[DOC-1351] Release notes for 2025.2.4.0

docs/content/stable/releases/yba-releases/v2025.2.md

@@ -33,6 +33,92 @@ v2025.2 and later requires certificate validation for [S3 storage](/stable/yugab
 
 Before upgrading, review the information in [Prepare to upgrade YugabyteDB Anywhere](/stable/yugabyte-platform/upgrade/prepare-to-upgrade/).
 
+## v2025.2.4.0 - June 12, 2026 {#v2025.2.4.0}
+
+**Build:** `2025.2.4.0-b114`
+
+**Third-party licenses:** [YugabyteDB](https://downloads.yugabyte.com/releases/2025.2.4.0/yugabytedb-2025.2.4.0-b114-third-party-licenses.html), [YugabyteDB Anywhere](https://downloads.yugabyte.com/releases/2025.2.4.0/yugabytedb-anywhere-2025.2.4.0-b114-third-party-licenses.html)
+
+### Download
+
+<ul class="nav yb-pills">
+ <li>
+   <a href="https://downloads.yugabyte.com/releases/2025.2.4.0/yba_installer_full-2025.2.4.0-b114-linux-x86_64.tar.gz">
+     <i class="fa-brands fa-linux"></i>
+     <span>Linux x86</span>
+   </a>
+ </li>
+</ul>
+
+### New features
+
+| <div style="width:150px">Feature</div> | Description |
+| :-------- | :---------- |
+| {{<tags/feature/ga idea="1247">}}FIPS 140-2 Compliance. | YugabyteDB Anywhere (K8s only) now supports FIPS 140-2–compliant encryption when configured during initial installation. <hr style="margin: 0.5em 0;">**To use**: Feature disabled by default.|
+| {{<tags/feature/ea idea="946">}}OIDC-based authentication to YCQL. | For user or client application access to YCQL databases, OIDC token-based authentication (e.g. via Azure AD) is now supported. Previously, only YSQL had this capability.  Users (or client apps) can now sign in to YugabyteDB YCQL databases using their JSON Web Token (JWT), which is retrieved from an OIDC-based identity provider. <hr style="margin: 0.5em 0;">**To use**: Configure your OIDC Identity Provider (e.g. Azure AD) appropriately, configure your  DB cluster (or universe) with certain gFlags.  And optionally, have YBA display users JWT tokens through a special configuration setting in YBA.  See documentation for detail.|
+
+<!-- * Automates changing the installation directory to the Yugabyte user's home directory. PLAT-20210,PLAT-19661,PLAT-20472,PLAT-20506 IDEA-2715 -->
+
+### Improvements
+
+* Adds wildcard support for OIDC callback URLs in YBA, simplifying SSO setup. PLAT-20661
+* Displays both SST and WAL sizes as total table size in the xCluster UI. PLAT-20183
+* Enables configuring the minimum software version required for PG upgrades. PLAT-20822
+
+### Bug fixes
+
+* Fixes the HA standby sync alert query to correctly handle time unit conversions. PLAT-18539
+* Throws a clear exception when an EC2 image is not found in AWS. PLAT-19979
+* Fixes installation issues by checking for `enable-linger` before enabling it. PLAT-19989
+* Removes outdated container references from Helm charts, enhancing system relevance and simplifying maintenance. PLAT-20054
+* Ensures backup schedule UI correctly sends cron expressions and role usage. PLAT-20108
+* Ensures all YSQL live/slow query `query` fields return as non-null strings, aligning with YCQL behavior. PLAT-20165
+* Upgrades YBC to 2.2.0.3-b18, ensuring files close properly when buffers are full. PLAT-20197
+* Corrects universe card sorting on the dashboard by name. PLAT-20461
+* Ensures correct format for specifying boolean flags in validation commands. PLAT-20605
+* Disables PostgreSQL log redaction to reduce CPU usage and support bundle creation time. PLAT-20628
+* Fixes memory limit configuration to prevent system crashes on dedicated nodes. PLAT-20685,PLAT-20584
+* Increases clockbound sync retries from 10 to 50, extending precheck timeout. PLAT-20713
