1.33.0 (Pending)

Incompatible behavior changes

Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required

http: Added streaming shadow functionality. This allows for streaming the shadow request in parallel with the original request rather than waiting for the original request to complete. This allows shadowing requests larger than the buffer limit, but also means shadowing may take place for requests which are canceled mid-stream. This behavior change can be temporarily reverted by flipping envoy.reloadable_features.streaming_shadow to false.
http: RFC1918 addresses are no longer considered to be internal addresses by default. This addresses a security issue for Envoy’s in multi-tenant mesh environments. Please explicit set internal_address_config to retain the prior behavior. This change can be temporarily reverted by setting runtime guard envoy.reloadable_features.explicit_internal_address_config to false.
tracing: Removed support for (long deprecated) opencensus tracing extension.
wasm: Remove previously deprecated xDS attributes from get_property, use xds attributes instead.
wasm: The route cache will not be cleared by default if the wasm extension modified the request headers and the ABI version of wasm extension is larger then 0.2.1.

Minor behavior changes

Changes that may cause incompatibilities for some users, but should not for most

access_log: New implementation of the JSON formatter will be enabled by default. The sort_properties field will be ignored in the new implementation because the new implementation always sorts properties. And the new implementation will always keep the value type in the JSON output. For example, the duration field will always be rendered as a number instead of a string. This behavior change could be disabled temporarily by setting the runtime envoy.reloadable_features.logging_with_fast_json_formatter to false.
cluster: Clusters can no longer use unregistered extension types in cluster_type.
cluster: Clusters factories are registered by configuration type for cluster_type and will use configuration type to lookup the corresponding factory when available.
csrf: Increase only the statistics counter missing_source_origin for requests with a missing source origin. Previously, the request_invalid counter was also increased for such requests.
dns: Patched c-ares to address CVE-2024-25629.
formatter: The NaN and Infinity values of float will be serialized to null and "inf" respectively in the metadata (DYNAMIC_METADATA, CLUSTER_METADATA, etc.) formatter.
http: If the pack_trace_reason is set to false, Envoy will not parse the trace reason from the x-request-id header to ensure reads and writes of trace reason be consistant. If the pack_trace_reason is set to true and external x-request-id value is used, the trace reason in the external request id will not be trusted and will be cleared.
http: Local replies now traverse the filter chain if 1xx headers have been sent to the client. This change can be reverted by setting the runtime guard envoy.reloadable_features.local_reply_traverses_filter_chain_after_1xx to false.
oauth2: use_refresh_token is now enabled by default. This behavioral change can be temporarily reverted by setting runtime guard envoy.reloadable_features.oauth2_use_refresh_token to false.
oauth2: Implement the Signed Double-Submit Cookie pattern, as recommended by OWASP, by using the HMAC secret to sign and verify the nonce.
oauth2: The state parameter in the OAuth2 authorization request has been changed to a base64url-encoded JSON object. The JSON object contains the original request URL and a nonce for CSRF prevention.
quic: Enable UDP GRO in QUIC client connections by default. This behavior can be reverted by setting the runtime guard envoy.reloadable_features.prefer_quic_client_udp_gro to false.
rate_limit: add WEEK to the unit of time for rate limit.
rds: When a new RDS provider config is pushed via xDS and the only difference is change to initial_fetch_timeout, the already existing provider will be reused. Envoy will not ask RDS server for routes config because existing provider already has up to date routes config. This behavioral change can be temporarily reverted by setting runtime guard envoy.reloadable_features.normalize_rds_provider_config to false.
scoped_rds: The route_configuration field is supported when the ScopedRouteConfiguration resource is delivered via SRDS.
sds: Relaxed the backing cluster validation for Secret Discovery Service(SDS). Currently, the cluster that supports SDS, needs to be a primary cluster i.e. a non-EDS cluster defined in bootstrap configuration. This change relaxes that restriction i.e. SDS cluster can be a dynamic cluster. This change is enabled by default, and can be reverted by setting the runtime flag envoy.restart_features.skip_backing_cluster_check_for_sds to false.
xds: A minor delta-xDS optimization that avoids copying resources when ingesting them was introduced. No impact to the behavior is expected, but a runtime flag was added as this may impact config-ingestion related extensions (e.g., custom-config-validators, config-tracker), as the order of the elements passed to the callback functions may be different. This change can be temporarily reverted by setting envoy.reloadable_features.xds_prevent_resource_copy to false.

