Hello Envoy Community,
We are announcing a fix for a zero day related to abnormal termination when using auto_sni with :authority header longer than 255 characters. More details can be found at: CVE-2024-32475.
Patched Envoy versions are: 1.30.1, 1.29.4, 1.28.3, 1.27.5, and can be fetched from https://github.com/envoyproxy/envoy/releases.
Thanks,
Envoy maintainers