feat(securitypolicy): add MergeType support for policy merging by rajatvig · Pull Request #7918 · envoyproxy/gateway

rajatvig · 2026-01-12T09:11:33Z

Add MergeType field to SecurityPolicy to enable policy merging similar
to BackendTrafficPolicy. This allows route-level policies to merge with
parent Gateway/Listener policies rather than completely overriding them.

Fixes #6734

netlify · 2026-01-12T09:12:17Z

✅ Deploy Preview for cerulean-figolla-1f9435 canceled.

Name	Link
🔨 Latest commit	`7e10a97`
🔍 Latest deploy log	https://app.netlify.com/projects/cerulean-figolla-1f9435/deploys/69a8d106a9ec340008b1eba4

Add MergeType field to SecurityPolicy to enable policy merging similar to BackendTrafficPolicy. This allows route-level policies to merge with parent Gateway/Listener policies rather than completely overriding them. Fixes envoyproxy#6734 Signed-off-by: Rajat Vig <rvig@etsy.com>

Signed-off-by: Rajat Vig <rvig@etsy.com>

codecov · 2026-01-13T06:18:51Z

Codecov Report

❌ Patch coverage is 81.25000% with 33 lines in your changes missing coverage. Please review.
✅ Project coverage is 74.17%. Comparing base (80eb3f9) to head (7e10a97).
⚠️ Report is 10 commits behind head on main.

Files with missing lines	Patch %	Lines
internal/gatewayapi/securitypolicy.go	81.25%	29 Missing and 4 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7918      +/-   ##
==========================================
- Coverage   74.18%   74.17%   -0.01%     
==========================================
  Files         242      242              
  Lines       37310    37438     +128     
==========================================
+ Hits        27678    27771      +93     
- Misses       7698     7730      +32     
- Partials     1934     1937       +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Signed-off-by: Rajat Vig <rvig@etsy.com>

…y-merge

Signed-off-by: Rajat Vig <rvig@etsy.com>

…y-merge Signed-off-by: Rajat Vig <rvig@etsy.com>

Signed-off-by: Rajat Vig <rvig@etsy.com>

rajatvig · 2026-01-19T17:46:15Z

@arkodg @kkk777-7 The PR is ready. Please do review when you have bandwidth. The E2E tests for the feature are passing, CI seems to have a bit of flakiness.

kkk777-7 · 2026-01-20T17:32:01Z

Hi @rajatvig , thanks for working on this!
I left some comments.

…namspaces Signed-off-by: Rajat Vig <rvig@etsy.com>

…y-merge Signed-off-by: Rajat Vig <rvig@etsy.com>

…y-merge

Signed-off-by: Rajat Vig <rvig@etsy.com>

rajatvig · 2026-01-31T18:21:54Z

@rajatvig Sorry, there’s one point I missed in the last review. I left a comment, so could you please take a look?

Just fixed the last bit I think.

rajatvig · 2026-02-07T19:51:27Z

@kkk777-7 @zhaohuabing Does this look good now? Any other points I need to address?

…y-merge Signed-off-by: Rajat Vig <rvig@etsy.com>

Signed-off-by: Rajat Vig <rvig@etsy.com>

rudrakhp

Note that you might need to handle refs from parent policy after merge, see #8210 that fixes ref resolution for merged BTPs.

…y-merge Signed-off-by: Rajat Vig <rvig@etsy.com>

rajatvig · 2026-02-16T13:12:32Z

Note that you might need to handle refs from parent policy after merge, see #8210 that fixes ref resolution for merged BTPs.

@rudrakhp From what I could gather looking at the code, it would mostly affect secrets when the parent policy refers to a secret that the merged policy tries looking up in the route's namespace.

There is an issue #8094 tracking that. Would it be ok to resolve this as part of that issue?

rudrakhp · 2026-02-16T20:39:44Z

@rajatvig it will affect not only secrets but any LocalObjectReference, I would recommend waiting on #8210 attempting to provide a generic way to handle local object references in merge scenarios.

…y-merge

kkk777-7 · 2026-03-01T11:29:15Z

@rajatvig
Sorry for the late reply, and thank you so much for working on this PR for such a long time.
I left one comment.
please, could you confirm and resolve conflict?

Although there are still some issues we need to address, I think it might be fine to tackle them in a follow-up PR (and I can take care of them as well if needed).

rajatvig · 2026-03-04T12:16:44Z

@kkk777-7 I will find time today or at the latest tomorrow to address it if that works.

…y-merge # Conflicts: # internal/gatewayapi/securitypolicy.go

Signed-off-by: Rajat Vig <rvig@etsy.com>

rajatvig · 2026-03-05T00:42:34Z

@rajatvig Sorry for the late reply, and thank you so much for working on this PR for such a long time. I left one comment. please, could you confirm and resolve conflict?

Although there are still some issues we need to address, I think it might be fine to tackle them in a follow-up PR (and I can take care of them as well if needed).

handle LocalObjectReference with merge

handle IR Config name

I addressed the issue (I think). I can try and hack on both as well over the weekend. Is there an issue for those? I have the similar issue for ClientTrafficPolicy which I think I should be able to work on after. Would that work?

kkk777-7 · 2026-03-05T15:57:04Z

LGTM, thanks!

kkk777-7 · 2026-03-05T16:10:58Z

LocalObjectRef is #8094. (this issue is not only secret, contains some ref)

I have the similar issue for ClientTrafficPolicy which I think I should be able to work on after.

do you mean this issue?

I think we should improve merge logic and fix some issues before extending merge scope.
so it would be appreciated if you work on the issues (LocalObjectRef, IRConfig name) first.

kkk777-7 · 2026-03-05T16:11:14Z

/retest

rajatvig · 2026-03-06T08:52:43Z

LocalObjectRef is #8094. (this issue is not only secret, contains some ref)

I have the similar issue for ClientTrafficPolicy which I think I should be able to work on after.

do you mean this issue?

I think we should improve merge logic and fix some issues before extending merge scope.

so it would be appreciated if you work on the issues (LocalObjectRef, IRConfig name) first.

Will do. I think I did see an issue about using interfaces when using merges and yes, will fix what exists and then extend.

rudrakhp

LGTM. Assuming handling LocalObjectRef during merges will be handled in a follow up as in current state accessing refs from child policy ns is broken.

