Release Announcement
Check out the v1.2.8 release announcement to learn more about the release.
Security updates
- Fixed vulnerability CVE-2025-30157, where local replies were incorrectly sent to the ext_proc server.
- Included ratelimit security fixes related to the golang net/http package.
Bug fixes
- Added support for BackendTLSPolicy and EnvoyExtensionPolicy parsing in Standalone mode.
- Fixed endpoint updates when mirrored backend Pod IPs change.
- Fix not logging an error and returning it in the K8s Reconcile method when a GatewayClass is not accepted.
- Fixed validation of host header in RequestHeaderModifier filter.
- Fixed an OpenTelemetry access log sink failure caused by an 'otel.Text is nil' error.
Performance improvements
- Added a cache for the Wasm OCI image permission checks and check the pullSecrets against the OCI image registry in a background goroutine.
Other changes
- Bumped envoy to v1.32.4.
- Bumped ratelimit to 0141a24f.
What's Changed
- [release/v1.2.8] cherry pick by @zhaohuabing in #5566
Full Changelog: v1.2.7...v1.2.8