<?xml version="1.0" encoding="UTF-8"?>
<!-- AUTOGENERATED FILE. DO NOT EDIT. -->
<feed xmlns="http://www.w3.org/2005/Atom">
  <id>tag:google.com,2016:servicemesh-release-notes</id>
  <title>Cloud Service Mesh - Release notes</title>
  <link rel="self" href="https://docs.cloud.google.com/feeds/servicemesh-release-notes.xml"/>
  <author>
    <name>Google Cloud Platform</name>
  </author>
  <updated>2026-07-06T00:00:00-07:00</updated>

  <entry>
    <title>July 06, 2026</title>
    <id>tag:google.com,2016:servicemesh-release-notes#July_06_2026</id>
    <updated>2026-07-06T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#July_06_2026"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Feature</h3>
<p>The <a href="https://docs.cloud.google.com/service-mesh/docs/data-plane-extensibility#typegoogleapiscomenvoyextensionsfiltershttpcompressorv3compressor">Envoy Compressor Filter</a>
is now GA in the regular release channel.</p>
<h3>Feature</h3>
<p>The <a href="https://docs.cloud.google.com/service-mesh/docs/data-plane-extensibility#typegoogleapiscomenvoyextensionsfiltershttpluav3lua">Envoy Lua Filter</a>
is now available as a preview feature in the regular release channel.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 29, 2026</title>
    <id>tag:google.com,2016:servicemesh-release-notes#June_29_2026</id>
    <updated>2026-06-29T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#June_29_2026"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">1.27.x</strong>
<h3>Security</h3>
<p><strong>1.29.5-asm.5 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains the fix for the security vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-045">GCP-2026-045</a>.</p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.29.5-asm.5 uses Envoy v1.37.5.</p>
<h3>Security</h3>
<p><strong>1.28.9-asm.4 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains the fix for the security vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-045">GCP-2026-045</a>.</p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.28.9-asm.4 uses Envoy v1.36.9.</p>
<h3>Security</h3>
<p><strong>1.27.9-asm.9 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains the fix for the security vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-045">GCP-2026-045</a>.</p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.27.9-asm.9 uses Envoy v1.35.13.</p>
<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Security</h3>
<p>Proxy version csm_mesh_proxy.csm_mesh_proxy.20260624e_RC01 for Gateway API on
GKE clusters is rolling out to all Managed Cloud Service Mesh release channels
over the next week.</p>
<p>This patch release contains the fixes for the security vulnerabilities listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-040">GCP-2026-040</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 23, 2026</title>
    <id>tag:google.com,2016:servicemesh-release-notes#June_23_2026</id>
    <updated>2026-06-23T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#June_23_2026"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">1.27.x</strong>
<h3>Security</h3>
<p><strong>1.29.5-asm.3 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains the fix for the security vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-040">GCP-2026-040</a>.</p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.29.5-asm.3 uses Envoy v1.37.5-dev.</p>
<h3>Fixed</h3>
<p>This patch release also contain the fixes for the following CVEs:</p>
<table>
<thead>
<tr>
<th style="text-align: left">CVE</th>
<th style="text-align: left">Proxy</th>
<th style="text-align: left">Control Plane</th>
<th style="text-align: left">Distroless</th>
<th style="text-align: left">CNI</th>
<th style="text-align: left">Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left">CVE-2026-34182</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Medium (9.1)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-45447</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">High (8.8)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-7383</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (8.1)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-34180</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-45445</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-9076</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-42766</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (5.9)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-42767</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (5.9)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-34743</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (5.3)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-45446</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (4.8)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-42770</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (3.7)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-40226</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Medium (0.0)</td>
</tr>
</tbody>
</table>
<h3>Security</h3>
<p><strong>1.28.9-asm.2 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains the fix for the security vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-040">GCP-2026-040</a>.</p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.28.9-asm.2 uses Envoy v1.36.9-dev.</p>
<h3>Fixed</h3>
<p>This patch release also contain the fixes for the following CVEs:</p>
<table>
<thead>
<tr>
<th style="text-align: left">CVE</th>
<th style="text-align: left">Proxy</th>
<th style="text-align: left">Control Plane</th>
<th style="text-align: left">Distroless</th>
<th style="text-align: left">CNI</th>
<th style="text-align: left">Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left">CVE-2026-34182</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Medium (9.1)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-45447</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">High (8.8)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-7383</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (8.1)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-34180</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-45445</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-9076</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-42766</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (5.9)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-42767</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (5.9)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-34743</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (5.3)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-45446</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (4.8)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-42770</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (3.7)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-40226</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Medium (0.0)</td>
</tr>
</tbody>
</table>
<h3>Security</h3>
<p><strong>1.27.9-asm.8 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains the fix for the security vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-040">GCP-2026-040</a>.</p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.27.9-asm.8 uses Envoy v1.35.13-dev.</p>
<h3>Fixed</h3>
<p>This patch release also contain the fixes for the following CVEs:</p>
<table>
<thead>
<tr>
<th style="text-align: left">CVE</th>
<th style="text-align: left">Proxy</th>
<th style="text-align: left">Control Plane</th>
<th style="text-align: left">Distroless</th>
<th style="text-align: left">CNI</th>
<th style="text-align: left">Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left">CVE-2026-34182</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Medium (9.1)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-45447</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">High (8.8)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-7383</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (8.1)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-34180</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-45445</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-9076</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-42766</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (5.9)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-42767</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (5.9)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-34743</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (5.3)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-45446</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (4.8)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-42770</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Low (3.7)</td>
</tr>
<tr>
<td style="text-align: left">CVE-2026-40226</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">No</td>
<td style="text-align: left">Yes</td>
<td style="text-align: left">Medium (0.0)</td>
</tr>
</tbody>
</table>
<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Security</h3>
<p>The following images are now rolling out for managed Cloud Service Mesh:</p>
<ul>
<li>Sidecar version 1.21.6-asm.38, is rolling out to the rapid release channel.</li>
<li>Sidecar version 1.20.8-asm.88 is rolling out to the regular release channel.</li>
<li>Sidecar version 1.19.10-asm.78 is rolling out to the stable release channel.</li>
</ul>
<p>These patch releases contain the fix for the vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-040">GCP-2026-040</a>.</p>
<p>These rollouts will preempt those previously announced on
<a href="#June_12_2026">June 12, 2026</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 22, 2026</title>
    <id>tag:google.com,2016:servicemesh-release-notes#June_22_2026</id>
    <updated>2026-06-22T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#June_22_2026"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Feature</h3>
<p>The <a href="https://docs.cloud.google.com/service-mesh/docs/data-plane-extensibility#typegoogleapiscomenvoyextensionsfiltershttpluav3lua">Envoy Lua Filter</a>
is now available as a preview feature in the rapid release channel.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 15, 2026</title>
    <id>tag:google.com,2016:servicemesh-release-notes#June_15_2026</id>
    <updated>2026-06-15T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#June_15_2026"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Feature</h3>
<p>The <a href="https://docs.cloud.google.com/service-mesh/docs/data-plane-extensibility#typegoogleapiscomenvoyextensionsfiltershttpcompressorv3compressor">Envoy Compressor Filter</a>
is now GA in the rapid release channel.</p>
<p>To ensure your <code>EnvoyFilter</code> compressor configuration is fully supported, see
<a href="https://docs.cloud.google.com/service-mesh/docs/migrate/modernize-envoyfilter-compressor">Modernize EnvoyFilter compressor configurations</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 12, 2026</title>
    <id>tag:google.com,2016:servicemesh-release-notes#June_12_2026</id>
    <updated>2026-06-12T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#June_12_2026"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Security</h3>
<p>The following images are now rolling out for managed Cloud Service Mesh:</p>
<ul>
<li>Sidecar version 1.21.6-asm.36, is rolling out to the rapid release channel.</li>
<li>Sidecar version 1.20.8-asm.86 is rolling out to the regular release channel.</li>
<li>Sidecar version 1.19.10-asm.76 is rolling out to the stable release channel.</li>
</ul>
<p>These rollouts will preempt those <a href="#June_03_2026">previously announced on June 3, 2026</a>.</p>
<p>These patch releases contain the fix for the vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-035">GCP-2026-035</a></p>
<h3>Security</h3>
<p>Proxy version csm_mesh_proxy.20260423_RC03 for Gateway API on GKE clusters is
rolling out to all Managed Cloud Service Mesh release channels over the next
week.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 09, 2026</title>
    <id>tag:google.com,2016:servicemesh-release-notes#June_09_2026</id>
    <updated>2026-06-09T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#June_09_2026"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">1.27.x</strong>
<h3>Announcement</h3>
<p><strong>1.29.4-asm.0 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>You can now download 1.29.4-asm.0 for in-cluster Cloud Service Mesh. It includes
the features of <a href="https://istio.io/latest/news/releases/1.29.x/announcing-1.29/">Istio 1.29.4</a> subject to the list of
<a href="https://docs.cloud.google.com/service-mesh/docs/supported-features-in-cluster">supported features</a>.</p>
<p>The following environment variables, labels, and annotations are not supported:</p>
<ul>
<li><code>PILOT_IGNORE_RESOURCES</code> and <code>PILOT_INCLUDE_RESOURCES</code></li>
<li><code>RetryIgnorePreviousHosts</code></li>
<li><code>omit_empty_values</code></li>
<li><code>PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY</code></li>
<li><code>MAX_CONNECTIONS_PER_SOCKET_EVENT_LOOP</code> with the value 1</li>
<li><code>PILOT_DNS_JITTER_DURATION</code></li>
<li><code>PILOT_DNS_JITTER_DURATION</code></li>
<li><code>ENABLE_NATIVE_SIDECARS</code> with the value true</li>
<li><code>PILOT_IP_AUTOALLOCATE_IPV4_PREFIX</code> and <code>PILOT_IP_AUTOALLOCATE_IPV6_PREFIX</code></li>
<li><code>PILOT_DNS_CARES_UDP_MAX_QUERIES</code></li>
<li><code>ENABLE_WILDCARD_HOST_SERVICE_ENTRIES_FOR_TLS</code></li>
<li>'BLOCKED_CIDRS_IN_JWKS_URIS`</li>
<li><code>ENABLE_DEBUG_ENDPOINT_AUTH</code></li>
<li><code>DISABLE_TRACK_REMAINING_CB_METRICS</code></li>
<li><code>gateway.istio.io/tls-cipher-suites</code></li>
<li><code>fileFlushMinSizeKB</code> and <code>fileFlushInterval</code> settings in ProxyConfig</li>
<li><code>topology.istio.io/locality</code></li>
<li><code>statsCompression</code> ProxyConfig option</li>
<li><code>proxy.istio.io/config</code> annotation for metric compression overrides</li>
</ul>
<p>Istio's experimental feature to enable lazy subset creation of envoy statistics
is not supported.</p>
<p>The formatter option within the <code>spec.tracing[].customTags</code> field of the
Telemetry custom resource (telemetry.istio.io) is unsupported.</p>
<p>The <code>istiod_remote_cluster_sync_status</code> Prometheus gauge metric, exposed on the
<strong>Istiod control plane metrics endpoint</strong> (port 15014 <code>/metrics</code>), is not
supported.</p>
<p>The following are unsupported for proxyless gRPC clients:</p>
<ul>
<li><p>Configuring the <code>LEAST_REQUEST</code> load balancing policy within the
<code>spec.trafficPolicy.loadBalancer.simple</code> field of a <strong>DestinationRule</strong> custom
resource (<code>networking.istio.io</code>)</p></li>
<li><p>Configuring the <code>http2MaxRequests</code> circuit breaker within the
<code>spec.trafficPolicy.connectionPool.http.http2MaxRequests</code> field of a
<strong>DestinationRule</strong> custom resource (<code>networking.istio.io</code>)</p></li>
</ul>
<p>The <code>ENABLE_AUTO_SNI</code> flag is still supported to keep aligned with the legacy
behavior.</p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh version 1.29.4-asm.0 uses Envoy v1.37.4-dev.</p>
<strong class="release-note-product-version-title">1.26.x</strong>
<h3>Announcement</h3>
<p>In-cluster Cloud Service Mesh 1.26 is no longer supported. For more information and to view the earliest end-of-life dates for other versions, see <a href="https://docs.cloud.google.com/service-mesh/docs/supported-features-in-cluster#supported_versions">Supported versions</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 08, 2026</title>
    <id>tag:google.com,2016:servicemesh-release-notes#June_08_2026</id>
    <updated>2026-06-08T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#June_08_2026"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">1.27.x</strong>
<h3>Security</h3>
<p><strong>1.28.7-asm.4 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains the fix for the security vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-035">GCP-2026-035</a>.</p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.28.7-asm.4 uses Envoy v1.36.8-dev.</p>
<h3>Security</h3>
<p><strong>1.27.9-asm.5 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains the fix for the security vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-035">GCP-2026-035</a>.</p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.27.9-asm.5 uses Envoy v1.35.12-dev.</p>
<strong class="release-note-product-version-title">1.26.x</strong>
<h3>Security</h3>
<p><strong>1.26.8-asm.11 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains the fix for the security vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-035">GCP-2026-035</a>.</p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.26/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.26.8-asm.11 uses Envoy v1.34.14.</p>
<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Announcement</h3>
<p>The rollouts <a href="#June_03_2026">previously announced on June 3, 2026</a> have been
stopped. The following release will supersede them and include those patches
and the fix for the vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-035">GCP-2026-035</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>June 03, 2026</title>
    <id>tag:google.com,2016:servicemesh-release-notes#June_03_2026</id>
    <updated>2026-06-03T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#June_03_2026"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">1.27.x</strong>
<h3>Announcement</h3>
<p><strong>1.28.7-asm.3 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.28.7-asm.3 uses Envoy v1.36.7-dev.</p>
<h3>Fixed</h3>
<p>Patch 1.28.7-asm.3 contains fixes for the following platform CVEs:</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>Distroless</th>
<th>CNI</th>
<th>Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-27143">CVE-2026-27143</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Critical (9.8)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-31789">CVE-2026-31789</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (9.8)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-27140">CVE-2026-27140</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (8.8)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-28387">CVE-2026-28387</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (8.1)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-41413">CVE-2026-41413</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (7.7)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-2219">CVE-2026-2219</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-27135">CVE-2026-27135</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-28388">CVE-2026-28388</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-28389">CVE-2026-28389</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-28390">CVE-2026-28390</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-29181">CVE-2026-29181</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-31790">CVE-2026-31790</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32280">CVE-2026-32280</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32281">CVE-2026-32281</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32283">CVE-2026-32283</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-33811">CVE-2026-33811</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-33814">CVE-2026-33814</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-34986">CVE-2026-34986</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39820">CVE-2026-39820</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39836">CVE-2026-39836</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-4046">CVE-2026-4046</a></td>
<td>No</td>
<td>No</td>
<td>Yes</td>
<td>No</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-42499">CVE-2026-42499</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-42501">CVE-2026-42501</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-4437">CVE-2026-4437</a></td>
<td>No</td>
<td>No</td>
<td>Yes</td>
<td>No</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-5773">CVE-2026-5773</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-6276">CVE-2026-6276</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-27144">CVE-2026-27144</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.1)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39883">CVE-2026-39883</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.0)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-4878">CVE-2026-4878</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.0)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-5545">CVE-2026-5545</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32282">CVE-2026-32282</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.4)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32289">CVE-2026-32289</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.1)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39823">CVE-2026-39823</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.1)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39826">CVE-2026-39826</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.1)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39817">CVE-2026-39817</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.9)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-4873">CVE-2026-4873</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (5.9)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-6253">CVE-2026-6253</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.9)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32288">CVE-2026-32288</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39350">CVE-2026-39350</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.4)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-4438">CVE-2026-4438</a></td>
<td>No</td>
<td>No</td>
<td>Yes</td>
<td>No</td>
<td>Medium (5.4)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39819">CVE-2026-39819</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39825">CVE-2026-39825</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-6429">CVE-2026-6429</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-7168">CVE-2026-7168</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-35469">CVE-2026-35469</a></td>
<td>No</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>High (0.0)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-5958">CVE-2026-5958</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (0.0)</td>
</tr>
</tbody>
</table>
<h3>Announcement</h3>
<p><strong>1.27.9-asm.4 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.27.9-asm.4 uses Envoy v1.35.10-dev.</p>
<h3>Fixed</h3>
<p>Patch 1.27.9-asm.4 contains fixes for the following platform CVEs:</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>Distroless</th>
<th>CNI</th>
<th>Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2022-31045">CVE-2022-31045</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (9.8)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-27143">CVE-2026-27143</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Critical (9.8)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-31789">CVE-2026-31789</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (9.8)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-27140">CVE-2026-27140</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (8.8)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-28387">CVE-2026-28387</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (8.1)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-41413">CVE-2026-41413</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (7.7)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2019-14993">CVE-2019-14993</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2021-39155">CVE-2021-39155</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2021-39156">CVE-2021-39156</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2022-23635">CVE-2022-23635</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-2219">CVE-2026-2219</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-27135">CVE-2026-27135</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-28388">CVE-2026-28388</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-28389">CVE-2026-28389</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-28390">CVE-2026-28390</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-29181">CVE-2026-29181</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-31790">CVE-2026-31790</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32280">CVE-2026-32280</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32281">CVE-2026-32281</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32283">CVE-2026-32283</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-33811">CVE-2026-33811</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-33814">CVE-2026-33814</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-34986">CVE-2026-34986</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39820">CVE-2026-39820</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39836">CVE-2026-39836</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-4046">CVE-2026-4046</a></td>
<td>No</td>
<td>No</td>
<td>Yes</td>
<td>No</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-42499">CVE-2026-42499</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-42501">CVE-2026-42501</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-4437">CVE-2026-4437</a></td>
<td>No</td>
<td>No</td>
<td>Yes</td>
<td>No</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-5773">CVE-2026-5773</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-6276">CVE-2026-6276</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-27144">CVE-2026-27144</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.1)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39883">CVE-2026-39883</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.0)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-4878">CVE-2026-4878</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.0)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-5545">CVE-2026-5545</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32282">CVE-2026-32282</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.4)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32289">CVE-2026-32289</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.1)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39823">CVE-2026-39823</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.1)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39826">CVE-2026-39826</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.1)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39817">CVE-2026-39817</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.9)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-4873">CVE-2026-4873</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (5.9)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-6253">CVE-2026-6253</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.9)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32288">CVE-2026-32288</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39350">CVE-2026-39350</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.4)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-4438">CVE-2026-4438</a></td>
<td>No</td>
<td>No</td>
<td>Yes</td>
<td>No</td>
<td>Medium (5.4)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39819">CVE-2026-39819</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39825">CVE-2026-39825</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-6429">CVE-2026-6429</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-7168">CVE-2026-7168</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-35469">CVE-2026-35469</a></td>
<td>No</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>High (0.0)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-5958">CVE-2026-5958</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (0.0)</td>
</tr>
</tbody>
</table>
<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Announcement</h3>
<p>The following images are now rolling out for managed Cloud Service Mesh:</p>
<ul>
<li>1.21.6-asm.32 is rolling out to the rapid release channel.</li>
<li>The regular release channel is being upgraded from 1.20 to 1.21.6-asm.32.</li>
<li>The stable release channel is being upgraded from 1.19 to 1.20.8-asm.80.</li>
</ul>
<h3>Fixed</h3>
<p>These patch releases contain the fixes for the following CVEs:</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>Distroless</th>
<th>CNI</th>
<th>Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-27143">CVE-2026-27143</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Critical (9.8)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-31789">CVE-2026-31789</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (9.8)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-27140">CVE-2026-27140</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (8.8)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-28387">CVE-2026-28387</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (8.1)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-41413">CVE-2026-41413</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (7.7)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-2219">CVE-2026-2219</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-27135">CVE-2026-27135</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-28388">CVE-2026-28388</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-28389">CVE-2026-28389</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-28390">CVE-2026-28390</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-29181">CVE-2026-29181</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-31790">CVE-2026-31790</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32280">CVE-2026-32280</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32281">CVE-2026-32281</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32283">CVE-2026-32283</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-33811">CVE-2026-33811</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-33814">CVE-2026-33814</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-34986">CVE-2026-34986</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39820">CVE-2026-39820</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39836">CVE-2026-39836</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-4046">CVE-2026-4046</a></td>
<td>No</td>
<td>No</td>
<td>Yes</td>
<td>No</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-42499">CVE-2026-42499</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-42501">CVE-2026-42501</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-4437">CVE-2026-4437</a></td>
<td>No</td>
<td>No</td>
<td>Yes</td>
<td>No</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-5773">CVE-2026-5773</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-6276">CVE-2026-6276</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-27144">CVE-2026-27144</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.1)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39883">CVE-2026-39883</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.0)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-4878">CVE-2026-4878</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.0)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-5545">CVE-2026-5545</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32282">CVE-2026-32282</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.4)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32289">CVE-2026-32289</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.1)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39823">CVE-2026-39823</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.1)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39826">CVE-2026-39826</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.1)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39817">CVE-2026-39817</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.9)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-4873">CVE-2026-4873</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (5.9)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-6253">CVE-2026-6253</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.9)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32288">CVE-2026-32288</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39350">CVE-2026-39350</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.4)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-4438">CVE-2026-4438</a></td>
<td>No</td>
<td>No</td>
<td>Yes</td>
<td>No</td>
<td>Medium (5.4)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39819">CVE-2026-39819</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39825">CVE-2026-39825</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-6429">CVE-2026-6429</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-7168">CVE-2026-7168</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-35469">CVE-2026-35469</a></td>
<td>No</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>High (0.0)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-5958">CVE-2026-5958</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (0.0)</td>
</tr>
</tbody>
</table>
<strong class="release-note-product-version-title">1.26.x</strong>
<h3>Announcement</h3>
<p><strong>1.26.8-asm.10 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.26.8-asm.10 uses Envoy v1.34.14.</p>
<h3>Fixed</h3>
<p>Patch 1.26.8-asm.10 contains fixes for the following platform CVEs:</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>Distroless</th>
<th>CNI</th>
<th>Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2022-31045">CVE-2022-31045</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (9.8)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-27143">CVE-2026-27143</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Critical (9.8)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-31789">CVE-2026-31789</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (9.8)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-27140">CVE-2026-27140</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (8.8)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-28387">CVE-2026-28387</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (8.1)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-41413">CVE-2026-41413</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (7.7)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2019-14993">CVE-2019-14993</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2021-39155">CVE-2021-39155</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2021-39156">CVE-2021-39156</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2022-23635">CVE-2022-23635</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-2219">CVE-2026-2219</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-27135">CVE-2026-27135</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-28388">CVE-2026-28388</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-28389">CVE-2026-28389</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-28390">CVE-2026-28390</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-29181">CVE-2026-29181</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-31790">CVE-2026-31790</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32280">CVE-2026-32280</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32281">CVE-2026-32281</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32283">CVE-2026-32283</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-33811">CVE-2026-33811</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-33814">CVE-2026-33814</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-34986">CVE-2026-34986</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39820">CVE-2026-39820</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39836">CVE-2026-39836</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-4046">CVE-2026-4046</a></td>
<td>No</td>
<td>No</td>
<td>Yes</td>
<td>No</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-42499">CVE-2026-42499</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-42501">CVE-2026-42501</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-4437">CVE-2026-4437</a></td>
<td>No</td>
<td>No</td>
<td>Yes</td>
<td>No</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-5773">CVE-2026-5773</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-6276">CVE-2026-6276</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-27144">CVE-2026-27144</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.1)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39883">CVE-2026-39883</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.0)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-4878">CVE-2026-4878</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.0)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-5545">CVE-2026-5545</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32282">CVE-2026-32282</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.4)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32289">CVE-2026-32289</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.1)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39823">CVE-2026-39823</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.1)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39826">CVE-2026-39826</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.1)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39817">CVE-2026-39817</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.9)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-4873">CVE-2026-4873</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (5.9)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-6253">CVE-2026-6253</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.9)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-32288">CVE-2026-32288</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39350">CVE-2026-39350</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.4)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-4438">CVE-2026-4438</a></td>
<td>No</td>
<td>No</td>
<td>Yes</td>
<td>No</td>
<td>Medium (5.4)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39819">CVE-2026-39819</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-39825">CVE-2026-39825</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-6429">CVE-2026-6429</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-7168">CVE-2026-7168</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-35469">CVE-2026-35469</a></td>
<td>No</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>High (0.0)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-5958">CVE-2026-5958</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (0.0)</td>
</tr>
</tbody>
</table>
]]>
    </content>
  </entry>

  <entry>
    <title>May 20, 2026</title>
    <id>tag:google.com,2016:servicemesh-release-notes#May_20_2026</id>
    <updated>2026-05-20T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#May_20_2026"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Announcement</h3>
<p>Managed Cloud Service Mesh using the <code>TRAFFIC_DIRECTOR</code> implementation in the
stable channel now supports a limited implementation of the <code>EnvoyFilter</code> API.
To learn about the supported fields, extensions, and how to use <code>EnvoyFilter</code>
for features like local rate limiting see
<a href="https://docs.cloud.google.com/service-mesh/docs/data-plane-extensibility">Data plane extensibility with <code>EnvoyFilter</code></a>.</p>
<p>To troubleshoot any issue while configuring, see
<a href="https://docs.cloud.google.com/service-mesh/docs/troubleshooting/troubleshoot-data-plane-extensibility">Resolving data plane extensibility issues</a>.</p>
<h3>Announcement</h3>
<p>Cloud Service Mesh can now report a status code to indicate whether an Istio API
is accepted or rejected. You can view the status code on the resource and mesh
state. For more information see
<a href="https://docs.cloud.google.com/service-mesh/docs/troubleshooting/troubleshoot-configuration#membershipstate_error_codes">MembershipState Error Codes</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>May 13, 2026</title>
    <id>tag:google.com,2016:servicemesh-release-notes#May_13_2026</id>
    <updated>2026-05-13T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#May_13_2026"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Security</h3>
<p>Proxy version csm_mesh_proxy.20260423_RC03 is rolling out to all Managed Cloud
Service Mesh release channels over the next week.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>April 27, 2026</title>
    <id>tag:google.com,2016:servicemesh-release-notes#April_27_2026</id>
    <updated>2026-04-27T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#April_27_2026"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Announcement</h3>
<p>Managed Cloud Service Mesh using the <code>TRAFFIC_DIRECTOR</code> implementation in the
regular channel now supports a limited implementation of the <code>EnvoyFilter</code> API.
To learn about the supported fields, extensions, and how to use <code>EnvoyFilter</code>
for features like local rate limiting see
<a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/data-plane-extensibility">Data plane extensibility with <code>EnvoyFilter</code></a>.</p>
<p>To troubleshoot any issue while configuring, see
<a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/troubleshooting/troubleshoot-data-plane-extensibility">Resolving data plane extensibility issues</a>.</p>
<h3>Announcement</h3>
<p>Managed Cloud Service Mesh using the <code>TRAFFIC_DIRECTOR</code> implementation in the
regular channel now supports a limited implementation of the <code>EnvoyFilter</code> API.
