v1.2.5

Updated Envoy Gateway to v1.2.8

Security Updates

• Updated to Envoy Proxy v1.32.4 which fixes vulnerability CVE-2025-30157, where local replies were incorrectly sent to the ext_proc server.

Bug Fixes

• Added support for BackendTLSPolicy and EnvoyExtensionPolicy parsing in Standalone mode.
• Fixed endpoint updates when mirrored backend Pod IPs change.
• Fix not logging an error and returning it in the K8s Reconcile method when a GatewayClass is not accepted.
• Fixed validation of host header in RequestHeaderModifier filter.
• Fixed an OpenTelemetry access log sink failure caused by an otel.Text is nil error.