…2 ➔ 1.8.0 ) (#31) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [mirror.gcr.io/envoyproxy/gateway-helm](https://gateway.envoyproxy.io/) ([source](https://github.com/envoyproxy/gateway)) | minor | `v1.7.2` → `1.8.0` | --- ### Release Notes <details> <summary>envoyproxy/gateway (mirror.gcr.io/envoyproxy/gateway-helm)</summary> ### [`v1.8.0`](https://github.com/envoyproxy/gateway/releases/tag/v1.8.0) [Compare Source](https://github.com/envoyproxy/gateway/compare/v1.7.3...v1.8.0) ##### Release Announcement Check out the [v1.8.0 release announcement](https://gateway.envoyproxy.io/news/releases/notes/v1.8.0) to learn more about the release. ##### What's Changed - e2e: speed tracing tests by [@zirain](https://github.com/zirain) in [#8124](https://github.com/envoyproxy/gateway/pull/8124) - fix(translator): allow single-label backends in host mode by [@codefromthecrypt](https://github.com/codefromthecrypt) in [#8123](https://github.com/envoyproxy/gateway/pull/8123) - ci: release json report by [@zirain](https://github.com/zirain) in [#8107](https://github.com/envoyproxy/gateway/pull/8107) - fix oidc flakiness by [@zhaohuabing](https://github.com/zhaohuabing) in [#8119](https://github.com/envoyproxy/gateway/pull/8119) - fix: skip\_test\_workflow doesn't exist by [@dylanmtaylor](https://github.com/dylanmtaylor) in [#8116](https://github.com/envoyproxy/gateway/pull/8116) - fix e2e test panic by [@zhaohuabing](https://github.com/zhaohuabing) in [#8109](https://github.com/envoyproxy/gateway/pull/8109) - chore: bump func-e to v1.4.0 by [@codefromthecrypt](https://github.com/codefromthecrypt) in [#8105](https://github.com/envoyproxy/gateway/pull/8105) - fix: route idle timeout by [@zhaohuabing](https://github.com/zhaohuabing) in [#8058](https://github.com/envoyproxy/gateway/pull/8058) - docs: add Mirakl to adopters list by [@twandja](https://github.com/twandja) in [#8138](https://github.com/envoyproxy/gateway/pull/8138) - docs: add security warning to control plane extensions by [@guydc](https://github.com/guydc) in [#7967](https://github.com/envoyproxy/gateway/pull/7967) - chore: add lint for release notes filenames by [@zirain](https://github.com/zirain) in [#8137](https://github.com/envoyproxy/gateway/pull/8137) - fix: remove global logger in message package by [@zirain](https://github.com/zirain) in [#8131](https://github.com/envoyproxy/gateway/pull/8131) - docs: fix url result of regex rewrite by [@SadmiB](https://github.com/SadmiB) in [#7864](https://github.com/envoyproxy/gateway/pull/7864) - chore: log skipped xds by [@zhaohuabing](https://github.com/zhaohuabing) in [#8132](https://github.com/envoyproxy/gateway/pull/8132) - docs: fixes for OPA sidecar + Unix Domain Socket task by [@millermatt](https://github.com/millermatt) in [#8142](https://github.com/envoyproxy/gateway/pull/8142) - fix: basic auth validation by [@zhaohuabing](https://github.com/zhaohuabing) in [#8053](https://github.com/envoyproxy/gateway/pull/8053) - fix: controller cache-sync readiness check by [@jukie](https://github.com/jukie) in [#7430](https://github.com/envoyproxy/gateway/pull/7430) - fix: replace context.TODO with timeout context in config dump by [@jaffarkeikei](https://github.com/jaffarkeikei) in [#8122](https://github.com/envoyproxy/gateway/pull/8122) - refactor: convert IR map fields to slices to ensure deterministic Dee… by [@Junnygram](https://github.com/Junnygram) in [#7953](https://github.com/envoyproxy/gateway/pull/7953) - fix links in releasing and develop docs by [@cnvergence](https://github.com/cnvergence) in [#8141](https://github.com/envoyproxy/gateway/pull/8141) - docs: add provider guide for entra by [@oliverbaehler](https://github.com/oliverbaehler) in [#7977](https://github.com/envoyproxy/gateway/pull/7977) - chore: clean up test output files by [@zhaohuabing](https://github.com/zhaohuabing) in [#8154](https://github.com/envoyproxy/gateway/pull/8154) - fix: TCPRoute mTLS didn't work by [@zirain](https://github.com/zirain) in [#8152](https://github.com/envoyproxy/gateway/pull/8152) - v1.7.0-rc2 release notes by [@cnvergence](https://github.com/cnvergence) in [#8163](https://github.com/envoyproxy/gateway/pull/8163) - chore(docs): Update Azure Entra link in OIDC guide by [@guydc](https://github.com/guydc) in [#8167](https://github.com/envoyproxy/gateway/pull/8167) - fix: continue processing the remaining xDS with invalid EnvoyPatchPolicies by [@zhaohuabing](https://github.com/zhaohuabing) in [#8153](https://github.com/envoyproxy/gateway/pull/8153) - build(deps): bump the actions group across 1 directory with 2 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8178](https://github.com/envoyproxy/gateway/pull/8178) - fix: skip provision when IR Infra is invalid by [@zirain](https://github.com/zirain) in [#7754](https://github.com/envoyproxy/gateway/pull/7754) - docs: add HTTP header and method based authentication task by [@Aditya7880900936](https://github.com/Aditya7880900936) in [#7990](https://github.com/envoyproxy/gateway/pull/7990) - fix: Validation of XListenerSet certificateRefs by [@krishicks](https://github.com/krishicks) in [#8168](https://github.com/envoyproxy/gateway/pull/8168) - fix: Remove whitespace for nodeSelector in deployment YAML - helm chart change by [@jess-belliveau](https://github.com/jess-belliveau) in [#8185](https://github.com/envoyproxy/gateway/pull/8185) - \[release/v1.7.0] release notes by [@cnvergence](https://github.com/cnvergence) in [#8188](https://github.com/envoyproxy/gateway/pull/8188) - \[release/v1.7] v1.7.0 release docs and announcement by [@cnvergence](https://github.com/cnvergence) in [#8191](https://github.com/envoyproxy/gateway/pull/8191) - \[release/v1.7.0] update eg upgrade test and fix ordering by [@cnvergence](https://github.com/cnvergence) in [#8195](https://github.com/envoyproxy/gateway/pull/8195) - docs: reword updating shortcode prefixes in releasing.md by [@cnvergence](https://github.com/cnvergence) in [#8196](https://github.com/envoyproxy/gateway/pull/8196) - build(deps): bump busybox from `e226d63` to `b3255e7` in /tools/docker/envoy-gateway by [@dependabot](https://github.com/dependabot)\[bot] in [#8175](https://github.com/envoyproxy/gateway/pull/8175) - build(deps): bump distroless/base-nossl from `16b3bc2` to `d90f132` in /tools/docker/envoy-gateway by [@dependabot](https://github.com/dependabot)\[bot] in [#8174](https://github.com/envoyproxy/gateway/pull/8174) - chore: enable `DisallowUnknownFields` for xds translator by [@zirain](https://github.com/zirain) in [#8203](https://github.com/envoyproxy/gateway/pull/8203) - chore bump golang 1.25.7 by [@zirain](https://github.com/zirain) in [#8205](https://github.com/envoyproxy/gateway/pull/8205) - build(deps): bump the gomod group across 1 directory with 11 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8177](https://github.com/envoyproxy/gateway/pull/8177) - feat(helm): add commonLabels support to helm chart by [@gaganhr94](https://github.com/gaganhr94) in [#8078](https://github.com/envoyproxy/gateway/pull/8078) - build(deps): bump the helm group across 1 directory with 3 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8179](https://github.com/envoyproxy/gateway/pull/8179) - fix(gatewayapi): reject ClientTrafficPolicy with invalid TLS cipher by [@Junnygram](https://github.com/Junnygram) in [#8040](https://github.com/envoyproxy/gateway/pull/8040) - feat (translator): support optional health check configuration by [@cryoshida](https://github.com/cryoshida) in [#7959](https://github.com/envoyproxy/gateway/pull/7959) - chore: install crds separated by [@zirain](https://github.com/zirain) in [#8223](https://github.com/envoyproxy/gateway/pull/8223) - chore: fix make gen-check by [@zirain](https://github.com/zirain) in [#7937](https://github.com/envoyproxy/gateway/pull/7937) - fix: XListenerSet allows route from same namespace by [@krishicks](https://github.com/krishicks) in [#8226](https://github.com/envoyproxy/gateway/pull/8226) - fix gateway api crd gen by [@zhaohuabing](https://github.com/zhaohuabing) in [#8238](https://github.com/envoyproxy/gateway/pull/8238) - chore: fix flaky retry test by [@zirain](https://github.com/zirain) in [#8020](https://github.com/envoyproxy/gateway/pull/8020) - feat: support ShadowMode in local ratelimit by [@zirain](https://github.com/zirain) in [#8076](https://github.com/envoyproxy/gateway/pull/8076) - chore: add missing release notes for [#8076](https://github.com/envoyproxy/gateway/issues/8076) by [@zirain](https://github.com/zirain) in [#8243](https://github.com/envoyproxy/gateway/pull/8243) - chore: remove useless address by [@zirain](https://github.com/zirain) in [#8216](https://github.com/envoyproxy/gateway/pull/8216) - release notes for v1.6.4 by [@zirain](https://github.com/zirain) in [#8221](https://github.com/envoyproxy/gateway/pull/8221) - release notes for v1.5.9 by [@zirain](https://github.com/zirain) in [#8219](https://github.com/envoyproxy/gateway/pull/8219) - update release notes by [@zirain](https://github.com/zirain) in [#8253](https://github.com/envoyproxy/gateway/pull/8253) - fix: re-enable ext-auth timeout test by [@zirain](https://github.com/zirain) in [#8070](https://github.com/envoyproxy/gateway/pull/8070) - chore: fix ExtAuthTimeout flaky by [@zirain](https://github.com/zirain) in [#8255](https://github.com/envoyproxy/gateway/pull/8255) - doc: bump v1.5.9 by [@zirain](https://github.com/zirain) in [#8256](https://github.com/envoyproxy/gateway/pull/8256) - docs: bump version by [@zirain](https://github.com/zirain) in [#8257](https://github.com/envoyproxy/gateway/pull/8257) - chore: Update default kind and metallb versions by [@jukie](https://github.com/jukie) in [#8254](https://github.com/envoyproxy/gateway/pull/8254) - chore: update v1.6 compatibility matrix versions by [@rudrakhp](https://github.com/rudrakhp) in [#8260](https://github.com/envoyproxy/gateway/pull/8260) - build(deps): bump