CVE-2021-4138

Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname.