diff --git a/RELEASES.md b/RELEASES.md index e6bef9b1b4c0..169507375a9c 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -75,7 +75,7 @@ As of 2022, the targeted release dates are the 15th day of each quarter. | 1.17.0 | 2020/12/31 | 2021/01/11 | +11 days | 2022/01/11 | | 1.18.0 | 2021/03/31 | 2021/04/15 | +15 days | 2022/04/15 | | 1.19.0 | 2021/06/30 | 2021/07/13 | +13 days | 2022/07/13 | -| 1.20.0 | 2021/09/30 | 2021/10/05 | +5 days | 2022/10/13 | -| 1.21.0 | 2022/01/15 | | | | +| 1.20.0 | 2021/09/30 | 2021/10/05 | +5 days | 2022/10/05 | +| 1.21.0 | 2022/01/15 | 2022/01/12 | -3 days | 2023/01/12 | [repokitteh]: https://github.com/repokitteh diff --git a/VERSION b/VERSION index c6ba48dc6375..3500250a4b05 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.21.0-dev +1.21.0 diff --git a/docs/root/version_history/current.rst b/docs/root/version_history/current.rst index 6b664e3bac8e..e63d73ae4a31 100644 --- a/docs/root/version_history/current.rst +++ b/docs/root/version_history/current.rst @@ -1,11 +1,11 @@ -1.21.0 (Pending) -================ +1.21.0 (January 12, 2022) +========================= Incompatible Behavior Changes ----------------------------- *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required* -* auto_config: :ref:`auto_config: ` now verifies that any transport sockets configured via :ref:`transport_socket_matches ` support ALPN. This behavioral change can be temporarily reverted by setting runtime guard ``envoy.reloadable_features.correctly_validate_alpn`` to false.. +* auto_config: :ref:`auto_config ` now verifies that any transport sockets configured via :ref:`transport_socket_matches ` support ALPN. This behavioral change can be temporarily reverted by setting runtime guard ``envoy.reloadable_features.correctly_validate_alpn`` to false. * xds: ``*`` became a reserved name for a wildcard resource that can be subscribed to and unsubscribed from at any time. This is a requirement for implementing the on-demand xDSes (like on-demand CDS) that can subscribe to specific resources next to their wildcard subscription. If such xDS is subscribed to both wildcard resource and to other specific resource, then in stream reconnection scenario, the xDS will not send an empty initial request, but a request containing ``*`` for wildcard subscription and the rest of the resources the xDS is subscribed to. If the xDS is only subscribed to wildcard resource, it will try to send a legacy wildcard request. This behavior implements the recent changes in :ref:`xDS protocol ` and can be temporarily reverted by setting the ``envoy.restart_features.explicit_wildcard_resource`` runtime guard to false. Minor Behavior Changes @@ -14,18 +14,16 @@ Minor Behavior Changes * bandwidth_limit: added :ref:`response trailers ` when request or response delay are enforced. * bandwidth_limit: added :ref:`bandwidth limit stats ` *request_enforced* and *response_enforced*. -* dns: now respecting the returned DNS TTL for resolved hosts, rather than always relying on the hard-coded :ref:`dns_refresh_rate. ` This behavior can be temporarily reverted by setting the runtime guard ``envoy.reloadable_features.use_dns_ttl`` to false. +* dns: now respecting the returned DNS TTL for resolved hosts, rather than always relying on the hard-coded :ref:`dns_refresh_rate. `. This behavior can be temporarily reverted by setting the runtime guard ``envoy.reloadable_features.use_dns_ttl`` to false. * ext_authz: the ext_authz span was always getting sampled, even if the parent span was not; now the ext_authz span follows the parent's sampling status. -* http: directly response with http status code 1xx isn't valid usecase, so the status code 1xx was refused by the :ref:`direct_response ` field. +* http: directly responding with only a 1xx http status code isn't valid, and is now refused as invalid :ref:`direct_response ` config. * http: envoy will now proxy 102 and 103 headers from upstream, though as with 100s only the first 1xx response headers will be sent. This behavioral change by can temporarily reverted by setting runtime guard ``envoy.reloadable_features.proxy_102_103`` to false. * http: usage of the experimental matching API is no longer guarded behind a feature flag, as the corresponding protobuf fields have been marked as WIP. -* http: when envoy run out of ``max_requests_per_connection``, it will send an HTTP/2 "shutdown nofitication" (GOAWAY frame with max stream ID) and go to a default grace period of 5000 milliseconds (5 seconds) if ``drain_timeout`` is not specified. During this grace period, envoy will continue to accept new streams. After the grace period, a final GOAWAY is sent and envoy will start refusing new streams. However before bugfix, during the grace period, every time a new stream is received, old envoy will always send a "shutdown notification" and restart drain again which actually causes the grace period to be extended and is no longer equal to ``drain_timeout``. +* http: when a downstream connection hits a configured ``max_requests_per_connection``, it will send an HTTP/2 "shutdown notification" (GOAWAY frame with max stream ID) and go to a default grace period of 5000 milliseconds (5 seconds) if :ref:`drain_timeout ` is not specified. During this grace period, envoy will continue to accept new streams. After the grace period, a final GOAWAY is sent and envoy will start refusing new streams. However before the bugfix, during the grace period, every time a new stream is received, envoy would restart the drain which caused the grace period to be extended and so making it longer than the configured drain timeout. * json: switching from rapidjson to nlohmann/json. This behavioral change can be temporarily reverted by setting runtime guard ``envoy.reloadable_features.remove_legacy_json`` to false. * listener: destroy per network filter chain stats when a network filter chain is removed during the listener in place update. -* quic: add back the support for IETF draft 29 which is guarded via ``envoy.reloadable_features.FLAGS_quic_reloadable_flag_quic_disable_version_draft_29``. It is off by default so Envoy only supports RFCv1 without flipping this runtime guard explicitly. Draft 29 is not recommended for use. -* router: take elapsed time into account when setting the x-envoy-expected-rq-timeout-ms header for retries, and never send a value that's longer than the request timeout. This behavioral change can be temporarily reverted by setting runtime guard ``envoy.reloadable_features.update_expected_rq_timeout_on_retry`` to false. -* stateful session http filter: added :ref:`stateful session http filter `. -* stream_info: response code details with empty space characters (' ', '\t', '\f', '\v', '\n', '\r') is not accepted by the ``setResponseCodeDetails()`` API. +* router: take elapsed time into account when setting the ``x-envoy-expected-rq-timeout-ms header`` for retries, and never send a value that's longer than the request timeout. This behavioral change can be temporarily reverted by setting runtime guard ``envoy.reloadable_features.update_expected_rq_timeout_on_retry`` to false. +* stream_info: response code details with empty space characters (' ', '\\t', '\\f', '\\v', '\\n', '\\r') is not accepted by the ``setResponseCodeDetails()`` API. * upstream: fixed a bug where auto_config didn't work for wrapped TLS sockets (e.g. if proxy proto were configured for TLS). Bug Fixes @@ -50,7 +48,7 @@ Removed Config or Runtime * health check: removed ``envoy.reloadable_features.health_check.immediate_failure_exclude_from_cluster`` runtime guard and legacy code paths. * http: removed ``envoy.reloadable_features.add_and_validate_scheme_header`` and legacy code paths. * http: removed ``envoy.reloadable_features.check_unsupported_typed_per_filter_config``, Envoy will always check unsupported typed per filter config if the filter isn't optional. -* http: removed ``envoy.reloadable_features.dont_add_content_length_for_bodiless_requests deprecation`` and legacy code paths. +* http: removed ``envoy.reloadable_features.dont_add_content_length_for_bodiless_requests`` and legacy code paths. * http: removed ``envoy.reloadable_features.grpc_json_transcoder_adhere_to_buffer_limits`` and legacy code paths. * http: removed ``envoy.reloadable_features.http2_skip_encoding_empty_trailers`` and legacy code paths. Envoy will always encode empty trailers by sending empty data with ``end_stream`` true (instead of sending empty trailers) for HTTP/2. * http: removed ``envoy.reloadable_features.improved_stream_limit_handling`` and legacy code paths. @@ -80,13 +78,13 @@ New Features * dns_filter: added :ref:`typed_dns_resolver_config ` in the dns_filter to support DNS resolver as an extension. * dns_resolver: added :ref:`CaresDnsResolverConfig` to support c-ares DNS resolver as an extension. * dns_resolver: added :ref:`use_resolvers_as_fallback` to the c-ares DNS resolver. -* dns_resolver: added :ref:`use_resolvers_as_fallback` to the c-ares DNS resolver. +* dns_resolver: added :ref:`filter_unroutable_families` to the c-ares DNS resolver. * dns_resolver: added :ref:`AppleDnsResolverConfig` to support apple DNS resolver as an extension. * ext_authz: added :ref:`query_parameters_to_set ` and :ref:`query_parameters_to_remove ` for adding and removing query string parameters when using a gRPC authorization server. * grpc_http_bridge: added :ref:`upgrade_protobuf_to_grpc ` option for automatically framing protobuf payloads as gRPC requests. * grpc_json_transcoder: added support for matching unregistered custom verb :ref:`match_unregistered_custom_verb `. -* http: added support for %REQUESTED_SERVER_NAME% to extract SNI as a custom header. -* http: added support for %VIRTUAL_CLUSTER_NAME% to extract the matched Virtual Cluster name as a custom header. +* http: added support for ``%REQUESTED_SERVER_NAME%`` to extract SNI as a custom header. +* http: added support for ``%VIRTUAL_CLUSTER_NAME%`` to extract the matched Virtual Cluster name as a custom header. * http: added support for :ref:`retriable health check status codes `. * http: added timing information about upstream connection and encryption establishment to stream info. These can currently be accessed via custom access loggers. * http: added support for :ref:`forwarding HTTP1 reason phrase `. @@ -95,9 +93,10 @@ New Features * listener: added support for opting out listeners from the globally set downstream connection limit via :ref:`ignore_global_conn_limit `. * matcher: added support for *xds.type.matcher.v3.IPMatcher* IP trie matching. * oauth filter: added :ref:`cookie_names ` to allow overriding (default) cookie names (``BearerToken``, ``OauthHMAC``, and ``OauthExpires``) set by the filter. -* oauth filter: setting IdToken and RefreshToken cookies if they are provided by Identity provider along with AccessToken. -* perf: added support for [Perfetto](https://perfetto.dev) performance tracing. +* oauth filter: setting ``IdToken`` and ``RefreshToken`` cookies if they are provided by Identity provider along with ``AccessToken``. +* perf: added support for `Perfetto `_ performance tracing. * router: added support for the :ref:`config_http_conn_man_headers_x-forwarded-host` header. +* stateful session http filter: added :ref:`stateful session http filter `. * stats: added text_readouts query parameter to prometheus stats to return gauges made from text readouts. * tcp: added a :ref:`FilterState ` :ref:`hash policy `, used by :ref:`TCP proxy ` to allow hashing load balancer algorithms to hash on objects in filter state. * tcp_proxy: added support to populate upstream http connect header values from stream info.