+* Ensures all node actions are checked against the node state before submission. PLAT-20856
+* Disables Apport on Ubuntu 24 to prevent issues with kernel.core_pattern settings. PLAT-20916
+* Ensures node agent installations target the correct node from the UI. PLAT-20956
+* Removes redundant node-agent check now handled by YBA. PLAT-20989
+* Validates data mount paths to prevent overlap with the `yb-home` directory. PLAT-21033
+* Allows custom CA trust-store to skip certificate validation when `enable_config_validation` is set to `false`. PLAT-21051
+* Preserves PostgreSQL upgrade logs during rollbacks in Kubernetes environments. PLAT-21130
+* Adds `waitForNodeAgent` post-reboot and enhances channel cache invalidation. PLAT-21168
+* Enables stats dump by default on YBA in version 2025.2.3. PLAT-20675
+* Upgrades the protoc code generator to version 25.6+, enhancing security against DoS attacks. PLAT-19052
+* Ensures HA failover handles multiple standbys without errors. PLAT-19337
+* Enables node agent by default in new YNP releases. PLAT-20615
+* Increases process limits to 64000 in systemd unit files to fix health check failures. PLAT-20639
+* Fixes VM image upgrade failure by adjusting node agent removal sequence. PLAT-20576,PLAT-20695
+* Ensures CPU metrics in OpenShift display data correctly by fixing the join condition in queries. PLAT-20743
+* Ensures provider creation via CLI succeeds by validating access key inputs. PLAT-20774
+* Ensures GCP provider validation handles omitted `useHostCredentials` correctly. PLAT-20807
+* Updates node agent alert to exclude Kubernetes universes. PLAT-20811
+* Ensures read-replica master address updates with master address changes. PLAT-20821
+* Ensures the `clockbound` parameter is set correctly during universe creation. PLAT-20841
+* Downgrades AWS SDK to version 2.29.x to fix the `deleteObjects` bug in S3-compatible storages. PLAT-20995
+* Ensures creation of `yugabyte_upgrade` role with TLS settings adjustments. PLAT-21002
+* Ensures Junit 4.13 is used by adding a direct dependency and removes the unused mock jar. PLAT-21142
+* Ensures Postgres starts properly by adjusting file permissions during node provisioning. PLAT-21161
+* Fixes mount path validation across different instance types with similar mounts. PLAT-21175
+* Supports `yb_user_home_override` in NodeManager precheck for accurate directory validation. PLAT-21179
+* Enhances stability by discarding old data on retries in TabletClient.decode, preventing OOM errors. PLAT-20118
+* Fixes K8s restore failure by addressing shell script expansion issue. PLAT-20778
+* Fixes Python 3.12 compatibility on the YBA Installer. PLAT-20860
+* Updates GP3 volume limits to match AWS's enhanced capabilities. PLAT-21009,PLAT-20441
+* Accelerates local test execution by implementing specific test groupings. PLAT-21017
+* Stops unnecessary fetching of global runtime config on universe pages. PLAT-21121
+* Fixes incorrect failure status for backup tasks post-restore. PLAT-19055
+* Displays all timestamps and charts in user-selected timezone. PLAT-18701
+* Restores functionality to the "View flags changes" component. PLAT-18893
+* Skips specific ReprovisionNode tasks for manual on-prem setups lacking sudo access. PLAT-21203
+* Allows non-root initialization and enhances security context support in YBA installations. PLAT-19392
+* Ensures `openapi_format` installation is thread-safe to prevent race conditions during builds. PLAT-20422
+* Ensures charts render correctly by removing an extra template block. PLAT-21153
+
 ## v2025.2.3.2 - June 4, 2026 {#v2025.2.3.2}
 
 **Build:** `2025.2.3.2-b1`