repo: Release v1.34.12

publish-envoy[bot] · phlax · commit 5251fec52ee0 · 2025-12-10T10:38:33.000Z
**Summary of changes**: * Security updates: Resolve dependency CVEs: - c-ares/CVE-2025-0913: Use after free can crash Envoy due to malfunctioning or compromised DNS. While a potentially severe bug in some cloud environments, this has limited exploitability as any attacker would require control of DNS. Envoy advisory is here GHSA-fg9g-pvc4-776f **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.34.12 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.34.12/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.34.12/version_history/v1.34/v1.34.12 **Full changelog**: v1.34.11...v1.34.12
diff --git a/VERSION.txt b/VERSION.txt
@@ -1 +1 @@
-1.34.12-dev
+1.34.12
diff --git a/changelogs/1.33.14.yaml b/changelogs/1.33.14.yaml
@@ -0,0 +1,16 @@
+date: December 9, 2025
+
+bug_fixes:
+- area: dns
+  change: |
+    Update c-ares to version 1.34.6 to resolve CVE-2025-0913.
+
+    Use-after-free in c-ares can crash Envoy via compromised or malfunctioning DNS.
+
+    advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-fg9g-pvc4-776f.
+
+new_features:
+- area: dns
+  change: |
+    Update c-ares to version 1.34.4. This upgrade exposes ``ares_reinit()`` which allows the reinitialization of c-ares channels,
+    among several other new features, bug-fixes, etc.
diff --git a/changelogs/current.yaml b/changelogs/current.yaml
@@ -1,25 +1,10 @@
-date: Pending
-
-behavior_changes:
-# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
-
-minor_behavior_changes:
-# *Changes that may cause incompatibilities for some users, but should not for most*
+date: December 10, 2025
 
 bug_fixes:
-# *Changes expected to improve the state of the world and are unlikely to have negative effects*
 - area: dns
   change: |
     Update c-ares to version 1.34.6 to resolve CVE-2025-0913.
 
     Use-after-free in c-ares can crash Envoy via compromised or malfunctioning DNS.
 
     advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-fg9g-pvc4-776f.
-
-
-removed_config_or_runtime:
-# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
-
-new_features:
-
-deprecated:
diff --git a/docs/inventories/v1.33/objects.inv b/docs/inventories/v1.33/objects.inv
diff --git a/docs/inventories/v1.34/objects.inv b/docs/inventories/v1.34/objects.inv
diff --git a/docs/versions.yaml b/docs/versions.yaml
@@ -26,5 +26,5 @@
 "1.30": 1.30.11
 "1.31": 1.31.10
 "1.32": 1.32.13
-"1.33": 1.33.13
-"1.34": 1.34.10
+"1.33": 1.33.14
+"1.34": 1.34.11
