1.27.0 (Pending)
Incompatible behavior changes
Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required
build: Moved the subset, ring_hash, and maglev LB code into extensions. If you use these load balancers and override extensions_build_config.bzl you will need to include them explicitly.
build: Moved xDS code extensions. If you use the xDS and override extensions_build_config.bzl you will need to include the new config_subscriptions explicitly.
http: When
append_x_forwarded_host
is enabled for a given route action it is now only appended iff it is different from the last value in the list. This resolves issues where a retry caused the same value to be appended multiple times. This behavioral change can be temporarily reverted by setting runtime guardenvoy_reloadable_features_append_xfh_idempotent
to false.
Minor behavior changes
Changes that may cause incompatibilities for some users, but should not for most
aws: Added support for fetching credentials from the AWS credentials file, which only happens if credentials cannot be fetched from environment variables. This behavioral change can be reverted by setting runtime guard
envoy.reloadable_features.enable_aws_credentials_file
tofalse
.connection pool: Increase granularity mapping connection pool failures to specific stream failure reasons to make it more transparent why the stream is reset when a connection pool’s connection fails.
custom response: The filter now traverses matchers from most specific to least specific per filter config till a match is found for the response.
dns: Changing the DNS cache to use host:port as the cache key rather than host. This allows a downstream DFP filter to serve both secure and insecure clusters. This behavioral change can be reverted by setting runtime flag
envoy.reloadable_features.dfp_mixed_scheme
to false.ext_proc: Filter metadata containing ext proc stats has been moved from ext-proc-logging-info to a namespace corresponding to the name of the ext_proc filter.
ext_proc: When clear_route_cache is set, ext_proc will check for header mutations beforce clearing the route cache. Failures due to this check will be counted under the clear_route_cache_ignored stat.
http cookies: Changed internal format of http cookie to protobuf and added expiry timestamp. Processing expired cookie results in selection of a new upstream host and sending a new cookie to the client. Previous format of the cookie is still accepted, but is planned to be obsoleted in the future. This behavior change can be reverted by setting
envoy.reloadable_features.stateful_session_encode_ttl_in_cookie
tofalse
.http1: Allowing mixed case schemes in absolute urls (e.g. HtTp://www.google.com). Mixed case schemes will be normalized to the lower cased equivalents before being forwarded upstream. This behavior can be reverted by setting runtime flag
envoy.reloadable_features.allow_absolute_url_with_mixed_scheme
to false.http1: The HTTP1 server-side codec no longer considers encoding 1xx headers as starting the response. This allows the codec to raise protocol errors, sending detailed local replies instead of just closing the connection. This behavior can be reverted by setting runtime flag
envoy.reloadable_features.http1_allow_codec_error_response_after_1xx_headers
to false.overload manager: Changed behavior of the overload manager to error on unknown overload manager actions. Prior it would silently fail. This change can be reverted temporarily by setting the runtime guard
envoy.reloadable_features.overload_manager_error_unknown_action
to false.resource_monitors: Changed behavior of the fixed heap monitor to count unused mapped pages as free memory. This change can be reverted temporarily by setting the runtime guard
envoy.reloadable_features.count_unused_mapped_pages_as_free
to false.router: Added check for existing metadata before setting metadata due to ‘auto_sni’, ‘auto_san_validation’, or ‘override_auto_sni_header’ to prevent triggering ENVOY_BUG when an earlier filter has set the metadata.
stats: Added new type of gauge with type hidden. These stats are hidden from admin/stats-sinks but can shown with a query-parameter of
/stats?hidden=include
or/stats?hidden=showonly
.uhv: Allow malformed URL encoded triplets in the default header validator. This behavior can be reverted by setting runtime flag
envoy.reloadable_features.uhv_allow_malformed_url_encoding
to false, in which case requests with malformed URL encoded triplets in path are rejected. This setting is only applicable when the Unversal Header Validator is enabled and has no effect otherwise.uhv: Preserve case of %-encoded triplets in the default header validator. This behavior can be reverted by setting runtime flag
envoy.reloadable_features.uhv_preserve_url_encoded_case
to false, in which case %-encoded triplets are normalized to uppercase characters. This setting is only applicable when the Unversal Header Validator is enabled and has no effect otherwise.
Bug fixes
Changes expected to improve the state of the world and are unlikely to have negative effects
boringssl: Fixed the crash that occurs when contrib is compiled with
boringssl=fips
defined.dependency: update C-ares -> 1.91.1 to resolve:
dependency: update Wasmtime and related deps -> 9.0.3 to resolve CVE-2023-30624.
ext_authz: Fix a bug where the ext_authz filter will ignore the request body when the pack_as_bytes is set to true and HTTP authorization service is configured.
http: The is_optional field of HTTP filter can only be used for configuration loading of HTTP filter and will be ignored for loading of route or virtual host level filter config. This behavioral change can be temporarily reverted by setting runtime guard
envoy.reloadable_features.ignore_optional_option_from_hcm_for_route_config
to false. You can also use route/virtual host optional flag as a replacement of the feature.logging: Do not display GRPC_STATUS_NUMBER for non gRPC requests. This behavioral change can be temporarily reverted by setting runtime guard
envoy.reloadable_features.validate_grpc_header_before_log_grpc_status
to false.oauth2: The Max-Age attribute of Set-Cookie HTTP response header was being assigned a value representing Seconds Since the Epoch, causing cookies to expire in ~53 years. This was fixed an now it is being assinged a value representing the number of seconds until the cookie expires. This behavioral change can be temporarily reverted by setting runtime guard
envoy.reloadable_features.oauth_use_standard_max_age_value
to false.oauth2: The httpOnly attribute for Set-Cookie for tokens in HTTP response header was missing, causing tokens to be accessible from the JavaScript making the apps vulnerable. This was fixed now by marking the cookie as httpOnly. This behavioral change can be temporarily reverted by setting runtime guard
envoy.reloadable_features.oauth_make_token_cookie_httponly
to false.router: Fixed the bug that updating scope_key_builder of SRDS config doesn’t work and multiple HCM share the same
scope_key_builder
.tls: Fix build FIPS compliance when using both FIPS mode and Wasm extensions (
--define boringssl=fips
and--define wasm=v8
).
