auto-merge envoyproxy/envoy[release/v1.31] into envoyproxy/envoy-openssl[release/v1.31] #275
+2,090
−1,729
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![update-openssl-envoy[bot]](https://avatars.githubusercontent.com/u/30125649?s=60&v=4){kind=small}
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: phlax <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: phlax <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
from
8fa5076 to
fd881f3
Compare
Signed-off-by: Ryan Northey <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
4 times, most recently
from
7161b7b to
f3032f1
Compare
this is currently triggering on the release branches codeql uses ci cache which is very limited and running this on multiple branches is expiring caches making this take a very long time Signed-off-by: Ryan Northey <[email protected]>
This allows per-repo configuration/customization of the bazel (eg rbe) settings Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: phlax <[email protected]>
…a91f01` in /ci (#36847) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ryan Northey <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
from
f3032f1 to
1add931
Compare
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: phlax <[email protected]>
**Summary of changes**
- Minor tracing bug fix
- CI and release container updates
**Docker images**:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.31.3
**Docs**:
https://www.envoyproxy.io/docs/envoy/v1.31.3/
**Release notes**:
https://www.envoyproxy.io/docs/envoy/v1.31.3/version_history/v1.31/v1.31.3
**Full changelog**:
envoyproxy/envoy@v1.31.2...v1.31.3
Signed-off-by: Kateryna Nezdolii <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: publish-envoy[bot] <140627008+publish-envoy[bot]@users.noreply.github.com>
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
2 times, most recently
from
27011d3 to
660366a
Compare
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
7 times, most recently
from
12424e3 to
7ad500b
Compare
See istio/istio#53426. Istio has used underscores in their SNI since the beginning and it is critical to its functionality. Usage of underscores in SNI is a bit of a grey area in the RFCs, which are extremely under-specified wrt to what exactly is the allowed formats. However, the de-facto standard is to allow them, as virtually every TLS library does so (including, but not limited to, Golang, rustls, openssl, boringssl). This PR loosens the restriction to additionally allow underscores. Note the intent of the SNI restrictions was not RFC compliance, etc -- but rather to fix [log injection](GHSA-p222-xhp9-39rc) attacks (putting ANSI escapes, HTML, etc) into logs. This change does not loosen the security properties we hoped to gain with the initial patch. Signed-off-by: John Howard <[email protected]> (cherry picked from commit 79ee342)
**Summary of changes**:
- Minor bug fixes
**Docker images**:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.31.4
**Docs**:
https://www.envoyproxy.io/docs/envoy/v1.31.4/
**Release notes**:
https://www.envoyproxy.io/docs/envoy/v1.31.4/version_history/v1.31/v1.31.4
**Full changelog**:
envoyproxy/envoy@v1.31.3...v1.31.4
Signed-off-by: Ryan Northey <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
from
4cbe0ce to
26a99df
Compare
Signed-off-by: Ryan Northey <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
8 times, most recently
from
cc1fe48 to
10fe056
Compare
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
from
10fe056 to
cae0c25
Compare
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Boteng Yao <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
…tead of crashing when sorting. Signed-off-by: Ryan Hamilton <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Paul Ogilby <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
**Summary of changes**: - [CVE-2024-53269](GHSA-mfqp-7mmj-rm53): Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting. - [CVE-2024-53270](GHSA-q9qv-8j52-77p3): HTTP/1: sending overload crashes when the request is reset beforehand - [CVE-2024-53271](GHSA-rmm5-h2wv-mg4f): HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.31.5 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.31.5/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.31.5/version_history/v1.31/v1.31.5 **Full changelog**: envoyproxy/envoy@v1.31.4...v1.31.5 Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Boteng Yao <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
8 times, most recently
from
b82fa95 to
cdc2a5f
Compare
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
2 times, most recently
from
44f52d7 to
b7080ca
Compare
…ssl[release/v1.31] * upstream/release/v1.31: repo: Dev v1.31.6 repo: Release v1.31.5 [balsa] fix for 1xx response mixup happy_eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting. http/1: fix sending overload crash when request is reset github/ci: Set default runner in config (#37738) repo: Dev v1.31.5 repo: Release v1.31.4 build(deps): bump distroless/base-nossl-debian12 from `174f326` to `2a803cc` in /ci (#37410) ci: Boost cpu for flakey on_demand integration test (#37294) ci: Boost cpu for flakey grpc integration test (#37223) ci: Boost mem for integration test (#37009) ci/rbe: Boost cpus for more flakey tests (#36942) ci/rbe: Boost cpus for some more integration tests (#36930) ci/rbe: Boost cpu for another integration test (#36885) ci/rbe: Boost cpus for more integration tests (#36837) ci/rbe: Boost cpu/mem for more integration tests (#36825) ci/rbe: Boost cpus for a couple more integration tests (#36807) ci/tests: Boost more worker cores for flakey integration tests (#36793) Patch c-ares CVE-2024-25629 (#37269) changelog: Add entry for `schema_validation_tool` fix (#37335) ci/bazel: Fix repo config (#37349) github/ci: Only trigger pr-notifier ci on `main` PRs (#37336) validator: add in removed extension (#37261) limit calculated sampling exponent (#37240) build(deps): bump distroless/base-nossl-debian12 from `aa91f01` to `174f326` in /ci (#37119) deps/api: Bump `envoy_toolshed` -> 0.1.16 (#37219) deps: Bump python -> 3.12.3 (#35334) headers/geoip: Fix macro (#36964) bazel: Make `ci` config common (#37027) bazel/distribution: Cleanups to fix aquery (#36977) ci: Add bazel client caching (#37096) Add release note for "Relax recent SNI restrictions" (#37000) Relax recent SNI restrictions (#36950) ci/rbe: Boost cpu for another flakey integration test repo: Dev v1.31.4 repo: Release v1.31.3 ci: Fix coverage/docs upload redirect path (#36423) build(deps): bump distroless/base-nossl-debian12 from `e130c09` to `aa91f01` in /ci (#36847) bazel/ci: Add repo customizations (#36831) ci/codeql: Only run on main branch (#36806) ci/rbe: Boost quic integration test (#36805) deps/release: Bump Ubuntu -> 0e5e4a5 (#36723) ci/tests: Revert some integration tests to `2core` (#36784) ci/rbe: Switch rbe pools `2core` -> `6gig` (#36761) ocsp/formatting: Fix format issue in generated cert (#36763) test/ocsp: Renew certificates (#36755) ci/rbe: Switch backend RBE cluster (#36730) Signed-off-by: tedjpoole <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
from
b7080ca to
12116f4
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Generated by envoy-sync-receive.sh