1253049).
- Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes).
- Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes).
- Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes).
- Drivers: hv: util: Cosmetic changes for hv_utils_transport.c (git-fixes).
- scsi: storvsc: Remove redundant ternary operators (git-fixes).
- tools/hv: fcopy: Fix irregularities with size of ring buffer (git-fixes).
- x86/hyperv: Fix usage of cpu_online_mask to get valid cpu (git-fixes).
- PCI: hv: Fix warnings for missing export.h header inclusion (git-fixes).
- clocksource: hyper-v: Fix warnings for missing export.h header inclusion (git-fixes).
- x86/hyperv: Fix warnings for missing export.h header inclusion (git-fixes).
- Drivers: hv: Fix the check for HYPERVISOR_CALLBACK_VECTOR (git-fixes).
- Drivers: hv: vmbus: Add comments about races with "channels" sysfs dir (git-fixes).
- PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes).
- Drivers: hv: Use kzalloc for panic page allocation (git-fixes).
- uio_hv_generic: Align ring size to system page (git-fixes).
- uio_hv_generic: Use correct size for interrupt and monitor pages (git-fixes).
- Drivers: hv: vmbus: Introduce hv_get_vmbus_root_device() (git-fixes).
- Drivers: hv: vmbus: Get the IRQ number from DeviceTree (git-fixes).
- tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes).
- PCI: hv: Correct a comment (git-fixes).
- x86/hyperv: fix an indentation issue in mshyperv.h (git-fixes).
- x86/hyperv: Use named operands in inline asm (git-fixes).
- commit fbd3c33
- dm mpath: make pg_init_delay_msecs settable (git-fixes).
- commit b5dcc03
- dm: clear cloned request bio pointer when last clone bio
completes (git-fixes).
- commit f2572c8
- dm: remove fake timeout to avoid leak request (git-fixes).
- commit 04135ad
- usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed
PDOs (git-fixes).
- commit da08138
- hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read
(git-fixes).
- hwmon: (it87) Check the it87_lock() return value (git-fixes).
- commit 29de358
- nouveau/dpcd: return EBUSY for aux xfer if the device is asleep
(git-fixes).
- drm/sched: Fix kernel-doc warning for drm_sched_job_done()
(git-fixes).
- drm/solomon: Fix page start when updating rectangle in page
addressing mode (git-fixes).
- platform/x86: dell-wmi-sysman: Don't hex dump plaintext password
data (git-fixes).
- commit 76161b1
- tracing: Fix crash on synthetic stacktrace field usage
(CVE-2026-23088 bsc#1257814).
- commit 5950c9c
- tracing: Do not register unsupported perf events (CVE-2025-71125
bsc#1256784).
- commit 83b1b69
- nfc: rawsock: cancel tx_work before socket teardown (git-fixes).
- nfc: nci: clear NCI_DATA_EXCHANGE before calling completion
callback (git-fixes).
- nfc: nci: free skb on nci_transceive early error paths
(git-fixes).
- net: nfc: nci: Fix zero-length proprietary notifications
(git-fixes).
- can: usb: etas_es58x: correctly anchor the urb in the read
bulk callback (git-fixes).
- can: ucan: Fix infinite loop from zero-length messages
(git-fixes).
- can: ems_usb: ems_usb_read_bulk_callback(): check the proper
length of a message (git-fixes).
- can: mcp251x: fix deadlock in error path of mcp251x_open
(git-fixes).
- can: bcm: fix locking for bcm_op runtime updates (git-fixes).
- wifi: mt76: Fix possible oob access in
mt76_connac2_mac_write_txwi_80211() (git-fixes).
- wifi: mt76: mt7925: Fix possible oob access in
mt7925_mac_write_txwi_80211() (git-fixes).
- wifi: mt76: mt7996: Fix possible oob access in
mt7996_mac_write_txwi_80211() (git-fixes).
- wifi: wlcore: Fix a locking bug (git-fixes).
- wifi: cw1200: Fix locking in error paths (git-fixes).
- wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config
(git-fixes).
- batman-adv: Avoid double-rtnl_lock ELP metric worker
(git-fixes).
- commit 502e268
- drm/panthor: Prevent potential UAF in group creation (CVE-2025-68735 bsc#1255811).
- commit d38edfb
- drm/xe: Switch MMIO interface to take xe_mmio instead of xe_gt
(stable-fixes).
- commit 4302d49
- drm/xe: Defer gt->mmio initialization until after multi-tile
setup (git-fixes).
- commit fd760a3
- drm/xe/ptl: Apply Wa_13011645652 (stable-fixes).
- Refresh
patches.suse/drm-xe-xe3lpg-Apply-Wa_14022293748-Wa_22019794406.patch.
- commit 6feb03f
- drm/xe/xe2_hpg: Fix handling of Wa_14019988906 & Wa_14019877138
(git-fixes).
- drm/xe/mmio: Avoid double-adjust in 64-bit reads (git-fixes).
- drm/amdgpu: keep vga memory on MacBooks with switchable graphics
(stable-fixes).
- drm/amd/display: Remove conditional for shaper 3DLUT power-on
(stable-fixes).
- drm/amd/display: bypass post csc for additional color spaces
in dal (stable-fixes).
- drm/amd/display: Increase DCN35 SR enter/exit latency
(stable-fixes).
- drm/amd/display: Fix system resume lag issue (stable-fixes).
- drm/amd/display: Fix writeback on DCN 3.2+ (stable-fixes).
- wifi: ath11k: Fix failure to connect to a 6 GHz AP
(stable-fixes).
- wifi: cfg80211: allow only one NAN interface, also in multi
radio (stable-fixes).
- wifi: rtw89: mac: correct page number for CSI response
(stable-fixes).
- wifi: rtw89: ser: enable error IMR after recovering from L1
(stable-fixes).
- wifi: rtw89: 8922a: set random mac if efuse contains zeroes
(stable-fixes).
- drm/amd/display: avoid dig reg access timeout on usb4 link
training fail (stable-fixes).
- drm/amd/display: Fix GFX12 family constant checks
(stable-fixes).
- drm/amd/display: Disable FEC when powering down encoders
(stable-fixes).
- drm/amdkfd: Relax size checking during queue buffer get
(stable-fixes).
- drm/amd/display: only power down dig on phy endpoints
(stable-fixes).
- drm/amdgpu: Skip loading SDMA_RS64 in VF (stable-fixes).
- drm/xe: Only toggle scheduling in TDR if GuC is running
(stable-fixes).
- drm/panel: Fix a possible null-pointer dereference in
jdi_panel_dsi_remove() (stable-fixes).
- drm/amd/display: Fix dsc eDP issue (stable-fixes).
- drm/amd/display: Add signal type check for dcn401
get_phyd32clk_src (stable-fixes).
- drm/amd/display: Add USB-C DP Alt Mode lane limitation in DCN32
(stable-fixes).
- drm/amdkfd: Handle GPU reset and drain retry fault race
(stable-fixes).
- drm/amdgpu: fix NULL pointer issue buffer funcs (stable-fixes).
- drm/tests: shmem: Swap names of export tests (git-fixes).
- gpu/panel-edp: add AUO panel entry for B140HAN06.4
(stable-fixes).
- media: v4l2-async: Fix error handling on steps after finding
a match (stable-fixes).
- ALSA: vmaster: Relax __free() variable declarations (git-fixes).
- drm/xe/xe2_hpg: Add set of workarounds (stable-fixes).
- drm/xe: Adjust mmio code to pass VF substructure to SRIOV code
(stable-fixes).
- drm/xe: Add xe_tile backpointer to xe_mmio (stable-fixes).
- drm/xe: Switch mmio_ext to use 'struct xe_mmio' (stable-fixes).
- drm/xe: Populate GT's mmio iomap from tile during init
(stable-fixes).
- drm/xe: Move GSI offset adjustment fields into 'struct xe_mmio'
(stable-fixes).
- drm/xe: Clarify size of MMIO region (stable-fixes).
- drm/xe: Create dedicated xe_mmio structure (stable-fixes).
- drm/xe: Move forcewake to 'gt.pm' substructure (stable-fixes).
- commit 2244462
- pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong
adb400 reset (git-fixes).
- commit 2918962
- ASoC: nau8821: Cancel pending work before suspend (git-fixes).
- ASoC: nau8821: Cancel delayed work on component remove
(git-fixes).
- commit b862c94
- spi: wpcm-fiu: Fix potential NULL pointer dereference in
wpcm_fiu_probe() (git-fixes).
- thermal: int340x: Fix sysfs group leak on DLVR registration
failure (stable-fixes).
- watchdog: imx7ulp_wdt: handle the nowayout option
(stable-fixes).
- wifi: ath10k: fix lock protection in
ath10k_wmi_event_peer_sta_ps_state_chg() (stable-fixes).
- wifi: rtw89: pci: restore LDO setting after device resume
(stable-fixes).
- wifi: iwlwifi: mvm: check the validity of noa_len
(stable-fixes).
- wifi: ath12k: fix preferred hardware mode calculation
(stable-fixes).
- wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1
(stable-fixes).
- wifi: iwlegacy: add missing mutex protection in
il4965_store_tx_power() (stable-fixes).
- wifi: iwlegacy: add missing mutex protection in
il3945_store_measurement() (stable-fixes).
- wifi: rtw89: wow: add reason codes for disassociation in WoWLAN
mode (stable-fixes).
- wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H (stable-fixes).
- wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode()
(stable-fixes).
- wifi: rtw88: fix DTIM period handling when conf->dtim_period
is zero (stable-fixes).
- wifi: libertas: fix WARNING in usb_tx_block (stable-fixes).
- spi: spi-mem: Protect dirmap_create() with
spi_mem_access_start/end (stable-fixes).
- spi: spi-mem: Limit octal DTR constraints to octal DTR
situations (stable-fixes).
- spi: stm32: fix Overrun issue at < 8bpw (stable-fixes).
- spi-geni-qcom: initialize mode related registers to 0
(stable-fixes).
- spi-geni-qcom: use xfer->bits_per_word for can_dma()
(stable-fixes).
- tools/power cpupower: Reset errno before strtoull()
(stable-fixes).
- spi: wpcm-fiu: Simplify with dev_err_probe() (stable-fixes).
- commit 9ae9cd6
- PCI: Add defines for bridge window indexing (stable-fixes).
- Refresh
patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch.
- commit 7f99d8e
- PCI: Add PCIE_MSG_CODE_ASSERT_INTx message macros
(stable-fixes).
- Refresh
patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch.
- commit 8b1fafb
- media: dvb-net: fix OOB access in ULE extension header tables
(git-fixes).
- rtc: zynqmp: correct frequency value (stable-fixes).
- ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access
(stable-fixes).
- ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut
(stable-fixes).
- net: usb: catc: enable basic endpoint checking (git-fixes).
- phy: mvebu-cp110-utmi: fix dr_mode property read from dts
(stable-fixes).
- phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature
(stable-fixes).
- soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded
of NUC15) (stable-fixes).
- serial: 8250: 8250_omap.c: Clear DMA RX running status only
after DMA termination is done (stable-fixes).
- serial: 8250_dw: handle clock enable errors in runtime_resume
(stable-fixes).
- staging: rtl8723bs: fix memory leak on failure path
(stable-fixes).
- staging: rtl8723bs: fix missing status update on
sdio_alloc_irq() failure (stable-fixes).
- iio: magnetometer: Remove IRQF_ONESHOT (stable-fixes).
- iio: Use IRQF_NO_THREAD (stable-fixes).
- Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay
to 5ms" (git-fixes).
- mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms
(git-fixes).
- misc: bcm_vk: Fix possible null-pointer dereferences in
bcm_vk_read() (stable-fixes).
- misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66
(stable-fixes).
- net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in
uhdlc_memclean() (git-fixes).
- nfc: nxp-nci: remove interrupt trigger type (stable-fixes).
- myri10ge: avoid uninitialized variable use (stable-fixes).
- net: usb: sr9700: remove code to drive nonexistent multicast
filter (stable-fixes).
- net: usb: r8152: fix transmit queue timeout (stable-fixes).
- PCI: dw-rockchip: Disable BAR 0 and BAR 1 for Root Port
(stable-fixes).
- PCI: Enable ACS after configuring IOMMU for OF platforms
(stable-fixes).
- PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (stable-fixes).
- PCI: Fix pci_slot_lock () device locking (stable-fixes).
- PCI: Mark Nvidia GB10 to avoid bus reset (stable-fixes).
- PCI: Mark ASM1164 SATA controller to avoid bus reset
(stable-fixes).
- media: rkisp1: Fix filter mode register configuration
(stable-fixes).
- media: cx25821: Fix a resource leak in cx25821_dev_setup()
(stable-fixes).
- media: pvrusb2: fix URB leak in pvr2_send_request_ex
(stable-fixes).
- media: solo6x10: Check for out of bounds chip_id (stable-fixes).
- media: adv7180: fix frame interval in progressive mode
(stable-fixes).
- media: amphion: Clear last_buffer_dequeued flag for
DEC_CMD_START (stable-fixes).
- media: omap3isp: isppreview: always clamp in
preview_try_format() (stable-fixes).
- media: omap3isp: set initial format (stable-fixes).
- media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes
(stable-fixes).
- media: dvb-core: dmxdevfilter must always flush bufs
(stable-fixes).
- HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK
(stable-fixes).
- HID: multitouch: add eGalaxTouch EXC3188 support (stable-fixes).
- HID: logitech-hidpp: Check maxfield in hidpp_get_report_length()
(stable-fixes).
- HID: prodikeys: Check presence of pm->input_ep82 (stable-fixes).
- HID: magicmouse: Do not crash on missing msc->input
(stable-fixes).
- HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple
keyboards (stable-fixes).
- hwmon: (f71882fg) Add F81968 support (stable-fixes).
- hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE (stable-fixes).
- gpio: aspeed-sgpio: Change the macro to support deferred probe
(stable-fixes).
- PCI/MSI: Unmap MSI-X region on error (stable-fixes).
- i3c: master: svc: Initialize 'dev' to NULL in
svc_i3c_master_ibi_isr() (stable-fixes).
- spi: wpcm-fiu: Fix uninitialized res (git-fixes).
- spi: wpcm-fiu: Use devm_platform_ioremap_resource_byname()
(stable-fixes).
- PCI: Log bridge info when first enumerating bridge
(stable-fixes).
- PCI: Log bridge windows conditionally (stable-fixes).
- PCI: Supply bridge device, not secondary bus, to read window
details (stable-fixes).
- PCI: Move pci_read_bridge_windows() below individual window
accessors (stable-fixes).
- commit 291a680
- ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR
(stable-fixes).
- drm/amdgpu: Add HAINAN clock adjustment (stable-fixes).
- drm/radeon: Add HAINAN clock adjustment (stable-fixes).
- drm/amdgpu: Adjust usleep_range in fence wait (stable-fixes).
- drm/amdkfd: Fix watch_id bounds checking in debug address
watch v2 (git-fixes).
- drm/amd/display: Avoid updating surface with the same surface
under MPO (stable-fixes).
- drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set()
(stable-fixes).
- dma: dma-axi-dmac: fix SW cyclic transfers (git-fixes).
- dmaengine: sun6i: Choose appropriate burst length under maxburst
(stable-fixes).
- fpga: of-fpga-region: Fail if any bridge is missing
(stable-fixes).
- fix it87_wdt early reboot by reporting running timer
(stable-fixes).
- fbdev: ffb: fix corrupted video output on Sun FFB1
(stable-fixes).
- ata: libata: avoid long timeouts on hot-unplugged SATA DAS
(stable-fixes).
- Bluetooth: btusb: Add device ID for Realtek RTL8761BU
(stable-fixes).
- Bluetooth: btusb: Add new VID/PID for RTL8852CE (stable-fixes).
- Bluetooth: hci_conn: Set link_policy on incoming ACL connections
(stable-fixes).
- Bluetooth: hci_conn: use mod_delayed_work for active mode
timeout (stable-fixes).
- drm/atmel-hlcdc: don't reject the commit if the src rect has
fractional parts (stable-fixes).
- drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after
release (stable-fixes).
- drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state
callback (stable-fixes).
- drm: Account property blob allocations to memcg (stable-fixes).
- drm/amdkfd: Fix GART PTE for non-4K pagesize in
svm_migrate_gart_map() (stable-fixes).
- drm/amdgpu: avoid a warning in timedout job handler
(stable-fixes).
- drm/amdgpu: add support for HDP IP version 6.1.1 (stable-fixes).
- drm/v3d: Set DMA segment size to avoid debug warnings
(stable-fixes).
- drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros
(stable-fixes).
- drm/display/dp_mst: Add protection against 0 vcpi
(stable-fixes).
- ASoC: codecs: max98390: Check return value of
devm_gpiod_get_optional() in max98390_i2c_probe()
(stable-fixes).
- ASoC: sunxi: sun50i-dmic: Add missing check for
devm_regmap_init_mmio (stable-fixes).
- ASoC: wm8962: Don't report a microphone if it's shorted to
ground on plug (stable-fixes).
- ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask
(stable-fixes).
- ASoC: nau8821: Fixup nau8821_enable_jack_detect() (git-fixes).
- char: tpm: cr50: Remove IRQF_ONESHOT (stable-fixes).
- docs: fix WARNING document not included in any toctree
(stable-fixes).
- drm/amdkfd: fix debug watchpoints for logical devices
(stable-fixes).
- commit 0c8127e
- ASoC: nau8821: Consistently clear interrupts before unmasking
(git-fixes).
- Refresh
patches.suse/ASoC-nau8821-Add-DMI-quirk-to-bypass-jack-debounce-c.patch.
- commit abf4286
- ALSA: usb-audio: Add sanity check for OOB writes at silencing
(stable-fixes).
- ALSA: usb-audio: Update the number of packets properly at
receiving (stable-fixes).
- ALSA: usb-audio: Add iface reset and delay quirk for AB13X
USB Audio (stable-fixes).
- ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie
15X Pro (stable-fixes).
- APEI/GHES: ensure that won't go past CPER allocated record
(stable-fixes).
- ACPI: processor: Fix NULL-pointer dereference in
acpi_processor_errata_piix4() (stable-fixes).
- ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP
(stable-fixes).
- ASoC: nau8821: Avoid unnecessary blocking in IRQ handler
(stable-fixes).
- commit d3af28a
- spi: spidev: fix lock inversion between spi_lock and buf_lock (git-fixes)
- commit 9802dbf
- spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end (git-fixes)
- commit 64847d6
- spi: spi-mem: Limit octal DTR constraints to octal DTR situations (git-fixes)
- commit bd7c7ca
- arm64: Disable branch profiling for all arm64 code (git-fixes)
- commit 1953e74
- arm64: Add support for TSV110 Spectre-BHB mitigation (git-fixes)
- commit c0727ca
- serial: 8250: 8250_omap.c: Clear DMA RX running status only
after DMA termination is done (git-fixes).
- serial: 8250_dw: handle clock enable errors in runtime_resume
(git-fixes).
- PCI: dw-rockchip: Disable BAR 0 and BAR 1 for Root Port
(git-fixes).
- PCI: Enable ACS after configuring IOMMU for OF platforms
(git-fixes).
- PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (git-fixes).
- PCI: Fix pci_slot_lock () device locking (git-fixes).
- PCI: Mark Nvidia GB10 to avoid bus reset (git-fixes).
- PCI: Mark ASM1164 SATA controller to avoid bus reset
(git-fixes).
- PCI/MSI: Unmap MSI-X region on error (git-fixes).
- char: tpm: cr50: Remove IRQF_ONESHOT (git-fixes).
- commit e99138a
- mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()
(CVE-2026-23169 bsc#1258389).
- commit fdf82e1
- net: fix segmentation of forwarding fraglist GRO (CVE-2026-23154
bsc#1258286).
- commit fa03082
- net/sched: ets: Always remove class from active list before
deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645).
- commit bd83957
- vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755, CVE-2026-23069).
- Refresh
patches.suse/vsock-virtio-cap-TX-credit-to-local-buffer-size.patch.
- commit aab63d9
- net/sched: cls_u32: use skb_header_pointer_careful()
(CVE-2026-23204 bsc#1258340).
In addition backport 13e00fdc9236b which introduces
skb_header_pointer_careful() helper which is required.
- commit 926e136
- cifs: add xid to query server interface call (git-fixes).
- Refresh
patches.suse/cifs-handle-when-server-starts-supporting-multichannel.patch.
- Refresh
patches.suse/cifs-make-sure-server-interfaces-are-requested-only-for-SMB3-.patch
(bsc#1258928,bsc#1259070).
- Refresh
patches.suse/cifs-do-not-disable-interface-polling-on-failure.patch.
- Refresh
patches.suse/cifs-add-xid-to-query-server-interface-call.patch.
- commit e67e831
- iommu/mediatek: fix use-after-free on probe deferral
(CVE-2025-71071 bsc#1256802).
- commit 0b777d9
- bpf: Forget ranges when refining tnum after JSET (CVE-2025-39748
bsc#1249587).
- commit 9bb0920
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
(bsc#1249998 CVE-2025-39817).
- commit ccf2d31
- io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop
(CVE-2026-23113 bsc#1258278).
- commit 2e91927
- libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379).
- commit 1c35b41
- nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()
(CVE-2026-23179 bsc#1258394).
- commit 63de389
- btrfs: don't log conflicting inode if it's a dir moved in the
current transaction (bsc#1256683 CVE-2025-68778).
- commit 0cd8ff8
- nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
(CVE-2026-23112 bsc#1258184).
- commit e38d2c3
- landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698).
- commit cdf3815
- landlock: Optimize file path walks and prepare for audit support (bsc#1255698).
- commit 5db1b51
- pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask
for 8mq vpu (CVE-2026-23116 bsc#1258277).
- commit 1905ad8
- Add bugnumber to existing mana change (bsc#1251971).
- scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes).
- commit 425b20d
- Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971).
- scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes).
- net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes).
- commit 175e6eb
- nvme-fc: release admin tagset if init fails (git-fixes).
- nvme-pci: disable secondary temp for Wodposit WPBSNM8
(git-fixes).
- nvme-fc: don't hold rport lock when putting ctrl (git-fixes).
- commit d0ac38c
- bonding: fix use-after-free due to enslave fail after slave
array update (CVE-2026-23171 bsc#1258349).
- bonding: provide a net pointer to __skb_flow_dissect()
(CVE-2026-23119 bsc#1258273).
- fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083
bsc#1257745).
- bonding: limit BOND_MODE_8023AD to Ethernet devices
(CVE-2026-23099 bsc#1257816).
- net: bonding: update the slave array for broadcast mode
(CVE-2026-23171 bsc#1258349).
- commit d461cd4
- Update
patches.suse/btrfs-do-not-strictly-require-dirty-metadata-thresho.patch
(stable-fixes CVE-2026-23157 bsc#1258376).
- Update
patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch
(bsc#1257473 CVE-2026-23054 bsc#1257732).
- Update
patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-handler.patch
(bsc#1257952 CVE-2026-23207 bsc#1258524).
- Update
patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_combined.patch
(bsc#1257952 CVE-2026-23202 bsc#1258338).
- commit 9f4fee7
- Update
patches.suse/arm64-Set-__nocfi-on-swsusp_arch_resume.patch
(git-fixes CVE-2026-23128 bsc#1258298).
- Update
patches.suse/nfsd-check-that-server-is-running-in-unlock_filesystem.patch
(bsc#1257279 CVE-2026-22989).
- Update
patches.suse/platform-x86-amd-Fix-memory-leak-in-wbrf_record.patch
(git-fixes CVE-2026-23065 bsc#1257742).
- Update
patches.suse/platform-x86-hp-bioscfg-Fix-kernel-panic-in-GET_INST.patch
(git-fixes CVE-2026-23062 bsc#1257734).
- Update
patches.suse/platform-x86-hp-bioscfg-Fix-kobject-warnings-for-emp.patch
(git-fixes CVE-2026-23131 bsc#1258297).
- Update
patches.suse/pnfs-flexfiles-Fix-memory-leak-in-nfs4_ff_alloc_deviceid_node.patch
(git-fixes CVE-2026-23038 bsc#1257553).
- commit b60a065
- Update
patches.suse/ALSA-ac97-fix-a-double-free-in-snd_ac97_controller_r.patch
(git-fixes CVE-2025-71192 bsc#1257679).
- Update
patches.suse/ALSA-ctxfi-Fix-potential-OOB-access-in-audio-mixer-h.patch
(stable-fixes CVE-2026-23076 bsc#1257788).
- Update
patches.suse/ALSA-scarlett2-Fix-buffer-overflow-in-config-retriev.patch
(git-fixes CVE-2026-23078 bsc#1257789).
- Update
patches.suse/ASoC-amd-fix-memory-leak-in-acp3x-pdm-dma-ops.patch
(git-fixes CVE-2026-23190 bsc#1258397).
- Update
patches.suse/Bluetooth-MGMT-Fix-memory-leak-in-set_ssp_complete.patch
(git-fixes CVE-2026-23151 bsc#1258237).
- Update
patches.suse/Bluetooth-hci_uart-fix-null-ptr-deref-in-hci_uart_wr.patch
(git-fixes CVE-2026-23146 bsc#1258234).
- Update
patches.suse/HID-i2c-hid-fix-potential-buffer-overflow-in-i2c_hid.patch
(stable-fixes CVE-2026-23178 bsc#1258358).
- Update
patches.suse/bus-fsl-mc-fix-use-after-free-in-driver_override_sho.patch
(git-fixes CVE-2026-23221 bsc#1258660).
- Update
patches.suse/can-ems_usb-ems_usb_read_bulk_callback-fix-URB-memor.patch
(git-fixes CVE-2026-23058 bsc#1257739).
- Update
patches.suse/can-etas_es58x-allow-partial-RX-URB-allocation-to-su.patch
(git-fixes CVE-2026-23037 bsc#1257554).
- Update
patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-error-me.patch
(git-fixes CVE-2026-23155 bsc#1258313).
- Update
patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-unanchor-URL.patch
(git-fixes CVE-2026-23082 bsc#1257715).
- Update
patches.suse/can-j1939-make-j1939_session_activate-fail-if-device.patch
(stable-fixes CVE-2025-71182 bsc#1257586).
- Update
patches.suse/can-kvaser_usb-kvaser_usb_read_bulk_callback-fix-URB.patch
(git-fixes CVE-2026-23061 bsc#1257776).
- Update
patches.suse/can-mcba_usb-mcba_usb_read_bulk_callback-fix-URB-mem.patch
(git-fixes CVE-2026-23080 bsc#1257714).
- Update
patches.suse/can-usb_8dev-usb_8dev_read_bulk_callback-fix-URB-mem.patch
(git-fixes CVE-2026-23108 bsc#1257770).
- Update
patches.suse/crypto-iaa-Fix-out-of-bounds-index-in-find_empty_iaa.patch
(git-fixes CVE-2025-71231 bsc#1258424).
- Update
patches.suse/crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-scatterl.patch
(git-fixes CVE-2026-23222 bsc#1258484).
- Update
patches.suse/crypto-virtio-Add-spinlock-protection-with-virtqueue.patch
(git-fixes CVE-2026-23229 bsc#1258429).
- Update
patches.suse/dmaengine-at_hdmac-fix-device-leak-on-of_dma_xlate.patch
(git-fixes CVE-2025-71191 bsc#1257579).
- Update
patches.suse/dmaengine-bcm-sba-raid-fix-device-leak-on-probe.patch
(git-fixes CVE-2025-71190 bsc#1257580).
- Update
patches.suse/dmaengine-dw-dmamux-fix-OF-node-leak-on-route-alloca.patch
(git-fixes CVE-2025-71189 bsc#1257573).
- Update
patches.suse/dmaengine-lpc18xx-dmamux-fix-device-leak-on-route-al.patch
(git-fixes CVE-2025-71188 bsc#1257576).
- Update
patches.suse/dmaengine-omap-dma-fix-dma_pool-resource-leak-in-err.patch
(git-fixes CVE-2026-23033 bsc#1257570).
- Update
patches.suse/dmaengine-qcom-gpi-Fix-memory-leak-in-gpi_peripheral.patch
(git-fixes CVE-2026-23026 bsc#1257562).
- Update
patches.suse/dmaengine-ti-dma-crossbar-fix-device-leak-on-am335x-.patch
(git-fixes CVE-2025-71185 bsc#1257560).
- Update
patches.suse/dmaengine-xilinx-xdma-Fix-regmap-max_register.patch
(git-fixes CVE-2025-71195 bsc#1257704).
- Update patches.suse/dpll-Prevent-duplicate-registrations.patch
(git-fixes CVE-2026-23129 bsc#1258299).
- Update
patches.suse/drm-amdgpu-fix-NULL-pointer-dereference-in-amdgpu_gm.patch
(git-fixes CVE-2026-23163 bsc#1258544).
- Update patches.suse/drm-imx-tve-fix-probe-device-leak.patch
(git-fixes CVE-2026-23170 bsc#1258379).
- Update
patches.suse/drm-panel-simple-fix-connector-type-for-DataImage-SC.patch
(git-fixes CVE-2026-23049 bsc#1257723).
- Update
patches.suse/efivarfs-fix-error-propagation-in-efivar_entry_get.patch
(git-fixes CVE-2026-23156 bsc#1258317).
- Update
patches.suse/ext4-fix-iloc.bh-leak-in-ext4_xattr_inode_update_ref.patch
(git-fixes CVE-2026-23145 bsc#1258326).
- Update
patches.suse/iio-adc-at91-sama5d2_adc-Fix-potential-use-after-fre.patch
(git-fixes CVE-2025-71199 bsc#1257750).
- Update
patches.suse/iio-imu-st_lsm6dsx-fix-iio_chan_spec-for-sensors-wit.patch
(git-fixes CVE-2025-71198 bsc#1257741).
- Update
patches.suse/intel_th-fix-device-leak-on-output-open.patch
(git-fixes CVE-2026-23091 bsc#1257813).
- Update
patches.suse/leds-led-class-Only-Add-LED-to-leds_list-when-it-is-.patch
(git-fixes CVE-2026-23101 bsc#1257768).
- Update
patches.suse/mISDN-annotate-data-race-around-dev-work.patch
(git-fixes CVE-2026-23121 bsc#1258309).
- Update
patches.suse/mmc-sdhci-of-dwcmshc-Prevent-illegal-clock-reduction.patch
(git-fixes CVE-2025-71200 bsc#1258222).
- Update
patches.suse/net-usb-pegasus-fix-memory-leak-in-update_eth_regs_a.patch
(git-fixes CVE-2026-23021 bsc#1257557).
- Update
patches.suse/net-wwan-t7xx-fix-potential-skb-frags-overflow-in-RX.patch
(git-fixes CVE-2026-23172 bsc#1258519).
- Update
patches.suse/nfc-llcp-Fix-memleak-in-nfc_llcp_send_ui_frame.patch
(git-fixes CVE-2026-23150 bsc#1258354).
- Update
patches.suse/nfc-nci-Fix-race-between-rfkill-and-nci_unregister_d.patch
(git-fixes CVE-2026-23167 bsc#1258374).
- Update
patches.suse/phy-stm32-usphyc-Fix-off-by-one-in-probe.patch
(git-fixes CVE-2025-71196 bsc#1257716).
- Update
patches.suse/platform-x86-toshiba_haps-Fix-memory-leaks-in-add-re.patch
(git-fixes CVE-2026-23176 bsc#1258256).
- Update
patches.suse/regmap-Fix-race-condition-in-hwspinlock-irqsave-rout.patch
(git-fixes CVE-2026-23071 bsc#1257706).
- Update
patches.suse/scsi-qla2xxx-Delay-module-unload-while-fabric-scan-i.patch
(bsc#1256863 CVE-2025-71235 bsc#1258469).
- Update
patches.suse/scsi-qla2xxx-Free-sp-in-error-path-to-fix-system-cra.patch
(bsc#1256863 CVE-2025-71232 bsc#1258422).
- Update
patches.suse/scsi-qla2xxx-Validate-sp-before-freeing-associated-m.patch
(bsc#1256863 CVE-2025-71236 bsc#1258442).
- Update
patches.suse/slimbus-core-fix-device-reference-leak-on-report-pre.patch
(git-fixes CVE-2026-23090 bsc#1257759).
- Update
patches.suse/spi-spi-sprd-adi-Fix-double-free-in-probe-error-path.patch
(git-fixes CVE-2026-23068 bsc#1257805).
- Update
patches.suse/spi-tegra-Fix-a-memory-leak-in-tegra_slink_probe.patch
(git-fixes CVE-2026-23182 bsc#1258259).
- Update
patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch
(git-fixes bsc#1257952 CVE-2026-23207 bsc#1258524).
- Update
patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch
(git-fixes bsc#1257952 CVE-2026-23202 bsc#1258338).
- Update
patches.suse/uacce-ensure-safe-queue-release-with-state-managemen.patch
(git-fixes CVE-2026-23063 bsc#1257722).
- Update
patches.suse/uacce-fix-cdev-handling-in-the-cleanup-path.patch
(git-fixes CVE-2026-23096 bsc#1257809).
- Update
patches.suse/uacce-fix-isolate-sysfs-check-condition.patch
(git-fixes CVE-2026-23094 bsc#1257811).
- Update
patches.suse/uacce-implement-mremap-in-uacce_vm_ops-to-return-EPE.patch
(git-fixes CVE-2026-23056 bsc#1257729).
- Update
patches.suse/w1-therm-Fix-off-by-one-buffer-overflow-in-alarms_st.patch
(git-fixes CVE-2025-71197 bsc#1257743).
- Update
patches.suse/wifi-ath10k-fix-dma_free_coherent-pointer.patch
(git-fixes CVE-2026-23133 bsc#1258249).
- Update
patches.suse/wifi-ath12k-fix-dma_free_coherent-pointer.patch
(git-fixes CVE-2026-23135 bsc#1258245).
- Update
patches.suse/wifi-mac80211-correctly-decode-TTLM-with-default-lin.patch
(git-fixes CVE-2026-23152 bsc#1258252).
- Update
patches.suse/wifi-mac80211-ocb-skip-rx_no_sta-when-interface-is-n.patch
(stable-fixes CVE-2025-71224 bsc#1258824).
- Update
patches.suse/wifi-rsi-Fix-memory-corruption-due-to-not-set-vif-dr.patch
(git-fixes CVE-2026-23073 bsc#1257707).
- Update
patches.suse/wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xxxu_sta.patch
(git-fixes CVE-2025-71234 bsc#1258419).
- Update
patches.suse/wifi-rtw88-Fix-alignment-fault-in-rtw_core_enable_be.patch
(git-fixes CVE-2025-71229 bsc#1258415).
- Update
patches.suse/wifi-wlcore-ensure-skb-headroom-before-skb_push.patch
(stable-fixes CVE-2025-71222 bsc#1258279).
- commit 30080c1
- drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129).
- commit 7b00832
- smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924,
CVE-2025-40103).
- commit 2028384
- cifs: parse_dfs_referrals: prevent oob on malformed input
(bsc#1252911, CVE-2025-40099).
- commit 821259f
- Refresh
patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch.
- commit 1325cd1
- ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues
(CVE-2026-23166 bsc#1258272).
- net/mlx5e: TC, delete flows only for existing peers
(CVE-2026-23173 bsc#1258520).
- commit 1315a36
- device property: Allow secondary lookup in
fwnode_get_next_child_node() (git-fixes).
- commit 13b0bcb
- drm/amdgpu: Replace kzalloc + copy_from_user with memdup_user
(stable-fixes).
- commit 954a53a
- drm/amd: Disable MES LR compute W/A (git-fixes).
- drm/amdgpu: Fix locking bugs in error paths (git-fixes).
- drm/amdgpu: Unlock a mutex before destroying it (git-fixes).
- drm/xe/sync: Cleanup partially initialized sync on parse failure
(git-fixes).
- commit 8b90e65
- ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB
Audio 2.0 (stable-fixes).
- ALSA: usb-audio: Check max frame size for implicit feedback
mode, too (stable-fixes).
- commit 94dd673
- PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (git-fixes).
- mmc: mmci: Fix device_node reference leak in
of_get_dml_pipe_index() (git-fixes).
- ALSA: usb-audio: Use correct version for UAC3 header validation
(git-fixes).
- ALSA: usb-audio: Use inclusive terms (git-fixes).
- ALSA: usb-audio: Cap the packet size pre-calculations
(git-fixes).
- ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite
devices (git-fixes).
- drm/bridge: samsung-dsim: Fix memory leak in error path
(git-fixes).
- drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used
(git-fixes).
- drm/logicvc: Fix device node reference leak in
logicvc_drm_config_parse() (git-fixes).
- drm/vmwgfx: Return the correct value in vmw_translate_ptr
functions (git-fixes).
- drm/vmwgfx: Fix invalid kref_put callback in
vmw_bo_dirty_release (git-fixes).
- commit b1fa310
- scsi: core: Wake up the error handler when final completions
race against each other (CVE-2026-23110 bsc#1257761).
- commit 59f5efa
- dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (CVE-2026-23004 bsc#1257231).
- commit 3cd007f
- btrfs: fix NULL dereference on root when tracing inode eviction
(bsc#1257635 CVE-2025-71184).
- commit 5bf422c
- netfilter: nf_conncount: update last_gc only when GC has been
performed (CVE-2026-23139 bsc#1258304).
- commit 9a70b26
- netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate() (CVE-2026-23111 bsc#1258181).
- commit 56db8af
- Bluetooth: L2CAP: Fix result of L2CAP_ECRED_CONN_RSP when MTU
is too short (git-fixes).
- commit f391178
- ipmi: ipmb: initialise event handler read bytes (git-fixes).
- wifi: mac80211: fix NULL pointer dereference in
mesh_rx_csa_frame() (git-fixes).
- wifi: mac80211: bounds-check link_id in
ieee80211_ml_reconfiguration (git-fixes).
- wifi: radiotap: reject radiotap with unknown bits (git-fixes).
- wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()
(git-fixes).
- wifi: cfg80211: wext: fix IGTK key ID off-by-one (git-fixes).
- net: usb: kaweth: validate USB endpoints (git-fixes).
- net: usb: kalmia: validate USB endpoints (git-fixes).
- nfc: pn533: properly drop the usb interface reference on
disconnect (git-fixes).
- Bluetooth: L2CAP: Fix missing key size check for
L2CAP_LE_CONN_REQ (git-fixes).
- Bluetooth: L2CAP: Fix not checking output MTU is acceptable
on L2CAP_ECRED_CONN_REQ (git-fixes).
- Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ
(git-fixes).
- Bluetooth: hci_qca: Cleanup on all setup failures (git-fixes).
- Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ
(git-fixes).
- net: usb: pegasus: enable basic endpoint checking (git-fixes).
- net: wan: farsync: Fix use-after-free bugs caused by unfinished
tasklets (git-fixes).
- net: usb: lan78xx: scan all MDIO addresses on LAN7801
(git-fixes).
- net: usb: kaweth: remove TX queue manipulation in
kaweth_set_rx_mode (git-fixes).
- commit d2c7de0
- Revert "bpf: xfrm: Add bpf_xdp_get_xfrm_state() kfunc (bsc#1258860)."
This reverts commit 45e79fa43bd459d00fcbd8572c0235c97ead4eac.
- commit 5c2ddac
- Revert "bpf: selftests: test_tunnel: Setup fresh topology for each"
This reverts commit 68c386807298a24f9aaa6abc773ca2e55811d8b6.
- commit ca269d7
- Revert "bpf: selftests: test_tunnel: Use vmlinux.h declarations"
This reverts commit b101cc06246d1d56fdccbf3b52a3e33d3ab78fcd.
- commit 639f9af
- Revert "bpf: selftests: Move xfrm tunnel test to test_progs"
This reverts commit baa465cbeff2a2ccfc187f1574d3d0355859f272.
- commit a6bd63d
- Revert "bpf: xfrm: Add selftest for bpf_xdp_get_xfrm_state()"
This reverts commit 403fe191fe7429208c4374563e8fc715d173c238.
- commit 39fadc8
- Revert "selftests/bpf: Remove "&>" usage in the selftests (bsc#1258860)."
This reverts commit 89e2c21a144bfef03d958aa8aba86be1de03c133.
- commit 5770b5a
- Revert "selftests/bpf: Use log_err in open_netns/close_netns"
This reverts commit 9e46239ec7083baf333a04a0a51b2129f7122e7a.
- commit 68fe369
- Revert "selftests/bpf: Use start_server_addr in test_sock_addr"
This reverts commit 1e47448bd1a58eeab1dd8308a33e87a13bfbc5fe.
- commit 9b790d3
- Revert "selftests/bpf: Use connect_to_addr in test_sock_addr"
This reverts commit 00365076b79bf8b793ffcbbe165fb923d3e076bd.
- commit cc69856
- Revert "selftests/bpf: Use make_sockaddr in test_sock_addr (bsc#1258860)."
This reverts commit 786d917527f8c57750479330c284ce9ede53e6e6.
- commit a0a2a9a
- Revert "selftests/bpf: test_tunnel: Add generic_attach* helpers"
This reverts commit d00f95407a6bf8c5e0fe175806995c6a8bba1683.
- commit 5760cd8
- Revert "selftests/bpf: test_tunnel: Add ping helpers (bsc#1258860)."
This reverts commit 1525c5f10c0ca570c1e6e641af561065636f1356.
- commit bd8651e
- Revert "selftests/bpf: test_tunnel: Move gre tunnel test to test_progs"
This reverts commit 84e2ac063d854f26c493e4576f3154c31e7ef2bb.
- commit 3729eff
- Revert "selftests/bpf: test_tunnel: Move ip6gre tunnel test to test_progs"
This reverts commit cea730b64379dd4265fc22c3a8dcfdbd6632a373.
- commit 773df48
- Revert "selftests/bpf: test_tunnel: Move erspan tunnel tests to"
This reverts commit 90ab03e0fed26cdd1ee6878c11beaa5641ed4ee1.
- commit 391cff5
- Revert "selftests/bpf: test_tunnel: Move ip6erspan tunnel test to"
This reverts commit 9d0a9339e46eb2c68faa309c432df999a044ff8a.
- commit b3ce611
- Revert "selftests/bpf: test_tunnel: Move geneve tunnel test to test_progs"
This reverts commit cff739edc102c0cf0e6bf0be504c669e73ca82b6.
- commit 447b0a9
- Revert "selftests/bpf: test_tunnel: Move ip6geneve tunnel test to"
This reverts commit 168675720cca9f6bfbf6b34c72da4b14ac8ecc3e.
- commit 990a5e1
- Revert "selftests/bpf: test_tunnel: Move ip6tnl tunnel tests to"
This reverts commit 26f094635338982e7cf328585ba0e3b174e0e237.
- commit a0926bf
- Revert "selftests/bpf: test_tunnel: Remove test_tunnel.sh (bsc#1258860)."
This reverts commit 542a820e6c16a29a38de43382592291155a85b37.
- commit 1168a2b
- Revert "selftests/bpf: Add tc helpers (bsc#1258860)."
This reverts commit a635f692532a997ddc4668475305776129f1a250.
- commit 033e435
- Revert "selftests/bpf: Make test_tc_tunnel.bpf.c compatible with big"
This reverts commit e252cc0f9b00a28f8103ec74a25d1ede910e6493.
- commit 3337410
- Revert "selftests/bpf: Integrate test_tc_tunnel.sh tests into test_progs"
This reverts commit 900bd3fb0f6ad0d835060091065f93b8b2f4210b.
- commit 959a197
- Revert "selftests/bpf: Remove test_tc_tunnel.sh (bsc#1258860)."
This reverts commit 96504e8a2651dca694614c965eb984216c94f994.
- commit e629708
- Revert "selftests/bpf: Support when CONFIG_VXLAN=m (bsc#1258860)."
This reverts commit 83fdb5c0e6bca17ff1eb8cf9bacdfd20b9046a81.
- commit ba86619
- btrfs: fix deadlock in wait_current_trans() due to ignored
transaction type (bsc#1257687 CVE-2025-71194).
- commit 2e0cb69
- drm/amdgpu: ensure no_hw_access is visible before MMIO
(CVE-2026-23213 bsc#1258465).
- commit bec3979
- drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
(CVE-2026-23213 bsc#1258465).
- commit 3b81ead
- ice: Fix PTP NULL pointer dereference during VSI rebuild
(CVE-2026-23210 bsc#1258517).
- commit 2aa5940
- media: dvb-core: fix wrong reinitialization of ringbuffer on
reopen (git-fixes).
- commit ba51966
- NFS: Fix a deadlock involving nfs_release_folio()
(CVE-2026-23053 bsc#1257718).
- commit 492ba43
- selftests/bpf: Support when CONFIG_VXLAN=m (bsc#1258860).
- selftests/bpf: Remove test_tc_tunnel.sh (bsc#1258860).
- selftests/bpf: Integrate test_tc_tunnel.sh tests into test_progs
(bsc#1258860).
- selftests/bpf: Make test_tc_tunnel.bpf.c compatible with big
endian platforms (bsc#1258860).
- selftests/bpf: Add tc helpers (bsc#1258860).
- selftests/bpf: test_tunnel: Remove test_tunnel.sh (bsc#1258860).
- selftests/bpf: test_tunnel: Move ip6tnl tunnel tests to
test_progs (bsc#1258860).
- selftests/bpf: test_tunnel: Move ip6geneve tunnel test to
test_progs (bsc#1258860).
- selftests/bpf: test_tunnel: Move geneve tunnel test to test_progs
(bsc#1258860).
- selftests/bpf: test_tunnel: Move ip6erspan tunnel test to
test_progs (bsc#1258860).
- selftests/bpf: test_tunnel: Move erspan tunnel tests to
test_progs (bsc#1258860).
- selftests/bpf: test_tunnel: Move ip6gre tunnel test to test_progs
(bsc#1258860).
- selftests/bpf: test_tunnel: Move gre tunnel test to test_progs
(bsc#1258860).
- selftests/bpf: test_tunnel: Add ping helpers (bsc#1258860).
- selftests/bpf: test_tunnel: Add generic_attach* helpers
(bsc#1258860).
- selftests/bpf: Use make_sockaddr in test_sock_addr (bsc#1258860).
- selftests/bpf: Use connect_to_addr in test_sock_addr
(bsc#1258860).
- selftests/bpf: Use start_server_addr in test_sock_addr
(bsc#1258860).
- selftests/bpf: Use log_err in open_netns/close_netns
(bsc#1258860).
- selftests/bpf: Remove "&>" usage in the selftests (bsc#1258860).
- bpf: xfrm: Add selftest for bpf_xdp_get_xfrm_state()
(bsc#1258860).
- bpf: selftests: Move xfrm tunnel test to test_progs
(bsc#1258860).
- bpf: selftests: test_tunnel: Use vmlinux.h declarations
(bsc#1258860).
- bpf: selftests: test_tunnel: Setup fresh topology for each
subtest (bsc#1258860).
- bpf: xfrm: Add bpf_xdp_get_xfrm_state() kfunc (bsc#1258860).
- commit 83fdb5c
- KVM: Don't clobber irqfd routing type when deassigning irqfd
(CVE-2026-23198 bsc#1258321).
- commit e973f50
- KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing
memslot (CVE-2025-68810 bsc#1256679).
- commit a9c2c12
- md: suspend array while updating raid_disks via sysfs
(CVE-2025-71225, bsc#1258411).
- commit 22f1953
- nfsd: use correct loop termination in nfsd4_revoke_states()
(git-fixes).
- Refresh
patches.suse/nfsd-allow-delegation-state-ids-to-be-revoked-and-th.patch.
- Refresh
patches.suse/nfsd-allow-lock-state-ids-to-be-revoked-and-then-fre.patch.
- Refresh
patches.suse/nfsd-allow-open-state-ids-to-be-revoked-and-then-fre.patch.
- commit fb809d5
- nfsd: check that server is running in unlock_filesystem
(bsc#1257279).
- commit 82fa4f8
- Refresh
patches.suse/nfsd-prepare-for-supporting-admin-revocation-of-stat.patch.
- commit aa19d66
- smb: client: fix memory leak in cifs_construct_tcon()
(bsc#1255129, CVE-2025-68295).
- commit 069aa1f
- Refresh
patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch.
- commit f42de87
- cpufreq/amd-pstate: Add missing NULL ptr check in
amd_pstate_update (bsc#1247180).
- commit c78e422
- cpufreq/amd-pstate: Add the missing cpufreq_cpu_put()
(bsc#1247180).
- commit d5dd703
- config.conf: add kernel-azure as additonal flavor (bsc#1258037)
The content is based on commit b5b375e749d.
This makes kernel-source-azure and kernel-syms-azure obsolete.
- commit 64f6ce8
- Move upstreamed mm and SCSI patches into sorted section
- commit 2b576e9
- btrfs: send: check for inline extents in
range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141).
- commit b93c18b
- btrfs: reject new transactions if the fs is fully read-only
(bsc#1258464 CVE-2026-23214).
- commit c375a48
- net: fix memory leak in skb_segment_list for GRO packets
(CVE-2026-22979 bsc#1257228).
- commit 59160d7
- block,bfq: fix aux stat accumulation destination (git-fixes).
- commit 8a3658b
- rpm/check-for-config-changes: add OPENSSL_SUPPORTS_ to IGNORED_CONFIGS_RE
Config option OPENSSL_SUPPORTS_ML_DSA was introduced by mainline commit
0ad9a71933e7 ("modsign: Enable ML-DSA module signing") in 7.0-rc1
- commit 21b4616
- macvlan: observe an RCU grace period in macvlan_common_newlink()
error path (CVE-2026-23209 bsc#1258518).
- macvlan: fix error recovery in macvlan_common_newlink()
(CVE-2026-23209 bsc#1258518).
- commit eaf1535
- bonding: only set speed/duplex to unknown, if getting speed
failed (bsc#1253691).
- commit 0b66a07
- rtc: interface: Alarm race handling should not discard preceding
error (git-fixes).
- commit f96272c
- NTB: ntb_transport: Fix too small buffer for debugfs_name
(git-fixes).
- commit 269c576
- drm/amd/display: Fix out-of-bounds stream encoder index v3
(git-fixes).
- drm/amd/display: Reject cursor plane on DCE when scaled
differently than primary (git-fixes).
- drm/amdkfd: Fix watch_id bounds checking in debug address
watch v2 (git-fixes).
- drm/amdgpu: Use kvfree instead of kfree in
amdgpu_gmc_get_nps_memranges() (git-fixes).
- drm/amdgpu: ensure no_hw_access is visible before MMIO
(git-fixes).
- commit 864dc69
- ALSA: usb-audio: Use the right limit for PCM OOB check
(CVE-2026-23208 bsc#1258468).
- ALSA: usb-audio: Prevent excessive number of frames
(CVE-2026-23208 bsc#1258468).
- commit 895c473
- ASoC: rockchip: i2s-tdm: Use param rate if not provided by
set_sysclk (git-fixes).
- drm/amd/display: Use same max plane scaling limits for all 64
bpp formats (git-fixes).
- drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify
(git-fixes).
- drm/i915/acpi: free _DSM package when no connectors (git-fixes).
- drm/amd: Fix hang on amdgpu unload by using
pci_dev_is_disconnected() (git-fixes).
- drm/amdgpu: Fix memory leak in amdgpu_ras_init() (git-fixes).
- drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc()
(git-fixes).
- efi: Fix reservation of unaccepted memory table (git-fixes).
- commit 2183b13
- scsi: mpi3mr: Synchronous access b/w reset and tm thread for
reply queue (CVE-2025-37861 bsc#1243055).
- commit 807000c
- cpufreq/amd-pstate: store all values in cpudata struct in khz
(bsc#1247180).
- commit 6cd4814
- net: usb: catc: enable basic endpoint checking (git-fixes).
- ASoC: cs42l43: Correct handling of 3-pole jack load detection
(stable-fixes).
- drm/amd/display: remove assert around dpp_base replacement
(stable-fixes).
- drm/amd/display: extend delta clamping logic to CM3 LUT helper
(stable-fixes).
- commit c79d431
- net: nfc: nci: Fix parameter validation for packet data
(git-fixes).
- atm: fore200e: fix use-after-free in tasklets during device
removal (git-fixes).
- USB: serial: option: add Telit FN920C04 RNDIS compositions
(stable-fixes).
- fbdev: smscufx: properly copy ioctl memory to kernelspace
(stable-fixes).
- bus: fsl-mc: fix use-after-free in driver_override_show()
(git-fixes).
- ASoC: amd: yc: Add quirk for HP 200 G2a 16 (stable-fixes).
- ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9
(stable-fixes).
- platform/x86: classmate-laptop: Add missing NULL pointer checks
(stable-fixes).
- platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro
(stable-fixes).
- platform/x86: panasonic-laptop: Fix sysfs group leak in error
path (stable-fixes).
- gpio: sprd: Change sprd_gpio lock to raw_spin_lock
(stable-fixes).
- drm/tegra: hdmi: sor: Fix error: variable ‘j’ set but not
used (stable-fixes).
- bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in
sysfs show functions (stable-fixes).
- commit 436dcdb
- config.conf: Drop armv7hl builds
commit 09ee386c4ae dropped support for armv7hl
in SLE15-SP7, SUSE-2024 never supported it,
therefore, no branch downstream of fixes/linux-6.4
supports this arch (bsc#1255265).
- commit 5dc5aaf
- ALSA: aloop: Fix racy access at PCM trigger (CVE-2026-23191
bsc#1258395).
- commit 114f0d2
- ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online
CPUs (git-fixes).
- ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO
(git-fixes).
- powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version
check (git-fixes).
- PM: sleep: wakeirq: Update outdated documentation comments
(git-fixes).
- commit 700df2d
- crypto: authencesn - reject too-short AAD (assoclen<8) to
match ESP/ESN spec (bsc#1257735 CVE-2026-23060).
- commit 9347d8b
- crypto: af_alg - zero initialize memory allocated via
sock_kmalloc (bsc#1256716 CVE-2025-71113).
- commit 449e0ae
- crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
(bsc#1254992 CVE-2023-53817).
- commit f8259ad
- gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095
bsc#1257808).
- commit e8190a1
- vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086
bsc#1257757).
- commit 2a01723
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
(bsc#1251966 CVE-2025-39964).
- commit 2a9a19a
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
(bsc#1251966 CVE-2025-39964).
Refresh patches.suse/crypto-add-suse_kabi_padding.patch.
- commit a6b1063
- soundwire: intel_ace2x: add SND_HDA_CORE dependency (git-fixes).
- commit 8d92bbb
- dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX
(git-fixes).
- usb: dwc2: fix resume failure if dr_mode is host (git-fixes).
- usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN
(git-fixes).
- usb: bdc: fix sleep during atomic (git-fixes).
- serial: SH_SCI: improve "DMA support" prompt (git-fixes).
- serial: imx: change SERIAL_IMX_CONSOLE to bool (git-fixes).
- staging: rtl8723bs: fix null dereference in find_network
(git-fixes).
- iio: sca3000: Fix a resource leak in sca3000_probe()
(git-fixes).
- iio: gyro: itg3200: Fix unchecked return value in read_raw
(git-fixes).
- drivers: iio: mpu3050: use dev_err_probe for regulator request
(git-fixes).
- fpga: dfl: use subsys_initcall to allow built-in drivers to
be added (git-fixes).
- commit e89b2ea
- s390/mm: Fix __ptep_rdp() inline assembly (bsc#1253644).
- commit 647b0eb
- idpf: fix memory leak in idpf_vport_rel() (CVE-2026-23023
bsc#1257556).
- commit 1342616
- be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list
(CVE-2026-23084 bsc#1257830).
- commit 27fe347
- s390/cio: Update purge function to unregister the unused
subchannels (bsc#1254214).
- commit f8efca2
- leds: qcom-lpg: Check the return value of regmap_bulk_write()
(git-fixes).
- backlight: qcom-wled: Change PM8950 WLED configurations
(git-fixes).
- backlight: qcom-wled: Support ovp values for PMI8994
(git-fixes).
- mfd: arizona: Fix regulator resource leak on
wm5102_clear_write_sequencer() failure (git-fixes).
- mfd: core: Add locking around 'mfd_of_node_list' (git-fixes).
- mfd: tps6105x: Fix kernel-doc warnings relating to the core
struct and tps6105x_mode (git-fixes).
- Revert "mfd: da9052-spi: Change read-mask to write-mask"
(stable-fixes).
- pinctrl: single: fix refcount leak in pcs_add_gpio_func()
(git-fixes).
- pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition
(git-fixes).
- pinctrl: equilibrium: Fix device node reference leak in
pinbank_init() (git-fixes).
- Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB
(stable-fixes).
- commit 516fe60
- cpufreq/amd-pstate: Fix the clamping of perf values
(bsc#1247180).
- commit 1c51466
- cpufreq/amd-pstate: Modularize perf<->freq conversion
(bsc#1247180).
- commit b734845
- cpufreq/amd-pstate: Refactor max frequency calculation
(bsc#1247180).
- commit 3f6ce63
- cpufreq/amd-pstate: fix setting policy current frequency value
(bsc#1247180).
- refresh: patches.suse/cpufreq-amd-pstate-add-check-for-cpufreq_cpu_get-s-return-value.patch
- commit 1ceeaef
- cpufreq: amd-pstate: Unify computation of
{max,min,nominal,lowest_nonlinear}_freq (bsc#1247180).
- commit e72d986
- Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153 bsc#1258226)
- commit a1168ae
- Input: stmfts - make comments correct (git-fixes).
- Input: stmfts - correct wording for the warning message
(git-fixes).
- clk: qcom: gfx3d: add parent to parent request map (git-fixes).
- clk: qcom: dispcc-sdm845: Enable parents for pixel clocks
(git-fixes).
- clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc
(git-fixes).
- clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc
(git-fixes).
- clk: qcom: rcg2: compute 2d using duty fraction directly
(git-fixes).
- clk: mediatek: Fix error handling in runtime PM setup
(git-fixes).
- clk: meson: g12a: Limit the HDMI PLL OD to /4 (git-fixes).
- clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs
(git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak in
tegra124_clk_register_emc() (git-fixes).
- clk: tegra: tegra124-emc: fix device leak on set_rate()
(git-fixes).
- clk: clk-apple-nco: Add "apple,t8103-nco" compatible
(git-fixes).
- clk: renesas: rzg2l: Select correct div round macro (git-fixes).
- clk: renesas: rzg2l: Fix intin variable size (git-fixes).
- fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()
(git-fixes).
- fbdev: of: display_timing: fix refcount leak in
of_get_display_timings() (git-fixes).
- fbdev: vt8500lcdfb: fix missing dma_free_coherent() (git-fixes).
- fbcon: check return value of con2fb_acquire_newinfo()
(git-fixes).
- fbdev: rivafb: fix divide error in nv3_arb() (git-fixes).
- rpmsg: core: fix race in driver_override_show() and use core
helper (git-fixes).
- commit b135afb
- Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153)
- commit 2fe2c66
- platform/x86: ISST: Add missing write block check (git-fixes).
- commit 0d05e52
- crypto: ccp - Add an S4 restore flow (git-fixes).
- tools/power/x86/intel-speed-select: Fix file descriptor leak
in isolate_cpus() (git-fixes).
- mtd: rawnand: pl353: Fix software ECC support (git-fixes).
- mtd: spinand: Fix kernel doc (git-fixes).
- mtd: rawnand: cadence: Fix return type of CDMA send-and-wait
helper (git-fixes).
- mtd: parsers: ofpart: fix OF node refcount leak in
parse_fixed_partitions() (git-fixes).
- mtd: parsers: Fix memory leak in
mtd_parser_tplink_safeloader_parse() (git-fixes).
- commit 766aa67
- ice: fix devlink reload call trace (CVE-2026-23104 bsc#1257763).
- net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv
(CVE-2026-23035 bsc#1257559).
- idpf: fix error handling in the init_task on load
(CVE-2026-23017 bsc#1257552).
- commit fb93c36
- power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer
(git-fixes).
- power: supply: wm97xx: Fix NULL pointer dereference in
power_supply_changed() (git-fixes).
- power: supply: bq27xxx: fix wrong errno when bus ops are
unsupported (git-fixes).
- power: reset: nvmem-reboot-mode: respect cell size for
nvmem_cell_write (git-fixes).
- power: supply: sbs-battery: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: rt9455: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: goldfish: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: cpcap-battery: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: bq25980: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: bq256xx: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: act8945a: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: ab8500: Fix use-after-free in
power_supply_changed() (git-fixes).
- ata: pata_ftide010: Fix some DMA timings (git-fixes).
- rapidio: replace rio_free_net() with kfree() in
rio_scan_alloc_net() (git-fixes).
- commit 46137a2
- dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (CVE-2026-23004 bsc#1257231).
- commit 75a3dd5
- net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064
bsc#1257765).
- net/sched: qfq: Use cl_is_active to determine whether class
is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775).
- commit a17643b
- Update upstreamed net and powerpc patch references and sorting
- commit 638a424
- KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104).
- commit 1d88ad6
- vsock/virtio: Coalesce only linear skb (bsc#1257740, CVE-2026-23057).
- commit 09262b6
- drm/xe: Unregister drm device on probe error (git-fixes).
- drm/msm/dpu: drop intr_start from DPU 3.x catalog files
(git-fixes).
- drm/msm/disp: set num_planes to 1 for interleaved YUV formats
(git-fixes).
- drm/msm/dpu: fix WD timer handling on DPU 8.x (git-fixes).
- drm/msm/dpu: Set vsync source irrespective of mdp top support
(git-fixes).
- drm/bridge: anx7625: Fix invalid EDID size (git-fixes).
- drm/amdkfd: Fix signal_eviction_fence() bool return value
(git-fixes).
- drm/amd: Drop "amdgpu kernel modesetting enabled" message
(git-fixes).
- drm/panthor: Evict groups before VM termination (git-fixes).
- drm/panel: sw43408: Remove manual invocation of unprepare at
remove (git-fixes).
- drm/panthor: Make sure we resume the tick when new jobs are
submitted (git-fixes).
- drm/panthor: Fix the logic that decides when to stop ticking
(git-fixes).
- drm/panthor: Fix immediate ticking on a disabled tick
(git-fixes).
- drm/panthor: Fix the group priority rotation logic (git-fixes).
- drm/panthor: Fix the full_tick check (git-fixes).
- drm/panthor: Recover from panthor_gpu_flush_caches() failures
(git-fixes).
- media: verisilicon: AV1: Fix tile info buffer size (git-fixes).
- media: ipu6: Fix RPM reference leak in probe error paths
(git-fixes).
- media: ipu6: Fix typo and wrong constant in ipu6-mmu.c
(git-fixes).
- media: ccs: Fix setting initial sub-device state (git-fixes).
- media: tegra-video: Fix memory leak in
__tegra_channel_try_format() (git-fixes).
- media: verisilicon: AV1: Set IDR flag for intra_only frame type
(git-fixes).
- media: amphion: Drop min_queued_buffers assignment (git-fixes).
- media: verisilicon: AV1: Fix tx mode bit setting (git-fixes).
- media: verisilicon: AV1: Fix enable cdef computation
(git-fixes).
- media: chips-media: wave5: Fix memory leak on codec_info
allocation failure (git-fixes).
- HID: intel-ish-hid: fix NULL-ptr-deref in
ishtp_bus_remove_all_clients (git-fixes).
- drm/xe/pm: Disable D3Cold for BMG only on specific platforms
(git-fixes).
- drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
(stable-fixes).
- drm/xe/pm: Also avoid missing outer rpm warning on system
suspend (stable-fixes).
- commit bef2297
- nvme-tcp: fix NULL pointer dereferences in
nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209).
- commit f5cd5c5
- wifi: ath10k: sdio: add missing lock protection in
ath10k_sdio_fw_crashed_dump() (git-fixes).
- wifi: ath9k: fix kernel-doc warnings in common-debug.h
(git-fixes).
- wifi: ath9k: debug.h: fix kernel-doc bad lines and struct
ath_tx_stats (git-fixes).
- wifi: cfg80211: stop NAN and P2P in cfg80211_leave (git-fixes).
- wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add
(git-fixes).
- wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()
(git-fixes).
- wifi: cfg80211: Fix use_for flag update on BSS refresh
(git-fixes).
- soc: mediatek: svs: Fix memory leak in svs_enable_debug_write()
(git-fixes).
- soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in
cmd_db_dev_probe (git-fixes).
- soc: qcom: smem: handle ENOMEM error during probe (git-fixes).
- wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt
twice (stable-fixes).
- wifi: mac80211: correctly check if CSA is active (stable-fixes).
- wifi: cfg80211: Fix bitrate calculation overflow for HE rates
(stable-fixes).
- wifi: mac80211: collect station statistics earlier when
disconnect (stable-fixes).
- wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
(stable-fixes).
- wifi: wlcore: ensure skb headroom before skb_push
(stable-fixes).
- commit 7dd6fbf
- PCI: mediatek: Fix IRQ domain leak when MSI allocation fails
(git-fixes).
- PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404]
(git-fixes).
- PCI: Fix pci_slot_trylock() error handling (git-fixes).
- PCI/portdrv: Fix potential resource leak (git-fixes).
- PCI/PM: Avoid redundant delays on D3hot->D3cold (git-fixes).
- PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page()
fails (git-fixes).
- PCI/IOV: Fix race between SR-IOV enable/disable and hotplug
(git-fixes).
- Revert "PCI/IOV: Add PCI rescan-remove locking when
enabling/disabling SR-IOV" (git-fixes).
- PCI/ACPI: Restrict program_hpx_type2() to AER bits (git-fixes).
- PCI: Initialize RCB from pci_configure_device() (git-fixes).
- PCI: Mark 3ware-9650SA Root Port Extended Tags as broken
(git-fixes).
- regulator: core: move supply check earlier in
set_machine_constraints() (git-fixes).
- regulator: core: fix locking in regulator_resolve_supply()
error path (git-fixes).
- platform/chrome: cros_ec_lightbar: Fix response size
initialization (git-fixes).
- platform/chrome: cros_typec_switch: Don't touch struct
fwnode_handle::dev (git-fixes).
- soc: ti: pruss: Fix double free in pruss_clk_mux_setup()
(git-fixes).
- soc: ti: k3-socinfo: Fix regmap leak on probe failure
(git-fixes).
- regmap: maple: free entry on mas_store_gfp() failure
(stable-fixes).
- commit 5d29d16
- nfc: hci: shdlc: Stop timers and work before freeing context
(git-fixes).
- PCI: Do not attempt to set ExtTag for VFs (git-fixes).
- PCI: endpoint: Fix swapped parameters in
pci_{primary/secondary}_epc_epf_unlink() functions (git-fixes).
- media: uvcvideo: Fix allocation for small frame sizes
(git-fixes).
- media: venus: vdec: fix error state assignment for zero
bytesused (git-fixes).
- media: ccs: Accommodate C-PHY into the calculation (git-fixes).
- media: i2c: ov5647: use our own mutex for the ctrl lock
(git-fixes).
- media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode
(git-fixes).
- media: i2c: ov5647: Sensor should report RAW color space
(git-fixes).
- media: i2c: ov5647: Correct minimum VBLANK value (git-fixes).
- media: i2c: ov5647: Correct pixel array offset (git-fixes).
- media: i2c: ov5647: Initialize subdev before controls
(git-fixes).
- media: ccs: Avoid possible division by zero (git-fixes).
- media: qcom: camss: vfe: Fix out-of-bounds access in
vfe_isr_reg_update() (git-fixes).
- media: i2c/tw9906: Fix potential memory leak in tw9906_probe()
(git-fixes).
- media: i2c/tw9903: Fix potential memory leak in tw9903_probe()
(git-fixes).
- media: cx25821: Add missing unmap in snd_cx25821_hw_params()
(git-fixes).
- media: cx23885: Add missing unmap in snd_cx23885_hw_params()
(git-fixes).
- media: cx88: Add missing unmap in snd_cx88_hw_params()
(git-fixes).
- net: usb: sr9700: support devices with virtual driver CD
(stable-fixes).
- commit b9e0ae7
- drm/msm/a2xx: fix pixel shader start on A225 (git-fixes).
- drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x (git-fixes).
- drm/buddy: Prevent BUG_ON by validating rounded allocation
(git-fixes).
- drm/tegra: dsi: fix device leak on probe (git-fixes).
- media: radio-keene: fix memory leak in error path (git-fixes).
- media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove()
(git-fixes).
- media: mtk-mdp: Fix error handling in probe function
(git-fixes).
- HID: hid-pl: handle probe errors (git-fixes).
- HID: playstation: Add missing check for input_ff_create_memless
(git-fixes).
- Revert "hwmon: (ibmpex) fix use-after-free in high/low store"
(git-fixes).
- hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler
optimization induced race (git-fixes).
- HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30
(2d99:a101) (stable-fixes).
- HID: i2c-hid: fix potential buffer overflow in
i2c_hid_get_report() (stable-fixes).
- HID: quirks: Add another Chicony HP 5MP Cameras to
hid_ignore_list (stable-fixes).
- HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL
(stable-fixes).
- HID: intel-ish-hid: Reset enum_devices_done before enumeration
(stable-fixes).
- HID: intel-ish-hid: Update ishtp bus match to support device
ID table (stable-fixes).
- HID: playstation: Center initial joystick axes to prevent
spurious events (stable-fixes).
- commit a4d4518
- Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors
(git-fixes).
- ASoC: amd: drop unused Kconfig symbols (git-fixes).
- ASoC: pxa: drop unused Kconfig symbol (git-fixes).
- ASoC: SOF: ipc4-control: Keep the payload size up to date
(git-fixes).
- ASoC: SOF: ipc4-control: Use the correct size for
scontrol->ipc_control_data (git-fixes).
- ASoC: SOF: ipc4-topology: Correct the allocation size for
bytes controls (git-fixes).
- ASoC: SOF: ipc4-control: If there is no data do not send bytes
update (git-fixes).
- bus: fsl-mc: fix an error handling in fsl_mc_device_add()
(git-fixes).
- ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU
(git-fixes).
- ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU
(stable-fixes).
- ASoC: tlv320adcx140: Propagate error codes during probe
(stable-fixes).
- ASoC: amd: yc: Fix microphone on ASUS M6500RE (stable-fixes).
- ASoC: davinci-evm: Fix reference leak in davinci_evm_probe
(stable-fixes).
- ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk
(stable-fixes).
- commit cd7803f
- ktls, sockmap: Fix missing uncharge operation (bsc#1252008).
- commit 9d87a7d
- net/sched: Enforce that teql can only be used as root qdisc
(CVE-2026-23074 bsc#1257749).
- commit 476e9b8
- Bluetooth: btintel_pcie: Use IRQF_ONESHOT and default primary
handler (git-fixes).
- platform/x86: int0002: Remove IRQF_ONESHOT from request_irq()
(git-fixes).
- genirq: Set IRQF_COND_ONESHOT in devm_request_irq() (git-fixes).
- crypto: hisilicon/trng - support tfms sharing the device
(git-fixes).
- crypto: hisilicon/zip - adjust the way to obtain the req in
the callback function (git-fixes).
- commit 6098b0f
- mfd: wm8350-core: Use IRQF_ONESHOT (git-fixes).
- crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists
correctly (git-fixes).
- crypto: virtio - Remove duplicated virtqueue_kick in
virtio_crypto_skcipher_crypt_req (git-fixes).
- crypto: virtio - Add spinlock protection with virtqueue
notification (git-fixes).
- crypto: hisilicon/sec2 - support skcipher/aead fallback for
hardware queue unavailable (git-fixes).
- crypto: octeontx - fix dma_free_coherent() size (git-fixes).
- crypto: cavium - fix dma_free_coherent() size (git-fixes).
- crypto: iaa - Fix out-of-bounds index in
find_empty_iaa_compression_mode (git-fixes).
- crypto: octeontx - Fix length check to avoid truncation in
ucode_load_store (git-fixes).
- crypto: qat - fix warning on adf_pfvf_pf_proto.c (git-fixes).
- crypto: qat - fix parameter order used in
ICP_QAT_FW_COMN_FLAGS_BUILD (git-fixes).
- Documentation: mailbox: mbox_chan_ops.flush() is optional
(git-fixes).
- commit ef8920f
- irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085)
- commit e3370c0
- arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762 CVE-2026-23107)
- commit c430300
- arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772 CVE-2026-23102)
- commit 6759c0c
- arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state (bsc#1257772 CVE-2026-23102)
- commit 1baf93e
- Octeontx2-af: Add proper checks for fwdata (bsc#1257709 CVE-2026-23070)
- commit 31e5415
- blacklist.conf: CVE-2025-68789 is invalid
- Delete
patches.suse/hwmon-ibmpex-fix-use-after-free-in-high-low-store.patch.
- commit 4322f6e
- net: tunnel: make skb_vlan_inet_prepare() return drop reasons
(bsc#1257942 bsc#1257246 CVE-2026-23003).
- commit 3935902
- vxlan: Pull inner IP header in vxlan_xmit_one() (bsc#1257942
bsc#1257246 CVE-2026-23003).
- commit 8097957
- spi: tegra210-quad: Protect curr_xfer check in IRQ handler (bsc#1257952)
- commit 54f273c
- spi: tegra210-quad: Protect curr_xfer clearing in (bsc#1257952)
- commit 1da9508
- spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (bsc#1257952)
- commit 25ff6b8
- spi: tegra210-quad: Protect curr_xfer assignment in (bsc#1257952)
- commit e3d34f8
- spi: tegra210-quad: Move curr_xfer read inside spinlock (bsc#1257952)
- commit 4658841
- spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed (bsc#1257952)
- commit 997844c
- thermal: intel: x86_pkg_temp_thermal: Handle invalid temperature
(git-fixes).
- i3c: master: Update hot-join flag only on success (git-fixes).
- commit 854a137
- PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races
(git-fixes).
- PM: wakeup: Handle empty list in wakeup_sources_walk_start()
(git-fixes).
- ACPICA: Fix NULL pointer dereference in
acpi_ev_address_space_dispatch() (git-fixes).
- tpm: st33zp24: Fix missing cleanup on get_burstcount() error
(git-fixes).
- tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount()
failure (git-fixes).
- i3c: dw: Initialize spinlock to avoid upsetting lockdep
(git-fixes).
- i3c: Move device name assignment after i3c_bus_init (git-fixes).
- auxdisplay: arm-charlcd: fix release_mem_region() size
(git-fixes).
- commit b423671
- workqueue: mark power efficient workqueue as unbounded if (bsc#1257891)
- commit a0e31fb
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
(CVE-2026-23089 bsc#1257790).
- commit c09ea34
- spi: tegra114: Preserve SPI mode bits in def_command1_reg
(git-fixes).
- spi: tegra: Fix a memory leak in tegra_slink_probe()
(git-fixes).
- spi: tegra210-quad: Protect curr_xfer check in IRQ handler
(git-fixes).
- spi: tegra210-quad: Protect curr_xfer clearing in
tegra_qspi_non_combined_seq_xfer (git-fixes).
- spi: tegra210-quad: Protect curr_xfer in
tegra_qspi_combined_seq_xfer (git-fixes).
- spi: tegra210-quad: Protect curr_xfer assignment in
tegra_qspi_setup_transfer_one (git-fixes).
- spi: tegra210-quad: Move curr_xfer read inside spinlock
(git-fixes).
- spi: tegra210-quad: Return IRQ_HANDLED when timeout already
processed transfer (git-fixes).
- commit 95b4070
- drm/amdgpu: stop unmapping MQD for kernel queues v3
(stable-fixes).
- drm/amdgpu: remove invalid usage of sched.ready (stable-fixes).
- commit b0da37b
- drm/xe/query: Fix topology query pointer advance (git-fixes).
- Revert "drm/nouveau/disp: Set
drm_mode_config_funcs.atomic_(check|commit)" (git-fixes).
- drm/amdgpu/gfx12: fix wptr reset in KGQ init (stable-fixes).
- commit 7e1670f
- ALSA: hda/realtek: Add quirk for Inspur S14-G1 (stable-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for
HP machine (stable-fixes).
- ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list
(stable-fixes).
- ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel
(stable-fixes).
- ALSA: hda/realtek - fixed speaker no sound (stable-fixes).
- commit e53fbb8
- ASoC: amd: fix memory leak in acp3x pdm dma ops (git-fixes).
- ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update()
(git-fixes).
- hwmon: (occ) Mark occ_init_attribute() as __printf (git-fixes).
- drm/amd/display: fix wrong color value mapping on MCM shaper
LUT (git-fixes).
- Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem"
(git-fixes).
- drm/mgag200: fix mgag200_bmc_stop_scanout() (git-fixes).
- efivarfs: fix error propagation in efivar_entry_get()
(git-fixes).
- ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO
(stable-fixes).
- gpio: pca953x: mask interrupts in irq shutdown (stable-fixes).
- drm/amdgpu/gfx11: fix wptr reset in KGQ init (stable-fixes).
- drm/amdgpu/gfx10: fix wptr reset in KGQ init (stable-fixes).
- drm/amdgpu/soc21: fix xclk for APUs (stable-fixes).
- pinctrl: meson: mark the GPIO controller as sleeping
(git-fixes).
- drm/radeon: delete radeon_fence_process in is_signaled, no
deadlock (stable-fixes).
- commit 1cabea4
- net: openvswitch: fix middle attribute validation in push_nsh()
action (CVE-2025-68785 bsc#1256640).
- commit 3dbef50
- clocksource: Reduce watchdog readout delay limit to prevent
false positives (bsc#1241345).
- commit 6736e91
- clocksource: Print durations for sync check unconditionally
(bsc#1241345).
- commit 79738b2
- Revive thinkpad-lmi driver and mark as supported (jsc#PED-15553)
The driver is required for BIOS management on Lenovo machines.
- commit 9392d74
- clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & (git-fixes)
- commit ebcb744
- wifi: iwlwifi: mvm: pause TCM on fast resume (git-fixes).
- commit a467536
- iomap: account for unaligned end offsets when truncating read
range (git-fixes).
- blacklist.conf: Blacklist 40a71b53d5a6 and 524c3853831c
- commit 6f0c964
- ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref
(git-fixes).
- commit c2e8303
- mptcp: avoid deadlock on fallback while reinjecting
(CVE-2025-71126 bsc#1256755).
- mptcp: reset fallback status gracefully at disconnect() time
(CVE-2025-71126 bsc#1256755).
