v2.4.21

• Fixed bug: determine_type incorrectly suppressed incidents carrying Compliance metadata without SecurityControlId, causing reassigned findings from the Account Reassignment Preprocessor to silently disappear
• Added test coverage for determine_type function (33 tests)
• Added test coverage for pandas dependencies validating CSV conversion and Decimal handling
• Pinned pandas to 2.2.2 to avoid compatibility issues with pandas 2.3.x in Lambda environment

Full Changelog: v2.4.18...v2.4.21

v2.4.18

• Fixed ticket closure for AWS Security Hub behavior change (July 3, 2025)
• AWS changed from ARCHIVING fixed findings to keeping them ACTIVE with NOTIFIED+PASSED status

Full Changelog: v2.4.17...v2.4.18

v2.4.0

• Automatic reassignment of delegated findings to the originating accounts.

Full Changelog: v2.3.5...v2.4.0

v2.3.2

• Enhanced OpenSecOps Execution Role context in AI prompts to recognize reconnaissance activities as unlikely
• Removed code snippet recommendations for incidents involving AWSControlTowerExecution role
• Improved email formatting
• Added CloudWatch alarm context enrichment for Step Functions and Lambda incidents
• Enhanced AI incident analysis with enriched CloudWatch alarm data and execution context
• Improved timestamp parsing accuracy for CloudWatch alarm processing
• Enhanced AI operation error handling: changed States.Timeout to States.ALL for improved Bedrock timeout resilience

Full Changelog: v2.3.1...v2.3.2

v2.2.1

• Added comprehensive state machine error handling across all 30+ autoremediation functions
• Simplified error handling in IAM.8, S3.3, and EC2.6 autoremediations
• Added centralized SetAutoremediationNotDone state for 100% fallback-to-ticketing coverage
• Improved AI prompt clarity for SOAR self-monitoring infrastructure incidents
• Updated incident_infra.txt and weekly_ai_report_0_common.txt to distinguish individual failures from systemic issues

Full Changelog: v2.2.0...v2.2.1

v2.2.0

• AWS Health Reclassifier: Implemented automatic reclassification of AWS Health informational notifications from HIGH/MEDIUM/CRITICAL to INFORMATIONAL severity to prevent false positives in SOAR processing. The new parameter ReclassifyAWSHealthIncidents with a default value of No controls this behaviour.
• Default lambda runtime memory increased to 512 MB.

Full Changelog: v2.1.3...v2.2.0

v2.1.3

• Comprehensive testing infrastructure implementation with 53% auto-remediation coverage (16/30 functions, 236 tests)
• Complete EC2 auto-remediation testing (8/8 functions, 134 tests) with ASFF standardization patterns
• Complete RDS auto-remediation testing (7/7 controls, 88 tests) with comprehensive edge case coverage
• Established documentation-first testing methodology for efficient test development
• Added centralized test data management via fixtures/asff_data.py for consistent ASFF structures
• Implemented critical pytest module import isolation to prevent cross-contamination between test suites
• Enhanced testing documentation with LocalStack Docker integration and contributor guidelines
• Added bug handling protocol for test development to ensure proper production code review processes
• Comprehensive documentation added to core SOAR functions and auto-remediation components
• Testing strategy now serves as template for expanding coverage across all OpenSecOps repositories

Full Changelog: v2.1.2...v2.1.3

v2.1.0

• Added Lambda Layers for shared code (aws_utils and rds_remediation) to centralize cross-account functionality
• Reorganized all RDS autoremediations to leverage common code from the rds_remediation layer
• Fixed RDS.2 autoremediation to properly handle DB instances within Aurora clusters
• Fixed capitalization in RDS.9 and RDS.2 autoremediations to handle Security Hub ASFF format correctly
• Fixed access to parameter group fields using 'DbParameterGroups' instead of 'DBParameterGroups'
• Fixed access to cluster parameter group fields using 'DbClusterParameterGroups' instead of 'DBClusterParameterGroups'
• Enhanced RDS.9 autoremediation to handle DB cluster findings more reliably with API-based fallbacks
• Improved error handling in RDS.9 parameter group creation to prevent duplicate name conflicts
• Added unique suffix generation for RDS parameter group names to avoid name collisions
• Thoroughly tested RDS.9 autoremediation with PostgreSQL and Aurora PostgreSQL instances (standalone and in clusters)

Full Changelog: v2.0.1...v2.1.0