From f6ee6fe79a83b73d09bea3eca53a07da39222b80 Mon Sep 17 00:00:00 2001
From: David Knaack <david.knaack@sap.com>
Date: Fri, 22 May 2026 12:07:32 +0200
Subject: [PATCH] update release notes

---
 docs-js/release-notes.mdx | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/docs-js/release-notes.mdx b/docs-js/release-notes.mdx
index 070817db66..22b9541e67 100644
--- a/docs-js/release-notes.mdx
+++ b/docs-js/release-notes.mdx
@@ -20,6 +20,34 @@ import LicenseBadge from '@site/src/sap/sdk-js/LicenseBadge';
 <!-- vale off -->
 <!-- This line is used for our release notes automation -->
 
+## 4.7.0 [Core Modules] - May 22, 2026
+
+### Compatibility Notes
+
+- [connectivity] IAS tokens are now cached via `@sap/xssec`.
+  `@sap/xssec` uses an LRU cache limited to 100 items, previously this cache was unbound. (9102f18)
+- [eslint-config] Replaced `eslint-plugin-import` with `eslint-plugin-import-x`.
+  Please ensure that you have `eslint-plugin-import-x` installed. (9cbf19d)
+
+### New Features
+
+- [connectivity] Add `createDestinationFromIasService()` convenience function to build IAS-backed destinations.
+  This function aims to offer more convenience for obtaining IAS-backed destinations outside SAP BTP-environments. (9102f18)
+- [connectivity] Add `getIasToken()` convenience function to fetch IAS token.
+  This function aims to offer more convenience for obtaining IAS tokens outside SAP BTP-environments. (9102f18)
+
+### Fixed Issues
+
+- [connectivity] Avoid caching JWT if `forwardAuthToken` is set to `true`.
+  - @sap-cloud-sdk/resilience@4.7.0
+  - @sap-cloud-sdk/util@4.7.0 (df84426)
+- [http-client] Warn when the CSRF token fetch URL has a different host than the request URL, as sensitive headers would be forwarded to the cross-host endpoint. ([67e1c53](https://github.com/SAP/cloud-sdk-js/commit/67e1c5397a6ec97da15c68011695e69c6b5223e4))
+
+### Improvements
+
+- [connectivity, http-client] Cache custom http and https agents and enable the keep-alive option by default. ([d54ba5a](https://github.com/SAP/cloud-sdk-js/commit/d54ba5a905a21c22ae30e74ea28926267ea6647c))
+- [connectivity, http-client] Use node's global http/https agent unless a custom agent is required by the destination configuration. ([d54ba5a](https://github.com/SAP/cloud-sdk-js/commit/d54ba5a905a21c22ae30e74ea28926267ea6647c))
+
 ## 4.6.0 [Core Modules] - April 13, 2026
 
 ### Compatibility Notes