Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/v1.31] repo: Release v1.31.5 #37728

Merged
merged 4 commits into from
Dec 18, 2024
Merged

[release/v1.31] repo: Release v1.31.5 #37728

merged 4 commits into from
Dec 18, 2024

Conversation

publish-envoy[bot]
Copy link
Contributor

@publish-envoy publish-envoy bot commented Dec 18, 2024
edited by phlax
Loading

  • CVE-2024-53269: Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting.
  • CVE-2024-53270: HTTP/1: sending overload crashes when the request is reset beforehand
  • CVE-2024-53271: HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.31.5
Docs:
https://www.envoyproxy.io/docs/envoy/v1.31.5/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.31.5/version_history/v1.31/v1.31.5
Full changelog:
v1.31.4...v1.31.5

@phlax phlax force-pushed the release/create/v1.31 branch 2 times, most recently from eb4fb29 to 7d7cea6 Compare December 18, 2024 13:35
botengyao
botengyao previously approved these changes Dec 18, 2024
View reviewed changes
botengyao and others added 3 commits December 18, 2024 16:42
@botengyao @phlax
http/1: fix sending overload crash when request is reset
072b076 
Signed-off-by: Boteng Yao <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
@RyanTheOptimist @phlax
happy_eyeballs: Validate that additional_address are IP addresses ins…
4350d7b 
…tead of crashing when sorting.

Signed-off-by: Ryan Hamilton <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
@paul-r-gall @phlax
[balsa] fix for 1xx response mixup
ee1635d 
Signed-off-by: Paul Ogilby <[email protected]>

Signed-off-by: Ryan Northey <[email protected]>
@phlax phlax force-pushed the release/create/v1.31 branch from 7d7cea6 to 6f26749 Compare December 18, 2024 16:43
@repokitteh-read-only RepoKitteh - Read Only
Copy link

CC @envoyproxy/runtime-guard-changes: FYI only for changes made to (source/common/runtime/runtime_features.cc).

🐱

Caused by: #37728 was synchronize by phlax.

see: more, trace.

@phlax
Copy link
Member

phlax commented Dec 18, 2024

/docs

@repokitteh-read-only RepoKitteh - Read Only
Copy link

Docs for this Pull Request will be rendered here:

https://storage.googleapis.com/envoy-pr/37728/docs/index.html

The docs are (re-)rendered each time the CI envoy-presubmit (precheck docs) job completes.

🐱

Caused by: a #37728 (comment) was created by @phlax.

see: more, trace.

botengyao
botengyao previously approved these changes Dec 18, 2024
View reviewed changes
Copy link
Member

@botengyao botengyao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, and 1.31 contains all 3 commits, thanks!

@botengyao
Copy link
Member

/retest

@phlax phlax force-pushed the release/create/v1.31 branch 2 times, most recently from 82bba61 to 6dcfb76 Compare December 18, 2024 19:00
@phlax
repo: Release v1.31.5
e7a66f5 
**Summary of changes**:

- [CVE-2024-53269](GHSA-mfqp-7mmj-rm53): Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting.
- [CVE-2024-53270](GHSA-q9qv-8j52-77p3):  HTTP/1: sending overload crashes when the request is reset beforehand
- [CVE-2024-53271](GHSA-rmm5-h2wv-mg4f):  HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset

**Docker images**:
    https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.31.5
**Docs**:
    https://www.envoyproxy.io/docs/envoy/v1.31.5/
**Release notes**:
    https://www.envoyproxy.io/docs/envoy/v1.31.5/version_history/v1.31/v1.31.5
**Full changelog**:
    v1.31.4...v1.31.5

Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Boteng Yao <[email protected]>
@phlax phlax force-pushed the release/create/v1.31 branch from 6dcfb76 to e7a66f5 Compare December 18, 2024 19:00
@phlax phlax merged commit 688c4bb into release/v1.31 Dec 18, 2024
10 of 11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@botengyao botengyao botengyao left review comments

Assignees
No one assigned
Labels
version-change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@phlax @botengyao @RyanTheOptimist @paul-r-gall