Release 8.0.3 (#635)

* release 8.0.3

* chore: bump dependencies

Author: gsingh04

.gitignore

@@ -39,6 +39,8 @@ dist
 
 # amazon q
 .q
+.amazonq
+.kiro
 
 # Cypress artifacts
 source/admin-ui/src/e2e-tests/artifacts/

CHANGELOG.md

@@ -5,6 +5,29 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [8.0.3] - 2026-03-02
+
+### Added
+
+- `CorsOriginParameter` to restrict image processing endpoint to specific origin, default to `*` [#624](https://github.com/aws-solutions/dynamic-image-transformation-for-amazon-cloudfront/issues/624)
+- added `no-store`, `no-cache` cache control headers on management api
+
+### Changed
+
+- restrict management api to admin-ui cloudfront origin, preventing arbitrary origins being trusted on api
+- fix `stripExif`, `stripIcc` transforms and `autoOrient` logic [#623](https://github.com/aws-solutions/dynamic-image-transformation-for-amazon-cloudfront/issues/623)
+- remove default Sharp image size limit and support the limit as environment variable on container [#632](https://github.com/aws-solutions/dynamic-image-transformation-for-amazon-cloudfront/issues/632)
+- move to built-in `node:crypto`
+- added `verboseDescription` to log image processing errors at a different verbosity than the HTTP response
+- narrowed resource for logs actions to specific container log group
+- fix e2e test setup in `management-lambda` package to clear ddb table instead of delete/recreate
+
+### Security
+
+- Bump `systeminformation` to mitigate [CVE-2026-26318](https://avd.aquasec.com/nvd/cve-2026-26318) and [CVE-2026-26280](https://avd.aquasec.com/nvd/cve-2026-26280)
+- Bump `aws-cdk-lib` to mitigate several CVE's related to `minimatch` and `ajv`: [CVE-2026-26996](https://avd.aquasec.com/nvd/2026/cve-2026-26996/), [CVE-2026-27903](https://avd.aquasec.com/nvd/2026/cve-2026-27903/), [CVE-2026-27904](https://avd.aquasec.com/nvd/2026/cve-2026-27904/), [CVE-2025-69873](https://avd.aquasec.com/nvd/cve-2025-69873)
+- Bump several `aws-sdk/*` packages to mitigate CVE's related to `fast-xml-parser`: [CVE-2026-25896](https://nvd.nist.gov/vuln/detail/CVE-2026-25896) and [CVE-2026-26278](https://nvd.nist.gov/vuln/detail/CVE-2026-26278)
+
 ## [8.0.2] - 2026-01-07
 
 ### Security

NOTICE

@@ -980,6 +980,7 @@ AwsJavaSdk-Core-Regions/AwsJavaSdk-Core-Regions under the Apache-2.0 license.
 AwsJavaSdk-Core-Retries/AwsJavaSdk-Core-Retries under the Apache-2.0 license.
 AwsJavaSdk-Core-RetriesSpi/AwsJavaSdk-Core-RetriesSpi under the Apache-2.0 license.
 AwsJavaSdk-Core-Utils/AwsJavaSdk-Core-Utils under the Apache-2.0 license.
+AwsJavaSdk-Core-UtilsLite/AwsJavaSdk-Core-UtilsLite under the Apache-2.0 license.
 AwsJavaSdk-DynamoDb/AwsJavaSdk-DynamoDb under the Apache-2.0 license.
 AwsJavaSdk-DynamoDb-Enhanced/AwsJavaSdk-DynamoDb-Enhanced under the Apache-2.0 license.
 AwsJavaSdk-HttpClient/AwsJavaSdk-HttpClient under the Apache-2.0 license.
@@ -1415,7 +1416,14 @@ com.amazon.ion.java/IonJava under the Apache-2.0 license.
 @aws-sdk/credential-provider-login under the Apache-2.0 license.
 @aws-sdk/dynamodb-codec under the Apache-2.0 license.
 @aws-sdk/crc64-nvme under the Apache-2.0 license.
-
+@aws-cdk/cloud-assembly-api under the Apache-2.0 license.
+fast-check under the MIT license.
+@rollup/rollup-linux-loong64-gnu under the MIT license.
+@rollup/rollup-linux-loong64-musl under the MIT license.
+@rollup/rollup-linux-ppc64-musl under the MIT license.
+@rollup/rollup-openbsd-x64 under the MIT license.
+@rollup/rollup-openharmony-arm64 under the MIT license.
+@rollup/rollup-win32-x64-gnu under the MIT license.
 
 ********************
 OPEN SOURCE LICENSES