Final Update for v3.4, plus 3.5.31, 3.6.12 Released
SIG-etcd has released the final patch update for v3.4 together with security updates for v3.5 and v3.6. Uses on v3.4 should begin the upgrade process as soon as possible. Users on v3.5 and v3.6 should update at the next scheduled maintenance window.
Obtain all three updates here:
Official container images are available from gcr.io.
Final v3.4 Release
This update marks the end of support (EOL) for v3.4, originally released in August 2019. No further patches will be issued by the Kubernetes project. If you are still using v3.4, please upgrade to a supported version as soon as you can.
v3.4 introduced Learner nodes, better storage, performance Leases, concurrency-proof Leader failover, and a new client load balancer. All of these are features that continue to make etcd the reliable, high-availability data store it is today. With v3.7, though, a lot of that code has been replaced, and the project’s ability to maintain v3.4 is increasingly difficult.
So say goodbye to v3.4, and prepare your upgrade scripts now.
Patching multiple golang vulnerabilities in all versions
This release updates v3.4, v3.5 and v3.6 to golang v1.25.10, which patches multiple security vulnerabilities in go. CVEs for patched vulnerabilities include the following: CVE-2026-42501, CVE-2026-39825, CVE-2026-39836, CVE-2026-42499, CVE-2026-39820, CVE-2026-39819, CVE-2026-39817, CVE-2026-33814, CVE-2026-39826, CVE-2026-33811, and CVE-2026-39823. It is unknown how many of these vulnerabilities are exploitable in etcd, but users should plan to apply the patch as soon as convenient regardless.
If you find a vulnerability in etcd, please report it to our security team.
This release also fixes several reliability issues, which can be found in the changelog