Update envoy-gloo to 1.32.3-patch2 (#10595)

Co-authored-by: changelog-bot <changelog-bot>
Co-authored-by: Nathan Fudenberg <[email protected]>
Co-authored-by: Sam Heilbron <[email protected]>

Author: 3 people

Makefile

@@ -54,7 +54,7 @@ SOURCES := $(shell find . -name "*.go" | grep -v test.go)
 # for more information, see https://github.com/solo-io/gloo/pull/9633
 # and
 # https://soloio.slab.com/posts/extended-http-methods-design-doc-40j7pjeu
-ENVOY_GLOO_IMAGE ?= quay.io/solo-io/envoy-gloo:1.31.5-patch1
+ENVOY_GLOO_IMAGE ?= quay.io/solo-io/envoy-gloo:1.32.3-patch2
 LDFLAGS := "-X github.com/solo-io/gloo/pkg/version.Version=$(VERSION)"
 GCFLAGS ?=
 

changelog/v1.19.0-beta7/envoy-1.32-bump.yaml

@@ -0,0 +1,12 @@
+changelog:
+  - type: DEPENDENCY_BUMP
+    dependencyOwner: solo-io
+    dependencyRepo: envoy-gloo
+    dependencyTag: v1.32.3-patch2
+    issueLink: https://github.com/solo-io/solo-projects/issues/7608
+  - type: BREAKING_CHANGE
+    issueLink: https://github.com/solo-io/solo-projects/issues/7608
+    description: >-
+      The default configuration of Envoy will continue to trust internal addresses while in the future it will not trust them by default. If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary x-envoy headers) please explicitly include those addresses or CIDR ranges into [internal_address_config](https://docs.solo.io/gloo-edge/latest/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/options/hcm/hcm.proto.sk/#internaladdressconfig). You can turn up or test the upcoming internal address defaults by setting runtime guard envoy.reloadable_features.explicit_internal_address_config to true.
+
+      For more information, see: https://github.com/envoyproxy/envoy/pull/36221