Smtp proxy 1.30.4 #31
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Alyssa Wilk <[email protected]>
Rewrite JNI code for XdsTestServer Signed-off-by: Fredy Wijaya <[email protected]>
This PR is to improve the error status/code In PR envoyproxy#32511, we introduce a max_frame_length feature (optional) . Now gRPC frame decoding can fail EITHER (1) due to decoding error OR (2) due to over-frame-limit error. To better surface the error message, this PR refactor return type from bool to absl::status , so that the caller site can differentiate the error status. source/common/grpc/async_client_impl.cc in this PR can be an user example Risk level: Low Testing: Unit tests Signed-off-by: tyxia <[email protected]>
…PI (envoyproxy#33154) A new method, `setNetworkThreadPriority`, is added to the EngineBuilder, which enables the user to set the thread priority of the Envoy Mobile engine thread. The thread priority is set using the setpriority() system call, which takes in "nice" values in the range of -20 to 19, where -20 is the highest priority and 19 is the lowest priority. Signed-off-by: Ali Beyad <[email protected]>
…ch (envoyproxy#33080) * [cache] Don't bypass the cache for if-unmodified-since or if-match --------- Signed-off-by: Raven Black <[email protected]>
…oxy#32694) Replace Equivalent call with Equals in proto comparisons. In OSS proto3 these methods have the same behavior, since their difference is only relevant for proto2, in treatment of missing fields with default values. --------- Signed-off-by: Yan Avlasov <[email protected]>
Fixes envoyproxy#24373 and envoyproxy#32832 Risk Level: Low Testing: Manual testing with the Istio scenario described in envoyproxy#32832. Investigating how to add a unit test Release Notes: Delta SDS removals will no longer result in a "Missing SDS resources" error message Signed-off-by: Keith Mattix II <[email protected]>
Signed-off-by: Ali Beyad <[email protected]>
mobile: Remove envoy_cert_verify_status C wrapper type Signed-off-by: Fredy Wijaya <[email protected]>
… protocol versions, new stats (envoyproxy#32861) --------- Signed-off-by: Teju Nareddy <[email protected]>
Signed-off-by: Yan Avlasov <[email protected]>
* swift: using the builder Signed-off-by: Alyssa Wilk <[email protected]>
Signed-off-by: zirain <[email protected]>
Signed-off-by: zirain <[email protected]>
* cryptomb: reduce memory copy in ECDSA The original implementation serializes signatures into a temporary output buffer during processing phase and then copy to the BoringSSL buffer in the completion phase. This patch change the way and directly serializes signatures to the BoringSSL buffer. In addition, the patch adds a speed test to track the performance change by mathematical implementation of private key provider. Risk Level: Low Testing: N/A Docs Changes: N/A Release Notes: N/A Platform Specific Features: Requires AVX512 or equivalent CPU instruction set Signed-off-by: Xie Zhihao <[email protected]>
envoyproxy#33229) * golang filter: do not clear route cache in HeaderMap.Set by default. introduce a new API `ClearRouteCache` to clear route cache. fix envoyproxy#33082 Signed-off-by: doujiang24 <[email protected]>
…single-page-app/ui (envoyproxy#33234) build(deps): bump framer-motion in /examples/single-page-app/ui Bumps [framer-motion](https://github.com/framer/motion) from 11.0.23 to 11.0.24. - [Changelog](https://github.com/framer/motion/blob/main/CHANGELOG.md) - [Commits](motiondivision/motion@v11.0.23...v11.0.24) --- updated-dependencies: - dependency-name: framer-motion dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… in /examples/single-page-app/ui (envoyproxy#33235) build(deps-dev): bump eslint-plugin-react-refresh Bumps [eslint-plugin-react-refresh](https://github.com/ArnaudBarre/eslint-plugin-react-refresh) from 0.4.5 to 0.4.6. - [Release notes](https://github.com/ArnaudBarre/eslint-plugin-react-refresh/releases) - [Changelog](https://github.com/ArnaudBarre/eslint-plugin-react-refresh/blob/main/CHANGELOG.md) - [Commits](ArnaudBarre/eslint-plugin-react-refresh@v0.4.5...v0.4.6) --- updated-dependencies: - dependency-name: eslint-plugin-react-refresh dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…/single-page-app/ui (envoyproxy#33236) build(deps): bump react-router-dom in /examples/single-page-app/ui Bumps [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) from 6.21.3 to 6.22.3. - [Release notes](https://github.com/remix-run/react-router/releases) - [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router-dom/CHANGELOG.md) - [Commits](https://github.com/remix-run/react-router/commits/[email