From 08f8a1c9b56941335d90ed06df24415be529014b Mon Sep 17 00:00:00 2001
From: Rahul Rai <rahulrai-in@users.noreply.github.com>
Date: Tue, 17 Mar 2026 16:48:26 +1100
Subject: [PATCH 1/2] Update CHANGELOG with new service tags feature

Added support for service tags in API server authorized IP ranges for AKS clusters with VNet Integration.
---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 84c62b2b2..8d5032147 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,6 +28,7 @@ For deprecation, rollouts and patch timelines by region, please check the [AKS-R
   - A ValidatingAdmissionPolicy (VAP) restricts creation or updates of ClusterRole and Role objects granting `nodes/proxy`, except for approved system users and groups.
   - An authorization policy denies `nodes/proxy` by default. Approved system users, groups, and kube-system service accounts are exempt.
 * On clusters where ACNS performance is used to enable [eBPF host routing](https://learn.microsoft.com/azure/aks/how-to-enable-ebpf-host-routing), nodes will be labeled with `kubernetes.azure.com/ebpf-host-routing=true`. This is done by a node image upgrade.
+* [Service tags for API server authorized IP ranges](https://learn.microsoft.com/azure/aks/api-server-service-tags) now support AKS clusters with API Server VNet Integration.
 
 ### Component Updates
 * Cilium has been updated from v1.18.2 to [v1.18.6](https://github.com/cilium/cilium/releases/tag/v1.18.6) to address CVEs: [CVE-2025-64715](https://nvd.nist.gov/vuln/detail/CVE-2025-64715) and [CVE-2026-26963](https://nvd.nist.gov/vuln/detail/CVE-2026-26963).

From 061d4cb2f3104af8ec39466144fc1455e7a2f21c Mon Sep 17 00:00:00 2001
From: Rahul Rai <rahulrai-in@users.noreply.github.com>
Date: Tue, 17 Mar 2026 16:53:45 +1100
Subject: [PATCH 2/2] Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8d5032147..09079442f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,7 +28,7 @@ For deprecation, rollouts and patch timelines by region, please check the [AKS-R
   - A ValidatingAdmissionPolicy (VAP) restricts creation or updates of ClusterRole and Role objects granting `nodes/proxy`, except for approved system users and groups.
   - An authorization policy denies `nodes/proxy` by default. Approved system users, groups, and kube-system service accounts are exempt.
 * On clusters where ACNS performance is used to enable [eBPF host routing](https://learn.microsoft.com/azure/aks/how-to-enable-ebpf-host-routing), nodes will be labeled with `kubernetes.azure.com/ebpf-host-routing=true`. This is done by a node image upgrade.
-* [Service tags for API server authorized IP ranges](https://learn.microsoft.com/azure/aks/api-server-service-tags) now support AKS clusters with API Server VNet Integration.
+* [Service tags for API server authorized IP ranges](https://learn.microsoft.com/azure/aks/api-server-service-tags) are now supported for AKS clusters with API server VNet integration.
 
 ### Component Updates
 * Cilium has been updated from v1.18.2 to [v1.18.6](https://github.com/cilium/cilium/releases/tag/v1.18.6) to address CVEs: [CVE-2025-64715](https://nvd.nist.gov/vuln/detail/CVE-2025-64715) and [CVE-2026-26963](https://nvd.nist.gov/vuln/detail/CVE-2026-26963).