Skip to content

v1.19.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 07 Mar 15:12
v1.19.0
d5e1cc6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Summary

This release includes important improvements regarding the project’s security management. We addressed several CVEs and implemented OpenSSF Scorecard reporting.

Additionally, we fixed bugs in the Parameters module and improved our documentation and examples.

Thanks to @chrisclayson and @jasoniharris for reporting and fixing those bugs.

Security Posture

We introduced the Open Source Security Foundation (OSSF) Scorecard project to generate security health metrics, proactive security alerts, and attest we've been following OSSF Best Practices.

Thanks to this new reporting mechanism visible to the open-source community, we addressed multiple CVEs across the project, in particular log4j and jackson-databind related findings.

Changes

  • chore(deps): Update deps for jackson (#1793) by @sthulb
  • build(deps): bump log4j.version from 2.22.1 to 2.24.3 (#1777) by @dependabot
  • chore(deps): update JSII to 1.108 (#1791) by @sthulb
  • build(deps): bump jinja2 from 3.1.5 to 3.1.6 in /docs (#1789) by @dependabot
  • chore: Update netty version (#1768) by @sthulb
  • chore: Set versions of transitive dependencies (#1767) by @sthulb
  • chore: update Jackson in examples (#1766) by @sthulb
  • build(deps): bump org.apache.maven.plugins:maven-jar-plugin from 3.4.1 to 3.4.2 (#1731) by @dependabot
  • build(deps): bump aws.xray.recorder.version from 2.15.3 to 2.18.1 (#1726) by @dependabot
  • build(deps): bump aws.sdk.version from 2.26.29 to 2.27.12 (#1724) by @dependabot
  • fix: Allow empty responses as well as null response in AppConfig (#1673) by @chrisclayson
  • build(deps): bump aws.sdk.version from 2.27.2 to 2.27.7 (#1715) by @dependabot
  • build(deps): bump aws.sdk.version from 2.26.29 to 2.27.2 (#1714) by @dependabot
  • build(deps): bump aws.sdk.version from 2.25.26 to 2.26.29 (#1713) by @dependabot
  • build(deps): bump aws.sdk.version from 2.26.25 to 2.26.29 (#1712) by @dependabot
  • chore: deprecate java1.8 al1 (#1706) by @jeromevdl
  • chore: java 1.8 AL1 is deprecated, fix E2E tests (#1692) by @jeromevdl
  • build(deps): bump aws.sdk.version from 2.26.21 to 2.26.25 (#1703) by @dependabot
  • build(deps): bump aws.sdk.version from 2.26.3 to 2.26.21 (#1697) by @dependabot
  • build(deps): bump jackson.version from 2.17.0 to 2.17.2 (#1696) by @dependabot
  • build(deps): bump org.apache.commons:commons-lang3 from 3.13.0 to 3.14.0 (#1694) by @dependabot
  • build(deps): bump commons-io:commons-io from 2.15.1 to 2.16.1 (#1691) by @dependabot
  • docs: improve tracing doc for sdk instrumentation (#1687) by @jeromevdl
  • docs: fix tracing links for xray (#1686) by @jeromevdl
  • build(deps): bump org.apache.maven.plugins:maven-failsafe-plugin from 3.2.5 to 3.3.0 (#1679) by @dependabot
  • build(deps): bump aws.sdk.version from 2.25.69 to 2.26.3 (#1658) by @dependabot
  • build(deps): bump com.github.spotbugs:spotbugs-maven-plugin from 4.7.3.6 to 4.8.5.0 (#1657) by @dependabot
  • build(deps): bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.0 to 3.4.0 (#1653) by @dependabot
  • build(deps): bump aws.sdk.version from 2.25.50 to 2.25.69 (#1652) by @dependabot
  • build(deps): bump org.apache.maven.plugins:maven-source-plugin from 3.3.0 to 3.3.1 (#1646) by @dependabot
  • build(deps): bump org.assertj:assertj-core from 3.25.3 to 3.26.0 (#1644) by @dependabot
  • build(deps): bump aws.xray.recorder.version from 2.15.1 to 2.15.3 (#1643) by @dependabot
  • build(deps): bump aws.sdk.version from 2.25.35 to 2.25.50 (#1642) by @dependabot
  • build(deps): bump com.amazonaws:aws-lambda-java-events from 3.11.2 to 3.11.4 (#1597) by @dependabot
  • build(deps): bump aws.sdk.version from 2.24.10 to 2.25.6 (#1603) by @dependabot
  • build(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.1.2 to 3.2.5 (#1596) by @dependabot
  • build(deps): bump org.codehaus.mojo:exec-maven-plugin from 3.1.0 to 3.2.0 (#1585) by @dependabot
  • build(deps-dev): bump software.amazon.awscdk:aws-cdk-lib from 2.100.0 to 2.130.0 (#1586) by @dependabot
  • build(deps): bump io.burt:jmespath-jackson from 0.5.1 to 0.6.0 (#1587) by @dependabot
  • build(deps): bump aws.sdk.version from 2.21.0 to 2.24.10 (#1581) by @dependabot
  • build(deps): bump commons-io:commons-io from 2.13.0 to 2.15.1 (#1584) by @dependabot
  • build(deps): bump aws.xray.recorder.version from 2.14.0 to 2.15.1 (#1583) by @dependabot
  • build(deps): bump org.apache.maven.plugins:maven-shade-plugin from 3.5.0 to 3.5.2 (#1582) by @dependabot
  • build(deps-dev): bump org.yaml:snakeyaml from 2.1 to 2.2 (#1400) by @dependabot
  • build(deps): bump log4j.version from 2.20.0 to 2.22.1 (#1547) by @dependabot
  • build(deps): bump org.apache.maven.plugins:maven-artifact-plugin from 3.4.1 to 3.5.0 (#1485) by @dependabot
  • build(deps): bump com.amazonaws:aws-lambda-java-serialization from 1.1.2 to 1.1.5 (#1573) by @dependabot
  • build(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.10 to 0.8.11 (#1509) by @dependabot
  • build(deps): bump aspectj to 1.9.21 for jdk21 (#1536) by @jeromevdl
  • docs: HelloWorldStreamFunction in examples fails with sam (#1532) by @jasoniharris
  • chore: Testing java21 aspectj pre-release (#1519) by @scottgerring
  • fix: LargeMessageIdempotentE2ET Flaky (#1518) by @scottgerring
  • build(deps): bump software.amazon.payloadoffloading:payloadoffloading-common from 2.1.3 to 2.2.0 (#1639) by @dependabot
  • build(deps): bump org.apache.maven.plugins:maven-jar-plugin from 3.3.0 to 3.4.1 (#1638) by @dependabot
  • build(deps): bump jackson.version from 2.15.3 to 2.17.0 (#1637) by @dependabot
  • build(deps): bump aws.sdk.version from 2.25.31 to 2.25.35 (#1629) by @dependabot
  • build(deps): bump aws.sdk.version from 2.25.16 to 2.25.31 (#1625) by @dependabot
  • build(deps): bump aws.sdk.version from 2.21.1 to 2.25.26 (#1622) by @dependabot
  • build(deps): bump org.apache.maven.plugins:maven-failsafe-plugin from 3.1.2 to 3.2.5 (#1619) by @dependabot
  • build(deps): bump com.fasterxml.jackson.datatype:jackson-datatype-joda from 2.15.2 to 2.17.0 (#1616) by @dependabot
  • build(deps): bump aws.sdk.version from 2.25.6 to 2.25.16 (#1613) by @dependabot
  • build(deps): bump org.apache.maven.plugins:maven-gpg-plugin from 3.1.0 to 3.2.1 (#1610) by @dependabot
  • build(deps): bump org.assertj:assertj-core from 3.24.2 to 3.25.3 (#1609) by @dependabot

This release was made possible by the following contributors:

@chrisclayson, @dreamorosi, @jasoniharris, @jeromevdl, @phipag, @scottgerring and @sthulb

Contributors

chrisclayson and jasoniharris
Assets 2
Loading