RATATOSKRATATOSK
Sign in

Contour

v1.32.4Networking & Messaging
Mar 24, 2026

Contour v1.32.4 is a security/stability patch bumping Envoy to v1.34.13 and grpc-go to v1.79.3 (CVE-2026-33186), with a minor manifest cleanup.

  • securityUpgrade for the Envoy security fixes

    The Envoy bump to v1.34.13 is the real reason to update here. Envoy releases in this range carry security fixes — check the Envoy v1.34.13 changelog directly to understand which CVEs apply to your traffic patterns. The grpc-go CVE-2026-33186 does not affect Contour, but upgrading still gets you the fix in the dependency graph. Plan a rolling upgrade now rather than waiting.

  • breakingCheck custom manifests that reference Envoy hostPort 8002

    The example manifests removed hostPort 8002 from the Envoy metrics container. If your deployment pipelines diff against or are derived from the upstream example manifests, this change will appear as a diff. More importantly, if you have firewall rules, monitoring scrapers, or Prometheus scrape configs targeting that host port directly, verify they still reach the metrics endpoint through an alternative path (e.g., ClusterIP Service or pod IP) before upgrading.

Key changes (3)

  • Envoy updated to v1.34.13 for security vulnerability fixes and stability improvements
  • grpc-go updated to v1.79.3, patching CVE-2026-33186 (Contour itself is not affected by this CVE)
  • Removed hostPort 8002 from Envoy metrics in example manifests