1.14.2 (June 8, 2020) ===================== Changes ------- * http: fixed CVE-2020-11080 by rejecting HTTP/2 SETTINGS frames with too many parameters. * http: the :ref:`stream_idle_timeout ` now also defends against an HTTP/2 peer that does not open stream window once an entire response has been buffered to be sent to a downstream client. * listener: Add runtime support for `per-listener limits ` on active/accepted connections. * overload management: Add runtime support for :ref:`global limits ` on active/accepted connections.