Version history

1.9.0 (pending)

  • access log: added a JSON logging mode to output access logs in JSON format.
  • access log: added dynamic metadata to access log messages streamed over gRPC.
  • admin: added support for displaying subject alternate names in certs end point.
  • admin: GET /server_info now responds with a JSON object instead of a single string.
  • admin: added support for displaying command line options in GET /server_info end point.
  • circuit-breaker: added cx_open, rq_pending_open, rq_open and rq_retry_open gauges to expose live state via circuit breakers statistics.
  • cluster: set a default of 1s for option.
  • config: removed support for the v1 API.
  • config: added support for rate limiting discovery request calls.
  • cors: added :ref: invalid/valid stats <cors-statistics> to filter.
  • ext-authz: added support for providing per route config - optionally disable the filter and provide context extensions.
  • fault: removed integer percentage support.
  • health check: Added :ref: ‘logging health check failure events <envoy_api_field_core.HealthCheck.always_log_health_check_failures>’.
  • http: Added HTTP/2 WebSocket proxying via extended CONNECT
  • http: added limits to the number and length of header modifications in all fields request_headers_to_add and response_headers_to_add. These limits are very high and should only be used as a last-resort safeguard.
  • http: added support for a request timeout. The timeout is disabled by default.
  • http: no longer adding whitespace when appending X-Forwarded-For headers. Warning: this is not compatible with 1.7.0 builds prior to 9d3a4eb4ac44be9f0651fcc7f87ad98c538b01ee. See #3611 for details.
  • http: augmented the sendLocalReply filter API to accept an optional GrpcStatus value to override the default HTTP to gRPC status mapping.
  • http: no longer close the TCP connection when a HTTP/1 request is retried due to a response with empty body.
  • load balancer: added a configuration <envoy_api_msg_Cluster.LeastRequestLbConfig> option to specify the number of choices made in P2C.
  • network: removed the reference to FilterState in Connection in favor of StreamInfo.
  • logging: added missing [ in log prefix.
  • rate-limit: added configuration to specify whether the GrpcStatus status returned should be RESOURCE_EXHAUSTED or UNAVAILABLE when a gRPC call is rate limited.
  • rate-limit: removed support for the legacy ratelimit service and made the data-plane-api rls.proto based implementation default.
  • rbac: added dynamic metadata to the network level filter.
  • rbac: added support for permission matching by requested server name.
  • redis: static cluster configuration is no longer required. Redis proxy will work with clusters delivered via CDS.
  • router: added ability to configure arbitrary retriable status codes.
  • router: added ability to set attempt count in upstream requests, see virtual host’s include request attempt count flag.
  • router: added internal grpc-retry-on policy.
  • router: added scheme_redirect and port_redirect to define the respective scheme and port rewriting RedirectAction
  • router: when max_grpc_timeout is set, Envoy will now add or update the grpc-timeout header to reflect Envoy’s expected timeout.
  • router: per try timeouts now starts when an upstream stream is ready instead of when the request has been fully decoded by Envoy.
  • router: added support for not retrying rate limited requests. Rate limit filter now sets the x-envoy-ratelimited header so the rate limited requests that may have been retried earlier will not be retried with this change.
  • stats: added stats_matcher to the bootstrap config for granular control of stat instantiation.
  • stream: renamed the RequestInfo namespace to StreamInfo to better match its behaviour within TCP and HTTP implementations.
  • stream: renamed perRequestState to filterState in StreamInfo.
  • thrift_proxy: introduced thrift rate limiter filter
  • tls: add support for CRLs in trusted_ca.
  • tracing: added support to the Zipkin tracer for the b3 single header format.
  • tracing: added support for Datadog tracer.
  • upstream: changed how load calculation for priority levels and panic thresholds interact. As long as normalized total health is 100% panic thresholds are disregarded.
  • upstream: changed the default hash for ring hash from std::hash to xxHash.

1.8.0 (Oct 4, 2018)

  • access log: added response flag filter to filter based on the presence of Envoy response flags.
  • access log: added RESPONSE_DURATION and RESPONSE_TX_DURATION.
  • access log: added REQUESTED_SERVER_NAME for SNI to tcp_proxy and http
  • admin: added GET /hystrix_event_stream as an endpoint for monitoring envoy’s statistics through Hystrix dashboard.
  • cli: Added support for component log level command line option for configuring log levels of individual components.
  • cluster: added option to merge health check/weight/metadata updates within the given duration.
  • config: regex validation added to limit to a maximum of 1024 characters.
  • config: v1 disabled by default. v1 support remains available until October via flipping –v2-config-only=false.
  • config: v1 disabled by default. v1 support remains available until October via deprecated flag –allow-deprecated-v1-api.
  • config: Fixed stat inconsistency between xDS and ADS implementation. update_failure stat is incremented in case of network failure and update_rejected stat is incremented in case of schema/validation error.
  • config: Added a stat connected_state that indicates current connected state of Envoy with management server.
  • ext_authz: added support for configuring additional authorization headers to be sent from Envoy to the authorization service.
  • fault: added support for fractional percentages in FaultDelay and in FaultAbort.
  • grpc-json: added support for building HTTP response from google.api.HttpBody.
  • health check: added support for custom health check.
  • health check: added support for specifying jitter as a percentage.
  • health_check: added support for health check event logging.
  • health_check: added timestamp to the health check event definition.
  • health_check: added support for specifying custom request headers to HTTP health checker requests.
  • http: added support for a per-stream idle timeout. This applies at both connection manager and per-route granularity. The timeout defaults to 5 minutes; if you have other timeouts (e.g. connection idle timeout, upstream response per-retry) that are longer than this in duration, you may want to consider setting a non-default per-stream idle timeout.
  • http: added upstream_rq_completed counter for total requests completed to dynamic HTTP counters.
  • http: added downstream_rq_completed counter for total requests completed, including on a per-listener basis.
  • http: added generic Upgrade support.
  • http: better handling of HEAD requests. Now sending transfer-encoding: chunked rather than content-length: 0.
  • http: fixed missing support for appending to predefined inline headers, e.g. authorization, in features that interact with request and response headers, e.g. request_headers_to_add. For example, a request header authorization: token1 will appear as authorization: token1,token2, after having request_headers_to_add with authorization: token2 applied.
  • http: response filters not applied to early error paths such as http_parser generated 400s.
  • http: restrictions added to reject :-prefixed pseudo-headers in custom request headers.
  • http: hpack_table_size now controls dynamic table size of both: encoder and decoder.
  • http: added support for removing request headers using request_headers_to_remove.
  • http: added support for a delayed close timeout to mitigate race conditions when closing connections to downstream HTTP clients. The timeout defaults to 1 second.
  • jwt-authn filter: add support for per route JWT requirements.
  • listeners: added the ability to match FilterChain using destination_port and prefix_ranges.
  • lua: added connection() wrapper and ssl() API.
  • lua: added streamInfo() wrapper and protocol() API.
  • lua: added streamInfo():dynamicMetadata() API.
  • network: introduced sni_cluster network filter that forwards connections to the upstream cluster specified by the SNI value presented by the client during a TLS handshake.
  • proxy_protocol: added support for HAProxy Proxy Protocol v2 (AF_INET/AF_INET6 only).
  • ratelimit: added support for api/envoy/service/ratelimit/v2/rls.proto. Lyft’s reference implementation of the ratelimit service also supports the data-plane-api proto as of v1.1.0. Envoy can use either proto to send client requests to a ratelimit server with the use of the use_data_plane_proto boolean flag in the ratelimit configuration. Support for the legacy proto source/common/ratelimit/ratelimit.proto is deprecated and will be removed at the start of the 1.9.0 release cycle.
  • ratelimit: added failure_mode_deny option to control traffic flow in case of rate limit service error.
  • rbac config: added a principal_name field and removed the old name field to give more flexibility for matching certificate identity.
  • rbac network filter: a role-based access control network filter has been added.
  • rest-api: added ability to set the request timeout for REST API requests.
  • route checker: Added v2 config support and removed support for v1 configs.
  • router: added ability to set request/response headers at the route.Route level.
  • stats: added option to configure the DogStatsD metric name prefix to DogStatsdSink.
  • tcp_proxy: added support for weighted clusters.
  • thrift_proxy: introduced thrift routing, moved configuration to correct location
  • thrift_proxy: introduced thrift configurable decoder filters
  • tls: implemented Secret Discovery Service.
  • tracing: added support for configuration of tracing sampling.
  • upstream: added configuration option to the subset load balancer to take locality weights into account when selecting a host from a subset.
  • upstream: require opt-in to use the x-envoy-orignal-dst-host header for overriding destination address when using the Original Destination load balancing policy.

