Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

release: prepare for v1.14.0 #10699

Merged
merged 4 commits into from
Apr 8, 2020
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 9 additions & 5 deletions GOVERNANCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -79,11 +79,15 @@ or you can subscribe to the iCal feed [here](https://app.opsgenie.com/webcal/get
* Begin marshalling the ongoing PR flow in this repo. Ask maintainers to hold off merging any
particularly risky PRs until after the release is tagged. This is because we aim for master to be
at release candidate quality at all times.
* Do a final check of the [release notes](docs/root/intro/version_history.rst) and make any needed
corrections.
* Switch the [VERSION](VERSION) from a "dev" variant to a final variant. E.g., "1.6.0-dev" to
"1.6.0". Also remove the "Pending" tags and add dates to the top of the [release notes](docs/root/intro/version_history.rst)
and [deprecated log](docs/root/intro/deprecated.rst). Get a review and merge.
* Do a final check of the [release notes](docs/root/intro/version_history.rst):
* Make any needed corrections (grammar, punctuation, formatting, etc.).
* Check to see if any security/stable version release notes are duplicated in
the major version release notes. These should not be duplicated.
* Remove the "Pending" tags and add dates to the top of the [release notes](docs/root/intro/version_history.rst)
and [deprecated log](docs/root/intro/deprecated.rst).
* Switch the [VERSION](VERSION) from a "dev" variant to a final variant. E.g., "1.6.0-dev" to
"1.6.0".
* Get a review and merge.
* **Wait for tests to pass on
[master](https://circleci.com/gh/envoyproxy/envoy/tree/master).**
* Create a [tagged release](https://github.com/envoyproxy/envoy/releases). The release should
Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.14.0-dev
1.14.0
4 changes: 2 additions & 2 deletions docs/root/intro/deprecated.rst
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ The following features have been DEPRECATED and will be removed in the specified
A logged warning is expected for each deprecated item that is in deprecation window.
Deprecated items below are listed in chronological order.

1.14.0 (Pending)
================
1.14.0 (April 8, 2020)
======================
* The previous behavior for upstream connection pool circuit breaking described
`here <https://www.envoyproxy.io/docs/envoy/v1.13.0/intro/arch_overview/upstream/circuit_breaking>`_ has
been deprecated in favor of the new behavior described :ref:`here <arch_overview_circuit_break>`.
Expand Down
36 changes: 16 additions & 20 deletions docs/root/intro/version_history.rst
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
Version history
---------------

