Releases: envoyproxy/envoy
v1.36.4
Summary of changes:
-
Security updates:
Resolve dependency CVEs:
- c-ares/CVE-2025-0913:
Use after free can crash Envoy due to malfunctioning or compromised DNS.
- c-ares/CVE-2025-0913:
While a potentially severe bug in some cloud environments, this has limited exploitability
as any attacker would require control of DNS.
Envoy advisory is here GHSA-fg9g-pvc4-776f
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.36.4
Docs:
https://www.envoyproxy.io/docs/envoy/v1.36.4/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.36.4/version_history/v1.36/v1.36.4
Full changelog:
v1.36.3...v1.36.4
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com
v1.35.8
Summary of changes:
-
Security updates:
Resolve dependency CVEs:
- c-ares/CVE-2025-0913:
Use after free can crash Envoy due to malfunctioning or compromised DNS.
- c-ares/CVE-2025-0913:
While a potentially severe bug in some cloud environments, this has limited exploitability
as any attacker would require control of DNS.
Envoy advisory is here GHSA-fg9g-pvc4-776f
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.35.8
Docs:
https://www.envoyproxy.io/docs/envoy/v1.35.8/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.35.8/version_history/v1.35/v1.35.8
Full changelog:
v1.35.7...v1.35.8
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com
v1.34.12
Summary of changes:
-
Security updates:
Resolve dependency CVEs:
- c-ares/CVE-2025-0913:
Use after free can crash Envoy due to malfunctioning or compromised DNS.
- c-ares/CVE-2025-0913:
While a potentially severe bug in some cloud environments, this has limited exploitability
as any attacker would require control of DNS.
Envoy advisory is here GHSA-fg9g-pvc4-776f
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.34.12
Docs:
https://www.envoyproxy.io/docs/envoy/v1.34.12/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.34.12/version_history/v1.34/v1.34.12
Full changelog:
v1.34.11...v1.34.12
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com
v1.33.14
Summary of changes:
-
Security updates:
Resolve dependency CVEs:
- c-ares/CVE-2025-0913:
Use after free can crash Envoy due to malfunctioning or compromised DNS.
- c-ares/CVE-2025-0913:
While a potentially severe bug in some cloud environments, this has limited exploitability
as any attacker would require control of DNS.
Envoy advisory is here GHSA-fg9g-pvc4-776f
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.33.14
Docs:
https://www.envoyproxy.io/docs/envoy/v1.33.14/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.33.14/version_history/v1.33/v1.33.14
Full changelog:
v1.33.13...v1.33.14
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com
v1.36.3
Summary of changes:
- Security fixes:
- CVE-2025-64527: Envoy crashes when JWT authentication is configured with the remote JWKS fetching
- CVE-2025-66220: TLS certificate matcher for
match_typed_subject_alt_namesmay incorrectly treat certificates containing an embedded null byte - CVE-2025-64763: Potential request smuggling from early data after the CONNECT upgrade
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.36.3
Docs:
https://www.envoyproxy.io/docs/envoy/v1.36.3/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.36.3/version_history/v1.36/v1.36.3
Full changelog:
v1.36.2...v1.36.3
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com
v1.35.7
Summary of changes:
- Security fixes:
- CVE-2025-64527: Envoy crashes when JWT authentication is configured with the remote JWKS fetching
- CVE-2025-66220: TLS certificate matcher for
match_typed_subject_alt_namesmay incorrectly treat certificates containing an embedded null byte - CVE-2025-64763: Potential request smuggling from early data after the CONNECT upgrade
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.35.7
Docs:
https://www.envoyproxy.io/docs/envoy/v1.35.7/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.35.7/version_history/v1.35/v1.35.7
Full changelog:
v1.35.6...v1.35.7
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com
v1.34.11
Summary of changes:
- Security fixes:
- CVE-2025-64527: Envoy crashes when JWT authentication is configured with the remote JWKS fetching
- CVE-2025-66220: TLS certificate matcher for
match_typed_subject_alt_namesmay incorrectly treat certificates containing an embedded null byte - CVE-2025-64763: Potential request smuggling from early data after the CONNECT upgrade
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.34.11
Docs:
https://www.envoyproxy.io/docs/envoy/v1.34.11/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.34.11/version_history/v1.34/v1.34.11
Full changelog:
v1.34.10...v1.34.11
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com
v1.33.13
Summary of changes:
- Security fixes:
- CVE-2025-64527: Envoy crashes when JWT authentication is configured with the remote JWKS fetching
- CVE-2025-66220: TLS certificate matcher for
match_typed_subject_alt_namesmay incorrectly treat certificates containing an embedded null byte - CVE-2025-64763: Potential request smuggling from early data after the CONNECT upgrade
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.33.13
Docs:
https://www.envoyproxy.io/docs/envoy/v1.33.13/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.33.13/version_history/v1.33/v1.33.13
Full changelog:
v1.33.12...v1.33.13
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com
v1.36.2
Summary of changes:
-
Security update:
- CVE-2025-62504: A crash that occurs when Lua filters handle a sufficiently large response body
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.36.2
Docs:
https://www.envoyproxy.io/docs/envoy/v1.36.2/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.36.2/version_history/v1.36/v1.36.2
Full changelog:
v1.36.1...v1.36.2
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com
v1.35.6
Summary of changes:
-
Security update:
- CVE-2025-62504: A crash that occurs when Lua filters handle a sufficiently large response body
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.35.6
Docs:
https://www.envoyproxy.io/docs/envoy/v1.35.6/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.35.6/version_history/v1.35/v1.35.6
Full changelog:
v1.35.5...v1.35.6
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com