Releases: aws-solutions/distributed-load-testing-on-aws
Releases · aws-solutions/distributed-load-testing-on-aws
v4.0.12
[4.0.12] - 2026-03-19
Security
- Updated Docker base image (amazonlinux:2023-minimal) to latest digest to incorporate latest OS-level security patches
- Regenerated package-lock.json files to pull in latest dependency resolutions, including:
- Upgraded fast-xml-parser from 5.3.6 to 5.5.6 via npm overrides to address GHSA-8gc5-j5rx-235r, CVE-2026-27942, CVE-2026-25896, and CVE-2026-25128
- Upgraded undici from 7.20.0 to 7.24.4 to address CVE-2026-22036 and CVE-2026-1525
- Upgraded @aws-sdk/xml-builder to 3.972.11 and @smithy/types to 4.13.1
v4.0.11
[4.0.11] - 2026-03-05
Security
- Upgrade npm dependencies to address vulnerabilities in minimatch and rollup.
- Upgrade jackson-core, jackson-databind, and jackson-annotations to 2.18.6 to address GHSA-72hv-8253-57qq
v4.0.10
[4.0.10] - 2026-02-23
Added
- Add support for k6 typescript scripts (#282)
Changed
- Include CloudFormation parameters
AutoUpdateContainerImageandDeployMcpServerin usage telemetry
Fixed
- Remove conditions that disable the Auto Refresh button in the front-end
- Fix timezone conversion defects in the front-end
- Add HEAD permission to CORS to fix multi-part uploads (#293)
Security
- Upgrade aws-sdk to resolve fast-xml-parser CVE-2026-26278
- Replace uuid package with native crypto.randomUUID in order to comply with RFC 4122.
Warning
KNOWN VULNERABILITY NOTICE: CVE-2026-26996 (minimatch ReDoS, CVSS 8.7)
DLT uses minimatch 3.1.2 as a build/dev dependency (eslint, jest, aws-cdk-lib).
Minimatch is not included in DLT deployed artifacts, such as Lambda functions and ECS containers.
DLT will be updated after this vulnerability has been resolved in eslint, jest, and aws-cdk-lib.
v4.0.9
[4.0.9] - 2026-02-11
Changed
- Increased JMeter heap size for improved test stability
Security
- Updated Docker base image (amazonlinux:2023-minimal) to latest digest to address HIGH severity vulnerabilities in curl, libcurl, gnupg2, libgcrypt, gnutls, systemd, and nettle
- Updated Docker base image (amazonlinux:2023-minimal) to address vulnerabilities in:
- CVE-2025-15467 (openssl)
- CVE-2026-21945 (java-21-amazon-corretto)
- CVE-2026-21932 (java-21-amazon-corretto)
- CVE-2026-21441 (python3.11-pip)
- CVE-2025-61731 (libcap)
- CVE-2025-13151 (libtasn1)
- CVE-2025-68973 (gnupg2-minimal)
- CVE-2025-68119 (libcap)
- Upgraded axios to 1.13.5 to address denial-of-service vulnerability in CVE-2026-25639
- Pinned @aws-amplify/ui-react to version 6.13.2 and added lodash override (^4.17.23) to address prototype pollution vulnerability in CVE-2020-8203
v4.0.8
[4.0.8] - 2026-02-04
Security
- Upgrade aws-sdk to v3.981.0 to address vulnerability in CVE-2026-25128
v4.0.7
[4.0.7] - 2026-01-29
Added
- Update k6 from v0.58.0 to v1.5.0
Security
- Upgrade python wheel tool to address vulnerabilities in CVE-2026-24049
v4.0.6
[4.0.6] - 2026-01-22
Security
- Remove jaraco.context after installing bzt in the DLT docker image in order to address vulnerabilities in GHSA-58pv-8j8x-9vj2.
v4.0.5
[4.0.5] - 2026-01-13
Security
- Updated Docker base image (amazonlinux:2023-minimal) to address vulnerabilities in CVE-2025-14087 (glib2), CVE-2025-66293 (libpng), and CVE-2025-13836 (python3.11)
- Updated react-router-dom from 7.7.1 to 7.12.0 to address XSS vulnerabilities including SSR XSS in ScrollRestoration and XSS via Open Redirects
v4.0.4
[4.0.4] - 2025-01-06
Changed
- Add TASK_COUNT environment variable to ECS tasks (#278)
Fixed
- Prepend stack name to RegionalCFTemplate stack output and to the Cloudfront response header policy name so that those resources won't conflict when DLT is deployed in an account/region where another DLT stack already exists.
Security
- Update qs package to v6.14.1 to address vulnerability in CVE-2025-15284
- Modified the load tester Docker container to run as a non-root user for improved security posture.
v4.0.3
[4.0.3] - 2025-12-18
Changed
- Allow parenthesis in test scenario names
Security
- Update to address vulnerability in CVE-2025-66221
- Update rhino to v1.7.14.1 to address vulnerability in CVE-2025-66453