You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
okhttp: Improve certificate handling by rejecting non-ASCII subject alternative names and hostnames as seen in CVE-2021-0341 (#11749) (a0982ca). Hostnames are considered trusted and CAs are required to use punycode for non-ASCII hostnames, so this is expected to provide defense-in-depth. See also the related GoSecure blog post and the AOSP fix
xds: Preserve nonce when unsubscribing last watcher of a particular type so that new discovery requests of that type are handled correctly (1cf1927). This (along with 1cf1927) fixes a nonce-handling regression introduced in 1.66.0 that could cause resources to appear to not exist until re-creating the ADS stream. Triggering the behavior required specific config changes. It is easiest to trigger when clusters use EDS and routes are changed from one cluster to another. The error “found 0 leaf (logical DNS or EDS) clusters for root cluster” might then be seen
xds: Unexpected types in the bootstrap’s server_features should be ignored (e8ff6da). They were previously required to be strings
xds: Fixed unsupported unsigned 32 bits issue for circuit breaker (#11735) (f8f6139). This fixes clients treating large max_requests as “no requests” and failing all requests
xds: Remove xds authority label from metric registration (#11760) (6516c73). This fixes the error “Incorrect number of required labels provided. Expected: 4” introduced in 1.69.0
