1.14.7 (April 15, 2020)

Changes

  • http: fixed a crash upon receiving empty HTTP/2 metadata frames. Received empty metadata frames are now counted in the HTTP/2 codec stat metadata_empty_frames.

  • http: fixed a remotely exploitable integer overflow via a very large grpc-timeout value causes undefined behavior.

  • http: fixed bugs in datadog and squash filter’s handling of responses with no bodies.

  • http: fixed URL parsing for HTTP/1.1 fully qualified URLs and connect requests containing IPv6 addresses.

  • tls: fix detection of the upstream connection close event.