1.12.0 (October 31, 2019) ========================= Changes ------- * access log: added a new flag for :ref:`downstream protocol error `. * access log: added :ref:`buffering ` and :ref:`periodical flushing ` support to gRPC access logger. Defaults to 16KB buffer and flushing every 1 second. * access log: added DOWNSTREAM_DIRECT_REMOTE_ADDRESS and DOWNSTREAM_DIRECT_REMOTE_ADDRESS_WITHOUT_PORT :ref:`access log formatters ` and gRPC access logger. * access log: gRPC Access Log Service (ALS) support added for :ref:`TCP access logs `. * access log: reintroduced :ref:`filesystem ` stats and added the `write_failed` counter to track failed log writes. * admin: added ability to configure listener :ref:`socket options `. * admin: added config dump support for Secret Discovery Service :ref:`SecretConfigDump `. * admin: added support for :ref:`draining ` listeners via admin interface. * admin: added :http:get:`/stats/recentlookups`, :http:post:`/stats/recentlookups/clear`, :http:post:`/stats/recentlookups/disable`, and :http:post:`/stats/recentlookups/enable` endpoints. * api: added :ref:`set_node_on_first_message_only ` option to omit the node identifier from the subsequent discovery requests on the same stream. * buffer filter: now populates content-length header if not present. This behavior can be temporarily disabled using the runtime feature `envoy.reloadable_features.buffer_filter_populate_content_length`. * build: official released binary is now PIE so it can be run with ASLR. * config: added support for :ref:`delta xDS ` (including ADS) delivery. * config: enforcing that terminal filters (e.g. HttpConnectionManager for L4, router for L7) be the last in their respective filter chains. * config: added access log :ref:`extension filter`. * config: added support for :option:`--reject-unknown-dynamic-fields`, providing independent control over whether unknown fields are rejected in static and dynamic configuration. By default, unknown fields in static configuration are rejected and are allowed in dynamic configuration. Warnings are logged for the first use of any unknown field and these occurrences are counted in the :ref:`server.static_unknown_fields ` and :ref:`server.dynamic_unknown_fields ` statistics. * config: added async data access for local and remote data sources. * config: changed the default value of :ref:`initial_fetch_timeout ` from 0s to 15s. This is a change in behaviour in the sense that Envoy will move to the next initialization phase, even if the first config is not delivered in 15s. Refer to :ref:`initialization process ` for more details. * config: added stat :ref:`init_fetch_timeout `. * config: tls_context in Cluster and FilterChain are deprecated in favor of transport socket. See :ref:`deprecated documentation` for more information. * csrf: added PATCH to supported methods. * dns: added support for configuring :ref:`dns_failure_refresh_rate ` to set the DNS refresh rate during failures. * ext_authz: added :ref:`configurable ability ` to send dynamic metadata to the `ext_authz` service. * ext_authz: added :ref:`filter_enabled RuntimeFractionalPercent flag ` to filter. * ext_authz: added tracing to the HTTP client. * ext_authz: deprecated :ref:`cluster scope stats ` in favour of filter scope stats. * fault: added overrides for default runtime keys in :ref:`HTTPFault ` filter. * grpc: added :ref:`AWS IAM grpc credentials extension ` for AWS-managed xDS. * grpc: added :ref:`gRPC stats filter ` for collecting stats about gRPC calls and streaming message counts. * grpc-json: added support for :ref:`ignoring unknown query parameters`. * grpc-json: added support for :ref:`the grpc-status-details-bin header`. * header to metadata: added :ref:`PROTOBUF_VALUE ` and :ref:`ValueEncode ` to support protobuf Value and Base64 encoding. * http: added a default one hour idle timeout to upstream and downstream connections. HTTP connections with no streams and no activity will be closed after one hour unless the default idle_timeout is overridden. To disable upstream idle timeouts, set the :ref:`idle_timeout ` to zero in Cluster :ref:`http_protocol_options`. To disable downstream idle timeouts, either set :ref:`idle_timeout ` to zero in the HttpConnectionManager :ref:`common_http_protocol_options ` or set the deprecated :ref:`connection manager ` field to zero. * http: added the ability to format HTTP/1.1 header keys using :ref:`header_key_format `. * http: added the ability to