Skip to content

upgrading envoy to 1.33.2 and fixing CVEs #719

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 21 commits into
base: main
Choose a base branch
from
Open

upgrading envoy to 1.33.2 and fixing CVEs #719

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
1ea9646
upgrading envoy to 1.33.2 and fixing CVEs GO-2025-3595 in golang.org/…
nitin-sachdev-29 Apr 18, 2025
9a8eeb9
added changelog
nitin-sachdev-29 Apr 18, 2025
09c503f
executed go mod tidy
nitin-sachdev-29 Apr 18, 2025
d78d40d
fixed changelog
nitin-sachdev-29 Apr 18, 2025
2a9d4b5
upgraded go version
nitin-sachdev-29 Apr 18, 2025
41377ec
upgraded ubuntu to latest
nitin-sachdev-29 Apr 18, 2025
2ebbf79
fixed build pipeline
nitin-sachdev-29 Apr 18, 2025
169ef4d
changed ubuntu version
nitin-sachdev-29 Apr 18, 2025
cc26736
Update build.yml
anandmukul93 Apr 18, 2025
4478dbb
Fixed glibc libraries not found with a step for installing them
anandmukul93 Apr 18, 2025
2173bbe
build test fix
anandmukul93 Apr 23, 2025
86dceb6
Trigger Build
anandmukul93 Apr 23, 2025
26ecc82
clubbed container
anandmukul93 Apr 23, 2025
ab3d31d
added local docker repository service
anandmukul93 Apr 23, 2025
ab78cdf
directory failure fix
anandmukul93 Apr 23, 2025
2ff7806
bin_name passing to docker fix
anandmukul93 Apr 23, 2025
c636831
make clean optional
anandmukul93 Apr 23, 2025
e44bb50
reproducible nope setting test
anandmukul93 Apr 23, 2025
a6a8d76
fixing ubuntu-runner for docker build step
anandmukul93 Apr 23, 2025
fde86f1
fix : CGO_ENABLED=0 for non-fips as env not set for actions-go-build
anandmukul93 Apr 23, 2025
0b8d966
chore: update CODEOWNERS to include consul-selfmanage-maintainers for…
nitin-sachdev-29 Apr 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .changelog/719.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
```release-note:security
Upgraded `x/net` to 0.38.0. This resolves [GO-2025-3595](https://pkg.go.dev/vuln/GO-2025-3595)
Upgraded `envoy` to 1.33.2.
```
4 changes: 2 additions & 2 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
# prebuilt binaries in any other form.
#
ARG GOLANG_VERSION
FROM envoyproxy/envoy-distroless:v1.33.0 as envoy-binary
FROM envoyproxy/envoy-distroless:v1.33.2 as envoy-binary

# Modify the envoy binary to be able to bind to privileged ports (< 1024).
FROM debian:bullseye-slim AS setcap-envoy-binary
Expand All @@ -27,7 +27,7 @@ RUN apt-get update && apt install -y libcap2-bin
RUN setcap CAP_NET_BIND_SERVICE=+ep /usr/local/bin/envoy
RUN setcap CAP_NET_BIND_SERVICE=+ep /usr/local/bin/$BIN_NAME

FROM hashicorp/envoy-fips:1.33.0-fips1402 as envoy-fips-binary
FROM hashicorp/envoy-fips:1.33.2-fips1402 as envoy-fips-binary

# Modify the envoy-fips binary to be able to bind to privileged ports (< 1024).
FROM debian:bullseye-slim AS setcap-envoy-fips-binary
Expand Down
4 changes: 2 additions & 2 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module github.com/hashicorp/consul-dataplane

go 1.23.6
go 1.23.8

require (
dario.cat/mergo v1.0.0
Expand Down Expand Up @@ -40,7 +40,7 @@ require (
github.com/prometheus/common v0.37.0 // indirect
github.com/prometheus/procfs v0.8.0 // indirect
github.com/stretchr/objx v0.5.2 // indirect
golang.org/x/net v0.37.0 // indirect
golang.org/x/net v0.38.0 // indirect
golang.org/x/sys v0.31.0 // indirect
golang.org/x/text v0.23.0 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e // indirect
Expand Down
4 changes: 2 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -353,8 +353,8 @@ golang.org/x/net v0.0.0-20210331212208-0fccb6fa2b5c/go.mod h1:p54w0d4576C0XHj96b
golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
Expand Down
2 changes: 1 addition & 1 deletion integration-tests/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ require (
github.com/sirupsen/logrus v1.9.0 // indirect
golang.org/x/crypto v0.22.0 // indirect
golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 // indirect
golang.org/x/net v0.24.0 // indirect
golang.org/x/net v0.38.0 // indirect
golang.org/x/sys v0.19.0 // indirect
golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e // indirect
Expand Down
Loading