.. _version_history_1.12.2:

1.12.2 (December 10, 2019)
===========================



Changes
-------


* **http**: added strict authority checking. This can be reversed temporarily by setting the runtime feature ``envoy.reloadable_features.strict_authority_validation`` to false.
* **http**: fixed CVE-2019-18801 by allocating sufficient memory for request headers.
* **http**: fixed CVE-2019-18802 by implementing stricter validation of HTTP/1 headers.
* **http**: trim LWS at the end of header keys, for correct HTTP/1.1 header parsing.
* **route config**: fixed CVE-2019-18838 by checking for presence of host/path headers.