reject HTTP/1.1 requests with invalid HTTP header values, using the runtime feature `envoy.reloadable_features.strict_header_validation`. * http: changed Envoy to forward existing x-forwarded-proto from upstream trusted proxies. Guarded by `envoy.reloadable_features.trusted_forwarded_proto` which defaults true. * http: added the ability to configure the behavior of the server response header, via the :ref:`server_header_transformation` field. * http: added the ability to :ref:`merge adjacent slashes` in the path. * http: :ref:`AUTO ` codec protocol inference now requires the H2 magic bytes to be the first bytes transmitted by a downstream client. * http: remove h2c upgrade headers for HTTP/1 as h2c upgrades are currently not supported. * http: absolute URL support is now on by default. The prior behavior can be reinstated by setting :ref:`allow_absolute_url ` to false. * http: support :ref:`host rewrite ` in the dynamic forward proxy. * http: support :ref:`disabling the filter per route ` in the grpc http1 reverse bridge filter. * http: added the ability to :ref:`configure max connection duration ` for downstream connections. * listeners: added :ref:`continue_on_listener_filters_timeout ` to configure whether a listener will still create a connection when listener filters time out. * listeners: added :ref:`HTTP inspector listener filter `. * listeners: added :ref:`connection balancer ` configuration for TCP listeners. * listeners: listeners now close the listening socket as part of the draining stage as soon as workers stop accepting their connections. * lua: extended `httpCall()` and `respond()` APIs to accept headers with entry values that can be a string or table of strings. * lua: extended `dynamicMetadata:set()` to allow setting complex values. * metrics_service: added support for flushing histogram buckets. * outlier_detector: added :ref:`support for the grpc-status response header ` by mapping it to HTTP status. Guarded by envoy.reloadable_features.outlier_detection_support_for_grpc_status which defaults to true. * performance: new buffer implementation enabled by default (to disable add "--use-libevent-buffers 1" to the command-line arguments when starting Envoy). * performance: stats symbol table implementation (disabled by default; to test it, add "--use-fake-symbol-table 0" to the command-line arguments when starting Envoy). * rbac: added support for DNS SAN as :ref:`principal_name `. * redis: added :ref:`enable_command_stats ` to enable :ref:`per command statistics ` for upstream clusters. * redis: added :ref:`read_policy ` to allow reading from redis replicas for Redis Cluster deployments. * redis: fixed a bug where the redis health checker ignored the upstream auth password. * redis: enable_hashtaging is always enabled when the upstream uses open source Redis cluster protocol. * regex: introduced new :ref:`RegexMatcher ` type that provides a safe regex implementation for untrusted user input. This type is now used in all configuration that processes user provided input. See :ref:`deprecated configuration details ` for more information. * rbac: added conditions to the policy, see :ref:`condition `. * router: added :ref:`rq_retry_skipped_request_not_complete ` counter stat to router stats. * router: :ref:`scoped routing ` is supported. * router: added new :ref:`retriable-headers ` retry policy. Retries can now be configured to trigger by arbitrary response header matching. * router: added ability for most specific header mutations to take precedence, see :ref:`route configuration's most specific header mutations wins flag `. * router: added :ref:`respect_expected_rq_timeout ` that instructs ingress Envoy to respect :ref:`config_http_filters_router_x-envoy-expected-rq-timeout-ms` header, populated by egress Envoy, when deriving timeout for upstream cluster. * router: added new :ref:`retriable request headers ` to route configuration, to allow limiting buffering for retries and shadowing. * router: added new :ref:`retriable request headers ` to retry policies. Retries can now be configured to only trigger on request header match. * router: added the ability to match a route based on whether a TLS certificate has been :ref:`presented ` by the downstream connection. * router check tool: added coverage reporting & enforcement. * router check tool: added comprehensive coverage reporting. * router check tool: added deprecated field check. * router check tool: added flag