✨ New features to highlight in this version
Enjoy them all now for free at https://cloud.prowler.com
Findings page — Batch filter apply
Selecting filters no longer triggers a page re-render on each change. A new "Apply Filters" button lets you configure multiple filters before executing the query, fixing layout shifts and improving responsiveness.
Attack Paths — Custom queries
Run custom openCypher queries against your Attack Paths graph alongside predefined queries. Use Lighthouse AI to help generate them.
Predefined Attack Paths queries now run faster 🚀
Read more about it in Attack Paths documentation
🙌 Community Contributors
- @sandiyochristan — Replace stdlib XML parser with
defusedxmlin SAML metadata parsing to prevent XML bomb (billion laughs) DoS attacks (#10165)
UI
🚀 Added
- Attack Paths custom openCypher queries with Cartography schema guidance and clearer execution errors (#10397)
🔄 Changed
- Findings filters now use a batch-apply pattern with an Apply Filters button, filter summary strip, and independent filter options instead of triggering API calls on every selection (#10388)
API
🚀 Added
- Finding groups support
check_titlesubstring filtering (#10377)
🐞 Fixed
- Finding groups latest endpoint now aggregates the latest snapshot per provider before check-level totals, keeping impacted resources aligned across providers (#10419)
- Mute rule creation now triggers finding-group summary re-aggregation after historical muting, keeping stats in sync after mute operations (#10419)
- Attack Paths: Deduplicate nodes before ProwlerFinding lookup in Attack Paths Cypher queries, reducing execution time (#10424)
🔐 Security
- Replace stdlib XML parser with
defusedxmlin SAML metadata parsing to prevent XML bomb (billion laughs) DoS attacks (#10165) - Bump
flaskto 3.1.3 (CVE-2026-27205) andwerkzeugto 3.1.6 (CVE-2026-27199) (#10430)
SDK
🐞 Fixed
- Azure MySQL flexible server checks now compare configuration values case-insensitively to avoid false negatives when Azure returns lowercase values (#10396)
- Azure
vm_backup_enabledandvm_sufficient_daily_backup_retention_periodchecks now compare VM names case-insensitively to avoid false negatives when Azure stores backup item names in a different case (#10395) entra_non_privileged_user_has_mfaskips disabled users to avoid false positives (#10426)