AWS Security ChangesHomeSearch

AWS parallelcluster high security documentation change

Service: parallelcluster · 2026-05-04 · Security-related high

File: parallelcluster/latest/ug/document_history.md

Summary

Added release notes for PCUI 2026.04.0 including security fixes

Security assessment

Explicitly documents fixes for security vulnerabilities: path traversal attacks, OS command injection in SSM, access token leaks in logs. Also includes dependency upgrades addressing potential security issues.

Diff

diff --git a/parallelcluster/latest/ug/document_history.md b/parallelcluster/latest/ug/document_history.md
index f9ccbe39c..acc22efa9 100644
--- a//parallelcluster/latest/ug/document_history.md
+++ b//parallelcluster/latest/ug/document_history.md
@@ -1049,0 +1050,34 @@ PCUI Change | Description | Date
+PCUI version 2026.04.0 released |  PCUI version 2026.04.0 released Breaking changes:
+
+  * Remove support for AWS ParallelCluster versions <= 3.5.0.
+
+Features:
+
+  * Add support for managing multiple AWS ParallelCluster versions from a single PCUI deployment.
+  * Add support for PCUI in `us-gov-east-1` region.
+
+Bug fixes:
+
+  * Fix an issue to ensure the OS options in the cluster creation wizard reflect the OSes supported by the selected AWS ParallelCluster version.
+  * Fix an issue to allow the PCUI to offer the full range of selectable instance types in the wizard.
+  * Improve the CloudFormation error message when the `Version` parameter is not specified.
+
+Security:
+
+  * Mitigate the risk of path traversal attacks in the PCUI Lambda.
+  * Fix an OS command injection vulnerability in SSM SendCommand calls on cluster HeadNode.
+  * Fix a bug causing access tokens to leak into CloudWatch logs.
+  * Upgrade requests to version 2.33.1 (from 2.32.0).
+  * Upgrade cryptography to version 46.0.7 (from 44.0.1).
+  * Upgrade boto3 to version 1.42.91 (from 1.24.30).
+  * Upgrade urllib3 to version 2.6.3 (from 1.26.20).
+  * Upgrade ecdsa to version 0.19.2 (from 0.18.0).
+  * Upgrade certifi to version 2026.2.25 (from 2024.7.4).
+  * Upgrade flask-cors to version 6.0.2 (from 4.0.2).
+  * Upgrade python-jose to version 3.5.0 (from 3.4.0).
+  * Upgrade next to version 15.5.10 (from 14.2.26).
+  * Upgrade eslint-config-next to version 15.5.10 (from 14.0.4).
+  * Upgrade @babel/runtime to version 7.27.0 (from 7.23.5).
+  * Upgrade brace-expansion to version 1.1.12 (from 1.1.11).
+
+|  April 30, 2026