v1.2.8

less than a minute

Date: March 25, 2025

Security updates

Fixed vulnerability CVE-2025-30157, where local replies were incorrectly sent to the ext_proc server.
Included ratelimit security fixes related to the golang net/http package.

Bug fixes

Added support for BackendTLSPolicy and EnvoyExtensionPolicy parsing in Standalone mode.
Fixed endpoint updates when mirrored backend Pod IPs change.
Fix not logging an error and returning it in the K8s Reconcile method when a GatewayClass is not accepted.
Fixed validation of host header in RequestHeaderModifier filter.
Fixed an OpenTelemetry access log sink failure caused by an ‘otel.Text is nil’ error.

Performance improvements

Added a cache for the Wasm OCI image permission checks and check the pullSecrets against the OCI image registry in a background goroutine.

Other changes

Bumped envoy to v1.32.4.
Bumped ratelimit to 0141a24f.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified March 25, 2025: docs: add session persistence for v1.3 (#5599) (4f33df1)