Envoy

This release primarily focuses on security updates, resolving a critical dependency CVE in c-ares that could cause Envoy to crash under specific DNS conditions.

This patch release primarily addresses a security vulnerability in the c-ares dependency related to a use-after-free bug that could cause Envoy to crash under specific DNS conditions.

This patch release primarily addresses a security vulnerability (CVE-2025-0913) in the c-ares dependency related to DNS handling, which could cause Envoy to crash.

This release primarily focuses on security updates, resolving a critical CVE in the c-ares dependency related to a use-after-free vulnerability in DNS handling.

This release (v1.36.3) focuses entirely on critical security fixes addressing vulnerabilities related to JWT configuration, TLS certificate matching, and request smuggling.

This patch release (v1.35.7) focuses primarily on addressing three critical security vulnerabilities related to JWT authentication, TLS certificate matching, and request smuggling.

This patch release focuses entirely on critical security fixes, addressing three distinct CVEs related to JWT authentication, TLS certificate matching, and request smuggling.

This patch release focuses on critical security fixes addressing crashes related to JWT authentication, TLS certificate matching, and potential request smuggling vulnerabilities.

This release is a security update (CVE-2025-62504) that resolves a crash issue related to Lua filters handling large response bodies.

This is a security release (v1.35.6) that patches a critical vulnerability (CVE-2025-62504) related to Lua filter handling of large response bodies.

This is a security maintenance release addressing a crash vulnerability (CVE-2025-62504) related to Lua filter handling of large response bodies.

This release addresses a security vulnerability (CVE-2025-62504) by fixing a crash related to Lua filters handling large response bodies.

This is a security update (v1.36.1) that addresses a crash vulnerability in the TCP connection pool (CVE-2025-62409).

This is a security release addressing CVE-2025-62409 by fixing a crash vulnerability within the TCP connection pool.

This is a security release addressing CVE-2025-62409 by fixing a crash vulnerability in the TCP connection pool.

This release primarily contains a security update addressing a crash vulnerability in the TCP connection pool (CVE-2025-62409).

This release introduces significant improvements to HTTP/2 memory safety defaults, enhances external processing (ext_authz) capabilities, and adds various observability and networking features. Numerous bugs related to TLS, DNS caching, and proxy timeouts have also been resolved.

This release focuses primarily on security updates, resolving several known CVEs across dependencies including fips/go, luajit, and kafka.

This release focuses on security updates, resolving several known CVEs in underlying dependencies including curl, gRPC, luajit, and kafka.

This release focuses on security updates, resolving several dependency CVEs in curl, gRPC, luajit, and kafka.

This release focuses primarily on security updates, resolving several critical CVEs across dependencies including curl, gRPC, kafka, and wasmtime.

This patch release primarily addresses a security/usability fix in the Docker images by ensuring nonroot execution in distroless builds.

This patch release primarily addresses an issue in the distroless Docker images to ensure nonroot operation. Users should review the linked documentation for full details.

This release primarily addresses a security/usability fix in the Docker images, ensuring that distroless images run as a non-root user.

This release primarily addresses a security/usability fix in the Docker images by ensuring nonroot execution in distroless builds.

This patch release (v1.35.2) focuses on critical security updates, addressing an OAuth cookie issue and a Use-After-Free vulnerability in DNS resolution.

This patch release (v1.34.6) focuses on critical security fixes, addressing an OAuth cookie issue and a UAF vulnerability in DNS resolution.

This release primarily focuses on security improvements, including a fix for an OAuth cookie vulnerability. Users are encouraged to update to benefit from the security patch.

This release primarily contains security fixes, including a patch for an OAuth cookie vulnerability (CVE-2025-55162).

This patch release (v1.35.1) includes assorted bug fixes for ext_proc, TLS inspector, and HTTP listeners, alongside updates to base container images.

This release updates the base images used for the release artifacts and includes assorted bug fixes for the TLS inspector and HTTP listeners.

This patch release updates the base images used for the release artifacts and includes assorted bug fixes for the TLS inspector and HTTP listeners.

This release updates the base images (Ubuntu and distroless) and includes assorted bug fixes for the TLS inspector and HTTP listeners.

This release focuses on updating underlying components, specifically v8 and wasmtime in the Wasm environment, to resolve reported CVEs.

This patch release focuses on security updates by upgrading v8 and wasmtime dependencies used in Wasm components.

This release primarily focuses on security updates for Wasm builds by updating the underlying v8 engine to resolve known CVEs.

This release introduces significant new features across authentication, load balancing, and observability, while also upgrading the build system to C++20 and resolving several security and stability issues.

This patch release addresses several critical bugs across TLS, HTTP/2, and Observability components, and includes updated container images.

This patch release fixes several bugs related to TLS connection caching, Dynatrace sampling, and container image permissions. Container images have also been updated.

This release addresses a division by zero bug in the Dynatrace sampling controller and fixes permissions issues related to the distroless configuration directory. Container images have also been updated.

This release addresses a division by zero bug in the Dynatrace sampling controller and fixes permissions issues in the distroless configuration directory.

This release primarily focuses on updating the container image to resolve glibc vulnerabilities and includes assorted fixes.

This release primarily focuses on updating the container image to resolve glibc vulnerabilities and includes assorted fixes.

This release primarily focuses on updating the container image to resolve glibc vulnerabilities and includes assorted fixes.

This release primarily focuses on updating the container image to resolve glibc vulnerabilities and includes assorted fixes.

This patch release primarily addresses a security vulnerability related to RBAC uri_template permissions and includes assorted minor build fixes.

This patch release (v1.33.3) primarily addresses a security vulnerability related to RBAC uri_template permissions (CVE-2025-46821).

Release v1.32.6 addresses a critical security vulnerability related to RBAC uri_template permission bypass (CVE-2025-46821).

This patch release (v1.31.8) primarily addresses a security vulnerability related to RBAC uri_template permissions (CVE-2025-46821).

This release introduces significant new features like dynamic module loading and io_uring support, alongside numerous performance improvements and critical security fixes addressing CVE-2025-30157 and CVE-2025-31498.

This release primarily focuses on container updates for Envoy version 1.33.2.

This release primarily focuses on container updates for Envoy version v1.32.5.

This release primarily focuses on container updates and fixes.

This release primarily focuses on container updates and fixes.

Envoy v1.33.1 is a patch release that fixes a security vulnerability (CVE-2025-30157) related to incorrect local replies being sent to the ext_proc server.

Envoy version v1.32.4 addresses a security vulnerability (CVE-2025-30157) by fixing an issue where local replies were incorrectly sent to the ext_proc server.

Envoy v1.31.6 is a patch release that addresses a security vulnerability (CVE-2025-30157) related to incorrect local reply handling for the ext_proc server.

Envoy version v1.30.10 addresses a security vulnerability (CVE-2025-30157) by fixing an issue where local replies were incorrectly sent to the ext_proc server.

This release introduces new features like Wasm VM reload support, improved TLS curve support, and DNS resolver enhancements, while removing deprecated Opencensus tracing support and fixing a c-ares vulnerability.