v1.20.2

1.20.2 (December 26, 2024)

SECURITY:

• Removed ability to use bexpr to filter results without ACL read on endpoint [GH-21950]
• Resolved issue where hcl would allow duplicates of the same key in acl policy configuration. [GH-21908]
• Update github.com/golang-jwt/jwt/v4 to v4.5.1 to address GHSA-29wx-vh33-7x7r. [GH-21951]
• Update golang.org/x/crypto to v0.31.0 to address GO-2024-3321. [GH-22001]
• Update golang.org/x/net to v0.33.0 to address GO-2024-3333. [GH-22021]
• Update registry.access.redhat.com/ubi9-minimal image to 9.5 to address CVE-2024-3596,CVE-2024-2511,CVE-2024-26458. [GH-22011]
• api: Enforces strict content-type header validation to protect against XSS vulnerability. [GH-21930]

FEATURES:

• docs: added the docs for the grafana dashboards [GH-21795]

BUG FIXES:

• proxycfg: fix a bug where peered upstreams watches are canceled even when another target needs it. [GH-21871]
• state: ensure that identical manual virtual IP updates result in not bumping the modify indexes [GH-21909]