1.12.0 (October 31, 2019)

Changes

  • access log: added a new flag for downstream protocol error.

  • access log: added buffering and periodical flushing support to gRPC access logger. Defaults to 16KB buffer and flushing every 1 second.

  • access log: added DOWNSTREAM_DIRECT_REMOTE_ADDRESS and DOWNSTREAM_DIRECT_REMOTE_ADDRESS_WITHOUT_PORT access log formatters and gRPC access logger.

  • access log: gRPC Access Log Service (ALS) support added for TCP access logs.

  • access log: reintroduced filesystem stats and added the write_failed counter to track failed log writes.

  • admin: added ability to configure listener socket options.

  • admin: added config dump support for Secret Discovery Service SecretConfigDump.

  • admin: added support for draining listeners via admin interface.

  • admin: added GET /stats/recentlookups, POST /stats/recentlookups/clear, POST /stats/recentlookups/disable, and POST /stats/recentlookups/enable endpoints.

  • api: added set_node_on_first_message_only option to omit the node identifier from the subsequent discovery requests on the same stream.

  • buffer filter: now populates content-length header if not present. This behavior can be temporarily disabled using the runtime feature envoy.reloadable_features.buffer_filter_populate_content_length.

  • build: official released binary is now PIE so it can be run with ASLR.

  • config: added support for delta xDS (including ADS) delivery.

  • config: enforcing that terminal filters (e.g. HttpConnectionManager for L4, router for L7) be the last in their respective filter chains.

  • config: added access log extension filter.

  • config: added support for --reject-unknown-dynamic-fields, providing independent control over whether unknown fields are rejected in static and dynamic configuration. By default, unknown fields in static configuration are rejected and are allowed in dynamic configuration. Warnings are logged for the first use of any unknown field and these occurrences are counted in the server.static_unknown_fields and server.dynamic_unknown_fields statistics.

  • config: added async data access for local and remote data sources.

  • config: changed the default value of initial_fetch_timeout from 0s to 15s. This is a change in behaviour in the sense that Envoy will move to the next initialization phase, even if the first config is not delivered in 15s. Refer to initialization process for more details.

  • config: added stat init_fetch_timeout.

  • config: tls_context in Cluster and FilterChain are deprecated in favor of transport socket. See deprecated documentation for more information.

  • csrf: added PATCH to supported methods.

  • dns: added support for configuring dns_failure_refresh_rate to set the DNS refresh rate during failures.

  • ext_authz: added configurable ability to send dynamic metadata to the ext_authz service.

  • ext_authz: added filter_enabled RuntimeFractionalPercent flag to filter.

  • ext_authz: added tracing to the HTTP client.

  • ext_authz: deprecated cluster scope stats in favour of filter scope stats.

  • fault: added overrides for default runtime keys in HTTPFault filter.

  • grpc: added AWS IAM grpc credentials extension for AWS-managed xDS.

  • grpc: added gRPC stats filter for collecting stats about gRPC calls and streaming message counts.

  • grpc-json: added support for ignoring unknown query parameters.

  • grpc-json: added support for the grpc-status-details-bin header.

  • header to metadata: added PROTOBUF_VALUE and ValueEncode to support protobuf Value and Base64 encoding.

  • http: added a default one hour idle timeout to upstream and downstream connections. HTTP connections with no streams and no activity will be closed after one hour unless the default idle_timeout is overridden. To disable upstream idle timeouts, set the idle_timeout to zero in Cluster http_protocol_options. To disable downstream idle timeouts, either set idle_timeout to zero in the HttpConnectionManager common_http_protocol_options or set the deprecated connection manager field to zero.

  • http: added the ability to format HTTP/1.1 header keys using header_key_format.

  • http: added the ability to reject HTTP/1.1 requests with invalid HTTP header values, using the runtime feature envoy.reloadable_features.strict_header_validation.

  • http: changed Envoy to forward existing x-forwarded-proto from upstream trusted proxies. Guarded by envoy.reloadable_features.trusted_forwarded_proto which defaults true.

  • http: added the ability to configure the behavior of the server response header, via the server_header_transformation field.

  • http: added the ability to merge adjacent slashes in the path.

  • http: AUTO codec protocol inference now requires the H2 magic bytes to be the first bytes transmitted by a downstream client.

  • http: remove h2c upgrade headers for HTTP/1 as h2c upgrades are currently not supported.

  • http: absolute URL support is now on by default. The prior behavior can be reinstated by setting allow_absolute_url to false.

  • http: support host rewrite in the dynamic forward proxy.

  • http: support disabling the filter per route in the grpc http1 reverse bridge filter.

  • http: added the ability to configure max connection duration for downstream connections.

  • listeners: added continue_on_listener_filters_timeout to configure whether a listener will still create a connection when listener filters time out.

  • listeners: added HTTP inspector listener filter.

  • listeners: added connection balancer configuration for TCP listeners.

  • listeners: listeners now close the listening socket as part of the draining stage as soon as workers stop accepting their connections.

  • lua: extended httpCall() and respond() APIs to accept headers with entry values that can be a string or table of strings.

  • lua: extended dynamicMetadata:set() to allow setting complex values.

  • metrics_service: added support for flushing histogram buckets.

  • outlier_detector: added support for the grpc-status response header by mapping it to HTTP status. Guarded by envoy.reloadable_features.outlier_detection_support_for_grpc_status which defaults to true.

  • performance: new buffer implementation enabled by default (to disable add “–use-libevent-buffers 1” to the command-line arguments when starting Envoy).

