-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[release-1.7] Backport Envoy 1.15 fixes #290
[release-1.7] Backport Envoy 1.15 fixes #290
Commits on Jul 20, 2020
-
docs: kick-off 1.15.1 release. (envoyproxy#12166)
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Configuration menu - View commit details
-
Copy full SHA for 0d51e4b - Browse repository at this point
Copy the full SHA 0d51e4bView commit details -
tls: update BoringSSL-FIPS to 20190808. (envoyproxy#12170)
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Configuration menu - View commit details
-
Copy full SHA for b33f3cc - Browse repository at this point
Copy the full SHA b33f3ccView commit details
Commits on Sep 3, 2020
-
test: Exclude wasm_vm_test from CI by making it a "manual" test. (ist…
…io#207) The wee v8 build times out in CI under --config=asan because the machine the job is scheduled on is too small. Signed-off-by: Antonio Vicente <avd@google.com>
Configuration menu - View commit details
-
Copy full SHA for e64a444 - Browse repository at this point
Copy the full SHA e64a444View commit details
Commits on Sep 8, 2020
-
[v1.15] http: header map security fixes for duplicate headers (istio#197
) (istio#200) Previously header matching did not match on all headers for non-inline headers. This patch changes the default behavior to always logically match on all headers. Multiple individual headers will be logically concatenated with ',' similar to what is done with inline headers. This makes the behavior effectively consistent. This behavior can be temporary reverted by setting the runtime value "envoy.reloadable_features.header_match_on_all_headers" to "false". Targeted fixes have been additionally performed on the following extensions which make them consider all duplicate headers by default as a comma concatenated list: 1) Any extension using CEL matching on headers. 2) The header to metadata filter. 3) The JWT filter. 4) The Lua filter. Like primary header matching used in routing, RBAC, etc. this behavior can be disabled by setting the runtime value "envoy.reloadable_features.header_match_on_all_headers" to false. Finally, the setCopy() header map API previously only set the first header in the case of duplicate non-inline headers. setCopy() now behaves similiarly to the other set*() APIs and replaces all found headers with a single value. This may have had security implications in the extauth filter which uses this API. This behavior can be disabled by setting the runtime value "envoy.reloadable_features.http_set_copy_replace_all_headers" to false. Fixes https://github.com/envoyproxy/envoy-setec/issues/188 Signed-off-by: Matt Klein <mklein@lyft.com>
Configuration menu - View commit details
-
Copy full SHA for b6be144 - Browse repository at this point
Copy the full SHA b6be144View commit details
Commits on Sep 29, 2020
-
backport to v1.15: Fix Kafka Repository Location (istio#223)
Update mirror used to fetch kafka dependency to a valid, working mirror. Based on envoyproxy#13025 Resolves envoyproxy#13011 Signed-off-by: Antonio Vicente <avd@google.com>
Configuration menu - View commit details
-
Copy full SHA for 3c3c14e - Browse repository at this point
Copy the full SHA 3c3c14eView commit details -
release: cutting 1.15.1 (istio#217)
Signed-off-by: Antonio Vicente <avd@google.com>
Configuration menu - View commit details
-
Copy full SHA for 670a4a6 - Browse repository at this point
Copy the full SHA 670a4a6View commit details
Commits on Sep 30, 2020
-
docs: Fix release notes for v1.15.1 release. (envoyproxy#13318)
Signed-off-by: Antonio Vicente <avd@google.com>
Configuration menu - View commit details
-
Copy full SHA for c2a3cbd - Browse repository at this point
Copy the full SHA c2a3cbdView commit details
Commits on Oct 16, 2020
-
Backport flaky test and tsan fixes to releases/v1.15 branch (envoypro…
