security: update supported envoy version 1.28.0 in addition to 1.25.11, 1.26.6, 1.27.2, 1.28.0 to address CVE-2023-44487 (#19879)

* update too support envoy 1.28.0

* add changelog

* update docs
pull/19887/head
John Murret 2023-12-08 14:42:04 -07:00 committed by GitHub
parent 1d9234a87a
commit 5ec84dbfd8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 7 additions and 4 deletions

3
.changelog/19879.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:security
mesh: update supported envoy version 1.28.0 in addition to 1.25.11, 1.26.6, 1.27.2, 1.28.0 to address [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76)
```

View File

@ -151,10 +151,10 @@ func TestDetermineSupportedProxyFeaturesFromString(t *testing.T) {
}
*/
for _, v := range []string{
"1.24.0", "1.24.1", "1.24.2", "1.24.3", "1.24.4", "1.24.5", "1.24.6", "1.24.7", "1.24.8", "1.24.9", "1.24.10", "1.24.11", "1.24.12",
"1.25.0", "1.25.1", "1.25.2", "1.25.3", "1.25.4", "1.25.5", "1.25.6", "1.25.7", "1.25.8", "1.25.9", "1.25.10", "1.25.11",
"1.26.0", "1.26.1", "1.26.2", "1.26.3", "1.26.4", "1.26.5", "1.26.6",
"1.27.0", "1.27.1", "1.27.2",
"1.28.0",
} {
cases[v] = testcase{expect: SupportedProxyFeatures{}}
}

View File

@ -12,10 +12,10 @@ import "strings"
//
// see: https://www.consul.io/docs/connect/proxies/envoy#supported-versions
var EnvoyVersions = []string{
"1.28.0",
"1.27.2",
"1.26.6",
"1.25.11",
"1.24.12",
}
// UnsupportedEnvoyVersions lists any unsupported Envoy versions (mainly minor versions) that fall

View File

@ -39,9 +39,9 @@ Consul supports **four major Envoy releases** at the beginning of each major Con
| Consul Version | Compatible Envoy Versions |
| ------------------- | -----------------------------------------------------------------------------------|
| 1.18.x | 1.28.0, 1.27.2, 1.26.6, 1.25.11 |
| 1.17.x | 1.27.2, 1.26.6, 1.25.11, 1.24.12 |
| 1.16.x | 1.26.6, 1.25.11, 1.24.12, 1.23.12 |
| 1.15.x | 1.25.11, 1.24.12, 1.23.12, 1.22.11 |
### Envoy and Consul Dataplane
@ -193,7 +193,7 @@ the [`sidecar_service`](/consul/docs/connect/proxies/deploy-sidecar-services) bl
- `envoy_telemetry_collector_bind_socket_dir` - Specifies the directory where Envoy creates a Unix socket.
Envoy sends metrics to the socket where a Consul telemetry collector can collect them.
The socket is not configured by default.
The socket is not configured by default.
Enabling this sets Envoy's [`stats_flush_interval`](https://www.envoyproxy.io/docs/envoy/v1.17.2/api-v3/config/bootstrap/v3/bootstrap.proto#envoy-v3-api-field-config-bootstrap-v3-bootstrap-stats-flush-interval) to one minute if `envoy_stats_flush_interval` is unset and if no other stats sinks are configured, like `envoy_dogstats_url`, for instance.
The [Advanced Configuration](#advanced-configuration) section describes additional configurations that allow incremental or complete control over the bootstrap configuration generated.