Release Announcement
Check out the v1.2.7 release announcement to learn more about the release.
Security updates
- Fixed CVE-2025-25294: log injection vulnerability in Envoy Gateway when using default access log.
Bug fixes
- Fixed translating of backendSettings for extAuth.
- Fixed allowing weights to be zero on endpoints for backendRefs in TCPRoute and UDPRoute.
- Fixed validation of all xDS resources before sending them to the Envoy fleet.
- Added support for Secret and ConfigMap parsing in Standalone mode.
Other changes
- Bumped the version of the ratelimit image to ae4cee11.
What's Changed
- [release/v1.2] chore: fix gen (#5166) by @arkodg in #5273
- release: v1.2.7 by @zhaohuabing in #5410
Full Changelog: v1.2.6...v1.2.7