1.7.0 (Jun 21, 2018)

  • access log: added ability to log response trailers.
  • access log: added ability to format START_TIME.
  • access log: added DYNAMIC_METADATA access log formatter.
  • access log: added HeaderFilter to filter logs based on request headers.
  • access log: added %([1-9])?f as one of START_TIME specifiers to render subseconds.
  • access log: gRPC Access Log Service (ALS) support added for HTTP access logs.
  • access log: improved WebSocket logging.
  • admin: added GET /config_dump for dumping the current configuration and associated xDS version information (if applicable).
  • admin: added GET /clusters?format=json for outputing a JSON-serialized proto detailing the current status of all clusters.
  • admin: added GET /stats/prometheus as an alternative endpoint for getting stats in prometheus format.
  • admin: added /runtime_modify endpoint to add or change runtime values.
  • admin: mutations must be sent as POSTs, rather than GETs. Mutations include: POST /cpuprofiler, POST /healthcheck/fail, POST /healthcheck/ok, POST /logging, POST /quitquitquit, POST /reset_counters, POST /runtime_modify?key1=value1&key2=value2&keyN=valueN.
  • admin: removed /routes endpoint; route configs can now be found at the /config_dump endpoint.
  • buffer filter: the buffer filter can be optionally disabled or overridden with route-local configuration.
  • cli: added –config-yaml flag to the Envoy binary. When set its value is interpreted as a yaml representation of the bootstrap config and overrides –config-path.
  • cluster: added option to close tcp_proxy upstream connections when health checks fail.
  • cluster: added option to drain connections from hosts after they are removed from service discovery, regardless of health status.
  • cluster: fixed bug preventing the deletion of all endpoints in a priority
  • debug: added symbolized stack traces (where supported)
  • ext-authz filter: added support to raw HTTP authorization.
  • ext-authz filter: added support to gRPC responses to carry HTTP attributes.
  • grpc: support added for the full set of Google gRPC call credentials.
  • gzip filter: added stats to the filter.
  • gzip filter: sending accept-encoding header as identity no longer compresses the payload.
  • health check: added ability to set additional HTTP headers for HTTP health check.
  • health check: added support for EDS delivered endpoint health status.
  • health check: added interval overrides for health state transitions from healthy to unhealthy, unhealthy to healthy and for subsequent checks on unhealthy hosts.
  • health check: added support for custom health check.
  • health check: health check connections can now be configured to use http/2.
  • health check http filter: added generic header matching to trigger health check response. Deprecated the endpoint option.
  • http: filters can now optionally support virtual host, route, and weighted cluster local configuration.
  • http: added the ability to pass DNS type Subject Alternative Names of the client certificate in the x-forwarded-client-cert header.
  • http: local responses to gRPC requests are now sent as trailers-only gRPC responses instead of plain HTTP responses. Notably the HTTP response code is always “200” in this case, and the gRPC error code is carried in “grpc-status” header, optionally accompanied with a text message in “grpc-message” header.
  • http: added support for via header append.
  • http: added a configuration option to elide x-forwarded-for header modifications.
  • http: fixed a bug in inline headers where addCopy and addViaMove didn’t add header values when encountering inline headers with multiple instances.
  • listeners: added tcp_fast_open_queue_length option.
  • listeners: added the ability to match FilterChain using application_protocols (e.g. ALPN for TLS protocol).
  • listeners: sni_domains has been deprecated/renamed to server_names.
  • listeners: removed restriction on all filter chains having identical filters.
  • load balancer: added weighted round robin support. The round robin scheduler now respects endpoint weights and also has improved fidelity across picks.
  • load balancer: locality weighted load balancing is now supported.
  • load balancer: ability to configure zone aware load balancer settings through the API.
  • load balancer: the weighted least request load balancing algorithm has been improved to have better balance when operating in weighted mode.
  • logger: added the ability to optionally set the log format via the --log-format option.
  • logger: all logging levels can be configured at run-time: trace debug info warning error critical.
  • rbac http filter: a role-based access control http filter has been added.
  • router: the behavior of per-try timeouts have changed in the case where a portion of the response has already been proxied downstream when the timeout occurs. Previously, the response would be reset leading to either an HTTP/2 reset or an HTTP/1 closed connection and a partial response. Now, the timeout will be ignored and the response will continue to proxy up to the global request timeout.
  • router: changed the behavior of source IP routing to ignore the source port.
  • router: added an prefix_match match type to explicitly match based on the prefix of a header value.
  • router: added an suffix_match match type to explicitly match based on the suffix of a header value.
  • router: added an present_match match type to explicitly match based on a header’s presence.
  • router: added an invert_match config option which supports inverting all other match types to match based on headers which are not a desired value.
  • router: allow cookie routing to generate session cookies.
  • router: added START_TIME as one of supported variables in header formatters.
  • router: added a max_grpc_timeout config option to specify the maximum allowable value for timeouts decoded from gRPC header field grpc-timeout.
  • router: added a configuration option to disable x-envoy- header generation.
  • router: added ‘unavailable’ to the retriable gRPC status codes that can be specified through x-envoy-retry-grpc-on.
  • sockets: added capture transport socket extension to support recording plain text traffic and PCAP generation.
  • sockets: added IP_FREEBIND socket option support for listeners and upstream connections via cluster manager wide and cluster specific options.
  • sockets: added IP_TRANSPARENT socket option support for listeners.
  • sockets: added SO_KEEPALIVE socket option for upstream connections per cluster.
  • stats: added support for histograms.
  • stats: added option to configure the statsd prefix.
  • stats: updated stats sink interface to flush through a single call.
  • tls: added support for verify_certificate_spki.
  • tls: added support for multiple verify_certificate_hash values.
  • tls: added support for using verify_certificate_spki and verify_certificate_hash without trusted_ca.
  • tls: added support for allowing expired certificates with allow_expired_certificate.
  • tls: added support for renegotiation when acting as a client.
  • tls: removed support for legacy SHA-2 CBC cipher suites.
  • tracing: the sampling decision is now delegated to the tracers, allowing the tracer to decide when and if to use it. For example, if the x-b3-sampled header is supplied with the client request, its value will override any sampling decision made by the Envoy proxy.
  • websocket: support configuring idle_timeout and max_connect_attempts.
  • upstream: added support for host override for a request in Original destination host request header.
  • header to metadata: added HTTP Header to Metadata filter.

1.6.0 (March 20, 2018)

1.5.0 (December 4, 2017)

1.4.0 (August 24, 2017)

  • macOS is now supported. (A few features are missing such as hot restart and original destination routing).
  • YAML is now directly supported for config files.
  • Added /routes admin endpoint.
  • End-to-end flow control is now supported for TCP proxy, HTTP/1, and HTTP/2. HTTP flow control that includes filter buffering is incomplete and will be implemented in 1.5.0.
  • Log verbosity compile time flag added.
  • Hot restart compile time flag added.
  • Original destination cluster and load balancer added.
  • WebSocket is now supported.
  • Virtual cluster priorities have been hard removed without deprecation as we are reasonably sure no one is using this feature.
  • Route validate_clusters option added.
  • x-envoy-downstream-service-node header added.
  • x-forwarded-client-cert header added.
  • Initial HTTP/1 forward proxy support for absolute URLs has been added.
  • HTTP/2 codec settings are now configurable.
  • gRPC/JSON transcoder filter added.
  • gRPC web filter added.
  • Configurable timeout for the rate limit service call in the network and HTTP rate limit filters.
  • x-envoy-retry-grpc-on header added.
  • LDS API added.
  • TLS :require_client_certificate option added.
  • Configuration check tool added.
  • JSON schema check tool added.
  • Config validation mode added via the --mode option.
  • --local-address-ip-version option added.
  • IPv6 support is now complete.
  • UDP statsd_ip_address option added.
  • Per-cluster DNS resolvers added.
  • Fault filter enhancements and fixes.
  • Several features are deprecated as of the 1.4.0 release. They will be removed at the beginning of the 1.5.0 release cycle. We explicitly call out that the HttpFilterConfigFactory filter API has been deprecated in favor of NamedHttpFilterConfigFactory.
  • Many small bug fixes and performance improvements not listed.

