RATATOSKRATATOSK
Sign in

etcd

v3.7.0Kubernetes Core
Jul 8, 2026

etcd v3.7.0 is a security release: its one grounded change closes a HIGH-severity CRL enforcement bypass on the gRPC listener that occurs when --listen-client-http-urls is set (GHSA-3wh4-j44w-pg92). The upgrade guide mentions other possible breaking changes, but the provided notes give no detail on them.

  • securityCRL enforcement bypass on gRPC listener fixed

    When --listen-client-http-urls is configured, certificate revocation lists (CRLs) were not enforced on the gRPC listener, allowing connections that should have been rejected by the CRL. Upgrade to v3.7.0 if you rely on CRL enforcement for client or peer authentication (GHSA-3wh4-j44w-pg92).

Key changes (2)

  • Security: CRL enforcement bypass on the gRPC listener fixed when --listen-client-http-urls is configured, rated HIGH (GHSA-3wh4-j44w-pg92)
  • Upgrade guide flags possible breaking changes for v3.7.0, but no specifics are given in the available changelog text