repo: Release v1.29.1

**Summary of changes**:

- Fix [CVE-2024-23324](GHSA-gq3v-vvhj-96j6)
- Fix [CVE-2024-23325](GHSA-5m7c-mrwr-pm26)
- Fix [CVE-2024-23322](GHSA-6p83-mfmh-qv38)
- Fix [CVE-2024-23323](GHSA-x278-4w4x-r7ch)
- Fix [CVE-2024-23327](GHSA-4h5x-x9vh-m29j)
- Assorted bug fixes

**Docker images**:
    https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.29.1
**Docs**:
    https://www.envoyproxy.io/docs/envoy/v1.29.1/
**Release notes**:
    https://www.envoyproxy.io/docs/envoy/v1.29.1/version_history/v1.29/v1.29.1
**Full changelog**:
    v1.29.0...v1.29.1

Signed-off-by: Ryan Northey <[email protected]>

VERSION.txt

@@ -1 +1 @@
-1.29.1-dev
+1.29.1

changelogs/1.26.7.yaml

@@ -0,0 +1,28 @@
+date: February 9, 2024
+
+bug_fixes:
+- area: buffer
+  change: |
+    Fixed a bug (https://github.com/envoyproxy/envoy/issues/28760) that the internal listener causes an undefined
+    behavior due to the unintended release of the buffer memory.
+- area: http
+  change: |
+    Fixed recursion when HTTP connection is disconnected due to a high number of premature resets.
+- area: proxy protocol
+  change: |
+    fixed a crash when Envoy is configured for PROXY protocol on both a listener and cluster, and the listener receives
+    a PROXY protocol header with address type LOCAL (typically used for health checks).
+- area: proxy_protocol
+  change: |
+    Fix crash due to uncaught exception when the operating system does not support an address type (such as IPv6) that is
+    received in a proxy protocol header. Connections will instead be dropped/reset.
+- area: proxy_protocol
+  change: |
+    Fixed a bug where TLVs with non utf8 characters were inserted as protobuf values into filter metadata circumventing
+    ext_authz checks when ``failure_mode_allow`` is set to ``true``.
+- area: http
+  change: |
+    Fixed crash when HTTP request idle and per try timeouts occurs within backoff interval.
+- area: url matching
+  change: |
+    Fixed excessive CPU utilization when using regex URL template matcher.

changelogs/1.27.3.yaml

@@ -0,0 +1,52 @@
+date: February 9, 2024
+
+minor_behavior_changes:
+- area: access_log
+  change: |
+    When emitting grpc logs, only downstream filter state was used. Now, both downstream and upstream filter states will be tried
+    to find the keys configured in filter_state_objects_to_log.
+
+bug_fixes:
+- area: buffer
+  change: |
+    Fixed a bug (https://github.com/envoyproxy/envoy/issues/28760) that the internal listener causes an undefined
+    behavior due to the unintended release of the buffer memory.
+- area: http
+  change: |
+    Fixed recursion when HTTP connection is disconnected due to a high number of premature resets.
+- area: grpc
+  change: |
+    Fixed a bug in gRPC async client cache which intermittently causes CPU spikes due to busy loop in timer expiration.
+- area: tracing
+  change: |
+    Fixed a bug where Datadog spans tagged as errors would not have the appropriate error property set.
+- area: tracing
+  change: |
+    Fixed a bug where child spans produced by the Datadog tracer would have an incorrect operation name.
+- area: tracing
+  change: |
+    Fixed a bug that caused the Datadog tracing extension to drop traces that
+    should be kept on account of an extracted sampling decision.
+- area: proxy protocol
+  change: |
+    fixed a crash when Envoy is configured for PROXY protocol on both a listener and cluster, and the listener receives
+    a PROXY protocol header with address type LOCAL (typically used for health checks).
+- area: proxy_protocol
+  change: |
+    Fix crash due to uncaught exception when the operating system does not support an address type (such as IPv6) that is
+    received in a proxy protocol header. Connections will instead be dropped/reset.
+- area: proxy_protocol
+  change: |
+    Fixed a bug where TLVs with non utf8 characters were inserted as protobuf values into filter metadata circumventing
+    ext_authz checks when ``failure_mode_allow`` is set to ``true``.
+- area: tls
+  change: |
+    Fix crash due to uncaught exception when the operating system does not support an address type (such as IPv6) that is
+    received in an mTLS client cert IP SAN. These SANs will be ignored. This applies only when using formatter
+    ``%DOWNSTREAM_PEER_IP_SAN%``.
+- area: http
+  change: |
+    Fixed crash when HTTP request idle and per try timeouts occurs within backoff interval.
+- area: url matching
+  change: |
+    Fixed excessive CPU utilization when using regex URL template matcher.