1.3.0 (May 17, 2017)

  • As of this release, we now have an official breaking change policy. Note that there are numerous breaking configuration changes in this release. They are not listed here. Future releases will adhere to the policy and have clear documentation on deprecations and changes.
  • Bazel is now the canonical build system (replacing CMake). There have been a huge number of changes to the development/build/test flow. See /bazel/README.md and /ci/README.md for more information.
  • Outlier detection has been expanded to include success rate variance, and all parameters are now configurable in both runtime and in the JSON configuration.
  • TCP level listener and cluster connections now have configurable receive buffer limits at which point connection level back pressure is applied. Full end to end flow control will be available in a future release.
  • Redis health checking has been added as an active health check type. Full Redis support will be documented/supported in 1.4.0.
  • TCP health checking now supports a “connect only” mode that only checks if the remote server can be connected to without writing/reading any data.
  • BoringSSL is now the only supported TLS provider. The default cipher suites and ECDH curves have been updated with more modern defaults for both listener and cluster connections.
  • The header value match rate limit action has been expanded to include an expect match parameter.
  • Route level HTTP rate limit configurations now do not inherit the virtual host level configurations by default. Use include_vh_rate_limits to inherit the virtual host level options if desired.
  • HTTP routes can now add request headers on a per route and per virtual host basis via the request_headers_to_add option.
  • The example configurations have been refreshed to demonstrate the latest features.
  • per_try_timeout_ms can now be configured in a route’s retry policy in addition to via the x-envoy-upstream-rq-per-try-timeout-ms HTTP header.
  • HTTP virtual host matching now includes support for prefix wildcard domains (e.g., *.lyft.com).
  • The default for tracing random sampling has been changed to 100% and is still configurable in runtime.
  • HTTP tracing configuration has been extended to allow tags to be populated from arbitrary HTTP headers.
  • The HTTP rate limit filter can now be applied to internal, external, or all requests via the request_type option.
  • Listener binding now requires specifying an address field. This can be used to bind a listener to both a specific address as well as a port.
  • The MongoDB filter now emits a stat for queries that do not have $maxTimeMS set.
  • The MongoDB filter now emits logs that are fully valid JSON.
  • The CPU profiler output path is now configurable.
  • A watchdog system has been added that can kill the server if a deadlock is detected.
  • A route table checking tool has been added that can be used to test route tables before use.
  • We have added an example repo that shows how to compile/link a custom filter.
  • Added additional cluster wide information related to outlier detection to the /clusters admin endpoint.
  • Multiple SANs can now be verified via the verify_subject_alt_name setting. Additionally, URI type SANs can be verified.
  • HTTP filters can now be passed opaque configuration specified on a per route basis.
  • By default Envoy now has a built in crash handler that will print a back trace. This behavior can be disabled if desired via the --define=signal_trace=disabled Bazel option.
  • Zipkin has been added as a supported tracing provider.
  • Numerous small changes and fixes not listed here.

1.2.0 (March 7, 2017)

1.1.0 (November 30, 2016)

  • Switch from Jannson to RapidJSON for our JSON library (allowing for a configuration schema in 1.2.0).
  • Upgrade recommended version of various other libraries.
  • Configurable DNS refresh rate for DNS service discovery types.
  • Upstream circuit breaker configuration can be overridden via runtime.
  • Zone aware routing support.
  • Generic header matching routing rule.
  • HTTP/2 graceful connection draining (double GOAWAY).
  • DynamoDB filter per shard statistics (pre-release AWS feature).
  • Initial release of the fault injection HTTP filter.
  • HTTP rate limit filter enhancements (note that the configuration for HTTP rate limiting is going to be overhauled in 1.2.0).
  • Added refused-stream retry policy.
  • Multiple priority queues for upstream clusters (configurable on a per route basis, with separate connection pools, circuit breakers, etc.).
  • Added max connection circuit breaking to the TCP proxy filter.
  • Added CLI options for setting the logging file flush interval as well as the drain/shutdown time during hot restart.
  • A very large number of performance enhancements for core HTTP/TCP proxy flows as well as a few new configuration flags to allow disabling expensive features if they are not needed (specifically request ID generation and dynamic response code stats).
  • Support Mongo 3.2 in the Mongo sniffing filter.
  • Lots of other small fixes and enhancements not listed.

1.0.0 (September 12, 2016)

Initial open source release.