consul

Commit Graph

Author	SHA1	Message	Date
Michael Zalimeni	b8d2640429	Disable remote proxy patching except AWS Lambda (#17415 ) To avoid unintended tampering with remote downstreams via service config, refactor BasicEnvoyExtender and RuntimeConfig to disallow typical Envoy extensions from being applied to non-local proxies. Continue to allow this behavior for AWS Lambda and the read-only Validate builtin extensions. Addresses CVE-2023-2816.	2023-05-23 11:55:06 +00:00
Chris Thain	175bb1a303	Wasm Envoy HTTP extension (#16877 )	2023-04-06 14:12:07 -07:00

Author

SHA1

Message

Date

Michael Zalimeni

b8d2640429

Disable remote proxy patching except AWS Lambda (#17415 )

To avoid unintended tampering with remote downstreams via service
config, refactor BasicEnvoyExtender and RuntimeConfig to disallow
typical Envoy extensions from being applied to non-local proxies.

Continue to allow this behavior for AWS Lambda and the read-only
Validate builtin extensions.

Addresses CVE-2023-2816.

2023-05-23 11:55:06 +00:00

Chris Thain

175bb1a303

Wasm Envoy HTTP extension (#16877 )

2023-04-06 14:12:07 -07:00

2 Commits