1.25.0 (January 18, 2023)
Incompatible behavior changes
Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required
build: moved the
edsclusters to extensions. If you use these clusters and override
extensions_build_config.bzlyou will now need to include it explicitly.
build: removed the c-ares and apple resolvers as required extensions. Envoy now only creates DNS resolvers when necessary (e.g. for logical DNS cluster); as such, it does not require these resolvers to always be included. If your Envoys do DNS resolution and override
extensions_build_config.bzlyou will need to include c-ares / apple resolver explicitly.
listener: Previously a listener update with different transparent, freebind, tcp_fast_open_queue_length or socket_options was ignored. Now, when those fields are updated, a new socket will be created for the listener and the updated values of those fields will be applied to it. This only happens when enable_reuse_port is true. Otherwise if those fields change the update is rejected. The runtime flag
envoy.reloadable_features.enable_update_listener_socket_optionscan be used to revert this behavior.
loadbalancing: When active health checking is enabled per cluster, slow start calculations will now start after first passing health check. The cluster membership duration condition is dropped from the slow start calculation. Endpoints can now re-enter slow start if active health checking is configured per cluster, on each
stats http ext_authz: Fixed
ext_authzmetric tag extraction so that stat_prefix is properly extracted. This changes the Prometheus name from
envoy_cluster_X_ext_authz_Y_deniedfollows the same pattern.
Minor behavior changes
Changes that may cause incompatibilities for some users, but should not for most
cache_filter: add a completion callback to
updateHeadersinterface. Any external cache implementations should be updated to match this new interface. See changes to simple_http_cache in PR #23666 for example.
cache_filter: api path of work-in-progress extension changed from
api/extensions/http/cache/simple_http_cache, and source code moved to match extension category.
config: add support for thrift connection draining. This can be disabled by setting the runtime guard
http: reverted the behavioral change to have
CONNECTand upgrade requests over HTTP/1.1 not delay close. One can reinstate delay close for upgrades by setting
http filter: Avoid re-entrant filter invocations if we do a local reply via the filter chain when executing decoder filters. This behavioral change can be temporarily reverted by setting runtime flag
http filters: change
StreamEncoderFilter::encode1xxHeadersto use its own enum class
Http::Filter1xxHeadersStatus. Previously we shared the same enum class for general headers, but the implementation did not support most of them. We also fixed
StreamEncoderFilter::encode1xxHeadersto send local replies without trailing 1xx headers afterward.
jwt_authn: adjust the refetch time for
async_fetchfeature. For a good fetch, refetch 5 seconds before jwks cache duration. For a failed fetch, refetch time can be specified by failed_refetch_duration with default 1 second.
oauth2: Requests which match the passthrough header now have their own metric
oauth_passthroughand aren’t included in
oauth2: query parameters in the authorization_endpoint are now preserved.
YEARto the unit of time for rate limit.
router: Virtual cluster statistics are no longer created for routes without any
virtual_clusters. Previously statistics for a
catch allvirtual cluster were created, but never updated.
tcp: added idle_timeout to support per client idle timeout for tcp connection pool. The timeout is guarded by
envoy.reloadable_features.tcp_pool_idle_timeoutand timeout defaults to 10 minutes if runtime flag is enabled.
tls: added support for intermediate CA as trusted CA. The peer certificate issued by an intermediate CA will be trusted by building valid partial chain. Before, it could not be verified without trusting its ancestor root CA and building a full chain. trust_ca. This change can be reverted via the runtime flag
upstream: detailed health status is used for override host selection. This behavior can be reverted by setting runtime flag
Changes expected to improve the state of the world and are unlikely to have negative effects
aws_lambda: fix a bug when PerRouteConfig is defined and was routing to a target cluster’s AWS Lambda endpoint in a region that is different from the region obtained in arn of
http_filterconfiguration then the authorization header included in the request towards AWS Lambda was not signed with the region specified in
generic_proxy: fixed a bug that encoder filters and decoder filters of generic proxy will be executed in the same order. The encoder filters’ execuate order should be the reverse of decoder filters’ in the generic proxy.
grpc_http_bridge: fixed a bug where response data could be lost for requests that were upgraded from Protobuf.
grpc_json_transcoder: fix a bug when using http2, request body has
google.api.HttpBodyand the size is < 16KB, it will cause EOF from the backend grpc server.
health_checker: prevent writing pending data for health checkers by introducing
ConnectionCloseType::Abortto avoid cascading handshake overhead from health checker’s requests on timeout. This fix is related to issue #23718.
http: fixed a bug where
Utility::PercentEncoding::encode()encodes some characters incorrectly because it was treating the value as negative.
jwt_authn: fix a bug that
jwt_cachebreaks the provider_and_audiences JWT requirement.
oauth2: fixed a bug when passthrough header was matched, envoy would always remove the authorization header. This behavioral change can be temporarily reverted by setting runtime guard
quic: reject configs that specify require_client_certificate with QUIC since clients certificates are currently unsupported in QUIC. This behavioral change can be temporarily reverted by setting runtime guard
router: fixed a bug that incorrectly rewrote the path when using
regex_rewritefor redirects matched on prefix.
router: fixed a bug that truncated query parameters from paths rewritten with a
path_rewrite_policy, query parameters are now appended.
envoy_reloadable_features_append_query_parameters_path_rewritercan be used to revert to truncation.
skywalking: fixed a crash that could happen when skywalking tracer is enabled and illegal
sw8header is received.
tcp_proxy: When tunneling TCP over HTTP, mark the upstream connection as done reading when upstream trailers are read. This behavioral change can be temporarily reverted by setting runtime guard
upstream: fixed a bug for tcp upstream where we did not count the header and data to/from the upstream.
upstream: fixed a bug that only coarse health status is used for override host selection.
upstream: fixed a bug when specify both a single address in bootstrap and cluster upstream binding config but with a different IP version. It should be allowed but it is rejected.
validation: fixed a crash that could happen when optional
engine_typeis not provided in regex.