- commit 3b7ecc1
- arm64: Set __nocfi on swsusp_arch_resume() (git-fixes)
- commit c10bf0c
- ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv()
(CVE-2026-23003 bsc#1257246).
- commit 2b67457
- geneve: Fix incorrect inner network header offset when
innerprotoinherit is set (CVE-2026-23003 bsc#1257246).
- commit 167d4d3
- KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR
(failed VMRUN) (git-fixes).
- commit aab4ed6
- KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested
VM-Exits (git-fixes).
- commit 25f6c77
- KVM: x86: Explicitly set new periodic hrtimer expiration in
apic_timer_fn() (git-fixes).
- commit a923270
- KVM: x86: WARN if hrtimer callback for periodic APIC timer
fires with period=0 (git-fixes).
- commit a7b9a1d
- KVM: x86: Don't clear async #PF queue when CR0.PG is disabled
(e.g. on #SMI) (git-fixes).
- commit 0e3d0ad
- platform/x86: hp-bioscfg: Skip empty attribute names
(git-fixes).
- commit 6fb112e
- platform/x86: intel_telemetry: Fix PSS event register mask
(git-fixes).
- platform/x86: intel_telemetry: Fix swapped arrays in PSS output
(git-fixes).
- platform/x86: toshiba_haps: Fix memory leaks in add/remove
routines (git-fixes).
- commit 41b7ff7
- btrfs: scrub: always update btrfs_scrub_progress::last_physical
(git-fixes).
- commit b2c29ef
- avahi
-
- Add avahi-CVE-2026-24401.patch: Fix unsolicited mDNS response
containing a recursive CNAME record (bsc#1257235).
- util-linux
-
- Recognize fuse "portal" as a virtual file system (boo#1234736,
util-linux-libmount-fuse-portal.patch).
- fdisk: Fix possible partition overlay and data corruption if EBR
gap is missing (boo#1222465,
util-linux-libfdisk-ebr-missing-gap-1.patch,
util-linux-tests-fdisk-ebr-missing-gap-1.patch,
util-linux-tests-fdisk-ebr-missing-gap-2.patch,
util-linux-libfdisk-ebr-missing-gap-2.patch,
util-linux-tests-fdisk-ebr-missing-gap-3.patch).
- Use full hostname for PAM to ensure correct access control for
"login -h" (bsc#1258859, CVE-2026-3184,
util-linux-CVE-2026-3184.patch).
- libcap
-
- CVE-2026-4878: Fixed a a potential TOCTOU race condition in cap_set_file() (bsc#1261809)
0001-Address-a-potential-TOCTOU-race-condition-in-cap_set.patch:
- expat
-
- security update:
* CVE-2026-32776: expat: libexpat: NULL pointer dereference when
processing empty external parameter entities inside an entity
declaration value (bsc#1259726)
- Added patch expat-CVE-2026-32776.patch
* CVE-2026-32777: expat: libexpat: denial of service due to
infinite loop in DTD content parsing (bsc#1259711)
- Added patch expat-CVE-2026-32777.patch
* CVE-2026-32778: expat: libexpat: NULL pointer dereference in
`setContext` on retry after an out-of-memory condition (bsc#1259729)
- Added patch expat-CVE-2026-32778.patch
- security update
- added patches
CVE-2026-24515 [bsc#1257144], NULL dereference (CWE-476) due to function XML_ExternalEntityParserCreate() failing to copy the encoding handler data passed to XML_SetUnknownEncodingHandler() from the parent to the subparser
* expat-CVE-2026-24515.patch
CVE-2026-25210 [bsc#1257496], lack of buffer size check can lead to an integer overflow
* expat-CVE-2026-25210.patch
- gcc15
-
- Add gcc14-bsc1257463.patch to fix bogus expression simplification
[bsc#1257463]
- gnutls
-
- Add the functionality to allow to specify the hash algorithm for
the PSK. This fixes a bug in the current implementation where the
binder is always calculated with SHA256.
* (bsc#1258083, jsc#PED-15752, jsc#PED-15753)
* lib/psk: Add gnutls_psk_allocate_{client,server}_credentials2
* tests/psk-file: Add testing for _credentials2 functions
* lib/psk: add null check for binder algo
* pre_shared_key: fix memleak when retrying with different binder algo
* pre_shared_key: add null check on pskcred
* Add patches:
- gnutls-PSK-hash.patch
- gnutls-PSK-hash-tests.patch
- gnutls-PSK-hash-NULL-check.patch
- gnutls-PSK-hash-NULL-check-pskcred.patch
- gnutls-PSK-hash-fix-memleak.patch
- Security fix:
* CVE-2025-14831: DoS via excessive resource consumption during
certificate verification (bsc#1257960)
* Add gnutls-CVE-2025-14831.patch
- openldap2
-
- jsc#PED-15735 - expose ldap_log.h in -devel
* 0246-Include-ldap_log.h-in-devel.patch
- retcon .changes to satisfy source validator
- ncurses
-
- Add patch fix-bsc1259924.patch (bsc#1259924, CVE-2025-69720)
* Backport from ncurses-6.5-20251213.patch
- nfs-utils
-
- Fix access checks when mounting subdirectories in NFSv3
(CVE-2025-12801 bsc#1259204)
- add Fix-access-checks-when-mounting-subdirectories-in-NFSv3.patch
- add NFS-export-symlink-vulnerability-fix.patch
- add configure-check-for-rpc_gss_seccreate.patch
- add mountd-Minor-refactor-of-get_rootfh.patch
- add mountd-Separate-lookup-of-the-exported-directory-and-the-m.patch
- add support-Add-a-mini-library-to-extract-and-apply-RPC-creden.patch
- Split legacy libnfsidmap0 into a separate spec file (bsc#1246505)
- nghttp2
-
- added patches
CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845)
* nghttp2-CVE-2026-27135.patch
- openssl-1_1
-
- Security fix:
* CVE-2026-28390: NULL pointer dereference during processing of a crafted
CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678)
* Add openssl-CVE-2026-28390.patch
- Security fixes:
* CVE-2026-28387: Potential use-after-free in DANE client code
(bsc#1260441)
* CVE-2026-28388: NULL Pointer Dereference When Processing a
Delta (bsc#1260442)
* CVE-2026-28389: Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo (bsc#1260443)
* CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
(bsc#1260444)
* NULL pointer dereference when processing an
OCSP response (bsc#1260446)
* Add patches:
openssl-CVE-2026-28387.patch
openssl-CVE-2026-28388.patch
openssl-CVE-2026-28389.patch
openssl-CVE-2026-31789.patch
openssl-NULL-pointer-dereference-in-ocsp_find_signer_sk.patch
- openssl-3
-
- Enable MD2 in legacy provider (jsc#PED-15724)
- Security fix:
* CVE-2026-28390: NULL pointer dereference during processing of a crafted
CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678)
* Add openssl-CVE-2026-28390.patch
- Security fixes:
* CVE-2026-28387: Potential use-after-free in DANE client code
(bsc#1260441)
* CVE-2026-28388: NULL Pointer Dereference When Processing a
Delta (bsc#1260442)
* CVE-2026-28389: Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo (bsc#1260443)
* CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
(bsc#1260444)
* CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE
encapsulation (bsc#1260445)
* NULL pointer dereference when processing an OCSP response
(bsc#1260446)
* Add patches: openssl-CVE-2026-28387.patch
openssl-CVE-2026-28388.patch openssl-CVE-2026-28388-tests.patch
openssl-CVE-2026-28389.patch openssl-CVE-2026-31789.patch
openssl-CVE-2026-31790.patch openssl-CVE-2026-31790-tests.patch
openssl-NULL-pointer-dereference-in-ocsp_find_signer_sk.patch
- libpcap
-
- Fix bsc#1258668: Enable RMDA - Fix missing dependency in spec so libcap
is built with RMDA support.
- libpng16
-
- added patches
CVE-2026-34757: Information disclosure and data corruption via use-after-free vulnerability [bsc#1261957]
* libpng16-CVE-2026-34757.patch
- added patches
CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754)
* libpng16-CVE-2026-33416-1.patch
* libpng16-CVE-2026-33416-2.patch
* libpng16-CVE-2026-33416-3.patch
* libpng16-CVE-2026-33416-4.patch
CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755)
* libpng16-CVE-2026-33636.patch
- added patches
CVE-2026-25646: Heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020)
* libpng16-CVE-2026-25646.patch
- polkit
-
- avoid reading endless amounts of memory (CVE-2026-4897 bsc#1260859)
0001-CVE-2026-4897-getline-string-overflow.patch
- python311
-
- Add CVE-2026-3479-pkgutil_get_data.patch pkgutil.get_data() has
the same security model as open(). The documented limitations
ensure compatibility with non-filesystem loaders; Python
doesn't check that. (bsc#1259989, CVE-2026-3479,
gh#python/cpython#146121).
- Add CVE-2026-4519-webbrowser-open-dashes.patch to reject
leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519,
gh#python/cpython#143930).
- Add CVE-2025-13462-tarinfo-header-parse.patch which skips
TarInfo DIRTYPE normalization during GNU long name handling
(bsc#1259611, CVE-2025-13462).
- Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding
unbound C recursion in conv_content_model in pyexpat.c
(bsc#1259735, CVE-2026-4224).
- Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject
control characters in http.cookies.Morsel.update() and
http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644).
- Fix changelog
- Add CVE-2026-2297-SourcelessFileLoader-io_open_code.patch
ensuring that `SourcelessFileLoader` uses `io.open_code` when
opening `.pyc` files (bsc#1259240, CVE-2026-2297).
- Update to 3.11.15:
- Security
- gh-144125: BytesGenerator will now refuse to serialize
(write) headers that are unsafely folded or delimited; see
verify_generated_headers. (Contributed by Bas Bloemsaat and
Petr Viktorin in gh-121650) (bsc#1257181, CVE-2026-1299).
- gh-143935: Fixed a bug in the folding of comments when
flattening an email message using a modern email policy.
Comments consisting of a very long sequence of non-foldable
characters could trigger a forced line wrap that omitted
the required leading space on the continuation line,
causing the remainder of the comment to be interpreted as
a new header field. This enabled header injection with
carefully crafted inputs (bsc#1257029 CVE-2025-11468).
- gh-143925: Reject control characters in data: URL media
types (bsc#1257046, CVE-2025-15282).
- gh-143919: Reject control characters in http.cookies.Morsel
fields and values (bsc#1257031, CVE-2026-0672).
- gh-143916: Reject C0 control characters within
wsgiref.headers.Headers fields, values, and parameters
(bsc#1257042, CVE-2026-0865).
- gh-142145: Remove quadratic behavior in xml.minidom node ID
cache clearing. In order to do this without breaking
existing users, we also add the ownerDocument attribute to
xml.dom.minidom elements and attributes created by directly
instantiating the Element or Attr class. Note that this way
of creating nodes is not supported; creator functions like
xml.dom.Document.documentElement() should be used instead
(bsc#1254997, CVE-2025-12084).
- gh-137836: Add support of the “plaintext” element, RAWTEXT
elements “xmp”, “iframe”, “noembed” and “noframes”, and
optionally RAWTEXT element “noscript” in
html.parser.HTMLParser.
- gh-136063: email.message: ensure linear complexity for
legacy HTTP parameters parsing. Patch by Bénédikt Tran.
- gh-136065: Fix quadratic complexity in
os.path.expandvars() (bsc#1252974, CVE-2025-6075).
- gh-119451: Fix a potential memory denial of service in the
http.client module. When connecting to a malicious server,
it could cause an arbitrary amount of memory to be
allocated. This could have led to symptoms including
a MemoryError, swapping, out of memory (OOM) killed
processes or containers, or even system crashes
(CVE-2025-13836, bsc#1254400).
- gh-119452: Fix a potential memory denial of service in the
http.server module. When a malicious user is connected to
the CGI server on Windows, it could cause an arbitrary
amount of memory to be allocated. This could have led to
symptoms including a MemoryError, swapping, out of memory
(OOM) killed processes or containers, or even system
crashes.
- gh-119342: Fix a potential memory denial of service in the
plistlib module. When reading a Plist file received from
untrusted source, it could cause an arbitrary amount of
memory to be allocated. This could have led to symptoms
including a MemoryError, swapping, out of memory (OOM)
killed processes or containers, or even system crashes
(bsc#1254401, CVE-2025-13837).
- Library
- gh-144833: Fixed a use-after-free in ssl when SSL_new()
returns NULL in newPySSLSocket(). The error was reported
via a dangling pointer after the object had already been
freed.
- gh-144363: Update bundled libexpat to 2.7.4
- gh-90949: Add SetAllocTrackerActivationThreshold() and
SetAllocTrackerMaximumAmplification() to xmlparser objects
to prevent use of disproportional amounts of dynamic memory
from within an Expat parser. Patch by Bénédikt Tran.
- Core and Builtins
- gh-120384: Fix an array out of bounds crash in
list_ass_subscript, which could be invoked via some
specificly tailored input: including concurrent
modification of a list object, where one thread assigns
a slice and another clears it.
- gh-120298: Fix use-after free in list_richcompare_impl
which can be invoked via some specificly tailored evil
input.
Remove upstreamed patches:
- CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2025-12084-minidom-quad-search.patch
- CVE-2025-13836-http-resp-cont-len.patch
- CVE-2025-13837-plistlib-mailicious-length.patch
- CVE-2025-6075-expandvars-perf-degrad.patch
- CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-11468: preserving parens when folding comments in
email headers (bsc#1257029, gh#python/cpython#143935).
CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15282: basically the same as the previous patch for
urllib library. (bsc#1257046, gh#python/cpython#143925)
CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- CVE-2025-12781: fix decoding with non-standard Base64 alphabet
(bsc#1257108, gh#python/cpython#125346)
CVE-2025-12781-b64decode-alt-chars.patch
- python3
-
- CVE-2025-11468: preserving parens when folding comments in
email headers (bsc#1257029, gh#python/cpython#143935).
CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15282: basically the same as the previous patch for
urllib library. (bsc#1257046, gh#python/cpython#143925)
CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- Modify CVE-2024-6923-email-hdr-inject.patch to also include
patch for bsc#1257181 (CVE-2026-1299).
- ruby2.5
-
- update suse.patch to fdff0ae9b7
- backport REXML 3.4.4
- fix denial of service when parsing XML containing multiple XML declarations
bsc#1250016 CVE-2025-58767
- fix ReDoS in REXML hex numeric character reference parsing
bsc#1232440 bsc#1232441 CVE-2024-49761
- fix buffer overflow in zstream_buffer_ungets (Zlib::GzipReader)
bsc#1259239 CVE-2026-27820
- adjust rexml test suite for ruby 2.5 test-unit compatibility
- sqlite3
-
- Sync version 3.51.3 from Factory:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
- libssh
-
- CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler (bsc#1259377)
Added libssh-CVE-2026-3731.patch
- Security fixes:
* CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request() (bsc#1258049)
* CVE-2026-0965: Possible Denial of Service when parsing unexpected
configuration files (bsc#1258045)
* CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054)
* CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081)
* CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080)
* Add patches:
- libssh-CVE-2026-0964-scp-Reject-invalid-paths-received-thro.patch
- libssh-CVE-2026-0965-config-Do-not-attempt-to-read-non-regu.patch
- libssh-CVE-2026-0966-misc-Avoid-heap-buffer-underflow-in-ss.patch
- libssh-CVE-2026-0966-tests-Test-coverage-for-ssh_get_hexa.patch
- libssh-CVE-2026-0966-doc-Update-guided-tour-to-use-SHA256-f.patch
- libssh-CVE-2026-0967-match-Avoid-recursive-matching-ReDoS.patch
- libssh-CVE-2026-0968-sftp-Sanitize-input-handling-in-sftp_p.patch
- suseconnect-ng
-
- Update version to 1.21.1:
- Fix nil token handling (bsc#1261155)
- Switch to using go1.24-openssl as the default Go version to
install to support building the package (jsc#SCC-585).
- Update version to 1.21:
- Add expanded metric collection for kernel modules and hardware
detection (jsc#TEL-226).
- Support new profile based metric collection
- Fix ignored --root parameter hanbling when reading and
writing configuration (bsc#1257667)
- Add expanded metric collection for system vendor/manfacturer
(jsc#TEL-260).
- Removed backport patch: fix-libsuseconnect-and-pci.patch
- Add missing product id to allow yast2-registration to not break (bsc#1257825)
- Fix libsuseconnect APIError detection logic (bsc#1257825)
- Regressions found during QA test runs:
- Ignore product in announce call (bsc#1257490)
- Registration to SMT server with failed (bsc#1257625)
- Backported by PATCH: fix-libsuseconnect-and-pci.patch
- Update version to 1.20:
- Update error message for Public Cloud instances with registercloudguest
installed. SUSEConnect -d is disabled on PYAG and BYOS when the
registercloudguest command is available. (bsc#1230861)
- Enhanced SAP detected. Take TREX into account and remove empty values when
only /usr/sap but no installation exists (bsc#1241002)
- Fixed modules and extension link to point to version less documentation. (bsc#1239439)
- Fixed SAP instance detection (bsc#1244550)
- Remove link to extensions documentation (bsc#1239439)
- Migrate to the public library
- Version 1.14 public library release
This version is only available on Github as a tag to release the
new golang public library which can be consumed without the need
to interface with SUSEConnect directly.
- systemd
-
- Import commit c89ea566d98c8e3fb29a5b8edd4576b135b4bc92
a943e3ce2f machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105)
71593f77db udev: fix review mixup
73a89810b4 udev-builtin-net-id: print cescaped bad attributes
0f360bfdc0 udev-builtin-net_id: do not assume the current interface name is ethX
40905232e2 udev: ensure tag parsing stays within bounds
7bce9026e3 udev: ensure there is space for trailing NUL before calling sprintf
d018ac1ea3 udev: check for invalid chars in various fields received from the kernel (bsc#1259697)
- Import commit 626ffc7844795870235d15c6daab695f2d53a11e
aef6e11921 core/cgroup: avoid one unnecessary strjoina()
cc7426f38a sd-json: fix off-by-one issue when updating parent for array elements
26a748f727 core: validate input cgroup path more prudently (CVE-2026-29111 bsc#1259418)
99d8308fde core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs
- tpm2-0-tss
-
- add Requires to libtss2-fapi to pull in the tss user (bsc#1258720).
Otherwise, when installing libtss2-fapi on its own, errors from
systemd-tmpfiles can appear.
- libxml2
-
- CVE-2026-0990: call stack overflow leading to application crash
due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811)
* Add patch libxml2-CVE-2026-0990.patch
- CVE-2026-0992: excessive resource consumption when processing XML
catalogs due to exponential behavior when handling `<nextCatalog>` elements (bsc#1256808, bsc#1256809, bsc#1256812)
* Add patch libxml2-CVE-2026-0992.patch
- CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858, bsc#1247850)
* Add patch libxml2-CVE-2025-8732.patch
- CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257593, bsc#1257594, bsc#1257595)
* Add patch libxml2-CVE-2026-1757.patch
- CVE-2025-10911: use-after-free with key data stored cross-RVT (bsc#1250553)
* Add patch libxml2-CVE-2025-10911.patch
- CVE-2026-0989: call stack exhaustion leading to application crash
due to RelaxNG parser not limiting the recursion depth when
resolving `<include>` directives (bsc#1256804, bsc#1256805, bsc#1256810)
* Add patch libxml2-CVE-2026-0989.patch
* https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
- libxslt
-
- CVE-2025-10911 will be fixed on libxml2 side instead [bsc#1250553]
- deleted patches
* libxslt-CVE-2025-10911.patch
- zlib
-
- Fix CVE-2026-27171, infinite loop via the crc32_combine64 and
crc32_combine_gen64 functions due to missing checks for negative
lengths (bsc#1258392)
* CVE-2026-27171.patch
- makedumpfile
-
- makedumpfile-Fix-data-race-in-multi-threading-mode.patch: Fix a
data race in multi-threading mode (--num-threads=N)
(bsc#1245569, bsc#1256455).
- mdadm
-
- Update to version 4.4+40.g243a5d9f:
* avoid mdcheck_continue.timer and mdcheck_start.timer
firing simultaneously (bsc#1243443, bsc#1259090)
- Update to version 4.4+39.g6e1c3b06:
* platform-intel: Deal with hot-unplugged devices (bsc#1258265)
* imsm: Fix UEFI backward compatibility for RAID10D4 (bsc#1257009)
- Update to version 4.4+37.gea219956:
- Backport upstream fixes from 4.5 (bsc#1257009)
* Re-enable mdadm --monitor ... for /dev/mdX
* Allow RAID0 to be created with v0.90 metadata
* Moves memory management into Assemble to avoid null pointer dereference
* Support non-absolute name during monitor scan
* Don't set badblock flag when adding a new disk
* Fix metadata corruption when managing new imsm array
- mozilla-nss
-
- update to NSS 3.112.4
* bmo#2030135 - improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey.
* bmo#2029752 - Improving the allocation of S/MIME DecryptSymKey.
* bmo#2029462 - store email on subject cache_entry in NSS trust domain.
* bmo#2029425 - Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation.
* bmo#2029323 - Improve size calculations in CMS content buffering.
* bmo#2028001 - avoid integer overflow while escaping RFC822 Names.
* bmo#2027378 - Reject excessively large ASN.1 SEQUENCE OF in quickder.
* bmo#2027365 - Deep copy profile data in CERT_FindSMimeProfile.
* bmo#2027345 - Improve input validation in DSAU signature decoding.
* bmo#2026311 - avoid integer overflow in RSA_EMSAEncodePSS.
* bmo#2019357 - RSA_EMSAEncodePSS should validate the length of mHash.
* bmo#2026156 - Add a maximum cert uncompressed len and tests.
* bmo#2026089 - Clarify extension negotiation mechanism for TLS Handshakes.
* bmo#2023209 - ensure permittedSubtrees don't match wildcards that could be outside the permitted tree.
* bmo#2023207 - Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag.
* bmo#2019224 - Remove invalid PORT_Free().
* bmo#1964722 - free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed.
* bmo#1935995 - make ss->ssl3.hs.cookie an owned-copy of the cookie.
- update to NSS 3.112.3
* bmo#2009552 - avoid integer overflow in platform-independent ghash
- python-PyJWT
-
- Add CVE-2026-32597_crit-header.patch to reject the crit
(Critical) Header Parameter defined in RFC 7515 (bsc#1259616,
CVE-2026-32597).
- python-certifi
-
- Add python36-certifi provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-idna
-
- Add python36-idna provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-packaging
-
- Add python36-packaging provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-pyasn1
-
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803)
Add patch CVE-2026-30922.patch
- python-pycparser
-
- Add python36-pycparser provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-py
-
- Add python36-py provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-requests
-
- CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589)
Add patch CVE-2026-25645.patch
- Add python36- provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-six
-
- Add python36-six provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-urllib3
-
- fix regression in CVE-2025-66471.patch when downloading large files
(bsc#1259829)
- python-boto3
-
- Update to 1.42.27
* api-change:``bedrock``: [``botocore``] This change will increase TestCase guardContent input size
from 1024 to 2028 characters and PolicyBuildDocumentDescription from 2000 to 4000 characters
* api-change:``datazone``: [``botocore``] Adds support for IAM role subscriptions to Glue table
listings via CreateSubscriptionRequest API. Also adds owningIamPrincipalArn filter to List APIs and
subscriptionGrantCreationMode parameter to subscription target APIs for controlling grant creation
behavior.
- from version 1.42.26
* api-change:``billing``: [``botocore``] Cost Categories filtering support to BillingView data
filter expressions through the new costCategories parameter, enabling users to filter billing views
by AWS Cost Categories for more granular cost management and allocation.
* api-change:``iot-managed-integrations``: [``botocore``] This release introduces WiFi Simple Setup
(WSS) enabling device provisioning via barcode scanning with automated network discovery,
authentication, and credential provisioning. Additionally, it introduces 2P Device Capability
Rediscovery for updating hub-managed device capabilities post-onboarding.
* api-change:``sagemaker``: [``botocore``] Added ultraServerType to the UltraServerInfo structure
to support server type identification for SageMaker HyperPod
- from version 1.42.25
* api-change:``bedrock-agentcore-control``: [``botocore``] Adds optional field "view" to GetMemory
API input to give customers control over whether CMK encrypted data such as strategy decryption or
override prompts is returned or not.
* api-change:``cloudfront``: [``botocore``] Added EntityLimitExceeded exception handling to the
following API operations AssociateDistributionWebACL, AssociateDistributionTenantWebACL,
UpdateDistributionWithStagingConfig
* api-change:``glue``: [``botocore``] Adding MaterializedViews task run APIs
* api-change:``medialive``: [``botocore``] MediaPackage v2 output groups in MediaLive can now
accept one additional destination for single pipeline channels and up to two additional
destinations for standard channels. MediaPackage v2 destinations now support sending to cross
region MediaPackage channels.
* api-change:``transcribe``: [``botocore``] Adds waiters to Amazon Transcribe.
- from version 1.42.24
* api-change:``workspaces``: [``botocore``] Add StateMessage and ProgressPercentage fields to
DescribeCustomWorkspaceImageImport API response.
- from version 1.42.23
* api-change:``ce``: [``botocore``] This release updates existing reservation recommendations API
to support deployment model.
* api-change:``emr-serverless``: [``botocore``] Added support for enabling disk encryption using
customer managed AWS KMS keys to CreateApplication, UpdateApplication and StartJobRun APIs.
- from version 1.42.22
* api-change:``cleanroomsml``: [``botocore``] AWS Clean Rooms ML now supports advanced Spark
configurations to optimize SQL performance when creating an MLInputChannel or an audience
generation job.
- from version 1.42.21
* bugfix:``s3``: [``botocore``] Clarify ``payload_signing_enabled`` documentation to cover
interaction with ``request_checksum_calculation``
- from version 1.42.20
* api-change:``cleanrooms``: [``botocore``] Added support for publishing detailed metrics to
CloudWatch for operational monitoring of collaborations, including query performance and resource
utilization.
* api-change:``identitystore``: [``botocore``] This change introduces "Roles" attribute for User
entities supported by AWS Identity Store SDK.
- from version 1.42.19
* api-change:``connect``: [``botocore``] Adds support for searching global contacts using the
ActiveRegions filter, and pagination support for ListSecurityProfileFlowModules and
ListEntitySecurityProfiles.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``kafkaconnect``: [``botocore``] This change sets the KafkaConnect GovCloud FIPS and
FIPS DualStack endpoints to use kafkaconnect instead of kafkaconnect-fips as the service name. This
is done to match the Kafka endpoints.
- from version 1.42.18
* api-change:``connect``: [``botocore``] Changes for Contact for Global Search
* api-change:``elastictranscoder``: [``botocore``] The elastictranscoder client has been removed
following the deprecation of the service.
* api-change:``quicksight``: [``botocore``] This release adds support for quick users to be able to
perform role upgrades on their own. Additionally it allows admins to make this feature admin or
auto approval along with new self upgrade capability that can be restricted by Admins.
- from version 1.42.17
* api-change:``medialive``: [``botocore``] AWS Elemental MediaLive now supports Pipeline Locking
using Video Alignment as well as linked single pipeline channels to enable cross-channel and
cross-region Pipeline Locking workflows.
- from version 1.42.16
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``geo-places``: [``botocore``] Adds support for InferredSecondaryAddress place type,
Designator in SecondaryAddressComponent and Heading in ReverseGeocode.
* api-change:``pinpoint-sms-voice-v2``: [``botocore``] This release adds support for the
Registration Reviewer feature, which provides generative AI feedback on a phone number or sender ID
registration to ensure completeness before sending to downstream (carrier) review.
* api-change:``s3``: [``botocore``] Add additional validation to Outpost bucket names.
- from version 1.42.15
* api-change:``config``: [``botocore``] Added supported resourceTypes for Config from July to
November 2025
* api-change:``ec2``: [``botocore``] Adds support for linkedGroupId on the CreatePlacementGroup and
DescribePlacementGroups APIs. The linkedGroupId parameter is reserved for future use.
* api-change:``guardduty``: [``botocore``] Make accountIds a required field in
GetRemainingFreeTrialDays API to reflect service behavior.
* api-change:``pcs``: [``botocore``] Change API Reference Documentation for default Mode in
Accounting and SlurmRest
- from version 1.42.14
* api-change:``arc-region-switch``: [``botocore``] Automatic Plan Execution Reports allow customers
to maintain a concise record of their Region switch Plan executions. This enables customer SREs
and leadership to have a clear view of their recovery posture based on the generated reports for
their Plan executions.
* api-change:``connect``: [``botocore``] Adding support for Custom Metrics and Pre-Defined
Attributes to GetCurrentMetricData API.
* api-change:``emr-serverless``: [``botocore``] Added JobLevelCostAllocationConfiguration field to
enable cost allocation reporting at the job level, providing more granular visibility into EMR
Serverless charges
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``iot``: [``botocore``] This release adds event-based logging feature that enables
granular event logging controls for AWS IoT logs.
* api-change:``qbusiness``: [``botocore``] It is a internal bug fix for region expansion
* api-change:``wickr``: [``botocore``] AWS Wickr now provides a suite of admin APIs to allow you to
programmatically manage secure communication for Wickr networks at scale. These APIs enable you to
automate administrative workflows including user lifecycle management, network configuration, and
security group administration.
* api-change:``workspaces-web``: [``botocore``] Add support for WebAuthn under user settings.
- from version 1.42.13
* api-change:``appstream``: [``botocore``] Added support for new operating systems (1) Ubuntu 24.04
Pro LTS on Elastic fleets, and (2) Microsoft Server 2025 on Always-On and On-Demand fleets
* api-change:``arc-region-switch``: [``botocore``] New API to list Route 53 health checks created
by ARC region switch for a plan in a specific AWS Region using the Region switch Regional data
plane.
* api-change:``artifact``: [``botocore``] Add support for ListReportVersions API for the calling
AWS account.
* api-change:``bedrock-agentcore-control``: [``botocore``] Feature to support header exchanges
between Bedrock AgentCore Gateway Targets and client, along with propagating query parameter to the
configured targets.
* api-change:``bedrock-data-automation``: [``botocore``] Blueprint Optimization (BPO) is a new
Amazon Bedrock Data Automation (BDA) capability that improves blueprint inference accuracy using
example content assets and ground truth data. BPO works by generating better instructions for
fields in the Blueprint using provided data.
* api-change:``cleanrooms``: [``botocore``] Adding support for collaboration change requests
requiring an approval workflow. Adding support for change requests that grant or revoke results
receiver ability and modifying auto approved change types in an existing collaboration.
* api-change:``ec2``: [``botocore``] This release adds AvailabilityZoneId support for CreateFleet,
ModifyFleet, DescribeFleets, RequestSpotFleet, ModifySpotFleetRequests and
DescribeSpotFleetRequests APIs.
* api-change:``ecr``: [``botocore``] Adds support for ECR Create On Push
* api-change:``ecs``: [``botocore``] Adding support for Event Windows via a new ECS account setting
"fargateEventWindows". When enabled, ECS Fargate will use the configured event window for patching
tasks. Introducing "CapacityOptionType" for CreateCapacityProvider API, allowing support for Spot
capacity for ECS Managed Instances.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``iot``: [``botocore``] This release adds message batching for the IoT Rules Engine
HTTP action.
* api-change:``opensearch``: [``botocore``] Amazon OpenSearch Service adds support for warm nodes,
enabling new multi-tier architecture.
* api-change:``sesv2``: [``botocore``] Amazon SES introduces Email Validation feature which checks
email addresses for syntax errors, domain validity, and risky addresses to help maintain
deliverability and protect sender reputation. SES also adds resource tagging and ABAC support for
EmailTemplates and CustomVerificationEmailTemplates.
* api-change:``ssm-sap``: [``botocore``] Added "Stopping" for the HANA Database Status.
- from version 1.42.12
* api-change:``gameliftstreams``: [``botocore``] Added new stream group operation parameters for
scale-on-demand capacity with automatic prewarming. Added new Gen6 stream classes based on the EC2
G6 instance family. Added new StartStreamSession parameter for exposure of real-time performance
stats to clients.
* api-change:``guardduty``: [``botocore``] Add support for dbiResourceId in finding.
* api-change:``inspector-scan``: [``botocore``] Adds an additional OutputFormat
* api-change:``kafkaconnect``: [``botocore``] Support dual-stack network connectivity for
connectors via NetworkType field.
* api-change:``mediaconvert``: [``botocore``] Adds support for tile encoding in HEVC and audio for
video overlays.
* api-change:``mediapackagev2``: [``botocore``] This release adds support for SPEKE V2 content key
encryption in MediaPackage v2 Origin Endpoints.
* api-change:``payment-cryptography``: [``botocore``] Support for AS2805 standard. Modifications
to import-key and export-key to support AS2805 variants.
* api-change:``payment-cryptography-data``: [``botocore``] Support for AS2805 standard. New API
GenerateAs2805KekValidation and changes to translate pin, GenerateMac and VerifyMac to support
AS2805 key variants.
* api-change:``sagemaker``: [``botocore``] Adding the newly launched p6-b300.48xlarge ec2 instance
support in Sagemaker(Hyperpod,Training and Sceptor)
- from version 1.42.11
* api-change:``iot``: [``botocore``] Add support for dynamic payloads in IoT Device Management
Commands
* api-change:``timestream-influxdb``: [``botocore``] This release adds support for rebooting
InfluxDB DbInstances and DbClusters
- from version 1.42.10
* api-change:``bedrock-agentcore-control``: [``botocore``] This release updates broken links for
AgentCore Policy APIs in the AWS CLI and SDK resources.
* api-change:``connect``: [``botocore``] Amazon Connect now supports outbound WhatsApp contacts via
the Send message block or StartOutboundChatContact API. Send proactive messages for surveys,
reminders, and updates. Offer customers the option to switch to WhatsApp while in queue,
eliminating hold time.
* api-change:``ec2``: [``botocore``] EC2 Capacity Manager now supports SpotTotalCount,
SpotTotalInterruptions and SpotInterruptionRate metrics for both vCPU and instance units.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``entityresolution``: [``botocore``] Support Customer Profiles Integration for AWS
Entity Resolution
* api-change:``glacier``: [``botocore``] Documentation updates for Amazon Glacier's maintenance mode
* api-change:``health``: [``botocore``] Updating Health API endpoint generation for dualstack only
regions
* api-change:``logs``: [``botocore``] This release allows you to import your historical CloudTrail
Lake data into CloudWatch with a few steps, enabling you to easily consolidate operational,
security, and compliance data in one place.
* api-change:``mediatailor``: [``botocore``] Added support for Ad Decision Server Configuration
enabling HTTP POST requests with custom bodies, headers, GZIP compression, and dynamic variables.
No changes required for existing GET request configurations.
* api-change:``route53resolver``: [``botocore``] Adds support for enabling detailed metrics on
Route 53 Resolver endpoints using RniEnhancedMetricsEnabled and TargetNameServerMetricsEnabled in
the CreateResolverEndpoint and UpdateResolverEndpoint APIs, providing enhanced visibility into
Resolver endpoint and target name server performance.
* api-change:``s3``: [``botocore``] This release adds support for the new optional field
'LifecycleExpirationDate' in S3 Inventory configurations.
* api-change:``service-quotas``: [``botocore``] Add support for SQ Dashboard Api
- from version 1.42.9
* api-change:``bcm-recommended-actions``: [``botocore``] Added new freetier action types to
RecommendedAction.type.
* api-change:``connect``: [``botocore``] Amazon Connect now offers automated post-chat surveys
triggered when customers end conversations. This captures timely feedback while experience is
fresh, using either a no-code form builder or Amazon Lex-powered interactive surveys.
* api-change:``datasync``: [``botocore``] Adds Enhanced mode support for NFS and SMB locations. SMB
credentials are now managed via Secrets Manager, and may be encrypted with service or customer
managed keys. Increases AgentArns maximum count to 8 (max 4 per TaskMode). Adds folder counters to
DescribeTaskExecution for Enhanced mode tasks.
* api-change:``workspaces-web``: [``botocore``] Adds support for portal branding customization,
enabling administrators to personalize end-user portals with custom assets.
- from version 1.42.8
* api-change:``lambda``: [``botocore``] Add Dotnet 10 (dotnet10) support to AWS Lambda.
* api-change:``organizations``: [``botocore``] Add support for policy operations on the NETWORK
SECURITY DIRECTOR POLICY policy type.
* api-change:``quicksight``: [``botocore``] This release adds new GetIdentityContext API, Dashboard
customization options for tables and pivot tables, Visual styling options- borders and decals, map
GeocodingPreferences, KeyPairCredentials for DataSourceCredentials. Snapshot APIs now support
registered users. Parameters limit increased to 400
* api-change:``secretsmanager``: [``botocore``] Add SortBy parameter to ListSecrets
* api-change:``sesv2``: [``botocore``] Update GetEmailIdentity and CreateEmailIdentity response to
include SigningHostedZone in DkimAttributes. Updated PutEmailIdentityDkimSigningAttributes Response
to include SigningHostedZone.
- from version 1.42.7
* api-change:``bedrock``: [``botocore``] Automated Reasoning checks in Amazon Bedrock Guardrails is
capable of generating policy scenarios to validate policies. The
GetAutomatedReasoningPolicyBuildWorkflowResultAssets API now adds POLICY SCENARIO asset type,
allowing customers to retrieve scenarios generated by the build workflow.
* api-change:``billingconductor``: [``botocore``] Launch itemized custom line item and service line
item filter
* api-change:``cloudwatch``: [``botocore``] This release introduces two additional protocols AWS
JSON 1.1 and Smithy RPC v2 CBOR, replacing the currently utilized one, AWSQuery. AWS SDKs will
prioritize the protocol that is the most performant for each language.
* api-change:``odb``: [``botocore``] The following APIs now return CloudExadataInfrastructureArn
and OdbNetworkArn fields for improved resource identification and AWS service integration -
GetCloudVmCluster, ListCloudVmClusters, GetCloudAutonomousVmCluster, and
ListCloudAutonomousVmClusters.
* api-change:``opensearch``: [``botocore``] The CreateApplication API now supports an optional kms
key arn parameter to allow customers to specify a CMK for application encryption.
* api-change:``partnercentral-selling``: [``botocore``] Adds support for the new
Project.AwsPartition field on Opportunity and AWS Opportunity Summary. Use this field to specify
the AWS partition where the opportunity will be deployed.
* api-change:``signer``: [``botocore``] Adds support for Signer GetRevocationStatus with updated
endpoints
- from version 1.42.6
* api-change:``account``: [``botocore``] This release adds a new API
(GetGovCloudAccountInformation) used to retrieve information about a linked GovCloud account from
the standard AWS partition.
* api-change:``appsync``: [``botocore``] Update Event API to require EventConfig parameter in
creation and update requests.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``guardduty``: [``botocore``] Adding support for Ec2LaunchTemplate Version field
* api-change:``ivs-realtime``: [``botocore``] Token Exchange introduces seamless token exchange
capabilities for IVS RTX, enabling customers to upgrade or downgrade token capabilities and update
token attributes within the IVS client SDK without forcing clients to disconnect and reconnect.
* api-change:``mgn``: [``botocore``] Added parameters encryption, IPv4/IPv6 protocol configuration,
and enhanced tagging support for replication operations.
