This release fixes issues for SREs watching stability and regressions.
✓ No known CVEs patched in this version
Topics
+12 more
Affected surfaces
Summary
AI summaryUpdates π Fixed, UI, and https://github.com/prowler-cloud/prowler/pull/11330 across a mixed release.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | High |
Azure SMB channel encryption check now rejects weak algorithms. Azure SMB channel encryption check now rejects weak algorithms. Source: llm_adapter@2026-05-26 Confidence: high |
β |
| Performance | Medium |
`finding-groups` API response speed improves with finding-level filters. `finding-groups` API response speed improves with finding-level filters. Source: llm_adapter@2026-05-26 Confidence: high |
β |
| Bugfix | Medium |
Large scan report ZIP downloads now stream instead of buffering. Large scan report ZIP downloads now stream instead of buffering. Source: llm_adapter@2026-05-26 Confidence: high |
β |
| Bugfix | Medium |
Compliance findings table now respects page size selector. Compliance findings table now respects page size selector. Source: llm_adapter@2026-05-26 Confidence: high |
β |
| Bugfix | Medium |
GCP OS Login checks become caseβinsensitive for inherited metadata values. GCP OS Login checks become caseβinsensitive for inherited metadata values. Source: llm_adapter@2026-05-26 Confidence: high |
β |
| Bugfix | Medium |
Azure and M365 SDK providers no longer crash on Pythonβ―3.12 without an active event loop. Azure and M365 SDK providers no longer crash on Pythonβ―3.12 without an active event loop. Source: llm_adapter@2026-05-26 Confidence: high |
β |
| Bugfix | Medium |
MCP preserves authorization header in HTTP mode. MCP preserves authorization header in HTTP mode. Source: llm_adapter@2026-05-26 Confidence: high |
β |
Full changelog
UI
π Fixed
- Large scan report ZIP downloads now stream through a Next.js Route Handler instead of buffering the full file in a Server Action (#11330)
- Compliance requirement findings table now respects the page size selector (#11365)
API
π Fixed
finding-groupsslow response with finding-level filters such asregion; check title and description are now read from the daily summaries, which drops sorting bycheck_title(#11326)
SDK
π Fixed
compute_project_os_login_enabledandcompute_project_os_login_2fa_enabledchecks for GCP provider no longer false-FAIL on projects where theenable-oslogin/enable-oslogin-2fametadata is not set explicitly but is inherited automatically from theconstraints/compute.requireOsLoginorg policy. The policy controller writes the inherited value in lowercase ("true"), but the service-layer parser compared it to the uppercase string literal"TRUE". Comparison is now case-insensitive (#11341)storage_smb_channel_encryption_with_secure_algorithmcheck for Azure provider no longer passes when a storage account allows a weak SMB channel encryption algorithm (e.g.AES-128-CCM/AES-128-GCM) alongsideAES-256-GCM; it now requires every enabled algorithm to be in the recommended list, configurable viaazure.recommended_smb_channel_encryption_algorithms(defaults toAES-256-GCMonly, as required by CIS) (#11327)- Azure and M365 providers crashing with
RuntimeError: There is no current event loopon Python 3.12 when called from threads without an active event loop (e.g. Celery workers) (#11360)
MCP
π Fixed
- Preserve authorization header in HTTP mode (#11366)
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Prowler
Tool based on AWS-CLI commands for Amazon Web Services account security assessment and hardening.
Related context
Related tools
Beta — feedback welcome: [email protected]