We are delighted to present version 1.6.1 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters.
New and improved
Upgraded to Envoy 1.14.3
This Contour release upgrades the default Envoy version from 1.14.2 to 1.14.3. All Contour users should upgrade to this release, which addresses the following security issues:
- CVE-2020-8663 Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.
- CVE-2020-12603 Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.
- CVE-2020-12604 Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream.
- CVE-2020-12605 Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.
(Associated PRs: #2595)
Please consult the upgrade documentation.
Are you a Contour user? We would love to know!
If you're using Contour and want to add your organization to our adopters list, please visit this page. If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this GitHub thread