RATATOSKRATATOSK
Sign in

Releases

AI-analyzed release notes for CNCF graduated and incubating projects.

NATS

Networking & MessagingJun 29, 2026

NATS server v2.14.3 is a maintenance release dominated by JetStream, MQTT and clustering bug fixes, with two MQTT fixes closing pre-auth memory exhaustion and panic conditions and one breaking change: JSONP monitoring support has been removed.

  • securityMQTT memory exhaustion and panic fixes

    Applies to servers exposing MQTT. Fixed in v2.14.3: malformed partial CONNECT packets could exhaust pre-auth memory, and a PUBLISH remaining-length underflow could panic the server. Upgrade if you run MQTT, especially with untrusted or public clients.

  • breakingJSONP monitoring support removed

    Applies to deployments relying on JSONP callbacks against monitoring endpoints (e.g. /varz, /connz via callback= param). This is removed in v2.14.3; switch dashboards or scripts to plain JSON polling before upgrading.

  • breakingPermission checks tightened for leaf trace destination and NoAuthUser

    Applies to leaf node setups using Nats-Trace-Dest, and to accounts using NoAuthUser. Fixed in v2.14.3: leaf connections could bypass Nats-Trace-Dest publish permission checks, and NoAuthUser did not enforce connection restrictions. Review permission and NoAuthUser configs after upgrading, since previously permitted traffic may now be denied as intended.

Key changes (7)
  • MQTT fixes for partial CONNECT pre-auth memory exhaustion and a PUBLISH remaining-length underflow panic, both fixed in v2.14.3
  • Permission enforcement tightened: leaf connections no longer bypass Nats-Trace-Dest checks, and NoAuthUser now honors connection restrictions
  • JSONP callback support removed from monitoring endpoints (breaking for any tooling still using it)
  • Large JetStream clustering/Raft reliability batch: meta node data race on shutdown, stream catchup no longer skipped past limits, phantom streams/consumers after meta recovery, Raft membership revert on truncate/snapshot, and related consistency fixes
  • MQTT hardening: rejects subscriptions to internal $MQTT.deliver.pubrel, enforces subscribe deny rules on retained/QoS replay paths, and fixes a WebSocket /mqtt upgrade panic when MQTT is disabled
  • Filestore and memory store corrections: compaction no longer corrupts compressed/encrypted blocks, NumPending overcount fixed for DeliverLastPerSubject, counter stream staging total no longer corrupts
  • Plus roughly two dozen smaller fixes: PROXY/TLS sniffing, gateway CONNECT race, service import tracing across routes, CONNZ/SUBSZ overflow guards, JWT/account claims refresh, and Go updated to 1.26.4
Source

NATS

Networking & MessagingJun 29, 2026

v2.12.12 is a bugfix and hardening release for nats-server, centered on numerous JetStream/Raft data-integrity and panic fixes plus removal of JSONP support from monitoring endpoints. No CVEs are disclosed, but several fixes close memory-exhaustion and panic paths reachable via malformed MQTT input that operators should treat as security-relevant.

  • securityMQTT partial-CONNECT and PUBLISH-underflow crash/DoS fixes

    If you run MQTT, upgrade to fix two memory-exhaustion/panic paths: partial CONNECT packets could exhaust pre-authentication memory, and PUBLISH remaining-length underflow could panic the server. Both are exploitable by unauthenticated clients sending malformed input.

  • securityInteger-overflow panics fixed in monitoring and JetStream usage tracking

    CONNZ/SUBSZ pagination previously could panic on integer overflow, and JetStream remote usage updates could panic on length integer overflow. Operators with large clusters or heavy monitoring polling should upgrade to remove these panic-inducing edge cases.

  • breakingJSONP support removed from monitoring endpoints

    JSONP callback support has been removed from monitoring endpoints in v2.12.12, unconditionally. Any tooling or dashboards that rely on JSONP callbacks against /varz, /connz, or similar endpoints will break and must switch to plain JSON requests.

Key changes (8)
  • JSONP callback support removed from monitoring endpoints (breaking for any tooling still using it)
  • MQTT hardening: partial CONNECT no longer exhausts pre-auth memory, PUBLISH remaining-length underflow no longer panics the server, plus fixes for $MQTT.deliver.pubrel subscription abuse, deny-rule enforcement on retained/QoS replay, and a WebSocket /mqtt upgrade panic when MQTT is disabled
  • Large batch of JetStream/Raft data-integrity fixes: filestore compaction corruption, counter stream staging corruption, meta recovery phantom streams/consumers, raft checkpoint/ApplyCommit correctness, stream catchup desync, and membership revert on truncate/snapshot
  • Panic and integer-overflow fixes in CONNZ/SUBSZ pagination, JetStream remote usage updates, and a nil-pointer panic on startup when the resolver parent directory is missing
  • Multiple panic, fatal-error, and data-race fixes across authentication, routing, monitoring, and clustered request handling
  • Gateway/proxy fixes: race in gateway CONNECT handling, leak in trusted proxy tracking, PROXY protocol detection, TLS sniffing with allow_non_tls, and PROXY v1 address-family parsing
  • Service import replies now deliver across cluster routes, and message tracing works correctly with imports/exports; JWT inherited default permissions and external auth config now refresh correctly on account claim updates
  • Plus routine fixes: quieter per-connection logging, consistent writer options under s2_fast compression, and refactored stream/consumer assignment handling for migrations
Source

Strimzi

Networking & MessagingJun 27, 2026

Strimzi 1.1.0 is a feature release adding Kafka 4.3.0 and 4.2.1 support while dropping Kafka 4.1.x, along with several capability additions. Operators should act on two breaking changes before upgrading: the entity-operator healthcheck port renames and the TLS truststore format switch in KafkaBridge and KafkaMirrorMaker2.

  • breakingEntity-operator healthcheck ports renamed

    The entity-operator healthcheck port `healthcheck` has been renamed to `healthcheck-to` (topic-operator) and `healthcheck-uo` (user-operator). Any custom PodMonitor, ServiceMonitor, NetworkPolicy, or similar resources that reference the old port name must be updated before or immediately after upgrading.

  • breakingKafka 4.1.x support removed

    Kafka 4.1.x is no longer supported in 1.1.0. Clusters running Kafka 4.1.x must be upgraded to 4.2.1 or 4.3.0 before moving to this Strimzi version.

  • breakingTLS truststore format changed to PEM for KafkaBridge and KafkaMirrorMaker2

    KafkaBridge and KafkaMirrorMaker2 now use PEM files instead of P12/JKS for TLS authentication and truststore. Review any tooling or external systems that expect P12/JKS formats from these components.

  • breakingCRD v1 only — older API versions unsupported

    CRD API versions v1beta2, v1beta1, and v1alpha1 are not supported since 1.0.0. If you have not already converted your resources to v1, do so before upgrading to 1.1.0.

Key changes (8)
  • Adds support for Apache Kafka 4.3.0 and 4.2.1; Kafka 4.1.x is removed and no longer supported.
  • Entity-operator healthcheck port names renamed: `healthcheck` is now `healthcheck-to` for the topic-operator and `healthcheck-uo` for the user-operator; update any referencing resources.
  • KafkaBridge and KafkaMirrorMaker2 switch from P12/JKS to PEM for TLS authentication and truststores, with PEM files read directly from secrets via KubernetesSecretConfigProvider.
  • Failed KafkaConnectors can now be stopped; pausing a failed connector is rejected because Kafka Connect does not support that operation.
  • New cluster operator option `STRIMZI_PKCS12_KEYSTORE_GENERATION` disables PKCS12 store generation in CA and KafkaUser Secret resources; mTLS `validityDays` and `renewalDays` are now configurable per KafkaUser.
  • Gateway API `tlsroute` listener type, per-broker listener annotation/label templates, and dependency scope configuration for Maven artifacts in Kafka Connect Build are all now supported.
  • Adds `UseBackgroundPodDeletion` feature gate (alpha, disabled by default) to use background deletion propagation when deleting pods during rolling updates.
  • Strimzi Drain Cleaner updated to 1.6.0 and Strimzi Access Operator updated to 0.3.0, both included in the installation files.
Source

Istio

Networking & MessagingJun 24, 2026

Istio 1.29.5 is a security release fixing 14 Envoy CVEs under ISTIO-SECURITY-2026-005, with several rated HIGH (DoS, crash, use-after-free). It also repairs a gateway revision-label traffic outage, an ambient ipset health-probe gap, a krt memory leak, and a multicluster controller panic.

  • security14 Envoy CVEs fixed (max severity HIGH) — ISTIO-SECURITY-2026-005

    All 14 Envoy CVEs under ISTIO-SECURITY-2026-005 are fixed in 1.29.5. The highest-severity issues include an HTTP/3 QPACK decoding DoS (GHSA-p7C7-7c47-pwch), a compressed-payload inflation bypass of MaxInflateRatio (CVE-2026-48044), a %REQUESTED_SERVER_NAME% formatter crash (CVE-2026-47220), a QUIC content-length validation issue guarded by envoy.reloadable_features.quic_validate_headers_only_content_length (CVE-2026-48743), and a PROXY protocol TLV length mismatch (CVE-2026-47692). Upgrade all 1.29.x deployments to 1.29.5.

  • securityOAuth2 filter padding oracle in AES-256-CBC cookie decryption (CVE-2026-47775)

    Operators using the OAuth2 filter with AES-256-CBC cookie encryption should upgrade immediately. The filter now supports AES-256-GCM with a gcm. algorithm marker; plan migration away from AES-256-CBC after upgrading.

  • securityext_authz use-after-free with per-route service overrides (CVE-2026-47205)

    Clusters using ext_authz with per-route service overrides are exposed to a use-after-free crash when a downstream connection resets during an in-flight authorization check (CVE-2026-47205). Upgrade to 1.29.5 to eliminate the crash window.

  • breakingJSON nesting depth limit reduced to 1000 (CVE-2026-48042)

    JSON parser nesting depth is now capped at 1000 by default (down from 10000). If any Envoy configuration relies on deeper nesting, the old limit can be restored temporarily by setting the runtime flag envoy.reloadable_features.limit_json_parser_nesting_depth to false, but plan to eliminate deep nesting.

Key changes (7)
  • 14 Envoy CVEs addressed under ISTIO-SECURITY-2026-005 (max HIGH); notable issues: HTTP/3 QPACK DoS (GHSA-p7c7-7c47-pwch), compressed-payload inflation bypass (CVE-2026-48044), REQUESTED_SERVER_NAME formatter crash (CVE-2026-47220), PROXY protocol TLV length mismatch (CVE-2026-47692), and QUIC header validation (CVE-2026-48743)
  • OAuth2 filter padding oracle fixed (CVE-2026-47775); AES-256-GCM now supported as replacement for AES-256-CBC cookie encryption
  • JSON parser nesting depth defaulted to 1000 (was 10000); runtime flag envoy.reloadable_features.limit_json_parser_nesting_depth=false restores the old limit (CVE-2026-48042)
  • ext_authz use-after-free with per-route service overrides fixed (CVE-2026-47205); plus ext_proc unexpected response and gRPC stats UAF/crash fixes
  • Fixed a traffic outage when changing the istio.io/rev label on a Kubernetes Gateway or ListenerSet — the previously-owning control plane no longer pushes empty xDS config to running gateway pods
  • Fixed ambient-enrolled pods being left out of the host health-probe ipset after a node or kubelet restart, causing kubelet probes to be rejected by ztunnel
  • Fixed a krt memory leak from stale reverse-index entries when a pod is relabeled to a different waypoint, plus a multicluster secret controller panic on rapid kubeconfig secret updates and a sidecar config generation regression pre-1.29.2
Source

Istio

Networking & MessagingJun 24, 2026

Istio 1.30.2 is a security-plus-bugfix patch release, its main content is fixes for 14 Envoy CVEs (one high-severity HTTP/3 DoS via QPACK, others medium to high) under ISTIO-SECURITY-2026-005, alongside operator-relevant changes to pilot-agent metric merging and new AuthorizationPolicy trust-domain fields.

  • security14 Envoy CVEs fixed under ISTIO-SECURITY-2026-005, several high severity

    Applies to all 1.30.x deployments. Fixed a DoS in the HTTP/3 stack via QPACK blocked decoding, plus a JSON parser change limiting nesting depth to 1000 (previously the 10K fallback is reachable only if envoy.reloadable_features.limit_json_parser_nesting_depth is set to false) and a headers-only content-length validation fix gated by envoy.reloadable_features.quic_validate_headers_only_content_length. Upgrade to 1.30.2.

  • securityMultiple use-after-free and crash fixes across ext_authz, ext_proc, gRPC stats, and OAuth2 filters

    Applies when ext_authz per-route service overrides are active and a downstream connection resets mid-authorization-check (CVE-2026-47205), or when ext_proc/gRPC stats/OAuth2 filters are in use. Upgrade to close use-after-free and padding-oracle issues; the OAuth2 filter now also supports AES-256-GCM cookie encryption via a gcm. marker.

  • breakingpilot-agent metric merging now rejects protobuf content type

    Applies to deployments using pilot-agent metric merging (PILOT_AGENT_MERGE_ENVOY_STATS). Allowed content types are now restricted to text/plain and application/openmetrics-text; protobuf-based scraping of merged metrics will break. Check scrape configs before upgrading.

  • enhancementAuthorizationPolicy gains trust-domain matching

    Applies to AuthorizationPolicy authors who want mTLS trust-domain-based access control. New trustDomains and notTrustDomains fields on Source let policies match or exclude requests by the trust domain in the peer certificate.

Key changes (8)
  • ISTIO-SECURITY-2026-005 bundles fixes for 14 Envoy CVEs (max severity high); most notable are the HTTP/3 QPACK blocked-decoding DoS (GHSA-p7c7-7c47-pwch), the Zstd decompressor memory exhaustion (CVE-2026-48044), the %REQUESTED_SERVER_NAME% formatter crash (CVE-2026-47220), and the JSON nesting depth limit of 1000 (CVE-2026-48042)
  • Use-after-free/crash fixes land in ext_authz (per-route overrides during connection reset), ext_proc, gRPC stats filter, and the async token callback path
  • OAuth2 filter closes a padding oracle in AES-256-CBC cookie decryption and adds AES-256-GCM support
  • pilot-agent metric merging now restricts allowed content types to text/plain and application/openmetrics-text, dropping protobuf support; a new PILOT_AGENT_MERGE_ENVOY_STATS env var controls the merge behavior
  • AuthorizationPolicy Source gains trustDomains and notTrustDomains fields for trust-domain-based request matching
  • Fixed a brief traffic outage on istio.io/rev label changes for Kubernetes Gateway/ListenerSet, and duplicate/excessive xDS pushes from WasmPlugin-to-TrafficExtension conversions
  • Ambient mode: fixed pods dropping out of the host health-probe ipset after node/kubelet restart, which had caused kubelet probes to be rejected by ztunnel
  • Plus several smaller fixes: warn-level logging for outdated Gateway API CRDs, sidecar config generation for pre-1.29.2, and a krt controller memory leak from stale reverse-index entries
Source

Envoy

Networking & MessagingJun 23, 2026

Envoy v1.38.3 is a security-only release patching 15 CVEs plus one upstream wasmtime CVE. Two issues are rated critical: a TLS SAN NUL-byte auth bypass (CVE-2026-47778) and HTTP/3-to-HTTP/1 request smuggling (CVE-2026-48743); the remaining 13 are rated high, covering crashes, a zip-bomb DoS, a PKCE padding oracle, a 65 KB upstream data spillover, and a heap buffer overflow.

  • securityCRITICAL: TLS SAN NUL-byte auth bypass (CVE-2026-47778)

    CVE-2026-47778 (GHSA-f8x4-rw5x-f3r7): a NUL byte embedded in a TLS SAN causes truncation during comparison, allowing an attacker to bypass certificate-based authentication. Upgrade to v1.38.3 unconditionally.

  • securityCRITICAL: HTTP/3 to HTTP/1 request smuggling (CVE-2026-48743)

    CVE-2026-48743 (GHSA-8phg-2h2q-jgxf): a headers-only HTTP/3 request carrying a nonzero Content-Length can be smuggled into a downstream HTTP/1 backend. Any deployment proxying HTTP/3 to HTTP/1 is affected. Upgrade to v1.38.3.

  • securityHIGH: PROXY Protocol v2 upstream data spillover (CVE-2026-47692)

    CVE-2026-47692 (GHSA-wh36-hm39-mm3r): the PROXY Protocol v2 header generator leaks "skipped" TLVs, spilling up to 65 KB of attacker-controlled data into the upstream application stream. Upgrade to v1.38.3.

  • breakingIntel DLB connection balancer extension removed

    The contrib extension envoy.network.connection_balance.dlb (Intel DLB connection balancer) has been disabled at the Bazel build layer in v1.38.3 due to a broken source archive. Any deployment that relied on this extension must migrate to an alternative connection balancer.

  • breakingTLS certificate Brotli compression now disabled by default

    The runtime guard envoy.reloadable_features.tls_certificate_compression_brotli is now disabled by default. When off, QUIC uses zlib-only certificate compression and TCP TLS performs no certificate compression. If you depended on Brotli compression for TLS certificates, re-enable this flag explicitly after upgrading.

Key changes (8)
  • CRITICAL: TLS SAN NUL-byte truncation enables certificate auth bypass (CVE-2026-47778, max severity across all 15 CVEs)
  • CRITICAL: HTTP/3 to HTTP/1 request smuggling via headers-only request with nonzero Content-Length (CVE-2026-48743)
  • HIGH: PROXY Protocol v2 leaks up to 65 KB of attacker-controlled data into upstream stream (CVE-2026-47692); OAuth2 PKCE padding oracle (CVE-2026-47775) and UAF/crash on async token completion after stream teardown (CVE-2026-48090)
  • HIGH: Crashes fixed in authz per-route (CVE-2026-47205), router internal redirects (CVE-2026-47221), REQUESTED_SERVER_NAME (CVE-2026-47220), grpc_stats filter on Connect-to-direct_response (CVE-2026-47204), and ext_proc single-gRPC-message response (CVE-2026-47207)
  • HIGH: zstd RLE zip bomb DoS (CVE-2026-48044), JSON deeply-nested destructor stack overflow (CVE-2026-48042), DNS UDP filter abnormal termination (CVE-2026-48497), TcpStatsdSink heap buffer overflow (CVE-2026-48706), HTTP/3 QPACK blocked-decoding DoS (GHSA-p7c7-7c47-pwch)
  • wasmtime dependency bumped to resolve CVE-2026-47261 (medium severity)
  • Intel DLB contrib extension (envoy.network.connection_balance.dlb) disabled in all builds due to broken source archive
  • Runtime guard envoy.reloadable_features.tls_certificate_compression_brotli flipped to disabled by default; TCP TLS will no longer compress certificates and QUIC reverts to zlib-only
Source

Envoy

Networking & MessagingJun 23, 2026

Envoy v1.37.5 is a security-only release fixing 15 Envoy CVEs/GHSAs and one upstream dependency CVE, with severities reaching critical. Three critical issues stand out: HTTP/3-to-HTTP/1 request smuggling, TLS SAN auth bypass via embedded NUL bytes, and a PROXY Protocol v2 spillover that puts attacker-controlled data into upstream streams. All v1.37.x deployments should upgrade without delay.

  • securityCritical: HTTP/3 to HTTP/1 request smuggling (CVE-2026-48743)

    CVE-2026-48743 (GHSA-8phg-2h2q-jgxf): HTTP/3 requests with headers-only and a nonzero Content-Length can smuggle requests into HTTP/1 upstream connections. Applies to any deployment terminating HTTP/3 and proxying to HTTP/1 backends. Upgrade immediately.

  • securityCritical: TLS SAN NUL-byte auth bypass (CVE-2026-47778)

    CVE-2026-47778 (GHSA-f8x4-rw5x-f3r7): A TLS SAN containing an embedded NUL byte is truncated at that byte during comparison, allowing a certificate to match patterns it should not. Any deployment making auth decisions based on TLS SAN validation is affected. Upgrade immediately.

  • securityCritical: PROXY Protocol v2 TLV spillover into upstream stream (CVE-2026-47692)

    CVE-2026-47692 (GHSA-wh36-hm39-mm3r): The PROXY Protocol v2 header generator emits TLVs that were supposed to be skipped, spilling up to 65 KB of attacker-controlled data into the upstream application stream. Affects deployments that generate PROXY Protocol v2 headers toward upstreams. Upgrade immediately.

  • securityHigh: Two OAuth2 filter vulnerabilities (padding oracle + UAF)

    CVE-2026-47775 and CVE-2026-48090 (GHSA-396h-jpq4-vc7p, GHSA-3cj2-c63f-q26f): The OAuth2 filter has a PKCE code-verifier padding oracle and a use-after-free risk when an async token fetch completes after stream teardown. Both affect deployments using envoy.filters.http.oauth2.

  • securityHigh: HTTP/3 QPACK blocked-decoding DoS (GHSA-p7c7-7c47-pwch)

    HTTP/3 QPACK blocked decoding (GHSA-p7c7-7c47-pwch) can be exploited to cause a DoS against the HTTP/3 stack. Affects any deployment serving HTTP/3.

  • securityHigh: grpc_stats filter segfault on Connect protocol (CVE-2026-47204)

    CVE-2026-47204 (GHSA-3jxh-8p6x-7pf6): The grpc_stats filter segfaults on Connect-protocol requests routed to direct_response routes. Affects deployments using envoy.filters.http.grpc_stats.

  • breakingIntel DLB connection balancer contrib extension disabled at build time

    The envoy.network.connection_balance.dlb contrib extension (Intel DLB connection balancer) has been disabled at the Bazel build layer across all platforms due to a source archive breakage. Deployments relying on this extension must pursue a local workaround or alternative balancing strategy until the source issue is resolved.

Key changes (5)
  • Three critical CVEs fixed: HTTP/3-to-HTTP/1 request smuggling (CVE-2026-48743), TLS SAN NUL-byte auth bypass (CVE-2026-47778), and PROXY Protocol v2 65 KB upstream stream spillover (CVE-2026-47692).
  • Nine additional high-severity CVEs fixed, covering OAuth2 padding oracle and UAF (CVE-2026-47775, CVE-2026-48090), HTTP/3 QPACK DoS (GHSA-p7c7-7c47-pwch), grpc_stats segfault (CVE-2026-47204), DNS UDP filter abnormal termination (CVE-2026-48497), TcpStatsdSink heap buffer overflow (CVE-2026-48706), deep JSON nesting stack overflow (CVE-2026-48042), router internal redirects crash (CVE-2026-47221), REQUESTED_SERVER_NAME crash (CVE-2026-47220), ext_proc gRPC response crash (CVE-2026-47207), and authz per-route crash (CVE-2026-47205).
  • zstd decompression RLE zip-bomb DoS (CVE-2026-48044, high) fixed; affects deployments using the zstd filter.
  • wasmtime dependency bumped to resolve CVE-2026-47261.
  • envoy.network.connection_balance.dlb (Intel DLB) contrib extension disabled at the Bazel build layer for all platforms due to source archive breakage; local workarounds are referenced in the release notes.
Source

Envoy

Networking & MessagingJun 23, 2026

Envoy v1.36.9 is a security-only release patching 15 CVEs (2 rated critical, the rest high or medium) across TLS SAN handling, HTTP/3, PROXY protocol, JSON parsing, OAuth2, ext_proc, grpc_stats, zstd, DNS, and statsd. Operators should upgrade immediately, as two of the vulnerabilities -- TLS SAN auth bypass and HTTP/3 request smuggling -- are unconditional or broadly exploitable.

  • securityCRITICAL: TLS SAN NUL-byte auth bypass (CVE-2026-47778 / GHSA-f8x4-rw5x-f3r7)

    A TLS SAN containing an embedded NUL byte causes the SAN to be truncated, bypassing certificate-based authentication checks. All deployments are affected. Upgrade to v1.36.9 immediately.

  • securityCRITICAL: HTTP/3-to-HTTP/1 request smuggling (CVE-2026-48743 / GHSA-8phg-2h2q-jgxf)

    A headers-only HTTP/3 request with a nonzero Content-Length can be smuggled into HTTP/1 backends, enabling request smuggling attacks. Affects any deployment proxying HTTP/3 to HTTP/1 backends.

  • securityHIGH: PROXY Protocol v2 upstream data spillover (CVE-2026-47692 / GHSA-wh36-hm39-mm3r)

    PROXY Protocol v2 header generation leaks up to 65 KB of attacker-controlled data into the upstream application stream via improperly emitted TLVs. Affects deployments using the PROXY Protocol v2 header generator.

  • securityHIGH: Stack overflow on deeply nested JSON (CVE-2026-48042 / GHSA-f24p-rxw2-g6pv)

    Deeply nested JSON input triggers a stack overflow in the object destructor, crashing the proxy. All deployments are affected.

  • securityHIGH: wasmtime dependency CVE (CVE-2026-47261)

    The wasmtime dependency was bumped to resolve CVE-2026-47261. All deployments using Wasm extensions are affected.

  • breakingDLB connection balancer extension disabled (capability removed)

    The contrib Intel DLB connection balancer extension (envoy.network.connection_balance.dlb) is now disabled at the Bazel layer for all platforms due to a source archive breakage. Builds that previously enabled this extension will lose it silently.

Key changes (8)
  • CRITICAL (2 CVEs): TLS SAN NUL-byte truncation enables auth bypass (CVE-2026-47778), and HTTP/3-to-HTTP/1 request smuggling via nonzero Content-Length on headers-only requests (CVE-2026-48743).
  • HIGH: PROXY Protocol v2 header generator emits skipped TLVs, allowing up to 65 KB of attacker-controlled data to spill into the upstream stream (CVE-2026-47692).
  • HIGH: Stack overflow in destructor on deeply nested JSON input affects all deployments (CVE-2026-48042).
  • HIGH: Multiple filter-specific crashes and security issues fixed -- ext_proc single-gRPC-message response (CVE-2026-47207), grpc_stats segfault on Connect-protocol requests to direct_response routes (CVE-2026-47204), authz per-route crash (CVE-2026-47205), router internal redirects crash (CVE-2026-47221).
  • HIGH: OAuth2 filter fixes two issues -- PKCE code verifier padding oracle (CVE-2026-47775) and use-after-free risk from late async token completion after stream teardown (CVE-2026-48090).
  • HIGH: zstd RLE zip-bomb decompression amplification (CVE-2026-48044), DNS UDP filter abnormal termination (CVE-2026-48497), HTTP/3 QPACK blocked-decoding DoS (GHSA-p7c7-7c47-pwch), and TcpStatsdSink heap buffer overflow (CVE-2026-48706).
  • wasmtime dependency bumped to resolve CVE-2026-47261 (HIGH, unconditional).
  • The contrib envoy.network.connection_balance.dlb (Intel DLB) extension is disabled for all builds due to a source archive breakage.
Source

Envoy

Networking & MessagingJun 23, 2026

Envoy v1.35.13 is a major security release fixing 13 CVEs, two of them critical: a PROXY protocol v2 TLV spillover leaking up to 65KB into the upstream stream, and a TLS SAN NUL-truncation bug that can bypass certificate-based auth. It also disables the contrib Intel DLB connection balancer extension due to a build breakage.

  • securityPROXY Protocol v2 TLV spillover (CVE-2026-47692)

    Applies to all v1.35.13 deployments running PROXY protocol v2 header generation upstream. CVE-2026-47692 lets an attacker's "skipped" TLVs leak up to 65KB into the upstream application stream. Upgrade immediately if you use this feature.

  • securityTLS SAN NUL truncation enables auth bypass (CVE-2026-47778)

    Applies to deployments validating client certificates by SAN. CVE-2026-47778 lets an embedded NUL byte in a TLS SAN truncate the parsed name, allowing certificates to match unintended hostnames and bypass authentication. Upgrade immediately.

  • security11 more high-severity CVEs across core filters and HTTP/3

    Eleven additional high-severity CVEs are fixed across ext_proc, router internal redirects, OAuth2 (two separate issues: padding oracle and a use-after-free from late async token completion), zstd decompression, grpc_stats, JSON parsing, the DNS filter, HTTP/3 (content-length validation and a separate QPACK-based DoS), and TcpStatsdSync. Each is a crash, DoS, or memory-safety bug tied to a specific filter or codec; upgrade to pick up all fixes, or check which filters you run to prioritize.

  • securityWasmtime dependency bump fixes CVE-2026-47261

    A separate wasmtime CVE (CVE-2026-47261) is fixed by bumping the com_github_wasmtime dependency. Applies to deployments using the Wasm filter.

  • breakingIntel DLB connection balancer extension disabled

    The contrib extension envoy.network.connection_balance.dlb (Intel DLB connection balancer) is disabled at the Bazel build layer for all builds and platforms due to a source archive breakage. Anyone building Envoy with this extension enabled needs an alternate connection balancer.

Key changes (7)
  • 13 CVEs fixed in this release, two rated critical: PROXY protocol v2 TLV spillover (CVE-2026-47692, up to 65KB leaked into the upstream stream) and TLS SAN NUL truncation enabling auth bypass (CVE-2026-47778).
  • High-severity fixes across core request handling: ext_proc single-message response handling (CVE-2026-47207), router internal redirect crash (CVE-2026-47221), grpc_stats segfault on Connect protocol to direct_response routes (CVE-2026-47204), and a stack overflow destroying deeply nested JSON (CVE-2026-48042).
  • Two separate OAuth2 filter fixes: a code verifier padding oracle (CVE-2026-47775) and a use-after-free from late async token completion after stream teardown (CVE-2026-48090).
  • HTTP/3 hardened against two issues: unvalidated content-length on headers-only requests/responses (CVE-2026-48743) and a QPACK blocked-decoding DoS.
  • Additional high-severity fixes: zstd RLE decompression zip bomb (CVE-2026-48044), DNS filter crash on long query names (CVE-2026-48497), and TcpStatsdSync buffer overflow on large stats names (CVE-2026-48706).
  • Upstream wasmtime dependency bumped to resolve CVE-2026-47261 in the Wasm filter.
  • The contrib envoy.network.connection_balance.dlb extension (Intel DLB) is disabled at the Bazel layer for all builds due to a source archive breakage.
Source

Strimzi

Networking & MessagingJun 17, 2026

Strimzi 1.0.1 patches two CVEs and disables cross-namespace Entity Operator watching by default. The v1-only CRD API requirement from 1.0.0 remains enforced — no v1beta2/v1beta1/v1alpha1.

  • securityPatch two CVEs — upgrade promptly

    CVE-2026-55225 and CVE-2026-55226 are fixed in 1.0.1. Details are in the Strimzi security advisories. Given both are fixed in the same patch release, treat this as a security-motivated upgrade and prioritize it over waiting for a convenient maintenance window.

  • breakingEnable cross-namespace watching explicitly if you use watchedNamespace

    If your Kafka CR's Entity Operator section has watchedNamespace set to a namespace different from the Kafka cluster's namespace, the Topic or User Operator will stop watching it after upgrading. Before or immediately after upgrading, set STRIMZI_ENTITY_OPERATOR_WATCHED_NAMESPACE_ENABLED=true in your Cluster Operator deployment. Check all Kafka CRs across namespaces — missing this will silently break topic/user reconciliation.

  • breakingComplete CRD migration to v1 before upgrading

    Strimzi 1.0.1 (like 1.0.0) only accepts v1 CRDs. If you skipped the migration step when moving to 1.0.0, or if you are upgrading from an older release directly, run the CRD conversion procedure documented in the Strimzi 1.0.1 deploying guide before applying the new operator manifests. Applying the operator without converted CRDs will cause reconciliation failures.

Key changes (4)
  • All older CRD API versions (v1beta2, v1beta1, v1alpha1) are dropped — only v1 is supported. CRD conversion must be completed before upgrading.
  • Two CVEs patched: CVE-2026-55225 and CVE-2026-55226.
  • Entity Operator cross-namespace watching is now disabled by default. A new env var controls it: STRIMZI_ENTITY_OPERATOR_WATCHED_NAMESPACE_ENABLED.
  • Teams using watchedNamespace in the Entity Operator section of their Kafka CR (pointing to a different namespace) must explicitly re-enable the feature after upgrading.
Source

Cilium

Networking & MessagingJun 16, 2026

Cilium v1.19.5 is a bugfix-heavy patch release addressing policy enforcement bugs, Gateway API panics, and load-balancer correctness issues. No CVEs, but several fixes warrant attention before upgrading.

  • breakingMigrate away from `l2podAnnouncements.interface` Helm value before upgrading

    The `l2podAnnouncements.interface` Helm key was removed because it wrote a configmap entry the agent no longer reads, causing crash-loops when L2 pod announcements are enabled. Before upgrading, check your Helm values for this key and replace it with `l2podAnnouncements.interfacePattern`. Clusters using the old key will fail to start after the upgrade.

  • breakingCheck CiliumEgressGatewayPolicy if you use NamespaceSelector

    A bug caused the NamespaceSelector field in CiliumEgressGatewayPolicy to be silently corrupted, making those rules ineffective. After upgrading to 1.19.5, verify that egress policies with NamespaceSelector are actually being enforced — traffic that was previously leaking may now be blocked.

  • enhancementVerify ipBlock network policies if you rely on selectorless rules

    A bypass was fixed where wildcard namespace selectors could skip ipBlock rules without a pod selector. If you have CiliumNetworkPolicies using ipBlock without explicit namespace selectors, review them post-upgrade to confirm enforcement behavior matches your intent — the fix may change observed traffic patterns.

Key changes (5)
  • Fixed wildcard namespace bypass for selectorless ipBlock rules — network policy was not enforced correctly in some cases
  • Removed defunct `l2podAnnouncements.interface` Helm value; clusters using it will crash-loop unless migrated to `interfacePattern`
  • Fixed CiliumEgressGatewayPolicy NamespaceSelector corruption that silently rendered egress policies ineffective
  • Fixed node connectivity disruption when ClusterIP/LoadBalancer VIPs overlapped with node-local IPs
  • Load-balancing backend internals refactored to handle thousands of services sharing a backend without performance degradation
Source

Cilium

Networking & MessagingJun 16, 2026

Cilium 1.18.11 is a patch release focused on stability, fixing memory leaks, socket handling crashes, and Gateway API routing bugs. No breaking changes; safe to adopt for teams running 1.18.x in production.

  • securityApply patch if you see agent crashes in socket handling

    Cilium 1.18.11 fixes a nil pointer dereference in filterAndDestroySockets that could crash the agent. If you have seen sudden agent pod restarts or panic logs mentioning socket filtering, upgrade promptly. This is a stability issue that affects 1.18.10 and earlier.

  • breakingVerify MTU settings on non-Cilium interfaces after upgrade

    1.18.11 changes MTU handling to skip interfaces not managed by Cilium. If your infrastructure depends on Cilium adjusting MTU on external interfaces (e.g., host-managed veth pairs), test this upgrade in a staging environment first. Mark interfaces with altname to ensure they are recognized as Cilium-owned; otherwise, MTU will not be modified.

  • enhancementAdopt if running Kubernetes Gateway API with TLS routes

    This patch fixes two distinct bugs in Gateway API support: weighted backend routing for TLSRoute passthrough and mixed listener handling. If you use Gateway API with TLS termination or passthrough, this upgrade eliminates silent routing failures. No configuration changes needed; test existing Gateway API resources in a staging cluster first.

Key changes (5)
  • Fixed memory leak in StateDB watch channel hash map reuse for large transactions
  • Corrected weighted backend traffic splitting for TLSRoute passthrough listeners in Gateway API
  • Fixed nil pointer dereference in socket filtering code that could crash the agent
  • Fixed MTU change behavior to only affect Cilium-managed interfaces, skipping others
  • Improved troubleshoot commands to report more kvstore and clustermesh diagnostic data
Source

Linkerd

Networking & MessagingJun 16, 2026

Linkerd edge-26.6.2 patches policy and profile validation bugs, tightens namespace restrictions on external workloads, and upgrades to Envoy proxy v2.357.0 with unified failure accrual tuning.

  • securityProfile validation now rejects nil configs

    The nil check in profile validation closes a path to crashes on malformed configs. No immediate action needed, but if your automation generates profiles programmatically, ensure they always have valid structure before applying them.

  • breakingNamespace-restricted external workloads may affect routing

    External workloads and endpoints now honor namespace boundaries. If you cross namespaces with external workloads in your Linkerd setup, verify routing still works after upgrade. Update any policies that rely on previous (unrestricted) cross-namespace access.

  • enhancementTune load balancing with unified failure accrual

    Unified failure accrual and response-penalty load biasing gives you finer control over how proxies handle slow or failing endpoints. Test this in a canary namespace first—adjust failure thresholds and penalty weights to match your SLOs. Check Linkerd docs for new policy knobs.

Key changes (5)
  • Policy validation: removed inappropriate AuthN policy check; corrected typos in outbound index rules.
  • Profile validation: added nil check to prevent crashes during validation.
  • Namespace isolation: external workloads and endpoints now respect namespace boundaries to prevent cross-namespace leakage.
  • Load balancing: unified failure accrual and response-penalty biasing in policy engine.
  • Proxy upgrade: Envoy v2.357.0; Go 1.25.11 for build.
Source

Envoy

Networking & MessagingJun 10, 2026

Envoy v1.38.2 is a small patch release: one RTDS runtime bug fix and two opt-in HTTP/2 cookie observability features. No security fixes.

  • breakingRTDS runtime guard fix changes delete behavior — verify your override logic

    If your config management deletes RTDS runtime guard overrides expecting them to revert to default, prior behavior was broken and left stale values. After upgrading to v1.38.2, deletes will now correctly restore defaults. Test any automation that removes runtime overrides to confirm it behaves as intended.

  • enhancementUse new HTTP/2 cookie size limit to guard against oversized headers

    The new envoy.reloadable_features.http2_max_cookies_size_in_kb flag lets you cap the reassembled cookie header size in HTTP/2. If your deployment handles untrusted upstream or downstream traffic with large cookie headers, set an explicit limit to reduce memory pressure. The default is unlimited, so this is opt-in.

Key changes (3)
  • RTDS runtime fix: deleting a runtime guard override now correctly restores the default value instead of leaving stale state
  • New opt-in HTTP/2 header histograms (entry count, byte size, cookie length/count) via envoy.reloadable_features.http2_record_histograms — temporary, will be removed in a future release
  • New runtime flag envoy.reloadable_features.http2_max_cookies_size_in_kb to cap reassembled cookie header size (disabled/unlimited by default)
Source

Envoy

Networking & MessagingJun 10, 2026

Envoy v1.37.4 is a small patch with one RTDS bug fix and two opt-in HTTP/2 cookie-related observability/safety features. No security CVEs.

  • breakingRTDS override deletion behavior changed — verify runtime guard state

    If your deployments rely on RTDS to manage runtime guard overrides, the old behavior left stale override values after deletion. The fix now restores the process-wide default. Check that your expected default values are actually what you want after an override is removed, especially if you were working around the old broken behavior.

  • enhancementUse the new cookie size limit to protect against oversized cookie headers

    HTTP/2 reassembled cookie headers had no size cap before this release. If you proxy untrusted HTTP/2 clients, set envoy.reloadable_features.http2_max_cookies_size_in_kb to a reasonable limit (e.g., 32–64 KB) to prevent unexpectedly large cookie payloads from reaching upstreams. The default remains unlimited, so this requires an explicit opt-in.

  • enhancementEnable HTTP/2 header histograms in staging to baseline your traffic

    The new envoy.reloadable_features.http2_record_histograms flag adds histograms for header count, map byte size, and cookie metrics. These are useful for understanding HTTP/2 header pressure in your fleet. Enable in a non-production environment first — note these metrics will be removed in a future Envoy release, so don't build long-term dashboards around them.

Key changes (4)
  • RTDS bug fix: deleting a runtime guard override now correctly falls back to the process-wide default instead of leaving a stale value
  • New opt-in HTTP/2 header histograms (header count, byte size, cookie length/count) — enable via envoy.reloadable_features.http2_record_histograms
  • New runtime flag envoy.reloadable_features.http2_max_cookies_size_in_kb to cap reassembled cookie header size (disabled/unlimited by default)
  • HTTP/2 header histograms are explicitly temporary — they will be removed in a future release
Source

Envoy

Networking & MessagingJun 10, 2026

Envoy v1.36.8 is a minor patch with one bug fix and two opt-in HTTP/2 observability features. No breaking changes or CVEs.

  • breakingHTTP/2 header histograms are temporary — don't build dashboards on them

    The new http2_record_histograms feature and its runtime guard are explicitly scheduled for removal in a future Envoy release. If you enable them for debugging HTTP/2 header issues, treat the resulting metrics as short-lived. Don't wire them into permanent dashboards or alerts that would break on upgrade.

  • enhancementEnable HTTP/2 header histograms if you're debugging large header or cookie payloads

    If you're seeing unexpectedly large HTTP/2 requests or cookie-related issues, flip envoy.reloadable_features.http2_record_histograms to get histograms on header entry count, byte size, and cookie metrics. Pair this with envoy.reloadable_features.http2_max_cookies_size_in_kb to enforce a hard cap on reassembled cookie header size — useful if you need to protect upstream services from oversized cookie headers.

Key changes (4)
  • RTDS runtime guard override deletion now correctly restores the process-wide default value instead of leaving it in a broken state
  • New opt-in HTTP/2 header histograms (entry count, byte size, cookie length, cookie count) enabled via envoy.reloadable_features.http2_record_histograms
  • New runtime flag envoy.reloadable_features.http2_max_cookies_size_in_kb to cap reassembled cookie header size; no limit enforced by default
  • HTTP/2 histograms and their runtime guard are explicitly temporary — they will be removed in a future release
Source

Envoy

Networking & MessagingJun 10, 2026

Envoy v1.35.12 is a minor patch with one runtime bug fix and two opt-in HTTP/2 cookie/header observability features. No breaking changes or CVEs.

  • breakingRTDS override deletion behavior changed — verify runtime guard defaults

    If you rely on RTDS to manage runtime guard overrides, test this fix in staging. Previously, deleting an override left the old value active; now it resets to the process default. Any automation that deleted overrides expecting them to persist will behave differently.

  • enhancementUse the new HTTP/2 cookie size limit to guard against oversized cookie headers

    The new envoy.reloadable_features.http2_max_cookies_size_in_kb flag is off by default. If your deployments accept untrusted HTTP/2 traffic, consider setting a reasonable limit to bound memory usage from reassembled cookie headers. Pair it with the new histograms to first measure your actual cookie sizes before choosing a cap.

Key changes (3)
  • Runtime bug fix: deleting an RTDS runtime guard override now correctly restores the process-wide default, instead of leaving the previous override in place.
  • New opt-in HTTP/2 header histograms (entry count, byte size, cookie length, cookie count) via envoy.reloadable_features.http2_record_histograms — note these will be removed in a future release.
  • New runtime flag envoy.reloadable_features.http2_max_cookies_size_in_kb lets you cap the size of the reassembled cookie header; no limit is enforced by default.
Source

NATS

Networking & MessagingJun 9, 2026

NATS v2.12.11 is a single-fix patch release targeting a JetStream regression in v2.12.7 that caused stale subject state tracking and 'Message Not Found' errors on streams with per-subject message limits.

  • breakingUpgrade if you use max-messages-per-subject on any stream

    If you run NATS 2.12.7–2.12.10 and have streams configured with MaxMsgsPerSubject (max_msgs_per_subject), you are exposed to silent stale-state bugs that surface as 'Message Not Found' errors. These errors can cause consumers to miss messages or behave unpredictably. Upgrade to 2.12.11 immediately. If you are already on 2.14.x, you are not affected and no action is needed.

