v1.19.0

Summary

This release includes important improvements regarding the project’s security management. We addressed several CVEs and implemented OpenSSF Scorecard reporting.

Additionally, we fixed bugs in the Parameters module and improved our documentation and examples.

Thanks to @chrisclayson and @jasoniharris for reporting and fixing those bugs.

Security Posture

We introduced the Open Source Security Foundation (OSSF) Scorecard project to generate security health metrics, proactive security alerts, and attest we've been following OSSF Best Practices.

Thanks to this new reporting mechanism visible to the open-source community, we addressed multiple CVEs across the project, in particular log4j and jackson-databind related findings.

Changes

• chore(deps): Update deps for jackson (#1793) by @sthulb
• build(deps): bump log4j.version from 2.22.1 to 2.24.3 (#1777) by @dependabot
• chore(deps): update JSII to 1.108 (#1791) by @sthulb
• build(deps): bump jinja2 from 3.1.5 to 3.1.6 in /docs (#1789) by @dependabot
• chore: Update netty version (#1768) by @sthulb
• chore: Set versions of transitive dependencies (#1767) by @sthulb
• chore: update Jackson in examples (#1766) by @sthulb
• build(deps): bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2 (#1731) by @dependabot
• build(deps): bump aws.xray.recorder.version from 2.15.3 to 2.18.1 (#1726) by @dependabot
• build(deps): bump aws.sdk.version from 2.26.29 to 2.27.12 (#1724) by @dependabot
• fix: Allow empty responses as well as null response in AppConfig (#1673) by @chrisclayson
• build(deps): bump aws.sdk.version from 2.27.2 to 2.27.7 (#1715) by @dependabot
• build(deps): bump aws.sdk.version from 2.26.29 to 2.27.2 (#1714) by @dependabot
• build(deps): bump aws.sdk.version from 2.25.26 to 2.26.29 (#1713) by @dependabot
• build(deps): bump aws.sdk.version from 2.26.25 to 2.26.29 (#1712) by @dependabot
• chore: deprecate java1.8 al1 (#1706) by @jeromevdl
• chore: java 1.8 AL1 is deprecated, fix E2E tests (#1692) by @jeromevdl
• build(deps): bump aws.sdk.version from 2.26.21 to 2.26.25 (#1703) by @dependabot
• build(deps): bump aws.sdk.version from 2.26.3 to 2.26.21 (#1697) by @dependabot
• build(deps): bump jackson.version from 2.17.0 to 2.17.2 (#1696) by @dependabot
• build(deps): bump org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0 (#1694) by @dependabot
• build(deps): bump commons-io:commons-io from 2.15.1 to 2.16.1 (#1691) by @dependabot
• docs: improve tracing doc for sdk instrumentation (#1687) by @jeromevdl
• docs: fix tracing links for xray (#1686) by @jeromevdl
• build(deps): bump org.apache.maven.plugins:maven-failsafe-plugin from 3.2.5 to 3.3.0 (#1679) by @dependabot
• build(deps): bump aws.sdk.version from 2.25.69 to 2.26.3 (#1658) by @dependabot
• build(deps): bump com.github.spotbugs:spotbugs-maven-plugin from 4.7.3.6 to 4.8.5.0 (#1657) by @dependabot
• build(deps): bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.0 to 3.4.0 (#1653) by @dependabot
• build(deps): bump aws.sdk.version from 2.25.50 to 2.25.69 (#1652) by @dependabot
• build(deps): bump org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.3.1 (#1646) by @dependabot
• build(deps): bump org.assertj:assertj-core from 3.25.3 to 3.26.0 (#1644) by @dependabot
• build(deps): bump aws.xray.recorder.version from 2.15.1 to 2.15.3 (#1643) by @dependabot
• build(deps): bump aws.sdk.version from 2.25.35 to 2.25.50 (#1642) by @dependabot
• build(deps): bump com.amazonaws:aws-lambda-java-events from 3.11.2 to 3.11.4 (#1597) by @dependabot
• build(deps): bump aws.sdk.version from 2.24.10 to 2.25.6 (#1603) by @dependabot
• build(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.1.2 to 3.2.5 (#1596) by @dependabot
• build(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.1.0 to 3.2.0 (#1585) by @dependabot
• build(deps-dev): bump software.amazon.awscdk:aws-cdk-lib from 2.100.0 to 2.130.0 (#1586) by @dependabot
• build(deps): bump io.burt:jmespath-jackson from 0.5.1 to 0.6.0 (#1587) by @dependabot
• build(deps): bump aws.sdk.version from 2.21.0 to 2.24.10 (#1581) by @dependabot
• build(deps): bump commons-io:commons-io from 2.13.0 to 2.15.1 (#1584) by @dependabot
• build(deps): bump aws.xray.recorder.version from 2.14.0 to 2.15.1 (#1583) by @dependabot
• build(deps): bump org.apache.maven.plugins:maven-shade-plugin from 3.5.0 to 3.5.2 (#1582) by @dependabot
• build(deps-dev): bump org.yaml:snakeyaml from 2.1 to 2.2 (#1400) by @dependabot
• build(deps): bump log4j.version from 2.20.0 to 2.22.1 (#1547) by @dependabot
• build(deps): bump org.apache.maven.plugins:maven-artifact-plugin from 3.4.1 to 3.5.0 (#1485) by @dependabot
• build(deps): bump com.amazonaws:aws-lambda-java-serialization from 1.1.2 to 1.1.5 (#1573) by @dependabot
• build(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.10 to 0.8.11 (#1509) by @dependabot
• build(deps): bump...