* api-change:``route53``: [``botocore``] Amazon Route 53 now supports the EU (Germany) Region
(eusc-de-east-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
region
- Update BuildRequires and Requires from setup.py
- Update to 1.42.5
* api-change:``ce``: [``botocore``] Add support for Cost Category resource associations including
filtering by resource type on ListCostCategoryDefinitions and new
ListCostCategoryResourceAssociations API.
* api-change:``ec2``: [``botocore``] Amazon EC2 P6-B300 instances provide 8x NVIDIA Blackwell Ultra
GPUs with 2.1 TB high bandwidth GPU memory, 6.4 Tbps EFA networking, 300 Gbps dedicated ENA
throughput, and 4 TB of system memory. Amazon EC2 C8a instances are powered by 5th Gen AMD EPYC
processors with a maximum frequency of 4.5 GHz.
* api-change:``identitystore``: [``botocore``] Updating AWS Identity Store APIs to support
Attribute Extensions capability, with the first release adding Enterprise Attributes. This launch
aligns Identity Store APIs with SCIM for enterprise attributes, reducing cases when customers are
forced to use SCIM due to lack of SigV4 API support.
* api-change:``partnercentral-selling``: [``botocore``] Deal Sizing Service for AI-based deal size
estimation with AWS service-level breakdown, supporting Expansion and Migration deals across
Technology, and Reseller partner cohorts, including Pricing Calculator AddOn for MAP deals and
funding incentives.
* api-change:``rds``: [``botocore``] Adding support for tagging RDS Instance/Cluster Automated
Backups
* api-change:``redshift-serverless``: [``botocore``] Added GetIdentityCenterAuthToken API to
retrieve encrypted authentication tokens for Identity Center integrated serverless workgroups. This
API enables programmatic access to secure Identity Center tokens with proper error handling and
parameter validation across supported SDK languages.
* api-change:``rolesanywhere``: [``botocore``] Increases certificate string length for trust anchor
source data to support ML-DSA certificates.
* api-change:``sesv2``: [``botocore``] Update Mail Manager Archive ARN validation
* enhancement:ContainerProvider: [``botocore``] The ContainerProvider now works with arbitray HTTPS
URLs for `AWS_CONTAINER_CREDENTIALS_FULL_URI`.
- from version 1.42.4
* api-change:``ecs``: [``botocore``] Updating stop-task API to encapsulate containers with custom
stop signal
* api-change:``iam``: [``botocore``] Adding the ExpirationTime attribute to the delegation request
resource.
* api-change:``inspector2``: [``botocore``] This release adds a new ScanStatus called "Unsupported
Code Artifacts". This ScanStatus will be returned when a Lambda function was not code scanned
because it has unsupported code artifacts.
* api-change:``partnercentral-account``: [``botocore``] Adding Verification API's to Partner
Central Account SDK.
* api-change:``sesv2``: [``botocore``] Updating the desired url for
`PutEmailIdentityDkimSigningAttributes` from v1 to v2
* enhancement:AWSCRT: [``botocore``] Update awscrt version to 0.29.2
- from version 1.42.3
* api-change:``lambda``: [``botocore``] Add DisallowedByVpcEncryptionControl to the
LastUpdateStatusReasonCode and StateReasonCode enums to represent failures caused by VPC Encryption
Controls.
- from version 1.42.2
* api-change:``bedrock``: [``botocore``] Adding support in Amazon Bedrock to customize models with
reinforcement fine-tuning (RFT) and support for updating the existing Custom Model Deployments.
* api-change:``sagemaker``: [``botocore``] Introduces Serverless training: A fully managed compute
infrastructure that abstracts away all infrastructure complexity, allowing you to focus purely on
model development.
Added AI model customization assets used to train, refine, and evaluate custom models during the
model customization process.
- from version 1.42.1
* api-change:``bedrock``: [``botocore``] Adds the audioDataDeliveryEnabled boolean field to the
Model Invocation Logging Configuration.
* api-change:``bedrock-agentcore``: [``botocore``] Support for AgentCore Evaluations and Episodic
memory strategy for AgentCore Memory.
* api-change:``bedrock-agentcore-control``: [``botocore``] Supports AgentCore Evaluations, Policy,
Episodic Memory Strategy, Resource Based Policy for Runtime and Gateway APIs, API Gateway Rest API
Targets and enhances JWT authorizer.
* api-change:``bedrock-runtime``: [``botocore``] Adds support for Audio Blocks and Streaming Image
Output plus new Stop Reasons of malformed_model_output and malformed_tool_use.
* api-change:``ce``: [``botocore``] This release updates existing Savings Plans Purchase Analyzer
and Recommendations APIs to support Database Savings Plans.
* api-change:``datazone``: [``botocore``] Amazon DataZone now supports exporting Catalog datasets
as Amazon S3 tables, and provides automatic business glossary term suggestions for data assets.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``fsx``: [``botocore``] S3 Access Points support for FSx for NetApp ONTAP
* api-change:``guardduty``: [``botocore``] Adding support for extended threat detection for Amazon
EC2 and Amazon ECS. Adding support for wild card suppression rules.
* api-change:``lambda``: [``botocore``] Launching Lambda durable functions - a new feature to build
reliable multi-step applications and AI workflows natively within the Lambda developer experience.
* api-change:``logs``: [``botocore``] CloudWatch Logs adds managed S3 Tables integration to access
logs using other analytical tools, as well as facets and field indexing to simplify log analytics
in CloudWatch Logs Insights.
* api-change:``nova-act``: [``botocore``] Initial release of Nova Act SDK. The Nova Act service
enables customers to build and manage fleets of agents for automating production UI workflows with
high reliability, fastest time-to-value, and ease of implementation at scale.
* api-change:``observabilityadmin``: [``botocore``] CloudWatch Observability Admin adds pipelines
configuration for third party log ingestion and transformation of all logs ingested, integration of
CloudWatch logs with S3 Tables, and AWS account or organization level enablement for 7 AWS services.
* api-change:``opensearch``: [``botocore``] GPU-acceleration helps you build large-scale vector
databases faster and more efficiently. You can enable this feature on new OpenSearch domains and
OpenSearch Serverless collections. This feature uses GPU-acceleration to reduce the time needed to
index data into vector indexes.
* api-change:``opensearchserverless``: [``botocore``] GPU-acceleration helps you build large-scale
vector databases faster and more efficiently. You can enable this feature on new OpenSearch domains
and OpenSearch Serverless collections. This feature uses GPU-acceleration to reduce the time needed
to index data into vector indexes.
* api-change:``rds``: [``botocore``] RDS Oracle and SQL Server: Add support for adding, modifying,
and removing additional storage volumes, offering up to 256TiB storage; RDS SQL Server: Support
Developer Edition via custom engine versions for development and testing purposes; M7i/R7i
instances with Optimize CPU for cost savings.
* api-change:``s3``: [``botocore``] New S3 Storage Class FSX_ONTAP
* api-change:``s3control``: [``botocore``] Add support for S3 Storage Lens Advanced Performance
Metrics, Expanded Prefixes metrics report, and export to S3 Tables.
* api-change:``s3tables``: [``botocore``] Add storage class, replication, and table record
expiration features to S3 Tables.
* api-change:``s3vectors``: [``botocore``] Amazon S3 Vectors provides cost-effective, elastic, and
durable vector storage for queries based on semantic meaning and similarity.
* api-change:``sagemaker``: [``botocore``] Added support for serverless MLflow Apps.
Added support for new HubContentTypes (DataSet and JsonDoc) in Private Hub for AI model
customization assets, enabling tracking and management of training datasets and evaluators (reward
functions/prompts) throughout the ML lifecycle.
* api-change:``savingsplans``: [``botocore``] Added support for Amazon Database Savings Plans
* api-change:``securityhub``: [``botocore``] ITSM enhancements: DRYRUN mode for testing ticket
creation, ServiceNow now uses AWS Secrets Manager for credentials, ConnectorRegistrationsV2 renamed
to RegisterConnectorV2, added ServiceQuotaExceededException error, and ConnectorStatus visibility
in CreateConnectorV2.
- from version 1.42.0
* api-change:``appintegrations``: [``botocore``] This release adds support for MCP servers via the
ApplicationType field, allowing customers to register their Bedrock AgentCore gateways as third
party applications.
* api-change:``bedrock-agent``: [``botocore``] Support audio and video ingestion on Bedrock
Knowledge Bases.
* api-change:``bedrock-agent-runtime``: [``botocore``] Support audio and video content retrieval on
Bedrock Knowledge Bases.
* api-change:``cleanrooms``: [``botocore``] AWS Clean Rooms now supports privacy-enhancing
synthetic dataset generation for custom ML training.
* api-change:``cleanroomsml``: [``botocore``] AWS Clean Rooms ML now supports privacy-enhancing
synthetic dataset generation for custom ML training.
* api-change:``connect``: [``botocore``] This is a combined re:Invent release for Amazon Connect.
* api-change:``connectcampaignsv2``: [``botocore``] This release added support for new WhatsApp
channel and Journey type outbound campaign
* api-change:``connectparticipant``: [``botocore``] Amazon Connect now supports message processing
that intercepts and processes chat messages before they reach any participant.
* api-change:``customer-profiles``: [``botocore``] This release introduces, CRUD APIs for the
DomainObjectType and Recommender resources, APIs to offer statistical insights on Object Type
Attributes, Changes to SegmentDefinition APIs to support SQL queries to create Segments, and
Changes to Domain APIs to support Data Store.
* api-change:``eks``: [``botocore``] This release adds support for EKS Capabilities
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``glue``: [``botocore``] feature: Glue: Add support for Iceberg materialized view in
Glue Data Catalog, including updated CreateTable API to support materialized views and new APIs for
managing data refresh for materialized views.
feature: Glue: Add support for Iceberg table encryption keys and struct field defaults.
* api-change:``lambda``: [``botocore``] Launching Lambda Managed Instances - a new feature to run
Lambda on EC2.
* api-change:``lexv2-models``: [``botocore``] Adds support for speech-to-speech models for
human-like, adaptive, and expressive voice interactions. Also adds support for speech model
preference, allowing customers to select which speech model they want to use for speech-to-text
requests.
* api-change:``marketplace-agreement``: [``botocore``] This release supports 1/multi-product
transactions via offer sets. DescribeAgreement and SearchAgreements APIs now return offer set IDs.
SearchAgreements also supports filtering by offer set ID and 2/variable payment pricing terms will
be returned through GetAgreementTerms.
* api-change:``marketplace-catalog``: [``botocore``] This release introduces offer set entity in
AWS Marketplace Catalog API to enable multi-product transaction. Offer set enables sellers to group
multiple private offers into a single-click purchase experience, simplifying procurement for
customers purchasing multi-product solutions.
* api-change:``partnercentral-account``: [``botocore``] Initial GA launch of Partner Central Account
* api-change:``partnercentral-benefits``: [``botocore``] Initial GA launch of Partner Central
Benefits
* api-change:``partnercentral-selling``: [``botocore``] New Features:
Lead Management APIs for capturing and nurturing leads
Lead invitation support for partner collaboration
Lead-to-opportunity conversion operations
AWS Marketplace OfferSets support for opportunities
* api-change:``personalize``: [``botocore``] This release adds support for includedDatasetColumns
and performIncrementalUpdate in solution APIs, and rankingInfluence in campaign and batch inference
APIs.
* api-change:``qconnect``: [``botocore``] New AIAgent types: Orchestration for ModelContextProtocol
tool integration, CaseSummary for Amazon Connect Case summaries, NoteTaker for Agent Assistance
notes. Added ListSpans and Retrieve APIs. Enhanced Q in Connect AssistantAssociationType to support
Bring Your Own Bedrock Knowledge Bases.
* api-change:``route53globalresolver``: [``botocore``] Add SDK for Amazon Route 53 Global Resolver,
a fully managed DNS resolver service that offers broad DNS-filtering security controls.
* enhancement:AWSCRT: [``botocore``] Update awscrt version to 0.29.1
* enhancement:``s3``: Adds partial ``TransferConfig`` support for CRT transfer managers.
* feature:``s3``: Added ``crt`` mode to ``preferred_transfer_client`` parameter in
``TransferConfig`` to enable CRT transfer client in all environments.
- from version 1.41.5
* api-change:``bedrock-runtime``: [``botocore``] Bedrock Runtime Reserved Service Support
* api-change:``compute-optimizer``: [``botocore``] Compute Optimizer now identifies idle NAT
Gateway resources for cost optimization based on traffic patterns and backup configuration
analysis. Access recommendations via the GetIdleRecommendations API.
* api-change:``cost-optimization-hub``: [``botocore``] This release enables AWS Cost Optimization
Hub to show cost optimization recommendations for NAT Gateway.
- from version 1.41.4
* api-change:``ec2``: [``botocore``] This release adds support to view Network firewall proxy
appliances attached to an existing NAT Gateway via DescribeNatGateways API
NatGatewayAttachedAppliance structure.
* api-change:``network-firewall``: [``botocore``] Network Firewall release of the Proxy feature.
* api-change:``organizations``: [``botocore``] Add support for policy operations on the S3_POLICY
and BEDROCK_POLICY policy type.
* api-change:``route53``: [``botocore``] Adds support for new route53 feature: accelerated recovery.
- Update BuildRequires and Requires from setup.py
- Update to 1.41.3
* api-change:``cloudfront``: [``botocore``] Add TrustStore, ConnectionFunction APIs to CloudFront
SDK
* api-change:``logs``: [``botocore``] New CloudWatch Logs feature - LogGroup Deletion Protection, a
capability that allows customers to safeguard their critical CloudWatch log groups from accidental
or unintended deletion.
* enhancement:awscrt: [``botocore``] Update awscrt version to 0.29.0
- from version 1.41.2
* api-change:``apigateway``: [``botocore``] API Gateway supports VPC link V2 for REST APIs.
* api-change:``athena``: [``botocore``] Introduces Spark workgroup features including log
persistence, S3/CloudWatch delivery, UI and History Server APIs, and SparkConnect 3.5.6 support.
Adds DPU usage limits at workgroup and query levels as well as DPU usage tracking for Capacity
Reservation queries to optimize performance and costs.
* api-change:``bedrock``: [``botocore``] Add support to automatically enforce safeguards across
accounts within an AWS Organization.
* api-change:``bedrock-agentcore-control``: [``botocore``] Support for agentcore gateway
interceptor configurations and NONE authorizer type
* api-change:``bedrock-data-automation-runtime``: [``botocore``] Adding new fields to
GetDataAutomationStatus: jobSubmissionTime, jobCompletionTime, and jobDurationInSeconds
* api-change:``bedrock-runtime``: [``botocore``] Add support to automatically enforce safeguards
across accounts within an AWS Organization.
* api-change:``cloudformation``: [``botocore``] Adds the DependsOn field to the AutoDeployment
configuration parameter for CreateStackSet, UpdateStackSet, and DescribeStackSet APIs, allowing
users to set and read auto-deployment dependencies between StackSets
* api-change:``compute-optimizer-automation``: [``botocore``] Initial release of AWS Compute
Optimizer Automation. Create automation rules to implement recommended actions on a recurring
schedule based on your specified criteria. Supported actions include: snapshot and delete
unattached EBS volumes and upgrade volume types to the latest generation.
* api-change:``connect``: [``botocore``] New APIs to support aliases and versions for
ContactFlowModule. Updated ContactFlowModule APIs to support custom blocks.
* api-change:``controltower``: [``botocore``] The manifest field is now optional for the AWS
Control Tower CreateLandingZone and UpdateLandingZone APIs for Landing Zone version 4.0
* api-change:``ec2``: [``botocore``] This release adds a new capability to create and manage
interruptible EC2 Capacity Reservations.
* api-change:``ecr``: [``botocore``] Add support for ECR managed signing
* api-change:``eks``: [``botocore``] Adds support for controlPlaneScalingConfig on EKS Clusters.
* api-change:``elbv2``: [``botocore``] This release adds the health check log feature in ALB,
allowing customers to send detailed target health check log data directly to their designated
Amazon S3 bucket.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``invoicing``: [``botocore``] Added the CreateProcurementPortalPreference,
GetProcurementPortalPreference, PutProcurementPortalPreference,
UpdateProcurementPortalPreferenceStatus, ListProcurementPortalPreferences and
DeleteProcurementPortalPreference APIs for procurement portal preference management.
* api-change:``kinesisvideo``: [``botocore``] This release adds support for Tiered Storage
* api-change:``kms``: [``botocore``] Support for on-demand rotation of AWS KMS Multi-Region keys
with imported key material
* api-change:``lambda``: [``botocore``] Launching Enhanced Error Handling and ESM Grouping
capabilities for Kafka ESMs
* api-change:``lexv2-models``: [``botocore``] Adds support for Intent Disambiguation, allowing
resolution of ambiguous user inputs when multiple intents match by presenting clarifying questions
to users. Also adds Speech Detection Sensitivity configuration for optimizing voice activity
detection sensitivity levels in various noise environments.
* api-change:``mailmanager``: [``botocore``] Add support for resources in the aws-eusc partition.
* api-change:``marketplace-entitlement``: [``botocore``] Endpoint update for new region
* api-change:``mediapackagev2``: [``botocore``] Adds support for excluding session key tags from
HLS multivariant playlists
* api-change:``meteringmarketplace``: [``botocore``] Endpoint update for new region
* api-change:``odb``: [``botocore``] Adds AssociateIamRoleToResource and
DisassociateIamRoleFromResource APIs for managing IAM roles. Enhances CreateOdbNetwork and
UpdateOdbNetwork APIs with KMS, STS, and cross-region S3 parameters. Adds OCI identity domain
support to InitializeService API.
* api-change:``organizations``: [``botocore``] Add support for policy operations on the
UPGRADE_ROLLOUT_POLICY policy type.
* api-change:``qconnect``: [``botocore``] This release introduces two new messaging channel
subtypes: Push, WhatsApp, under MessageTemplate which is a resource in Amazon Q in Connect.
* api-change:``quicksight``: [``botocore``] Amazon Quick Suite now supports QuickChat as an
embedding type when calling the GenerateEmbedUrlForRegisteredUser API, enabling developers to embed
conversational AI agents directly into their applications.
* api-change:``rds``: [``botocore``] Add support for Upgrade Rollout Order
* api-change:``redshift``: [``botocore``] Added support for Amazon Redshift Federated Permissions
and AWS IAM Identity Center trusted identity propagation.
* api-change:``redshift-serverless``: [``botocore``] Added UpdateLakehouseConfiguration API to
manage Amazon Redshift Federated Permissions and AWS IAM Identity Center trusted identity
propagation for namespaces.
* api-change:``sagemaker``: [``botocore``] Enhanced SageMaker HyperPod instance groups with support
for MinInstanceCount, CapacityRequirements (Spot/On-Demand), and KubernetesConfig (labels and
taints). Also Added speculative decoding and MaxInstanceCount for model optimization jobs.
* api-change:``security-ir``: [``botocore``] Add ListInvestigations and SendFeedback APIs to
support SecurityIR AI agents
* api-change:``sesv2``: [``botocore``] Added support for new SES regions - Asia Pacific (Malaysia)
and Canada (Calgary)
* api-change:``transfer``: [``botocore``] Adds support for creating Webapps accessible from a VPC.
- from version 1.41.1
* api-change:``application-signals``: [``botocore``] Amazon CloudWatch Application Signals now
supports un-instrumented services discovery, cross-account views, and change history, helping SRE
and DevOps teams monitor and troubleshoot their large-scale distributed applications.
* api-change:``autoscaling``: [``botocore``] This release adds support for three new features: 1)
Image ID overrides in mixed instances policy, 2) Replace Root Volume - a new strategy for Instance
Refresh, and 3) Instance Lifecycle Policy for enhanced instance lifecycle management.
* api-change:``bedrock-agentcore``: [``botocore``] Bedrock AgentCore Memory release for redriving
memory extraction jobs (StartMemoryExtractionJob and ListMemoryExtractionJob)
* api-change:``bedrock-data-automation``: [``botocore``] Added support for Synchronous project type
and PII Detection and Redaction
* api-change:``bedrock-data-automation-runtime``: [``botocore``] Bedrock Data Automation Runtime
Sync API
* api-change:``braket``: [``botocore``] Add support for Braket spending limits.
* api-change:``budgets``: [``botocore``] Add BillingViewHealthStatusException to
DescribeBudgetPerformanceHistory and ServiceQuotaExceededException to UpdateBudget for improved
error handling with Billing Views.
* api-change:``cloudfront``: [``botocore``] This release adds support for bring your own IP (BYOIP)
to CloudFront's CreateAnycastIpList API through an optional IpamCidrConfigs field.
* api-change:``cloudtrail``: [``botocore``] AWS launches CloudTrail aggregated events to simplify
monitoring of data events at scale. This feature delivers both granular and summarized data events
for resources like S3/Lambda, helping security teams identify patterns without custom aggregation
logic.
* api-change:``connect``: [``botocore``] Add optional ability to exclude users from send
notification actions for Contact Lens Rules.
* api-change:``datasync``: [``botocore``] The partition value "aws-eusc" is now permitted for ARN
(Amazon Resource Name) fields.
* api-change:``devicefarm``: [``botocore``] Add support for environment variables and an IAM
execution role.
* api-change:``dms``: [``botocore``] Added support for customer-managed KMS key (CMK) for
encryption for import private key certificate. Additionally added Amazon SageMaker Lakehouse
endpoint used for zero-ETL integrations with data warehouses.
* api-change:``dsql``: [``botocore``] Added clusterVpcEndpoint field to GetVpcEndpointServiceName
API response, returning the VPC connection endpoint for the cluster
* api-change:``ec2``: [``botocore``] This release adds support for multiple features including: VPC
Encryption Control for the status of traffic flow; S2S VPN BGP Logging; TGW Flexible Costs; IPAM
allocation of static IPs from IPAM pools to CF Anycast IP lists used on CloudFront distribution;
and EBS Volume Integration with Recycle Bin
* api-change:``ecs``: [``botocore``] Launching Amazon ECS Express Mode - a new feature that enables
developers to quickly launch highly available, scalable containerized applications with a single
command.
* api-change:``elbv2``: [``botocore``] This release adds the target optimizer feature in ALB,
enabling strict concurrency enforcement on targets.
* api-change:``emr``: [``botocore``] Add support for configuring S3 destination for step logs on a
per-step basis.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``glue``: [``botocore``] Added FunctionType parameter to Glue GetuserDefinedFunctions.
* api-change:``imagebuilder``: [``botocore``] EC2 Image Builder now enables the distribution of
existing AMIs, retry distribution, and define distribution workflows. It also supports automatic
versioning for recipes and components, allowing automatic version increments and dynamic
referencing in pipelines.
* api-change:``kinesis``: [``botocore``] Kinesis Data Streams now supports up to 50 Enhance Fan-out
consumers for On-demand Advantage Streams. On-demand Standard and Provisioned streams will continue
with the existing limit of 20 consumers for Enhanced Fan-out.
* api-change:``lakeformation``: [``botocore``] Added ServiceIntegrations as a request parameter for
CreateLakeFormationIdentityCenterConfigurationRequest and
UpdateLakeFormationIdentityCenterConfigurationRequest and response parameter for
DescribeLakeFormationIdentityCenterConfigurationResponse
* api-change:``license-manager``: [``botocore``] Added cross-account resource aggregation via
license asset groups and expiry tracking for Self-Managed Licenses. Extended Org-Wide View to
Self-Managed Licenses, added reporting for license asset groups, and removed Athena/Glue
dependencies for cross-account resource discovery in commercial regions.
* api-change:``networkmanager``: [``botocore``] This release adds support for Cloud WAN Routing
Policy providing customers sophisticated routing controls to better manage their global networks
* api-change:``organizations``: [``botocore``] Added new APIs for Billing Transfer, new policy type
INSPECTOR_POLICY, and allow an account to transfer between organizations
* api-change:``quicksight``: [``botocore``] Introducing comprehensive theme styling controls. New
features include border customization (radius, width, color), flexible padding controls, background
styling for cards and sheets, centralized typography management, and visual-level override support
across layouts.
* api-change:``rbin``: [``botocore``] Add support for EBS volume in Recycle Bin
* api-change:``rds``: [``botocore``] Add support for VPC Encryption Controls.
* api-change:``redshift-data``: [``botocore``] Increasing the length limit of Statement Name from
500 to 2048.
* api-change:``s3``: [``botocore``] Enable / Disable ABAC on a general purpose bucket.
* api-change:``sagemaker``: [``botocore``] Added training plan support for inference endpoints.
Added HyperPod task governance with accelerator partition-based quota allocation. Added
BatchRebootClusterNodes and BatchReplaceClusterNodes APIs. Updated ListClusterNodes to include
privateDnsHostName.
* api-change:``securityhub``: [``botocore``] Release Findings and Resources Trends APIs-
GetFindingsTrendsV2 and GetResourcesTrendsV2. This supports time-series aggregated counts with
composite filtering for 1-year of historical data analysis of Findings and Resources.
- from version 1.41.0
* api-change:``apigateway``: [``botocore``] API Gateway now supports response streaming and new
security policies for REST APIs and custom domain names.
* api-change:``apigatewayv2``: [``botocore``] Support for API Gateway portals and portal products.
* api-change:``backup``: [``botocore``] Amazon GuardDuty Malware Protection now supports AWS
Backup, extending malware detection capabilities to EC2, EBS, and S3 backups.
* api-change:``bcm-pricing-calculator``: [``botocore``] Add GroupSharingPreference,
CostCategoryGroupSharingPreferenceArn, and CostCategoryGroupSharingPreferenceEffectiveDate to Bill
Estimate. Add GroupSharingPreference and CostCategoryGroupSharingPreferenceArn to Bill Scenario.
* api-change:``bedrock-runtime``: [``botocore``] This release includes support for Search Results.
* api-change:``billing``: [``botocore``] Added name filtering support to ListBillingViews API
through the new names parameter to efficiently filter billing views by name.
* api-change:``billingconductor``: [``botocore``] This release adds support for Billing Transfers,
enabling management of billing transfers with billing groups on AWS Billing Conductor.
* api-change:``ce``: [``botocore``] Add support for COST_CATEGORY, TAG, and LINKED_ACCOUNT AWS
managed cost anomaly detection monitors
* api-change:``cloudtrail``: [``botocore``] AWS CloudTrail now supports Insights for data events,
expanding beyond management events to automatically detect unusual activity on data plane
operations.
* api-change:``connectcampaignsv2``: [``botocore``] This release added support for ring timer
configuration for campaign calls.
* api-change:``cost-optimization-hub``: [``botocore``] Release ListEfficiencyMetrics API
* api-change:``datazone``: [``botocore``] Amazon DataZone now supports business metadata (readme
and metadata forms) at the individual attribute (column) level, a new rule type for glossary terms,
and the ability to update the owner of the root domain unit.
* api-change:``dynamodb``: [``botocore``] Extended Global Secondary Index (GSI) composite keys to
support up to 8 attributes.
* api-change:``ec2``: [``botocore``] This launch adds support for two new features: Regional NAT
Gateway and IPAM Policies. IPAM policies offers customers central control for public IPv4
assignments across AWS services. Regional NAT is a single NAT Gateway that automatically expands
across AZs in a VPC to maintain high availability.
* api-change:``ecr``: [``botocore``] Add support for ECR archival storage class and Inspector org
policy for scanning
* api-change:``ecs``: [``botocore``] Added support for Amazon ECS Managed Instances infrastructure
optimization configuration.
* api-change:``emr``: [``botocore``] Add CloudWatch Logs integration for Spark driver, executor and
step logs
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``fsx``: [``botocore``] Adding File Server Resource Manager configuration to FSx
Windows
* api-change:``guardduty``: [``botocore``] Add support for scanning and viewing scan results for
backup resource types
* api-change:``health``: [``botocore``] Adds actionability and personas properties to Health events
exposed through DescribeEvents, DescribeEventsForOrganization, DescribeEventDetails, and
DescribeEventTypes APIs. Adds filtering by actionabilities and personas in EventFilter,
OrganizationEventFilter, EventTypeFilter.
* api-change:``iam``: [``botocore``] Added the EnableOutboundWebIdentityFederation,
DisableOutboundWebIdentityFederation and GetOutboundWebIdentityFederationInfo APIs for the IAM
outbound federation feature.
* api-change:``inspector2``: [``botocore``] This release introduces BLOCKED_BY_ORGANIZATION_POLICY
error code and IMAGE_ARCHIVED scanStatusReason. BLOCKED_BY_ORGANIZATION_POLICY error code is
returned when an operation is blocked by an AWS Organizations policy. IMAGE_ARCHIVED
scanStatusReason is returned when an Image is archived in ECR.
* api-change:``invoicing``: [``botocore``] Add support for adding Billing transfers in Invoice
configuration
* api-change:``lambda``: [``botocore``] Added support for creating and invoking Tenant Isolated
functions in AWS Lambda APIs.
* api-change:``logs``: [``botocore``] Adding support for ocsf version 1.5, add optional parameter
MappingVersion
* api-change:``mediaconnect``: [``botocore``] This release adds support for global routing in AWS
Elemental MediaConnect. You can now use router inputs and router outputs to manage global video and
audio routing workflows both within the AWS-Cloud and over the public internet.
* api-change:``medialive``: [``botocore``] MediaLive is adding support for MediaConnect Router by
supporting a new input type called MEDIACONNECT_ROUTER. This new input type will provide seamless
encrypted transport between MediaConnect Router and your MediaLive channel.
* api-change:``network-firewall``: [``botocore``] Partner Managed Rulegroup feature support
* api-change:``networkflowmonitor``: [``botocore``] Added new enum value (AWS::EKS::Cluster) for
type field under MonitorLocalResource
* api-change:``partnercentral-channel``: [``botocore``] Initial GA launch of Partner Central Channel
* api-change:``route53``: [``botocore``] Add dual-stack endpoint support for Route53
* api-change:``rum``: [``botocore``] CloudWatch RUM now supports mobile application monitoring for
Android and iOS platforms
* api-change:``s3``: [``botocore``] Adds support for blocking SSE-C writes to general purpose
buckets.
* api-change:``sagemaker``: [``botocore``] Added support for enhanced metrics for SageMaker AI
Endpoints. This features provides Utilization Metrics at instance and container granularity and
also provides easy configuration of metric publish frequency from 10 sec -> 5 mins
* api-change:``secretsmanager``: [``botocore``] Adds support to create, update, retrieve, rotate,
and delete managed external secrets.
* api-change:``signin``: [``botocore``] AWS Sign-In manages authentication for AWS services. This
service provides secure authentication flows for accessing AWS resources from the console and
developer tools. This release adds the CreateOAuth2Token API, which can be used to fetch OAuth2
access tokens and refresh tokens from Sign-In.
* api-change:``stepfunctions``: [``botocore``] Adds support to TestState for mocked results and
exceptions, along with additional inspection data.
* api-change:``sts``: [``botocore``] IAM now supports outbound identity federation via the STS
GetWebIdentityToken API, enabling AWS workloads to securely authenticate with external services
using short-lived JSON Web Tokens.
* feature:credentials: [``botocore``] Adds support for the login credential provider, allowing
users to use AWS Management Console credentials for authentication.
- from version 1.40.76
* api-change:``autoscaling``: [``botocore``] This release adds the new LaunchInstances API, which
can launch instances synchronously in an AutoScaling group. The API also returns instances info and
launch error back immediately.
* api-change:``backup``: [``botocore``] AWS Backup now supports a low-cost warm storage tier for
Amazon S3 backup data.
* api-change:``bedrock-runtime``: [``botocore``] Amazon Bedrock Runtime Service Tier Support Launch
* api-change:``cloudformation``: [``botocore``] New CloudFormation DescribeEvents API with
operation ID tracking and failure filtering capabilities to quickly identify root causes of
deployment failures. Also, a DeploymentMode parameter for the CreateChangeSet API that enables
creation of drift-aware change sets for safe drift management.
* api-change:``connect``: [``botocore``] This release added support for ring timer configuration
for campaign calls.
* api-change:``ec2``: [``botocore``] AWS Site-to-Site VPN now supports VPN Concentrator, a new
feature that enables customers to connect multiple low-bandwidth sites connections through a single
attachment, simplifying multi-site connectivity for distributed enterprises.
* api-change:``iam``: [``botocore``] Added the AssociateDelegationRequest, GetDelegationRequest,
AcceptDelegationRequest, RejectDelegatonRequest, ListDelegationRequests, UpdateDelegationRequest,
SendDelegationToken and GetHumanReadableSummary APIs for the IAM temporary delegation feature.
* api-change:``kafka``: [``botocore``] Amazon MSK adds three new APIs, ListTopics, DescribeTopic,
and DescribeTopicPartitions for viewing Kafka topics in your MSK clusters.
* api-change:``logs``: [``botocore``] CloudWatch Logs updates: Added capability to setup a
recurring schedule for log insights queries. Logs introduced Scheduled Queries (managed through
Create/Update/Get/Delete/List/History Scheduled Query APIs). For more information, see CloudWatch
Logs API documentation.
* api-change:``resourcegroupstaggingapi``: [``botocore``] Add support for new ListRequiredTags API
used to retrieve the required tags specified in a customer's effective tag policy.
* api-change:``storagegateway``: [``botocore``] Adds support for European Sovereign Cloud ARNs in
Storage Gateway API parameters.
* api-change:``wafv2``: [``botocore``] AssociateWebACL, UpdateWebACL and PutLoggingConfiguration
will now throw WAFFeatureNotIncludedInPricingPlanException when the request contains a feature that
is not included in the CloudFront pricing plan of the WebACL.
- from version 1.40.75
* api-change:``appstream``: [``botocore``] Adding support for additional instances and extended
storage
* api-change:``backup``: [``botocore``] AWS Backup now supports specifying a logically air-gapped
backup vault as a primary backup target in backup plans and on-demand backup jobs.
* api-change:``bedrock``: [``botocore``] Automated Reasoning checks in Amazon Bedrock Guardrails
now automatically generate Q&A tests for new Automated Reasoning policies. The
GetAutomatedReasoningPolicyBuildWorkflowResultAssets API adds GENERATED_TEST_CASES asset type,
allowing customers to retrieve tests generated by the build workflow.
* api-change:``devicefarm``: [``botocore``] This release adds support for interacting with devices
during a remote access session using the remoteDriverEndpoint interface
* api-change:``dms``: [``botocore``] This release introduces the SAP ASE(Sybase) Data Provider for
AWS Data Migration Service (DMS). In addition, DMS Schema Conversion now supports this provider,
enabling customers to migrate SAP ASE(Sybase) databases to Amazon RDS for PostgreSQL or Aurora
PostgreSQL seamlessly.
* api-change:``ec2``: [``botocore``] This release introduces new APIs: DescribeInstanceSqlHaStates,
DescribeInstanceSqlHaHistoryStates, EnableInstanceSqlHaStandbyDetections and
DisableInstanceSqlHaStandbyDetections on Amazon EC2, allowing customers to enroll and monitor SQL
Server licensing fee savings for their SQL HA EC2 instances.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``glue``: [``botocore``] Amazon Glue Releasing 2 the new API
ListIntegrationResourceProperties and DeleteIntegrationResourceProperty along with minor
improvement on existing API(s).
* api-change:``guardduty``: [``botocore``] Add S3 On-Demand Object Scanning
* api-change:``lexv2-models``: [``botocore``] Adds support for LLM as Primary, allowing usage of
LLMs as the default NLU system.
* api-change:``medialive``: [``botocore``] Adds configurations for spatial/temporal adaptive
quantization in AV1 codec, and conversion to HLG output color space in H265 codec.
* api-change:``mediapackagev2``: [``botocore``] Add support for SCTE messages in Segment file output
* api-change:``mwaa-serverless``: [``botocore``] Amazon MWAA now offers serverless deployment,
eliminating operational overhead while optimizing costs. The service supports YAML and Python-based
workflows, with 80+ AWS Operators. It provides isolated execution, IAM permissions, and automatic
scaling with pay-per-use pricing.
* api-change:``opensearch``: [``botocore``] This release adds index operation APIs to support
Automatic Semantic Enrichment feature
* api-change:``pcs``: [``botocore``] Added support for the managed Slurm REST API endpoint
* api-change:``route53resolver``: [``botocore``] Adding DICTIONARY_DGA to dns-threat-protection as
a new enum type. Customers can now set rules for dictionary dga protection
- from version 1.40.74
* api-change:``datazone``: [``botocore``] Adds support for granting read and write access to Amazon
S3 general purpose buckets using CreateSubscriptionRequest and AcceptSubscriptionRequest APIs. Also
adds search filters for SSOUser and SSOGroup to ListSubscriptions APIs and deprecates "sortBy"
parameter for ListSubscriptions APIs.
* api-change:``ec2``: [``botocore``] This release adds AvailabilityZoneId support for
CreateInstanceConnectEndpoint, DescribeInstanceConnectEndpoints, and DeleteInstanceConnectEndpoint
APIs.
* api-change:``imagebuilder``: [``botocore``] EC2 Image Builder now supports invoking Lambda
functions and executing Step Functions state machine through image workflows.
* api-change:``medialive``: [``botocore``] Removed all the value constraint (min/max) for the shape
definitions (e.g. integerMin0Max3600) on the C2j models to get rid of the need to request an
exemption from the SDK team whenever a shape definition (e.g. integerMin0Max3600) is changed.
* enhancement:AWSCRT: [``botocore``] Update awscrt version to 0.28.4
- from version 1.40.73
* api-change:``cloudformation``: [``botocore``] CloudFormation now supports GetHookResult API with
annotations to retrieve structured compliance check results and remediation guidance for each
evaluated resource, replacing the previous single-message limitation with detailed validation
outcomes.
* api-change:``controlcatalog``: [``botocore``] Added support for related control mappings with new
RELATED_CONTROL mapping type in ListControlMappings API.
* api-change:``ec2``: [``botocore``] Added support for new accelerator types ("media") and
accelerator names ("L4", "L40s", "GAUDI_HL_205", "INFERENTIA2", "TRAINIUM", "TRAINIUM2", "U30") in
Attributes Based Instance Type Selection for launched instance types.
* api-change:``ecr``: [``botocore``] Add Amazon ECR FIPS PrivateLink endpoint support
* api-change:``elbv2``: [``botocore``] QUIC and TCP_QUIC protocol support for Network Load Balancer
(NLB). This capability enables customers to forward QUIC traffic to their targets with ultra-low
latency while maintaining session stickiness using QUIC Connection IDs.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``iotwireless``: [``botocore``] Integration of Device Location with Amazon Sidewalk
network for Amazon Sidewalk enabled devices
* api-change:``mediaconvert``: [``botocore``] Lowers minimum duration for black video generator.
Adds support for embedding and signing C2PA content credentials in DASH and CMAF HLS outputs.
* api-change:``rds``: [``botocore``] Updated endpoint and service metadata
* api-change:``sagemaker``: [``botocore``] Added support for minor version upgrades and AWS
Identity Center integration for SageMaker Hadron Partner Apps, enabling automated version
management and IdC group-based access control.
* api-change:``workspaces-web``: [``botocore``] Support for managing web content filtering for
defining, tracking and regulating type of content accessed with WorkSpaces Secure Browser as part
of browser settings.
- from version 1.40.72
* api-change:``amp``: [``botocore``] Add VPC source configuration support enabling Amazon Managed
Service for Prometheus Collector to collect metrics from MSK clusters.