Bug fixes

Changes expected to improve the state of the world and are unlikely to have negative effects

DNS: Fixed bug where setting dns_jitter <envoy_v3_api_field_config.cluster.v3.Cluster.dns_jitter> to large values caused Envoy Bug to fire.
OAuth2: Fixed an issue where ID token and refresh token did not adhere to the cookie_domain field.
access_log: Relaxed the restriction on SNI logging to allow the _ character, even if envoy.reloadable_features.sanitize_sni_in_access_log is enabled.
balsa: Fix incorrect handling of non-101 1xx responses. This fix can be temporarily reverted by setting runtime guard envoy.reloadable_features.wait_for_first_byte_before_balsa_msg_done to false.
csrf: Handle requests that have a “privacy sensitive” / opaque origin (Origin: null) as if the request had no origin information.
dns_cache: Fixed a bug where the DNS refresh rate was the DNS TTL instead of the configured dns_refresh_rate/dns_failure_refresh_rate when we failed to resolve the DNS query after a successful resolution.
golang: Fixes a crash during Golang GC caused by accessing deleted decoder_callbacks. The bug was introduced in 1.31.0.* happy_eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting.
http/1: Fixes sending overload crashes when HTTP/1 request is reset.
load_balancing: Fixed default host weight calculation of client_side_weighted_round_robin to properly handle even number of valid host weights.
lrs: Fixes errors stat being incremented and warning log spamming for LoadStatsReporting graceful stream close.
orca: The previous ORCA parser will use : as the delimiter of key/value pair in the native HTTP report. This is wrong based on the design document. The correct delimiter should be =. This change add the = delimiter support to match the design document and keep the : delimiter for backward compatibility.
original_ip_detection custom header extension: Reverted custom header extension to its original behavior by disabling automatic XFF header appending that was inadvertently introduced in PR #31831.
scoped_rds: Fixes scope key leak and spurious scope key conflicts when an update to an SRDS resource changes the key.
stats ads grpc: Fixed metric for ADS disconnection counters using Google GRPC client. This extracts the GRPC client prefix specified in the google_grpc resource used for ADS, and adds that as a tag envoy_google_grpc_client_prefix to the Prometheus stats.
tls: Support operations on IP SANs when the IP version is not supported by the host operating system, for example an IPv6 SAN can now be used on a host not supporting IPv6 addresses.
tracers: Avoid possible overflow when setting span attributes in Dynatrace sampler.
udp/dynamic_forward_proxy: Fixed bug where dynamic_forward_proxy udp session filter disabled buffer in filter config instead of disabling buffer for the filter instance.
udp_proxy: Fix a bug that cause Envoy to crash due to segmentation fault when onBelowWriteBufferLowWatermark callback is called.
validation/tools: Add back missing extension for schema_validator_tool.

Removed config or runtime

Normally occurs at the end of the deprecation period

aws: Removed runtime flag envoy.reloadable_features.use_http_client_to_fetch_aws_credentials.
dns: Removed runtime flag envoy.reloadable_features.dns_reresolve_on_eai_again and legacy code paths.
grpc: Removed runtime guard envoy.reloadable_features.validate_grpc_header_before_log_grpc_status.
http: Removed runtime flag envoy.reloadable_features.http_route_connect_proxy_by_default and legacy code paths.
http: Removed runtime flag envoy.restart_features.sanitize_te and legacy code paths.
http2: Removed runtime flag envoy.reloadable_features.defer_processing_backedup_streams and legacy code paths.
load balancing: Removed runtime guard envoy.reloadable_features.edf_lb_host_scheduler_init_fix and legacy code paths.
load balancing: Removed runtime guard envoy.reloadable_features.edf_lb_locality_scheduler_init_fix and legacy code paths.
quic: Removed runtime flag envoy.restart_features.quic_handle_certs_with_shared_tls_code and legacy code paths.
router: Removed runtime guard envoy_reloadable_features_send_local_reply_when_no_buffer_and_upstream_request.
upstream: Removed runtime flag envoy.reloadable_features.exclude_host_in_eds_status_draining.
upstream: Removed runtime flag envoy.restart_features.allow_client_socket_creation_failure and legacy code paths.