github/codeql-action from 4.32.1 to 4.32.2 in the actions group across 1 directory by [@dependabot](https://github.com/dependabot)\[bot] in [#8248](https://github.com/envoyproxy/gateway/pull/8248) - build(deps): bump the k8s-io group across 1 directory with 6 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8249](https://github.com/envoyproxy/gateway/pull/8249) - build(deps): bump the gomod group across 2 directories with 3 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8246](https://github.com/envoyproxy/gateway/pull/8246) - build(deps): bump the helm group across 1 directory with 5 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8250](https://github.com/envoyproxy/gateway/pull/8250) - feat: enable command operators for httproute filter directresponse by [@6ixfalls](https://github.com/6ixfalls) in [#8183](https://github.com/envoyproxy/gateway/pull/8183) - fix test race by [@zirain](https://github.com/zirain) in [#8180](https://github.com/envoyproxy/gateway/pull/8180) - chore: update experimental conformance by [@zirain](https://github.com/zirain) in [#8269](https://github.com/envoyproxy/gateway/pull/8269) - feat: jaX fingerprint support by [@Inode1](https://github.com/Inode1) in [#7983](https://github.com/envoyproxy/gateway/pull/7983) - feat: support egctl config envoy-gateway by [@zhaohuabing](https://github.com/zhaohuabing) in [#8251](https://github.com/envoyproxy/gateway/pull/8251) - fix: API key auth by [@zhaohuabing](https://github.com/zhaohuabing) in [#8267](https://github.com/envoyproxy/gateway/pull/8267) - feat: Add WeightedZones to PreferLocalZones by [@jukie](https://github.com/jukie) in [#7251](https://github.com/envoyproxy/gateway/pull/7251) - docs: render crds in example install command by [@NilsGriebner](https://github.com/NilsGriebner) in [#8225](https://github.com/envoyproxy/gateway/pull/8225) - chore: Fix JA Fingerprint ipv6 e2e by [@jukie](https://github.com/jukie) in [#8298](https://github.com/envoyproxy/gateway/pull/8298) - build(deps): bump github.com/envoyproxy/go-control-plane/envoy from 1.36.1-0.20260127060829-c81ce9094f67 to 1.37.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#8292](https://github.com/envoyproxy/gateway/pull/8292) - build(deps): bump the actions group across 1 directory with 6 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8296](https://github.com/envoyproxy/gateway/pull/8296) - build(deps): bump distroless/base-nossl from `d90f132` to `f8ebb45` in /tools/docker/envoy-gateway by [@dependabot](https://github.com/dependabot)\[bot] in [#8290](https://github.com/envoyproxy/gateway/pull/8290) - build(deps): bump prometheus from 28.9.0 to 28.9.1 in /charts/gateway-addons-helm in the helm group across 1 directory by [@dependabot](https://github.com/dependabot)\[bot] in [#8297](https://github.com/envoyproxy/gateway/pull/8297) - build(deps): bump the gomod group across 1 directory with 2 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8303](https://github.com/envoyproxy/gateway/pull/8303) - Use sub-chart for CRDs to reduce chart size by [@jukie](https://github.com/jukie) in [#8283](https://github.com/envoyproxy/gateway/pull/8283) - chore: gh action for running gen check by [@rudrakhp](https://github.com/rudrakhp) in [#8304](https://github.com/envoyproxy/gateway/pull/8304) - fix: add mutex lock to snapshot cache OnStreamResponse/OnStreamDeltaResponse by [@jaffarkeikei](https://github.com/jaffarkeikei) in [#8277](https://github.com/envoyproxy/gateway/pull/8277) - docs: update proxy protocol docs for client traffic policies by [@kraashen](https://github.com/kraashen) in [#8310](https://github.com/envoyproxy/gateway/pull/8310) - fix release notes order in the docs by [@cnvergence](https://github.com/cnvergence) in [#8316](https://github.com/envoyproxy/gateway/pull/8316) - e2e: improve SessionPersistence tests by [@zirain](https://github.com/zirain) in [#8207](https://github.com/envoyproxy/gateway/pull/8207) - bump Gateway API v1.5.0-rc.1 by [@zirain](https://github.com/zirain) in [#8161](https://github.com/envoyproxy/gateway/pull/8161) - feat: Add support for Dynamic Modules by [@jukie](https://github.com/jukie) in [#8278](https://github.com/envoyproxy/gateway/pull/8278) - fix: fixed local object reference resolution from parent in merged BackendTrafficPolicies by [@rudrakhp](https://github.com/rudrakhp) in [#8210](https://github.com/envoyproxy/gateway/pull/8210) - fix: exclude unmanaged route parents from xPolicy status ancestors by [@zhaohuabing](https://github.com/zhaohuabing) in [#8321](https://github.com/envoyproxy/gateway/pull/8321) - fix(kubernetes): apply namespace selector filtering to List operations by [@shahar-h](https://github.com/shahar-h) in [#8312](https://github.com/envoyproxy/gateway/pull/8312) - fix: samplingFraction not working by [@zirain](https://github.com/zirain) in [#8317](https://github.com/envoyproxy/gateway/pull/8317) - chore: skip head repo check in gen check command by [@rudrakhp](https://github.com/rudrakhp) in [#8347](https://github.com/envoyproxy/gateway/pull/8347) - build(deps): bump the actions group across 1 directory with 2 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8342](https://github.com/envoyproxy/gateway/pull/8342) - revist TLSRoute conformance test by [@zirain](https://github.com/zirain) in [#8345](https://github.com/envoyproxy/gateway/pull/8345) - chore: adopt FailFast by [@zirain](https://github.com/zirain) in [#8335](https://github.com/envoyproxy/gateway/pull/8335) - fix ConsistentHashLoadBalancing flaky by [@zirain](https://github.com/zirain) in [#8349](https://github.com/envoyproxy/gateway/pull/8349) - build(deps): bump the helm group across 1 directory with 2 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8343](https://github.com/envoyproxy/gateway/pull/8343) - build(deps): bump sigs.k8s.io/gateway-api-inference-extension from 1.3.0 to 1.3.1 in /examples/extension-server by [@dependabot](https://github.com/dependabot)\[bot] in [#8340](https://github.com/envoyproxy/gateway/pull/8340) - fix ListenerSet conformance test by [@zirain](https://github.com/zirain) in [#8344](https://github.com/envoyproxy/gateway/pull/8344) - bump Gateway API v1.5.0 by [@zirain](https://github.com/zirain) in [#8348](https://github.com/envoyproxy/gateway/pull/8348) - fix: watch TLSRoute v1 by [@zhaohuabing](https://github.com/zhaohuabing) in [#8327](https://github.com/envoyproxy/gateway/pull/8327) - fix attachedRoutes by [@zirain](https://github.com/zirain) in [#8187](https://github.com/envoyproxy/gateway/pull/8187) - chore: update testdata on main by [@jukie](https://github.com/jukie) in [#8370](https://github.com/envoyproxy/gateway/pull/8370) - docs: add custom redirect BTP task by [@rudrakhp](https://github.com/rudrakhp) in [#8357](https://github.com/envoyproxy/gateway/pull/8357) - feat: Implement RoutingType BTP by [@jukie](https://github.com/jukie) in [#8173](https://github.com/envoyproxy/gateway/pull/8173) - Add retriableStatuses for healthchecks by [@akardaspg](https://github.com/akardaspg) in [#8306](https://github.com/envoyproxy/gateway/pull/8306) - \[gatewayapi] skip unused BTP routing index work by [@arkodg](https://github.com/arkodg) in [#8375](https://github.com/envoyproxy/gateway/pull/8375) - fix(host): eliminate spurious error logs in standalone mode by [@codefromthecrypt](https://github.com/codefromthecrypt) in [#8287](https://github.com/envoyproxy/gateway/pull/8287) - feat: Support AlwaysEjectOneHost configuration in Outlier Detection by [@Inode1](https://github.com/Inode1) in [#8149](https://github.com/envoyproxy/gateway/pull/8149) - chore: remove existence check for v1 CRDs by [@zhaohuabing](https://github.com/zhaohuabing) in [#8365](https://github.com/envoyproxy/gateway/pull/8365) - feat(envoyextensionpolicy): Implement TLS configuration for WASM code source. by [@achernev](https://github.com/achernev) in [#7865](https://github.com/envoyproxy/gateway/pull/7865) - feat: invalid listener should not block IR by [@zirain](https://github.com/zirain) in [#8194](https://github.com/envoyproxy/gateway/pull/8194) - fix TestWasmTLSIndexers and test gen by [@zhaohuabing](https://github.com/zhaohuabing) in [#8384](https://github.com/envoyproxy/gateway/pull/8384) - feat: HTTPRoute support 303 307 308 redirect by [@zirain](https://github.com/zirain) in [#8182](https://github.com/envoyproxy/gateway/pull/8182) - chore: bump golang.org/x/net by [@zirain](https://github.com/zirain) in [#8394](https://github.com/envoyproxy/gateway/pull/8394) - fix: computeHosts doesn't work when listener and route both wildcard by [@zirain](https://github.com/zirain) in [#8186](https://github.com/envoyproxy/gateway/pull/8186) - docs: fix cors exemples in security-policy.md by [@TanguyPatte](https://github.com/TanguyPatte) in [#8408](https://github.com/envoyproxy/gateway/pull/8408) - fix: support cross-ns for SecretObjectReference by [@zhaohuabing](https://github.com/zhaohuabing) in [#8074](https://github.com/envoyproxy/gateway/pull/8074) - api: Add source type structure for dynamic modules by [@jukie](https://github.com/jukie) in [#8359](https://github.com/envoyproxy/gateway/pull/8359) - ci: fix flaky e2e tests by [@zirain](https://github.com/zirain) in [#8388](https://github.com/envoyproxy/gateway/pull/8388) - ci: run conformance test with standard channel by [@zirain](https://github.com/zirain) in [#8367](https://github.com/envoyproxy/gateway/pull/8367) - chore: fix gen by [@zirain](https://github.com/zirain) in [#8418](https://github.com/envoyproxy/gateway/pull/8418) - fix: aggregate xRoute/xPolicy statuses across GWCs in gateway-api runner by [@zhaohuabing](https://github.com/zhaohuabing) in [#8387](https://github.com/envoyproxy/gateway/pull/8387) - api: GeoIP by [@zhaohuabing](https://github.com/zhaohuabing) in [#8002](https://github.com/envoyproxy/gateway/pull/8002) - feat(securitypolicy): add MergeType support for policy merging by [@rajatvig](https://github.com/rajatvig) in [#7918](https://github.com/envoyproxy/gateway/pull/7918) - chore: lower the qps to mitigate flaky upgrade test by [@zhaohuabing](https://github.com/zhaohuabing) in [#8415](https://github.com/envoyproxy/gateway/pull/8415) - chore: fix gen by [@zhaohuabing](https://github.com/zhaohuabing) in [#8426](https://github.com/envoyproxy/gateway/pull/8426) - chore: fix gen check by [@rudrakhp](https://github.com/rudrakhp) in [#8437](https://github.com/envoyproxy/gateway/pull/8437) - feat: support grpc web settings by [@kkk777-7](https://github.com/kkk777-7) in [#8147](https://github.com/envoyproxy/gateway/pull/8147) - build(deps): bump the actions group across 2 directories with 7 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8433](https://github.com/envoyproxy/gateway/pull/8433) - build(deps): bump the helm group across 1 directory with 5 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8404](https://github.com/envoyproxy/gateway/pull/8404) - build(deps): bump distroless/base-nossl from `f8ebb45` to `ae8c000` in /tools/docker/envoy-gateway by [@dependabot](https://github.com/dependabot)\[bot] in [#8398](https://github.com/envoyproxy/gateway/pull/8398) - build(deps): bump the gomod group across 1 directory with 12 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8400](https://github.com/envoyproxy/gateway/pull/8400) - chore: fix gen by [@zirain](https://github.com/zirain) in [#8440](https://github.com/envoyproxy/gateway/pull/8440) - test: fix flaky RouteStatNameTest and refactor by [@Arpit529Srivastava](https://github.com/Arpit529Srivastava) in [#8368](https://github.com/envoyproxy/gateway/pull/8368) - e2e: remove HTTPRoute CORS test by [@zirain](https://github.com/zirain) in [#8443](https://github.com/envoyproxy/gateway/pull/8443) - fix: add ownerReferences to ratelimit ConfigMap and HPA by [@Teja079](https://github.com/Teja079) in [#8358](https://github.com/envoyproxy/gateway/pull/8358) - test: add unit tests for ratelimit UnitToSeconds and UnitToDuration by [@archy-rock3t-cloud](https://github.com/archy-rock3t-cloud) in [#8396](https://github.com/envoyproxy/gateway/pull/8396) - chore: fix oidc flakiness by [@zhaohuabing](https://github.com/zhaohuabing) in [#8423](https://github.com/envoyproxy/gateway/pull/8423) - fix: handle network errors in rate limit e2e tests by [@rudrakhp](https://github.com/rudrakhp) in [#8446](https://github.com/envoyproxy/gateway/pull/8446) - chore: mute OSV scanner & Trivy by [@zirain](https://github.com/zirain) in [#8444](https://github.com/envoyproxy/gateway/pull/8444) - refactor/perf: use LuaPerRoute instead of FilterConfig by [@rudrakhp](https://github.com/rudrakhp) in [#8355](https://github.com/envoyproxy/gateway/pull/8355) - e2e: reduce consistent hash flaky by [@zirain](https://github.com/zirain) in [#8371](https://github.com/envoyproxy/gateway/pull/8371) - fix: multiple gc e2e by [@kkk777-7](https://github.com/kkk777-7) in [#8448](https://github.com/envoyproxy/gateway/pull/8448) - build(deps): bump sigs.k8s.io/gateway-api-inference-extension from 1.3.1 to 1.4.0 in /examples/extension-server by [@dependabot](https://github.com/dependabot)\[bot] in [#8402](https://github.com/envoyproxy/gateway/pull/8402) - build(deps): bump the k8s-io group across 1 directory with 6 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8401](https://github.com/envoyproxy/gateway/pull/8401) - raise RL rule imit to 256 by [@zhaohuabing](https://github.com/zhaohuabing) in [#8451](https://github.com/envoyproxy/gateway/pull/8451) - fix oidc flakiness by [@zhaohuabing](https://github.com/zhaohuabing) in [#8469](https://github.com/envoyproxy/gateway/pull/8469) - api: make ConnectionLimit.Value optional by [@felipesabadini](https://github.com/felipesabadini) in [#8478](https://github.com/envoyproxy/gateway/pull/8478) - build(deps): bump aquasecurity/trivy-action from 0.34.2 to 0.35.0 in the actions group across 1 directory by [@dependabot](https://github.com/dependabot)\[bot] in [#8485](https://github.com/envoyproxy/gateway/pull/8485) - Revert "api: add sourceCIDRs field in SecurityPolicy for L4 IP filtering" by [@zhaohuabing](https://github.com/zhaohuabing) in [#8471](https://github.com/envoyproxy/gateway/pull/8471) - chore: bump filippo.io/edwards25519 by [@zirain](https://github.com/zirain) in [#8474](https://github.com/envoyproxy/gateway/pull/8474) - build(deps): bump sigs.k8s.io/controller-runtime from 0.23.1 to 0.23.3 in /examples/extension-server by [@dependabot](https://github.com/dependabot)\[bot] in [#8487](https://github.com/envoyproxy/gateway/pull/8487) - build(deps): bump codespell from 2.4.1 to 2.4.2 in /tools/src/codespell by [@dependabot](https://github.com/dependabot)\[bot] in [#8481](https://github.com/envoyproxy/gateway/pull/8481) - fix: active health check respect endpoint hostname by [@zirain](https://github.com/zirain) in [#8452](https://github.com/envoyproxy/gateway/pull/8452) - build(deps): bump the helm group across 1 directory with 3 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8488](https://github.com/envoyproxy/gateway/pull/8488) - feat: support status\_on\_error field in external authorization by [@AlexKrudu](https://github.com/AlexKrudu) in [#8432](https://github.com/envoyproxy/gateway/pull/8432) - build(deps): bump the gomod group across 5 directories with 15 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8482](https://github.com/envoyproxy/gateway/pull/8482) - build(deps): bump k8s.io/klog/v2 from 2.130.1 to 2.140.0 in the k8s-io group across 1 directory by [@dependabot](https://github.com/dependabot)\[bot] in [#8483](https://github.com/envoyproxy/gateway/pull/8483) - build(deps): bump sigs.k8s.io/controller-runtime from 0.23.1 to 0.23.3 by [@dependabot](https://github.com/dependabot)\[bot] in [#8484](https://github.com/envoyproxy/gateway/pull/8484) - build(deps): bump sigs.k8s.io/mcs-api from 0.3.0 to 0.4.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#8486](https://github.com/envoyproxy/gateway/pull/8486) - \[release/v1.6] add release notes for v1.6.5 by [@rudrakhp](https://github.com/rudrakhp) in [#8504](https://github.com/envoyproxy/gateway/pull/8504) - Add release notes for 1.7.1 by [@cnvergence](https://github.com/cnvergence) in [#8493](https://github.com/envoyproxy/gateway/pull/8493) - Add release notes news for v1.7.1 by [@cnvergence](https://github.com/cnvergence) in [#8513](https://github.com/envoyproxy/gateway/pull/8513) - \[release/v1.6] update docs for v1.6.5 by [@rudrakhp](https://github.com/rudrakhp) in [#8515](https://github.com/envoyproxy/gateway/pull/8515) - Bump last version in eg upgrade e2e test by [@cnvergence](https://github.com/cnvergence) in [#8514](https://github.com/envoyproxy/gateway/pull/8514) - e2e: ratelimit test not rely on the count of request by [@zirain](https://github.com/zirain) in [#8472](https://github.com/envoyproxy/gateway/pull/8472) - bump ratelimis version by [@fbalicchia](https://github.com/fbalicchia) in [#8465](https://github.com/envoyproxy/gateway/pull/8465) - fix(ratelimit): expose metrics port to ratelimit container spec by [@stekole](https://github.com/stekole) in [#8525](https://github.com/envoyproxy/gateway/pull/8525) - chore: update stale action settings to clean up stale PRs by [@rudrakhp](https://github.com/rudrakhp) in [#8526](https://github.com/envoyproxy/gateway/pull/8526) - feat(helm): add `namespaceOverride` support to gateway-helm chart by [@honarkhah](https://github.com/honarkhah) in [#8281](https://github.com/envoyproxy/gateway/pull/8281) - bump Gateway API to v1.5.1 by [@zirain](https://github.com/zirain) in [#8533](https://github.com/envoyproxy/gateway/pull/8533) - feat(api): add HTTP/2 connection keepalive to ClientTrafficPolicy and BackendTrafficPolicy by [@rajatvig](https://github.com/rajatvig) in [#8215](https://github.com/envoyproxy/gateway/pull/8215) - feat: add support for retry budget in BackendTrafficPolicy by [@zirain](https://github.com/zirain) in [#8457](https://github.com/envoyproxy/gateway/pull/8457) - e2e: fix ConnectionLimit test by [@zirain](https://github.com/zirain) in [#8473](https://github.com/envoyproxy/gateway/pull/8473) - feat: support stream idle timeout in BackendTrafficPolicy by [@zhaohuabing](https://github.com/zhaohuabing) in [#8455](https://github.com/envoyproxy/gateway/pull/8455) - feat: EDS modification hook by [@zhaohuabing](https://github.com/zhaohuabing) in [#8240](https://github.com/envoyproxy/gateway/pull/8240) - chore: raise the jwt provider limit to 16 by [@zhaohuabing](https://github.com/zhaohuabing) in [#8543](https://github.com/envoyproxy/gateway/pull/8543) - ci: fix ACTIONS\_STEP\_DEBUG not working by [@zirain](https://github.com/zirain) in [#8517](https://github.com/envoyproxy/gateway/pull/8517) - ci: rm gen-check action by [@zirain](https://github.com/zirain) in [#8553](https://github.com/envoyproxy/gateway/pull/8553) - chore: aggregate route status parents when they're more than the allowed cap(32) by [@zhaohuabing](https://github.com/zhaohuabing) in [#8516](https://github.com/envoyproxy/gateway/pull/8516) - fix merged example by [@RicHincapie](https://github.com/RicHincapie) in [#8563](https://github.com/envoyproxy/gateway/pull/8563) - add e2e test for HTTPRouteHTTPSListenerDetectMisdirectedRequests by [@zirain](https://github.com/zirain) in [#8558](https://github.com/envoyproxy/gateway/pull/8558) - build(deps): bump distroless/base-nossl from `ae8c000` to `f71dcb6` in /tools/docker/envoy-gateway by [@dependabot](https://github.com/dependabot)\[bot] in [#8546](https://github.com/envoyproxy/gateway/pull/8546) - build(deps): bump the actions group across 1 directory with 4 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8549](https://github.com/envoyproxy/gateway/pull/8549) - fix: per-endpoint hostname override blocked by auto-generated wildcad host by [@zirain](https://github.com/zirain) in [#8565](https://github.com/envoyproxy/gateway/pull/8565) - feat/mtls