1.29.0 (Pending)

Incompatible behavior changes

Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required

  • http: Flip runtime flag envoy.reloadable_features.no_downgrade_to_canonical_name to true. Name downgrading in the per filter config searching will be disabled by default. This behavior can be temporarily reverted by setting the flag to false explicitly. See doc Http filter route specific config or issue https://github.com/envoyproxy/envoy/issues/29461 for more specific detail and examples.

  • listener: undeprecated runtime key overload.global_downstream_max_connections until downstream connections monitor extension becomes stable.

  • stats dns_filter: Fixed tag extraction so that stat_prefix is properly extracted. This changes the Prometheus name from dns_filter_myprefix_local_a_record_answers{} to dns_filter_local_a_record_answers{envoy.dns_filter_prefix=”myprefix”}.

Minor behavior changes

Changes that may cause incompatibilities for some users, but should not for most

  • aws: uses http async client to fetch the credentials from EC2 instance metadata and ECS task metadata providers instead of libcurl which is deprecated. To revert this behavior set envoy.reloadable_features.use_libcurl_to_fetch_aws_credentials to true.

  • filter state: Added config name of filter sending a local reply in filter state with key envoy.filters.network.http_connection_manager.local_reply_owner. See the well-known filter state keys for more detail.

  • golang: Remove Protocol method from RequestHeaderMap. To get the protocol, please use GetProperty(“request.protocol”) instead.

  • http2: Flip the runtime guard envoy.reloadable_features.defer_processing_backedup_streams to be on by default. This feature improves flow control within the proxy by deferring work on the receiving end if the other end is backed up.

  • local_rate_limit: Added new configuration field rate_limited_as_resource_exhausted to allow for setting if rate limit grpc response should be RESOURCE_EXHAUSTED instead of the default UNAVAILABLE.

  • upstream: Fixed a reported issue (https://github.com/envoyproxy/envoy/issues/11004) that causes the Least Request load balancer policy to be unfair when the number of hosts are very small, when the number of hosts is smaller than the choice_count, instead of randomly selection hosts from the list, we perform a full scan on it to choose the host with least requests.

Bug fixes

Changes expected to improve the state of the world and are unlikely to have negative effects

  • access log: Fixed a bug where the omit_empty_values field was not honored for access logs specifying formats via text_format_source.

  • buffer: Fixed a bug (https://github.com/envoyproxy/envoy/issues/28760) that the internal listener causes an undefined behavior due to the unintended release of the buffer memory.

  • dynamic_forward_proxy: Fixed a bug where the preresolved hostnames specified in the Dynamic Forward Proxy cluster config would not use the normalized hostname as the DNS cache key, which is the same key used for retrieval. This caused cache misses on initial use, even though the host DNS entry was pre-resolved. The fix is guarded by runtime guard envoy.reloadable_features.normalize_host_for_preresolve_dfp_dns, which defaults to true.

  • ext_proc: Fixed content_length related issues when body mutation by external processor is enabled. ext_proc filter removes the content length header in 1)STREAMED BodySendMode 2) BUFFERED_PARTIAL BodySendMode and 3) BUFFERED BodySendMode + SKIP HeaderSendMode. This will enable chunked-encoding whenever feasible in HTTP1.1. Besides, ext_proc filter keep content length header in BUFFERED BodySendMode + SEND HeaderSendMode. It is now external processor’s responsibility to set the content length correctly matched to the mutated body. if those two doesn’t match, the mutation will be rejected and local reply with error status will be returned.

  • grpc: Fixed a bug in gRPC async client cache which intermittently causes CPU spikes due to busy loop in timer expiration.

  • quic: Fixed a bug in QUIC and HCM interaction which could cause use-after-free during asynchronous certificates retrieval. The fix is guarded by runtime envoy.reloadable_features.quic_fix_filter_manager_uaf.

  • redis: Fixed a bug causing crash if incoming redis key does not match against a prefix_route and catch_all_route is not defined.

  • tracing: Fixed a bug that caused the Datadog tracing extension to drop traces that should be kept on account of an extracted sampling decision.

  • xds: Fixed a bug (https://github.com/envoyproxy/envoy/issues/27702) that caused ADS initialization to fail on the first attempt and set a back-off retry interval of up to 1 second, if ADS is using an Envoy Cluster for the backend. The issue was fixed to ensure that ADS initialization happens after the Envoy Cluster it depends upon has been properly initialized. ADS that does not depend on an Envoy Cluster (i.e. GoogleGrpc) is not affected by this change.

Removed config or runtime

Normally occurs at the end of the deprecation period

  • access log: Removed the deprecated envoy.reloadable_features.format_ports_as_numbers runtime flag and legacy code path.

  • grpc: Removed the deprecated envoy.reloadable_features.service_sanitize_non_utf8_strings runtime flag and legacy code path.

  • http: Removed envoy.reloadable_features.expand_agnostic_stream_lifetime and legacy code paths.

  • http: removed envoy.reloadable_features.sanitize_original_path and legacy code paths.

  • maglev: Removed envoy.reloadable_features.allow_compact_maglev and legacy code paths.

  • router: Removed the deprecated envoy.reloadable_features.prohibit_route_refresh_after_response_headers_sent runtime flag and legacy code path.

  • upstream: Removed the deprecated envoy.reloadable_features.validate_detailed_override_host_statuses runtime flag and legacy code path.

New features

  • ext_authz: New config parameter charge_cluster_response_stats for not incrementing cluster statistics on ext_authz response. Default true, no behavior change.

  • ext_authz: forward filter_metadata selected by route_metadata_context_namespaces and typed_filter_metadata selected by route_typed_metadata_context_namespaces from the metadata of the selected route to external auth service. This metadata propagation is independent from the dynamic metadata from connection and request.

  • ext_authz_filter: added with_request_body to optionally override the default behavior of sending the request body to the authorization server from the per-route filter.

  • filters: Added the Basic Auth filter, which can be used to authenticate user credentials in the HTTP Authentication heaer defined in RFC7617.

  • grpc async client: added max_cached_entry_idle_duration to control the cached grpc client eviction time in the cache.

  • jwt: The jwt filter can now serialize non-primitive custom claims when maping claims to headers. These claims will be serialized as JSON and encoded as Base64.

  • ratelimit: Ratelimit supports optional additional prefix to use when emitting statistics with stat_prefix configuration flag.

  • ratelimit: Ratelimit supports setting the HTTP status that is returned to the client when the ratelimit server returns an error or cannot be reached with status_on_error configuration flag.

  • stats: added per_endpoint_stats to get some metrics for each endpoint in a cluster.

  • tcp_proxy: added support to TCP Proxy for recording the latency in UpstreamTiming from when the first initial connection to the upstream cluster was attempted to when either the connection was successfully established or the filiter failed to initialize any connection to the upstream.

  • tracing: Added support for configuring resource detectors on the OpenTelemetry tracer.

  • tracing: Added support to configure a Dynatrace resource detector for the OpenTelemetry tracer.

  • tracing: Added support to configure a sampler for the OpenTelemetry tracer.

  • tracing: Provide initial span attributes to a sampler used in the OpenTelemetry tracer.

  • udp_proxy: added support for propagating the response headers in UdpTunnelingConfig and response trailers in UdpTunnelingConfig to the downstream info filter state.

  • upstream: Added enable_full_scan option to the least requested load balancer. If set to true, Envoy will perform a full scan on the list of hosts instead of using choice_count to select the hosts.