fix(deps): update module github.com/envoyproxy/envoy to v1.32.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/envoyproxy/envoy	v1.28.1 -> v1.32.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

envoyproxy/envoy (github.com/envoyproxy/envoy)

v1.32.1

Compare Source

repo: Release v1.32.1

Summary of changes:

• CI and release container updates

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.32.1
Docs:
https://www.envoyproxy.io/docs/envoy/v1.32.1/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.32.1/version_history/v1.32/v1.32.1
Full changelog:
envoyproxy/envoy@v1.32.0...v1.32.1

Signed-off-by: Kateryna Nezdolii [email protected]
Signed-off-by: Ryan Northey [email protected]

v1.32.0

Compare Source

repo: Release v1.32.0 (#​36597)

Summary of changes:

• Envoy now logs warnings when internal_address_config is not set.  If
  you see this logged warning and wish to retain trusted status for
  internal addresses you must explicitly configure
  internal_address_config (which will turn off the warning) before the
  next Envoy release.
• Removed support for (long deprecated) opentracing. 
• Added a configuration setting for the maximum size of response headers
  in responses.
• Added support for connection_pool_per_downstream_connection flag in
  tcp connection pool.
• For the strict DNS and logical DNS cluster types, the dns_jitter
  field allows spreading out DNS refresh requests
• Added dynamic metadata matcher support dynamic metadata input and
  dynamic metadata input matcher.
• The xff original IP detection method now supports using a list of
  trusted CIDRs when parsing x-forwarded-for.
• QUIC server and client support certificate compression, which can in
  some cases reduce the number of round trips required to setup a
  connection.
• Added the ability to monitor CPU utilization in Linux based systems
  via cpu utilization monitor in overload manager.
• Added new access log command operators (%START_TIME_LOCAL% and
  %EMIT_TIME_LOCAL%) formatters (%UPSTREAM_CLUSTER_RAW%
%DOWNSTREAM_PEER_CHAIN_FINGERPRINTS_256%, and
  %DOWNSTREAM_PEER_CHAIN_SERIALS%) as well as significant boosts to json
  parsing.  See release notes for details
• Added support for %BYTES_RECEIVED%, %BYTES_SENT%,
  %UPSTREAM_HEADER_BYTES_SENT%, %UPSTREAM_HEADER_BYTES_RECEIVED%,
  %UPSTREAM_WIRE_BYTES_SENT%, %UPSTREAM_WIRE_BYTES_RECEIVED% and
  access log substitution strings for UDP tunneling flows.
• Added ECDS support for UDP session filters.

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.32.0
Docs:
https://www.envoyproxy.io/docs/envoy/v1.32.0/
Release notes:

https://www.envoyproxy.io/docs/envoy/v1.32.0/version_history/v1.32/v1.32.0
Full changelog:
envoyproxy/envoy@v1.31.0...v1.32.0

Signed-off-by: Alyssa Wilk [email protected]

v1.31.3

Compare Source

repo: Release v1.31.3

Summary of changes

• Minor tracing bug fix
• CI and release container updates

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.31.3
Docs:
https://www.envoyproxy.io/docs/envoy/v1.31.3/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.31.3/version_history/v1.31/v1.31.3
Full changelog:
envoyproxy/envoy@v1.31.2...v1.31.3

Signed-off-by: Kateryna Nezdolii [email protected]
Signed-off-by: Ryan Northey [email protected]

v1.31.2

Compare Source

CVE-2024-45807: oghttp2 crash on OnBeginHeadersForStream
CVE-2024-45808: Malicious log injection via access logs
CVE-2024-45806: Potential manipulate x-envoy headers from external sources
CVE-2024-45809: Jwt filter crash in the clear route cache with remote JWKs
CVE-2024-45810: Envoy crashes for LocalReply in http async client

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.31.2
Docs:
https://www.envoyproxy.io/docs/envoy/v1.31.2/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.31.2/version_history/v1.31/v1.31.2
Full changelog:
envoyproxy/envoy@v1.31.1...v1.31.2

Signed-off-by: Boteng Yao [email protected]
Signed-off-by: Ryan Northey [email protected]

v1.31.1

Compare Source

repo: Release v1.31.1

Summary of changes:

• Update curl lib to resolve CVE-2024-7264
• Assorted fixes
• Updated container images

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.31.1
Docs:
https://www.envoyproxy.io/docs/envoy/v1.31.1/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.31.1/version_history/v1.31/v1.31.1
Full changelog:
envoyproxy/envoy@v1.31.0...v1.31.1

Signed-off-by: Raven Black [email protected]
Signed-off-by: Ryan Northey [email protected]

v1.31.0

Compare Source

repo: Release v1.31.0

Summary of changes:

• Added new access_log command operators to retrieve upstream connection information.
• Enhanced ext_authz to be configured to ignore dynamic metadata in ext_authz responses.
• Ext_authz: added a block list for headers that should never be send to the external auth service.
• Ext_authz: added the ability to configure what decoder header mutations are allowed from the ext_authz with the option to fail if disallowed mutations are requested.
• Ext_proc support for observability mode which is "Send and Go" mode that can be used by external processor to observe Envoy data and status.
• Added support for flow control in Envoy gRPC side stream.
• TCP Healthchecks can now leverage ProxyProtocol.
• Hot restart: Added new command-line flag to skip hot restart stats transfer.
• HTTP: Added the ability when request mirroring to disable appending of the -shadow suffix to the shadowed host/authority header.
• HTTP: Added the ability to set the downstream request :scheme to match the upstream transport protocol.
• HTTP: Envoy now supports proxying 104 headers from upstream.
• Added the ability to bypass the overload manager for a listener.
• Added support for local cluster rate limit shared across all Envoy instances in the local cluster.
• Added Filter State Input for matching HTTP input based on filter state objects.
• Oauth: Added an option to disable setting the ID Token cookie.
• OpenTelemetry enhancements to support extension formatter and stats prefix configuration for the OpenTelemetry logger.
• QUIC stream reset errors are now captured in transport failure reason. Added support for QUIC server preferred address when there is a DNAT between the client and Envoy.
• Added support for Redis inline commands, Bloom 1.0.0 commands, among other commands.
• Added a new retry policy: reset-before-request.
• Added support for dynamic direct response for files.
• Added TLS support to match against OtherName SAN-type under match_typed_subject_alt_names.
• Upstream: Added a new field to LocalityLbEndpoints, LocalityLbEndpoints.Metadata, that may be used for transport socket matching groups of endpoints.
• Update WASM filter to support use as an upstream filter.
• Disabled OpenCensus by default as it is no longer maintained upstream.
• Ext_proc support for route_cache_action which specifies the route action to be taken when an external processor response is received in response to request headers.
• Golang: Move Continue, SendLocalReply and RecoverPanic to DecoderFilterCallbacks and EncoderFilterCallbacks, to support full-duplex processing.
• Http2 uses Oghttp2 by default.
• Added a "happy eyeballs" feature to HTTP/3 upstream, where it assuming happy eyeballs sorting results in alternating address families will attempt the first v4 and v6 address before giving up on HTTP/3.
• Populate typed metadata by default in ProxyProtocol listener.
• Datadog: Disabled remote configuration by default.
• Reject invalid runtime YAML instead of supporting corner cases of bad YAML.

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.31.0
Docs:
https://www.envoyproxy.io/docs/envoy/v1.31.0/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.31.0/version_history/v1.31/v1.31.0
Full changelog:
envoyproxy/envoy@v1.30.0...v1.31.0

Signed-off-by: Kevin Baichoo [email protected]
Signed-off-by: Ryan Northey [email protected]

v1.30.7

Compare Source

repo: Release v1.30.7

Summary of changes

• Minor tracing bug fix
• CI and release container updates

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.30.7
Docs:
https://www.envoyproxy.io/docs/envoy/v1.30.7/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.30.7/version_history/v1.30/v1.30.7
Full changelog:
envoyproxy/envoy@v1.30.6...v1.30.7

Signed-off-by: Kateryna Nezdolii [email protected]
Signed-off-by: Ryan Northey [email protected]

v1.30.6

Compare Source

Summary of changes

CVE-2024-45808: Malicious log injection via access logs
CVE-2024-45806: Potential manipulate x-envoy headers from external sources
CVE-2024-45809: Jwt filter crash in the clear route cache with remote JWKs
CVE-2024-45810: Envoy crashes for LocalReply in http async client

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.30.6
Docs:
https://www.envoyproxy.io/docs/envoy/v1.30.6/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.30.6/version_history/v1.30/v1.30.6
Full changelog:
envoyproxy/envoy@v1.30.5...v1.30.6

Signed-off-by: Boteng Yao [email protected]
Signed-off-by: Ryan Northey [email protected]

v1.30.5

Compare Source

repo: Release v1.30.5

Summary of changes:

• Update curl lib to resolve CVE-2024-7264
• Assorted fixes
• Updated container images

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.30.5
Docs:
https://www.envoyproxy.io/docs/envoy/v1.30.5/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.30.5/version_history/v1.30/v1.30.5
Full changelog:
envoyproxy/envoy@v1.30.4...v1.30.5

Signed-off-by: Raven Black [email protected]
Signed-off-by: Ryan Northey [email protected]

v1.30.4

Compare Source

repo: Release v1.30.4

Summary of changes:

• CVE-2024-39305 Fix a bug where additional cookie attributes are not sent properly to clients.

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.30.4
Docs:
https://www.envoyproxy.io/docs/envoy/v1.30.4/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.30.4/version_history/v1.30/v1.30.4
Full changelog:
envoyproxy/envoy@v1.30.3...v1.30.4

Signed-off-by: Yan Avlasov [email protected]
Signed-off-by: Ryan Northey [email protected]

v1.30.3

Compare Source

repo: Release v1.30.3

Summary of changes:

• Bumped the version of datadog to resolve a crashing bug in earlier versions of the library.

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.30.3
Docs:
https://www.envoyproxy.io/docs/envoy/v1.30.3/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.30.3/version_history/v1.30/v1.30.3
Full changelog:
envoyproxy/envoy@v1.30.2...v1.30.3

Signed-off-by: Ryan Northey [email protected]

v1.30.2

Compare Source

repo: Release v1.30.2

Summary of changes:

• CVE-2024-34362: Crash (use-after-free) in EnvoyQuicServerStream
• CVE-2024-34363: Crash due to uncaught nlohmann JSON exception
• CVE-2024-34364: Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response, and other components
• CVE-2024-32974: Crash in EnvoyQuicServerStream::OnInitialHeadersComplete()
• CVE-2024-32975: Crash in QuicheDataReader::PeekVarInt62Length()
• CVE-2024-32976: Endless loop while decompressing Brotli data with extra input
• CVE-2024-23326: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.30.2
Docs:
https://www.envoyproxy.io/docs/envoy/v1.30.2/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.30.2/version_history/v1.30/v1.30.2
Full changelog:
envoyproxy/envoy@v1.30.1...v1.30.2

Signed-off-by: Boteng Yao [email protected]
Signed-off-by: Ryan Northey [email protected]

v1.30.1

Compare Source

repo: Release v1.30.1

Summary of changes:

• Fix for potential TLS/SNI (auto_sni) crash CVE-2024-32475.

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.30.1
Docs:
https://www.envoyproxy.io/docs/envoy/v1.30.1/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.30.1/version_history/v1.30/v1.30.1
Full changelog:
envoyproxy/envoy@v1.30.0...v1.30.1

v1.30.0

Compare Source

repo: Release v1.30.0 (#​33573)

Summary of changes:

• Removed the Swift/C++ interop layer in Envoy Mobile.
• Add retry policy to ext_proc.
• Added HTTP downstream remote reset response flag.
• Added support for the Fluentd access logger.
• Introduced MemoryAllocatorManager to configure heap memory release rate.
• Envoy Mobile added CONNECT Proxy support for iOS.
• Redis: support echo command.
• Envoy Mobile setting QUIC newtork idle timeout to 30 seconds.
• Sending server preferred address to non-QUICHE clients.
• Avoid concatenation of JWT duplicated headers.
• HTTP: Keep Transfer-Encoding header for trailers.
• Envoy Mobile setting the socket receive buffer to 1MB for QUIC.
• Added FULL_SCAN support to least-request load-balancing algorithm.
• aws_lambda and ext_proc filters can be used as an upstream filter.
• Hosts marked as draining in and EDS update are now excluded.
• Envoy Mobile supports log-levels.
• Added support for URI tempate matching for RBAC.
• Fixed load balancing initialization bug.
• Supporting %UPSTREAM_CONNECTION_ID% in access logs.
• Added request and response attributes support to ext_proc.
• Added support sending dynamic metadata to ext_proc.
• Re-enable the nghttp2 codec for HTTP/2 connections by default.

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.30.0
Docs:
https://www.envoyproxy.io/docs/envoy/v1.30.0/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.30.0/version_history/v1.30/v1.30.0
Full changelog:
envoyproxy/envoy@v1.29.0...v1.30.0

Signed-off-by: Adi Suissa-Peleg [email protected]
Signed-off-by: Ryan Northey [email protected]

v1.29.10

Compare Source

repo: Release v1.29.10

Summary of changes

• Minor tracing bug fix
• CI and release container updates

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.29.10
Docs:
https://www.envoyproxy.io/docs/envoy/v1.29.10/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.29.10/version_history/v1.29/v1.29.10
Full changelog:
envoyproxy/envoy@v1.29.9...v1.29.10

Signed-off-by: Ryan Northey [email protected]
Signed-off-by: Kateryna Nezdolii [email protected]

v1.29.9

Compare Source

Summary of changes

CVE-2024-45808: Malicious log injection via access logs
CVE-2024-45806: Potential manipulate x-envoy headers from external sources
CVE-2024-45809: Jwt filter crash in the clear route cache with remote JWKs
CVE-2024-45810: Envoy crashes for LocalReply in http async client

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.29.9
Docs:
https://www.envoyproxy.io/docs/envoy/v1.29.9/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.29.9/version_history/v1.29/v1.29.9
Full changelog:
envoyproxy/envoy@v1.29.8...v1.29.9

Signed-off-by: Boteng Yao [email protected]
Signed-off-by: Ryan Northey [email protected]

v1.29.8

Compare Source

repo: Release v1.29.8

Summary of changes:

• Update curl lib to resolve CVE-2024-7264
• Assorted fixes
• Updated container images

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.29.8
Docs:
https://www.envoyproxy.io/docs/envoy/v1.29.8/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.29.8/version_history/v1.29/v1.29.8
Full changelog:
envoyproxy/envoy@v1.29.7...v1.29.8

Signed-off-by: Raven Black [email protected]
Signed-off-by: Ryan Northey [email protected]

v1.29.7

Compare Source

repo: Release v1.29.7

Summary of changes:

• CVE-2024-39305 Fix a bug where additional cookie attributes are not sent properly to clients.

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.29.7
Docs:
https://www.envoyproxy.io/docs/envoy/v1.29.7/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.29.7/version_history/v1.29/v1.29.7
Full changelog:
envoyproxy/envoy@v1.29.6...v1.29.7

Signed-off-by: Yan Avlasov [email protected]
Signed-off-by: Ryan Northey [email protected]

v1.29.6

Compare Source

repo: Release v1.29.6

Summary of changes:

• Bumped the version of datadog to resolve a crashing bug in earlier versions of the library.

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.29.6
Docs:
https://www.envoyproxy.io/docs/envoy/v1.29.6/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.29.6/version_history/v1.29/v1.29.6
Full changelog:
envoyproxy/envoy@v1.29.5...v1.29.6

Signed-off-by: Alyssa Wilk [email protected]
Signed-off-by: Greg Greenway [email protected]
Signed-off-by: Ryan Northey [email protected]

v1.29.5

Compare Source

repo: Release v1.29.5

Summary of changes:

