Security
- server: Stop reading from the connection when flooded by HTTP/2 frames. The default value for this limit is 100 frames, excluding DATA and HEADERS, and may be changed by setting environment variable
GRPC_GO_EXPERIMENTAL_CONTROL_BUFFER_THROTTLE_LIMIT. - xds/rbac: Support
MetadataandRequestedServerNamepermissions matcher fields. If present in a DENY rule, previously these would be ignored and fail-open. - xds/rbac: Fix panic when parsing unsupported fields in
NotRule/NotIdpermissions. - xds/rbac: Support the deprecated
source_ipprincipal identifier by treating it as equivalent todirect_remote_ip.