1.31.0 (Pending)

Incompatible behavior changes

Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required

  • ext_proc: Adding support for route_cache_action. It specifies the route action to be taken when an external processor response is received in response to request headers.

  • http2: Changes the default value of envoy.reloadable_features.http2_use_oghttp2 to true. This changes the codec used for HTTP/2 requests and responses. This behavior can be reverted by setting the feature to false.

  • proxy_protocol: Populate typed metadata by default in proxy protocol listener. Typed metadata can be consumed as TlvsMetadata type. This change can be temporarily disabled by setting the runtime flag envoy.reloadable_features.use_typed_metadata_in_proxy_protocol_listener to false.

  • thread_local: Changes the behavior of the SlotImpl class destructor. With this change the destructor can be called on any thread. This behavior can be reverted by setting the runtime flag envoy.reloadable_features.allow_slot_destroy_on_worker_threads to false.

Minor behavior changes

Changes that may cause incompatibilities for some users, but should not for most

  • access_log: The upstream connection address, rather than the upstream host address, will be used for the %UPSTREAM_REMOTE_ADDRESS%, %UPSTREAM_REMOTE_PORT% and %UPSTREAM_REMOTE_ADDRESS_WITHOUT_PORT% access log format specifiers. This behavior can be reverted by setting the runtime guard envoy.reloadable_features.upstream_remote_address_use_connection to false.

  • config: Stricter validation of a google.protobuf.Duration field in a config, rejecting invalid values (where the number of years is over 292). This can be temporarily reverted by setting runtime guard envoy.reloadable_features.strict_duration_validation to false.

  • dns: Changes the behavior of the getaddrinfo DNS resolver so that it treats EAI_NODATA and EAI_NONAME as successful queries with empty results, instead of as DNS failures. This change brings the getaddrinfo behavior in-line with the c-ares resolver behavior. This behavior can be reverted by setting the runtime guard envoy.reloadable_features.dns_nodata_noname_is_success to false.

  • statistics: Hot restart statistics like hot_restart_epoch are only set when hot restart is enabled.

  • tracers: Set status code for OpenTelemetry tracers (previously unset).

  • udp: Change GRO read buffer to 64kB to avoid MSG_TRUNC. And change the way to limit the number of packets processed per event loop to work with GRO. This behavior can be reverted by setting runtime guard envoy.reloadable_features.udp_socket_apply_aggregated_read_limit to false.

  • xds: Updated xDS-TP path naming to better comply with RFC-3986. Encoded resource paths can now include an a colon :, instead of %3A. This behavior can be reverted by setting the runtime flag envoy.reloadable_features.xdstp_path_avoid_colon_encoding to false.

Bug fixes

Changes expected to improve the state of the world and are unlikely to have negative effects

  • cares: Upgraded c-ares library to 1.20.1 and added fix to c-ares DNS implementation to additionally check for ARES_EREFUSED, ARES_ESERVFAIL``and ``ARES_ENOTIMP status. Without this fix, DestroyChannelOnRefused and CustomResolverValidAfterChannelDestruction unit test will break.

  • ext_authz: Added field validate_mutations, which, when set to true, adds header & query parameter mutation validation to the http ext_authz filter. If an authz response contains invalid mutations, the filter responds to the downstream request with HTTP 500 Internal Server Error. If you use ext_authz with an untrusted side stream, it’s recommended you set this to true.

  • ext_authz: Handle append_action from external authorization service that was ignored.

  • ext_authz: Set the SNI value from the requested server name if it isn’t available on the connection/socket. This applies when include_tls_session is true. The requested server name is set on a connection when filters such as the TLS inspector are used.

  • http: Fix BalsaParser resetting state too early, guarded by default-true envoy.reloadable_features.http1_balsa_delay_reset.

  • http: Fix a crash when reloading the HTTP Connection Manager via ECDS.

  • outlier detection: Fixed successful_active_health_check_uneject_host. Before, a failed health check could uneject the host if the FAILED_ACTIVE_HC health flag had not been set.

  • tls: Fix a RELEASE_ASSERT when using auto_sni if the downstream request :authority was longer than 255 characters.

  • udp: Fixed a bug that would cause Envoy to crash when updates to a pre-existing cluster were made (e.g. HostSet changes).

Removed config or runtime

Normally occurs at the end of the deprecation period

  • http: Removed envoy.reloadable_features.handle_uppercase_scheme runtime flag and legacy code paths.

  • http: Removed envoy.reloadable_features.lowercase_scheme runtime flag and lagacy code paths.

  • http: Removed envoy.reloadable_features.proxy_status_upstream_request_timeout runtime flag and lagacy code paths.

  • http: Removed envoy.reloadable_features.use_cluster_cache_for_alt_protocols_filter runtime flag and lagacy code paths.

  • router: Removed envoy.reloadable_features.copy_response_code_to_downstream_stream_info runtime flag and legacy code paths.

  • tcp: Removed envoy.reloadable_features.detect_and_raise_rst_tcp_connection runtime flag and legacy code paths.

  • upstream: Removed envoy.reloadable_features.convert_legacy_lb_config runtime flag and lagacy code paths.

New features

Deprecated