bump: Upstream 1.31.2 (#364)

* bump: Upstream 1.31.2 * changelog naming with spaces??? * changelog: condense * changelog: version:
solo-io · Sep 24, 2024 · e34fd2d · e34fd2d
1 parent dc27349
commit e34fd2d
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 2 deletions.
diff --git a/bazel/repository_locations.bzl b/bazel/repository_locations.bzl
@@ -2,8 +2,8 @@ REPOSITORY_LOCATIONS = dict(
     # can't have more than one comment between envoy line and commit line in 
     # order to accommodate `check_extensions_build_config.sh`
     envoy = dict(
-        # envoy v1.31.0
-        commit = "7b8baff1758f0a584dcc3cb657b5032000bcb3d7",
+        # envoy v1.31.2
+        commit = "cc4a75482810de4b84c301d13deb551bd3147339",
         remote = "https://github.com/envoyproxy/envoy",
     ),
     inja = dict(

diff --git a/...patch2/transformer-metadata-subpaths.yaml → ...patch1/transformer-metadata-subpaths.yaml b/...patch2/transformer-metadata-subpaths.yaml → ...patch1/transformer-metadata-subpaths.yaml
diff --git a/changelog/v1.31.2-patch1/update-to-upstream-envoy-v1.31.2.yaml b/changelog/v1.31.2-patch1/update-to-upstream-envoy-v1.31.2.yaml
@@ -0,0 +1,14 @@
+changelog:
+  - type: DEPENDENCY_BUMP
+    issueLink: https://github.com/solo-io/solo-projects/issues/6893
+    dependencyOwner: envoyproxy
+    dependencyRepo: envoy
+    dependencyTag: v1.31.2
+    resolvesIssue: false
+    description: >-
+      Bump to 1.31.2 for envoy's following cves
+      CVE-2024-45807: oghttp2 crash on OnBeginHeadersForStream
+      CVE-2024-45808: Malicious log injection via access logs
+      CVE-2024-45806: Potential manipulate x-envoy headers from external sources
+      CVE-2024-45809: Jwt filter crash in the clear route cache with remote JWKs
+      CVE-2024-45810: Envoy crashes for LocalReply in http async client