diff --git a/WORKSPACE b/WORKSPACE
index 4969bac17e8..1c4e20b8d2a 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -30,7 +30,7 @@ bind(
 )
 
 # When updating envoy sha manually please update the sha in istio.deps file also
-ENVOY_SHA = "280baee6dc45e48a4bf38ac03d32711fe5eaeee1"
+ENVOY_SHA = "346059548e135199eb0b7f0006f3ef19e173bf79"
 
 http_archive(
     name = "envoy",
diff --git a/istio.deps b/istio.deps
index 8ebc0904583..52e53ec1b35 100644
--- a/istio.deps
+++ b/istio.deps
@@ -11,6 +11,6 @@
 		"name": "ENVOY_SHA",
 		"repoName": "envoyproxy/envoy",
 		"file": "WORKSPACE",
-		"lastStableSHA": "280baee6dc45e48a4bf38ac03d32711fe5eaeee1"
+		"lastStableSHA": "346059548e135199eb0b7f0006f3ef19e173bf79"
 	}
 ]
\ No newline at end of file
diff --git a/src/envoy/http/jwt_auth/integration_test/http_filter_integration_test.cc b/src/envoy/http/jwt_auth/integration_test/http_filter_integration_test.cc
index a5ae802d76d..40f6a2a01f1 100644
--- a/src/envoy/http/jwt_auth/integration_test/http_filter_integration_test.cc
+++ b/src/envoy/http/jwt_auth/integration_test/http_filter_integration_test.cc
@@ -136,11 +136,11 @@ class JwtVerificationFilterIntegrationTest
     // Empty issuer_response_body indicates issuer will not be called.
     // Mock a response from an issuer server.
     if (!issuer_response_body.empty()) {
-      fake_upstream_connection_issuer =
-          fake_upstreams_[1]->waitForHttpConnection(*dispatcher_);
-      request_stream_issuer =
-          fake_upstream_connection_issuer->waitForNewStream(*dispatcher_);
-      request_stream_issuer->waitForEndStream(*dispatcher_);
+      ASSERT_TRUE(fake_upstreams_[1]->waitForHttpConnection(
+          *dispatcher_, fake_upstream_connection_issuer));
+      ASSERT_TRUE(fake_upstream_connection_issuer->waitForNewStream(
+          *dispatcher_, request_stream_issuer));
+      ASSERT_TRUE(request_stream_issuer->waitForEndStream(*dispatcher_));
 
       request_stream_issuer->encodeHeaders(issuer_response_headers, false);
       Buffer::OwnedImpl body(issuer_response_body);
@@ -150,12 +150,11 @@ class JwtVerificationFilterIntegrationTest
     // Valid JWT case.
     // Check if the request sent to the backend includes the expected one.
     if (verification_success) {
-      fake_upstream_connection_backend =
-          fake_upstreams_[0]->waitForHttpConnection(*dispatcher_);
-      request_stream_backend =
-          fake_upstream_connection_backend->waitForNewStream(*dispatcher_);
-      request_stream_backend->waitForEndStream(*dispatcher_);
-
+      ASSERT_TRUE(fake_upstreams_[0]->waitForHttpConnection(
+          *dispatcher_, fake_upstream_connection_backend));
+      ASSERT_TRUE(fake_upstream_connection_backend->waitForNewStream(
+          *dispatcher_, request_stream_backend));
+      ASSERT_TRUE(request_stream_backend->waitForEndStream(*dispatcher_));
       EXPECT_TRUE(request_stream_backend->complete());
 
       ExpectHeaderIncluded(expected_headers, request_stream_backend->headers());
@@ -373,11 +372,11 @@ TEST_P(JwtVerificationFilterIntegrationTestWithInjectedJwtResult,
   codec_client = makeHttpConnection(lookupPort("http"));
   // Send a request to Envoy.
   response = codec_client->makeHeaderOnlyRequest(headers);
-  fake_upstream_connection_backend =
-      fake_upstreams_[0]->waitForHttpConnection(*dispatcher_);
-  request_stream_backend =
-      fake_upstream_connection_backend->waitForNewStream(*dispatcher_);
-  request_stream_backend->waitForEndStream(*dispatcher_);
+  ASSERT_TRUE(fake_upstreams_[0]->waitForHttpConnection(
+      *dispatcher_, fake_upstream_connection_backend));
+  ASSERT_TRUE(fake_upstream_connection_backend->waitForNewStream(
+      *dispatcher_, request_stream_backend));
+  ASSERT_TRUE(request_stream_backend->waitForEndStream(*dispatcher_));
   EXPECT_TRUE(request_stream_backend->complete());
 
   // With sanitization, the headers received by the backend should not