Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

release-1.24: Backport #5827 and #5850 #5853

Merged
merged 3 commits into from
Oct 16, 2023
Merged

release-1.24: Backport #5827 and #5850 #5853

merged 3 commits into from
Oct 16, 2023

Commits on Oct 13, 2023

  1. Add configurability for HTTP requests per IO cycle (projectcontour#5827) 

    An additional mitigation to CVE-2023-44487 available in Envoy 1.27.1.
This change allows configuring the http.max_requests_per_io_cycle Envoy
runtime setting via Contour configuration to allow administrators of
Contour to prevent abusive connections from starving resources from
others. The default is left as the existing behavior, that is no limit,
so as not to impact existing valid traffic.

See the Envoy release notes for more information:
https://www.envoyproxy.io/docs/envoy/v1.27.1/version_history/v1.27/v1.27.1

Signed-off-by: Sunjay Bhatia <[email protected]>
    @sunjayBhatia
    sunjayBhatia committed Oct 13, 2023
    Configuration menu
    Copy the full SHA
    9d99d15 View commit details
    Browse the repository at this point in the history

  2. HTTP/2 max concurrent streams can be configured (projectcontour#5850) 

    Adds a global Listener configuration field for admins to be able to
protect their installations of Contour/Envoy with a limit. Default is no
limit to ensure existing behavior is not impacted for valid traffic.
This field can be used for tuning resource usage or mitigated DOS
attacks like in CVE-2023-44487.

Also fixes omitempty tags on MaxRequestsPerIOCycle field.

Fixes: projectcontour#5846

Signed-off-by: Sunjay Bhatia <[email protected]>
    @sunjayBhatia
    sunjayBhatia committed Oct 13, 2023
    Configuration menu
    Copy the full SHA
    c78c69b View commit details
    Browse the repository at this point in the history

Commits on Oct 16, 2023

  1. lint fix 

    Signed-off-by: Sunjay Bhatia <[email protected]>
    @sunjayBhatia
    sunjayBhatia committed Oct 16, 2023
    Configuration menu
    Copy the full SHA
    357a4d7 View commit details
    Browse the repository at this point in the history