1.14.11 (October 31, 2023)
SECURITY:
- Update
golang.org/x/netto v0.17.0 to address CVE-2023-39325
/ CVE-2023-44487(x/net/http2). [GH-19225] - Upgrade Go to 1.20.10.
This resolves vulnerability CVE-2023-39325
/ CVE-2023-44487(net/http). [GH-19225] - Upgrade
google.golang.org/grpcto 1.56.3.
This resolves vulnerability CVE-2023-44487. [GH-19414] - connect: update supported envoy versions to 1.24.12 to address CVE-2023-44487 [GH-19271]
BUG FIXES:
- Mesh Gateways: Fix a bug where replicated and peered mesh gateways with hostname-based WAN addresses fail to initialize. [GH-19268]
- api: add custom marshal/unmarshal for ServiceResolverConfigEntry.RequestTimeout so config entries that set this field can be read using the API. [GH-19031]
- ca: ensure Vault CA provider respects Vault Enterprise namespace configuration. [GH-19095]
- catalog api: fixes a bug with catalog api where filter query parameter was not working correctly for the
/v1/catalog/servicesendpoint [GH-18322] - connect: Fix bug where uncleanly closed xDS connections would influence connection balancing for too long and prevent envoy instances from starting. Two new configuration fields
performance.grpc_keepalive_timeoutandperformance.grpc_keepalive_intervalnow exist to allow for configuration on how often these dead connections will be cleaned up. [GH-19339]