From 6a7bd59bea64db008ad7ac436fb8fc478d82abc6 Mon Sep 17 00:00:00 2001
From: Ryan Northey <ryan@synca.io>
Date: Wed, 26 Jul 2023 08:48:00 +0000
Subject: [PATCH] repo: Dev v1.25.10

Signed-off-by: Ryan Northey <ryan@synca.io>
---
 VERSION.txt             |  2 +-
 changelogs/1.25.9.yaml  | 41 ++++++++++++++++++++++++++++++++++++++
 changelogs/current.yaml | 44 ++++++++++-------------------------------
 3 files changed, 52 insertions(+), 35 deletions(-)
 create mode 100644 changelogs/1.25.9.yaml

diff --git a/VERSION.txt b/VERSION.txt
index 0e0c284d88ab..0ff952508c01 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1 +1 @@
-1.25.9
+1.25.10-dev
diff --git a/changelogs/1.25.9.yaml b/changelogs/1.25.9.yaml
new file mode 100644
index 000000000000..2495f9ca0e44
--- /dev/null
+++ b/changelogs/1.25.9.yaml
@@ -0,0 +1,41 @@
+date: July 25, 2023
+
+minor_behavior_changes:
+- area: http
+  change: |
+    Envoy will now lower case scheme values by default. This behaviorial change can be temporarily reverted
+    by setting runtime guard ``envoy.reloadable_features.lowercase_scheme`` to ``false``.
+
+bug_fixes:
+- area: cors
+  change: |
+    Fix a use-after-free bug that occurs in the CORS filter if the ``origin`` header is removed between
+    request header decoding and response header encoding.
+
+    Fix `CVE-2023-35943 <https://github.com/envoyproxy/envoy/security/advisories/GHSA-mc6h-6j9x-v3gq>`_.
+- area: http
+  change: |
+    Switched Envoy internal scheme checks from case sensitive to case insensitive. This behaviorial change can be temporarily
+    reverted by setting runtime guard ``envoy.reloadable_features.handle_uppercase_scheme`` to ``false``.
+
+    Fix `CVE-2023-35944 <https://github.com/envoyproxy/envoy/security/advisories/GHSA-pvgm-7jpg-pw5g>`_.
+- area: opentelemetry/grpc/access log
+  change: |
+    Fixed a bug in the open telemetry access logger. This logger now uses the
+    server scope for stats instead of the listener's global scope. This fixes a
+    use-after-free that can occur if the listener is drained but the cached
+    gRPC access logger uses the listener's global scope for stats.
+
+    Fix `CVE-2023-35942 <https://github.com/envoyproxy/envoy/security/advisories/GHSA-69vr-g55c-v2v4>`_.
+- area: oauth2
+  change: |
+    Fixed a cookie validator bug that HMAC calculation could be same for different payloads.
+
+    This prevents malicious clients from constructing credentials with permanent validity in some specific scenarios.
+
+    Fix `CVE-2023-35941 <https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55>`_.
+
+new_features:
+- area: tls
+  change: |
+    Added FIPS compliant build for arm64.
diff --git a/changelogs/current.yaml b/changelogs/current.yaml
index 2495f9ca0e44..9ecf0d6e48ce 100644
--- a/changelogs/current.yaml
+++ b/changelogs/current.yaml
@@ -1,41 +1,17 @@
-date: July 25, 2023
+date: Pending
+
+behavior_changes:
+# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
 
 minor_behavior_changes:
-- area: http
-  change: |
-    Envoy will now lower case scheme values by default. This behaviorial change can be temporarily reverted
-    by setting runtime guard ``envoy.reloadable_features.lowercase_scheme`` to ``false``.
+# *Changes that may cause incompatibilities for some users, but should not for most*
 
 bug_fixes:
-- area: cors
-  change: |
-    Fix a use-after-free bug that occurs in the CORS filter if the ``origin`` header is removed between
-    request header decoding and response header encoding.
-
-    Fix `CVE-2023-35943 <https://github.com/envoyproxy/envoy/security/advisories/GHSA-mc6h-6j9x-v3gq>`_.
-- area: http
-  change: |
-    Switched Envoy internal scheme checks from case sensitive to case insensitive. This behaviorial change can be temporarily
-    reverted by setting runtime guard ``envoy.reloadable_features.handle_uppercase_scheme`` to ``false``.
-
-    Fix `CVE-2023-35944 <https://github.com/envoyproxy/envoy/security/advisories/GHSA-pvgm-7jpg-pw5g>`_.
-- area: opentelemetry/grpc/access log
-  change: |
-    Fixed a bug in the open telemetry access logger. This logger now uses the
-    server scope for stats instead of the listener's global scope. This fixes a
-    use-after-free that can occur if the listener is drained but the cached
-    gRPC access logger uses the listener's global scope for stats.
+# *Changes expected to improve the state of the world and are unlikely to have negative effects*
 
-    Fix `CVE-2023-35942 <https://github.com/envoyproxy/envoy/security/advisories/GHSA-69vr-g55c-v2v4>`_.
-- area: oauth2
-  change: |
-    Fixed a cookie validator bug that HMAC calculation could be same for different payloads.
-
-    This prevents malicious clients from constructing credentials with permanent validity in some specific scenarios.
-
-    Fix `CVE-2023-35941 <https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55>`_.
+removed_config_or_runtime:
+# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
 
 new_features:
-- area: tls
-  change: |
-    Added FIPS compliant build for arm64.
+
+deprecated: