Skip to content

Commit

Permalink
deps: bump to Envoy 1.26.4
Browse files Browse the repository at this point in the history
Bumps to our latest Envoy custom build based on 1.26.4 which
addresses the following CVEs:

- CVE-2023-35941 : Not affected but pulled in
- CVE-2023-35942
- CVE-2023-35943
- CVE-2023-35944

Signed-off-by: Lance Austin <[email protected]>
  • Loading branch information
Lance Austin committed Jul 25, 2023
1 parent 7838b2c commit fe5965e
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 2 deletions.
8 changes: 8 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,14 @@ it will be removed; but as it won't be user-visible this isn't considered a brea

## RELEASE NOTES

## [3.7.2] July 25, 2023
[3.7.2]: https://github.com/emissary-ingress/emissary/compare/v3.7.1...v3.7.2

### Emissary-ingress and Ambassador Edge Stack

- Security: This upgrades Emissary-ingress to be built on Envoy v1.26.4 which includes a security
fixes for CVE-2023-35942, CVE-2023-35943, VE-2023-35944.

## [3.7.1] July 13, 2023
[3.7.1]: https://github.com/emissary-ingress/emissary/compare/v3.7.0...v3.7.1

Expand Down
4 changes: 2 additions & 2 deletions _cxx/envoy.mk
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@ RSYNC_EXTRAS ?=

# IF YOU MESS WITH ANY OF THESE VALUES, YOU MUST RUN `make update-base`.
ENVOY_REPO ?= $(if $(IS_PRIVATE),[email protected]:datawire/envoy-private.git,https://github.com/datawire/envoy.git)
# rebase/release/v1.26.3
ENVOY_COMMIT ?= 3480b07639bbfcc41b7c3030091eda48fa6f699b
# https://github.com/datawire/envoy/tree/rebase/release/v1.26.4
ENVOY_COMMIT ?= bbda92fc3e3d430bd2114aa3458d3191205c9c0e
ENVOY_COMPILATION_MODE ?= opt
# Increment BASE_ENVOY_RELVER on changes to `docker/base-envoy/Dockerfile`, or Envoy recipes.
# You may reset BASE_ENVOY_RELVER when adjusting ENVOY_COMMIT.
Expand Down
10 changes: 10 additions & 0 deletions docs/releaseNotes.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,16 @@

changelog: https://github.com/emissary-ingress/emissary/blob/$branch$/CHANGELOG.md
items:
- version: 3.7.2
prevVersion: 3.7.1
date: '2023-07-25'
notes:
- title: Upgrade to Envoy 1.26.4
type: security
body: >-
This upgrades $productName$ to be built on Envoy v1.26.4 which includes a security fixes for
CVE-2023-35942, CVE-2023-35943, VE-2023-35944.
- version: 3.7.1
prevVersion: 3.7.0
date: '2023-07-13'
Expand Down

0 comments on commit fe5965e

Please sign in to comment.