diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7d82ce9..7839a05 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -70,6 +70,21 @@ Please see the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest
(no changes yet)
+## [2.0.2-ea] August 24, 2021
+[2.0.2-ea]: https://github.com/datawire/edge-stack/compare/v2.0.1-ea...v2.0.2-ea
+
+### Ambassador Edge Stack
+
+- - Change: Update Envoy from 1.15 to 1.17.4 with security patches to fix the following CVEs
+ - CVE-2021-32777
+ - CVE-2021-32779
+ - CVE-2021-32781
+ - CVE-2021-32778
+- Feature: You can now set `allow_chunked_length` in the Ambassador Module to configure the same value in Envoy.
+- Change: Envoy-configuration snapshots get saved (as `ambex-#.json`) in `/ambassador/snapshots`.
+ The number of snapshots is controlled by the `AMBASSADOR_AMBEX_SNAPSHOT_COUNT` environment
+ variable; set it to 0 to disable. The default is 30.
+
## [2.0.1-ea] August 12, 2021
[2.0.1-ea]: https://github.com/datawire/edge-stack/compare/v2.0.0-ea...v2.0.1-ea
diff --git a/charts/edge-stack/CHANGELOG.md b/charts/edge-stack/CHANGELOG.md
index e84588d..a064f12 100644
--- a/charts/edge-stack/CHANGELOG.md
+++ b/charts/edge-stack/CHANGELOG.md
@@ -7,6 +7,10 @@ numbering uses [semantic versioning](http://semver.org).
(no changes yet)
+## v7.1.2-ea
+
+- Update Edge Stack chart image to version v2.0.2-ea: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md)
+
## v7.1.1-ea
- Update Edge Stack chart image to version v2.0.1-ea: [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md)
diff --git a/charts/edge-stack/Chart.yaml b/charts/edge-stack/Chart.yaml
index 5efe7b0..85736c1 100644
--- a/charts/edge-stack/Chart.yaml
+++ b/charts/edge-stack/Chart.yaml
@@ -1,8 +1,8 @@
apiVersion: v2
-appVersion: 2.0.1-ea
+appVersion: 2.0.2-ea
description: A Helm chart for Ambassador Edge Stack
name: edge-stack
-version: 7.1.1-ea
+version: 7.1.2-ea
# TODO: change these to whatever the appropriate things are
icon: https://www.getambassador.io/images/logo.png
home: https://www.getambassador.io/
diff --git a/charts/edge-stack/README.md b/charts/edge-stack/README.md
index 5b21f2c..a413a55 100644
--- a/charts/edge-stack/README.md
+++ b/charts/edge-stack/README.md
@@ -53,7 +53,7 @@ The following table lists the configurable parameters of the `edge-stack` chart
| nameOverride | Manually set metadata for the Release. Defaults to .Chart.Name | `edge-stack` |
| fullnameOverride | Defaults to .Release.Name-.Chart.Name unless .Release.Name contains "ambassador" | `''` |
| namespaceOverride | Defaults to .Release.Namespace | `''` |
-| emissary-ingress | Emissary Chart Values. all values under emissary-ingress key are passed to [the emissary chart](https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/README.md)
Example:
`setting `emissary-ingress.service.type=NodePort` will pass `service.type=NodePort` to the underlying emissary chart` | `{"envRaw":"- name: REDIS_URL\n {{- if .Values.redisURL }}\n value: {{ .Values.redisURL }}\n {{- else }}\n value: {{ include \"ambassador.fullname\" . }}-redis:6379\n {{- end }}\n{{- if and .Values.licenseKey.secretName }}\n- name: AMBASSADOR_AES_SECRET_NAME\n value: {{ .Values.licenseKey.secretName }}\n{{- end }}\n","image":{"pullPolicy":"IfNotPresent","repository":"docker.io/datawire/aes","tag":"2.0.1-ea"},"licenseKey":{"createSecret":true},"nameOverride":"edge-stack","service":{"ports":[{"name":"http","port":80,"targetPort":8080},{"name":"https","port":443,"targetPort":8443}],"type":"LoadBalancer"},"serviceAccount":{"create":true},"singleNamespace":false,"test":{"enabled":false},"volumeMountsRaw":"{{- if and .Values.licenseKey.createSecret }}\n- name: {{ include \"ambassador.fullname\" . }}-secrets\n mountPath: /.config/ambassador\n readOnly: true\n{{- end }}\n","volumesRaw":"- name: {{ include \"ambassador.fullname\" . }}-secrets\n secret:\n {{- if and .Values.licenseKey .Values.licenseKey.secretName }}\n secretName: {{ .Values.licenseKey.secretName }}\n {{- else }}\n secretName: {{ include \"ambassador.fullname\" . }}\n {{- end }}\n"}` |
