1.24.0 (Pending)

Incompatible behavior changes

Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required

  • build: official released binary is now built on Ubuntu 20.04, requires glibc >= 2.30.

  • http: Envoy no longer adds content-length: 0 header when proxying UPGRADE requests without content-length and transfer-encoding headers. This behavior change can be reverted by setting the envoy.reloadable_features.http_skip_adding_content_length_to_upgrade runtime flag to false.

  • tls: Change TLS and QUIC transport sockets to support asynchronous cert validation extension. This behavior change can be reverted by setting runtime guard envoy.reloadable_features.tls_async_cert_validation to false.

Minor behavior changes

Changes that may cause incompatibilities for some users, but should not for most

  • prometheus_stats: removed blank line for being compatible with OpenMetrics.

  • resource_monitors: changed behavior of the fixed heap monitor to count pages allocated to TCMalloc as free memory if it’s not used by Envoy. This change can be reverted temporarily by setting the runtime guard envoy.reloadable_features.do_not_count_mapped_pages_as_free to true.

Bug fixes

Changes expected to improve the state of the world and are unlikely to have negative effects

  • listener: fixed a bug that doesn’t handle of an update for a listener with IPv4-mapped address correctly, and that will lead to a memory leak.

  • transport_socket: fixed a bug that prevented the tcp stats to be retrieved when running on kernels different than the kernel where Envoy was built.

Removed config or runtime

Normally occurs at the end of the deprecation period

  • auto_config: removed envoy.reloadable_features.correctly_validate_alpn and legacy code paths.

  • grpc: remove envoy.reloadable_features.enable_grpc_async_client_cache and legacy code paths.

  • hcm: removed envoy.reloadable_features.handle_stream_reset_during_hcm_encoding and legacy code paths.

  • http: removed envoy.reloadable_features.http2_allow_capacity_increase_by_settings and legacy code paths.

  • http: removed envoy.reloadable_features.proxy_120_103 and legacy code paths.

  • http: removed envoy.reloadable_features.sanitize_http_header_referer and legacy code paths.

  • lightstep: removed the Lightstep tracer integration, making way for the native OpenTelemetry integration.

  • listener: removed envoy.reloadable_features.internal_address and legacy code paths.

  • router: removed envoy.reloadable_features.update_expected_rq_timeout_on_retry and legacy code paths.

New features

  • access_log: added support for number values in substitution format string in json_format.

  • access_log: updated command operator %GRPC_STATUS% to suppoprt the snake case.

  • admin: added new /heap_dump endpoint to dump heap profile of Envoy.

  • build: official released binary is now built on Ubuntu 20.04, requires glibc >= 2.30.

  • cors: added support for cors PNA. This behavioral change can be temporarily reverted by setting runtime guard envoy_reloadable_features_cors_private_network_access to false. More details refer to https://developer.chrome.com/blog/private-network-access-preflight.

  • dns_resolver: added DNS stats for c-ares DNS resolver. Detailed documentation is available here.

  • gzip: added support for max_inflate_ratio.

  • health check: added method support to configure http health check http method.

  • http: added default-false envoy.reloadable_features.http1_use_balsa_parser for experimental BalsaParser.

  • http: added the expected receive payload check for HTTP health check. Added response_buffer_size to configure the maximum HTTP health check response buffer size.

  • listener: added multiple listening addresses in single listener. listener additional addresses.

  • listener: expose the implementation of internal listener in xDS API.

  • lua: added stats for lua filter, please see lua filter stats.

  • ratelimit: add support for adding response headers to rate-limited responses.

  • thrift: added stats for downstream connection close to detect SR drop.

  • upstream: added a filter state object to control the destination address in ORIGINAL_DST clusters.