Open ZiqianXu opened 2 months ago
Ambassador will push a PR to address this soon (Moderate security level) but we are not planning any releases at this time. The Emissary release schedule now depends on the Maintainers and is currently TBD (since our decoupling of Emissary releases from the licensed version Edge Stack late last year). It is possible to build Emissary from source to capture PRs that have been merged but not yet released. Feel free to direct questions to me (Cindy Mullins) at a8r.io/slack.
Describe the bug Envoy Proxy has published a security advisory regarding
CVE-2024-30255
HTTP/2: CPU exhaustion due to CONTINUATION frame flood. Is Emissary-ingress affected by CVE-2024-30255? If so, should it be upgraded to the fixed Envoy release 1.28.2?Thanks!