AWS Security ChangesHomeSearch

AWS serverless-application-model documentation change

Service: serverless-application-model · 2025-05-10 · Documentation low

File: serverless-application-model/latest/developerguide/install-sam-cli.md

Summary

Added warning about expiring GPG keys for SAM CLI Linux installer verification (expiring May 2025)

Security assessment

Proactively documents upcoming GPG key rotation needs for package verification. While related to security maintenance, this is a routine cryptographic hygiene notice rather than addressing an active security vulnerability.

Diff

diff --git a/serverless-application-model/latest/developerguide/install-sam-cli.md b/serverless-application-model/latest/developerguide/install-sam-cli.md
index be3da7349..18cc70f7b 100644
--- a//serverless-application-model/latest/developerguide/install-sam-cli.md
+++ b//serverless-application-model/latest/developerguide/install-sam-cli.md
@@ -66,0 +67,4 @@ x86_64 - command line installer
+###### Important
+
+The current GPG keys used for AWS SAM CLI Linux installer verification will expire on May 22, 2025. New GPG keys will be published before this date. To ensure you can continue verifying the AWS SAM CLI Linux installer, we recommend you update your GPG keyrings with the new keys when they become available.
+
@@ -96,0 +101,4 @@ arm64 - command line installer
+###### Important
+
+The current GPG keys used for AWS SAM CLI Linux installer verification will expire on May 22, 2025. New GPG keys will be published before this date. To ensure you can continue verifying the AWS SAM CLI Linux installer, we recommend you update your GPG keyrings with the new keys when they become available.
+