From 58db30c88cd6517d9d675bcd56732b8d4e76f7de Mon Sep 17 00:00:00 2001
From: Erik de Vries <erik.de.vries@ritense.com>
Date: Wed, 28 Aug 2024 20:42:25 +0200
Subject: [PATCH] Release notes: Unauthenticated user can now access Actuator
 health liveness and readiness endpoints

---
 .../major12/12.3.0/valtimo-backend-libraries.md     | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/release-notes/major12/12.3.0/valtimo-backend-libraries.md b/release-notes/major12/12.3.0/valtimo-backend-libraries.md
index 051e74da..0c5e2adb 100644
--- a/release-notes/major12/12.3.0/valtimo-backend-libraries.md
+++ b/release-notes/major12/12.3.0/valtimo-backend-libraries.md
@@ -9,6 +9,19 @@ The following features were added:
   A Form flow SpEL expressions now accepts updating the submission data.
   See [this page](/using-valtimo/form-flow/create-form-flow-definition.md#expressions) for more information.
 
+* **Unauthenticated user can now access Actuator health liveness and readiness endpoints**
+
+  These Actuator health endpoints:
+  - `${management.endpoints.web.base-path}/health/liveness`
+  - `${management.endpoints.web.base-path}/health/readiness`
+
+  can now be accessed by an unauthenticated user in either of the following conditions:
+  - `management.endpoint.health.show-details` is set to `never`
+  - `management.endpoint.health.show-details` is set to `when_authorized` AND
+    `management.endpoint.health.roles` contains `ROLE_ACTUATOR`  
+  
+  This was already implemented for `${management.endpoints.web.base-path}/health` in release 12.1.2
+
 ## Bugfixes
 
 The following bugs were fixed: