Merge pull request #445 from envoyproxy/auto-merge-release-v1-35

github-actions[bot] · web-flow · commit 2f89cd32151a · 2025-12-10T19:03:43.000Z
auto-merge envoyproxy/envoy[release/v1.35] into envoyproxy/envoy-openssl[release/v1.35]
diff --git a/VERSION.txt b/VERSION.txt
@@ -1 +1 @@
-1.35.8-dev
+1.35.9-dev
diff --git a/changelogs/1.33.14.yaml b/changelogs/1.33.14.yaml
@@ -0,0 +1,16 @@
+date: December 9, 2025
+
+bug_fixes:
+- area: dns
+  change: |
+    Update c-ares to version 1.34.6 to resolve CVE-2025-0913.
+
+    Use-after-free in c-ares can crash Envoy via compromised or malfunctioning DNS.
+
+    advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-fg9g-pvc4-776f.
+
+new_features:
+- area: dns
+  change: |
+    Update c-ares to version 1.34.4. This upgrade exposes ``ares_reinit()`` which allows the reinitialization of c-ares channels,
+    among several other new features, bug-fixes, etc.
diff --git a/changelogs/1.34.12.yaml b/changelogs/1.34.12.yaml
@@ -0,0 +1,10 @@
+date: December 10, 2025
+
+bug_fixes:
+- area: dns
+  change: |
+    Update c-ares to version 1.34.6 to resolve CVE-2025-0913.
+
+    Use-after-free in c-ares can crash Envoy via compromised or malfunctioning DNS.
+
+    advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-fg9g-pvc4-776f.
diff --git a/changelogs/1.35.8.yaml b/changelogs/1.35.8.yaml
@@ -0,0 +1,10 @@
+date: December 10, 2025
+
+bug_fixes:
+- area: dns
+  change: |
+    Update c-ares to version 1.34.6 to resolve CVE-2025-0913.
+
+    Use-after-free in c-ares can crash Envoy via compromised or malfunctioning DNS.
+
+    advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-fg9g-pvc4-776f.
diff --git a/changelogs/current.yaml b/changelogs/current.yaml
@@ -8,14 +8,6 @@ minor_behavior_changes:
 
 bug_fixes:
 # *Changes expected to improve the state of the world and are unlikely to have negative effects*
-- area: dns
-  change: |
-    Update c-ares to version 1.34.6 to resolve CVE-2025-0913.
-
-    Use-after-free in c-ares can crash Envoy via compromised or malfunctioning DNS.
-
-    advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-fg9g-pvc4-776f.
-
 
 removed_config_or_runtime:
 # *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
diff --git a/changelogs/summary.md b/changelogs/summary.md
@@ -1,12 +0,0 @@
-**Summary of changes**:
-
-* Security updates:
-
-  Resolve dependency CVEs:
-  - c-ares/CVE-2025-0913:
-      Use after free can crash Envoy due to malfunctioning or compromised DNS.
-
-While a potentially severe bug in some cloud environments, this has limited exploitability
-as any attacker would require control of DNS.
-
-Envoy advisory is here https://github.com/envoyproxy/envoy/security/advisories/GHSA-fg9g-pvc4-776f
diff --git a/docs/inventories/v1.33/objects.inv b/docs/inventories/v1.33/objects.inv
diff --git a/docs/inventories/v1.34/objects.inv b/docs/inventories/v1.34/objects.inv
diff --git a/docs/inventories/v1.35/objects.inv b/docs/inventories/v1.35/objects.inv
diff --git a/docs/versions.yaml b/docs/versions.yaml
@@ -26,6 +26,6 @@
 "1.30": 1.30.11
 "1.31": 1.31.10
 "1.32": 1.32.13
-"1.33": 1.33.13
-"1.34": 1.34.11
-"1.35": 1.35.6
+"1.33": 1.33.14
+"1.34": 1.34.12
+"1.35": 1.35.7
