1.32.0 (Pending)

Minor behavior changes

Changes that may cause incompatibilities for some users, but should not for most

  • lua: When Lua script executes httpCall, backpressure is exercised when receiving body from downstream client. This behavior can be reverted by setting the runtime guard envoy.reloadable_features.lua_flow_control_while_http_call to false.

  • tcp: Added support for connection_pool_per_downstream_connection flag in tcp connection pool.

Bug fixes

Changes expected to improve the state of the world and are unlikely to have negative effects

  • dns: The DNS filter no longer returns FORMERR if a message has an ID of 0.

  • ext_authz: Fixed fail-open behaviour of the failure_mode_allow config option when a grpc external authz server is used. The behaviour can be enabled by envoy_reloadable_features_process_ext_authz_grpc_error_codes_as_errors.

  • quic: Fixes access log formatter %CONNECTION_ID% for QUIC connections.

Removed config or runtime

Normally occurs at the end of the deprecation period

  • DNS: Removed envoy.reloadable_features.dns_cache_set_first_resolve_complete runtime flag and legacy code paths.

  • ext_proc: Removed runtime flag envoy_reloadable_features_immediate_response_use_filter_mutation_rule and legacy code path.

  • ext_proc: Removed runtime flag envoy_reloadable_features_send_header_raw_value and legacy code path.

  • grpc reverse bridge: Removed envoy.reloadable_features.grpc_http1_reverse_bridge_change_http_status runtime flag and legacy code paths.

  • grpc reverse bridge: Removed envoy.reloadable_features.grpc_http1_reverse_bridge_handle_empty_response runtime flag and legacy code paths.

  • http: Removed runtime flag envoy.reloadable_features.abort_filter_chain_on_stream_reset and legacy code path.

  • http: Removed runtime flag envoy.reloadable_features.no_downgrade_to_canonical_name and legacy code path.

  • stateful_session: Removed envoy.reloadable_features.stateful_session_encode_ttl_in_cookie runtime flag and legacy code paths.

  • tls: Removed runtime flag envoy.reloadable_features.ssl_transport_failure_reason_format.

  • upstream: Removed runtime flag envoy.reloadable_features.avoid_zombie_streams and legacy code paths.

New features

  • access_log: added %UPSTREAM_CLUSTER_RAW% access log formatter to log the original upstream cluster name, regadless of whether alt_stat_name is set.

  • ext_authz: Added config field filter_metadata for injecting arbitrary data to the filter state for logging.

  • sockets: Added socket type field for specifying a socket type to apply the socket option to under SocketOption. If not specified, the socket option will be applied to all socket types.

  • tls: Added prefer_client_ciphers to support enabling client cipher preference instead of server’s for TLS handshakes.

  • tls: Added an extension point custom_tls_certificate_selector to allow overriding TLS certificate selection behavior. An extension can select certificate base on the incoming SNI, in both sync and async mode.