AWS AWSCloudFormation documentation change
Summary
Clarified HTTP/2 connection behavior and header validation requirements for ALB
Security assessment
The change adds documentation about stricter HTTP/2 header validation rules which helps prevent header injection attacks, but does not indicate a specific security vulnerability being patched.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-elasticloadbalancingv2-loadbalancer-loadbalancerattribute.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-elasticloadbalancingv2-loadbalancer-loadbalancerattribute.md index 68e236204..b27791fbd 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-properties-elasticloadbalancingv2-loadbalancer-loadbalancerattribute.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-elasticloadbalancingv2-loadbalancer-loadbalancerattribute.md @@ -92 +92 @@ The following attributes are supported by only Application Load Balancers: - * `routing.http2.enabled` \- Indicates whether HTTP/2 is enabled. The possible values are `true` and `false`. The default is `true`. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. + * `routing.http2.enabled` \- Indicates whether clients can connect to the load balancer using HTTP/2. If `true`, clients can connect using HTTP/2 or HTTP/1.1. However, all client requests are subject to the stricter HTTP/2 header validation rules. For example, message header names must contain only alphanumeric characters and hyphens. If `false`, clients must connect using HTTP/1.1. The default is `true`.