diff --git a/api/CHANGELOG.md b/api/CHANGELOG.md index 0dcfbd94d6..ff2c1a3715 100644 --- a/api/CHANGELOG.md +++ b/api/CHANGELOG.md @@ -10,6 +10,10 @@ All notable changes to the **Prowler API** are documented in this file. - Attack Paths: Scan task now checks the ingest Neo4j database and configured graph sink before starting graph ingestion [(#11743)](https://github.com/prowler-cloud/prowler/pull/11743) - Disable PowerShell telemetry in the API container image [(#11746)](https://github.com/prowler-cloud/prowler/pull/11746) +### 🔐 Security + +- Kubernetes provider credentials now reject kubeconfigs using `exec` authentication in Prowler Cloud, preventing user-supplied commands from running on Cloud workers [(#11753)](https://github.com/prowler-cloud/prowler/pull/11753) + --- ## [1.32.2] (Prowler UNRELEASED) diff --git a/ui/CHANGELOG.md b/ui/CHANGELOG.md index e77057779d..8bcd84ec40 100644 --- a/ui/CHANGELOG.md +++ b/ui/CHANGELOG.md @@ -12,6 +12,10 @@ All notable changes to the **Prowler UI** are documented in this file. - Filter the Overview, Findings, Resources, Scans, and Providers views by provider group [(#11659)](https://github.com/prowler-cloud/prowler/pull/11659) - CIS Controls v8.1 compliance support, including its detail view and report mapping [(#11700)](https://github.com/prowler-cloud/prowler/pull/11700) +### 🔐 Security + +- Kubernetes provider credential forms now reject kubeconfigs using `exec` authentication in Prowler Cloud before submission [(#11753)](https://github.com/prowler-cloud/prowler/pull/11753) + --- ## [1.31.1] (Prowler v5.31.1)