From f11f71bc42d6df2d9c840aa49f7924ffae2907b9 Mon Sep 17 00:00:00 2001 From: Pepe Fagoaga Date: Wed, 21 Jan 2026 13:36:36 +0100 Subject: [PATCH] chore(changelog): make all consistent and product-focused (#9808) --- api/CHANGELOG.md | 79 ++++++++++++++++++++++++++++++++++++-------- prowler/CHANGELOG.md | 76 +++++++++++++++++++++++++++++++----------- ui/CHANGELOG.md | 26 ++++++--------- 3 files changed, 132 insertions(+), 49 deletions(-) diff --git a/api/CHANGELOG.md b/api/CHANGELOG.md index 9fea3622d6..5c64d6032b 100644 --- a/api/CHANGELOG.md +++ b/api/CHANGELOG.md @@ -5,33 +5,31 @@ All notable changes to the **Prowler API** are documented in this file. ## [1.18.0] (Prowler UNRELEASED) ### Added -- `/api/v1/overviews/compliance-watchlist` to retrieve the compliance watchlist [(#9596)](https://github.com/prowler-cloud/prowler/pull/9596) -- Support AlibabaCloud provider [(#9485)](https://github.com/prowler-cloud/prowler/pull/9485) -- `/api/v1/overviews/resource-groups` to retrieve an overview of the resource groups based on finding severities [(#9694)](https://github.com/prowler-cloud/prowler/pull/9694) -- Endpoints `GET /findings` and `GET /findings/metadata/latest` now support the `group` filter [(#9694)](https://github.com/prowler-cloud/prowler/pull/9694) + +- `/api/v1/overviews/compliance-watchlist` endpoint to retrieve the compliance watchlist [(#9596)](https://github.com/prowler-cloud/prowler/pull/9596) +- AlibabaCloud provider support [(#9485)](https://github.com/prowler-cloud/prowler/pull/9485) +- `/api/v1/overviews/resource-groups` endpoint to retrieve an overview of resource groups based on finding severities [(#9694)](https://github.com/prowler-cloud/prowler/pull/9694) +- `group` filter for `GET /findings` and `GET /findings/metadata/latest` endpoints [(#9694)](https://github.com/prowler-cloud/prowler/pull/9694) - `provider_id` and `provider_id__in` filter aliases for findings endpoints to enable consistent frontend parameter naming [(#9701)](https://github.com/prowler-cloud/prowler/pull/9701) -- Attack Paths scans for AWS providers with new Neo4j Docker service, new Celery task, new `AttackPathsScan` model and new endpoints under `/api/v1/attack-paths-scans` [(#9805)](https://github.com/prowler-cloud/prowler/pull/9805) +- Attack Paths: `/api/v1/attack-paths-scans` for AWS providers backed by Neo4j [(#9805)](https://github.com/prowler-cloud/prowler/pull/9805) ### Security -- Updated `safety` to `3.7.0` and `filelock` to `3.20.3` due to [Safety vulnerability 82754 (CVE-2025-68146)](https://data.safetycli.com/v/82754/97c/) [(#9816)](https://github.com/prowler-cloud/prowler/pull/9816) -- `pyasn1` to v0.6.2 to address [CVE-2026-23490](https://nvd.nist.gov/vuln/detail/CVE-2026-23490) -- `django-allauth[saml]` to v65.13.0 to address [CVE-2025-65431](https://nvd.nist.gov/vuln/detail/CVE-2025-65431) +- Django 5.1.15 (CVE-2025-64460, CVE-2025-13372), Werkzeug 3.1.4 (CVE-2025-66221), sqlparse 0.5.5 (PVE-2025-82038), fonttools 4.60.2 (CVE-2025-66034) [(#9730)](https://github.com/prowler-cloud/prowler/pull/9730) +- `safety` to `3.7.0` and `filelock` to `3.20.3` due to [Safety vulnerability 82754 (CVE-2025-68146)](https://data.safetycli.com/v/82754/97c/) [(#9816)](https://github.com/prowler-cloud/prowler/pull/9816) +- `pyasn1` to v0.6.2 to address [CVE-2026-23490](https://nvd.nist.gov/vuln/detail/CVE-2026-23490) [(#9818)](https://github.com/prowler-cloud/prowler/pull/9818) +- `django-allauth[saml]` to v65.13.0 to address [CVE-2025-65431](https://nvd.nist.gov/vuln/detail/CVE-2025-65431) [(#9575)](https://github.com/prowler-cloud/prowler/pull/9575) ---- - -## [1.17.2] (Prowler v5.16.2) - -### Security -- Updated dependencies to patch security vulnerabilities: Django 5.1.15 (CVE-2025-64460, CVE-2025-13372), Werkzeug 3.1.4 (CVE-2025-66221), sqlparse 0.5.5 (PVE-2025-82038), fonttools 4.60.2 (CVE-2025-66034) [(#9730)](https://github.com/prowler-cloud/prowler/pull/9730) --- ## [1.17.1] (Prowler v5.16.1) ### Changed + - Security Hub integration error when no regions [(#9635)](https://github.com/prowler-cloud/prowler/pull/9635) ### Fixed + - Orphan scheduled scans caused by transaction isolation during provider creation [(#9633)](https://github.com/prowler-cloud/prowler/pull/9633) --- @@ -39,16 +37,19 @@ All notable changes to the **Prowler API** are documented in this file. ## [1.17.0] (Prowler v5.16.0) ### Added + - New endpoint to retrieve and overview of the categories based on finding severities [(#9529)](https://github.com/prowler-cloud/prowler/pull/9529) - Endpoints `GET /findings` and `GET /findings/latests` can now use the category filter [(#9529)](https://github.com/prowler-cloud/prowler/pull/9529) - Account id, alias and provider name to PDF reporting table [(#9574)](https://github.com/prowler-cloud/prowler/pull/9574) ### Changed + - Endpoint `GET /overviews/attack-surfaces` no longer returns the related check IDs [(#9529)](https://github.com/prowler-cloud/prowler/pull/9529) - OpenAI provider to only load chat-compatible models with tool calling support [(#9523)](https://github.com/prowler-cloud/prowler/pull/9523) - Increased execution delay for the first scheduled scan tasks to 5 seconds[(#9558)](https://github.com/prowler-cloud/prowler/pull/9558) ### Fixed + - Made `scan_id` a required filter in the compliance overview endpoint [(#9560)](https://github.com/prowler-cloud/prowler/pull/9560) - Reduced unnecessary UPDATE resources operations by only saving when tag mappings change, lowering write load during scans [(#9569)](https://github.com/prowler-cloud/prowler/pull/9569) @@ -57,11 +58,13 @@ All notable changes to the **Prowler API** are documented in this file. ## [1.16.1] (Prowler v5.15.1) ### Fixed + - Race condition in scheduled scan creation by adding countdown to task [(#9516)](https://github.com/prowler-cloud/prowler/pull/9516) ## [1.16.0] (Prowler v5.15.0) ### Added + - New endpoint to retrieve an overview of the attack surfaces [(#9309)](https://github.com/prowler-cloud/prowler/pull/9309) - New endpoint `GET /api/v1/overviews/findings_severity/timeseries` to retrieve daily aggregated findings by severity level [(#9363)](https://github.com/prowler-cloud/prowler/pull/9363) - Lighthouse AI support for Amazon Bedrock API key [(#9343)](https://github.com/prowler-cloud/prowler/pull/9343) @@ -69,6 +72,7 @@ All notable changes to the **Prowler API** are documented in this file. - Support to use admin credentials through the read replica database [(#9440)](https://github.com/prowler-cloud/prowler/pull/9440) ### Changed + - Error messages from Lighthouse celery tasks [(#9165)](https://github.com/prowler-cloud/prowler/pull/9165) - Restore the compliance overview endpoint's mandatory filters [(#9338)](https://github.com/prowler-cloud/prowler/pull/9338) @@ -77,6 +81,7 @@ All notable changes to the **Prowler API** are documented in this file. ## [1.15.2] (Prowler v5.14.2) ### Fixed + - Unique constraint violation during compliance overviews task [(#9436)](https://github.com/prowler-cloud/prowler/pull/9436) - Division by zero error in ENS PDF report when all requirements are manual [(#9443)](https://github.com/prowler-cloud/prowler/pull/9443) @@ -85,6 +90,7 @@ All notable changes to the **Prowler API** are documented in this file. ## [1.15.1] (Prowler v5.14.1) ### Fixed + - Fix typo in PDF reporting [(#9345)](https://github.com/prowler-cloud/prowler/pull/9345) - Fix IaC provider initialization failure when mutelist processor is configured [(#9331)](https://github.com/prowler-cloud/prowler/pull/9331) - Match logic for ThreatScore when counting findings [(#9348)](https://github.com/prowler-cloud/prowler/pull/9348) @@ -94,6 +100,7 @@ All notable changes to the **Prowler API** are documented in this file. ## [1.15.0] (Prowler v5.14.0) ### Added + - IaC (Infrastructure as Code) provider support for remote repositories [(#8751)](https://github.com/prowler-cloud/prowler/pull/8751) - Extend `GET /api/v1/providers` with provider-type filters and optional pagination disable to support the new Overview filters [(#8975)](https://github.com/prowler-cloud/prowler/pull/8975) - New endpoint to retrieve the number of providers grouped by provider type [(#8975)](https://github.com/prowler-cloud/prowler/pull/8975) @@ -113,10 +120,12 @@ All notable changes to the **Prowler API** are documented in this file. - New endpoint `GET /api/v1/overview/regions` to retrieve aggregated findings data by region [(#9273)](https://github.com/prowler-cloud/prowler/pull/9273) ### Changed + - Optimized database write queries for scan related tasks [(#9190)](https://github.com/prowler-cloud/prowler/pull/9190) - Date filters are now optional for `GET /api/v1/overviews/services` endpoint; returns latest scan data by default [(#9248)](https://github.com/prowler-cloud/prowler/pull/9248) ### Fixed + - Scans no longer fail when findings have UIDs exceeding 300 characters; such findings are now skipped with detailed logging [(#9246)](https://github.com/prowler-cloud/prowler/pull/9246) - Updated unique constraint for `Provider` model to exclude soft-deleted entries, resolving duplicate errors when re-deleting providers [(#9054)](https://github.com/prowler-cloud/prowler/pull/9054) - Removed compliance generation for providers without compliance frameworks [(#9208)](https://github.com/prowler-cloud/prowler/pull/9208) @@ -125,6 +134,7 @@ All notable changes to the **Prowler API** are documented in this file. - Fixed discrepancy between ThreatScore PDF report values and database calculations [(#9296)](https://github.com/prowler-cloud/prowler/pull/9296) ### Security + - Django updated to the latest 5.1 security release, 5.1.14, due to problems with potential [SQL injection](https://github.com/prowler-cloud/prowler/security/dependabot/113) and [denial-of-service vulnerability](https://github.com/prowler-cloud/prowler/security/dependabot/114) [(#9176)](https://github.com/prowler-cloud/prowler/pull/9176) --- @@ -132,6 +142,7 @@ All notable changes to the **Prowler API** are documented in this file. ## [1.14.1] (Prowler v5.13.1) ### Fixed + - `/api/v1/overviews/providers` collapses data by provider type so the UI receives a single aggregated record per cloud family even when multiple accounts exist [(#9053)](https://github.com/prowler-cloud/prowler/pull/9053) - Added retry logic to database transactions to handle Aurora read replica connection failures during scale-down events [(#9064)](https://github.com/prowler-cloud/prowler/pull/9064) - Security Hub integrations stop failing when they read relationships via the replica by allowing replica relations and saving updates through the primary [(#9080)](https://github.com/prowler-cloud/prowler/pull/9080) @@ -141,6 +152,7 @@ All notable changes to the **Prowler API** are documented in this file. ## [1.14.0] (Prowler v5.13.0) ### Added + - Default JWT keys are generated and stored if they are missing from configuration [(#8655)](https://github.com/prowler-cloud/prowler/pull/8655) - `compliance_name` for each compliance [(#7920)](https://github.com/prowler-cloud/prowler/pull/7920) - Support C5 compliance framework for the AWS provider [(#8830)](https://github.com/prowler-cloud/prowler/pull/8830) @@ -154,10 +166,12 @@ All notable changes to the **Prowler API** are documented in this file. - Add `provider_id__in` filter support to findings and findings severity overview endpoints [(#8951)](https://github.com/prowler-cloud/prowler/pull/8951) ### Changed + - Now the MANAGE_ACCOUNT permission is required to modify or read user permissions instead of MANAGE_USERS [(#8281)](https://github.com/prowler-cloud/prowler/pull/8281) - Now at least one user with MANAGE_ACCOUNT permission is required in the tenant [(#8729)](https://github.com/prowler-cloud/prowler/pull/8729) ### Security + - Django updated to the latest 5.1 security release, 5.1.13, due to problems with potential [SQL injection](https://github.com/prowler-cloud/prowler/security/dependabot/104) and [directory traversals](https://github.com/prowler-cloud/prowler/security/dependabot/103) [(#8842)](https://github.com/prowler-cloud/prowler/pull/8842) --- @@ -165,6 +179,7 @@ All notable changes to the **Prowler API** are documented in this file. ## [1.13.2] (Prowler v5.12.3) ### Fixed + - 500 error when deleting user [(#8731)](https://github.com/prowler-cloud/prowler/pull/8731) --- @@ -172,9 +187,11 @@ All notable changes to the **Prowler API** are documented in this file. ## [1.13.1] (Prowler v5.12.2) ### Changed + - Renamed compliance overview task queue to `compliance` [(#8755)](https://github.com/prowler-cloud/prowler/pull/8755) ### Security + - Django updated to the latest 5.1 security release, 5.1.12, due to [problems](https://www.djangoproject.com/weblog/2025/sep/03/security-releases/) with potential SQL injection in FilteredRelation column aliases [(#8693)](https://github.com/prowler-cloud/prowler/pull/8693) --- @@ -182,6 +199,7 @@ All notable changes to the **Prowler API** are documented in this file. ## [1.13.0] (Prowler v5.12.0) ### Added + - Integration with JIRA, enabling sending findings to a JIRA project [(#8622)](https://github.com/prowler-cloud/prowler/pull/8622), [(#8637)](https://github.com/prowler-cloud/prowler/pull/8637) - `GET /overviews/findings_severity` now supports `filter[status]` and `filter[status__in]` to aggregate by specific statuses (`FAIL`, `PASS`)[(#8186)](https://github.com/prowler-cloud/prowler/pull/8186) - Throttling options for `/api/v1/tokens` using the `DJANGO_THROTTLE_TOKEN_OBTAIN` environment variable [(#8647)](https://github.com/prowler-cloud/prowler/pull/8647) @@ -191,11 +209,13 @@ All notable changes to the **Prowler API** are documented in this file. ## [1.12.0] (Prowler v5.11.0) ### Added + - Lighthouse support for OpenAI GPT-5 [(#8527)](https://github.com/prowler-cloud/prowler/pull/8527) - Integration with Amazon Security Hub, enabling sending findings to Security Hub [(#8365)](https://github.com/prowler-cloud/prowler/pull/8365) - Generate ASFF output for AWS providers with SecurityHub integration enabled [(#8569)](https://github.com/prowler-cloud/prowler/pull/8569) ### Fixed + - GitHub provider always scans user instead of organization when using provider UID [(#8587)](https://github.com/prowler-cloud/prowler/pull/8587) --- @@ -203,10 +223,12 @@ All notable changes to the **Prowler API** are documented in this file. ## [1.11.0] (Prowler v5.10.0) ### Added + - Github provider support [(#8271)](https://github.com/prowler-cloud/prowler/pull/8271) - Integration with Amazon S3, enabling storage and retrieval of scan data via S3 buckets [(#8056)](https://github.com/prowler-cloud/prowler/pull/8056) ### Fixed + - Avoid sending errors to Sentry in M365 provider when user authentication fails [(#8420)](https://github.com/prowler-cloud/prowler/pull/8420) --- @@ -214,6 +236,7 @@ All notable changes to the **Prowler API** are documented in this file. ## [1.10.2] (Prowler v5.9.2) ### Changed + - Optimized queries for resources views [(#8336)](https://github.com/prowler-cloud/prowler/pull/8336) --- @@ -221,6 +244,7 @@ All notable changes to the **Prowler API** are documented in this file. ## [v1.10.1] (Prowler v5.9.1) ### Fixed + - Calculate failed findings during scans to prevent heavy database queries [(#8322)](https://github.com/prowler-cloud/prowler/pull/8322) --- @@ -228,23 +252,28 @@ All notable changes to the **Prowler API** are documented in this file. ## [v1.10.0] (Prowler v5.9.0) ### Added + - SSO with SAML support [(#8175)](https://github.com/prowler-cloud/prowler/pull/8175) - `GET /resources/metadata`, `GET /resources/metadata/latest` and `GET /resources/latest` to expose resource metadata and latest scan results [(#8112)](https://github.com/prowler-cloud/prowler/pull/8112) ### Changed + - `/processors` endpoints to post-process findings. Currently, only the Mutelist processor is supported to allow to mute findings. - Optimized the underlying queries for resources endpoints [(#8112)](https://github.com/prowler-cloud/prowler/pull/8112) - Optimized include parameters for resources view [(#8229)](https://github.com/prowler-cloud/prowler/pull/8229) - Optimized overview background tasks [(#8300)](https://github.com/prowler-cloud/prowler/pull/8300) ### Fixed + - Search filter for findings and resources [(#8112)](https://github.com/prowler-cloud/prowler/pull/8112) - RBAC is now applied to `GET /overviews/providers` [(#8277)](https://github.com/prowler-cloud/prowler/pull/8277) ### Changed + - `POST /schedules/daily` returns a `409 CONFLICT` if already created [(#8258)](https://github.com/prowler-cloud/prowler/pull/8258) ### Security + - Enhanced password validation to enforce 12+ character passwords with special characters, uppercase, lowercase, and numbers [(#8225)](https://github.com/prowler-cloud/prowler/pull/8225) --- @@ -252,16 +281,20 @@ All notable changes to the **Prowler API** are documented in this file. ## [v1.9.1] (Prowler v5.8.1) ### Added + - Custom exception for provider connection errors during scans [(#8234)](https://github.com/prowler-cloud/prowler/pull/8234) ### Changed + - Summary and overview tasks now use a dedicated queue and no longer propagate errors to compliance tasks [(#8214)](https://github.com/prowler-cloud/prowler/pull/8214) ### Fixed + - Scan with no resources will not trigger legacy code for findings metadata [(#8183)](https://github.com/prowler-cloud/prowler/pull/8183) - Invitation email comparison case-insensitive [(#8206)](https://github.com/prowler-cloud/prowler/pull/8206) ### Removed + - Validation of the provider's secret type during updates [(#8197)](https://github.com/prowler-cloud/prowler/pull/8197) --- @@ -269,15 +302,18 @@ All notable changes to the **Prowler API** are documented in this file. ## [v1.9.0] (Prowler v5.8.0) ### Added + - Support GCP Service Account key [(#7824)](https://github.com/prowler-cloud/prowler/pull/7824) - `GET /compliance-overviews` endpoints to retrieve compliance metadata and specific requirements statuses [(#7877)](https://github.com/prowler-cloud/prowler/pull/7877) - Lighthouse configuration support [(#7848)](https://github.com/prowler-cloud/prowler/pull/7848) ### Changed + - Reworked `GET /compliance-overviews` to return proper requirement metrics [(#7877)](https://github.com/prowler-cloud/prowler/pull/7877) - Optional `user` and `password` for M365 provider [(#7992)](https://github.com/prowler-cloud/prowler/pull/7992) ### Fixed + - Scheduled scans are no longer deleted when their daily schedule run is disabled [(#8082)](https://github.com/prowler-cloud/prowler/pull/8082) --- @@ -285,6 +321,7 @@ All notable changes to the **Prowler API** are documented in this file. ## [v1.8.5] (Prowler v5.7.5) ### Fixed + - Normalize provider UID to ensure safe and unique export directory paths [(#8007)](https://github.com/prowler-cloud/prowler/pull/8007). - Blank resource types in `/metadata` endpoints [(#8027)](https://github.com/prowler-cloud/prowler/pull/8027) @@ -293,6 +330,7 @@ All notable changes to the **Prowler API** are documented in this file. ## [v1.8.4] (Prowler v5.7.4) ### Removed + - Reverted RLS transaction handling and DB custom backend [(#7994)](https://github.com/prowler-cloud/prowler/pull/7994) --- @@ -300,12 +338,15 @@ All notable changes to the **Prowler API** are documented in this file. ## [v1.8.3] (Prowler v5.7.3) ### Added + - Database backend to handle already closed connections [(#7935)](https://github.com/prowler-cloud/prowler/pull/7935) ### Changed + - Renamed field encrypted_password to password for M365 provider [(#7784)](https://github.com/prowler-cloud/prowler/pull/7784) ### Fixed + - Transaction persistence with RLS operations [(#7916)](https://github.com/prowler-cloud/prowler/pull/7916) - Reverted the change `get_with_retry` to use the original `get` method for retrieving tasks [(#7932)](https://github.com/prowler-cloud/prowler/pull/7932) @@ -314,6 +355,7 @@ All notable changes to the **Prowler API** are documented in this file. ## [v1.8.2] (Prowler v5.7.2) ### Fixed + - Task lookup to use task_kwargs instead of task_args for scan report resolution [(#7830)](https://github.com/prowler-cloud/prowler/pull/7830) - Kubernetes UID validation to allow valid context names [(#7871)](https://github.com/prowler-cloud/prowler/pull/7871) - Connection status verification before launching a scan [(#7831)](https://github.com/prowler-cloud/prowler/pull/7831) @@ -325,6 +367,7 @@ All notable changes to the **Prowler API** are documented in this file. ## [v1.8.1] (Prowler v5.7.1) ### Fixed + - Added database index to improve performance on finding lookup [(#7800)](https://github.com/prowler-cloud/prowler/pull/7800) --- @@ -332,6 +375,7 @@ All notable changes to the **Prowler API** are documented in this file. ## [v1.8.0] (Prowler v5.7.0) ### Added + - Huge improvements to `/findings/metadata` and resource related filters for findings [(#7690)](https://github.com/prowler-cloud/prowler/pull/7690) - Improvements to `/overviews` endpoints [(#7690)](https://github.com/prowler-cloud/prowler/pull/7690) - Queue to perform backfill background tasks [(#7690)](https://github.com/prowler-cloud/prowler/pull/7690) @@ -365,6 +409,7 @@ All notable changes to the **Prowler API** are documented in this file. ## [v1.5.4] (Prowler v5.4.4) ### Fixed + - Bug with periodic tasks when trying to delete a provider [(#7466)](https://github.com/prowler-cloud/prowler/pull/7466) --- @@ -372,6 +417,7 @@ All notable changes to the **Prowler API** are documented in this file. ## [v1.5.3] (Prowler v5.4.3) ### Fixed + - Duplicated scheduled scans handling [(#7401)](https://github.com/prowler-cloud/prowler/pull/7401) - Environment variable to configure the deletion task batch size [(#7423)](https://github.com/prowler-cloud/prowler/pull/7423) @@ -380,6 +426,7 @@ All notable changes to the **Prowler API** are documented in this file. ## [v1.5.2] (Prowler v5.4.2) ### Changed + - Refactored deletion logic and implemented retry mechanism for deletion tasks [(#7349)](https://github.com/prowler-cloud/prowler/pull/7349) --- @@ -387,6 +434,7 @@ All notable changes to the **Prowler API** are documented in this file. ## [v1.5.1] (Prowler v5.4.1) ### Fixed + - Handle response in case local files are missing [(#7183)](https://github.com/prowler-cloud/prowler/pull/7183) - Race condition when deleting export files after the S3 upload [(#7172)](https://github.com/prowler-cloud/prowler/pull/7172) - Handle exception when a provider has no secret in test connection [(#7283)](https://github.com/prowler-cloud/prowler/pull/7283) @@ -396,11 +444,13 @@ All notable changes to the **Prowler API** are documented in this file. ## [v1.5.0] (Prowler v5.4.0) ### Added + - Social login integration with Google and GitHub [(#6906)](https://github.com/prowler-cloud/prowler/pull/6906) - API scan report system, now all scans launched from the API will generate a compressed file with the report in OCSF, CSV and HTML formats [(#6878)](https://github.com/prowler-cloud/prowler/pull/6878) - Configurable Sentry integration [(#6874)](https://github.com/prowler-cloud/prowler/pull/6874) ### Changed + - Optimized `GET /findings` endpoint to improve response time and size [(#7019)](https://github.com/prowler-cloud/prowler/pull/7019) --- @@ -408,6 +458,7 @@ All notable changes to the **Prowler API** are documented in this file. ## [v1.4.0] (Prowler v5.3.0) ### Changed + - Daily scheduled scan instances are now created beforehand with `SCHEDULED` state [(#6700)](https://github.com/prowler-cloud/prowler/pull/6700) - Findings endpoints now require at least one date filter [(#6800)](https://github.com/prowler-cloud/prowler/pull/6800) - Findings metadata endpoint received a performance improvement [(#6863)](https://github.com/prowler-cloud/prowler/pull/6863) diff --git a/prowler/CHANGELOG.md b/prowler/CHANGELOG.md index 4c2bead63d..8dfd040ebf 100644 --- a/prowler/CHANGELOG.md +++ b/prowler/CHANGELOG.md @@ -5,8 +5,9 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.17.0] (Prowler UNRELEASED) ### Added + - AI Skills pack for AI coding assistants (Claude Code, OpenCode, Codex) following agentskills.io standard [(#9728)](https://github.com/prowler-cloud/prowler/pull/9728) -- Add Prowler ThreatScore for the Alibaba Cloud provider [(#9511)](https://github.com/prowler-cloud/prowler/pull/9511) +- Prowler ThreatScore for the Alibaba Cloud provider [(#9511)](https://github.com/prowler-cloud/prowler/pull/9511) - `compute_instance_group_multiple_zones` check for GCP provider [(#9566)](https://github.com/prowler-cloud/prowler/pull/9566) - `compute_instance_group_autohealing_enabled` check for GCP provider [(#9690)](https://github.com/prowler-cloud/prowler/pull/9690) - Support AWS European Sovereign Cloud [(#9649)](https://github.com/prowler-cloud/prowler/pull/9649) @@ -16,9 +17,9 @@ All notable changes to the **Prowler SDK** are documented in this file. - `compute_configuration_changes` check for GCP provider to detect Compute Engine configuration changes in Cloud Audit Logs [(#9698)](https://github.com/prowler-cloud/prowler/pull/9698) - `compute_instance_group_load_balancer_attached` check for GCP provider [(#9695)](https://github.com/prowler-cloud/prowler/pull/9695) - `Cloudflare` provider with critical security checks [(#9423)](https://github.com/prowler-cloud/prowler/pull/9423) +- CloudFlare `TLS/SSL`, `records` and `email` checks for `zone` service [(#9424)](https://github.com/prowler-cloud/prowler/pull/9424) - `compute_instance_single_network_interface` check for GCP provider [(#9702)](https://github.com/prowler-cloud/prowler/pull/9702) - `compute_image_not_publicly_shared` check for GCP provider [(#9718)](https://github.com/prowler-cloud/prowler/pull/9718) -- `TLS/SSL`, `records` and `email` checks for `zone` service [(#9424)](https://github.com/prowler-cloud/prowler/pull/9424) - `compute_snapshot_not_outdated` check for GCP provider [(#9774)](https://github.com/prowler-cloud/prowler/pull/9774) - `compute_instance_on_host_maintenance_migrate` check for GCP provider [(#9834)](https://github.com/prowler-cloud/prowler/pull/9834) - CIS 1.12 compliance framework for Kubernetes [(#9778)](https://github.com/prowler-cloud/prowler/pull/9778) @@ -27,6 +28,7 @@ All notable changes to the **Prowler SDK** are documented in this file. - `Cloudflare` Bot protection, WAF, Privacy, Anti-Scraping and Zone configuration checks [(#9425)](https://github.com/prowler-cloud/prowler/pull/9425) ### Changed + - Update AWS Step Functions service metadata to new format [(#9432)](https://github.com/prowler-cloud/prowler/pull/9432) - Update AWS Route 53 service metadata to new format [(#9406)](https://github.com/prowler-cloud/prowler/pull/9406) - Update AWS SQS service metadata to new format [(#9429)](https://github.com/prowler-cloud/prowler/pull/9429) @@ -59,25 +61,21 @@ All notable changes to the **Prowler SDK** are documented in this file. - Update Azure AKS service metadata to new format [(#9611)](https://github.com/prowler-cloud/prowler/pull/9611) - Update Azure API Management service metadata to new format [(#9612)](https://github.com/prowler-cloud/prowler/pull/9612) -### Security -- `pyasn1` to v0.6.2 to address [CVE-2026-23490](https://nvd.nist.gov/vuln/detail/CVE-2026-23490) - -### Security -- Updated `safety` to `3.7.0` and `filelock` to `3.20.3` due to [Safety vulnerability 82754 (CVE-2025-68146)](https://data.safetycli.com/v/82754/97c/) [(#9816)](https://github.com/prowler-cloud/prowler/pull/9816) - ---- - -## [5.16.2] (Prowler v5.16.2) (UNRELEASED) - ### Fixed -- Fix OCI authentication error handling and validation [(#9738)](https://github.com/prowler-cloud/prowler/pull/9738) -- Fixup AWS EC2 SG library [(#9216)](https://github.com/prowler-cloud/prowler/pull/9216) + +- OCI authentication error handling and validation [(#9738)](https://github.com/prowler-cloud/prowler/pull/9738) +- AWS EC2 SG library [(#9216)](https://github.com/prowler-cloud/prowler/pull/9216) + +### Security +- `safety` to `3.7.0` and `filelock` to `3.20.3` due to [Safety vulnerability 82754 (CVE-2025-68146)](https://data.safetycli.com/v/82754/97c/) [(#9816)](https://github.com/prowler-cloud/prowler/pull/9816) +- `pyasn1` to v0.6.2 to address [CVE-2026-23490](https://nvd.nist.gov/vuln/detail/CVE-2026-23490) [(#9817)](https://github.com/prowler-cloud/prowler/pull/9817) --- ## [5.16.1] (Prowler v5.16.1) ### Fixed + - ZeroDivision error from Prowler ThreatScore [(#9653)](https://github.com/prowler-cloud/prowler/pull/9653) --- @@ -85,10 +83,12 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.16.0] (Prowler v5.16.0) ### Added + - `privilege-escalation` and `ec2-imdsv1` categories for AWS checks [(#9537)](https://github.com/prowler-cloud/prowler/pull/9537) - Supported IaC formats and scanner documentation for the IaC provider [(#9553)](https://github.com/prowler-cloud/prowler/pull/9553) ### Changed + - Update AWS Glue service metadata to new format [(#9258)](https://github.com/prowler-cloud/prowler/pull/9258) - Update AWS Kafka service metadata to new format [(#9261)](https://github.com/prowler-cloud/prowler/pull/9261) - Update AWS KMS service metadata to new format [(#9263)](https://github.com/prowler-cloud/prowler/pull/9263) @@ -101,6 +101,7 @@ All notable changes to the **Prowler SDK** are documented in this file. - Update AWS WAF v2 service metadata to new format [(#9481)](https://github.com/prowler-cloud/prowler/pull/9481) ### Fixed + - Fix typo `trustboundaries` category to `trust-boundaries` [(#9536)](https://github.com/prowler-cloud/prowler/pull/9536) - Fix incorrect `bedrock-agent` regional availability, now using official AWS docs instead of copying from `bedrock` - Store MongoDB Atlas provider regions as lowercase [(#9554)](https://github.com/prowler-cloud/prowler/pull/9554) @@ -111,6 +112,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.15.1] (Prowler v5.15.1) ### Fixed + - Fix false negative in AWS `apigateway_restapi_logging_enabled` check by refining stage logging evaluation to ensure logging level is not set to "OFF" [(#9304)](https://github.com/prowler-cloud/prowler/pull/9304) --- @@ -118,6 +120,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.15.0] (Prowler v5.15.0) ### Added + - `cloudstorage_uses_vpc_service_controls` check for GCP provider [(#9256)](https://github.com/prowler-cloud/prowler/pull/9256) - Alibaba Cloud provider with CIS 2.0 benchmark [(#9329)](https://github.com/prowler-cloud/prowler/pull/9329) - `repository_immutable_releases_enabled` check for GitHub provider [(#9162)](https://github.com/prowler-cloud/prowler/pull/9162) @@ -131,6 +134,7 @@ All notable changes to the **Prowler SDK** are documented in this file. - RBI Cyber Security Framework compliance for Azure provider [(#8822)](https://github.com/prowler-cloud/prowler/pull/8822) ### Changed + - Update AWS Macie service metadata to new format [(#9265)](https://github.com/prowler-cloud/prowler/pull/9265) - Update AWS Lightsail service metadata to new format [(#9264)](https://github.com/prowler-cloud/prowler/pull/9264) - Update AWS GuardDuty service metadata to new format [(#9259)](https://github.com/prowler-cloud/prowler/pull/9259) @@ -140,6 +144,7 @@ All notable changes to the **Prowler SDK** are documented in this file. - Update AWS Lightsail service metadata to new format [(#9264)](https://github.com/prowler-cloud/prowler/pull/9264) ### Fixed + - Fix duplicate requirement IDs in ISO 27001:2013 AWS compliance framework by adding unique letter suffixes - Removed incorrect threat-detection category from checks metadata [(#9489)](https://github.com/prowler-cloud/prowler/pull/9489) - GCP `cloudstorage_uses_vpc_service_controls` check to handle VPC Service Controls blocked API access [(#9478)](https://github.com/prowler-cloud/prowler/pull/9478) @@ -149,6 +154,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.14.2] (Prowler v5.14.2) ### Fixed + - Custom check folder metadata validation [(#9335)](https://github.com/prowler-cloud/prowler/pull/9335) - Pin `alibabacloud-gateway-oss-util` to version 0.0.3 to address missing dependency [(#9487)](https://github.com/prowler-cloud/prowler/pull/9487) @@ -157,6 +163,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.14.1] (Prowler v5.14.1) ### Fixed + - `sharepoint_external_sharing_managed` check to handle external sharing disabled at organization level [(#9298)](https://github.com/prowler-cloud/prowler/pull/9298) - Support multiple Exchange mailbox policies in M365 `exchange_mailbox_policy_additional_storage_restricted` check [(#9241)](https://github.com/prowler-cloud/prowler/pull/9241) @@ -165,6 +172,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.14.0] (Prowler v5.14.0) ### Added + - GitHub provider check `organization_default_repository_permission_strict` [(#8785)](https://github.com/prowler-cloud/prowler/pull/8785) - Add OCI mapping to scan and check classes [(#8927)](https://github.com/prowler-cloud/prowler/pull/8927) - `codepipeline_project_repo_private` check for AWS provider [(#5915)](https://github.com/prowler-cloud/prowler/pull/5915) @@ -190,6 +198,7 @@ All notable changes to the **Prowler SDK** are documented in this file. - Add branch name to IaC provider region [(#9296)](https://github.com/prowler-cloud/prowler/pull/9295) ### Changed + - Update AWS Direct Connect service metadata to new format [(#8855)](https://github.com/prowler-cloud/prowler/pull/8855) - Update AWS DRS service metadata to new format [(#8870)](https://github.com/prowler-cloud/prowler/pull/8870) - Update AWS DynamoDB service metadata to new format [(#8871)](https://github.com/prowler-cloud/prowler/pull/8871) @@ -223,9 +232,10 @@ All notable changes to the **Prowler SDK** are documented in this file. - Update AWS ECS service metadata to new format [(#8888)](https://github.com/prowler-cloud/prowler/pull/8888) - Update AWS Kinesis service metadata to new format [(#9262)](https://github.com/prowler-cloud/prowler/pull/9262) - Update AWS DocumentDB service metadata to new format [(#8862)](https://github.com/prowler-cloud/prowler/pull/8862) - +- Adapt IaC provider to be used in the Prowler App [(#8751)](https://github.com/prowler-cloud/prowler/pull/8751) ### Fixed + - Check `check_name` has no `resource_name` error for GCP provider [(#9169)](https://github.com/prowler-cloud/prowler/pull/9169) - Depth Truncation and parsing error in PowerShell queries [(#9181)](https://github.com/prowler-cloud/prowler/pull/9181) - False negative in `iam_role_cross_service_confused_deputy_prevention` check [(#9213)](https://github.com/prowler-cloud/prowler/pull/9213) @@ -243,6 +253,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.13.1] (Prowler v5.13.1) ### Fixed + - Add `resource_name` for checks under `logging` for the GCP provider [(#9023)](https://github.com/prowler-cloud/prowler/pull/9023) - Fix `ec2_instance_with_outdated_ami` check to handle None AMIs [(#9046)](https://github.com/prowler-cloud/prowler/pull/9046) - Handle timestamp when transforming compliance findings in CCC [(#9042)](https://github.com/prowler-cloud/prowler/pull/9042) @@ -251,14 +262,10 @@ All notable changes to the **Prowler SDK** are documented in this file. --- -### Changed -- Adapt IaC provider to be used in the Prowler App [(#8751)](https://github.com/prowler-cloud/prowler/pull/8751) - ---- - ## [5.13.0] (Prowler v5.13.0) ### Added + - Support for AdditionalURLs in outputs [(#8651)](https://github.com/prowler-cloud/prowler/pull/8651) - Support for markdown metadata fields in Dashboard [(#8667)](https://github.com/prowler-cloud/prowler/pull/8667) - `ec2_instance_with_outdated_ami` check for AWS provider [(#6910)](https://github.com/prowler-cloud/prowler/pull/6910) @@ -301,6 +308,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ### Fixed + - Fix SNS topics showing empty AWS_ResourceID in Quick Inventory output [(#8762)](https://github.com/prowler-cloud/prowler/issues/8762) - Fix HTML Markdown output for long strings [(#8803)](https://github.com/prowler-cloud/prowler/pull/8803) - Prowler ThreatScore scoring calculation CLI [(#8582)](https://github.com/prowler-cloud/prowler/pull/8582) @@ -317,6 +325,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.12.1] (Prowler v5.12.1) ### Fixed + - Replaced old check id with new ones for compliance files [(#8682)](https://github.com/prowler-cloud/prowler/pull/8682) - `firehose_stream_encrypted_at_rest` check false positives and new api call in kafka service [(#8599)](https://github.com/prowler-cloud/prowler/pull/8599) - Replace defender rules policies key to use old name [(#8702)](https://github.com/prowler-cloud/prowler/pull/8702) @@ -326,6 +335,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.12.0] (Prowler v5.12.0) ### Added + - Add more fields for the Jira ticket and handle custom fields errors [(#8601)](https://github.com/prowler-cloud/prowler/pull/8601) - Support labels on Jira tickets [(#8603)](https://github.com/prowler-cloud/prowler/pull/8603) - Add finding url and tenant info inside Jira tickets [(#8607)](https://github.com/prowler-cloud/prowler/pull/8607) @@ -349,9 +359,11 @@ All notable changes to the **Prowler SDK** are documented in this file. - `projects_network_access_list_exposed_to_internet` - Ensure project network access list is not exposed to internet ### Changed + - Rename ftp and mongo checks to follow pattern `ec2_securitygroup_allow_ingress_from_internet_to_tcp_port_*` [(#8293)](https://github.com/prowler-cloud/prowler/pull/8293) ### Fixed + - Renamed `AdditionalUrls` to `AdditionalURLs` field in CheckMetadata [(#8639)](https://github.com/prowler-cloud/prowler/pull/8639) - TypeError from Python 3.9 in Security Hub module by updating type annotations [(#8619)](https://github.com/prowler-cloud/prowler/pull/8619) - KeyError when SecurityGroups field is missing in MemoryDB check [(#8666)](https://github.com/prowler-cloud/prowler/pull/8666) @@ -362,6 +374,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.11.0] (Prowler v5.11.0) ### Added + - Certificate authentication for M365 provider [(#8404)](https://github.com/prowler-cloud/prowler/pull/8404) - `vm_sufficient_daily_backup_retention_period` check for Azure provider [(#8200)](https://github.com/prowler-cloud/prowler/pull/8200) - `vm_jit_access_enabled` check for Azure provider [(#8202)](https://github.com/prowler-cloud/prowler/pull/8202) @@ -376,10 +389,12 @@ All notable changes to the **Prowler SDK** are documented in this file. - GCP `--skip-api-check` command line flag [(#8575)](https://github.com/prowler-cloud/prowler/pull/8575) ### Changed + - Refine kisa isms-p compliance mapping [(#8479)](https://github.com/prowler-cloud/prowler/pull/8479) - Improve AWS Security Hub region check using multiple threads [(#8365)](https://github.com/prowler-cloud/prowler/pull/8365) ### Fixed + - Resource metadata error in `s3_bucket_shadow_resource_vulnerability` check [(#8572)](https://github.com/prowler-cloud/prowler/pull/8572) - GitHub App authentication through API fails with auth_method validation error [(#8587)](https://github.com/prowler-cloud/prowler/pull/8587) - AWS resource-arn filtering [(#8533)](https://github.com/prowler-cloud/prowler/pull/8533) @@ -393,6 +408,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.10.2] (Prowler v5.10.2) ### Fixed + - Order requirements by ID in Prowler