Synchronization getambassador.io ->ambassador-docs -- Nightly job - 2023-09-23

docs/edge-stack/3.8/releaseNotes.yml

@@ -32,6 +32,15 @@
 
 changelog: https://github.com/datawire/edge-stack/blob/$branch$/CHANGELOG.md
 items:
+  - version: 3.8.1
+    date: '2023-09-18'
+    notes:
+      - title: Upgrade Golang to 1.20.8
+        type: security
+        body: >-
+          Upgrading to the latest release of Golang as part of our general dependency upgrade process. This includes security fixes for CVE-2023-39318, CVE-2023-39319.
+        docs: https://go.dev/doc/devel/release#go1.20.minor
+
   - version: 3.8.0
     date: '2023-08-29'
     notes:
@@ -148,7 +157,7 @@ items:
         docs: https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md
 
   - version: 3.5.2
-    date: "2023-04-05"
+    date: '2023-04-05'
     notes:
       - title: Upgrade to Envoy 1.24.5
         type: security
@@ -228,8 +237,8 @@ items:
 
           Thanks to <a href="https://github.com/antonu17">Anton Ustyuzhanin</a>!.
         github:
-        - title: "#4809"
-          link: https://github.com/emissary-ingress/emissary/pull/4809
+          - title: '#4809'
+            link: https://github.com/emissary-ingress/emissary/pull/4809
 
       - title: Upgraded to Python 3.10
         type: change
@@ -394,8 +403,8 @@ items:
           restores the previous behavior by disabling the ext_authz call on the
           https redirect routes.
         github:
-        - title: "#4620"
-          link: https://github.com/emissary-ingress/emissary/issues/4620
+          - title: '#4620'
+            link: https://github.com/emissary-ingress/emissary/issues/4620
 
       - title: Fix regression in host_redirects with AuthService
         type: bugfix
@@ -411,17 +420,17 @@ items:
           restores the previous behavior by disabling the ext_authz call on the
           host_redirect routes.
         github:
-        - title: "#4640"
-          link: https://github.com/emissary-ingress/emissary/issues/4640
+          - title: '#4640'
+            link: https://github.com/emissary-ingress/emissary/issues/4640
 
       - title: Propagate trace headers to http external filter
         type: change
         body: >-
           Previously, tracing headers were not propagated to an ExternalFilter configured with <code>proto: http</code>. Now, adding supported tracing headers (b3, etc...) to the <code>spec.allowed_request_headers</code> will propagate them to the configured service.
         docs: topics/using/filters/external/#tracing-header-propagation
         github:
-        - title: "#3078"
-          link: https://github.com/datawire/apro/issues/3078
+          - title: '#3078'
+            link: https://github.com/datawire/apro/issues/3078
 
   - version: 3.2.0
     date: '2022-09-27'
@@ -512,8 +521,8 @@ items:
         body: >-
           Distinct services with names that are the same in the first forty characters will no longer be incorrectly mapped to the same cluster.
         github:
-        - title: "#4354"
-          link: https://github.com/emissary-ingress/emissary/issues/4354
+          - title: '#4354'
+            link: https://github.com/emissary-ingress/emissary/issues/4354
 
       - title: Properly populate alt_stats_name for Tracing, Auth and RateLimit Services
         type: bugfix
@@ -703,8 +712,8 @@ items:
           `proto: http`. Now, adding supported tracing headers (b3, etc...) to the
           `spec.allowed_request_headers` will propagate them to the configured service.
         github:
-        - title: "#3078"
-          link: https://github.com/datawire/apro/issues/3078
+          - title: '#3078'
+            link: https://github.com/datawire/apro/issues/3078
 
       - title: Diagnostics stats properly handles parsing envoy metrics with colons
         type: bugfix

docs/edge-stack/3.8/versions.yml

@@ -2,24 +2,24 @@
 branch: release/v3.8
 
 # self
-version: 3.8.0
+version: 3.8.1
 productName: "Ambassador Edge Stack"
 productNamePlural: "Ambassador Edge Stacks"
 productNamespace: ambassador
 productDeploymentName: edge-stack
 productHelmName: edge-stack
 
