You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Envoy Proxy has published a security advisory regarding CVE-2024-30255 HTTP/2: CPU exhaustion due to CONTINUATION frame flood. Is Emissary-ingress affected by CVE-2024-30255? If so, should it be upgraded to the fixed Envoy release 1.28.2?
Thanks!
The text was updated successfully, but these errors were encountered:
Ambassador will push a PR to address this soon (Moderate security level) but we are not planning any releases at this time. The Emissary release schedule now depends on the Maintainers and is currently TBD (since our decoupling of Emissary releases from the licensed version Edge Stack late last year). It is possible to build Emissary from source to capture PRs that have been merged but not yet released. Feel free to direct questions to me (Cindy Mullins) at a8r.io/slack.
Describe the bug
Envoy Proxy has published a security advisory regarding
CVE-2024-30255
HTTP/2: CPU exhaustion due to CONTINUATION frame flood. Is Emissary-ingress affected by CVE-2024-30255? If so, should it be upgraded to the fixed Envoy release 1.28.2?Thanks!
The text was updated successfully, but these errors were encountered: