Releases · envoyproxy/envoy

14 Jan 19:55

publish-envoy

v1.33.0

b0f43d6

v1.33.0 Latest

Latest

Summary of changes:

c-ares:
- CVE-2024-25629 Out of bounds read in c-ares (DNS)
HTTP:
- RFC1918 addresses are no longer considered to be internal addresses by default. This addresses a security issue for Envoys in multi-tenant mesh environments.
- Shadow requests are now streamed in parallel with the original request.
- Local replies now traverse the filter chain if 1xx headers have been sent to the client.
Tracing:
- Removed support for (long deprecated) Opencensus tracing extension.
Wasm:
- The route cache will not be cleared by default if a Wasm extension modifies the request headers and the ABI version of wasm extension is larger than 0.2.1.
- Remove previously deprecated xDS attributes from get_property, use xds attributes instead.
- Added Wasm VM reload support and support for plugins writtin in Go.
Access log:
- New implementation of the JSON formatter is enabled by default.
CSRF:
- Increase the statistics counter missing_source_origin only for requests with a missing source origin.
DNS:
- Added nameserver rotation and query timeouts/retries to the c-ares resolver.
Formatter:
- NaN and Infinity values of float will be serialized to null and inf respectively in the metadata (DYNAMIC_METADATA, CLUSTER_METADATA, etc.) formatters.
OAuth2:
- use_refresh_token is now enabled by default.
- Implement the Signed Double-Submit Cookie pattern.
QUIC:
- Enable UDP GRO in QUIC client connections by default.
SDS:
- Relaxed the backing cluster validation for Secret Discovery Service (SDS).
TLS:
- Added support for P-384 and P-521 curves for server certificates, improved upstream SNI and SAN validation support.

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.33.0
Docs:
https://www.envoyproxy.io/docs/envoy/v1.33.0/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.33.0/version_history/v1.33/v1.33.0
Full changelog:
v1.32.0...v1.33.0

Assets 8

18 Dec 20:42

publish-envoy

v1.32.3

58bd599

v1.32.3

CVE-2024-53269: Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting.
CVE-2024-53270: HTTP/1: sending overload crashes when the request is reset beforehand
CVE-2024-53271: HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.32.3
Docs:
https://www.envoyproxy.io/docs/envoy/v1.32.3/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.32.3/version_history/v1.32/v1.32.3
Full changelog:
v1.32.2...v1.32.3

Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com

Assets 8

18 Dec 19:27

publish-envoy

v1.31.5

688c4bb

v1.31.5

Summary of changes:

CVE-2024-53269: Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting.
CVE-2024-53270: HTTP/1: sending overload crashes when the request is reset beforehand
CVE-2024-53271: HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.31.5
Docs:
https://www.envoyproxy.io/docs/envoy/v1.31.5/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.31.5/version_history/v1.31/v1.31.5
Full changelog:
v1.31.4...v1.31.5

Signed-off-by: Ryan Northey ryan@synca.io
Signed-off-by: Boteng Yao boteng@google.com

Assets 8

18 Dec 18:42

publish-envoy

v1.30.9

e409e0a

v1.30.9

Summary of changes:

CVE-2024-53269: Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting.
CVE-2024-53270: HTTP/1: sending overload crashes when the request is reset beforehand

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.30.9
Docs:
https://www.envoyproxy.io/docs/envoy/v1.30.9/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.30.9/version_history/v1.30/v1.30.9
Full changelog:
v1.30.8...v1.30.9