Skip to content

v1.28.7

Compare
Choose a tag to compare
@publish-envoy publish-envoy released this 19 Sep 17:02

Summary of changes

CVE-2024-45808: Malicious log injection via access logs
CVE-2024-45806: Potential manipulate x-envoy headers from external sources
CVE-2024-45810: Envoy crashes for LocalReply in http async client

Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.28.7
Docs:
https://www.envoyproxy.io/docs/envoy/v1.28.7/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.28.7/version_history/v1.28/v1.28.7
Full changelog:
v1.28.6...v1.28.7

Signed-off-by: Boteng Yao boteng@google.com
Signed-off-by: Ryan Northey ryan@synca.io