1.13.0 (January 20, 2020)

    • admin: added the ability to filter /config_dump.

    • access log: added a to output access logs in JSON format with non-string values

    • access log: fixed UPSTREAM_LOCAL_ADDRESS access log formatters to work for http requests

    • access log: added HOSTNAME.

    • api: remove all support for v1

    • api: added ability to specify mode for .

    • api: support for the v3 xDS API added. See Supported API versions.

    • aws_request_signing: added new alpha HTTP AWS request signing filter

    • buffer: remove old implementation

    • build: official released binary is now built against libc++.

    • cluster: added that allows load balancing between clusters.

    • config: all category names of internal envoy extensions are prefixed with the ‘envoy.’ prefix to follow the reverse DNS naming notation.

    • decompressor: remove decompressor hard assert failure and replace with an error flag.

    • ext_authz: added configurable ability to send the to the ext_authz service.

    • fault: fixed an issue where the http fault filter would repeatedly check the percentage of abort/delay when the header was included in the request to ensure that the actual percentage of abort/delay matches the configuration of the filter.

    • health check: gRPC health checker sets the gRPC deadline to the configured timeout duration.

    • health check: added TlsOptions to allow TLS configuration overrides.

    • health check: added to better compare the service name patterns for health check identity.

    • http: added support for http1 trailers. To enable use enable_trailers.

    • http: blocks unsupported transfer-encodings. Can be reverted temporarily by setting runtime feature envoy.reloadable_features.reject_unsupported_transfer_encodings to false.

    • http: support in the dynamic forward proxy.

    • jwt_authn: added allow_missing option that accepts request without token but rejects bad request with bad tokens.

    • jwt_authn: added to allow bypassing the CORS preflight request.

    • lb_subset_config: new fallback policy for selectors: KEYS_SUBSET

    • listeners: added option.

    • logger: added –log-format-escaped command line option to escape newline characters in application logs.

    • ratelimit: added network filter.

    • rbac: added support for matching all subject alt names instead of first in principal_name.

    • redis: performance improvement for larger split commands by avoiding string copies.

    • redis: correctly follow MOVE/ASK redirection for mirrored clusters.

    • redis: add and failure_refresh_threshold to refresh topology when nodes are degraded or when requests fails.

    • router: added histograms to show timeout budget usage to the .

    • router check tool: added support for testing and marking coverage for routes of runtime fraction 0.

    • router: added request_mirror_policies to support sending multiple mirrored requests in one route.

    • router: added support for REQ(header-name) .

    • router: added support for percentage-based retry budgets

    • router: allow using a for HTTP consistent hashing.

    • router: exposed DOWNSTREAM_REMOTE_ADDRESS as custom HTTP request/response headers.

    • router: added auto_sni to support setting SNI to transport socket for new upstream connections based on the downstream HTTP host/authority header.

    • router: added support for HOSTNAME .

    • server: added the --disable-extensions CLI option, to disable extensions at startup.

    • server: fixed a bug in config validation for configs with runtime layers.

    • server: added that indicates whether listeners have been fully initialized on workers.

    • tcp_proxy: added ClusterWeight.metadata_match.

    • tcp_proxy: added .

    • thrift_proxy: added support for cluster header based routing.

    • thrift_proxy: added stats to the router filter.

    • tls: remove TLS 1.0 and 1.1 from client defaults

    • tls: added support for generic string matcher for subject alternative names.

    • tracing: added the ability to set custom tags on both the and the HTTP route.

    • tracing: added upstream_address tag.

    • tracing: added initial support for AWS X-Ray (local sampling rules only) .

    • tracing: added tags for gRPC request path, authority, content-type and timeout.

    • udp: added initial support for UDP proxy

    Deprecated

    • The request_headers_for_tags field in HTTP connection manager has been deprecated in favor of the field.

    • The verify_subject_alt_name field in Certificate Validation Context has been deprecated in favor of the field.

    • The field in RouteMatch has been deprecated in favor of the request_mirror_policies field.

    • The field in has been deprecated in favor of the service_name_matcher field.