protected]/packages/react-router-dom) --- updated-dependencies: - dependency-name: react-router-dom dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…oyproxy#33237) Bumps [gitpython](https://github.com/gitpython-developers/GitPython) from 3.1.42 to 3.1.43. - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](gitpython-developers/GitPython@3.1.42...3.1.43) --- updated-dependencies: - dependency-name: gitpython dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ge-app/ui (envoyproxy#33238) build(deps-dev): bump vite in /examples/single-page-app/ui Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 5.2.6 to 5.2.7. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.2.7/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
cel: Support canonical CEL in xds.type.v3.CelExpression Signed-off-by: Sergii Tkachenko <[email protected]>
…s/single-page-app/ui (envoyproxy#33239) build(deps): bump @emotion/styled in /examples/single-page-app/ui Bumps [@emotion/styled](https://github.com/emotion-js/emotion) from 11.11.0 to 11.11.5. - [Release notes](https://github.com/emotion-js/emotion/releases) - [Changelog](https://github.com/emotion-js/emotion/blob/main/CHANGELOG.md) - [Commits](https://github.com/emotion-js/emotion/compare/@emotion/[email protected]...@emotion/[email protected]) --- updated-dependencies: - dependency-name: "@emotion/styled" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…er. (envoyproxy#33214) * Add more HTTP/1 parser tests for header value containing null character. Balsa in QUICHE behaves very differently depending on where a null character is located within a header value, see https://github.com/google/quiche/blob/5f41064f20a12fe4ecc50c076bf6743da15739f9/quiche/balsa/balsa_frame_test.cc#L4248-L4272 This PR adds tests demonstrating that BalsaParser in Envoy correctly rejects the headers in all of those cases (and incidentally uncovers that while http-parser also does, it is not consistent with its error messages). --------- Signed-off-by: Bence Béky <[email protected]> Co-authored-by: Bence Béky <[email protected]>
…xy#33071) --------- Signed-off-by: Raven Black <[email protected]>
…yproxy#33241) This reverts commit d477314. Signed-off-by: Adi Suissa-Peleg <[email protected]>
The test failed when adding the native Assertion filter, with an error from loadFromYaml: INVALID_ARGUMENT: could not find @type 'type.googleapis.com/envoymobile.extensions.filters.http.assertion.Assertion After running git bisect, it turns out the bad commit came from envoyproxy#33169. That PR introduces HttpTestServer to the SendDataTest.kt, which causes the required proto types to not get loaded. In this commit, the test is fixed by using a TestRemoteResponse filter, similar to the other Kotlin tests (e.g. SendTrailersTest). However, we need to figure out why the config filter protos aren't loading when creating the HttpTestServer. Signed-off-by: Ali Beyad <[email protected]>
Commit Message: Add support for prometheus summary metrics on the admin endpoint Additional Description: Adds support emitting prometheus "summary" metrics for the internal histogram quantiles by supplying a query parameter. Multiple modes are supported, as in envoyproxy#25812, and can be either histogram, summary, or histogram,summary. Risk Level: Low, no changes to existing default behavior Testing: Added unit tests for histogram, summary, and summary+histogram emission Docs Changes: Added documentation to the admin home page, and to the published admin docs around an optional query parameter. Release Notes: Added a note in the small_feature section. Fixes envoyproxy#30471 Signed-off-by: Andy Bradshaw <[email protected]>
--------- Signed-off-by: Raven Black <[email protected]>
Signed-off-by: Yan Avlasov <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
**Summary of changes**: * Fix for potential TLS/SNI (`auto_sni`) crash [CVE-2024-32475](GHSA-3mh5-6q8v-25wj). **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.30.1 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.30.1/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.30.1/version_history/v1.30/v1.30.1 **Full changelog**: envoyproxy/envoy@v1.30.0...v1.30.1
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
…12c829` in /ci (envoyproxy#33860) build(deps): bump distroless/base-nossl-debian12 in /ci Bumps distroless/base-nossl-debian12 from `0cf184c` to `312c829`. --- updated-dependencies: - dependency-name: distroless/base-nossl-debian12 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ryan Northey <[email protected]>
