From 4848d6d548438b50d6d78187a7cfbe61e02d8b85 Mon Sep 17 00:00:00 2001 From: phlax Date: Thu, 19 Sep 2024 09:16:24 +0000 Subject: [PATCH] repo: Release v1.28.7 **Summary of changes** [CVE-2024-45808](https://github.com/envoyproxy/envoy/security/advisories/GHSA-p222-xhp9-39rc): Malicious log injection via access logs [CVE-2024-45806](https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf): Potential manipulate `x-envoy` headers from external sources [CVE-2024-45810](https://github.com/envoyproxy/envoy/security/advisories/GHSA-qm74-x36m-555q): Envoy crashes for LocalReply in http async client **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.28.7 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.28.7/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.28.7/version_history/v1.28/v1.28.7 **Full changelog**: https://github.com/envoyproxy/envoy/compare/v1.28.6...v1.28.7 Signed-off-by: Boteng Yao Signed-off-by: Ryan Northey --- VERSION.txt | 2 +- changelogs/current.yaml | 12 +----------- docs/inventories/v1.28/objects.inv | Bin 164505 -> 164530 bytes docs/versions.yaml | 2 +- 4 files changed, 3 insertions(+), 13 deletions(-) diff --git a/VERSION.txt b/VERSION.txt index f98a862cd4aa..0ad2129e18ce 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -1.28.7-dev +1.28.7 diff --git a/changelogs/current.yaml b/changelogs/current.yaml index 918a0d98fbd9..da5d914b7bcc 100644 --- a/changelogs/current.yaml +++ b/changelogs/current.yaml @@ -1,7 +1,6 @@ -date: Pending +date: September 19, 2024 behavior_changes: -# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required* - area: http change: | The default configuration of Envoy will continue to trust internal addresses while in the future it will not trust them by default. @@ -12,21 +11,12 @@ behavior_changes: setting runtime guard ``envoy.reloadable_features.explicit_internal_address_config`` to ``true``. minor_behavior_changes: -# *Changes that may cause incompatibilities for some users, but should not for most* - area: access_log change: | Sanitize SNI for potential log injection. The invalid character will be replaced by ``_`` with an ``invalid:`` marker. If runtime flag ``envoy.reloadable_features.sanitize_sni_in_access_log`` is set to ``false``, the sanitize behavior is disabled. bug_fixes: -# *Changes expected to improve the state of the world and are unlikely to have negative effects* - area: http_async_client change: | Fixed the local reply and destroy order crashes when using the http async client for websocket handshake. - -removed_config_or_runtime: -# *Normally occurs at the end of the* :ref:`deprecation period ` - -new_features: - -deprecated: diff --git a/docs/inventories/v1.28/objects.inv b/docs/inventories/v1.28/objects.inv index 0cffae7aa1d2101992316492987b8bfdb29eeebf..2fd3b18a0dfb5fb63023254ac00f0bf35858cd22 100644 GIT binary patch delta 3771 zcmXX{c{J3G_x{Ys46{TtW3sl4$ujmR*_mNTh_NP1N@OV-WJxg}YnI-kgt9av8Du9* zNhq(a>`O(VRQ95f5q`eCzklvI_ndp5=bq<2=iYm<=*n1hvLWnfBrTQ(dqM-h1Tqg| zF$%9hii6XL`<cu2On zYp&vwp~iFzG4h|8>X=)9J3^7{*I}kd9J9)iyZ1?Uls5m^n&xdh=Xv*asJh^d0qE-1 z?KZtrq?AU?PEp@8)@|9GVUCXwu``|Z@6#8g6lrefce1Iilnu@Glrp8<{rCWQoh||& zkXi8|X{35xLkjG>pRu@0#Xuz@JTubvHGNcCc{zQ(3l0-?Be)u{(!M6~Fsmn6CQ>3G z%_)jib1?~H?=JN4s{!=G6g!x9+CQ@MHHmNvne0Z56oU1FC4B~v1_m9Bhq76APDrc+ zs^vXiUg>Q@U8}~IJ)q=CdYuta+jOAJoL@vgfRHZna)ZAra{iK0n~s&2Z}a1=TA3ciG6rljgg~syUkMn zr|KO>U+Sa~Yz!>i8Sw@NeHjmAPyBL0VuPt?EqF3)@;+f;*2?7GQ^4i80Z4-K2NA2e z`%Jfu?O9}UG*vL&i-2%9dV3eJj4#`32r=Dvq1RNQs|h2wB`B*>@fR>J>KLB6 zHSu%JSRy>SMFGq}SWCnK-Xer)NkFUF`(G?kD7qz!_YlWqk0>~Gj?StArgw4V4I$Pp zbm0D`EDre%mZ%bKa2lR09J(M1(md&PUBDv#v9Te%=|ghhp%8oYgg zMfZdaidxjh0nK8BuR4(CF{b=GEKy4^=81==bGeySvcJy}czZ94kp%dquq+LsL;UDa zJdkr{&jn<15tVJhQ(%)7#}E6YMt*$?2#m9TB0+(qkr&K*>&_?}CA5$Su*Boh28v(- z!v1j_kRnEym4vjKi$<_Sr)Yz0UOGoZR~(GFNYAJOzV0ev7&4)1esnMna*_1x$pEYTqvR0LTF$BsAvB~F+>0%)J;t&yM%@*;FFKu@`kI=p?1MgImH z)U?=+6KTGW&67Iy86XT`krLwI5zi>7X7&cg+T45cl^2rErZx+~-jb*}ae#{$;fExk za~xaDl%N#upz#Bi75JlYuaW;(XfO^?6aP=4&M_?OQZ(oSrwE%&ii3npbXFHIjhBrz zgnUk52Zu}iBNNxp0w2qR;NRX2xa;M{BG?)X2WE?ug!D>Hx!2mEzkcl#cxculq zp{6Ve4}WCuOKM~{50e#`M;CyhHOak3z~vNTwjtDc0{eEj-XGR=Nx^t44)`EW@WD|O z8BrQ=xycEN;T6TxZfXHYLR&M8ugZz#5s2*VqQWe}I>Ef;9Uv`ouQzZxF?CpiV#9~f z!a&{0ZrbpIc^2gxtXI=9;yUnQA7P#ZJTt*gNl+4)e29i!fbtSv7w+|w#Zcy{OGoAE z!V6YdkShXmJ?n7|NgqSyzQ3=nWLuHUbFkGA;@yp|MnXbf{`*0@D~vk!n2>Txm@XW> zGQo%zRVv5p!F|>yAQ_1Xl>N|kK=S~>4;dUavMxcH;QMRErA~dg$rg*@2^$kV&BVk5 zI3i(D2hz5r^N}b*NJIk?P%aOn!jT9zJsmbEWlfC-W{8Ao58xO6u`CVBz@k^|fR#P= z9`OK`MJ!T8O&RRL1SOkN;U;kQ|C}2+B0!=aLGtbG^k2fu%g|Uiu>u+yUr5xm@qo7k z;g=+&(|kbyM?4zS!p!Dna8PnIc>8WPDzOg1xMD}e==;+uFFXi6UR0D=;1>`4@BRO}VerUsgiB92%Y z1BUMb!eeb+Nffdy(#K4yp3>T4kQ#-D^&ck>k|4)3YIl)X8w0il6D$zS>cqpAP06pl zfxyH;7ZQbm`p-9}=5Uik?7zM_otXewNfQ=H(6gq;YB=IROp6OIBRzCe8jQ)L*QLY8 z%<^&tVV}&Xbf<_8gj|}ho9#Vh@;QUQf1_-G22ljjA^4{3iMyG|H<=3{^(juYTd5LwPF zH#-IEkpzG$L-4~jDgH3Egq!HF88Wajl=Vge&?iHfJ_2a97Ey6To>+ry1l?03oD9aW z=@~zPuX_tcj38SA`Z5l1Vdi<6;0|&LV2%5Oz2$EERg`#*ZiLw&yZbK%G$lm(q!tOP zsG3XA%;GyD$-HM7%jU19Wn+noMpArv(;jCor^Vxp(J;q;69G!!X)010ckpgZll-4h zgtb9}$eV{))}yc~fUu%%ib)Vz%EjhNxlU0C@`EY4#;@8%B@SVj`sX9>Xp%w@r(@eu z!EHjc$}Xi5g#Cr~Z%-%A`em02O2#&P)co0ULYLa!Hs{(K^3yW;_7e92V_T534acF& zwq@7!gSeJ&jTTq*KW}+jY@@DPJm2~@wmmk(j2!2mUU@OGC2X;6_UGfFvh7FO`MN4r zZ>%8`(x~3=}fOyrEh|s$a8Kjn1}Z1SD(MQe0`s^ zbe5bCf9VKwQlQGz95NmBQ7zj}&}K-fq>R(&1RJ(Ei}8$CFfug$x@EGgubYi`UokS(f6*1pl5!5CRYlMJNXvXyf2d*)qI{henQ#) zO@z(3Ga0kVG^7+f%zAY6W<(0-!H1KhitE*v7T4T2>y$%Q66cE=ozug;AEGkOIjyEH z8Pzw+7d}`qYC4T)p#pM<>8JqyADHK9o6#;^ALB2)vs@OFtSPJwAG%$tydig&P`wX_ z7Y>{hNnVe9&{O(*{XrSC#6Em&erq*la9`nS$eV*RMa<2oAIFnN8}-end1i|ms|tNP zdxYm^xuJoE11_|Gq-sao8Wsa`6w*8X7ero+>75Ts5AU&dS2bF#y>(#R)m$}YO4%=e zCFi`itDopc_PY=}t?`N^;KE%E^-zmNIhXtaepSZ2$m+|l6fy4JleI&oXcbS?cddK9 z&9|O)F};f#*p{d3s^ZnIC*GAYEqUj;owD6qz2@<(ba;KEW=6cTcJ6UNwp!-AxcA5E zcP`J10#>!s?{6-qRKKYxYj2$C$k$vPi5J&9T3K0s_4WFftkd1GmL1`18B6k_&u=fu zGq0?cFM2KX+6z~wk#BAK4h(O8PU7j|rLXWy3MMieCG>mNnXXO_kHbF1oi$HX0n3B6 zF4Z`3^(q~oykGN`)L$GFpx2&MhdH_(2n!&O28^^$w0XNs2;5Tgx?k|VO4(Q>DEZ

y~A7j9uK~25$G*U!_klC zoVY75o13aDe=Qx3U`=-gwU~VY6LfJScS1v^cs~7U7?9myo)9lx@E^J!e#_>*sq6$l zbUR=r!T#i9%g_6HTj!J<@HzJ*WQ?L?ayq=ZS>oXv+ylbjrymsO@#F0_J$BtzPj`6e z9K?*(cwgjm)$yx$t8?F1iyo)%?6~lgB{z%TG)Gk1T@nF~)d&CDG_2RYD7)qBWH;_k zJdrcVIvR{_h7Ni5hUS4Apvj8~deEA;LN&!v(rix0lpKcQSZq$fXP_~%;jZ^Vj5l{&xF+Rat_Mo;Pe z0c|hC24^h4N@X+TiiIBOT5^NWf2!uoSX~dkv3;ezGpV~;=WKMpW4+uv?|^~*_On4+ zSypjR+On>^_Pup-Hn$+BIO%9bqkakg^}WfqThjXPKi=FpERUX^c)(TfYR~r#ZcO~- V^+-oBqrRNYEN5>Y;9(|?{vU5;ttkKi delta 3725 zcmXX{c{r3^AAaUB7&DfcF}Bv3$ubmDlr7DMk!=vKELmDCMY5DO&tn@~uPE!AWr)U- zEFnpfC|e~vk)_uc@AEtNbxu_@Ix`xb#6akTGozV^8YVa$ z1dU;@w(Pxdi%E8+^TJHuP8Hu&&9SRgSc7{wlVot;LJtBDM2aiszr~J zg+oZN^>7npg> z6_^=NIVnr*Nawt$FHD~d2DdB(G&;>=4%iHNwU+!=pOcLCTun(tmX# zJ>)!79O>LN*#x2L2`(#I7Hl~h!L7}T$2gpny;DVpiAS(~Y0UHC9bM!UTT~K@7A}kE z2FtSPus0fg0S{+$`;VfqMq&10 z!0(|z-N%4nPVZ?FHAOgDPs;tZU7r&w$%jVL1ltk_>#|^!GrO%5_=Yc^qr)i}^pAb; zmAJuB5;ajN_6(+~F2F0lHkMzFC3Z(N?*TJ}Z68Gg?XrY9ML_?V&m$~xO5j^$FOL-> z2cC3ga~}Y6;=CVpxEq5G+R>E7qd-kq;(7%AI5J5t)KVU7ac9?c0*m-kJOk#MWBb#B z&*!~veW!2wq%5fGoo_-zomK+jlN`u&W4GM`z9||@Z~z5)!Z&T$u$BKDOB9c6&K3^v za%`0c3q09H-+_f~JQ4#QHOKbKUOn%j!89|O7bpUe5$a%tal}4x2yt^SWx@;yjTnq4 zQ58j^4J0P4Di^enZ7;ZNFGQb$l{E(-DG+81VLj8`U09-sbX3i>yGw<+P11Qa!M5kz zfCRulnY)z%yNjbk@j#Ay>Pb{m5-rb4sK_p>RveMPkJ5Dv2;w;0CQ;>;QD@Ab*STvN z$2C)4V2LtNBwZaW5_Vv4fUoj|1w~l@SxE<$s1ixf7Gd*rvlT$(X?Df~U`D*mkOBWI zj=q3{T@}6GVu@R&k+sn$T$;+6swQ*oSfXMis19<4ojf>zj{@PNHeg`cokgOa6%jVX z0BIZEGk?9tagupYqwm-*jo5ZGCfi37}_&g z#1NTwfCD^{Cwx%^49&1NNmQDEO#-m4?AeF(?)d+J&T@d%{|~6+4VG&V3A!SwaxB^w zFvXkA?F8oVsx}Px9}8^Xz^(J)@xR;)y2KHy`zWJi*jW)m30ia`!5k#4;;6a>)b?f< z^#Th76)Og;CV>u;ZOS4|`=YvwY2mMhxIqQ51foNS(rpX`Clh@b@TvuNXdw4IqVwDy zlQa%+XbZs?M^z7?>mb$oCa8={>c>56&Y%co&k&*yoVn9yQQeg^gf&MThB>01~{~h@R1BWW??%>RFbH0gE*l1wMP%> zJ;M#q6sk)X^VCNc&2eEjVc5-MIt0aT7Rw)T($zRxnIyC;nE@Y=L|3C=S?