fix(amazonq): security: disable auto linkify of text links in chat aws#6449

dogusata · s7ab059789 · commit 8d4f738a1b6a · 2025-02-18T05:02:28.000+03:00
## Problem - Links incoming from Q responses can redirect to a vulnerable site depending on the used context from the files. ## Solution - Linkify strategy is updated to only accept links with `[TEXT](URL)` format. (through MynahUI version [4.21.6](https://github.com/aws/mynah-ui/releases/tag/v4.21.6)) MynahUI PR: aws/mynah-ui#226
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/amazonq/.changes/next-release/Bug Fix-8212e8e4-f65f-4594-a04f-76d47c61b41e.json b/packages/amazonq/.changes/next-release/Bug Fix-8212e8e4-f65f-4594-a04f-76d47c61b41e.json
@@ -0,0 +1,4 @@
+{
+	"type": "Bug Fix",
+	"description": "For security reasons, disabled auto linkify for link texts coming in markdown other than [TEXT](URL) format"
+}
diff --git a/packages/core/package.json b/packages/core/package.json
@@ -510,7 +510,7 @@
         "@aws-sdk/property-provider": "3.46.0",
         "@aws-sdk/smithy-client": "^3.46.0",
         "@aws-sdk/util-arn-parser": "^3.46.0",
-        "@aws/mynah-ui": "^4.21.5",
+        "@aws/mynah-ui": "^4.21.6",
         "@gerhobbelt/gitignore-parser": "^0.2.0-9",
         "@iarna/toml": "^2.2.5",
         "@smithy/middleware-retry": "^2.3.1",

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +{
 +	"type": "Bug Fix",
 +	"description": "For security reasons, disabled auto linkify for link texts coming in markdown other than [TEXT](URL) format"
 +}