1.11.2 (October 8, 2019)


  • http: fixed CVE-2019-15226 by adding a cached byte size in HeaderMap.

  • http: added max headers count for http connections. The default limit is 100.

  • upstream: runtime feature envoy.reloadable_features.max_response_headers_count overrides the default limit for upstream max headers count

  • http: added common_http_protocol_options Runtime feature envoy.reloadable_features.max_request_headers_count overrides the default limit for downstream max headers count

  • regex: backported safe regex matcher fix for CVE-2019-15225.