mirror of https://github.com/hashicorp/consul
b8d2640429
To avoid unintended tampering with remote downstreams via service config, refactor BasicEnvoyExtender and RuntimeConfig to disallow typical Envoy extensions from being applied to non-local proxies. Continue to allow this behavior for AWS Lambda and the read-only Validate builtin extensions. Addresses CVE-2023-2816. |
||
---|---|---|
.. | ||
testdata | ||
certs.go | ||
certs_test.go | ||
stats.go | ||
troubleshoot_proxy.go | ||
upstreams.go | ||
upstreams_test.go | ||
utils.go | ||
validateupstream.go | ||
validateupstream_test.go | ||
z_xds_packages.go |