1.12.0 (October 31, 2019)

    • access log: added buffering and support to gRPC access logger. Defaults to 16KB buffer and flushing every 1 second.

    • access log: added DOWNSTREAM_DIRECT_REMOTE_ADDRESS and DOWNSTREAM_DIRECT_REMOTE_ADDRESS_WITHOUT_PORT access log formatters and gRPC access logger.

    • access log: gRPC Access Log Service (ALS) support added for .

    • access log: reintroduced filesystem stats and added the write_failed counter to track failed log writes.

    • admin: added ability to configure listener .

    • admin: added config dump support for Secret Discovery Service SecretConfigDump.

    • admin: added support for listeners via admin interface.

    • admin: added GET /stats/recentlookups, , POST /stats/recentlookups/disable, and endpoints.

    • api: added set_node_on_first_message_only option to omit the node identifier from the subsequent discovery requests on the same stream.

    • buffer filter: now populates content-length header if not present. This behavior can be temporarily disabled using the runtime feature .

    • build: official released binary is now PIE so it can be run with ASLR.

    • config: added support for (including ADS) delivery.

    • config: enforcing that terminal filters (e.g. HttpConnectionManager for L4, router for L7) be the last in their respective filter chains.

    • config: added access log extension filter.

    • config: added support for , providing independent control over whether unknown fields are rejected in static and dynamic configuration. By default, unknown fields in static configuration are rejected and are allowed in dynamic configuration. Warnings are logged for the first use of any unknown field and these occurrences are counted in the server.static_unknown_fields and statistics.

    • config: added async data access for local and remote data sources.

    • config: changed the default value of initial_fetch_timeout from 0s to 15s. This is a change in behaviour in the sense that Envoy will move to the next initialization phase, even if the first config is not delivered in 15s. Refer to for more details.

    • config: added stat init_fetch_timeout.

    • config: tls_context in Cluster and FilterChain are deprecated in favor of transport socket. See for more information.

    • csrf: added PATCH to supported methods.

    • dns: added support for configuring dns_failure_refresh_rate to set the DNS refresh rate during failures.

    • ext_authz: added to send dynamic metadata to the ext_authz service.

    • ext_authz: added filter_enabled RuntimeFractionalPercent flag to filter.

    • ext_authz: added tracing to the HTTP client.

    • ext_authz: deprecated in favour of filter scope stats.

    • fault: added overrides for default runtime keys in HTTPFault filter.

    • grpc: added for AWS-managed xDS.

    • grpc: added gRPC stats filter for collecting stats about gRPC calls and streaming message counts.

    • grpc-json: added support for .

    • grpc-json: added support for the grpc-status-details-bin header.

    • header to metadata: added and ValueEncode to support protobuf Value and Base64 encoding.

    • http: added a default one hour idle timeout to upstream and downstream connections. HTTP connections with no streams and no activity will be closed after one hour unless the default idle_timeout is overridden. To disable upstream idle timeouts, set the to zero in Cluster http_protocol_options. To disable downstream idle timeouts, either set to zero in the HttpConnectionManager common_http_protocol_options or set the deprecated field to zero.

    • http: added the ability to format HTTP/1.1 header keys using header_key_format.

    • http: changed Envoy to forward existing x-forwarded-proto from upstream trusted proxies. Guarded by envoy.reloadable_features.trusted_forwarded_proto which defaults true.

    • http: added the ability to in the path.

    • http: AUTO codec protocol inference now requires the H2 magic bytes to be the first bytes transmitted by a downstream client.

    • http: remove h2c upgrade headers for HTTP/1 as h2c upgrades are currently not supported.

    • http: absolute URL support is now on by default. The prior behavior can be reinstated by setting to false.

    • http: support host rewrite in the dynamic forward proxy.

    • http: support in the grpc http1 reverse bridge filter.

    • http: added the ability to configure max connection duration for downstream connections.

    • listeners: added to configure whether a listener will still create a connection when listener filters time out.

    • listeners: added HTTP inspector listener filter.

    • listeners: added configuration for TCP listeners.

    • listeners: listeners now close the listening socket as part of the draining stage as soon as workers stop accepting their connections.

    • lua: extended httpCall() and respond() APIs to accept headers with entry values that can be a string or table of strings.

    • lua: extended dynamicMetadata:set() to allow setting complex values.

    • metrics_service: added support for flushing histogram buckets.

    • outlier_detector: added support for the grpc-status response header by mapping it to HTTP status. Guarded by envoy.reloadable_features.outlier_detection_support_for_grpc_status which defaults to true.

    • performance: new buffer implementation enabled by default (to disable add “–use-libevent-buffers 1” to the command-line arguments when starting Envoy).

    • performance: stats symbol table implementation (disabled by default; to test it, add “–use-fake-symbol-table 0” to the command-line arguments when starting Envoy).

    • rbac: added support for DNS SAN as .

    • redis: added enable_command_stats to enable for upstream clusters.

    • redis: added read_policy to allow reading from redis replicas for Redis Cluster deployments.

    • redis: fixed a bug where the redis health checker ignored the upstream auth password.

    • redis: enable_hashtaging is always enabled when the upstream uses open source Redis cluster protocol.

    • regex: introduced new type that provides a safe regex implementation for untrusted user input. This type is now used in all configuration that processes user provided input. See deprecated configuration details for more information.

    • rbac: added conditions to the policy, see .

    • router: added rq_retry_skipped_request_not_complete counter stat to router stats.

    • router: is supported.

    • router: added new retriable-headers retry policy. Retries can now be configured to trigger by arbitrary response header matching.

    • router: added ability for most specific header mutations to take precedence, see .

    • router: added respect_expected_rq_timeout that instructs ingress Envoy to respect header, populated by egress Envoy, when deriving timeout for upstream cluster.

    • router: added new retriable request headers to route configuration, to allow limiting buffering for retries and shadowing.

    • router: added new to retry policies. Retries can now be configured to only trigger on request header match.

    • router: added the ability to match a route based on whether a TLS certificate has been presented by the downstream connection.

    • router check tool: added coverage reporting & enforcement.

    • router check tool: added comprehensive coverage reporting.

    • router check tool: added support for outputting missing tests in the detailed coverage report.

    • router check tool: added coverage reporting for direct response routes.

    • runtime: allows for the ability to parse boolean values.

    • runtime: allows for the ability to parse integers as double values and vice-versa.

    • sds: added for loading TLS Session Ticket Encryption Keys using SDS API.

    • server: added a post initialization lifecycle event, in addition to the existing startup and shutdown events.

    • server: added per-handler listener stats and to help diagnosing event loop imbalance and general performance issues.

    • stats: added unit support to histogram.

    • tcp_proxy: the default idle_timeout is now 1 hour.

    • thrift_proxy: fixed crashing bug on invalid transport/protocol framing.

    • thrift_proxy: added support for stripping service name from method when using the multiplexed protocol.

    • tls: added verification of IP address SAN fields in certificates against configured SANs in the certificate validation context.

    • tracing: added support to the Zipkin reporter for sending list of spans as Zipkin JSON v2 and protobuf message over HTTP. certificate validation context.

    • tracing: added tags for gRPC response status and message.

    • tracing: added to support customizing the length of the request path included in the extracted http.url tag.

    • upstream: added that allows draining HTTP, TCP connection pools on cluster membership change.

    • upstream: added transport_socket_matches, support using different transport socket config when connecting to different upstream endpoints within a cluster.

    • upstream: added network filter chains to upstream connections, see .

    • upstream: added new failure-percentage based outlier detection mode.

    • upstream: uses p2c to select hosts for least-requests load balancers if all host weights are the same, even in cases where weights are not equal to 1.

    • upstream: added to allow failing all requests to a cluster during panic state.

    • zookeeper: parses responses and emits latency stats.

    Deprecated

    • The ORIGINAL_DST_LB is deprecated, use CLUSTER_PROVIDED policy instead when configuring an original destination cluster.

    • The regex field in has been deprecated in favor of the safe_regex field.

    • The regex field in RouteMatch has been deprecated in favor of the safe_regex field.

    • The allow_origin and fields in have been deprecated in favor of the allow_origin_string_match field.

    • The pattern and method fields in VirtualCluster have been deprecated in favor of the headers field.

    • The regex_match field in has been deprecated in favor of the safe_regex_match field.

    • The value and regex fields in QueryParameterMatcher has been deprecated in favor of the string_match and fields.

    • The command-line option, use --allow-unknown-static-fields instead.

    • The use of HTTP_JSON_V1 or not explicitly specifying it is deprecated, use HTTP_JSON or HTTP_PROTO instead.

    • The operation_name field in HTTP connection manager has been deprecated in favor of the traffic_direction field in . The latter takes priority if specified.

    • The tls_context field in Filter chain message and message have been deprecated in favor of transport_socket with name envoy.transport_sockets.tls. The latter takes priority if specified.

    • The use_http2 field in HTTP health checker has been deprecated in favor of the codec_client_type field.

    • The use of for gRPC stats has been deprecated in favor of the dedicated gRPC stats filter

    • Use of google.protobuf.Struct for extension opaque configs is deprecated. Use google.protobuf.Any instead or pack udpa.type.v1.TypedStruct in google.protobuf.Any.