v1.6.1
less than a minute
Date: December 05, 2025
Breaking changes
Security updates
- Bumped Envoy to 1.36.3 to incorporate security patches, CVE-2025-64527, CVE-2025-66220, and CVE-2025-64763. Ref https://github.com/envoyproxy/envoy/releases/tag/v1.36.3
New features
Bug fixes
- Fixed xDS snapshot cache to clear snapshots when streams close, preventing proxies from receiving stale configuration after reconnection.
- Fixed configured OIDC authorization endpoint being overridden by discovered endpoints from issuer’s well-known URL.
- Fixed an issue with gateway ownership tracking when running multiple controllers.
- Fixed default namespace handling when namespace is unset.
- Fixed a bug where HTTPRoutes referencing gateways with multiple different GatewayClasses would have incomplete status conditions.
- Fixed gateway status to treat too many addresses as programmed.
- Fix 500 errors caused by partially invalid BackendRefs; traffic is now correctly routed between valid backends and 500 responses according to their configured weights.
Performance improvements
Deprecations
Other changes
- Bumped Gateway API to v1.4.1.
- Bumped golang.org/x/crypto dependency.
- Added disk space reclamation script for CI runners to prevent out-of-disk errors.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.