1.9.0 (Dec 20, 2018)

Changes

  • access log: added a JSON logging mode to output access logs in JSON format.

  • access log: added dynamic metadata to access log messages streamed over gRPC.

  • access log: added DOWNSTREAM_CONNECTION_TERMINATION.

  • admin: POST /logging now responds with 200 while there are no params.

  • admin: added support for displaying subject alternate names in certs end point.

  • admin: added host weight to the GET /clusters?format=json end point response.

  • admin: GET /server_info now responds with a JSON object instead of a single string.

  • admin: GET /server_info now exposes what stage of initialization the server is currently in.

  • admin: added support for displaying command line options in GET /server_info end point.

  • circuit-breaker: added cx_open, rq_pending_open, rq_open and rq_retry_open gauges to expose live state via circuit breakers statistics.

  • cluster: set a default of 1s for option.

  • config: removed support for the v1 API.

  • config: added support for rate limiting discovery request calls.

  • cors: added invalid/valid stats to filter.

  • ext-authz: added support for providing per route config - optionally disable the filter and provide context extensions.

  • fault: removed integer percentage support.

  • grpc-json: added support for ignoring query parameters.

  • health check: added logging health check failure events.

  • health check: added ability to set authority header value for gRPC health check.

  • http: added HTTP/2 WebSocket proxying via extended CONNECT.

  • http: added limits to the number and length of header modifications in all fields request_headers_to_add and response_headers_to_add. These limits are very high and should only be used as a last-resort safeguard.

  • http: added support for a request timeout. The timeout is disabled by default.

  • http: no longer adding whitespace when appending X-Forwarded-For headers. Warning: this is not compatible with 1.7.0 builds prior to 9d3a4eb4ac44be9f0651fcc7f87ad98c538b01ee. See #3611 for details.

  • http: augmented the sendLocalReply filter API to accept an optional GrpcStatus value to override the default HTTP to gRPC status mapping.

  • http: no longer close the TCP connection when a HTTP/1 request is retried due to a response with empty body.

  • http: added support for more gRPC content-type headers in gRPC bridge filter, like application/grpc+proto.

  • listeners: all listener filters are now governed by the listener_filters_timeout setting. The hard coded 15s timeout in the TLS inspector listener filter is superseded by this setting.

  • listeners: added the ability to match FilterChain using source_type.

  • load balancer: added a configuration option to specify the number of choices made in P2C.

  • logging: added missing [ in log prefix.

  • mongo_proxy: added dynamic metadata.

  • network: removed the reference to FilterState in Connection in favor of StreamInfo.

  • rate-limit: added configuration to specify whether the GrpcStatus status returned should be RESOURCE_EXHAUSTED or UNAVAILABLE when a gRPC call is rate limited.

  • rate-limit: removed support for the legacy ratelimit service and made the data-plane-api rls.proto based implementation default.

  • rate-limit: removed the deprecated cluster_name attribute in rate limit service configuration.

  • rate-limit: added rate_limit_service configuration to filters.

  • rbac: added dynamic metadata to the network level filter.

  • rbac: added support for permission matching by requested server name.

  • redis: static cluster configuration is no longer required. Redis proxy will work with clusters delivered via CDS.

  • router: added ability to configure arbitrary retriable status codes.

  • router: added ability to set attempt count in upstream requests, see virtual host’s include request attempt count flag.

  • router: added internal grpc-retry-on policy.

  • router: added scheme_redirect and port_redirect to define the respective scheme and port rewriting RedirectAction.

  • router: when max_grpc_timeout is set, Envoy will now add or update the grpc-timeout header to reflect Envoy’s expected timeout.

  • router: per try timeouts now starts when an upstream stream is ready instead of when the request has been fully decoded by Envoy.

  • router: added support for not retrying rate limited requests. Rate limit filter now sets the x-envoy-ratelimited header so the rate limited requests that may have been retried earlier will not be retried with this change.

  • router: added support for enabling upgrades on a per-route basis.

  • router: support configuring a default fraction of mirror traffic via runtime_fraction.

  • sandbox: added cors sandbox.

  • server: added SIGINT (Ctrl-C) handler to gracefully shutdown Envoy like SIGTERM.

  • stats: added stats_matcher to the bootstrap config for granular control of stat instantiation.

  • stream: renamed the RequestInfo namespace to StreamInfo to better match its behaviour within TCP and HTTP implementations.

  • stream: renamed perRequestState to filterState in StreamInfo.

  • stream: added downstreamDirectRemoteAddress to StreamInfo.

  • thrift_proxy: introduced thrift rate limiter filter.

  • tls: added ssl.curves., ssl.sigalgs. and ssl.versions. to listener metrics to track TLS algorithms and versions in use.

  • tls: added support for client-side session resumption.

  • tls: added support for CRLs in trusted_ca.

  • tls: added support for multiple server TLS certificates.

  • tls: added support for password encrypted private keys.

  • tls: added the ability to build BoringSSL FIPS using --define boringssl=fips Bazel option.

  • tls: removed support for ECDSA certificates with curves other than P-256.

  • tls: removed support for RSA certificates with keys smaller than 2048-bits.

  • tracing: added support to the Zipkin tracer for the b3 single header format.

  • tracing: added support for Datadog tracer.

  • upstream: added scale_locality_weight to enable scaling locality weights by number of hosts removed by subset lb predicates.

  • upstream: changed how load calculation for priority levels and panic thresholds interact. As long as normalized total health is 100% panic thresholds are disregarded.

  • upstream: changed the default hash for ring hash from std::hash to xxHash.

  • upstream: when using active health checking and STRICT_DNS with several addresses that resolve to the same hosts, Envoy will now health check each host independently.

Deprecated

  • Order of execution of the network write filter chain has been reversed. Prior to this release cycle it was incorrect, see #4599. In the 1.9.0 release cycle we introduced bugfix_reverse_write_filter_order in lds.proto to temporarily support both old and new behaviors. Note this boolean field is deprecated.

  • Order of execution of the HTTP encoder filter chain has been reversed. Prior to this release cycle it was incorrect, see #4599. In the 1.9.0 release cycle we introduced bugfix_reverse_encode_order in http_connection_manager.proto to temporarily support both old and new behaviors. Note this boolean field is deprecated.

  • Use of the v1 REST_LEGACY ApiConfigSource is deprecated.

  • Use of std::hash in the ring hash load balancer is deprecated.

  • Use of rate_limit_service configuration in the bootstrap configuration is deprecated.

  • Use of runtime_key in RequestMirrorPolicy, found in route.proto is deprecated. Set the runtime_fraction field instead.

  • Use of buffer filter max_request_time is deprecated in favor of the request timeout found in HttpConnectionManager