1.11.2 (October 8, 2019) ======================== Changes ------- * http: fixed CVE-2019-15226 by adding a cached byte size in HeaderMap. * http: added :ref:`max headers count ` for http connections. The default limit is 100. * upstream: runtime feature `envoy.reloadable_features.max_response_headers_count` overrides the default limit for upstream :ref:`max headers count ` * http: added :ref:`common_http_protocol_options ` Runtime feature `envoy.reloadable_features.max_request_headers_count` overrides the default limit for downstream :ref:`max headers count ` * regex: backported safe regex matcher fix for CVE-2019-15225. Deprecated ---------- * Use of :ref:`idle_timeout ` is deprecated. Use :ref:`common_http_protocol_options ` instead.