Version history --------------- 1.5.0 ===== * access log: added fields for :ref:`UPSTREAM_LOCAL_ADDRESS and DOWNSTREAM_ADDRESS `. * admin: added :ref:`JSON output ` for stats admin endpoint. * admin: added basic :ref:`Prometheus output ` for stats admin endpoint. Histograms are not currently output. * admin: added ``version_info`` to the :ref:`/clusters admin endpoint`. * config: the :ref:`v2 API ` is now considered production ready. * config: added :option:`--v2-config-only` CLI flag. * cors: added :ref:`CORS filter `. * health check: added :ref:`x-envoy-immediate-health-check-fail ` header support. * health check: added :ref:`reuse_connection ` option. * http: added :ref:`per-listener stats `. * http: end-to-end HTTP flow control is now complete across both connections, streams, and filters. * load balancer: added :ref:`subset load balancer `. * load balancer: added ring size and hash :ref:`configuration options `. This used to be configurable via runtime. The runtime configuration was deleted without deprecation as we are fairly certain no one is using it. * log: added the ability to optionally log to a file instead of stderr via the :option:`--log-path` option. * listeners: added :ref:`drain_type ` option. * lua: added experimental :ref:`Lua filter `. * mongo filter: added :ref:`fault injection `. * mongo filter: added :ref:`"drain close" ` support. * outlier detection: added :ref:`HTTP gateway failure type `. See `DEPRECATED.md `_ for outlier detection stats deprecations in this release. * redis: the :ref:`redis proxy filter ` is now considered production ready. * redis: added :ref:`"drain close" ` functionality. * router: added :ref:`x-envoy-overloaded ` support. * router: added :ref:`regex ` route matching. * router: added :ref:`custom request headers ` for upstream requests. * router: added :ref:`downstream IP hashing ` for HTTP ketama routing. * router: added :ref:`cookie hashing `. * router: added :ref:`start_child_span ` option to create child span for egress calls. * router: added optional :ref:`upstream logs `. * router: added complete :ref:`custom append/override/remove support ` of request/response headers. * router: added support to :ref:`specify response code during redirect `. * router: added :ref:`configuration ` to return either a 404 or 503 if the upstream cluster does not exist. * runtime: added :ref:`comment capability `. * server: change default log level (:option:`-l`) to `info`. * stats: maximum stat/name sizes and maximum number of stats are now variable via the :option:`--max-obj-name-len` and :option:`--max-stats` options. * tcp proxy: added :ref:`access logging `. * tcp proxy: added :ref:`configurable connect retries `. * tcp proxy: enable use of :ref:`outlier detector `. * tls: added :ref:`SNI support `. * tls: added support for specifying :ref:`TLS session ticket keys `. * tls: allow configuration of the :ref:`min ` and :ref:`max ` TLS protocol versions. * tracing: added :ref:`custom trace span decorators `. * Many small bug fixes and performance improvements not listed. 1.4.0 ===== * macOS is :repo:`now supported `. (A few features are missing such as hot restart and original destination routing). * YAML is now directly supported for :ref:`config files `. * Added :ref:`/routes ` admin endpoint. * End-to-end flow control is now supported for TCP proxy, HTTP/1, and HTTP/2. HTTP flow control that includes filter buffering is incomplete and will be implemented in 1.5.0. * Log verbosity :repo:`compile time flag ` added. * Hot restart :repo:`compile time flag ` added. * Original destination :ref:`cluster ` and :ref:`load balancer ` added. * :ref:`WebSocket ` is now supported. * Virtual cluster priorities have been hard removed without deprecation as we are reasonably sure no one is using this feature. * Route :ref:`validate_clusters ` option added. * :ref:`x-envoy-downstream-service-node ` header added. * :ref:`x-forwarded-client-cert ` header added. * Initial HTTP/1 forward proxy support for :ref:`absolute URLs ` has been added. * HTTP/2 codec settings are now :ref:`configurable `. * gRPC/JSON transcoder :ref:`filter ` added. * gRPC web :ref:`filter ` added. * Configurable timeout for the rate limit service call in the :ref:`network ` and :ref:`HTTP ` rate limit filters. * :ref:`x-envoy-retry-grpc-on ` header added. * :ref:`LDS API ` added. * TLS :ref:`require_client_certificate ` option added. * :ref:`Configuration check tool ` added. * :ref:`JSON schema check tool ` added. * Config validation mode added via the :option:`--mode` option. * :option:`--local-address-ip-version` option added. * IPv6 support is now complete. * UDP :ref:`statsd_ip_address ` option added. * Per-cluster :ref:`DNS resolvers ` added. * :ref:`Fault filter ` enhancements and fixes. * Several features are :repo:`deprecated as of the 1.4.0 release `. They will be removed at the beginning of the 1.5.0 release cycle. We explicitly call out that the `HttpFilterConfigFactory` filter API has been deprecated in favor of `NamedHttpFilterConfigFactory`. * Many small bug fixes and performance improvements not listed. 1.3.0 ===== * As of this release, we now have an official :repo:`breaking change policy `. Note that there are numerous breaking configuration changes in this release. They are not listed here. Future releases will adhere to the policy and have clear documentation on deprecations and changes. * Bazel is now the canonical build system (replacing CMake). There have been a huge number of changes to the development/build/test flow. See :repo:`/bazel/README.md` and :repo:`/ci/README.md` for more information. * :ref:`Outlier detection ` has been expanded to include success rate variance, and all parameters are now configurable in both runtime and in the JSON configuration. * TCP level :ref:`listener ` and :ref:`cluster ` connections now have configurable receive buffer limits at which point connection level back pressure is applied. Full end to end flow control will be available in a future release. * :ref:`Redis health checking ` has been added as an active health check type. Full Redis support will be documented/supported in 1.4.0. * :ref:`TCP health checking ` now supports a "connect only" mode that only checks if the remote server can be connected to without writing/reading any data. * `BoringSSL `_ is now the only supported TLS provider. The default cipher suites and ECDH curves have been updated with more modern defaults for both :ref:`listener ` and :ref:`cluster ` connections. * The `header value match` :ref:`rate limit action ` has been expanded to include an *expect match* parameter. * Route level HTTP rate limit configurations now do not inherit the virtual host level configurations by default. The :ref:`include_vh_rate_limits ` to inherit the virtual host level options if desired. * HTTP routes can now add request headers on a per route and per virtual host basis via the :ref:`request_headers_to_add ` option. * The :ref:`example configurations ` have been refreshed to demonstrate the latest features. * :ref:`per_try_timeout_ms ` can now be configured in a route's retry policy in addition to via the :ref:`x-envoy-upstream-rq-per-try-timeout-ms ` HTTP header. * :ref:`HTTP virtual host matching ` now includes support for prefix wildcard domains (e.g., `*.lyft.com`). * The default for tracing random sampling has been changed to 100% and is still configurable in :ref:`runtime `. * :ref:`HTTP tracing configuration ` has been extended to allow tags to be populated from arbitrary HTTP headers. * The :ref:`HTTP rate limit filter ` can now be applied to internal, external, or all requests via the `request_type` option. * :ref:`Listener binding ` now requires specifying an `address` field. This can be used to bind a listener to both a specific address as well as a port. * The :ref:`MongoDB filter ` now emits a stat for queries that do not have `$maxTimeMS` set. * The :ref:`MongoDB filter ` now emits logs that are fully valid JSON. * The CPU profiler output path is now :ref:`configurable `. * A :ref:`watchdog system ` has been added that can kill the server if a deadlock is detected. * A :ref:`route table checking tool ` has been added that can be used to test route tables before use. * We have added an :ref:`example repo ` that shows how to compile/link a custom filter. * Added additional cluster wide information related to outlier detection to the :ref:`/clusters admin endpoint `. * Multiple SANs can now be verified via the :ref:`verify_subject_alt_name ` setting. Additionally, URI type SANs can be verified. * HTTP filters can now be passed :ref:`opaque configuration ` specified on a per route basis. * By default Envoy now has a built in crash handler that will print a back trace. This behavior can be disabled if desired via the ``--define=signal_trace=disabled`` Bazel option. * Zipkin has been added as a supported :ref:`tracing provider `. * Numerous small changes and fixes not listed here. 1.2.0 ===== * :ref:`Cluster discovery service (CDS) API `. * :ref:`Outlier detection ` (passive health checking). * Envoy configuration is now checked against a :ref:`JSON schema `. * :ref:`Ring hash ` consistent load balancer, as well as HTTP consistent hash routing :ref:`based on a policy `. * Vastly :ref:`enhanced global rate limit configuration ` via the HTTP rate limiting filter. * HTTP routing to a cluster :ref:`retrieved from a header `. * :ref:`Weighted cluster ` HTTP routing. * :ref:`Auto host rewrite ` during HTTP routing. * :ref:`Regex header matching ` during HTTP routing. * HTTP access log :ref:`runtime filter `. * LightStep tracer :ref:`parent/child span association `. * :ref:`Route discovery service (RDS) API `. * HTTP router :ref:`x-envoy-upstream-rq-timeout-alt-response header ` support. * *use_original_dst* and *bind_to_port* :ref:`listener options ` (useful for iptables based transparent proxy support). * TCP proxy filter :ref:`route table support `. * Configurable :ref:`stats flush interval `. * Various :ref:`third party library upgrades `, including using BoringSSL as the default SSL provider. * No longer maintain closed HTTP/2 streams for priority calculations. Leads to substantial memory savings for large meshes. * Numerous small changes and fixes not listed here. 1.1.0 ===== * Switch from Jannson to RapidJSON for our JSON library (allowing for a configuration schema in 1.2.0). * Upgrade :ref:`recommended version ` of various other libraries. * :ref:`Configurable DNS refresh rate ` for DNS service discovery types. * Upstream circuit breaker configuration can be :ref:`overridden via runtime `. * :ref:`Zone aware routing support `. * Generic :ref:`header matching routing rule `. * HTTP/2 :ref:`graceful connection draining ` (double GOAWAY). * DynamoDB filter :ref:`per shard statistics ` (pre-release AWS feature). * Initial release of the :ref:`fault injection HTTP filter `. * HTTP :ref:`rate limit filter ` enhancements (note that the configuration for HTTP rate limiting is going to be overhauled in 1.2.0). * Added :ref:`refused-stream retry policy `. * Multiple :ref:`priority queues ` for upstream clusters (configurable on a per route basis, with separate connection pools, circuit breakers, etc.). * Added max connection circuit breaking to the :ref:`TCP proxy filter `. * Added :ref:`CLI ` options for setting the logging file flush interval as well as the drain/shutdown time during hot restart. * A very large number of performance enhancements for core HTTP/TCP proxy flows as well as a few new configuration flags to allow disabling expensive features if they are not needed (specifically request ID generation and dynamic response code stats). * Support Mongo 3.2 in the :ref:`Mongo sniffing filter `. * Lots of other small fixes and enhancements not listed. 1.0.0 ===== Initial open source release.