repo: Release v1.27.3

**Summary of changes**: - Fix [CVE-2024-23324](GHSA-gq3v-vvhj-96j6) - Fix [CVE-2024-23325](GHSA-5m7c-mrwr-pm26) - Fix [CVE-2024-23322](GHSA-6p83-mfmh-qv38) - Fix [CVE-2024-23323](GHSA-x278-4w4x-r7ch) - Fix [CVE-2024-23327](GHSA-4h5x-x9vh-m29j) - Assorted bug fixes **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.27.3 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.27.3/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.27.3/version_history/v1.27/v1.27.3 **Full changelog**: v1.27.2...v1.27.3 Signed-off-by: Ryan Northey <[email protected]>
envoyproxy · Feb 9, 2024 · 0fd81ee · 0fd81ee
1 parent 4795bf3
commit 0fd81ee
Show file tree

Hide file tree

Showing 6 changed files with 32 additions and 16 deletions.
diff --git a/VERSION.txt b/VERSION.txt
@@ -1 +1 @@
-1.27.3-dev
+1.27.3
diff --git a/changelogs/1.26.7.yaml b/changelogs/1.26.7.yaml
@@ -0,0 +1,28 @@
+date: February 9, 2024
+
+bug_fixes:
+- area: buffer
+  change: |
+    Fixed a bug (https://github.com/envoyproxy/envoy/issues/28760) that the internal listener causes an undefined
+    behavior due to the unintended release of the buffer memory.
+- area: http
+  change: |
+    Fixed recursion when HTTP connection is disconnected due to a high number of premature resets.
+- area: proxy protocol
+  change: |
+    fixed a crash when Envoy is configured for PROXY protocol on both a listener and cluster, and the listener receives
+    a PROXY protocol header with address type LOCAL (typically used for health checks).
+- area: proxy_protocol
+  change: |
+    Fix crash due to uncaught exception when the operating system does not support an address type (such as IPv6) that is
+    received in a proxy protocol header. Connections will instead be dropped/reset.
+- area: proxy_protocol
+  change: |
+    Fixed a bug where TLVs with non utf8 characters were inserted as protobuf values into filter metadata circumventing
+    ext_authz checks when ``failure_mode_allow`` is set to ``true``.
+- area: http
+  change: |
+    Fixed crash when HTTP request idle and per try timeouts occurs within backoff interval.
+- area: url matching
+  change: |
+    Fixed excessive CPU utilization when using regex URL template matcher.
diff --git a/changelogs/current.yaml b/changelogs/current.yaml
@@ -1,17 +1,12 @@
-date: Pending
-
-behavior_changes:
-# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
+date: February 9, 2024
 
 minor_behavior_changes:
-# *Changes that may cause incompatibilities for some users, but should not for most*
 - area: access_log
   change: |
     When emitting grpc logs, only downstream filter state was used. Now, both downstream and upstream filter states will be tried
     to find the keys configured in filter_state_objects_to_log.
 
 bug_fixes:
-# *Changes expected to improve the state of the world and are unlikely to have negative effects*
 - area: buffer
   change: |
     Fixed a bug (https://github.com/envoyproxy/envoy/issues/28760) that the internal listener causes an undefined
@@ -55,10 +50,3 @@ bug_fixes:
 - area: url matching
   change: |
     Fixed excessive CPU utilization when using regex URL template matcher.
-
-removed_config_or_runtime:
-# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
-
-new_features:
-
-deprecated:
diff --git a/docs/inventories/v1.26/objects.inv b/docs/inventories/v1.26/objects.inv
diff --git a/docs/inventories/v1.27/objects.inv b/docs/inventories/v1.27/objects.inv
diff --git a/docs/versions.yaml b/docs/versions.yaml
@@ -19,5 +19,5 @@
 "1.23": 1.23.12
 "1.24": 1.24.12
 "1.25": 1.25.11
-"1.26": 1.26.6
-"1.27": 1.27.1
+"1.26": 1.26.7
+"1.27": 1.27.2