AWS Security ChangesHomeSearch

AWS serverless-application-model documentation change

Service: serverless-application-model · 2025-05-10 · Documentation low

File: serverless-application-model/latest/developerguide/reference-sam-cli-install-verify.md

Summary

Added GPG key expiration notice for SAM CLI installer verification process

Security assessment

Provides advance notice about cryptographic key rotation requirements to maintain verification capabilities. This maintains security practices but doesn't indicate a current vulnerability being patched.

Diff

diff --git a/serverless-application-model/latest/developerguide/reference-sam-cli-install-verify.md b/serverless-application-model/latest/developerguide/reference-sam-cli-install-verify.md
index 20c80c5d7..b4eb50c35 100644
--- a//serverless-application-model/latest/developerguide/reference-sam-cli-install-verify.md
+++ b//serverless-application-model/latest/developerguide/reference-sam-cli-install-verify.md
@@ -21,0 +22,4 @@ When available for your platform, we recommend verifying the signature file opti
+###### Important
+
+The current GPG keys used for AWS SAM CLI Linux installer verification will expire on May 22, 2025. New GPG keys will be published before this date. To ensure you can continue verifying the AWS SAM CLI Linux installer, we recommend you update your GPG keyrings with the new keys when they become available.
+