Releases: envoyproxy/envoy
v1.36.3
Summary of changes:
- Security fixes:
- CVE-2025-64527: Envoy crashes when JWT authentication is configured with the remote JWKS fetching
- CVE-2025-66220: TLS certificate matcher for
match_typed_subject_alt_namesmay incorrectly treat certificates containing an embedded null byte - CVE-2025-64763: Potential request smuggling from early data after the CONNECT upgrade
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.36.3
Docs:
https://www.envoyproxy.io/docs/envoy/v1.36.3/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.36.3/version_history/v1.36/v1.36.3
Full changelog:
v1.36.2...v1.36.3
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com
v1.35.7
Summary of changes:
- Security fixes:
- CVE-2025-64527: Envoy crashes when JWT authentication is configured with the remote JWKS fetching
- CVE-2025-66220: TLS certificate matcher for
match_typed_subject_alt_namesmay incorrectly treat certificates containing an embedded null byte - CVE-2025-64763: Potential request smuggling from early data after the CONNECT upgrade
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.35.7
Docs:
https://www.envoyproxy.io/docs/envoy/v1.35.7/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.35.7/version_history/v1.35/v1.35.7
Full changelog:
v1.35.6...v1.35.7
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com
v1.34.11
Summary of changes:
- Security fixes:
- CVE-2025-64527: Envoy crashes when JWT authentication is configured with the remote JWKS fetching
- CVE-2025-66220: TLS certificate matcher for
match_typed_subject_alt_namesmay incorrectly treat certificates containing an embedded null byte - CVE-2025-64763: Potential request smuggling from early data after the CONNECT upgrade
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.34.11
Docs:
https://www.envoyproxy.io/docs/envoy/v1.34.11/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.34.11/version_history/v1.34/v1.34.11
Full changelog:
v1.34.10...v1.34.11
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com
v1.33.13
Summary of changes:
- Security fixes:
- CVE-2025-64527: Envoy crashes when JWT authentication is configured with the remote JWKS fetching
- CVE-2025-66220: TLS certificate matcher for
match_typed_subject_alt_namesmay incorrectly treat certificates containing an embedded null byte - CVE-2025-64763: Potential request smuggling from early data after the CONNECT upgrade
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.33.13
Docs:
https://www.envoyproxy.io/docs/envoy/v1.33.13/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.33.13/version_history/v1.33/v1.33.13
Full changelog:
v1.33.12...v1.33.13
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com
v1.36.2
Summary of changes:
-
Security update:
- CVE-2025-62504: A crash that occurs when Lua filters handle a sufficiently large response body
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.36.2
Docs:
https://www.envoyproxy.io/docs/envoy/v1.36.2/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.36.2/version_history/v1.36/v1.36.2
Full changelog:
v1.36.1...v1.36.2
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com
v1.35.6
Summary of changes:
-
Security update:
- CVE-2025-62504: A crash that occurs when Lua filters handle a sufficiently large response body
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.35.6
Docs:
https://www.envoyproxy.io/docs/envoy/v1.35.6/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.35.6/version_history/v1.35/v1.35.6
Full changelog:
v1.35.5...v1.35.6
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com
v1.34.10
Summary of changes:
-
Security update:
- CVE-2025-62504: A crash that occurs when Lua filters handle a sufficiently large response body
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.34.10
Docs:
https://www.envoyproxy.io/docs/envoy/v1.34.10/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.34.10/version_history/v1.34/v1.34.10
Full changelog:
v1.34.9...v1.34.10
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com
v1.33.12
Summary of changes:
-
Security update:
- CVE-2025-62504: A crash that occurs when Lua filters handle a sufficiently large response body
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.33.12
Docs:
https://www.envoyproxy.io/docs/envoy/v1.33.12/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.33.12/version_history/v1.33/v1.33.12
Full changelog:
v1.33.11...v1.33.12
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com
v1.36.1
Summary of changes:
-
Security update:
- CVE-2025-62409: Fix a crash in the TCP connection pool
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.36.1
Docs:
https://www.envoyproxy.io/docs/envoy/v1.36.1/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.36.1/version_history/v1.36/v1.36.1
Full changelog:
v1.36.0...v1.36.1
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com
v1.35.5
Summary of changes:
-
Security update:
- CVE-2025-62409: Fix a crash in the TCP connection pool
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.35.5
Docs:
https://www.envoyproxy.io/docs/envoy/v1.35.5/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.35.5/version_history/v1.35/v1.35.5
Full changelog:
v1.35.4...v1.35.5
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com