ThreatScore AWS compliance framework [(#8495)](https://github.com/prowler-cloud/prowler/pull/8495) - Add explicit resource name to GCP and Azure Defender checks [(#8352)](https://github.com/prowler-cloud/prowler/pull/8352) - Validation errors in Azure and M365 providers [(#8353)](https://github.com/prowler-cloud/prowler/pull/8353) @@ -407,6 +423,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.10.1] (Prowler v5.10.1) ### Fixed + - Remove invalid requirements from CIS 1.0 for GitHub provider [(#8472)](https://github.com/prowler-cloud/prowler/pull/8472) --- @@ -414,6 +431,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.10.0] (Prowler v5.10.0) ### Added + - `bedrock_api_key_no_administrative_privileges` check for AWS provider [(#8321)](https://github.com/prowler-cloud/prowler/pull/8321) - `bedrock_api_key_no_long_term_credentials` check for AWS provider [(#8396)](https://github.com/prowler-cloud/prowler/pull/8396) - Support App Key Content in GitHub provider [(#8271)](https://github.com/prowler-cloud/prowler/pull/8271) @@ -426,11 +444,13 @@ All notable changes to the **Prowler SDK** are documented in this file. - Use `trivy` as engine for IaC provider [(#8466)](https://github.com/prowler-cloud/prowler/pull/8466) ### Changed + - Handle some AWS errors as warnings instead of errors [(#8347)](https://github.com/prowler-cloud/prowler/pull/8347) - Revert import of `checkov` python library [(#8385)](https://github.com/prowler-cloud/prowler/pull/8385) - Updated policy mapping in ISMS-P compliance file for improved alignment [(#8367)](https://github.com/prowler-cloud/prowler/pull/8367) ### Fixed + - False positives in SQS encryption check for ephemeral queues [(#8330)](https://github.com/prowler-cloud/prowler/pull/8330) - Add protocol validation check in security group checks to ensure proper protocol matching [(#8374)](https://github.com/prowler-cloud/prowler/pull/8374) - Add missing audit evidence for controls 1.1.4 and 2.5.5 for ISMS-P compliance. [(#8386)](https://github.com/prowler-cloud/prowler/pull/8386) @@ -454,6 +474,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.9.2] (Prowler v5.9.2) ### Fixed + - Use the correct resource name in `defender_domain_dkim_enabled` check [(#8334)](https://github.com/prowler-cloud/prowler/pull/8334) --- @@ -461,6 +482,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.9.0] (Prowler v5.9.0) ### Added + - `storage_smb_channel_encryption_with_secure_algorithm` check for Azure provider [(#8123)](https://github.com/prowler-cloud/prowler/pull/8123) - `storage_smb_protocol_version_is_latest` check for Azure provider [(#8128)](https://github.com/prowler-cloud/prowler/pull/8128) - `vm_backup_enabled` check for Azure provider [(#8182)](https://github.com/prowler-cloud/prowler/pull/8182) @@ -473,9 +495,11 @@ All notable changes to the **Prowler SDK** are documented in this file. - Add `test_connection` method to GitHub provider [(#8248)](https://github.com/prowler-cloud/prowler/pull/8248) ### Changed + - Refactor the Azure Defender get security contact configuration method to use the API REST endpoint instead of the SDK [(#8241)](https://github.com/prowler-cloud/prowler/pull/8241) ### Fixed + - Title & description wording for `iam_user_accesskey_unused` check for AWS provider [(#8233)](https://github.com/prowler-cloud/prowler/pull/8233) - Add GitHub provider to lateral panel in documentation and change -h environment variable output [(#8246)](https://github.com/prowler-cloud/prowler/pull/8246) - Show `m365_identity_type` and `m365_identity_id` in cloud reports [(#8247)](https://github.com/prowler-cloud/prowler/pull/8247) @@ -495,6 +519,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.8.1] (Prowler v5.8.1) ### Fixed + - Detect wildcarded ARNs in sts:AssumeRole policy resources [(#8164)](https://github.com/prowler-cloud/prowler/pull/8164) - List all streams and `firehose_stream_encrypted_at_rest` logic [(#8213)](https://github.com/prowler-cloud/prowler/pull/8213) - Allow empty values for http_endpoint in templates [(#8184)](https://github.com/prowler-cloud/prowler/pull/8184) @@ -547,6 +572,7 @@ All notable changes to the **Prowler SDK** are documented in this file. - New check `codebuild_project_not_publicly_accessible` for AWS provider [(#8127)](https://github.com/prowler-cloud/prowler/pull/8127) ### Fixed + - Consolidate Azure Storage file service properties to the account level, improving the accuracy of the `storage_ensure_file_shares_soft_delete_is_enabled` check [(#8087)](https://github.com/prowler-cloud/prowler/pull/8087) - Migrate Azure VM service and managed disk logic to Pydantic models for better serialization and type safety, and update all related tests to use the new models and fix UUID handling [(#https://github.com/prowler-cloud/prowler/pull/8151)](https://github.com/prowler-cloud/prowler/pull/https://github.com/prowler-cloud/prowler/pull/8151) - `organizations_scp_check_deny_regions` check to pass when SCP policies have no statements [(#8091)](https://github.com/prowler-cloud/prowler/pull/8091) @@ -557,9 +583,11 @@ All notable changes to the **Prowler SDK** are documented in this file. - Handle empty name in Azure Defender and GCP checks [(#8120)](https://github.com/prowler-cloud/prowler/pull/8120) ### Changed + - Reworked `S3.test_connection` to match the AwsProvider logic [(#8088)](https://github.com/prowler-cloud/prowler/pull/8088) ### Removed + - OCSF version number references to point always to the latest [(#8064)](https://github.com/prowler-cloud/prowler/pull/8064) --- @@ -567,6 +595,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.7.5] (Prowler v5.7.5) ### Fixed + - Use unified timestamp for all requirements [(#8059)](https://github.com/prowler-cloud/prowler/pull/8059) - Add EKS to service without subservices [(#7959)](https://github.com/prowler-cloud/prowler/pull/7959) - `apiserver_strong_ciphers_only` check for K8S provider [(#7952)](https://github.com/prowler-cloud/prowler/pull/7952) @@ -585,6 +614,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.7.3] (Prowler v5.7.3) ### Fixed + - Automatically encrypt password in Microsoft365 provider [(#7784)](https://github.com/prowler-cloud/prowler/pull/7784) - Remove last encrypted password appearances [(#7825)](https://github.com/prowler-cloud/prowler/pull/7825) @@ -593,6 +623,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.7.2] (Prowler v5.7.2) ### Fixed + - `m365_powershell test_credentials` to use sanitized credentials [(#7761)](https://github.com/prowler-cloud/prowler/pull/7761) - `admincenter_users_admins_reduced_license_footprint` check