What's Changed

• fix: Timestream lifecycle patches to exclude InfluxDB resources by @kddejong in #4437
• Add Publish to smithy action prefixes for LayerVersion validation by @kddejong in #4438
• Update CloudFormation schemas to 2026-03-31 by @github-actions[bot] in #4434

Full Changelog: v1.48.0...v1.48.1

What's Changed

• feat: add rule E3697 to validate Lambda env var 4KB size limit by @raajheshkannaa in #4405
• Require VpcConfig when FileSystemConfigs is specified on Lambda Function by @kddejong in #4408
• Freeze date in tests for deterministic runtime deprecation results by @kddejong in #4409
• feat: add rule E3530 to validate AssumeRolePolicyDocument principal ARNs by @raajheshkannaa in #4410
• Add W1053: Warn on dynamic references with spaces by @kddejong in #4412
• Fix max recursion crash when cfnlintrc has non_zero_exit_code by @kddejong in #4414
• Fix deployment file template path resolution from CWD by @kddejong in #4415
• Fix maintenance workflow to update requirements/base.txt by @kddejong in #4416
• Add enum validation for predictive scaling predefined metric types by @kddejong in #4417
• Add JSONPath pattern validation for Step Functions state machine by @kddejong in #4419
• Fix ForEach transform resolving functions in Fn::If condition name by @kddejong in #4418
• Fix E2533 not reporting deprecated runtimes from AllowedValues by @kddejong in #4421
• Add graph() function to cfnlint.api by @kddejong in #4422
• feat: add rule E3706 to validate AutoScaling MaxSize is greater than or equal to
  MinSize by @kddejong in #4424
• feat: add schema patch to enforce Lambda Layers maxItems of 5 by @kddejong in #4424
• feat: add schema patch to validate CloudWatch AlarmName has no leading/trailing whitespace by @kddejong in #4424
• feat: add schema patch for uniqueKeys on AutoScaling LaunchTemplate Overrides to prevent duplicate instance types by @kddejong in https://github.com/aws-cloudformation/cfn-lint
  /pull/4424
• feat: add cfnGather JSON Schema keyword for cross-resource property validation by @kddejong in #4393
• feat: add rule E3699 to validate API Gateway Method and Authorizer use the same RestApi
  by @kddejong in #4393
• feat: add rule E3708 to validate API Gateway Method AuthorizationType matches Authorizer
  Type by @kddejong in #4393
• feat: add rule E3698 to validate API Gateway Stage and Deployment use the same RestApi by
  @kddejong in #4393
• feat: add rule E3705 to validate SQS FIFO queue EventSourceMapping BatchSize is at most
  10 by @kddejong in #4393
• feat: add rule W3664 to validate Lambda Permission Principal matches SourceArn resource
  type by @kddejong in #4393
• feat: add rule E3707 to validate RDS DBInstance Engine matches DBCluster Engine by @
  kddejong in #4393
• feat: add rule E3709 to validate RDS DBInstance StorageEncrypted matches DBCluster by @
  kddejong in #4393
• feat: add rule W3694 to validate SNS Subscription Endpoint matches Protocol by @kddejong
  in #4393
• Add RDS DBCluster MasterUsername validation by @kddejong in #4425
• feat: add rule E3710 to error on resource types from fully shut down AWS services by @
  kddejong in #4423
• feat: add rule W3696 to warn on resource types from sunsetting AWS services by @kddejong
  in #4423
• feat: add rule W3697 to warn on resource types from AWS services in maintenance mode by @
  kddejong in #4423
• fix: add required to cfnGather if/then schemas to prevent vacuous matches by @kddejong in #4426
• chore(deps): bump codecov/codecov-action from 5 to 6 by @dependabot[bot] in #4432
• Remove PyPI API token by @meeuw in #4431
• Update CloudFormation schemas to 2026-03-31 by @github-actions[bot] in #4411

