Version history

1.7.0 (Pending)

  • access log: ability to log response trailers
  • access log: ability to format START_TIME
  • access log: added DYNAMIC_METADATA access log formatter.
  • access log: added HeaderFilter to filter logs based on request headers
  • admin: added GET /config_dump for dumping the current configuration and associated xDS version information (if applicable).
  • admin: added GET /stats/prometheus as an alternative endpoint for getting stats in prometheus format.
  • admin: added /runtime_modify endpoint to add or change runtime values
  • admin: mutations must be sent as POSTs, rather than GETs. Mutations include: POST /cpuprofiler, POST /healthcheck/fail, POST /healthcheck/ok, POST /logging, POST /quitquitquit, POST /reset_counters, POST /runtime_modify?key1=value1&key2=value2&keyN=valueN,
  • admin: removed /routes endpoint; route configs can now be found at the /config_dump endpoint.
  • buffer filter: the buffer filter can be optionally disabled or overridden with route-local configuration.
  • cli: added –config-yaml flag to the Envoy binary. When set its value is interpreted as a yaml representation of the bootstrap config and overrides –config-path.
  • cluster: Add option to close tcp_proxy upstream connections when health checks fail.
  • cluster: Add option to drain connections from hosts after they are removed from service discovery, regardless of health status.
  • cluster: fixed bug preventing the deletion of all endpoints in a priority
  • health check: added ability to set additional HTTP headers for HTTP health check.
  • health check: added support for EDS delivered endpoint health status.
  • health check: added interval overrides for health state transitions from healthy to unhealthy, unhealthy to healthy and for subsequent checks on unhealthy hosts.
  • health check http filter: added generic header matching to trigger health check response. Deprecated the endpoint option.
  • health check: added support for custom health check.
  • http: filters can now optionally support virtual host, route, and weighted cluster local configuration.
  • http: added the ability to pass DNS type Subject Alternative Names of the client certificate in the x-forwarded-client-cert header.
  • http: local responses to gRPC requests are now sent as trailers-only gRPC responses instead of plain HTTP responses. Notably the HTTP response code is always “200” in this case, and the gRPC error code is carried in “grpc-status” header, optionally accompanied with a text message in “grpc-message” header.
  • listeners: added tcp_fast_open_queue_length option.
  • listeners: added the ability to match FilterChain using application_protocols (e.g. ALPN for TLS protocol).
  • listeners: removed restriction on all filter chains having identical filters.
  • load balancing: added weighted round robin support. The round robin scheduler now respects endpoint weights and also has improved fidelity across picks.
  • load balancer: Locality weighted load balancing is now supported.
  • load balancer: ability to configure zone aware load balancer settings through the API
  • logger: added the ability to optionally set the log format via the --log-format option.
  • logger: all logging levels can be configured at run-time: trace debug info warning error critical.
  • router: The behavior of per-try timeouts have changed in the case where a portion of the response has already been proxied downstream when the timeout occurs. Previously, the response would be reset leading to either an HTTP/2 reset or an HTTP/1 closed connection and a partial response. Now, the timeout will be ignored and the response will continue to proxy up to the global request timeout.
  • sockets: added capture transport socket extension to support recording plain text traffic and PCAP generation.
  • sockets: added IP_FREEBIND socket option support for listeners and upstream connections via cluster manager wide and cluster specific options.
  • sockets: added IP_TRANSPARENT socket option support for listeners.
  • sockets: added SO_KEEPALIVE socket option for upstream connections per cluster.
  • stats: added support for histograms.
  • stats: added option to configure the statsd prefix
  • stats: updated stats sink interface to flush through a single call.
  • tls: removed support for legacy SHA-2 CBC cipher suites.
  • tracing: the sampling decision is now delegated to the tracers, allowing the tracer to decide when and if to use it. For example, if the x-b3-sampled header is supplied with the client request, its value will override any sampling decision made by the Envoy proxy.
  • websocket: support configuring idle_timeout and max_connect_attempts.

1.6.0 (March 20, 2018)

1.5.0 (December 4, 2017)

1.4.0 (August 24, 2017)

1.3.0 (May 17, 2017)

  • As of this release, we now have an official breaking change policy. Note that there are numerous breaking configuration changes in this release. They are not listed here. Future releases will adhere to the policy and have clear documentation on deprecations and changes.
  • Bazel is now the canonical build system (replacing CMake). There have been a huge number of changes to the development/build/test flow. See /bazel/ and /ci/ for more information.
  • Outlier detection has been expanded to include success rate variance, and all parameters are now configurable in both runtime and in the JSON configuration.
  • TCP level listener and cluster connections now have configurable receive buffer limits at which point connection level back pressure is applied. Full end to end flow control will be available in a future release.
  • Redis health checking has been added as an active health check type. Full Redis support will be documented/supported in 1.4.0.
  • TCP health checking now supports a “connect only” mode that only checks if the remote server can be connected to without writing/reading any data.
  • BoringSSL is now the only supported TLS provider. The default cipher suites and ECDH curves have been updated with more modern defaults for both listener and cluster connections.
  • The header value match rate limit action has been expanded to include an expect match parameter.
  • Route level HTTP rate limit configurations now do not inherit the virtual host level configurations by default. The include_vh_rate_limits to inherit the virtual host level options if desired.
  • HTTP routes can now add request headers on a per route and per virtual host basis via the request_headers_to_add option.
  • The example configurations have been refreshed to demonstrate the latest features.
  • per_try_timeout_ms can now be configured in a route’s retry policy in addition to via the x-envoy-upstream-rq-per-try-timeout-ms HTTP header.
  • HTTP virtual host matching now includes support for prefix wildcard domains (e.g., *
  • The default for tracing random sampling has been changed to 100% and is still configurable in runtime.
  • HTTP tracing configuration has been extended to allow tags to be populated from arbitrary HTTP headers.
  • The HTTP rate limit filter can now be applied to internal, external, or all requests via the request_type option.
  • Listener binding now requires specifying an address field. This can be used to bind a listener to both a specific address as well as a port.
  • The MongoDB filter now emits a stat for queries that do not have $maxTimeMS set.
  • The MongoDB filter now emits logs that are fully valid JSON.
  • The CPU profiler output path is now configurable.
  • A watchdog system has been added that can kill the server if a deadlock is detected.
  • A route table checking tool has been added that can be used to test route tables before use.
  • We have added an example repo that shows how to compile/link a custom filter.
  • Added additional cluster wide information related to outlier detection to the /clusters admin endpoint.
  • Multiple SANs can now be verified via the verify_subject_alt_name setting. Additionally, URI type SANs can be verified.
  • HTTP filters can now be passed opaque configuration specified on a per route basis.
  • By default Envoy now has a built in crash handler that will print a back trace. This behavior can be disabled if desired via the --define=signal_trace=disabled Bazel option.
  • Zipkin has been added as a supported tracing provider.
  • Numerous small changes and fixes not listed here.

1.2.0 (March 7, 2017)

1.1.0 (November 30, 2016)

1.0.0 (September 12, 2016)

Initial open source release.