* api-change:``connect``: [``botocore``] Updated Authentication Profile APIs to add support for
automatic logout on user inactivity
* api-change:``dms``: [``botocore``] Added support of SQL statements creation, metadata model
discovery and selection rules transformation.
* api-change:``ec2``: [``botocore``] Adds complete AMI ancestry tracing from immediate parent
through each preceding generation back to the root AMI
* api-change:``elbv2``: [``botocore``] This release expands ALB Authentication to support JWT
verification and adds support for a new JWT validation action in listener rule.
* api-change:``redshift``: [``botocore``] Added GetIdentityCenterAuthToken API to retrieve
encrypted authentication tokens for Identity Center integrated applications. This API enables
programmatic access to secure Identity Center tokens with proper error handling and parameter
validation across supported SDK languages.
* api-change:``s3tables``: [``botocore``] Adds support for request metrics metrics APIs for S3
Tables
* api-change:``sagemaker``: [``botocore``] Add support for trn2.3xlarge instance type for SageMaker
Hyperpod
- from version 1.40.71
* api-change:``batch``: [``botocore``] Documentation-only update: update API and doc descriptions
per EKS ImageType default value switch from AL2 to AL2023.
* api-change:``bedrock-data-automation``: [``botocore``] Added support for Language Expansion
feature for BDA Audio modality.
* api-change:``ec2``: [``botocore``] AWS Site-to-Site VPN now supports VPN connections with up to 5
Gbps bandwidth per tunnel, a 4x improvement from existing limit of 1.25 Gbps.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``medical-imaging``: [``botocore``] Added new fields in existing APIs.
* api-change:``rtbfabric``: [``botocore``] Added LogSettings and LinkAttribute fields to external
links
* api-change:``security-ir``: [``botocore``] Added support for configuring communication
preferences as well as clearly displaying case comment author identities.
- from version 1.40.70
* api-change:``acm-pca``: [``botocore``] Private Certificate Authority service now supports ML-DSA
key algorithms.
* api-change:``appstream``: [``botocore``] AWS Appstream support for IPv6
* api-change:``backup``: [``botocore``] AWS Backup supports backups of Amazon EKS clusters,
including Kubernetes cluster state and persistent storage attached to the EKS cluster via a
persistent volume claim (EBS volumes, EFS file systems, and S3 buckets).
* api-change:``braket``: [``botocore``] Adds ExperimentalCapabilities field to CreateQuantumTask
request and GetQuantumTask response objects. Enables use of experimental software capabilities when
creating quantum tasks.
* api-change:``datazone``: [``botocore``] Remove trackingServerName from DataZone Connection
MLflowProperties
* api-change:``dsql``: [``botocore``] Cluster endpoint added to CreateCluster and GetCluster API
responses
* api-change:``ec2``: [``botocore``] Amazon EC2 Fleet customers can now filter instance types based
on encryption-in-transit support using Attribute-Based Instance Type Selection (ABIS), eliminating
the manual effort of identifying and selecting compatible instance types for security-sensitive
workloads.
* api-change:``guardduty``: [``botocore``] Include tags filed in CreatePublishingDestinationRequest
and DescribePublishingDestinationResponse.
* api-change:``iam``: [``botocore``] Added CreateDelegationRequest API, which is not available for
general use at this time.
* api-change:``invoicing``: [``botocore``] Added new invoicing get-invoice-pdf API Operation
* api-change:``kafka``: [``botocore``] Amazon MSK now supports intelligent rebalancing for MSK
Express brokers.
* api-change:``sts``: [``botocore``] Added GetDelegatedAccessToken API, which is not available for
general use at this time.
* api-change:``verifiedpermissions``: [``botocore``] Amazon Verified Permissions / Features : Adds
support for entity Cedar tags.
* api-change:``wafv2``: [``botocore``] AWS WAF now supports CLOUDWATCH_TELEMETRY_RULE_MANAGED as a
LogScope option, enabling automated logging configuration through Amazon CloudWatch Logs for
telemetry data collection and analysis.
- from version 1.40.69
* api-change:``controltower``: [``botocore``] Added Parent Identifier support to
ListEnabledControls and GetEnabledControl API. Implemented RemediationType support for Landing Zone
operations: CreateLandingZone, UpdateLandingZone and GetLandingZone APIs
* api-change:``ec2``: [``botocore``] Adds PrivateDnsPreference and PrivateDnsSpecifiedDomains to
control private DNS resolution for resource and service network VPC endpoints and
IpamScopeExternalAuthorityConfiguration to integrate Amazon VPC IPAM with a third-party IPAM service
* api-change:``kms``: [``botocore``] Added support for new ECC_NIST_EDWARDS25519 AWS KMS key spec
* api-change:``opensearch``: [``botocore``] This release introduces the Default Application
feature, allowing users to set, change, or unset a preferred OpenSearch UI application on a
per-region basis for a streamlined and consistent user experience.
* api-change:``vpc-lattice``: [``botocore``] Amazon VPC Lattice now supports custom domain name for
resource configurations
- from version 1.40.68
* api-change:``accessanalyzer``: [``botocore``] New field totalActiveErrors added to
getFindingsStatistics response.
* api-change:``backup``: [``botocore``] AWS Backup now supports customer-managed keys (CMK) for
logically air-gapped vaults, enabling customers to maintain full control over their encryption key
lifecycle. This feature helps organizations meet specific internal governance requirements or
external regulatory compliance standards.
* api-change:``connect``: [``botocore``] Added support for Conditional Questions in Evaluation
Forms. Introduced Auto Evaluation capability for Evaluation Forms and Contact Evaluations. Added
new API operations: SearchEvaluationForms and SearchContactEvaluations.
* api-change:``ec2``: [``botocore``] Add Amazon EC2 R8a instance types
* api-change:``gamelift``: [``botocore``] Amazon GameLift Servers now supports game builds that use
the Windows 2022 operating system.
* api-change:``identitystore``: [``botocore``] IdentityStore API: added new KMSExceptionReason
fields to the Exception object; added multiple new fields to the User APIs - UserStatus, Birthdate,
Website and Photos; added multiple new metadata fields for User, Groups and Membership APIs -
CreatedAt, CreatedBy, UpdatedAt and UpdatedBy.
* api-change:``quicksight``: [``botocore``] Support for New Data Prep Experience
* api-change:``s3tables``: [``botocore``] Adds support for tagging APIs for S3 Tables
* api-change:``s3vectors``: [``botocore``] Amazon S3 Vectors provides cost-effective, elastic, and
durable vector storage for queries based on semantic meaning and similarity.
* api-change:``sagemaker``: [``botocore``] Added NodeProvisioningMode parameter to UpdateCluster
API to determine how instance provisioning is handled during cluster operations; in Continuous
mode. Added VpcId field in UpdateDomain request for SageMaker Unified Studio domains with no VPC to
add a customer VPC.
* api-change:``ssm``: [``botocore``] Provides NoLongerSupportedException error message
- from version 1.40.67
* api-change:``cloudfront``: [``botocore``] This release adds new and updated API operations. You
can now use the IpAddressType field to specify either ipv4 or dualstack for your Anycast static IP
list. You can also enable cross-account resource sharing to share your VPC origins with other AWS
accounts
* api-change:``datazone``: [``botocore``] Added support for Project Resource Tags
* api-change:``ec2``: [``botocore``] This release adds AvailabilityZoneId support for
DescribeFastSnapshotRestores, DisableFastSnapshotRestores, and EnableFastSnapshotRestores APIs.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``fsx``: [``botocore``] Amazon FSx now enables secure management of Active Directory
credentials through AWS Secrets Manager integration. Customers can use Secret ARNs instead of
direct credentials when joining resources to Active Directory domains.
* api-change:``groundstation``: [``botocore``] Introduce CreateDataflowEndpointGroupV2 action
* api-change:``s3``: [``botocore``] Launch IPv6 dual-stack support for S3 Express
* api-change:``sagemaker``: [``botocore``] Add new fields in SageMaker Hyperpod DescribeCluster API
response: TargetStateCount, SoftwareUpdateStatus and ActiveSoftwareDeploymentConfig to provide AMI
update progress visibility .
- from version 1.40.66
* api-change:``pinpoint-sms-voice-v2``: [``botocore``] This release adds support for the
CarrierLookup API, which returns information about a destination phone number including if the
number is valid, the carrier, and more.
- from version 1.40.65
* api-change:``bedrock-agentcore-control``: [``botocore``] Adds support for direct code deploy with
CreateAgentRuntime and UpdateAgentRuntime
* api-change:``budgets``: [``botocore``] Fix the AWS Budgets endpoint for the aws-eusc partition.
* api-change:``ec2``: [``botocore``] Add Amazon EC2 trn2.3xlarge instance type.
* api-change:``ecs``: [``botocore``] Documentation-only update for LINEAR and CANARY deployment
strategies.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``kinesis``: [``botocore``] Adds support for MinimumThroughputBillingCommitment with
new UpdateAccountSettings API. Adds support to configure warm throughput for on-demand streams in
new UpdateStreamWarmThroughput API and existing CreateStream API and UpdateStreamMode API.
- from version 1.40.64
* api-change:``connectcases``: [``botocore``] Added two new case rule types: Parent Child Field
Options (restricts child field options based on parent field value) and Hidden (controls child
field visibility based on parent field value). Both enable dynamic field behavior within templates.
* api-change:``ec2``: [``botocore``] Amazon VPC IP Address Manager (IPAM) now supports automated
prefix list management, allowing you to create rules that automatically populate customer-managed
prefix lists with CIDRs from your IPAM pools or AWS resources based on tags, Regions, or other
criteria.
* api-change:``emr``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``fms``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``fsx``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``health``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kinesis``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``lambda``: [``botocore``] Add Python3.14 (python3.14) and Java 25 (java25) support to
AWS Lambda
* api-change:``logs``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``marketplace-catalog``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mediaconvert``: [``botocore``] Adds SlowPalPitchCorrection to audio pitch correction
settings. Enables opacity for VideoOverlays. Adds REMUX_ALL option to enable multi-rendition
passthrough to VideoSelector for allow listed accounts.
* api-change:``omics``: [``botocore``] Added WDL_LENIENT engine type that enables implicit
typecasting of variable values to its compatible declared types
* api-change:``payment-cryptography``: [``botocore``] Allow additional characters in the
CertificateSubject for GetCertificateSigningRequest API.
* api-change:``redshift``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``resourcegroupstaggingapi``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sagemaker``: [``botocore``] Allow update of platform identifier via
UpdateNotebookInstance operation.
* api-change:``savingsplans``: [``botocore``] Add dual-stack endpoint support for Savings Plans
* api-change:``snowball``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ssm-quicksetup``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``textract``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``waf``: [``botocore``] Update endpoint ruleset parameters casing
- from version 1.40.63
* api-change:``amp``: [``botocore``] Add Anomaly Detection APIs for Amazon Managed Prometheus
* api-change:``apigateway``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``appconfig``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``appflow``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``applicationcostprofiler``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``appmesh``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``appsync``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``artifact``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``auditmanager``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bedrock-agent``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bedrock-agentcore-control``: [``botocore``] Web-Bot-Auth support for AgentCore
Browser tool to help reduce captcha challenges.
* api-change:``chime``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cleanrooms``: [``botocore``] Added support for advanced Spark configurations to
optimize SQL performance
* api-change:``cloudcontrol``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``clouddirectory``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cloudsearch``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cloudwatch``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codecatalyst``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codecommit``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codedeploy``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cognito-sync``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``compute-optimizer``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``connectcases``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``deadline``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``devops-guru``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``docdb``: [``botocore``] Adding FailoverState and TagList to GlobalCluster and
SynchronizationStatus to GlobalClusterMember.
* api-change:``ecs``: [``botocore``] Amazon ECS Service Connect now supports Envoy access logs,
providing deeper observability into request-level traffic patterns and service interactions.
* api-change:``eks-auth``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``elasticache``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``emr-serverless``: [``botocore``] This release adds the capability to enable User
Background Sessions for customers running Trusted Identity Propagation enabled Interactive Sessions
on EMR Serverless Applications.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``firehose``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``frauddetector``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``geo-places``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``glue``: [``botocore``] This release adds the capability to enable User Background
Sessions for customers running Trusted Identity Propagation enabled Interactive Sessions on AWS
Glue.
* api-change:``greengrassv2``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iotevents-data``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iot-managed-integrations``: [``botocore``] Add a new GetManagedThingCertificate API
to expose Iot ManagedIntegrations (MI) device certificate, and add "-" support for name,
properties, actions and events in the CapabilityReportCapability object.
* api-change:``keyspacesstreams``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kms``: [``botocore``] Add cross account VPC endpoint service connectivity support to
CustomKeyStore.
* api-change:``license-manager-linux-subscriptions``: [``botocore``] Update endpoint ruleset
parameters casing
* api-change:``marketplace-reporting``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``neptune``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``rtbfabric``: [``botocore``] RTB Fabric documentation update.
* api-change:``s3outposts``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sagemaker-runtime``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``schemas``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``serverlessrepo``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``servicecatalog``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sso``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sts``: [``botocore``] Update endpoint ruleset parameters casing
- from version 1.40.62
* api-change:``bedrock-runtime``: [``botocore``] Add support for system tool and web citation
response.
- from version 1.40.61
* api-change:``apigatewayv2``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``application-signals``: [``botocore``] Added support for CloudWatch Synthetics Canary
resources in ListAuditFindings API. This enhancement allows customers to retrieve audit findings
specifically for CloudWatch Synthetics canaries and enables service-canary correlation analysis.
* api-change:``backupsearch``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bcm-pricing-calculator``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bedrock-agent-runtime``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bedrock-runtime``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cleanroomsml``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:clients: [``botocore``] The following clients have been removed per deprecation of the
services - qldb, qldb-session, robomaker, lookoutmetrics, lookoutvision, iotfleethub, apptest
* api-change:``cloud9``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cloudsearchdomain``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codeconnections``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codeguru-security``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``detective``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ec2``: [``botocore``] This released the DescribeCapacityReservationTopology API.
* api-change:``ecs``: [``botocore``] Amazon ECS supports native linear and canary service
deployments, allowing you to shift traffic in increments for more control.
* api-change:``efs``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``elastictranscoder``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``emr-containers``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``gameliftstreams``: [``botocore``] Add stream group expiration date and expired status
* api-change:``glacier``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``groundstation``: [``botocore``] Enable use of AzEl ephemerides
* api-change:``inspector-scan``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kafkaconnect``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kendra``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kinesisvideo``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``lambda``: [``botocore``] Added SerializedRequestEntityTooLargeException to Lambda
Invoke API
* api-change:``marketplace-deployment``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mediapackage-vod``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``migrationhuborchestrator``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``notifications``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``opensearch``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``organizations``: [``botocore``] Added Account State field to the
ListDelegatedAdministrators API response.
* api-change:``partnercentral-selling``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``pipes``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ram``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``resource-groups``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``s3``: [``botocore``] Amazon Simple Storage Service / Features: Add conditional
writes in CopyObject on destination key to prevent unintended object modifications.
* api-change:``s3control``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker now supports deleting training and
processing jobs in a terminal status.
* api-change:``sagemaker-featurestore-runtime``: [``botocore``] Update endpoint ruleset parameters
casing
* api-change:``security-ir``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``servicecatalog-appregistry``: [``botocore``] Update endpoint ruleset parameters
casing
* api-change:``sqs``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``support-app``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``taxsettings``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``trustedadvisor``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``workspaces``: [``botocore``] Added IPv6 address support for WorkSpaces using
Dual-Stack subnets
* api-change:``workspaces-instances``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``xray``: [``botocore``] Update endpoint ruleset parameters casing
- from version 1.40.60
* api-change:``accessanalyzer``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``aiops``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``athena``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``backup-gateway``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bedrock-data-automation``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``braket``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ce``: [``botocore``] Updated endpoint for eusc-de-east-1 region.
* api-change:``chime-sdk-identity``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``chime-sdk-media-pipelines``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codeartifact``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codeguruprofiler``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cognito-idp``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``comprehend``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``connectcampaigns``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``controltower``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cost-optimization-hub``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``dax``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``elasticbeanstalk``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``entityresolution``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``forecast``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``greengrass``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iam``: [``botocore``] Fixed missing SummaryMap keys in GetAccountSummary response
that were being filtered out during deserialization in AWS Java SDK v2
* api-change:``invoicing``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kinesis``: [``botocore``] Adds support for record sizes up to 10MiB and introduces
new UpdateMaxRecordSize API to modify stream record size limits. Adds record size parameters to
existing CreateStream and DescribeStreamSummary APIs for request and response payloads respectively.
* api-change:``launch-wizard``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``lex-runtime``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``managedblockchain``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mturk``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``neptune-graph``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``outposts``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``pinpoint``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``rbin``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``rds-data``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``redshift-serverless``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``rekognition``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``repostspace``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``route53profiles``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``route53resolver``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``s3vectors``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``scheduler``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``secretsmanager``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ses``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``shield``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``simspaceweaver``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``socialmessaging``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ssm-sap``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sso-admin``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``stepfunctions``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``waf-regional``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``workmailmessageflow``: [``botocore``] Update endpoint ruleset parameters casing
- from version 1.40.59
* api-change:``acm``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``amplifyuibuilder``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``application-signals``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``billing``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``budgets``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``chime-sdk-messaging``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cloudtrail``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codepipeline``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``datapipeline``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``datazone``: [``botocore``] This release adds support for MLflow connections Creation
in DataZone
* api-change:``docdb``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``dynamodbstreams``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``eks``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``elb``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``evs``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``fis``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``gameliftstreams``: [``botocore``] Add status reasons for TERMINATED stream sessions
* api-change:``geo-maps``: [``botocore``] Added support for optional AdditionalFeatures parameter
in the V2 GetTile API.
* api-change:``inspector``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iot-managed-integrations``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iotwireless``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kinesisanalytics``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kinesis-video-signaling``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``location``: [``botocore``] Added support for mobile app restrictions in Amazon
Location API keys.
* api-change:``lookoutvision``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mediapackage``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mediastore``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mediastore-data``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``migrationhubstrategy``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mq``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``panorama``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``payment-cryptography``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``payment-cryptography-data``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``pca-connector-ad``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``qbusiness``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``robomaker``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``route53domains``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``rtbfabric``: [``botocore``] Add support for custom rate limits.
* api-change:``s3tables``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sagemaker``: [``botocore``] Added inference components model data caching feature
* api-change:``sagemaker-metrics``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``securityhub``: [``botocore``] Release 3 layer filter support in GetFindingsV2,
GetFindingStatisticsV2, GetResourcesV2,GetResourcesStatisticsV2, AutomationRule V2 APIs. Update
filter casing in GetResourcesV2, GetResourcesStatisticsV2 APIs. Add new filters in GetFindingsV2,
GetFindingStatisticsV2, AutomationRule V2 APIs.
* api-change:``servicediscovery``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``snow-device-management``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sso-oidc``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``supplychain``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``translate``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``verifiedpermissions``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``vpc-lattice``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``wisdom``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``workspaces-thin-client``: [``botocore``] Update endpoint ruleset parameters casing
- from version 1.40.58
* api-change:``account``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``application-autoscaling``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bedrock-agentcore``: [``botocore``] Fixing the service documentation name
* api-change:``bedrock-agentcore-control``: [``botocore``] Fixing the service documentation name
* api-change:``chime-sdk-voice``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cloudtrail-data``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codebuild``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codestar-connections``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``config``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``connect-contact-lens``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cur``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``discovery``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``dms``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``docdb-elastic``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``drs``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``dsql``: [``botocore``] Add support for resource-based policies for Aurora DSQL
clusters. This will enable you to implement Block Public Access (BPA) which will help restrict
access to your Aurora DSQL public or VPC endpoints.
* api-change:``ebs``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ecr``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ecr-public``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``healthlake``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``internetmonitor``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iotevents``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iot-jobs-data``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kinesis-video-archived-media``: [``botocore``] Update endpoint ruleset parameters
casing
* api-change:``kinesis-video-webrtc-storage``: [``botocore``] Update endpoint ruleset parameters
casing
* api-change:``lambda``: [``botocore``] Add NodeJs 24 (nodejs24.x) support to AWS Lambda.
* api-change:``macie2``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``managedblockchain-query``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``marketplacecommerceanalytics``: [``botocore``] Update endpoint ruleset parameters
casing
* api-change:``mediatailor``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mgh``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mgn``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mpa``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``neptunedata``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``networkmonitor``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``odb``: [``botocore``] Doc-only update that removes duplicate values from
descriptions of ODB peering APIs.
* api-change:``omics``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``opensearchserverless``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``pca-connector-scep``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``personalize-events``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``pinpoint-email``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``resiliencehub``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``rum``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sagemaker``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sagemaker-edge``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``savingsplans``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``securitylake``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sesv2``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``storagegateway``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``synthetics``: [``botocore``] Update endpoint ruleset parameters casing
- from version 1.40.57
* api-change:``appfabric``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``autoscaling``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``b2bi``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bcm-dashboards``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ce``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``chatbot``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cloudformation``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cloudhsm``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cloudhsmv2``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codeguru-reviewer``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cognito-identity``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``comprehendmedical``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``connect``: [``botocore``] This release added support for email address alias
configuration and outbound campaign preview mode.
* api-change:``connectcampaignsv2``: [``botocore``] Updated Amazon Connect Outbound Campaigns V2
SDK to support Preview Outbound Mode
* api-change:``connectparticipant``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``devicefarm``: [``botocore``] This release adds support for optionally including an
app as part of a CreateRemoteAccessSession request
* api-change:``directconnect``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ds-data``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ec2``: [``botocore``] This release adds AvailabilityZoneId support for
CreateNetworkInterface and DescribeNetworkInterfaces APIs.
* api-change:``ec2-instance-connect``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``forecastquery``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iam``: [``botocore``] Updated OIDC and SAML apis to reject multiple simultaneous
requests to change a unique object.
* api-change:``inspector2``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iot``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iotanalytics``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iotfleetwise``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iotsecuretunneling``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iotsitewise``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ivschat``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kinesisanalyticsv2``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``lexv2-models``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mailmanager``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``marketplace-agreement``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``medialive``: [``botocore``] Add 3 API operations for fetching alerts: ListAlerts
(Channels), ListClusterAlerts (MediaLive Anywhere), and ListMultiplexAlerts
* api-change:``mwaa``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``notificationscontacts``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``oam``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``pcs``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``pinpoint-sms-voice-v2``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``redshift-data``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``route53``: [``botocore``] Amazon Route 53 now supports the ISOB West Region for
private DNS for Amazon VPCs and cloudwatch healthchecks.
* api-change:``route53-recovery-cluster``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``rtbfabric``: [``botocore``] Update for general availability of AWS RTB Fabric
service.
* api-change:``sagemaker-a2i-runtime``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``sns``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ssm-incidents``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``workdocs``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``workmail``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``workspaces``: [``botocore``] Update endpoint ruleset parameters casing
- from version 1.40.56
* api-change:``dynamodb``: [``botocore``] Add AccountID based endpoint metric to endpoint rules.
* api-change:``emr``: [``botocore``] Added RECONFIGURING to the InstanceFleetState convenience enum.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``mediaconvert``: [``botocore``] This release adds the ability to set resolution for
the black video generator and also adds the StartJobsQuery and GetJobsQueryResults APIs which allow
asynchronous search of job history using new filters.
* api-change:``meteringmarketplace``: [``botocore``] Added ClientToken parameter to MeterUsage API
for specifying idempotent requests.
- from version 1.40.55
* api-change:``amp``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``amplifybackend``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``appconfigdata``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``appintegrations``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``application-insights``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``arc-zonal-shift``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bcm-recommended-actions``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bedrock-data-automation-runtime``: [``botocore``] Update endpoint ruleset parameters
casing
* api-change:``chime-sdk-meetings``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cloudfront``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``cloudfront-keyvaluestore``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``codestar-notifications``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``controlcatalog``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``datasync``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ds``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``dsql``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``es``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``events``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``evidently``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``finspace``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``finspace-data``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``gameliftstreams``: [``botocore``] Updates documentation to clarify valid application
binaries for an Amazon GameLift Streams application and provide descriptions of stream session
error status reasons
* api-change:``geo-maps``: [``botocore``] Added support for optional style parameters in maps,
including Terrain, ContourDensity, Traffic, and TravelModes.
* api-change:``imagebuilder``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iot-data``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iotdeviceadvisor``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iotthingsgraph``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``iottwinmaker``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kendra-ranking``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kinesis-video-media``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``lakeformation``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``license-manager``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``license-manager-user-subscriptions``: [``botocore``] Update endpoint ruleset
parameters casing
* api-change:``marketplace-catalog``: [``botocore``] The ListEntities API now supports two new CAPI
filters: DeliveryOptionTypes for SaaS products and CompatibleAWSServices for Container products.
* api-change:``mediaconnect``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``migration-hub-refactor-spaces``: [``botocore``] Update endpoint ruleset parameters
casing
* api-change:``network-firewall``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``networkmanager``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``organizations``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``pi``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``qapps``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``rolesanywhere``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``route53-recovery-readiness``: [``botocore``] Update endpoint ruleset parameters
casing
* api-change:``sagemaker-geospatial``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``signer``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``swf``: [``botocore``] Releasing minor endpoint updates.
* api-change:``timestream-write``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``tnb``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``wellarchitected``: [``botocore``] Update endpoint ruleset parameters casing
- from version 1.40.54
* api-change:``acm-pca``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``amplify``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``apigatewaymanagementapi``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``apprunner``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``apptest``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``autoscaling-plans``: [``botocore``] Updated FIPS endpoints for US GovCloud regions
* api-change:``batch``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``bcm-data-exports``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``billingconductor``: [``botocore``] New feature: service flat CLI and first AWS
managed pricing plan (BasicPricingPlan)
* api-change:``customer-profiles``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``databrew``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``dataexchange``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``dlm``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
* api-change:``freetier``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``gamelift``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``geo-routes``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``globalaccelerator``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``grafana``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``identitystore``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ivs``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ivs-realtime``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kafka``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``keyspaces``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``kms``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``lex-models``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``lexv2-runtime``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``lookoutequipment``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``m2``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``machinelearning``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``marketplace-entitlement``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``mediapackagev2``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``medical-imaging``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``memorydb``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``migrationhub-config``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``networkflowmonitor``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``osis``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``personalize``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``personalize-runtime``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``pinpoint-sms-voice``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``polly``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``pricing``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``qldb``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``qldb-session``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``route53-recovery-control-config``: [``botocore``] Update endpoint ruleset parameters
casing
* api-change:``ssm``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ssm-contacts``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``ssm-guiconnect``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``timestream-query``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``voice-id``: [``botocore``] Update endpoint ruleset parameters casing
* api-change:``workspaces-web``: [``botocore``] Update endpoint ruleset parameters casing
- from version 1.40.53
* api-change:``bedrock``: [``botocore``] Amazon Bedrock Automated Reasoning Policy now offers
enhanced AWS KMS integration. The CreateAutomatedReasoningPolicy API includes a new kmsKeyId field,
allowing customers to specify their preferred KMS key for encryption, improving control and
compliance with AWS encryption mandates.
* api-change:``docdb``: [``botocore``] Add support for NetworkType field in CreateDbCluster,
ModifyDbCluster, RestoreDbClusterFromSnapshot and RestoreDbClusterToPointInTime for DocumentDB.
* api-change:``ec2``: [``botocore``] Introducing EC2 Capacity Manager for monitoring and analyzing
capacity usage across On-Demand Instances, Spot Instances, and Capacity Reservations.
* api-change:``elbv2``: [``botocore``] This release expands Listener Rule Conditions to support
RegexValues and adds support for a new Transforms field in Listener Rules.
* api-change:``guardduty``: [``botocore``] Added default pagination value for
ListMalwareProtectionPlans API and updated UpdateFindingsFeedback API
* api-change:``lightsail``: [``botocore``] Add support for manage Lightsail Bucket CORS
configuration
* api-change:``timestream-influxdb``: [``botocore``] This release adds support for creating and
managing InfluxDB 3 Core and Enterprise DbClusters.
- from version 1.40.52
* api-change:``appstream``: [``botocore``] This release introduces support for Microsoft license
included applications streaming.
* api-change:``backup``: [``botocore``] The AWS Backup job attribute extension enhancement helps
customers better understand the plan that initiated each job, and the properties of the resource
each job creates.
* api-change:``connect``: [``botocore``] SDK release for TaskTemplateInfo in Contact for
DescribeContact response.
* api-change:``datazone``: [``botocore``] Support creating scoped and trustedIdentityPropagation
enabled connections.
* api-change:``ec2``: [``botocore``] This release adds support for creating instant, point-in-time
copies of EBS volumes within the same Availability Zone
* api-change:``transcribe``: [``botocore``] Move UntagResource API body member to query parameter
* api-change:``transfer``: [``botocore``] SFTP connectors now support routing connections via
customers' VPC. This enables connections to remote servers that are only accessible in a customer's
VPC environment, and to servers that are accessible over the internet but need connections coming
from an IP address in a customer VPC's CIDR range.
- from version 1.40.51
* api-change:``bedrock-agentcore``: [``botocore``] Updated InvokeAgentRuntime API to accept account
id optionally and added CompleteResourceTokenAuth API.
* api-change:``bedrock-agentcore-control``: [``botocore``] Updated http status code in control
plane apis of agentcore runtime, tools and identity. Additional included provider types for
AgentCore Identity
* api-change:``ec2``: [``botocore``] Release Amazon EC2 c8i, c8i-flex, m8a, and r8gb
* api-change:``observabilityadmin``: [``botocore``] CloudWatch Observability Admin adds the ability
to enable Resource tags for telemetry in a customer account. The release introduces new APIs to
enable, disable and describe the status of Resource tags for telemetry feature. This new capability
simplifies monitoring AWS resources using tags.
- Update BuildRequires and Requires from setup.py
- python-botocore
-
- Update to 1.42.27
* api-change:``bedrock``: This change will increase TestCase guardContent input size from 1024 to
2028 characters and PolicyBuildDocumentDescription from 2000 to 4000 characters
* api-change:``datazone``: Adds support for IAM role subscriptions to Glue table listings via
CreateSubscriptionRequest API. Also adds owningIamPrincipalArn filter to List APIs and
subscriptionGrantCreationMode parameter to subscription target APIs for controlling grant creation
behavior.
- from version 1.42.26
* api-change:``billing``: Cost Categories filtering support to BillingView data filter expressions
through the new costCategories parameter, enabling users to filter billing views by AWS Cost
Categories for more granular cost management and allocation.
* api-change:``iot-managed-integrations``: This release introduces WiFi Simple Setup (WSS) enabling
device provisioning via barcode scanning with automated network discovery, authentication, and
credential provisioning. Additionally, it introduces 2P Device Capability Rediscovery for updating
hub-managed device capabilities post-onboarding.
* api-change:``sagemaker``: Added ultraServerType to the UltraServerInfo structure to support
server type identification for SageMaker HyperPod
- from version 1.42.25
* api-change:``bedrock-agentcore-control``: Adds optional field "view" to GetMemory API input to
give customers control over whether CMK encrypted data such as strategy decryption or override
prompts is returned or not.
* api-change:``cloudfront``: Added EntityLimitExceeded exception handling to the following API
operations AssociateDistributionWebACL, AssociateDistributionTenantWebACL,
UpdateDistributionWithStagingConfig
* api-change:``glue``: Adding MaterializedViews task run APIs
* api-change:``medialive``: MediaPackage v2 output groups in MediaLive can now accept one
additional destination for single pipeline channels and up to two additional destinations for
standard channels. MediaPackage v2 destinations now support sending to cross region MediaPackage
channels.
* api-change:``transcribe``: Adds waiters to Amazon Transcribe.
- from version 1.42.24
* api-change:``workspaces``: Add StateMessage and ProgressPercentage fields to
DescribeCustomWorkspaceImageImport API response.
- from version 1.42.23
* api-change:``ce``: This release updates existing reservation recommendations API to support
deployment model.
* api-change:``emr-serverless``: Added support for enabling disk encryption using customer managed
AWS KMS keys to CreateApplication, UpdateApplication and StartJobRun APIs.
- from version 1.42.22
* api-change:``cleanroomsml``: AWS Clean Rooms ML now supports advanced Spark configurations to
optimize SQL performance when creating an MLInputChannel or an audience generation job.
- from version 1.42.21
* bugfix:``s3``: Clarify ``payload_signing_enabled`` documentation to cover interaction with
``request_checksum_calculation``
- from version 1.42.20
* api-change:``cleanrooms``: Added support for publishing detailed metrics to CloudWatch for
operational monitoring of collaborations, including query performance and resource utilization.
* api-change:``identitystore``: This change introduces "Roles" attribute for User entities
supported by AWS Identity Store SDK.
- from version 1.42.19
* api-change:``connect``: Adds support for searching global contacts using the ActiveRegions
filter, and pagination support for ListSecurityProfileFlowModules and ListEntitySecurityProfiles.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``kafkaconnect``: This change sets the KafkaConnect GovCloud FIPS and FIPS DualStack
endpoints to use kafkaconnect instead of kafkaconnect-fips as the service name. This is done to
match the Kafka endpoints.
- from version 1.42.18
* api-change:``connect``: Changes for Contact for Global Search
* api-change:``elastictranscoder``: The elastictranscoder client has been removed following the
deprecation of the service.
* api-change:``quicksight``: This release adds support for quick users to be able to perform role
upgrades on their own. Additionally it allows admins to make this feature admin or auto approval
along with new self upgrade capability that can be restricted by Admins.
- from version 1.42.17
* api-change:``medialive``: AWS Elemental MediaLive now supports Pipeline Locking using Video
Alignment as well as linked single pipeline channels to enable cross-channel and cross-region
Pipeline Locking workflows.
- from version 1.42.16
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``geo-places``: Adds support for InferredSecondaryAddress place type, Designator in
SecondaryAddressComponent and Heading in ReverseGeocode.
* api-change:``pinpoint-sms-voice-v2``: This release adds support for the Registration Reviewer
feature, which provides generative AI feedback on a phone number or sender ID registration to
ensure completeness before sending to downstream (carrier) review.
* api-change:``s3``: Add additional validation to Outpost bucket names.
- from version 1.42.15
* api-change:``config``: Added supported resourceTypes for Config from July to November 2025
* api-change:``ec2``: Adds support for linkedGroupId on the CreatePlacementGroup and
DescribePlacementGroups APIs. The linkedGroupId parameter is reserved for future use.
* api-change:``guardduty``: Make accountIds a required field in GetRemainingFreeTrialDays API to
reflect service behavior.
* api-change:``pcs``: Change API Reference Documentation for default Mode in Accounting and
SlurmRest
- from version 1.42.14
* api-change:``arc-region-switch``: Automatic Plan Execution Reports allow customers to maintain a
concise record of their Region switch Plan executions. This enables customer SREs and leadership
to have a clear view of their recovery posture based on the generated reports for their Plan
executions.
* api-change:``connect``: Adding support for Custom Metrics and Pre-Defined Attributes to
GetCurrentMetricData API.
* api-change:``emr-serverless``: Added JobLevelCostAllocationConfiguration field to enable cost
allocation reporting at the job level, providing more granular visibility into EMR Serverless
charges
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``iot``: This release adds event-based logging feature that enables granular event
logging controls for AWS IoT logs.
* api-change:``qbusiness``: It is a internal bug fix for region expansion
* api-change:``wickr``: AWS Wickr now provides a suite of admin APIs to allow you to
programmatically manage secure communication for Wickr networks at scale. These APIs enable you to
automate administrative workflows including user lifecycle management, network configuration, and
security group administration.
* api-change:``workspaces-web``: Add support for WebAuthn under user settings.
- from version 1.42.13
* api-change:``appstream``: Added support for new operating systems (1) Ubuntu 24.04 Pro LTS on
Elastic fleets, and (2) Microsoft Server 2025 on Always-On and On-Demand fleets
* api-change:``arc-region-switch``: New API to list Route 53 health checks created by ARC region
switch for a plan in a specific AWS Region using the Region switch Regional data plane.
* api-change:``artifact``: Add support for ListReportVersions API for the calling AWS account.
* api-change:``bedrock-agentcore-control``: Feature to support header exchanges between Bedrock
AgentCore Gateway Targets and client, along with propagating query parameter to the configured
targets.
* api-change:``bedrock-data-automation``: Blueprint Optimization (BPO) is a new Amazon Bedrock Data
Automation (BDA) capability that improves blueprint inference accuracy using example content assets
and ground truth data. BPO works by generating better instructions for fields in the Blueprint
using provided data.
* api-change:``cleanrooms``: Adding support for collaboration change requests requiring an approval
workflow. Adding support for change requests that grant or revoke results receiver ability and
modifying auto approved change types in an existing collaboration.
* api-change:``ec2``: This release adds AvailabilityZoneId support for CreateFleet, ModifyFleet,
DescribeFleets, RequestSpotFleet, ModifySpotFleetRequests and DescribeSpotFleetRequests APIs.
* api-change:``ecr``: Adds support for ECR Create On Push
* api-change:``ecs``: Adding support for Event Windows via a new ECS account setting
"fargateEventWindows". When enabled, ECS Fargate will use the configured event window for patching
tasks. Introducing "CapacityOptionType" for CreateCapacityProvider API, allowing support for Spot
capacity for ECS Managed Instances.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``iot``: This release adds message batching for the IoT Rules Engine HTTP action.
* api-change:``opensearch``: Amazon OpenSearch Service adds support for warm nodes, enabling new
multi-tier architecture.
* api-change:``sesv2``: Amazon SES introduces Email Validation feature which checks email addresses
for syntax errors, domain validity, and risky addresses to help maintain deliverability and protect
sender reputation. SES also adds resource tagging and ABAC support for EmailTemplates and
CustomVerificationEmailTemplates.
* api-change:``ssm-sap``: Added "Stopping" for the HANA Database Status.
- from version 1.42.12
* api-change:``gameliftstreams``: Added new stream group operation parameters for scale-on-demand
capacity with automatic prewarming. Added new Gen6 stream classes based on the EC2 G6 instance
family. Added new StartStreamSession parameter for exposure of real-time performance stats to
clients.
* api-change:``guardduty``: Add support for dbiResourceId in finding.
* api-change:``inspector-scan``: Adds an additional OutputFormat
* api-change:``kafkaconnect``: Support dual-stack network connectivity for connectors via
NetworkType field.
* api-change:``mediaconvert``: Adds support for tile encoding in HEVC and audio for video overlays.
* api-change:``mediapackagev2``: This release adds support for SPEKE V2 content key encryption in
MediaPackage v2 Origin Endpoints.
* api-change:``payment-cryptography``: Support for AS2805 standard. Modifications to import-key
and export-key to support AS2805 variants.
* api-change:``payment-cryptography-data``: Support for AS2805 standard. New API
GenerateAs2805KekValidation and changes to translate pin, GenerateMac and VerifyMac to support
AS2805 key variants.
* api-change:``sagemaker``: Adding the newly launched p6-b300.48xlarge ec2 instance support in
Sagemaker(Hyperpod,Training and Sceptor)
- from version 1.42.11
* api-change:``iot``: Add support for dynamic payloads in IoT Device Management Commands
* api-change:``timestream-influxdb``: This release adds support for rebooting InfluxDB DbInstances
and DbClusters
- from version 1.42.10
* api-change:``bedrock-agentcore-control``: This release updates broken links for AgentCore Policy
APIs in the AWS CLI and SDK resources.
