1.13.0 (January 20, 2020)
Changes
access log: added
FILTER_STATE
access log formatters and gRPC access logger.access log: added
HOSTNAME
.access log: added a typed JSON logging mode to output access logs in JSON format with non-string values.
access log: fixed
UPSTREAM_LOCAL_ADDRESS
access log formatters to work for http requests.admin: added the ability to filter /config_dump.
api: added ability to specify
mode
for Pipe.api: remove all support for v1.
api: support for the v3 xDS API added. See Supported API versions.
aws_request_signing: added new alpha HTTP AWS request signing filter.
buffer: remove old implementation.
build: official released binary is now built against libc++.
cluster: added aggregate cluster that allows load balancing between clusters.
config: all category names of internal envoy extensions are prefixed with the ‘envoy.’ prefix to follow the reverse DNS naming notation.
decompressor: remove decompressor hard assert failure and replace with an error flag.
ext_authz: added configurable ability to send the certificate to the
ext_authz
service.fault: fixed an issue where the http fault filter would repeatedly check the percentage of abort/delay when the
x-envoy-downstream-service-cluster
header was included in the request to ensure that the actual percentage of abort/delay matches the configuration of the filter.health check: added TlsOptions to allow TLS configuration overrides.
health check: added service_name_matcher to better compare the service name patterns for health check identity.
health check: gRPC health checker sets the gRPC deadline to the configured timeout duration.
http: added strict validation that
CONNECT
is refused as it is not yet implemented. This can be reversed temporarily by setting the runtime featureenvoy.reloadable_features.strict_method_validation
to false.http: added support for http1 trailers. To enable use enable_trailers.
http: added the ability to sanitize headers nominated by the Connection header. This new behavior is guarded by
envoy.reloadable_features.connection_header_sanitization
which defaults to true.http: blocks unsupported transfer-encodings. Can be reverted temporarily by setting runtime feature
envoy.reloadable_features.reject_unsupported_transfer_encodings
to false.http: support auto_host_rewrite_header in the dynamic forward proxy.
jwt_authn: added allow_missing option that accepts request without token but rejects bad request with bad tokens.
jwt_authn: added bypass_cors_preflight to allow bypassing the CORS preflight request.
lb_subset_config: new fallback policy for selectors: KEYS_SUBSET.
listeners: added reuse_port option.
logger: added –log-format-escaped command line option to escape newline characters in application logs.
ratelimit: added local rate limit network filter.
rbac: added support for matching all subject alt names instead of first in principal_name.
redis: add host_degraded_refresh_threshold and failure_refresh_threshold to refresh topology when nodes are degraded or when requests fails.
redis: correctly follow MOVE/ASK redirection for mirrored clusters.
redis: performance improvement for larger split commands by avoiding string copies.
router: added auto_sni to support setting SNI to transport socket for new upstream connections based on the downstream HTTP host/authority header.
router: added request_mirror_policies to support sending multiple mirrored requests in one route.
router: added histograms to show timeout budget usage to the cluster stats.
router: added support for max_internal_redirects for configurable maximum internal redirect hops.
router: added support for
HOSTNAME
header formatter.router: added support for
REQ(header-name)
header formatter.router: added support for percentage-based retry budgets.
router: allow using a query parameter for HTTP consistent hashing.
router: exposed
DOWNSTREAM_REMOTE_ADDRESS
as custom HTTP request/response headers.router: skip the Location header when the response code is not a 201 or a 3xx.
router check tool: added support for testing and marking coverage for routes of runtime fraction 0.
server: added workers_started that indicates whether listeners have been fully initialized on workers.
server: added the
--disable-extensions
CLI option, to disable extensions at startup.server: fixed a bug in config validation for configs with runtime layers.
tcp_proxy: added ClusterWeight.metadata_match.
tcp_proxy: added hash_policy.
thrift_proxy: added stats to the router filter.
thrift_proxy: added support for cluster header based routing.
tls: added support for generic string matcher for subject alternative names.
tls: remove TLS 1.0 and 1.1 from client defaults.
tracing: added initial support for AWS X-Ray (local sampling rules only) X-Ray Tracing.
tracing: added tags for gRPC request path, authority, content-type and timeout.
tracing: added the ability to set custom tags on both the HTTP connection manager and the HTTP route.
tracing: added upstream_address tag.
udp: added initial support for UDP proxy.
Deprecated
certificates: The
verify_subject_alt_name
field in Certificate Validation Context has been deprecated in favor of the match_subject_alt_names field.health_checker: The
service_name
field in HTTP health checker has been deprecated in favor of theservice_name_matcher
field.router: The
request_mirror_policy
field in RouteMatch has been deprecated in favor of therequest_mirror_policies
field.tracing: The
request_headers_for_tags
field in HTTP connection manager has been deprecated in favor of the custom_tags field.xds: The v2 xDS API is deprecated. It will be supported by Envoy until EOY 2020. See Supported API versions.