1.13.0 (January 20, 2020)¶
access log: added FILTER_STATE access log formatters and gRPC access logger.
admin: added the ability to filter /config_dump.
access log: added a typed JSON logging mode to output access logs in JSON format with non-string values
access log: fixed UPSTREAM_LOCAL_ADDRESS access log formatters to work for http requests
access log: added HOSTNAME.
api: remove all support for v1
api: added ability to specify mode for Pipe.
api: support for the v3 xDS API added. See Supported API versions.
aws_request_signing: added new alpha HTTP AWS request signing filter
buffer: remove old implementation
build: official released binary is now built against libc++.
cluster: added aggregate cluster that allows load balancing between clusters.
config: all category names of internal envoy extensions are prefixed with the ‘envoy.’ prefix to follow the reverse DNS naming notation.
decompressor: remove decompressor hard assert failure and replace with an error flag.
ext_authz: added configurable ability to send the certificate to the ext_authz service.
fault: fixed an issue where the http fault filter would repeatedly check the percentage of abort/delay when the
x-envoy-downstream-service-clusterheader was included in the request to ensure that the actual percentage of abort/delay matches the configuration of the filter.
health check: gRPC health checker sets the gRPC deadline to the configured timeout duration.
health check: added TlsOptions to allow TLS configuration overrides.
health check: added service_name_matcher to better compare the service name patterns for health check identity.
http: added strict validation that CONNECT is refused as it is not yet implemented. This can be reversed temporarily by setting the runtime feature
http: added support for http1 trailers. To enable use enable_trailers.
http: added the ability to sanitize headers nominated by the Connection header. This new behavior is guarded by
envoy.reloadable_features.connection_header_sanitizationwhich defaults to true.
http: blocks unsupported transfer-encodings. Can be reverted temporarily by setting runtime feature
http: support auto_host_rewrite_header in the dynamic forward proxy.
jwt_authn: added allow_missing option that accepts request without token but rejects bad request with bad tokens.
jwt_authn: added bypass_cors_preflight to allow bypassing the CORS preflight request.
lb_subset_config: new fallback policy for selectors: KEYS_SUBSET
listeners: added reuse_port option.
logger: added –log-format-escaped command line option to escape newline characters in application logs.
ratelimit: added local rate limit network filter.
rbac: added support for matching all subject alt names instead of first in principal_name.
redis: performance improvement for larger split commands by avoiding string copies.
redis: correctly follow MOVE/ASK redirection for mirrored clusters.
redis: add host_degraded_refresh_threshold and failure_refresh_threshold to refresh topology when nodes are degraded or when requests fails.
router: added histograms to show timeout budget usage to the cluster stats.
router check tool: added support for testing and marking coverage for routes of runtime fraction 0.
router: added request_mirror_policies to support sending multiple mirrored requests in one route.
router: added support for REQ(header-name) header formatter.
router: added support for percentage-based retry budgets
router: allow using a query parameter for HTTP consistent hashing.
router: exposed DOWNSTREAM_REMOTE_ADDRESS as custom HTTP request/response headers.
router: added support for max_internal_redirects for configurable maximum internal redirect hops.
router: skip the Location header when the response code is not a 201 or a 3xx.
router: added auto_sni to support setting SNI to transport socket for new upstream connections based on the downstream HTTP host/authority header.
router: added support for HOSTNAME header formatter.
server: added the
--disable-extensionsCLI option, to disable extensions at startup.
server: fixed a bug in config validation for configs with runtime layers.
server: added workers_started that indicates whether listeners have been fully initialized on workers.
tcp_proxy: added ClusterWeight.metadata_match.
tcp_proxy: added hash_policy.
thrift_proxy: added support for cluster header based routing.
thrift_proxy: added stats to the router filter.
tls: remove TLS 1.0 and 1.1 from client defaults
tls: added support for generic string matcher for subject alternative names.
tracing: added the ability to set custom tags on both the HTTP connection manager and the HTTP route.
tracing: added upstream_address tag.
tracing: added initial support for AWS X-Ray (local sampling rules only) X-Ray Tracing.
tracing: added tags for gRPC request path, authority, content-type and timeout.
udp: added initial support for UDP proxy
The request_headers_for_tags field in HTTP connection manager has been deprecated in favor of the custom_tags field.
The verify_subject_alt_name field in Certificate Validation Context has been deprecated in favor of the match_subject_alt_names field.
request_mirror_policyfield in RouteMatch has been deprecated in favor of the
service_namefield in HTTP health checker has been deprecated in favor of the
The v2 xDS API is deprecated. It will be supported by Envoy until EOY 2020. See Supported API versions.