[release/v1.2] v1.2.6 release note (#5128)

* v1.2.6 release note Signed-off-by: Huabing Zhao <[email protected]> * add CVE name Signed-off-by: Huabing Zhao <[email protected]> --------- Signed-off-by: Huabing Zhao <[email protected]>
envoyproxy · Jan 23, 2025 · 6ac0339 · 6ac0339
1 parent 3eb3301
commit 6ac0339
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 1 deletion.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-v1.2.5
+v1.2.6
diff --git a/release-notes/v1.2.6.yaml b/release-notes/v1.2.6.yaml
@@ -0,0 +1,23 @@
+date: January 23, 2025
+
+# Changes that are expected to cause an incompatibility with previous versions, such as deletions or modifications to existing APIs.
+breaking changes: |
+
+# Updates addressing vulnerabilities, security flaws, or compliance requirements.
+security updates: |
+  Fixed vulnerability CVE-2025-24030, which exposed the Envoy admin interface via the Prometheus stats endpoint. For more details, refer to https://github.com/envoyproxy/gateway/security/advisories/GHSA-j777-63hf-hx76.
+
+# New features or capabilities added in this release.
+new features: |
+
+bug fixes: |
+  Fixed a panic that occurred following update to the envoy-gateway-config ConfigMap.
+
+# Enhancements that improve performance.
+performance improvements: |
+
+# Deprecated features or APIs.
+deprecations: |
+
+# Other notable changes not covered by the above sections.
+Other changes: |
diff --git a/site/content/en/news/releases/notes/v1.2.6.md b/site/content/en/news/releases/notes/v1.2.6.md
@@ -0,0 +1,12 @@
+---
+title: "v1.2.6"
+publishdate: 2025-01-23
+---
+
+Date: January 23, 2025
+
+## Security updates
+- Fixed vulnerability CVE-2025-24030, which exposed the Envoy admin interface via the Prometheus stats endpoint. For more details, refer to [GHSA-j777-63hf-hx76](https://github.com/envoyproxy/gateway/security/advisories/GHSA-j777-63hf-hx76).
+
+## Bug fixes
+- Fixed a panic that occurred following update to the envoy-gateway-config ConfigMap.