Summary of changes:
-
Security updates:
Resolve dependency CVEs:
- c-ares/CVE-2025-0913:
Use after free can crash Envoy due to malfunctioning or compromised DNS.
- c-ares/CVE-2025-0913:
While a potentially severe bug in some cloud environments, this has limited exploitability
as any attacker would require control of DNS.
Envoy advisory is here GHSA-fg9g-pvc4-776f
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.34.12
Docs:
https://www.envoyproxy.io/docs/envoy/v1.34.12/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.34.12/version_history/v1.34/v1.34.12
Full changelog:
v1.34.11...v1.34.12
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com