Download Latest Version v1.34.4 source code.zip (31.0 MB)
Email in envelope

Get an email when there's a new version of Envoy

Home / v1.35.0
Name Modified Size InfoDownloads / Week
Parent folder
envoy-contrib-1.35.0-linux-x86_64 2025-07-23 110.4 MB
0
debs.tar.gz 2025-07-23 760.2 MB
0
checksums.txt.asc 2025-07-23 1.5 kB
0
envoy-1.35.0-linux-aarch_64 2025-07-23 82.5 MB
0
envoy-1.35.0-linux-x86_64 2025-07-23 85.2 MB
0
envoy-contrib-1.35.0-linux-aarch_64 2025-07-23 101.9 MB
0
README.md 2025-07-23 3.0 kB
0
v1.35.0 source code.tar.gz 2025-07-23 24.8 MB
0
v1.35.0 source code.zip 2025-07-23 31.4 MB
3 3 weekly downloads
Totals: 9 Items   1.2 GB 3

Summary of changes:

  • Security:
  • Fixed TLS inspector handling of client hello messages larger than 16KB.

  • Fixed bug where empty trusted CA files were accepted, causing validation of any certificate chain.

  • Build:

  • Major: Upgraded to C++20, enabling modern C++ features throughout the codebase.
  • Consolidated clang/gcc toolchains using --config=clang or --config=gcc.

  • Breaking: Removed grpc_credentials/aws_iam extension and contrib squash filter.

  • HTTP:

  • Added x-envoy-original-host header to record original host values before mutation.
  • Added HTTP/3 pseudo header validation (disable via envoy.restart_features.validate_http3_pseudo_headers).
  • Fixed HTTP/1 parser to properly handle newlines between requests per RFC 9112.

  • Added request/response trailer mutations support in header mutation filter.

  • Load balancing:

  • Added override host load balancing policy.
  • Added hash policy configuration directly to ring hash and maglev load balancers.

  • Added matcher-based cluster specifier plugin for dynamic cluster selection.

  • External processing:

  • Added FULL_DUPLEX_STREAMED body mode for bidirectional streaming.
  • Implemented graceful gRPC side stream closing with timeout.

  • Added per-route failure_mode_allow override support.

  • Wasm:

  • Update v8 and wasmtime dependencies to resolve multiple CVEs

  • Authentication:

  • Added OAuth2 token encryption, configurable token expiration, and OIDC logout support.
  • Added API key auth filter with forwarding configuration.

  • Added AWS IAM Roles Anywhere support.

  • Observability:

  • Added TLS certificate expiration metrics.
  • Enhanced transport tap with streaming trace capability.
  • Added JA4 fingerprinting to TLS inspector.

  • Added TCP tunneling access log substitution strings.

  • New features:

  • Dynamic modules: Added support for LocalityLbEndpoints metadata and SSL connection info attributes.
  • Stateful session cookie attributes and envelope mode support.
  • Redis proxy AWS IAM authentication and scan/info command support.
  • Lua filter access to filter context and typed metadata.

  • ServerNameMatcher for trie-based domain matching.

  • Notable fixes:

  • Fixed Wasm hang after VM crash in request callbacks.
  • Fixed Lua filter crash when removing status header.
  • Fixed connection pool capacity calculation issues.
  • Improved TCP proxy retry logic to avoid connection issues.

Docker images: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.35.0 Docs: https://www.envoyproxy.io/docs/envoy/v1.35.0/ Release notes: https://www.envoyproxy.io/docs/envoy/v1.35.0/version_history/v1.35/v1.35.0 Full changelog: https://github.com/envoyproxy/envoy/compare/v1.34.0...v1.35.0

Signed-off-by: Ryan Northey ryan@synca.io Signed-off-by: Rohit Agrawal rohit.agrawal@databricks.com

Source: README.md, updated 2025-07-23