Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-24.05] envoy: 1.30.5 -> 1.30.6 #343121

Merged
merged 1 commit into from
Sep 20, 2024
Merged

[release-24.05] envoy: 1.30.5 -> 1.30.6 #343121

merged 1 commit into from
Sep 20, 2024

Conversation

adamcstephens
Copy link
Contributor

@adamcstephens adamcstephens commented Sep 19, 2024
edited
Loading

https://github.com/envoyproxy/envoy/releases/tag/v1.30.6

CVE-2024-45808: Malicious log injection via access logs
CVE-2024-45806: Potential manipulate x-envoy headers from external sources
CVE-2024-45809: Jwt filter crash in the clear route cache with remote JWKs
CVE-2024-45810: Envoy crashes for LocalReply in http async client

No deps changes.

Description of changes

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@adamcstephens
envoy: 1.30.5 -> 1.30.6
a219f9f 
https://github.com/envoyproxy/envoy/releases/tag/v1.30.6

CVE-2024-45808: Malicious log injection via access logs
CVE-2024-45806: Potential manipulate x-envoy headers from external sources
CVE-2024-45809: Jwt filter crash in the clear route cache with remote JWKs
CVE-2024-45810: Envoy crashes for LocalReply in http async client
@adamcstephens adamcstephens added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Sep 19, 2024
@adamcstephens adamcstephens changed the title envoy: 1.30.5 -> 1.30.6 [release-24.05] envoy: 1.30.5 -> 1.30.6 Sep 19, 2024
@ofborg ofborg bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild 10.rebuild-linux: 1-10 labels Sep 19, 2024
@adamcstephens
Copy link
Contributor Author

adamcstephens commented Sep 20, 2024
edited
Loading

@ofborg build envoy envoy.passthru.tests

.

@adamcstephens
Copy link
Contributor Author

the pomerium test depends on chromium to run, which is too large to build in time..

x86

❯ nix-build -A envoy.passthru.tests.envoy
/nix/store/42k1k6k90bxc6xqs0mxlpa05fcc9s5rv-vm-test-run-envoy

@lukegb lukegb merged commit 944b2ae into NixOS:release-24.05 Sep 20, 2024
27 of 32 checks passed
@adamcstephens adamcstephens deleted the 2405/envoy/1.30.6 branch September 20, 2024 13:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lukegb lukegb Awaiting requested review from lukegb

Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@adamcstephens @lukegb