1.11.2 (October 8, 2019)
Changes
- http: added common_http_protocol_options Runtime feature - envoy.reloadable_features.max_request_headers_countoverrides the default limit for downstream max headers count.
- http: added max headers count for http connections. The default limit is 100. 
- http: fixed CVE-2019-15226 by adding a cached byte size in HeaderMap. 
- regex: backported safe regex matcher fix for CVE-2019-15225. 
- upstream: runtime feature - envoy.reloadable_features.max_response_headers_countoverrides the default limit for upstream max headers count.
Deprecated
- hcm: Use of idle_timeout is deprecated. Use common_http_protocol_options instead.