{;o!2ZC1 zy1Y?Y&18LjBzkTlAW}i2qDLP>`YuesDx?W92fr8~b34Hwbs=JKoJ0*3{S(En@rFp& zS8jk8VpQSyofzQ!4#J`#Y+%j)M55jo_(1`h75YX<)K4xu9nq&`I~)U;?Ig^d0+#Tl z%M7?p3cYL(EXz2o#{hXb#1i%X4|Ew!ND|rz$@=l%V|QQGc%9(UJtVM6ruHfdzc&J|^6NMKAAzFUR$6CsPAZ(ZAH-U+7{c6ZU3f`=B(5 z!0>qCV=NsKcrxmLZz3OqqwI+ilANv!%_QnExdT{9gA6{I799)xBKZ$^dY%uiu{pj!4yaTlERx~JO{EkZF*mB&RU{xi z)Kv*Yrn2kO5u@e>J$OVui^g`Ah1!MH()>L8ZlaRR=zl(r@?0hyfJa}%H)T)Aq@t2+ z>62DMb#@Ie@QA4+l+k0rMb1%IGSy!oECs)=)VDyQ_U5tW5PiZ{nQ?%bGGS&P{D|qR zgCmv_kTub%E?iIhJ+|lKfIKCFKdwpr3)%w7(##7`L5zyo-h$!)EoH)-HlW{HqKzZI ziK1rj;%X$`4OVwA@x?+m9Lj)yD$frk$T(9A=>z>!?f;JKGeK!owXrdKy29H zjc)eMANJ6EIJkLzEmv<{<>T+A)!d-XAl{~Mm^G9$xEZnLrn|2B)u6gzBYiRUb4$x_ zlTSHcSDyyI1XYwB_WPci0_vH zKC}o)KBip{ION;+k`GPFR;!p8Z|yf*UUjSQuZc^RFbNSHKyxgx`CrKgT|2xR1=88{ z3IX_M2dbvt-Bsh9unTT}5C83Ld^CP*`9tGq|L&^N)j-#k!oQW>6a9wmUdT?)+y&b;}wE_2|@KZVyG zoeGUPJ#IgL^`!=Q&wgrjLhlh&8k}i$u&t@`#E{f&A)mP*mobOOYAsnx4g8aI(Zh=x zyy9;hqf3*o$phQe9C9c%r*qd$HyFL|(?8Wa&3=A&_Z(&XetAd8z}c#E1($kHUtBKf z80Ne9t~@sFIqvTC?dvm-Xa~lzxnzcu{_G=?L_q{P*qi5`FEY20d?&77}7iL+FX0y*-lrv$ep~9a0A17u1~)2n?`w$K3bL5ME4C$ zLSy2qN>_Uiib21;&x8_^S^EkqDafU5<7SUY8GhNKNPS9e`xsGx@Sc#GTDcLk;Q7+1 z$-Z+ZR1AMl7wW8+ot2u*_`){SRp;ee+H;-(C-u);tY|qt2 z?yiJ?%{IR8>(^g1^SrjU;fF0Rw0_i_7hVAJg$%+w?48GsO0fvHj^9 zC)YBgzpuy>${)L%h5D{$Lj(!@Wo6!ckpI#rKIGDH2dcVxfOT{^U5oYJ#q;mLewiun z(vnX;nLL>w3?0AvJNMaj>pVU*Ct~U^ah+drW_oLnE zi8J2WPl_MgGtMpUDo^m)-^V%j*EizWGzc&D}k z>(;Q(+1h%`0P{5i6}+8M;3V|n+^a+CQ}(qZ11S~*+e>8D5`%}={f7AuD^5I2YTW^z5z5+iTby&MsAocZo<&<3ChpzY9DWe7>&cAXpL)*4X z@ojjAGt+~ciz}Q`Rt)FgWybaHa37g{r?oLl+O4VI`z=c1$eHPqle~7zD<+P`gYy9< z3IjWWX0#q2I$oTRf4NFyq-AxZ`p8}{&d$Rd-d7A3-`t~cBcX-yJ-cq#4*yb%zmxjS S!hNQhv+<0x0nJ=up7;;P(w>_D diff --git a/docs/versions.yaml b/docs/versions.yaml index a580eef356dc..379e4efcfa0f 100644 --- a/docs/versions.yaml +++ b/docs/versions.yaml @@ -21,4 +21,4 @@ "1.25": 1.25.11 "1.26": 1.26.8 "1.27": 1.27.7 -"1.28": 1.28.5 +"1.28": 1.28.6