v1.4.1

Release Announcement

Check out the v1.4.1 release announcement to learn more about the release.

New Features

• Added support for configuring Subject Alternative Names (SANs) for upstream TLS validation via BackendTLSPolicy.validation.subjectAltNames.
• Added support for setting ownerreference to infra resources when Gateway Namespace mode is enabled.

Bug Fixes

• Fixed OverlappingTLSConfig condition for merged Gateways.
• Fixed an issue with shared rules in the rate limit translator when clientSelector is not specified.
• Fixed an issue with handling integer values in zone annotations.
• Fixed an issue where routes without WASM in their EnvoyExtensionPolicies returned HTTP 500 responses when WASM cache initialization failed.
• Fixed an issue where UDP listeners were not created in the Envoy proxy’s xDS configuration.
• Fixed broken rate limit merging for BackendTrafficPolicy when the Gateway target defines rate limiting but the Route target does not.
• Fixed an issue that preserves ALPN configuration for listeners with overlapping certificates when ALPN is explicitly set in ClientTrafficPolicy.
• Replaced static UID with a dynamic UID for the global rate limit Grafana dashboard.

Other changes

• Fixed backend TLS e2e test.
• Bumped go version to 1.24.3.

What's Changed

• [release/v1.4] fix: custom controller namespace refs in gateway namespace mode by @cnvergence in #6067
• [release/v1.4] fix: missing v1.4 deployment yaml to Gateway Namespace Mode docs by @cnvergence in #6141
• [release/v1.4] Cherry Pick fixes into v1.4.1 by @arkodg in #6258
• [release/v1.4] pin ratelimit tag by @shawnh2 in #6255
• [release/v1.4] add release notes by @shawnh2 in #6260
• [release/v1.4] update version by @shawnh2 in #6261
• [release/v1.4] skip RateLimitGlobalMergeTest for gateway namespace mode by @arkodg in #6262

Full Changelog: v1.4.0...v1.4.1