To learn about the supported fields, extensions, and how to use <code>EnvoyFilter</code>
for features like local rate limiting see
<a href="https://docs.cloud.google.com/service-mesh/docs/data-plane-extensibility">Data plane extensibility with <code>EnvoyFilter</code></a>.</p>
<p>To troubleshoot any issue while configuring, see
<a href="https://docs.cloud.google.com/service-mesh/docs/troubleshooting/troubleshoot-data-plane-extensibility">Resolving data plane extensibility issues</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>April 13, 2026</title>
    <id>tag:google.com,2016:servicemesh-release-notes#April_13_2026</id>
    <updated>2026-04-13T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#April_13_2026"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">1.27.x</strong>
<h3>Announcement</h3>
<p><strong>1.28.5-asm.12 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the following platform CVEs:</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>Distroless</th>
<th>CNI</th>
<th>Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-33186">CVE-2026-33186</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Critical (9.1)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3731">CVE-2026-3731</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3784">CVE-2026-3784</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-1965">CVE-2026-1965</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-29111">CVE-2026-29111</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3783">CVE-2026-3783</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-0167">CVE-2025-0167</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (3.4)</td>
</tr>
</tbody>
</table>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.28.5-asm.12 uses Envoy 1.36.5-dev.</p>
<h3>Announcement</h3>
<p><strong>1.28.5-asm.12 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the following platform CVEs:</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>Distroless</th>
<th>CNI</th>
<th>Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-33186">CVE-2026-33186</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Critical (9.1)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3731">CVE-2026-3731</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3784">CVE-2026-3784</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-1965">CVE-2026-1965</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-29111">CVE-2026-29111</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3783">CVE-2026-3783</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-0167">CVE-2025-0167</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (3.4)</td>
</tr>
</tbody>
</table>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.28.5-asm.12 uses Envoy 1.36.5-dev.</p>
<h3>Announcement</h3>
<p><strong>1.27.8-asm.9 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the following platform CVEs:</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>Distroless</th>
<th>CNI</th>
<th>Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-33186">CVE-2026-33186</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Critical (9.1)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3731">CVE-2026-3731</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3784">CVE-2026-3784</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-1965">CVE-2026-1965</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-29111">CVE-2026-29111</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3783">CVE-2026-3783</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-0167">CVE-2025-0167</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (3.4)</td>
</tr>
</tbody>
</table>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.27.8-asm.9 uses Envoy 1.35.10-dev.</p>
<h3>Announcement</h3>
<p><strong>1.27.8-asm.9 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the following platform CVEs:</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>Distroless</th>
<th>CNI</th>
<th>Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-33186">CVE-2026-33186</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Critical (9.1)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3731">CVE-2026-3731</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3784">CVE-2026-3784</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-1965">CVE-2026-1965</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-29111">CVE-2026-29111</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3783">CVE-2026-3783</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-0167">CVE-2025-0167</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (3.4)</td>
</tr>
</tbody>
</table>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.27.8-asm.9 uses Envoy 1.35.10-dev.</p>
<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Announcement</h3>
<p>The following images are now rolling out for managed Cloud Service Mesh:</p>
<ul>
<li>1.21.6-asm.19 is rolling out to the rapid release channel.</li>
<li>1.20.8-asm.73 is rolling out to the regular release channel.</li>
<li>1.19.10-asm.66 is rolling out to the stable release channel.</li>
</ul>
<p>These patch releases contain the fixes for the following CVEs:</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>Distroless</th>
<th>CNI</th>
<th>MDPC</th>
<th>Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2022-27943">CVE-2022-27943</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>Medium (5.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-4039">CVE-2023-4039</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>Medium (4.8)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-4527">CVE-2023-4527</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-4806">CVE-2023-4806</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>Medium (5.9)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-4911">CVE-2023-4911</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>High (7.8)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-5156">CVE-2023-5156</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-6246">CVE-2023-6246</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>High (7.8)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2024-2961">CVE-2024-2961</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>High (7.3)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2024-33599">CVE-2024-33599</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>High (8.1)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2024-33600">CVE-2024-33600</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>Medium (5.9)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2024-33601">CVE-2024-33601</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>High (7.3)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2024-33602">CVE-2024-33602</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>High (7.4)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-0167">CVE-2025-0167</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>No</td>
<td>Low (3.4)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-0395">CVE-2025-0395</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Medium (6.2)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-15281">CVE-2025-15281</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-4802">CVE-2025-4802</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>High (7.8)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-68972">CVE-2025-68972</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>No</td>
<td>Medium (4.7)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-8058">CVE-2025-8058</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>Low (0.0)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-8941">CVE-2025-8941</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>No</td>
<td>Low (0.0)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-0861">CVE-2026-0861</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>High (8.4)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-0915">CVE-2026-0915</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-1965">CVE-2026-1965</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-29111">CVE-2026-29111</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-33186">CVE-2026-33186</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>Critical (9.1)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3731">CVE-2026-3731</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3783">CVE-2026-3783</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3784">CVE-2026-3784</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>No</td>
<td>Medium (6.5)</td>
</tr>
</tbody>
</table>
<h3>Announcement</h3>
<p>The following images are now rolling out for managed Cloud Service Mesh:</p>
<ul>
<li>1.21.6-asm.19 is rolling out to the rapid release channel.</li>
<li>1.20.8-asm.73 is rolling out to the regular release channel.</li>
<li>1.19.10-asm.66 is rolling out to the stable release channel.</li>
</ul>
<p>These patch releases contain the fixes for the following CVEs:</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>Distroless</th>
<th>CNI</th>
<th>MDPC</th>
<th>Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2022-27943">CVE-2022-27943</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>Medium (5.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-4039">CVE-2023-4039</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>Medium (4.8)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-4527">CVE-2023-4527</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-4806">CVE-2023-4806</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>Medium (5.9)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-4911">CVE-2023-4911</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>High (7.8)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-5156">CVE-2023-5156</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-6246">CVE-2023-6246</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>High (7.8)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2024-2961">CVE-2024-2961</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>High (7.3)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2024-33599">CVE-2024-33599</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>High (8.1)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2024-33600">CVE-2024-33600</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>Medium (5.9)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2024-33601">CVE-2024-33601</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>High (7.3)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2024-33602">CVE-2024-33602</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>High (7.4)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-0167">CVE-2025-0167</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>No</td>
<td>Low (3.4)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-0395">CVE-2025-0395</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Medium (6.2)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-15281">CVE-2025-15281</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-4802">CVE-2025-4802</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>High (7.8)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-68972">CVE-2025-68972</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>No</td>
<td>Medium (4.7)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-8058">CVE-2025-8058</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>Low (0.0)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-8941">CVE-2025-8941</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>No</td>
<td>Low (0.0)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-0861">CVE-2026-0861</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>High (8.4)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-0915">CVE-2026-0915</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-1965">CVE-2026-1965</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-29111">CVE-2026-29111</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-33186">CVE-2026-33186</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>Critical (9.1)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3731">CVE-2026-3731</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3783">CVE-2026-3783</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3784">CVE-2026-3784</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>No</td>
<td>Medium (6.5)</td>
</tr>
</tbody>
</table>
<strong class="release-note-product-version-title">1.26.x</strong>
<h3>Announcement</h3>
<p><strong>1.26.8-asm.5 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the following platform CVEs:</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>Distroless</th>
<th>CNI</th>
<th>Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-33186">CVE-2026-33186</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Critical (9.1)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3731">CVE-2026-3731</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3784">CVE-2026-3784</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-1965">CVE-2026-1965</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-29111">CVE-2026-29111</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3783">CVE-2026-3783</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-68972">CVE-2025-68972</a></td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>Yes</td>
<td>Medium (4.7)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-0167">CVE-2025-0167</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (3.4)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-8941">CVE-2025-8941</a></td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>Yes</td>
<td>Low (0.0)</td>
</tr>
</tbody>
</table>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.26/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.26.8-asm.5 uses Envoy 1.34.14-dev.</p>
<h3>Announcement</h3>
<p><strong>1.26.8-asm.5 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the following platform CVEs:</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>Distroless</th>
<th>CNI</th>
<th>Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-33186">CVE-2026-33186</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Critical (9.1)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3731">CVE-2026-3731</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3784">CVE-2026-3784</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-1965">CVE-2026-1965</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-29111">CVE-2026-29111</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.5)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2026-3783">CVE-2026-3783</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-68972">CVE-2025-68972</a></td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>Yes</td>
<td>Medium (4.7)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-0167">CVE-2025-0167</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (3.4)</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-8941">CVE-2025-8941</a></td>
<td>Yes</td>
<td>No</td>
<td>No</td>
<td>Yes</td>
<td>Low (0.0)</td>
</tr>
</tbody>
</table>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.26/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.26.8-asm.5 uses Envoy 1.34.14-dev.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>April 02, 2026</title>
    <id>tag:google.com,2016:servicemesh-release-notes#April_02_2026</id>
    <updated>2026-04-02T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#April_02_2026"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Announcement</h3>
<p>Managed Cloud Service Mesh using the <code>TRAFFIC_DIRECTOR</code> implementation now
supports a limited implementation of the <code>EnvoyFilter</code> API. To learn about the
supported fields, extensions, and how to use <code>EnvoyFilter</code> for features like
local rate limiting see
<a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/data-plane-extensibility">Data plane extensibility with <code>EnvoyFilter</code></a>.</p>
<p>To troubleshoot any issue while configuring, see
<a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/troubleshooting/troubleshoot-data-plane-extensibility">Resolving data plane extensibility issues</a>.</p>
<h3>Announcement</h3>
<p>Managed Cloud Service Mesh using the <code>TRAFFIC_DIRECTOR</code> implementation now
supports a limited implementation of the <code>EnvoyFilter</code> API. To learn about the
supported fields, extensions, and how to use <code>EnvoyFilter</code> for features like
local rate limiting see
<a href="https://docs.cloud.google.com/service-mesh/docs/data-plane-extensibility">Data plane extensibility with <code>EnvoyFilter</code></a>.</p>
<p>To troubleshoot any issue while configuring, see
<a href="https://docs.cloud.google.com/service-mesh/docs/troubleshooting/troubleshoot-data-plane-extensibility">Resolving data plane extensibility issues</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>March 11, 2026</title>
    <id>tag:google.com,2016:servicemesh-release-notes#March_11_2026</id>
    <updated>2026-03-11T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#March_11_2026"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">1.27.x</strong>
<h3>Security</h3>
<p><strong>1.28.5-asm.9 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in
<a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/security-bulletins#gcp-2026-013">GCP-2026-013</a>
as well as fixes for the following platform CVEs:</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>Distroless</th>
<th>CNI</th>
<th>Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-13151">CVE-2025-13151</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-14831">CVE-2025-14831</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-15281">CVE-2025-15281</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-15467">CVE-2025-15467</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (9.8)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-15558">CVE-2025-15558</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
<td>High (8.0)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-61726">CVE-2025-61726</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-61728">CVE-2025-61728</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-61730">CVE-2025-61730</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-61731">CVE-2025-61731</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.8)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-61732">CVE-2025-61732</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (8.6)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-68121">CVE-2025-68121</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Critical (10)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-68160">CVE-2025-68160</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (4.7)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-69418">CVE-2025-69418</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (4.0)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-69419">CVE-2025-69419</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.4)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-69420">CVE-2025-69420</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-69421">CVE-2025-69421</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-8277">CVE-2025-8277</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (0)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-9820">CVE-2025-9820</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (4)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-0861">CVE-2026-0861</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (8.4)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-0915">CVE-2026-0915</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-0964">CVE-2026-0964</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-0965">CVE-2026-0965</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-0966">CVE-2026-0966</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-0967">CVE-2026-0967</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-0968">CVE-2026-0968</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-22795">CVE-2026-22795</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (5.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-22796">CVE-2026-22796</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-24051">CVE-2026-24051</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.0)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-25679">CVE-2026-25679</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
