1.3.0 (May 17, 2017)

Changes

  • build: Bazel is now the canonical build system (replacing CMake). There have been a huge number of changes to the development/build/test flow. See /bazel/README.md and /ci/README.md for more information.

  • certificates: Multiple SANs can now be verified via the verify_subject_alt_name setting. Additionally, URI type SANs can be verified.

  • debugging: By default Envoy now has a built in crash handler that will print a back trace. This behavior can be disabled if desired via the --define=signal_trace=disabled Bazel option.

  • envoy: As of this release, we now have an official breaking change policy. Note that there are numerous breaking configuration changes in this release. They are not listed here. Future releases will adhere to the policy and have clear documentation on deprecations and changes.

  • envoy: Numerous small changes and fixes not listed here.

  • examples: The example configurations have been refreshed to demonstrate the latest features.

  • examples: We have added an example repo that shows how to compile/link a custom filter.

  • filters: HTTP filters can now be passed opaque configuration specified on a per route basis.

  • health_checking: TCP health checking now supports a “connect only” mode that only checks if the remote server can be connected to without writing/reading any data.

  • listener: Listener binding now requires specifying an address field. This can be used to bind a listener to both a specific address as well as a port.

  • listener: TCP level listener and cluster connections now have configurable receive buffer limits at which point connection level back pressure is applied. Full end to end flow control will be available in a future release.

  • matching: HTTP virtual host matching now includes support for prefix wildcard domains (e.g., *.lyft.com).

  • matching: The header value match rate limit action has been expanded to include an expect match parameter.

  • mongodb: The MongoDB filter now emits a stat for queries that do not have $maxTimeMS set.

  • mongodb: The MongoDB filter now emits logs that are fully valid JSON.

  • outlier_detection: Outlier detection has been expanded to include success rate variance, and all parameters are now configurable in both runtime and in the JSON configuration.

  • outlier_detection: Added additional cluster wide information related to outlier detection to the /clusters admin endpoint.

  • profiling: The CPU profiler output path is now configurable.

  • rate_limiting: Route level HTTP rate limit configurations now do not inherit the virtual host level configurations by default. Use include_vh_rate_limits to inherit the virtual host level options if desired.

  • rate_limiting: The HTTP rate limit filter can now be applied to internal, external, or all requests via the request_type option.

  • redis: Redis health checking has been added as an active health check type. Full Redis support will be documented/supported in 1.4.0.

  • retry: per_try_timeout_ms can now be configured in a route’s retry policy in addition to via the x-envoy-upstream-rq- per-try-timeout-ms HTTP header.

  • routing: A route table checking tool has been added that can be used to test route tables before use.

  • routing: HTTP routes can now add request headers on a per route and per virtual host basis via the request_headers_to_add option.

  • ssl: BoringSSL is now the only supported TLS provider. The default cipher suites and ECDH curves have been updated with more modern defaults for both listener and cluster connections.

  • tracing: HTTP tracing configuration has been extended to allow tags to be populated from arbitrary HTTP headers.

  • tracing: The default for tracing random sampling has been changed to 100% and is still configurable in runtime.

  • watchdog: A watchdog system has been added that can kill the server if a deadlock is detected.

  • zipkin: Zipkin has been added as a supported tracing provider.