AWS Security ChangesHomeSearch

AWS cognito documentation change

Service: cognito · 2025-07-25 · Documentation low

File: cognito/latest/developerguide/user-pool-case-sensitivity.md

Summary

Added clarification that case insensitivity applies to attribute outputs in text responses

Security assessment

Change explains system behavior but does not address security controls or vulnerabilities. This is a functional clarification rather than security documentation.

Diff

diff --git a/cognito/latest/developerguide/user-pool-case-sensitivity.md b/cognito/latest/developerguide/user-pool-case-sensitivity.md
index d623d4660..301bf4c42 100644
--- a//cognito/latest/developerguide/user-pool-case-sensitivity.md
+++ b//cognito/latest/developerguide/user-pool-case-sensitivity.md
@@ -8,0 +9,2 @@ Amazon Cognito user pools that you create in the AWS Management Console are case
+Case insensitivity applies not only to attribute inputs, but outputs too. Mixed-case attribute values in case-insensitive user pools are flattened to lowercase in user pool text output. Examples of user pool text output are [userInfo](./userinfo-endpoint.html) responses, user query responses like the output of [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html), and input events to [Lambda triggers](./cognito-user-pools-working-with-lambda-triggers.html).
+