Skip to content

Commit c0cf6bc

Browse files
phlaxphlax
committed
changelogs: Add release summary 1.37.1
Signed-off-by: Ryan Northey <ryan@synca.io>
1 parent 7b24fff commit c0cf6bc

1 file changed

Lines changed: 25 additions & 0 deletions

File tree

changelogs/summary.md

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
**Summary of changes**:
2+
3+
* Security fixes:
4+
- [CVE-2026-26330](https://github.com/envoyproxy/envoy/security/advisories/GHSA-c23c-rp3m-vpg3): ratelimit: fix a bug where response phase limit may result in crash
5+
- [CVE-2026-26308](https://github.com/envoyproxy/envoy/security/advisories/GHSA-ghc4-35x6-crw5): fix multivalue header bypass in rbac
6+
- [CVE-2026-26310](https://github.com/envoyproxy/envoy/security/advisories/GHSA-3cw6-2j68-868p): network: fix crash in getAddressWithPort() when called with a scoped IPv6 address
7+
- [CVE-2026-26309](https://github.com/envoyproxy/envoy/security/advisories/GHSA-56cj-wgg3-x943): json: fixed an off-by-one write that could corrupted the string null terminator
8+
- [CVE-2026-26311](https://github.com/envoyproxy/envoy/security/advisories/GHSA-84xm-r438-86px): http: ensure decode* methods are blocked after a downstream reset
9+
10+
* Bug fixes:
11+
- oauth2: Fixed OAuth2 refresh requests so host rewriting no longer overrides the original `Host` header value.
12+
- ext_proc: Fixed a bug to support two ext_proc filters configured in the chain.
13+
- ext_proc: Fixed message-valued CEL attribute serialization to use protobuf text format instead of debug string output, restoring compatibility with protobuf 30+.
14+
- ext_authz: Fixed headers from denied authorization responses (non-200) not being properly propagated to the client.
15+
- ext_authz: Fixed the HTTP ext_authz client to respect `status_on_error` configuration when the authorization server returns a 5xx error or when HTTP call failures occur.
16+
- access_log: Fixed a crash on listener removal with a process-level access log rate limiter.
17+
18+
* Other changes:
19+
- release: Published contrib binaries now include the `-contrib` suffix in their version string and fixed distroless-contrib images.
20+
- dynamic modules: Introduced extended ABI forward compatibility mechanism for dynamic modules.
21+
22+
* Dependency updates:
23+
- Migrated googleurl source to GitHub (`google/gurl`).
24+
- Updated Kafka test binary to 3.9.2.
25+
- Updated Docker base images.

0 commit comments

Comments
 (0)