 # OSS (not self)
-ossVersion: 3.8.0
+ossVersion: 3.8.1
 ossDocsVersion: "pre-release"
-ossChartVersion: 8.8.0
+ossChartVersion: 8.8.1
 OSSproductName: "Emissary-ingress"
 OSSproductNamePlural: "Emissary-ingresses"
 
 # AES (self)
-aesVersion: 3.8.0
+aesVersion: 3.8.1
 aesDocsVersion: "pre-release"
-aesChartVersion: 8.8.0
+aesChartVersion: 8.8.1
 AESproductName: "Ambassador Edge Stack"
 AESproductNamePlural: "Ambassador Edge Stacks"
 

docs/edge-stack/latest/about/aes-emissary-eol.md

@@ -0,0 +1,56 @@
+# $productName$ End of Life Policy
+
+This document describes the End of Life policy and maintenance windows for Ambassador Edge Stack, and to the open source project Emissary Ingress.
+
+## Supported Versions
+
+Ambassador Edge Stack and Emissary-ingress versions are expressed as **x.y.z**, where **x** is the major version, **y** is the minor version, and **z** is the patch version, following [Semantic Versioning](https://semver.org/) terminology.
+
+**X-series (Major Versions)**
+
+- **1.y**: 1.0 GA on January 2020
+- **2.y**: 2.0.4 GA on October 2021, and 2.1.0 in December 2021.
+
+**Y-release (Minor versions)**
+
+- For 1.y, that is **1.14.z**
+- For 2.y, that is **2.3.z**
+
+In this document, **Current** refers to the latest X-series release.
+
+Maintenance refers to the previous X-series release, including security and Sev1 defect patches.
+
+## CNCF Ecosystem Considerations
+
+- Envoy releases a major version every 3 months and supports its previous releases for 12 months. Envoy does not support any release longer than 12 months.
+- Kubernetes 1.19 and newer receive 12 months of patch support (The [Kubernetes Yearly Support Period](https://github.com/kubernetes/enhancements/blob/master/keps/sig-release/1498-kubernetes-yearly-support-period/README.md)).
+
+# The Policy
+
+> We will offer a 6 month maintenance window for the latest Y-release of an X-series after a new X-series goes GA and becomes the current release. For example, we will support 2.3 for severity 1 and defect patches for six months after 3.0 is released.
+>
+
+> During the maintenance window, Y-releases will only receive security and Sev1 defect patches. Users desiring new features or bug fixes for lower severity defects will need to upgrade to the current X-series.
+>
+
+> The current X-series will receive as many Y-releases as necessary and as often as we have new features or patches to release.
+>
+
+> Ambassador Labs offers no-downtime migration to current versions from maintenance releases. Migration from releases that are outside of the maintenance window may be subject to downtime.
+>
+
+> Artifacts of releases outside of the maintenance window will be frozen and will remain available publicly for download with the best effort. These artifacts include Docker images, application binaries, Helm charts, etc.
+>
+
+### When we say support with “defect patches”, what do we mean?
+
+- We will fix security issues in our Emissary-ingress and Ambassador Edge Stack code
+- We will pick up security fixes from dependencies as they are made available
+- We will not maintain forks of our major dependencies
+- We will not attempt our own back ports of critical fixes to dependencies which are out of support from their own communities
+
+## Extended Maintenance for 1.14
+
+Given this policy, we should have dropped maintenance for 1.14 in March 2022, however we recognize that the introduction of an EOL policy necessitates a longer maintenance window. For this reason, we do offer an "extended maintenance" window for 1.14 until the end of September 2022, 3 months after the latest 2.3 release. Please note that this extended maintenance window will not apply to customers using Kubernetes 1.22 and above, and this extended maintenance will also not provide a no-downtime migration path from 1.14 to 3.0.
+
+After September 2022, the current series will be 3.x, and the maintenance series will be 2.y.