repo: Release v1.26.8

**Summary of changes**: - Patch nghttp2 to resolve [CVE-2024-30255](GHSA-j654-3ccm-vfmm) - Assorted fixes **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.26.8 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.26.8/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.26.8/version_history/v1.26/v1.26.8 **Full changelog**: v1.26.7...v1.26.8 Signed-off-by: Ryan Northey <[email protected]> Signed-off-by: Yan Avlasov <[email protected]>
envoyproxy · Apr 4, 2024 · 1257d4e · 1257d4e
1 parent 3d2b7e2
commit 1257d4e
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 15 deletions.
diff --git a/VERSION.txt b/VERSION.txt
@@ -1 +1 @@
-1.26.8-dev
+1.26.8
diff --git a/changelogs/1.26.7.yaml b/changelogs/1.26.7.yaml
@@ -0,0 +1,28 @@
+date: February 9, 2024
+
+bug_fixes:
+- area: buffer
+  change: |
+    Fixed a bug (https://github.com/envoyproxy/envoy/issues/28760) that the internal listener causes an undefined
+    behavior due to the unintended release of the buffer memory.
+- area: http
+  change: |
+    Fixed recursion when HTTP connection is disconnected due to a high number of premature resets.
+- area: proxy protocol
+  change: |
+    fixed a crash when Envoy is configured for PROXY protocol on both a listener and cluster, and the listener receives
+    a PROXY protocol header with address type LOCAL (typically used for health checks).
+- area: proxy_protocol
+  change: |
+    Fix crash due to uncaught exception when the operating system does not support an address type (such as IPv6) that is
+    received in a proxy protocol header. Connections will instead be dropped/reset.
+- area: proxy_protocol
+  change: |
+    Fixed a bug where TLVs with non utf8 characters were inserted as protobuf values into filter metadata circumventing
+    ext_authz checks when ``failure_mode_allow`` is set to ``true``.
+- area: http
+  change: |
+    Fixed crash when HTTP request idle and per try timeouts occurs within backoff interval.
+- area: url matching
+  change: |
+    Fixed excessive CPU utilization when using regex URL template matcher.
diff --git a/changelogs/current.yaml b/changelogs/current.yaml
@@ -1,25 +1,13 @@
-date: Pending
-
-behavior_changes:
-# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
-
-minor_behavior_changes:
-# *Changes that may cause incompatibilities for some users, but should not for most*
+date: April 4, 2024
 
 bug_fixes:
-# *Changes expected to improve the state of the world and are unlikely to have negative effects*
 - area: http2
   change: |
     Update nghttp2 to resolve CVE-2024-30255 (https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm).
 
-removed_config_or_runtime:
-# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
-
 new_features:
 - area: google_grpc
   change: |
     Added an off-by-default runtime flag
     ``envoy.reloadable_features.google_grpc_disable_tls_13`` to disable TLSv1.3
     usage by gRPC SDK for ``google_grpc`` services.
-
-deprecated:
diff --git a/docs/inventories/v1.26/objects.inv b/docs/inventories/v1.26/objects.inv
diff --git a/docs/versions.yaml b/docs/versions.yaml
@@ -19,4 +19,4 @@
 "1.23": 1.23.12
 "1.24": 1.24.12
 "1.25": 1.25.11
-"1.26": 1.26.6
+"1.26": 1.26.7