repo: Release v1.29.5
Summary of changes:
- CVE-2024-34362: Crash (use-after-free) in EnvoyQuicServerStream
- CVE-2024-34363: Crash due to uncaught nlohmann JSON exception
- CVE-2024-34364: Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response, and other components
- CVE-2024-32974: Crash in EnvoyQuicServerStream::OnInitialHeadersComplete()
- CVE-2024-32975: Crash in QuicheDataReader::PeekVarInt62Length()
- CVE-2024-32976: Endless loop while decompressing Brotli data with extra input
- CVE-2024-23326: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.29.5
Docs:
https://www.envoyproxy.io/docs/envoy/v1.29.5/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.29.5/version_history/v1.29/v1.29.5
Full changelog:
v1.29.4...v1.29.5
Signed-off-by: Boteng Yao boteng@google.com
Signed-off-by: Ryan Northey ryan@synca.io