New Contributors

• @raajheshkannaa made their first contribution in #4405

Full Changelog: v1.47.1...v1.48.0

What's Changed

• Fix E3063 false positive when Code is a string (aws-cli pattern) by @kddejong in #4399
• Cap resolve_value permutations to prevent exponential blowup by @kddejong in #4394
• Fix: maintenance guardduty policy by @kddejong in #4400
• Add EngineVersion of 8.0.0 to DocDB Cluster by @kddejong in #4401
• Support multi-attribute composite keys in DynamoDB GSI KeySchema by @kddejong in #4402
• Allow JSONata string expressions for Arguments in Step Functions by @kddejong in #4403
• Update CloudFormation schemas to 2026-03-24 by @github-actions[bot] in #4404

Full Changelog: v1.47.0...v1.47.1

What's Changed

• Remove Python 3.9 support (EOL October 2025) by @kddejong in #4383
• feat: add region filtering to --update-specs by @kddejong in #4382
• Add unknown validation state for intrinsic functions in composite validators by @kddejong in #4384
• Update CloudFormation schemas to 2026-03-10 by @github-actions[bot] in #4381
• Fix/skip resolve unconstrained schema by @kddejong in #4388
• chore(deps): bump setuptools from 82.0.0 to 82.0.1 in /requirements by @dependabot[bot] in #4385
• Update CloudFormation schemas to 2026-03-13 by @github-actions[bot] in #4386

Full Changelog: v1.46.0...v1.47.0

What's Changed

• Add rule E3063 to validate GuardDuty Detector property exclusivity by @JuanHPassos in #4364
• Update CloudFormation schemas to 2026-03-02 by @github-actions[bot] in #4375

New Contributors

• @JuanHPassos made their first contribution in #4364

Full Changelog: v1.45.0...v1.46.0

What's Changed

• chore(deps): bump setuptools from 80.10.2 to 82.0.0 in /requirements by @dependabot[bot] in #4366
• Add rule E3685 to validate container image functions cannot use Handler, Runtime, or Layers by @chrisqm-dev in #4372
• Add rule E3696 to validate LogLevel is not supported when LogFormat is set to Text by @chrisqm-dev in #4372
• chore(deps): bump pyinstaller from 6.18.0 to 6.19.0 in /requirements by @dependabot[bot] in #4370
• Pin cfn-lint version to 1.44.0 in Dockerfile by @rchildress87 in #4365
• Fix E3009 false positive for Fn::Transform in additional properties by @kddejong in #4368
• Accept any SSM parameter and List types with warning for undocumented types by @kddejong in #4361
• Update CloudFormation schemas to 2026-02-23 by @github-actions[bot] in #4362

New Contributors

• @chrisqm-dev made their first contribution in #4372
• @rchildress87 made their first contribution in #4365

Full Changelog: v1.44.0...v1.45.0

What's Changed

• Add E3704: Enforce TransitEncryptionEnabled for Valkey ReplicationGroups by @kddejong in #4353
• Add in more .kiro files for steering and agents by @kddejong in #4354
• Migrate schema patches from botocore to AWS Smithy models by @kddejong in #4355
• chore(deps): bump setuptools from 80.9.0 to 80.10.2 in /requirements by @dependabot[bot] in #4350
• Update tox configurations and use tox in gha by @kddejong in #4356
• update setuptools in pyproject.toml by @kddejong in #4357
• Update CloudFormation schemas to 2026-02-03 by @github-actions[bot] in #4347
• Update CloudFormation schemas to 2026-02-05 by @github-actions[bot] in #4358

Full Changelog: v1.43.4...v1.44.0

What's Changed

• Fix update specs in quick succession failing the command by @kddejong in #4339
• Update CloudFormation schemas to 2026-01-21 by @github-actions[bot] in #4338
• Update E3601 to support Seconds as JSONata in Wait by @kddejong in #4343
• Update E3601 to have Choices support Comment by @kddejong in #4344

Full Changelog: v1.43.3...v1.43.4

What's Changed

• Update Lambda runtime lifecycle data with latest AWS runtimes by @kddejong in #4335
• chore(deps): bump pyinstaller from 6.17.0 to 6.18.0 in /requirements by @dependabot[bot] in #4336
• Update CloudFormation schemas to 2026-01-15 by @github-actions[bot] in #4333

Full Changelog: v1.43.2...v1.43.3

What's Changed

• Update CloudFormation schemas to 2026-01-05 by @github-actions[bot] in #4329

Full Changelog: v1.43.1...v1.43.2