Releases: envoyproxy/envoy
v1.28.6
repo: Release v1.28.6
Changes:
- Update curl lib to resolve CVE-2024-7264
- Assorted fixes
- Updated container images
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.28.6
Docs:
https://www.envoyproxy.io/docs/envoy/v1.28.6/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.28.6/version_history/v1.28/v1.28.6
Full changelog:
v1.28.5...v1.28.6
Signed-off-by: Raven Black [email protected]
Signed-off-by: Ryan Northey [email protected]
v1.31.0
repo: Release v1.31.0
Summary of changes:
- Added new
access_log
command operators to retrieve upstream connection information. - Enhanced ext_authz to be configured to ignore dynamic metadata in ext_authz responses.
- Ext_authz: added a block list for headers that should never be send to the external auth service.
- Ext_authz: added the ability to configure what decoder header mutations are allowed from the ext_authz with the option to fail if disallowed mutations are requested.
- Ext_proc support for observability mode which is "Send and Go" mode that can be used by external processor to observe Envoy data and status.
- Added support for flow control in Envoy gRPC side stream.
- TCP Healthchecks can now leverage ProxyProtocol.
- Hot restart: Added new command-line flag to skip hot restart stats transfer.
- HTTP: Added the ability when request mirroring to disable appending of the
-shadow
suffix to the shadowedhost
/authority
header. - HTTP: Added the ability to set the downstream request
:scheme
to match the upstream transport protocol. - HTTP: Envoy now supports proxying
104
headers from upstream. - Added the ability to bypass the overload manager for a listener.
- Added support for local cluster rate limit shared across all Envoy instances in the local cluster.
- Added Filter State Input for matching HTTP input based on filter state objects.
- Oauth: Added an option to disable setting the ID Token cookie.
- OpenTelemetry enhancements to support extension formatter and stats prefix configuration for the OpenTelemetry logger.
- QUIC stream reset errors are now captured in transport failure reason. Added support for QUIC server preferred address when there is a DNAT between the client and Envoy.
- Added support for Redis inline commands, Bloom 1.0.0 commands, among other commands.
- Added a new retry policy:
reset-before-request
. - Added support for dynamic direct response for files.
- Added TLS support to match against
OtherName
SAN-type undermatch_typed_subject_alt_names
. - Upstream: Added a new field to
LocalityLbEndpoints
,LocalityLbEndpoints.Metadata
, that may be used for transport socket matching groups of endpoints. - Update WASM filter to support use as an upstream filter.
- Disabled OpenCensus by default as it is no longer maintained upstream.
- Ext_proc support for
route_cache_action
which specifies the route action to be taken when an external processor response is received in response to request headers. - Golang: Move
Continue
,SendLocalReply
andRecoverPanic
toDecoderFilterCallbacks
andEncoderFilterCallbacks
, to support full-duplex processing. - Http2 uses Oghttp2 by default.
- Added a "happy eyeballs" feature to HTTP/3 upstream, where it assuming happy eyeballs sorting results in alternating address families will attempt the first v4 and v6 address before giving up on HTTP/3.
- Populate typed metadata by default in ProxyProtocol listener.
- Datadog: Disabled remote configuration by default.
- Reject invalid runtime YAML instead of supporting corner cases of bad YAML.
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.31.0
Docs:
https://www.envoyproxy.io/docs/envoy/v1.31.0/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.31.0/version_history/v1.31/v1.31.0
Full changelog:
v1.30.0...v1.31.0
Signed-off-by: Kevin Baichoo [email protected]
Signed-off-by: Ryan Northey [email protected]
v1.30.4
repo: Release v1.30.4
Summary of changes:
- CVE-2024-39305 Fix a bug where additional cookie attributes are not sent properly to clients.
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.30.4
Docs:
https://www.envoyproxy.io/docs/envoy/v1.30.4/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.30.4/version_history/v1.30/v1.30.4
Full changelog:
v1.30.3...v1.30.4
Signed-off-by: Yan Avlasov [email protected]
Signed-off-by: Ryan Northey [email protected]
v1.29.7
repo: Release v1.29.7
Summary of changes:
- CVE-2024-39305 Fix a bug where additional cookie attributes are not sent properly to clients.
