AWS network-firewall documentation change
Summary
Added changelog entry for April 15, 2026 documenting unsupported Suricata features (xbits, hostbits, tag:host) and fixed typo in previous entry
Security assessment
This is a routine documentation update adding feature limitations to the changelog with no security context or vulnerability fixes mentioned
Diff
diff --git a/network-firewall/latest/developerguide/document-history.md b/network-firewall/latest/developerguide/document-history.md index 8cc440cc5..19deaafe0 100644 --- a//network-firewall/latest/developerguide/document-history.md +++ b//network-firewall/latest/developerguide/document-history.md @@ -20 +20,2 @@ Change| Description| Date -[Added caveat regarding default application established rules not being supported in a session-holding configuration.](./suricata-limitations-caveats.html)| Network Firewall does not support defaut app layer established rules with session-holding.| April 13, 2026 +[Added xbits, hostbits, and tag:host to unsupported Suricata features](./suricata-limitations-caveats.html)| The keywords `xbits` and `hostbits` with host or IP-level tracking, and `tag:host`, are not supported.| April 15, 2026 +[Added caveat regarding default application established rules not being supported in a session-holding configuration.](./suricata-limitations-caveats.html)| Network Firewall does not support default app layer established rules with session-holding.| April 13, 2026