1.14.0 (Pending)
================
1.14.0 (April 8, 2020)
======================
* access log: access logger extensions use the "envoy.access_loggers" name space. A mapping
of extension names is available in the :ref:`deprecated <deprecated>` documentation.
* access log: added support for DOWNSTREAM_LOCAL_PORT :ref:`access log formatters <config_access_log_format>`.
* access log: fix %DOWSTREAM_DIRECT_REMOTE_ADDRESS% when used with PROXY protocol listener filter
* access log: added support for `%DOWNSTREAM_LOCAL_PORT%` :ref:`access log formatters <config_access_log_format>`.
* access log: fixed `%DOWSTREAM_DIRECT_REMOTE_ADDRESS%` when used with PROXY protocol listener filter.
* access log: introduce :ref:`connection-level access loggers<envoy_api_field_Listener.access_log>`.
* adaptive concurrency: fixed bug that allowed concurrency limits to drop below the configured
minimum.
* adaptive concurrency: minRTT is now triggered when the minimum concurrency is maintained for 5
consecutive sampling intervals
consecutive sampling intervals.
* admin: added support for displaying ip address subject alternate names in :ref:`certs<operations_admin_interface_certs>` end point.
* admin: added :http:post:`/reopen_logs` endpoint to control log rotation.
* api: froze v2 xDS API. New feature development in the API should occur in v3 xDS. While the v2 xDS API has
Expand All @@ -20,7 +20,6 @@ Version history
* aws_lambda: added :ref:`AWS Lambda filter <config_http_filters_aws_lambda>` that converts HTTP requests to Lambda
invokes. This effectively makes Envoy act as an egress gateway to AWS Lambda.
* aws_request_signing: a few fixes so that it works with S3.
* buffer: force copy when appending small slices to OwnedImpl buffer to avoid fragmentation.
* config: added stat :ref:`update_time <config_cluster_manager_cds>`.
* config: use type URL to select an extension whenever the config type URL (or its previous versions) uniquely identify a typed extension, see :ref:`extension configuration <config_overview_extension_configuration>`.
* datasource: added retry policy for remote async data source.
Expand All @@ -32,8 +31,8 @@ Version history
* fault: added support for controlling abort faults with :ref:`HTTP header fault configuration <config_http_filters_fault_injection_http_header>` to the HTTP fault filter.
* grpc-json: added support for building HTTP request into
`google.api.HttpBody <https://github.com/googleapis/googleapis/blob/master/google/api/httpbody.proto>`_.
* grpc-stats: add options to limit which messages stats are created for.
* http: added HTTP/1.1 flood protection. Can be temporarily disabled using the runtime feature `envoy.reloadable_features.http1_flood_protection`
* grpc-stats: added option to limit which messages stats are created for.
* http: added HTTP/1.1 flood protection. Can be temporarily disabled using the runtime feature `envoy.reloadable_features.http1_flood_protection`.
* http: added :ref:`headers_with_underscores_action setting <envoy_api_field_core.HttpProtocolOptions.headers_with_underscores_action>` to control how client requests with header names containing underscore characters are handled. The options are to allow such headers, reject request or drop headers. The default is to allow headers, preserving existing behavior.
* http: added :ref:`max_stream_duration <envoy_api_field_core.HttpProtocolOptions.max_stream_duration>` to specify the duration of existing streams. See :ref:`connection and stream timeouts <faq_configuration_timeouts>`.
* http: connection header sanitizing has been modified to always sanitize if there is no upgrade, including when an h2c upgrade attempt has been removed.
Expand All @@ -46,7 +45,6 @@ Version history
* listener filters: listener filter extensions use the "envoy.filters.listener" name space. A
mapping of extension names is available in the :ref:`deprecated <deprecated>` documentation.
* listeners: added :ref:`listener filter matcher api <envoy_api_field_listener.ListenerFilter.filter_disabled>` to disable individual listener filter on matching downstream connections.
* listeners: fixed issue where :ref:`TLS inspector listener filter <config_listener_filters_tls_inspector>` could have been bypassed by a client using only TLS 1.3.
* loadbalancing: added support for using hostname for consistent hash loadbalancing via :ref:`consistent_hash_lb_config <envoy_api_field_Cluster.CommonLbConfig.consistent_hashing_lb_config>`.
* loadbalancing: added support for :ref:`retry host predicates <envoy_api_field_route.RetryPolicy.retry_host_predicate>` in conjunction with consistent hashing load balancers (ring hash and maglev).
* lua: added a parameter to `httpCall` that makes it possible to have the call be asynchronous.
Expand All @@ -55,11 +53,10 @@ Version history
* network filters: added a :ref:`direct response filter <config_network_filters_direct_response>`.
* network filters: network filter extensions use the "envoy.filters.network" name space. A mapping
of extension names is available in the :ref:`deprecated <deprecated>` documentation.
* rbac: added :ref:`url_path <envoy_api_field_config.rbac.v2.Permission.url_path>` for matching URL path without the query and fragment string.
* rbac: added :ref:`remote_ip <envoy_api_field_config.rbac.v2.Principal.remote_ip>` and :ref:`direct_remote_ip <envoy_api_field_config.rbac.v2.Principal.direct_remote_ip>` for matching downstream remote IP address.
* rbac: deprecated :ref:`source_ip <envoy_api_field_config.rbac.v2.Principal.source_ip>` with :ref:`direct_remote_ip <envoy_api_field_config.rbac.v2.Principal.direct_remote_ip>` and :ref:`remote_ip <envoy_api_field_config.rbac.v2.Principal.remote_ip>`.
* request_id_extension: add an ability to extend request ID handling at :ref:`HTTP connection manager<envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.request_id_extension>`.
* retry: added a retry predicate that :ref:`rejects hosts based on metadata. <envoy_api_field_route.RetryPolicy.retry_host_predicate>`
* request_id_extension: added an ability to extend request ID handling at :ref:`HTTP connection manager<envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.request_id_extension>`.
* retry: added a retry predicate that :ref:`rejects hosts based on metadata. <envoy_api_field_route.RetryPolicy.retry_host_predicate>`.
* router: added ability to set attempt count in downstream response, see :ref:`virtual host's include response
attempt count config <envoy_api_field_route.VirtualHost.include_attempt_count_in_response>`.
* router: added additional stats for :ref:`virtual clusters <config_http_filters_router_vcluster_stats>`.
Expand All @@ -68,20 +65,19 @@ Version history
:ref:`validated <envoy_api_field_route.RouteMatch.TlsContextMatchOptions.validated>`.
* router: added support for :ref:`regex_rewrite
<envoy_api_field_route.RouteAction.regex_rewrite>` for path rewriting using regular expressions and capture groups.
* router: added support for DOWNSTREAM_LOCAL_PORT :ref:`header formatter <config_http_conn_man_headers_custom_request_headers>`.
* router: added support for `%DOWNSTREAM_LOCAL_PORT%` :ref:`header formatter <config_http_conn_man_headers_custom_request_headers>`.
* router: don't ignore :ref:`per_try_timeout <envoy_api_field_route.RetryPolicy.per_try_timeout>` when the :ref:`global route timeout <envoy_api_field_route.RouteAction.timeout>` is disabled.
* router: strip whitespace for :ref:`retry_on <envoy_api_field_route.RetryPolicy.retry_on>`, :ref:`grpc-retry-on header <config_http_filters_router_x-envoy-retry-grpc-on>` and :ref:`retry-on header <config_http_filters_router_x-envoy-retry-on>`.
* runtime: enabling the runtime feature "envoy.deprecated_features.allow_deprecated_extension_names"
* runtime: enabling the runtime feature `envoy.deprecated_features.allow_deprecated_extension_names`
mattklein123 marked this conversation as resolved.
Show resolved Hide resolved
disables the use of deprecated extension names.
* runtime: integer values may now be parsed as booleans.
* sds: added :ref:`GenericSecret <envoy_api_msg_auth.GenericSecret>` to support secret of generic type.
* sds: added :ref:`certificate rotation <xds_certificate_rotation>` support for certificates in static resources.
* sds: fix the SDS vulnerability that TLS validation context (e.g., subject alt name or hash) cannot be effectively validated in some cases.
* server: the SIGUSR1 access log reopen warning now is logged at info level.
* stat sinks: stat sink extensions use the "envoy.stat_sinks" name space. A mapping of extension
names is available in the :ref:`deprecated <deprecated>` documentation.
* thrift_proxy: add router filter stats to docs.
* tls: added configuration to disable stateless TLS session resumption :ref:`disable_stateless_session_resumption <envoy_api_field_auth.DownstreamTlsContext.disable_stateless_session_resumption>`
* thrift_proxy: added router filter stats to docs.
* tls: added configuration to disable stateless TLS session resumption :ref:`disable_stateless_session_resumption <envoy_api_field_auth.DownstreamTlsContext.disable_stateless_session_resumption>`.
* tracing: added gRPC service configuration to the OpenCensus Stackdriver and OpenCensus Agent tracers.
* tracing: tracer extensions use the "envoy.tracers" name space. A mapping of extension names is
available in the :ref:`deprecated <deprecated>` documentation.
Expand All @@ -91,12 +87,12 @@ Version history
limits for both requests and connections apply to both pool types. Also, HTTP/2 now has
the option to limit concurrent requests on a connection, and allow multiple draining
connections. The old behavior is deprecated, but can be used during the deprecation
period by disabling runtime feature "envoy.reloadable_features.new_http1_connection_pool_behavior" or
"envoy.reloadable_features.new_http2_connection_pool_behavior" and then re-configure your clusters or
period by disabling runtime feature `envoy.reloadable_features.new_http1_connection_pool_behavior` or
`envoy.reloadable_features.new_http2_connection_pool_behavior` and then re-configure your clusters or
restart Envoy. The behavior will not switch until the connection pools are recreated. The new
circuit breaker behavior is described :ref:`here <arch_overview_circuit_break>`.
* zlib: by default zlib is initialized to use its default strategy (Z_DEFAULT_STRATEGY)
instead of the fixed one (Z_FIXED). The difference is that the use of dynammic
instead of the fixed one (Z_FIXED). The difference is that the use of dynamic
Huffman codes is enabled now resulting in better compression ratio for normal data.

1.13.1 (March 3, 2020)
Expand Down