CVE-2024-45807: oghttp2 crash on OnBeginHeadersForStream
CVE-2024-45808: Malicious log injection via access logs
CVE-2024-45806: Potential manipulate x-envoy headers from external sources
CVE-2024-45809: Jwt filter crash in the clear route cache with remote JWKs
CVE-2024-45810: Envoy crashes for LocalReply in http async client
Docker images:
https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.31.2
Docs:
https://www.envoyproxy.io/docs/envoy/v1.31.2/
Release notes:
https://www.envoyproxy.io/docs/envoy/v1.31.2/version_history/v1.31/v1.31.2
Full changelog:
v1.31.1...v1.31.2
Signed-off-by: Boteng Yao [email protected]
Signed-off-by: Ryan Northey [email protected]