* api-change:``connect``: Amazon Connect now supports outbound WhatsApp contacts via the Send
message block or StartOutboundChatContact API. Send proactive messages for surveys, reminders, and
updates. Offer customers the option to switch to WhatsApp while in queue, eliminating hold time.
* api-change:``ec2``: EC2 Capacity Manager now supports SpotTotalCount, SpotTotalInterruptions and
SpotInterruptionRate metrics for both vCPU and instance units.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``entityresolution``: Support Customer Profiles Integration for AWS Entity Resolution
* api-change:``glacier``: Documentation updates for Amazon Glacier's maintenance mode
* api-change:``health``: Updating Health API endpoint generation for dualstack only regions
* api-change:``logs``: This release allows you to import your historical CloudTrail Lake data into
CloudWatch with a few steps, enabling you to easily consolidate operational, security, and
compliance data in one place.
* api-change:``mediatailor``: Added support for Ad Decision Server Configuration enabling HTTP POST
requests with custom bodies, headers, GZIP compression, and dynamic variables. No changes required
for existing GET request configurations.
* api-change:``route53resolver``: Adds support for enabling detailed metrics on Route 53 Resolver
endpoints using RniEnhancedMetricsEnabled and TargetNameServerMetricsEnabled in the
CreateResolverEndpoint and UpdateResolverEndpoint APIs, providing enhanced visibility into Resolver
endpoint and target name server performance.
* api-change:``s3``: This release adds support for the new optional field 'LifecycleExpirationDate'
in S3 Inventory configurations.
* api-change:``service-quotas``: Add support for SQ Dashboard Api
- from version 1.42.9
* api-change:``bcm-recommended-actions``: Added new freetier action types to RecommendedAction.type.
* api-change:``connect``: Amazon Connect now offers automated post-chat surveys triggered when
customers end conversations. This captures timely feedback while experience is fresh, using either
a no-code form builder or Amazon Lex-powered interactive surveys.
* api-change:``datasync``: Adds Enhanced mode support for NFS and SMB locations. SMB credentials
are now managed via Secrets Manager, and may be encrypted with service or customer managed keys.
Increases AgentArns maximum count to 8 (max 4 per TaskMode). Adds folder counters to
DescribeTaskExecution for Enhanced mode tasks.
* api-change:``workspaces-web``: Adds support for portal branding customization, enabling
administrators to personalize end-user portals with custom assets.
- from version 1.42.8
* api-change:``lambda``: Add Dotnet 10 (dotnet10) support to AWS Lambda.
* api-change:``organizations``: Add support for policy operations on the NETWORK SECURITY DIRECTOR
POLICY policy type.
* api-change:``quicksight``: This release adds new GetIdentityContext API, Dashboard customization
options for tables and pivot tables, Visual styling options- borders and decals, map
GeocodingPreferences, KeyPairCredentials for DataSourceCredentials. Snapshot APIs now support
registered users. Parameters limit increased to 400
* api-change:``secretsmanager``: Add SortBy parameter to ListSecrets
* api-change:``sesv2``: Update GetEmailIdentity and CreateEmailIdentity response to include
SigningHostedZone in DkimAttributes. Updated PutEmailIdentityDkimSigningAttributes Response to
include SigningHostedZone.
- from version 1.42.7
* api-change:``bedrock``: Automated Reasoning checks in Amazon Bedrock Guardrails is capable of
generating policy scenarios to validate policies. The
GetAutomatedReasoningPolicyBuildWorkflowResultAssets API now adds POLICY SCENARIO asset type,
allowing customers to retrieve scenarios generated by the build workflow.
* api-change:``billingconductor``: Launch itemized custom line item and service line item filter
* api-change:``cloudwatch``: This release introduces two additional protocols AWS JSON 1.1 and
Smithy RPC v2 CBOR, replacing the currently utilized one, AWSQuery. AWS SDKs will prioritize the
protocol that is the most performant for each language.
* api-change:``odb``: The following APIs now return CloudExadataInfrastructureArn and OdbNetworkArn
fields for improved resource identification and AWS service integration - GetCloudVmCluster,
ListCloudVmClusters, GetCloudAutonomousVmCluster, and ListCloudAutonomousVmClusters.
* api-change:``opensearch``: The CreateApplication API now supports an optional kms key arn
parameter to allow customers to specify a CMK for application encryption.
* api-change:``partnercentral-selling``: Adds support for the new Project.AwsPartition field on
Opportunity and AWS Opportunity Summary. Use this field to specify the AWS partition where the
opportunity will be deployed.
* api-change:``signer``: Adds support for Signer GetRevocationStatus with updated endpoints
- Update to 1.42.6
* api-change:``account``: This release adds a new API (GetGovCloudAccountInformation) used to
retrieve information about a linked GovCloud account from the standard AWS partition.
* api-change:``appsync``: Update Event API to require EventConfig parameter in creation and update
requests.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``guardduty``: Adding support for Ec2LaunchTemplate Version field
* api-change:``ivs-realtime``: Token Exchange introduces seamless token exchange capabilities for
IVS RTX, enabling customers to upgrade or downgrade token capabilities and update token attributes
within the IVS client SDK without forcing clients to disconnect and reconnect.
* api-change:``mgn``: Added parameters encryption, IPv4/IPv6 protocol configuration, and enhanced
tagging support for replication operations.
* api-change:``route53``: Amazon Route 53 now supports the EU (Germany) Region (eusc-de-east-1) for
latency records, geoproximity records, and private DNS for Amazon VPCs in that region
- Update to 1.42.5
* api-change:``ce``: Add support for Cost Category resource associations including filtering by
resource type on ListCostCategoryDefinitions and new ListCostCategoryResourceAssociations API.
* api-change:``ec2``: Amazon EC2 P6-B300 instances provide 8x NVIDIA Blackwell Ultra GPUs with 2.1
TB high bandwidth GPU memory, 6.4 Tbps EFA networking, 300 Gbps dedicated ENA throughput, and 4 TB
of system memory. Amazon EC2 C8a instances are powered by 5th Gen AMD EPYC processors with a
maximum frequency of 4.5 GHz.
* api-change:``identitystore``: Updating AWS Identity Store APIs to support Attribute Extensions
capability, with the first release adding Enterprise Attributes. This launch aligns Identity Store
APIs with SCIM for enterprise attributes, reducing cases when customers are forced to use SCIM due
to lack of SigV4 API support.
* api-change:``partnercentral-selling``: Deal Sizing Service for AI-based deal size estimation with
AWS service-level breakdown, supporting Expansion and Migration deals across Technology, and
Reseller partner cohorts, including Pricing Calculator AddOn for MAP deals and funding incentives.
* api-change:``rds``: Adding support for tagging RDS Instance/Cluster Automated Backups
* api-change:``redshift-serverless``: Added GetIdentityCenterAuthToken API to retrieve encrypted
authentication tokens for Identity Center integrated serverless workgroups. This API enables
programmatic access to secure Identity Center tokens with proper error handling and parameter
validation across supported SDK languages.
* api-change:``rolesanywhere``: Increases certificate string length for trust anchor source data to
support ML-DSA certificates.
* api-change:``sesv2``: Update Mail Manager Archive ARN validation
* enhancement:ContainerProvider: The ContainerProvider now works with arbitray HTTPS URLs for
`AWS_CONTAINER_CREDENTIALS_FULL_URI`.
- from version 1.42.4
* api-change:``ecs``: Updating stop-task API to encapsulate containers with custom stop signal
* api-change:``iam``: Adding the ExpirationTime attribute to the delegation request resource.
* api-change:``inspector2``: This release adds a new ScanStatus called "Unsupported Code
Artifacts". This ScanStatus will be returned when a Lambda function was not code scanned because it
has unsupported code artifacts.
* api-change:``partnercentral-account``: Adding Verification API's to Partner Central Account SDK.
* api-change:``sesv2``: Updating the desired url for `PutEmailIdentityDkimSigningAttributes` from
v1 to v2
* enhancement:AWSCRT: Update awscrt version to 0.29.2
- from version 1.42.3
* api-change:``lambda``: Add DisallowedByVpcEncryptionControl to the LastUpdateStatusReasonCode and
StateReasonCode enums to represent failures caused by VPC Encryption Controls.
- from version 1.42.2
* api-change:``bedrock``: Adding support in Amazon Bedrock to customize models with reinforcement
fine-tuning (RFT) and support for updating the existing Custom Model Deployments.
* api-change:``sagemaker``: Introduces Serverless training: A fully managed compute infrastructure
that abstracts away all infrastructure complexity, allowing you to focus purely on model
development.
Added AI model customization assets used to train, refine, and evaluate custom models during the
model customization process.
- from version 1.42.1
* api-change:``bedrock``: Adds the audioDataDeliveryEnabled boolean field to the Model Invocation
Logging Configuration.
* api-change:``bedrock-agentcore``: Support for AgentCore Evaluations and Episodic memory strategy
for AgentCore Memory.
* api-change:``bedrock-agentcore-control``: Supports AgentCore Evaluations, Policy, Episodic Memory
Strategy, Resource Based Policy for Runtime and Gateway APIs, API Gateway Rest API Targets and
enhances JWT authorizer.
* api-change:``bedrock-runtime``: Adds support for Audio Blocks and Streaming Image Output plus new
Stop Reasons of malformed_model_output and malformed_tool_use.
* api-change:``ce``: This release updates existing Savings Plans Purchase Analyzer and
Recommendations APIs to support Database Savings Plans.
* api-change:``datazone``: Amazon DataZone now supports exporting Catalog datasets as Amazon S3
tables, and provides automatic business glossary term suggestions for data assets.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``fsx``: S3 Access Points support for FSx for NetApp ONTAP
* api-change:``guardduty``: Adding support for extended threat detection for Amazon EC2 and Amazon
ECS. Adding support for wild card suppression rules.
* api-change:``lambda``: Launching Lambda durable functions - a new feature to build reliable
multi-step applications and AI workflows natively within the Lambda developer experience.
* api-change:``logs``: CloudWatch Logs adds managed S3 Tables integration to access logs using
other analytical tools, as well as facets and field indexing to simplify log analytics in
CloudWatch Logs Insights.
* api-change:``nova-act``: Initial release of Nova Act SDK. The Nova Act service enables customers
to build and manage fleets of agents for automating production UI workflows with high reliability,
fastest time-to-value, and ease of implementation at scale.
* api-change:``observabilityadmin``: CloudWatch Observability Admin adds pipelines configuration
for third party log ingestion and transformation of all logs ingested, integration of CloudWatch
logs with S3 Tables, and AWS account or organization level enablement for 7 AWS services.
* api-change:``opensearch``: GPU-acceleration helps you build large-scale vector databases faster
and more efficiently. You can enable this feature on new OpenSearch domains and OpenSearch
Serverless collections. This feature uses GPU-acceleration to reduce the time needed to index data
into vector indexes.
* api-change:``opensearchserverless``: GPU-acceleration helps you build large-scale vector
databases faster and more efficiently. You can enable this feature on new OpenSearch domains and
OpenSearch Serverless collections. This feature uses GPU-acceleration to reduce the time needed to
index data into vector indexes.
* api-change:``rds``: RDS Oracle and SQL Server: Add support for adding, modifying, and removing
additional storage volumes, offering up to 256TiB storage; RDS SQL Server: Support Developer
Edition via custom engine versions for development and testing purposes; M7i/R7i instances with
Optimize CPU for cost savings.
* api-change:``s3``: New S3 Storage Class FSX_ONTAP
* api-change:``s3control``: Add support for S3 Storage Lens Advanced Performance Metrics, Expanded
Prefixes metrics report, and export to S3 Tables.
* api-change:``s3tables``: Add storage class, replication, and table record expiration features to
S3 Tables.
* api-change:``s3vectors``: Amazon S3 Vectors provides cost-effective, elastic, and durable vector
storage for queries based on semantic meaning and similarity.
* api-change:``sagemaker``: Added support for serverless MLflow Apps.
Added support for new HubContentTypes (DataSet and JsonDoc) in Private Hub for AI model
customization assets, enabling tracking and management of training datasets and evaluators (reward
functions/prompts) throughout the ML lifecycle.
* api-change:``savingsplans``: Added support for Amazon Database Savings Plans
* api-change:``securityhub``: ITSM enhancements: DRYRUN mode for testing ticket creation,
ServiceNow now uses AWS Secrets Manager for credentials, ConnectorRegistrationsV2 renamed to
RegisterConnectorV2, added ServiceQuotaExceededException error, and ConnectorStatus visibility in
CreateConnectorV2.
- from version 1.41.6
* api-change:``appintegrations``: This release adds support for MCP servers via the ApplicationType
field, allowing customers to register their Bedrock AgentCore gateways as third party applications.
* api-change:``bedrock-agent``: Support audio and video ingestion on Bedrock Knowledge Bases.
* api-change:``bedrock-agent-runtime``: Support audio and video content retrieval on Bedrock
Knowledge Bases.
* api-change:``cleanrooms``: AWS Clean Rooms now supports privacy-enhancing synthetic dataset
generation for custom ML training.
* api-change:``cleanroomsml``: AWS Clean Rooms ML now supports privacy-enhancing synthetic dataset
generation for custom ML training.
* api-change:``connect``: This is a combined re:Invent release for Amazon Connect.
* api-change:``connectcampaignsv2``: This release added support for new WhatsApp channel and
Journey type outbound campaign
* api-change:``connectparticipant``: Amazon Connect now supports message processing that intercepts
and processes chat messages before they reach any participant.
* api-change:``customer-profiles``: This release introduces, CRUD APIs for the DomainObjectType and
Recommender resources, APIs to offer statistical insights on Object Type Attributes, Changes to
SegmentDefinition APIs to support SQL queries to create Segments, and Changes to Domain APIs to
support Data Store.
* api-change:``eks``: This release adds support for EKS Capabilities
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``glue``: feature: Glue: Add support for Iceberg materialized view in Glue Data
Catalog, including updated CreateTable API to support materialized views and new APIs for managing
data refresh for materialized views.
feature: Glue: Add support for Iceberg table encryption keys and struct field defaults.
* api-change:``lambda``: Launching Lambda Managed Instances - a new feature to run Lambda on EC2.
* api-change:``lexv2-models``: Adds support for speech-to-speech models for human-like, adaptive,
and expressive voice interactions. Also adds support for speech model preference, allowing
customers to select which speech model they want to use for speech-to-text requests.
* api-change:``marketplace-agreement``: This release supports 1/multi-product transactions via
offer sets. DescribeAgreement and SearchAgreements APIs now return offer set IDs. SearchAgreements
also supports filtering by offer set ID and 2/variable payment pricing terms will be returned
through GetAgreementTerms.
* api-change:``marketplace-catalog``: This release introduces offer set entity in AWS Marketplace
Catalog API to enable multi-product transaction. Offer set enables sellers to group multiple
private offers into a single-click purchase experience, simplifying procurement for customers
purchasing multi-product solutions.
* api-change:``partnercentral-account``: Initial GA launch of Partner Central Account
* api-change:``partnercentral-benefits``: Initial GA launch of Partner Central Benefits
* api-change:``partnercentral-selling``: New Features:
Lead Management APIs for capturing and nurturing leads
Lead invitation support for partner collaboration
Lead-to-opportunity conversion operations
AWS Marketplace OfferSets support for opportunities
* api-change:``personalize``: This release adds support for includedDatasetColumns and
performIncrementalUpdate in solution APIs, and rankingInfluence in campaign and batch inference
APIs.
* api-change:``qconnect``: New AIAgent types: Orchestration for ModelContextProtocol tool
integration, CaseSummary for Amazon Connect Case summaries, NoteTaker for Agent Assistance notes.
Added ListSpans and Retrieve APIs. Enhanced Q in Connect AssistantAssociationType to support Bring
Your Own Bedrock Knowledge Bases.
* api-change:``route53globalresolver``: Add SDK for Amazon Route 53 Global Resolver, a fully
managed DNS resolver service that offers broad DNS-filtering security controls.
* enhancement:AWSCRT: Update awscrt version to 0.29.1
- from version 1.41.5
* api-change:``bedrock-runtime``: Bedrock Runtime Reserved Service Support
* api-change:``compute-optimizer``: Compute Optimizer now identifies idle NAT Gateway resources for
cost optimization based on traffic patterns and backup configuration analysis. Access
recommendations via the GetIdleRecommendations API.
* api-change:``cost-optimization-hub``: This release enables AWS Cost Optimization Hub to show cost
optimization recommendations for NAT Gateway.
- from version 1.41.4
* api-change:``ec2``: This release adds support to view Network firewall proxy appliances attached
to an existing NAT Gateway via DescribeNatGateways API NatGatewayAttachedAppliance structure.
* api-change:``network-firewall``: Network Firewall release of the Proxy feature.
* api-change:``organizations``: Add support for policy operations on the S3_POLICY and
BEDROCK_POLICY policy type.
* api-change:``route53``: Adds support for new route53 feature: accelerated recovery.
- Update to 1.41.3
* api-change:``cloudfront``: Add TrustStore, ConnectionFunction APIs to CloudFront SDK
* api-change:``logs``: New CloudWatch Logs feature - LogGroup Deletion Protection, a capability
that allows customers to safeguard their critical CloudWatch log groups from accidental or
unintended deletion.
* enhancement:awscrt: Update awscrt version to 0.29.0
- from version 1.41.2
* api-change:``apigateway``: API Gateway supports VPC link V2 for REST APIs.
* api-change:``athena``: Introduces Spark workgroup features including log persistence,
S3/CloudWatch delivery, UI and History Server APIs, and SparkConnect 3.5.6 support. Adds DPU usage
limits at workgroup and query levels as well as DPU usage tracking for Capacity Reservation queries
to optimize performance and costs.
* api-change:``bedrock``: Add support to automatically enforce safeguards across accounts within an
AWS Organization.
* api-change:``bedrock-agentcore-control``: Support for agentcore gateway interceptor
configurations and NONE authorizer type
* api-change:``bedrock-data-automation-runtime``: Adding new fields to GetDataAutomationStatus:
jobSubmissionTime, jobCompletionTime, and jobDurationInSeconds
* api-change:``bedrock-runtime``: Add support to automatically enforce safeguards across accounts
within an AWS Organization.
* api-change:``cloudformation``: Adds the DependsOn field to the AutoDeployment configuration
parameter for CreateStackSet, UpdateStackSet, and DescribeStackSet APIs, allowing users to set and
read auto-deployment dependencies between StackSets
* api-change:``compute-optimizer-automation``: Initial release of AWS Compute Optimizer Automation.
Create automation rules to implement recommended actions on a recurring schedule based on your
specified criteria. Supported actions include: snapshot and delete unattached EBS volumes and
upgrade volume types to the latest generation.
* api-change:``connect``: New APIs to support aliases and versions for ContactFlowModule. Updated
ContactFlowModule APIs to support custom blocks.
* api-change:``controltower``: The manifest field is now optional for the AWS Control Tower
CreateLandingZone and UpdateLandingZone APIs for Landing Zone version 4.0
* api-change:``ec2``: This release adds a new capability to create and manage interruptible EC2
Capacity Reservations.
* api-change:``ecr``: Add support for ECR managed signing
* api-change:``eks``: Adds support for controlPlaneScalingConfig on EKS Clusters.
* api-change:``elbv2``: This release adds the health check log feature in ALB, allowing customers
to send detailed target health check log data directly to their designated Amazon S3 bucket.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``invoicing``: Added the CreateProcurementPortalPreference,
GetProcurementPortalPreference, PutProcurementPortalPreference,
UpdateProcurementPortalPreferenceStatus, ListProcurementPortalPreferences and
DeleteProcurementPortalPreference APIs for procurement portal preference management.
* api-change:``kinesisvideo``: This release adds support for Tiered Storage
* api-change:``kms``: Support for on-demand rotation of AWS KMS Multi-Region keys with imported key
material
* api-change:``lambda``: Launching Enhanced Error Handling and ESM Grouping capabilities for Kafka
ESMs
* api-change:``lexv2-models``: Adds support for Intent Disambiguation, allowing resolution of
ambiguous user inputs when multiple intents match by presenting clarifying questions to users. Also
adds Speech Detection Sensitivity configuration for optimizing voice activity detection sensitivity
levels in various noise environments.
* api-change:``mailmanager``: Add support for resources in the aws-eusc partition.
* api-change:``marketplace-entitlement``: Endpoint update for new region
* api-change:``mediapackagev2``: Adds support for excluding session key tags from HLS multivariant
playlists
* api-change:``meteringmarketplace``: Endpoint update for new region
* api-change:``odb``: Adds AssociateIamRoleToResource and DisassociateIamRoleFromResource APIs for
managing IAM roles. Enhances CreateOdbNetwork and UpdateOdbNetwork APIs with KMS, STS, and
cross-region S3 parameters. Adds OCI identity domain support to InitializeService API.
* api-change:``organizations``: Add support for policy operations on the UPGRADE_ROLLOUT_POLICY
policy type.
* api-change:``qconnect``: This release introduces two new messaging channel subtypes: Push,
WhatsApp, under MessageTemplate which is a resource in Amazon Q in Connect.
* api-change:``quicksight``: Amazon Quick Suite now supports QuickChat as an embedding type when
calling the GenerateEmbedUrlForRegisteredUser API, enabling developers to embed conversational AI
agents directly into their applications.
* api-change:``rds``: Add support for Upgrade Rollout Order
* api-change:``redshift``: Added support for Amazon Redshift Federated Permissions and AWS IAM
Identity Center trusted identity propagation.
* api-change:``redshift-serverless``: Added UpdateLakehouseConfiguration API to manage Amazon
Redshift Federated Permissions and AWS IAM Identity Center trusted identity propagation for
namespaces.
* api-change:``sagemaker``: Enhanced SageMaker HyperPod instance groups with support for
MinInstanceCount, CapacityRequirements (Spot/On-Demand), and KubernetesConfig (labels and taints).
Also Added speculative decoding and MaxInstanceCount for model optimization jobs.
* api-change:``security-ir``: Add ListInvestigations and SendFeedback APIs to support SecurityIR AI
agents
* api-change:``sesv2``: Added support for new SES regions - Asia Pacific (Malaysia) and Canada
(Calgary)
* api-change:``transfer``: Adds support for creating Webapps accessible from a VPC.
- from version 1.41.1
* api-change:``application-signals``: Amazon CloudWatch Application Signals now supports
un-instrumented services discovery, cross-account views, and change history, helping SRE and DevOps
teams monitor and troubleshoot their large-scale distributed applications.
* api-change:``autoscaling``: This release adds support for three new features: 1) Image ID
overrides in mixed instances policy, 2) Replace Root Volume - a new strategy for Instance Refresh,
and 3) Instance Lifecycle Policy for enhanced instance lifecycle management.
* api-change:``bedrock-agentcore``: Bedrock AgentCore Memory release for redriving memory
extraction jobs (StartMemoryExtractionJob and ListMemoryExtractionJob)
* api-change:``bedrock-data-automation``: Added support for Synchronous project type and PII
Detection and Redaction
* api-change:``bedrock-data-automation-runtime``: Bedrock Data Automation Runtime Sync API
* api-change:``braket``: Add support for Braket spending limits.
* api-change:``budgets``: Add BillingViewHealthStatusException to DescribeBudgetPerformanceHistory
and ServiceQuotaExceededException to UpdateBudget for improved error handling with Billing Views.
* api-change:``cloudfront``: This release adds support for bring your own IP (BYOIP) to
CloudFront's CreateAnycastIpList API through an optional IpamCidrConfigs field.
* api-change:``cloudtrail``: AWS launches CloudTrail aggregated events to simplify monitoring of
data events at scale. This feature delivers both granular and summarized data events for resources
like S3/Lambda, helping security teams identify patterns without custom aggregation logic.
* api-change:``connect``: Add optional ability to exclude users from send notification actions for
Contact Lens Rules.
* api-change:``datasync``: The partition value "aws-eusc" is now permitted for ARN (Amazon Resource
Name) fields.
* api-change:``devicefarm``: Add support for environment variables and an IAM execution role.
* api-change:``dms``: Added support for customer-managed KMS key (CMK) for encryption for import
private key certificate. Additionally added Amazon SageMaker Lakehouse endpoint used for zero-ETL
integrations with data warehouses.
* api-change:``dsql``: Added clusterVpcEndpoint field to GetVpcEndpointServiceName API response,
returning the VPC connection endpoint for the cluster
* api-change:``ec2``: This release adds support for multiple features including: VPC Encryption
Control for the status of traffic flow; S2S VPN BGP Logging; TGW Flexible Costs; IPAM allocation of
static IPs from IPAM pools to CF Anycast IP lists used on CloudFront distribution; and EBS Volume
Integration with Recycle Bin
* api-change:``ecs``: Launching Amazon ECS Express Mode - a new feature that enables developers to
quickly launch highly available, scalable containerized applications with a single command.
* api-change:``elbv2``: This release adds the target optimizer feature in ALB, enabling strict
concurrency enforcement on targets.
* api-change:``emr``: Add support for configuring S3 destination for step logs on a per-step basis.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``glue``: Added FunctionType parameter to Glue GetuserDefinedFunctions.
* api-change:``imagebuilder``: EC2 Image Builder now enables the distribution of existing AMIs,
retry distribution, and define distribution workflows. It also supports automatic versioning for
recipes and components, allowing automatic version increments and dynamic referencing in pipelines.
* api-change:``kinesis``: Kinesis Data Streams now supports up to 50 Enhance Fan-out consumers for
On-demand Advantage Streams. On-demand Standard and Provisioned streams will continue with the
existing limit of 20 consumers for Enhanced Fan-out.
* api-change:``lakeformation``: Added ServiceIntegrations as a request parameter for
CreateLakeFormationIdentityCenterConfigurationRequest and
UpdateLakeFormationIdentityCenterConfigurationRequest and response parameter for
DescribeLakeFormationIdentityCenterConfigurationResponse
* api-change:``license-manager``: Added cross-account resource aggregation via license asset groups
and expiry tracking for Self-Managed Licenses. Extended Org-Wide View to Self-Managed Licenses,
added reporting for license asset groups, and removed Athena/Glue dependencies for cross-account
resource discovery in commercial regions.
* api-change:``networkmanager``: This release adds support for Cloud WAN Routing Policy providing
customers sophisticated routing controls to better manage their global networks
* api-change:``organizations``: Added new APIs for Billing Transfer, new policy type
INSPECTOR_POLICY, and allow an account to transfer between organizations
* api-change:``quicksight``: Introducing comprehensive theme styling controls. New features include
border customization (radius, width, color), flexible padding controls, background styling for
cards and sheets, centralized typography management, and visual-level override support across
layouts.
* api-change:``rbin``: Add support for EBS volume in Recycle Bin
* api-change:``rds``: Add support for VPC Encryption Controls.
* api-change:``redshift-data``: Increasing the length limit of Statement Name from 500 to 2048.
* api-change:``s3``: Enable / Disable ABAC on a general purpose bucket.
* api-change:``sagemaker``: Added training plan support for inference endpoints. Added HyperPod
task governance with accelerator partition-based quota allocation. Added BatchRebootClusterNodes
and BatchReplaceClusterNodes APIs. Updated ListClusterNodes to include privateDnsHostName.
* api-change:``securityhub``: Release Findings and Resources Trends APIs- GetFindingsTrendsV2 and
GetResourcesTrendsV2. This supports time-series aggregated counts with composite filtering for
1-year of historical data analysis of Findings and Resources.
- from version 1.41.0
* api-change:``apigateway``: API Gateway now supports response streaming and new security policies
for REST APIs and custom domain names.
* api-change:``apigatewayv2``: Support for API Gateway portals and portal products.
* api-change:``backup``: Amazon GuardDuty Malware Protection now supports AWS Backup, extending
malware detection capabilities to EC2, EBS, and S3 backups.
* api-change:``bcm-pricing-calculator``: Add GroupSharingPreference,
CostCategoryGroupSharingPreferenceArn, and CostCategoryGroupSharingPreferenceEffectiveDate to Bill
Estimate. Add GroupSharingPreference and CostCategoryGroupSharingPreferenceArn to Bill Scenario.
* api-change:``bedrock-runtime``: This release includes support for Search Results.
* api-change:``billing``: Added name filtering support to ListBillingViews API through the new
names parameter to efficiently filter billing views by name.
* api-change:``billingconductor``: This release adds support for Billing Transfers, enabling
management of billing transfers with billing groups on AWS Billing Conductor.
* api-change:``ce``: Add support for COST_CATEGORY, TAG, and LINKED_ACCOUNT AWS managed cost
anomaly detection monitors
* api-change:``cloudtrail``: AWS CloudTrail now supports Insights for data events, expanding beyond
management events to automatically detect unusual activity on data plane operations.
* api-change:``connectcampaignsv2``: This release added support for ring timer configuration for
campaign calls.
* api-change:``cost-optimization-hub``: Release ListEfficiencyMetrics API
* api-change:``datazone``: Amazon DataZone now supports business metadata (readme and metadata
forms) at the individual attribute (column) level, a new rule type for glossary terms, and the
ability to update the owner of the root domain unit.
* api-change:``dynamodb``: Extended Global Secondary Index (GSI) composite keys to support up to 8
attributes.
* api-change:``ec2``: This launch adds support for two new features: Regional NAT Gateway and IPAM
Policies. IPAM policies offers customers central control for public IPv4 assignments across AWS
services. Regional NAT is a single NAT Gateway that automatically expands across AZs in a VPC to
maintain high availability.
* api-change:``ecr``: Add support for ECR archival storage class and Inspector org policy for
scanning
* api-change:``ecs``: Added support for Amazon ECS Managed Instances infrastructure optimization
configuration.
* api-change:``emr``: Add CloudWatch Logs integration for Spark driver, executor and step logs
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``fsx``: Adding File Server Resource Manager configuration to FSx Windows
* api-change:``guardduty``: Add support for scanning and viewing scan results for backup resource
types
* api-change:``health``: Adds actionability and personas properties to Health events exposed
through DescribeEvents, DescribeEventsForOrganization, DescribeEventDetails, and DescribeEventTypes
APIs. Adds filtering by actionabilities and personas in EventFilter, OrganizationEventFilter,
EventTypeFilter.
* api-change:``iam``: Added the EnableOutboundWebIdentityFederation,
DisableOutboundWebIdentityFederation and GetOutboundWebIdentityFederationInfo APIs for the IAM
outbound federation feature.
* api-change:``inspector2``: This release introduces BLOCKED_BY_ORGANIZATION_POLICY error code and
IMAGE_ARCHIVED scanStatusReason. BLOCKED_BY_ORGANIZATION_POLICY error code is returned when an
operation is blocked by an AWS Organizations policy. IMAGE_ARCHIVED scanStatusReason is returned
when an Image is archived in ECR.
* api-change:``invoicing``: Add support for adding Billing transfers in Invoice configuration
* api-change:``lambda``: Added support for creating and invoking Tenant Isolated functions in AWS
Lambda APIs.
* api-change:``logs``: Adding support for ocsf version 1.5, add optional parameter MappingVersion
* api-change:``mediaconnect``: This release adds support for global routing in AWS Elemental
MediaConnect. You can now use router inputs and router outputs to manage global video and audio
routing workflows both within the AWS-Cloud and over the public internet.
* api-change:``medialive``: MediaLive is adding support for MediaConnect Router by supporting a new
input type called MEDIACONNECT_ROUTER. This new input type will provide seamless encrypted
transport between MediaConnect Router and your MediaLive channel.
* api-change:``network-firewall``: Partner Managed Rulegroup feature support
* api-change:``networkflowmonitor``: Added new enum value (AWS::EKS::Cluster) for type field under
MonitorLocalResource
* api-change:``partnercentral-channel``: Initial GA launch of Partner Central Channel
* api-change:``route53``: Add dual-stack endpoint support for Route53
* api-change:``rum``: CloudWatch RUM now supports mobile application monitoring for Android and iOS
platforms
* api-change:``s3``: Adds support for blocking SSE-C writes to general purpose buckets.
* api-change:``sagemaker``: Added support for enhanced metrics for SageMaker AI Endpoints. This
features provides Utilization Metrics at instance and container granularity and also provides easy
configuration of metric publish frequency from 10 sec -> 5 mins
* api-change:``secretsmanager``: Adds support to create, update, retrieve, rotate, and delete
managed external secrets.
* api-change:``signin``: AWS Sign-In manages authentication for AWS services. This service provides
secure authentication flows for accessing AWS resources from the console and developer tools. This
release adds the CreateOAuth2Token API, which can be used to fetch OAuth2 access tokens and refresh
tokens from Sign-In.
* api-change:``stepfunctions``: Adds support to TestState for mocked results and exceptions, along
with additional inspection data.
* api-change:``sts``: IAM now supports outbound identity federation via the STS GetWebIdentityToken
API, enabling AWS workloads to securely authenticate with external services using short-lived JSON
Web Tokens.
* feature:credentials: Adds support for the login credential provider, allowing users to use AWS
Management Console credentials for authentication.
- from version 1.40.76
* api-change:``autoscaling``: This release adds the new LaunchInstances API, which can launch
instances synchronously in an AutoScaling group. The API also returns instances info and launch
error back immediately.
* api-change:``backup``: AWS Backup now supports a low-cost warm storage tier for Amazon S3 backup
data.
* api-change:``bedrock-runtime``: Amazon Bedrock Runtime Service Tier Support Launch
* api-change:``cloudformation``: New CloudFormation DescribeEvents API with operation ID tracking
and failure filtering capabilities to quickly identify root causes of deployment failures. Also, a
DeploymentMode parameter for the CreateChangeSet API that enables creation of drift-aware change
sets for safe drift management.
* api-change:``connect``: This release added support for ring timer configuration for campaign
calls.
* api-change:``ec2``: AWS Site-to-Site VPN now supports VPN Concentrator, a new feature that
enables customers to connect multiple low-bandwidth sites connections through a single attachment,
simplifying multi-site connectivity for distributed enterprises.
* api-change:``iam``: Added the AssociateDelegationRequest, GetDelegationRequest,
AcceptDelegationRequest, RejectDelegatonRequest, ListDelegationRequests, UpdateDelegationRequest,
SendDelegationToken and GetHumanReadableSummary APIs for the IAM temporary delegation feature.
* api-change:``kafka``: Amazon MSK adds three new APIs, ListTopics, DescribeTopic, and
DescribeTopicPartitions for viewing Kafka topics in your MSK clusters.
* api-change:``logs``: CloudWatch Logs updates: Added capability to setup a recurring schedule for
log insights queries. Logs introduced Scheduled Queries (managed through
Create/Update/Get/Delete/List/History Scheduled Query APIs). For more information, see CloudWatch
Logs API documentation.
* api-change:``resourcegroupstaggingapi``: Add support for new ListRequiredTags API used to
retrieve the required tags specified in a customer's effective tag policy.
* api-change:``storagegateway``: Adds support for European Sovereign Cloud ARNs in Storage Gateway
API parameters.
* api-change:``wafv2``: AssociateWebACL, UpdateWebACL and PutLoggingConfiguration will now throw
WAFFeatureNotIncludedInPricingPlanException when the request contains a feature that is not
included in the CloudFront pricing plan of the WebACL.
- from version 1.40.75
* api-change:``appstream``: Adding support for additional instances and extended storage
* api-change:``backup``: AWS Backup now supports specifying a logically air-gapped backup vault as
a primary backup target in backup plans and on-demand backup jobs.
* api-change:``bedrock``: Automated Reasoning checks in Amazon Bedrock Guardrails now automatically
generate Q&A tests for new Automated Reasoning policies. The
GetAutomatedReasoningPolicyBuildWorkflowResultAssets API adds GENERATED_TEST_CASES asset type,
allowing customers to retrieve tests generated by the build workflow.
* api-change:``devicefarm``: This release adds support for interacting with devices during a remote
access session using the remoteDriverEndpoint interface
* api-change:``dms``: This release introduces the SAP ASE(Sybase) Data Provider for AWS Data
Migration Service (DMS). In addition, DMS Schema Conversion now supports this provider, enabling
customers to migrate SAP ASE(Sybase) databases to Amazon RDS for PostgreSQL or Aurora PostgreSQL
seamlessly.
* api-change:``ec2``: This release introduces new APIs: DescribeInstanceSqlHaStates,
DescribeInstanceSqlHaHistoryStates, EnableInstanceSqlHaStandbyDetections and
DisableInstanceSqlHaStandbyDetections on Amazon EC2, allowing customers to enroll and monitor SQL
Server licensing fee savings for their SQL HA EC2 instances.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``glue``: Amazon Glue Releasing 2 the new API ListIntegrationResourceProperties and
DeleteIntegrationResourceProperty along with minor improvement on existing API(s).
* api-change:``guardduty``: Add S3 On-Demand Object Scanning
* api-change:``lexv2-models``: Adds support for LLM as Primary, allowing usage of LLMs as the
default NLU system.
* api-change:``medialive``: Adds configurations for spatial/temporal adaptive quantization in AV1
codec, and conversion to HLG output color space in H265 codec.
* api-change:``mediapackagev2``: Add support for SCTE messages in Segment file output
* api-change:``mwaa-serverless``: Amazon MWAA now offers serverless deployment, eliminating
operational overhead while optimizing costs. The service supports YAML and Python-based workflows,
with 80+ AWS Operators. It provides isolated execution, IAM permissions, and automatic scaling with
pay-per-use pricing.
* api-change:``opensearch``: This release adds index operation APIs to support Automatic Semantic
Enrichment feature
* api-change:``pcs``: Added support for the managed Slurm REST API endpoint
* api-change:``route53resolver``: Adding DICTIONARY_DGA to dns-threat-protection as a new enum
type. Customers can now set rules for dictionary dga protection
- from version 1.40.74
* api-change:``datazone``: Adds support for granting read and write access to Amazon S3 general
purpose buckets using CreateSubscriptionRequest and AcceptSubscriptionRequest APIs. Also adds
search filters for SSOUser and SSOGroup to ListSubscriptions APIs and deprecates "sortBy" parameter
for ListSubscriptions APIs.
* api-change:``ec2``: This release adds AvailabilityZoneId support for
CreateInstanceConnectEndpoint, DescribeInstanceConnectEndpoints, and DeleteInstanceConnectEndpoint
APIs.
* api-change:``imagebuilder``: EC2 Image Builder now supports invoking Lambda functions and
executing Step Functions state machine through image workflows.
* api-change:``medialive``: Removed all the value constraint (min/max) for the shape definitions
(e.g. integerMin0Max3600) on the C2j models to get rid of the need to request an exemption from the
SDK team whenever a shape definition (e.g. integerMin0Max3600) is changed.
* enhancement:AWSCRT: Update awscrt version to 0.28.4
- from version 1.40.73
* api-change:``cloudformation``: CloudFormation now supports GetHookResult API with annotations to
retrieve structured compliance check results and remediation guidance for each evaluated resource,
replacing the previous single-message limitation with detailed validation outcomes.
* api-change:``controlcatalog``: Added support for related control mappings with new
RELATED_CONTROL mapping type in ListControlMappings API.