…xy#13337) * hds: fix integration test flakes (envoyproxy#12214) Part of envoyproxy#12184 Signed-off-by: Matt Klein <mklein@lyft.com> Signed-off-by: Antonio Vicente <avd@google.com> * Switch to a tsan-instrumented libc++ for tsan tests (envoyproxy#12134) This fixes envoyproxy#9784 and re-enables vhds_integration_test Risk Level: Low, but will most likely increase memory usage Signed-off-by: Dmitri Dolguikh <ddolguik@redhat.com> Signed-off-by: Antonio Vicente <avd@google.com> * test: shard hds_integration_test (envoyproxy#12482) This should avoid TSAN timeout flakes. Signed-off-by: Matt Klein <mklein@lyft.com> Signed-off-by: Antonio Vicente <avd@google.com> * test: shard http2_integration_test (envoyproxy#11939) This should mitigate TSAN timeout. Signed-off-by: Lizan Zhou <lizan@tetrate.io> Signed-off-by: Antonio Vicente <avd@google.com> * test: fix http2_integration_test flake (envoyproxy#12450) Fixes envoyproxy#12442 Signed-off-by: Matt Klein <mklein@lyft.com> Signed-off-by: Antonio Vicente <avd@google.com> * Kick CI Signed-off-by: Antonio Vicente <avd@google.com> Co-authored-by: Matt Klein <mklein@lyft.com> Co-authored-by: Dmitri Dolguikh <ddolguik@redhat.com> Co-authored-by: Lizan Zhou <lizan@tetrate.io>
Configuration menu - View commit details
-
Copy full SHA for 4c143df - Browse repository at this point
Copy the full SHA 4c143dfView commit details
Commits on Oct 22, 2020
-
docs: kick off v1.15.3-dev (envoyproxy#13695)
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Configuration menu - View commit details
-
Copy full SHA for 1b2dfe4 - Browse repository at this point
Copy the full SHA 1b2dfe4View commit details -
1.15: CI fixes backport (envoyproxy#13697)
Backport following commits to 1.15: 748b2ab (mac ci: try ignoring update failure (envoyproxy#13658), 2020-10-20) f95f539 (ci: various improvements (envoyproxy#13660), 2020-10-20) 73d78f8 (ci: use multiple stage (envoyproxy#13557), 2020-10-15) b7a4756 (ci: use azp for api and go-control-plane sync (envoyproxy#13550), 2020-10-14) 876a6bb (ci use azp to sync filter example (envoyproxy#13501), 2020-10-12) a0f31ee (ci: use azp to generate docs (envoyproxy#13481), 2020-10-12) Signed-off-by: Lizan Zhou <lizan@tetrate.io> Co-authored-by: asraa <asraa@google.com>
Configuration menu - View commit details
-
Copy full SHA for 2b9eeed - Browse repository at this point
Copy the full SHA 2b9eeedView commit details
Commits on Nov 6, 2020
-
1.15: fix CI script (envoyproxy#13724)
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Configuration menu - View commit details
-
Copy full SHA for affac20 - Browse repository at this point
Copy the full SHA affac20View commit details
Commits on Nov 10, 2020
-
Prevent SEGFAULT when disabling listener (envoyproxy#13515) (envoypro…
…xy#13903) This prevents the stop_listening overload action from causing segmentation faults that can occur if the action is enabled after the listener has already shut down. Signed-off-by: Alex Konradi <akonradi@google.com> Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Configuration menu - View commit details
-
Copy full SHA for b1540ba - Browse repository at this point
Copy the full SHA b1540baView commit details
Commits on Nov 30, 2020
-
proxy protocol: set downstreamRemoteAddress on StreamInfo (envoyproxy…
…#14131) (envoyproxy#14169) This fixes a regression which resulted in the downstreamRemoteAddress on the StreamInfo for a connection not having the address supplied by the proxy protocol filter, but instead having the address of the directly connected peer. This issue does not affect HTTP filters. Fixes envoyproxy#14087 Signed-off-by: Greg Greenway <ggreenway@apple.com> Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Configuration menu - View commit details
-
Copy full SHA for b315011 - Browse repository at this point
Copy the full SHA b315011View commit details -
ci: temproray disable vhds_integration_test in TSAN (envoyproxy#12067) (
envoyproxy#14217) Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Configuration menu - View commit details
-
Copy full SHA for c4ee861 - Browse repository at this point
Copy the full SHA c4ee861View commit details
Commits on Dec 1, 2020
-
tcmalloc changed and the data coming out of tcmalloc::MallocExtension…
…::GetNumericProperty("generic.current_allocated_bytes") (envoyproxy#14165) Commit Message: tcmalloc changed and the data coming out of tcmalloc::MallocExtension::GetNumericProperty("generic.current_allocated_bytes") no longer appears to be deterministic, even in unthreaded tests. So disable exact mem checks till we sort that out Additional Description: Risk Level: low Testing: just thread_local_store_test Docs Changes: n/a Release Notes: n/a no longer appears to be deterministic, even in unthreaded tests. So disable exact mem checks till we sort that out Signed-off-by: Joshua Marantz <jmarantz@google.com> Signed-off-by: Christoph Pakulski <christoph@tetrate.io> Co-authored-by: Joshua Marantz <jmarantz@google.com>