Key changes (4)
  • Fixed JetStream regression (introduced v2.12.7): stale subject state tracking caused 'Message Not Found' errors when max-messages-per-subject is configured
  • Go runtime updated to 1.25.11
  • v2.14.x is unaffected by this regression — only 2.12.7 through 2.12.10 users need to act
  • No other changes in this release
Source

gRPC

Networking & MessagingJun 8, 2026

gRPC v1.81.1 is a patch release fixing memory safety bugs on Windows and ARM, plus Python/Ruby housekeeping. No API-breaking changes.

  • breakingPython 3.9 and Ruby 3.1 are no longer supported

    If your services run gRPC Python on 3.9 or Ruby on 3.1, upgrading to v1.81.1 will break your build. Check your runtime versions before upgrading. Python 3.10+ and Ruby 3.2+ are the minimum now.

  • enhancementUpgrade Windows/ARM deployments to get memory safety fixes

    Two Windows EventEngine races and an ARM completion queue shutdown race are fixed. If you run gRPC servers on Windows or ARM-based hosts (e.g., Graviton), this patch is worth applying — use-after-free and assertion crashes are hard to reproduce but can cause random service failures.

  • enhancementprotobuf 7.x now allowed for gRPC Python

    The grpc-status package previously capped protobuf at <6.x. With the upper bound relaxed to 7.x, you can now unpin protobuf in Python services that use grpc-status alongside other libraries requiring newer protobuf versions.

Key changes (5)
  • EventEngine: two Windows-specific bugs fixed — a use-after-free and a race causing assertion errors
  • Core: completion queue shutdown race fixed on weak memory model architectures (ARM)
  • Python: dropped Python 3.9 support; protobuf dependency upper bound relaxed to allow 7.x
  • Ruby: dropped EOL Ruby 3.1 support; fixed CallCredentials reference leak
  • Python: AsyncIO observability support added
Source

Istio

Networking & MessagingJun 4, 2026

Istio 1.29.4 patches a high-severity DoS CVE in Envoy plus six bug fixes, including a critical ambient mode traffic routing bug that could silently send traffic to unhealthy endpoints cluster-wide.

  • securityPatch CVE-2026-47774 immediately — unauthenticated HTTP/2 DoS

    CVE-2026-47774 lets any unauthenticated attacker exhaust Envoy's memory via crafted HTTP/2 requests. Cookie header bytes aren't fully counted in header size validation, and HPACK limits apply only to encoded bytes — not decoded totals. If you're on 1.29.x, upgrade to 1.29.4 now. This is exploitable from outside the mesh wherever Envoy terminates HTTP/2, including ingress gateways.

  • breakingAmbient mode users: audit Services using publishNotReadyAddresses + traffic distribution

    If any Service in your ambient mesh combines publishNotReadyAddresses:true with PreferSameZone or PreferSameNode traffic distribution, every other Service sharing that traffic-distribution preset was receiving healthPolicy:AllowAll — meaning traffic could route to not-ready endpoints across the entire cluster. After upgrading to 1.29.4, verify endpoint health policies are correct. Check ztunnel logs for unexpected AllowAll entries before and after the upgrade to confirm the fix took effect.

  • enhancementCNI on older kernels: nftables fallback now automatic

    Hosts running an nft binary compiled without JSON support were causing the CNI agent to log errors and retry indefinitely on every pod removal — a silent drain on the agent's reliability. The new startup check detects this and switches to iptables automatically. No action needed for most users, but if you've been seeing 'JSON support not compiled-in' errors in CNI agent logs, this fix resolves the root cause.

Key changes (5)
  • CVE-2026-47774 (CVSS 7.5): Envoy memory exhaustion via crafted HTTP/2 requests exploiting cookie header accounting gaps and HPACK decoded-size limits
  • Ambient mode bug fix: a single Service with publishNotReadyAddresses:true + traffic distribution preset was poisoning healthPolicy for all other Services sharing that preset
  • CNI agent now detects nft binary JSON support at startup and falls back to iptables backend instead of retrying indefinitely on every pod removal
  • Fixed concurrent map writes panic in istio-cni when two pods joined ambient mesh simultaneously on the same node
  • HTTPS listeners via ListenerSet now correctly deliver TLS certificates when the parent Gateway uses manual deployment
Source

Istio

Networking & MessagingJun 4, 2026

Istio 1.28.8 patches a high-severity DoS CVE in Envoy's HTTP/2 memory handling, plus three bug fixes covering TLS delivery, route filter status reporting, and a nasty ambient mode health policy contamination bug.

  • securityPatch CVE-2026-47774 immediately if you expose HTTP/2 endpoints

    An unauthenticated attacker can crash your Envoy sidecars by sending specially crafted HTTP/2 requests that bypass header size validation — cookie bytes aren't counted properly, and HPACK limits apply only to encoded size, not decoded. Any cluster accepting external or untrusted HTTP/2 traffic is at risk. Upgrade to 1.28.8 now. If you can't upgrade immediately, consider adding Envoy-level request header size limits or WAF rules to filter malformed HTTP/2 frames as a temporary measure.

  • breakingAudit ambient mode clusters using publishNotReadyAddresses with zonal traffic distribution

    If you run ambient mode and any Service sets publishNotReadyAddresses:true alongside PreferSameZone or PreferSameNode, you've likely been routing traffic to not-ready endpoints across your entire cluster — not just for that Service, but for every Service sharing the same traffic-distribution preset. This is a silent data-plane correctness bug. After upgrading, verify endpoint health behavior across affected Services and check whether any downstream systems received traffic from unhealthy pods during the window this was active.

  • enhancementFix for silent route filter drops enables reliable config debugging

    Previously, HTTPRoute or GRPCRoute filters with invalid header values would vanish from Envoy config without any status signal — making it nearly impossible to diagnose why traffic wasn't behaving as expected. Now Istio reports an invalid filter status, which surfaces in the Gateway API resource status. After upgrading, re-check any routes you may have debugged by guesswork; the explicit status message will clarify whether a header filter was rejected.

Key changes (4)
  • CVE-2026-47774 (CVSS 7.5): Unauthenticated attackers can exhaust Envoy memory via crafted HTTP/2 requests exploiting gaps in cookie header accounting and HPACK decoded size limits
  • HTTPS listeners on ListenerSet with manual Gateway deployment now correctly deliver TLS certificates
  • HTTPRoute/GRPCRoute filters with invalid header values now report an invalid filter status instead of silently disappearing from Envoy config
  • Critical ambient mode fix: a Service with publishNotReadyAddresses:true plus PreferSameZone/PreferSameNode no longer poisons healthPolicy for all other Services sharing the same traffic-distribution preset
Source

Istio

Networking & MessagingJun 4, 2026

Istio 1.30.1 patches a high-severity DoS CVE in Envoy's HTTP/2 handling plus fixes 13 bugs including a CNI agent panic, a traffic distribution poison bug, and a consistent hash load balancing regression.

  • securityPatch CVE-2026-47774 immediately — unauthenticated HTTP/2 DoS

    An attacker can exhaust Envoy's memory using crafted HTTP/2 requests that exploit gaps in Cookie header accounting and HPACK decoded-size limits. No authentication required. If you're running any Istio 1.30.x version, upgrade to 1.30.1 now. Check whether your ingress gateways are exposed to untrusted traffic — those are the highest-risk surfaces.

  • breakingAmbient users with traffic distribution policies: audit Services immediately

    If you use ambient mode with any Service that sets publishNotReadyAddresses: true alongside PreferSameZone or PreferSameNode traffic distribution, the bug caused ztunnel to apply healthPolicy: AllowAll to OTHER unrelated Services sharing that preset. This means traffic has potentially been routed to not-ready endpoints across your cluster. After upgrading to 1.30.1, verify endpoint health state and check whether any unexpected traffic reached unready pods.

  • enhancementRun 'istioctl analyze' after upgrading to catch stale Gateway API CRDs

    Upgrading Istio without updating Gateway API CRDs was silently breaking TLS passthrough in 1.30.0 — istiod would filter resources without any visible error. The new IST0176 check surfaces this. After upgrading, run istioctl analyze and resolve any IST0176 findings before they cause silent routing failures in production.

Key changes (5)
  • CVE-2026-47774 (CVSS 7.5): Envoy HTTP/2 memory exhaustion via crafted Cookie headers and HPACK decoding — patch immediately
  • Fatal CNI agent panic fixed: concurrent pod additions to ambient mesh on the same node triggered a map write race
  • Ambient mode traffic distribution bug: publishNotReadyAddresses + PreferSameZone/Node could corrupt healthPolicy for unrelated Services cluster-wide
  • New istioctl analyze check IST0176 detects stale Gateway API CRDs below Istio's minimum required version
  • nftables backend now falls back to iptables if the host's nft binary lacks JSON support, ending infinite retry loops on CNI pod removal
Source

Envoy

Networking & MessagingJun 4, 2026

v1.38.1 is a security-focused patch addressing two HTTP/2 CVEs and two oauth2 vulnerabilities — upgrade immediately if running HTTP/2 or oauth2 filter.

  • securityPatch HTTP/2 and oauth2 CVEs now — don't wait for your next maintenance window

    Two HTTP/2 CVEs (cookie-bomb memory exhaustion via HPACK and nghttp2 CVE-2026-27135) plus two oauth2 bugs (timing oracle and a crash-as-auth-bypass) make this a must-apply patch. If you're running the oauth2 filter, the HMAC timing side-channel is particularly nasty — attackers could probe HMAC secret validity over time. Upgrade to v1.38.1 immediately. The new HTTP/2 header limit behavior is enabled by default; only revert with `envoy.reloadable_features.http2_include_cookies_in_limits` if you have a specific, documented reason.

  • breakingUpstream failure reason stripped from HTTP response bodies — check your client error handling

    Any downstream client or API consumer that parses or displays the upstream transport failure reason from the HTTP response body will now get nothing. The information is still in access logs. Audit your clients and dashboards before upgrading — if something depends on that response body content, you have a short window to either update the client or re-enable the old behavior with `envoy.reloadable_features.hide_transport_failure_reason_in_response_body`.

  • breakingEDS batch LB rebuild coalescing is now opt-in — test under high-churn service discovery

    Load balancer rebuild coalescing during EDS batch host updates is disabled by default. Environments with large EDS clusters and frequent host churn (e.g., Kubernetes rolling deployments with many pods) may see increased CPU from more frequent LB rebuilds. Benchmark your control-plane interaction patterns after upgrading. Re-enable the old behavior with `envoy.reloadable_features.coalesce_lb_rebuilds_on_batch_update` if you observe performance regression.

Key changes (5)
  • CVE-2026-47774: HTTP/2 streams now reset on max header list size violations; uncompressed cookies count toward header size/count limits to block HPACK cookie-bomb attacks
  • CVE-2026-27135: nghttp2 patch applied — affects all HTTP/2 traffic
  • oauth2: timing side-channel in HMAC verification fixed, preventing secret validity leakage
  • oauth2: crash fixed where AES-CBC decryption could spuriously succeed on secret mismatch (~1/256 probability), triggering a HeaderString assert
  • Router no longer includes upstream transport failure reason in HTTP response body — only in access logs via %UPSTREAM_TRANSPORT_FAILURE_REASON%
Source

Envoy

Networking & MessagingJun 4, 2026

v1.37.3 is a security-focused patch fixing two HTTP/2 CVEs and oauth2 vulnerabilities — upgrade immediately if you use HTTP/2 or oauth2 filter.

  • securityPatch HTTP/2 deployments now for CVE-2026-47774 and CVE-2026-27135

    Two HTTP/2 CVEs are fixed in this release. CVE-2026-47774 enables a cookie-bomb attack that causes excessive memory usage by sending large numbers of cookies that bypass header size limits before this fix. CVE-2026-27135 is an nghttp2-level vulnerability. If you terminate HTTP/2 traffic, upgrade to v1.37.3 immediately. The new cookie-counting behavior is enabled by default; if it causes regressions, you can temporarily disable it with the feature flag `envoy.reloadable_features.http2_include_cookies_in_limits`, but treat that as a short-term workaround only.

  • securityRotate oauth2 HMAC secrets after upgrading

    The timing side-channel in HMAC verification means a patient attacker could have probed whether a given secret was valid. After upgrading, rotate your oauth2 HMAC secrets as a precaution — especially in internet-facing deployments. The AES-CBC crash fix is also relevant: the previous 1/256 spurious decryption success could cause unpredictable auth behavior, not just crashes.

  • breakingCookie-heavy workloads may see HTTP/2 stream resets

    The CVE-2026-47774 fix changes how cookies are counted against `mutable_max_request_headers_kb` and `max_headers_count`. Clients sending many cookies that were previously accepted may now hit limits and receive stream resets. Test your high-cookie traffic patterns in staging before rolling this to production, and review your header size limits to ensure they are set appropriately for your workloads.

Key changes (5)
  • CVE-2026-47774: HTTP/2 streams now reset when they exceed max header list size; uncompressed cookies count toward header limits to block HPACK cookie-bomb attacks
  • CVE-2026-27135: nghttp2 patch applied directly to address upstream vulnerability
  • oauth2: timing side-channel in HMAC verification fixed — could previously leak whether an HMAC secret was valid
  • oauth2: AES-CBC decryption crash fixed — a 1/256 chance of spurious success on secret mismatch was tripping an internal assertion
  • load_report: shutdown race condition with ADS stream resolved via proper gRPC stream cleanup
Source

Envoy

Networking & MessagingJun 4, 2026

v1.36.7 is a security-focused patch addressing two CVEs in HTTP/2 and an HPACK cookie-bomb attack vector in the oauth2 filter, plus a crash fix. Upgrade immediately.

  • securityPatch HTTP/2 CVEs now — two CVEs affect any HTTP/2-exposed Envoy

    CVE-2026-47774 enables a cookie-bomb attack where crafted HPACK-compressed cookies inflate to exhaust Envoy memory. After patching, cookies count toward `mutable_max_request_headers_kb` and `max_headers_count`. If you see legitimate requests being reset post-upgrade, the escape hatch is the `envoy.reloadable_features.http2_include_cookies_in_limits` flag — but audit your header size limits first rather than disabling the protection. CVE-2026-27135 is an nghttp2-layer fix with no workaround; you must upgrade.

  • securityAudit oauth2 filter deployments for timing and decryption exposure

    Two oauth2 bugs fixed here are subtle but serious. The timing side-channel in HMAC verification could allow an attacker to probe secret validity over many requests. The AES-CBC crash (1/256 chance on bad tokens) is a reliability issue that could be triggered deliberately. If you use the oauth2 filter with token cookies, treat this as a high-priority upgrade — there's no configuration workaround for either issue.

  • breakingReview header size limits before deploying — cookie counting is a behavior change

    Cookies previously excluded from header size accounting now count toward limits. In practice, applications with many or large cookies may hit `max_headers_count` or `mutable_max_request_headers_kb` and get HTTP/2 stream resets where they didn't before. Before rolling out, check your current limit configurations against real traffic cookie sizes. If you need time, the reloadable feature flag lets you defer the behavior change, but don't leave it disabled long-term.

Key changes (5)
  • CVE-2026-47774: HTTP/2 streams are now reset when they exceed max header list size; uncompressed cookies now count against header size/count limits to block HPACK cookie-bomb attacks
  • CVE-2026-27135: nghttp2 patch applied directly to the HTTP/2 stack
  • oauth2: timing side-channel in HMAC verification closed — could have leaked whether an HMAC secret was valid
  • oauth2: crash fixed where AES-CBC decryption could spuriously succeed (~1/256 probability) on a secret mismatch, triggering a HeaderString assertion
  • load_report: shutdown race condition with ADS stream resolved via proper gRPC stream cleanup
Source

NATS

Networking & MessagingJun 2, 2026

NATS v2.14.2 is a focused stability release fixing multiple JetStream data integrity issues, lock release bugs, and protocol corruption risks — upgrade if you run JetStream at any meaningful scale.

  • securityProtocol corruption vectors closed — critical for WebSocket and JetStream users

    Two protocol corruption bugs were fixed: one in $JS.ACK subject rewriting and one in compressed WebSocket client buffer handling. Either could produce malformed frames that corrupt stream state or client sessions. If you expose NATS WebSocket endpoints or rely heavily on JetStream ACKs, treat this as a security-adjacent stability issue and prioritize the upgrade.

  • breakingTwo separate lock-release bugs can cause silent hangs — patch now

    Both the filestore and consumer code paths had cases where locks were never released after specific error conditions (write errors and start sequence errors). In production this means stuck consumers or hung filestore operations that don't recover without a restart. If you've seen unexplained JetStream stalls, this is likely why. Upgrade to v2.14.2 immediately.

  • enhancementHigh subject-count streams no longer risk CPU spikes — no config change needed

    The filestore block skip check was triggering runaway CPU on streams with very high subject counts. The fix is automatic after upgrade — no configuration changes required. If you've been working around this with stream design compromises (e.g., artificially limiting subjects per stream), you can revisit those decisions after upgrading.

Key changes (5)
  • Protocol-level corruption fixed in two separate paths: $JS.ACK subject rewriting and compressed WebSocket buffer misuse
  • JetStream filestore lock bug fixed — a write error could leave the lock unreleased, causing hangs
  • Consumer lock also fixed — a start sequence error path failed to release its lock
  • Runaway CPU fix: filestore no longer runs block skip checks on streams with extremely high subject counts
  • Raft peer tracking corrected after inactivity stalls during catchup, and peer set drift fixed after online node removal
Source

NATS

Networking & MessagingJun 2, 2026

v2.12.10 is a focused bug-fix release addressing protocol corruption risks, JetStream Raft/quorum issues, and a CPU runaway bug in high-cardinality streams.

  • securityUpdate x/crypto and nkeys immediately

    This release bumps golang.org/x/crypto to v0.52.0 and nkeys to v0.4.16. These libraries handle cryptographic operations in NATS auth flows. Don't wait for scheduled maintenance — patch now, especially if your clusters are internet-exposed or use decentralized auth.

  • breakingProtocol corruption fixes require prompt upgrade for WebSocket and JetStream users

    Two separate protocol-level corruption bugs are fixed here: one in compressed WebSocket clients, one in $JS.ACK subject rewriting. Either can silently corrupt message framing. If you run WebSocket clients or any JetStream workload with acknowledgements, staying on 2.12.9 or earlier is a real risk. Upgrade servers first, then clients.

  • enhancementHigh-cardinality JetStream streams get a CPU safety fix — verify your config

    The block skip check on streams with very high subject counts could cause runaway CPU. That check is now disabled for those cases. If you've been seeing unexpected CPU spikes on JetStream nodes with streams containing millions of subjects, this is likely the culprit. After upgrading, also review Counter stream and message schedule configs — new constraints are enforced that may reject previously accepted but incorrect configurations.

Key changes (5)
  • Fixed protocol-level corruption from $JS.ACK subject rewriting and compressed WebSocket buffer misuse — both are data-safety issues
  • Raft peer tracking fixed after inactivity stalls during catchup, and peer-set drift after online node removal corrected
  • Quorum calculation bug fixed when gateway URLs resolve to multiple IPs — affects multi-datacenter deployments
  • Filestore no longer runs CPU hot on streams with extremely high subject counts (block skip check removed)
  • Go 1.25.10 and updated x/crypto, nkeys, and jwt/v2 dependencies
Source

gRPC

Networking & MessagingMay 29, 2026

gRPC v1.81.0 drops Python 3.9 and Ruby 3.1 support, fixes crash-level races on Windows and ARM, and adds AsyncIO observability for Python.

  • breakingPython 3.9 support dropped — check your runtime

    gRPC Python 1.81.0 drops Python 3.9 support. If your services still run on Python 3.9, stay on an older gRPC release until you can upgrade your runtime. Plan the Python version bump before pulling this release.

  • breakingRuby 3.1 support dropped — upgrade your Ruby runtime

    Ruby 3.1 has reached EOL and gRPC 1.81.0 drops support for it. If you're running Ruby 3.1 in production with gRPC, you'll need to upgrade to Ruby 3.2+ before adopting this release.

  • enhancementWindows and ARM stability fixes worth taking

    Two EventEngine fixes address a use-after-free and a race condition causing assertion errors on Windows, plus a completion queue shutdown race on ARM (weak memory model). If you run gRPC on Windows or ARM-based infrastructure, this release directly fixes stability issues that could cause crashes. Upgrade when stable.

Key changes (6)
  • Python 3.9 support removed — Python 3.10+ required going forward
  • Ruby 3.1 (EOL) support dropped — Ruby 3.2+ required
  • EventEngine: fixed use-after-free and assertion-error race on Windows
  • Fixed completion queue shutdown race condition on ARM (weak memory models)
  • gRPC Python now supports observability in the AsyncIO stack
  • grpc-status Python package: protobuf dependency upper bound relaxed to allow 7.x
Source

NATS

Networking & MessagingMay 20, 2026

NATS v2.14.1 is a substantial patch release fixing ~30 bugs across JetStream, clustering, and core messaging — several of them data-integrity and panic-level issues worth deploying promptly.

  • securitygolang.org/x/crypto bumped to v0.51.0 — update now if you embed nats-server

    The x/crypto and x/sys dependency updates often carry CVE fixes. If you embed nats-server as a Go library (common in edge/IoT deployments), rebuild and redeploy. For standard deployments, just upgrade the binary. Don't sit on this one — crypto library updates in a messaging server are not optional hygiene.

  • breakingReview the 2.14 Upgrade Guide before deploying — 2.13.x was skipped

    The release notes explicitly reference backwards-compatibility notes against 2.12.x, not 2.13.x, because that minor version was never released. If your team is running 2.12.x and skipped 2.13.x, read the 2.14 upgrade guide carefully before rolling out. Pay attention to JetStream consumer and stream API changes that may affect your clients.

  • enhancementUse the new client-traffic /varz metrics for baseline observability

    The four new metrics (in/out client msgs/bytes) give you a cleaner split between client traffic and internal cluster/leafnode chatter. Wire these into your Prometheus scrape or monitoring dashboard now to establish baselines. This is especially useful for capacity planning on servers that handle mixed client and cluster traffic, since previously you had to infer client load from total metrics.

