Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE/1.25] Resolve multiple CVEs #28616

Merged
merged 4 commits into from Jul 25, 2023
Merged

[CVE/1.25] Resolve multiple CVEs #28616

merged 4 commits into from Jul 25, 2023

Conversation

botengyao
Copy link
Member

@botengyao botengyao commented Jul 25, 2023
edited

Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional API Considerations:]

KBaichoo and others added 4 commits July 25, 2023 13:49
@KBaichoo @botengyao
cors: Fix for potential use-after-free
cb7e5fe 
Signed-off-by: Kevin Baichoo <kbaichoo@google.com>
Signed-off-by: Kateryna Nezdolii <nezdolik@spotify.com>
Signed-off-by: Ryan Northey <ryan@synca.io>

Signed-off-by: Boteng Yao <boteng@google.com>
@alyssawilk @botengyao
http: fixing bugs with mixed case schemes
be69cc9 
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Signed-off-by: Kateryna Nezdolii <nezdolik@spotify.com>
Signed-off-by: Ryan Northey <ryan@synca.io>

Signed-off-by: Boteng Yao <boteng@google.com>
@KBaichoo @botengyao
otel/grpc: Fix for access logger crash
94c0591 
Add demonstration of the bug and corresponding fix for otel grpc access
logger.

Signed-off-by: Kevin Baichoo <kbaichoo@google.com>
Signed-off-by: Kateryna Nezdolii <nezdolik@spotify.com>
Signed-off-by: Ryan Northey <ryan@synca.io>

Signed-off-by: Boteng Yao <boteng@google.com>
@lizan @botengyao
oauth2: add a separator for HMAC calculation
2c44e45 
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Signed-off-by: Boteng Yao <boteng@google.com>
@repokitteh-read-only
Copy link

As a reminder, PRs marked as draft will not be automatically assigned reviewers,
or be handled by maintainer-oncall triage.

Please mark your PR as ready when you want it to be reviewed!

🐱

Caused by: #28616 was opened by botengyao.

see: more, trace.

@repokitteh-read-only
Copy link

CC @envoyproxy/runtime-guard-changes: FYI only for changes made to (source/common/runtime/runtime_features.cc).

🐱

Caused by: #28616 was opened by botengyao.

see: more, trace.

@botengyao botengyao changed the title [CVE] Release 1.25 [CVE/1.25] Resolve multiple CVEs Jul 25, 2023
@botengyao botengyao marked this pull request as ready for review July 25, 2023 15:34
@botengyao
Copy link
Member Author

/assign @phlax

phlax
phlax approved these changes Jul 25, 2023
View reviewed changes
Copy link
Member

@phlax phlax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thanks @botengyao

@phlax phlax enabled auto-merge (rebase) July 25, 2023 20:17
@phlax phlax disabled auto-merge July 25, 2023 20:41
@phlax
Copy link
Member

phlax commented Jul 25, 2023

pushing through to expedite release

@phlax phlax enabled auto-merge (rebase) July 25, 2023 20:41
@phlax phlax disabled auto-merge July 25, 2023 20:43
@phlax phlax merged commit 820698e into envoyproxy:release/v1.25 Jul 25, 2023
68 of 70 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@phlax phlax phlax approved these changes

@yanavlasov yanavlasov yanavlasov approved these changes

@alyssawilk alyssawilk Awaiting requested review from alyssawilk alyssawilk is a code owner

@wbpcode wbpcode Awaiting requested review from wbpcode wbpcode is a code owner

@jmarantz jmarantz Awaiting requested review from jmarantz jmarantz is a code owner

Assignees

@phlax phlax

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@botengyao @phlax @yanavlasov @KBaichoo @alyssawilk @lizan