[release-1.6] Release note v1.6.1 (#7666)

zhaohuabing · web-flow · commit 191265280218 · 2025-12-05T19:14:35.000+08:00
* release note for v1.6.1

Signed-off-by: Huabing Zhao &lt;zhaohuabing@gmail.com&gt;

* update release note

Signed-off-by: Huabing Zhao &lt;zhaohuabing@gmail.com&gt;

---------

Signed-off-by: Huabing Zhao &lt;zhaohuabing@gmail.com&gt;
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-v1.6.0
+v1.6.1
diff --git a/release-notes/v1.6.1.yaml b/release-notes/v1.6.1.yaml
@@ -0,0 +1,32 @@
+date: December 5, 2025
+
+# Changes that are expected to cause an incompatibility with previous versions, such as deletions or modifications to existing APIs.
+breaking changes: |
+
+# Updates addressing vulnerabilities, security flaws, or compliance requirements.
+security updates: |
+  Bumped Envoy to 1.36.3 to incorporate security patches, CVE-2025-64527, CVE-2025-66220, and CVE-2025-64763. Ref https://github.com/envoyproxy/envoy/releases/tag/v1.36.3
+
+# New features or capabilities added in this release.
+new features: |
+
+bug fixes: |
+  Fixed xDS snapshot cache to clear snapshots when streams close, preventing proxies from receiving stale configuration after reconnection.
+  Fixed configured OIDC authorization endpoint being overridden by discovered endpoints from issuer's well-known URL.
+  Fixed an issue with gateway ownership tracking when running multiple controllers.
+  Fixed default namespace handling when namespace is unset.
+  Fixed a bug where HTTPRoutes referencing gateways with multiple different GatewayClasses would have incomplete status conditions.
+  Fixed gateway status to treat too many addresses as programmed.
+  Fix 500 errors caused by partially invalid BackendRefs; traffic is now correctly routed between valid backends and 500 responses according to their configured weights.
+
+# Enhancements that improve performance.
+performance improvements: |
+
+# Deprecated features or APIs.
+deprecations: |
+
+# Other notable changes not covered by the above sections.
+Other changes: |
+  Bumped Gateway API to v1.4.1.
+  Bumped golang.org/x/crypto dependency.
+  Added disk space reclamation script for CI runners to prevent out-of-disk errors.
diff --git a/site/content/en/news/releases/notes/v1.6.1.md b/site/content/en/news/releases/notes/v1.6.1.md
@@ -0,0 +1,39 @@
+---
+title: "v1.6.1"
+publishdate: 2025-12-05
+---
+
+Date: December 05, 2025
+
+## Breaking changes
+-
+
+## Security updates
+- Bumped Envoy to 1.36.3 to incorporate security patches, CVE-2025-64527, CVE-2025-66220, and CVE-2025-64763. Ref https://github.com/envoyproxy/envoy/releases/tag/v1.36.3
+
+
+
+## New features
+-
+
+## Bug fixes
+- Fixed xDS snapshot cache to clear snapshots when streams close, preventing proxies from receiving stale configuration after reconnection.
+- Fixed configured OIDC authorization endpoint being overridden by discovered endpoints from issuer's well-known URL.
+- Fixed an issue with gateway ownership tracking when running multiple controllers.
+- Fixed default namespace handling when namespace is unset.
+- Fixed a bug where HTTPRoutes referencing gateways with multiple different GatewayClasses would have incomplete status conditions.
+- Fixed gateway status to treat too many addresses as programmed.
+- Fix 500 errors caused by partially invalid BackendRefs; traffic is now correctly routed between valid backends and 500 responses according to their configured weights.
+
+
+
+## Performance improvements
+-
+
+## Deprecations
+-
+
+## Other changes
+- Bumped Gateway API to v1.4.1.
+- Bumped golang.org/x/crypto dependency.
+- Added disk space reclamation script for CI runners to prevent out-of-disk errors.
