AWS Security ChangesHomeSearch

AWS network-firewall documentation change

Service: network-firewall · 2026-06-25 · Documentation low

File: network-firewall/latest/developerguide/document-history.md

Summary

Added new changelog entries for server-directed actions and session-holding updates

Security assessment

Documents new security-focused rule actions (Application drop/alert established server-directed) but doesn't indicate any specific vulnerability being patched.

Diff

diff --git a/network-firewall/latest/developerguide/document-history.md b/network-firewall/latest/developerguide/document-history.md
index 19deaafe0..146b3ed3d 100644
--- a//network-firewall/latest/developerguide/document-history.md
+++ b//network-firewall/latest/developerguide/document-history.md
@@ -14,0 +15,3 @@ Change| Description| Date
+[Updated session-holding incompatibility to include server-directed actions](./suricata-limitations-caveats.html)| Application drop established (server-directed only) default rules are also incompatible with a session-holding configuration.| June 18, 2026  
+[Updated session-holding incompatibility to include server-directed actions](./tls-inspection-configurations.html)| Application drop established (server-directed only) default rules are also incompatible with a session-holding configuration.| June 18, 2026  
+[New server-directed default actions available](./suricata-rule-evaluation-order.html)| The `Application drop established (server-directed only)` and `Application alert established (server-directed only)` actions are now available for firewall policies using strict ordering.| June 18, 2026