1.26.8 (April 4, 2024)

Bug fixes

Changes expected to improve the state of the world and are unlikely to have negative effects

• http2: Update nghttp2 to resolve CVE-2024-30255 (https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm).

New features

• google_grpc: Added an off-by-default runtime flag envoy.reloadable_features.google_grpc_disable_tls_13 to disable TLSv1.3 usage by gRPC SDK for google_grpc services.