changelogs/1.28.1.yaml

@@ -0,0 +1,53 @@
+date: February 9, 2024
+
+behavior_changes:
+- area: listener
+  change: |
+    undeprecated runtime key ``overload.global_downstream_max_connections`` until :ref:`downstream connections monitor
+    <envoy_v3_api_msg_extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig>` extension becomes stable.
+
+bug_fixes:
+- area: buffer
+  change: |
+    Fixed a bug (https://github.com/envoyproxy/envoy/issues/28760) that the internal listener causes an undefined
+    behavior due to the unintended release of the buffer memory.
+- area: grpc
+  change: |
+    Fixed a bug in gRPC async client cache which intermittently causes CPU spikes due to busy loop in timer expiration.
+- area: tracing
+  change: |
+    Fixed a bug where Datadog spans tagged as errors would not have the appropriate error property set.
+- area: tracing
+  change: |
+    Fixed a bug where child spans produced by the Datadog tracer would have an incorrect operation name.
+- area: tracing
+  change: |
+    Fixed a bug that caused the Datadog tracing extension to drop traces that
+    should be kept on account of an extracted sampling decision.
+- area: quic
+  change: |
+    Fixed a bug in QUIC and HCM interaction which could cause use-after-free during asynchronous certificates retrieval.
+    The fix is guarded by runtime ``envoy.reloadable_features.quic_fix_filter_manager_uaf``.
+- area: proxy protocol
+  change: |
+    Fixed a crash when Envoy is configured for PROXY protocol on both a listener and cluster, and the listener receives
+    a PROXY protocol header with address type LOCAL (typically used for health checks).
+- area: proxy_protocol
+  change: |
+    Fix crash due to uncaught exception when the operating system does not support an address type (such as IPv6) that is
+    received in a proxy protocol header. Connections will instead be dropped/reset.
+- area: proxy_protocol
+  change: |
+    Fixed a bug where TLVs with non utf8 characters were inserted as protobuf values into filter metadata circumventing
+    ext_authz checks when ``failure_mode_allow`` is set to ``true``.
+- area: tls
+  change: |
+    Fix crash due to uncaught exception when the operating system does not support an address type (such as IPv6) that is
+    received in an mTLS client cert IP SAN. These SANs will be ignored. This applies only when using formatter
+    ``%DOWNSTREAM_PEER_IP_SAN%``.
+- area: http
+  change: |
+    Fixed crash when HTTP request idle and per try timeouts occurs within backoff interval.
+- area: url matching
+  change: |
+    Fixed excessive CPU utilization when using regex URL template matcher.

changelogs/current.yaml

@@ -1,13 +1,6 @@
-date: Pending
-
-behavior_changes:
-# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
-
-minor_behavior_changes:
-# *Changes that may cause incompatibilities for some users, but should not for most*
+date: February 9, 2024
 
 bug_fixes:
-# *Changes expected to improve the state of the world and are unlikely to have negative effects*
 - area: tracing
   change: |
     Added support for configuring resource detectors on the OpenTelemetry tracer.
@@ -36,12 +29,7 @@ bug_fixes:
     ``%DOWNSTREAM_PEER_IP_SAN%``.
 
 removed_config_or_runtime:
-# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
 - area: postgres proxy
   change: |
     Fix a race condition that may result from upstream servers refusing to switch to TLS/SSL.
     This fix first appeared in ``v1.29.0`` release.
-
-new_features:
-
-deprecated:

changelogs/summary.md

@@ -1,23 +1 @@
-**Summary of changes**:
 
-* Envoy Mobile can now be built without C++ exceptions using the `--define=envoy_exceptions=disabled` Bazel flag.
-* Add the logical `OR` operation to value matchers.
-* Add xDS support for Envoy Mobile Android (AAR) library.
-* Add configurable HTTP status when a global rate limit service fails.
-* Opentelemetry tracer: add support for environment resource detector.
-* Added HTTP basic auth extension.
-* Add support for ext_authz to send route metadata.
-* Allow per route body buffering configuration in ext_authz.
-* Datadog: honor extracted sampling decisions to avoid dropping samples.
-* gRPC side streams: make idle connection timeout configurable.
-* Support CEL expressions in ext_proc for extraction of request or response atributes.
-* HTTP: clear hop by hop `Transfer-Encoding` header.
-* Redis: Add support for the `WATCH` and `GETDEL` commands.
-* Adds strict mode for stateful session filter, that rejects requests if destination host is not available.
-* Internal redirects: support passing headers from response to request.
-* Add implementation of the `drop_overload` Cluster API.
-* HTTP/2: discard the `Host` header when `:authority` is present.
-* grpc_http1_bridge: add `<ignore_query_params>` option.
-* Access Log: Add `EMIT_TIME` command operator.
-* ECDS now supports composite filter.
-* Enable new oghttp2 codec for HTTP/2 connections.

docs/versions.yaml

@@ -19,6 +19,7 @@
 "1.23": 1.23.12
 "1.24": 1.24.12
 "1.25": 1.25.11
-"1.26": 1.26.6
-"1.27": 1.27.2
-"1.28": 1.28.0
+"1.26": 1.26.7
+"1.27": 1.27.3
+"1.28": 1.28.1
+"1.29": 1.29.0