diff --git a/.gitmodules b/.gitmodules
index 7fd8341e3..633343ad5 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -21,15 +21,15 @@
 [submodule "istio/proxy"]
 	path = istio/proxy
 	url = https://github.com/higress-group/proxy
-	branch = istio-1.19
+	branch = envoy-1.36
 	shallow = true
 [submodule "envoy/go-control-plane"]
 	path = envoy/go-control-plane
 	url = https://github.com/higress-group/go-control-plane
-	branch = istio-1.27
+	branch = envoy-1.36
 	shallow = true
 [submodule "envoy/envoy"]
 	path = envoy/envoy
 	url = https://github.com/higress-group/envoy
-	branch = envoy-1.27
+	branch = envoy-1.36
 	shallow = true
diff --git a/Makefile.core.mk b/Makefile.core.mk
index 76ddcc411..009720b4e 100644
--- a/Makefile.core.mk
+++ b/Makefile.core.mk
@@ -146,7 +146,7 @@ docker-buildx-push: clean-env docker.higress-buildx
 export PARENT_GIT_TAG:=$(shell cat VERSION)
 export PARENT_GIT_REVISION:=$(TAG)
 
-export ENVOY_PACKAGE_URL_PATTERN?=https://github.com/higress-group/proxy/releases/download/v2.2.0/envoy-symbol-ARCH.tar.gz
+export ENVOY_PACKAGE_URL_PATTERN?=https://github.com/higress-group/proxy/releases/download/v2.2.1/envoy-symbol-ARCH.tar.gz
 
 build-envoy: prebuild
 	./tools/hack/build-envoy.sh
@@ -200,8 +200,8 @@ install: pre-install
 	helm install higress helm/higress -n higress-system --create-namespace --set 'global.local=true'
 
 HIGRESS_LATEST_IMAGE_TAG ?= latest
-ENVOY_LATEST_IMAGE_TAG ?= cdf0f16bf622102f89a0d0257834f43f502e4b99
-ISTIO_LATEST_IMAGE_TAG ?= a7525f292c38d7d3380f3ce7ee971ad6e3c46adf
+ENVOY_LATEST_IMAGE_TAG ?= ca6ff3a92e3fa592bff706894b22e0509a69757b
+ISTIO_LATEST_IMAGE_TAG ?= c482b42b9a14885bd6692c6abd01345d50a372f7
 
