1.29.0 (Pending)
Incompatible behavior changes
Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required
http: Flip runtime flag
envoy.reloadable_features.no_downgrade_to_canonical_name
to true. Name downgrading in the per filter config searching will be disabled by default. This behavior can be temporarily reverted by setting the flag to false explicitly. See doc Http filter route specific config or issue https://github.com/envoyproxy/envoy/issues/29461 for more specific detail and examples.listener: undeprecated runtime key
overload.global_downstream_max_connections
until downstream connections monitor extension becomes stable.stats dns_filter: Fixed tag extraction so that stat_prefix is properly extracted. This changes the Prometheus name from dns_filter_myprefix_local_a_record_answers{} to dns_filter_local_a_record_answers{envoy.dns_filter_prefix=”myprefix”}.
Minor behavior changes
Changes that may cause incompatibilities for some users, but should not for most
aws: uses http async client to fetch the credentials from EC2 instance metadata and ECS task metadata providers instead of libcurl which is deprecated. To revert this behavior set
envoy.reloadable_features.use_libcurl_to_fetch_aws_credentials
to true.filter state: Added config name of filter sending a local reply in filter state with key
envoy.filters.network.http_connection_manager.local_reply_owner
. See the well-known filter state keys for more detail.golang: Remove Protocol method from RequestHeaderMap. To get the protocol, please use GetProperty(“request.protocol”) instead.
http2: Flip the runtime guard
envoy.reloadable_features.defer_processing_backedup_streams
to be on by default. This feature improves flow control within the proxy by deferring work on the receiving end if the other end is backed up.local_rate_limit: Added new configuration field rate_limited_as_resource_exhausted to allow for setting if rate limit grpc response should be RESOURCE_EXHAUSTED instead of the default UNAVAILABLE.
upstream: Fixed a reported issue (https://github.com/envoyproxy/envoy/issues/11004) that causes the Least Request load balancer policy to be unfair when the number of hosts are very small, when the number of hosts is smaller than the choice_count, instead of randomly selection hosts from the list, we perform a full scan on it to choose the host with least requests.
Bug fixes
Changes expected to improve the state of the world and are unlikely to have negative effects
access log: Fixed a bug where the omit_empty_values field was not honored for access logs specifying formats via text_format_source.
buffer: Fixed a bug (https://github.com/envoyproxy/envoy/issues/28760) that the internal listener causes an undefined behavior due to the unintended release of the buffer memory.
dynamic_forward_proxy: Fixed a bug where the preresolved hostnames specified in the Dynamic Forward Proxy cluster config would not use the normalized hostname as the DNS cache key, which is the same key used for retrieval. This caused cache misses on initial use, even though the host DNS entry was pre-resolved. The fix is guarded by runtime guard
envoy.reloadable_features.normalize_host_for_preresolve_dfp_dns
, which defaults to true.ext_proc: Fixed content_length related issues when body mutation by external processor is enabled. ext_proc filter removes the content length header in 1)STREAMED BodySendMode 2) BUFFERED_PARTIAL BodySendMode and 3) BUFFERED BodySendMode + SKIP HeaderSendMode. This will enable chunked-encoding whenever feasible in HTTP1.1. Besides, ext_proc filter keep content length header in BUFFERED BodySendMode + SEND HeaderSendMode. It is now external processor’s responsibility to set the content length correctly matched to the mutated body. if those two doesn’t match, the mutation will be rejected and local reply with error status will be returned.
grpc: Fixed a bug in gRPC async client cache which intermittently causes CPU spikes due to busy loop in timer expiration.
quic: Fixed a bug in QUIC and HCM interaction which could cause use-after-free during asynchronous certificates retrieval. The fix is guarded by runtime
envoy.reloadable_features.quic_fix_filter_manager_uaf
.redis: Fixed a bug causing crash if incoming redis key does not match against a prefix_route and catch_all_route is not defined.
tracing: Fixed a bug that caused the Datadog tracing extension to drop traces that should be kept on account of an extracted sampling decision.
xds: Fixed a bug (https://github.com/envoyproxy/envoy/issues/27702) that caused ADS initialization to fail on the first attempt and set a back-off retry interval of up to 1 second, if ADS is using an Envoy Cluster for the backend. The issue was fixed to ensure that ADS initialization happens after the Envoy Cluster it depends upon has been properly initialized. ADS that does not depend on an Envoy Cluster (i.e. GoogleGrpc) is not affected by this change.
Removed config or runtime
Normally occurs at the end of the deprecation period
access log: Removed the deprecated
envoy.reloadable_features.format_ports_as_numbers
runtime flag and legacy code path.grpc: Removed the deprecated
envoy.reloadable_features.service_sanitize_non_utf8_strings
runtime flag and legacy code path.http: Removed
envoy.reloadable_features.expand_agnostic_stream_lifetime
and legacy code paths.http: removed
envoy.reloadable_features.sanitize_original_path
and legacy code paths.maglev: Removed
envoy.reloadable_features.allow_compact_maglev
and legacy code paths.router: Removed the deprecated
envoy.reloadable_features.prohibit_route_refresh_after_response_headers_sent
runtime flag and legacy code path.upstream: Removed the deprecated
envoy.reloadable_features.validate_detailed_override_host_statuses
runtime flag and legacy code path.
New features
ext_authz: New config parameter charge_cluster_response_stats for not incrementing cluster statistics on ext_authz response. Default true, no behavior change.
ext_authz: forward filter_metadata selected by route_metadata_context_namespaces and typed_filter_metadata selected by route_typed_metadata_context_namespaces from the metadata of the selected route to external auth service. This metadata propagation is independent from the dynamic metadata from connection and request.
ext_authz_filter: added with_request_body to optionally override the default behavior of sending the request body to the authorization server from the per-route filter.
filters: Added the Basic Auth filter, which can be used to authenticate user credentials in the HTTP Authentication heaer defined in RFC7617.
grpc async client: added max_cached_entry_idle_duration to control the cached grpc client eviction time in the cache.
jwt: The jwt filter can now serialize non-primitive custom claims when maping claims to headers. These claims will be serialized as JSON and encoded as Base64.
ratelimit: Ratelimit supports optional additional prefix to use when emitting statistics with stat_prefix configuration flag.
ratelimit: Ratelimit supports setting the HTTP status that is returned to the client when the ratelimit server returns an error or cannot be reached with status_on_error configuration flag.
stats: added per_endpoint_stats to get some metrics for each endpoint in a cluster.
tcp_proxy: added support to TCP Proxy for recording the latency in
UpstreamTiming
from when the first initial connection to the upstream cluster was attempted to when either the connection was successfully established or the filiter failed to initialize any connection to the upstream.tracing: Added support for configuring resource detectors on the OpenTelemetry tracer.
tracing: Added support to configure a Dynatrace resource detector for the OpenTelemetry tracer.
tracing: Added support to configure a sampler for the OpenTelemetry tracer.
tracing: Provide initial span attributes to a sampler used in the OpenTelemetry tracer.
udp_proxy: added support for propagating the response headers in UdpTunnelingConfig and response trailers in UdpTunnelingConfig to the downstream info filter state.
upstream: Added enable_full_scan option to the least requested load balancer. If set to true, Envoy will perform a full scan on the list of hosts instead of using choice_count to select the hosts.