1.8.0 (Oct 4, 2018)

    • access log: added RESPONSE_DURATION and RESPONSE_TX_DURATION.

    • access log: added REQUESTED_SERVER_NAME for SNI to tcp_proxy and http

    • admin: added GET /hystrix_event_stream as an endpoint for monitoring envoy’s statistics through .

    • cli: added support for component log level command line option for configuring log levels of individual components.

    • cluster: added to merge health check/weight/metadata updates within the given duration.

    • config: regex validation added to limit to a maximum of 1024 characters.

    • config: v1 disabled by default. v1 support remains available until October via flipping –v2-config-only=false.

    • config: v1 disabled by default. v1 support remains available until October via deprecated flag –allow-deprecated-v1-api.

    • config: fixed stat inconsistency between xDS and ADS implementation. update_failure stat is incremented in case of network failure and stat is incremented in case of schema/validation error.

    • config: added a stat connected_state that indicates current connected state of Envoy with management server.

    • ext_authz: added support for configuring additional to be sent from Envoy to the authorization service.

    • fault: added support for fractional percentages in FaultDelay and in .

    • grpc-json: added support for building HTTP response from google.api.HttpBody.

    • health check: added support for .

    • health check: added support for specifying jitter as a percentage.

    • health_check: added support for .

    • health_check: added timestamp to the definition.

    • http: added support for a per-stream idle timeout. This applies at both and per-route granularity. The timeout defaults to 5 minutes; if you have other timeouts (e.g. connection idle timeout, upstream response per-retry) that are longer than this in duration, you may want to consider setting a non-default per-stream idle timeout.

    • http: added downstream_rq_completed counter for , including on a per-listener basis.

    • http: added generic .

    • http: better handling of HEAD requests. Now sending transfer-encoding: chunked rather than content-length: 0.

    • http: fixed missing support for appending to predefined inline headers, e.g. authorization, in features that interact with request and response headers, e.g. request_headers_to_add. For example, a request header authorization: token1 will appear as authorization: token1,token2, after having with authorization: token2 applied.

    • http: response filters not applied to early error paths such as http_parser generated 400s.

    • http: restrictions added to reject :-prefixed pseudo-headers in custom request headers.

    • http: now controls dynamic table size of both: encoder and decoder.

    • http: added support for removing request headers using request_headers_to_remove.

    • http: added support for a to mitigate race conditions when closing connections to downstream HTTP clients. The timeout defaults to 1 second.

    • jwt-authn filter: add support for per route JWT requirements.

    • listeners: added the ability to match FilterChain using and prefix_ranges.

    • lua: added wrapper and ssl() API.

    • lua: added streamInfo() wrapper and protocol() API.

    • lua: added API.

    • network: introduced sni_cluster network filter that forwards connections to the upstream cluster specified by the SNI value presented by the client during a TLS handshake.

    • proxy_protocol: added support for HAProxy Proxy Protocol v2 (AF_INET/AF_INET6 only).

    • ratelimit: added support for . Lyft’s reference implementation of the ratelimit service also supports the data-plane-api proto as of v1.1.0. Envoy can use either proto to send client requests to a ratelimit server with the use of the boolean flag in the ratelimit configuration. Support for the legacy proto source/common/ratelimit/ratelimit.proto is deprecated and will be removed at the start of the 1.9.0 release cycle.

    • ratelimit: added option to control traffic flow in case of rate limit service error.

    • rest-api: added ability to set the request timeout for REST API requests.

    • route checker: added v2 config support and removed support for v1 configs.

    • router: added ability to set request/response headers at the level.

    • stats: added option to configure the DogStatsD metric name prefix to DogStatsdSink.

    • tcp_proxy: added support for .

    • thrift_proxy: introduced thrift routing, moved configuration to correct location

    • thrift_proxy: introduced thrift configurable decoder filters

    • tls: implemented Secret Discovery Service.

    • tracing: added support for configuration of .

    • upstream: added configuration option to the subset load balancer to take locality weights into account when selecting a host from a subset.

    • upstream: require opt-in to use the x-envoy-original-dst-host header for overriding destination address when using the load balancing policy.

    Deprecated

    • Use of the v1 API (including *.deprecated_v1 fields in the v2 API) is deprecated. See envoy-announce .

    • Use of the legacy ratelimit.proto is deprecated, in favor of the proto defined in Prior to 1.8.0, Envoy can use either proto to send client requests to a ratelimit server with the use of the use_data_plane_proto boolean flag in the ratelimit configuration. However, when using the deprecated client a warning is logged.

    • Use of the –v2-config-only flag.

    • Use of both use_websocket and websocket_config in is deprecated. Please use the new upgrade_configs in the HttpConnectionManager instead.

    • Use of the integer field in and in FaultAbort is deprecated in favor of the new FractionalPercent based percentage field.

    • Setting hosts via hosts field in Cluster is deprecated. Use load_assignment instead.

    • Use of response_headers_to_* and request_headers_to_add are deprecated at the level. Please use the configuration options at the Route level.

    • Use of runtime in RouteMatch, found in . Set the runtime_fraction field instead.