1.13.0 (January 20, 2020) ========================= Changes ------- * access log: added FILTER_STATE :ref:`access log formatters ` and gRPC access logger. * admin: added the ability to filter :ref:`/config_dump `. * access log: added a :ref:`typed JSON logging mode ` to output access logs in JSON format with non-string values * access log: fixed UPSTREAM_LOCAL_ADDRESS :ref:`access log formatters ` to work for http requests * access log: added HOSTNAME. * api: remove all support for v1 * api: added ability to specify `mode` for :ref:`Pipe `. * api: support for the v3 xDS API added. See :ref:`api_supported_versions`. * aws_request_signing: added new alpha :ref:`HTTP AWS request signing filter `. * buffer: remove old implementation * build: official released binary is now built against libc++. * cluster: added :ref:`aggregate cluster ` that allows load balancing between clusters. * config: all category names of internal envoy extensions are prefixed with the 'envoy.' prefix to follow the reverse DNS naming notation. * decompressor: remove decompressor hard assert failure and replace with an error flag. * ext_authz: added :ref:`configurable ability` to send the :ref:`certificate` to the `ext_authz` service. * fault: fixed an issue where the http fault filter would repeatedly check the percentage of abort/delay when the `x-envoy-downstream-service-cluster` header was included in the request to ensure that the actual percentage of abort/delay matches the configuration of the filter. * health check: gRPC health checker sets the gRPC deadline to the configured timeout duration. * health check: added :ref:`TlsOptions ` to allow TLS configuration overrides. * health check: added :ref:`service_name_matcher ` to better compare the service name patterns for health check identity. * http: added strict validation that CONNECT is refused as it is not yet implemented. This can be reversed temporarily by setting the runtime feature `envoy.reloadable_features.strict_method_validation` to false. * http: added support for http1 trailers. To enable use :ref:`enable_trailers `. * http: added the ability to sanitize headers nominated by the Connection header. This new behavior is guarded by envoy.reloadable_features.connection_header_sanitization which defaults to true. * http: blocks unsupported transfer-encodings. Can be reverted temporarily by setting runtime feature `envoy.reloadable_features.reject_unsupported_transfer_encodings` to false. * http: support :ref:`auto_host_rewrite_header` in the dynamic forward proxy. * jwt_authn: added :ref:`allow_missing` option that accepts request without token but rejects bad request with bad tokens. * jwt_authn: added :ref:`bypass_cors_preflight` to allow bypassing the CORS preflight request. * lb_subset_config: new fallback policy for selectors: :ref:`KEYS_SUBSET` * listeners: added :ref:`reuse_port` option. * logger: added :ref:`--log-format-escaped ` command line option to escape newline characters in application logs. * ratelimit: added :ref:`local rate limit ` network filter. * rbac: added support for matching all subject alt names instead of first in :ref:`principal_name `. * redis: performance improvement for larger split commands by avoiding string copies. * redis: correctly follow MOVE/ASK redirection for mirrored clusters. * redis: add :ref:`host_degraded_refresh_threshold ` and :ref:`failure_refresh_threshold ` to refresh topology when nodes are degraded or when requests fails. * router: added histograms to show timeout budget usage to the :ref:`cluster stats `. * router check tool: added support for testing and marking coverage for routes of runtime fraction 0. * router: added :ref:`request_mirror_policies` to support sending multiple mirrored requests in one route. * router: added support for REQ(header-name) :ref:`header formatter `. * router: added support for percentage-based :ref:`retry budgets ` * router: allow using a :ref:`query parameter ` for HTTP consistent hashing. * router: exposed DOWNSTREAM_REMOTE_ADDRESS as custom HTTP request/response headers. * router: added support for :ref:`max_internal_redirects ` for configurable maximum internal redirect hops. * router: skip the Location header when the response code is not a 201 or a 3xx. * router: added :ref:`auto_sni ` to support setting SNI to transport socket for new upstream connections based on the downstream HTTP host/authority header. * router: added support for HOSTNAME :ref:`header formatter `. * server: added the :option:`--disable-extensions` CLI option, to disable extensions at startup. * server: fixed a bug in config validation for configs with runtime layers. * server: added :ref:`workers_started ` that indicates whether listeners have been fully initialized on workers. * tcp_proxy: added :ref:`ClusterWeight.metadata_match`. * tcp_proxy: added :ref:`hash_policy`. * thrift_proxy: added support for cluster header based routing. * thrift_proxy: added stats to the router filter. * tls: remove TLS 1.0 and 1.1 from client defaults * tls: added support for :ref:`generic string matcher ` for subject alternative names. * tracing: added the ability to set custom tags on both the :ref:`HTTP connection manager` and the :ref:`HTTP route `. * tracing: added upstream_address tag. * tracing: added initial support for AWS X-Ray (local sampling rules only) :ref:`X-Ray Tracing `. * tracing: added tags for gRPC request path, authority, content-type and timeout. * udp: added initial support for :ref:`UDP proxy ` Deprecated ---------- * The `request_headers_for_tags` field in :ref:`HTTP connection manager ` has been deprecated in favor of the :ref:`custom_tags ` field. * The `verify_subject_alt_name` field in :ref:`Certificate Validation Context ` has been deprecated in favor of the :ref:`match_subject_alt_names ` field. * The `request_mirror_policy` field in :ref:`RouteMatch ` has been deprecated in favor of the `request_mirror_policies` field. * The `service_name` field in :ref:`HTTP health checker ` has been deprecated in favor of the `service_name_matcher` field. * The v2 xDS API is deprecated. It will be supported by Envoy until EOY 2020. See :ref:`api_supported_versions`.