Release v2.4.9

CHANGELOG.md

@@ -5,6 +5,27 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.4.9] - 2026-03-31
+
+### Added
+
+- Added support for EKS kubectl 1.35
+
+### Fixed
+
+- Issue with OpenSearch index pattern update logic to preserve the existing `timeFieldName` attribute, preventing overwrite of previously set time field configuration and avoiding potential issues with time-based queries and visualizations
+
+### Security
+
+- Updated aws-for-fluent-bit image version to address CVEs for libxml2 and libssh package
+- Updated aws lambda python image version to address CVEs for libxml2
+- Updated flatted package to address [CVE-2026-32141](https://avd.aquasec.com/nvd/cve-2026-32141)
+- Updated minimatch package to address [CVE-2026-27903](https://avd.aquasec.com/nvd/cve-2026-27903)
+- Updated aws-cdk-lib and aws-cdk
+- Updated Prototype Pollution package to address [CVE-2026-29063](https://avd.aquasec.com/nvd/cve-2026-29063)
+- Updated SVGO package to address [CVE-2026-29074](https://avd.aquasec.com/nvd/cve-2026-29074)
+- Updated pyopenssl to address [CVE-2026-27459](https://avd.aquasec.com/nvd/cve-2026-27459)
+
 ## [2.4.8] - 2026-03-03
 
 ### Security

NOTICE.txt

@@ -1807,6 +1807,59 @@ fdir under the MIT license.
 generator-function under the MIT license.
 eslint-import-context under the MIT license.
 stable-hash-x under the MIT license.
+@smithy/credential-provider-imds under the Apache-2.0 license.
+@smithy/middleware-serde under the Apache-2.0 license.
+@smithy/util-body-length-node under the Apache-2.0 license.
+@smithy/util-stream under the Apache-2.0 license.
+@smithy/config-resolver under the Apache-2.0 license.
+@smithy/uuid under the Apache-2.0 license.
+@aws-sdk/credential-provider-http under the Apache-2.0 license.
+@smithy/shared-ini-file-loader under the Apache-2.0 license.
+@aws-sdk/xml-builder under the Apache-2.0 license.
+@smithy/eventstream-serde-browser under the Apache-2.0 license.
+@smithy/util-endpoints under the Apache-2.0 license.
+@smithy/querystring-builder under the Apache-2.0 license.
+@smithy/eventstream-serde-config-resolver under the Apache-2.0 license.
+@smithy/protocol-http under the Apache-2.0 license.
+@aws-sdk/core under the Apache-2.0 license.
+@smithy/util-defaults-mode-node under the Apache-2.0 license.
+@aws/lambda-invoke-store under the Apache-2.0 license.
+@smithy/middleware-retry under the Apache-2.0 license.
+@smithy/invalid-dependency under the Apache-2.0 license.
+@smithy/util-uri-escape under the Apache-2.0 license.
+@smithy/util-config-provider under the Apache-2.0 license.
+@smithy/node-http-handler under the Apache-2.0 license.
+@aws-sdk/region-config-resolver under the Apache-2.0 license.
+@smithy/middleware-stack under the Apache-2.0 license.
+@smithy/property-provider under the Apache-2.0 license.
+@smithy/util-utf8 under the Apache-2.0 license.
+@smithy/util-middleware under the Apache-2.0 license.
+@smithy/util-buffer-from under the Apache-2.0 license.
+@smithy/abort-controller under the Apache-2.0 license.
+@smithy/middleware-endpoint under the Apache-2.0 license.
+@smithy/util-base64 under the Apache-2.0 license.
+@smithy/url-parser under the Apache-2.0 license.
+@aws-cdk/cloud-assembly-api under the Apache-2.0 license.
+@smithy/signature-v4 under the Apache-2.0 license.
+@smithy/eventstream-serde-node under the Apache-2.0 license.
+@aws-sdk/token-providers under the Apache-2.0 license.
+@smithy/eventstream-codec under the Apache-2.0 license.
+@smithy/fetch-http-handler under the Apache-2.0 license.
+@aws-sdk/nested-clients under the Apache-2.0 license.
+@smithy/middleware-content-length under the Apache-2.0 license.
+@smithy/core under the Apache-2.0 license.
+@smithy/smithy-client under the Apache-2.0 license.
+@smithy/hash-node under the Apache-2.0 license.
+@smithy/is-array-buffer under the Apache-2.0 license.
+@aws-sdk/util-endpoints under the Apache-2.0 license.
+@smithy/util-defaults-mode-browser under the Apache-2.0 license.
+@aws-sdk/credential-provider-login under the Apache-2.0 license.
+@smithy/util-body-length-browser under the Apache-2.0 license.
+@smithy/util-retry under the Apache-2.0 license.
+@smithy/node-config-provider under the Apache-2.0 license.
+@smithy/querystring-parser under the Apache-2.0 license.
+@smithy/eventstream-serde-universal under the Apache-2.0 license.
+@smithy/service-error-classification under the Apache-2.0 license.
 
 ********************
 OPEN SOURCE LICENSES

README.md

@@ -44,6 +44,6 @@ Please follow the [Implementation Guide](https://docs.aws.amazon.com/solutions/l
 Please follow the [Customization Guide](CUSTOM_BUILD.md) for custom build.
 
 
-## Collection of operational metrics
+## Data Collection
 
-This solution collects anonymized operational metrics to help AWS improve the quality and features of the solution. For more information, including how to disable this capability, please see the [Implementation Guide](https://docs.aws.amazon.com/solutions/latest/centralized-logging-with-opensearch/reference.html).
+This solution sends operational metrics to AWS (the “Data”) about the use of this solution. We use this Data to better understand how customers use this solution and related services and products. AWS’s collection of this Data is subject to the [AWS Privacy Notice](https://aws.amazon.com/privacy/).

deployment/cdk-solution-helper/index.js

@@ -168,6 +168,6 @@ fs.readdirSync(global_s3_assets).forEach(file => {
 
 
   // Output modified template file
-  const output_template = JSON.stringify(template, null, 2);
+  const output_template = JSON.stringify(template, null, 1);
   fs.writeFileSync(`${global_s3_assets}/${file}`, output_template);
 });

deployment/ecr/clo-logging-syslog/Dockerfile

@@ -3,7 +3,7 @@ RUN apk update && apk add --no-cache unzip curl
 RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
 RUN unzip awscliv2.zip -d /tmp/
 
-FROM public.ecr.aws/aws-observability/aws-for-fluent-bit:3.2.3
+FROM public.ecr.aws/aws-observability/aws-for-fluent-bit:3.2.4
 
 COPY --from=installer /tmp/aws /tmp/aws
 

deployment/ecr/clo-s3-list-objects/Dockerfile

@@ -1,4 +1,4 @@
-FROM public.ecr.aws/lambda/python:3.12.2026.02.27.17 AS builder
+FROM public.ecr.aws/lambda/python:3.12.2026.03.26.16 AS builder
 
 WORKDIR /build
 
@@ -14,7 +14,7 @@ RUN python -m venv .venv && \
     cd common-lib && \
     poetry build
 
-FROM public.ecr.aws/lambda/python:3.12.2026.02.27.17
+FROM public.ecr.aws/lambda/python:3.12.2026.03.26.16
 
 WORKDIR /ws
 

source/constructs/lambda/api/app_log_ingestion/flb/kubectl_version.json

@@ -13,5 +13,6 @@
     "1.31": "1.31.2/2024-11-15",
     "1.32": "1.32.0/2025-01-10",
     "1.33": "1.33.0/2025-05-01",
-    "1.34": "1.34.1/2025-09-19"
+    "1.34": "1.34.1/2025-09-19",
+    "1.35": "1.35.2/2026-02-27"
 }

source/constructs/lambda/api/log_source/pyproject.toml

@@ -3,7 +3,7 @@ name = "log-source"
 description = "LogSource APIs Resolver lambda"
 requires-python = ">=3.10"
 dependencies = [
-    "pyopenssl (>=25.0.0,<26.0.0)",
+    "pyopenssl (>=26.0.0)",
     "certifi (>=2024.12.14,<2025.0.0)"
 ]
 
@@ -15,7 +15,7 @@ boto3 = "^1.36.1"
 moto = "~4.2.13"
 pytest = "^8.3.4"
 pytest-cov = "^6.0.0"
-pyopenssl = "^25.0.0"
+pyopenssl = "^26.0.0"
 certifi = "^2024.12.14"
 
 [build-system]

source/constructs/lambda/pipeline/log-processor/idx/opensearch_client.py

@@ -269,7 +269,11 @@ def put_index_pattern(self) -> requests.Response:
             path, "get_index_pattern", action="GET", headers=headers, timeout=90
         )
         if response.status_code == 200:
-            payload["version"] = response.json()["version"]
+            resp_json = response.json()
+            payload["version"] = resp_json["version"]
+            existing_time_field = resp_json.get("attributes", {}).get("timeFieldName")
+            if existing_time_field:
+                payload["attributes"]["timeFieldName"] = existing_time_field
             action = "PUT"
 
         fields = self._request(

source/constructs/package.json

@@ -1,7 +1,7 @@
 {
   "name": "centralized-logging-with-opensearch",
   "description": "Centralized logging with opensearch (SO8025)",
-  "version": "2.4.8",
+  "version": "2.4.9",
   "license": "Apache-2.0",
   "author": {
     "name": "Amazon Web Services",
@@ -44,8 +44,8 @@
     "@aws-cdk/aws-glue-alpha": "~2.192.0-alpha.0",
     "@aws-solutions-constructs/aws-cloudfront-s3": "~2.84.0",
     "@aws-solutions-constructs/aws-cloudfront-oai-s3": "~2.84.0",
-    "aws-cdk": "~2.1031.1",
-    "aws-cdk-lib": "~2.222.0",
+    "aws-cdk": "~2.1109.0",
+    "aws-cdk-lib": "~2.245.0",
     "constructs": "^10.4.2",
     "source-map-support": "0.5.21"
   },
@@ -60,4 +60,4 @@
     "minimatch@5.x": "5.1.8",
     "minimatch@10.x": "10.2.3"
   }
-}
+}