AWS AmazonCloudWatch high security documentation change
Summary
Updated runtime version from syn-nodejs-4.0 to syn-nodejs-4.1, detailing an upgrade of 'fast-xml-parser' to address multiple CVEs (CVE-2026-25128, CVE-2026-25896, CVE-2026-26278, CVE-2026-27942, CVE-2026-33036). Also restructured version history.
Security assessment
The change explicitly lists multiple CVEs being addressed by upgrading a dependency. This is direct evidence of fixing security vulnerabilities in the runtime.
Diff
diff --git a/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_Nodejs.md b/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_Nodejs.md index 52199e6aa..f2d19377e 100644 --- a//AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_Nodejs.md +++ b//AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_Nodejs.md @@ -5 +5 @@ -syn-nodejs-4.0 +syn-nodejs-4.1 @@ -13 +13 @@ The naming convention for these runtime versions is `syn-`language` -`majorversi -## syn-nodejs-4.0 +## syn-nodejs-4.1 @@ -24 +24 @@ Starting Synthetics `syn-nodejs-3.1` and later, Synthetics runtime uses the new -**Major dependencies** – AWS Lambda runtime Node.js 22.x +**Major dependencies** : @@ -26 +26 @@ Starting Synthetics `syn-nodejs-3.1` and later, Synthetics runtime uses the new -**Changes in syn-nodejs-4.0** + * AWS Lambda runtime Node.js 22.x @@ -28 +28,16 @@ Starting Synthetics `syn-nodejs-3.1` and later, Synthetics runtime uses the new - * Applied security patches. + + + +**Changes in syn-nodejs-4.1** + + * Upgrade `fast-xml-parser` to 5.5.7 to address the following CVEs: + + * CVE-2026-25128 + + * CVE-2026-25896 + + * CVE-2026-26278 + + * CVE-2026-27942 + + * CVE-2026-33036 @@ -34,0 +50,16 @@ The following earlier runtime versions for Node.js are still supported. +### syn-nodejs-4.0 + +**Major dependencies** : + + * AWS Lambda runtime Node.js 22.x + + + + +**Changes in syn-nodejs-4.0** + + * Applied security patches. + + + + @@ -46 +77,6 @@ Starting Synthetics `syn-nodejs-3.1` and later, Synthetics runtime uses the new -**Major dependencies** – AWS Lambda runtime Node.js 20.x +**Major dependencies** : + + * AWS Lambda runtime Node.js 20.x + + +