1.12.3 (March 3, 2020)

Changes

  • buffer: force copy when appending small slices to OwnedImpl buffer to avoid fragmentation.

  • http: added HTTP/1.1 flood protection. Can be temporarily disabled using the runtime feature envoy.reloadable_features.http1_flood_protection.

  • listeners: fixed issue where TLS inspector listener filter could have been bypassed by a client using only TLS 1.3.

  • rbac: added url_path for matching URL path without the query and fragment string.

  • sds: fixed the SDS vulnerability that TLS validation context (e.g., subject alt name or hash) cannot be effectively validated in some cases.