Key changes (5)
  • 30+ bug fixes across JetStream Raft, consumer state, filestore encryption, and cluster routing
  • New /varz metrics (in_client_msgs, in_client_bytes, out_client_msgs, out_client_bytes) for client-only traffic visibility
  • Consumer redelivery drift fixed across multiple paths: workqueue streams, max_deliver, purge/compaction scenarios
  • Filestore block cache corruption on encryption mode conversion patched (critical data integrity fix)
  • TLS handshake timeout logs demoted to debug level, reducing operational noise in busy clusters
Source

NATS

Networking & MessagingMay 20, 2026

v2.12.9 is a dense bug-fix release targeting JetStream stability — covering Raft correctness, consumer state corruption, and filestore encryption bugs that could silently corrupt data.

  • securityUpdate: golang.org/x/crypto bumped to v0.51.0

    The x/crypto dependency was updated alongside Go 1.25.10. If your org tracks CVEs against transitive dependencies, verify your SBOM tooling picks this up. Upgrade to v2.12.9 to pull in the patched crypto library — there's no workaround at the application level.

  • breakingEncrypted JetStream users must upgrade — filestore corruption risk

    A bug in filestore encryption mode conversion could cause block-level corruption when switching encryption settings (PR #8105, #8166). If you've ever changed encryption mode on an existing stream, inspect those streams after upgrading. If corruption already occurred, you'll need to restore from a pre-conversion snapshot.

  • enhancementUse the new /varz client traffic metrics for capacity planning

    The four new metrics (in/out_client_msgs and in/out_client_bytes) let you separate actual client-facing load from internal cluster/leafnode traffic. Wire these into your Prometheus scrape now — they're directly useful for right-sizing clusters and spotting noisy clients without needing to parse per-connection data.

Key changes (5)
  • New /varz metrics (in_client_msgs, in_client_bytes, out_client_msgs, out_client_bytes) isolate client-only traffic from internal messaging
  • Fixed filestore encryption mode conversion that caused block-level corruption — critical for encrypted JetStream deployments
  • Fixed multiple consumer redelivered-state drift bugs affecting workqueue/interest streams with max_deliver, purges, and compactions
  • Deadlock fix in cluster info processing under Raft lock contention — relevant for busy clustered deployments
  • Raft correctness improvements: WAL truncation cache invalidation, checkpoint cancellation, truncated entry panics, and unknown peer removal
Source

Emissary-Ingress

Networking & MessagingMay 19, 2026

Emissary-Ingress v4.1.0 ships Envoy 1.37.2 and fixes a stale cache bug that caused Istio mTLS cert rotation to silently fail.

  • securityReview Envoy 1.37.x release notes before upgrading

    This upgrade spans Envoy 1.37.0 through 1.37.2, which includes security patches and potentially deprecated xDS fields. Pull up the Envoy 1.37.0, 1.37.1, and 1.37.2 changelogs and scan for any deprecated API fields or behavior changes that match your current Mapping/Ambassador configs before rolling out to production.

  • breakingStale config cache fix may change startup behavior

    The IR.check_deltas fix now triggers a full reconfigure when an empty-delta snapshot arrives with a cached state. In practice this means Emissary will re-push config to Envoy in scenarios where it previously did nothing. If you have automation or health checks that depend on the old (broken) quiet behavior during cert rotation windows, validate them in staging first.

  • enhancementUpgrade if you run Emissary alongside Istio

    If your cluster uses Istio and Emissary together, this fix directly addresses mTLS cert rotation failures (issue #4744). Stale certificates staying in the cache caused silent connectivity breakage during rotation events. Upgrading to v4.1.0 should eliminate those intermittent failures without any config changes on your part.

Key changes (3)
  • Envoy proxy upgraded from 1.36.2 to 1.37.2 (spans three Envoy minor releases)
  • Fixed IR.check_deltas bug: empty-delta snapshots now force a full reconfigure instead of holding stale cache entries
  • Istio mTLS certificate rotation failures caused by the stale cache issue are resolved
Source

Istio

Networking & MessagingMay 18, 2026

Istio 1.30 ships experimental AI-focused agentgateway, ambient mode CIDR support, a new TrafficExtension API, and tightened debug endpoint auth that breaks existing setups.

  • breakingDebug endpoint auth is on by default — audit your tooling now

    Port 15010 XDS debug endpoints now enforce authentication with ENABLE_DEBUG_ENDPOINT_AUTH=true as the default. Any internal tooling, dashboards, or scripts hitting syncz or config_dump without credentials will start failing after upgrade. Before upgrading, inventory everything that talks to port 15010 and either add auth or explicitly allowlist namespaces via DEBUG_ENDPOINT_AUTH_ALLOWED_NAMESPACES.

  • breakingStart migrating off WasmPlugin to TrafficExtension API

    TrafficExtension is now the primary extensibility API, replacing WasmPlugin. WasmPlugin isn't being removed immediately, but new features will land in TrafficExtension first. If you run Wasm extensions in production, plan a migration window and test TrafficExtension parity before 1.31 hardens the deprecation.

  • enhancementUse CIDR ServiceEntry in ambient mode to simplify external IP routing

    Previously, ambient mode required enumerating individual IP endpoints in ServiceEntry. CIDR support means you can now cover entire subnets — useful for external databases, on-prem services, or shared infrastructure with dynamic IPs. If you've been maintaining large lists of individual endpoints, consolidate them now and reduce operational overhead.

Key changes (5)
  • Experimental agentgateway: new Envoy-replacing data plane for AI/MCP traffic, enabled via PILOT_ENABLE_AGENTGATEWAY=true
  • Debug endpoints (syncz, config_dump) on port 15010 now require auth by default — ENABLE_DEBUG_ENDPOINT_AUTH=true is the new default
  • TrafficExtension API replaces WasmPlugin as the primary proxy extensibility mechanism for sidecars, gateways, and waypoints
  • Ambient mode gains CIDR support in ServiceEntry, optional XFCC synthesis at waypoints, and configurable HBONE window sizing
  • New sidecar-to-ambient migration guide published; migration is designed to be gradual and reversible
Source

Istio

Networking & MessagingMay 18, 2026

Istio 1.29.3 patches two security vulnerabilities — an AuthorizationPolicy bypass and a cross-namespace XDS config leak — alongside a multicluster deadlock fix and AWS EKS ambient mesh probe fix.

  • securityAudit AuthorizationPolicy rules using suffix-match principals or namespace selectors — patch immediately

    Regex metacharacters (., [, etc.) in source.principals and source.namespaces were embedded into Envoy SafeRegex unescaped. This means a policy allowing 'spiffe://cluster.local/ns/foo/sa/bar.admin' could inadvertently also match 'spiffe://cluster.local/ns/foo/sa/barXadmin'. Any service with suffix-based wildcard principal matching is potentially affected. Upgrade to 1.29.3 and review policies where principals or namespace values contain dots, brackets, or other regex metacharacters.

  • securityRotate access controls on XDS debug endpoints — any authenticated workload could read cross-namespace configs

    The /debug/syncz and /debug/config_dump endpoints served by StatusGen had no namespace boundary enforcement. An authenticated workload in namespace A could enumerate and read Envoy configs of workloads in namespace B. If you run multi-tenant clusters or expose istiod debug endpoints, assume cross-namespace config data may have been accessible. Upgrade immediately and audit who has accessed these endpoints via your API server audit logs.

  • breakingMulti-cluster operators: the secret controller deadlock fix may change behavior during cluster updates

    The deadlock in the multicluster secret controller was triggered during remote cluster updates. If your control plane has been experiencing hangs or stalls in multi-cluster scenarios, this fix resolves the root cause — but test your cluster join/leave workflows after upgrading to confirm expected behavior is restored.

Key changes (5)
  • Security fix: AuthorizationPolicy bypass via unescaped regex metacharacters in source.principals (suffix matches) and source.namespaces — legal Kubernetes names like 'foo.bar' could match unintended identities
  • Security fix: XDS debug endpoints (/debug/syncz, /debug/config_dump) now enforce same-namespace authorization — previously any authenticated workload could read config dumps across namespaces
  • Fixed deadlock in multicluster secret controller during remote cluster updates — critical for multi-cluster deployments
  • Fixed leaf certificate NotAfter time potentially exceeding the signing CA's expiration
  • AWS EKS ambient mesh fix: kubelet health probe failures for pods using Security Groups for Pods (branch ENI) resolved via new AMBIENT_ENABLE_AWS_BRANCH_ENI_PROBE flag (on by default)
Source

Linkerd

Networking & MessagingMay 15, 2026

Native sidecars promoted to GA and enabled by default, plus a security fix restricting Server resources from affecting workloads outside their namespace. Heavy dependency refresh across Rust and Go stacks.

  • securityServer namespace isolation fix — review cross-namespace Server resources immediately

    A fix was applied so that Server resources can no longer affect workloads in namespaces other than their own. If you have intentionally or accidentally created Server policies that were influencing workloads cross-namespace, those policies will silently stop applying after this upgrade. Audit your Server resources across all namespaces and verify that authorization policies still behave as expected post-upgrade. The risk of misconfigured over-broad policies is reduced, but any reliance on the previous behavior will break.

  • breakingNative sidecars are now on by default — audit your cluster before upgrading

    Native sidecar support (using Kubernetes init containers with restartPolicy: Always) is now GA and enabled by default. If your cluster runs Kubernetes < 1.29, native sidecars are unsupported and this will break injection. Even on supported versions, verify that any tooling, admission webhooks, or pod lifecycle assumptions in your workloads are compatible. Test in a staging environment before rolling out to production. If you need the old behavior, explicitly disable the feature flag during install/upgrade.

  • enhancementConfigure honorTimestamps on the linkerd-proxy PodMonitor

    If you're using the Prometheus Operator and have timestamp alignment issues in your Linkerd proxy metrics (e.g., stale or out-of-order samples), you can now set honorTimestamps in the Helm chart for the linkerd-proxy PodMonitor. This is a quality-of-life win for teams with strict metric ingestion pipelines. Set it explicitly during your next Helm upgrade rather than leaving it at the default.

Key changes (6)
  • Native sidecar injection promoted to GA and now enabled by default — no more feature gate needed
  • Security fix: Server resources are now restricted from affecting workloads in other namespaces
  • Gateway liveness synchronization improved for multi-cluster setups
  • rustls bumped to 0.23.40, openssl and aws-lc-rs updated — crypto stack refreshed
  • Proxy updated to v2.352.0, Go toolchain to 1.25.10, Helm to 3.21.0
  • PodMonitor honorTimestamps now configurable for linkerd-proxy metrics scraping
Source

Cilium

Networking & MessagingMay 13, 2026

Cilium v1.19.4 is a stability-focused patch release with 20+ bug fixes covering crash prevention, IPsec reliability, and Cluster Mesh correctness — upgrade if you run any of those features.

