From b1ae9a80f18e64ec388223352f41a557e8f426ba Mon Sep 17 00:00:00 2001
From: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Date: Fri, 5 Jul 2024 15:24:42 +0000
Subject: [PATCH 1/2] backport of commit
 94e1d59256191c69c5e29066fb7a79ca8d4776bd

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index c8b92424..c548f2e9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,7 +11,7 @@
 # prebuilt binaries in any other form.
 #
 ARG GOLANG_VERSION
-FROM envoyproxy/envoy-distroless:v1.29.5 as envoy-binary
+FROM envoyproxy/envoy-distroless:v1.29.7 as envoy-binary
 
 # Modify the envoy binary to be able to bind to privileged ports (< 1024).
 FROM debian:bullseye-slim AS setcap-envoy-binary
@@ -27,7 +27,7 @@ RUN apt-get update && apt install -y libcap2-bin
 RUN setcap CAP_NET_BIND_SERVICE=+ep /usr/local/bin/envoy
 RUN setcap CAP_NET_BIND_SERVICE=+ep /usr/local/bin/$BIN_NAME
 
-FROM hashicorp/envoy-fips:1.29.5-fips1402 as envoy-fips-binary
+FROM hashicorp/envoy-fips:1.29.7-fips1402 as envoy-fips-binary
 
 # Modify the envoy-fips binary to be able to bind to privileged ports (< 1024).
 FROM debian:bullseye-slim AS setcap-envoy-fips-binary

From c7b0dd4422d743dd9e72caa8b8a9aaa9492bc86d Mon Sep 17 00:00:00 2001
From: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Date: Fri, 5 Jul 2024 15:26:42 +0000
Subject: [PATCH 2/2] backport of commit
 f0f2366770054c347e7fac87e3b52a6380a6e2bf

---
 .changelog/578.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .changelog/578.txt

diff --git a/.changelog/578.txt b/.changelog/578.txt
new file mode 100644
index 00000000..df886c24
--- /dev/null
+++ b/.changelog/578.txt
@@ -0,0 +1,3 @@
+```release-note:security
+Upgrade envoy version to 1.29.7 to address [CVE-2024-39305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39305)
+```
\ No newline at end of file