…33756) The fips verison boringSSL is old. so it doesn't have the definition of BN_bn2lebinpad, so patch ipp-crypto to give a definition. Signed-off-by: He Jie Xu <[email protected]>
) Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: He Jie Xu <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
…a09e57` in /ci (envoyproxy#33956) build(deps): bump distroless/base-nossl-debian12 in /ci Bumps distroless/base-nossl-debian12 from `312c829` to `8a09e57`. --- updated-dependencies: - dependency-name: distroless/base-nossl-debian12 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
This commit stops generateClientHelloFromJA3Fingerprint() generating client hellos containing an invalid ALPN extension. It also updates relevant tls_inspector_test functions to check the ALPN value, if expected. When the generateClientHelloFromJA3Fingerprint() function was asked to include an ALPN extension (16) in the generated client hello, it was generating a default empty extension with the correct id (16) but a zero length. While this is technically a valid extension, it is not a valid ALPN extension, which must include a list of the client's preferred protocol(s). This was causing test failures in the envoy-openssl repo because OpenSSL responds to the malformed ALPN extension by sending a TLS alert 50 (Decode Error) which causes many of the tls_inspector_test functions to fail. Signed-off-by: Ted Poole <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: wbpcode <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Dan Zhang <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Kevin Baichoo <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Dan Zhang <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Boteng Yao <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Boteng Yao <[email protected]> Signed-off-by: Yan Avlasov <[email protected]> Signed-off-by: Ryan Northey <[email protected]>
**Summary of changes:** - [CVE-2024-34362: Crash (use-after-free) in EnvoyQuicServerStream](GHSA-hww5-43gv-35jv) - [CVE-2024-34363: Crash due to uncaught nlohmann JSON exception](GHSA-g979-ph9j-5gg4) - [CVE-2024-34364: Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response, and other components](GHSA-xcj3-h7vf-fw26) - [CVE-2024-32974: Crash in EnvoyQuicServerStream::OnInitialHeadersComplete()](GHSA-mgxp-7hhp-8299) - [CVE-2024-32975: Crash in QuicheDataReader::PeekVarInt62Length()](GHSA-g9mq-6v96-cpqc) - [CVE-2024-32976: Endless loop while decompressing Brotli data with extra input](GHSA-7wp5-c2vq-4f8m) - [CVE-2024-23326: Envoy incorrectly accepts HTTP 200 response for entering upgrade mode](GHSA-vcf8-7238-v74c) **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.30.2 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.30.2/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.30.2/version_history/v1.30/v1.30.2 **Full changelog**: envoyproxy/envoy@v1.30.1...v1.30.2 Signed-off-by: publish-envoy[bot] <140627008+publish-envoy[bot]@users.noreply.github.com> Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: publish-envoy[bot] <140627008+publish-envoy[bot]@users.noreply.github.com>
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com> Co-authored-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com> Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
Signed-off-by: Ryan Northey <[email protected]>
…oyproxy#34859) Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
**Summary of changes**:
- Bumped the version of datadog to resolve a crashing bug in earlier versions of the library.
**Docker images**:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.30.3
**Docs**:
https://www.envoyproxy.io/docs/envoy/v1.30.3/
**Release notes**:
https://www.envoyproxy.io/docs/envoy/v1.30.3/version_history/v1.30/v1.30.3
**Full changelog**:
envoyproxy/envoy@v1.30.2...v1.30.3
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
--------- Signed-off-by: Rama Chavali <[email protected]>
**Summary of changes**: - [CVE-2024-39305](GHSA-fp35-g349-h66f) Fix a bug where additional cookie attributes are not sent properly to clients. **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.30.4 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.30.4/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.30.4/version_history/v1.30/v1.30.4 **Full changelog**: envoyproxy/envoy@v1.30.3...v1.30.4 Signed-off-by: Ryan Northey <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional API Considerations:]