Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[NET-7948] Bump Envoy version to address multiple CVEs #20589

Merged
merged 1 commit into from
Feb 12, 2024
Merged

[NET-7948] Bump Envoy version to address multiple CVEs #20589

merged 1 commit into from
Feb 12, 2024

Conversation

zalimeni
Copy link
Member

@zalimeni zalimeni commented Feb 12, 2024
edited
Loading

Description

Bump Envoy version main and backport to release/1.18.x to address multiple CVEs.

Note: Versions of Envoy < 1.26.x are not maintained and do not provide patched versions that address these CVEs.

Release branch PRs:

Testing & Reproduction steps

CI continues to pass.

PR Checklist

  • updated test coverage
  • external facing docs updated
  • appropriate backport labels added
  • not a security concern

@zalimeni zalimeni requested a review from a team as a code owner February 12, 2024 18:21
@github-actions github-actions bot added type/docs Documentation needs to be created/updated/clarified type/ci Relating to continuous integration (CI) tooling for testing or releases theme/contributing Additions and enhancements to community contributing materials labels Feb 12, 2024
@zalimeni zalimeni force-pushed the zalimeni/net-7948-update-envoy-version branch from 31aa784 to 7217763 Compare February 12, 2024 18:22
@NicoletaPopoviciu NicoletaPopoviciu mentioned this pull request Feb 12, 2024
Closed
4 tasks
@zalimeni zalimeni force-pushed the zalimeni/net-7948-update-envoy-version branch from 7217763 to a40a24b Compare February 12, 2024 19:28
@zalimeni
Copy link
Member Author

Added missing bumps for 1.15 nightlies

@zalimeni zalimeni force-pushed the zalimeni/net-7948-update-envoy-version branch 2 times, most recently from 2b5533e to 476d20d Compare February 12, 2024 19:35
zalimeni
zalimeni commented Feb 12, 2024
View reviewed changes
website/content/docs/connect/proxies/envoy.mdx Outdated
Comment on lines 42 to 54
| 1.18.x | 1.28.0, 1.27.2, 1.26.6, 1.25.11 |
| 1.17.x | 1.27.2, 1.26.6, 1.25.11, 1.24.12 |
| 1.16.x | 1.26.6, 1.25.11, 1.24.12, 1.23.12 |
| 1.18.x | 1.28.1, 1.27.3, 1.26.7, 1.25.11 |
| 1.17.x | 1.27.3, 1.26.7, 1.25.11, 1.24.12 |
| 1.16.x | 1.26.7, 1.25.11, 1.24.12, 1.23.12 |
| 1.15.x | 1.28.1, 1.27.3, 1.26.7, 1.25.11, 1.26.7, 1.25.11, 1.24.12, 1.23.12 |

### Envoy and Consul Dataplane

The Consul dataplane component was introduced in Consul v1.14 as a way to manage Envoy proxies without the use of Consul clients. Each new minor version of Consul is released with a new minor version of Consul dataplane, which packages both Envoy and the `consul-dataplane` binary in a single container image. For backwards compatibility reasons, each new minor version of Consul will also support the previous minor version of Consul dataplane to allow for seamless upgrades. In addition, each minor version of Consul will support the next minor version of Consul dataplane to allow for extended dataplane support via newer versions of Envoy.

| Consul Version | Default `consul-dataplane` Version | Other compatible `consul-dataplane` Versions |
| ------------------- | ------------------------------------------------------------|----------------------------------------------|
| 1.17.x | 1.3.x (Envoy 1.27.x) | 1.2.x (Envoy 1.26.x) |
| 1.18.x | 1.4.x (Envoy 1.28.x) | 1.3.x (Envoy 1.27.x) |
| 1.17.x | 1.3.x (Envoy 1.27.x) | 1.4.x (Envoy 1.28.x), 1.2.x (Envoy 1.26.x) |
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@david-yu could I get another look at this change to 👍🏻 the docs here? I noticed they were a bit inconsistent.

I know we sometimes have updated these closer to the actual .0 release, but given we already had an entry for 1.18.x in one table, probably ok to just keep between now and the release (given we're also already publishing dev images, and past RC1)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to add these in here. I'm curious about the number of Envoy versions that 1.15.x supports. Will take offline.

Copy link
Member Author

@zalimeni zalimeni Feb 12, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool, thanks - for better visibility for others, this is essentially a follow-up to #20323

@zalimeni zalimeni force-pushed the zalimeni/net-7948-update-envoy-version branch from 476d20d to f670f7a Compare February 12, 2024 22:07
@zalimeni zalimeni enabled auto-merge (squash) February 12, 2024 22:09
@zalimeni zalimeni merged commit 5862c52 into main Feb 12, 2024
85 checks passed
@zalimeni zalimeni deleted the zalimeni/net-7948-update-envoy-version branch February 12, 2024 22:29
@hc-github-team-consul-core hc-github-team-consul-core mentioned this pull request Feb 12, 2024
Merged
4 tasks
@zalimeni zalimeni mentioned this pull request Apr 5, 2024
Merged
4 tasks
@dhiaayachi dhiaayachi mentioned this pull request Sep 27, 2024
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@david-yu david-yu david-yu approved these changes

@NicoletaPopoviciu NicoletaPopoviciu Awaiting requested review from NicoletaPopoviciu

Assignees
No one assigned
Labels
theme/contributing Additions and enhancements to community contributing materials type/ci Relating to continuous integration (CI) tooling for testing or releases type/docs Documentation needs to be created/updated/clarified
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zalimeni @david-yu