New API Development Platform, join Blackbird Beta and try it now Learn More

Pricing
Log inStart Free TrialContact Us
Back to blog
EDGE STACK API GATEWAY, TELEPRESENCE

Emissary-ingress, Edge Stack, and Telepresence Security Updates

October 16, 2023 | 3 min read

Envoy Proxy upgrade resolving HTTP/2 Stream Cancellation Attack & CPU starvation along with Go upgrade resolving CVE-2023-39323 and CVE-2023-39325.


We have released the following security updates to Emissary-ingress, Edge Stack API Gateway, and Telepresence. These updates include upgrades to the Envoy and Go dependencies to address the recently announced security vulnerabilities.

  • Emissary-ingress and Edge Stack 3.8.2 for API Gateway and ingress controller users
  • Telepresence Smart Agent 1.13.22 for our Telepresence users

We recommend all users upgrade to the latest version of these products as soon as possible to mitigate potential attacks that may become prevalent following the security announcement.


Envoy Proxy Vulnerabilities

Emissary-ingress and Edge Stack API Gateway have been updated to the latest patched version of Envoy Proxy 1.26.4, and the Telepresence Smart Agent has been updated to Envoy Proxy 1.26.5.


These updates addressed the following vulnerabilities:

  • CVE 2023-44487: HTTP/2 Rapid Reset Vulnerability (in Envoy) allowing denial of service attacks

Go Vulnerabilities

Emissary-ingress and Edge Stack API Gateway have been updated to Go version 1.20.10 and the Telepresence Smart Agent has been updated to 1.21.3.

These updates addressed the following vulnerabilities:

  • CVE-2023-39323: Build time “//go:cgo_" directives bypass allowing unexpected execution of arbitrary code when running “go build”
  • CVE-2023-39325: HTTP/2 Rapid Reset Vulnerability (in Go) allowing denial of service attacks

Security Response

Security is critical to Ambassador Labs. If you discover any security issues in Ambassador Labs, please privately email secalert@datawire.io. We will continue to release updates in response to disclosed security vulnerabilities.

Upgrading Emissary-ingress and Edge Stack

The latest versions of Emissary-ingress and Edge Stack API Gateway are now available here:


To install Edge Stack API Gateway, follow the quick start.

Please follow the instructions here to upgrade from your current Edge Stack to 3.X.

Upgrading to Telepresence

Telepresence versions after 2.6.0 will automatically update the smart agent to 1.13.22, unless you’ve configured a specific version of the smart agent. If you’re running an older version of Telepresence, we strongly recommend you upgrade.


Get Started with Ambassador Cloud

Ambassador Cloud provides a web-based user interface to manage Telepresence, Emissary-ingress, and Edge Stack. for a free account today!

Sign up for a free account today