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.29.7
Docs:
https://www.envoyproxy.io/docs/envoy/v1.29.7/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.29.7/version_history/v1.29/v1.29.7
Full changelog:
v1.29.6...v1.29.7
Signed-off-by: Yan Avlasov [email protected]
Signed-off-by: Ryan Northey [email protected]
v1.28.5
repo: Release v1.28.5
Summary of changes:
- CVE-2024-39305 Fix a bug where additional cookie attributes are not sent properly to clients.
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.28.5
Docs:
https://www.envoyproxy.io/docs/envoy/v1.28.5/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.28.5/version_history/v1.28/v1.28.5
Full changelog:
v1.28.4...v1.28.5
Signed-off-by: Yan Avlasov [email protected]
Signed-off-by: Ryan Northey [email protected]
v1.27.7
repo: Release v1.27.7
Summary of changes:
- CVE-2024-39305 A bug where additional cookie attributes are not sent properly to clients.
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.27.7
Docs:
https://www.envoyproxy.io/docs/envoy/v1.27.7/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.27.7/version_history/v1.27/v1.27.7
Full changelog:
v1.27.6...v1.27.7
Signed-off-by: Yan Avlasov [email protected]
Signed-off-by: Ryan Northey [email protected]
v1.30.3
repo: Release v1.30.3
Summary of changes:
- Bumped the version of datadog to resolve a crashing bug in earlier versions of the library.
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.30.3
Docs:
https://www.envoyproxy.io/docs/envoy/v1.30.3/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.30.3/version_history/v1.30/v1.30.3
Full changelog:
v1.30.2...v1.30.3
Signed-off-by: Ryan Northey [email protected]
v1.29.6
repo: Release v1.29.6
Summary of changes:
- Bumped the version of datadog to resolve a crashing bug in earlier versions of the library.
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.29.6
Docs:
https://www.envoyproxy.io/docs/envoy/v1.29.6/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.29.6/version_history/v1.29/v1.29.6
Full changelog:
v1.29.5...v1.29.6
Signed-off-by: Alyssa Wilk [email protected]
Signed-off-by: Greg Greenway [email protected]
Signed-off-by: Ryan Northey [email protected]
v1.30.2
repo: Release v1.30.2
Summary of changes:
- CVE-2024-34362: Crash (use-after-free) in EnvoyQuicServerStream
- CVE-2024-34363: Crash due to uncaught nlohmann JSON exception
- CVE-2024-34364: Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response, and other components
- CVE-2024-32974: Crash in EnvoyQuicServerStream::OnInitialHeadersComplete()
- CVE-2024-32975: Crash in QuicheDataReader::PeekVarInt62Length()
- CVE-2024-32976: Endless loop while decompressing Brotli data with extra input
- CVE-2024-23326: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.30.2
Docs:
https://www.envoyproxy.io/docs/envoy/v1.30.2/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.30.2/version_history/v1.30/v1.30.2
Full changelog:
v1.30.1...v1.30.2
Signed-off-by: Boteng Yao [email protected]
Signed-off-by: Ryan Northey [email protected]
v1.29.5
repo: Release v1.29.5
Summary of changes:
- CVE-2024-34362: Crash (use-after-free) in EnvoyQuicServerStream
- CVE-2024-34363: Crash due to uncaught nlohmann JSON exception
- CVE-2024-34364: Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response, and other components
- CVE-2024-32974: Crash in EnvoyQuicServerStream::OnInitialHeadersComplete()
- CVE-2024-32975: Crash in QuicheDataReader::PeekVarInt62Length()
- CVE-2024-32976: Endless loop while decompressing Brotli data with extra input
- CVE-2024-23326: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.29.5
Docs:
https://www.envoyproxy.io/docs/envoy/v1.29.5/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.29.5/version_history/v1.29/v1.29.5
Full changelog:
v1.29.4...v1.29.5
Signed-off-by: Boteng Yao [email protected]
Signed-off-by: Ryan Northey [email protected]