Security Update for Amazon Q Developer Extension for Visual Studio Code (Version #1.84)

发布于: 2025年7月24日

Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2025/07/23 6:00 PM PDT

Description:

AWS is aware of and has addressed an issue in the Amazon Q Developer Extension for Visual Studio Code (VSC). Security researchers reported a potentially unapproved code modification was attempted in the open-source VSC extension that targeted Q Developer CLI command execution. This issue did not affect any production services or end-users.

Once we were made aware of this issue, we immediately revoked and replaced the credentials, removed the unapproved code from the codebase, and subsequently released Amazon Q Developer Extension version 1.85 to the marketplace.

Affected version:

Amazon Q Developer Extension for Visual Studio Code (versions 1.84)

Resolution:

AWS has released Amazon Q Developer Extension version 1.85 which addresses this issue. Customers must update to 1.85 and ensure any forked or derivative code is patched to address this issue.

To update your Amazon Q Developer extension in VSC:

• Open Visual Studio Code
• Navigate to Extensions panel
• Locate Amazon Q Developer
• Click Update button

No action is required for AWS SDK for .NET users.

References:

• https://github.com/aws/aws-toolkit-vscode
• https://github.com/aws/aws-sdk-net

Please email aws-security@amazon.com with any security questions or concerns.