zscaler
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/release.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/zia-test.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/zia-test.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎CHANGELOG.md‎
Lines changed: 30 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 30 additions & 0 deletions
diff --git a/‎GNUmakefile‎
Lines changed: 5 additions & 5 deletions b/‎GNUmakefile‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎docs/data-sources/zia_end_user_notification.md‎
Lines changed: 2 additions & 2 deletions b/‎docs/data-sources/zia_end_user_notification.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/data-sources/zia_virtual_service_edge_cluster.md‎
Lines changed: 17 additions & 26 deletions b/‎docs/data-sources/zia_virtual_service_edge_cluster.md‎
Lines changed: 17 additions & 26 deletions
diff --git a/‎docs/data-sources/zia_virtual_service_edge_node.md‎
Lines changed: 52 additions & 0 deletions b/‎docs/data-sources/zia_virtual_service_edge_node.md‎
Lines changed: 52 additions & 0 deletions
diff --git a/‎docs/guides/release-notes.md‎
Lines changed: 27 additions & 1 deletion b/‎docs/guides/release-notes.md‎
Lines changed: 27 additions & 1 deletion
@@ -32,7 +32,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: "1.21"
+          go-version: "1.24"
 
       - name: Import GPG key
         id: import_gpg
 
@@ -28,7 +28,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        goVersion: ["1.21"]
+        goVersion: ["1.24"]
         environment:
           - ZIA_ZS3
     environment: ${{ matrix.environment }}
 
@@ -1,5 +1,35 @@
 # Changelog
 
+## 4.5.0 (September, xx 2025)
+
+### Notes
+
+- Release date: **(September, xx 2025)**
+- Supported Terraform version: **v1.x**
+
+### NEW - DATA SOURCE AND RESOURCES
+
+The following new resources have been introduced:
+
+- [PR #479](https://github.com/zscaler/terraform-provider-zia/pull/479) - Added new datasource resource `zia_virtual_service_edge_node` - Retrieves the Virtual Service Edge Nodes (VZEN) configured in the ZIA Admin Portal. This data source can be used to set the corresponding node when configuring the resource `zia_virtual_service_edge_cluster`.
+
+### Enhancements
+
+- [PR #479](https://github.com/zscaler/terraform-provider-zia/pull/479) - Added new `MATCHON_ATLEAST_1` option for `secondary_field_match_on` attribute in `exact_data_match_details` block for the resource `zia_dlp_dictionaries`.
+
+- [PR #479](https://github.com/zscaler/terraform-provider-zia/pull/479) - Enhanced: Standardized reorder logic across all rule-based resources to use consistent OrderRule struct pattern with proper Order and Rank handling.
+  - Updated 12 rule-based resources to use reorderWithBeforeReorder function with OrderRule{Order, Rank} struct
+  - Added optimization checks to avoid unnecessary updates when order is already correct
+  - Improved error handling in reorder functions across all resources
+  - Maintained backward compatibility while ensuring consistent reordering behavior
+  - Special handling for resources without rank support (CASB malware rules) using Rank: 0
+
+Resources updated: `zia_url_filtering_rules`, `zia_nat_control_rules`, `zia_ssl_inspection_rules`, `zia_dlp_web_rules`, `zia_file_type_control_rules`, `zia_firewall_dns_rules`, `zia_firewall_ips_rules`, `zia_bandwidth_control_rules`, `zia_casb_dlp_rules`, `zia_cloud_app_control_rules`, `zia_sandbox_rules`, `zia_casb_malware_rules`.
+
+### Bug Fixes
+
+- [PR #479](https://github.com/zscaler/terraform-provider-zia/pull/479) - Fixed `zia_dlp_dictionary` attribute `primary_fields` flattening function to correctly handle empty lists.
+
 ## 4.4.12 (September, 9 2025)
 
 ### Notes
 
@@ -196,14 +196,14 @@ test\:integration\:zscalertwo:
 build13: GOOS=$(shell go env GOOS)
 build13: GOARCH=$(shell go env GOARCH)
 ifeq ($(OS),Windows_NT)  # is Windows_NT on XP, 2000, 7, Vista, 10...
-build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/4.4.12/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/4.5.0/$(GOOS)_$(GOARCH)
 else
-build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/4.4.12/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/4.5.0/$(GOOS)_$(GOARCH)
 endif
 build13: fmtcheck
 	@echo "==> Installing plugin to $(DESTINATION)"
 	@mkdir -p $(DESTINATION)
-	go build -o $(DESTINATION)/terraform-provider-zia_v4.4.12
+	go build -o $(DESTINATION)/terraform-provider-zia_v4.5.0
 
 coverage: test
 	@echo "✓ Opening coverage for unit tests ..."
@@ -269,12 +269,12 @@ lint:
 
 tools:
 	@which $(GOFMT) || go install mvdan.cc/[email protected]
-	@which $(TFPROVIDERLINT) || go install github.com/bflad/tfproviderlint/cmd/tfproviderlint@v0.29.0
+	@which $(TFPROVIDERLINT) || go install github.com/bflad/tfproviderlint/cmd/tfproviderlint@latest
 	@which $(STATICCHECK) || go install honnef.co/go/tools/cmd/[email protected]
 
 tools-update:
 	@go install mvdan.cc/[email protected]
-	@go install github.com/bflad/tfproviderlint/cmd/tfproviderlint@v0.29.0
+	@go install github.com/bflad/tfproviderlint/cmd/tfproviderlint@latest
 	@go install honnef.co/go/tools/cmd/[email protected]
 
 ziaActivator: GOOS=$(shell go env GOOS)
 
@@ -31,8 +31,8 @@ data "zia_end_user_notification" "example"{}
 * `aup_message` (String) - The acceptable use statement that appears in the AUP.
 * `notification_type` (String) - The type of EUN, either DEFAULT or CUSTOM.
 * `display_reason` (Boolean) - Indicates whether the reason for blocking access is displayed in the EUN.
-* `display_comp_name` (Boolean) - Indicates whether the organization's name is displayed in the EUN.
-* `display_comp_logo` (Boolean) - Indicates whether the organization's logo is displayed in the EUN.
+* `display_company_name` (Boolean) - Indicates whether the organization's name is displayed in the EUN.
+* `display_company_logo` (Boolean) - Indicates whether the organization's logo is displayed in the EUN.
 * `custom_text` (String) - Custom text displayed in the EUN.
 * `url_cat_review_enabled` (Boolean) - Indicates whether URL Categorization notifications are enabled.
 * `url_cat_review_submit_to_security_cloud` (Boolean) - Indicates whether review requests are submitted to Zscaler Security Cloud.
 
@@ -1,5 +1,5 @@
 ---
-subcategory: "Service Edge Cluster"
+subcategory: "Virtual Service Edges"
 layout: "zscaler"
 page_title: "ZIA: virtual_service_edge_cluster"
 description: |-
@@ -15,6 +15,8 @@ description: |-
 
 Use the **zia_virtual_service_edge_cluster** data source to get information about a Virtual Service Edge Cluster information for the specified `Name` or `ID`
 
+## Example Usage
+
 ```hcl
 data "zia_virtual_service_edge_cluster" "this"{
     name = "VSECluster01"
@@ -25,31 +27,20 @@ data "zia_virtual_service_edge_cluster" "this"{
 
 The following arguments are supported:
 
-* `name` - (String) Name of the Virtual Service Edge cluster
-* `id` - (String) USystem-generated Virtual Service Edge cluster ID
-
-## Attribute Reference
-
-In addition to all arguments above, the following attributes are exported:
-
-* `status` - (Number) Specifies the status of the Virtual Service Edge cluster. The status is set to `ENABLED` by default.
+* `name` - (Optional) Name of the Virtual Service Edge cluster
+* `id` - (Optional) System-generated Virtual Service Edge cluster ID
 
-* `ip_sec_enabled` - (String) A Boolean value that specifies whether to terminate IPSec traffic from the client at selected Virtual Service Edge instances for the Virtual Service Edge cluster
-* `ip_address` - (String) The Virtual Service Edge cluster IP address. In a Virtual Service Edge cluster, the cluster IP address provides fault tolerance and is used to listen for user traffic. This interface doesn't explicitly get an IP address. The cluster IP address must be in the same VLAN as the proxy and load balancer IP addresses.
-* `subnet_mask` - (String) The Virtual Service Edge cluster subnet mask
-* `default_gateway` - (String) The IP address of the default gateway to the internet
-* `last_modified_time` - (Number) When the cluster was last modified
+## Attributes Reference
 
-* `virtual_zen_nodes` - (List of Object) The Virtual Service Edge instances you want to include in the cluster. A Virtual Service Edge cluster must contain at least two Virtual Service Edge instances.
-  * `id` - (Number) Identifier that uniquely identifies an entity
-  * `name` - (String) The configured name of the entity
-  * `external_id` (String) An external identifier used for an entity that is managed outside of ZIA.
-  * `extensions` - (Map of String)
+In addition to the arguments above, the following attributes are exported:
 
-* `type` - (String) The Virtual Service Edge cluster type
-`ANY`, `NONE`, `SME`, `SMSM`, `SMCA`, `SMUI`, `SMCDS`, `SMDNSD`, `SMAA`, `SMTP`,`SMQTN`,`VIP`,
-`UIZ`, `UIAE`, `SITEREVIEW`, `PAC`, `S_RELAY`, `M_RELAY`, `H_MON`, `SMIKE`, `NSS`, `SMEZA`, `SMLB`,
-`SMFCCLT`, `SMBA`, `SMBAC`, `SMESXI`, `SMBAUI`, `VZEN`, `ZSCMCLT`, `SMDLP`, `ZSQUERY`, `ADP`, `SMCDSDLP`,
-`SMSCIM`, `ZSAPI`, `ZSCMCDSSCLT`, `LOCAL_MTS`, `SVPN`, `SMCASB`, `SMFALCONUI`, `MOBILEAPP_REG`, `SMRESTSVR`,
-`FALCONCA`, `MOBILEAPP_NF`, `ZIRSVR`, `SMEDGEUI`, `ALERTEVAL`, `ALERTNOTIF`, `SMPARTNERUI`, `CQM`, `DATAKEEPER`,
-`SMBAM`, `ZWACLT`
+* `id` - System-generated Virtual Service Edge cluster ID
+* `cluster_id` - System-generated Virtual Service Edge cluster ID
+* `name` - Name of the Virtual Service Edge cluster
+* `status` - Specifies the status of the Virtual Service Edge cluster. The status is set to ENABLED by default
+* `type` - The Virtual Service Edge cluster type. Supported values: `ANY`, `NONE`, `SME`, `SMSM`, `SMCA`, `SMUI`, `SMCDS`, `SMDNSD`, `SMAA`, `SMTP`, `SMQTN`, `VIP`, `UIZ`, `UIAE`, `SITEREVIEW`, `PAC`, `S_RELAY`, `M_RELAY`, `H_MON`, `SMIKE`, `NSS`, `SMEZA`, `SMLB`, `SMFCCLT`, `SMBA`, `SMBAC`, `SMESXI`, `SMBAUI`, `VZEN`, `ZSCMCLT`, `SMDLP`, `ZSQUERY`, `ADP`, `SMCDSDLP`, `SMSCIM`, `ZSAPI`, `ZSCMCDSSCLT`, `LOCAL_MTS`, `SVPN`, `SMCASB`, `SMFALCONUI`, `MOBILEAPP_REG`, `SMRESTSVR`, `FALCONCA`, `MOBILEAPP_NF`, `ZIRSVR`, `SMEDGEUI`, `ALERTEVAL`, `ALERTNOTIF`, `SMPARTNERUI`, `CQM`, `DATAKEEPER`, `SMBAM`, `ZWACLT`
+* `ip_sec_enabled` - A Boolean value that specifies whether to terminate IPSec traffic from the client at selected Virtual Service Edge instances for the Virtual Service Edge cluster
+* `ip_address` - The Virtual Service Edge cluster IP address
+* `subnet_mask` - The Virtual Service Edge cluster subnet mask
+* `default_gateway` - The IP address of the default gateway to the internet
+* `virtual_zen_nodes` - List of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ECZPA forwarding method (used for Zscaler Cloud Connector)
@@ -0,0 +1,52 @@
+---
+subcategory: "Virtual Service Edges"
+layout: "zscaler"
+page_title: "ZIA: virtual_service_edge_node"
+description: |-
+    Official documentation https://help.zscaler.com/zia/about-virtual-service-edges
+    API documentation https://help.zscaler.com/zia/service-edges#/virtualZenNodes-post
+   Retrieves a list of ZIA Virtual Service Edge nodes.
+---
+
+# zia_virtual_service_edge_node (Data Source)
+
+* [Official documentation](https://help.zscaler.com/zia/about-virtual-service-edges)
+* [API documentation](https://help.zscaler.com/zia/service-edges#/virtualZenNodes-post)
+
+Use the **zia_virtual_service_edge_node** data source to get information about a Virtual Service Edge Node for the specified `Name` or `ID`
+
+## Example Usage
+
+```hcl
+data "zia_virtual_service_edge_node" "this"{
+    name = "VSENode01"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `id` - (Optional) System-generated Virtual Service Edge cluster ID
+* `name` - (Optional) Name of the Virtual Service Edge cluster
+
+## Attributes Reference
+
+In addition to the arguments above, the following attributes are exported:
+
+* `id` - System-generated Virtual Service Edge cluster ID
+* `name` - Name of the Virtual Service Edge cluster
+* `status` - Specifies the status of the Virtual Service Edge cluster. The status is set to ENABLED by default
+* `type` - The Virtual Service Edge cluster type
+* `ip_sec_enabled` - A Boolean value that specifies whether to terminate IPSec traffic from the client at selected Virtual Service Edge instances for the Virtual Service Edge cluster
+* `ip_address` - The Virtual Service Edge cluster IP address
+* `subnet_mask` - The Virtual Service Edge cluster subnet mask
+* `default_gateway` - The IP address of the default gateway to the internet
+* `zgateway_id` - The Zscaler service gateway ID
+* `in_production` - Represents the Virtual Service Edge instances deployed for production purposes
+* `on_demand_support_tunnel_enabled` - A Boolean value that indicates whether or not the On-Demand Support Tunnel is enabled
+* `establish_support_tunnel_enabled` - A Boolean value that indicates whether or not a support tunnel for Zscaler Support is enabled
+* `load_balancer_ip_address` - The IP address of the load balancer. This field is applicable only when the 'deploymentMode' field is set to CLUSTER
+* `deployment_mode` - Specifies the deployment mode. Select either STANDALONE or CLUSTER if you have the VMware ESXi platform. Otherwise, select only STANDALONE
+* `cluster_name` - Virtual Service Edge cluster name
+* `vzen_sku_type` - The Virtual Service Edge SKU type. Supported Values: SMALL, MEDIUM, LARGE
@@ -12,10 +12,36 @@ description: |-
 Track all ZIA Terraform provider's releases. New resources, features, and bug fixes will be tracked here.
 
 ---
-``Last updated: v4.4.12``
+``Last updated: v4.5.0``
 
 ---
 
+## 4.5.0 (September, xx 2025)
+
+### Notes
+
+- Release date: **(September, xx 2025)**
+- Supported Terraform version: **v1.x**
+
+### NEW - DATA SOURCE AND RESOURCES
+
+The following new resources have been introduced:
+
+- [PR #479](https://github.com/zscaler/terraform-provider-zia/pull/479) - Added new datasource resource `zia_virtual_service_edge_node` - Retrieves the Virtual Service Edge Nodes (VZEN) configured in the ZIA Admin Portal. This data source can be used to set the corresponding node when configuring the resource `zia_virtual_service_edge_cluster`.
+
+### Enhancements
+
+- [PR #479](https://github.com/zscaler/terraform-provider-zia/pull/479) - Added new `MATCHON_ATLEAST_1` option for `secondary_field_match_on` attribute in `exact_data_match_details` block for the resource `zia_dlp_dictionaries`.
+
+- [PR #479](https://github.com/zscaler/terraform-provider-zia/pull/479) - Enhanced: Standardized reorder logic across all rule-based resources to use consistent OrderRule struct pattern with proper Order and Rank handling.
+  - Updated 12 rule-based resources to use reorderWithBeforeReorder function with OrderRule{Order, Rank} struct
+  - Added optimization checks to avoid unnecessary updates when order is already correct
+  - Improved error handling in reorder functions across all resources
+  - Maintained backward compatibility while ensuring consistent reordering behavior
+  - Special handling for resources without rank support (CASB malware rules) using Rank: 0
+
+Resources updated: `zia_url_filtering_rules`, `zia_nat_control_rules`, `zia_ssl_inspection_rules`, `zia_dlp_web_rules`, `zia_file_type_control_rules`, `zia_firewall_dns_rules`, `zia_firewall_ips_rules`, `zia_bandwidth_control_rules`, `zia_casb_dlp_rules`, `zia_cloud_app_control_rules`, `zia_sandbox_rules`, `zia_casb_malware_rules`.
+
 ## 4.4.12 (September, 9 2025)
 
 ### Notes