</tbody>
</table>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.28.5-asm.9 uses Envoy 1.36.5.</p>
<h3>Security</h3>
<p><strong>1.28.5-asm.9 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-013">GCP-2026-013</a>
as well as fixes for the following platform CVEs:</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>Distroless</th>
<th>CNI</th>
<th>Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-13151">CVE-2025-13151</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-14831">CVE-2025-14831</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-15281">CVE-2025-15281</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-15467">CVE-2025-15467</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (9.8)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-15558">CVE-2025-15558</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
<td>High (8.0)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-61726">CVE-2025-61726</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-61728">CVE-2025-61728</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-61730">CVE-2025-61730</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-61731">CVE-2025-61731</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.8)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-61732">CVE-2025-61732</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (8.6)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-68121">CVE-2025-68121</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Critical (10)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-68160">CVE-2025-68160</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (4.7)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-69418">CVE-2025-69418</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (4.0)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-69419">CVE-2025-69419</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (7.4)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-69420">CVE-2025-69420</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-69421">CVE-2025-69421</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Low (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-8277">CVE-2025-8277</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (0)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-9820">CVE-2025-9820</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (4)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-0861">CVE-2026-0861</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (8.4)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-0915">CVE-2026-0915</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium (7.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-0964">CVE-2026-0964</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-0965">CVE-2026-0965</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-0966">CVE-2026-0966</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-0967">CVE-2026-0967</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-0968">CVE-2026-0968</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Medium</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-22795">CVE-2026-22795</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (5.5)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-22796">CVE-2026-22796</a></td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
<td>Yes</td>
<td>Low (5.3)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-24051">CVE-2026-24051</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.0)</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2026-25679">CVE-2026-25679</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
</tbody>
</table>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.28.5-asm.9 uses Envoy 1.36.5.</p>
<h3>Security</h3>
<p><strong>1.27.8-asm.7 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in
<a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/security-bulletins#gcp-2026-013">GCP-2026-013</a>
as well as fixes for the following platform CVEs:</p>
<table>
<thead>
<tr>
<th style="text-align: left">CVE</th>
<th style="text-align: center">Proxy</th>
<th style="text-align: center">Control Plane</th>
<th style="text-align: center">Distroless</th>
<th style="text-align: center">CNI</th>
<th style="text-align: left">Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-13151">CVE-2025-13151</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-14831">CVE-2025-14831</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (5.3)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-15281">CVE-2025-15281</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-15467">CVE-2025-15467</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (9.8)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-15558">CVE-2025-15558</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">-</td>
<td style="text-align: left">High (8.0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61726">CVE-2025-61726</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61728">CVE-2025-61728</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (6.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61730">CVE-2025-61730</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (5.3)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61731">CVE-2025-61731</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (7.8)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61732">CVE-2025-61732</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (8.6)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-68121">CVE-2025-68121</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Critical (10)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-68160">CVE-2025-68160</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (4.7)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69418">CVE-2025-69418</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (4.0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69419">CVE-2025-69419</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (7.4)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69420">CVE-2025-69420</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69421">CVE-2025-69421</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-8277">CVE-2025-8277</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-9820">CVE-2025-9820</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (4)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0861">CVE-2026-0861</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (8.4)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0915">CVE-2026-0915</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0964">CVE-2026-0964</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0965">CVE-2026-0965</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0966">CVE-2026-0966</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0967">CVE-2026-0967</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0968">CVE-2026-0968</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-22795">CVE-2026-22795</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (5.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-22796">CVE-2026-22796</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (5.3)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-24051">CVE-2026-24051</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (7.0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-25679">CVE-2026-25679</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (7.5)</td>
</tr>
</tbody>
</table>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.27.8-asm.7 uses Envoy 1.35.9.</p>
<h3>Security</h3>
<p><strong>1.27.8-asm.7 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-013">GCP-2026-013</a>
as well as fixes for the following platform CVEs:</p>
<table>
<thead>
<tr>
<th style="text-align: left">CVE</th>
<th style="text-align: center">Proxy</th>
<th style="text-align: center">Control Plane</th>
<th style="text-align: center">Distroless</th>
<th style="text-align: center">CNI</th>
<th style="text-align: left">Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-13151">CVE-2025-13151</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-14831">CVE-2025-14831</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (5.3)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-15281">CVE-2025-15281</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-15467">CVE-2025-15467</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (9.8)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-15558">CVE-2025-15558</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">-</td>
<td style="text-align: left">High (8.0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61726">CVE-2025-61726</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61728">CVE-2025-61728</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (6.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61730">CVE-2025-61730</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (5.3)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61731">CVE-2025-61731</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (7.8)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61732">CVE-2025-61732</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (8.6)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-68121">CVE-2025-68121</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Critical (10)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-68160">CVE-2025-68160</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (4.7)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69418">CVE-2025-69418</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (4.0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69419">CVE-2025-69419</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (7.4)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69420">CVE-2025-69420</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69421">CVE-2025-69421</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-8277">CVE-2025-8277</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-9820">CVE-2025-9820</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (4)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0861">CVE-2026-0861</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (8.4)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0915">CVE-2026-0915</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0964">CVE-2026-0964</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0965">CVE-2026-0965</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0966">CVE-2026-0966</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0967">CVE-2026-0967</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0968">CVE-2026-0968</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-22795">CVE-2026-22795</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (5.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-22796">CVE-2026-22796</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (5.3)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-24051">CVE-2026-24051</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (7.0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-25679">CVE-2026-25679</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (7.5)</td>
</tr>
</tbody>
</table>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.27.8-asm.7 uses Envoy 1.35.9.</p>
<strong class="release-note-product-version-title">1.26.x</strong>
<h3>Security</h3>
<p><strong>1.26.8-asm.3 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in
<a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/security-bulletins#gcp-2026-013">GCP-2026-013</a>
as well as fixes for the following platform CVEs:</p>
<table>
<thead>
<tr>
<th style="text-align: left">CVE</th>
<th style="text-align: center">Proxy</th>
<th style="text-align: center">Control Plane</th>
<th style="text-align: center">Distroless</th>
<th style="text-align: center">CNI</th>
<th style="text-align: left">Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-13151">CVE-2025-13151</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-14831">CVE-2025-14831</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (5.3)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-15281">CVE-2025-15281</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-15467">CVE-2025-15467</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (9.8)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-15558">CVE-2025-15558</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">-</td>
<td style="text-align: left">High (8.0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61726">CVE-2025-61726</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61728">CVE-2025-61728</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (6.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61730">CVE-2025-61730</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (5.3)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61731">CVE-2025-61731</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (7.8)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61732">CVE-2025-61732</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (8.6)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-68121">CVE-2025-68121</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Critical (10)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-68160">CVE-2025-68160</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (4.7)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-68973">CVE-2025-68973</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (7.8)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69418">CVE-2025-69418</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (4.0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69419">CVE-2025-69419</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (7.4)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69420">CVE-2025-69420</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69421">CVE-2025-69421</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-8277">CVE-2025-8277</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-9820">CVE-2025-9820</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (4)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0861">CVE-2026-0861</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (8.4)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0915">CVE-2026-0915</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0964">CVE-2026-0964</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0965">CVE-2026-0965</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0966">CVE-2026-0966</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0967">CVE-2026-0967</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0968">CVE-2026-0968</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-22795">CVE-2026-22795</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (5.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-22796">CVE-2026-22796</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (5.3)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-24051">CVE-2026-24051</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (7.0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-25679">CVE-2026-25679</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (7.5)</td>
</tr>
</tbody>
</table>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.26/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.26.8-asm.3 uses Envoy 1.34.13.</p>
<h3>Security</h3>
<p><strong>1.26.8-asm.3 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-013">GCP-2026-013</a>
as well as fixes for the following platform CVEs:</p>
<table>
<thead>
<tr>
<th style="text-align: left">CVE</th>
<th style="text-align: center">Proxy</th>
<th style="text-align: center">Control Plane</th>
<th style="text-align: center">Distroless</th>
<th style="text-align: center">CNI</th>
<th style="text-align: left">Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-13151">CVE-2025-13151</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-14831">CVE-2025-14831</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (5.3)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-15281">CVE-2025-15281</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-15467">CVE-2025-15467</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (9.8)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-15558">CVE-2025-15558</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">-</td>
<td style="text-align: left">High (8.0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61726">CVE-2025-61726</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61728">CVE-2025-61728</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (6.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61730">CVE-2025-61730</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (5.3)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61731">CVE-2025-61731</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (7.8)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61732">CVE-2025-61732</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (8.6)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-68121">CVE-2025-68121</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Critical (10)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-68160">CVE-2025-68160</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (4.7)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-68973">CVE-2025-68973</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (7.8)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69418">CVE-2025-69418</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (4.0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69419">CVE-2025-69419</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (7.4)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69420">CVE-2025-69420</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69421">CVE-2025-69421</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-8277">CVE-2025-8277</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-9820">CVE-2025-9820</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (4)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0861">CVE-2026-0861</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (8.4)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0915">CVE-2026-0915</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0964">CVE-2026-0964</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0965">CVE-2026-0965</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0966">CVE-2026-0966</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0967">CVE-2026-0967</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0968">CVE-2026-0968</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-22795">CVE-2026-22795</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (5.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-22796">CVE-2026-22796</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (5.3)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-24051">CVE-2026-24051</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (7.0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-25679">CVE-2026-25679</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (7.5)</td>
</tr>
</tbody>
</table>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.26/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service
Mesh 1.26.8-asm.3 uses Envoy 1.34.13.</p>
<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Security</h3>
<p>The following images are now rolling out for managed Cloud Service Mesh:</p>
<ul>
<li>Sidecar version 1.21.6-asm.16 is rolling out to the rapid release channel.</li>
<li>Sidecar version 1.20.8-asm.68 is rolling out to the regular release channel.</li>
<li>Sidecar version 1.19.10-asm.61 is rolling out to the stable release channel.</li>
<li>CNI and managed data plane controller version 1.23.6-asm.31 is rolling out to
all release channels.</li>
</ul>
<p>These rollouts will preempt those <a href="#February_09_2026">previously announced on February 9, 2026</a>.</p>
<p>Managed Cloud Service Mesh will start using proxy version csm_mesh_proxy.20260304_RC00 for Gateway API on GKE clusters for all channels. This proxy version maps closest to Envoy version 1.37.</p>
