Dependency Bumps
- solo-io/envoy-gloo has been upgraded to v1.16.4.
- dgrijalva/jwt-go has been upgraded to v4.0.0-preview1.
- linux/alpine has been upgraded to 3.13.5.
Fixes
- Add helm setting to define envoy runtime override for CVE-2021-29492 (GHSA-4987-27fx-x6cf). By default, Envoy's behavior does not change to address this vulnerability. The desired Http Connection Manager runtime setting option must be defined and is exposed as the
gatewayProxies.NAME.pathWithEscapedSlashesActionhelm value. See https://www.envoyproxy.io/docs/envoy/v1.16.4/configuration/http/http_conn_man/runtime.html for values. (#4727) - Update the Docker Compose docs. (#4692)