Skip to content

Commit 9a0cdca

Browse files
publish-envoy[bot]phlax
publish-envoy[bot]
authored and
phlax
committed
repo: Release v1.35.8
**Summary of changes**: * Security updates: Resolve dependency CVEs: - c-ares/CVE-2025-0913: Use after free can crash Envoy due to malfunctioning or compromised DNS. While a potentially severe bug in some cloud environments, this has limited exploitability as any attacker would require control of DNS. Envoy advisory is here GHSA-fg9g-pvc4-776f **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.35.8 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.35.8/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.35.8/version_history/v1.35/v1.35.8 **Full changelog**: v1.35.7...v1.35.8
1 parent 52d139a commit 9a0cdca

File tree

8 files changed

+31
-20
lines changed

8 files changed

+31
-20
lines changed

VERSION.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
1.35.8-dev
1+
1.35.8

changelogs/1.33.14.yaml

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
date: December 9, 2025
2+
3+
bug_fixes:
4+
- area: dns
5+
change: |
6+
Update c-ares to version 1.34.6 to resolve CVE-2025-0913.
7+
8+
Use-after-free in c-ares can crash Envoy via compromised or malfunctioning DNS.
9+
10+
advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-fg9g-pvc4-776f.
11+
12+
new_features:
13+
- area: dns
14+
change: |
15+
Update c-ares to version 1.34.4. This upgrade exposes ``ares_reinit()`` which allows the reinitialization of c-ares channels,
16+
among several other new features, bug-fixes, etc.

changelogs/1.34.12.yaml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
date: December 10, 2025
2+
3+
bug_fixes:
4+
- area: dns
5+
change: |
6+
Update c-ares to version 1.34.6 to resolve CVE-2025-0913.
7+
8+
Use-after-free in c-ares can crash Envoy via compromised or malfunctioning DNS.
9+
10+
advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-fg9g-pvc4-776f.

changelogs/current.yaml

Lines changed: 1 addition & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,25 +1,10 @@
1-
date: Pending
2-
3-
behavior_changes:
4-
# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
5-
6-
minor_behavior_changes:
7-
# *Changes that may cause incompatibilities for some users, but should not for most*
1+
date: December 10, 2025
82

93
bug_fixes:
10-
# *Changes expected to improve the state of the world and are unlikely to have negative effects*
114
- area: dns
125
change: |
136
Update c-ares to version 1.34.6 to resolve CVE-2025-0913.
147
158
Use-after-free in c-ares can crash Envoy via compromised or malfunctioning DNS.
169
1710
advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-fg9g-pvc4-776f.
18-
19-
20-
removed_config_or_runtime:
21-
# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
22-
23-
new_features:
24-
25-
deprecated:

docs/inventories/v1.33/objects.inv

23 Bytes
Binary file not shown.

docs/inventories/v1.34/objects.inv

45 Bytes
Binary file not shown.

docs/inventories/v1.35/objects.inv

82 Bytes
Binary file not shown.

docs/versions.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,6 @@
2626
"1.30": 1.30.11
2727
"1.31": 1.31.10
2828
"1.32": 1.32.13
29-
"1.33": 1.33.13
30-
"1.34": 1.34.11
31-
"1.35": 1.35.6
29+
"1.33": 1.33.14
30+
"1.34": 1.34.12
31+
"1.35": 1.35.7

0 commit comments

Comments
 (0)