Tags: pchan/envoy
Tags
repo: Release v1.31.2 [CVE-2024-45807](GHSA-qc52-r4x5-9w37): oghttp2 crash on OnBeginHeadersForStream [CVE-2024-45808](GHSA-p222-xhp9-39rc): Malicious log injection via access logs [CVE-2024-45806](GHSA-ffhv-fvxq-r6mf): Potential manipulate `x-envoy` headers from external sources [CVE-2024-45809](GHSA-wqr5-qmq7-3qw3): Jwt filter crash in the clear route cache with remote JWKs [CVE-2024-45810](GHSA-qm74-x36m-555q): Envoy crashes for LocalReply in http async client **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.31.2 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.31.2/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.31.2/version_history/v1.31/v1.31.2 **Full changelog**: envoyproxy/envoy@v1.31.1...v1.31.2 Signed-off-by: Boteng Yao <[email protected]> Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: publish-envoy[bot] <140627008+publish-envoy[bot]@users.noreply.github.com>
repo: Release v1.30.6 **Summary of changes** [CVE-2024-45808](GHSA-p222-xhp9-39rc): Malicious log injection via access logs [CVE-2024-45806](GHSA-ffhv-fvxq-r6mf): Potential manipulate `x-envoy` headers from external sources [CVE-2024-45809](GHSA-wqr5-qmq7-3qw3): Jwt filter crash in the clear route cache with remote JWKs [CVE-2024-45810](GHSA-qm74-x36m-555q): Envoy crashes for LocalReply in http async client **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.30.6 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.30.6/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.30.6/version_history/v1.30/v1.30.6 **Full changelog**: envoyproxy/envoy@v1.30.5...v1.30.6 Signed-off-by: Boteng Yao <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
repo: Release v1.29.9 **Summary of changes** [CVE-2024-45808](GHSA-p222-xhp9-39rc): Malicious log injection via access logs [CVE-2024-45806](GHSA-ffhv-fvxq-r6mf): Potential manipulate `x-envoy` headers from external sources [CVE-2024-45809](GHSA-wqr5-qmq7-3qw3): Jwt filter crash in the clear route cache with remote JWKs [CVE-2024-45810](GHSA-qm74-x36m-555q): Envoy crashes for LocalReply in http async client **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.29.9 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.29.9/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.29.9/version_history/v1.29/v1.29.9 **Full changelog**: envoyproxy/envoy@v1.29.8...v1.29.9 Signed-off-by: Boteng Yao <[email protected]> Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: publish-envoy[bot] <140627008+publish-envoy[bot]@users.noreply.github.com>
repo: Release v1.28.7 **Summary of changes** [CVE-2024-45808](GHSA-p222-xhp9-39rc): Malicious log injection via access logs [CVE-2024-45806](GHSA-ffhv-fvxq-r6mf): Potential manipulate `x-envoy` headers from external sources [CVE-2024-45810](GHSA-qm74-x36m-555q): Envoy crashes for LocalReply in http async client **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.28.7 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.28.7/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.28.7/version_history/v1.28/v1.28.7 **Full changelog**: envoyproxy/envoy@v1.28.6...v1.28.7 Signed-off-by: Boteng Yao <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
repo: Release v1.31.1 **Summary of changes**: - Update curl lib to resolve CVE-2024-7264 - Assorted fixes - Updated container images **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.31.1 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.31.1/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.31.1/version_history/v1.31/v1.31.1 **Full changelog**: envoyproxy/envoy@v1.31.0...v1.31.1 Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: publish-envoy[bot] <140627008+publish-envoy[bot]@users.noreply.github.com> Signed-off-by: publish-envoy[bot] <140627008+publish-envoy[bot]@users.noreply.github.com>
repo: Release v1.30.5 **Summary of changes**: - Update curl lib to resolve CVE-2024-7264 - Assorted fixes - Updated container images **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.30.5 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.30.5/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.30.5/version_history/v1.30/v1.30.5 **Full changelog**: envoyproxy/envoy@v1.30.4...v1.30.5 Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: publish-envoy[bot] <140627008+publish-envoy[bot]@users.noreply.github.com>
repo: Release v1.29.8 **Summary of changes**: - Update curl lib to resolve CVE-2024-7264 - Assorted fixes - Updated container images **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.29.8 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.29.8/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.29.8/version_history/v1.29/v1.29.8 **Full changelog**: envoyproxy/envoy@v1.29.7...v1.29.8 Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: publish-envoy[bot] <140627008+publish-envoy[bot]@users.noreply.github.com>
repo: Release v1.28.6 Changes: - Update curl lib to resolve CVE-2024-7264 - Assorted fixes - Updated container images **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.28.6 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.28.6/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.28.6/version_history/v1.28/v1.28.6 **Full changelog**: envoyproxy/envoy@v1.28.5...v1.28.6 Signed-off-by: Ryan Northey <[email protected]>
repo: Release v1.31.0
**Summary of changes**:
* Added new `access_log` command operators to retrieve upstream connection information.
