.. _version_history_1.35.0:

1.35.0 (Pending)
=================




Incompatible behavior changes
-----------------------------

*Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*



* **aws_iam**: As announced in November 2024 (see https://github.com/envoyproxy/envoy/issues/37621), the
  grpc_credentials/aws_iam extension is being deleted. Any configuration referencing this extension
  will fail to load.



Minor behavior changes
----------------------

*Changes that may cause incompatibilities for some users, but should not for most*



* **cel**: Precompile regexes in cel expressions. This can be disabled by setting the runtime guard
  ``envoy.reloadable_features.enable_cel_regex_precompilation`` to false.
* **grpc-json**: Make the :ref:`gRPC JSON transcoder filter's <config_http_filters_grpc_json_reverse_transcoder>` json print options configurable.
* **lua**: The ``metadata()`` of lua filter now will search the metadata by the :ref:`filter config name
  <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpFilter.name>` first.
  And if not found, it will search by the canonical name of the filter ``envoy.filters.http.lua``.
* **oauth2**: Reset CSRF token when token validation fails during redirection.
  If the CSRF token cookie is present during the redirection to the authorization server, it will be validated.
  Previously, if this validation failed, the oauth flow would fail. Now the CSRF token will simply be reset. This fixes
  the case where an hmac secret change causes a redirect flow, but the CSRF token cookie hasn't yet expired
  causing a CSRF token validation failure.




Removed config or runtime
-------------------------

*Normally occurs at the end of the* :ref:`deprecation period <deprecated>`



* **access_log**: Removed runtime guard ``envoy.reloadable_features.sanitize_sni_in_access_log`` and legacy code paths.
* **ext_proc**: Removed runtime guard ``envoy.reloadable_features.ext_proc_timeout_error`` and legacy code paths.
* **http**: Removed runtime guard ``envoy.reloadable_features.internal_authority_header_validator`` and legacy code paths.
* **http**: Removed runtime guard ``envoy_reloadable_features_filter_access_loggers_first`` and legacy code paths.
* **http2**: Removed runtime guard ``envoy.reloadable_features.http2_no_protocol_error_upon_clean_close`` and legacy code paths.
* **lua**: Removed runtime guard ``envoy.reloadable_features.lua_flow_control_while_http_call`` and legacy code paths.
* **quic**: Removed runtime guard ``envoy.reloadable_features.extend_h3_accept_untrusted`` and legacy code paths.
* **quic**: Removed runtime guard ``envoy.reloadable_features.quic_connect_client_udp_sockets`` and legacy code paths.
* **quic**: Removed runtime guard ``envoy.reloadable_features.quic_support_certificate_compression`` and legacy code paths.
* **runtime**: Removed runtime guard ``envoy_reloadable_features_boolean_to_string_fix`` and legacy code paths.
* **sni**: Removed runtime guard ``envoy.reloadable_features.use_route_host_mutation_for_auto_sni_san`` and legacy code paths.
* **tcp_proxy**: Removed runtime guard ``envoy.reloadable_features.tcp_tunneling_send_downstream_fin_on_upstream_trailers`` and legacy code paths.
* **websocket**: Removed runtime guard ``envoy.reloadable_features.switch_protocol_websocket_handshake`` and legacy code paths.



New features
------------


* **ext_authz**: Added ``grpc_status`` to ``ExtAuthzLoggingInfo`` in ext_authz http filter.