Emissary-Ingress - v3.3.0

Security

:tada: Emissary Ingress 3.3.0 :tada:

Emissary Ingress is an open source, Kubernetes-native microservices API gateway built on the Envoy Proxy.

Upgrade Emissary - https://www.getambassador.io/reference/upgrading.html
View changelog - https://github.com/emissary-ingress/emissary/blob/v3.3.0/CHANGELOG.md
Get started with Emissary on Kubernetes - https://www.getambassador.io/user-guide/getting-started

  • Security: Updated Golang to 1.19.2 to address the CVEs: CVE-2022-2879, CVE-2022-2880,
    CVE-2022-41715.

  • Bugfix: By default Emissary-ingress adds routes for http to https redirection. When an AuthService
    is applied in v2.Y of Emissary-ingress, Envoy would skip the ext_authz call for non-tls http
    request and would perform the https redirect. In Envoy 1.20+ the behavior has changed where Envoy
    will always call the ext_authz filter and must be disabled on a per route basis.
    This new behavior
    change introduced a regression in v3.0 of Emissary-ingress when it was upgraded to Envoy 1.22. The
    http to https redirection no longer works when an AuthService was applied. This fix restores the
    previous behavior by disabling the ext_authz call on the https redirect routes. (#4620)

  • Bugfix: When an AuthService is applied in v2.Y of Emissary-ingress, Envoy would skip the ext_authz
    call for all redirect routes and would perform the redirect. In Envoy 1.20+ the behavior has
    changed where Envoy will always call the ext_authz filter so it must be disabled on a per route
    basis.
    This new behavior change introduced a regression in v3.0 of Emissary-ingress when it was
    upgraded to Envoy 1.22. The host_redirect would call an AuthService prior to redirect if applied.
    This fix restores the previous behavior by disabling the ext_authz call on the host_redirect
    routes. (#4640)

  • Bugfix: Previous versions of Emissary-ingress required a workaround using TLSContexts to find
    tls secrets referenced from Ingress resources. Now tls secrets referenced are properly detected
    without requiring an additional TLSContext to reference them. (Thanks to Ole Markus!).


Details

date
Nov. 2, 2022, 1:46 p.m.
name
Emissary Ingress 3.3.0
type
Minor
👇
Register or login to:
  • 🔍View and search all Emissary-Ingress releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or