From b150609e36c0e9697070df426d44361a967d5dc2 Mon Sep 17 00:00:00 2001 From: Ryan Northey Date: Thu, 19 Sep 2024 21:44:01 +0000 Subject: [PATCH] repo: Dev v1.30.7 Signed-off-by: Ryan Northey --- VERSION.txt | 2 +- changelogs/1.30.6.yaml | 27 +++++++++++++++++++++++++++ changelogs/current.yaml | 32 +++++++++++--------------------- 3 files changed, 39 insertions(+), 22 deletions(-) create mode 100644 changelogs/1.30.6.yaml diff --git a/VERSION.txt b/VERSION.txt index 8eead96fe934..785c670dabca 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -1.30.6 +1.30.7-dev diff --git a/changelogs/1.30.6.yaml b/changelogs/1.30.6.yaml new file mode 100644 index 000000000000..dbd5efcf2390 --- /dev/null +++ b/changelogs/1.30.6.yaml @@ -0,0 +1,27 @@ +date: September 19, 2024 + +behavior_changes: +- area: http + change: | + The default configuration of Envoy will continue to trust internal addresses while in the future it will not trust them by default. + If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary ``x-envoy`` + headers) please explictily include those addresses or CIDR ranges into :ref:`internal_address_config + ` + See the config examples from the above ``internal_address_config`` link. This default no trust internal address can be turned on by + setting runtime guard ``envoy.reloadable_features.explicit_internal_address_config`` to ``true``. + +minor_behavior_changes: +- area: access_log + change: | + Sanitize SNI for potential log injection. The invalid character will be replaced by ``_`` with an ``invalid:`` marker. If runtime + flag ``envoy.reloadable_features.sanitize_sni_in_access_log`` is set to ``false``, the sanitize behavior is disabled. + +bug_fixes: +- area: jwt + change: | + Fixed a bug where using ``clear_route_cache`` with remote JWKs works + incorrectly and may cause a crash when the modified request does not match + any route. +- area: http_async_client + change: | + Fixed the local reply and destroy order crashes when using the http async client for websocket handshake. diff --git a/changelogs/current.yaml b/changelogs/current.yaml index dbd5efcf2390..9ecf0d6e48ce 100644 --- a/changelogs/current.yaml +++ b/changelogs/current.yaml @@ -1,27 +1,17 @@ -date: September 19, 2024 +date: Pending behavior_changes: -- area: http - change: | - The default configuration of Envoy will continue to trust internal addresses while in the future it will not trust them by default. - If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary ``x-envoy`` - headers) please explictily include those addresses or CIDR ranges into :ref:`internal_address_config - ` - See the config examples from the above ``internal_address_config`` link. This default no trust internal address can be turned on by - setting runtime guard ``envoy.reloadable_features.explicit_internal_address_config`` to ``true``. +# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required* minor_behavior_changes: -- area: access_log - change: | - Sanitize SNI for potential log injection. The invalid character will be replaced by ``_`` with an ``invalid:`` marker. If runtime - flag ``envoy.reloadable_features.sanitize_sni_in_access_log`` is set to ``false``, the sanitize behavior is disabled. +# *Changes that may cause incompatibilities for some users, but should not for most* bug_fixes: -- area: jwt - change: | - Fixed a bug where using ``clear_route_cache`` with remote JWKs works - incorrectly and may cause a crash when the modified request does not match - any route. -- area: http_async_client - change: | - Fixed the local reply and destroy order crashes when using the http async client for websocket handshake. +# *Changes expected to improve the state of the world and are unlikely to have negative effects* + +removed_config_or_runtime: +# *Normally occurs at the end of the* :ref:`deprecation period ` + +new_features: + +deprecated: