From 62ce91dbb7c6411da28a929a2072fffbefeef5e6 Mon Sep 17 00:00:00 2001
From: Patrick Lowin <Patrick.Lowin@sap.com>
Date: Tue, 7 May 2024 16:34:35 +0200
Subject: [PATCH] ci: add release notes

---
 ci/release_notes.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 ci/release_notes.md

diff --git a/ci/release_notes.md b/ci/release_notes.md
new file mode 100644
index 00000000..4d27418b
--- /dev/null
+++ b/ci/release_notes.md
@@ -0,0 +1,16 @@
+# Announcements
+- We deprecate support for `disable_tls_10`, `disable_tls_11`, `disable_tls_12` and `disable_tls_13`, move to `ssl_min_ver` and `ssl-max-ver` instead. The deprecated configuration might be removed with the next major release. 
+
+# Fixes
+- :warning: Default health check behavior for Proxy Protocol scenarios was changed: Proxy Protocol is now also enabled for the health check endpoint by default. Use `disable_health_check_proxy: true` to disable it again, see https://github.com/cloudfoundry/haproxy-boshrelease/pull/633 (thanks @a18e) :warning:
+
+# New Features
+- For mTLS scenarios, the root CA DN (`ssl_c_r_dn`) is now sent besides other client certificate headers, see https://github.com/cloudfoundry/haproxy-boshrelease/pull/659 (thanks @Mrizwanshaik)
+- Rate limiting now also works for IPv6 client IP addresses, see https://github.com/cloudfoundry/haproxy-boshrelease/pull/633 (thanks @a18e)
+- SSL versions can be properly set via `ssl_min_ver` and `ssl-max-ver` as a successor of e.g. [no-tlsv10](https://docs.haproxy.org/2.7/configuration.html#5.2-no-tlsv10), see https://github.com/cloudfoundry/haproxy-boshrelease/pull/657 (thanks @kinjelom)
+- An additional pre-start script can be defined via `pre_start_script`, see https://github.com/cloudfoundry/haproxy-boshrelease/pull/657 (thanks @kinjelom)
+- Authentication for the /stats endpoint can be disabled by defining `stats_user` empty, see https://github.com/cloudfoundry/haproxy-boshrelease/pull/657 (thanks @kinjelom)
+- Well formatted raw config can be appended via `raw_blocks` as per spec, see https://github.com/cloudfoundry/haproxy-boshrelease/pull/652. Additional config before `raw_blocks` can be actively switched using `config_mode`, see https://github.com/cloudfoundry/haproxy-boshrelease/pull/657 (thanks @kinjelom)
+
+# Upgrades
+- Minor version bumps