Upcoming security release of Envoy on Tuesday Feb 7

92 views

Skip to first unread message

Greg Greenway

unread,

Feb 2, 2023, 11:34:25 AM2/2/23

to envoy-security-announce, envoy-a...@googlegroups.com, envoy-security, 'Greg Greenway' via envoy-maintainers

Hello Envoy Community,

BoringSSL and OpenSSL are planning to release a security fix on Tuesday February 7th (see https://mta.openssl.org/pipermail/openssl-announce/2023-January/000248.html). The nature of the fix has not been publicly released.

Envoy uses BoringSSL and may be affected. Because the fix is under embargo, we cannot evaluate whether Envoy is affected or not until the fix is released.

Envoy will release new versions of Envoy which include the BoringSSL fix for main, 1.25, 1.24, 1.23, and 1.22, on February 7, when the BoringSSL fix is released.

Thanks,

Greg (on behalf of the Envoy security team and maintainers)

Reply all

Reply to author

Forward

0 new messages