for only printing results of failed tests. * router check tool: added support for outputting missing tests in the detailed coverage report. * router check tool: added coverage reporting for direct response routes. * runtime: allows for the ability to parse boolean values. * runtime: allows for the ability to parse integers as double values and vice-versa. * sds: added :ref:`session_ticket_keys_sds_secret_config ` for loading TLS Session Ticket Encryption Keys using SDS API. * server: added a post initialization lifecycle event, in addition to the existing startup and shutdown events. * server: added :ref:`per-handler listener stats ` and :ref:`per-worker watchdog stats ` to help diagnosing event loop imbalance and general performance issues. * stats: added unit support to histogram. * tcp_proxy: the default :ref:`idle_timeout ` is now 1 hour. * thrift_proxy: fixed crashing bug on invalid transport/protocol framing. * thrift_proxy: added support for stripping service name from method when using the multiplexed protocol. * tls: added verification of IP address SAN fields in certificates against configured SANs in the certificate validation context. * tracing: added support to the Zipkin reporter for sending list of spans as Zipkin JSON v2 and protobuf message over HTTP. certificate validation context. * tracing: added tags for gRPC response status and message. * tracing: added :ref:`max_path_tag_length ` to support customizing the length of the request path included in the extracted `http.url `_ tag. * upstream: added :ref:`an option ` that allows draining HTTP, TCP connection pools on cluster membership change. * upstream: added :ref:`transport_socket_matches `, support using different transport socket config when connecting to different upstream endpoints within a cluster. * upstream: added network filter chains to upstream connections, see :ref:`filters`. * upstream: added new :ref:`failure-percentage based outlier detection` mode. * upstream: uses p2c to select hosts for least-requests load balancers if all host weights are the same, even in cases where weights are not equal to 1. * upstream: added :ref:`fail_traffic_on_panic ` to allow failing all requests to a cluster during panic state. * zookeeper: parses responses and emits latency stats. Deprecated ---------- * The ORIGINAL_DST_LB :ref:`load balancing policy ` is deprecated, use CLUSTER_PROVIDED policy instead when configuring an :ref:`original destination cluster `. * The `regex` field in :ref:`StringMatcher ` has been deprecated in favor of the `safe_regex` field. * The `regex` field in :ref:`RouteMatch ` has been deprecated in favor of the `safe_regex` field. * The `allow_origin` and `allow_origin_regex` fields in :ref:`CorsPolicy ` have been deprecated in favor of the `allow_origin_string_match` field. * The `pattern` and `method` fields in :ref:`VirtualCluster ` have been deprecated in favor of the `headers` field. * The `regex_match` field in :ref:`HeaderMatcher ` has been deprecated in favor of the `safe_regex_match` field. * The `value` and `regex` fields in :ref:`QueryParameterMatcher ` has been deprecated in favor of the `string_match` and `present_match` fields. * The :option:`--allow-unknown-fields` command-line option, use :option:`--allow-unknown-static-fields` instead. * The use of HTTP_JSON_V1 :ref:`Zipkin collector endpoint version ` or not explicitly specifying it is deprecated, use HTTP_JSON or HTTP_PROTO instead. * The `operation_name` field in :ref:`HTTP connection manager ` has been deprecated in favor of the `traffic_direction` field in :ref:`Listener `. The latter takes priority if specified. * The `tls_context` field in :ref:`Filter chain ` message and :ref:`Cluster ` message have been deprecated in favor of `transport_socket` with name `envoy.transport_sockets.tls`. The latter takes priority if specified. * The `use_http2` field in :ref:`HTTP health checker ` has been deprecated in favor of the `codec_client_type` field. * The use of :ref:`gRPC bridge filter ` for gRPC stats has been deprecated in favor of the dedicated :ref:`gRPC stats filter ` * Ext_authz filter stats `ok`, `error`, `denied`, `failure_mode_allowed` in *cluster..ext_authz.* namespace is deprecated. Use *http..ext_authz.* namespace to access same counters instead. * Use of google.protobuf.Struct for extension opaque configs is deprecated. Use google.protobuf.Any instead or pack udpa.type.v1.TypedStruct in google.protobuf.Any.