AWS Security ChangesHomeSearch

AWS network-firewall documentation change

Service: network-firewall · 2026-04-25 · Documentation low

File: network-firewall/latest/developerguide/document-history.md

Summary

Added changelog entry for April 15, 2026 documenting unsupported Suricata features (xbits, hostbits, tag:host) and fixed typo in previous entry

Security assessment

This is a routine documentation update adding feature limitations to the changelog with no security context or vulnerability fixes mentioned

Diff

diff --git a/network-firewall/latest/developerguide/document-history.md b/network-firewall/latest/developerguide/document-history.md
index 8cc440cc5..19deaafe0 100644
--- a//network-firewall/latest/developerguide/document-history.md
+++ b//network-firewall/latest/developerguide/document-history.md
@@ -20 +20,2 @@ Change| Description| Date
-[Added caveat regarding default application established rules not being supported in a session-holding configuration.](./suricata-limitations-caveats.html)| Network Firewall does not support defaut app layer established rules with session-holding.| April 13, 2026  
+[Added xbits, hostbits, and tag:host to unsupported Suricata features](./suricata-limitations-caveats.html)| The keywords `xbits` and `hostbits` with host or IP-level tracking, and `tag:host`, are not supported.| April 15, 2026  
+[Added caveat regarding default application established rules not being supported in a session-holding configuration.](./suricata-limitations-caveats.html)| Network Firewall does not support default app layer established rules with session-holding.| April 13, 2026