forked from envoyproxy/envoy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path1.14.3.yaml
19 lines (18 loc) · 1.02 KB
/
1.14.3.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
date: June 30, 2020
changes:
- area: buffer
change: |
fixed CVE-2020-12603 by avoiding fragmentation, and tracking of HTTP/2 data and control frames in the output buffer.
- area: http
change: |
fixed CVE-2020-12604 by changing :ref:`stream_idle_timeout <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.stream_idle_timeout>`
to also defend against an HTTP/2 peer that does not open stream window once an entire response has been buffered to be sent to a downstream client.
- area: http
change: |
fixed CVE-2020-12605 by including request URL in request header size computation, and rejecting partial headers that exceed configured limits.
- area: listener
change: |
fixed CVE-2020-8663 by adding runtime support for :ref:`per-listener limits <config_listeners_runtime>` on active/accepted connections.
- area: overload management
change: |
fixed CVE-2020-8663 by adding runtime support for :ref:`global limits <config_overload_manager>` on active/accepted connections.