emissary-ingress/emissary v2.5.1

Emissary Ingress 2.5.1

on GitHub

🎉 Emissary Ingress 2.5.1 🎉

Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v2.5.1/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started

• Feature: Support for the getambassador.io/v1 apiVersion has been re-introduced, in order to
  facilitate smoother migrations from Emissary-ingress 1.y. Previously, in order to make migrations
  possible, an "unserved" v1 version was declared to Kubernetes, but was unsupported by
  Emissary-ingress. That unserved v1 could cause an excess of errors to be logged by the
  Kubernetes Nodes (regardless of whether the installation was migrated from 1.y or was a fresh 2.y
  install); fully supporting v1 again should resolve these errors.

• Security: Update Golang to release 1.19.4. Two CVE's were annouced in this z patch release.
  CVE-2022-41720 only affects Windows environments and Emissary-ingress runs in linux. The second
  one CVE-2022-41717 only affects HTTP/2 server connections exposed to external clients.
  Emissary-ingress does not expose any Golang http servers to outside clients. The data-plane of
  Envoy is not affected by either of these.

• Security: Updated Golang to the latest z patch. We are not vulnerable to the CVE-2022-3602 that
  was released in 1.19.3 and you can read more about it here:
  https://medium.com/ambassador-api-gateway/ambassador-labs-security-impact-assessment-of-nov-1-openssl-golang-vulnerabilities-f11b5ec37a7e.
  Updating to the latest z patch as part of our normal dependency update process and this will help
  reduce the noise of security scanners.