v1.3.1

less than a minute

Date: March 4, 2025

Breaking changes

Use the envoy JSON formatter for the default access log instead of text formatter.

Security updates

Fixed CVE-2025-25294: log injection vulnerability in Envoy Gateway when using default access log.

New features

Add defaulter for gateway-api resources loading from file to be able to set default values.

Bug fixes

Added support for Secret and ConfigMap parsing in Standalone mode.
Fix translating backendSettings for extAuth.
Fix allowing weights to be zero on endpoints for backendRefs in TCPRoute and UDPRoute.
Fix validation of all xDS resources.
Fix support for empty values in fields with default values in Standalone.

Other changes

Bump golang to 1.23.6.
Bump k8s-io to 1.32.1.
Bump ratelimit to ae4cee11.
Bump golang.org/x/oauth2 to v0.27.0.
Bump golang.org/x/crypto to v0.35.0.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified March 11, 2025: docs: clarify `ExtensionTLS` type (#5154) (3cfe4c2)