1.35.4 (October 14, 2025)
Bug fixes
Changes expected to improve the state of the world and are unlikely to have negative effects
dependency: Resolve dependency CVEs: - CVE-2025-0913: fips/go - CVE-2024-25176: luajit - CVE-2024-25177: luajit - CVE-2024-25178: luajit - CVE-2025-27817: kafka - CVE-2025-27818: kafka.
tls_inspector: Fixed regression in tls_inspector that caused plain text connections to be closed if more than 16Kb is read at once. This behavior can be reverted by setting the runtime guard
envoy.reloadable_features.tls_inspector_no_length_check_on_errorto false.
New features
tls_inspector: Added dynamic metadata when failing to parse the
ClientHello.