Releases · envoyproxy/envoy

19 Sep 21:55

v1.31.2

cc4a754

v1.31.2 Latest

Latest

CVE-2024-45807: oghttp2 crash on OnBeginHeadersForStream
CVE-2024-45808: Malicious log injection via access logs
CVE-2024-45806: Potential manipulate x-envoy headers from external sources
CVE-2024-45809: Jwt filter crash in the clear route cache with remote JWKs
CVE-2024-45810: Envoy crashes for LocalReply in http async client

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.31.2
Docs:
https://www.envoyproxy.io/docs/envoy/v1.31.2/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.31.2/version_history/v1.31/v1.31.2
Full changelog:
v1.31.1...v1.31.2

Signed-off-by: Boteng Yao [email protected]
Signed-off-by: Ryan Northey [email protected]

Assets 8

19 Sep 20:42

publish-envoy

v1.30.6

810bfcb

v1.30.6

Summary of changes

CVE-2024-45808: Malicious log injection via access logs
CVE-2024-45806: Potential manipulate x-envoy headers from external sources
CVE-2024-45809: Jwt filter crash in the clear route cache with remote JWKs
CVE-2024-45810: Envoy crashes for LocalReply in http async client

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.30.6
Docs:
https://www.envoyproxy.io/docs/envoy/v1.30.6/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.30.6/version_history/v1.30/v1.30.6
Full changelog:
v1.30.5...v1.30.6

Signed-off-by: Boteng Yao [email protected]
Signed-off-by: Ryan Northey [email protected]

Assets 8

19 Sep 18:30

publish-envoy

v1.29.9

94aa5f7

v1.29.9

Summary of changes

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.29.9
Docs:
https://www.envoyproxy.io/docs/envoy/v1.29.9/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.29.9/version_history/v1.29/v1.29.9
Full changelog:
v1.29.8...v1.29.9

Signed-off-by: Boteng Yao [email protected]
Signed-off-by: Ryan Northey [email protected]

Assets 8

19 Sep 17:02

publish-envoy

v1.28.7

4848d6d

v1.28.7

Summary of changes

CVE-2024-45808: Malicious log injection via access logs
CVE-2024-45806: Potential manipulate x-envoy headers from external sources
CVE-2024-45810: Envoy crashes for LocalReply in http async client

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.28.7
Docs:
https://www.envoyproxy.io/docs/envoy/v1.28.7/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.28.7/version_history/v1.28/v1.28.7
Full changelog:
v1.28.6...v1.28.7

Signed-off-by: Boteng Yao [email protected]
Signed-off-by: Ryan Northey [email protected]

Assets 8

14 Sep 17:42

publish-envoy

v1.31.1

1f44388

v1.31.1

repo: Release v1.31.1

Summary of changes:

Update curl lib to resolve CVE-2024-7264
Assorted fixes
Updated container images

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.31.1
Docs:
https://www.envoyproxy.io/docs/envoy/v1.31.1/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.31.1/version_history/v1.31/v1.31.1
Full changelog:
v1.31.0...v1.31.1

Signed-off-by: Raven Black [email protected]
Signed-off-by: Ryan Northey [email protected]

Assets 8

14 Sep 14:47

publish-envoy

v1.30.5

20d3fc6

v1.30.5

repo: Release v1.30.5

Summary of changes:

Update curl lib to resolve CVE-2024-7264
Assorted fixes
Updated container images

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.30.5
Docs:
https://www.envoyproxy.io/docs/envoy/v1.30.5/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.30.5/version_history/v1.30/v1.30.5
Full changelog:
v1.30.4...v1.30.5

Signed-off-by: Raven Black [email protected]
Signed-off-by: Ryan Northey [email protected]

Assets 8

14 Sep 11:40

publish-envoy

v1.29.8

8156801

v1.29.8

repo: Release v1.29.8

Summary of changes:

Update curl lib to resolve CVE-2024-7264
Assorted fixes
Updated container images

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.29.8
Docs:
https://www.envoyproxy.io/docs/envoy/v1.29.8/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.29.8/version_history/v1.29/v1.29.8
Full changelog:
v1.29.7...v1.29.8

Signed-off-by: Raven Black [email protected]
Signed-off-by: Ryan Northey [email protected]

Assets 8

13 Sep 23:38

publish-envoy

v1.28.6

98cde4c

v1.28.6

repo: Release v1.28.6

Changes:

Update curl lib to resolve CVE-2024-7264
Assorted fixes
Updated container images

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.28.6
Docs:
https://www.envoyproxy.io/docs/envoy/v1.28.6/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.28.6/version_history/v1.28/v1.28.6
Full changelog:
v1.28.5...v1.28.6

Signed-off-by: Raven Black [email protected]
Signed-off-by: Ryan Northey [email protected]

Assets 8

19 Jul 17:47

publish-envoy

v1.31.0

7b8baff

v1.31.0

repo: Release v1.31.0

Summary of changes:

Added new access_log command operators to retrieve upstream connection information.
Enhanced ext_authz to be configured to ignore dynamic metadata in ext_authz responses.
Ext_authz: added a block list for headers that should never be send to the external auth service.
Ext_authz: added the ability to configure what decoder header mutations are allowed from the ext_authz with the option to fail if disallowed mutations are requested.
Ext_proc support for observability mode which is "Send and Go" mode that can be used by external processor to observe Envoy data and status.
Added support for flow control in Envoy gRPC side stream.
TCP Healthchecks can now leverage ProxyProtocol.
Hot restart: Added new command-line flag to skip hot restart stats transfer.
HTTP: Added the ability when request mirroring to disable appending of the -shadow suffix to the shadowed host/authority header.
HTTP: Added the ability to set the downstream request :scheme to match the upstream transport protocol.
HTTP: Envoy now supports proxying 104 headers from upstream.
Added the ability to bypass the overload manager for a listener.
Added support for local cluster rate limit shared across all Envoy instances in the local cluster.
Added Filter State Input for matching HTTP input based on filter state objects.
Oauth: Added an option to disable setting the ID Token cookie.
OpenTelemetry enhancements to support extension formatter and stats prefix configuration for the OpenTelemetry logger.
QUIC stream reset errors are now captured in transport failure reason. Added support for QUIC server preferred address when there is a DNAT between the client and Envoy.
Added support for Redis inline commands, Bloom 1.0.0 commands, among other commands.
Added a new retry policy: reset-before-request.
Added support for dynamic direct response for files.
Added TLS support to match against OtherName SAN-type under match_typed_subject_alt_names.
Upstream: Added a new field to LocalityLbEndpoints, LocalityLbEndpoints.Metadata, that may be used for transport socket matching groups of endpoints.
Update WASM filter to support use as an upstream filter.
Disabled OpenCensus by default as it is no longer maintained upstream.
Ext_proc support for route_cache_action which specifies the route action to be taken when an external processor response is received in response to request headers.
Golang: Move Continue, SendLocalReply and RecoverPanic to DecoderFilterCallbacks and EncoderFilterCallbacks, to support full-duplex processing.
Http2 uses Oghttp2 by default.
Added a "happy eyeballs" feature to HTTP/3 upstream, where it assuming happy eyeballs sorting results in alternating address families will attempt the first v4 and v6 address before giving up on HTTP/3.
Populate typed metadata by default in ProxyProtocol listener.
Datadog: Disabled remote configuration by default.
Reject invalid runtime YAML instead of supporting corner cases of bad YAML.