Skip to content

Commit d6a11bf

Browse files
publish-envoy[bot]publish-envoy[bot]
authored
[release/v1.34] repo: Release v1.34.6 (#40940)
Created by Envoy publish bot for @yanavlasov **Summary of changes**: * Security fixes: - Fix for OAuth cookie issue [CVE-2025-55162](GHSA-95j4-hw7f-v2rh). - Fix UAF in DNS resolution [CVE-2025-54588](GHSA-g9vw-6pvx-7gmw). **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.34.6 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.34.6/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.34.6/version_history/v1.34/v1.34.6 **Full changelog**: v1.34.5...v1.34.6 Co-authored-by: publish-envoy[bot] <140627008+publish-envoy[bot]@users.noreply.github.com>
1 parent 1bb414f commit d6a11bf

8 files changed

Lines changed: 19 additions & 19 deletions

File tree

VERSION.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
1.34.6-dev
1+
1.34.6

changelogs/1.32.11.yaml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
date: September 2, 2025
2+
3+
bug_fixes:
4+
- area: oauth2
5+
change: |
6+
Fixed an issue where cookies prefixed with ``__Secure-`` or ``__Host-`` were not receiving a
7+
Secure attribute (`CVE-2025-55162 <https://github.com/envoyproxy/envoy/security/advisories/GHSA-95j4-hw7f-v2rh>`_).

changelogs/1.33.8.yaml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
date: September 2, 2025
2+
3+
bug_fixes:
4+
- area: oauth2
5+
change: |
6+
Fixed an issue where cookies prefixed with ``__Secure-`` or ``__Host-`` were not receiving a
7+
Secure attribute.

changelogs/current.yaml

Lines changed: 1 addition & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,6 @@
1-
date: Pending
2-
3-
behavior_changes:
4-
# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
5-
6-
minor_behavior_changes:
7-
# *Changes that may cause incompatibilities for some users, but should not for most*
1+
date: September 2, 2025
82

93
bug_fixes:
10-
# *Changes expected to improve the state of the world and are unlikely to have negative effects*
114
- area: oauth2
125
change: |
136
Fixed an issue where cookies prefixed with ``__Secure-`` or ``__Host-`` were not receiving a
@@ -16,10 +9,3 @@ bug_fixes:
169
change: |
1710
Fixed an UAF in DNS cache that can occur when the Host header is modified between the Dynamic Forwarding and Router
1811
filters.
19-
20-
removed_config_or_runtime:
21-
# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
22-
23-
new_features:
24-
25-
deprecated:

docs/inventories/v1.32/objects.inv

29 Bytes
Binary file not shown.

docs/inventories/v1.33/objects.inv

40 Bytes
Binary file not shown.

docs/inventories/v1.34/objects.inv

48 Bytes
Binary file not shown.

docs/versions.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,6 @@
2525
"1.29": 1.29.12
2626
"1.30": 1.30.11
2727
"1.31": 1.31.10
28-
"1.32": 1.32.10
29-
"1.33": 1.33.7
30-
"1.34": 1.34.4
28+
"1.32": 1.32.11
29+
"1.33": 1.33.8
30+
"1.34": 1.34.5

0 commit comments

Comments
 (0)