  • securityUpdate moby/spdystream dependency (security fix included)

    This release bumps github.com/moby/spdystream to v0.5.1 as a security fix. The dependency is used in Kubernetes API communication paths. No CVE number is listed in the release notes, but treat this as a prompt to upgrade — staying on v1.19.3 leaves the exposure open.

  • breakingHand-managed EndpointSlices need service-proxy-name label added

    If you set --k8s-service-proxy-name and manage EndpointSlices manually, those slices will now be filtered OUT at the watch level unless they carry the matching service.kubernetes.io/service-proxy-name label. After upgrading, any untagged hand-managed slice becomes invisible to Cilium, causing traffic drops. Audit your EndpointSlices before upgrading and stamp the label on any that are missing it.

  • enhancementPrioritize upgrade if you run IPsec, WireGuard, or Cluster Mesh

    Three distinct data-plane reliability fixes land here: IPsec packet drops during rolling key rotation, WireGuard silent packet loss under constrained MTU with IPv6, and Cluster Mesh missing backends for multi-port services. Any of these can cause hard-to-diagnose intermittent connectivity issues. If your environment uses any of these features, this patch should move to the front of your upgrade queue.

Key changes (5)
  • Agent no longer crashes on transient network errors during CiliumNode updates — retries instead of calling Fatal
  • IPsec rolling restarts with key rotation fixed: SPI advertisement now deferred until XFRM states are ready, eliminating packet drops
  • WireGuard MTU clamped to IPv6 minimum (1280) when IPv6 is enabled, preventing silent packet loss in tunnel+encryption setups
  • EndpointSlice watch now filtered by service-proxy-name label at the watch level — operators with hand-managed slices must add the label
  • Cluster Mesh: missing global service backends restored when multiple service ports share the same target port
Source

Cilium

Networking & MessagingMay 13, 2026

v1.17.16 patches a cross-namespace traffic hijacking vulnerability in CiliumLocalRedirectPolicy, fixes an IPsec panic on malformed input, and resolves a static pod identity resolution bug.

  • securityAudit LRP addressMatcher configs before upgrading

    The LRP addressMatcher change fixes a real attack vector: a policy in one namespace could previously override a Service frontend and redirect traffic cross-namespace. After upgrading, any LRP that was relying on this override behavior will stop working silently — traffic won't redirect as expected. Before upgrading, audit your CiliumLocalRedirectPolicy objects for addressMatcher entries that overlap with existing Service frontends. If you legitimately need the old behavior, set --enable-lrp-address-matcher-override=true, but treat that as a temporary measure and redesign the policy.

  • securityUpgrade if running IPsec — agent crash risk on malformed input

    The parseSPI panic means a malformed IPsec packet could crash the Cilium agent, taking down networking on that node. This is a low-complexity denial-of-service risk for any cluster using Cilium's IPsec transparent encryption. Upgrade to v1.17.16 promptly if IPsec is enabled in your environment.

  • breakingLRP addressMatcher behavior change is not fully backward-compatible

    This is a behavior change, not just a bug fix. If you have CiliumLocalRedirectPolicies using addressMatcher that overlap with Service ClusterIPs or external IPs, those policies will now be rejected or ignored where they previously worked. Test your LRP configurations in a non-production environment before rolling this upgrade out. The opt-in flag --enable-lrp-address-matcher-override=true exists, but using it means you are accepting the previously-vulnerable behavior.

Key changes (5)
  • CiliumLocalRedirectPolicy addressMatcher now blocks overriding existing Service frontends — prevents cross-namespace traffic hijacking and service-map corruption; legacy behavior requires opt-in flag
  • IPsec: fixed panic in parseSPI when processing malformed SPI input — previously could crash the agent
  • Static pod endpoint identity resolution fixed for cases where CNI pod UID differs from the Kubernetes mirror pod UID
  • Cluster-pool IPAM metrics for CiliumNode synchronization now properly registered with Kubernetes
  • Security dependency update: moby/spdystream bumped to v0.5.1 (security fix)
Source

Cilium

Networking & MessagingMay 13, 2026

Cilium v1.18.10 is a stability-focused patch release fixing agent crashes, IPsec panics, Cluster Mesh backend gaps, and a data race in IPAM — all backported from upstream.

  • securitymoby/spdystream and x/net security updates are included

    This release pulls in a security fix for github.com/moby/spdystream and bumps x/net to v0.53. Both are network-layer dependencies. If your policy or threat model tracks transitive dependency CVEs, this patch justifies the upgrade on its own.

  • breakingUpgrade encrypted clusters to fix IPsec panic risk

    A panic in parseSPI on malformed IPsec input could crash the agent on nodes running encrypted traffic. If you use IPsec encryption, treat this as a priority upgrade — a malformed packet or misconfigured peer can take down the agent process entirely.

  • enhancementCluster Mesh users with shared target ports should upgrade

    The missing global service backends bug silently dropped backends from services where multiple ports mapped to the same target port. Traffic would route correctly within a single cluster but fail cross-cluster. Upgrade and verify affected services post-rollout using hubble observe or service endpoint inspection.

Key changes (5)
  • Agent no longer crashes fatally on transient network errors during CiliumNode updates — it retries instead
  • IPsec panic on malformed SPI input fixed, preventing node-level disruption in encrypted clusters
  • Cluster Mesh now correctly propagates global service backends when multiple ports share the same target port
  • CiliumLocalRedirectPolicy no longer hijacks an existing Service frontend before its backend pods are Ready
  • Data race in MultiPoolManager IPAM node updates resolved; x/net bumped to v0.53 for security
Source

Linkerd

Networking & MessagingMay 1, 2026

A routine edge release dominated by dependency bumps, with two meaningful bug fixes: multicluster service cleanup now respects namespaces, and a CLI gateway API version correction.

  • securityRust TLS stack updated — aws-lc-rs, rustls-webpki, rustls-pki-types all bumped

    Several TLS-adjacent crates were updated in one shot: aws-lc-rs 1.16.3, rustls-webpki 0.103.13, and rustls-pki-types 1.14.1. No CVEs are called out explicitly, but these are the cryptographic underpinnings of Linkerd's mTLS. If you're in a security-sensitive environment, this is a good reason to pull this edge over older ones.

  • breakingKubernetes 1.31 is now the minimum supported version

    The MSKV bump to 1.31 means clusters running 1.30 or older are no longer in the supported envelope. Check your cluster versions before adopting this edge release — if you're still on 1.30, upgrade Kubernetes first or hold on this Linkerd edge.

  • enhancementFix multicluster namespace-scoped service cleanup before upgrading

    If you run Linkerd multicluster and have services spread across multiple namespaces, the previous cleanup logic could operate beyond its intended namespace scope. This fix is a correctness improvement — after upgrading, verify your mirrored services are in the expected state, especially if you've seen unexpected service deletions or stale mirrors in non-default namespaces.

Key changes (6)
  • Multicluster service cleanup logic now correctly scopes to namespaces, preventing cross-namespace service deletion bugs
  • CLI user instructions now reference the correct Gateway API version
  • New Helm value `gateway.healthCheckNodePort` added for gateway deployments
  • Destination controller refactored to use shared-filtering logic
  • Minimum supported Kubernetes version (MSKV) bumped to 1.31
  • Multiple Rust dependency updates: hyper 1.9.0, tokio 1.52.1, aws-lc-rs 1.16.3, rustls-webpki 0.103.13
Source

NATS

Networking & MessagingApr 30, 2026

NATS v2.14.0 (skipping 2.13.x) brings JetStream scheduling, fast-ingest batch publishing, consumer reset API, and critical Raft data-loss fixes. Review the upgrade guide before deploying.

  • breakingRead the 2.14 Upgrade Guide — 2.13.x was skipped

    This release jumps from 2.12.x to 2.14.x. The upgrade guide covers backwards compatibility breaks you must address. If you use ACLs on JetStream ACK or flow control subjects, the new domain-aware format ($JS.ACK.domain.acchash.stream.consumer.>) is disabled by default now but becomes the default in v2.15 — start updating your ACL rules now so the v2.15 upgrade isn't a fire drill.

  • breakingRaft startup now fails on corrupt/missing snapshots — test your recovery procedures

    Previously, a node with a corrupt or misaligned snapshot might start silently with bad state. Now it refuses to start. This is the right behavior, but if you have any clusters with questionable disk health or have experienced unclean shutdowns, validate your snapshot integrity before rolling this upgrade out. Ensure your ops runbook covers the recovery path for this scenario.

  • enhancementConsumer Reset API removes a painful operational pattern

    Rewinding a consumer previously meant deleting and recreating it — disruptive and error-prone. The new $JS.API.CONSUMER.RESET API lets you move a consumer back to an earlier sequence in place. If you maintain any tooling or runbooks that handle consumer rewind or replay scenarios, update them to use this API. It's also useful for incident recovery workflows.

Key changes (5)
  • Fast-ingest batch publishing for high-throughput JetStream workloads (ADR-50)
  • Repeating/cron-based message schedules via Nats-Schedule header (ADR-51)
  • Consumer reset API — rewind a consumer without delete/recreate
  • Domain-aware ACK/FC subjects (js_ack_fc_v2 flag, becomes default in v2.15)
  • Raft nodes no longer start on missing/corrupt snapshots, preventing silent data loss
Source

Strimzi

Networking & MessagingApr 28, 2026

Strimzi 1.0.0 drops all pre-v1 CRD APIs — this is a hard requirement before upgrading. Also adds Kafka 4.1.2 support, TLS on the HTTP Bridge, and environment-variable-based rack awareness.

  • breakingConvert all CRDs to v1 API before upgrading — no exceptions

    Strimzi 1.0.0 flat-out removes v1beta2, v1beta1, and v1alpha1. If any of your custom resources still use those API versions, the operator will not reconcile them after upgrade. Run the CRD conversion procedure documented by Strimzi before touching anything else. This applies to KafkaTopic and KafkaUser resources too, which had their own v1alpha1/v1beta1 versions. Skipping this step will break your cluster management silently.

  • enhancementSwitch rack awareness to environment-variable type to drop ClusterRoleBindings

    The new type: environment-variable rack awareness reads topology from env vars rather than querying the Kubernetes API, which means it no longer needs ClusterRoleBindings. If you're running in environments with tight RBAC policies or multi-tenant clusters, this is worth migrating to. Review your Kafka CR's rack configuration and update the type field — no other infrastructure changes needed.

  • enhancementUseConnectBuildWithBuildah is now on by default — verify your Connect build pipelines

    This feature gate moving to beta means Buildah is now the default build tool for Kafka Connect connector builds. If you've been relying on Kaniko-specific behavior or have custom build configurations, test your Connect builds in a non-production environment after upgrading. The Buildah image is pinned in the release, so the toolchain is stable, but behavioral differences in layer caching or registry auth handling could surface.

Key changes (5)
  • v1beta2, v1beta1, and v1alpha1 CRD APIs removed — only v1 API is supported going forward
  • Kafka 4.1.2 added; Kafka 4.2.0 image also included in this release
  • TLS/SSL support added to the HTTP Bridge
  • New environment-variable rack awareness type eliminates the need for ClusterRoleBindings
  • UseConnectBuildWithBuildah feature gate promoted to beta and enabled by default
Source
Older →