 install-dev: pre-install
 	helm install higress helm/core -n higress-system --create-namespace --set 'controller.tag=$(TAG)' --set 'gateway.replicas=1' --set 'pilot.tag=$(ISTIO_LATEST_IMAGE_TAG)' --set 'gateway.tag=$(ENVOY_LATEST_IMAGE_TAG)' --set 'global.local=true'
diff --git a/VERSION b/VERSION
index 9bb5a448a..cf2dc0bc4 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-v2.1.9
\ No newline at end of file
+v2.2.0
\ No newline at end of file
diff --git a/envoy/envoy b/envoy/envoy
index 3fe314c69..b46236685 160000
--- a/envoy/envoy
+++ b/envoy/envoy
@@ -1 +1 @@
-Subproject commit 3fe314c69802c18160065c30028c9f3f7a216e54
+Subproject commit b46236685e2c3152c6c2e7d989fdfc9720b73cc8
diff --git a/envoy/go-control-plane b/envoy/go-control-plane
index 90eca0228..af656ebdd 160000
--- a/envoy/go-control-plane
+++ b/envoy/go-control-plane
@@ -1 +1 @@
-Subproject commit 90eca022817818b6ae3171f64438d748c0ad6d75
+Subproject commit af656ebdd1c2cb95992d62453325240704096804
diff --git a/helm/core/templates/_pod.tpl b/helm/core/templates/_pod.tpl
index 419a5af6d..548b633a5 100644
--- a/helm/core/templates/_pod.tpl
+++ b/helm/core/templates/_pod.tpl
@@ -123,6 +123,8 @@ template:
         - name: LITE_METRICS
           value: "on"
         {{- end }}
+        - name: ISTIO_DELTA_XDS
+          value: "{{ .Values.global.enableDeltaXDS }}"
         {{- if include "skywalking.enabled" . }}
         - name: ISTIO_BOOTSTRAP_OVERRIDE
           value: /etc/istio/custom-bootstrap/custom_bootstrap.json
diff --git a/helm/core/templates/controller-clusterrole.yaml b/helm/core/templates/controller-clusterrole.yaml
index f7f486711..38c72ebc7 100644
--- a/helm/core/templates/controller-clusterrole.yaml
+++ b/helm/core/templates/controller-clusterrole.yaml
@@ -144,3 +144,7 @@ rules:
   - apiGroups: [""]
     verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
     resources: [ "serviceaccounts"]
+  # istio leader election need
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "update", "patch", "create"]
diff --git a/helm/core/templates/controller-deployment.yaml b/helm/core/templates/controller-deployment.yaml
index 1b9f43eb8..c63e66498 100644
--- a/helm/core/templates/controller-deployment.yaml
+++ b/helm/core/templates/controller-deployment.yaml
@@ -173,6 +173,8 @@ spec:
             value: "{{ .Values.global.xdsMaxRecvMsgSize }}"
           - name: ENBALE_SCOPED_RDS
             value: "{{ .Values.global.enableSRDS }}"
+          - name: ISTIO_DELTA_XDS
+            value: "{{ .Values.global.enableDeltaXDS }}"
           - name: ON_DEMAND_RDS
             value: "{{ .Values.global.onDemandRDS }}"
           - name: HOST_RDS_MERGE_SUBSET
diff --git a/helm/core/values.yaml b/helm/core/values.yaml
index 56864f139..2a7561c57 100644
--- a/helm/core/values.yaml
+++ b/helm/core/values.yaml
@@ -9,6 +9,8 @@ global:
   xdsMaxRecvMsgSize: "104857600"
   defaultUpstreamConcurrencyThreshold: 10000
   enableSRDS: true
+  # -- Whether to enable Istio delta xDS, default is false.
+  enableDeltaXDS: true
   # -- Whether to enable Redis(redis-stack-server) for Higress, default is false.
   enableRedis: false
   enablePluginServer: false
diff --git a/helm/higress/README.md b/helm/higress/README.md
index 3452f1282..6b7acf222 100644
--- a/helm/higress/README.md
+++ b/helm/higress/README.md
@@ -163,6 +163,7 @@ The command removes all the Kubernetes components associated with the chart and
 | global.defaultResources | object | `{"requests":{"cpu":"10m"}}` | A minimal set of requested resources to applied to all deployments so that Horizontal Pod Autoscaler will be able to function (if set). Each component can overwrite these default values by adding its own resources block in the relevant section below and setting the desired resources values. |
 | global.defaultUpstreamConcurrencyThreshold | int | `10000` |  |
 | global.disableAlpnH2 | bool | `false` | Whether to disable HTTP/2 in ALPN |
+| global.enableDeltaXDS | bool | `true` | Whether to enable Istio delta xDS, default is false. |
 | global.enableGatewayAPI | bool | `true` | If true, Higress Controller will monitor Gateway API resources as well |
 | global.enableH3 | bool | `false` |  |
 | global.enableIPv6 | bool | `false` |  |
diff --git a/istio/istio b/istio/istio
index c4703274c..77149ea56 160000
--- a/istio/istio
+++ b/istio/istio
@@ -1 +1 @@
-Subproject commit c4703274cacd3e2e61269ebef21a78780708d29f
+Subproject commit 77149ea5606492cbef75cc22216e84cd4612a469
diff --git a/istio/proxy b/istio/proxy
index ced6d8167..4735dd6b8 160000
--- a/istio/proxy
+++ b/istio/proxy
@@ -1 +1 @@
-Subproject commit ced6d8167a01fe1c1630b3df0ac39e1b563f05dc
+Subproject commit 4735dd6b874700fc2bc9a218ce80ba0be759e53f
diff --git a/tools/hack/build-envoy.sh b/tools/hack/build-envoy.sh
index 7b9f20242..a07b7ac63 100755
--- a/tools/hack/build-envoy.sh
+++ b/tools/hack/build-envoy.sh
@@ -30,7 +30,7 @@ fi
 CONDITIONAL_HOST_MOUNTS+="--mount type=bind,source=${ROOT}/external/package,destination=/home/package "
 CONDITIONAL_HOST_MOUNTS+="--mount type=bind,source=${ROOT}/external/envoy,destination=/home/envoy "
 
-BUILD_TOOLS_IMG=${BUILD_TOOLS_IMG:-"higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/build-tools-proxy:release-1.19-ef344298e65eeb2d9e2d07b87eb4e715c2def613"}
+BUILD_TOOLS_IMG=${BUILD_TOOLS_IMG:-"higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/build-tools-proxy:master-eebcdda8856e2d4f528991d27d4808880cce4c52"}
 
 BUILD_WITH_CONTAINER=1 \
     CONDITIONAL_HOST_MOUNTS=${CONDITIONAL_HOST_MOUNTS} \