  • performance: stats symbol table implementation (disabled by default; to test it, add “–use-fake-symbol-table 0” to the command-line arguments when starting Envoy).

  • rbac: added support for DNS SAN as principal_name.

  • redis: added enable_command_stats to enable per command statistics for upstream clusters.

  • redis: added read_policy to allow reading from redis replicas for Redis Cluster deployments.

  • redis: fixed a bug where the redis health checker ignored the upstream auth password.

  • redis: enable_hashtaging is always enabled when the upstream uses open source Redis cluster protocol.

  • regex: introduced new RegexMatcher type that provides a safe regex implementation for untrusted user input. This type is now used in all configuration that processes user provided input. See deprecated configuration details for more information.

  • rbac: added conditions to the policy, see condition.

  • router: added rq_retry_skipped_request_not_complete counter stat to router stats.

  • router: scoped routing is supported.

  • router: added new retriable-headers retry policy. Retries can now be configured to trigger by arbitrary response header matching.

  • router: added ability for most specific header mutations to take precedence, see route configuration’s most specific header mutations wins flag.

  • router: added respect_expected_rq_timeout that instructs ingress Envoy to respect x-envoy-expected-rq-timeout-ms header, populated by egress Envoy, when deriving timeout for upstream cluster.

  • router: added new retriable request headers to route configuration, to allow limiting buffering for retries and shadowing.

  • router: added new retriable request headers to retry policies. Retries can now be configured to only trigger on request header match.

  • router: added the ability to match a route based on whether a TLS certificate has been presented by the downstream connection.

  • router check tool: added coverage reporting & enforcement.

  • router check tool: added comprehensive coverage reporting.

  • router check tool: added deprecated field check.

  • router check tool: added flag for only printing results of failed tests.

  • router check tool: added support for outputting missing tests in the detailed coverage report.

  • router check tool: added coverage reporting for direct response routes.

  • runtime: allows for the ability to parse boolean values.

  • runtime: allows for the ability to parse integers as double values and vice-versa.

  • sds: added session_ticket_keys_sds_secret_config for loading TLS Session Ticket Encryption Keys using SDS API.

  • server: added a post initialization lifecycle event, in addition to the existing startup and shutdown events.

  • server: added per-handler listener stats and per-worker watchdog stats to help diagnosing event loop imbalance and general performance issues.

  • stats: added unit support to histogram.

  • tcp_proxy: the default idle_timeout is now 1 hour.

  • thrift_proxy: fixed crashing bug on invalid transport/protocol framing.

  • thrift_proxy: added support for stripping service name from method when using the multiplexed protocol.

  • tls: added verification of IP address SAN fields in certificates against configured SANs in the certificate validation context.

  • tracing: added support to the Zipkin reporter for sending list of spans as Zipkin JSON v2 and protobuf message over HTTP. certificate validation context.

  • tracing: added tags for gRPC response status and message.

  • tracing: added max_path_tag_length to support customizing the length of the request path included in the extracted http.url tag.

  • upstream: added an option that allows draining HTTP, TCP connection pools on cluster membership change.

  • upstream: added transport_socket_matches, support using different transport socket config when connecting to different upstream endpoints within a cluster.

  • upstream: added network filter chains to upstream connections, see filters.

  • upstream: added new failure-percentage based outlier detection mode.

  • upstream: uses p2c to select hosts for least-requests load balancers if all host weights are the same, even in cases where weights are not equal to 1.

  • upstream: added fail_traffic_on_panic to allow failing all requests to a cluster during panic state.

  • zookeeper: parses responses and emits latency stats.

Deprecated

  • The ORIGINAL_DST_LB load balancing policy is deprecated, use CLUSTER_PROVIDED policy instead when configuring an original destination cluster.

  • The regex field in StringMatcher has been deprecated in favor of the safe_regex field.

  • The regex field in RouteMatch has been deprecated in favor of the safe_regex field.

  • The allow_origin and allow_origin_regex fields in CorsPolicy have been deprecated in favor of the allow_origin_string_match field.

  • The pattern and method fields in VirtualCluster have been deprecated in favor of the headers field.

  • The regex_match field in HeaderMatcher has been deprecated in favor of the safe_regex_match field.

  • The value and regex fields in QueryParameterMatcher has been deprecated in favor of the string_match and present_match fields.

  • The --allow-unknown-fields command-line option, use --allow-unknown-static-fields instead.

  • The use of HTTP_JSON_V1 Zipkin collector endpoint version or not explicitly specifying it is deprecated, use HTTP_JSON or HTTP_PROTO instead.

  • The operation_name field in HTTP connection manager has been deprecated in favor of the traffic_direction field in Listener. The latter takes priority if specified.

  • The tls_context field in Filter chain message and Cluster message have been deprecated in favor of transport_socket with name envoy.transport_sockets.tls. The latter takes priority if specified.

  • The use_http2 field in HTTP health checker has been deprecated in favor of the codec_client_type field.

  • The use of gRPC bridge filter for gRPC stats has been deprecated in favor of the dedicated gRPC stats filter

  • Ext_authz filter stats ok, error, denied, failure_mode_allowed in cluster.<route target cluster>.ext_authz. namespace is deprecated. Use http.<stat_prefix>.ext_authz. namespace to access same counters instead.

  • Use of google.protobuf.Struct for extension opaque configs is deprecated. Use google.protobuf.Any instead or pack udpa.type.v1.TypedStruct in google.protobuf.Any.