• CVE-2024-34362: Crash (use-after-free) in EnvoyQuicServerStream
• CVE-2024-34363: Crash due to uncaught nlohmann JSON exception
• CVE-2024-34364: Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response, and other components
• CVE-2024-32974: Crash in EnvoyQuicServerStream::OnInitialHeadersComplete()
• CVE-2024-32975: Crash in QuicheDataReader::PeekVarInt62Length()
• CVE-2024-32976: Endless loop while decompressing Brotli data with extra input
• CVE-2024-23326: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.29.5
Docs:
https://www.envoyproxy.io/docs/envoy/v1.29.5/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.29.5/version_history/v1.29/v1.29.5
Full changelog:
envoyproxy/envoy@v1.29.4...v1.29.5

Signed-off-by: Boteng Yao [email protected]
Signed-off-by: Ryan Northey [email protected]

v1.29.4

Compare Source

repo: Release v1.29.4

Summary of changes:

• Fix for potential TLS/SNI (auto_sni) crash CVE-2024-32475.
• Fix for config_dump in admin UI.

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.29.4
Docs:
https://www.envoyproxy.io/docs/envoy/v1.29.4/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.29.4/version_history/v1.29/v1.29.4
Full changelog:
envoyproxy/envoy@v1.29.3...v1.29.4

Signed-off-by: Ryan Northey [email protected]

v1.29.3

Compare Source

repo: Release v1.29.3

Summary of changes:

• Patch nghttp2 to resolve CVE-2024-30255
• Assorted fixes

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.29.3
Docs:
https://www.envoyproxy.io/docs/envoy/v1.29.3/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.29.3/version_history/v1.29/v1.29.3
Full changelog:
envoyproxy/envoy@v1.29.2...v1.29.3

Signed-off-by: Ryan Northey [email protected]
Signed-off-by: Yan Avlasov [email protected]

v1.29.2

Compare Source

repo: Release v1.29.2

Summary of changes:

• Revert default codec to nghttp2 as a number of users have reported issues with
  oghttp2 including #​32611 and #​32401
• Assorted minor fixes

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.29.2
Docs:
https://www.envoyproxy.io/docs/envoy/v1.29.2/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.29.2/version_history/v1.29/v1.29.2
Full changelog:
envoyproxy/envoy@v1.29.1...v1.29.2

Signed-off-by: Ryan Northey [email protected]

v1.29.1

Compare Source

repo: Release v1.29.1

Summary of changes:

• Fix CVE-2024-23324
• Fix CVE-2024-23325
• Fix CVE-2024-23322
• Fix CVE-2024-23323
• Fix CVE-2024-23327
• Assorted bug fixes

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.29.1
Docs:
https://www.envoyproxy.io/docs/envoy/v1.29.1/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.29.1/version_history/v1.29/v1.29.1
Full changelog:
envoyproxy/envoy@v1.29.0...v1.29.1

Signed-off-by: Ryan Northey [email protected]

v1.29.0

Compare Source

repo: Release v1.29.0

Summary of changes:

• Envoy Mobile can now be built without C++ exceptions using the --define=envoy_exceptions=disabled Bazel flag.
• Add the logical OR operation to value matchers.
• Add xDS support for Envoy Mobile Android (AAR) library.
• Add configurable HTTP status when a global rate limit service fails.
• Opentelemetry tracer: add support for environment resource detector.
• Added HTTP basic auth extension.
• Add support for ext_authz to send route metadata.
• Allow per route body buffering configuration in ext_authz.
• Datadog: honor extracted sampling decisions to avoid dropping samples.
• gRPC side streams: make idle connection timeout configurable.
• Support CEL expressions in ext_proc for extraction of request or response atributes.
• HTTP: clear hop by hop Transfer-Encoding header.
• Redis: Add support for the WATCH and GETDEL commands.
• Adds strict mode for stateful session filter, that rejects requests if destination host is not available.
• Internal redirects: support passing headers from response to request.
• Add implementation of the drop_overload Cluster API.
• HTTP/2: discard the Host header when :authority is present.
• grpc_http1_bridge: add <ignore_query_params> option.
• Access Log: Add EMIT_TIME command operator.
• ECDS now supports composite filter.
• Enable new oghttp2 codec for HTTP/2 connections.