Removed config or runtime
Normally occurs at the end of the deprecation period
envoy.reloadable_features.top_level_ecds_statsand legacy code paths.
envoy.reloadable_features.support_locality_update_on_eds_cluster_endpointsand legacy code paths.
envoy.reloadable_features.allow_adding_content_type_in_local_repliesand legacy code paths.
envoy.reloadable_features.allow_upstream_inline_writeand legacy code paths.
envoy.reloadable_features.append_or_truncateand legacy code paths.
envoy.reloadable_features.deprecate_global_intsand legacy code paths.
envoy.reloadable_features.http_100_continue_case_insensitiveand legacy code paths. removed
envoy.reloadable_features.override_request_timeout_by_gateway_timeoutand legacy code paths.
envoy.reloadable_features.skip_delay_closeand legacy code paths.
envoy.reloadable_features.use_new_codec_wrapperand legacy code paths. removed
envoy.reloadable_features.append_to_accept_content_encoding_only_onceand legacy code paths. removed
envoy.reloadable_features.http1_lazy_read_disableand legacy code paths.
envoy.reloadable_features.strict_check_on_ipv4_compatand legacy code paths.
envoy.reloadable_features.do_not_await_headers_on_upstream_timeout_to_emit_statsand legacy code paths.
access_log: added a new field intermediate_log_entry to detect if the gRPC log entry is an intermediate log entry or not and added support to flush TCP log entries periodly according to the configured inteval.
access_log: added support for %STREAM_ID% for stream unique identifier.
attributes: added attributes for looking up xDS configuration information.
aws: added support to prefer fetching AWS instance role credentials securely (IMDSv2) from EC2 instance metadata by getting the token first or falling back to insecure way (IMDSv1) if token fetch fails.
bandwidth_limit: added two new response trailers
bandwidth-response-filter-delay-msto measure the delays added by this filter.
build: added an option
--define=library_autolink=disabledto disable autolinking libraries.
build: added compile-time option
--define=static_extension_registration=disabledto disable the automatic static registration of extension factories.
compression: added CompressorPerRoute proto for per-route configuration.
custom response http filter: added custom response http filter which adds the ability to customize responses sent to downstreams using local or remote sources.
ext_authz: added support to allowlist headers included in the check request to gRPC authorization server (previously only available for HTTP authorization server). Pre-existing field allowed_headers is deprecated in favour of the new field allowed_headers.
gcp_authn: added support for configuring header that holds token fetched from GCE metadata server in new field token_header.
generic_proxy: added generic rds support.
generic_proxy: added drain support to generic proxy to doing graceful closes on connections when possible.
golang: added new HTTP golang extension filter.
max_response_body_sizefields, which can either increase or decrease the size of messages that can be processed. It can increase (but does not decrease) the stream buffer size, and can reject messages even if they’re smaller than the stream buffer size if configured smaller.
health_check: added an optional bool flag disable_active_health_check to disable the active health check for the endpoint.
http: added append_x_forwarded_port to append the
x-forwarded-portheader to HTTP upstream requests.
http: enhanced dynamic forward proxy cluster to allow_coalesced_connections for HTTP/2 and HTTP/3 connections.
jwt_authn: added support for copying jwt claims to http headers.
dispatcher()methods to the
ListenerFilterCallback. This allows listener filters to continue listener filter iteration after stopping iteration e.g. if the listener filter depends on an async process.
listener: added a new field socket_options to the
AdditionalAddress, allowing specifying discrete socket options for each listener address.
matching: support filter chain selection based on the dynamic metadata and the filter state using formatter actions.
mobile: merged the Envoy mobile library into the main Envoy repo.
postgres: added support for upstream SSL.
Stats::SinkPredicatesto filter histograms to be flushed to stat sinks. Use
envoy.reloadable_features.enable_include_histogramsto enable this feature, which is disabled by default.
tcp_proxy: added new config post_path field to specifiy a custom path for HTTP tunneling with POST method.
thrift: added payload to metadata filter which matches a given payload field’s value would be extracted and attached to the request as dynamic metadata.
envoy.reloadable_features.thrift_allow_negative_field_idsto support negative field ids for legacy thrift service.
tls: added support for SNI-based cert selection in tls downstream transport socket. Detailed documentation is available cert selection. New config option full_scan_certs_on_sni_mismatch is introduced to disable or enable full scan when no cert matches to SNI, defaults to false. New runtime flag
envoy.reloadable_features.no_full_scan_certs_on_sni_mismatchcan be used for override the default value.
tracing: added support for setting the hostname used when sending spans to a Datadog collector using the collector_hostname field.
udp_proxy: added support for proxy_access_log.
upstream: added a new field socket_options to the
ExtraSourceAddress, allowing specifying discrete socket options for each source address.
upstream: allow configuring cluster bind config and cluster manager bind config without specifying a source_address. This allows setting socket options when using the default unspecified bind address is desired.
xds: added an api configuration xds_config_tracker_extension in the bootstrap to allow tracking xDS responses in external components, and provided the extension interface.