Removed config or runtime
Normally occurs at the end of the deprecation period
config: removed runtime key
envoy.reloadable_features.delta_xds_subscription_state_tracking_fix
and legacy code paths.header_formatters: removed runtime key
envoy.reloadable_features.unified_header_formatter
and legacy code paths.http: removed runtime key
envoy.reloadable_features.allow_upstream_filters
and legacy code paths.http: removed runtime key
envoy.reloadable_features.closer_shadow_behavior
and legacy code paths.http: removed runtime key
envoy.reloadable_features.http_response_half_close
and legacy code paths.http: removed runtime key
envoy.reloadable_features.http_strip_fragment_from_path_unsafe_if_disabled
and legacy code paths.logging: removed runtime key
envoy.reloadable_features.correct_remote_address
and legacy code paths.quic: removed runtime key
envoy.reloadable_features.quic_defer_send_in_response_to_packet
and legacy code paths.tls: remove runtime key
envoy.reloadable_features.tls_async_cert_validation
and legacy code paths.udp: removed runtime key
envoy.reloadable_features.udp_proxy_connect
and legacy code paths.upstream: removed runtime key
envoy.reloadable_features.fix_hash_key
and legacy code paths.
New features
access_log: (QUIC only) Added support for %BYTES_RETRANSMITTED% and %PACKETS_RETRANSMITTED%.
access_log: added %ACCESS_LOG_TYPE% substitution string, to help distinguishing between access log records and when they are being recorded. Please refer to the access log configuration documentation for more information.
access_log: added CEL access log formatter to print CEL expression.
access_log: added access log filter log_type_filter to filter access log records based on the type of the record.
access_log: added additional HCM access log option flush_log_on_tunnel_successfully_established. Enabling this option will write a log to all access loggers when HTTP tunnels (e.g. Websocket and CONNECT) are successfully established.
admin: Adds a new admin stats html bucket-mode
detailed
to generate all recorded buckets and summary percentiles.application_logs: Added bootstrap option application_log_format to enable setting application log format as JSON structure.
dynamic_forward_proxy: added sub_clusters_config to enable independent sub cluster for each host:port, with STRICT_DNS cluster type.
ext_proc: forward_rules to only allow headers matchinging the forward rules to be forwarded to the external processing server.
ext_proc: added new configuration field allow_mode_override If set to true, the filter config processing_mode can be overridden by the mode_override in the response message from the external processing server. If not set, the
mode_override
API in the response message will be ignored.ext_proc: added new configuration field disable_clear_route_cache to force the ext_proc filter from clearing the route cache. Failures to clear from setting this field will be counted under the clear_route_cache_disabled stat.
ext_proc: added new field
filter_metadata <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExtProc.filter_metadata
to aid in logging. Metadata will be stored in StreamInfo filter metadata under a namespace corresponding to the name of the ext proc filter.fault: added new field
envoy.extensions.filters.http.fault.v3.HTTPFault.filter_metadata
to aid in logging. Metadata will be stored in StreamInfo dynamic metadata under a namespace corresponding to the name of the fault filter.http: Add support to the route/virtual host level is_optional field. A route/virtual host level per filter config can be marked as optional, which means that if the filter fails to load, the configuration will no be rejected.
http: added Runtime feature
envoy.reloadable_features.max_request_headers_size_kb
to override the default value of max request headers size.http: added support for configuring additional cookie attributes.
load shed point: added load shed point
envoy.load_shed_points.http1_server_abort_dispatch
that rejects HTTP1 server processing of requests.load shed point: added load shed point
envoy.load_shed_points.http2_server_go_away_on_dispatch
that sendsGOAWAY
for HTTP2 server processing of requests. When aGOAWAY
frame is submitted by this the counterhttp2.goaway_sent
will be incremented.load shed point: added load shed point
envoy.load_shed_points.http_connection_manager_decode_headers
that rejects new http streams by sending a local reply.matchers: Added RuntimeFraction input matcher. It allows matching hash of the input on a runtime key.
matching: added CEL(Common Expression Language) matcher support CEL data input and CEL input matcher.
ratelimit: added new configuration field domain to allow for setting rate limit domains on a per-route basis.
redis_proxy: added new configuration field key_formatter to format redis key. The field supports using %KEY% as a formatter command for substituting the redis key as part of the substitution formatter expression.
redis_proxy: added new field connection_rate_limit to limit reconnection rate to redis server to avoid reconnection storm.
stat_sinks: Added
envoy.stat_sinks.open_telemetry
stats_sink, that supports flushing metrics by the OTLP protocol, for supported Open Telemetry collectors.tls: Added support for hot-reloading CRL file when the file changes on disk. This works with dynamic secrets when CertificateValidationContext is delivered via SDS.
tls_inspector: added histogram
bytes_processed
which records the number of bytes of the tls_inspector processed while analyzing for tls usage. In cases where the connection uses tls this records the tls client hello size. In cases where the connection doesn’t use tls this records the amount of bytes the tls_inspector processed until it realized the connection was not using tls.upstream: Added cluster provided extension to suppport the load balancer policy.
Deprecated
access_log: deprecated (1.25.0) intermediate_log_entry in favour of access_log_type.
health_check: deprecated the HealthCheck event_log_path in favor of HealthCheck event_logger extension.