v1.18.0

Added

• feat: add support for extended logging environment variables (#1514) by @jeromevdl
• feat: Add support for POWERTOOLS_LOGGER_LOG_EVENT (#1510) by @AlexeySoshin

Maintenance

• fix: json schema 403 error (#1457) by @jeromevdl
• fix: array jmespath fail in idempotency module (#1420) by @jeromevdl
• chore: java21 support in our build (#1488) by @jeromevdl
• chore: Addition of Warn Message If Invalid Annotation Key While Tracing #1511 (#1512) by @jdoherty
• fix: null namespace should fallback to default namespace (#1506) by @jeromevdl
• fix: get trace id from system property when env var is not set (#1503) by @mriccia
• chore: artifacts size on good branches (#1493) by @jeromevdl
• fix: enforce jackson databind version (#1472) by @jeromevdl
• chore: add missing projects and improve workflow (#1487) by @jeromevdl
• chore: Reporting size of the jars in GitHub comments (#1196) by @jeromevdl
• Deps: Bump third party dependencies to the latest versions.

Documentation

• docs(customer-reference): add Vertex Pharmaceuticals as a customer reference (#1486) by @scottgerring
• docs: Adding Kotlin example. (#1454) by @jasoniharris
• docs: Terraform example (#1478) by @skal111
• docs: Add Serveless Framework example (#1363) by @AlexeySoshin
• docs: Fix link to SQS large message migration guide (#1422) by @scottgerring
• docs(logging): correct log example keys (#1411) by @walmsles
• docs: Update gradle configuration readme (#1359) by @scottgerring

This release was made possible by the following contributors:

@AlexeySoshin, @am29d, @dependabot, @dependabot[bot], @jasoniharris, @jdoherty, @jeromevdl, @mriccia, @scottgerring, @skal111 and @walmsles

v1.17.0

Added

• Feat: Add Batch Processor module in (#1317) by @scottgerring and @mriccia
• Feat: Add SNS+SQS large messages module (#1310) by @jeromevdl

Maintenance

• fix: use default credentials provider for all provided SDK clients in (#1303) by @roamingthings
• Chore: Make request for Logger explicitly for current class in (#1307) by @jreijn
• Chore: checkstyle formater & linter in (#1316) by @jeromevdl
• Chore: Add powertools specific user-agent-suffix to the AWS SDK v2 clients by @eldimi in (#1306)
• Chore: Add 'v2' branch to build workflows to prepare for v2 work in (#1341) by @scottgerring
• Deps: Bump third party dependencies to the latest versions.

Documentation

• Docs: Add maintainers guide in (#1326) by @scottgerring
• Docs: improve contributing guide in (#1334) by @jeromevdl
• Docs: Improve example documentation in (#1291) by @scottgerring
• Docs: Add discord + sec disclosure links to readme in (#1311) by @scottgerring
• Docs: Add external examples from AWS SAM CLI App Templates in (#1318) by @AlexeySoshin
• Docs: Add CDK example in (#1321) by @AlexeySoshin

This release was made possible by the following contributors:

@eldimi, @jreijn, @roamingthings, @AlexeySoshin, @jeromevdl, @mriccia, and @scottgerring

v1.16.1

Maintenance

• Fix: idempotency timeout bug (#1285) by @scottgerring
• Fix: ParamManager cannot provide default SSM & Secrets providers (#1282) by @jeromevdl
• Fix: Handle batch failures in FIFO queues correctly (#1183) by @scottgerring
• Deps: Bump third party dependencies to the latest versions.

