.. _version_history_1.9.0:

1.9.0 (December 20, 2018)
==========================



Changes
-------


* **access log**: added ``DOWNSTREAM_CONNECTION_TERMINATION``.
* **access log**: added a :ref:`JSON logging mode <v1.9:config_access_log_format_dictionaries>` to output access logs in JSON format.
* **access log**: added dynamic metadata to access log messages streamed over gRPC.
* **admin**: :http:get:`/server_info` now exposes what stage of initialization the server is currently in.
* **admin**: :http:get:`/server_info` now responds with a JSON object instead of a single string.
* **admin**: :http:post:`/logging` now responds with 200 while there are no params.
* **admin**: added host weight to the :http:get:`/clusters?format=json` end point response.
* **admin**: added support for displaying command line options in :http:get:`/server_info` end point.
* **admin**: added support for displaying subject alternate names in :ref:`certs <v1.9:operations_admin_interface_certs>` end point.
* **circuit-breaker**: added cx_open, rq_pending_open, rq_open and rq_retry_open gauges to expose live state via :ref:`circuit breakers
  statistics <v1.9:config_cluster_manager_cluster_stats_circuit_breakers>`.
* **cluster**: set a default of 1s for :ref:`option <v1.9:envoy_api_field_Cluster.CommonLbConfig.update_merge_window>`.
* **config**: added support for :ref:`rate limiting <v1.9:envoy_api_msg_core.RateLimitSettings>` discovery request calls.
* **config**: removed support for the v1 API.
* **cors**: added :ref:`invalid/valid stats <v1.9:cors-statistics>` to filter.
* **ext-authz**: added support for providing per route config - optionally disable the filter and provide context extensions.
* **fault**: removed integer percentage support.
* **grpc-json**: added support for :ref:`ignoring query parameters
  <v1.9:envoy_api_field_config.filter.http.transcoder.v2.GrpcJsonTranscoder.ignored_query_parameters>`.
* **health check**: added :ref:`logging health check failure events <v1.9:envoy_api_field_core.HealthCheck.always_log_health_check_failures>`.
* **health check**: added ability to set :ref:`authority header value <v1.9:envoy_api_field_core.HealthCheck.GrpcHealthCheck.authority>` for gRPC
  health check.
* **http**: added HTTP/2 WebSocket proxying via :ref:`extended CONNECT <v1.9:envoy_api_field_core.Http2ProtocolOptions.allow_connect>`.
* **http**: added limits to the number and length of header modifications in all fields request_headers_to_add and
  response_headers_to_add. These limits are very high and should only be used as a last-resort safeguard.
* **http**: added support for a :ref:`request timeout
  <v1.9:envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.request_timeout>`. The timeout
  is disabled by default.
* **http**: added support for more gRPC content-type headers in :ref:`gRPC bridge filter <v1.9:config_http_filters_grpc_bridge>`, like
  application/grpc+proto.
* **http**: augmented the ``sendLocalReply`` filter API to accept an optional ``GrpcStatus`` value to override the default HTTP to
  gRPC status mapping.
* **http**: no longer adding whitespace when appending ``X-Forwarded-For headers``. **Warning**: this is not compatible with 1.7.0
  builds prior to `9d3a4eb4ac44be9f0651fcc7f87ad98c538b01ee <https://github.com/envoyproxy/envoy/pull/3610>`_. See `#3611
  <https://github.com/envoyproxy/envoy/issues/3611>`_ for details.
* **http**: no longer close the TCP connection when a HTTP/1 request is retried due to a response with empty body.
* **listeners**: added the ability to match :ref:`FilterChain <v1.9:envoy_api_msg_listener.FilterChain>` using :ref:`source_type
  <v1.9:envoy_api_field_listener.FilterChainMatch.source_type>`.
* **listeners**: all listener filters are now governed by the :ref:`listener_filters_timeout
  <v1.9:envoy_api_field_Listener.listener_filters_timeout>` setting. The hard coded 15s timeout in the :ref:`TLS inspector
  listener filter <v1.9:config_listener_filters_tls_inspector>` is superseded by this setting.
* **load balancer**: added a :ref:`configuration <v1.9:envoy_api_msg_Cluster.LeastRequestLbConfig>` option to specify the number of choices made
  in P2C.
* **logging**: added missing ``[`` in log prefix.
* **mongo_proxy**: added :ref:`dynamic metadata <v1.9:config_network_filters_mongo_proxy_dynamic_metadata>`.
* **network**: removed the reference to ``FilterState`` in ``Connection`` in favor of ``StreamInfo``.
* **rate-limit**: added :ref:`configuration
  <v1.9:envoy_api_field_config.filter.http.rate_limit.v2.RateLimit.rate_limited_as_resource_exhausted>` to specify whether the
  ``GrpcStatus`` status returned should be ``RESOURCE_EXHAUSTED`` or ``UNAVAILABLE`` when a gRPC call is rate limited.
* **rate-limit**: added :ref:`rate_limit_service <v1.9:envoy_api_msg_config.filter.http.rate_limit.v2.RateLimit>` configuration to filters.
* **rate-limit**: removed support for the legacy ratelimit service and made the data-plane-api :ref:`rls.proto
  <v1.9:envoy_api_file_envoy/service/ratelimit/v2/rls.proto>` based implementation default.
* **rate-limit**: removed the deprecated cluster_name attribute in :ref:`rate limit service configuration
  <v1.9:envoy_api_file_envoy/config/ratelimit/v2/rls.proto>`.
* **rbac**: added dynamic metadata to the network level filter.
* **rbac**: added support for permission matching by :ref:`requested server name
  <v1.9:envoy_api_field_config.rbac.v2alpha.permission.requested_server_name>`.
* **redis**: static cluster configuration is no longer required. Redis proxy will work with clusters delivered via CDS.
* **router**: added :ref:`scheme_redirect <v1.9:envoy_api_field_route.RedirectAction.scheme_redirect>` and :ref:`port_redirect
  <v1.9:envoy_api_field_route.RedirectAction.port_redirect>` to define the respective scheme and port rewriting RedirectAction.
* **router**: added ability to configure arbitrary :ref:`retriable status codes
  <v1.9:envoy_api_field_route.routeaction.retrypolicy.retriable_status_codes>`.
* **router**: added ability to set attempt count in upstream requests, see :ref:`virtual host's include request attempt count flag
  <v1.9:envoy_api_field_route.VirtualHost.include_request_attempt_count>`.
* **router**: added internal :ref:`grpc-retry-on <v1.9:config_http_filters_router_x-envoy-retry-grpc-on>` policy.
* **router**: added support for enabling upgrades on a :ref:`per-route <v1.9:envoy_api_field_route.RouteAction.upgrade_configs>` basis.
* **router**: added support for not retrying :ref:`rate limited requests <v1.9:config_http_filters_router_x-envoy-ratelimited>`. Rate limit
  filter now sets the :ref:`x-envoy-ratelimited <v1.9:config_http_filters_router_x-envoy-ratelimited>` header so the rate
  limited requests that may have been retried earlier will not be retried with this change.
* **router**: per try timeouts now starts when an upstream stream is ready instead of when the request has been fully decoded by
  Envoy.
* **router**: support configuring a default fraction of mirror traffic via :ref:`runtime_fraction
  <v1.9:envoy_api_field_route.RouteAction.RequestMirrorPolicy.runtime_key>`.
* **router**: when :ref:`max_grpc_timeout <v1.9:envoy_api_field_route.RouteAction.max_grpc_timeout>` is set, Envoy will now add or update
  the grpc-timeout header to reflect Envoy's expected timeout.
* **sandbox**: added :ref:`cors sandbox <v1.9:install_sandboxes_cors>`.
* **server**: added ``SIGINT`` (Ctrl-C) handler to gracefully shutdown Envoy like ``SIGTERM``.
* **stats**: added :ref:`stats_matcher <v1.9:envoy_api_field_config.metrics.v2.StatsConfig.stats_matcher>` to the bootstrap config for
  granular control of stat instantiation.
* **stream**: added ``downstreamDirectRemoteAddress`` to ``StreamInfo``.
* **stream**: renamed ``perRequestState`` to ``filterState`` in ``StreamInfo``.
* **stream**: renamed the ``RequestInfo`` namespace to ``StreamInfo`` to better match its behaviour within TCP and HTTP
  implementations.
* **thrift_proxy**: introduced thrift rate limiter filter.
* **tls**: added ssl.curves.<curve>, ssl.sigalgs.<sigalg> and ssl.versions.<version> to :ref:`listener metrics
  <v1.9:config_listener_stats>` to track TLS algorithms and versions in use.
* **tls**: added support for :ref:`client-side session resumption <v1.9:envoy_api_field_auth.UpstreamTlsContext.max_session_keys>`.
* **tls**: added support for :ref:`multiple server TLS certificates <v1.9:arch_overview_ssl_cert_select>`.
* **tls**: added support for :ref:`password encrypted private keys <v1.9:envoy_api_field_auth.TlsCertificate.password>`.
* **tls**: added support for CRLs in :ref:`trusted_ca <v1.9:envoy_api_field_auth.CertificateValidationContext.trusted_ca>`.
* **tls**: added the ability to build :ref:`BoringSSL FIPS <v1.9:arch_overview_ssl_fips>` using ``--define boringssl=fips`` Bazel
  option.
* **tls**: removed support for ECDSA certificates with curves other than P-256.
* **tls**: removed support for RSA certificates with keys smaller than 2048-bits.
* **tracing**: added support for :ref:`Datadog <v1.9:arch_overview_tracing>` tracer.
* **tracing**: added support to the Zipkin tracer for the :ref:`b3 <v1.9:config_http_conn_man_headers_b3>` single header format.
* **upstream**: added :ref:`scale_locality_weight <v1.9:envoy_api_field_Cluster.LbSubsetConfig.scale_locality_weight>` to enable scaling
  locality weights by number of hosts removed by subset lb predicates.
* **upstream**: changed how load calculation for :ref:`priority levels <v1.9:arch_overview_load_balancing_priority_levels>` and :ref:`panic
  thresholds <v1.9:arch_overview_load_balancing_panic_threshold>` interact. As long as normalized total health is 100% panic
  thresholds are disregarded.
* **upstream**: changed the default hash for :ref:`ring hash <v1.9:envoy_api_msg_Cluster.RingHashLbConfig>` from std::hash to `xxHash
  <https://github.com/Cyan4973/xxHash>`_.
* **upstream**: when using active health checking and STRICT_DNS with several addresses that resolve to the same hosts, Envoy will now
  health check each host independently.








Deprecated
----------


* **api**: Use of the v1 ``REST_LEGACY`` ``ApiConfigSource`` is deprecated.
* **filters**: Order of execution of the HTTP encoder filter chain has been reversed. Prior to this release cycle it was incorrect, see
  `#4599 <https://github.com/envoyproxy/envoy/issues/4599>`_. In the 1.9.0 release cycle we introduced
  ``bugfix_reverse_encode_order`` in `http_connection_manager.proto
  <https://github.com/envoyproxy/envoy/blob/main/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto>`_
  to temporarily support both old and new behaviors. Note this boolean field is deprecated.
* **filters**: Order of execution of the network write filter chain has been reversed. Prior to this release cycle it was incorrect,
  see `#4599 <https://github.com/envoyproxy/envoy/issues/4599>`_. In the 1.9.0 release cycle we introduced
  ``bugfix_reverse_write_filter_order`` in `lds.proto
  <https://github.com/envoyproxy/envoy/blob/main/api/envoy/api/v2/lds.proto>`_ to temporarily support both old and new
  behaviors. Note this boolean field is deprecated.
* **hcm**: Use of buffer filter ``max_request_time`` is deprecated in favor of the request timeout found in `HttpConnectionManager
  <https://github.com/envoyproxy/envoy/blob/main/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto>`_.
* **load_balancing**: Use of std::hash in the ring hash load balancer is deprecated.
* **rate_limiting**: Use of ``rate_limit_service`` configuration in the `bootstrap configuration
  <https://github.com/envoyproxy/envoy/blob/main/api/envoy/config/bootstrap/v2/bootstrap.proto>`_ is deprecated.
* **routing**: Use of ``runtime_key`` in ``RequestMirrorPolicy``, found in `route.proto
  <https://github.com/envoyproxy/envoy/blob/main/api/envoy/api/v2/route/route.proto>`_ is deprecated. Set the
  ``runtime_fraction`` field instead.