1.29.1 (February 9, 2024)

Bug fixes

Changes expected to improve the state of the world and are unlikely to have negative effects

  • http: Fixed crash when HTTP request idle and per try timeouts occurs within backoff interval.

  • proxy protocol: Fixed a crash when Envoy is configured for PROXY protocol on both a listener and cluster, and the listener receives a PROXY protocol header with address type LOCAL (typically used for health checks).

  • proxy_protocol: Fix crash due to uncaught exception when the operating system does not support an address type (such as IPv6) that is received in a proxy protocol header. Connections will instead be dropped/reset.

  • proxy_protocol: Fixed a bug where TLVs with non utf8 characters were inserted as protobuf values into filter metadata circumventing ext_authz checks when failure_mode_allow is set to true.

  • tls: Fix crash due to uncaught exception when the operating system does not support an address type (such as IPv6) that is received in an mTLS client cert IP SAN. These SANs will be ignored. This applies only when using formatter %DOWNSTREAM_PEER_IP_SAN%.

  • tracing: Added support for configuring resource detectors on the OpenTelemetry tracer.

  • url matching: Fixed excessive CPU utilization when using regex URL template matcher.

Removed config or runtime

Normally occurs at the end of the deprecation period

  • postgres proxy: Fix a race condition that may result from upstream servers refusing to switch to TLS/SSL. This fix first appeared in v1.29.0 release.