AWS Security ChangesHomeSearch

AWS solutions high security documentation change

Service: solutions · 2026-05-22 · Security-related high

File: solutions/latest/qnabot-on-aws/update-the-solution.md

Summary

Added upgrade notice about XSS protection and sanitization changes, fixed template URLs

Security assessment

Explicitly warns about stored XSS vulnerability mitigation in v7.3.12+ and documents security impact of upgrade. Provides evidence of addressing specific security vulnerability (XSS).

Diff

diff --git a/solutions/latest/qnabot-on-aws/update-the-solution.md b/solutions/latest/qnabot-on-aws/update-the-solution.md
index cc7c5357c..c27309a67 100644
--- a//solutions/latest/qnabot-on-aws/update-the-solution.md
+++ b//solutions/latest/qnabot-on-aws/update-the-solution.md
@@ -10,0 +11,6 @@ If you have previously deployed the solution, follow this procedure to update th
+###### Important
+
+**For those upgrading to v7.3.12 and above**
+
+QnABot on AWS v7.3.12 applies server-side HTML sanitization on `alt.html` and `alt.markdown` response fields to prevent stored XSS attacks. If your Q&A responses use custom HTML tags or attributes beyond the default allowlist, those tags or attributes will be excluded from responses after upgrading. Please review [Server-side sanitization and using custom tags and attributes in responses](./server-side-html-sanitization.html) to understand which tags and attributes are allowed by default, and for instructions on how to allow-list any custom tags or attributes before or after upgrading.
+
@@ -17 +23 @@ If you have previously deployed the solution, follow this procedure to update th
-     * If using the default main template: link:https://solutions-reference.s3.amazonaws.com/qnabot-on-aws/latest/qnabot-on-aws-main.template
+     * If using the default main template: https://solutions-reference.s3.amazonaws.com/qnabot-on-aws/latest/qnabot-on-aws-main.template
@@ -19 +25 @@ If you have previously deployed the solution, follow this procedure to update th
-     * If using the VPC template: link:https://solutions-reference.s3.amazonaws.com/qnabot-on-aws/latest/qnabot-on-aws-vpc.template
+     * If using the VPC template: https://solutions-reference.s3.amazonaws.com/qnabot-on-aws/latest/qnabot-on-aws-vpc.template