v7.0.7

Security

• Updated form-data to 4.0.4
• Updated on-header to 1.1.0

v7.0.6

Security

• Updated pbkdf2 to 3.1.3
• Updated webpack-dev-server to 5.2.2
• Update brace-expansion to 1.1.12
• Update requests to 2.32.4
• Update urllib3 to 2.5.0

v7.0.5

[7.0.5] - 2025-04-28

Security

• Updated h11 to 0.16.0
• Updated http-proxy-middlware to 2.0.9

v7.0.4

[7.0.4] - 2025-04-03

Security

• Removed tar-fs due to security vulnerability

v7.0.3

[7.0.3] - 2025-03-27

Fixed

• Update SSM parameter migration to only migrate specified parameters Issue #815

v7.0.2

[7.0.2] - 2025-03-13

Security

• Updated axios to 1.8.2
• Updated jinja2 to 3.1.6
• Updated @babel/core to 7.26.10
• Updated @babel/helpers to 7.26.10
• Updated @babel/runtime to 7.26.10

v7.0.1

[7.0.1] - 2025-02-24

Fixed

• Alexa Skill Kit issue where trigger would not get created in the lambda function during CFN deployment Issue #804
• Sanitization change to allow <details> and <summary> tags Issue #751
• Fixed Amazon Translate breaking markdown links from added spaces Issue #805

Security

• Patched serialize-javascript, cryptography, & certifi vulnerability

v7.0.0

[7.0.0] - 2025-01-23

Added

• Streaming responses feature that enhances QnABot responses by providing real-time streaming from Large Language Models (LLMs) to the chat interface. This introduces a cloudformation parameter EnableStreaming to optionally create resources needed for streaming through a nested stack. See README.
• Enhanced Guardrail Integration that implements pre-processing and post-processing guardrails to provide improved content control and broader security for your chatbot application. See README.
• Implemented Converse API to simplify LLM workflows by providing a consistent interface for different LLM providers, role prompting and eliminating the need for input tagging for Bedrock Guardrails. This introduces customizable system prompts LLM_GENERATE_QUERY_SYSTEM_PROMPT and LLM_QA_SYSTEM_PROMPT in content designer to support role-based prompting. For more information, see system prompts in supported models and model features and using Converse API.
• Ability to use both RAG with Bedrock KnowledgeBase and Kendra as fallback options. A new setting FALLBACK_ORDER in the content designer allows users to specify the fallback order of these options.
• Ability to set a TTL on records added to the DynamoDB UsersTable. (PR #671) - contributed by (@richhaase)
• Mistral as a new LLM provider option and support for latest Anthropic Sonnet 3.5 V2, Haiku 3.5 V1, Amazon Nova Models, Ai21 Jambda Instruct, Cohere R plus and Meta Llama 3.1 models.

Changed

• Upgraded to Node 20.
• Upgraded AWS SDK dependencies.
• Migrated Settings to DynamoDB store rather than SSM, allowing for longer custom settings and prompts.
• Moved Amazon Q Business Plugin from samples repo to QnABot repo as an example lambda hook
• Reduced the size of Bedrock KnowledgeBase output by removing citations from plaintext response.
• Updated OpenSearch EBSOptions VolumeType to gp3 from gp2.
• Updated IAM permissions and cloudformation outputs.
• Added additional non-user input fields to OpenSearch metrics data redaction exclusion list.
• Migrated to Poetry for Python dependency management
• Updated innerHTML usages to innerText per security best practices

Fixed

• Fixed issues with Excel file import and character handling when reading questions import file
• Improvements for merging of chained items (PR #720) - contributed by (@amendlik)

Deprecated

• Settings stored in SSM Parameters. These will automatically be moved to DynamoDB when you upgrade.
• Sagemaker embeddings and LLM workflows.
• KendraCrawlerSNS Topic workflow Issue #742
• Bedrock LLM Models Cohere Command Text, Jurassic-2 Mid and Ultra per Amazon Bedrock Model Lifefycle

Security

• Patched Jinja2, nanoid, path-to-regexp vulnerability

v6.1.5

[6.1.5] - 2024-11-20

Security

• Patched langchain, cross-spawn & elliptic vulnerability

v6.1.4

[6.1.4] - 2024-10-31

Fixed

• PII usage leaks and improvements. See README.

Security

• Patched http-proxy-middleware vulnerability