repo: Release 1.24.0 (#23561)

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>

VERSION.txt

@@ -1 +1 @@
-1.24.0-dev
+1.24.0

changelogs/1.20.7.yaml

@@ -0,0 +1,7 @@
+date: July 21, 2022
+
+bug_fixes:
+- area: docker
+  change: |
+    update Docker images (``distroless`` -> ``49d2923f35d6``) to resolve CVE issues in container packages.
+

changelogs/1.21.5.yaml

@@ -0,0 +1,7 @@
+date: July 25, 2022
+
+bug_fixes:
+- area: docker
+  change: |
+    update Docker images (``distroless`` -> ``49d2923f35d6``) to resolve CVE issues in container packages.
+

changelogs/1.22.3.yaml

@@ -0,0 +1,7 @@
+date: July 27, 2022
+
+bug_fixes:
+- area: docker
+  change: |
+    update Docker images (``distroless`` -> ``49d2923f35d6``) to resolve CVE issues in container packages.
+

changelogs/1.22.4.yaml

@@ -0,0 +1,7 @@
+date: July 27, 2022
+
+bug_fixes:
+- area: repo
+  change: |
+    fix version to resolve release issue.
+

changelogs/1.22.5.yaml

@@ -0,0 +1,13 @@
+date: August 12, 2022
+
+bug_fixes:
+- area: listener
+  change: |
+    fixed a bug that doesn't handle of an update for a listener with IPv4-mapped address correctly, and that will lead to a memory leak.
+- area: repo
+  change: |
+    fix version to resolve release issue.
+- area: transport_socket
+  change: |
+    fixed a bug that prevented the tcp stats to be retrieved when running on kernels different than the kernel where Envoy was built.
+

changelogs/1.23.1.yaml

@@ -0,0 +1,7 @@
+date: August 23, 2022
+
+bug_fixes:
+- area: listener
+  change: |
+    fixed a bug that doesn't handle of an update for a listener with IPv4-mapped address correctly and that will lead to a memory leak.
+

changelogs/1.23.2.yaml

@@ -0,0 +1,8 @@
+date: October 17, 2022
+
+bug_fixes:
+- area: lua
+  change: |
+    fixed a bug causing response headers set by a Lua script to not be sent in the response (https://github.com/envoyproxy/envoy/issues/22401).
+    This bug was introduced in Envoy v1.23.0.
+

changelogs/current.yaml

@@ -1,7 +1,6 @@
-date: Pending
+date: October 19, 2022
 
 behavior_changes:
-# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
 - area: build
   change: |
     official released binary is now built on Ubuntu 20.04, requires glibc >= 2.30.
@@ -45,7 +44,6 @@ behavior_changes:
     ``envoy.reloadable_features.delta_xds_subscription_state_tracking_fix`` runtime flag to false.
 
 minor_behavior_changes:
-# *Changes that may cause incompatibilities for some users, but should not for most*
 - area: logging
   change: |
     changed the ``UPSTREAM_REMOTE_ADDRESS``, ``UPSTREAM_REMOTE_ADDRESS_WITHOUT_PORT``, and ``UPSTREAM_REMOTE_PORT`` fields to log based on the actual upstream connection rather than the upstream host. This fixes a bug where the address components were not consistently correct for Happy Eyeballs connections and proxied connections, but also means in cases where the host was selected but a connection was not established, the fields will be absent. This change can be temporarily reverted by setting the runtime guard ``envoy.reloadable_features.correct_remote_address`` to false.
@@ -75,7 +73,7 @@ minor_behavior_changes:
     support custom health check address via :ref:`health_check_config <envoy_v3_api_msg_config.endpoint.v3.endpoint.healthcheckconfig>`.
 - area: http
   change: |
-     changed shadow requests to more closely behave like the requests they are shadowing. This includes matching the upstream logging for the original request, dynamic stats, suppressing Envoy headers, respecting expected request timeout, suppressing grpc request failure code stats and strict header checks. This behaviorial change can be temporarily reverted by setting runtime guard ``envoy.reloadable_features.closer_shadow_behavior`` to false.
+    changed shadow requests to more closely behave like the requests they are shadowing. This includes matching the upstream logging for the original request, dynamic stats, suppressing Envoy headers, respecting expected request timeout, suppressing grpc request failure code stats and strict header checks. This behaviorial change can be temporarily reverted by setting runtime guard ``envoy.reloadable_features.closer_shadow_behavior`` to false.
 - area: http
   change: |
     changed the filter callback interfaces to make sure that downstream-only functionality is explicit.
@@ -102,7 +100,6 @@ minor_behavior_changes:
     No longer waiting on DNS responses in the dynamic forward proxy filter if upstream proxying is turned on. This behaviorial change can be reverted by setting runtime guard ``envoy.reloadable_features.skip_dns_lookup_for_proxied_requests`` to false.
 
 bug_fixes:
-# *Changes expected to improve the state of the world and are unlikely to have negative effects*
 - area: http
   change: |
     fixed a bug with internal redirects not being performed for drained connections.
@@ -135,7 +132,6 @@ bug_fixes:
     fixed a bug where, when runtime guard ``envoy.reloadable_features.tls_async_cert_validation`` is set to false, the wrong TLS alerts would sometimes be sent in response to certificate validation failures.
 
 removed_config_or_runtime:
-# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
 - area: auto_config
   change: |
     removed ``envoy.reloadable_features.correctly_validate_alpn`` and legacy code paths.
@@ -314,3 +310,4 @@ deprecated:
     :ref:`Route.typed_per_filter_config<envoy_v3_api_field_config.route.v3.Route.typed_per_filter_config>` or
     :ref:`WeightedCluster.ClusterWeight.typed_per_filter_config<envoy_v3_api_field_config.route.v3.WeightedCluster.ClusterWeight.typed_per_filter_config>`
     to configure the CORS HTTP filter by the type :ref:`CorsPolicy in filter <envoy_v3_api_msg_extensions.filters.http.cors.v3.CorsPolicy>`.
+

docs/versions.yaml

@@ -13,6 +13,7 @@
 "1.17": 1.17.4
 "1.18": 1.18.4
 "1.19": 1.19.5
-"1.20": 1.20.6
-"1.21": 1.21.4
-"1.22": 1.22.2
+"1.20": 1.20.7
+"1.21": 1.21.5
+"1.22": 1.22.5
+"1.23": 1.23.2