<p>These patch releases contain the fixes for the vulnerabilities listed in
<a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/security-bulletins#gcp-2026-013">GCP-2026-013</a>
as well as fixes for the following platform CVEs:</p>
<table>
<thead>
<tr>
<th style="text-align: left">CVE</th>
<th style="text-align: center">Proxy</th>
<th style="text-align: center">Control Plane</th>
<th style="text-align: center">Distroless</th>
<th style="text-align: center">CNI</th>
<th style="text-align: center">MDPC</th>
<th style="text-align: left">Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61726">CVE-2025-61726</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">High (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61728">CVE-2025-61728</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Medium (6.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61730">CVE-2025-61730</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Medium (5.3)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61731">CVE-2025-61731</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">High (7.8)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61732">CVE-2025-61732</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">High (8.6)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-68121">CVE-2025-68121</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Critical (10)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-68160">CVE-2025-68160</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Low (4.7)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69418">CVE-2025-69418</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Low (4.0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69419">CVE-2025-69419</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Low (7.4)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69420">CVE-2025-69420</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69421">CVE-2025-69421</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-8277">CVE-2025-8277</a></td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-9820">CVE-2025-9820</a></td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (4.0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-14831">CVE-2025-14831</a></td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (5.3)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-15281">CVE-2025-15281</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-15467">CVE-2025-15467</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Medium (9.8)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0861">CVE-2026-0861</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Medium (8.4)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0915">CVE-2026-0915</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0964">CVE-2026-0964</a></td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0965">CVE-2026-0965</a></td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0966">CVE-2026-0966</a></td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0967">CVE-2026-0967</a></td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0968">CVE-2026-0968</a></td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-22795">CVE-2026-22795</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Low (5.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-22796">CVE-2026-22796</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Low (5.3)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-24051">CVE-2026-24051</a></td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (7.0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-25679">CVE-2026-25679</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">High (7.5)</td>
</tr>
</tbody>
</table>
<h3>Security</h3>
<p>The following images are now rolling out for managed Cloud Service Mesh:</p>
<ul>
<li>Sidecar version 1.21.6-asm.16 is rolling out to the rapid release channel.</li>
<li>Sidecar version 1.20.8-asm.68 is rolling out to the regular release channel.</li>
<li>Sidecar version 1.19.10-asm.61 is rolling out to the stable release channel.</li>
<li>CNI and managed data plane controller version 1.23.6-asm.31 is rolling out to
all release channels.</li>
</ul>
<p>These rollouts will preempt those <a href="#February_09_2026">previously announced on February 9, 2026</a>.</p>
<p>Managed Cloud Service Mesh will start using proxy version csm_mesh_proxy.20260304_RC00 for Gateway API on GKE clusters for all channels. This proxy version maps closest to Envoy version 1.37.</p>
<p>These patch releases contain the fixes for the vulnerabilities listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-013">GCP-2026-013</a>
as well as fixes for the following platform CVEs:</p>
<table>
<thead>
<tr>
<th style="text-align: left">CVE</th>
<th style="text-align: center">Proxy</th>
<th style="text-align: center">Control Plane</th>
<th style="text-align: center">Distroless</th>
<th style="text-align: center">CNI</th>
<th style="text-align: center">MDPC</th>
<th style="text-align: left">Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61726">CVE-2025-61726</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">High (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61728">CVE-2025-61728</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Medium (6.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61730">CVE-2025-61730</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Medium (5.3)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61731">CVE-2025-61731</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">High (7.8)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-61732">CVE-2025-61732</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">High (8.6)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-68121">CVE-2025-68121</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Critical (10)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-68160">CVE-2025-68160</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Low (4.7)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69418">CVE-2025-69418</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Low (4.0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69419">CVE-2025-69419</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Low (7.4)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69420">CVE-2025-69420</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-69421">CVE-2025-69421</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Low (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-8277">CVE-2025-8277</a></td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-9820">CVE-2025-9820</a></td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low (4.0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-14831">CVE-2025-14831</a></td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium (5.3)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-15281">CVE-2025-15281</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2025-15467">CVE-2025-15467</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Medium (9.8)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0861">CVE-2026-0861</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Medium (8.4)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0915">CVE-2026-0915</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Medium (7.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0964">CVE-2026-0964</a></td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0965">CVE-2026-0965</a></td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0966">CVE-2026-0966</a></td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Low</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0967">CVE-2026-0967</a></td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-0968">CVE-2026-0968</a></td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">Medium</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-22795">CVE-2026-22795</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Low (5.5)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-22796">CVE-2026-22796</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">No</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">Low (5.3)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-24051">CVE-2026-24051</a></td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: left">High (7.0)</td>
</tr>
<tr>
<td style="text-align: left"><a href="https://ubuntu.com/security/CVE-2026-25679">CVE-2026-25679</a></td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">Yes</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: center">-</td>
<td style="text-align: left">High (7.5)</td>
</tr>
</tbody>
</table>
]]>
    </content>
  </entry>

  <entry>
    <title>February 18, 2026</title>
    <id>tag:google.com,2016:servicemesh-release-notes#February_18_2026</id>
    <updated>2026-02-18T00:00:00-08:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#February_18_2026"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Announcement</h3>
<p>CNI and managed data plane controller version 1.23.6-asm.28 is rolling out to all
release channels.</p>
<p>While the managed data plane automatically updates Envoy Proxies by restarting
workloads, you must manually restart any StatefulSets and Jobs.</p>
<p>This patch includes the fix for the following CVEs:</p>
<table>
<thead>
<tr>
<th>Name</th>
<th>CNI</th>
<th>MDPC</th>
<th>Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2017-11164">CVE-2017-11164</a></td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2022-27943">CVE-2022-27943</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2022-41409">CVE-2022-41409</a></td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2022-4899">CVE-2022-4899</a></td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2023-29383">CVE-2023-29383</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Low (3.3)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2023-34969">CVE-2023-34969</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2023-50495">CVE-2023-50495</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2023-7008">CVE-2023-7008</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.9)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2024-41996">CVE-2024-41996</a></td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-8114">CVE-2025-8114</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (4.7)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-9086">CVE-2025-9086</a></td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
</tbody>
</table>
<h3>Announcement</h3>
<p>CNI and managed data plane controller version 1.23.6-asm.28 is rolling out to all
release channels.</p>
<p>While the managed data plane automatically updates Envoy Proxies by restarting
workloads, you must manually restart any StatefulSets and Jobs.</p>
<p>This patch includes the fix for the following CVEs:</p>
<table>
<thead>
<tr>
<th>Name</th>
<th>CNI</th>
<th>MDPC</th>
<th>Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2017-11164">CVE-2017-11164</a></td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2022-27943">CVE-2022-27943</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2022-41409">CVE-2022-41409</a></td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2022-4899">CVE-2022-4899</a></td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2023-29383">CVE-2023-29383</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Low (3.3)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2023-34969">CVE-2023-34969</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2023-50495">CVE-2023-50495</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2023-7008">CVE-2023-7008</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (5.9)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2024-41996">CVE-2024-41996</a></td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-8114">CVE-2025-8114</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Medium (4.7)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-9086">CVE-2025-9086</a></td>
<td>Yes</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
</tbody>
</table>
]]>
    </content>
  </entry>

  <entry>
    <title>February 09, 2026</title>
    <id>tag:google.com,2016:servicemesh-release-notes#February_09_2026</id>
    <updated>2026-02-09T00:00:00-08:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#February_09_2026"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Announcement</h3>
<p>The following images are now rolling out for managed Cloud Service Mesh:</p>
<ul>
<li>1.21.6-asm.10 is rolling out to the rapid release channel.</li>
<li>1.20.8-asm.63 is rolling out to the regular release channel.</li>
<li>1.19.10-asm.57 is rolling out to the stable release channel.</li>
</ul>
<p>These patch releases contain the fixes for the following managed Cloud Service Mesh CVEs:</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>CNI</th>
<th>Distroless</th>
<th>Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61729">CVE-2025-61729</a></td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://pkg.go.dev/vuln/GO-2025-4175">CVE-2025-61727</a></td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2024-41996">CVE-2024-41996</a></td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-9086">CVE-2025-9086</a></td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2021-46848">CVE-2021-46848</a></td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
<td>Yes</td>
<td>Critical (9.1)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-13151">CVE-2025-13151</a></td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-68973">CVE-2025-68973</a></td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
<td>Yes</td>
<td>High (7.8)</td>
</tr>
</tbody>
</table>
<h3>Announcement</h3>
<p>The following images are now rolling out for managed Cloud Service Mesh:</p>
<ul>
<li>1.21.6-asm.10 is rolling out to the rapid release channel.</li>
<li>1.20.8-asm.63 is rolling out to the regular release channel.</li>
<li>1.19.10-asm.57 is rolling out to the stable release channel.</li>
</ul>
<p>These patch releases contain the fixes for the following managed Cloud Service Mesh CVEs:</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>CNI</th>
<th>Distroless</th>
<th>Severity</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61729">CVE-2025-61729</a></td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="https://pkg.go.dev/vuln/GO-2025-4175">CVE-2025-61727</a></td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
<td>Yes</td>
<td>Medium (6.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2024-41996">CVE-2024-41996</a></td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-9086">CVE-2025-9086</a></td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2021-46848">CVE-2021-46848</a></td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
<td>Yes</td>
<td>Critical (9.1)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-13151">CVE-2025-13151</a></td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
<td>Yes</td>
<td>High (7.5)</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-68973">CVE-2025-68973</a></td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
<td>Yes</td>
<td>High (7.8)</td>
</tr>
</tbody>
</table>
]]>
    </content>
  </entry>

  <entry>
    <title>January 20, 2026</title>
    <id>tag:google.com,2016:servicemesh-release-notes#January_20_2026</id>
    <updated>2026-01-20T00:00:00-08:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#January_20_2026"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">1.27.x</strong>
<h3>Announcement</h3>
<p><strong>1.28.2-asm.4 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>You can now download 1.28.2-asm.4 for in-cluster Cloud Service Mesh. It includes the features of <a href="https://istio.io/latest/news/releases/1.28.x/announcing-1.28/">Istio 1.28.0</a> subject to the list of <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/supported-features-in-cluster">supported features</a>.</p>
<p>The following environment variables, fields, and annotations are not supported:</p>
<ul>
<li><code>PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY</code></li>
<li>Additional attributes for <code>HTTPCookie</code> in the DestinationRule API</li>
<li><code>caCertCredentialName</code> field in ServerTLSSettings API</li>
<li>Optional <code>NetworkPolicy</code> for Istiod deployment</li>
<li>Disable shadow host suffix</li>
<li><code>MAX_CONNECTIONS_PER_SOCKET_EVENT_LOOP</code></li>
</ul>
<p>Istio dual stack is not supported</p>
<p>Istio's experimental feature to enable lazy subset creation of envoy statistics
is not supported.</p>
<p>The <code>ENABLE_AUTO_SNI</code> flag is still supported to stay aligned with legacy
behavior.</p>
<p>For details on upgrading Cloud Service Mesh, see <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh version 1.28.2-asm.4 uses Envoy v1.36.5-dev.</p>
<h3>Announcement</h3>
<p><strong>1.28.2-asm.4 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>You can now download 1.28.2-asm.4 for in-cluster Cloud Service Mesh. It includes the features of <a href="https://istio.io/latest/news/releases/1.28.x/announcing-1.28/">Istio 1.28.0</a> subject to the list of <a href="https://docs.cloud.google.com/service-mesh/docs/supported-features-in-cluster">supported features</a>.</p>
<p>The following environment variables, fields, and annotations are not supported:</p>
<ul>
<li><code>PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY</code></li>
<li>Additional attributes for <code>HTTPCookie</code> in the DestinationRule API</li>
<li><code>caCertCredentialName</code> field in ServerTLSSettings API</li>
<li>Optional <code>NetworkPolicy</code> for Istiod deployment</li>
<li>Disable shadow host suffix</li>
<li><code>MAX_CONNECTIONS_PER_SOCKET_EVENT_LOOP</code></li>
</ul>
<p>Istio dual stack is not supported</p>
<p>Istio's experimental feature to enable lazy subset creation of envoy statistics
is not supported.</p>
<p>The <code>ENABLE_AUTO_SNI</code> flag is still supported to stay aligned with legacy
behavior.</p>
<p>For details on upgrading Cloud Service Mesh, see <a href="https://docs.cloud.google.com/service-mesh/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh version 1.28.2-asm.4 uses Envoy v1.36.5-dev.</p>
<h3>Announcement</h3>
<p><strong>1.27.5-asm.0 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>You can now download 1.27.5-asm.0 for in-cluster Cloud Service Mesh. It includes
the features of
<a href="https://istio.io/latest/news/releases/1.27.x/announcing-1.27.5/">Istio 1.27.5</a>
subject to the list of <a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/supported-features-in-cluster">supported features</a>.
Cloud Service Mesh version 1.27.5-asm.0 uses envoy v1.35.9-dev.</p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>.</p>
<h3>Announcement</h3>
<p><strong>1.27.5-asm.0 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>You can now download 1.27.5-asm.0 for in-cluster Cloud Service Mesh. It includes
the features of
<a href="https://istio.io/latest/news/releases/1.27.x/announcing-1.27.5/">Istio 1.27.5</a>
subject to the list of <a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/supported-features-in-cluster">supported features</a>.
Cloud Service Mesh version 1.27.5-asm.0 uses envoy v1.35.9-dev.</p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>.</p>
<strong class="release-note-product-version-title">1.26.x</strong>
<h3>Announcement</h3>
<p><strong>1.26.8-asm.1 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>You can now download 1.26.8-asm.1 for in-cluster Cloud Service Mesh. It includes
the features of
<a href="https://istio.io/latest/news/releases/1.26.x/announcing-1.26.8/">Istio 1.26.8</a>
subject to the list of <a href="https://docs.cloud.google.com/service-mesh/v1.26/docs/supported-features-in-cluster">supported features</a>.
Cloud Service Mesh version 1.26.8-asm.1 uses envoy v1.34.11.</p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.26/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>.</p>
<h3>Announcement</h3>
<p><strong>1.26.8-asm.1 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>You can now download 1.26.8-asm.1 for in-cluster Cloud Service Mesh. It includes
the features of
<a href="https://istio.io/latest/news/releases/1.26.x/announcing-1.26.8/">Istio 1.26.8</a>
subject to the list of <a href="https://docs.cloud.google.com/service-mesh/v1.26/docs/supported-features-in-cluster">supported features</a>.
