CVEs
Updated envoy-gloo to one based on envoy master (1.15.0), which includes security fixes in envoy. For more details on the CVEs, see the envoy release notes here.
Note that one of the CVEs requires setting the global_downstream_max_connections, which may affect traffic if you perform a rolling upgrade from a version vulnerable to the CVE. The max connections is configurable and defaults to 250,000.
Dependency Bumps
- envoy-gloo/solo-io has been upgraded to v1.15.0-rc1.
Fixes