add ClientValidationMode by [@Julien-Beezeelinx](https://github.com/Julien-Beezeelinx) in [#8325](https://github.com/envoyproxy/gateway/pull/8325) - fix(tcp): add SNI-based filter chain matching for TLS passthrough empty routes by [@OliverBailey](https://github.com/OliverBailey) in [#8521](https://github.com/envoyproxy/gateway/pull/8521) - ci: fix netlify build by [@zirain](https://github.com/zirain) in [#8571](https://github.com/envoyproxy/gateway/pull/8571) - feat: upstream access log by [@zirain](https://github.com/zirain) in [#8397](https://github.com/envoyproxy/gateway/pull/8397) - chore: refactor JSONPatch by [@zirain](https://github.com/zirain) in [#8497](https://github.com/envoyproxy/gateway/pull/8497) - docs: fix terminology inconsistencies for External Authorization by [@haruyama480](https://github.com/haruyama480) in [#8539](https://github.com/envoyproxy/gateway/pull/8539) - docs: ignore blog.envoyproxy.io by [@zirain](https://github.com/zirain) in [#8574](https://github.com/envoyproxy/gateway/pull/8574) - feat(loadbalancer): Add LoadBalancerType Client Side Weighted Round Robin by [@altaiezior](https://github.com/altaiezior) in [#7407](https://github.com/envoyproxy/gateway/pull/7407) - build(deps): bump loki from 6.54.0 to 6.55.0 in /charts/gateway-addons-helm in the helm group across 1 directory by [@dependabot](https://github.com/dependabot)\[bot] in [#8550](https://github.com/envoyproxy/gateway/pull/8550) - fix bug with grpcroute mirror filter by [@aburanrbx](https://github.com/aburanrbx) in [#8541](https://github.com/envoyproxy/gateway/pull/8541) - fix: normalize CRLF line endings in htpasswd basic auth secrets by [@stekole](https://github.com/stekole) in [#8557](https://github.com/envoyproxy/gateway/pull/8557) - build(deps): bump the gomod group across 5 directories with 6 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8548](https://github.com/envoyproxy/gateway/pull/8548) - chore: update release schedule by [@zhaohuabing](https://github.com/zhaohuabing) in [#8584](https://github.com/envoyproxy/gateway/pull/8584) - feat: GeoIP by [@zhaohuabing](https://github.com/zhaohuabing) in [#8453](https://github.com/envoyproxy/gateway/pull/8453) - Bump version by [@jukie](https://github.com/jukie) in [#8587](https://github.com/envoyproxy/gateway/pull/8587) - chore: update grpc to fix osv scan by [@zhaohuabing](https://github.com/zhaohuabing) in [#8586](https://github.com/envoyproxy/gateway/pull/8586) - build(deps): bump busybox from `b3255e7` to `1487d0a` in /tools/docker/envoy-gateway by [@dependabot](https://github.com/dependabot)\[bot] in [#8590](https://github.com/envoyproxy/gateway/pull/8590) - build(deps): bump the actions group across 1 directory with 2 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8593](https://github.com/envoyproxy/gateway/pull/8593) - build(deps): bump the gomod group across 1 directory with 2 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8591](https://github.com/envoyproxy/gateway/pull/8591) - build(deps): bump the helm group across 1 directory with 3 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8594](https://github.com/envoyproxy/gateway/pull/8594) - build(deps): bump the k8s-io group across 1 directory with 6 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8592](https://github.com/envoyproxy/gateway/pull/8592) - \[xds] stabilize listener-level Lua XDS filters to avoid listener drain by [@arkodg](https://github.com/arkodg) in [#8598](https://github.com/envoyproxy/gateway/pull/8598) - docs: fix typos in RELEASING.md by [@archy-rock3t-cloud](https://github.com/archy-rock3t-cloud) in [#8601](https://github.com/envoyproxy/gateway/pull/8601) - chore: update basic auth error status by [@zhaohuabing](https://github.com/zhaohuabing) in [#8589](https://github.com/envoyproxy/gateway/pull/8589) - chore: update request buffer docs by [@zhaohuabing](https://github.com/zhaohuabing) in [#8604](https://github.com/envoyproxy/gateway/pull/8604) - docs: add note on case-insensitivity of header names by [@lextiz](https://github.com/lextiz) in [#8596](https://github.com/envoyproxy/gateway/pull/8596) - Add Pollinate to Envoy Gateway adopters by [@shavmohin](https://github.com/shavmohin) in [#8607](https://github.com/envoyproxy/gateway/pull/8607) - fix: reject incompatible requestBuffer + httpUpgrade CTP by [@zhaohuabing](https://github.com/zhaohuabing) in [#8605](https://github.com/envoyproxy/gateway/pull/8605) - geoip docs by [@zhaohuabing](https://github.com/zhaohuabing) in [#8585](https://github.com/envoyproxy/gateway/pull/8585) - chore: update Performance Benchmark Report by [@zhaohuabing](https://github.com/zhaohuabing) in [#8613](https://github.com/envoyproxy/gateway/pull/8613) - feat: support invert in source match by [@rudrakhp](https://github.com/rudrakhp) in [#8407](https://github.com/envoyproxy/gateway/pull/8407) - chore: fix osv scan by [@zhaohuabing](https://github.com/zhaohuabing) in [#8615](https://github.com/envoyproxy/gateway/pull/8615) - fix json report by [@zhaohuabing](https://github.com/zhaohuabing) in [#8614](https://github.com/envoyproxy/gateway/pull/8614) - chore: add benchmark report to the release process by [@zhaohuabing](https://github.com/zhaohuabing) in [#8617](https://github.com/envoyproxy/gateway/pull/8617) - feat: implement remote source dynamic modules by [@jukie](https://github.com/jukie) in [#8579](https://github.com/envoyproxy/gateway/pull/8579) - chore: fix e2e tests by [@zirain](https://github.com/zirain) in [#8450](https://github.com/envoyproxy/gateway/pull/8450) - feat: JSON log encoder uses abbreviated field keys by [@zirain](https://github.com/zirain) in [#8555](https://github.com/envoyproxy/gateway/pull/8555) - test: add unit tests for route sort precedence by [@archy-rock3t-cloud](https://github.com/archy-rock3t-cloud) in [#8603](https://github.com/envoyproxy/gateway/pull/8603) - feat(translator): make append\_x\_forwarded\_host configurable in HTTPRouteFilter by [@rborale5](https://github.com/rborale5) in [#8527](https://github.com/envoyproxy/gateway/pull/8527) - fix: avoid metric increments on no-op delete reconcile paths by [@felipesabadini](https://github.com/felipesabadini) in [#8480](https://github.com/envoyproxy/gateway/pull/8480) - chore: cswrr cleanup and e2e by [@jukie](https://github.com/jukie) in [#8582](https://github.com/envoyproxy/gateway/pull/8582) - chore: add make target for benchmark dashboard by [@zhaohuabing](https://github.com/zhaohuabing) in [#8621](https://github.com/envoyproxy/gateway/pull/8621) - feat(telemetry): add sampler config for OpenTelemetry tracing by [@codefromthecrypt](https://github.com/codefromthecrypt) in [#8529](https://github.com/envoyproxy/gateway/pull/8529) - feat(ctp): add IgnoredUpgradeTypes to HTTP1Settings by [@michalskalski](https://github.com/michalskalski) in [#8599](https://github.com/envoyproxy/gateway/pull/8599) - build(deps): bump npm-check-updates from 19.6.6 to 20.0.0 in /site by [@dependabot](https://github.com/dependabot)\[bot] in [#8641](https://github.com/envoyproxy/gateway/pull/8641) - chore: fix metrics check in the rate limit e2e tests by [@zhaohuabing](https://github.com/zhaohuabing) in [#8636](https://github.com/envoyproxy/gateway/pull/8636) - build(deps): bump the gomod group across 1 directory with 2 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8639](https://github.com/envoyproxy/gateway/pull/8639) - build(deps): bump the actions group across 2 directories with 7 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8640](https://github.com/envoyproxy/gateway/pull/8640) - enterprise support: Add Procedure Technologies by [@harshita375](https://github.com/harshita375) in [#8643](https://github.com/envoyproxy/gateway/pull/8643) - fix typo by [@Alireza-Mim](https://github.com/Alireza-Mim) in [#8629](https://github.com/envoyproxy/gateway/pull/8629) - build(deps): bump the helm group across 1 directory with 2 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8642](https://github.com/envoyproxy/gateway/pull/8642) - chore: bump API version by [@zirain](https://github.com/zirain) in [#8644](https://github.com/envoyproxy/gateway/pull/8644) - fix(telemetry): support BackendTLSPolicy for telemetry backends by [@codefromthecrypt](https://github.com/codefromthecrypt) in [#8545](https://github.com/envoyproxy/gateway/pull/8545) - ci(fix): ensure Go binaries in published Docker images have correct module version by [@shahar-h](https://github.com/shahar-h) in [#8275](https://github.com/envoyproxy/gateway/pull/8275) - fix: restore failure-path metric recording for delete and HPA reconcile by [@felipesabadini](https://github.com/felipesabadini) in [#8656](https://github.com/envoyproxy/gateway/pull/8656) - fix for duplicate cidr local rate limit rules by [@erik-hunter](https://github.com/erik-hunter) in [#8650](https://github.com/envoyproxy/gateway/pull/8650) - feat: impl gateway tls.frontend/tls.backend by [@zirain](https://github.com/zirain) in [#8380](https://github.com/envoyproxy/gateway/pull/8380) - docs: fix `Protol` -> `Protocol` typo by [@wiktor-k](https://github.com/wiktor-k) in [#8657](https://github.com/envoyproxy/gateway/pull/8657) - chore: remove cluster.LbPolicy usage by [@jukie](https://github.com/jukie) in [#8637](https://github.com/envoyproxy/gateway/pull/8637) - chore: align all helm calls to use go tool by [@shahar-h](https://github.com/shahar-h) in [#8659](https://github.com/envoyproxy/gateway/pull/8659) - ci: remove codecov workaround by [@shahar-h](https://github.com/shahar-h) in [#8664](https://github.com/envoyproxy/gateway/pull/8664) - ci: remove hardcoded KIND\_NODE\_TAG from release benchmark by [@shahar-h](https://github.com/shahar-h) in [#8661](https://github.com/envoyproxy/gateway/pull/8661) - chore: add lint check to enforce ubuntu-latest in workflow runs-on by [@shahar-h](https://github.com/shahar-h) in [#8662](https://github.com/envoyproxy/gateway/pull/8662) - Publish