ReleaseBytes
Alerts
gcp Google Cloud release notes ·

Cloud Service Mesh Security Patch Releases

securitygcpsecurity-advisoryengineer
security patch

Multiple versions of Cloud Service Mesh (1.29.5-asm.3, 1.28.9-asm.2, 1.27.9-asm.8, and managed sidecar versions 1.21.6-asm.38, 1.20.8-asm.88, 1.19.10-asm.78) have been released with fixes for security vulnerabilities, including CVE-2026-34182 and CVE-2026-45447. These updates address critical security issues and are available for in-cluster and managed deployments. Users are advised to upgrade to the latest versions to incorporate these security patches.

  • 1.29.5-asm.3 is now available for in-cluster Cloud Service Mesh.
  • 1.28.9-asm.2 is now available for in-cluster Cloud Service Mesh.
  • 1.27.9-asm.8 is now available for in-cluster Cloud Service Mesh.
Security (4)
  • Cloud Service Mesh 1.29.5-asm.3 is now available for in-cluster Cloud Service Mesh.

    1.29.5-asm.3 is now available for in-cluster Cloud Service Mesh. This patch release contains the fix for the security vulnerability listed in GCP-2026-040 . For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh . Cloud Service Mesh 1.29.5-asm.3 uses Envoy v1.37.5-dev.

    GCP-2026-040Upgrade Cloud Service Mesh
  • Cloud Service Mesh 1.28.9-asm.2 is now available for in-cluster Cloud Service Mesh.

    1.28.9-asm.2 is now available for in-cluster Cloud Service Mesh. This patch release contains the fix for the security vulnerability listed in GCP-2026-040 . For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh . Cloud Service Mesh 1.28.9-asm.2 uses Envoy v1.36.9-dev.

    GCP-2026-040Upgrade Cloud Service Mesh
  • Cloud Service Mesh 1.27.9-asm.8 is now available for in-cluster Cloud Service Mesh.

    1.27.9-asm.8 is now available for in-cluster Cloud Service Mesh. This patch release contains the fix for the security vulnerability listed in GCP-2026-040 . For details on upgrading Cloud Service Mesh, see Upgrade Cloud Service Mesh . Cloud Service Mesh 1.27.9-asm.8 uses Envoy v1.35.13-dev.

    GCP-2026-040Upgrade Cloud Service Mesh
  • Cloud Service Mesh

    The following images are now rolling out for managed Cloud Service Mesh: Sidecar version 1.21.6-asm.38, is rolling out to the rapid release channel. Sidecar version 1.20.8-asm.88 is rolling out to the regular release channel. Sidecar version 1.19.10-asm.78 is rolling out to the stable release channel. These patch releases contain the fix for the vulnerability listed in GCP-2026-040 . These rollouts will preempt those previously announced on June 12, 2026 .

    GCP-2026-040June 12, 2026
Fixes (3)
  • Cloud Service Mesh

    This patch release also contain the fixes for the following CVEs: CVE Proxy Control Plane Distroless CNI Severity CVE-2026-34182 Yes Yes No Yes Medium (9.1) CVE-2026-45447 Yes Yes No Yes High (8.8) CVE-2026-7383 Yes Yes No Yes Low (8.1) CVE-2026-34180 Yes Yes No Yes Low (7.5) CVE-2026-45445 Yes Yes No Yes Medium (7.5) CVE-2026-9076 Yes Yes No Yes Low (7.5) CVE-2026-42766 Yes Yes No Yes Low (5.9) CVE-2026-42767 Yes Yes No Yes Low (5.9) CVE-2026-34743 Yes Yes No Yes Low (5.3) CVE-2026-45446 Yes Yes No Yes Low (4.8) CVE-2026-42770 Yes Yes No Yes Low (3.7) CVE-2026-40226 Yes Yes No Yes Medium (0.0

  • Cloud Service Mesh

    This patch release also contain the fixes for the following CVEs: CVE Proxy Control Plane Distroless CNI Severity CVE-2026-34182 Yes Yes No Yes Medium (9.1) CVE-2026-45447 Yes Yes No Yes High (8.8) CVE-2026-7383 Yes Yes No Yes Low (8.1) CVE-2026-34180 Yes Yes No Yes Low (7.5) CVE-2026-45445 Yes Yes No Yes Medium (7.5) CVE-2026-9076 Yes Yes No Yes Low (7.5) CVE-2026-42766 Yes Yes No Yes Low (5.9) CVE-2026-42767 Yes Yes No Yes Low (5.9) CVE-2026-34743 Yes Yes No Yes Low (5.3) CVE-2026-45446 Yes Yes No Yes Low (4.8) CVE-2026-42770 Yes Yes No Yes Low (3.7) CVE-2026-40226 Yes Yes No Yes Medium (0.0

  • Cloud Service Mesh

    This patch release also contain the fixes for the following CVEs: CVE Proxy Control Plane Distroless CNI Severity CVE-2026-34182 Yes Yes No Yes Medium (9.1) CVE-2026-45447 Yes Yes No Yes High (8.8) CVE-2026-7383 Yes Yes No Yes Low (8.1) CVE-2026-34180 Yes Yes No Yes Low (7.5) CVE-2026-45445 Yes Yes No Yes Medium (7.5) CVE-2026-9076 Yes Yes No Yes Low (7.5) CVE-2026-42766 Yes Yes No Yes Low (5.9) CVE-2026-42767 Yes Yes No Yes Low (5.9) CVE-2026-34743 Yes Yes No Yes Low (5.3) CVE-2026-45446 Yes Yes No Yes Low (4.8) CVE-2026-42770 Yes Yes No Yes Low (3.7) CVE-2026-40226 Yes Yes No Yes Medium (0.0

Read the original announcement →

https://docs.cloud.google.com/release-notes#June_23_2026