-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
auto-merge envoyproxy/envoy[release/v1.31] into envoyproxy/envoy-openssl[release/v1.31] #275
Open
update-openssl-envoy
wants to merge
49
commits into
release/v1.31
Choose a base branch
from
auto-merge-release-v1-31
base: release/v1.31
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: phlax <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: phlax <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
from
October 24, 2024 01:31
8fa5076
to
fd881f3
Compare
Signed-off-by: Ryan Northey <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
4 times, most recently
from
October 28, 2024 01:31
7161b7b
to
f3032f1
Compare
this is currently triggering on the release branches codeql uses ci cache which is very limited and running this on multiple branches is expiring caches making this take a very long time Signed-off-by: Ryan Northey <[email protected]>
This allows per-repo configuration/customization of the bazel (eg rbe) settings Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: phlax <[email protected]>
…a91f01` in /ci (#36847) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ryan Northey <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
from
October 29, 2024 01:31
f3032f1
to
1add931
Compare
Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: phlax <[email protected]>
**Summary of changes** - Minor tracing bug fix - CI and release container updates **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.31.3 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.31.3/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.31.3/version_history/v1.31/v1.31.3 **Full changelog**: envoyproxy/envoy@v1.31.2...v1.31.3 Signed-off-by: Kateryna Nezdolii <[email protected]> Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: publish-envoy[bot] <140627008+publish-envoy[bot]@users.noreply.github.com>
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
2 times, most recently
from
October 31, 2024 01:31
27011d3
to
660366a
Compare
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
7 times, most recently
from
November 7, 2024 01:30
12424e3
to
7ad500b
Compare
See istio/istio#53426. Istio has used underscores in their SNI since the beginning and it is critical to its functionality. Usage of underscores in SNI is a bit of a grey area in the RFCs, which are extremely under-specified wrt to what exactly is the allowed formats. However, the de-facto standard is to allow them, as virtually every TLS library does so (including, but not limited to, Golang, rustls, openssl, boringssl). This PR loosens the restriction to additionally allow underscores. Note the intent of the SNI restrictions was not RFC compliance, etc -- but rather to fix [log injection](GHSA-p222-xhp9-39rc) attacks (putting ANSI escapes, HTML, etc) into logs. This change does not loosen the security properties we hoped to gain with the initial patch. Signed-off-by: John Howard <[email protected]> (cherry picked from commit 79ee342)
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
from
December 9, 2024 01:32
4cbe0ce
to
26a99df
Compare
Signed-off-by: Ryan Northey <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
8 times, most recently
from
December 17, 2024 01:31
cc1fe48
to
10fe056
Compare
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
from
December 18, 2024 01:31
10fe056
to
cae0c25
Compare
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Boteng Yao <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
…tead of crashing when sorting. Signed-off-by: Ryan Hamilton <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Paul Ogilby <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
**Summary of changes**: - [CVE-2024-53269](GHSA-mfqp-7mmj-rm53): Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting. - [CVE-2024-53270](GHSA-q9qv-8j52-77p3): HTTP/1: sending overload crashes when the request is reset beforehand - [CVE-2024-53271](GHSA-rmm5-h2wv-mg4f): HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.31.5 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.31.5/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.31.5/version_history/v1.31/v1.31.5 **Full changelog**: envoyproxy/envoy@v1.31.4...v1.31.5 Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Boteng Yao <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
8 times, most recently
from
December 26, 2024 01:31
b82fa95
to
cdc2a5f
Compare
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
3 times, most recently
from
December 29, 2024 01:31
b7080ca
to
12116f4
Compare
…ssl[release/v1.31] * upstream/release/v1.31: repo: Dev v1.31.6 repo: Release v1.31.5 [balsa] fix for 1xx response mixup happy_eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting. http/1: fix sending overload crash when request is reset github/ci: Set default runner in config (#37738) repo: Dev v1.31.5 repo: Release v1.31.4 build(deps): bump distroless/base-nossl-debian12 from `174f326` to `2a803cc` in /ci (#37410) ci: Boost cpu for flakey on_demand integration test (#37294) ci: Boost cpu for flakey grpc integration test (#37223) ci: Boost mem for integration test (#37009) ci/rbe: Boost cpus for more flakey tests (#36942) ci/rbe: Boost cpus for some more integration tests (#36930) ci/rbe: Boost cpu for another integration test (#36885) ci/rbe: Boost cpus for more integration tests (#36837) ci/rbe: Boost cpu/mem for more integration tests (#36825) ci/rbe: Boost cpus for a couple more integration tests (#36807) ci/tests: Boost more worker cores for flakey integration tests (#36793) Patch c-ares CVE-2024-25629 (#37269) changelog: Add entry for `schema_validation_tool` fix (#37335) ci/bazel: Fix repo config (#37349) github/ci: Only trigger pr-notifier ci on `main` PRs (#37336) validator: add in removed extension (#37261) limit calculated sampling exponent (#37240) build(deps): bump distroless/base-nossl-debian12 from `aa91f01` to `174f326` in /ci (#37119) deps/api: Bump `envoy_toolshed` -> 0.1.16 (#37219) deps: Bump python -> 3.12.3 (#35334) headers/geoip: Fix macro (#36964) bazel: Make `ci` config common (#37027) bazel/distribution: Cleanups to fix aquery (#36977) ci: Add bazel client caching (#37096) Add release note for "Relax recent SNI restrictions" (#37000) Relax recent SNI restrictions (#36950) ci/rbe: Boost cpu for another flakey integration test repo: Dev v1.31.4 repo: Release v1.31.3 ci: Fix coverage/docs upload redirect path (#36423) build(deps): bump distroless/base-nossl-debian12 from `e130c09` to `aa91f01` in /ci (#36847) bazel/ci: Add repo customizations (#36831) ci/codeql: Only run on main branch (#36806) ci/rbe: Boost quic integration test (#36805) deps/release: Bump Ubuntu -> 0e5e4a5 (#36723) ci/tests: Revert some integration tests to `2core` (#36784) ci/rbe: Switch rbe pools `2core` -> `6gig` (#36761) ocsp/formatting: Fix format issue in generated cert (#36763) test/ocsp: Renew certificates (#36755) ci/rbe: Switch backend RBE cluster (#36730) Signed-off-by: tedjpoole <[email protected]>
update-openssl-envoy
bot
force-pushed
the
auto-merge-release-v1-31
branch
from
December 30, 2024 01:31
12116f4
to
3218385
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Generated by envoy-sync-receive.sh