.. _version_history_1.31.0: 1.31.0 (Pending) ================= Incompatible behavior changes ----------------------------- *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required* * **ext_proc**: Adding support for :ref:`route_cache_action `. It specifies the route action to be taken when an external processor response is received in response to request headers. * **golang**: Move ``Continue``, ``SendLocalReply`` and ``RecoverPanic` from ``FilterCallbackHandler`` to ``DecoderFilterCallbacks`` and ``EncoderFilterCallbacks``, to support full-duplex processing. * **http2**: Changes the default value of ``envoy.reloadable_features.http2_use_oghttp2`` to true. This changes the codec used for HTTP/2 requests and responses. This behavior can be reverted by setting the feature to false. * **http2**: Passes HTTP/2 DATA frames through a different codec API. This behavior can be temporarily disabled by setting the runtime feature ``envoy.reloadable_features.http2_use_visitor_for_data`` to false. * **proxy_protocol**: Populate typed metadata by default in proxy protocol listener. Typed metadata can be consumed as :ref:`TlvsMetadata type `. This change can be temporarily disabled by setting the runtime flag ``envoy.reloadable_features.use_typed_metadata_in_proxy_protocol_listener`` to ``false``. * **runtime**: Rejecting invalid yaml. This has been an ENVOY_BUG linked to https://github.com/envoyproxy/envoy/issues/27434 for over a year with no hard-blockers so should be Ok. This behavior can be temporarily disabled by setting the runtime feature ``envoy.reloadable_features.reject_invalid_yaml`` to false but the runtime guard must be parsed before any invalid yaml. * **thread_local**: Changes the behavior of the ``SlotImpl`` class destructor. With this change the destructor can be called on any thread. This behavior can be reverted by setting the runtime flag ``envoy.reloadable_features.allow_slot_destroy_on_worker_threads`` to false. Minor behavior changes ---------------------- *Changes that may cause incompatibilities for some users, but should not for most* * **access_log**: The upstream connection address, rather than the upstream host address, will be used for the ``%UPSTREAM_REMOTE_ADDRESS%``, ``%UPSTREAM_REMOTE_PORT%`` and ``%UPSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%`` access log format specifiers. This behavior can be reverted by setting the runtime guard ``envoy.reloadable_features.upstream_remote_address_use_connection`` to false. * **config**: In xDS configuration, the :ref:`AUTO ` value now means :ref:`V3 `. :ref:`AUTO ` is the default value of the enum, so this field may be omitted from all configurations now. * **config**: Stricter validation of a ``google.protobuf.Duration`` field in a config, rejecting invalid values (where the number of years is over 292). This can be temporarily reverted by setting runtime guard ``envoy.reloadable_features.strict_duration_validation`` to ``false``. * **dns**: Changes the behavior of the getaddrinfo DNS resolver so that it treats EAI_NODATA and EAI_NONAME as successful queries with empty results, instead of as DNS failures. This change brings the getaddrinfo behavior in-line with the c-ares resolver behavior. This behavior can be reverted by setting the runtime guard ``envoy.reloadable_features.dns_nodata_noname_is_success`` to false. * **filters**: Set ``WWW-Authenticate`` header for 401 responses from the Basic Auth filter. * **grpc**: Changes in ``AsyncStreamImpl`` and ``GoogleAsyncStreamImpl`` now propagate tracing context headers in bidirectional streams when using :ref:`Envoy gRPC client ` or :ref:`Google C++ gRPC client `. Previously, tracing context headers were not being set when calling external services such as ``ext_proc``. * **http**: Changing header validation checks in the substitution format utility and CEL code to do RCF complaint header validation. This behavior can be reverted by setting the runtime guard ``envoy.reloadable_features.consistent_header_validation`` to false. * **http**: Fixed host header changes for shadow requests to properly handle ipv6 addresses. * **http**: Removed runtime guard ``envoy.reloadable_features.refresh_rtt_after_request`` and legacy code path. * **quic**: When a quic connection socket is created, the socket's detected transport protocol will be set to "quic". * **statistics**: Hot restart statistics like hot_restart_epoch are only set when hot restart is enabled. * **tracers**: Set status code for OpenTelemetry tracers (previously unset). * **udp**: Change GRO read buffer to 64kB to avoid MSG_TRUNC. And change the way to limit the number of packets processed per event loop to work with GRO. This behavior can be reverted by setting runtime guard ``envoy.reloadable_features.udp_socket_apply_aggregated_read_limit`` to false. * **xds**: Updated xDS-TP path naming to better comply with RFC-3986. Encoded resource paths can now include an a colon ``:``, instead of ``%3A``. This behavior can be reverted by setting the runtime flag ``envoy.reloadable_features.xdstp_path_avoid_colon_encoding`` to ``false``. Bug fixes --------- *Changes expected to improve the state of the world and are unlikely to have negative effects* * **admission control**: Fixed the thread-local controller's average RPS calculation to be calculated over the full lookback window. Previously, the controller would calculate the average RPS over the amount of time elapsed since the oldest valid request sample. This change brings the behavior in line with the documentation. * **async http client**: Added one option to disable the response body buffering for mirror request. Also introduced a 32MB cap for the response buffer, which can be changed by the runtime flag ``http.async_response_buffer_limit`` based on the product needs. * **cares**: Upgraded c-ares library to 1.20.1 and added fix to c-ares DNS implementation to additionally check for ``ARES_EREFUSED``, ``ARES_ESERVFAIL``and ``ARES_ENOTIMP`` status. Without this fix, ``DestroyChannelOnRefused`` and ``CustomResolverValidAfterChannelDestruction`` unit test will break. * **decompression**: Fixed a bug where Envoy will go into an endless loop when using the brotli decompressor. If the input stream has redundant data, the decompressor will loop forever. * **ext_authz**: Added field :ref:`validate_mutations `, which, when set to true, adds header & query parameter mutation validation to the http ext_authz filter. If an authz response contains invalid mutations, the filter responds to the downstream request with HTTP 500 Internal Server Error. If you use ext_authz with an untrusted side stream, it's recommended you set this to true. * **ext_authz**: Handle ``append_action`` from :ref:`external authorization service ` that was ignored. * **ext_authz**: Set the SNI value from the requested server name if it isn't available on the connection/socket. This applies when ``include_tls_session`` is true. The requested server name is set on a connection when filters such as the TLS inspector are used. * **ext_authz**: Validate http service path_prefix :ref:`path_prefix `, Validate http service path_prefix configuration must start with ``/``. * **http**: Fix BalsaParser resetting state too early, guarded by default-true ``envoy.reloadable_features.http1_balsa_delay_reset``. * **http**: Fix a crash when reloading the HTTP Connection Manager via ECDS. * **oauth2**: Fixed a bug that would cause Envoy to crash when recieving an Oauth callback while the Oauth upstream is unhealthy (e.g. due to DNS issues). * **outlier detection**: Fixed :ref:`successful_active_health_check_uneject_host `. Before, a failed health check could uneject the host if the ``FAILED_ACTIVE_HC`` health flag had not been set. * **quic**: Applied 2 QUICHE patches for crash bugs in ``QuicSpdyStream`` ``OnDataAvailable()`` and ``OnInitialHeaderComplete()``. * **quic**: Fixed crash bug when QUIC downstream stream was read closed and then timed out. * **tls**: Fix a RELEASE_ASSERT when using :ref:`auto_sni ` if the downstream request ``:authority`` was longer than 255 characters. * **tracing**: Fix an issue where span id is missing from opentelemetry access log entries. * **udp**: Fixed a bug that would cause Envoy to crash when updates to a pre-existing cluster were made (e.g. ``HostSet`` changes). * **websocket**: Only 101 is considered a successful response for websocket handshake for HTTP/1.1, and Envoy as a proxy will proxy the response header from upstream to downstream and then close the request if other status is received. This behavior can be reverted by ``envoy_reloadable_features_check_switch_protocol_websocket_handshake``. Removed config or runtime ------------------------- *Normally occurs at the end of the* :ref:`deprecation period ` * **ext_authz**: Removed ``envoy.reloadable_features.ext_authz_http_send_original_xff`` runtime flag and legacy code paths. * **http**: Removed ``envoy.reloadable_features.handle_uppercase_scheme`` runtime flag and legacy code paths. * **http**: Removed ``envoy.reloadable_features.http_allow_partial_urls_in_referer`` runtime flag and legacy code paths. * **http**: Removed ``envoy.reloadable_features.lowercase_scheme`` runtime flag and legacy code paths. * **http**: Removed ``envoy.reloadable_features.proxy_status_upstream_request_timeout`` runtime flag and lagacy code paths. * **http**: Removed ``envoy.reloadable_features.use_cluster_cache_for_alt_protocols_filter`` runtime flag and lagacy code paths. * **http2**: Removed ``envoy.reloadable_features.http2_decode_metadata_with_quiche`` runtime flag and legacy code paths. * **jwt**: Removed ``envoy.reloadable_features.token_passed_entirely`` runtime flag and legacy code paths. * **load_balancing**: Removed ``envoy.reloadable_features.enable_zone_routing_different_zone_counts`` runtime flag and legacy code paths. * **load_balancing**: Removed ``envoy.reloadable_features.locality_routing_use_new_routing_logic`` runtime flag and legacy code paths. * **oauth**: Removed ``envoy.reloadable_features.hmac_base64_encoding_only`` runtime flag and legacy code paths. * **oauth**: Removed ``envoy.reloadable_features.oauth_make_token_cookie_httponly`` runtime flag and legacy code paths. * **router**: Removed ``envoy.reloadable_features.copy_response_code_to_downstream_stream_info`` runtime flag and legacy code paths. * **tcp**: Removed ``envoy.reloadable_features.detect_and_raise_rst_tcp_connection`` runtime flag and legacy code paths. * **thrift**: Removed ``envoy.reloadable_features.thrift_allow_negative_field_ids`` runtime flag and legacy code paths. * **thrift**: Removed ``envoy.reloadable_features.thrift_connection_draining`` runtime flag and legacy code paths. * **tls**: Removed ``envoy.reloadable_features.enable_intermediate_ca`` runtime flag and lagacy code paths. * **tls**: Removed ``envoy.reloadable_features.no_full_scan_certs_on_sni_mismatch`` runtime flag and lagacy code paths. * **upstream**: Removed ``envoy.reloadable_features.convert_legacy_lb_config`` runtime flag and legacy code paths. New features ------------ * **access_log**: added new ``access_log`` command operators to retrieve upstream connection information change: ``%UPSTREAM_PEER_URI_SAN%``, ``%UPSTREAM_PEER_IP_SAN%``, ``%UPSTREAM_PEER_DNS_SAN%``, ``%UPSTREAM_LOCAL_URI_SAN%``, ``%UPSTREAM_LOCAL_DNS_SAN%``, ``%UPSTREAM_LOCAL_IP_SAN%``. * **access_log**: added support for :ref:`%UPSTREAM_HOST_NAME% ` for the upstream host identifier. * **access_loggers**: Added ``TRACE_ID`` :ref:`access log formatter `. * **aws_lambda**: The ``aws_lambda`` filter now supports the :ref:`credentials ` parameter. This enables setting AWS credentials from the filter configuration. * **cares**: Added :ref:`udp_max_queries` option to limit the number of UDP queries. * **ext_authz**: Added :ref:`disallowed_headers ` to specify headers that should never be sent to the external authentication service. Overrides :ref:`allowed_headers ` if a header matches both. * **ext_authz**: added :ref:`decoder_header_mutation_rules ` which allows you to configure what decoder header mutations are allowed from the ext_authz service as well as whether to fail the downstream request if disallowed mutations are requested. * **healthcheck**: Added support to healthcheck with ProxyProtocol in TCP Healthcheck by setting :ref:`health_check_config `. * **hot_restart**: Added new command-line flag :option:`--skip-hot-restart-parent-stats`. * **http**: Added :ref:`disable_shadow_host_suffix_append ` in :ref:`request_mirror_policies ` for disabling appending of the ``-shadow`` suffix to the shadowed host/authority header. * **http**: Added field :ref:`match_upstream `, which, when set to true, will set the downstream request ``:scheme`` to match the upstream transport protocol. * **listener**: Added :ref:`bypass_overload_manager ` to bypass the overload manager for a listener. When set to true, the listener will not be subject to overload protection. * **matching**: Added :ref:`Filter State Input ` for matching http input based on filter state objects. * **open_telemetry**: added :ref:`formatters ` configuration to support extension formatter for the OpenTelemetry logger. * **open_telemetry**: added :ref:`stat_prefix ` configuration to support additional stat prefix for the OpenTelemetry logger. * **proxy_protocol**: Added field :ref:`stat_prefix ` to the proxy protocol listener filter configuration, allowing for differentiating statistics when multiple proxy protocol listener filters are configured. * **quic**: Added support for QUIC server preferred address when there is a DNAT between the client and Envoy. See :ref:`new config `. * **redis**: Added support for `inline commands `_. * **routing**: added support in :ref:`file datasource ` implementation to listen to file changes and dynamically update the response when :ref:`watched_directory ` is configured in :ref:`DataSource `. * **thrift**: added implementation of :ref:`thrift to metadata ` http filter. * **wasm**: Update ``wasm`` filter to support use as an upstream filter. Deprecated ---------- * **tracing**: Disable OpenCensus by default, as it is `no longer supported/maintained upstream `_. This extension can be replaced with the OpenTelemetry tracer and collector.