AWS network-firewall documentation change
Summary
Added new changelog entries for server-directed actions and session-holding updates
Security assessment
Documents new security-focused rule actions (Application drop/alert established server-directed) but doesn't indicate any specific vulnerability being patched.
Diff
diff --git a/network-firewall/latest/developerguide/document-history.md b/network-firewall/latest/developerguide/document-history.md index 19deaafe0..146b3ed3d 100644 --- a//network-firewall/latest/developerguide/document-history.md +++ b//network-firewall/latest/developerguide/document-history.md @@ -14,0 +15,3 @@ Change| Description| Date +[Updated session-holding incompatibility to include server-directed actions](./suricata-limitations-caveats.html)| Application drop established (server-directed only) default rules are also incompatible with a session-holding configuration.| June 18, 2026 +[Updated session-holding incompatibility to include server-directed actions](./tls-inspection-configurations.html)| Application drop established (server-directed only) default rules are also incompatible with a session-holding configuration.| June 18, 2026 +[New server-directed default actions available](./suricata-rule-evaluation-order.html)| The `Application drop established (server-directed only)` and `Application alert established (server-directed only)` actions are now available for firewall policies using strict ordering.| June 18, 2026