v1.6.2

Updated Envoy Gateway to v1.6.2

Security Updates

• Fixed CVE-2026-22771: arbitrary code execution through EnvoyExtensionPolicy Lua scripts.

Bug Fixes

• Fixed an issue where BackendTrafficPolicy does not validate the maximum value of the requestBuffer limit.
• Fixed an issue where observedGeneration is missing from the EnvoyPatchPolicy status.
• Fixed a nil pointer error when applying BackendTrafficPolicy to HTTPRoutes with no backendRefs.
• Fixed ExternalTrafficPolicy not being applied to Envoy Service when ServiceType is NodePort.
• Fixed CRL ref not processed by the gateway controller.