8000 Tags · Snowflake-Labs/envoy · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Tags: Snowflake-Labs/envoy

Tags

v1.34.0

Toggle v1.34.0's commit message 
repo: Release v1.34.0

**Summary of changes**:

* Security:
  - [CVE-2025-30157](GHSA-cf3q-gqg7-3fm9): Fixed a bug where local replies were incorrectly sent to the ext_proc server.
  - [CVE-2025-31498](GHSA-6hxc-62jh-p29v): Updated c-ares to version 1.34.5 to address a security vulnerability.

* HTTP:
  - Added support for async load balancing, allowing endpoints to respond with their ability to handle requests.
  - Improved HTTP/1 parser to handle newlines between requests correctly per RFC 9112.
  - Added option to ignore specific HTTP/1.1 upgrade values using configurable matchers.
  - Implemented TCP proxy option to read from downstream connections before establishing upstream connections.

* Performance:
  - Improved performance for HTTP/1 ignored upgrades.
  - Enhanced TCP proxy retries to run in a different event loop iteration to avoid connection issues.
  - Added fixed value option for minimum RTT in adaptive concurrency filter.
  - Enhanced dynamic forward proxy with async lookups for null hosts.

* Reliability:
  - Fixed a bug in preconnecting logic that could lead to excessive connection establishment.
  - Fixed port exhaustion issues in the original_src filter by setting the `IP_BIND_ADDRESS_NO_PORT` socket option.
  - Fixed socket option application for additional listener addresses.
  - Fixed crash when creating an EDS cluster with invalid configuration.

* Features:
  - Added support for loading shared libraries at runtime through dynamic modules.
  - Added support for io_uring in the default socket interface.
  - Extended the compression filter with the ability to skip compression for specific response codes.
  - Added support for QUIC-LB draft standard for connection ID generation.
  - Enhanced ext_proc with graceful gRPC side stream closing and added a new `FULL_DUPLEX_STREAMED` body mode.
  - Introduced PKCE support for OAuth2 authorization code flow and SameSite cookie attribute configuration.
  - Added support for monitoring container CPU utilization in Linux Kubernetes environments.
  - Enhanced proxy protocol TLV support to enable more flexible and customizable usage between downstream and upstream connections.
  - Added multiple formatter attributes improvements, e.g., `QUERY_PARAM`, `CUSTOM_FLAGS`, and `PATH`

* Observability:
  - Enhanced Transport Tap with connection information output per event.
  - Added support for directing LRS to report loads when requests are issued.

**Docker images**:
    https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.34.0
**Docs**:
    https://www.envoyproxy.io/docs/envoy/v1.34.0/
**Release notes**:
    https://www.envoyproxy.io/docs/envoy/v1.34.0/version_history/v1.34/v1.34.0
**Full changelog**:
    envoyproxy/envoy@v1.33.0...v1.34.0

v1.33.2

Toggle v1.33.2's commit message

v1.32.5

Toggle v1.32.5's commit message

v1.31.7

Toggle v1.31.7's commit message

v1.30.11

Toggle v1.30.11's commit message

v1.33.1

Toggle v1.33.1's commit message 
repo: Release v1.33.1

[CVE-2025-30157](GHSA-cf3q-gqg7-3fm9): Fix a bug where local replies were incorrectly sent to the ext_proc server

**Summary of changes**:

**Docker images**:
    https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.33.1
**Docs**:
    https://www.envoyproxy.io/docs/envoy/v1.33.1/
**Release notes**:
    https://www.envoyproxy.io/docs/envoy/v1.33.1/version_history/v1.33/v1.33.1
**Full changelog**:
    envoyproxy/envoy@v1.33.0...v1.33.1

Signed-off-by: Ryan Northey <ryan@synca.io>

v1.32.4

Toggle v1.32.4's commit message 
repo: Release v1.32.4

[CVE-2025-30157](GHSA-cf3q-gqg7-3fm9): Fix a bug where local replies were incorrectly sent to the ext_proc server

**Docker images**:
    https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.32.4
**Docs**:
    https://www.envoyproxy.io/docs/envoy/v1.32.4/
**Release notes**:
    https://www.envoyproxy.io/docs/envoy/v1.32.4/version_history/v1.32/v1.32.4
**Full changelog**:
    envoyproxy/envoy@v1.32.3...v1.32.4

Signed-off-by: Ryan Northey <ryan@synca.io>

v1.31.6

Toggle v1.31.6's commit message 
repo: Release v1.31.6

[CVE-2025-30157](GHSA-cf3q-gqg7-3fm9): Fix a bug where local replies were incorrectly sent to the ext_proc server

**Docker images**:
    https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.31.6
**Docs**:
    https://www.envoyproxy.io/docs/envoy/v1.31.6/
**Release notes**:
    https://www.envoyproxy.io/docs/envoy/v1.31.6/version_history/v1.31/v1.31.6
**Full changelog**:
    envoyproxy/envoy@v1.31.5...v1.31.6

Signed-off-by: Ryan Northey <ryan@synca.io>

v1.30.10

Toggle v1.30.10's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode

v1.33.0

Toggle v1.33.0's commit message 
repo: Release v1.33.0

**Summary of changes**:

* c-ares:
  - [CVE-2024-25629](GHSA-mg26-v6qh-x48q) Out of bounds read in c-ares (DNS)
* HTTP:
  - RFC1918 addresses are no longer considered to be internal addresses by default. This addresses a security issue for Envoys in multi-tenant mesh environments.
  - Shadow requests are now streamed in parallel with the original request.
  - Local replies now traverse the filter chain if 1xx headers have been sent to the client.
* Tracing:
  - Removed support for (long deprecated) Opencensus tracing extension.
* Wasm:
  - The route cache will *not* be cleared by default if a Wasm extension modifies the request headers and the ABI version of wasm extension is larger than 0.2.1.
  - Remove previously deprecated xDS attributes from `get_property`, use `xds` attributes instead.
  - Added Wasm VM reload support and support for plugins writtin in Go.
* Access log:
  - New implementation of the JSON formatter is enabled by default.
* CSRF:
  - Increase the statistics counter `missing_source_origin` only for requests with a missing source origin.
* DNS:
  - Added nameserver rotation and query timeouts/retries to the c-ares resolver.
* Formatter:
  - `NaN` and `Infinity` values of float will be serialized to `null` and `inf` respectively in the metadata (`DYNAMIC_METADATA`, `CLUSTER_METADATA`, etc.) formatters.
* OAuth2:
  - `use_refresh_token` is now enabled by default.
  - Implement the Signed Double-Submit Cookie pattern.
* QUIC:
  - Enable UDP GRO in QUIC client connections by default.
* SDS:
  - Relaxed the backing cluster validation for Secret Discovery Service (SDS).
* TLS:
  - Added support for P-384 and P-521 curves for server certificates, improved upstream SNI and SAN validation support.

**Docker images**:
    https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.33.0
**Docs**:
    https://www.envoyproxy.io/docs/envoy/v1.33.0/
**Release notes**:
    https://www.envoyproxy.io/docs/envoy/v1.33.0/version_history/v1.33/v1.33.0
**Full changelog**:
    envoyproxy/envoy@v1.32.0...v1.33.0
0