1.10.0 (April 5, 2019)

Changes

  • access log: added a gRPC filter to allow filtering on gRPC status.

  • access log: added a new field for upstream transport failure reason in file access logger and gRPC access logger for HTTP access logs.

  • access log: added a new flag for stream idle timeout.

  • access log: added a new flag for upstream retry count exceeded.

  • access log: added new fields for downstream x509 information (URI sans and subject) to file and gRPC access logger.

  • admin: changed HTTP response status code from 400 to 405 when attempting to GET a POST-only route (such as /quitquitquit).

  • admin: the admin server can now be accessed via HTTP/2 (prior knowledge).

  • buffer: fix vulnerabilities when allocation fails.

  • build: dev docker images have been split from tagged images for easier discoverability in Docker Hub. Additionally, we now build images for point releases.

  • build: releases are built with GCC-7 and linked with LLD.

  • config: added support for initial_fetch_timeout. The timeout is disabled by default.

  • config: added support of using google.protobuf.Any in opaque configs for extensions.

  • config: finish cluster warming only when a named response i.e. ClusterLoadAssignment associated to the cluster being warmed comes in the EDS response. This is a behavioural change from the current implementation where warming of cluster completes on missing load assignments also.

  • config: logging warnings when deprecated fields are in use.

  • config: removed REST_LEGACY as a valid ApiType.

  • config: removed deprecated –v2-config-only from command line config.

  • config: removed deprecated_v1 sds_config from Bootstrap config.

  • config: removed the deprecated_v1 config option from ring hash.

  • config: use Envoy cpuset size to set the default number or worker threads if --cpuset-threads is enabled.

  • cors: added filter_enabled & shadow_enabled RuntimeFractionalPercent flags to filter.

  • csrf: added.

  • ext_authz: added a configurable option to make the gRPC service cross-compatible with V2Alpha. Note that this feature is already deprecated. It should be used for a short time, and only when transitioning from alpha to V2 release version.

  • ext_authz: added support for buffering request body.

  • ext_authz: authorization request and response configuration has been separated into two distinct objects: authorization request and authorization response. In addition, client headers and upstream headers replaces the previous allowed_authorization_headers- object. All the control header lists now support string matcher instead of standard string.

  • ext_authz: migrated from v2alpha to v2 and improved docs.

  • ext_authz: migrated from v2alpha to v2 and improved the documentation.

  • fault: added HTTP header fault configuration to the HTTP fault filter.

  • fault: added response rate limit fault injection.

  • fault: added the max_active_faults setting, as well as statistics for the number of active faults and the number of faults the overflowed.

  • governance: extending Envoy deprecation policy from 1 release (0-3 months) to 2 releases (3-6 months).

  • health check: expected response codes in http health checks are now configurable.

  • http: added max request headers size. The default behaviour is unchanged.

  • http: added encodeComplete/decodeComplete. These are invoked at the end of the stream, after all data has been encoded/decoded respectively. Default implementation is a no-op.

  • http: added modifyDecodingBuffer/modifyEncodingBuffer to allow modifying the buffered request/response data.

  • http: added new grpc_http1_reverse_bridge filter for converting gRPC requests into HTTP/1.1 requests.

  • http: fixed a bug where Content-Length:0 was added to HTTP/1 204 responses.

  • jwt_authn: added filter_state_rules to allow specifying requirements from filterState by other filters.

  • mysql: added a MySQL proxy filter that is capable of parsing SQL queries over MySQL wire protocol. Refer to MySQL proxy for more details.

  • outlier_detection: added support for outlier detection event protobuf-based logging.

  • performance: new buffer implementation (disabled by default; to test it, add “–use-libevent-buffers 0” to the command-line arguments when starting Envoy).

  • ratelimit: removed deprecated rate limit configuration from bootstrap.

  • redis: added hashtagging to guarantee a given key’s upstream.

  • redis: added latency stats for commands.

  • redis: added latency_in_micros to specify the redis commands stats time unit in microseconds.

  • redis: added success and error stats for commands.

  • redis: migrate hash function for host selection to MurmurHash2 from std::hash. MurmurHash2 is compatible with std::hash in GNU libstdc++ 3.4.20 or above. This is typically the case when compiled on Linux and not macOS.

  • router: added rq_reset_after_downstream_response_started counter stat to router stats.

  • router: added ability to configure a retry policy at the virtual host level.

  • router: added per-route configuration of internal redirects.

  • router: added reset reason to response body when upstream reset happens. After this change, the response body will be of the form upstream connect error or disconnect/reset before headers. reset reason:.

  • router: added support for prefix wildcards in virtual host domains.

  • router: made max retries header take precedence over the number of retries in route and virtual host retry policies.

  • router: removed deprecated route-action level headers_to_add/remove.

  • stats: added gauges tracking remaining resources before circuit breakers open.

  • stats: added support for histograms in prometheus.

  • stats: added usedonly flag to prometheus stats to only output metrics which have been updated at least once.

  • tap: added new alpha HTTP tap filter.

  • tls: enabled TLS 1.3 on the server-side (non-FIPS builds).

  • tracing: added verbose to support logging annotations on spans.

  • upstream: add cluster factory to allow creating and registering custom cluster type.

  • upstream: add hash_function to specify the hash function for ring hash as either xxHash or murmurHash2. MurmurHash2 is compatible with std::hash in GNU libstdc++ 3.4.20 or above. This is typically the case when compiled on Linux and not macOS.

  • upstream: added degraded health value which allows routing to certain hosts only when there are insufficient healthy hosts available.

  • upstream: added a circuit breaker to limit the number of concurrent connection pools in use.

  • upstream: added configuration option to select any host when the fallback policy fails.

  • upstream: added support for host weighting and locality weighting in the ring hash load balancer, and added a maximum_ring_size config parameter to strictly bound the ring size.

  • upstream: stopped incrementing upstream_rq_total for HTTP/1 conn pool when request is circuit broken.

  • zookeeper: added a ZooKeeper proxy filter that parses ZooKeeper messages (requests/responses/events). Refer to ZooKeeper proxy for more details.

Deprecated

  • cors: Use of enabled in CorsPolicy, found in route.proto. Set the filter_enabled field instead.

  • ext_authz: Use of use_alpha in Ext-Authz Authorization Service is deprecated. It should be used for a short time, and only when transitioning from alpha to V2 release version.

  • fault_delay: Use of the type field in the FaultDelay message (found in fault.proto) has been deprecated. It was never used and setting it has no effect. It will be removed in the following release.