1.16.3 (April 15, 2021) ======================= Incompatible Behavior Changes ----------------------------- *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required* Minor Behavior Changes ---------------------- *Changes that may cause incompatibilities for some users, but should not for most* Bug Fixes --------- *Changes expected to improve the state of the world and are unlikely to have negative effects* * aggregate cluster: fixed a crash due to a TLS initialization issue. * http: fixed a crash upon receiving empty HTTP/2 metadata frames. Received empty metadata frames are now counted in the HTTP/2 codec stat :ref:`metadata_empty_frames `. * http: fixed a remotely exploitable integer overflow via a very large grpc-timeout value causes undefined behavior. * http: reverting a behavioral change where upstream connect timeouts were temporarily treated differently from other connection failures. The change back to the original behavior can be temporarily reverted by setting `envoy.reloadable_features.treat_upstream_connect_timeout_as_connect_failure` to false. * lua: fixed crash when Lua script contains streamInfo():downstreamSslConnection(). * overload: fix a bug that can cause use-after-free when one scaled timer disables another one with the same duration. * tls: fix a crash when peer sends a TLS Alert with an unknown code. * tls: fix detection of the upstream connection close event. Removed Config or Runtime ------------------------- *Normally occurs at the end of the* :ref:`deprecation period ` New Features ------------ Deprecated ----------