* api-change:``ec2``: Added support for new accelerator types ("media") and accelerator names
("L4", "L40s", "GAUDI_HL_205", "INFERENTIA2", "TRAINIUM", "TRAINIUM2", "U30") in Attributes Based
Instance Type Selection for launched instance types.
* api-change:``ecr``: Add Amazon ECR FIPS PrivateLink endpoint support
* api-change:``elbv2``: QUIC and TCP_QUIC protocol support for Network Load Balancer (NLB). This
capability enables customers to forward QUIC traffic to their targets with ultra-low latency while
maintaining session stickiness using QUIC Connection IDs.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``iotwireless``: Integration of Device Location with Amazon Sidewalk network for
Amazon Sidewalk enabled devices
* api-change:``mediaconvert``: Lowers minimum duration for black video generator. Adds support for
embedding and signing C2PA content credentials in DASH and CMAF HLS outputs.
* api-change:``rds``: Updated endpoint and service metadata
* api-change:``sagemaker``: Added support for minor version upgrades and AWS Identity Center
integration for SageMaker Hadron Partner Apps, enabling automated version management and IdC
group-based access control.
* api-change:``workspaces-web``: Support for managing web content filtering for defining, tracking
and regulating type of content accessed with WorkSpaces Secure Browser as part of browser settings.
- from version 1.40.72
* api-change:``amp``: Add VPC source configuration support enabling Amazon Managed Service for
Prometheus Collector to collect metrics from MSK clusters.
* api-change:``connect``: Updated Authentication Profile APIs to add support for automatic logout
on user inactivity
* api-change:``dms``: Added support of SQL statements creation, metadata model discovery and
selection rules transformation.
* api-change:``ec2``: Adds complete AMI ancestry tracing from immediate parent through each
preceding generation back to the root AMI
* api-change:``elbv2``: This release expands ALB Authentication to support JWT verification and
adds support for a new JWT validation action in listener rule.
* api-change:``redshift``: Added GetIdentityCenterAuthToken API to retrieve encrypted
authentication tokens for Identity Center integrated applications. This API enables programmatic
access to secure Identity Center tokens with proper error handling and parameter validation across
supported SDK languages.
* api-change:``s3tables``: Adds support for request metrics metrics APIs for S3 Tables
* api-change:``sagemaker``: Add support for trn2.3xlarge instance type for SageMaker Hyperpod
- from version 1.40.71
* api-change:``batch``: Documentation-only update: update API and doc descriptions per EKS
ImageType default value switch from AL2 to AL2023.
* api-change:``bedrock-data-automation``: Added support for Language Expansion feature for BDA
Audio modality.
* api-change:``ec2``: AWS Site-to-Site VPN now supports VPN connections with up to 5 Gbps bandwidth
per tunnel, a 4x improvement from existing limit of 1.25 Gbps.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``medical-imaging``: Added new fields in existing APIs.
* api-change:``rtbfabric``: Added LogSettings and LinkAttribute fields to external links
* api-change:``security-ir``: Added support for configuring communication preferences as well as
clearly displaying case comment author identities.
- from version 1.40.70
* api-change:``acm-pca``: Private Certificate Authority service now supports ML-DSA key algorithms.
* api-change:``appstream``: AWS Appstream support for IPv6
* api-change:``backup``: AWS Backup supports backups of Amazon EKS clusters, including Kubernetes
cluster state and persistent storage attached to the EKS cluster via a persistent volume claim (EBS
volumes, EFS file systems, and S3 buckets).
* api-change:``braket``: Adds ExperimentalCapabilities field to CreateQuantumTask request and
GetQuantumTask response objects. Enables use of experimental software capabilities when creating
quantum tasks.
* api-change:``datazone``: Remove trackingServerName from DataZone Connection MLflowProperties
* api-change:``dsql``: Cluster endpoint added to CreateCluster and GetCluster API responses
* api-change:``ec2``: Amazon EC2 Fleet customers can now filter instance types based on
encryption-in-transit support using Attribute-Based Instance Type Selection (ABIS), eliminating the
manual effort of identifying and selecting compatible instance types for security-sensitive
workloads.
* api-change:``guardduty``: Include tags filed in CreatePublishingDestinationRequest and
DescribePublishingDestinationResponse.
* api-change:``iam``: Added CreateDelegationRequest API, which is not available for general use at
this time.
* api-change:``invoicing``: Added new invoicing get-invoice-pdf API Operation
* api-change:``kafka``: Amazon MSK now supports intelligent rebalancing for MSK Express brokers.
* api-change:``sts``: Added GetDelegatedAccessToken API, which is not available for general use at
this time.
* api-change:``verifiedpermissions``: Amazon Verified Permissions / Features : Adds support for
entity Cedar tags.
* api-change:``wafv2``: AWS WAF now supports CLOUDWATCH_TELEMETRY_RULE_MANAGED as a LogScope
option, enabling automated logging configuration through Amazon CloudWatch Logs for telemetry data
collection and analysis.
- from version 1.40.69
* api-change:``controltower``: Added Parent Identifier support to ListEnabledControls and
GetEnabledControl API. Implemented RemediationType support for Landing Zone operations:
CreateLandingZone, UpdateLandingZone and GetLandingZone APIs
* api-change:``ec2``: Adds PrivateDnsPreference and PrivateDnsSpecifiedDomains to control private
DNS resolution for resource and service network VPC endpoints and
IpamScopeExternalAuthorityConfiguration to integrate Amazon VPC IPAM with a third-party IPAM service
* api-change:``kms``: Added support for new ECC_NIST_EDWARDS25519 AWS KMS key spec
* api-change:``opensearch``: This release introduces the Default Application feature, allowing
users to set, change, or unset a preferred OpenSearch UI application on a per-region basis for a
streamlined and consistent user experience.
* api-change:``vpc-lattice``: Amazon VPC Lattice now supports custom domain name for resource
configurations
- from version 1.40.68
* api-change:``accessanalyzer``: New field totalActiveErrors added to getFindingsStatistics
response.
* api-change:``backup``: AWS Backup now supports customer-managed keys (CMK) for logically
air-gapped vaults, enabling customers to maintain full control over their encryption key lifecycle.
This feature helps organizations meet specific internal governance requirements or external
regulatory compliance standards.
* api-change:``connect``: Added support for Conditional Questions in Evaluation Forms. Introduced
Auto Evaluation capability for Evaluation Forms and Contact Evaluations. Added new API operations:
SearchEvaluationForms and SearchContactEvaluations.
* api-change:``ec2``: Add Amazon EC2 R8a instance types
* api-change:``gamelift``: Amazon GameLift Servers now supports game builds that use the Windows
2022 operating system.
* api-change:``identitystore``: IdentityStore API: added new KMSExceptionReason fields to the
Exception object; added multiple new fields to the User APIs - UserStatus, Birthdate, Website and
Photos; added multiple new metadata fields for User, Groups and Membership APIs - CreatedAt,
CreatedBy, UpdatedAt and UpdatedBy.
* api-change:``quicksight``: Support for New Data Prep Experience
* api-change:``s3tables``: Adds support for tagging APIs for S3 Tables
* api-change:``s3vectors``: Amazon S3 Vectors provides cost-effective, elastic, and durable vector
storage for queries based on semantic meaning and similarity.
* api-change:``sagemaker``: Added NodeProvisioningMode parameter to UpdateCluster API to determine
how instance provisioning is handled during cluster operations; in Continuous mode. Added VpcId
field in UpdateDomain request for SageMaker Unified Studio domains with no VPC to add a customer
VPC.
* api-change:``ssm``: Provides NoLongerSupportedException error message
- from version 1.40.67
* api-change:``cloudfront``: This release adds new and updated API operations. You can now use the
IpAddressType field to specify either ipv4 or dualstack for your Anycast static IP list. You can
also enable cross-account resource sharing to share your VPC origins with other AWS accounts
* api-change:``datazone``: Added support for Project Resource Tags
* api-change:``ec2``: This release adds AvailabilityZoneId support for
DescribeFastSnapshotRestores, DisableFastSnapshotRestores, and EnableFastSnapshotRestores APIs.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``fsx``: Amazon FSx now enables secure management of Active Directory credentials
through AWS Secrets Manager integration. Customers can use Secret ARNs instead of direct
credentials when joining resources to Active Directory domains.
* api-change:``groundstation``: Introduce CreateDataflowEndpointGroupV2 action
* api-change:``s3``: Launch IPv6 dual-stack support for S3 Express
* api-change:``sagemaker``: Add new fields in SageMaker Hyperpod DescribeCluster API response:
TargetStateCount, SoftwareUpdateStatus and ActiveSoftwareDeploymentConfig to provide AMI update
progress visibility .
- from version 1.40.66
* api-change:``pinpoint-sms-voice-v2``: This release adds support for the CarrierLookup API, which
returns information about a destination phone number including if the number is valid, the carrier,
and more.
- from version 1.40.65
* api-change:``bedrock-agentcore-control``: Adds support for direct code deploy with
CreateAgentRuntime and UpdateAgentRuntime
* api-change:``budgets``: Fix the AWS Budgets endpoint for the aws-eusc partition.
* api-change:``ec2``: Add Amazon EC2 trn2.3xlarge instance type.
* api-change:``ecs``: Documentation-only update for LINEAR and CANARY deployment strategies.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``kinesis``: Adds support for MinimumThroughputBillingCommitment with new
UpdateAccountSettings API. Adds support to configure warm throughput for on-demand streams in new
UpdateStreamWarmThroughput API and existing CreateStream API and UpdateStreamMode API.
- from version 1.40.64
* api-change:``connectcases``: Added two new case rule types: Parent Child Field Options (restricts
child field options based on parent field value) and Hidden (controls child field visibility based
on parent field value). Both enable dynamic field behavior within templates.
* api-change:``ec2``: Amazon VPC IP Address Manager (IPAM) now supports automated prefix list
management, allowing you to create rules that automatically populate customer-managed prefix lists
with CIDRs from your IPAM pools or AWS resources based on tags, Regions, or other criteria.
* api-change:``emr``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``fms``: Update endpoint ruleset parameters casing
* api-change:``fsx``: Update endpoint ruleset parameters casing
* api-change:``health``: Update endpoint ruleset parameters casing
* api-change:``kinesis``: Update endpoint ruleset parameters casing
* api-change:``lambda``: Add Python3.14 (python3.14) and Java 25 (java25) support to AWS Lambda
* api-change:``logs``: Update endpoint ruleset parameters casing
* api-change:``marketplace-catalog``: Update endpoint ruleset parameters casing
* api-change:``mediaconvert``: Adds SlowPalPitchCorrection to audio pitch correction settings.
Enables opacity for VideoOverlays. Adds REMUX_ALL option to enable multi-rendition passthrough to
VideoSelector for allow listed accounts.
* api-change:``omics``: Added WDL_LENIENT engine type that enables implicit typecasting of variable
values to its compatible declared types
* api-change:``payment-cryptography``: Allow additional characters in the CertificateSubject for
GetCertificateSigningRequest API.
* api-change:``redshift``: Update endpoint ruleset parameters casing
* api-change:``resourcegroupstaggingapi``: Update endpoint ruleset parameters casing
* api-change:``sagemaker``: Allow update of platform identifier via UpdateNotebookInstance
operation.
* api-change:``savingsplans``: Add dual-stack endpoint support for Savings Plans
* api-change:``snowball``: Update endpoint ruleset parameters casing
* api-change:``ssm-quicksetup``: Update endpoint ruleset parameters casing
* api-change:``textract``: Update endpoint ruleset parameters casing
* api-change:``waf``: Update endpoint ruleset parameters casing
- from version 1.40.63
* api-change:``amp``: Add Anomaly Detection APIs for Amazon Managed Prometheus
* api-change:``apigateway``: Update endpoint ruleset parameters casing
* api-change:``appconfig``: Update endpoint ruleset parameters casing
* api-change:``appflow``: Update endpoint ruleset parameters casing
* api-change:``applicationcostprofiler``: Update endpoint ruleset parameters casing
* api-change:``appmesh``: Update endpoint ruleset parameters casing
* api-change:``appsync``: Update endpoint ruleset parameters casing
* api-change:``artifact``: Update endpoint ruleset parameters casing
* api-change:``auditmanager``: Update endpoint ruleset parameters casing
* api-change:``bedrock-agent``: Update endpoint ruleset parameters casing
* api-change:``bedrock-agentcore-control``: Web-Bot-Auth support for AgentCore Browser tool to help
reduce captcha challenges.
* api-change:``chime``: Update endpoint ruleset parameters casing
* api-change:``cleanrooms``: Added support for advanced Spark configurations to optimize SQL
performance
* api-change:``cloudcontrol``: Update endpoint ruleset parameters casing
* api-change:``clouddirectory``: Update endpoint ruleset parameters casing
* api-change:``cloudsearch``: Update endpoint ruleset parameters casing
* api-change:``cloudwatch``: Update endpoint ruleset parameters casing
* api-change:``codecatalyst``: Update endpoint ruleset parameters casing
* api-change:``codecommit``: Update endpoint ruleset parameters casing
* api-change:``codedeploy``: Update endpoint ruleset parameters casing
* api-change:``cognito-sync``: Update endpoint ruleset parameters casing
* api-change:``compute-optimizer``: Update endpoint ruleset parameters casing
* api-change:``connectcases``: Update endpoint ruleset parameters casing
* api-change:``deadline``: Update endpoint ruleset parameters casing
* api-change:``devops-guru``: Update endpoint ruleset parameters casing
* api-change:``docdb``: Adding FailoverState and TagList to GlobalCluster and SynchronizationStatus
to GlobalClusterMember.
* api-change:``ecs``: Amazon ECS Service Connect now supports Envoy access logs, providing deeper
observability into request-level traffic patterns and service interactions.
* api-change:``eks-auth``: Update endpoint ruleset parameters casing
* api-change:``elasticache``: Update endpoint ruleset parameters casing
* api-change:``emr-serverless``: This release adds the capability to enable User Background
Sessions for customers running Trusted Identity Propagation enabled Interactive Sessions on EMR
Serverless Applications.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``firehose``: Update endpoint ruleset parameters casing
* api-change:``frauddetector``: Update endpoint ruleset parameters casing
* api-change:``geo-places``: Update endpoint ruleset parameters casing
* api-change:``glue``: This release adds the capability to enable User Background Sessions for
customers running Trusted Identity Propagation enabled Interactive Sessions on AWS Glue.
* api-change:``greengrassv2``: Update endpoint ruleset parameters casing
* api-change:``iotevents-data``: Update endpoint ruleset parameters casing
* api-change:``iot-managed-integrations``: Add a new GetManagedThingCertificate API to expose Iot
ManagedIntegrations (MI) device certificate, and add "-" support for name, properties, actions
and events in the CapabilityReportCapability object.
* api-change:``keyspacesstreams``: Update endpoint ruleset parameters casing
* api-change:``kms``: Add cross account VPC endpoint service connectivity support to CustomKeyStore.
* api-change:``license-manager-linux-subscriptions``: Update endpoint ruleset parameters casing
* api-change:``marketplace-reporting``: Update endpoint ruleset parameters casing
* api-change:``neptune``: Update endpoint ruleset parameters casing
* api-change:``rtbfabric``: RTB Fabric documentation update.
* api-change:``s3outposts``: Update endpoint ruleset parameters casing
* api-change:``sagemaker-runtime``: Update endpoint ruleset parameters casing
* api-change:``schemas``: Update endpoint ruleset parameters casing
* api-change:``serverlessrepo``: Update endpoint ruleset parameters casing
* api-change:``servicecatalog``: Update endpoint ruleset parameters casing
* api-change:``sso``: Update endpoint ruleset parameters casing
* api-change:``sts``: Update endpoint ruleset parameters casing
- from version 1.40.62
* api-change:``bedrock-runtime``: Add support for system tool and web citation response.
- from version 1.40.61
* api-change:``apigatewayv2``: Update endpoint ruleset parameters casing
* api-change:``application-signals``: Added support for CloudWatch Synthetics Canary resources in
ListAuditFindings API. This enhancement allows customers to retrieve audit findings specifically
for CloudWatch Synthetics canaries and enables service-canary correlation analysis.
* api-change:``backupsearch``: Update endpoint ruleset parameters casing
* api-change:``bcm-pricing-calculator``: Update endpoint ruleset parameters casing
* api-change:``bedrock-agent-runtime``: Update endpoint ruleset parameters casing
* api-change:``bedrock-runtime``: Update endpoint ruleset parameters casing
* api-change:``cleanroomsml``: Update endpoint ruleset parameters casing
* api-change:clients: The following clients have been removed per deprecation of the services -
qldb, qldb-session, robomaker, lookoutmetrics, lookoutvision, iotfleethub, apptest
* api-change:``cloud9``: Update endpoint ruleset parameters casing
* api-change:``cloudsearchdomain``: Update endpoint ruleset parameters casing
* api-change:``codeconnections``: Update endpoint ruleset parameters casing
* api-change:``codeguru-security``: Update endpoint ruleset parameters casing
* api-change:``detective``: Update endpoint ruleset parameters casing
* api-change:``ec2``: This released the DescribeCapacityReservationTopology API.
* api-change:``ecs``: Amazon ECS supports native linear and canary service deployments, allowing
you to shift traffic in increments for more control.
* api-change:``efs``: Update endpoint ruleset parameters casing
* api-change:``elastictranscoder``: Update endpoint ruleset parameters casing
* api-change:``emr-containers``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``gameliftstreams``: Add stream group expiration date and expired status
* api-change:``glacier``: Update endpoint ruleset parameters casing
* api-change:``groundstation``: Enable use of AzEl ephemerides
* api-change:``inspector-scan``: Update endpoint ruleset parameters casing
* api-change:``kafkaconnect``: Update endpoint ruleset parameters casing
* api-change:``kendra``: Update endpoint ruleset parameters casing
* api-change:``kinesisvideo``: Update endpoint ruleset parameters casing
* api-change:``lambda``: Added SerializedRequestEntityTooLargeException to Lambda Invoke API
* api-change:``marketplace-deployment``: Update endpoint ruleset parameters casing
* api-change:``mediapackage-vod``: Update endpoint ruleset parameters casing
* api-change:``migrationhuborchestrator``: Update endpoint ruleset parameters casing
* api-change:``notifications``: Update endpoint ruleset parameters casing
* api-change:``opensearch``: Update endpoint ruleset parameters casing
* api-change:``organizations``: Added Account State field to the ListDelegatedAdministrators API
response.
* api-change:``partnercentral-selling``: Update endpoint ruleset parameters casing
* api-change:``pipes``: Update endpoint ruleset parameters casing
* api-change:``ram``: Update endpoint ruleset parameters casing
* api-change:``resource-groups``: Update endpoint ruleset parameters casing
* api-change:``s3``: Amazon Simple Storage Service / Features: Add conditional writes in CopyObject
on destination key to prevent unintended object modifications.
* api-change:``s3control``: Update endpoint ruleset parameters casing
* api-change:``sagemaker``: Amazon SageMaker now supports deleting training and processing jobs in
a terminal status.
* api-change:``sagemaker-featurestore-runtime``: Update endpoint ruleset parameters casing
* api-change:``security-ir``: Update endpoint ruleset parameters casing
* api-change:``servicecatalog-appregistry``: Update endpoint ruleset parameters casing
* api-change:``sqs``: Update endpoint ruleset parameters casing
* api-change:``support-app``: Update endpoint ruleset parameters casing
* api-change:``taxsettings``: Update endpoint ruleset parameters casing
* api-change:``trustedadvisor``: Update endpoint ruleset parameters casing
* api-change:``workspaces``: Added IPv6 address support for WorkSpaces using Dual-Stack subnets
* api-change:``workspaces-instances``: Update endpoint ruleset parameters casing
* api-change:``xray``: Update endpoint ruleset parameters casing
- from version 1.40.60
* api-change:``accessanalyzer``: Update endpoint ruleset parameters casing
* api-change:``aiops``: Update endpoint ruleset parameters casing
* api-change:``athena``: Update endpoint ruleset parameters casing
* api-change:``backup-gateway``: Update endpoint ruleset parameters casing
* api-change:``bedrock-data-automation``: Update endpoint ruleset parameters casing
* api-change:``braket``: Update endpoint ruleset parameters casing
* api-change:``ce``: Updated endpoint for eusc-de-east-1 region.
* api-change:``chime-sdk-identity``: Update endpoint ruleset parameters casing
* api-change:``chime-sdk-media-pipelines``: Update endpoint ruleset parameters casing
* api-change:``codeartifact``: Update endpoint ruleset parameters casing
* api-change:``codeguruprofiler``: Update endpoint ruleset parameters casing
* api-change:``cognito-idp``: Update endpoint ruleset parameters casing
* api-change:``comprehend``: Update endpoint ruleset parameters casing
* api-change:``connectcampaigns``: Update endpoint ruleset parameters casing
* api-change:``controltower``: Update endpoint ruleset parameters casing
* api-change:``cost-optimization-hub``: Update endpoint ruleset parameters casing
* api-change:``dax``: Update endpoint ruleset parameters casing
* api-change:``elasticbeanstalk``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``entityresolution``: Update endpoint ruleset parameters casing
* api-change:``forecast``: Update endpoint ruleset parameters casing
* api-change:``greengrass``: Update endpoint ruleset parameters casing
* api-change:``iam``: Fixed missing SummaryMap keys in GetAccountSummary response that were being
filtered out during deserialization in AWS Java SDK v2
* api-change:``invoicing``: Update endpoint ruleset parameters casing
* api-change:``kinesis``: Adds support for record sizes up to 10MiB and introduces new
UpdateMaxRecordSize API to modify stream record size limits. Adds record size parameters to
existing CreateStream and DescribeStreamSummary APIs for request and response payloads respectively.
* api-change:``launch-wizard``: Update endpoint ruleset parameters casing
* api-change:``lex-runtime``: Update endpoint ruleset parameters casing
* api-change:``managedblockchain``: Update endpoint ruleset parameters casing
* api-change:``mturk``: Update endpoint ruleset parameters casing
* api-change:``neptune-graph``: Update endpoint ruleset parameters casing
* api-change:``outposts``: Update endpoint ruleset parameters casing
* api-change:``pinpoint``: Update endpoint ruleset parameters casing
* api-change:``rbin``: Update endpoint ruleset parameters casing
* api-change:``rds-data``: Update endpoint ruleset parameters casing
* api-change:``redshift-serverless``: Update endpoint ruleset parameters casing
* api-change:``rekognition``: Update endpoint ruleset parameters casing
* api-change:``repostspace``: Update endpoint ruleset parameters casing
* api-change:``route53profiles``: Update endpoint ruleset parameters casing
* api-change:``route53resolver``: Update endpoint ruleset parameters casing
* api-change:``s3vectors``: Update endpoint ruleset parameters casing
* api-change:``scheduler``: Update endpoint ruleset parameters casing
* api-change:``secretsmanager``: Update endpoint ruleset parameters casing
* api-change:``ses``: Update endpoint ruleset parameters casing
* api-change:``shield``: Update endpoint ruleset parameters casing
* api-change:``simspaceweaver``: Update endpoint ruleset parameters casing
* api-change:``socialmessaging``: Update endpoint ruleset parameters casing
* api-change:``ssm-sap``: Update endpoint ruleset parameters casing
* api-change:``sso-admin``: Update endpoint ruleset parameters casing
* api-change:``stepfunctions``: Update endpoint ruleset parameters casing
* api-change:``waf-regional``: Update endpoint ruleset parameters casing
* api-change:``workmailmessageflow``: Update endpoint ruleset parameters casing
- from version 1.40.59
* api-change:``acm``: Update endpoint ruleset parameters casing
* api-change:``amplifyuibuilder``: Update endpoint ruleset parameters casing
* api-change:``application-signals``: Update endpoint ruleset parameters casing
* api-change:``billing``: Update endpoint ruleset parameters casing
* api-change:``budgets``: Update endpoint ruleset parameters casing
* api-change:``chime-sdk-messaging``: Update endpoint ruleset parameters casing
* api-change:``cloudtrail``: Update endpoint ruleset parameters casing
* api-change:``codepipeline``: Update endpoint ruleset parameters casing
* api-change:``datapipeline``: Update endpoint ruleset parameters casing
* api-change:``datazone``: This release adds support for MLflow connections Creation in DataZone
* api-change:``docdb``: Update endpoint ruleset parameters casing
* api-change:``dynamodbstreams``: Update endpoint ruleset parameters casing
* api-change:``eks``: Update endpoint ruleset parameters casing
* api-change:``elb``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``evs``: Update endpoint ruleset parameters casing
* api-change:``fis``: Update endpoint ruleset parameters casing
* api-change:``gameliftstreams``: Add status reasons for TERMINATED stream sessions
* api-change:``geo-maps``: Added support for optional AdditionalFeatures parameter in the V2
GetTile API.
* api-change:``inspector``: Update endpoint ruleset parameters casing
* api-change:``iot-managed-integrations``: Update endpoint ruleset parameters casing
* api-change:``iotwireless``: Update endpoint ruleset parameters casing
* api-change:``kinesisanalytics``: Update endpoint ruleset parameters casing
* api-change:``kinesis-video-signaling``: Update endpoint ruleset parameters casing
* api-change:``location``: Added support for mobile app restrictions in Amazon Location API keys.
* api-change:``lookoutvision``: Update endpoint ruleset parameters casing
* api-change:``mediapackage``: Update endpoint ruleset parameters casing
* api-change:``mediastore``: Update endpoint ruleset parameters casing
* api-change:``mediastore-data``: Update endpoint ruleset parameters casing
* api-change:``migrationhubstrategy``: Update endpoint ruleset parameters casing
* api-change:``mq``: Update endpoint ruleset parameters casing
* api-change:``panorama``: Update endpoint ruleset parameters casing
* api-change:``payment-cryptography``: Update endpoint ruleset parameters casing
* api-change:``payment-cryptography-data``: Update endpoint ruleset parameters casing
* api-change:``pca-connector-ad``: Update endpoint ruleset parameters casing
* api-change:``qbusiness``: Update endpoint ruleset parameters casing
* api-change:``robomaker``: Update endpoint ruleset parameters casing
* api-change:``route53domains``: Update endpoint ruleset parameters casing
* api-change:``rtbfabric``: Add support for custom rate limits.
* api-change:``s3tables``: Update endpoint ruleset parameters casing
* api-change:``sagemaker``: Added inference components model data caching feature
* api-change:``sagemaker-metrics``: Update endpoint ruleset parameters casing
* api-change:``securityhub``: Release 3 layer filter support in GetFindingsV2,
GetFindingStatisticsV2, GetResourcesV2,GetResourcesStatisticsV2, AutomationRule V2 APIs. Update
filter casing in GetResourcesV2, GetResourcesStatisticsV2 APIs. Add new filters in GetFindingsV2,
GetFindingStatisticsV2, AutomationRule V2 APIs.
* api-change:``servicediscovery``: Update endpoint ruleset parameters casing
* api-change:``snow-device-management``: Update endpoint ruleset parameters casing
* api-change:``sso-oidc``: Update endpoint ruleset parameters casing
* api-change:``supplychain``: Update endpoint ruleset parameters casing
* api-change:``translate``: Update endpoint ruleset parameters casing
* api-change:``verifiedpermissions``: Update endpoint ruleset parameters casing
* api-change:``vpc-lattice``: Update endpoint ruleset parameters casing
* api-change:``wisdom``: Update endpoint ruleset parameters casing
* api-change:``workspaces-thin-client``: Update endpoint ruleset parameters casing
- from version 1.40.58
* api-change:``account``: Update endpoint ruleset parameters casing
* api-change:``application-autoscaling``: Update endpoint ruleset parameters casing
* api-change:``bedrock-agentcore``: Fixing the service documentation name
* api-change:``bedrock-agentcore-control``: Fixing the service documentation name
* api-change:``chime-sdk-voice``: Update endpoint ruleset parameters casing
* api-change:``cloudtrail-data``: Update endpoint ruleset parameters casing
* api-change:``codebuild``: Update endpoint ruleset parameters casing
* api-change:``codestar-connections``: Update endpoint ruleset parameters casing
* api-change:``config``: Update endpoint ruleset parameters casing
* api-change:``connect-contact-lens``: Update endpoint ruleset parameters casing
* api-change:``cur``: Update endpoint ruleset parameters casing
* api-change:``discovery``: Update endpoint ruleset parameters casing
* api-change:``dms``: Update endpoint ruleset parameters casing
* api-change:``docdb-elastic``: Update endpoint ruleset parameters casing
* api-change:``drs``: Update endpoint ruleset parameters casing
* api-change:``dsql``: Add support for resource-based policies for Aurora DSQL clusters. This will
enable you to implement Block Public Access (BPA) which will help restrict access to your Aurora
DSQL public or VPC endpoints.
* api-change:``ebs``: Update endpoint ruleset parameters casing
* api-change:``ecr``: Update endpoint ruleset parameters casing
* api-change:``ecr-public``: Update endpoint ruleset parameters casing
* api-change:``healthlake``: Update endpoint ruleset parameters casing
* api-change:``internetmonitor``: Update endpoint ruleset parameters casing
* api-change:``iotevents``: Update endpoint ruleset parameters casing
* api-change:``iot-jobs-data``: Update endpoint ruleset parameters casing
* api-change:``kinesis-video-archived-media``: Update endpoint ruleset parameters casing
* api-change:``kinesis-video-webrtc-storage``: Update endpoint ruleset parameters casing
* api-change:``lambda``: Add NodeJs 24 (nodejs24.x) support to AWS Lambda.
* api-change:``macie2``: Update endpoint ruleset parameters casing
* api-change:``managedblockchain-query``: Update endpoint ruleset parameters casing
* api-change:``marketplacecommerceanalytics``: Update endpoint ruleset parameters casing
* api-change:``mediatailor``: Update endpoint ruleset parameters casing
* api-change:``mgh``: Update endpoint ruleset parameters casing
* api-change:``mgn``: Update endpoint ruleset parameters casing
* api-change:``mpa``: Update endpoint ruleset parameters casing
* api-change:``neptunedata``: Update endpoint ruleset parameters casing
* api-change:``networkmonitor``: Update endpoint ruleset parameters casing
* api-change:``odb``: Doc-only update that removes duplicate values from descriptions of ODB
peering APIs.
* api-change:``omics``: Update endpoint ruleset parameters casing
* api-change:``opensearchserverless``: Update endpoint ruleset parameters casing
* api-change:``pca-connector-scep``: Update endpoint ruleset parameters casing
* api-change:``personalize-events``: Update endpoint ruleset parameters casing
* api-change:``pinpoint-email``: Update endpoint ruleset parameters casing
* api-change:``resiliencehub``: Update endpoint ruleset parameters casing
* api-change:``rum``: Update endpoint ruleset parameters casing
* api-change:``sagemaker``: Update endpoint ruleset parameters casing
* api-change:``sagemaker-edge``: Update endpoint ruleset parameters casing
* api-change:``savingsplans``: Update endpoint ruleset parameters casing
* api-change:``securitylake``: Update endpoint ruleset parameters casing
* api-change:``sesv2``: Update endpoint ruleset parameters casing
* api-change:``storagegateway``: Update endpoint ruleset parameters casing
* api-change:``synthetics``: Update endpoint ruleset parameters casing
- from version 1.40.57
* api-change:``appfabric``: Update endpoint ruleset parameters casing
* api-change:``autoscaling``: Update endpoint ruleset parameters casing
* api-change:``b2bi``: Update endpoint ruleset parameters casing
* api-change:``bcm-dashboards``: Update endpoint ruleset parameters casing
* api-change:``ce``: Update endpoint ruleset parameters casing
* api-change:``chatbot``: Update endpoint ruleset parameters casing
* api-change:``cloudformation``: Update endpoint ruleset parameters casing
* api-change:``cloudhsm``: Update endpoint ruleset parameters casing
* api-change:``cloudhsmv2``: Update endpoint ruleset parameters casing
* api-change:``codeguru-reviewer``: Update endpoint ruleset parameters casing
* api-change:``cognito-identity``: Update endpoint ruleset parameters casing
* api-change:``comprehendmedical``: Update endpoint ruleset parameters casing
* api-change:``connect``: This release added support for email address alias configuration and
outbound campaign preview mode.
* api-change:``connectcampaignsv2``: Updated Amazon Connect Outbound Campaigns V2 SDK to support
Preview Outbound Mode
* api-change:``connectparticipant``: Update endpoint ruleset parameters casing
* api-change:``devicefarm``: This release adds support for optionally including an app as part of a
CreateRemoteAccessSession request
* api-change:``directconnect``: Update endpoint ruleset parameters casing
* api-change:``ds-data``: Update endpoint ruleset parameters casing
* api-change:``ec2``: This release adds AvailabilityZoneId support for CreateNetworkInterface and
DescribeNetworkInterfaces APIs.
* api-change:``ec2-instance-connect``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``forecastquery``: Update endpoint ruleset parameters casing
* api-change:``iam``: Updated OIDC and SAML apis to reject multiple simultaneous requests to change
a unique object.
* api-change:``inspector2``: Update endpoint ruleset parameters casing
* api-change:``iot``: Update endpoint ruleset parameters casing
* api-change:``iotanalytics``: Update endpoint ruleset parameters casing
* api-change:``iotfleetwise``: Update endpoint ruleset parameters casing
* api-change:``iotsecuretunneling``: Update endpoint ruleset parameters casing
* api-change:``iotsitewise``: Update endpoint ruleset parameters casing
* api-change:``ivschat``: Update endpoint ruleset parameters casing
* api-change:``kinesisanalyticsv2``: Update endpoint ruleset parameters casing
* api-change:``lexv2-models``: Update endpoint ruleset parameters casing
* api-change:``mailmanager``: Update endpoint ruleset parameters casing
* api-change:``marketplace-agreement``: Update endpoint ruleset parameters casing
* api-change:``medialive``: Add 3 API operations for fetching alerts: ListAlerts (Channels),
ListClusterAlerts (MediaLive Anywhere), and ListMultiplexAlerts
* api-change:``mwaa``: Update endpoint ruleset parameters casing
* api-change:``notificationscontacts``: Update endpoint ruleset parameters casing
* api-change:``oam``: Update endpoint ruleset parameters casing
* api-change:``pcs``: Update endpoint ruleset parameters casing
* api-change:``pinpoint-sms-voice-v2``: Update endpoint ruleset parameters casing
* api-change:``redshift-data``: Update endpoint ruleset parameters casing
* api-change:``route53``: Amazon Route 53 now supports the ISOB West Region for private DNS for
Amazon VPCs and cloudwatch healthchecks.
* api-change:``route53-recovery-cluster``: Update endpoint ruleset parameters casing
* api-change:``rtbfabric``: Update for general availability of AWS RTB Fabric service.
* api-change:``sagemaker-a2i-runtime``: Update endpoint ruleset parameters casing
* api-change:``sns``: Update endpoint ruleset parameters casing
* api-change:``ssm-incidents``: Update endpoint ruleset parameters casing
* api-change:``workdocs``: Update endpoint ruleset parameters casing
* api-change:``workmail``: Update endpoint ruleset parameters casing
* api-change:``workspaces``: Update endpoint ruleset parameters casing
- from version 1.40.56
* api-change:``dynamodb``: Add AccountID based endpoint metric to endpoint rules.
* api-change:``emr``: Added RECONFIGURING to the InstanceFleetState convenience enum.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``mediaconvert``: This release adds the ability to set resolution for the black video
generator and also adds the StartJobsQuery and GetJobsQueryResults APIs which allow asynchronous
search of job history using new filters.
* api-change:``meteringmarketplace``: Added ClientToken parameter to MeterUsage API for specifying
idempotent requests.
- from version 1.40.55
* api-change:``amp``: Update endpoint ruleset parameters casing
* api-change:``amplifybackend``: Update endpoint ruleset parameters casing
* api-change:``appconfigdata``: Update endpoint ruleset parameters casing
* api-change:``appintegrations``: Update endpoint ruleset parameters casing
* api-change:``application-insights``: Update endpoint ruleset parameters casing
* api-change:``arc-zonal-shift``: Update endpoint ruleset parameters casing
* api-change:``bcm-recommended-actions``: Update endpoint ruleset parameters casing
* api-change:``bedrock-data-automation-runtime``: Update endpoint ruleset parameters casing
* api-change:``chime-sdk-meetings``: Update endpoint ruleset parameters casing
* api-change:``cloudfront``: Update endpoint ruleset parameters casing
* api-change:``cloudfront-keyvaluestore``: Update endpoint ruleset parameters casing
* api-change:``codestar-notifications``: Update endpoint ruleset parameters casing
* api-change:``controlcatalog``: Update endpoint ruleset parameters casing
* api-change:``datasync``: Update endpoint ruleset parameters casing
* api-change:``ds``: Update endpoint ruleset parameters casing
* api-change:``dsql``: Update endpoint ruleset parameters casing
* api-change:``ec2``: Documentation updates for Amazon EC2.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``es``: Update endpoint ruleset parameters casing
* api-change:``events``: Update endpoint ruleset parameters casing
* api-change:``evidently``: Update endpoint ruleset parameters casing
* api-change:``finspace``: Update endpoint ruleset parameters casing
* api-change:``finspace-data``: Update endpoint ruleset parameters casing
* api-change:``gameliftstreams``: Updates documentation to clarify valid application binaries for
an Amazon GameLift Streams application and provide descriptions of stream session error status
reasons
* api-change:``geo-maps``: Added support for optional style parameters in maps, including Terrain,
ContourDensity, Traffic, and TravelModes.
* api-change:``imagebuilder``: Update endpoint ruleset parameters casing
* api-change:``iot-data``: Update endpoint ruleset parameters casing
* api-change:``iotdeviceadvisor``: Update endpoint ruleset parameters casing
* api-change:``iotthingsgraph``: Update endpoint ruleset parameters casing
* api-change:``iottwinmaker``: Update endpoint ruleset parameters casing
* api-change:``kendra-ranking``: Update endpoint ruleset parameters casing
* api-change:``kinesis-video-media``: Update endpoint ruleset parameters casing
* api-change:``lakeformation``: Update endpoint ruleset parameters casing
* api-change:``license-manager``: Update endpoint ruleset parameters casing
* api-change:``license-manager-user-subscriptions``: Update endpoint ruleset parameters casing
* api-change:``marketplace-catalog``: The ListEntities API now supports two new CAPI filters:
DeliveryOptionTypes for SaaS products and CompatibleAWSServices for Container products.
* api-change:``mediaconnect``: Update endpoint ruleset parameters casing
* api-change:``migration-hub-refactor-spaces``: Update endpoint ruleset parameters casing
* api-change:``network-firewall``: Update endpoint ruleset parameters casing
* api-change:``networkmanager``: Update endpoint ruleset parameters casing
* api-change:``organizations``: Update endpoint ruleset parameters casing
* api-change:``pi``: Update endpoint ruleset parameters casing
* api-change:``qapps``: Update endpoint ruleset parameters casing
* api-change:``rolesanywhere``: Update endpoint ruleset parameters casing
* api-change:``route53-recovery-readiness``: Update endpoint ruleset parameters casing
* api-change:``sagemaker-geospatial``: Update endpoint ruleset parameters casing
* api-change:``signer``: Update endpoint ruleset parameters casing
* api-change:``swf``: Releasing minor endpoint updates.
