Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: postmortem for CVE-2019-990[01] #6597

Merged
merged 3 commits into from
Apr 23, 2019
Merged

security: postmortem for CVE-2019-990[01] #6597

merged 3 commits into from
Apr 23, 2019

Conversation

htuch
Copy link
Member

@htuch htuch commented Apr 15, 2019

No description provided.

@htuch
security: postmortem for CVE-2019-990[01]
73a36c6 
Signed-off-by: Harvey Tuch <htuch@google.com>
htuch added a commit to htuch/envoy that referenced this pull request Apr 15, 2019
@htuch
Minor updates based on envoyproxy#6597.
2a116c3 
Signed-off-by: Harvey Tuch <htuch@google.com>
@htuch
Mention that Istio needed compile-time patch in addition.
f9c4eb2 
Signed-off-by: Harvey Tuch <htuch@google.com>
@htuch
Copy link
Member Author

htuch commented Apr 15, 2019

@lizan @mattklein123 @destijl @liggitt @duderino @silentdai @PiotrSikora @jplevyak @fpesce @yangminzhu @liminw FYI

@mattklein123 mattklein123 self-assigned this Apr 16, 2019
@htuch
Copy link
Member Author

htuch commented Apr 17, 2019

I don't think we had any additional changes to this document that came up yesterday, but if I missed something please chime in. Otherwise, maybe merge in a day or 2 if there's no further feedback?

PiotrSikora
PiotrSikora previously approved these changes Apr 19, 2019
View reviewed changes
Copy link
Contributor

@PiotrSikora PiotrSikora left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for putting this together!

security/postmortems/cve-2019-9900.md Show resolved Hide resolved
security/postmortems/cve-2019-9900.md Outdated Show resolved Hide resolved
security/postmortems/cve-2019-9900.md Outdated Show resolved Hide resolved
security/postmortems/cve-2019-9900.md Outdated Show resolved Hide resolved
@htuch
Piotr feedback.
9732653 
Signed-off-by: Harvey Tuch <htuch@google.com>
mattklein123
mattklein123 approved these changes Apr 23, 2019
View reviewed changes
Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for doing this!

@htuch htuch merged commit a5a3331 into envoyproxy:master Apr 23, 2019
@htuch htuch deleted the security-postmortem branch April 23, 2019 20:29
mpuncel added a commit to mpuncel/envoy that referenced this pull request Apr 24, 2019
@mpuncel
Merge branch 'master' into mpuncel/hedging-impl
acb40e0 
* master:
  docs: add extension policy (envoyproxy#6678)
  ext_authz: added ability to detect partial request body data (envoyproxy#6583)
  version_history.rst: jwt_authn change missed 1.10.0 (envoyproxy#6684)
  docs: fix link in pull request template (envoyproxy#6679)
  Explicitly convert absl::string_view to std::string. (envoyproxy#6687)
  docs: improving watermark docs/comments (envoyproxy#6683)
  http filter: add CSRF filter (envoyproxy#6470)
  event: reintroduce dispatcher stats (envoyproxy#6659)
  security: postmortem for CVE-2019-990[01] (envoyproxy#6597)
  Improve build rules for (test only) library quic_port_utils. (envoyproxy#6672)
  spell check: skip unsupported extensions when called with a file (envoyproxy#6648)
  Changed TestHooks to ListenerHooks (envoyproxy#6642)
  proto: move extension-specific linking validation into extensions (envoyproxy#6657)
  stats: add/test heterogenous set of StatNameStorage objects. (envoyproxy#6504)
  docs: move xds protocol to rst (envoyproxy#6670)
  fix version history order (envoyproxy#6671)

Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattklein123 mattklein123 mattklein123 approved these changes

@PiotrSikora PiotrSikora PiotrSikora left review comments

Assignees

@mattklein123 mattklein123

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@htuch @PiotrSikora @mattklein123