repo: Release v1.29.3

**Summary of changes**: - Patch nghttp2 to resolve [CVE-2024-30255](GHSA-j654-3ccm-vfmm) - Assorted fixes **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.29.3 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.29.3/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.29.3/version_history/v1.29/v1.29.3 **Full changelog**: v1.29.2...v1.29.3 Signed-off-by: Ryan Northey <ryan@synca.io> Signed-off-by: Yan Avlasov <yavlasov@google.com> Signed-off-by: Ryan Northey <ryan@synca.io>
envoyproxy · Apr 5, 2024 · 10e1e42 · 10e1e42
1 parent 979a0c7
commit 10e1e42
Show file tree

Hide file tree

Showing 10 changed files with 68 additions and 16 deletions.
diff --git a/VERSION.txt b/VERSION.txt
@@ -1 +1 @@
-1.29.3-dev
+1.29.3
diff --git a/changelogs/1.26.8.yaml b/changelogs/1.26.8.yaml
@@ -0,0 +1,13 @@
+date: April 4, 2024
+
+bug_fixes:
+- area: http2
+  change: |
+    Update nghttp2 to resolve CVE-2024-30255 (https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm).
+
+new_features:
+- area: google_grpc
+  change: |
+    Added an off-by-default runtime flag
+    ``envoy.reloadable_features.google_grpc_disable_tls_13`` to disable TLSv1.3
+    usage by gRPC SDK for ``google_grpc`` services.
diff --git a/changelogs/1.27.4.yaml b/changelogs/1.27.4.yaml
@@ -0,0 +1,20 @@
+date: April 4, 2024
+
+behavior_changes:
+- area: http2
+  change: |
+    Discard the ``Host`` header if the ``:authority`` header was received to bring Envoy into compliance with
+    https://www.rfc-editor.org/rfc/rfc9113#section-8.3.1 This behavioral change can be reverted by setting runtime flag
+    ``envoy.reloadable_features.http2_discard_host_header`` to false.
+
+bug_fixes:
+- area: http2
+  change: |
+    Update nghttp2 to resolve CVE-2024-30255 (https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm).
+
+new_features:
+- area: google_grpc
+  change: |
+    Added an off-by-default runtime flag
+    ``envoy.reloadable_features.google_grpc_disable_tls_13`` to disable TLSv1.3
+    usage by gRPC SDK for ``google_grpc`` services.
diff --git a/changelogs/1.28.2.yaml b/changelogs/1.28.2.yaml
@@ -0,0 +1,29 @@
+date: April 4, 2024
+
+behavior_changes:
+- area: http2
+  change: |
+    Discard the ``Host`` header if the ``:authority`` header was received to bring Envoy into compliance with
+    https://www.rfc-editor.org/rfc/rfc9113#section-8.3.1 This behavioral change can be reverted by setting runtime flag
+    ``envoy.reloadable_features.http2_discard_host_header`` to false.
+
+minor_behavior_changes:
+- area: http
+  change: |
+    Enable obsolete line folding in BalsaParser (for behavior parity with http-parser, the
+    previously used HTTP/1 parser).
+
+bug_fixes:
+- area: jwt_authn
+  change: |
+    Fixed JWT extractor, which concatenated headers with a comma, resultig in invalid tokens.
+- area: http2
+  change: |
+    Update nghttp2 to resolve CVE-2024-30255 (https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm).
+
+new_features:
+- area: google_grpc
+  change: |
+    Added an off-by-default runtime flag
+    ``envoy.reloadable_features.google_grpc_disable_tls_13`` to disable TLSv1.3
+    usage by gRPC SDK for ``google_grpc`` services.
diff --git a/changelogs/current.yaml b/changelogs/current.yaml
@@ -1,28 +1,18 @@
-date: Pending
+date: April 4, 2024
 
 behavior_changes:
-# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
 - area: http
   change: |
     Remove the hop by hop TE header from downstream request headers if it's not set to ``trailers``, else keep it. This change can be
     temporarily reverted by setting ``envoy.reloadable_features.sanitize_te`` to false.
 
 minor_behavior_changes:
-# *Changes that may cause incompatibilities for some users, but should not for most*
 - area: http2
   change: |
     Simplifies integration with the codec by removing translation between nghttp2 callbacks and Http2VisitorInterface events.
     Guarded by ``envoy.reloadable_features.http2_skip_callback_visitor``.
 
 bug_fixes:
-# *Changes expected to improve the state of the world and are unlikely to have negative effects*
 - area: http2
   change: |
     Update nghttp2 to resolve (CVE-2024-30255 https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm).
-
-removed_config_or_runtime:
-# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
-
-new_features:
-
-deprecated:
diff --git a/docs/inventories/v1.26/objects.inv b/docs/inventories/v1.26/objects.inv
diff --git a/docs/inventories/v1.27/objects.inv b/docs/inventories/v1.27/objects.inv
diff --git a/docs/inventories/v1.28/objects.inv b/docs/inventories/v1.28/objects.inv
diff --git a/docs/inventories/v1.29/objects.inv b/docs/inventories/v1.29/objects.inv
diff --git a/docs/versions.yaml b/docs/versions.yaml
@@ -19,7 +19,7 @@
 "1.23": 1.23.12
 "1.24": 1.24.12
 "1.25": 1.25.11
-"1.26": 1.26.7
-"1.27": 1.27.3
-"1.28": 1.28.1
-"1.29": 1.29.1
+"1.26": 1.26.8
+"1.27": 1.27.4
+"1.28": 1.28.2
+"1.29": 1.29.2