Summary of changes:
-
Security updates:
Resolve dependency CVEs:
- c-ares/CVE-2025-0913:
Use after free can crash Envoy due to malfunctioning or compromised DNS.
- c-ares/CVE-2025-0913:
While a potentially severe bug in some cloud environments, this has limited exploitability
as any attacker would require control of DNS.
Envoy advisory is here GHSA-fg9g-pvc4-776f
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.35.8
Docs:
https://www.envoyproxy.io/docs/envoy/v1.35.8/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.35.8/version_history/v1.35/v1.35.8
Full changelog:
v1.35.7...v1.35.8
Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com