repo: Release v1.28.4
repo: Release v1.28.4
**Summary of changes:**
- [CVE-2024-34362: Crash (use-after-free) in EnvoyQuicServerStream](https://github.com/envoyproxy/envoy/security/advisories/GHSA-hww5-43gv-35jv)
- [CVE-2024-34363: Crash due to uncaught nlohmann JSON exception](https://github.com/envoyproxy/envoy/security/advisories/GHSA-g979-ph9j-5gg4)
- [CVE-2024-34364: Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response, and other components](https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26)
- [CVE-2024-32974: Crash in EnvoyQuicServerStream::OnInitialHeadersComplete()](https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299)
- [CVE-2024-32975: Crash in QuicheDataReader::PeekVarInt62Length()](https://github.com/envoyproxy/envoy/security/advisories/GHSA-g9mq-6v96-cpqc)
- [CVE-2024-32976: Endless loop while decompressing Brotli data with extra input](https://github.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m)
- [CVE-2024-23326: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode](https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c)
**Docker images**:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.28.4
**Docs**:
https://www.envoyproxy.io/docs/envoy/v1.28.4/
**Release notes**:
https://www.envoyproxy.io/docs/envoy/v1.28.4/version_history/v1.28/v1.28.4
**Full changelog**:
https://github.com/envoyproxy/envoy/compare/v1.28.3...v1.28.4
Signed-off-by: Ryan Northey <ryan@synca.io>
Автор
Ryan Northey
Ryan NortheyКоммитерphlax
год назад phlax 25b6b1f
Родители
Cherry-pick
Команда cherry-pick позволяет выбрать отдельные коммиты из одной ветки и применить их к другой.
Loading...