From d38b6e41c6c76c723c1940af432ccd60a13b1e99 Mon Sep 17 00:00:00 2001 From: "Hugo P.Brito" Date: Wed, 1 Jul 2026 12:27:09 +0100 Subject: [PATCH] docs(changelog): note kubernetes exec auth hardening --- api/CHANGELOG.md | 4 ++++ ui/CHANGELOG.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/api/CHANGELOG.md b/api/CHANGELOG.md index 0dcfbd94d6..ff2c1a3715 100644 --- a/api/CHANGELOG.md +++ b/api/CHANGELOG.md @@ -10,6 +10,10 @@ All notable changes to the **Prowler API** are documented in this file. - Attack Paths: Scan task now checks the ingest Neo4j database and configured graph sink before starting graph ingestion [(#11743)](https://github.com/prowler-cloud/prowler/pull/11743) - Disable PowerShell telemetry in the API container image [(#11746)](https://github.com/prowler-cloud/prowler/pull/11746) +### 🔐 Security + +- Kubernetes provider credentials now reject kubeconfigs using `exec` authentication in Prowler Cloud, preventing user-supplied commands from running on Cloud workers [(#11753)](https://github.com/prowler-cloud/prowler/pull/11753) + --- ## [1.32.2] (Prowler UNRELEASED) diff --git a/ui/CHANGELOG.md b/ui/CHANGELOG.md index e77057779d..8bcd84ec40 100644 --- a/ui/CHANGELOG.md +++ b/ui/CHANGELOG.md @@ -12,6 +12,10 @@ All notable changes to the **Prowler UI** are documented in this file. - Filter the Overview, Findings, Resources, Scans, and Providers views by provider group [(#11659)](https://github.com/prowler-cloud/prowler/pull/11659) - CIS Controls v8.1 compliance support, including its detail view and report mapping [(#11700)](https://github.com/prowler-cloud/prowler/pull/11700) +### 🔐 Security + +- Kubernetes provider credential forms now reject kubeconfigs using `exec` authentication in Prowler Cloud before submission [(#11753)](https://github.com/prowler-cloud/prowler/pull/11753) + --- ## [1.31.1] (Prowler v5.31.1)