Security
Envoy released a security update to addresses the following CVE(s):
- CVE-2020-25017 (CVSS score 6.5, Medium): Incorrect handling of duplicate HTTP headers
This patch updates the underlying embedded version of Envoy to 1.15.1
. If you instead are using the Envoy from your local $PATH
you are encouraged to upgrade that binary as well.
- deps: envoy 1.15.1 @desimone GH-1473
- deps: update envoy arm64 to v1.15.1 @travisgroth GH-1475