Skip to content

Update dependency envoyproxy/envoy to v1.35.0 #12598

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 24, 2025
Merged

Update dependency envoyproxy/envoy to v1.35.0 #12598

merged 1 commit into from
Jul 24, 2025

Conversation

gardener-ci-robot
Copy link
Contributor

@gardener-ci-robot gardener-ci-robot commented Jul 23, 2025
edited
Loading

This PR contains the following updates:

Package Update Change
envoyproxy/envoy minor v1.34.3 -> v1.35.0

Release Notes

envoyproxy/envoy (envoyproxy/envoy)

v1.35.0

Compare Source

Summary of changes:

  • Security:

    • Fixed TLS inspector handling of client hello messages larger than 16KB.
    • Fixed bug where empty trusted CA files were accepted, causing validation of any certificate chain.

  • Build:

    • Major: Upgraded to C++20, enabling modern C++ features throughout the codebase.
    • Consolidated clang/gcc toolchains using --config=clang or --config=gcc.
    • Breaking: Removed grpc_credentials/aws_iam extension and contrib squash filter.

  • HTTP:

    • Added x-envoy-original-host header to record original host values before mutation.
    • Added HTTP/3 pseudo header validation (disable via envoy.restart_features.validate_http3_pseudo_headers).
    • Fixed HTTP/1 parser to properly handle newlines between requests per RFC 9112.
    • Added request/response trailer mutations support in header mutation filter.

  • Load balancing:

    • Added override host load balancing policy.
    • Added hash policy configuration directly to ring hash and maglev load balancers.
    • Added matcher-based cluster specifier plugin for dynamic cluster selection.

  • External processing:

    • Added FULL_DUPLEX_STREAMED body mode for bidirectional streaming.
    • Implemented graceful gRPC side stream closing with timeout.
    • Added per-route failure_mode_allow override support.

  • Wasm:

    • Update v8 and wasmtime dependencies to resolve multiple CVEs

  • Authentication:

    • Added OAuth2 token encryption, configurable token expiration, and OIDC logout support.
    • Added API key auth filter with forwarding configuration.
    • Added AWS IAM Roles Anywhere support.

  • Observability:

    • Added TLS certificate expiration metrics.
    • Enhanced transport tap with streaming trace capability.
    • Added JA4 fingerprinting to TLS inspector.
    • Added TCP tunneling access log substitution strings.

  • New features:

    • Dynamic modules: Added support for LocalityLbEndpoints metadata and SSL connection info attributes.
    • Stateful session cookie attributes and envelope mode support.
    • Redis proxy AWS IAM authentication and scan/info command support.
    • Lua filter access to filter context and typed metadata.
    • ServerNameMatcher for trie-based domain matching.

  • Notable fixes:

    • Fixed Wasm hang after VM crash in request callbacks.
    • Fixed Lua filter crash when removing status header.
    • Fixed connection pool capacity calculation issues.
    • Improved TCP proxy retry logic to avoid connection issues.

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.35.0
Docs:
https://www.envoyproxy.io/docs/envoy/v1.35.0/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.35.0/version\_history/v1.35/v1.35.0
Full changelog:
envoyproxy/envoy@v1.34.0...v1.35.0

Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Rohit Agrawal rohit.agrawal@databricks.com

v1.34.4

Compare Source

repo: Release v1.34.4

Summary of changes:

  • Wasm:
    • Update v8 and wasmtime to resolve CVEs.

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.34.4
Docs:
https://www.envoyproxy.io/docs/envoy/v1.34.4/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.34.4/version\_history/v1.34/v1.34.4
Full changelog:
envoyproxy/envoy@v1.34.3...v1.34.4

Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Rohit Agrawal rohit.agrawal@databricks.com

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

Release note:

The following dependencies have been updated:
- `envoyproxy/envoy` from `v1.34.3` to `v1.35.0`. [Release Notes](https://redirect.github.com/envoyproxy/envoy/releases/tag/v1.35.0)

@gardener-ci-robot gardener-ci-robot added the kind/enhancement Enhancement, improvement, extension label Jul 23, 2025
@gardener-prow gardener-prow bot added cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 23, 2025
@gardener-prow gardener-prow bot requested review from ary1992 and shafeeqes July 23, 2025 19:16
@marc1404
Copy link
Member

/retest

@marc1404 marc1404 mentioned this pull request Jul 24, 2025
Merged
@oliver-goetz
Copy link
Member

/retest

After gardener/ci-infra#4187 has been merged.

marc1404
marc1404 reviewed Jul 24, 2025
View reviewed changes
Copy link
Member

@marc1404 marc1404 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@gardener-prow gardener-prow bot added the lgtm Indicates that a PR is ready to be merged. label Jul 24, 2025
@gardener-prow Gardener Prow
Copy link
Contributor

gardener-prow bot commented Jul 24, 2025

LGTM label has been added.

Git tree hash: b6547b3c488730d2478fab687ca2ddbe4810c547

@gardener-prow Gardener Prow
Copy link
Contributor

gardener-prow bot commented Jul 24, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: marc1404

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@gardener-prow gardener-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 24, 2025
@marc1404 marc1404 mentioned this pull request Jul 24, 2025
Closed
1 task
@gardener-prow gardener-prow bot merged commit b5ea5b2 into master Jul 24, 2025
21 checks passed
@gardener-prow gardener-prow bot deleted the renovate/envoyproxy-envoy-1.x branch July 24, 2025 15:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marc1404 marc1404 marc1404 left review comments

@ary1992 ary1992 Awaiting requested review from ary1992

@shafeeqes shafeeqes Awaiting requested review from shafeeqes

Assignees

@marc1404 marc1404

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. kind/enhancement Enhancement, improvement, extension lgtm Indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gardener-ci-robot @marc1404 @oliver-goetz