Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

prepare 8.0.0 release #262

Merged
merged 1,084 commits into from
Oct 12, 2023
Merged

prepare 8.0.0 release #262

merged 1,084 commits into from
Oct 12, 2023

Conversation

LaunchDarklyReleaseBot
Copy link
Contributor

[8.0.0] - 2023-10-12

Added:

  • Added support for Payload Filters, which is an EAP feature. Please contact LaunchDarkly support for more information.
  • Added support for upcoming technology migration functionality.

Changed:

  • Expanded relayMetric to track polling requests.

Removed:

  • DisableInternalUsageMetrics configuration has been removed.

LaunchDarklyReleaseBot and others added 30 commits February 7, 2022 19:22
merge from public after release
3392b3f
@eli-darkly
pass along tags header when proxying events
027ce04
@eli-darkly
comments, rm debugging
3a1ed72
@eli-darkly
fix auth header logic
b053417
@eli-darkly
fix auth header logic some more
fb62717
@eli-darkly
comments
5c13ddc
@eli-darkly
Merge pull request #303 from launchdarkly/eb/sc-143501/tags
c111f1b 
pass along tags header when proxying events
@eli-darkly
add tags header to CORS header whitelist (#304)
fd8684d
@eli-darkly
update to Alpine 3.14.4 for CVE-2022-0778 fix
3bd9d06
@eli-darkly
Merge pull request #305 from launchdarkly/eb/sc-146436/security
237b753 
update to Alpine 3.14.4 for CVE-2022-0778 fix
@eli-darkly
Merge branch 'v6' of github.com:launchdarkly/ld-relay into v6
45eae10
@eli-darkly
minimal changes for using prerelease Go SDK v6 (#306)
ac7a5df
merge from public after release
7327015
@eli-darkly
revise "summarizing" event proxy logic to use new event processor
0538129
@eli-darkly
comments
c8d207f
@eli-darkly
force upgrade of openssl in Alpine
b4cdae1
@eli-darkly
also upgrade libretls
1a3ec08
@eli-darkly
fix it in both files
7301e03
@eli-darkly
Merge pull request #310 from launchdarkly/eb/sc-147611/openssl-update
83272fb 
update openssl and libretls in Alpine for CVE-2022-0778
@eli-darkly
update to Alpine 3.14.5 for CVE-2022-0778/CVE-2018-25032 (#308)
14aba22 
* update to Alpine 3.14.5 for CVE-2022-0778

* revert patches that are now included in Alpine 3.14.5
merge from public after release
08c8dbd
@eli-darkly
add scripts for checking and updating Go/Alpine versions (#309)
0ea34cc 
* update to Alpine 3.14.5 for CVE-2022-0778

* add scripts for checking and updating Go/Alpine versions

* also make sure the Docker images really exist

* update CONTRIBUTING.md

* fix file rename

* revert patches that are now included in Alpine 3.14.5
@eli-darkly
Merge branch 'v6' into u2c
2f2da0a
@eli-darkly
Merge branch 'u2c' into eb/sc-146802/php-events
0ee9bfc
@eli-darkly
add support & tests for handling any kind of context in eval endpoints
e98b50c
@eli-darkly
move some constants and test code out of internal/core/internal/...
f9f8e72
@eli-darkly
use a clearer import alias
de7650a
@eli-darkly
refactoring
0ba6f58
@eli-darkly
Merge pull request #307 from launchdarkly/eb/sc-146802/php-events
301ce3b 
revise "summarizing" event proxy logic to use new event processor
@eli-darkly
Merge pull request #311 from launchdarkly/eb/sc-147031/eval-contexts
8db1676 
add support & tests for handling any kind of context in eval endpoints
louis-launchdarkly and others added 24 commits August 7, 2023 13:33
@louis-launchdarkly
Merge branch 'v7' of github.com:launchdarkly/ld-relay into v7
16e9d84
@louis-launchdarkly
chore: bump Alpine to 3.18.3 for CVE (#456)
f30532e 
See 

```
┌────────────┬───────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│  Library   │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │                            Title                            │
├────────────┼───────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ libcrypto3 │ CVE-2023-2975 │ MEDIUM   │ fixed  │ 3.1.1-r1          │ 3.1.1-r2      │ AES-SIV cipher implementation contains a bug that causes it │
│            │               │          │        │                   │               │ to ignore empty...                                          │
│            │               │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2023-2975                   │
│            ├───────────────┤          │        │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│            │ CVE-2023-3446 │          │        │                   │ 3.1.1-r3      │ Excessive time spent checking DH keys and parameters        │
│            │               │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2023-3446                   │
│            ├───────────────┤          │        │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│            │ CVE-2023-3817 │          │        │                   │ 3.1.2-r0      │ Excessive time spent checking DH q parameter value          │
│            │               │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2023-3817                   │
├────────────┼───────────────┤          │        │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│ libssl3    │ CVE-2023-2975 │          │        │                   │ 3.1.1-r2      │ AES-SIV cipher implementation contains a bug that causes it │
│            │               │          │        │                   │               │ to ignore empty...                                          │
│            │               │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2023-2975                   │
│            ├───────────────┤          │        │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│            │ CVE-2023-3446 │          │        │                   │ 3.1.1-r3      │ Excessive time spent checking DH keys and parameters        │
│            │               │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2023-3446                   │
│            ├───────────────┤          │        │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│            │ CVE-2023-3817 │          │        │                   │ 3.1.2-r0      │ Excessive time spent checking DH q parameter value          │
│            │               │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2023-3817                   │
└────────────┴───────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘
```
merge from public after release
33b070c
@singhshalinis01
Name projects in a way that projects from failed jobs can be deleted …
b2d3069 
…by delete-old-projects IH job
@singhshalinis01
Add the method back
d115100
@louis-launchdarkly
fix: include the strings package
63d4f81
@louis-launchdarkly
fix: specify up to milliseconds to avoid creation conflict
9d5ff3e
@singhshalinis01
Rename projects such that they can be picked up (deleted) by delete-o…
091c94e 
…ld-projects IH job (#457)
@dependabot
chore(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to…
2a44368 
… 0.2.4 (#459)

Bumps
[github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin)
from 0.2.3 to 0.2.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cyphar/filepath-securejoin/releases">github.com/cyphar/filepath-securejoin's
releases</a>.</em></p>
<blockquote>
<h2>v0.2.4</h2>
<p>This release fixes a potential security issue in filepath-securejoin
when used on Windows (GHSA-6xv5-86q9-7xr8, which could be used to
generate paths outside of the provided rootfs in certain cases), as well
as improving the overall behaviour of filepath-securejoin when dealing
with Windows paths that contain volume names. Thanks to Paulo Gomes for
discovering and fixing these issues.</p>
<p>In addition, we've switched (at long last) to GitHub Actions and have
continuous integration testing on Linux, MacOS, and Windows.</p>
<p>Thanks to the following contributors for making this release
possible:</p>
<ul>
<li>Aleksa Sarai <a
href="mailto:[email protected]">[email protected]</a></li>
<li>Paulo Gomes <a
href="mailto:[email protected]">[email protected]</a></li>
</ul>
<p>Signed-off-by: Aleksa Sarai <a
href="mailto:[email protected]">[email protected]</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cyphar/filepath-securejoin/commit/2710d06c5b4ba3168beffa0689798d2db12e8ac4"><code>2710d06</code></a>
VERSION: release v0.2.4</li>
<li><a
href="https://github.com/cyphar/filepath-securejoin/commit/68943415e950190ee33bddfa205e42186da87802"><code>6894341</code></a>
merge <a
href="https://redirect.github.com/cyphar/filepath-securejoin/issues/9">#9</a>
into main</li>
<li><a
href="https://github.com/cyphar/filepath-securejoin/commit/c121231e1276e11049547bee5ce68d5a2cfe2d9b"><code>c121231</code></a>
Fix support for Windows</li>
<li><a
href="https://github.com/cyphar/filepath-securejoin/commit/05b64230154f962d518a3a44fcfd7b9b63bab031"><code>05b6423</code></a>
ci: switch to GHA</li>
<li><a
href="https://github.com/cyphar/filepath-securejoin/commit/64536a8a66ae59588c981e2199f1dcf410508e07"><code>64536a8</code></a>
VERSION: back to development</li>
<li>See full diff in <a
href="https://github.com/cyphar/filepath-securejoin/compare/v0.2.3...v0.2.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/cyphar/filepath-securejoin&package-manager=go_modules&previous-version=0.2.3&new-version=0.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/launchdarkly/ld-relay-private/network/alerts).

</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@keelerm84
feat: Update to support migration and event sampling (#458)
67434ea
@keelerm84
fix: Scope relay metric events per environment (#463)
7b07d8d
merge from public after release
624eef3
@louis-launchdarkly @dependabot
@ember-stevens @cwaldren-ld @mmrj @keelerm84 @LaunchDarklyReleaseBot @eli-darkly @moshegood @LaunchDarklyCI @hroederld @drichelson @bwoskow-ld @pbzona @ld-repository-standards @kparkinson-ld @singhshalinis01
Lc/merge v7 into v8 to prep for release (#465)
e994608 
Create a new branch so it is easier to try to resolve the conflicts.

