From d684f5bd3d86195f4a61942edb46dcb132c6ec87 Mon Sep 17 00:00:00 2001
From: Ryan Northey <ryan@synca.io>
Date: Thu, 19 Sep 2024 22:07:54 +0000
Subject: [PATCH] repo: Dev v1.31.3

Signed-off-by: Ryan Northey <ryan@synca.io>
---
 VERSION.txt             |  2 +-
 changelogs/1.31.2.yaml  | 31 +++++++++++++++++++++++++++++++
 changelogs/current.yaml | 36 +++++++++++-------------------------
 3 files changed, 43 insertions(+), 26 deletions(-)
 create mode 100644 changelogs/1.31.2.yaml

diff --git a/VERSION.txt b/VERSION.txt
index 3492b09b4f67..3f79d90534e4 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1 +1 @@
-1.31.2
+1.31.3-dev
diff --git a/changelogs/1.31.2.yaml b/changelogs/1.31.2.yaml
new file mode 100644
index 000000000000..b188a39d5c24
--- /dev/null
+++ b/changelogs/1.31.2.yaml
@@ -0,0 +1,31 @@
+date: September 19, 2024
+
+behavior_changes:
+- area: http
+  change: |
+    The default configuration of Envoy will continue to trust internal addresses while in the future it will not trust them by default.
+    If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary
+    ``x-envoy`` headers) please explictily include those addresses or CIDR ranges into :ref:`internal_address_config
+    <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.internal_address_config>`
+    See the config examples from the above ``internal_address_config`` link. This default no trust internal address can be turned on by
+    setting runtime guard ``envoy.reloadable_features.explicit_internal_address_config`` to ``true``.
+- area: http2
+  change: |
+    Changes the default value of ``envoy.reloadable_features.http2_use_oghttp2`` to ``false``. This changes the codec used for HTTP/2
+    requests and responses to address to address stability concerns. This behavior can be reverted by setting the feature to ``true``.
+
+minor_behavior_changes:
+- area: access_log
+  change: |
+    Sanitize SNI for potential log injection. The invalid character will be replaced by ``_`` with an ``invalid:`` marker. If runtime
+    flag ``envoy.reloadable_features.sanitize_sni_in_access_log`` is set to ``false``, the sanitize behavior is disabled.
+
+bug_fixes:
+- area: jwt
+  change: |
+    Fixed a bug where using ``clear_route_cache`` with remote JWKs works
+    incorrectly and may cause a crash when the modified request does not match
+    any route.
+- area: http_async_client
+  change: |
+    Fixed the local reply and destroy order crashes when using the http async client for websocket handshake.
diff --git a/changelogs/current.yaml b/changelogs/current.yaml
index b188a39d5c24..9ecf0d6e48ce 100644
--- a/changelogs/current.yaml
+++ b/changelogs/current.yaml
@@ -1,31 +1,17 @@
-date: September 19, 2024
+date: Pending
 
 behavior_changes:
-- area: http
-  change: |
-    The default configuration of Envoy will continue to trust internal addresses while in the future it will not trust them by default.
-    If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary
-    ``x-envoy`` headers) please explictily include those addresses or CIDR ranges into :ref:`internal_address_config
-    <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.internal_address_config>`
-    See the config examples from the above ``internal_address_config`` link. This default no trust internal address can be turned on by
-    setting runtime guard ``envoy.reloadable_features.explicit_internal_address_config`` to ``true``.
-- area: http2
-  change: |
-    Changes the default value of ``envoy.reloadable_features.http2_use_oghttp2`` to ``false``. This changes the codec used for HTTP/2
-    requests and responses to address to address stability concerns. This behavior can be reverted by setting the feature to ``true``.
+# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
 
 minor_behavior_changes:
-- area: access_log
-  change: |
-    Sanitize SNI for potential log injection. The invalid character will be replaced by ``_`` with an ``invalid:`` marker. If runtime
-    flag ``envoy.reloadable_features.sanitize_sni_in_access_log`` is set to ``false``, the sanitize behavior is disabled.
+# *Changes that may cause incompatibilities for some users, but should not for most*
 
 bug_fixes:
-- area: jwt
-  change: |
-    Fixed a bug where using ``clear_route_cache`` with remote JWKs works
-    incorrectly and may cause a crash when the modified request does not match
-    any route.
-- area: http_async_client
-  change: |
-    Fixed the local reply and destroy order crashes when using the http async client for websocket handshake.
+# *Changes expected to improve the state of the world and are unlikely to have negative effects*
+
+removed_config_or_runtime:
+# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
+
+new_features:
+
+deprecated: