v1.7.1
2 minute read
Date: March 12, 2026
Breaking changes
Security updates
- Bump golang to
1.25.8for security fixes to the go command and thecrypto/tlspackage. - Bump Envoy Proxy image to v1.37.1 for fixing several security issues and bug fixes. For more details, please refer to the Envoy Proxy v1.37.1 release notes.
- Bump Envoy ratelimit image to
c8765e89with security fixes for Go.
New features
Bug fixes
- Fixed an issue where specifying Value in ConnectionLimit was not optional. It now uses the Envoy default value if absent.
- Fixed route and policy status aggregation across multiple GatewayClasses managed by the same controller, so resources preserve status from all relevant parents and ancestors instead of being overwritten by the last processed GatewayClass.
- Fixed an issue where endpoint hostname was not respected when doing an active health check.
- Fixed an issue where computeHosts did not work when both listener and route had wildcard hostnames.
- Fixed local object reference resolution from parent policy in merged BackendTrafficPolicies.
- Fixed XListenerSet not allowing xRoutes from the same namespace when configured to allow them.
- Fixed API key authentication dropping non-first client IDs when credential Secrets contain multiple keys.
- Fixed an issue where SecurityPolicy route-target status included unmanaged Gateway parents when HTTPRoute had mixed parentRefs.
- Fixed an issue where ratelimit ConfigMap and HPA were not automatically cleaned up when the parent envoy-gateway Deployment was deleted.
Performance improvements
Deprecations
Other changes
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.