This release was made possible by the following contributors:

@dependabot, @dependabot[bot], @eldimi, @jeromevdl, @mriccia, @msailes and @scottgerring

v1.16.0

Added

• Feature: Add AppConfig provider to parameters module (#1104) by @scottgerring

Maintenance

• Fix: missing idempotency key should not persist any data (#1201) by @jeromevdl
• Fix:Removing env var credentials provider as default. (#1161) by @msailes
• Chore: Swap implementation of aspectj-maven-plugin to support Java 17 (#1172) by @mriccia
• Test: end-to-end tests for core modules and idempotency (#970) by @jeromevdl
• Chore: cleanup spotbugs maven profiles (#1236) by @jeromevdl
• Chore: removing logback from all components (#1227) by @jeromevdl
• Chore: Roll SLF4J log4j bindings to v2 (#1190) by @scottgerring
• Deps: Bump third party dependencies to the latest versions.

This release was made possible by the following contributors:

@dependabot, @dependabot[bot], @hjgraca, @jeromevdl, @kozub, @lgouger, @mriccia, @msailes, @rubenfonseca, @scottgerring and @sthulb

v1.15.0

Added

• Feature: Add DynamoDB provider to parameters module (#1091) by @scottgerring
• Feature: Update to powertools-cloudformation to deprecate Response.success() and Response.failed() methods. New helper methods are added to make it easier to follow best practices Response.success(String physicalResourceId) and Response.failed(String physicalResourceId). For a detailed explanation please read the powertools-cloudformation documentation page. (#1082) by @msailes
• Update how a Lambda request handler method is identified (#1058) by @humanzz

Maintenance

• Deps: Bump third party dependencies to the latest versions.
• Examples: Import examples from aws-samples/aws-lambda-powertools-examples (#1051) by @scottgerring
• Deprecate withMetricLogger in favor of withMetricsLogger (#1060) by @humanzz
• Update issue templates (#1062) by @machafer
• Send code coverage report (jacoco) to codecov (#1094) by @jeromevdl

Documentation

• Improve powertools-cloudformation docs (#1090) by @mriccia
• Add link to Lambda powertools workshop (#1095) by @scottgerring
• Fix mdocs and git revision plugin integration (#1066) by @machafer

This release was made possible by the following contributors:

@humanzz, @jeromevdl, @machafer, @mriccia, @msailes and @scottgerring

v1.14.0

Added

• Feature: Introduce MetricsUtils.withMetricsLogger() utility method (#1000) by @humanzz

Maintenance

• Update logic for recording documentation pages views to use correct runtime name (#1047) by @kozub
• Deps: Bump third party dependencies to the latest versions.

Documentation

• Docs: Update PowerTools definition by @heitorlessa
• Docs: Add information about other supported langauges to README and docs (#1033) by @kozub

This release was made possible by the following contributors:

@dependabot, @dependabot[bot], @heitorlessa, @humanzz and @kozub

v1.13.0

Added

• Feature: Idempotency - Handle Lambda timeout scenarios for INPROGRESS records (#933) by @jeromevdl

Bug Fixes

• Fix: Envelope is not taken into account with built-in types (#960) by @jeromevdl
• Fix: Code suggestion from CodeGuru (#984) by @kozub
• Fix: Compilation warning with SqsLargeMessageAspect on gradle (#998) by @jeromevdl
• Fix: Log message processing exceptions as occur (#1011) by @nem0-97

Documentation

• Docs: Add missing grammar article (#976) by @fsmiamoto

This release was made possible by the following contributors:

@fsmiamoto, @jeromevdl, @kozub, @msailes and @nem0-97

v1.12.3

Changes

Maintenance

• Upgraded version of X-Ray library to resolve vulnerable transitive dependencies. (#920) by @msailes

This release was made possible by the following contributors:

@msailes and @pankajagrawal16

v1.12.2

Changes

Bug Fixes

• SQS Large message processing: Classpath conflict on PayloadS3Pointer when consumer application depends on payloadoffloading-common, introduced in v1.8.0.

• fix: remove local implementation of PayloadS3Pointer.java and use payloadoffloading-common (#851) by @pankajagrawal16

This release was made possible by the following contributors:

@pankajagrawal16