1.31.0 (Pending)

Incompatible behavior changes

Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required

• ext_proc: Adding support for route_cache_action. It specifies the route action to be taken when an external processor response is received in response to request headers.

• http2: Changes the default value of envoy.reloadable_features.http2_use_oghttp2 to true. This changes the codec used for HTTP/2 requests and responses. This behavior can be reverted by setting the feature to false.

• http2: Passes HTTP/2 DATA frames through a different codec API. This behavior can be temporarily disabled by setting the runtime feature envoy.reloadable_features.http2_use_visitor_for_data to false.

• proxy_protocol: Populate typed metadata by default in proxy protocol listener. Typed metadata can be consumed as TlvsMetadata type. This change can be temporarily disabled by setting the runtime flag envoy.reloadable_features.use_typed_metadata_in_proxy_protocol_listener to false.

• thread_local: Changes the behavior of the SlotImpl class destructor. With this change the destructor can be called on any thread. This behavior can be reverted by setting the runtime flag envoy.reloadable_features.allow_slot_destroy_on_worker_threads to false.

Minor behavior changes

Changes that may cause incompatibilities for some users, but should not for most

• access_log: The upstream connection address, rather than the upstream host address, will be used for the %UPSTREAM_REMOTE_ADDRESS%, %UPSTREAM_REMOTE_PORT% and %UPSTREAM_REMOTE_ADDRESS_WITHOUT_PORT% access log format specifiers. This behavior can be reverted by setting the runtime guard envoy.reloadable_features.upstream_remote_address_use_connection to false.

• config: In xDS configuration, the AUTO value now means V3. AUTO is the default value of the enum, so this field may be omitted from all configurations now.

• config: Stricter validation of a google.protobuf.Duration field in a config, rejecting invalid values (where the number of years is over 292). This can be temporarily reverted by setting runtime guard envoy.reloadable_features.strict_duration_validation to false.

• dns: Changes the behavior of the getaddrinfo DNS resolver so that it treats EAI_NODATA and EAI_NONAME as successful queries with empty results, instead of as DNS failures. This change brings the getaddrinfo behavior in-line with the c-ares resolver behavior. This behavior can be reverted by setting the runtime guard envoy.reloadable_features.dns_nodata_noname_is_success to false.

• filters: Set WWW-Authenticate header for 401 responses from the Basic Auth filter.

• grpc: Changes in AsyncStreamImpl now propagate tracing context headers in bidirectional streams when using Envoy gRPC client. Previously, tracing context headers were not being set when calling external services such as ext_proc.

• http: Changing header validation checks in the substitution format utility and CEL code to do RCF complaint header validation. This behavior can be reverted by setting the runtime guard envoy.reloadable_features.consistent_header_validation to false.

• quic: When a quic connection socket is created, the socket’s detected transport protocol will be set to “quic”.

• statistics: Hot restart statistics like hot_restart_epoch are only set when hot restart is enabled.

• tracers: Set status code for OpenTelemetry tracers (previously unset).

• udp: Change GRO read buffer to 64kB to avoid MSG_TRUNC. And change the way to limit the number of packets processed per event loop to work with GRO. This behavior can be reverted by setting runtime guard envoy.reloadable_features.udp_socket_apply_aggregated_read_limit to false.

• xds: Updated xDS-TP path naming to better comply with RFC-3986. Encoded resource paths can now include an a colon :, instead of %3A. This behavior can be reverted by setting the runtime flag envoy.reloadable_features.xdstp_path_avoid_colon_encoding to false.

Bug fixes

Changes expected to improve the state of the world and are unlikely to have negative effects

• admission control: Fixed the thread-local controller’s average RPS calculation to be calculated over the full lookback window. Previously, the controller would calculate the average RPS over the amount of time elapsed since the oldest valid request sample. This change brings the behavior in line with the documentation.

• cares: Upgraded c-ares library to 1.20.1 and added fix to c-ares DNS implementation to additionally check for ARES_EREFUSED, ARES_ESERVFAIL``and ``ARES_ENOTIMP status. Without this fix, DestroyChannelOnRefused and CustomResolverValidAfterChannelDestruction unit test will break.

