1.11.2 (October 8, 2019)
Changes
http: fixed CVE-2019-15226 by adding a cached byte size in HeaderMap.
http: added max headers count for http connections. The default limit is 100.
upstream: runtime feature envoy.reloadable_features.max_response_headers_count overrides the default limit for upstream max headers count
http: added common_http_protocol_options Runtime feature envoy.reloadable_features.max_request_headers_count overrides the default limit for downstream max headers count
regex: backported safe regex matcher fix for CVE-2019-15225.
Deprecated
- Use of idle_timeout is deprecated. Use common_http_protocol_options instead.