1.9.0 (December 20, 2018)
access log: added
access log: added a JSON logging mode to output access logs in JSON format.
access log: added dynamic metadata to access log messages streamed over gRPC.
GET /server_infonow exposes what stage of initialization the server is currently in.
GET /server_infonow responds with a JSON object instead of a single string.
POST /loggingnow responds with 200 while there are no params.
admin: added host weight to the
GET /clusters?format=jsonend point response.
admin: added support for displaying command line options in
GET /server_infoend point.
admin: added support for displaying subject alternate names in certs end point.
circuit-breaker: added cx_open, rq_pending_open, rq_open and rq_retry_open gauges to expose live state via circuit breakers statistics.
cluster: set a default of 1s for option.
config: added support for rate limiting discovery request calls.
config: removed support for the v1 API.
cors: added invalid/valid stats to filter.
ext-authz: added support for providing per route config - optionally disable the filter and provide context extensions.
fault: removed integer percentage support.
grpc-json: added support for ignoring query parameters.
health check: added logging health check failure events.
health check: added ability to set authority header value for gRPC health check.
http: added HTTP/2 WebSocket proxying via extended CONNECT.
http: added limits to the number and length of header modifications in all fields request_headers_to_add and response_headers_to_add. These limits are very high and should only be used as a last-resort safeguard.
http: added support for a request timeout. The timeout is disabled by default.
http: added support for more gRPC content-type headers in gRPC bridge filter, like application/grpc+proto.
http: augmented the
sendLocalReplyfilter API to accept an optional
GrpcStatusvalue to override the default HTTP to gRPC status mapping.
http: no longer close the TCP connection when a HTTP/1 request is retried due to a response with empty body.
load balancer: added a configuration option to specify the number of choices made in P2C.
logging: added missing
[in log prefix.
mongo_proxy: added dynamic metadata.
network: removed the reference to
Connectionin favor of
rate-limit: added configuration to specify whether the
GrpcStatusstatus returned should be
UNAVAILABLEwhen a gRPC call is rate limited.
rate-limit: added rate_limit_service configuration to filters.
rate-limit: removed support for the legacy ratelimit service and made the data-plane-api rls.proto based implementation default.
rate-limit: removed the deprecated cluster_name attribute in rate limit service configuration.
rbac: added dynamic metadata to the network level filter.
rbac: added support for permission matching by requested server name.
redis: static cluster configuration is no longer required. Redis proxy will work with clusters delivered via CDS.
router: added ability to configure arbitrary retriable status codes.
router: added ability to set attempt count in upstream requests, see virtual host’s include request attempt count flag.
router: added internal grpc-retry-on policy.
router: added support for enabling upgrades on a per-route basis.
router: added support for not retrying rate limited requests. Rate limit filter now sets the x-envoy-ratelimited header so the rate limited requests that may have been retried earlier will not be retried with this change.
router: per try timeouts now starts when an upstream stream is ready instead of when the request has been fully decoded by Envoy.
router: support configuring a default fraction of mirror traffic via runtime_fraction.
router: when max_grpc_timeout is set, Envoy will now add or update the grpc-timeout header to reflect Envoy’s expected timeout.
sandbox: added cors sandbox.
SIGINT(Ctrl-C) handler to gracefully shutdown Envoy like
stats: added stats_matcher to the bootstrap config for granular control of stat instantiation.
stream: renamed the
StreamInfoto better match its behaviour within TCP and HTTP implementations.
thrift_proxy: introduced thrift rate limiter filter.
tls: added ssl.curves.<curve>, ssl.sigalgs.<sigalg> and ssl.versions.<version> to listener metrics to track TLS algorithms and versions in use.
tls: added support for client-side session resumption.
tls: added support for multiple server TLS certificates.
tls: added support for password encrypted private keys.
tls: added support for CRLs in trusted_ca.
tls: added the ability to build BoringSSL FIPS using
--define boringssl=fipsBazel option.
tls: removed support for ECDSA certificates with curves other than P-256.
tls: removed support for RSA certificates with keys smaller than 2048-bits.
tracing: added support for Datadog tracer.
tracing: added support to the Zipkin tracer for the b3 single header format.
upstream: added scale_locality_weight to enable scaling locality weights by number of hosts removed by subset lb predicates.
upstream: when using active health checking and STRICT_DNS with several addresses that resolve to the same hosts, Envoy will now health check each host independently.
api: Use of the v1
filters: Order of execution of the HTTP encoder filter chain has been reversed. Prior to this release cycle it was incorrect, see #4599. In the 1.9.0 release cycle we introduced
bugfix_reverse_encode_orderin http_connection_manager.proto to temporarily support both old and new behaviors. Note this boolean field is deprecated.
filters: Order of execution of the network write filter chain has been reversed. Prior to this release cycle it was incorrect, see #4599. In the 1.9.0 release cycle we introduced
bugfix_reverse_write_filter_orderin lds.proto to temporarily support both old and new behaviors. Note this boolean field is deprecated.
hcm: Use of buffer filter
max_request_timeis deprecated in favor of the request timeout found in HttpConnectionManager.
load_balancing: Use of std::hash in the ring hash load balancer is deprecated.
rate_limiting: Use of
rate_limit_serviceconfiguration in the bootstrap configuration is deprecated.
routing: Use of
RequestMirrorPolicy, found in route.proto is deprecated. Set the