bump envoy

dduzgun-security · dduzgun-security · commit b04326e1e984 · 2025-01-20T15:18:35.000-05:00
diff --git a/.changelog/680.txt b/.changelog/680.txt
@@ -0,0 +1,16 @@
+```release-note:security
+Upgrade Go to use 1.22.11. This addresses CVE 
+[CVE-2024-45341](https://nvd.nist.gov/vuln/detail/CVE-2024-45341) and
+[CVE-2024-45336](https://nvd.nist.gov/vuln/detail/CVE-2024-45336)
+```
+
+```release-note:security
+Upgrade to support Envoy `1.32.3`. This addresses CVE 
+[CVE-2024-53269](https://nvd.nist.gov/vuln/detail/CVE-2024-53269),
+[CVE-2024-53270](https://nvd.nist.gov/vuln/detail/CVE-2024-53270) and
+[CVE-2024-53271](https://nvd.nist.gov/vuln/detail/CVE-2024-53271)
+```
+
+```release-note:security
+Upgrade Go X-Repositories version to latest.
+```
diff --git a/Dockerfile b/Dockerfile
@@ -11,7 +11,7 @@
 # prebuilt binaries in any other form.
 #
 ARG GOLANG_VERSION
-FROM envoyproxy/envoy-distroless:v1.32.1 as envoy-binary
+FROM envoyproxy/envoy-distroless:v1.32.3 as envoy-binary
 
 # Modify the envoy binary to be able to bind to privileged ports (< 1024).
 FROM debian:bullseye-slim AS setcap-envoy-binary
@@ -27,7 +27,7 @@ RUN apt-get update && apt install -y libcap2-bin
 RUN setcap CAP_NET_BIND_SERVICE=+ep /usr/local/bin/envoy
 RUN setcap CAP_NET_BIND_SERVICE=+ep /usr/local/bin/$BIN_NAME
 
-FROM hashicorp/envoy-fips:1.32.1-fips1402 as envoy-fips-binary
+FROM hashicorp/envoy-fips:1.32.3-fips1402 as envoy-fips-binary
 
 # Modify the envoy-fips binary to be able to bind to privileged ports (< 1024).
 FROM debian:bullseye-slim AS setcap-envoy-fips-binary
