list 1.2.6 fixed issues

Author: Fortune-Ndlovu

artifacts/attributes.adoc

@@ -11,8 +11,8 @@
 :product-short: Developer Hub
 :product-very-short: RHDH
 :product-version: 1.2
-:product-bundle-version: 1.2.5
-:product-chart-version: 1.2.5
+:product-bundle-version: 1.2.6
+:product-chart-version: 1.2.6
 :product-backstage-version: 1.26.5
 :rhdeveloper-name: Red Hat Developer
 :rhel: Red Hat Enterprise Linux

modules/release-notes/con-relnotes-fixed-issues.adoc

@@ -220,6 +220,35 @@ With the release of the {product-short} 1.2.1 Helm chart, this is fixed.
 
 == Fixed security issues
 
+== Fixed issues in {product} 1.2.6
+
+This section lists fixed issues with {product} 1.2.6:
+
+Link:https://access.redhat.com/security/cve/cve-2024-37890[cve-2024-37890]
+A flaw was found in the Node.js WebSocket library (ws). A request with several headers exceeding the 'server.maxHeadersCount' threshold could be used to crash a ws server, leading to a denial of service.
+
+//link:{LinkRHIDPIssue}RHIDP-5074[RHIDP-5074]
+
+
+Link:https://access.redhat.com/security/cve/cve-2024-43799[cve-2024-43799]
+
+A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.
+
+//link:{LinkRHIDPIssue}RHIDP-5077[RHIDP-5077]
+
+
+Link:https://access.redhat.com/security/cve/cve-2024-43800[cve-2024-43800]
+A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect(). 
+
+//link:{LinkRHIDPIssue}RHIDP-5078[RHIDP-5078]
+
+
+Link: https://access.redhat.com/security/cve/cve-2024-45590[cve-2024-45590]
+A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.
+
+//link:{LinkRHIDPIssue}RHIDP-5080[RHIDP-5080]
+
+
 === Fixed security issues in {product} 1.2.5
 
 include::snip-fixed-security-issues-in-product-1.2.5.adoc[leveloffset=+3]