Updates for tfc-agent release 1.28.11 (#2520)

Author: taimack

content/terraform-docs-agents/v1.28.x/docs/cloud-docs/agents/changelog.mdx

@@ -18,6 +18,31 @@ within each release are categorized into one or more of the following labels:
 Each version below corresponds to a release artifact available for download on
 the official [releases website](https://releases.hashicorp.com/tfc-agent/).
 
+## 1.28.11 (05/27/2026)
+
+BUG FIXES:
+
+* Fixed OPA policy evaluation failing with "could not unmarshal opa output" when enforcement level is mandatory. (#1497)
+* Reject `publish_output` references to sensitive stack outputs at Stack prepare time instead of allowing them to fail later during output aggregation. (#1498)
+
+SECURITY:
+
+* Updated go to 1.26.3 to resolve CVEs (#1494): 
+   - [CVE-2026-42499](https://nvd.nist.gov/vuln/detail/CVE-2026-42499)
+   - [CVE-2026-39836](https://nvd.nist.gov/vuln/detail/CVE-2026-39836)
+   - [CVE-2026-39820](https://nvd.nist.gov/vuln/detail/CVE-2026-39820)
+   - [CVE-2026-33814](https://nvd.nist.gov/vuln/detail/CVE-2026-33814)
+   - [CVE-2026-33811](https://nvd.nist.gov/vuln/detail/CVE-2026-33811)
+   - [CVE-2026-42499](https://nvd.nist.gov/vuln/detail/CVE-2026-42499)
+   - [CVE-2026-39826](https://nvd.nist.gov/vuln/detail/cve-2026-39826)
+   - [CVE-2026-39825](https://nvd.nist.gov/vuln/detail/cve-2026-39825)
+   - [CVE-2026-39823](https://nvd.nist.gov/vuln/detail/CVE-2026-39823)
+
+IMPROVEMENTS:
+
+* Updated go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to v0.68.0 and migrated from deprecated interceptor API to StatsHandler for gRPC instrumentation. (#1482)
+* Updated google.golang.org/api to v0.279.0. (#1486)
+
 ## 1.28.10 (05/13/2026)
 
 BUG FIXES: