.. _version_history_1.27.4:

1.27.4 (April 4, 2024)
=======================




Incompatible behavior changes
-----------------------------

*Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*



* **http2**: Discard the ``Host`` header if the ``:authority`` header was received to bring Envoy into compliance with
  https://www.rfc-editor.org/rfc/rfc9113#section-8.3.1 This behavioral change can be reverted by setting runtime flag
  ``envoy.reloadable_features.http2_discard_host_header`` to false.




Bug fixes
---------

*Changes expected to improve the state of the world and are unlikely to have negative effects*



* **http2**: Update nghttp2 to resolve CVE-2024-30255 (https://github.com/envoyproxy/envoy/security/advisories/GHSA-j654-3ccm-vfmm).




New features
------------


* **google_grpc**: Added an off-by-default runtime flag
  ``envoy.reloadable_features.google_grpc_disable_tls_13`` to disable TLSv1.3
  usage by gRPC SDK for ``google_grpc`` services.