Download Latest Version
Prowler 5.22.0 source code.tar.gz (172.2 MB)
Get an email when there's a new version of Prowler
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| Prowler 5.22.0 source code.tar.gz | 2026-03-24 | 172.2 MB | |
| Prowler 5.22.0 source code.zip | 2026-03-24 | 178.9 MB | |
| README.md | 2026-03-24 | 3.8 kB | |
| Totals: 3 Items | 351.1 MB | 3 | |
β¨ New features to highlight in this version
Enjoy them all now for free at https://cloud.prowler.com
Findings page β Batch filter apply
Selecting filters no longer triggers a page re-render on each change. A new "Apply Filters" button lets you configure multiple filters before executing the query, fixing layout shifts and improving responsiveness.
Attack Paths β Custom queries
Run custom openCypher queries against your Attack Paths graph alongside predefined queries. Use Lighthouse AI to help generate them.
Predefined Attack Paths queries now run faster π
Read more about it in Attack Paths documentation
π Community Contributors
- @sandiyochristan β Replace stdlib XML parser with
defusedxmlin SAML metadata parsing to prevent XML bomb (billion laughs) DoS attacks (#10165)
UI
π Added
- Attack Paths custom openCypher queries with Cartography schema guidance and clearer execution errors (#10397)
π Changed
- Findings filters now use a batch-apply pattern with an Apply Filters button, filter summary strip, and independent filter options instead of triggering API calls on every selection (#10388)
API
π Added
- Finding groups support
check_titlesubstring filtering (#10377)
π Fixed
- Finding groups latest endpoint now aggregates the latest snapshot per provider before check-level totals, keeping impacted resources aligned across providers (#10419)
- Mute rule creation now triggers finding-group summary re-aggregation after historical muting, keeping stats in sync after mute operations (#10419)
- Attack Paths: Deduplicate nodes before ProwlerFinding lookup in Attack Paths Cypher queries, reducing execution time (#10424)
π Security
- Replace stdlib XML parser with
defusedxmlin SAML metadata parsing to prevent XML bomb (billion laughs) DoS attacks (#10165) - Bump
flaskto 3.1.3 (CVE-2026-27205) andwerkzeugto 3.1.6 (CVE-2026-27199) (#10430)
SDK
π Fixed
- Azure MySQL flexible server checks now compare configuration values case-insensitively to avoid false negatives when Azure returns lowercase values (#10396)
- Azure
vm_backup_enabledandvm_sufficient_daily_backup_retention_periodchecks now compare VM names case-insensitively to avoid false negatives when Azure stores backup item names in a different case (#10395) entra_non_privileged_user_has_mfaskips disabled users to avoid false positives (#10426)
