Skip to content

[v1.14] envoy: Bump envoy version to v1.28.4 #32910

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 5, 2024
Merged

[v1.14] envoy: Bump envoy version to v1.28.4 #32910

merged 1 commit into from
Jun 5, 2024

Conversation

sayboras
Copy link
Member

@sayboras sayboras commented Jun 5, 2024

This commit is to bump envoy version to v1.28.4 for below CVEs:

Additionally, this build also includes a couple of Cilium fixes, more details can be found in #786.

Upstream release: https://github.com/envoyproxy/envoy/releases/tag/v1.28.4
Relates: cilium/proxy#786

@sayboras
envoy: Bump envoy version to v1.28.4
4945b42 
This commit is to bump envoy version to v1.28.4 for below CVEs:

- [CVE-2024-34362: Crash (use-after-free) in EnvoyQuicServerStream](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-hww5-43gv-35jv)
- [CVE-2024-34363: Crash due to uncaught nlohmann JSON exception](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-g979-ph9j-5gg4)
- [CVE-2024-34364: Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response, and other components](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26)
- [CVE-2024-32974: Crash in EnvoyQuicServerStream::OnInitialHeadersComplete()](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299)
- [CVE-2024-32975: Crash in QuicheDataReader::PeekVarInt62Length()](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-g9mq-6v96-cpqc)
- [CVE-2024-32976: Endless loop while decompressing Brotli data with extra input](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m)
- [CVE-2024-23326: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode](https://togithub.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c)

Additionally, this build also includes a couple of Cilium fixes, more
details can be found in #786.

Upstream release: https://github.com/envoyproxy/envoy/releases/tag/v1.28.4
Relates: cilium/proxy#786

Signed-off-by: Tam Mach <tam.mach@cilium.io>
@maintainer-s-little-helper maintainer-s-little-helper bot added backport/1.14 This PR represents a backport for Cilium 1.14.x of a PR that was merged to main. kind/backports This PR provides functionality previously merged into master. labels Jun 5, 2024
@sayboras
Copy link
Member Author

sayboras commented Jun 5, 2024

/test-backport-1.14

@sayboras sayboras marked this pull request as ready for review June 5, 2024 12:35
@sayboras sayboras requested a review from a team as a code owner June 5, 2024 12:35
@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jun 5, 2024
@qmonnet qmonnet merged commit 5710a4f into v1.14 Jun 5, 2024
@qmonnet qmonnet deleted the pr/tammach/envoy-1.28.4-1.14 branch June 5, 2024 14:49
@michi-covalent michi-covalent mentioned this pull request Jun 8, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qmonnet qmonnet qmonnet approved these changes

Assignees
No one assigned
Labels
backport/1.14 This PR represents a backport for Cilium 1.14.x of a PR that was merged to main. kind/backports This PR provides functionality previously merged into master. ready-to-merge This PR has passed all tests and received consensus from code owners to merge.
Projects
No open projects
cilium v1.14.12
Status: Released
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sayboras @qmonnet