Configuration menu - View commit details
-
Copy full SHA for 2fdd892 - Browse repository at this point
Copy the full SHA 2fdd892View commit details -
backport to v1.15: connection: Remember transport socket read resumpt…
…ion requests and replay them when re-enabling read. (envoyproxy#13772) (envoyproxy#14173) * connection: Remember transport socket read resumption requests and replay them when re-enabling read. (envoyproxy#13772) Fixes SslSocket read resumption after readDisable when processing the SSL record that contains the last bytes of the HTTP message Signed-off-by: Antonio Vicente <avd@google.com>
Configuration menu - View commit details
-
Copy full SHA for 4204341 - Browse repository at this point
Copy the full SHA 4204341View commit details -
backport to 1.15: udp: properly handle truncated/dropped datagrams (e…
…nvoyproxy#14122) (envoyproxy#14166) Signed-off-by: Matt Klein <mklein@lyft.com> Signed-off-by: Christoph Pakulski <christoph@tetrate.io> Co-authored-by: Matt Klein <mklein@lyft.com> Co-authored-by: Christoph Pakulski <christoph@tetrate.io>
Configuration menu - View commit details
-
Copy full SHA for 9a625be - Browse repository at this point
Copy the full SHA 9a625beView commit details
Commits on Dec 5, 2020
-
backport to 1.15: vrp: allow supervisord to open its log file (envoyp…
…roxy#14066) (envoyproxy#14280) Commit Message: Allow supervisord to open its log file Additional Description: Change the default location of the log file and give supervisord permissions to write to it. Risk Level: low Testing: built image locally Docs Changes: n/a Release Notes: n/a Platform Specific Features: n/a Signed-off-by: Alex Konradi <akonradi@google.com> Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Configuration menu - View commit details
-
Copy full SHA for 4e14b86 - Browse repository at this point
Copy the full SHA 4e14b86View commit details
Commits on Dec 7, 2020
-
rel 1.15: close release 1.15.3 (envoyproxy#14303)
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Configuration menu - View commit details
-
Copy full SHA for 69c307c - Browse repository at this point
Copy the full SHA 69c307cView commit details
Commits on Dec 9, 2020
-
Kick off rel 1.15.4. (envoyproxy#14323)
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Configuration menu - View commit details
-
Copy full SHA for 15011dd - Browse repository at this point
Copy the full SHA 15011ddView commit details
Commits on Jan 5, 2021
-
backport to 1.15: http: fix datadog and squash handling of responses …
…without body (envoyproxy#13328) (envoyproxy#14458) Commit Message: Fixing bugs in datadog and sqaush where unexpected bodyless responses would crash Envoy Risk Level: low Testing: new unit tests, updated certs Docs Changes: n/a Release Notes: inline Signed-off-by: Christoph Pakulski <christoph@tetrate.io> Co-authored-by: alyssawilk <alyssar@chromium.org>
Configuration menu - View commit details
-
Copy full SHA for 06dd7e6 - Browse repository at this point
Copy the full SHA 06dd7e6View commit details
Commits on Jan 6, 2021
-
backport 1.15: http: fixing a bug with IPv6 hosts (envoyproxy#14273)
Fixing a bug where HTTP parser offsets for IPv6 hosts did not include [] and Envoy assumed it did. This results in mis-parsing addresses for IPv6 CONNECT requests and IPv6 hosts in fully URLs over HTTP/1.1 Risk Level: low Testing: new unit, integration tests Docs Changes: n/a Release Notes: inline Signed-off-by: Shikugawa <rei@tetrate.io> Co-authored-by: alyssawilk <alyssar@chromium.org>
Configuration menu - View commit details
-
Copy full SHA for cb722b3 - Browse repository at this point
Copy the full SHA cb722b3View commit details
Commits on Jan 8, 2021
-
backport to 1.15: tls: fix detection of the upstream connection close…
… event. (envoyproxy#13858) (envoyproxy#14568) Fixes envoyproxy#13856. Signed-off-by: Piotr Sikora <piotrsikora@google.com> Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Configuration menu - View commit details
-
Copy full SHA for 81dfdfd - Browse repository at this point
Copy the full SHA 81dfdfdView commit details -
Merge remote-tracking branch 'upstream-envoy/release/v1.15' into 17/c…
…herry-pick-cve-fix Signed-off-by: Pengyuan Bian <bianpengyuan@google.com>
Configuration menu - View commit details
-
Copy full SHA for 633a663 - Browse repository at this point
Copy the full SHA 633a663View commit details