v3.0.11

[3.0.11] -- 2025-7-29

Security

• Updated urllib3 to mitigate CVE-2025-50182
• Updated requests to mitigate CVE-2024-47081
• Updated brace-expansion to mitigate CVE-2025-5889
• Updated OpenSSL to mitigate CVE-2024-12797

Changed

• Minimum supported version of scheduler CLI raised from Python 3.9 to Python 3.11

Removed

• Removed AppRegistry integration

v3.0.10

[3.0.10] -- 2025-5-22

Security

• Upgrade setuptools to mitigate CVE-2025-47273
• Upgrade aws-cdk to mitigate GHSA-5pq3-h73f-66hr and GHSA-qc59-cxj2-c2w4

Changed

• Updated Lambda default memory size to 512MB

v3.0.9

[3.0.9] -- 2025-4-10

Security

• Upgrade Jinja2 to mitigate CVE-2025-27516
• Upgrade aws-cdk to mitigate CVE-2025-2598
• Upgrade esbuild to mitigate GHSA-67mh-4wv8-2f99
• Upgrade OpenSSL to mitigate CVE-2024-12797

Changed

• Reintroduced --use-maintenance-window flag for schedules. The flag will be enabled by default but can be set to false
  to disable RDS preferred maintenance windows and EC2 maintenance windows

v3.0.8

[3.0.8] -- 2025-1-31

Updated

• Upgrade AWS Powertools from V2 to V3

Security

• Upgrade jinja to mitigate CVE-2024-56201 and CVE-2024-56326

v3.0.7

[3.0.7] -- 2024-11-21

Security

• Upgrade cross-spawn to mitigate CVE-2024-21538

v3.0.6

[3.0.6] -- 2024-11-7

Changed

• RDS instances will now be automatically started 10 minutes prior to their preferred maintenance windows

Fixed

• Clamped role session name to 64 characters to fix scenario where longer
  namespaces could cause runtime errors during sts assume
• Fixed long-term retry logic for EC2/RDS scheduling.
  EC2 and RDS will now retry start actions on instances that failed during the previous scheduling cycle
• Fixed AccessDenied error when spoke account self-registration process attempted to create a log group

Security

• Upgrade Werkzeug to mitigate CVE-2024-49766 and CVE-2024-49767

v3.0.5

[3.0.5] -- 2024-10-01

Fixed

• Fixed bug in Nth weekday logic that would sometimes cause Nth weekday to be interpreted as 1 week too early

Updated

• added rds:CreateDBSnapshot and rds:AddTagsToResource snapshot to scheduling roles to support recent changes to
  RDS IAM requirements.

Security

• Upgrade pyca/cryptography to mitigate GHSA-h4gh-qq45-vh27

v3.0.4

[3.0.4] -- 2024-08-30

Fixed

• Fixed China region compatibility issues by adding new -cn variants of solution stack templates
• Fixed bug in RDS Scheduling Logic that would cause the scheduler to crash when more than 100
  tagged RDS instances were present in a single scheduling target

Added

• added SECURITY.md file with instructions on how security issues can be reported to AWS

v3.0.3

[3.0.3] -- 2024-07-31

Security

• Upgrade fast-xml-parser to mitigate CVE-2024-41818

v3.0.2

[3.0.2] -- 2024-07-24

Fixed

• Fixed an error that caused CloudFormation-managed schedules using the (now deprecated) UseMaintenanceWindow flag be an un-updatable

Security

• Upgrade Certifi to mitigate CVE-2024-39689