Security Update for Amazon Q Developer Extension for Visual Studio Code (Version #1.84)

Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/07/23 6:00 PM PDT Description: AWS is aware of and has addressed an issue in the Amazon Q Developer Extension for Visual Studio Code (VSC). Security researchers reported a potentially unapproved code modification was attempted in the open-source VSC extension that targeted Q Developer CLI command execution. This issue did not affect any production services or end-users. Once we were made aware of this issue, we immediately revoked and replaced the credentials, removed the unapproved code from the codebase, and subsequently released Amazon Q Developer Extension version 1.85 to the marketplace. Affected version: Amazon Q Developer Extension for Visual Studio Code (versions 1.84)