diff --git a/.changelog/19276.txt b/.changelog/19276.txt new file mode 100644 index 000000000000..acd7b3c09e55 --- /dev/null +++ b/.changelog/19276.txt @@ -0,0 +1,3 @@ +```release-note:security +connect: update supported envoy versions to 1.25.11, 1.26.6, 1.27.2, 1.28.0 to address [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) +``` diff --git a/.github/workflows/nightly-test-integrations-1.15.x.yml b/.github/workflows/nightly-test-integrations-1.15.x.yml index 80597f64e2fa..c570a541abd1 100644 --- a/.github/workflows/nightly-test-integrations-1.15.x.yml +++ b/.github/workflows/nightly-test-integrations-1.15.x.yml @@ -68,7 +68,7 @@ jobs: # this is further going to multiplied in envoy-integration tests by the # other dimensions in the matrix. Currently TOTAL_RUNNERS would be # multiplied by 8 based on these values: - # envoy-version: ["1.22.11", "1.23.12", "1.24.10", "1.25.9"] + # envoy-version: ["1.22.11", "1.23.12", "1.24.12", "1.25.11"] # xds-target: ["server", "client"] TOTAL_RUNNERS: 4 JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]' @@ -102,7 +102,7 @@ jobs: strategy: fail-fast: false matrix: - envoy-version: ["1.22.11", "1.23.12", "1.24.10", "1.25.9"] + envoy-version: ["1.22.11", "1.23.12", "1.24.12", "1.25.11"] xds-target: ["server", "client"] test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }} env: diff --git a/.github/workflows/nightly-test-integrations-1.16.x.yml b/.github/workflows/nightly-test-integrations-1.16.x.yml index c4f16d9be618..d9a771c3fe13 100644 --- a/.github/workflows/nightly-test-integrations-1.16.x.yml +++ b/.github/workflows/nightly-test-integrations-1.16.x.yml @@ -68,7 +68,7 @@ jobs: # this is further going to multiplied in envoy-integration tests by the # other dimensions in the matrix. Currently TOTAL_RUNNERS would be # multiplied by 8 based on these values: - # envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"] + # envoy-version: ["1.23.12", "1.24.12", "1.25.11", "1.26.6"] # xds-target: ["server", "client"] TOTAL_RUNNERS: 4 JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]' @@ -102,7 +102,7 @@ jobs: strategy: fail-fast: false matrix: - envoy-version: ["1.23.12", "1.24.10", "1.25.9", "1.26.4"] + envoy-version: ["1.23.12", "1.24.12", "1.25.11", "1.26.6"] xds-target: ["server", "client"] test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }} env: diff --git a/.github/workflows/nightly-test-integrations-1.17.x.yml b/.github/workflows/nightly-test-integrations-1.17.x.yml index 129754e4debb..660a28374b78 100644 --- a/.github/workflows/nightly-test-integrations-1.17.x.yml +++ b/.github/workflows/nightly-test-integrations-1.17.x.yml @@ -68,7 +68,7 @@ jobs: # this is further going to multiplied in envoy-integration tests by the # other dimensions in the matrix. Currently TOTAL_RUNNERS would be # multiplied by 8 based on these values: - # envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"] + # envoy-version: ["1.24.12", "1.25.11", "1.26.6", "1.27.2"] # xds-target: ["server", "client"] TOTAL_RUNNERS: 4 JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]' @@ -102,7 +102,7 @@ jobs: strategy: fail-fast: false matrix: - envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"] + envoy-version: ["1.24.12", "1.25.11", "1.26.6", "1.27.2"] xds-target: ["server", "client"] test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }} env: diff --git a/.github/workflows/nightly-test-integrations.yml b/.github/workflows/nightly-test-integrations.yml index 5e30df72229e..0fd1bcc1a79e 100644 --- a/.github/workflows/nightly-test-integrations.yml +++ b/.github/workflows/nightly-test-integrations.yml @@ -65,7 +65,7 @@ jobs: # this is further going to multiplied in envoy-integration tests by the # other dimensions in the matrix. Currently TOTAL_RUNNERS would be # multiplied by 8 based on these values: - # envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"] + # envoy-version: ["1.25.11", "1.26.6", "1.27.2", "1.28.0"] # xds-target: ["server", "client"] TOTAL_RUNNERS: 4 JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]' @@ -99,7 +99,7 @@ jobs: strategy: fail-fast: false matrix: - envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"] + envoy-version: ["1.25.11", "1.26.6", "1.27.2", "1.28.0"] xds-target: ["server", "client"] test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }} env: diff --git a/.github/workflows/test-integrations-windows.yml b/.github/workflows/test-integrations-windows.yml index 8ece1ef6c9b7..954828996112 100644 --- a/.github/workflows/test-integrations-windows.yml +++ b/.github/workflows/test-integrations-windows.yml @@ -54,7 +54,7 @@ jobs: strategy: fail-fast: false matrix: - envoy-version: [ "1.27.0" ] + envoy-version: [ "1.28.0" ] xds-target: [ "server", "client" ] env: ENVOY_VERSION: ${{ matrix.envoy-version }} diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml index fdbe9418eda3..c7ea52111e8b 100644 --- a/.github/workflows/test-integrations.yml +++ b/.github/workflows/test-integrations.yml @@ -81,7 +81,6 @@ jobs: strategy: matrix: nomad-version: ['v1.6.2', 'v1.5.9', 'v1.4.13'] - steps: - name: Checkout Nomad uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 @@ -260,8 +259,8 @@ jobs: env: # this is further going to multiplied in envoy-integration tests by the # other dimensions in the matrix. Currently TOTAL_RUNNERS would be - # multiplied by 8 based on these values: - # envoy-version: ["1.24.10", "1.25.9", "1.26.4", "1.27.0"] + # multiplied by 2 based on these values: + # envoy-version: ["1.28.0"] # xds-target: ["server", "client"] TOTAL_RUNNERS: 4 JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]' @@ -295,7 +294,7 @@ jobs: strategy: fail-fast: false matrix: - envoy-version: ["1.27.0"] + envoy-version: ["1.28.0"] xds-target: ["server", "client"] test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }} env: diff --git a/envoyextensions/xdscommon/envoy_versioning_test.go b/envoyextensions/xdscommon/envoy_versioning_test.go index bc02e9c4aadc..ed77c00eb20c 100644 --- a/envoyextensions/xdscommon/envoy_versioning_test.go +++ b/envoyextensions/xdscommon/envoy_versioning_test.go @@ -151,10 +151,10 @@ func TestDetermineSupportedProxyFeaturesFromString(t *testing.T) { } */ for _, v := range []string{ - "1.24.0", "1.24.1", "1.24.2", "1.24.3", "1.24.4", "1.24.5", "1.24.6", "1.24.7", "1.24.8", "1.24.9", "1.24.10", - "1.25.0", "1.25.1", "1.25.2", "1.25.3", "1.25.4", "1.25.5", "1.25.6", "1.25.7", "1.25.8", "1.25.9", - "1.26.0", "1.26.1", "1.26.2", "1.26.3", "1.26.4", - "1.27.0", + "1.25.0", "1.25.1", "1.25.2", "1.25.3", "1.25.4", "1.25.5", "1.25.6", "1.25.7", "1.25.8", "1.25.9", "1.25.10", "1.25.11", + "1.26.0", "1.26.1", "1.26.2", "1.26.3", "1.26.4", "1.26.5", "1.26.6", + "1.27.0", "1.27.1", "1.27.2", + "1.28.0", } { cases[v] = testcase{expect: SupportedProxyFeatures{}} } diff --git a/envoyextensions/xdscommon/proxysupport.go b/envoyextensions/xdscommon/proxysupport.go index 764d967616f6..22384f71cc9f 100644 --- a/envoyextensions/xdscommon/proxysupport.go +++ b/envoyextensions/xdscommon/proxysupport.go @@ -12,10 +12,10 @@ import "strings" // // see: https://www.consul.io/docs/connect/proxies/envoy#supported-versions var EnvoyVersions = []string{ - "1.27.0", - "1.26.4", - "1.25.9", - "1.24.10", + "1.28.0", + "1.27.2", + "1.26.6", + "1.25.11", } // UnsupportedEnvoyVersions lists any unsupported Envoy versions (mainly minor versions) that fall diff --git a/website/content/docs/connect/proxies/envoy.mdx b/website/content/docs/connect/proxies/envoy.mdx index 1b9f270320b5..890d980f4cb5 100644 --- a/website/content/docs/connect/proxies/envoy.mdx +++ b/website/content/docs/connect/proxies/envoy.mdx @@ -39,9 +39,9 @@ Consul supports **four major Envoy releases** at the beginning of each major Con | Consul Version | Compatible Envoy Versions | | ------------------- | -----------------------------------------------------------------------------------| -| 1.16.x | 1.26.4, 1.25.9, 1.24.10, 1.23.12 | -| 1.15.x | 1.25.9, 1.24.10, 1.23.12, 1.22.11 | -| 1.14.x | 1.24.10, 1.23.12, 1.22.11, 1.21.6 | +| 1.17.x | 1.27.2, 1.26.6, 1.25.11, 1.24.12 | +| 1.16.x | 1.26.6, 1.25.11, 1.24.12, 1.23.12 | +| 1.15.x | 1.25.11, 1.24.12, 1.23.12, 1.22.11 | ### Envoy and Consul Dataplane @@ -49,9 +49,9 @@ The Consul dataplane component was introduced in Consul v1.14 as a way to manage | Consul Version | Default `consul-dataplane` Version | Other compatible `consul-dataplane` Versions | | ------------------- | ------------------------------------------------------------|----------------------------------------------| -| 1.16.x | 1.2.x (Envoy 1.26.x) | 1.1.x (Envoy 1.25.x) | +| 1.17.x | 1.3.x (Envoy 1.27.x) | 1.2.x (Envoy 1.26.x) | +| 1.16.x | 1.2.x (Envoy 1.26.x) | 1.3.x (Envoy 1.27.x), 1.1.x (Envoy 1.25.x) | | 1.15.x | 1.1.x (Envoy 1.25.x) | 1.2.x (Envoy 1.26.x), 1.0.x (Envoy 1.24.x) | -| 1.14.x | 1.0.x (Envoy 1.24.x) | 1.1.x (Envoy 1.25.x) | ## Getting Started