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.29.0
Docs:
https://www.envoyproxy.io/docs/envoy/v1.29.0/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.29.0/version_history/v1.29/v1.29.0
Full changelog:
envoyproxy/envoy@v1.28.0...v1.29.0

Signed-off-by: Ryan Northey [email protected]
Signed-off-by: Yan Avlasov [email protected]

v1.28.7

Compare Source

Summary of changes

CVE-2024-45808: Malicious log injection via access logs
CVE-2024-45806: Potential manipulate x-envoy headers from external sources
CVE-2024-45810: Envoy crashes for LocalReply in http async client

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.28.7
Docs:
https://www.envoyproxy.io/docs/envoy/v1.28.7/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.28.7/version_history/v1.28/v1.28.7
Full changelog:
envoyproxy/envoy@v1.28.6...v1.28.7

Signed-off-by: Boteng Yao [email protected]
Signed-off-by: Ryan Northey [email protected]

v1.28.6

Compare Source

repo: Release v1.28.6

Changes:

• Update curl lib to resolve CVE-2024-7264
• Assorted fixes
• Updated container images

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.28.6
Docs:
https://www.envoyproxy.io/docs/envoy/v1.28.6/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.28.6/version_history/v1.28/v1.28.6
Full changelog:
envoyproxy/envoy@v1.28.5...v1.28.6

Signed-off-by: Raven Black [email protected]
Signed-off-by: Ryan Northey [email protected]

v1.28.5

Compare Source

repo: Release v1.28.5

Summary of changes:

• CVE-2024-39305 Fix a bug where additional cookie attributes are not sent properly to clients.

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.28.5
Docs:
https://www.envoyproxy.io/docs/envoy/v1.28.5/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.28.5/version_history/v1.28/v1.28.5
Full changelog:
envoyproxy/envoy@v1.28.4...v1.28.5

Signed-off-by: Yan Avlasov [email protected]
Signed-off-by: Ryan Northey [email protected]

v1.28.4

Compare Source

repo: Release v1.28.4

Summary of changes:

• CVE-2024-34362: Crash (use-after-free) in EnvoyQuicServerStream
• CVE-2024-34363: Crash due to uncaught nlohmann JSON exception
• CVE-2024-34364: Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response, and other components
• CVE-2024-32974: Crash in EnvoyQuicServerStream::OnInitialHeadersComplete()
• CVE-2024-32975: Crash in QuicheDataReader::PeekVarInt62Length()
• CVE-2024-32976: Endless loop while decompressing Brotli data with extra input
• CVE-2024-23326: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.28.4
Docs:
https://www.envoyproxy.io/docs/envoy/v1.28.4/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.28.4/version_history/v1.28/v1.28.4
Full changelog:
envoyproxy/envoy@v1.28.3...v1.28.4

Signed-off-by: Boteng Yao [email protected]
Signed-off-by: Ryan Northey [email protected]

v1.28.3

Compare Source

repo: Release v1.28.3

Summary of changes:

• Fix for potential TLS/SNI (auto_sni) crash CVE-2024-32475.

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.28.3
Docs:
https://www.envoyproxy.io/docs/envoy/v1.28.3/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.28.3/version_history/v1.28/v1.28.3
Full changelog:
envoyproxy/envoy@v1.28.2...v1.28.3

Signed-off-by: Ryan Northey [email protected]

v1.28.2

Compare Source

repo: Release v1.28.2

Summary of changes:

• Patch nghttp2 to resolve CVE-2024-30255
• Assorted fixes

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1\&name=v1.28.2
Docs:
https://www.envoyproxy.io/docs/envoy/v1.28.2/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.28.2/version_history/v1.28/v1.28.2
Full changelog:
envoyproxy/envoy@v1.28.1...v1.28.2

Signed-off-by: Ryan Northey [email protected]
Signed-off-by: Yan Avlasov [email protected]

---

Configuration

📅 Schedule: Branch creation - "on tuesday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: privacy-profile-composer/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.20 -> 1.23.3
google.golang.org/protobuf	v1.31.0 -> v1.35.1