deps: bump to Envoy 1.26.4

Bumps to our latest Envoy custom build based on 1.26.4 which
addresses the following CVEs:

- CVE-2023-35941 : Not affected but pulled in
- CVE-2023-35942
- CVE-2023-35943
- CVE-2023-35944

Signed-off-by: Lance Austin <laustin@datawire.io>

CHANGELOG.md

@@ -85,6 +85,14 @@ it will be removed; but as it won't be user-visible this isn't considered a brea
 
 ## RELEASE NOTES
 
+## [3.7.2] July 25, 2023
+[3.7.2]: https://github.com/emissary-ingress/emissary/compare/v3.7.1...v3.7.2
+
+### Emissary-ingress and Ambassador Edge Stack
+
+- Security: This upgrades Emissary-ingress to be built on Envoy v1.26.4 which includes a security
+  fixes for  CVE-2023-35942, CVE-2023-35943,  VE-2023-35944.
+
 ## [3.7.1] July 13, 2023
 [3.7.1]: https://github.com/emissary-ingress/emissary/compare/v3.7.0...v3.7.1
 

_cxx/envoy.mk

@@ -13,8 +13,8 @@ RSYNC_EXTRAS ?=
 
 # IF YOU MESS WITH ANY OF THESE VALUES, YOU MUST RUN `make update-base`.
   ENVOY_REPO ?= $(if $(IS_PRIVATE),git@github.com:datawire/envoy-private.git,https://github.com/datawire/envoy.git)
-  # rebase/release/v1.26.3
-  ENVOY_COMMIT ?= 3480b07639bbfcc41b7c3030091eda48fa6f699b
+  # https://github.com/datawire/envoy/tree/rebase/release/v1.26.4
+  ENVOY_COMMIT ?= bbda92fc3e3d430bd2114aa3458d3191205c9c0e
   ENVOY_COMPILATION_MODE ?= opt
   # Increment BASE_ENVOY_RELVER on changes to `docker/base-envoy/Dockerfile`, or Envoy recipes.
   # You may reset BASE_ENVOY_RELVER when adjusting ENVOY_COMMIT.

docs/releaseNotes.yml

@@ -32,6 +32,16 @@
 
 changelog: https://github.com/emissary-ingress/emissary/blob/$branch$/CHANGELOG.md
 items:
+  - version: 3.7.2
+    prevVersion: 3.7.1
+    date: '2023-07-25'
+    notes:
+      - title: Upgrade to Envoy 1.26.4
+        type: security
+        body: >-
+          This upgrades $productName$ to be built on Envoy v1.26.4 which includes a security fixes for 
+          CVE-2023-35942, CVE-2023-35943,  VE-2023-35944.
+
   - version: 3.7.1
     prevVersion: 3.7.0
     date: '2023-07-13'