Releases: envoyproxy/envoy
v1.28.4
repo: Release v1.28.4
Summary of changes:
- CVE-2024-34362: Crash (use-after-free) in EnvoyQuicServerStream
- CVE-2024-34363: Crash due to uncaught nlohmann JSON exception
- CVE-2024-34364: Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response, and other components
- CVE-2024-32974: Crash in EnvoyQuicServerStream::OnInitialHeadersComplete()
- CVE-2024-32975: Crash in QuicheDataReader::PeekVarInt62Length()
- CVE-2024-32976: Endless loop while decompressing Brotli data with extra input
- CVE-2024-23326: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.28.4
Docs:
https://www.envoyproxy.io/docs/envoy/v1.28.4/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.28.4/version_history/v1.28/v1.28.4
Full changelog:
v1.28.3...v1.28.4
Signed-off-by: Boteng Yao [email protected]
Signed-off-by: Ryan Northey [email protected]
v1.27.6
repo: Release v1.27.6
Summary of changes:
- CVE-2024-34362: Crash (use-after-free) in EnvoyQuicServerStream
- CVE-2024-34364: Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response, and other components
- CVE-2024-32974: Crash in EnvoyQuicServerStream::OnInitialHeadersComplete()
- CVE-2024-32975: Crash in QuicheDataReader::PeekVarInt62Length()
- CVE-2024-32976: Endless loop while decompressing Brotli data with extra input
- CVE-2024-23326: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.27.6
Docs:
https://www.envoyproxy.io/docs/envoy/v1.27.6/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.27.6/version_history/v1.27/v1.27.6
Full changelog:
v1.27.5...v1.27.6
Signed-off-by: Boteng Yao [email protected]
Signed-off-by: Ryan Northey [email protected]
v1.30.1
repo: Release v1.30.1
Summary of changes:
- Fix for potential TLS/SNI (
auto_sni) crash CVE-2024-32475.
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.30.1
Docs:
https://www.envoyproxy.io/docs/envoy/v1.30.1/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.30.1/version_history/v1.30/v1.30.1
Full changelog:
v1.30.0...v1.30.1
v1.29.4
repo: Release v1.29.4
Summary of changes:
- Fix for potential TLS/SNI (
auto_sni) crash CVE-2024-32475. - Fix for
config_dumpin admin UI.
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.29.4
Docs:
https://www.envoyproxy.io/docs/envoy/v1.29.4/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.29.4/version_history/v1.29/v1.29.4
Full changelog:
v1.29.3...v1.29.4
Signed-off-by: Ryan Northey [email protected]
v1.28.3
repo: Release v1.28.3
Summary of changes:
- Fix for potential TLS/SNI (
auto_sni) crash CVE-2024-32475.
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.28.3
Docs:
https://www.envoyproxy.io/docs/envoy/v1.28.3/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.28.3/version_history/v1.28/v1.28.3
Full changelog:
v1.28.2...v1.28.3
Signed-off-by: Ryan Northey [email protected]
v1.27.5
repo: Release v1.27.5
Summary of changes:
- Fix for potential TLS/SNI (
auto_sni) crash CVE-2024-32475.
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.27.5
Docs:
https://www.envoyproxy.io/docs/envoy/v1.27.5/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.27.5/version_history/v1.27/v1.27.5
Full changelog:
v1.27.4...v1.27.5
Signed-off-by: Ryan Northey [email protected]
v1.30.0
repo: Release v1.30.0 (#33573)
Summary of changes:
- Removed the Swift/C++ interop layer in Envoy Mobile.
- Add retry policy to ext_proc.
- Added HTTP downstream remote reset response flag.
- Added support for the Fluentd access logger.
- Introduced
MemoryAllocatorManagerto configure heap memory release rate. - Envoy Mobile added
CONNECTProxy support for iOS. - Redis: support echo command.
- Envoy Mobile setting QUIC newtork idle timeout to 30 seconds.
- Sending server preferred address to non-QUICHE clients.
- Avoid concatenation of JWT duplicated headers.
- HTTP: Keep
Transfer-Encodingheader fortrailers. - Envoy Mobile setting the socket receive buffer to 1MB for QUIC.
- Added
FULL_SCANsupport to least-request load-balancing algorithm. - aws_lambda and ext_proc filters can be used as an upstream filter.
- Hosts marked as draining in and EDS update are now excluded.
- Envoy Mobile supports log-levels.
- Added support for URI tempate matching for RBAC.
- Fixed load balancing initialization bug.
- Supporting
%UPSTREAM_CONNECTION_ID%in access logs. - Added request and response attributes support to ext_proc.
- Added support sending dynamic metadata to ext_proc.
- Re-enable the nghttp2 codec for HTTP/2 connections by default.
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.30.0
Docs:
https://www.envoyproxy.io/docs/envoy/v1.30.0/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.30.0/version_history/v1.30/v1.30.0
Full changelog:
v1.29.0...v1.30.0
Signed-off-by: Adi Suissa-Peleg [email protected]
Signed-off-by: Ryan Northey [email protected]
v1.29.3
repo: Release v1.29.3
Summary of changes:
- Patch nghttp2 to resolve CVE-2024-30255
- Assorted fixes
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.29.3
Docs:
https://www.envoyproxy.io/docs/envoy/v1.29.3/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.29.3/version_history/v1.29/v1.29.3
Full changelog:
v1.29.2...v1.29.3
Signed-off-by: Ryan Northey [email protected]
Signed-off-by: Yan Avlasov [email protected]
v1.28.2
repo: Release v1.28.2
Summary of changes:
- Patch nghttp2 to resolve CVE-2024-30255
- Assorted fixes
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.28.2
Docs:
https://www.envoyproxy.io/docs/envoy/v1.28.2/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.28.2/version_history/v1.28/v1.28.2
Full changelog:
v1.28.1...v1.28.2
Signed-off-by: Ryan Northey [email protected]
Signed-off-by: Yan Avlasov [email protected]
v1.27.4
repo: Release v1.27.4
Summary of changes:
- Patch nghttp2 to resolve CVE-2024-30255
- Assorted fixes
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.27.4
Docs:
https://www.envoyproxy.io/docs/envoy/v1.27.4/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.27.4/version_history/v1.27/v1.27.4
Full changelog:
v1.27.3...v1.27.4
Signed-off-by: Ryan Northey [email protected]
Signed-off-by: Yan Avlasov [email protected]