.. _version_history_1.8.0: 1.8.0 (October 4, 2018) ======================== Changes ------- * **access log**: added :ref:`response flag filter ` to filter based on the presence of Envoy response flags. * **access log**: added ``REQUESTED_SERVER_NAME`` for SNI to tcp_proxy and http. * **access log**: added ``RESPONSE_DURATION`` and ``RESPONSE_TX_DURATION``. * **admin**: added :http:get:`/hystrix_event_stream` as an endpoint for monitoring envoy's statistics through `Hystrix dashboard `_. * **cli**: added support for :ref:`component log level ` command line option for configuring log levels of individual components. * **cluster**: added :ref:`option ` to merge health check/weight/metadata updates within the given duration. * **config**: added a stat :ref:`connected_state ` that indicates current connected state of Envoy with management server. * **config**: fixed stat inconsistency between xDS and ADS implementation. :ref:`update_failure ` stat is incremented in case of network failure and :ref:`update_rejected ` stat is incremented in case of schema/validation error. * **config**: regex validation added to limit to a maximum of 1024 characters. * **config**: v1 disabled by default. v1 support remains available until October via deprecated flag ``--allow-deprecated-v1-api``. * **config**: v1 disabled by default. v1 support remains available until October via flipping ``--v2-config-only=false``. * **ext_authz**: added support for configuring additional :ref:`authorization headers ` to be sent from Envoy to the authorization service. * **fault**: added support for fractional percentages in :ref:`FaultDelay ` and in :ref:`FaultAbort `. * **grpc-json**: added support for building HTTP response from `google.api.HttpBody `_. * **health check**: added support for :ref:`custom health check `. * **health check**: added support for :ref:`specifying jitter as a percentage `. * **health_check**: added :ref:`timestamp ` to the :ref:`health check event ` definition. * **health_check**: added support for :ref:`health check event logging `. * **health_check**: added support for specifying :ref:`custom request headers ` to HTTP health checker requests. * **http**: :ref:`hpack_table_size ` now controls dynamic table size of both: encoder and decoder. * **http**: added downstream_rq_completed counter for :ref:`total requests completed `, including on a :ref:`per-listener basis `. * **http**: added generic :ref:`Upgrade support `. * **http**: added support for a :ref:`delayed close timeout ` to mitigate race conditions when closing connections to downstream HTTP clients. The timeout defaults to 1 second. * **http**: added support for a :ref:`per-stream idle timeout `. This applies at both :ref:`connection manager ` and :ref:`per-route granularity `. The timeout defaults to 5 minutes; if you have other timeouts (e.g. connection idle timeout, upstream response per-retry) that are longer than this in duration, you may want to consider setting a non-default per-stream idle timeout. * **http**: added support for removing request headers using :ref:`request_headers_to_remove `. * **http**: added upstream_rq_completed counter for :ref:`total requests completed ` to dynamic HTTP counters. * **http**: better handling of HEAD requests. Now sending transfer-encoding: chunked rather than content-length: 0. * **http**: fixed missing support for appending to predefined inline headers, e.g. ``authorization``, in features that interact with request and response headers, e.g. :ref:`request_headers_to_add `. For example, a request header ``authorization: token1`` will appear as ``authorization: token1,token2``, after having :ref:`request_headers_to_add ` with ``authorization: token2`` applied. * **http**: response filters not applied to early error paths such as http_parser generated 400s. * **http**: restrictions added to reject ``:``-prefixed pseudo-headers in :ref:`custom request headers `. * **jwt-authn filter**: add support for per route JWT requirements. * **listeners**: added the ability to match :ref:`FilterChain ` using :ref:`destination_port ` and :ref:`prefix_ranges `. * **lua**: added :ref:`connection() ` wrapper and ``ssl()`` API. * **lua**: added :ref:`streamInfo() ` wrapper and ``protocol()-`` API. * **lua**: added :ref:`streamInfo():dynamicMetadata() ` API. * **network**: introduced :ref:`sni_cluster ` network filter that forwards connections to the upstream cluster specified by the SNI value presented by the client during a TLS handshake. * **proxy_protocol**: added support for HAProxy Proxy Protocol v2 (AF_INET/AF_INET6 only). * **ratelimit**: added :ref:`failure_mode_deny ` option to control traffic flow in case of rate limit service error. * **ratelimit**: added support for :repo:`api/envoy/service/ratelimit/v2/rls.proto`. Lyft's reference implementation of the `ratelimit `_ service also supports the data-plane-api proto as of v1.1.0. Envoy can use either proto to send client requests to a ratelimit server with the use of the ``use_data_plane_proto`` boolean flag in the ratelimit configuration. Support for the legacy proto ``source/common/ratelimit/ratelimit.proto`` is deprecated and will be removed at the start of the 1.9.0 release cycle. * **rbac config**: added a :ref:`principal_name ` field and removed the old ``name`` field to give more flexibility for matching certificate identity. * **rbac network filter**: a :ref:`role-based access control network filter ` has been added. * **rest-api**: added ability to set the :ref:`request timeout ` for REST API requests. * **route checker**: added v2 config support and removed support for v1 configs. * **router**: added ability to set request/response headers at the :ref:`v1.8:envoy_api_msg_route.Route` level. * **stats**: added :ref:`option to configure the DogStatsD metric name prefix ` to DogStatsdSink. * **tcp_proxy**: added support for :ref:`weighted clusters `. * **thrift_proxy**: introduced thrift configurable decoder filters. * **thrift_proxy**: introduced thrift routing, moved configuration to correct location. * **tls**: implemented :ref:`Secret Discovery Service `. * **tracing**: added support for configuration of :ref:`tracing sampling `. * **upstream**: added configuration option to the subset load balancer to take locality weights into account when selecting a host from a subset. * **upstream**: require opt-in to use the :ref:`x-envoy-original-dst-host ` header for overriding destination address when using the :ref:`Original Destination ` load balancing policy. Deprecated ---------- * **api**: Use of the v1 API (including ``*.deprecated_v1`` fields in the v2 API) is deprecated. See envoy-announce `email `_. * **clusters**: Setting hosts via ``hosts`` field in ``Cluster`` is deprecated. Use ``load_assignment`` instead. * **fault_delay**: Use of the integer ``percent`` field in `FaultDelay `_ and in `FaultAbort `_ is deprecated in favor of the new ``FractionalPercent`` based ``percentage`` field. * **options**: Use of the ``--v2-config-only`` flag. * **rate_limiting**: Use of the legacy `ratelimit.proto `_ is deprecated, in favor of the proto defined in `date-plane-api `_ Prior to 1.8.0, Envoy can use either proto to send client requests to a ratelimit server with the use of the ``use_data_plane_proto`` boolean flag in the `ratelimit configuration `_. However, when using the deprecated client a warning is logged. * **rbac**: Use of the string ``user`` field in ``Authenticated`` in `rbac.proto `_ is deprecated in favor of the new ``StringMatcher`` based ``principal_name`` field. * **routing**: Use of ``response_headers_to_*`` and ``request_headers_to_add`` are deprecated at the ``RouteAction`` level. Please use the configuration options at the ``Route`` level. * **routing**: Use of ``runtime`` in ``RouteMatch``, found in `route.proto `_. Set the ``runtime_fraction`` field instead. * **websockets**: Use of both ``use_websocket`` and ``websocket_config`` in `route.proto `_ is deprecated. Please use the new ``upgrade_configs`` in the `HttpConnectionManager `_ instead.