Skip to content

Latest commit

 

History

History
112 lines (101 loc) · 13 KB

current.rst

File metadata and controls

112 lines (101 loc) · 13 KB

1.18.0 (Pending)

Incompatible Behavior Changes

Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required

  • grpc_stats: the default value for :ref:`stats_for_all_methods <envoy_v3_api_field_extensions.filters.http.grpc_stats.v3.FilterConfig.stats_for_all_methods>` is switched from true to false, in order to avoid possible memory exhaustion due to an untrusted downstream sending a large number of unique method names. The previous default value was deprecated in version 1.14.0. This only changes the behavior when the value is not set. The previous behavior can be used by setting the value to true. This behavior change by be overridden by setting runtime feature envoy.deprecated_features.grpc_stats_filter_enable_stats_for_all_methods_by_default.

Minor Behavior Changes

Changes that may cause incompatibilities for some users, but should not for most

Bug Fixes

Changes expected to improve the state of the world and are unlikely to have negative effects

  • active http health checks: properly handles HTTP/2 GOAWAY frames from the upstream. Previously a GOAWAY frame due to a graceful listener drain could cause improper failed health checks due to streams being refused by the upstream on a connection that is going away. To revert to old GOAWAY handling behavior, set the runtime feature envoy.reloadable_features.health_check.graceful_goaway_handling to false.
  • buffer: tighten network connection read and write buffer high watermarks in preparation to more careful enforcement of read limits. Buffer high-watermark is now set to the exact configured value; previously it was set to value + 1.
  • fault injection: stop counting as active fault after delay elapsed. Previously fault injection filter continues to count the injected delay as an active fault even after it has elapsed. This produces incorrect output statistics and impacts the max number of consecutive faults allowed (e.g., for long-lived streams). This change decreases the active fault count when the delay fault is the only active and has gone finished.
  • filter_chain: fix filter chain matching with the server name as the case-insensitive way.
  • grpc-web: fix local reply and non-proto-encoded gRPC response handling for small response bodies. This fix can be temporarily reverted by setting envoy.reloadable_features.grpc_web_fix_non_proto_encoded_response_handling to false.
  • grpc_http_bridge: the downstream HTTP status is now correctly set for trailers-only responses from the upstream.
  • http: disallowing "host:" in request_headers_to_add for behavioral consistency with rejecting :authority header. This behavior can be temporarily reverted by setting envoy.reloadable_features.treat_host_like_authority to false.
  • http: reverting a behavioral change where upstream connect timeouts were temporarily treated differently from other connection failures. The change back to the original behavior can be temporarily reverted by setting envoy.reloadable_features.treat_upstream_connect_timeout_as_connect_failure to false.
  • listener: prevent crashing when an unknown listener config proto is received and debug logging is enabled.
  • overload: fix a bug that can cause use-after-free when one scaled timer disables another one with the same duration.
  • sni: as the server name in sni should be case-insensitive, envoy will convert the server name as lower case first before any other process inside envoy.
  • tls: fix the subject alternative name of the presented certificate matches the specified matchers as the case-insensitive way when it uses DNS name.
  • upstream: fix handling of moving endpoints between priorities when active health checks are enabled. Previously moving to a higher numbered priority was a NOOP, and moving to a lower numbered priority caused an abort.

Removed Config or Runtime

Normally occurs at the end of the :ref:`deprecation period <deprecated>`

  • access_logs: removed legacy unbounded access logs and runtime guard envoy.reloadable_features.disallow_unbounded_access_logs.
  • dns: removed legacy buggy wildcard matching path and runtime guard envoy.reloadable_features.fix_wildcard_matching.
  • dynamic_forward_proxy: removed envoy.reloadable_features.enable_dns_cache_circuit_breakers and legacy code path.
  • http: removed legacy connection close behavior and runtime guard envoy.reloadable_features.fixed_connection_close.
  • http: removed legacy HTTP/1.1 error reporting path and runtime guard envoy.reloadable_features.early_errors_via_hcm.
  • http: removed legacy sanitization path for upgrade response headers and runtime guard envoy.reloadable_features.fix_upgrade_response.
  • http: removed legacy date header overwriting logic and runtime guard envoy.reloadable_features.preserve_upstream_date deprecation.
  • listener: removed legacy runtime guard envoy.reloadable_features.listener_in_place_filterchain_update.
  • router: removed envoy.reloadable_features.consume_all_retry_headers and legacy code path.

New Features

Deprecated