diff --git a/docs/root/intro/version_history.rst b/docs/root/intro/version_history.rst index a1a182add892..3f8ec4b70ff7 100644 --- a/docs/root/intro/version_history.rst +++ b/docs/root/intro/version_history.rst @@ -5,6 +5,8 @@ Version history ========================== * http: fixed CVE-2019-18801 by allocating sufficient memory for request headers. * http: fixed CVE-2019-18802 by implementing stricter validation of HTTP/1 headers. +* http: trim LWS at the end of header keys, for correct HTTP/1.1 header parsing. +* http: added strict authority checking. This can be reversed temporarily by setting the runtime feature `envoy.reloadable_features.strict_authority_validation` to false. * route config: fixed CVE-2019-18838 by checking for presence of host/path headers. 1.12.1 (November 8, 2019) @@ -59,11 +61,9 @@ Version history * http: :ref:`AUTO ` codec protocol inference now requires the H2 magic bytes to be the first bytes transmitted by a downstream client. * http: remove h2c upgrade headers for HTTP/1 as h2c upgrades are currently not supported. * http: absolute URL support is now on by default. The prior behavior can be reinstated by setting :ref:`allow_absolute_url ` to false. -* http: added strict authority checking. This can be reversed temporarily by setting the runtime feature `envoy.reloadable_features.strict_authority_validation` to false. * http: support :ref:`host rewrite ` in the dynamic forward proxy. * http: support :ref:`disabling the filter per route ` in the grpc http1 reverse bridge filter. * http: added the ability to :ref:`configure max connection duration ` for downstream connections. -* http: trim LWS at the end of header keys, for correct HTTP/1.1 header parsing. * listeners: added :ref:`continue_on_listener_filters_timeout ` to configure whether a listener will still create a connection when listener filters time out. * listeners: added :ref:`HTTP inspector listener filter `. * listeners: added :ref:`connection balancer `