1.10.0 (Apr 5, 2019)

    • access log: added a gRPC filter to allow filtering on gRPC status.

    • access log: added a new flag for stream idle timeout.

    • access log: added a new field for upstream transport failure reason in and gRPC access logger for HTTP access logs.

    • access log: added new fields for downstream x509 information (URI sans and subject) to file and gRPC access logger.

    • admin: the admin server can now be accessed via HTTP/2 (prior knowledge).

    • admin: changed HTTP response status code from 400 to 405 when attempting to GET a POST-only route (such as /quitquitquit).

    • buffer: fix vulnerabilities when allocation fails.

    • build: releases are built with GCC-7 and linked with LLD.

    • build: dev docker images from tagged images for easier discoverability in Docker Hub. Additionally, we now build images for point releases.

    • config: added support of using google.protobuf.Any in opaque configs for extensions.

    • config: logging warnings when deprecated fields are in use.

    • config: removed deprecated –v2-config-only from command line config.

    • config: removed deprecated_v1 sds_config from Bootstrap config.

    • config: removed the deprecated_v1 config option from .

    • config: removed REST_LEGACY as a valid ApiType.

    • config: finish cluster warming only when a named response i.e. ClusterLoadAssignment associated to the cluster being warmed comes in the EDS response. This is a behavioural change from the current implementation where warming of cluster completes on missing load assignments also.

    • config: use Envoy cpuset size to set the default number or worker threads if is enabled.

    • config: added support for initial_fetch_timeout. The timeout is disabled by default.

    • cors: added to filter.

    • csrf: added

    • ext_authz: migrated from v2alpha to v2 and improved docs.

    • ext_authz: migrated from v2alpha to v2 and improved the documentation.

    • ext_authz: authorization request and response configuration has been separated into two distinct objects: authorization request and . In addition, client headers and replaces the previous allowed_authorization_headers object. All the control header lists now support string matcher instead of standard string.

    • fault: added the setting, as well as statistics for the number of active faults and the number of faults the overflowed.

    • fault: added fault injection.

    • fault: added HTTP header fault configuration to the HTTP fault filter.

    • governance: extending Envoy deprecation policy from 1 release (0-3 months) to 2 releases (3-6 months).

    • health check: expected response codes in http health checks are now .

    • http: added new grpc_http1_reverse_bridge filter for converting gRPC requests into HTTP/1.1 requests.

    • http: fixed a bug where Content-Length:0 was added to HTTP/1 204 responses.

    • http: added max request headers size. The default behaviour is unchanged.

    • http: added modifyDecodingBuffer/modifyEncodingBuffer to allow modifying the buffered request/response data.

    • http: added encodeComplete/decodeComplete. These are invoked at the end of the stream, after all data has been encoded/decoded respectively. Default implementation is a no-op.

    • outlier_detection: added support for .

    • mysql: added a MySQL proxy filter that is capable of parsing SQL queries over MySQL wire protocol. Refer to MySQL proxy for more details.

    • performance: new buffer implementation (disabled by default; to test it, add “–use-libevent-buffers 0” to the command-line arguments when starting Envoy).

    • jwt_authn: added to allow specifying requirements from filterState by other filters.

    • ratelimit: removed deprecated rate limit configuration from bootstrap.

    • redis: added hashtagging to guarantee a given key’s upstream.

    • redis: added for commands.

    • redis: added success and error stats for commands.

    • redis: migrate hash function for host selection to from std::hash. MurmurHash2 is compatible with std::hash in GNU libstdc++ 3.4.20 or above. This is typically the case when compiled on Linux and not macOS.

    • router: added reset reason to response body when upstream reset happens. After this change, the response body will be of the form upstream connect error or disconnect/reset before headers. reset reason:

    • router: added rq_reset_after_downstream_response_started counter stat to router stats.

    • router: added per-route configuration of .

    • router: removed deprecated route-action level headers_to_add/remove.

    • router: made max retries header take precedence over the number of retries in route and virtual host retry policies.

    • router: added support for prefix wildcards in

    • stats: added support for histograms in prometheus

    • stats: added usedonly flag to prometheus stats to only output metrics which have been updated at least once.

    • stats: added gauges tracking remaining resources before circuit breakers open.

    • tap: added new alpha HTTP tap filter.

    • tls: enabled TLS 1.3 on the server-side (non-FIPS builds).

    • upstream: add hash_function to specify the hash function for as either xxHash or murmurHash2. MurmurHash2 is compatible with std::hash in GNU libstdc++ 3.4.20 or above. This is typically the case when compiled on Linux and not macOS.

    • upstream: added which allows routing to certain hosts only when there are insufficient healthy hosts available.

    • upstream: add cluster factory to allow creating and registering custom cluster type.

    • upstream: added a to limit the number of concurrent connection pools in use.

    • tracing: added verbose to support logging annotations on spans.

    • upstream: added support for host weighting and in the ring hash load balancer, and added a config parameter to strictly bound the ring size.

    • zookeeper: added a ZooKeeper proxy filter that parses ZooKeeper messages (requests/responses/events). Refer to ZooKeeper proxy for more details.

    • upstream: added configuration option to select any host when the fallback policy fails.

    • upstream: stopped incrementing upstream_rq_total for HTTP/1 conn pool when request is circuit broken.

    Deprecated

    • Use of use_alpha in Ext-Authz Authorization Service is deprecated. It should be used for a short time, and only when transitioning from alpha to V2 release version.

    • Use of in , found in . Set the field instead.