.. _version_history_1.35.13: 1.35.13 (June 23, 2026) ======================== Incompatible behavior changes ----------------------------- *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required* * **build**: The contrib extension ``envoy.network.connection_balance.dlb`` (Intel DLB connection balancer) has been disabled at the Bazel layer for all builds and platforms due to a breakage at the source archive. See https://github.com/envoyproxy/envoy/issues/45491 for local workarounds. Bug fixes --------- *Changes expected to improve the state of the world and are unlikely to have negative effects* * **dns_filter**: Fix `CVE-2026-48497 `_ Fix sanity checking of the query name length to avoid abnormal process termination. Use ``ENVOY_BUG`` in case sanity check fails. * **ext_proc**: Fix: `CVE-2026-47207 `_ Fixed a bug when the ext_proc server sends packed unexpected ProcessingResponses to Envoy. * **grpc_stats**: Fix: `CVE-2026-47204 `_ Fixed a crash or use-after-free when gRPC stats filter performs stat tracking on a direct response route. * **json**: Fix: `CVE-2026-48042 `_ Limit JSON nesting depth at 1000. The limit could be relaxed to 10K by setting the ``envoy.reloadable_features.limit_json_parser_nesting_depth`` to ``false``. * **oauth2**: Fix: `CVE-2026-47775 `_ Addressed a padding oracle in the OAuth2 filter's AES-256-CBC cookie decryption. The filter now supports AES-256-GCM encryption with a ``gcm.`` algorithm marker, which authenticates the ciphertext and removes the oracle. **The fix is opt-in to keep rolling upgrades safe.** On upgrade, the default behaviour is unchanged: cookies are still encrypted with AES-256-CBC and the CBC decrypt path is still reachable, so existing sessions and mixed-version clusters keep working. Two runtime flags control the migration: * ``envoy.reloadable_features.oauth2_use_gcm_encryption`` (default ``false``) — when set to ``true``, ``encrypt()`` produces AES-256-GCM ciphertexts prefixed with ``gcm.``. While ``false`` (the default), ``encrypt()`` continues to emit AES-256-CBC ciphertexts with no prefix, wire-compatible with older instances. * ``envoy.reloadable_features.oauth2_legacy_cbc_decrypt_compat`` (default ``true``) — when ``true``, ``decrypt()`` accepts both ``gcm.``-prefixed cookies (via GCM) and legacy cookies (via the legacy CBC fallback). When set to ``false``, only ``gcm.``-prefixed cookies decrypt, legacy CBC cookies are rejected and the affected users are redirected to the OAuth server to re-authenticate. While the CBC fallback is reachable, it partially reopens CVE-2026-47775. You should set ``envoy.reloadable_features.oauth2_use_gcm_encryption`` to ``true`` once you have ensured that all instances in your cluster are capable of decrypting GCM-encrypted cookies. And then, you could set ``envoy.reloadable_features.oauth2_legacy_cbc_decrypt_compat`` to ``false`` to disable the legacy CBC decryption path at appropriate time. **Never set ``envoy.reloadable_features.oauth2_legacy_cbc_decrypt_compat`` to ``false`` before you have enabled ``envoy.reloadable_features.oauth2_use_gcm_encryption``.** Both flags and the AES-256-CBC code paths are scheduled for removal once the migration window has elapsed. The OAuth2 filter exposes a new counter ``oauth_legacy_cbc_decrypt`` that increments each time a cookie is successfully decrypted via the legacy CBC fallback. Operators should watch this stat decay to zero across the migration window before flipping ``oauth2_legacy_cbc_decrypt_compat`` to ``false``. * **oauth2**: Fix: `CVE-2026-48090 `_ Fixed a bug where the asyncronous token change callback could be triggered after the filter had been torn down (``onDestroy()`` had been called), which could lead to access dangling pointers and result in UAF/crash. * **proxy_protocol**: Fix: `CVE-2026-47692 `_ Fixed a bug where passthrough TLVs combined with added TLVs could exceed the maximum length, resulting in a mismatch between the size reported in the header and the number of bytes written. This could allow a smuggled request from the host writing the PROXY protocol header to the upstream host. This behavioral change can be reverted by setting the runtime guard ``envoy.reloadable_features.proxy_protocol_remove_too_long_tlvs`` to ``false``. * **quic**: Fix: `CVE-2026-48743 `_. Validate HTTP/3 headers-only request and response content-length, and reset stream if inconsistent. The change is guarded by runtime guard ``envoy.reloadable_features.quic_validate_headers_only_content_length``. * **quic**: Fix: `GHSA-p7c7-7c47-pwch `_ Denial-of-Service Attack Against the HTTP/3 Stack via QPACK Blocked Decoding. * **router**: Fix: `CVE-2026-47221 `_ Fixed an issue when handling HTTP 303 internal redirects for body-less requests. The redirect handling code attempted to drain a request body buffer that was never allocated, causing a segmentation fault. * **tcp_statsd_sync**: Fix: `CVE-2026-48706 `_ Fixed a TcpStatsdSync buffer overflow issue with large stats name. * **tls**: Fix: [CVE-2026-47778](https://github.com/envoyproxy/envoy/security/advisories/GHSA-f8x4-rw5x-f3r7) Fixes an issue where Envoy could fail to validate the Subject Alternative Name (SAN) of a peer certificate if the SAN contained an embedded NUL byte. Previously, the SAN parsing was vulnerable to NUL byte truncation in some configurations, potentially leading to incorrect trust decisions. * **wasm**: Bump ``com_github_wasmtime`` to resolve CVE-2026-47261. * **zstd**: Fix: `CVE-2026-48044 `_ Fixed a memory exhaustion vulnerability in the Zstd decompressor where the ``MaxInflateRatio`` limit was only checked after each input slice was fully processed, allowing a maliciously crafted compressed payload to expand to hundreds of MB within a single ``process()`` call. The inflate ratio limit is now enforced inside the inner decompression loop, matching the gzip and brotli decompressors and aborting decompression as soon as the threshold is breached.