Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/v1.32] repo: Release v1.32.3 #37727

Merged
merged 4 commits into from
Dec 18, 2024
Merged

[release/v1.32] repo: Release v1.32.3 #37727

merged 4 commits into from
Dec 18, 2024

Conversation

publish-envoy[bot]
Copy link
Contributor

@publish-envoy publish-envoy bot commented Dec 18, 2024
edited by phlax
Loading

  • CVE-2024-53269: Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting.
  • CVE-2024-53270: HTTP/1: sending overload crashes when the request is reset beforehand
  • CVE-2024-53271: HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.32.3
Docs:
https://www.envoyproxy.io/docs/envoy/v1.32.3/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.32.3/version_history/v1.32/v1.32.3
Full changelog:
v1.32.2...v1.32.3

@phlax phlax force-pushed the release/create/v1.32 branch 2 times, most recently from 7040056 to 8f1f2c8 Compare December 18, 2024 13:07
botengyao
botengyao previously approved these changes Dec 18, 2024
View reviewed changes
botengyao and others added 3 commits December 18, 2024 17:08
@botengyao @phlax
http/1: fix sending overload crash when request is reset
0a45e31 
Signed-off-by: Boteng Yao <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
@RyanTheOptimist @phlax
happy_eyeballs: Validate that additional_address are IP addresses ins…
306b517 
…tead of crashing when sorting.

Signed-off-by: Ryan Hamilton <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
@paul-r-gall @phlax
[balsa] fix for 1xx response mixup
c908963 
Signed-off-by: Paul Ogilby <[email protected]>

Signed-off-by: Ryan Northey <[email protected]>
@phlax phlax force-pushed the release/create/v1.32 branch from 8f1f2c8 to 9929075 Compare December 18, 2024 17:09
@repokitteh-read-only RepoKitteh - Read Only
Copy link

CC @envoyproxy/runtime-guard-changes: FYI only for changes made to (source/common/runtime/runtime_features.cc).

🐱

Caused by: #37727 was synchronize by phlax.

see: more, trace.

botengyao
botengyao previously approved these changes Dec 18, 2024
View reviewed changes
Copy link
Member

@botengyao botengyao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thanks @phlax!

@phlax
repo: Release v1.32.3
810823c 
- [CVE-2024-53269](GHSA-mfqp-7mmj-rm53): Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting.
- [CVE-2024-53270](GHSA-q9qv-8j52-77p3):  HTTP/1: sending overload crashes when the request is reset beforehand
- [CVE-2024-53271](GHSA-rmm5-h2wv-mg4f):  HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset

**Docker images**:
    https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.32.3
**Docs**:
    https://www.envoyproxy.io/docs/envoy/v1.32.3/
**Release notes**:
    https://www.envoyproxy.io/docs/envoy/v1.32.3/version_history/v1.32/v1.32.3
**Full changelog**:
    v1.32.2...v1.32.3

Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Boteng Yao <[email protected]>
@phlax phlax force-pushed the release/create/v1.32 branch from 9929075 to 810823c Compare December 18, 2024 19:53
@phlax phlax merged commit 58bd599 into release/v1.32 Dec 18, 2024
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@botengyao botengyao botengyao left review comments

Assignees
No one assigned
Labels
version-change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@botengyao @phlax @RyanTheOptimist @paul-r-gall