1.35.12 (June 10, 2026)

Bug fixes

Changes expected to improve the state of the world and are unlikely to have negative effects

runtime: Fixed a bug where removing an RTDS override for an envoy.reloadable_features runtime guard updated the admin runtime view but left the process-wide runtime guard set to the previous overridden value.

http2: Added envoy.reloadable_features.http2_max_cookies_size_in_kb runtime value to set the limit on the contents of the re-assembled cookie header. By default there is no limit on the cookie size.
http2: Added histograms for HTTP/2 header stats, tracking total count of header entries received (including individual cookie headers), total byte size of header map entries, total length of the re-assebled cookie header and total count of individual cookie headers. Histograms are disabled by default and can be enabled by setting the runtime guard envoy.reloadable_features.http2_record_histograms to true. The histograms and the runtime guard will be removed in a future release of Envoy.