Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[NET-7948] Bump Envoy version on 1.16.x to address multiple CVEs #20586

Merged
merged 1 commit into from
Feb 12, 2024
Merged

[NET-7948] Bump Envoy version on 1.16.x to address multiple CVEs #20586

merged 1 commit into from
Feb 12, 2024

Conversation

NicoletaPopoviciu
Copy link
Collaborator

@NicoletaPopoviciu NicoletaPopoviciu commented Feb 12, 2024
edited by zalimeni
Loading

Description

Bump Envoy version on 1.16.x to address multiple CVEs.

Note: Versions of Envoy < 1.26.x are not maintained and do not provide patched versions that address these CVEs.

Testing & Reproduction steps

CI continues to pass.

PR Checklist

  • updated test coverage
  • external facing docs updated
  • appropriate backport labels added
  • not a security concern

@github-actions github-actions bot added type/ci Relating to continuous integration (CI) tooling for testing or releases theme/contributing Additions and enhancements to community contributing materials labels Feb 12, 2024
@NicoletaPopoviciu NicoletaPopoviciu requested a review from a team as a code owner February 12, 2024 16:59
@zalimeni zalimeni force-pushed the nicoleta/bump-envoy-on-1.16.x branch from c2d143e to 779f475 Compare February 12, 2024 17:01
zalimeni
zalimeni approved these changes Feb 12, 2024
View reviewed changes
Copy link
Member

@zalimeni zalimeni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • Added changelog
  • Tweaked comments and docs
  • Rebased for single commit message

LGTM, thanks @NicoletaPopoviciu !

@zalimeni
Copy link
Member

Note that, because Envoy 1.25 is no longer receiving patches, a similar PR will need to be created for release/1.15.x (LTS) to also target 1.26.7, but which introduces the 1.26.7 line. In practice, Consul release/1.16.x and release/1.15.x will be identical from an Envoy version perspective.

@zalimeni zalimeni changed the title Bump Envoy version on 1.16.x [NET-7948] Bump Envoy version on 1.16.x to address multiple CVEs Feb 12, 2024
@zalimeni zalimeni force-pushed the nicoleta/bump-envoy-on-1.16.x branch from 779f475 to cfeaf57 Compare February 12, 2024 18:07
@zalimeni zalimeni mentioned this pull request Feb 12, 2024
Merged
4 tasks
@zalimeni zalimeni force-pushed the nicoleta/bump-envoy-on-1.16.x branch from cfeaf57 to 896c2df Compare February 12, 2024 18:58
@zalimeni zalimeni force-pushed the nicoleta/bump-envoy-on-1.16.x branch from 896c2df to 3007563 Compare February 12, 2024 18:59
@NicoletaPopoviciu NicoletaPopoviciu merged commit 79dcd6f into release/1.16.x Feb 12, 2024
92 checks passed
@NicoletaPopoviciu NicoletaPopoviciu deleted the nicoleta/bump-envoy-on-1.16.x branch February 12, 2024 21:55
@hc-github-team-consul-core hc-github-team-consul-core mentioned this pull request Feb 12, 2024
Merged
4 tasks
This was referenced Sep 27, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zalimeni zalimeni zalimeni approved these changes

@david-yu david-yu david-yu approved these changes

Assignees
No one assigned
Labels
pr/no-backport theme/contributing Additions and enhancements to community contributing materials type/ci Relating to continuous integration (CI) tooling for testing or releases
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@NicoletaPopoviciu @zalimeni @david-yu