Cloud Service Mesh version 1.26.8-asm.1 uses envoy v1.34.11.</p>
<p>For details on upgrading Cloud Service Mesh, see
<a href="https://docs.cloud.google.com/service-mesh/v1.26/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>.</p>
<strong class="release-note-product-version-title">1.25.x</strong>
<h3>Announcement</h3>
<p>In-cluster Cloud Service Mesh 1.25 is no longer supported. For more information and to view the earliest end-of-life dates for other versions, see <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/supported-features-in-cluster#supported_versions">Supported versions</a>.</p>
<h3>Announcement</h3>
<p>In-cluster Cloud Service Mesh 1.25 is no longer supported. For more information and to view the earliest end-of-life dates for other versions, see <a href="https://docs.cloud.google.com/service-mesh/docs/supported-features-in-cluster#supported_versions">Supported versions</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>January 15, 2026</title>
    <id>tag:google.com,2016:servicemesh-release-notes#January_15_2026</id>
    <updated>2026-01-15T00:00:00-08:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#January_15_2026"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Announcement</h3>
<p>The following images are now rolling out for managed Cloud Service Mesh:</p>
<ul>
<li>1.21.6-asm.8 is rolling out to the rapid release channel.</li>
<li>1.20.8-asm.60 is rolling out to the regular release channel.</li>
<li>1.19.10-asm.55 is rolling out to the stable release channel.</li>
</ul>
<p>These patch releases contain the fixes for the following managed Cloud Service Mesh CVEs:</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>CNI</th>
<th>Distroless</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61729">CVE-2025-61729</a></td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-61727">CVE-2025-61727</a></td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
<td>Yes</td>
</tr>
</tbody>
</table>
<h3>Announcement</h3>
<p>The following images are now rolling out for managed Cloud Service Mesh:</p>
<ul>
<li>1.21.6-asm.8 is rolling out to the rapid release channel.</li>
<li>1.20.8-asm.60 is rolling out to the regular release channel.</li>
<li>1.19.10-asm.55 is rolling out to the stable release channel.</li>
</ul>
<p>These patch releases contain the fixes for the following managed Cloud Service Mesh CVEs:</p>
<table>
<thead>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>CNI</th>
<th>Distroless</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-61729">CVE-2025-61729</a></td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-61727">CVE-2025-61727</a></td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
<td>Yes</td>
</tr>
</tbody>
</table>
]]>
    </content>
  </entry>

  <entry>
    <title>December 15, 2025</title>
    <id>tag:google.com,2016:servicemesh-release-notes#December_15_2025</id>
    <updated>2025-12-15T00:00:00-08:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#December_15_2025"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Announcement</h3>
<p>Regional Cloud Service Mesh is now available as a public preview feature. See
<a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/regional-cloud-service-mesh">Regional Cloud Service Mesh</a>
for more information.</p>
<h3>Announcement</h3>
<p>Regional Cloud Service Mesh is now available as a public preview feature. See
<a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/regional-cloud-service-mesh">Regional Cloud Service Mesh</a>
for more information.</p>
<h3>Announcement</h3>
<p>Regional Cloud Service Mesh is now available as a public preview feature. See
<a href="https://docs.cloud.google.com/service-mesh/docs/regional-cloud-service-mesh">Regional Cloud Service Mesh</a>
for more information.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>December 04, 2025</title>
    <id>tag:google.com,2016:servicemesh-release-notes#December_04_2025</id>
    <updated>2025-12-04T00:00:00-08:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#December_04_2025"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Announcement</h3>
<p>Managed Cloud Service Mesh will start using proxy version
<code>csm_mesh_proxy.20251121c_RC00</code> for Gateway API on GKE clusters. This proxy
version maps closest to Envoy version 1.37. This change is rolling out to all
release channels and contains the fix for the managed Cloud Service Mesh
security vulnerability listed in <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/security-bulletins#gcp-2025-073">GCP-2025-073</a>.</p>
<h3>Announcement</h3>
<p>Managed Cloud Service Mesh will start using proxy version
<code>csm_mesh_proxy.20251121c_RC00</code> for Gateway API on GKE clusters. This proxy
version maps closest to Envoy version 1.37. This change is rolling out to all
release channels and contains the fix for the managed Cloud Service Mesh
security vulnerability listed in [GCP-2025-073](/service-mesh/v1.27/docs/security-bulletins#gcp-2025-073.</p>
<h3>Announcement</h3>
<p>Managed Cloud Service Mesh will start using proxy version
<code>csm_mesh_proxy.20251121c_RC00</code> for Gateway API on GKE clusters. This proxy
version maps closest to Envoy version 1.37. This change is rolling out to all
release channels and contains the fix for the managed Cloud Service Mesh
security vulnerability listed in <a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2025-073">GCP-2025-073</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>December 03, 2025</title>
    <id>tag:google.com,2016:servicemesh-release-notes#December_03_2025</id>
    <updated>2025-12-03T00:00:00-08:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#December_03_2025"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Security</h3>
<p>The following images are now rolling out for managed Cloud Service Mesh:</p>
<ul>
<li>1.21.6-asm.7 is rolling out to the rapid release channel.</li>
<li>1.20.8-asm.59 is rolling out to the regular release channel.</li>
<li>1.19.10-asm.54 is rolling out to the stable release channel.</li>
</ul>
<p>These patch releases contain the fix for the managed Cloud Service Mesh security vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/security-bulletins#gcp-2025-073">GCP-2025-073</a>.</p>
<h3>Security</h3>
<p>The following images are now rolling out for managed Cloud Service Mesh:</p>
<ul>
<li>1.21.6-asm.7 is rolling out to the rapid release channel.</li>
<li>1.20.8-asm.59 is rolling out to the regular release channel.</li>
<li>1.19.10-asm.54 is rolling out to the stable release channel.</li>
</ul>
<p>These patch releases contain the fix for the managed Cloud Service Mesh security vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/security-bulletins#gcp-2025-073">GCP-2025-073</a>.</p>
<h3>Security</h3>
<p>The following images are now rolling out for managed Cloud Service Mesh:</p>
<ul>
<li>1.21.6-asm.7 is rolling out to the rapid release channel.</li>
<li>1.20.8-asm.59 is rolling out to the regular release channel.</li>
<li>1.19.10-asm.54 is rolling out to the stable release channel.</li>
</ul>
<p>These patch releases contain the fix for the managed Cloud Service Mesh security vulnerability listed in
<a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2025-073">GCP-2025-073</a>.</p>
<strong class="release-note-product-version-title">1.25.x</strong>
<h3>Security</h3>
<p><strong>1.25.6-asm.1 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/security-bulletins#gcp-2025-073">GCP-2025-073</a>. For details on upgrading Cloud Service Mesh, refer to <a href="https://docs.cloud.google.com/service-mesh/v1.25/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh v1.25.6-asm.1 uses Envoy v1.33.13.</p>
<h3>Security</h3>
<p><strong>1.25.6-asm.1 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in <a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/security-bulletins#gcp-2025-073">GCP-2025-073</a>. For details on upgrading Cloud Service Mesh, refer to <a href="https://docs.cloud.google.com/service-mesh/v1.25/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh v1.25.6-asm.1 uses Envoy v1.33.13.</p>
<h3>Security</h3>
<p><strong>1.25.6-asm.1 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in <a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2025-073">GCP-2025-073</a>. For details on upgrading Cloud Service Mesh, refer to <a href="https://docs.cloud.google.com/service-mesh/v1.25/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh v1.25.6-asm.1 uses Envoy v1.33.13.</p>
<strong class="release-note-product-version-title">1.27.x</strong>
<h3>Security</h3>
<p><strong>1.27.4-asm.1 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/security-bulletins#gcp-2025-073">GCP-2025-073</a>. For details on upgrading Cloud Service Mesh, refer to <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh v1.27.4-asm.1 uses Envoy v1.35.7.</p>
<h3>Security</h3>
<p><strong>1.27.4-asm.1 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in <a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/security-bulletins#gcp-2025-073">GCP-2025-073</a>. For details on upgrading Cloud Service Mesh, refer to <a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh v1.27.4-asm.1 uses Envoy v1.35.7.</p>
<h3>Security</h3>
<p><strong>1.27.4-asm.1 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in <a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2025-073">GCP-2025-073</a>. For details on upgrading Cloud Service Mesh, refer to <a href="https://docs.cloud.google.com/service-mesh/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh v1.27.4-asm.1 uses Envoy v1.35.7.</p>
<strong class="release-note-product-version-title">1.26.x</strong>
<h3>Security</h3>
<p><strong>1.26.7-asm.1 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/security-bulletins#gcp-2025-073">GCP-2025-073</a>. For details on upgrading Cloud Service Mesh, refer to <a href="https://docs.cloud.google.com/service-mesh/v1.26/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh v1.26.7-asm.1 uses Envoy v1.34.11.</p>
<h3>Security</h3>
<p><strong>1.26.7-asm.1 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in <a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/security-bulletins#gcp-2025-073">GCP-2025-073</a>. For details on upgrading Cloud Service Mesh, refer to <a href="https://docs.cloud.google.com/service-mesh/v1.26/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh v1.26.7-asm.1 uses Envoy v1.34.11.</p>
<h3>Security</h3>
<p><strong>1.26.7-asm.1 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in <a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2025-073">GCP-2025-073</a>. For details on upgrading Cloud Service Mesh, refer to <a href="https://docs.cloud.google.com/service-mesh/v1.26/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh v1.26.7-asm.1 uses Envoy v1.34.11.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>November 18, 2025</title>
    <id>tag:google.com,2016:servicemesh-release-notes#November_18_2025</id>
    <updated>2025-11-18T00:00:00-08:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#November_18_2025"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Announcement</h3>
<p>The following rollouts have completed for managed Cloud Service Mesh:</p>
<ul>
<li>1.21.6-asm.4 has rolled out to the rapid release channel.</li>
<li>1.20.8-asm.56 has rolled out to the regular release channel.</li>
<li>1.19.10-asm.52 has rolled out to the stable release channel.</li>
<li>CNI and MDPC version 1.20.8-asm.56 has rolled out to all release channels.</li>
</ul>
<p>While the managed data plane automatically updates Envoy Proxies by restarting
workloads, you must manually restart any StatefulSets and Jobs.</p>
<h3>Announcement</h3>
<p>The following rollouts have completed for managed Cloud Service Mesh:</p>
<ul>
<li>1.21.6-asm.4 has rolled out to the rapid release channel.</li>
<li>1.20.8-asm.56 has rolled out to the regular release channel.</li>
<li>1.19.10-asm.52 has rolled out to the stable release channel.</li>
<li>CNI and MDPC version 1.20.8-asm.56 has rolled out to all release channels.</li>
</ul>
<p>While the managed data plane automatically updates Envoy Proxies by restarting
workloads, you must manually restart any StatefulSets and Jobs.</p>
<h3>Announcement</h3>
<p>The following rollouts have completed for managed Cloud Service Mesh:</p>
<ul>
<li>1.21.6-asm.4 has rolled out to the rapid release channel.</li>
<li>1.20.8-asm.56 has rolled out to the regular release channel.</li>
<li>1.19.10-asm.52 has rolled out to the stable release channel.</li>
<li>CNI and MDPC version 1.20.8-asm.56 has rolled out to all release channels.</li>
</ul>
<p>While the managed data plane automatically updates Envoy Proxies by restarting
workloads, you must manually restart any StatefulSets and Jobs.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>October 28, 2025</title>
    <id>tag:google.com,2016:servicemesh-release-notes#October_28_2025</id>
    <updated>2025-10-28T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#October_28_2025"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">1.25.x</strong>
<h3>Security</h3>
<p><strong>1.25.5-asm.9 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/security-bulletins#gcp-2025-064">GCP-2025-064</a>. For details on upgrading Cloud Service Mesh, refer to <a href="https://docs.cloud.google.com/service-mesh/v1.25/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh v1.25.5-asm.9 uses Envoy v1.33.12.</p>
<h3>Security</h3>
<p><strong>1.25.5-asm.9 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in <a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/security-bulletins#gcp-2025-064">GCP-2025-064</a>. For details on upgrading Cloud Service Mesh, refer to <a href="https://docs.cloud.google.com/service-mesh/v1.25/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh v1.25.5-asm.9 uses Envoy v1.33.12.</p>
<h3>Security</h3>
<p><strong>1.25.5-asm.9 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in <a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2025-064">GCP-2025-064</a>. For details on upgrading Cloud Service Mesh, refer to <a href="https://docs.cloud.google.com/service-mesh/v1.25/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh v1.25.5-asm.9 uses Envoy v1.33.12.</p>
<strong class="release-note-product-version-title">1.27.x</strong>
<h3>Security</h3>
<p><strong>1.27.2-asm.1 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/security-bulletins#gcp-2025-064">GCP-2025-064</a>. For details on upgrading Cloud Service Mesh, refer to <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh v1.27.2-asm.1 uses Envoy v1.35.6.</p>
<h3>Security</h3>
<p><strong>1.27.2-asm.1 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in <a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/security-bulletins#gcp-2025-064">GCP-2025-064</a>. For details on upgrading Cloud Service Mesh, refer to <a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh v1.27.2-asm.1 uses Envoy v1.35.6.</p>
<h3>Security</h3>
<p><strong>1.27.2-asm.1 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in <a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2025-064">GCP-2025-064</a>. For details on upgrading Cloud Service Mesh, refer to <a href="https://docs.cloud.google.com/service-mesh/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh v1.27.2-asm.1 uses Envoy v1.35.6.</p>
<strong class="release-note-product-version-title">1.26.x</strong>
<h3>Security</h3>
<p><strong>1.26.5-asm.1 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/security-bulletins#gcp-2025-064">GCP-2025-064</a>. For details on upgrading Cloud Service Mesh, refer to <a href="https://docs.cloud.google.com/service-mesh/v1.26/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh v1.26.5-asm.1 uses Envoy v1.34.10.</p>
<h3>Security</h3>
<p><strong>1.26.5-asm.1 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in <a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/security-bulletins#gcp-2025-064">GCP-2025-064</a>. For details on upgrading Cloud Service Mesh, refer to <a href="https://docs.cloud.google.com/service-mesh/v1.26/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh v1.26.5-asm.1 uses Envoy v1.34.10.</p>
<h3>Security</h3>
<p><strong>1.26.5-asm.1 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>This patch release contains fixes for the security vulnerabilities listed in <a href="https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2025-064">GCP-2025-064</a>. For details on upgrading Cloud Service Mesh, refer to <a href="https://docs.cloud.google.com/service-mesh/v1.26/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh v1.26.5-asm.1 uses Envoy v1.34.10.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>October 27, 2025</title>
    <id>tag:google.com,2016:servicemesh-release-notes#October_27_2025</id>
    <updated>2025-10-27T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#October_27_2025"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Fixed</h3>
<p>These patches contain fixes for the following CVEs:</p>
<p><strong>1.21.6-asm.4</strong></p>
<table>
<thead>
<tr>
<th>Name</th>
<th>Envoy Proxy</th>
<th>Envoy Proxy Distroless</th>
<th>Control plane</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-4802">CVE-2025-4802</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-8058">CVE-2025-8058 </a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2023-4039">CVE-2023-4039</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2024-10041">CVE-2024-10041</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32988">CVE-2025-32988</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-6395">CVE-2025-6395</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-48964">CVE-2025-48964</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32989">CVE-2025-32989</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-47268">CVE-2025-47268</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-40909">CVE-2025-40909</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32990">CVE-2025-32990</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
</tbody>
</table>
<p><strong>1.20.8-asm.55</strong></p>
<table>
<thead>
<tr>
<th>Name</th>
<th>Envoy Proxy</th>
<th>Envoy Proxy Distroless</th>
<th>Control plane</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-4813">CVE-2023-4813</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-8058">CVE-2025-8058</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-4806">CVE-2023-4806</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32989">CVE-2025-32989</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32988">CVE-2025-32988</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-48964">CVE-2025-48964</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2024-10041">CVE-2024-10041</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-40909">CVE-2025-40909</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32990">CVE-2025-32990</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-47268">CVE-2025-47268</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-6395">CVE-2025-6395</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2023-4039">CVE-2023-4039</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
</tbody>
</table>
<p><strong>1.19.10-asm.52</strong></p>
<table>
<thead>
<tr>
<th>Name</th>
<th>Envoy Proxy</th>
<th>Envoy Proxy Distroless</th>
<th>Control plane</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-4813">CVE-2023-4813</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-8058">CVE-2025-8058</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-4806">CVE-2023-4806</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32989">CVE-2025-32989</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-48964">CVE-2025-48964</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2024-10041">CVE-2024-10041</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32988">CVE-2025-32988</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-40909">CVE-2025-40909</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32990">CVE-2025-32990</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-47268">CVE-2025-47268</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-6395">CVE-2025-6395</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2023-4039">CVE-2023-4039</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
</tbody>
</table>
<p><strong>CNI &amp; MDPC</strong></p>
<table>
<thead>
<tr>
<th>Name</th>
<th>CNI</th>
