From c42ad29a4f44788e5a630aef183bef84c2fe8fae Mon Sep 17 00:00:00 2001
From: Nadia Mayor <nadia.mayor@split.io>
Date: Fri, 15 May 2026 15:17:21 -0300
Subject: [PATCH 1/3] Updated version

---
 CHANGES.txt | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CHANGES.txt b/CHANGES.txt
index f7aac509..7dd1d533 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,3 +1,9 @@
+5.12.4 (May 15, 2026)
+- Fixed vulnerabilities:
+   - Updated Go runtime to 1.26.3.
+   - Refreshed Docker base images and OS packages with latest security patches.
+   - Hardened container builds by reducing unnecessary packages and cleaning APT metadata.
+- Added defensive validations to prevent crashes during network failures, ensuring continuous flag delivery from cache when the control plane is unavailable.
 
 5.12.3 (May 7, 2026)
 - Fixed vulnerabilities:

From e7259f2b47f1b555b6529f0f4f10dbcb05c31414 Mon Sep 17 00:00:00 2001
From: Nadia Mayor <nadia.mayor@split.io>
Date: Fri, 15 May 2026 15:18:34 -0300
Subject: [PATCH 2/3] Updated version

---
 splitio/version.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/splitio/version.go b/splitio/version.go
index ad900381..912d2b9a 100644
--- a/splitio/version.go
+++ b/splitio/version.go
@@ -2,4 +2,4 @@
 package splitio
 
 // Version is the version of this Agent
-const Version = "5.12.3"
+const Version = "5.12.4"

From c87ec161719cdddb5d0fdbd64445e8d411ddc9f1 Mon Sep 17 00:00:00 2001
From: Nadia Mayor <nadia.mayor@split.io>
Date: Fri, 15 May 2026 15:36:23 -0300
Subject: [PATCH 3/3] Updated changelog

---
 CHANGES.txt | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/CHANGES.txt b/CHANGES.txt
index 7dd1d533..d62f3ccb 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,8 +1,7 @@
 5.12.4 (May 15, 2026)
 - Fixed vulnerabilities:
-   - Updated Go runtime to 1.26.3.
-   - Refreshed Docker base images and OS packages with latest security patches.
-   - Hardened container builds by reducing unnecessary packages and cleaning APT metadata.
+   - H: CVE-2026-39820, CVE-2026-42499, CVE-2026-33811, CVE-2026-33814, CVE-2026-39836
+   - M: CVE-2026-39826, CVE-2026-3982, CVE-2026-39825
 - Added defensive validations to prevent crashes during network failures, ensuring continuous flag delivery from cache when the control plane is unavailable.
 
 5.12.3 (May 7, 2026)