From 8fed4856a7cfe79cf60aa3682eff3ae55b231e49 Mon Sep 17 00:00:00 2001 From: Piotr Sikora Date: Tue, 30 Jun 2020 11:59:53 -0700 Subject: [PATCH] docs: 1.14.3 release notes. (#187) Signed-off-by: Piotr Sikora --- VERSION | 2 +- docs/root/intro/version_history.rst | 17 ++++++++--------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/VERSION b/VERSION index a9c9ff8b2be9..4ea8ad87e6e4 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.14.3-dev +1.14.3 diff --git a/docs/root/intro/version_history.rst b/docs/root/intro/version_history.rst index 2d329b1a1c38..47494f06cf29 100644 --- a/docs/root/intro/version_history.rst +++ b/docs/root/intro/version_history.rst @@ -1,15 +1,14 @@ Version history --------------- -1.14.3 (Pending) -================ -* http: the :ref:`stream_idle_timeout ` - now also defends against an HTTP/2 peer that does not open stream window once an entire response - has been buffered to be sent to a downstream client. -* listener: add runtime support for `per-listener limits ` on - active/accepted connections. -* overload management: add runtime support for :ref:`global limits ` - on active/accepted connections. +1.14.3 (June 30, 2020) +====================== +* buffer: fixed CVE-2020-12603 by avoiding fragmentation, and tracking of HTTP/2 data and control frames in the output buffer. +* http: fixed CVE-2020-12604 by changing :ref:`stream_idle_timeout ` + to also defend against an HTTP/2 peer that does not open stream window once an entire response has been buffered to be sent to a downstream client. +* http: fixed CVE-2020-12605 by including request URL in request header size computation, and rejecting partial headers that exceed configured limits. +* listener: mitigated CVE-2020-8663 by adding runtime support for :ref:`per-listener limits ` on active/accepted connections. +* overload management: mitigated CVE-2020-8663 by adding runtime support for :ref:`global limits ` on active/accepted connections. 1.14.2 (June 8, 2020) =====================