Envoy 1.12.0 released
159 views
Skip to first unread message
Alyssa (Rzeszutek) Wilk
Oct 31, 2019, 8:54:39 PM10/31/19
to envoy-a...@googlegroups.com, envoy-dev, Envoy-maintainers, Envoy Users
Hey folks,
At long last, we have tagged and released Envoy 1.12.0!
Release: https://github.com/envoyproxy/envoy/releases/tag/v1.12.0
Docker images will be pushed within the hour: https://hub.docker.com/u/envoyproxy/
Docs: https://www.envoyproxy.io/docs/envoy/v1.12.0/
Release notes: https://www.envoyproxy.io/docs/envoy/v1.12.0/intro/version_history
Some stats since the last release:
envoy: 684 commits from 135 contributors
(If you are into cool contributor stats check out https://envoy.devstats.cncf.io/)
As always a giant, thank you to all of our wonderful users, contributors, and maintainers who are helping to make Envoy such a tremendous success.
Thanks,
Alyssa, on behalf of the Envoy maintainer team
At long last, we have tagged and released Envoy 1.12.0!
Release: https://github.com/envoyproxy/envoy/releases/tag/v1.12.0
Docker images will be pushed within the hour: https://hub.docker.com/u/envoyproxy/
Docs: https://www.envoyproxy.io/docs/envoy/v1.12.0/
Release notes: https://www.envoyproxy.io/docs/envoy/v1.12.0/intro/version_history
Some stats since the last release:
envoy: 684 commits from 135 contributors
(If you are into cool contributor stats check out https://envoy.devstats.cncf.io/)
As always a giant, thank you to all of our wonderful users, contributors, and maintainers who are helping to make Envoy such a tremendous success.
Thanks,
Alyssa, on behalf of the Envoy maintainer team
Lizan Zhou
Nov 9, 2019, 7:46:10 PM11/9/19
to envoy-a...@googlegroups.com, envoy-dev, Envoy-maintainers, Envoy Users, cncf-envoy-distr...@lists.cncf.io
Hello Envoy Community,
The Envoy maintainers would like to announce the availability of Envoy v1.12.1.
This addresses the following CVE(s) considered a 0-day vulnerability:
The Envoy maintainers would like to announce the availability of Envoy v1.12.1.
This addresses the following CVE(s) considered a 0-day vulnerability:
* CVE-2019-18836 (CVSS score 7.5): Listener Filter Timeout DoS.
Upgrading to v1.12.1 is encouraged to fix these issues. Note that Envoy versions < v1.12.0 is not affected by this vulnerability.
GitHub tag: https://github.com/envoyproxy/envoy/releases/tag/v1.12.1
GitHub tag: https://github.com/envoyproxy/envoy/releases/tag/v1.12.1
Docker images: https://hub.docker.com/r/envoyproxy/envoy/tags
Release notes: https://www.envoyproxy.io/docs/envoy/v1.12.1/intro/version_history
Docs: https://www.envoyproxy.io/docs/envoy/v1.12.1/
Release notes: https://www.envoyproxy.io/docs/envoy/v1.12.1/intro/version_history
Docs: https://www.envoyproxy.io/docs/envoy/v1.12.1/
Am I vulnerable?
Run `envoy --version` and if it indicates a base version of v1.12.0 you are running a vulnerable version.
How do I mitigate the vulnerability?
Run `envoy --version` and if it indicates a base version of v1.12.0 you are running a vulnerable version.
How do I mitigate the vulnerability?
Set continue_on_listener_filters_timeout to false. (which is the default)
Thank you
Thank you to Yuchen Dai for discovering and reporting CVE-2019-18836.
Thank you to Yuchen Dai for discovering and reporting CVE-2019-18836.
Thanks,
Lizan (on behalf of the Envoy maintainers)
Reply all
Reply to author
Forward
0 new messages