* Enhanced ext_authz to be configured to ignore dynamic metadata in ext_authz responses.
* Ext_authz: added a block list for headers that should never be send to the external auth service.
* Ext_authz: added the ability to configure what decoder header mutations are allowed from the ext_authz with the option to fail if disallowed mutations are requested.
* Ext_proc support for observability mode which is "Send and Go" mode that can be used by external processor to observe Envoy data and status.
* Added support for flow control in Envoy gRPC side stream.
* TCP Healthchecks can now leverage ProxyProtocol.
* Hot restart: Added new command-line flag to skip hot restart stats transfer.
* HTTP: Added the ability when request mirroring to disable appending of the `-shadow` suffix to the shadowed `host`/`authority` header.
* HTTP: Added the ability to set the downstream request `:scheme` to match the upstream transport protocol.
* HTTP: Envoy now supports proxying `104` headers from upstream.
* Added the ability to bypass the overload manager for a listener.
* Added support for local cluster rate limit shared across all Envoy instances in the local cluster.
* Added Filter State Input for matching HTTP input based on filter state objects.
* Oauth: Added an option to disable setting the ID Token cookie.
* OpenTelemetry enhancements to support extension formatter and stats prefix configuration for the OpenTelemetry logger.
* QUIC stream reset errors are now captured in transport failure reason. Added support for QUIC server preferred address when there is a DNAT between the client and Envoy.
* Added support for Redis inline commands, Bloom 1.0.0 commands, among other commands.
* Added a new retry policy: `reset-before-request`.
* Added support for dynamic direct response for files.
* Added TLS support to match against `OtherName` SAN-type under `match_typed_subject_alt_names`.
* Upstream: Added a new field to `LocalityLbEndpoints`, `LocalityLbEndpoints.Metadata`, that may be used for transport socket matching groups of endpoints.
* Update WASM filter to support use as an upstream filter.
* Disabled OpenCensus by default as it is no longer maintained upstream.
* Ext_proc support for `route_cache_action` which specifies the route action to be taken when an external processor response is received in response to request headers.
* Golang: Move `Continue`, `SendLocalReply` and `RecoverPanic` to `DecoderFilterCallbacks` and `EncoderFilterCallbacks`, to support full-duplex processing.
* Http2 uses Oghttp2 by default.
* Added a "happy eyeballs" feature to HTTP/3 upstream, where it assuming happy eyeballs sorting results in alternating address families will attempt the first v4 and v6 address before giving up on HTTP/3.
* Populate typed metadata by default in ProxyProtocol listener.
* Datadog: Disabled remote configuration by default.
* Reject invalid runtime YAML instead of supporting corner cases of bad YAML.
**Docker images**:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.31.0
**Docs**:
https://www.envoyproxy.io/docs/envoy/v1.31.0/
**Release notes**:
https://www.envoyproxy.io/docs/envoy/v1.31.0/version_history/v1.31/v1.31.0
**Full changelog**:
envoyproxy/envoy@v1.30.0...v1.31.0
repo: Release v1.30.4 **Summary of changes**: - [CVE-2024-39305](GHSA-fp35-g349-h66f) Fix a bug where additional cookie attributes are not sent properly to clients. **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.30.4 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.30.4/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.30.4/version_history/v1.30/v1.30.4 **Full changelog**: envoyproxy/envoy@v1.30.3...v1.30.4 Signed-off-by: Ryan Northey <[email protected]>
PreviousNext