istio
diff --git a/‎extensions/v1alpha1/wasm.pb.go
Lines changed: 2 additions & 0 deletions b/‎extensions/v1alpha1/wasm.pb.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎extensions/v1alpha1/wasm.pb.html
Lines changed: 2 additions & 0 deletions b/‎extensions/v1alpha1/wasm.pb.html
Lines changed: 2 additions & 0 deletions
diff --git a/‎extensions/v1alpha1/wasm.proto
Lines changed: 2 additions & 0 deletions b/‎extensions/v1alpha1/wasm.proto
Lines changed: 2 additions & 0 deletions
diff --git a/‎kubernetes/customresourcedefinitions.gen.yaml
Lines changed: 0 additions & 90 deletions b/‎kubernetes/customresourcedefinitions.gen.yaml
Lines changed: 0 additions & 90 deletions
diff --git a/‎networking/v1alpha3/envoy_filter.pb.go
Lines changed: 2 additions & 0 deletions b/‎networking/v1alpha3/envoy_filter.pb.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎networking/v1alpha3/envoy_filter.pb.html
Lines changed: 2 additions & 0 deletions b/‎networking/v1alpha3/envoy_filter.pb.html
Lines changed: 2 additions & 0 deletions
diff --git a/‎networking/v1alpha3/envoy_filter.proto
Lines changed: 2 additions & 0 deletions b/‎networking/v1alpha3/envoy_filter.proto
Lines changed: 2 additions & 0 deletions
diff --git a/‎releasenotes/notes/3412.yaml
Lines changed: 8 additions & 0 deletions b/‎releasenotes/notes/3412.yaml
Lines changed: 8 additions & 0 deletions
diff --git a/‎security/v1beta1/authorization_policy.pb.go
Lines changed: 2 additions & 0 deletions b/‎security/v1beta1/authorization_policy.pb.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎security/v1beta1/authorization_policy.pb.html
Lines changed: 2 additions & 0 deletions b/‎security/v1beta1/authorization_policy.pb.html
Lines changed: 2 additions & 0 deletions
@@ -257,7 +257,9 @@ message WasmPlugin {
   //
   // Currently, the following resource attachment types are supported:
   // * `kind: Gateway` with `group: gateway.networking.k8s.io` in the same namespace.
+  // * `kind: GatewayClass` with `group: gateway.networking.k8s.io` in the root namespace.
   // * `kind: Service` with `group: ""` or `group: "core"` in the same namespace. This type is only supported for waypoints.
+  // * `kind: ServiceEntry` with `group: networking.istio.io` in the same namespace.
   //
   // If not set, the policy is applied as defined by the selector.
   // At most one of the selector and targetRefs can be set.
 
@@ -890,7 +890,9 @@ message EnvoyFilter {
   //
   // Currently, the following resource attachment types are supported:
   // * `kind: Gateway` with `group: gateway.networking.k8s.io` in the same namespace.
+  // * `kind: GatewayClass` with `group: gateway.networking.k8s.io` in the root namespace.
   // * `kind: Service` with `""` in the same namespace. This type is only supported for waypoints.
+  // * `kind: ServiceEntry` with `group: networking.istio.io` in the same namespace.
   //
   // If not set, the policy is applied as defined by the selector.
   // At most one of the selector and targetRefs can be set.
 
@@ -0,0 +1,8 @@
+apiVersion: release-notes/v2
+kind: feature
+area: traffic-management
+issue:
+  - https://github.com/istio/istio/issues/54696
+releaseNotes:
+- |
+  **Removed** CEL validation of group/kind for PolicyTargetReference to enable vendor extensions