Envoy
v1.37.1Networking & MessagingEnvoy v1.37.1 is a critical security patch addressing five CVEs including crash vulnerabilities and RBAC bypasses. Teams running production Envoy should prioritize immediate updates.
securityApply critical CVE fixes immediately
Five CVEs fixed including crash conditions in rate limiting and IPv6 handling, plus an RBAC bypass. Test your deployment in staging first, then schedule emergency maintenance to update production clusters within 24-48 hours.
enhancementReview OAuth2 and ext_authz configurations
If you use OAuth2 refresh tokens, verify host header behavior works correctly after the fix. For ext_authz users, check that error handling now properly respects your status_on_error settings and denied response headers reach clients as expected.
enhancementValidate ext_proc filter chains
Multiple ext_proc filters in a chain now work correctly. If you previously avoided chaining due to bugs, test this functionality in your development environment to simplify complex processing pipelines.
主な変更 (5)
- Fixed five security vulnerabilities including rate limit crash, multivalue header RBAC bypass, and IPv6 address crash
- Resolved OAuth2 host header rewriting issue affecting refresh token requests
- Enhanced ext_proc filter to support multiple filters in chain configuration
- Improved ext_authz error handling for 5xx responses and proper header propagation
- Introduced extended ABI forward compatibility for dynamic modules