1.12.2 (December 10, 2019)
Changes
http: fixed CVE-2019-18801 by allocating sufficient memory for request headers.
http: fixed CVE-2019-18802 by implementing stricter validation of HTTP/1 headers.
http: trim LWS at the end of header keys, for correct HTTP/1.1 header parsing.
http: added strict authority checking. This can be reversed temporarily by setting the runtime feature
envoy.reloadable_features.strict_authority_validation
to false.route config: fixed CVE-2019-18838 by checking for presence of host/path headers.
当前内容版权归 servicemesher 或其关联方所有,如需对内容或内容相关联开源项目进行关注与资助,请访问 servicemesher .