New features

CEL-attributes: Added attribute upstream.cx_pool_ready_duration to get the duration from when the upstream request was created to when the upstream connection pool is ready.
CEL-attributes: Added attribute upstream.request_attempt_count to get the number of times a request is attempted upstream.
access log: Added fields for DOWNSTREAM_DIRECT_LOCAL_ADDRESS and DOWNSTREAM_DIRECT_LOCAL_ADDRESS_WITHOUT_PORT.
access_log: Added %DOWNSTREAM_LOCAL_EMAIL_SAN%, %DOWNSTREAM_PEER_EMAIL_SAN%, %DOWNSTREAM_LOCAL_OTHERNAME_SAN% and %DOWNSTREAM_PEER_OTHERNAME_SAN% substitution formatters.
access_log: Added support for %UPSTREAM_HOST_NAME_WITHOUT_PORT% for the upstream host identifier without the port value.
access_log: Added support for logging upstream connection establishment duration in the %COMMON_DURATION% access log formatter operator. The following time points were added: %US_CX_BEG%, %US_CX_END%, %US_HS_END%.
attributes: added new xds.virtual_host_name and xds.virtual_host_metadata attributes support. See attributes for looking up xDS configuration information.
aws_request_signing: Added an optional field credential_provider to the AWS request signing filter to explicitly specify a source for AWS credentials.
c-ares: added nameserver rotation option to c-ares resolver. When enabled via :ref:rotate_nameservers <envoy_v3_api_field_extensions.network.dns_resolver.cares.v3.CaresDnsResolverConfig.rotate_nameservers>, this performs round-robin selection of the configured nameservers for each resolution to help distribute query load.
c-ares: added two new options to c-ares resolver for configuring custom timeouts and tries while resolving DNS queries. Custom timeouts could be configured by specifying query_timeout_seconds and custom tries could be configured by specifying query_tries.
ext_authz: added filter state field latency_us, bytesSent and bytesReceived access for CEL and logging.
filters: Added the Api Key Auth filter, which can be used to authenticate requests using an API key.
filters: Updatd the set_filter_state filter to support per-route overrides.
grpc-json: Added a new http filter for gRPC to JSON transcoding.
health_check: Added new health check filter stats including total requests, successful/failed checks, cached responses, and cluster health status counters. These stats help track health check behavior and cluster health state.
http: Add query parameter mutations to Header Mutation Filter for adding/removing query parameters on a request.
http_inspector: Added default-false envoy.reloadable_features.http_inspector_use_balsa_parser for HttpInspector to use BalsaParser.
ip-tagging: Adds support for specifying an alternate header ip_tag_header for appending IP tags via ip-tagging filter instead of using the default header x-envoy-ip-tags.
local_ratelimit: Added per descriptor custom hits addend support for local rate limit filter. See hits_addend for more details.
lua: Add logging functions to all lua objects. Previously these were only available on the Lua http filter request handle.
lua: Added downstreamDirectLocalAddress() method to the Stream info object API.
lua: Added a new setUpstreamOverrideHost() which could be used to set the given host as the upstream host for the current request.
lua: Added ssl parsedSubjectPeerCertificate() API.
lua cluster specifier: Added ability for a Lua script to query clusters for current requests and connections.
overload: Added support for scaling max connection duration. This can be used to reduce the max connection duration in response to overload.
quic: Added QUIC stats debug visitor to get more stats from the QUIC transport.
ratelimit: Add the rate_limits field to generate rate limit descriptors. If this field is set, the VirtualHost.rate_limits or RouteAction.rate_limits fields will be ignored.
ratelimit: Add the option to reduce the rate limit budget based on request/response contexts on stream done. See apply_on_stream_done for more details.
rbac: added sourced_metadata which allows specifying an optional source for the metadata to be matched in addition to the metadata matcher.
redis: Added support for UNWATCH command.
redis: Added support for keys and select.
sni_dynamic_forward_proxy: Added support in SNI dynamic forward proxy for saving the resolved upstream address in the filter state. The state is saved with the key envoy.stream.upstream_address.
tls: Added an option to change the upstream SNI to the configured hostname for the upstream.
tls: Added an option to validate the upstream server certificate SANs against the actual SNI value sent, regardless of the method of configuring SNI.
tls: Added support for P-384 and P-521 curves for TLS server certificates.
tracers: Set resource telemetry.sdk.* and scope otel.scope.name|version attributes for the OpenTelemetry tracer.
udp_proxy: Added support for coexistence of dynamic and static clusters in the same udp proxy, so we can use dynamic clusters for some sessions by setting a per-session state object under the key envoy.upstream.dynamic_host and routing to dynamic cluster, and we can use static clusters for other sessions by setting a per-session state object under the key envoy.udp_proxy.cluster without setting envoy.upstream.dynamic_host.
udp_proxy: Added support for dynamic cluster selection in UDP proxy. The cluster can be set by one of the session filters by setting a per-session state object under the key envoy.udp_proxy.cluster.
wasm: Added the wasm vm reload support to reload wasm vm when the wasm vm is failed with runtime errors. See failure_policy for more details. The FAIL_RELOAD reload policy will be used by default.
wasm: added clear_route_cache foreign function to clear the route cache.
xds: Added support for ADS replacement by invoking xdsManager().setAdsConfigSource() with a new config source.

Deprecated

aws_iam: The aws_iam extension is deprecated and will be deleted from Envoy in a future release, no later than Envoy 1.35, but possibly sooner.
cluster: DNS-related fields in :ref:`Cluster <envoy_v3_api_msg_config.cluster.v3.Cluster> are deprecated when using strict and logical dns clusters. Instead, use the :ref:`cluster_type <envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type extension point with typed_config of type DnsCluster.
rbac: metadata metadata is now deprecated in the favor of sourced_metadata.