1.17.2 (April 15, 2021)
=======================

Incompatible Behavior Changes
-----------------------------
*Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*

Minor Behavior Changes
----------------------
*Changes that may cause incompatibilities for some users, but should not for most*

Bug Fixes
---------
*Changes expected to improve the state of the world and are unlikely to have negative effects*

* http: fixed a crash upon receiving empty HTTP/2 metadata frames. Received empty metadata frames are now counted in the HTTP/2 codec stat :ref:`metadata_empty_frames <v1.17.2:config_http_conn_man_stats_per_codec>`.
* http: fixed a remotely exploitable integer overflow via a very large grpc-timeout value causes undefined behavior.
* http: reverting a behavioral change where upstream connect timeouts were temporarily treated differently from other connection failures. The change back to the original behavior can be temporarily reverted by setting ``envoy.reloadable_features.treat_upstream_connect_timeout_as_connect_failure`` to false.
* tls: fix a crash when peer sends a TLS Alert with an unknown code.

Removed Config or Runtime
-------------------------
*Normally occurs at the end of the* :ref:`deprecation period <v1.17.2:deprecated>`

New Features
------------
* dispatcher: supports a stack of ``Envoy::ScopeTrackedObject`` instead of a single tracked object. This will allow Envoy to dump more debug information on crash.

Deprecated
----------