1.32.0 (Pending)

Incompatible behavior changes

Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required

  • eds: Enabling caching caching of EDS assignments when used with ADS by default (introduced in Envoy v1.28). Prior to this change, Envoy required that EDS assignments were sent after an EDS cluster was updated. If no EDS assignment was received for the cluster, it ended up with an empty assignment. Following this change, after a cluster update, Envoy waits for an EDS assignment until initial_fetch_timeout times out, and will then apply the cached assignment and finish updating the warmed cluster. This change temporarily disabled by setting the runtime flag envoy.restart_features.use_eds_cache_for_ads to false.

  • golang: Change OnLogDownstreamStart, OnLogDownstreamPeriodic and OnLog methods so that user can get the request/response’s headers and trailers when producing access log.

  • http: Added HTTP1-safe option for max_connection_duration in HttpConnectionManager. When enabled, max_connection_duration will only drain downstream HTTP1 connections by adding the Connection:close response header; it will never cause the HttpConnectionManager to close the connection itself. Defaults to off (“unsafe” – check #34356) and is configurable via http1_safe_max_connection_duration.

  • stats scoped_rds: Added new tag extraction so that scoped rds stats have their :ref:’scope_route_config_name <envoy_v3_api_msg_config/route/v3/scoped_route>’ and stat prefix extracted.

  • tracing: Removed support for (long deprecated) opentracing. See issue 27401 for details.

Minor behavior changes

Changes that may cause incompatibilities for some users, but should not for most

  • aws: Aws request signing common code uses http async client by default, moving curl to deprecation path. This behavior change can be reverted by setting the envoy_reloadable_features_use_http_client_to_fetch_aws_credentials runtime flag to false.

  • command line options: --enable-fine-grain-logging and --component-log-level were incompatible in that one would make the other ineffective. Setting both options at once is now an error, to reduce potential confusion.

  • http: Modified the authority header value validator to allow the same characters as oghttp2 plus the “@” character. This is compliant with nghttp2, and supports the HTTP/1 use-cases that allow user-info@ as part of the authority. This behavior can be reverted by setting the runtime guard envoy.reloadable_features.internal_authority_header_validator to false.

  • http3: HTTP/3 alt-svc headers will now be respected from IP-address-based hostnames. This change is guarded by runtime guard envoy.reloadable_features.allow_alt_svc_for_ips.

  • http3: The ACCEPT_UNTRUSTED option now works more consistently for HTTP/3 requests. This change is guarded by envoy.reloadable_features.extend_h3_accept_untrusted.

  • lua: When Lua script executes httpCall, backpressure is exercised when receiving body from downstream client. This behavior can be reverted by setting the runtime guard envoy.reloadable_features.lua_flow_control_while_http_call to false.

  • sni: When computing SNI and SAN value for the auto-sni and auto-san verification feature, route host manipulations are now taken into account. This behavior can be reverted by setting the runtime guard envoy_reloadable_features_use_route_host_mutation_for_auto_sni_san to false.

  • tcp: Added support for connection_pool_per_downstream_connection flag in tcp connection pool.

Bug fixes

Changes expected to improve the state of the world and are unlikely to have negative effects

  • c-ares: Applying a C-ares patch to fix DNS resoultion by the Google gRPC library.

  • dns: The DNS filter no longer returns FORMERR if a message has an ID of 0.

  • ext_proc: Add runtime guard for timeout error code 504 Gateway Timeout that is returned to downstream. If runtime flag envoy.reloadable_features.ext_proc_timeout_error is set to false, old error code 500 Internal Server Error will be returned.

  • http: Fixed a bug where an incomplete request (missing body or trailers) may be proxied to the upstream when the limit on the number of requests per I/O cycle is configured and an HTTP decoder filter that pauses filter chain is present. This behavior can be reverted by setting the runtime guard envoy.reloadable_features.use_filter_manager_state_for_downstream_end_stream to false.

  • quic: Fixes access log formatter %CONNECTION_ID% for QUIC connections.

  • rbac: RBAC will now allow stat prefixes configured in per-route config to override the base config’s stat prefix.

  • websocket: Fixed a bug where the websocket upgrade filter would not take into account per-filter configs.

Removed config or runtime

Normally occurs at the end of the deprecation period

  • DNS: Removed envoy.reloadable_features.dns_cache_set_first_resolve_complete runtime flag and legacy code paths.

  • dynamic forward proxy: Removed envoy.reloadable_features.normalize_host_for_preresolve_dfp_dns runtime flag and legacy code paths.

  • ext_proc: Removed runtime flag envoy_reloadable_features_immediate_response_use_filter_mutation_rule and legacy code path.

  • ext_proc: Removed runtime flag envoy_reloadable_features_send_header_raw_value and legacy code path.

  • grpc reverse bridge: Removed envoy.reloadable_features.grpc_http1_reverse_bridge_change_http_status runtime flag and legacy code paths.

  • grpc reverse bridge: Removed envoy.reloadable_features.grpc_http1_reverse_bridge_handle_empty_response runtime flag and legacy code paths.

  • http: Removed runtime flag envoy.reloadable_features.abort_filter_chain_on_stream_reset and legacy code path.

  • http: Removed runtime flag envoy.reloadable_features.http1_connection_close_header_in_redirect and legacy code paths.

  • http: Removed runtime flag envoy.reloadable_features.no_downgrade_to_canonical_name and legacy code path.

  • quic: Removed envoy.reloadable_features.quic_fix_filter_manager_uaf runtime flag and legacy code paths.

  • stateful_session: Removed envoy.reloadable_features.stateful_session_encode_ttl_in_cookie runtime flag and legacy code paths.

  • tls: Removed runtime flag envoy.reloadable_features.ssl_transport_failure_reason_format.

  • udp: Removed envoy.restart_features.udp_read_normalize_addresses runtime flag and legacy code paths.

  • upstream: Removed runtime flag envoy.reloadable_features.avoid_zombie_streams and legacy code paths.

  • upstream: Removed runtime flag envoy.reloadable_features.upstream_allow_connect_with_2xx and legacy code paths.

  • upstream flow control: Removed envoy.reloadable_features.upstream_wait_for_response_headers_before_disabling_read runtime flag and legacy code paths.

New features

  • access log: Added support for %DOWNSTREAM_PEER_CHAIN_FINGERPRINTS_1%, %DOWNSTREAM_PEER_CHAIN_FINGERPRINTS_256, and %DOWNSTREAM_PEER_CHAIN_SERIALS%, as access log formatters.

  • access_log: Added new access log command operators %START_TIME_LOCAL% and %EMIT_TIME_LOCAL%, similar to %START_TIME% and %EMIT_TIME%, but use local time zone.

  • access_log: added %UPSTREAM_CLUSTER_RAW% access log formatter to log the original upstream cluster name, regardless of whether alt_stat_name is set.

  • cluster: Customizing the happy eyeballs algorithm for an upstream cluster by configuring happy_eyeballs_config. A default configuration will be used if not provided. This behavior can be reverted by setting the runtime guard envoy.reloadable_features.use_config_in_happy_eyeballs to false.

  • dns: Prefer using IPv6 address when addresses from both families are available. Can be reverted by setting envoy.reloadable_features.prefer_ipv6_dns_on_macos to false.

  • ext_authz: Added config field filter_metadata for injecting arbitrary data to the filter state for logging.

  • formatter: Added full feature absl::FormatTime() support to the DateFormatter. This allows the timepoint formatters (like %START_TIME%) to use %E#S, %E*S, %E#f and %E*f to format the subsecond part of the timepoint.

  • geoip: Added envoy.reloadable_features.mmdb_files_reload_enabled runtime flag that enables reload of mmdb files by default.

  • grpc_field_extraction: Added map<string, string> support: Target fields of type map<string, string> can be extracted and added to dynamic metadata.

  • http3: http3_protocol_options in HttpConnectionManager has been upgraded to general access.

  • http_11_proxy: Added the option to configure the transport socket via locality or endpoint metadata.

  • jwt_authn: Added missing implementation to jwt_authn matchers to allow glob pattern matching.

  • matching: Added dynamic metadata matcher support Dynamic metadata input and Dynamic metadata input matcher.

  • oauth: Added cookie_domain field to OAuth2 filter to allow setting the domain of cookies.

  • ratelimit: Added the ability to modify hits_addend by setting by setting filter state value envoy.ratelimit.hits_addend to the desired value.

  • rbac: Added delay_deny to support deny connection after the configured duration.

  • redis: Added support for publish.

  • sockets: Added socket type field for specifying a socket type to apply the socket option to under SocketOption. If not specified, the socket option will be applied to all socket types.

  • tls: Added prefer_client_ciphers to support enabling client cipher preference instead of server’s for TLS handshakes.

  • tls: Added an extension point custom_tls_certificate_selector to allow overriding TLS certificate selection behavior. An extension can select certificate base on the incoming SNI, in both sync and async mode.