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ember Stevens <[email protected]>
Co-authored-by: Casey Waldren <[email protected]>
Co-authored-by: Molly <[email protected]>
Co-authored-by: Matthew M. Keeler <[email protected]>
Co-authored-by: LaunchDarklyReleaseBot <[email protected]>
Co-authored-by: Eli Bishop <[email protected]>
Co-authored-by: LaunchDarklyReleaseBot <[email protected]>
Co-authored-by: Moshe Good <[email protected]>
Co-authored-by: Moshe Good <[email protected]>
Co-authored-by: LaunchDarklyCI <[email protected]>
Co-authored-by: hroederld <[email protected]>
Co-authored-by: Dan Richelson <[email protected]>
Co-authored-by: Dan Richelson <[email protected]>
Co-authored-by: Ben Woskow <[email protected]>
Co-authored-by: Ben Woskow <[email protected]>
Co-authored-by: Phil Z <[email protected]>
Co-authored-by: ld-repository-standards[bot] <113625520+ld-repository-standards[bot]@users.noreply.github.com>
Co-authored-by: Kane Parkinson <[email protected]>
Co-authored-by: Ember Stevens <[email protected]>
Co-authored-by: Shalini Singh <[email protected]>
Co-authored-by: Shalini Singh <[email protected]>
@louis-launchdarkly
Merge branch 'feat/uc2-migrations' into lc/test-merging-everything-to-v8
a9a8558
@keelerm84
feat: Remove support for new top level data kinds (#466)
2f7a4d1
@keelerm84
Merge branch 'v8' into private-v8
ddfd171
@keelerm84
Merge branch 'v7' into v8
803baf7
@keelerm84
Merge branch 'v8' into lc/test-merging-everything-to-v8
9a5fa42
@keelerm84
Merge branch 'feat/uc2-migrations' into lc/test-merging-everything-to-v8
680337a
@keelerm84
Remove reference to unused data-kinds
9aec4e0
@keelerm84
fix: Last minute post-merge fixes
a23bd01
@keelerm84
Merging uc2 and scm into v8 (#467)
cbaffc2
@dependabot
chore(deps): bump golang.org/x/net from 0.11.0 to 0.17.0 (#468)
f76eab4 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.11.0 to
0.17.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/net/commit/b225e7ca6dde1ef5a5ae5ce922861bda011cfabd"><code>b225e7c</code></a>
http2: limit maximum handler goroutines to MaxConcurrentStreams</li>
<li><a
href="https://github.com/golang/net/commit/88194ad8ab44a02ea952c169883c3f57db6cf9f4"><code>88194ad</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/net/commit/2b60a61f1e4cf3a5ecded0bd7e77ea168289e6de"><code>2b60a61</code></a>
quic: fix several bugs in flow control accounting</li>
<li><a
href="https://github.com/golang/net/commit/73d82efb96cacc0c378bc150b56675fc191894b9"><code>73d82ef</code></a>
quic: handle DATA_BLOCKED frames</li>
<li><a
href="https://github.com/golang/net/commit/5d5a036a503f8accd748f7453c0162115187be13"><code>5d5a036</code></a>
quic: handle streams moving from the data queue to the meta queue</li>
<li><a
href="https://github.com/golang/net/commit/350aad2603e57013fafb1a9e2089a382fe67dc80"><code>350aad2</code></a>
quic: correctly extend peer's flow control window after MAX_DATA</li>
<li><a
href="https://github.com/golang/net/commit/21814e71db756f39b69fb1a3e06350fa555a79b1"><code>21814e7</code></a>
quic: validate connection id transport parameters</li>
<li><a
href="https://github.com/golang/net/commit/a600b3518eed7a9a4e24380b4b249cb986d9b64d"><code>a600b35</code></a>
quic: avoid redundant MAX_DATA updates</li>
<li><a
href="https://github.com/golang/net/commit/ea633599b58dc6a50d33c7f5438edfaa8bc313df"><code>ea63359</code></a>
http2: check stream body is present on read timeout</li>
<li><a
href="https://github.com/golang/net/commit/ddd8598e5694aa5e966e44573a53e895f6fa5eb2"><code>ddd8598</code></a>
quic: version negotiation</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/net/compare/v0.11.0...v0.17.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/net&package-manager=go_modules&previous-version=0.11.0&new-version=0.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/launchdarkly/ld-relay-private/network/alerts).

</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@keelerm84
Merge branch 'v7' into v8
e250b70
@LaunchDarklyReleaseBot LaunchDarklyReleaseBot requested a review from a team October 12, 2023 20:14
@LaunchDarklyReleaseBot LaunchDarklyReleaseBot deleted the release-8.0.0 branch October 12, 2023 20:22
@moshegood moshegood mentioned this pull request Feb 22, 2024
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kinyoklion kinyoklion kinyoklion approved these changes

@louis-launchdarkly louis-launchdarkly louis-launchdarkly approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.