.. _version_history_1.14.2:

1.14.2 (June 8, 2020)
======================



Changes
-------


* **http**: fixed CVE-2020-11080 by rejecting HTTP/2 SETTINGS frames with too many parameters.
* **http**: the :ref:`stream_idle_timeout <v1.14:envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.stream_idle_timeout>`
  now also defends against an HTTP/2 peer that does not open stream window once an entire response
  has been buffered to be sent to a downstream client.
* **listener**: Add runtime support for :ref:`per-listener limits <v1.14:config_listeners>` on
  active/accepted connections.
* **overload management**: Add runtime support for :ref:`global limits <v1.14:config_overload_manager>`
  on active/accepted connections.