repo: Release v1.31.2

[CVE-2024-45807](GHSA-qc52-r4x5-9w37): oghttp2 crash on OnBeginHeadersForStream [CVE-2024-45808](GHSA-p222-xhp9-39rc): Malicious log injection via access logs [CVE-2024-45806](GHSA-ffhv-fvxq-r6mf): Potential manipulate `x-envoy` headers from external sources [CVE-2024-45809](GHSA-wqr5-qmq7-3qw3): Jwt filter crash in the clear route cache with remote JWKs [CVE-2024-45810](GHSA-qm74-x36m-555q): Envoy crashes for LocalReply in http async client **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.31.2 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.31.2/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.31.2/version_history/v1.31/v1.31.2 **Full changelog**: v1.31.1...v1.31.2 Signed-off-by: Boteng Yao <boteng@google.com> Signed-off-by: Ryan Northey <ryan@synca.io> Signed-off-by: publish-envoy[bot] <140627008+publish-envoy[bot]@users.noreply.github.com>
envoyproxy · Sep 19, 2024 · cc4a754 · cc4a754
1 parent 5f777dc
commit cc4a754
Show file tree

Hide file tree

Showing 10 changed files with 82 additions and 16 deletions.
diff --git a/VERSION.txt b/VERSION.txt
@@ -1 +1 @@
-1.31.2-dev
+1.31.2
diff --git a/changelogs/1.28.7.yaml b/changelogs/1.28.7.yaml
@@ -0,0 +1,22 @@
+date: September 19, 2024
+
+behavior_changes:
+- area: http
+  change: |
+    The default configuration of Envoy will continue to trust internal addresses while in the future it will not trust them by default.
+    If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary ``x-envoy``
+    headers) please explictily include those addresses or CIDR ranges into :ref:`internal_address_config
+    <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.internal_address_config>`
+    See the config examples from the above ``internal_address_config`` link. This default no trust internal address can be turned on by
+    setting runtime guard ``envoy.reloadable_features.explicit_internal_address_config`` to ``true``.
+
+minor_behavior_changes:
+- area: access_log
+  change: |
+    Sanitize SNI for potential log injection. The invalid character will be replaced by ``_`` with an ``invalid:`` marker. If runtime
+    flag ``envoy.reloadable_features.sanitize_sni_in_access_log`` is set to ``false``, the sanitize behavior is disabled.
+
+bug_fixes:
+- area: http_async_client
+  change: |
+    Fixed the local reply and destroy order crashes when using the http async client for websocket handshake.
diff --git a/changelogs/1.29.9.yaml b/changelogs/1.29.9.yaml
@@ -0,0 +1,27 @@
+date: September 19, 2024
+
+behavior_changes:
+- area: http
+  change: |
+    The default configuration of Envoy will continue to trust internal addresses while in the future it will not trust them by default.
+    If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary ``x-envoy``
+    headers) please explictily include those addresses or CIDR ranges into :ref:`internal_address_config
+    <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.internal_address_config>`
+    See the config examples from the above ``internal_address_config`` link. This default no trust internal address can be turned on by
+    setting runtime guard ``envoy.reloadable_features.explicit_internal_address_config`` to ``true``.
+
+minor_behavior_changes:
+- area: access_log
+  change: |
+    Sanitize SNI for potential log injection. The invalid character will be replaced by ``_`` with an ``invalid:`` marker. If runtime
+    flag ``envoy.reloadable_features.sanitize_sni_in_access_log`` is set to ``false``, the sanitize behavior is disabled.
+
+bug_fixes:
+- area: jwt
+  change: |
+    Fixed a bug where using ``clear_route_cache`` with remote JWKs works
+    incorrectly and may cause a crash when the modified request does not match
+    any route.
+- area: http_async_client
+  change: |
+    Fixed the local reply and destroy order crashes when using the http async client for websocket handshake.
diff --git a/changelogs/1.30.6.yaml b/changelogs/1.30.6.yaml
@@ -0,0 +1,27 @@
+date: September 19, 2024
+
+behavior_changes:
+- area: http
+  change: |
+    The default configuration of Envoy will continue to trust internal addresses while in the future it will not trust them by default.
+    If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary ``x-envoy``
+    headers) please explictily include those addresses or CIDR ranges into :ref:`internal_address_config
+    <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.internal_address_config>`
+    See the config examples from the above ``internal_address_config`` link. This default no trust internal address can be turned on by
+    setting runtime guard ``envoy.reloadable_features.explicit_internal_address_config`` to ``true``.
+
+minor_behavior_changes:
+- area: access_log
+  change: |
+    Sanitize SNI for potential log injection. The invalid character will be replaced by ``_`` with an ``invalid:`` marker. If runtime
+    flag ``envoy.reloadable_features.sanitize_sni_in_access_log`` is set to ``false``, the sanitize behavior is disabled.
+
+bug_fixes:
+- area: jwt
+  change: |
+    Fixed a bug where using ``clear_route_cache`` with remote JWKs works
+    incorrectly and may cause a crash when the modified request does not match
+    any route.
+- area: http_async_client
+  change: |
+    Fixed the local reply and destroy order crashes when using the http async client for websocket handshake.
diff --git a/changelogs/current.yaml b/changelogs/current.yaml
@@ -1,7 +1,6 @@
-date: Pending
+date: September 19, 2024
 
 behavior_changes:
-# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
 - area: http
   change: |
     The default configuration of Envoy will continue to trust internal addresses while in the future it will not trust them by default.
@@ -16,14 +15,12 @@ behavior_changes:
     requests and responses to address to address stability concerns. This behavior can be reverted by setting the feature to ``true``.
 
 minor_behavior_changes:
-# *Changes that may cause incompatibilities for some users, but should not for most*
 - area: access_log
   change: |
     Sanitize SNI for potential log injection. The invalid character will be replaced by ``_`` with an ``invalid:`` marker. If runtime
     flag ``envoy.reloadable_features.sanitize_sni_in_access_log`` is set to ``false``, the sanitize behavior is disabled.
 
 bug_fixes:
-# *Changes expected to improve the state of the world and are unlikely to have negative effects*
 - area: jwt
   change: |
     Fixed a bug where using ``clear_route_cache`` with remote JWKs works
@@ -32,10 +29,3 @@ bug_fixes:
 - area: http_async_client
   change: |
     Fixed the local reply and destroy order crashes when using the http async client for websocket handshake.
-
-removed_config_or_runtime:
-# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
-
-new_features:
-
-deprecated:
diff --git a/docs/inventories/v1.28/objects.inv b/docs/inventories/v1.28/objects.inv
diff --git a/docs/inventories/v1.29/objects.inv b/docs/inventories/v1.29/objects.inv
diff --git a/docs/inventories/v1.30/objects.inv b/docs/inventories/v1.30/objects.inv
diff --git a/docs/inventories/v1.31/objects.inv b/docs/inventories/v1.31/objects.inv
diff --git a/docs/versions.yaml b/docs/versions.yaml
@@ -21,7 +21,7 @@
 "1.25": 1.25.11
 "1.26": 1.26.8
 "1.27": 1.27.7
-"1.28": 1.28.6
-"1.29": 1.29.8
-"1.30": 1.30.5
-"1.31": 1.31.0
+"1.28": 1.28.7
+"1.29": 1.29.9
+"1.30": 1.30.6
+"1.31": 1.31.1