Skip to content

Commit

Permalink
1.26 | bazel: Update to a newer version of envoy-fork with http2 cont…
Browse files Browse the repository at this point in the history
…inuation cve (#320)

* bazel: Update to a newer version of envoy-fork which bumps upstream envoy for HTTP2 continuation flood cve

* changelog: add issuelink:
  • Loading branch information
nfuden authored Apr 10, 2024
1 parent 52b93ad commit 47f3f0c
Showing 2 changed files with 11 additions and 2 deletions.
4 changes: 2 additions & 2 deletions bazel/repository_locations.bzl
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
REPOSITORY_LOCATIONS = dict(
envoy = dict(
# envoy 1.26.7 forked with extproc changes
# sourced from release v1.26.7-fork1
commit = "37f7ac716a3253001640ccb4a548d8dba0d6cf4f",
# sourced from release v1.26.8-fork1
commit = "f87a6143de75426bff63d0da4e9d4ed400b74a40",
remote = "https://github.com/solo-io/envoy-fork",
),
inja = dict(
9 changes: 9 additions & 0 deletions changelog/v1.26.8-patch1/envoy-bump.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
changelog:
- type: DEPENDENCY_BUMP
dependencyRepo: envoy
dependencyOwner: envoyproxy
dependencyTag: v1.26.8
issueLink: https://github.com/solo-io/solo-projects/issues/6008
description: >
Bump Envoy to v1.26.8 for our fork.
Tackles the http2 crazy cve CVE-2024-30255

0 comments on commit 47f3f0c

Please sign in to comment.