I tried to use envoy 1.11.2 with istio-proxy 1.9.8 so as to avail of CVE fix (see below). I ended up in some dependency spiral. I presume it is possible to do so. Is the procedure with possible gotchas documented anywhere?
I replaced SHA refs in WORKSPACE.
ENVOY_SHA = "a2a1e3eed4214a38608ec223859fcfa8fb679b14"
ENVOY_SHA256 = "f991ff2e122b213825a22304d429e737fd2000ef63c212724e7afe3d2be4faab"