chart and docker image for rc.0 tags by [@jukie](https://github.com/jukie) in [#8658](https://github.com/envoyproxy/gateway/pull/8658) - ci: fix broken go-benchmark-test by [@shahar-h](https://github.com/shahar-h) in [#8663](https://github.com/envoyproxy/gateway/pull/8663) - chore: fix cve by [@zirain](https://github.com/zirain) in [#8669](https://github.com/envoyproxy/gateway/pull/8669) - ci: remove continue-on-error from go-benchmark-test by [@shahar-h](https://github.com/shahar-h) in [#8670](https://github.com/envoyproxy/gateway/pull/8670) - ci: pin checkout action by [@shahar-h](https://github.com/shahar-h) in [#8674](https://github.com/envoyproxy/gateway/pull/8674) - docs: clarify supported HTTP redirect status codes by [@Aditya7880900936](https://github.com/Aditya7880900936) in [#8566](https://github.com/envoyproxy/gateway/pull/8566) - feat: support grpc stats settings by [@kkk777-7](https://github.com/kkk777-7) in [#8158](https://github.com/envoyproxy/gateway/pull/8158) - Fix link to Tasks section in quickstart.md by [@xCyberxx](https://github.com/xCyberxx) in [#8618](https://github.com/envoyproxy/gateway/pull/8618) - chore: pin npm tools by [@shahar-h](https://github.com/shahar-h) in [#8672](https://github.com/envoyproxy/gateway/pull/8672) - fix: status for mirror backend by [@kkk777-7](https://github.com/kkk777-7) in [#8675](https://github.com/envoyproxy/gateway/pull/8675) - ci: add github action for codex review on PRs by [@arkodg](https://github.com/arkodg) in [#8679](https://github.com/envoyproxy/gateway/pull/8679) - build(deps): bump the actions group across 1 directory with 2 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8684](https://github.com/envoyproxy/gateway/pull/8684) - build(deps): bump sigs.k8s.io/mcs-api from 0.4.0 to 0.4.1 by [@dependabot](https://github.com/dependabot)\[bot] in [#8683](https://github.com/envoyproxy/gateway/pull/8683) - build(deps): bump the helm group across 1 directory with 2 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8682](https://github.com/envoyproxy/gateway/pull/8682) - fix(gatewayapi): add deprecated warning for clientValidation.optional by [@officialasishkumar](https://github.com/officialasishkumar) in [#8609](https://github.com/envoyproxy/gateway/pull/8609) - feat: add support for contrpl plane tracer by [@zirain](https://github.com/zirain) in [#8551](https://github.com/envoyproxy/gateway/pull/8551) - build(deps): bump the gomod group across 5 directories with 11 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8681](https://github.com/envoyproxy/gateway/pull/8681) - api: dynamic module lb by [@jukie](https://github.com/jukie) in [#8638](https://github.com/envoyproxy/gateway/pull/8638) - build(deps): bump actions/checkout from 6.0.1 to 6.0.2 in the actions group across 1 directory by [@dependabot](https://github.com/dependabot)\[bot] in [#8697](https://github.com/envoyproxy/gateway/pull/8697) - build(deps): bump the gomod group across 2 directories with 4 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8696](https://github.com/envoyproxy/gateway/pull/8696) - build(deps): bump the helm group across 1 directory with 2 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8698](https://github.com/envoyproxy/gateway/pull/8698) - fix: client certificate secret never delivered when it is exclusively referenced by a SecurityPolicy extAuth Backend by [@zirain](https://github.com/zirain) in [#8654](https://github.com/envoyproxy/gateway/pull/8654) - bump golang for CVE by [@zirain](https://github.com/zirain) in [#8709](https://github.com/envoyproxy/gateway/pull/8709) - set the status when EPP target to a MergeGateways with wrong kind by [@fabian4](https://github.com/fabian4) in [#7490](https://github.com/envoyproxy/gateway/pull/7490) - chore: update testdata to covered multiple listener in one gateway by [@zirain](https://github.com/zirain) in [#8710](https://github.com/envoyproxy/gateway/pull/8710) - fix: disable http3 when client tls is configured by [@zhaohuabing](https://github.com/zhaohuabing) in [#8583](https://github.com/envoyproxy/gateway/pull/8583) - fix: client certificate secret never delivered when it is exclusively referenced by a SecurityPolicy jwt/oidc Backend by [@zirain](https://github.com/zirain) in [#8711](https://github.com/envoyproxy/gateway/pull/8711) - chore: fix release issue gen by [@rudrakhp](https://github.com/rudrakhp) in [#8722](https://github.com/envoyproxy/gateway/pull/8722) - remove DFP filter by [@zhaohuabing](https://github.com/zhaohuabing) in [#8655](https://github.com/envoyproxy/gateway/pull/8655) - build(deps): bump the gomod group across 1 directory with 2 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8721](https://github.com/envoyproxy/gateway/pull/8721) - api for id token forwarding by [@zhaohuabing](https://github.com/zhaohuabing) in [#8691](https://github.com/envoyproxy/gateway/pull/8691) - oidc: native oauth2 per-route config by [@zhaohuabing](https://github.com/zhaohuabing) in [#8703](https://github.com/envoyproxy/gateway/pull/8703) - chore: add review skill by [@zhaohuabing](https://github.com/zhaohuabing) in [#8237](https://github.com/envoyproxy/gateway/pull/8237) - feat: Support for merged EnvoyProxy settings by [@mgs255](https://github.com/mgs255) in [#8169](https://github.com/envoyproxy/gateway/pull/8169) - \[ci] rm codex review action by [@arkodg](https://github.com/arkodg) in [#8726](https://github.com/envoyproxy/gateway/pull/8726) - build(site): use npm ci and clean up docs CI pipeline by [@shahar-h](https://github.com/shahar-h) in [#8694](https://github.com/envoyproxy/gateway/pull/8694) - fix: followup for [#8380](https://github.com/envoyproxy/gateway/issues/8380) by [@zirain](https://github.com/zirain) in [#8666](https://github.com/envoyproxy/gateway/pull/8666) - chore: fix release issue WF by [@rudrakhp](https://github.com/rudrakhp) in [#8727](https://github.com/envoyproxy/gateway/pull/8727) - docs: rename Contributions section to Community by [@antonio-mazzini](https://github.com/antonio-mazzini) in [#8427](https://github.com/envoyproxy/gateway/pull/8427) - chore: update Go tools and resolve golangci-lint warnings by [@shahar-h](https://github.com/shahar-h) in [#8740](https://github.com/envoyproxy/gateway/pull/8740) - refactor: replace ptr.To with Go 1.26 new() builtin by [@shahar-h](https://github.com/shahar-h) in [#8718](https://github.com/envoyproxy/gateway/pull/8718) - fix: ContextExtensions merge behavior by [@zhaohuabing](https://github.com/zhaohuabing) in [#8747](https://github.com/envoyproxy/gateway/pull/8747) - fix: helm secrets rbac for gateway namespace with watch list of namespaces by [@cnvergence](https://github.com/cnvergence) in [#8706](https://github.com/envoyproxy/gateway/pull/8706) - build(deps): bump the actions group across 1 directory with 3 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8758](https://github.com/envoyproxy/gateway/pull/8758) - build(deps-dev): bump autoprefixer from 10.4.27 to 10.5.0 in /site by [@dependabot](https://github.com/dependabot)\[bot] in [#8756](https://github.com/envoyproxy/gateway/pull/8756) - build(deps): bump npm-check-updates from 20.0.0 to 21.0.0 in /site by [@dependabot](https://github.com/dependabot)\[bot] in [#8757](https://github.com/envoyproxy/gateway/pull/8757) - build(deps): bump the helm group across 1 directory with 3 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8759](https://github.com/envoyproxy/gateway/pull/8759) - \[release/v1.6] add release notes for v1.6.6 by [@rudrakhp](https://github.com/rudrakhp) in [#8765](https://github.com/envoyproxy/gateway/pull/8765) - ExtAuth: allow passing Route metadata to Ext Auth by [@zhaohuabing](https://github.com/zhaohuabing) in [#8723](https://github.com/envoyproxy/gateway/pull/8723) - \[release/v1.6] add benchmark report for v1.6.6 by [@rudrakhp](https://github.com/rudrakhp) in [#8772](https://github.com/envoyproxy/gateway/pull/8772) - \[release/v1.6] update docs + release announcement for v1.6.6 by [@rudrakhp](https://github.com/rudrakhp) in [#8774](https://github.com/envoyproxy/gateway/pull/8774) - docs: fix typo in page for http-request-headers by [@picccard](https://github.com/picccard) in [#8752](https://github.com/envoyproxy/gateway/pull/8752) - \[release/v1.7] add release notes and docs announcement for v1.7.2 by [@cnvergence](https://github.com/cnvergence) in [#8775](https://github.com/envoyproxy/gateway/pull/8775) - \[release/v1.7] add benchmark report for v1.7.2 by [@cnvergence](https://github.com/cnvergence) in [#8779](https://github.com/envoyproxy/gateway/pull/8779) - ci: optimize binary builds in build\_and\_test workflow by [@shahar-h](https://github.com/shahar-h) in [#8777](https://github.com/envoyproxy/gateway/pull/8777) - feat: support GatewayStaticAddresses conformance test by [@cnvergence](https://github.com/cnvergence) in [#8395](https://github.com/envoyproxy/gateway/pull/8395) - Fix rc.0 publish by [@jukie](https://github.com/jukie) in [#8782](https://github.com/envoyproxy/gateway/pull/8782) - fix: deep copy status in translator layer to avoid race by [@rudrakhp](https://github.com/rudrakhp) in [#8778](https://github.com/envoyproxy/gateway/pull/8778) - feat: add per-rule XRateLimitOption to BackendTrafficPolicy by [@zirain](https://github.com/zirain) in [#8742](https://github.com/envoyproxy/gateway/pull/8742) - chore: add missing labels for the rl service account by [@zhaohuabing](https://github.com/zhaohuabing) in [#8793](https://github.com/envoyproxy/gateway/pull/8793) - chore: OSV scanner by [@zirain](https://github.com/zirain) in [#8794](https://github.com/envoyproxy/gateway/pull/8794) - fix: bound BackendTrafficPolicy rateLimit requests to uint32 max by [@PatilHrushikesh](https://github.com/PatilHrushikesh) in [#8798](https://github.com/envoyproxy/gateway/pull/8798) - fix: use per-route ratelimit filter by [@zirain](https://github.com/zirain) in [#8741](https://github.com/envoyproxy/gateway/pull/8741) - feat: add extraEnv support to envoy-gateway controller deployment by [@girikuncoro](https://github.com/girikuncoro) in [#8733](https://github.com/envoyproxy/gateway/pull/8733) - api: add cel validation of MaxEjectionPercent by [@kkk777-7](https://github.com/kkk777-7) in [#8804](https://github.com/envoyproxy/gateway/pull/8804) - fix: force HTTP1 for upstream connections for WS and WSS backends by [@zhaohuabing](https://github.com/zhaohuabing) in [#8699](https://github.com/envoyproxy/gateway/pull/8699) - build(deps): bump the gomod group across 2 directories with 4 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8811](https://github.com/envoyproxy/gateway/pull/8811) - build(deps): bump the actions group across 1 directory with 2 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8812](https://github.com/envoyproxy/gateway/pull/8812) - chore: fix race and panic by [@zirain](https://github.com/zirain) in [#8795](https://github.com/envoyproxy/gateway/pull/8795) - build(deps): bump npm-check-updates from 21.0.0 to 21.0.3 in /site by [@dependabot](https://github.com/dependabot)\[bot] in [#8810](https://github.com/envoyproxy/gateway/pull/8810) - build(deps): bump sigs.k8s.io/gateway-api-inference-extension from 1.4.0 to 1.5.0 in /examples/extension-server by [@dependabot](https://github.com/dependabot)\[bot] in [#8814](https://github.com/envoyproxy/gateway/pull/8814) - build(deps): bump opentelemetry-collector from 0.150.0 to 0.150.1 in /charts/gateway-addons-helm in the helm group across 1 directory by [@dependabot](https://github.com/dependabot)\[bot] in [#8815](https://github.com/envoyproxy/gateway/pull/8815) - feat: add support for certificate fetching via SDS ref secret by [@zirain](https://github.com/zirain) in [#8745](https://github.com/envoyproxy/gateway/pull/8745) - docs: note ETag handling in response compression task by [@alliasgher](https://github.com/alliasgher) in [#8824](https://github.com/envoyproxy/gateway/pull/8824) - chore: bump docsy by [@zirain](https://github.com/zirain) in [#8819](https://github.com/envoyproxy/gateway/pull/8819) - build(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 in the actions group across 1 directory by [@dependabot](https://github.com/dependabot)\[bot] in [#8829](https://github.com/envoyproxy/gateway/pull/8829) - fix: correct duration dashboard panels to use proper PromQL queries by [@felipesabadini](https://github.com/felipesabadini) in [#8528](https://github.com/envoyproxy/gateway/pull/8528) - test: use registry.k8s.io instead of staging by [@jukie](https://github.com/jukie) in [#8831](https://github.com/envoyproxy/gateway/pull/8831) - feat: Add BackendUtilization + WeightedZones support (WrrLocality Lb policy) by [@jukie](https://github.com/jukie) in [#8634](https://github.com/envoyproxy/gateway/pull/8634) - build(deps): bump opentelemetry-collector from 0.150.1 to 0.152.0 in /charts/gateway-addons-helm in the helm group across 1 directory by [@dependabot](https://github.com/dependabot)\[bot] in [#8827](https://github.com/envoyproxy/gateway/pull/8827) - docs(cors): show allowCredentials in the CORS task by [@officialasishkumar](https://github.com/officialasishkumar) in [#8611](https://github.com/envoyproxy/gateway/pull/8611) - Add support for extraVolumes and extraVolumeMounts to EG deployment by [@mkhpalm](https://github.com/mkhpalm) in [#8801](https://github.com/envoyproxy/gateway/pull/8801) - api: add cel validation of GrpcStatus by [@kkk777-7](https://github.com/kkk777-7) in [#8803](https://github.com/envoyproxy/gateway/pull/8803) - conformance: update skipped features by [@zirain](https://github.com/zirain) in [#8837](https://github.com/envoyproxy/gateway/pull/8837) - e2e: add test for watched namespace by [@zhaohuabing](https://github.com/zhaohuabing) in [#8786](https://github.com/envoyproxy/gateway/pull/8786) - performance: use cached kube client for the infra runner by [@zhaohuabing](https://github.com/zhaohuabing) in [#8764](https://github.com/envoyproxy/gateway/pull/8764) - api: add bandwidth limit by [@kkk777-7](https://github.com/kkk777-7) in [#8630](https://github.com/envoyproxy/gateway/pull/8630) - fix: reason with multiple errors rejected validation by [@zirain](https://github.com/zirain) in [#8859](https://github.com/envoyproxy/gateway/pull/8859) - feat: support overriding ext\_auth path by [@rudrakhp](https://github.com/rudrakhp) in [#8612](https://github.com/envoyproxy/gateway/pull/8612) - \[release/v1.6] update docs for v1.6.7 by [@rudrakhp](https://github.com/rudrakhp) in [#8865](https://github.com/envoyproxy/gateway/pull/8865) - feat(chart): Allow configuring envoy proxy image via helm chart by [@mgs255](https://github.com/mgs255) in [#8785](https://github.com/envoyproxy/gateway/pull/8785) - \[release/v1.6] add v1.6.7 benchmark data by [@rudrakhp](https://github.com/rudrakhp) in [#8874](https://github.com/envoyproxy/gateway/pull/8874) - feat(extensionManager): add support for multiple ExtensionManagers with sequential chaining by [@toffentoffen](https://github.com/toffentoffen) in [#8458](https://github.com/envoyproxy/gateway/pull/8458) - \[release/v1.6] bump v1.6 in docs to v1.6.7 by [@rudrakhp](https://github.com/rudrakhp) in [#8875](https://github.com/envoyproxy/gateway/pull/8875) - chore: update api docs for the default EnvoyProxy by [@zhaohuabing](https://github.com/zhaohuabing) in [#8866](https://github.com/envoyproxy/gateway/pull/8866) - feat: bandwidth limit by [@kkk777-7](https://github.com/kkk777-7) in [#8862](https://github.com/envoyproxy/gateway/pull/8862) - fix: dpanic in logger by [@rudrakhp](https://github.com/rudrakhp) in [#8880](https://github.com/envoyproxy/gateway/pull/8880) - feat: Add source to responseOverride by [@lboynton](https://github.com/lboynton) in [#8391](https://github.com/envoyproxy/gateway/pull/8391) - build(deps): bump npm-check-updates from 21.0.3 to 22.0.1 in /site by [@dependabot](https://github.com/dependabot)\[bot] in [#8882](https://github.com/envoyproxy/gateway/pull/8882) - build(deps): bump go.uber.org/zap from 1.27.1 to 1.28.0 by [@dependabot](https://github.com/dependabot)\[bot] in [#8884](https://github.com/envoyproxy/gateway/pull/8884) - build(deps): bump the helm group across 1 directory with 4 updates by [@dependabot](https://github.com/dependabot)\[bot] in [#8885](https://github.com/envoyproxy/gateway/pull/8885) - chore: update JSONPatch testdata by [@zirain](https://github.com/zirain) in [#8877](https://github.com/envoyproxy/gateway/pull/8877) - feat: cross ns policy attachment by [@zhaohuabing](https://github.com/zhaohuabing) in [#8676](https://github.com/envoyproxy/gateway/pull/8676) - feat: add admission control to BackendTrafficPolicy by [@jukie](https://github.com/jukie) in [#8872](https://github.com/envoyproxy/gateway/pull/8872) - v1.8.0-rc.1 release notes by [@jukie](https://github.com/jukie) in [#8900](https://github.com/envoyproxy/gateway/pull/8900) - bump ratelimit, dynamic modules, and proxy versions for v1.8.0-rc.1 by [@jukie](https://github.com/jukie) in [#8902](https://github.com/envoyproxy/gateway/pull/8902) - \[release/v1.8] bump golang to 1.26.3 by [@jukie](https://github.com/jukie) in [#8950](https://github.com/envoyproxy/gateway/pull/8950) - \[release/v1.8] Fix ratelimit tag for arm64 by [@jukie](https://github.com/jukie) in [#8949](https://github.com/envoyproxy/gateway/pull/8949) - \[release/v1.8] cherry-pick v1.8.0 by [@jukie](https://github.com/jukie) in [#8970](https://github.com/envoyproxy/gateway/pull/8970) ##### New Contributors - [@dylanmtaylor](https://github.com/dylanmtaylor) made their first contribution in [#8116](https://github.com/envoyproxy/gateway/pull/8116) - [@twandja](https://github.com/twandja) made their first contribution in [#8138](https://github.com/envoyproxy/gateway/pull/8138) - [@SadmiB](https://github.com/SadmiB) made their first contribution in [#7864](https://github.com/envoyproxy/gateway/pull/7864) - [@jaffarkeikei](https://github.com/jaffarkeikei) made their first contribution in [#8122](https://github.com/envoyproxy/gateway/pull/8122) - [@Junnygram](https://github.com/Junnygram) made their first contribution in [#7953](https://github.com/envoyproxy/gateway/pull/7953) - [@oliverbaehler](https://github.com/oliverbaehler) made their first contribution in [#7977](https://github.com/envoyproxy/gateway/pull/7977) - [@krishicks](https://github.com/krishicks) made their first contribution in [#8168](https://github.com/envoyproxy/gateway/pull/8168) - [@jess-belliveau](https://github.com/jess-belliveau) made their first contribution in [#8185](https://github.com/envoyproxy/gateway/pull/8185) - [@gaganhr94](https://github.com/gaganhr94) made their first contribution in [#8078](https://github.com/envoyproxy/gateway/pull/8078) - [@cryoshida](https://github.com/cryoshida) made their first contribution in [#7959](https://github.com/envoyproxy/gateway/pull/7959) - [@6ixfalls](https://github.com/6ixfalls) made their first contribution in [#8183](https://github.com/envoyproxy/gateway/pull/8183) - [@NilsGriebner](https://github.com/NilsGriebner) made their first contribution in [#8225](https://github.com/envoyproxy/gateway/pull/8225) - [@akardaspg](https://github.com/akardaspg) made their first contribution in [#8306](https://github.com/envoyproxy/gateway/pull/8306) - [@achernev](https://github.com/achernev) made their first contribution in [#7865](https://github.com/envoyproxy/gateway/pull/7865) - [@TanguyPatte](https://github.com/TanguyPatte) made their first contribution in [#8408](https://github.com/envoyproxy/gateway/pull/8408) - [@Arpit529Srivastava](https://github.com/Arpit529Srivastava) made their first contribution in [#8368](https://github.com/envoyproxy/gateway/pull/8368) - [@Teja079](https://github.com/Teja079) made their first contribution in [#8358](https://github.com/envoyproxy/gateway/pull/8358) - [@felipesabadini](https://github.com/felipesabadini) …

zhaohuabing force-pushed the feat/security-policy-merge branch from 95821a7 to c8b4bdc Compare January 13, 2026 01:23

rajatvig added 2 commits January 13, 2026 11:34

chore: drop unusable annotations and add in generatedfiles

d1d61ae

Signed-off-by: Rajat Vig <rvig@etsy.com>

chore: add release notes

edff170

Signed-off-by: Rajat Vig <rvig@etsy.com>

rajatvig added 3 commits January 13, 2026 11:58

test: add e2e test

8792f98

Signed-off-by: Rajat Vig <rvig@etsy.com>

chore: add more test coverage

5e5372d

Signed-off-by: Rajat Vig <rvig@etsy.com>

Merge remote-tracking branch 'upstream/main' into feat/security-polic…

1c62ff2

…y-merge

arkodg requested a review from kkk777-7 January 14, 2026 05:03

rajatvig added 4 commits January 18, 2026 22:53

chore: fix e2e test

09e0b17

Signed-off-by: Rajat Vig <rvig@etsy.com>

Merge remote-tracking branch 'upstream/main' into feat/security-polic…

5cacf84

…y-merge Signed-off-by: Rajat Vig <rvig@etsy.com>

chore: add test data files for security policy

a190a39

Signed-off-by: Rajat Vig <rvig@etsy.com>

chore: add docs

6cd2177

Signed-off-by: Rajat Vig <rvig@etsy.com>

rajatvig marked this pull request as ready for review January 18, 2026 23:30

rajatvig requested a review from a team as a code owner January 18, 2026 23:30

rajatvig and others added 2 commits January 19, 2026 00:40

fix: simplify e2e test

d51f188

Signed-off-by: Rajat Vig <rvig@etsy.com>

Merge branch 'main' into feat/security-policy-merge

bfcc540

arkodg added this to the v1.7.0-rc.1 Release milestone Jan 19, 2026

kkk777-7 reviewed Jan 20, 2026

View reviewed changes

Comment thread internal/gatewayapi/securitypolicy.go

Comment thread internal/gatewayapi/testdata/securitypolicy-with-merge.out.yaml Outdated

Comment thread internal/gatewayapi/securitypolicy.go

kkk777-7 reviewed Jan 20, 2026

View reviewed changes

Comment thread internal/gatewayapi/securitypolicy.go Outdated

rajatvig and others added 7 commits January 24, 2026 19:53

fix: address feedback and update docs on secrets issues when merging …

96db222

…namspaces Signed-off-by: Rajat Vig <rvig@etsy.com>

Merge remote-tracking branch 'upstream/main' into feat/security-polic…

3150f9d

…y-merge Signed-off-by: Rajat Vig <rvig@etsy.com>

Merge remote-tracking branch 'upstream/main' into feat/security-polic…

c3d1e18

…y-merge

chore: fix generated code

815025f

Signed-off-by: Rajat Vig <rvig@etsy.com>

Merge branch 'main' into feat/security-policy-merge

cc1d153

Merge branch 'main' into feat/security-policy-merge

ed35567

Merge branch 'main' into feat/security-policy-merge

52b7bb2

Merge branch 'main' into feat/security-policy-merge

a826120

arkodg modified the milestones: Backlog, v1.8.0-rc.1 Release Feb 8, 2026

rajatvig added 3 commits February 9, 2026 01:05

Merge remote-tracking branch 'upstream/main' into feat/security-polic…

dbc78fa

…y-merge Signed-off-by: Rajat Vig <rvig@etsy.com>

Merge remote-tracking branch 'upstream/main' into feat/security-polic…

e3ea6aa

…y-merge Signed-off-by: Rajat Vig <rvig@etsy.com>

chore: add generted code

4cf5271

Signed-off-by: Rajat Vig <rvig@etsy.com>

rudrakhp reviewed Feb 12, 2026

View reviewed changes

Merge remote-tracking branch 'upstream/main' into feat/security-polic…

215388d

…y-merge Signed-off-by: Rajat Vig <rvig@etsy.com>

Merge remote-tracking branch 'upstream/main' into feat/security-polic…

61e5bde

…y-merge

kkk777-7 reviewed Mar 1, 2026

View reviewed changes

Comment thread internal/gatewayapi/securitypolicy.go

rajatvig added 3 commits March 4, 2026 12:19

Merge remote-tracking branch 'upstream/main' into feat/security-polic…

179d24e

…y-merge # Conflicts: # internal/gatewayapi/securitypolicy.go

fix: address feedback on multiple gateways

03369f3

Signed-off-by: Rajat Vig <rvig@etsy.com>

fix: lint + gen

7e10a97

Signed-off-by: Rajat Vig <rvig@etsy.com>

kkk777-7 approved these changes Mar 5, 2026

View reviewed changes

rudrakhp approved these changes Mar 6, 2026

View reviewed changes

kkk777-7 merged commit 46bc793 into envoyproxy:main Mar 6, 2026
80 of 85 checks passed

kkk777-7 mentioned this pull request Mar 17, 2026

feat: policy field owner #8538

Merged

arkodg mentioned this pull request Apr 18, 2026

SecurityPolicy: HTTPRoute-targeted policy silently overrides (not merges) JWT config from parent Gateway-targeted policy #8781

Closed

Conversation

rajatvig commented Jan 12, 2026

Uh oh!

netlify Bot commented Jan 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Deploy Preview for cerulean-figolla-1f9435 canceled.

Uh oh!

codecov Bot commented Jan 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

rajatvig commented Jan 19, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

kkk777-7 commented Jan 20, 2026

Uh oh!

rajatvig commented Jan 31, 2026

Uh oh!

rajatvig commented Feb 7, 2026

Uh oh!

rudrakhp left a comment

Choose a reason for hiding this comment

Uh oh!

rajatvig commented Feb 16, 2026

Uh oh!

rudrakhp commented Feb 16, 2026

Uh oh!

Uh oh!

kkk777-7 commented Mar 1, 2026

Uh oh!

rajatvig commented Mar 4, 2026

Uh oh!

rajatvig commented Mar 5, 2026

Uh oh!

kkk777-7 commented Mar 5, 2026

Uh oh!

kkk777-7 commented Mar 5, 2026

Uh oh!

kkk777-7 commented Mar 5, 2026

Uh oh!

rajatvig commented Mar 6, 2026

Uh oh!

rudrakhp left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

netlify Bot commented Jan 12, 2026 •

edited

Loading

codecov Bot commented Jan 13, 2026 •

edited

Loading

rudrakhp left a comment •

edited

Loading