Merge pull request #293 from aws-solutions/release/v4.1.1

Update to v4.1.1

Author: tbelmega

CHANGELOG.md

@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.1.1] - 2025-12-29
+
+### Security
+
+- Updated urllib3 to version 2.6.1 to address [CVE-2025-66418](https://nvd.nist.gov/vuln/detail/CVE-2025-66418) and [CVE-2025-66471](https://nvd.nist.gov/vuln/detail/CVE-2025-66471)
+- Updated js-yaml to version 4.1.1 to address [CVE-2025-64718](https://nvd.nist.gov/vuln/detail/CVE-2025-64718)
+- Updated werkzeug to version 3.1.4 to address [CVE-2025-66221](https://nvd.nist.gov/vuln/detail/CVE-2025-66221)
+
 ## [4.1.0] - 2025-07-30
 
 ### Added
@@ -23,8 +31,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Updated datetime deprecated method for utcnow() to now(datetime.UTC)
 - Updated bad bot component behavior with improved log parsing support and detection logic
 - Updated waflib api, remove redundant calls
-- Removed http request based approach for IP detection and added WAF log based analysis to find ip for bad bot
 - Updated temporary folders restrictions
+- Changed metrics collection services
 
 ### Fixed
 
@@ -35,7 +43,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Removed
 
 - Removed old stack templates
-- Access handler and Amazon API Gateway resources
+- Removed access handler and Amazon API Gateway resources
+- Removed http request based approach for IP detection and added WAF log based analysis to find ip for bad bot
+- Removed Service Catalog AppRegistry integration
 
 ## [4.0.6] - 2024-12-17
 

README.md

@@ -179,9 +179,9 @@ This project consists of microservices that facilitate the functional areas of t
 
 ---
 
-# Collection of operational metrics
+## Data Collection
 
-This solution collects anonymized operational metrics to help AWS improve the quality and features of the solution. For more information, including how to disable this capability, please see the [implementation guide](https://docs.aws.amazon.com/solutions/latest/security-automations-for-aws-waf/reference.html).
+This solution sends operational metrics to AWS (the “Data”) about the use of this solution. We use this Data to better understand how customers use this solution and related services and products. AWS’s collection of this Data is subject to the [AWS Privacy Notice](https://aws.amazon.com/privacy/).
 
 
 ---

source/custom_resource/poetry.lock

@@ -8,7 +8,7 @@ backoff = "^2.2.1"
 aws-lambda-powertools = "~3.2.0"
 jinja2 = "^3.1.6"
 aws-xray-sdk = "^2.14.0"
-urllib3 = "^2.5.0"
+urllib3 = "^2.6.0"
 
 
 [tool.poetry.group.dev.dependencies]

source/custom_resource/pyproject.toml

@@ -8,7 +8,7 @@ backoff = "^2.2.1"
 aws-lambda-powertools = "~3.2.0"
 jinja2 = "^3.1.6"
 aws-xray-sdk = "^2.14.0"
-urllib3 = "^2.5.0"
+urllib3 = "^2.6.0"
 
 
 

source/helper/poetry.lock

@@ -1,6 +1,6 @@
 {
   "name": "@amzn/aws-waf-security-automations",
-  "version": "4.1.0",
+  "version": "4.1.1",
   "bin": {
     "infrastructure": "bin/aws-waf-security-automations.js"
   },

source/helper/pyproject.toml

@@ -8,7 +8,7 @@ backoff = "^2.2.1"
 aws-lambda-powertools = "~3.2.0"
 jinja2 = "^3.1.6"
 aws-xray-sdk = "^2.14.0"
-urllib3 = "^2.5.0"
+urllib3 = "^2.6.0"