-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[IMPORTANT/bp/1.29] Multiple CVEs #36223
Conversation
Change-Id: If54c7143ecb1bf936e88fbb3371d9c47f6d8f671 Signed-off-by: Kuat Yessenov <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
…vice mesh environments Signed-off-by: Alyssa Wilk <[email protected]> Signed-off-by: Boteng Yao <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Boteng Yao <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: tyxia <[email protected]> Signed-off-by: Boteng Yao <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
CC @envoyproxy/runtime-guard-changes: FYI only for changes made to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm api
closing in favour of #36214 it was taking too long - so probs better to just land with the release |
Pull request was closed
CVE-2024-45808: Malicious log injection via access logs
CVE-2024-45806: Potential manipulate
x-envoy
headers from external sourcesCVE-2024-45809: Jwt filter crash in the clear route cache with remote JWKs
CVE-2024-45810: Envoy crashes for LocalReply in http async client