.. _version_history_1.9.1: 1.9.1 (April 2, 2019) ====================== Changes ------- * **http**: fixed CVE-2019-9900 by rejecting HTTP/1.x headers with embedded NUL characters. * **http**: fixed CVE-2019-9901 by normalizing HTTP paths prior to routing or L7 data plane processing. This defaults off and is configurable via either HTTP connection manager :ref:`normalize_path ` or the :ref:`runtime `.