envoyproxy/envoy v1.27.6
on GitHub

latest releases: v1.32.1, v1.31.3, v1.30.7...

5 months ago

repo: Release v1.27.6

Summary of changes:

CVE-2024-34362: Crash (use-after-free) in EnvoyQuicServerStream
CVE-2024-34364: Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response, and other components
CVE-2024-32974: Crash in EnvoyQuicServerStream::OnInitialHeadersComplete()
CVE-2024-32975: Crash in QuicheDataReader::PeekVarInt62Length()
CVE-2024-32976: Endless loop while decompressing Brotli data with extra input
CVE-2024-23326: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.27.6
Docs:
https://www.envoyproxy.io/docs/envoy/v1.27.6/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.27.6/version_history/v1.27/v1.27.6
Full changelog:
v1.27.5...v1.27.6

Signed-off-by: Boteng Yao boteng@google.com
Signed-off-by: Ryan Northey ryan@synca.io

Check out latest releases or
releases around envoyproxy/envoy v1.27.6

Don't miss a new envoy release

NewReleases is sending notifications on new releases.

Get notifications