<th>MDPC</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2024-56406">CVE-2024-56406</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-1372">CVE-2025-1372</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-46836">CVE-2025-46836</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-30258">CVE-2025-30258</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2023-4039">CVE-2023-4039</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-4802">CVE-2025-4802</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-1377">CVE-2025-1377</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-4598">CVE-2025-4598</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-3576">CVE-2025-3576</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</tbody>
</table>
<h3>Announcement</h3>
<p>The following images are now rolling out for managed Cloud Service Mesh:</p>
<ul>
<li>1.21.6-asm.4 is rolling out to the rapid release channel.</li>
<li>1.20.8-asm.56 is rolling out to the regular release channel.</li>
<li>1.19.10-asm.52 is rolling out to the stable release channel.</li>
</ul>
<p>CNI/managed data plane controller version 1.20.8-asm.56 is rolling out to all release channels.</p>
<h3>Fixed</h3>
<p>These patches contain fixes for the following CVEs:</p>
<p><strong>1.21.6-asm.4</strong></p>
<table>
<thead>
<tr>
<th>Name</th>
<th>Envoy Proxy</th>
<th>Envoy Proxy Distroless</th>
<th>Control plane</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-4802">CVE-2025-4802</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-8058">CVE-2025-8058 </a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2023-4039">CVE-2023-4039</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2024-10041">CVE-2024-10041</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32988">CVE-2025-32988</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-6395">CVE-2025-6395</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-48964">CVE-2025-48964</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32989">CVE-2025-32989</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-47268">CVE-2025-47268</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-40909">CVE-2025-40909</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32990">CVE-2025-32990</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
</tbody>
</table>
<p><strong>1.20.8-asm.55</strong></p>
<table>
<thead>
<tr>
<th>Name</th>
<th>Envoy Proxy</th>
<th>Envoy Proxy Distroless</th>
<th>Control plane</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-4813">CVE-2023-4813</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-8058">CVE-2025-8058</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-4806">CVE-2023-4806</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32989">CVE-2025-32989</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32988">CVE-2025-32988</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-48964">CVE-2025-48964</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2024-10041">CVE-2024-10041</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-40909">CVE-2025-40909</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32990">CVE-2025-32990</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-47268">CVE-2025-47268</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-6395">CVE-2025-6395</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2023-4039">CVE-2023-4039</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
</tbody>
</table>
<p><strong>1.19.10-asm.52</strong></p>
<table>
<thead>
<tr>
<th>Name</th>
<th>Envoy Proxy</th>
<th>Envoy Proxy Distroless</th>
<th>Control plane</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-4813">CVE-2023-4813</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-8058">CVE-2025-8058</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-4806">CVE-2023-4806</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32989">CVE-2025-32989</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-48964">CVE-2025-48964</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2024-10041">CVE-2024-10041</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32988">CVE-2025-32988</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-40909">CVE-2025-40909</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32990">CVE-2025-32990</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-47268">CVE-2025-47268</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-6395">CVE-2025-6395</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2023-4039">CVE-2023-4039</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
</tbody>
</table>
<p><strong>CNI &amp; MDPC</strong></p>
<table>
<thead>
<tr>
<th>Name</th>
<th>CNI</th>
<th>MDPC</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2024-56406">CVE-2024-56406</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-1372">CVE-2025-1372</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-46836">CVE-2025-46836</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-30258">CVE-2025-30258</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2023-4039">CVE-2023-4039</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-4802">CVE-2025-4802</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-1377">CVE-2025-1377</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-4598">CVE-2025-4598</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-3576">CVE-2025-3576</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</tbody>
</table>
<h3>Announcement</h3>
<p>The following images are now rolling out for managed Cloud Service Mesh:</p>
<ul>
<li>1.21.6-asm.4 is rolling out to the rapid release channel.</li>
<li>1.20.8-asm.56 is rolling out to the regular release channel.</li>
<li>1.19.10-asm.52 is rolling out to the stable release channel.</li>
</ul>
<p>CNI/managed data plane controller version 1.20.8-asm.56 is rolling out to all release channels.</p>
<h3>Fixed</h3>
<p>These patches contain fixes for the following CVEs:</p>
<p><strong>1.21.6-asm.4</strong></p>
<table>
<thead>
<tr>
<th>Name</th>
<th>Envoy Proxy</th>
<th>Envoy Proxy Distroless</th>
<th>Control plane</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-4802">CVE-2025-4802</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-8058">CVE-2025-8058 </a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2023-4039">CVE-2023-4039</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2024-10041">CVE-2024-10041</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32988">CVE-2025-32988</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-6395">CVE-2025-6395</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-48964">CVE-2025-48964</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32989">CVE-2025-32989</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-47268">CVE-2025-47268</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-40909">CVE-2025-40909</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32990">CVE-2025-32990</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
</tbody>
</table>
<p><strong>1.20.8-asm.55</strong></p>
<table>
<thead>
<tr>
<th>Name</th>
<th>Envoy Proxy</th>
<th>Envoy Proxy Distroless</th>
<th>Control plane</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-4813">CVE-2023-4813</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-8058">CVE-2025-8058</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-4806">CVE-2023-4806</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32989">CVE-2025-32989</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32988">CVE-2025-32988</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-48964">CVE-2025-48964</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2024-10041">CVE-2024-10041</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-40909">CVE-2025-40909</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32990">CVE-2025-32990</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-47268">CVE-2025-47268</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-6395">CVE-2025-6395</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2023-4039">CVE-2023-4039</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
</tbody>
</table>
<p><strong>1.19.10-asm.52</strong></p>
<table>
<thead>
<tr>
<th>Name</th>
<th>Envoy Proxy</th>
<th>Envoy Proxy Distroless</th>
<th>Control plane</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-4813">CVE-2023-4813</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-8058">CVE-2025-8058</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2023-4806">CVE-2023-4806</a></td>
<td>-</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32989">CVE-2025-32989</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-48964">CVE-2025-48964</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2024-10041">CVE-2024-10041</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32988">CVE-2025-32988</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-40909">CVE-2025-40909</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-32990">CVE-2025-32990</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-47268">CVE-2025-47268</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2025-6395">CVE-2025-6395</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/%7Eubuntu-security/cve/CVE-2023-4039">CVE-2023-4039</a></td>
<td>Yes</td>
<td>-</td>
<td>-</td>
</tr>
</tbody>
</table>
<p><strong>CNI &amp; MDPC</strong></p>
<table>
<thead>
<tr>
<th>Name</th>
<th>CNI</th>
<th>MDPC</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2024-56406">CVE-2024-56406</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-1372">CVE-2025-1372</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-46836">CVE-2025-46836</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-30258">CVE-2025-30258</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2023-4039">CVE-2023-4039</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-4802">CVE-2025-4802</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-1377">CVE-2025-1377</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-4598">CVE-2025-4598</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-3576">CVE-2025-3576</a></td>
<td>Yes</td>
<td>Yes</td>
</tr>
</tbody>
</table>
<h3>Announcement</h3>
<p>The following images are now rolling out for managed Cloud Service Mesh:</p>
<ul>
<li>1.21.6-asm.4 is rolling out to the rapid release channel.</li>
<li>1.20.8-asm.56 is rolling out to the regular release channel.</li>
<li>1.19.10-asm.52 is rolling out to the stable release channel.</li>
</ul>
<p>CNI/managed data plane controller version 1.20.8-asm.56 is rolling out to all release channels.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>October 16, 2025</title>
    <id>tag:google.com,2016:servicemesh-release-notes#October_16_2025</id>
    <updated>2025-10-16T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#October_16_2025"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Announcement</h3>
<p>The promotion of <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/release-notes#May_06_2025">1.21 to the Rapid release channel</a> included upstream breaking changes to <a href="https://istio.io/latest/news/releases/1.21.x/announcing-1.21/upgrade-notes/#externalname-support-changes">ExternalName</a> and <a href="https://istio.io/latest/news/releases/1.21.x/announcing-1.21/upgrade-notes/#default-value-of-the-feature-flag-enable_auto_sni-to-true">auto-sni</a> when using the <code>ISTIOD</code> <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/check-control-plane-implementation">implementation</a>. After considering the impact on customers, we have decided to restore the previous behavior from 1.20 and earlier for managed Cloud Service Mesh clusters using the <code>ISTIOD</code> implementation to match Rapid clusters using the <code>TRAFFIC_DIRECTOR</code> implementation. These changes are rolling out to the Rapid release channel in version 1.21.5-asm.55 or later.</p>
<ul>
<li><p>If you are using an <code>ExternalName</code> service in the Rapid channel without a port description, the <code>ExternalName</code> service will not be translated into <code>Cluster</code> in the Envoy configuration. If the <code>ExternalName</code> service is a destination of <code>VirtualService</code> or <code>ExternalName</code> service is used with <code>REGISTRY_ONLY</code> mode, you must specify the port in the service like in 1.20 and earlier.</p></li>
<li><p>If you have an external service multiplexing traffic based on SNI but the corresponding <code>DestinationRule</code> doesn't have an explicit SNI, you must <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/troubleshooting/troubleshoot-security#explicit_sni_setup">set SNI properly</a>.</p></li>
</ul>
<h3>Announcement</h3>
<p>The promotion of <a href="https://docs.cloud.google.com/service-mesh/docs/release-notes#May_06_2025">1.21 to the Rapid release channel</a> included upstream breaking changes to <a href="https://istio.io/latest/news/releases/1.21.x/announcing-1.21/upgrade-notes/#externalname-support-changes">ExternalName</a> and <a href="https://istio.io/latest/news/releases/1.21.x/announcing-1.21/upgrade-notes/#default-value-of-the-feature-flag-enable_auto_sni-to-true">auto-sni</a> when using the <code>ISTIOD</code> <a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/check-control-plane-implementation">implementation</a>. After considering the impact on customers, we have decided to restore the previous behavior from 1.20 and earlier for managed Cloud Service Mesh clusters using the <code>ISTIOD</code> implementation to match Rapid clusters using the <code>TRAFFIC_DIRECTOR</code> implementation. These changes are rolling out to the Rapid release channel in version 1.21.5-asm.55 or later.</p>
<ul>
<li><p>If you are using an <code>ExternalName</code> service in the Rapid channel without a port description, the <code>ExternalName</code> service will not be translated into <code>Cluster</code> in the Envoy configuration. If the <code>ExternalName</code> service is a destination of <code>VirtualService</code> or <code>ExternalName</code> service is used with <code>REGISTRY_ONLY</code> mode, you must specify the port in the service like in 1.20 and earlier.</p></li>
<li><p>If you have an external service multiplexing traffic based on SNI but the corresponding <code>DestinationRule</code> doesn't have an explicit SNI, you must <a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/troubleshooting/troubleshoot-security#explicit_sni_setup">set SNI properly</a>.</p></li>
</ul>
<h3>Announcement</h3>
<p>The promotion of <a href="https://docs.cloud.google.com/service-mesh/docs/release-notes#May_06_2025">1.21 to the Rapid release channel</a> included upstream breaking changes to <a href="https://istio.io/latest/news/releases/1.21.x/announcing-1.21/upgrade-notes/#externalname-support-changes">ExternalName</a> and <a href="https://istio.io/latest/news/releases/1.21.x/announcing-1.21/upgrade-notes/#default-value-of-the-feature-flag-enable_auto_sni-to-true">auto-sni</a> when using the <code>ISTIOD</code> <a href="https://docs.cloud.google.com/service-mesh/docs/check-control-plane-implementation">implementation</a>. After considering the impact on customers, we have decided to restore the previous behavior from 1.20 and earlier for managed Cloud Service Mesh clusters using the <code>ISTIOD</code> implementation to match Rapid clusters using the <code>TRAFFIC_DIRECTOR</code> implementation. These changes are rolling out to the Rapid release channel in version 1.21.5-asm.55 or later.</p>
<ul>
<li><p>If you are using an <code>ExternalName</code> service in the Rapid channel without a port description, the <code>ExternalName</code> service will not be translated into <code>Cluster</code> in the Envoy configuration. If the <code>ExternalName</code> service is a destination of <code>VirtualService</code> or <code>ExternalName</code> service is used with <code>REGISTRY_ONLY</code> mode, you must specify the port in the service like in 1.20 and earlier.</p></li>
<li><p>If you have an external service multiplexing traffic based on SNI but the corresponding <code>DestinationRule</code> doesn't have an explicit SNI, you must <a href="https://docs.cloud.google.com/service-mesh/docs/troubleshooting/troubleshoot-security#explicit_sni_setup">set SNI properly</a>.</p></li>
</ul>
]]>
    </content>
  </entry>

  <entry>
    <title>October 15, 2025</title>
    <id>tag:google.com,2016:servicemesh-release-notes#October_15_2025</id>
    <updated>2025-10-15T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#October_15_2025"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">1.25.x</strong>
<h3>Announcement</h3>
<p><strong>1.25.5-asm.7 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>You can now download 1.25.5-asm.7 for in-cluster Cloud Service Mesh. It includes the features of <a href="https://istio.io/latest/news/releases/1.25.x/announcing-1.25.5/">Istio 1.25.5</a> subject to the list of <a href="https://docs.cloud.google.com/service-mesh/v1.25/docs/supported-features-in-cluster">supported features</a>. Cloud Service Mesh version 1.25.5-asm.7 uses envoy v1.33.10-dev.</p>
<p>For details on upgrading Cloud Service Mesh, see <a href="https://docs.cloud.google.com/service-mesh/v1.25/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>.</p>
<h3>Fixed</h3>
<p>1.25.5-asm.7 includes the fixes for the following CVEs:</p>
<table>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>CNI</th>
<th>Distroless</th>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-6297">CVE-2025-6297</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2024-10963">CVE-2024-10963</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-4802">CVE-2025-4802</a></td>
<td>-</td>
<td>-</td>
<td>-</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-8058">CVE-2025-8058</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
<h3>Announcement</h3>
<p><strong>1.25.5-asm.7 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>You can now download 1.25.5-asm.7 for in-cluster Cloud Service Mesh. It includes the features of <a href="https://istio.io/latest/news/releases/1.25.x/announcing-1.25.5/">Istio 1.25.5</a> subject to the list of <a href="https://docs.cloud.google.com/service-mesh/v1.25/docs/supported-features-in-cluster">supported features</a>. Cloud Service Mesh version 1.25.5-asm.7 uses envoy v1.33.10-dev.</p>
<p>For details on upgrading Cloud Service Mesh, see <a href="https://docs.cloud.google.com/service-mesh/v1.25/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>.</p>
<h3>Fixed</h3>
<p>1.25.5-asm.7 includes the fixes for the following CVEs:</p>
<table>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>CNI</th>
<th>Distroless</th>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-6297">CVE-2025-6297</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2024-10963">CVE-2024-10963</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-4802">CVE-2025-4802</a></td>
<td>-</td>
<td>-</td>
<td>-</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-8058">CVE-2025-8058</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
<h3>Announcement</h3>
<p><strong>1.25.5-asm.7 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>You can now download 1.25.5-asm.7 for in-cluster Cloud Service Mesh. It includes the features of <a href="https://istio.io/latest/news/releases/1.25.x/announcing-1.25.5/">Istio 1.25.5</a> subject to the list of <a href="https://docs.cloud.google.com/service-mesh/v1.25/docs/supported-features-in-cluster">supported features</a>. Cloud Service Mesh version 1.25.5-asm.7 uses envoy v1.33.10-dev.</p>
<p>For details on upgrading Cloud Service Mesh, see <a href="https://docs.cloud.google.com/service-mesh/v1.25/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>.</p>
<h3>Fixed</h3>
<p>1.25.5-asm.7 includes the fixes for the following CVEs:</p>
<table>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>CNI</th>
<th>Distroless</th>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-6297">CVE-2025-6297</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2024-10963">CVE-2024-10963</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-4802">CVE-2025-4802</a></td>
<td>-</td>
<td>-</td>
<td>-</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-8058">CVE-2025-8058</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
</tr>
</table>
<strong class="release-note-product-version-title">1.26.x</strong>
<h3>Fixed</h3>
<p>1.26.4-asm.7 includes the fixes for the following CVEs:</p>
<table>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>CNI</th>
