.. _version_history_1.31.0: 1.31.0 (Pending) ================= Incompatible behavior changes ----------------------------- *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required* * **ext_proc**: Adding support for :ref:`route_cache_action `. It specifies the route action to be taken when an external processor response is received in response to request headers. * **http2**: Changes the default value of ``envoy.reloadable_features.http2_use_oghttp2`` to true. This changes the codec used for HTTP/2 requests and responses. This behavior can be reverted by setting the feature to false. * **proxy_protocol**: Populate typed metadata by default in proxy protocol listener. Typed metadata can be consumed as :ref:`TlvsMetadata type `. This change can be temporarily disabled by setting the runtime flag ``envoy.reloadable_features.use_typed_metadata_in_proxy_protocol_listener`` to ``false``. * **thread_local**: Changes the behavior of the ``SlotImpl`` class destructor. With this change the destructor can be called on any thread. This behavior can be reverted by setting the runtime flag ``envoy.reloadable_features.allow_slot_destroy_on_worker_threads`` to false. Minor behavior changes ---------------------- *Changes that may cause incompatibilities for some users, but should not for most* * **access_log**: The upstream connection address, rather than the upstream host address, will be used for the ``%UPSTREAM_REMOTE_ADDRESS%``, ``%UPSTREAM_REMOTE_PORT%`` and ``%UPSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%`` access log format specifiers. This behavior can be reverted by setting the runtime guard ``envoy.reloadable_features.upstream_remote_address_use_connection`` to false. * **config**: Stricter validation of a ``google.protobuf.Duration`` field in a config, rejecting invalid values (where the number of years is over 292). This can be temporarily reverted by setting runtime guard ``envoy.reloadable_features.strict_duration_validation`` to ``false``. * **dns**: Changes the behavior of the getaddrinfo DNS resolver so that it treats EAI_NODATA and EAI_NONAME as successful queries with empty results, instead of as DNS failures. This change brings the getaddrinfo behavior in-line with the c-ares resolver behavior. This behavior can be reverted by setting the runtime guard ``envoy.reloadable_features.dns_nodata_noname_is_success`` to false. * **statistics**: Hot restart statistics like hot_restart_epoch are only set when hot restart is enabled. * **tracers**: Set status code for OpenTelemetry tracers (previously unset). * **udp**: Change GRO read buffer to 64kB to avoid MSG_TRUNC. And change the way to limit the number of packets processed per event loop to work with GRO. This behavior can be reverted by setting runtime guard ``envoy.reloadable_features.udp_socket_apply_aggregated_read_limit`` to false. * **xds**: Updated xDS-TP path naming to better comply with RFC-3986. Encoded resource paths can now include an a colon ``:``, instead of ``%3A``. This behavior can be reverted by setting the runtime flag ``envoy.reloadable_features.xdstp_path_avoid_colon_encoding`` to ``false``. Bug fixes --------- *Changes expected to improve the state of the world and are unlikely to have negative effects* * **cares**: Upgraded c-ares library to 1.20.1 and added fix to c-ares DNS implementation to additionally check for ``ARES_EREFUSED``, ``ARES_ESERVFAIL``and ``ARES_ENOTIMP`` status. Without this fix, ``DestroyChannelOnRefused`` and ``CustomResolverValidAfterChannelDestruction`` unit test will break. * **ext_authz**: Added field :ref:`validate_mutations `, which, when set to true, adds header & query parameter mutation validation to the http ext_authz filter. If an authz response contains invalid mutations, the filter responds to the downstream request with HTTP 500 Internal Server Error. If you use ext_authz with an untrusted side stream, it's recommended you set this to true. * **ext_authz**: Handle ``append_action`` from :ref:`external authorization service ` that was ignored. * **ext_authz**: Set the SNI value from the requested server name if it isn't available on the connection/socket. This applies when ``include_tls_session`` is true. The requested server name is set on a connection when filters such as the TLS inspector are used. * **http**: Fix BalsaParser resetting state too early, guarded by default-true ``envoy.reloadable_features.http1_balsa_delay_reset``. * **http**: Fix a crash when reloading the HTTP Connection Manager via ECDS. * **outlier detection**: Fixed :ref:`successful_active_health_check_uneject_host `. Before, a failed health check could uneject the host if the ``FAILED_ACTIVE_HC`` health flag had not been set. * **tls**: Fix a RELEASE_ASSERT when using :ref:`auto_sni ` if the downstream request ``:authority`` was longer than 255 characters. * **udp**: Fixed a bug that would cause Envoy to crash when updates to a pre-existing cluster were made (e.g. ``HostSet`` changes). Removed config or runtime ------------------------- *Normally occurs at the end of the* :ref:`deprecation period ` * **http**: Removed ``envoy.reloadable_features.handle_uppercase_scheme`` runtime flag and legacy code paths. * **http**: Removed ``envoy.reloadable_features.lowercase_scheme`` runtime flag and lagacy code paths. * **http**: Removed ``envoy.reloadable_features.proxy_status_upstream_request_timeout`` runtime flag and lagacy code paths. * **http**: Removed ``envoy.reloadable_features.use_cluster_cache_for_alt_protocols_filter`` runtime flag and lagacy code paths. * **router**: Removed ``envoy.reloadable_features.copy_response_code_to_downstream_stream_info`` runtime flag and legacy code paths. * **tcp**: Removed ``envoy.reloadable_features.detect_and_raise_rst_tcp_connection`` runtime flag and legacy code paths. * **upstream**: Removed ``envoy.reloadable_features.convert_legacy_lb_config`` runtime flag and lagacy code paths. New features ------------ * **access_log**: added support for :ref:`%UPSTREAM_HOST_NAME% ` for the upstream host identifier. * **aws_lambda**: The ``aws_lambda`` filter now supports the :ref:`credentials ` parameter. This enables setting AWS credentials from the filter configuration. * **cares**: Added :ref:`udp_max_queries` option to limit the number of UDP queries. * **ext_authz**: Added :ref:`disallowed_headers ` to specify headers that should never be sent to the external authentication service. Overrides :ref:`allowed_headers ` if a header matches both. * **healthcheck**: Added support to healthcheck with ProxyProtocol in TCP Healthcheck by setting :ref:`health_check_config `. * **hot_restart**: Added new command-line flag :option:`--skip-hot-restart-parent-stats`. * **http**: Added :ref:`disable_shadow_host_suffix_append ` in :ref:`request_mirror_policies ` for disabling appending of the ``-shadow`` suffix to the shadowed host/authority header. * **matching**: Added :ref:`Filter State Input ` for matching http input based on filter state objects. * **open_telemetry**: added :ref:`stat_prefix ` configuration to support additional stat prefix for the OpenTelemetry logger. * **quic**: Added support for QUIC server preferred address when there is a DNAT between the client and Envoy. See :ref:`new config `. * **redis**: Added support for `inline commands `_. Deprecated ---------- * **tracing**: Disable OpenCensus by default, as it is `no longer supported/maintained upstream `_. This extension can be replaced with the OpenTelemetry tracer and collector.