• ext_authz: Added field validate_mutations, which, when set to true, adds header & query parameter mutation validation to the http ext_authz filter. If an authz response contains invalid mutations, the filter responds to the downstream request with HTTP 500 Internal Server Error. If you use ext_authz with an untrusted side stream, it’s recommended you set this to true.

• ext_authz: Handle append_action from external authorization service that was ignored.

• ext_authz: Set the SNI value from the requested server name if it isn’t available on the connection/socket. This applies when include_tls_session is true. The requested server name is set on a connection when filters such as the TLS inspector are used.

• http: Fix BalsaParser resetting state too early, guarded by default-true envoy.reloadable_features.http1_balsa_delay_reset.

• http: Fix a crash when reloading the HTTP Connection Manager via ECDS.

• oauth2: Fixed a bug that would cause Envoy to crash when recieving an Oauth callback while the Oauth upstream is unhealthy (e.g. due to DNS issues).

• outlier detection: Fixed successful_active_health_check_uneject_host. Before, a failed health check could uneject the host if the FAILED_ACTIVE_HC health flag had not been set.

• tls: Fix a RELEASE_ASSERT when using auto_sni if the downstream request :authority was longer than 255 characters.

• udp: Fixed a bug that would cause Envoy to crash when updates to a pre-existing cluster were made (e.g. HostSet changes).

Removed config or runtime

Normally occurs at the end of the deprecation period

• http: Removed envoy.reloadable_features.handle_uppercase_scheme runtime flag and legacy code paths.

• http: Removed envoy.reloadable_features.lowercase_scheme runtime flag and lagacy code paths.

• http: Removed envoy.reloadable_features.proxy_status_upstream_request_timeout runtime flag and lagacy code paths.

• http: Removed envoy.reloadable_features.use_cluster_cache_for_alt_protocols_filter runtime flag and lagacy code paths.

• jwt: Removed envoy.reloadable_features.token_passed_entirely runtime flag and legacy code paths.

• router: Removed envoy.reloadable_features.copy_response_code_to_downstream_stream_info runtime flag and legacy code paths.

• tcp: Removed envoy.reloadable_features.detect_and_raise_rst_tcp_connection runtime flag and legacy code paths.

• upstream: Removed envoy.reloadable_features.convert_legacy_lb_config runtime flag and lagacy code paths.

New features

• access_log: added new access_log command operators to retrieve upstream connection information change: %UPSTREAM_PEER_URI_SAN%, %UPSTREAM_PEER_IP_SAN%, %UPSTREAM_PEER_DNS_SAN%, %UPSTREAM_LOCAL_URI_SAN%, %UPSTREAM_LOCAL_DNS_SAN%, %UPSTREAM_LOCAL_IP_SAN%.

• access_log: added support for %UPSTREAM_HOST_NAME% for the upstream host identifier.

• access_loggers: Added TRACE_ID access log formatter.

• aws_lambda: The aws_lambda filter now supports the credentials parameter. This enables setting AWS credentials from the filter configuration.

• cares: Added udp_max_queries option to limit the number of UDP queries.

• ext_authz: Added disallowed_headers to specify headers that should never be sent to the external authentication service. Overrides allowed_headers if a header matches both.

• healthcheck: Added support to healthcheck with ProxyProtocol in TCP Healthcheck by setting health_check_config.

• hot_restart: Added new command-line flag --skip-hot-restart-parent-stats.

• http: Added disable_shadow_host_suffix_append in request_mirror_policies for disabling appending of the -shadow suffix to the shadowed host/authority header.

• http: Added field match_upstream, which, when set to true, will set the downstream request :scheme to match the upstream transport protocol.

• listener: Added bypass_overload_manager to bypass the overload manager for a listener. When set to true, the listener will not be subject to overload protection.

• matching: Added Filter State Input for matching http input based on filter state objects.

• open_telemetry: added stat_prefix configuration to support additional stat prefix for the OpenTelemetry logger.

• quic: Added support for QUIC server preferred address when there is a DNAT between the client and Envoy. See new config.

• redis: Added support for inline commands.

Deprecated

• tracing: Disable OpenCensus by default, as it is no longer supported/maintained upstream. This extension can be replaced with the OpenTelemetry tracer and collector.