04640ed9cc
* Security fixes:
- CVE-2025-64527: Envoy crashes when JWT authentication is configured with the remote JWKS fetching
- CVE-2025-66220: TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte
- CVE-2025-64763: Potential request smuggling from early data after the CONNECT upgrade
**Docker images**:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.34.11
**Docs**:
https://www.envoyproxy.io/docs/envoy/v1.34.11/
**Release notes**:
https://www.envoyproxy.io/docs/envoy/v1.34.11/version_history/v1.34/v1.34.11
**Full changelog**:
https://github.com/envoyproxy/envoy/compare/v1.34.10...v1.34.11
|
||
|---|---|---|
| .bazelci | ||
| .devcontainer | ||
| .github | ||
| .vscode | ||
| api | ||
| bazel | ||
| changelogs | ||
| ci | ||
| configs | ||
| contrib | ||
| distribution | ||
| docs | ||
| envoy | ||
| maintainer | ||
| mobile | ||
| restarter | ||
| security | ||
| source | ||
| support | ||
| test | ||
| third_party/android | ||
| tools | ||
| .bazelignore | ||
| .bazelrc | ||
| .bazelversion | ||
| .clang-format | ||
| .clang-tidy | ||
| .coveragerc | ||
| .dockerignore | ||
| .flake8 | ||
| .gitattributes | ||
| .gitignore | ||
| .style.yapf | ||
| .yamllint | ||
| .yapfignore | ||
| API_VERSION.txt | ||
| BACKPORTS.md | ||
| BUILD | ||
| CODE_OF_CONDUCT.md | ||
| CODEOWNERS | ||
| CONTRIBUTING.md | ||
| DCO | ||
| DEPENDENCY_POLICY.md | ||
| DEPRECATED.md | ||
| DEVELOPER.md | ||
| EXTENSION_POLICY.md | ||
| go.mod | ||
| go.sum | ||
| GOVERNANCE.md | ||
| LICENSE | ||
| NOTICE | ||
| OWNERS.md | ||
| PULL_REQUEST_TEMPLATE.md | ||
| PULL_REQUESTS.md | ||
| pytest.ini | ||
| README.md | ||
| releases.asc | ||
| RELEASES.md | ||
| REPO_LAYOUT.md | ||
| repokitteh.star | ||
| reviewers.yaml | ||
| rustfmt.toml | ||
| SECURITY-INSIGHTS.yml | ||
| SECURITY.md | ||
| STYLE.md | ||
| VERSION.txt | ||
| WORKSPACE | ||
Cloud-native high-performance edge/middle/service proxy
Envoy is hosted by the Cloud Native Computing Foundation (CNCF). If you are a company that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF. For details about who's involved and how Envoy plays a role, read the CNCF announcement.
Documentation
- Official documentation
- FAQ
- Example documentation
- Blog about the threading model
- Blog about hot restart
- Blog about stats architecture
- Blog about universal data plane API
- Blog on Lyft's Envoy dashboards
Related
- data-plane-api: v2 API definitions as a standalone repository. This is a read-only mirror of api.
- envoy-perf: Performance testing framework.
- envoy-filter-example: Example of how to add new filters and link to the main repository.
Contact
- envoy-announce: Low frequency mailing list where we will email announcements only.
- envoy-security-announce: Low frequency mailing list where we will email security related announcements only.
- envoy-users: General user discussion.
- envoy-dev: Envoy developer discussion (APIs, feature design, etc.).
- envoy-maintainers: Use this list to reach all core Envoy maintainers.
- Twitter: Follow along on Twitter!
- Slack: Slack, to get invited go here.
- NOTE: Response to user questions is best effort on Slack. For a "guaranteed" response please email envoy-users@ per the guidance in the following linked thread.
Please see this email thread for information on email list usage.
Contributing
Contributing to Envoy is fun and modern C++ is a lot less scary than you might think if you don't have prior experience. To get started:
- Contributing guide
- Beginner issues
- Build/test quick start using docker
- Developer guide
- Consider installing the Envoy development support toolchain, which helps automate parts of the development process, particularly those involving code review.
- Please make sure that you let us know if you are working on an issue so we don't duplicate work!
Community Meeting
The Envoy team has a scheduled meeting time twice per month on Tuesday at 9am PT. The public Google calendar is here. The meeting will only be held if there are agenda items listed in the meeting minutes. Any member of the community should be able to propose agenda items by adding to the minutes. The maintainers will either confirm the additions to the agenda, or will cancel the meeting within 24 hours of the scheduled date if there is no confirmed agenda.
Security
Security Audit
There has been several third party engagements focused on Envoy security:
- In 2018 Cure53 performed a security audit, full report.
- In 2021 Ada Logics performed an audit on our fuzzing infrastructure with recommendations for improvements, full report.
Reporting security vulnerabilities
If you've found a vulnerability or a potential vulnerability in Envoy please let us know at envoy-security. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.
For further details please see our complete security release process.
ppc64le builds
Builds for the ppc64le architecture or using aws-lc are not covered by the envoy security policy. The ppc64le architecture is currently best-effort and not maintained by the Envoy maintainers.
Releases
For further details please see our release process.