+| emissary-ingress | Emissary Chart Values. all values under emissary-ingress key are passed to [the emissary chart](https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/README.md)
Example:
`setting `emissary-ingress.service.type=NodePort` will pass `service.type=NodePort` to the underlying emissary chart` | `{"envRaw":"- name: REDIS_URL\n {{- if .Values.redisURL }}\n value: {{ .Values.redisURL }}\n {{- else }}\n value: {{ include \"ambassador.fullname\" . }}-redis:6379\n {{- end }}\n{{- if and .Values.licenseKey.secretName }}\n- name: AMBASSADOR_AES_SECRET_NAME\n value: {{ .Values.licenseKey.secretName }}\n{{- end }}\n","image":{"pullPolicy":"IfNotPresent","repository":"docker.io/datawire/aes","tag":"2.0.2-ea"},"licenseKey":{"createSecret":true},"nameOverride":"edge-stack","service":{"ports":[{"name":"http","port":80,"targetPort":8080},{"name":"https","port":443,"targetPort":8443}],"type":"LoadBalancer"},"serviceAccount":{"create":true},"singleNamespace":false,"test":{"enabled":false},"volumeMountsRaw":"{{- if and .Values.licenseKey.createSecret }}\n- name: {{ include \"ambassador.fullname\" . }}-secrets\n mountPath: /.config/ambassador\n readOnly: true\n{{- end }}\n","volumesRaw":"- name: {{ include \"ambassador.fullname\" . }}-secrets\n secret:\n {{- if and .Values.licenseKey .Values.licenseKey.secretName }}\n secretName: {{ .Values.licenseKey.secretName }}\n {{- else }}\n secretName: {{ include \"ambassador.fullname\" . }}\n {{- end }}\n"}` |
| rbac.create | Specifies whether RBAC resources should be created | `true` |
| rbac.podSecurityPolicies | List of Pod Security Policies to use on the container. If security.podSecurityPolicy is set, it will be appended to the list | `[]` |
| rbac.nameOverride | Name of the RBAC resources defaults to the name of the release. Set nameOverride when installing Ambassador with cluster-wide scope in different namespaces with the same release name to avoid conflicts. | `` |
diff --git a/charts/edge-stack/values.yaml b/charts/edge-stack/values.yaml
index d46b1ea..e9db114 100644
--- a/charts/edge-stack/values.yaml
+++ b/charts/edge-stack/values.yaml
@@ -70,7 +70,7 @@ emissary-ingress: # +doc-gen:break
image:
repository: docker.io/datawire/aes
- tag: 2.0.1-ea
+ tag: 2.0.2-ea
pullPolicy: IfNotPresent
rbac:
diff --git a/manifests/edge-stack/aes.yaml b/manifests/edge-stack/aes.yaml
index 581a95e..ec91616 100644
--- a/manifests/edge-stack/aes.yaml
+++ b/manifests/edge-stack/aes.yaml
@@ -406,7 +406,7 @@ spec:
serviceAccountName: edge-stack-agent
containers:
- name: agent
- image: docker.io/datawire/aes:2.0.1-ea
+ image: docker.io/datawire/aes:2.0.2-ea
imagePullPolicy: IfNotPresent
command: [ "agent" ]
env:
@@ -472,7 +472,7 @@ spec:
containers:
- name: aes
- image: docker.io/datawire/aes:2.0.1-ea
+ image: docker.io/datawire/aes:2.0.2-ea
imagePullPolicy: IfNotPresent
ports:
- name: http
diff --git a/manifests/edge-stack/oss-migration.yaml b/manifests/edge-stack/oss-migration.yaml
index abe27c7..5568cc9 100644
--- a/manifests/edge-stack/oss-migration.yaml
+++ b/manifests/edge-stack/oss-migration.yaml
@@ -129,7 +129,7 @@ spec:
containers:
- name: aes
- image: docker.io/datawire/aes:2.0.1-ea
+ image: docker.io/datawire/aes:2.0.2-ea
imagePullPolicy: IfNotPresent
ports:
- name: http