[4.1.0] - 2025-07-30
Added
- Added CDK support
- Added WAF rate based rule parameters in HTTP Flood Custom Rule
- Added lambda power tools for tracing and logging
Changed
- Updated the poetry version
- Updated dependencies to address jinja2 CVE-2024-56201
- Updated dependencies: botocore, boto3, responses, coverage, certifi, charset-normalizer, pluggy, s3transfer, typing-extensions, pytest-mock, freezegun, urllib3
- Updated dependencies to address cryptography CVE-2024-12797
- Updated dependency version of requests CVE-2024-47081
- Updated deployment scripts based on CDK changes
- Updated datetime deprecated method for utcnow() to now(datetime.UTC)
- Updated bad bot component behavior with improved log parsing support and detection logic
- Updated waflib api, remove redundant calls
- Removed http request based approach for IP detection and added WAF log based analysis to find ip for bad bot
- Updated temporary folders restrictions
Fixed
- Fixed invalid CRON expression Github issue 261
- Fixed Honeypot detecting IP address with CloudFront Github issue 250
- Fixed CloudFormation Drift for WebACL nested stack Github issue 257
Removed
- Removed old stack templates
- Access handler and Amazon API Gateway resources