<th>Distroless</th>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2024-10963">CVE-2024-10963</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-8058">CVE-2025-8058</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-4802">CVE-2025-4802</a></td>
<td>-</td>
<td>-</td>
<td>-</td>
<td>Yes</td>
</tr>
</table>
<h3>Announcement</h3>
<p><strong>1.26.4-asm.7 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>You can now download 1.26.4-asm.7 for in-cluster Cloud Service Mesh. It includes the features of <a href="https://istio.io/latest/news/releases/1.26.x/announcing-1.26.4/">Istio 1.26.4</a> subject to the list of <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/supported-features-in-cluster">supported features</a>. </p>
<p>For details on upgrading Cloud Service Mesh, see <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh version 1.26.4-asm.7 uses Envoy v1.34.8-dev.</p>
<h3>Announcement</h3>
<p><strong>1.26.4-asm.7 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>You can now download 1.26.4-asm.7 for in-cluster Cloud Service Mesh. It includes the features of <a href="https://istio.io/latest/news/releases/1.26.x/announcing-1.26.4/">Istio 1.26.4</a> subject to the list of <a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/supported-features-in-cluster">supported features</a>. </p>
<p>For details on upgrading Cloud Service Mesh, see <a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh version 1.26.4-asm.7 uses Envoy v1.34.8-dev.</p>
<h3>Fixed</h3>
<p>1.26.4-asm.7 includes the fixes for the following CVEs:</p>
<table>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>CNI</th>
<th>Distroless</th>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2024-10963">CVE-2024-10963</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-8058">CVE-2025-8058</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-4802">CVE-2025-4802</a></td>
<td>-</td>
<td>-</td>
<td>-</td>
<td>Yes</td>
</tr>
</table>
<h3>Fixed</h3>
<p>1.26.4-asm.7 includes the fixes for the following CVEs:</p>
<table>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>CNI</th>
<th>Distroless</th>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2024-10963">CVE-2024-10963</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="https://ubuntu.com/security/CVE-2025-8058">CVE-2025-8058</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-4802">CVE-2025-4802</a></td>
<td>-</td>
<td>-</td>
<td>-</td>
<td>Yes</td>
</tr>
</table>
<h3>Announcement</h3>
<p><strong>1.26.4-asm.7 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>You can now download 1.26.4-asm.7 for in-cluster Cloud Service Mesh. It includes the features of <a href="https://istio.io/latest/news/releases/1.26.x/announcing-1.26.4/">Istio 1.26.4</a> subject to the list of <a href="https://docs.cloud.google.com/service-mesh/docs/supported-features-in-cluster">supported features</a>. </p>
<p>For details on upgrading Cloud Service Mesh, see <a href="https://docs.cloud.google.com/service-mesh/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh version 1.26.4-asm.7 uses Envoy v1.34.8-dev.</p>
<strong class="release-note-product-version-title">1.27.x</strong>
<h3>Fixed</h3>
<p>1.27.1-asm.5 includes the fixes for the following CVEs:</p>
<table>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>CNI</th>
<th>Distroless</th>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6297">CVE-2025-6297</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963">CVE-2024-10963</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-9230 ">CVE-2025-9230</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8058">CVE-2025-8058</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-4802 ">CVE-2025-4802</a></td>
<td>-
   </td><td>-</td>
<td>-</td>
<td>Yes</td>
</tr>
</table>
<h3>Announcement</h3>
<p><strong>1.27.1-asm.5 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>You can now download 1.27.1-asm.5 for in-cluster Cloud Service Mesh. It includes the features of <a href="https://istio.io/latest/news/releases/1.27.x/announcing-1.27/">Istio 1.27.1</a> subject to the list of <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/supported-features-in-cluster">supported features</a>.</p>
<p>For details on upgrading Cloud Service Mesh, see <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh version 1.27.1-asm.5 uses Envoy v1.35.4-dev.</p>
<h3>Fixed</h3>
<p>1.27.1-asm.5 includes the fixes for the following CVEs:</p>
<table>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>CNI</th>
<th>Distroless</th>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6297">CVE-2025-6297</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963">CVE-2024-10963</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-9230 ">CVE-2025-9230</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8058">CVE-2025-8058</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-4802 ">CVE-2025-4802</a></td>
<td>-
   </td><td>-</td>
<td>-</td>
<td>Yes</td>
</tr>
</table>
<h3>Announcement</h3>
<p><strong>1.27.1-asm.5 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>You can now download 1.27.1-asm.5 for in-cluster Cloud Service Mesh. It includes the features of <a href="https://istio.io/latest/news/releases/1.27.x/announcing-1.27/">Istio 1.27.1</a> subject to the list of <a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/supported-features-in-cluster">supported features</a>.</p>
<p>For details on upgrading Cloud Service Mesh, see <a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh version 1.27.1-asm.5 uses Envoy v1.35.4-dev.</p>
<h3>Announcement</h3>
<p><strong>1.27.1-asm.5 is now available for in-cluster Cloud Service Mesh.</strong></p>
<p>You can now download 1.27.1-asm.5 for in-cluster Cloud Service Mesh. It includes the features of <a href="https://istio.io/latest/news/releases/1.27.x/announcing-1.27/">Istio 1.27.1</a> subject to the list of <a href="https://docs.cloud.google.com/service-mesh/docs/supported-features-in-cluster">supported features</a>.</p>
<p>For details on upgrading Cloud Service Mesh, see <a href="https://docs.cloud.google.com/service-mesh/docs/upgrade/upgrade">Upgrade Cloud Service Mesh</a>. Cloud Service Mesh version 1.27.1-asm.5 uses Envoy v1.35.4-dev.</p>
<h3>Fixed</h3>
<p>1.27.1-asm.5 includes the fixes for the following CVEs:</p>
<table>
<tr>
<th>CVE</th>
<th>Proxy</th>
<th>Control Plane</th>
<th>CNI</th>
<th>Distroless</th>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6297">CVE-2025-6297</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-10963">CVE-2024-10963</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-9230 ">CVE-2025-9230</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>-</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8058">CVE-2025-8058</a></td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
<td>Yes</td>
</tr>
<tr>
<td><a href="https://security-tracker.debian.org/tracker/CVE-2025-4802 ">CVE-2025-4802</a></td>
<td>-
   </td><td>-</td>
<td>-</td>
<td>Yes</td>
</tr>
</table>
<strong class="release-note-product-version-title">1.24.x</strong>
<h3>Announcement</h3>
<p>In-cluster Cloud Service Mesh 1.24 is no longer supported. For more information and to view the earliest end-of-life dates for other versions, see <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/supported-features-in-cluster#supported_versions">Supported versions</a>.</p>
<h3>Announcement</h3>
<p>In-cluster Cloud Service Mesh 1.24 is no longer supported. For more information and to view the earliest end-of-life dates for other versions, see <a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/supported-features-in-cluster#supported_versions">Supported versions</a>.</p>
<h3>Announcement</h3>
<p>In-cluster Cloud Service Mesh 1.24 is no longer supported. For more information and to view the earliest end-of-life dates for other versions, see <a href="https://docs.cloud.google.com/service-mesh/docs/supported-features-in-cluster#supported_versions">Supported versions</a>.</p>
]]>
    </content>
  </entry>

  <entry>
    <title>September 30, 2025</title>
    <id>tag:google.com,2016:servicemesh-release-notes#September_30_2025</id>
    <updated>2025-09-30T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#September_30_2025"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Feature</h3>
<p>You can now configure traffic routing using <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/configure-cloud-service-mesh-for-cloud-run#service_to_service">Cloud Service Mesh service routing APIs</a> between Cloud Run and Cloud Run, Google Kubernetes Engine, and Google Compute Engine services. (GA).</p>
<h3>Change</h3>
<p>Managed Cloud Service Mesh with a TD control plane in the Rapid release channel will start using proxy images with an <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/supported-features-managed#base_images">internal envoy version</a>.</p>
<p>All features supported by Managed (TD) control planes are supported by this proxy. To identify which proxy version is used in a cluster, see <a href="https://docs.cloud.google.com/service-mesh/v1.28/docs/troubleshooting/troubleshoot-proxy#identify_the_proxy_version_used_in_the_cluster">Identify the proxy versions used in the cluster</a>.</p>
<p>This release uses the version <code>csm_istio_proxy_20250611.00_p0</code>. More details about the proxy version can be found on the <a href="https://docs.cloud.google.com/service-mesh/versions">Versions</a> page.</p>
<h3>Feature</h3>
<p>You can now configure traffic routing using <a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/configure-cloud-service-mesh-for-cloud-run#service_to_service">Cloud Service Mesh service routing APIs</a> between Cloud Run and Cloud Run, Google Kubernetes Engine, and Google Compute Engine services. (GA).</p>
<h3>Change</h3>
<p>Managed Cloud Service Mesh with a TD control plane in the Rapid release channel will start using proxy images with an <a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/supported-features-managed#base_images">internal envoy version</a>.</p>
<p>All features supported by Managed (TD) control planes are supported by this proxy. To identify which proxy version is used in a cluster, see <a href="https://docs.cloud.google.com/service-mesh/v1.27/docs/troubleshooting/troubleshoot-proxy#identify_the_proxy_version_used_in_the_cluster">Identify the proxy versions used in the cluster</a>.</p>
<p>This release uses the version <code>csm_istio_proxy_20250611.00_p0</code>. More details about the proxy version can be found on the <a href="https://docs.cloud.google.com/service-mesh/versions">Versions</a> page.</p>
<h3>Change</h3>
<p>Managed Cloud Service Mesh with a TD control plane in the Rapid release channel will start using proxy images with an <a href="https://docs.cloud.google.com/service-mesh/docs/supported-features-managed#base_images">internal envoy version</a>.</p>
<p>All features supported by Managed (TD) control planes are supported by this proxy. To identify which proxy version is used in a cluster, see <a href="https://docs.cloud.google.com/service-mesh/docs/troubleshooting/troubleshoot-proxy#identify_the_proxy_version_used_in_the_cluster">Identify the proxy versions used in the cluster</a>.</p>
<p>This release uses the version <code>csm_istio_proxy_20250611.00_p0</code>. More details about the proxy version can be found on the <a href="https://docs.cloud.google.com/service-mesh/versions">Versions</a> page.</p>
<h3>Feature</h3>
<p>You can now configure traffic routing using <a href="https://docs.cloud.google.com/service-mesh/docs/configure-cloud-service-mesh-for-cloud-run#service_to_service">Cloud Service Mesh service routing APIs</a> between Cloud Run and Cloud Run, Google Kubernetes Engine, and Google Compute Engine services. (GA).</p>
]]>
    </content>
  </entry>

  <entry>
    <title>September 29, 2025</title>
    <id>tag:google.com,2016:servicemesh-release-notes#September_29_2025</id>
    <updated>2025-09-29T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#September_29_2025"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">Managed Cloud Service Mesh</strong>
<h3>Announcement</h3>
<p>CNI/managed data plane controller version 1.23.6-asm.15 is rolling out to all release channels.</p>
<h3>Fixed</h3>
<table>
<tr>
<td><strong>CVE</strong>
</td>
<td><strong>CNI</strong>
</td>
<td><strong>MDP Controller</strong>
</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4802">CVE-2025-4802</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-29383">CVE-2023-29383</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56406">CVE-2024-56406</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-7008">CVE-2023-7008</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-1377">CVE-2025-1377</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-4039">CVE-2023-4039</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-46836">CVE-2025-46836</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href=" http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-50495">CVE-2023-50495</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4598">CVE-2025-4598</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-3576">CVE-2025-3576</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-30258">CVE-2025-30258</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11164">CVE-2017-11164</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-41409">CVE-2022-41409</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-1372">CVE-2025-1372</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href=" http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-27943">CVE-2022-27943</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-4899">CVE-2022-4899</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-34969">CVE-2023-34969</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-45918">CVE-2023-45918</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
</table>
<h3>Announcement</h3>
<p>CNI/managed data plane controller version 1.23.6-asm.15 is rolling out to all release channels.</p>
<h3>Fixed</h3>
<table>
<tr>
<td><strong>CVE</strong>
</td>
<td><strong>CNI</strong>
</td>
<td><strong>MDP Controller</strong>
</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4802">CVE-2025-4802</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-29383">CVE-2023-29383</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56406">CVE-2024-56406</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-7008">CVE-2023-7008</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-1377">CVE-2025-1377</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-4039">CVE-2023-4039</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-46836">CVE-2025-46836</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href=" http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-50495">CVE-2023-50495</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4598">CVE-2025-4598</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-3576">CVE-2025-3576</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-30258">CVE-2025-30258</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11164">CVE-2017-11164</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-41409">CVE-2022-41409</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-1372">CVE-2025-1372</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href=" http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-27943">CVE-2022-27943</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-4899">CVE-2022-4899</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-34969">CVE-2023-34969</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-45918">CVE-2023-45918</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
</table>
<h3>Announcement</h3>
<p>CNI/managed data plane controller version 1.23.6-asm.15 is rolling out to all release channels.</p>
<h3>Fixed</h3>
<table>
<tr>
<td><strong>CVE</strong>
</td>
<td><strong>CNI</strong>
</td>
<td><strong>MDP Controller</strong>
</td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4802">CVE-2025-4802</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-29383">CVE-2023-29383</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-56406">CVE-2024-56406</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-7008">CVE-2023-7008</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-1377">CVE-2025-1377</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-4039">CVE-2023-4039</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-46836">CVE-2025-46836</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href=" http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-50495">CVE-2023-50495</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-4598">CVE-2025-4598</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-3576">CVE-2025-3576</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-30258">CVE-2025-30258</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11164">CVE-2017-11164</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-41409">CVE-2022-41409</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-1372">CVE-2025-1372</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href=" http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-27943">CVE-2022-27943</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-4899">CVE-2022-4899</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-34969">CVE-2023-34969</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
<tr>
<td><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-45918">CVE-2023-45918</a>
</td>
<td>Yes
   </td>
<td>Yes
   </td>
</tr>
</table>
]]>
    </content>
  </entry>

  <entry>
    <title>September 25, 2025</title>
    <id>tag:google.com,2016:servicemesh-release-notes#September_25_2025</id>
    <updated>2025-09-25T00:00:00-07:00</updated>
    <link rel="alternate" href="https://docs.cloud.google.com/service-mesh/docs/release-notes#September_25_2025"/>
    <content type="html"><![CDATA[<strong class="release-note-product-version-title">1.21.x & 1.22.x & 1.23.x & 1.24.x & 1.25.x & 1.26.x & 1.27.x</strong>
<h3>Deprecated</h3>
<p>Support for the following features will end on <strong>March 17, 2027</strong>:</p>
<ul>
<li><a href="https://docs.cloud.google.com/kubernetes-engine/multi-cloud/docs/aws/deprecations/deprecation-announcement">GKE on AWS</a> </li>
<li><a href="https://docs.cloud.google.com/kubernetes-engine/multi-cloud/docs/azure/deprecations/deprecation-announcement">GKE on Azure</a> </li>
<li>EKS Attached Clusters on AWS</li>
<li>Azure Attached Clusters with AKS</li>
</ul>
<p>Note that there are no changes to the other features of GKE attached clusters or Google Distributed Cloud (software only or air-gapped), </p>
<p>You must migrate to an alternative service mesh solution or an alternative Istio-based solution using your existing CSM configuration files by March 17, 2027.</p>
<h3>Deprecated</h3>
<p>Support for the following features will end on <strong>March 17, 2027</strong>:</p>
<ul>
<li><a href="https://docs.cloud.google.com/kubernetes-engine/multi-cloud/docs/aws/deprecations/deprecation-announcement">GKE on AWS</a> </li>
<li><a href="https://docs.cloud.google.com/kubernetes-engine/multi-cloud/docs/azure/deprecations/deprecation-announcement">GKE on Azure</a> </li>
<li>EKS Attached Clusters on AWS</li>
<li>Azure Attached Clusters with AKS</li>
</ul>
<p>Note that there are no changes to the other features of GKE attached clusters or Google Distributed Cloud (software only or air-gapped), </p>
<p>You must migrate to an alternative service mesh solution or an alternative Istio-based solution using your existing CSM configuration files by March 17, 2027.</p>
<h3>Deprecated</h3>
<p>Support for the following features will end on <strong>March 17, 2027</strong>:</p>
<ul>
<li><a href="https://docs.cloud.google.com/kubernetes-engine/multi-cloud/docs/aws/deprecations/deprecation-announcement">GKE on AWS</a> </li>
<li><a href="https://docs.cloud.google.com/kubernetes-engine/multi-cloud/docs/azure/deprecations/deprecation-announcement">GKE on Azure</a> </li>
<li>EKS Attached Clusters on AWS</li>
<li>Azure Attached Clusters with AKS</li>
</ul>
<p>Note that there are no changes to the other features of GKE attached clusters or Google Distributed Cloud (software only or air-gapped), </p>
<p>You must migrate to an alternative service mesh solution or an alternative Istio-based solution using your existing CSM configuration files by March 17, 2027.</p>
]]>
    </content>
  </entry>

</feed>
