Merge pull request #200 from aws-solutions/release/v2.1.3

Upgrade to v2.1.3

Author: tbelmega

.viperlightignore

@@ -5,6 +5,17 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.1.3] - 2024-09-18
+
+### Fixed
+- Resolved an issue in the remediation scripts for EC2.18 and EC2.19 where security group rules with IpProtocol set to "-1" were being incorrectly ignored.
+
+### Changed
+- Upgraded all Python runtimes in remediation SSM documents from Python 3.8 to Python 3.11.
+
+### Security
+- Upgraded micromatch package to mitigate [CVE-2024-4067](https://avd.aquasec.com/nvd/2024/cve-2024-4067/)
+
 ## [2.1.2] - 2024-06-20
 
 ### Fixed

.viperlightrc

@@ -5,4 +5,4 @@ subsequently address any potential vulnerabilities as quickly as possible. If yo
 security issue in this project, please notify AWS/Amazon Security via
 our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/) or
 directly via email to [AWS Security](mailto:aws-security@amazon.com). Please do not create a public GitHub issue in this
-project.
+project.

.viperlightrc_global

@@ -13,9 +13,9 @@ export overrideWarningsEnabled=false
     echo "UPDATE MODE: CDK Snapshots will be updated. CDK UNIT TESTS WILL BE SKIPPED"
 } || update="false"
 
-[[ ! -d .venv ]] && python3 -m venv .venv
+[[ ! -d .venv ]] && python3.11 -m venv .venv
 source ./.venv/bin/activate
-python3 -m pip install -U pip setuptools
+python3.11 -m pip install -U pip setuptools
 
 echo 'Installing required Python testing modules'
 pip install -r ./requirements_dev.txt
@@ -39,7 +39,7 @@ run_pytest() {
     echo "coverage report path set to ${report_file}"
 
     # Use -vv for debugging
-    python3 -m pytest --cov --cov-report=term-missing --cov-report "xml:$report_file"
+    python3.11 -m pytest --cov --cov-report=term-missing --cov-report "xml:$report_file"
     rc=$?
 
     if [ "$rc" -ne "0" ]; then

CHANGELOG.md

@@ -1,6 +1,6 @@
 [project]
 name = "automated_security_response_on_aws"
-version = "2.1.2"
+version = "2.1.3"
 
 [tool.setuptools]
 package-dir = {"" = "source"}

SECURITY.md

@@ -1,6 +1,6 @@
 id: SO0111
 name: security-hub-automated-response-and-remediation
-version: 2.1.2
+version: 2.1.3
 cloudformation_templates:
   - template: aws-sharr-deploy.template
     main_template: true

deployment/run-unit-tests.sh

@@ -1,6 +1,6 @@
 {
     "name": "aws-security-hub-automated-response-and-remediation",
-    "version": "2.1.2",
+    "version": "2.1.3",
     "description": "Automated remediation for AWS Security Hub (SO0111)",
     "bin": {
         "solution_deploy": "bin/solution_deploy.js"