logic to pass when admin user has no license [(#7779)](https://github.com/prowler-cloud/prowler/pull/7779) - `m365_powershell` to close the PowerShell sessions in msgraph services [(#7816)](https://github.com/prowler-cloud/prowler/pull/7816) @@ -605,6 +636,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.7.0] (Prowler v5.7.0) ### Added + - Update the compliance list supported for each provider from docs [(#7694)](https://github.com/prowler-cloud/prowler/pull/7694) - Allow setting cluster name in in-cluster mode in Kubernetes [(#7695)](https://github.com/prowler-cloud/prowler/pull/7695) - Prowler ThreatScore for M365 provider [(#7692)](https://github.com/prowler-cloud/prowler/pull/7692) @@ -623,6 +655,7 @@ All notable changes to the **Prowler SDK** are documented in this file. - CIS 5.0 compliance framework for AWS [(7766)](https://github.com/prowler-cloud/prowler/pull/7766) ### Fixed + - Update CIS 4.0 for M365 provider [(#7699)](https://github.com/prowler-cloud/prowler/pull/7699) - Update and upgrade CIS for all the providers [(#7738)](https://github.com/prowler-cloud/prowler/pull/7738) - Cover policies with conditions with SNS endpoint in `sns_topics_not_publicly_accessible` [(#7750)](https://github.com/prowler-cloud/prowler/pull/7750) @@ -633,6 +666,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.6.0] (Prowler v5.6.0) ### Added + - SOC2 compliance framework to Azure [(#7489)](https://github.com/prowler-cloud/prowler/pull/7489) - Check for unused Service Accounts in GCP [(#7419)](https://github.com/prowler-cloud/prowler/pull/7419) - Powershell to Microsoft365 [(#7331)](https://github.com/prowler-cloud/prowler/pull/7331) @@ -682,6 +716,7 @@ All notable changes to the **Prowler SDK** are documented in this file. - Microsoft User and User Credential auth to reports [(#7681)](https://github.com/prowler-cloud/prowler/pull/7681) ### Fixed + - Package name location in pyproject.toml while replicating for prowler-cloud [(#7531)](https://github.com/prowler-cloud/prowler/pull/7531) - Remove cache in PyPI release action [(#7532)](https://github.com/prowler-cloud/prowler/pull/7532) - The correct values for logger.info inside iam service [(#7526)](https://github.com/prowler-cloud/prowler/pull/7526) @@ -702,6 +737,7 @@ All notable changes to the **Prowler SDK** are documented in this file. ## [5.5.1] (Prowler v5.5.1) ### Fixed + - Default name to contacts in Azure Defender [(#7483)](https://github.com/prowler-cloud/prowler/pull/7483) - Handle projects without ID in GCP [(#7496)](https://github.com/prowler-cloud/prowler/pull/7496) - Restore packages location in PyProject [(#7510)](https://github.com/prowler-cloud/prowler/pull/7510) diff --git a/ui/CHANGELOG.md b/ui/CHANGELOG.md index a257bb3b94..7fd7ac190f 100644 --- a/ui/CHANGELOG.md +++ b/ui/CHANGELOG.md @@ -6,38 +6,34 @@ All notable changes to the **Prowler UI** are documented in this file. ### 🚀 Added -- Resource group label filter to Resources page [(#9820)](https://github.com/prowler-cloud/prowler/pull/9820) -- Add search bar when adding a provider [(#9634)](https://github.com/prowler-cloud/prowler/pull/9634) +- Search bar when adding a provider [(#9634)](https://github.com/prowler-cloud/prowler/pull/9634) - New findings table UI with new design system components, improved filtering UX, and enhanced table interactions [(#9699)](https://github.com/prowler-cloud/prowler/pull/9699) -- Add gradient background to Risk Plot for visual risk context [(#9664)](https://github.com/prowler-cloud/prowler/pull/9664) -- Add ThreatScore pillar breakdown to Compliance Summary page and detail view [(#9773)](https://github.com/prowler-cloud/prowler/pull/9773) -- Add Provider and Group filters to Resources page [(#9492)](https://github.com/prowler-cloud/prowler/pull/9492) +- Gradient background to Risk Plot for visual risk context [(#9664)](https://github.com/prowler-cloud/prowler/pull/9664) +- ThreatScore pillar breakdown to Compliance Summary page and detail view [(#9773)](https://github.com/prowler-cloud/prowler/pull/9773) +- Provider and Group filters to Resources page [(#9492)](https://github.com/prowler-cloud/prowler/pull/9492) - Compliance Watchlist component in Overview page [(#9786)](https://github.com/prowler-cloud/prowler/pull/9786) - Add a new main section for list Attack Paths scans, execute queries on them and view their result as a graph [(#9805)](https://github.com/prowler-cloud/prowler/pull/9805) +- Resource group label filter to Resources page [(#9820)](https://github.com/prowler-cloud/prowler/pull/9820) ### 🔄 Changed - Refactor Lighthouse AI MCP tool filtering from blacklist to whitelist approach for improved security [(#9802)](https://github.com/prowler-cloud/prowler/pull/9802) - Refactor ScatterPlot as reusable generic component with TypeScript generics [(#9664)](https://github.com/prowler-cloud/prowler/pull/9664) - Rename resource_group filter to group in Resources page and Overview cards [(#9492)](https://github.com/prowler-cloud/prowler/pull/9492) -- Update Resources filters to use __in format for multi-select support [(#9492)](https://github.com/prowler-cloud/prowler/pull/9492) +- Update Resources filters to use `__in` format for multi-select support [(#9492)](https://github.com/prowler-cloud/prowler/pull/9492) - Swap Risk Plot axes: X = Fail Findings, Y = Prowler ThreatScore [(#9664)](https://github.com/prowler-cloud/prowler/pull/9664) - Remove duplicate scan_id filter badge from Findings page [(#9664)](https://github.com/prowler-cloud/prowler/pull/9664) - Remove unused hasDots prop from RadialChart component [(#9664)](https://github.com/prowler-cloud/prowler/pull/9664) -- Add showCenterLabel prop to RadialChart for optional center text display [(#9773)](https://github.com/prowler-cloud/prowler/pull/9773) - -### 🔐 Security - -- Upgrade Node.js from 20.x to 24.13.0 LTS, patching 8 CVEs from January 2026 security advisory [(#9797)](https://github.com/prowler-cloud/prowler/pull/9797) - ---- - -## [1.16.2] (Prowler v5.16.2) (UNRELEASED) ### 🐞 Fixed - OCI update credentials form failing silently due to missing provider UID [(#9746)](https://github.com/prowler-cloud/prowler/pull/9746) +### 🔐 Security + +- Node.js from 20.x to 24.13.0 LTS, patching 8 CVEs from January 2026 security advisory [(#9797)](https://github.com/prowler-cloud/prowler/pull/9797) +- langchain from 1.1.5 to 1.2.10 and @langchain/core from 1.1.8 to 1.1.15 [(#9797)](https://github.com/prowler-cloud/prowler/pull/9797) + --- ## [1.16.1] (Prowler v5.16.1)