1.14.2 (June 8, 2020)
=====================

Changes
-------

* http: fixed CVE-2020-11080 by rejecting HTTP/2 SETTINGS frames with too many parameters.
* http: the :ref:`stream_idle_timeout <v1.14:envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.stream_idle_timeout>`
  now also defends against an HTTP/2 peer that does not open stream window once an entire response
  has been buffered to be sent to a downstream client.
* listener: Add runtime support for :ref:`per-listener limits <v1.14:config_listeners>` on
  active/accepted connections.
* overload management: Add runtime support for :ref:`global limits <v1.14:config_overload_manager>`
  on active/accepted connections.