Skip to content

Commit

Permalink
repo: Dev v1.31.3
Browse files Browse the repository at this point in the history
Signed-off-by: Ryan Northey <[email protected]>
  • Loading branch information
phlax committed Sep 20, 2024
1 parent cc4a754 commit d684f5b
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 26 deletions.
2 changes: 1 addition & 1 deletion VERSION.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.31.2
1.31.3-dev
31 changes: 31 additions & 0 deletions changelogs/1.31.2.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
date: September 19, 2024

behavior_changes:
- area: http
change: |
The default configuration of Envoy will continue to trust internal addresses while in the future it will not trust them by default.
If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary
``x-envoy`` headers) please explictily include those addresses or CIDR ranges into :ref:`internal_address_config
<envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.internal_address_config>`
See the config examples from the above ``internal_address_config`` link. This default no trust internal address can be turned on by
setting runtime guard ``envoy.reloadable_features.explicit_internal_address_config`` to ``true``.
- area: http2
change: |
Changes the default value of ``envoy.reloadable_features.http2_use_oghttp2`` to ``false``. This changes the codec used for HTTP/2
requests and responses to address to address stability concerns. This behavior can be reverted by setting the feature to ``true``.
minor_behavior_changes:
- area: access_log
change: |
Sanitize SNI for potential log injection. The invalid character will be replaced by ``_`` with an ``invalid:`` marker. If runtime
flag ``envoy.reloadable_features.sanitize_sni_in_access_log`` is set to ``false``, the sanitize behavior is disabled.
bug_fixes:
- area: jwt
change: |
Fixed a bug where using ``clear_route_cache`` with remote JWKs works
incorrectly and may cause a crash when the modified request does not match
any route.
- area: http_async_client
change: |
Fixed the local reply and destroy order crashes when using the http async client for websocket handshake.
36 changes: 11 additions & 25 deletions changelogs/current.yaml
Original file line number Diff line number Diff line change
@@ -1,31 +1,17 @@
date: September 19, 2024
date: Pending

behavior_changes:
- area: http
change: |
The default configuration of Envoy will continue to trust internal addresses while in the future it will not trust them by default.
If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary
``x-envoy`` headers) please explictily include those addresses or CIDR ranges into :ref:`internal_address_config
<envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.internal_address_config>`
See the config examples from the above ``internal_address_config`` link. This default no trust internal address can be turned on by
setting runtime guard ``envoy.reloadable_features.explicit_internal_address_config`` to ``true``.
- area: http2
change: |
Changes the default value of ``envoy.reloadable_features.http2_use_oghttp2`` to ``false``. This changes the codec used for HTTP/2
requests and responses to address to address stability concerns. This behavior can be reverted by setting the feature to ``true``.
# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*

minor_behavior_changes:
- area: access_log
change: |
Sanitize SNI for potential log injection. The invalid character will be replaced by ``_`` with an ``invalid:`` marker. If runtime
flag ``envoy.reloadable_features.sanitize_sni_in_access_log`` is set to ``false``, the sanitize behavior is disabled.
# *Changes that may cause incompatibilities for some users, but should not for most*

bug_fixes:
- area: jwt
change: |
Fixed a bug where using ``clear_route_cache`` with remote JWKs works
incorrectly and may cause a crash when the modified request does not match
any route.
- area: http_async_client
change: |
Fixed the local reply and destroy order crashes when using the http async client for websocket handshake.
# *Changes expected to improve the state of the world and are unlikely to have negative effects*

removed_config_or_runtime:
# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`

new_features:

deprecated:

0 comments on commit d684f5b

Please sign in to comment.