* api-change:``timestream-write``: Update endpoint ruleset parameters casing
* api-change:``tnb``: Update endpoint ruleset parameters casing
* api-change:``wellarchitected``: Update endpoint ruleset parameters casing
- from version 1.40.54
* api-change:``acm-pca``: Update endpoint ruleset parameters casing
* api-change:``amplify``: Update endpoint ruleset parameters casing
* api-change:``apigatewaymanagementapi``: Update endpoint ruleset parameters casing
* api-change:``apprunner``: Update endpoint ruleset parameters casing
* api-change:``apptest``: Update endpoint ruleset parameters casing
* api-change:``autoscaling-plans``: Updated FIPS endpoints for US GovCloud regions
* api-change:``batch``: Update endpoint ruleset parameters casing
* api-change:``bcm-data-exports``: Update endpoint ruleset parameters casing
* api-change:``billingconductor``: New feature: service flat CLI and first AWS managed pricing plan
(BasicPricingPlan)
* api-change:``customer-profiles``: Update endpoint ruleset parameters casing
* api-change:``databrew``: Update endpoint ruleset parameters casing
* api-change:``dataexchange``: Update endpoint ruleset parameters casing
* api-change:``dlm``: Update endpoint ruleset parameters casing
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``freetier``: Update endpoint ruleset parameters casing
* api-change:``gamelift``: Update endpoint ruleset parameters casing
* api-change:``geo-routes``: Update endpoint ruleset parameters casing
* api-change:``globalaccelerator``: Update endpoint ruleset parameters casing
* api-change:``grafana``: Update endpoint ruleset parameters casing
* api-change:``identitystore``: Update endpoint ruleset parameters casing
* api-change:``ivs``: Update endpoint ruleset parameters casing
* api-change:``ivs-realtime``: Update endpoint ruleset parameters casing
* api-change:``kafka``: Update endpoint ruleset parameters casing
* api-change:``keyspaces``: Update endpoint ruleset parameters casing
* api-change:``kms``: Update endpoint ruleset parameters casing
* api-change:``lex-models``: Update endpoint ruleset parameters casing
* api-change:``lexv2-runtime``: Update endpoint ruleset parameters casing
* api-change:``lookoutequipment``: Update endpoint ruleset parameters casing
* api-change:``m2``: Update endpoint ruleset parameters casing
* api-change:``machinelearning``: Update endpoint ruleset parameters casing
* api-change:``marketplace-entitlement``: Update endpoint ruleset parameters casing
* api-change:``mediapackagev2``: Update endpoint ruleset parameters casing
* api-change:``medical-imaging``: Update endpoint ruleset parameters casing
* api-change:``memorydb``: Update endpoint ruleset parameters casing
* api-change:``migrationhub-config``: Update endpoint ruleset parameters casing
* api-change:``networkflowmonitor``: Update endpoint ruleset parameters casing
* api-change:``osis``: Update endpoint ruleset parameters casing
* api-change:``personalize``: Update endpoint ruleset parameters casing
* api-change:``personalize-runtime``: Update endpoint ruleset parameters casing
* api-change:``pinpoint-sms-voice``: Update endpoint ruleset parameters casing
* api-change:``polly``: Update endpoint ruleset parameters casing
* api-change:``pricing``: Update endpoint ruleset parameters casing
* api-change:``qldb``: Update endpoint ruleset parameters casing
* api-change:``qldb-session``: Update endpoint ruleset parameters casing
* api-change:``route53-recovery-control-config``: Update endpoint ruleset parameters casing
* api-change:``ssm``: Update endpoint ruleset parameters casing
* api-change:``ssm-contacts``: Update endpoint ruleset parameters casing
* api-change:``ssm-guiconnect``: Update endpoint ruleset parameters casing
* api-change:``timestream-query``: Update endpoint ruleset parameters casing
* api-change:``voice-id``: Update endpoint ruleset parameters casing
* api-change:``workspaces-web``: Update endpoint ruleset parameters casing
- from version 1.40.53
* api-change:``bedrock``: Amazon Bedrock Automated Reasoning Policy now offers enhanced AWS KMS
integration. The CreateAutomatedReasoningPolicy API includes a new kmsKeyId field, allowing
customers to specify their preferred KMS key for encryption, improving control and compliance with
AWS encryption mandates.
* api-change:``docdb``: Add support for NetworkType field in CreateDbCluster, ModifyDbCluster,
RestoreDbClusterFromSnapshot and RestoreDbClusterToPointInTime for DocumentDB.
* api-change:``ec2``: Introducing EC2 Capacity Manager for monitoring and analyzing capacity usage
across On-Demand Instances, Spot Instances, and Capacity Reservations.
* api-change:``elbv2``: This release expands Listener Rule Conditions to support RegexValues and
adds support for a new Transforms field in Listener Rules.
* api-change:``guardduty``: Added default pagination value for ListMalwareProtectionPlans API and
updated UpdateFindingsFeedback API
* api-change:``lightsail``: Add support for manage Lightsail Bucket CORS configuration
* api-change:``timestream-influxdb``: This release adds support for creating and managing InfluxDB
3 Core and Enterprise DbClusters.
- from version 1.40.52
* api-change:``appstream``: This release introduces support for Microsoft license included
applications streaming.
* api-change:``backup``: The AWS Backup job attribute extension enhancement helps customers better
understand the plan that initiated each job, and the properties of the resource each job creates.
* api-change:``connect``: SDK release for TaskTemplateInfo in Contact for DescribeContact response.
* api-change:``datazone``: Support creating scoped and trustedIdentityPropagation enabled
connections.
* api-change:``ec2``: This release adds support for creating instant, point-in-time copies of EBS
volumes within the same Availability Zone
* api-change:``transcribe``: Move UntagResource API body member to query parameter
* api-change:``transfer``: SFTP connectors now support routing connections via customers' VPC. This
enables connections to remote servers that are only accessible in a customer's VPC environment, and
to servers that are accessible over the internet but need connections coming from an IP address in
a customer VPC's CIDR range.
- from version 1.40.51
* api-change:``bedrock-agentcore``: Updated InvokeAgentRuntime API to accept account id optionally
and added CompleteResourceTokenAuth API.
* api-change:``bedrock-agentcore-control``: Updated http status code in control plane apis of
agentcore runtime, tools and identity. Additional included provider types for AgentCore Identity
* api-change:``ec2``: Release Amazon EC2 c8i, c8i-flex, m8a, and r8gb
* api-change:``observabilityadmin``: CloudWatch Observability Admin adds the ability to enable
Resource tags for telemetry in a customer account. The release introduces new APIs to enable,
disable and describe the status of Resource tags for telemetry feature. This new capability
simplifies monitoring AWS resources using tags.
- python-pyOpenSSL
-
- CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808)
Add patch CVE-2026-27459.patch
- CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804)
Add patch CVE-2026-27448.patch
- python-s3transfer
-
- Update to version 0.16.0
* feature:``awscrt``: ``CRTTransferManager`` now supports the following
``TransferConfig`` options - ``multipart_threshold``, ``multipart_chunksize``,
``max_request_concurrency``
- Update to version 0.15.0
* feature:``CopyPartTask``: Validate ETag of stored object during multipart copies
- salt
-
- Make syntax in httputil_test compatible with Python 3.6
- Fix KeyError in postgres module with PostgreSQL 17 (bsc#1254325)
- Use internal deb classes instead of external aptsource lib
- Speed up wheel key.finger call (bsc#1240532)
- Backport security patches for Salt vendored tornado:
* CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903)
* CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905)
* CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904)
- Simplify and speed up utils.find_json function (bsc#1246130)
- Extend warn_until period to 2027
- Added:
* fix-tornado-s-httputil_test-syntax-for-python-3.6.patch
* backport-add-maintain-m-privilege-to-postgres-module.patch
* use-internal-salt.utils.pkg.deb-classes-instead-of-a.patch
* speedup-wheel-key.finger-call-bsc-1240532-713.patch
* fixes-for-security-issues-cve-2025-13836-cve-2025-67.patch
* simplify-utils.json.find_json-function.patch
* extend-fails-to-warnings-until-2027-742.patch
- shim
-
- Add Microsoft-signed 16.1 shim
- shim.spec: Temporarily disable nx-shim
- We still need time to test nx (non-executable) shim and develop
the script for delivery. We will not support nx-shim on all Leap
and SLE distros because the function should also be supported by
grub2 and kernel.
- shim.spec: Remove the reproducibility check for the shim binary
- The binutils on Leap 15.6 and SLE-15-SP3 has been upgraded to 2.45
when we are waiting shim-review and Microsoft signing. It causes
that the shim binary is NOT reproducible on build services.
- We just direct use the Microsoft signed-back shim binaries
because we build this binary before and have the logs to prove it.
Before we find a good approach to save/restore the build service
environment, let’s directly use the Microsoft signed-back shim for
delivery.
- Certificates: Add Microsoft UEFI CA files to the target certificates
array in pretrans script.
- Certificates: Convert the SUSE certificates from PEM to DER format
- timestamp.pl: fix the size of checksum in PE Optional Header
- shim.spec: Workaround the string comparison issue in elif directive
- shim.spec: Specify the certificate format in openssl commands
- shim.spec: Use io.open instead of pcall rpm.open in pretrans lua script
- Add a pretrans script to verify that the UEFI db should have the
necessary certificate to allow the shim binary to boot. The installation
will be aborted if the db is missing the target certificate. To proceed,
the user must enroll the target certificate in the db or disable UEFI
Secure Boot.
- Update to 16.1
- Patches (git log --oneline --reverse 16.0..16.1)
4040ec4 shim_start_image(): fix guid/handle pairing when uninstalling protocols
39c0aa1 str2ip6(): parsing of "uncompressed" ipv6 addresses
3133d19 test-mock-variables: make our filter list entries safer.
d44405e mock-variables: remove unused variable
0e8459f Update CI to use ubuntu-24.04 instead of ubuntu-20.04
d16a5a6 SbatLevel_Variable.txt: minor typo fix.
32804cf Realloc() needs one more byte for sprintf()
431d370 IPv6: Add more check to avoid multiple double colon and illegal char
5e4d93c Loader Proto: make freeing of bprop.buffer conditional.
33deac2 Prepare to move things from shim.c to verify.c
030e7df Move a bunch of stuff from shim.c to verify.c
f3ddda7 handle_image(): make verification conditional
774f226 Cache sections of a loaded image and sub-images from them.
eb0d20b loader-protocol: handle sub-section loading for UKIs
2f64bb9 loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages
1abc7ca loader-protocol: NULL output variable in load_image on failure
fb77b44 Generate Authenticode for the entire PE file
b86b909 README: mention new loader protocol and interaction with UKIs
8522612 ci: add mkosi configuration and CI
9ebab84 mkosi workflow: fix the branch name for main.
72a4c41 shim: change automatically enable MOK_POLICY_REQUIRE_NX
a2f0dfa This is an organizational patch to move some things around in mok.c
54b9946 Update to the shim-16.1 branch of gnu-efi to get AsciiSPrint()
a5a6922 get_max_var_sz(): add more debugging for apple platforms
77a2922 Add a "VariableInfo" variable to mok-variables.
efc71c9 build: Avoid passing *FLAGS to sub-make
7670932 Fixes for 'make TOPDIR=... clean'
13ab598 add SbatLevel entry 2025051000 for PSA-2025-00012-1
617aed5 Update version to 16.1~rc1
d316ba8 format_variable_info(): fix wrong size test.
f5fad0e _do_sha256_sum(): Fix missing error check.
3a9734d doc: add howto for running mkosi locally
ced5f71 mkosi: remove spurious slashes from script
0076155 ci: update mkosi commit
5481105 fix http boot
121cddf loader-protocol: Handle UnloadImage after StartImage properly
6a1d1a9 loader-protocol: Fix memory leaks
27a5d22 gitignore: add more mkosi dirs and vscode dir
346ed15 mkosi: disable repository key check on Fedora
afc4955 Update version to 16.1
- 16.1 release note https://github.com/rhboot/shim/releases
shim_start_image(): fix guid/handle pairing when uninstalling protocols by @vathpela in #738
Fix uncompressed ipv6 netboot by @hrvach in #742
fix test segfaults caused by uninitialized memory by @Fabian-Gruenbichler in #739
Update CI to use ubuntu-24.04 instead of ubuntu-20.04 by @vathpela in #749
SbatLevel_Variable.txt: minor typo fix. by @vathpela in #751
Realloc() needs to allocate one more byte for sprintf() by @dennis-tseng99 in #746
IPv6: Add more check to avoid multiple double colon and illegal char by @dennis-tseng99 in #753
Loader proto v2 by @vathpela in #748
loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages by @bluca in #750
Generate Authenticode for the entire PE file by @esnowberg in #604
README: mention new loader protocol and interaction with UKIs by @bluca in #755
ci: add mkosi configuration and CI by @bluca in #764
shim: change automatically enable MOK_POLICY_REQUIRE_NX by @vathpela in #761
Save var info by @vathpela in #763
build: Avoid passing *FLAGS to sub-make by @rosslagerwall in #758
Fixes for 'make TOPDIR=... clean' by @bluca in #762
add SbatLevel entry 2025051000 for PSA-2025-00012-1 by @Fabian-Gruenbichler in #766
Coverity fixes 20250804 by @vathpela in #767
ci: fixlets and docs for mkosi workflow by @bluca in #768
fix http boot by @jsetje in #770
Fix double free and leak in the loader protocol by @rosslagerwall in #769
gitignore: add more mkosi dirs and vscode dir by @bluca in #771
- Drop upstreamed patch:
The following patches are merged to 16.1
- shim-alloc-one-more-byte-for-sprintf.patch
- 32804cf5d9 Realloc() needs one more byte for sprintf() [16.1]
- shim-change-automatically-enable-MOK_POLICY_REQUIRE_NX.patch
- 72a4c41877 shim: change automatically enable MOK_POLICY_REQUIRE_NX [16.1]
- Building with the latest version of gcc in the codebase:
- We prefer that building shim with the latest version of gcc in
codebase.
- Set the minimum version is gcc-13.
if gcc_version < 13
define gcc_version 13
endif
(bsc#1247432)
- SLE shim should includes vendor-dbx-sles.esl instead of
vendor-dbx-opensuse.esl. Fixed it in shim.spec.
verify='SUSE Linux Enterprise Secure Boot CA1'
- vendor_dbx='vendor-dbx-opensuse.esl'
+ vendor_dbx='vendor-dbx-sles.esl'
- Using gcc12 for building shim/shim-nx
- The gcc12 can workaround dxe_get_mem_attrs() hsi_status problem
- Add the following changes to shim.spec :
define gcc_version 12
global cc_compiler /usr/bin/gcc-%{gcc_version}
BuildRequires gcc%{gcc_version}
make CC=%{cc_compiler} RELEASE=0
- Remove shim-disable-dxe-get-mem-attrs.patch
- This downstream patch can be removed after moving to gcc12
(bsc#1247432)
- Add shim-disable-dxe-get-mem-attrs.patch
- On old edk2-stable202308 ovmf, running dxe_get_mem_attrs() causes
get_hsi_mem_info() confusion on hsi_status. It looks that hsi_status
has a copy after running dxe_get_mem_attrs(). Those elements in
hsi_nx_is_enforced(), HEAPX|STACKX|ROW can NOT set into hsi_status.
Let's disabling the approach of DXE get memory attributes until
we found the root cause.
(bsc#1247432)
- Building out shim.nx.efi for supporting non-executable
- Building additional shim with POST_PROCESS_PE_FLAGS=-n to set
the PE NX-compatibility DLL. (NxCompatible field in DllCharacteristics)
- Packaging shim.nx.efi to shim-nx RPM.
- Add MS signatures for shim.nx
- signature-opensuse-nx.x86_64.asc
signature-sles-nx.x86_64.asc
signature-opensuse-nx.aarch64.asc
signature-sles-nx.aarch64.asc
- We direc copy signatures of shim for shim.nx before we got
signatures from Microsoft.
- Building MokManager.efi and fallback.efi with POST_PROCESS_PE_FLAGS=-n
(bsc#1205588)
Factory: Fri Jul 25 05:44:51 UTC 2025 - Joey Lee <jlee@suse.com>
- Add shim-change-automatically-enable-MOK_POLICY_REQUIRE_NX.patch
- shim: change automatically enable MOK_POLICY_REQUIRE_NX (PR #761)
(bsc#1205588)
Factory: Wed May 28 03:37:04 UTC 2025 - Tseng <dennis.tseng@suse.com>
- add revoked-openSUSE-UEFI-SIGN-Certificate-2022-06.crt into dbx
- build shim with EKU enable flag (ENABLE_CODESIGN_EKU)
Factory: Tue May 6 06:19:02 UTC 2025 - Dennis <dennis.tseng@suse.com>
- Update to version 16.0
- https://github.com/rhboot/shim/releases/download/16.0/shim-16.0.tar.bz2
- remove shim-bsc1177315-verify-eku-codesign.patch
remove it because shim github upstream has accepted it (PR #664)
- add revoked-SLES-UEFI-SIGN-Certificate-2022-05.crt to revoked certificates for dbx
SLES-UEFI-SIGN-Certificate-20220525.crt can be blacklisted,
and can be added to the vendor dbx.
- add shim-alloc-one-more-byte-for-sprintf.patch (bsc#1240871)
The codes already submitted to git upstream (PR #746)
In generate_sbat_var_defs.c, realloc() should allocate one more byte for
the end of string '\0' when running sprintf() later.
- Patches (git log --oneline --reverse 15.8..16.0)
126a07e Validate that a supplied vendor cert is not in PEM format
63edf92 sbat: Add grub.peimage,2 to latest (CVE-2024-2312)
3e1394e sbat: Also bump latest for grub,4 (and to todays date)
470a8cd undo change that limits certificate files to a single file
0287c6b shim: don't set second_stage to the empty string
3685b13 Fix SBAT.md for today's consensus about numbers
dc07432 Realize the suggestions as part of PR #672
e064e7d Update Code of Conduct contact address
e68f4ca make-certs: Handle missing OpenSSL installation
74a1f29 Update MokVars.txt - Update documented mirrored variable attributes from RT to BS,RT - Add missing MokSBStateRT - Clarify that MokIgnoreDB is a mirror of MokDBState - Add missing attributes for MokPWStore
f6674fe export DEFINES for sub makefile
47bbb5e Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition
338fded Null-terminate 'arguments' in fallback
3d1dcd4 Fix "Verifiying" typo in error message
b5d359a CI: use checkout@v4
1d8365f CI: work around ownership issue on github
20094ca Update fedora CI targets
3cf0e09 Force gcc to produce DWARF4 so that gdb can use it
5f54182 includes: work around CLANG_PREREQ() double-definition
ab06527 Makefile: don't warn about clang when building compile_commands.json
0c9249d Suppress some warnings even harder in Cryptlib and OpenSSL.
fd7e16f Add building compile_commands.json to CI
314aecf Discard load-options that start with WINDOWS
ac85ba4 Fix the issue that the gBS->LoadImage pointer was empty.
d8c86b7 shim: Allow data after the end of device path node in load options
d197220 Backport EFI_HTTP_ERROR status code
6410312 netboot: Convert TFTP error codes to EFI status codes
ef8e729 httpboot: Convert HTTP status codes to EFI status codes
2a1cbe6 Update gnu-efi submodule for EFI_HTTP_ERROR
196cbb9 Increase EFI file alignment
ad8692e avoid EFIv2 runtime services on Apple x86 machines
0345331 Improve shortcut performance when comparing two boolean expressions
27562ea Fix bad reference to PathName in image loading
1508ece Move is_removable_media_path() to a shared location.
7864c10 Provide better error message when MokManager is not found
3e60895 tpm: Boot with a warning if the event log is full
b560c52 MokManager: remove redundant logical constraints
9229e7c Make mock_set_variable() correctly account for resource usage.
f7e1d72 tests: make it possible to use different limits for variable space
67efdfc test-mok-mirror: refactor the validation of test_mok_mirror_0
70366a2 test-mok-mirror: add a test case where MokListRT won't fit.
3caa75e test-mok-mirror: minor bug fix
dc45aa6 lib/simple_file.c: Allocate zeroed pool for SimpleFS entries
9415d3c simple_file: Allow to form a volume name from DevicePath
d6076cb simple_file: Use second variable to create filesystem entries
f99749a Ignore a minor clang-tidy nit
98173f0 Fall back to default loader when encountering errors on network boot
e42c319 test.mk: don't use a temporary random.bin
c66c157 pe: Enhance debug report for update_mem_attrs
1125212 Fix leak in error path
2daf1db Load concatenated EFI_SIGNATURE_LISTs from shim_certificate.efi
eeca60a Update SbatLevel_Variable.txt with peimage CVE-2024-2312 revocation
743f3fa Add generate_sbat_var_defs utility program
5ae408a Generate and use generated_sbat_var_defs.h
e886fb3 SbatLevel_Variable.txt: clarify where and how revocation data is tracked
15c1a9a Implement the CodeSign EKU check to fulfill the requirements of NIAP OS_PP.
eb02afc Optionally enabling codesign EKU check in compiling time.
7ae0ee6 Add docs for ENABLE_CODESIGN_EKU
38dfa37 Create utils file
83850cd Add configuration option to boot an alternative 2nd stage
bb114a3 Implement shim image load protocol
e7b3598 Move some stuff around
0322e10 Implement the rest of the loader protocol functions
e43aea8 Add EFI_LOAD_FILE2_PROTOCOL to gnu-efi
2bff460 loader-proto: Add support for loading files from disk to LoadImage()
5d17278 loader-proto: Mark load_image()'s handle_image() call as "in_protocol"
fe2ad36 Don't print full screen error dialog from handle_image() when called in_protocol
c57af36 loader-proto: Respect optional DevicePath parameter to load_image()
2b49dc1 Suppress file open failures for some netboot cases
3c3295d netboot: process revocations.efi as revocations not shim_certificate
c66ce2a Allow indepdent SkuSi and SBAT revocation updates
6b8e40c netboot can try to load shim_certificate_[0..9].efi
301cf52 Document how revocations can be delivered
7cde2cc post-process-pe: add tests to validate NX compliance
1294b47 regression: out of bounds read in CopyMem() in ad8692e
765f294 compiler.h: minor ALIGN_... fixes
5c1e6e4 Move error logging decls out of shim.h
d972515 Save the debug and error logs in mok-variables
e3f0338 Silence minor nit in load-options parsing debug output
3d7c057 get_mem_attrs(): ensure an error code is set on failure
49db3de mok: add MOK_VARIABLE_CONFIG_ONLY
887c0ed mok variables: add a format callback
e4857b4 Make test-mok-error failures *slightly* more clear.
589c3f2 Move memory attribute support to its own file.
848667d shim: add HSIStatus feature
e136e64 mock-variables: fix debugging printf format specifier oopsie
f0958ba test-mock-variables: improve some debug prints
b216543 Move mok state variable data flag definitions to the header.
fc0cfac Mirror some more efi variables to mok-variables
eeda3fa gnu-efi: add some DXE services.
c41b1f0 Add support for DXE memory attribute updates.
9269e9b Add DXE Services information to HSI
c868d54 hexdump: give a different debug log for size==0
1baf1ef HSI: Add decode_hsi_bits() for easier reading of the debug log
3bce118 pe: read_header(): allow skipping SecDir content validation
89e6150 Add shim's current NX_COMPAT status to HSIStatus
c5c5287 peimage.h: minor whitespace fixes
5007d83 peimage: add a bunch of comments to read_header()
489af5e README.tpm: reflect that vendor_db is in fact logged as "vendor_db"
1958b0f reject message with different values in multiple Content-Length header field
9c423e0 Some save_logs() improvements.
81d40e3 Disable log saving for now.
498b149 fallback: don't add new boot order entries backwards
06d8dec makefiles: Make GITTAG swizzle tildes to dashes
f02b2c1 make-archive: some minor housekeeping
794d237 Update version to 16.0~rc1
d45c610 SetSecureVariable(): free Cert on failure
76fab7b generate_sbat_var_defs: run clang-format on readfile()
6dadb70 generate_sbat_var_defs: Fix memory leak on realloc failure and fd leak.
f58c77e generate_sbat_var_defs: Ensure revlistentry->revocations is initialized.
b427a34 mirror_mok_db(): get rid of an unused variable+allocation
92630f2 mirror_one_mok_variable(): fix a memory leak on TPM log error.
38f0a9c mirror_mok_db(): Free our mok variable name correctly
db04321 shim_load_image(): initialize the buffer fully
7b75382 simple_dir_filter(): test our 'next' pointer
db1f1da Make 'make fanalyzer' work again.
28d8871 README.tpm: Update MokList entry to MokListRT
8932527 SBAT Level update for February 2025 GRUB CVEs
18d98bf Update version to 16.0
Factory: Tue Jun 25 04:12:39 UTC 2024 - Dennis Tseng <dennis.tseng@suse.com>
- Update asc files of shim-15.8 after being signed back from
Microsoft, including:
signature-opensuse.x86_64.asc,
signature-opensuse.aarch64.asc
- asc files of shim-15.8 for sles is already updated on Apr 18, 2024
signature-sles.x86_64.asc,
signature-sles.aarch64.asc.
Factory: Mon Feb 26 13:09:29 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Use %autosetup macro. Allows to eliminate the usage of deprecated
PatchN.
Factory: Sat Feb 17 07:51:01 UTC 2024 - Joey Lee <jlee@suse.com>
- Modified shim.spec file to add suffix string of project to filename
of included certificates. e.g.
rpm -pql shim-15.8-lp155.6.1.x86_64.rpm
/etc/uefi
/etc/uefi/certs
/etc/uefi/certs/2B697CB1-shim-devel.crt
/etc/uefi/certs/4659838C-shim-opensuse.crt
/etc/uefi/certs/BCA4E38E-shim-sles.crt
The original name of crt files are:
/etc/uefi/certs/2B697CB1-shim.crt
/etc/uefi/certs/4659838C-shim.crt
/etc/uefi/certs/BCA4E38E-shim.crt
It can indicate the souce project of certificates.
- sudo
-
- CVE-2026-35535: potential privilege escalation when running
the mailer (bsc#1261420)
* fix-CVE-2026-35535.patch
- syslogd
-
- Drop last sysvinit Requirement/Provide (PED-13698)
- tar
-
- Fix bsc#1246399 / CVE-2025-45582.
- Add patch:
* CVE-2025-45582.patch
- vim
-
- Fix bsc#1261191 / CVE-2026-34714.
- Fix bsc#1261271 / CVE-2026-34982.
- Fix bsc#1259985 / CVE-2026-33412.
- Update to 9.2.0280:
* patch 9.2.0280: [security]: path traversal issue in zip.vim
* patch 9.2.0279: terminal: out-of-bounds write with overlong CSI argument list
* patch 9.2.0278: viminfo: heap buffer overflow when reading viminfo file
* patch 9.2.0277: tests: test_modeline.vim fails
* patch 9.2.0276: [security]: modeline security bypass
* patch 9.2.0275: tests: test_options.vim fails
* patch 9.2.0274: BSU/ESU are output directly to the terminal
* patch 9.2.0273: tabpanel: undefined behaviour with large tabpanelop columns
* patch 9.2.0272: [security]: 'tabpanel' can be set in a modeline
* patch 9.2.0271: buffer underflow in vim_fgets()
* patch 9.2.0270: test: trailing spaces used in tests
* patch 9.2.0269: configure: Link error on Solaris
* patch 9.2.0268: memory leak in call_oc_method()
* patch 9.2.0267: 'autowrite' not triggered for :term
* patch 9.2.0266: typeahead buffer overflow during mouse drag event
* patch 9.2.0265: unnecessary restrictions for defining dictionary function names
* patch 9.2.0264: Cannot disable kitty keyboard protocol in vim :terminal
* patch 9.2.0263: hlset() cannot handle attributes with spaces
* patch 9.2.0262: invalid lnum when pasting text copied blockwise
* patch 9.2.0261: terminal: redraws are slow
* patch 9.2.0260: statusline not redrawn after closing a popup window
* patch 9.2.0259: tabpanel: corrupted display during scrolling causing flicker
* patch 9.2.0258: memory leak in add_mark()
* patch 9.2.0257: unnecessary memory allocation in set_callback()
* patch 9.2.0256: visual selection size not shown in showcmd during test
* patch 9.2.0255: tests: Test_popup_opacity_vsplit() fails in a wide terminal
* patch 9.2.0254: w_locked can be bypassed when setting recursively
* patch 9.2.0253: various issues with wrong b_nwindows after closing buffers
* patch 9.2.0252: Crash when ending Visual mode after curbuf was unloaded
* patch 9.2.0251: Link error when building without channel feature
* patch 9.2.0250: system() does not support bypassing the shell
* patch 9.2.0249: clipboard: provider reacts to autoselect feature
* patch 9.2.0248: json_decode() is not strict enough
* patch 9.2.0247: popup: popups may not wrap as expected
* patch 9.2.0246: memory leak in globpath()
* patch 9.2.0245: xxd: color output detection is broken
* patch 9.2.0244: memory leak in eval8()
* patch 9.2.0243: memory leak in change_indent()
* patch 9.2.0242: memory leak in check_for_cryptkey()
* patch 9.2.0241: tests: Test_visual_block_hl_with_autosel() is flaky
* patch 9.2.0240: syn_name2id() is slow due to linear search
* patch 9.2.0239: signcolumn may cause flicker
* patch 9.2.0238: showmode message may not be displayed
* patch 9.2.0237: filetype: ObjectScript routines are not recognized
* patch 9.2.0236: stack-overflow with deeply nested data in json_encode/decode()
* patch 9.2.0235: filetype: wks files are not recognized.
* patch 9.2.0234: test: Test_close_handle() is flaky
* patch 9.2.0233: Compiler warning in strings.c
* patch 9.2.0232: fileinfo not shown after :bd of last listed buffer
* patch 9.2.0231: Amiga: Link error for missing HAVE_LOCALE_H
* patch 9.2.0230: popup: opacity not working accross vert splits
* patch 9.2.0229: keypad keys may overwrite keycode for another key
* patch 9.2.0228: still possible flicker
* patch 9.2.0227: MS-Windows: CSI sequences may be written to screen
* patch 9.2.0226: No 'incsearch' highlighting support for :uniq
* patch 9.2.0225: runtime(compiler): No compiler plugin for just
* patch 9.2.0224: channel: 2 issues with out/err callbacks
* patch 9.2.0223: Option handling for key:value suboptions is limited
* patch 9.2.0222: "zb" scrolls incorrectly with cursor on fold
* patch 9.2.0221: Visual selection drawn incorrectly with "autoselect"
* patch 9.2.0220: MS-Windows: some defined cannot be set on Cygwin/Mingw
* patch 9.2.0219: call stack can be corrupted
* patch 9.2.0218: visual selection highlighting in X11 GUI is wrong.
* patch 9.2.0217: filetype: cto files are not recognized
* patch 9.2.0216: MS-Windows: Rendering artifacts with DirectX
* patch 9.2.0215: MS-Windows: several tests fail in the Windows CUI.
* patch 9.2.0214: tests: Test_gui_system_term_scroll() is flaky
* patch 9.2.0213: Crash when using a partial or lambda as a clipboard provider
* patch 9.2.0212: MS-Windows: version packing may overflow
* patch 9.2.0211: possible crash when setting 'winhighlight'
* patch 9.2.0210: tests: Test_xxd tests are failing
* patch 9.2.0209: freeze during wildmenu completion
* patch 9.2.0208: MS-Windows: excessive scroll-behaviour with go+=!
* patch 9.2.0207: MS-Windows: freeze on second :hardcopy
* patch 9.2.0206: MS-Window: stripping all CSI sequences
* patch 9.2.0205: xxd: Cannot NUL terminate the C include file style
* patch 9.2.0204: filetype: cps files are not recognized
* patch 9.2.0203: Patch v9.2.0185 was wrong
* patch 9.2.0202: [security]: command injection via newline in glob()
* patch 9.2.0201: filetype: Wireguard config files not recognized
* patch 9.2.0200: term: DECRQM codes are sent too early
* patch 9.2.0199: tests: test_startup.vim fails
* patch 9.2.0198: cscope: can escape from restricted mode
* patch 9.2.0197: tabpanel: frame width not updated for existing tab pages
* patch 9.2.0196: textprop: negative IDs and can cause a crash
* patch 9.2.0195: CI: test-suite gets killed for taking too long
* patch 9.2.0194: tests: test_startup.vim leaves temp.txt around
* patch 9.2.0193: using copy_option_part() can be improved
* patch 9.2.0192: not correctly recognizing raw key codes
* patch 9.2.0191: Not possible to know if Vim was compiled with Android support
* patch 9.2.0190: Status line height mismatch in vertical splits
* patch 9.2.0189: MS-Windows: opacity popups flicker during redraw in the console
* patch 9.2.0188: Can set environment variables in restricted mode
* patch 9.2.0187: MS-Windows: rendering artifacts with DirectX renderer
* patch 9.2.0186: heap buffer overflow with long generic function name
* patch 9.2.0185: buffer overflow when redrawing custom tabline
* patch 9.2.0184: MS-Windows: screen flicker with termguicolors and visualbell
* patch 9.2.0183: channel: using deprecated networking APIs
* patch 9.2.0182: autocmds may leave windows with w_locked set
* patch 9.2.0181: line('w0') moves cursor in terminal-normal mode
* patch 9.2.0180: possible crash with winminheight=0
* patch 9.2.0179: MS-Windows: Compiler warning for converting from size_t to int
* patch 9.2.0178: DEC mode requests are sent even when not in raw mode
* patch 9.2.0177: Vim9: Can set environment variables in restricted mode
* patch 9.2.0176: external diff is allowed in restricted mode
* patch 9.2.0175: No tests for what v9.2.0141 and v9.2.0156 fixes
* patch 9.2.0174: diff: inline word-diffs can be fragmented
* patch 9.2.0173: tests: Test_balloon_eval_term_visual is flaky
* patch 9.2.0172: Missing semicolon in os_mac_conv.c
* patch 9.2.0171: MS-Windows: version detection is deprecated
* patch 9.2.0170: channel: some issues in ch_listen()
* patch 9.2.0169: assertion failure in syn_id2attr()
* patch 9.2.0168: invalid pointer casting in string_convert() arguments
* patch 9.2.0167: terminal: setting buftype=terminal may cause a crash
* patch 9.2.0166: Coverity warning for potential NULL dereference
* patch 9.2.0165: tests: perleval fails in the sandbox
* patch 9.2.0164: build error when XCLIPBOARD is not defined
* patch 9.2.0163: MS-Windows: Compile warning for unused variable
* patch 9.2.0162: tests: unnecessary CheckRunVimInTerminal in test_quickfix
* patch 9.2.0161: intro message disappears on startup in some terminals
* patch 9.2.0160: terminal DEC mode handling is overly complex
* patch 9.2.0159: Crash when reading quickfix line
* patch 9.2.0158: Visual highlighting might be incorrect
* patch 9.2.0157: Vim9: concatenation can be improved
* patch 9.2.0156: perleval() and rubyeval() ignore security settings
* patch 9.2.0155: filetype: ObjectScript are not recognized
* patch 9.2.0154: if_lua: runtime error with lua 5.5
* patch 9.2.0153: No support to act as a channel server
* patch 9.2.0152: concatenating strings is slow
* patch 9.2.0151: blob_from_string() is slow for long strings
* patch 9.2.0150: synchronized terminal update may cause display artifacts
* patch 9.2.0149: Vim9: segfault when unletting an imported variable
* patch 9.2.0148: Compile error when FEAT_DIFF is not defined
* patch 9.2.0147: blob: concatenation can be improved
* patch 9.2.0146: dictionary lookups can be improved
* patch 9.2.0145: UTF-8 decoding and length calculation can be improved
* patch 9.2.0144: 'statuslineopt' is a global only option
* patch 9.2.0143: termdebug: no support for thread and condition in :Break
* patch 9.2.0142: Coverity: Dead code warning
* patch 9.2.0141: :perl ex commands allowed in restricted mode
* patch 9.2.0140: file reading performance can be improved
* patch 9.2.0139: Cannot configure terminal resize event
* patch 9.2.0138: winhighlight option handling can be improved
* patch 9.2.0137: [security]: crash with composing char in collection range
* patch 9.2.0136: memory leak in add_interface_from_super_class()
* patch 9.2.0135: memory leak in eval_tuple()
* patch 9.2.0134: memory leak in socket_server_send_reply()
* patch 9.2.0133: memory leak in netbeans_file_activated()
* patch 9.2.0132: tests: Test_recover_corrupted_swap_file1 fails on be systems
* patch 9.2.0131: potential buffer overflow in regdump()
* patch 9.2.0130: missing range flags for the :tab command
* patch 9.2.0129: popup: wrong handling of wide-chars and opacity:0
* patch 9.2.0128: Wayland: using _Boolean instead of bool type
* patch 9.2.0127: line('w0') and line('w$') return wrong values in a terminal
* patch 9.2.0126: String handling can be improved
* patch 9.2.0125: tests: test_textformat.vim leaves swapfiles behind
* patch 9.2.0124: auto-format may swallow white space
* patch 9.2.0123: GTK: using deprecated gdk_pixbuf_new_from_xpm_data()
* patch 9.2.0122: Vim still supports compiling on NeXTSTEP
* patch 9.2.0120: tests: test_normal fails
* patch 9.2.0119: incorrect highlight initialization in win_init()
* patch 9.2.0118: memory leak in w_hl when reusing a popup window
* patch 9.2.0117: tests: test_wayland.vim fails
* patch 9.2.0116: terminal: synchronized output sequences are buffered
* patch 9.2.0115: popup: screen flickering possible during async callbacks
* patch 9.2.0114: MS-Windows: terminal output may go to wrong terminal
* patch 9.2.0113: winhighlight pointer may be used uninitialized
* patch 9.2.0112: popup: windows flicker when updating text
* patch 9.2.0111: 'winhighlight' option not always applied
* Update Vim to version 9.2.0110 (from 9.2.0045).
* Specifically, this fixes bsc#1259051 / CVE-2026-28417.
* Update Vim to version 9.2.0045 (from 9.1.1629).
* Fix bsc#1258229 CVE-2026-26269 as 9.2.0045 is not impacted (fixed
upstream).
* Fix bsc#1246602 CVE-2025-53906 as 9.2.0045 is not impacted (fixed
upstream).
* Drop obsolete or upstreamed patches:
- vim-7.3-filetype_spec.patch
- vim-7.4-filetype_apparmor.patch
- vim-8.2.2411-globalvimrc.patch
- vim-9.1.1683-avoid-null-dereference.patch
* Refresh the following patches:
- vim-7.3-filetype_changes.patch
- vim-7.3-filetype_ftl.patch
- vim-7.3-sh_is_bash.patch
- vim-9.1.1134-revert-putty-terminal-colors.patch
* Remove autoconf BuildRequires and drop the autoconf call in %build.
* Add --with-wayland=no to COMMON_OPTIONS to explicitly disable wayland.
* Package new Swedish (sv) man pages and clean up duplicate encodings
(sv.ISO8859-1 and sv.UTF-8) during %install.
- xen
-
- bsc#1259247 - VUL-0: CVE-2026-23554: xen: Use after free of
paging structures in EPT (XSA-480)
xsa480.patch
- bsc#1259248 - VUL-0: CVE-2026-23555: xen: Xenstored DoS by
unprivileged domain (XSA-481)
xsa481.patch