diff --git a/changelogs/current.yaml b/changelogs/current.yaml index 39501f0cda6f..6049d6ab0a50 100644 --- a/changelogs/current.yaml +++ b/changelogs/current.yaml @@ -11,8 +11,8 @@ behavior_changes: Removed support for (long deprecated) opencensus tracing extension. - area: wasm change: | - The route cache will not be cleared by default if the wasm extension modified the request headers and - the ABI version of wasm extension is larger then 0.2.1. + The route cache will not be cleared by default if the Wasm extension modified the request headers and + the ABI version of Wasm extension is larger then 0.2.1. - area: wasm change: | Remove previously deprecated xDS attributes from ``get_property``, use ``xds`` attributes instead. @@ -29,8 +29,8 @@ behavior_changes: change: | Added streaming shadow functionality. This allows for streaming the shadow request in parallel with the original request rather than waiting for the original request to complete. This allows shadowing requests larger than the buffer limit, - but also means shadowing may take place for requests which are canceled mid-stream. This behavior change can be - temporarily reverted by flipping ``envoy.reloadable_features.streaming_shadow`` to false. + but also means shadowing may take place for requests which are cancelled mid-stream. This behavior change can be + temporarily reverted by flipping ``envoy.reloadable_features.streaming_shadow`` to ``false``. minor_behavior_changes: @@ -39,8 +39,8 @@ minor_behavior_changes: change: | New implementation of the JSON formatter will be enabled by default. The :ref:`sort_properties ` field will - be ignored in the new implementation because the new implementation always sorts properties. And the new implementation - will always keep the value type in the JSON output. For example, the duration field will always be rendered as a number + be ignored in the new implementation because the new implementation always sorts properties, and the new implementation + will always keep the value type in the JSON output. For example, the ``duration`` field will always be rendered as a number instead of a string. This behavior change could be disabled temporarily by setting the runtime ``envoy.reloadable_features.logging_with_fast_json_formatter`` to false. @@ -53,12 +53,12 @@ minor_behavior_changes: by setting ``envoy.reloadable_features.xds_prevent_resource_copy`` to ``false``. - area: formatter change: | - The NaN and Infinity values of float will be serialized to ``null`` and ``"inf"`` respectively in the + The ``NaN`` and ``Infinity`` values of float will be serialized to ``null`` and ``inf`` respectively in the metadata (``DYNAMIC_METADATA``, ``CLUSTER_METADATA``, etc.) formatter. - area: sds change: | - Relaxed the backing cluster validation for Secret Discovery Service(SDS). Currently, the cluster that supports SDS, - needs to be a primary cluster i.e. a non-EDS cluster defined in bootstrap configuration. This change relaxes that + Relaxed the backing cluster validation for Secret Discovery Service(SDS). Currently, the cluster that supports SDS + needs to be a primary cluster, i.e. a non-EDS cluster defined in bootstrap configuration. This change relaxes that restriction i.e. SDS cluster can be a dynamic cluster. This change is enabled by default, and can be reverted by setting the runtime flag ``envoy.restart_features.skip_backing_cluster_check_for_sds`` to ``false``. - area: http @@ -73,7 +73,7 @@ minor_behavior_changes: change: | :ref:`use_refresh_token ` is now enabled by default. This behavioral change can be temporarily reverted by setting runtime guard - ``envoy.reloadable_features.oauth2_use_refresh_token`` to false. + ``envoy.reloadable_features.oauth2_use_refresh_token`` to ``false``. - area: oauth2 change: | The ``state`` parameter in the OAuth2 authorization request has been changed to a base64url-encoded JSON object. @@ -85,7 +85,7 @@ minor_behavior_changes: - area: quic change: | Enable UDP GRO in QUIC client connections by default. This behavior can be reverted by setting - the runtime guard ``envoy.reloadable_features.prefer_quic_client_udp_gro`` to false. + the runtime guard ``envoy.reloadable_features.prefer_quic_client_udp_gro`` to ``false``. - area: scoped_rds change: | The :ref:`route_configuration ` field @@ -93,7 +93,7 @@ minor_behavior_changes: - area: http change: | Local replies now traverse the filter chain if 1xx headers have been sent to the client. This change can be reverted - by setting the runtime guard ``envoy.reloadable_features.local_reply_traverses_filter_chain_after_1xx`` to false. + by setting the runtime guard ``envoy.reloadable_features.local_reply_traverses_filter_chain_after_1xx`` to ``false``. - area: cluster change: | Clusters can no longer use unregistered extension types in @@ -101,7 +101,7 @@ minor_behavior_changes: - area: cluster change: | Clusters factories are registered by configuration type for - :ref:`cluster_type` + :ref:`cluster_type ` and will use configuration type to lookup the corresponding factory when available. - area: dns change: | @@ -120,13 +120,13 @@ minor_behavior_changes: the already existing provider will be reused. Envoy will not ask RDS server for routes config because existing provider already has up to date routes config. This behavioral change can be temporarily reverted by setting runtime guard - ``envoy.reloadable_features.normalize_rds_provider_config`` to false. + ``envoy.reloadable_features.normalize_rds_provider_config`` to ``false``. bug_fixes: # *Changes expected to improve the state of the world and are unlikely to have negative effects* - area: lrs change: | - Fixes errors stat being incremented and warning log spamming for LoadStatsReporting graceful stream close. + Fixes errors stat being incremented and warning log spamming for ``LoadStatsReporting`` graceful stream close. - area: tls change: | Support operations on IP SANs when the IP version is not supported by the host operating system, for example @@ -136,21 +136,21 @@ bug_fixes: Fixes scope key leak and spurious scope key conflicts when an update to an SRDS resource changes the key. - area: stats ads grpc change: | - Fixed metric for ADS disconnection counters using Google GRPC client. This extracts the GRPC client prefix specified + Fixed metric for ADS disconnection counters using Google gRPC client. This extracts the gRPC client prefix specified in the :ref:`google_grpc ` resource used for ADS, and adds that as a tag ``envoy_google_grpc_client_prefix`` to the Prometheus stats. - area: golang - change: - Fixes a crash during Golang GC caused by accessing deleted decoder_callbacks. The bug was introduced in 1.31.0. + change: | + Fixes a crash during Golang GC caused by accessing deleted ``decoder_callbacks``. The bug was introduced in 1.31.0. - area: access_log change: | Relaxed the restriction on SNI logging to allow the ``_`` character, even if ``envoy.reloadable_features.sanitize_sni_in_access_log`` is enabled. -- area: DNS +- area: dns change: | - Fixed bug where setting ``dns_jitter `` to large values caused Envoy Bug + Fixed bug where setting :ref:`dns_jitter ` to large values caused Envoy Bug to fire. -- area: OAuth2 +- area: oauth2 change: | Fixed an issue where ID token and refresh token did not adhere to the :ref:`cookie_domain ` field. @@ -172,18 +172,18 @@ bug_fixes: Add back missing extension for ``schema_validator_tool``. - area: udp/dynamic_forward_proxy change: | - Fixed bug where dynamic_forward_proxy udp session filter disabled buffer in filter config + Fixed bug where ``dynamic_forward_proxy`` udp session filter disabled buffer in filter config instead of disabling buffer for the filter instance. - area: csrf change: | Handle requests that have a "privacy sensitive" / opaque origin (``Origin: null``) as if the request had no origin information. - area: udp_proxy change: | - Fix a bug that cause Envoy to crash due to segmentation fault when onBelowWriteBufferLowWatermark callback is called. + Fix a bug that cause Envoy to crash due to segmentation fault when ``onBelowWriteBufferLowWatermark`` callback is called. - area: orca change: | The previous ORCA parser will use ``:`` as the delimiter of key/value pair in the native HTTP report. This is wrong - based on the design document. The correct delimiter should be ``=``. This change add the ``=`` delimiter support to + based on the design document. The correct delimiter should be ``=``. This change adds the ``=`` delimiter support to match the design document and keep the ``:`` delimiter for backward compatibility. - area: http/1 change: | @@ -194,10 +194,10 @@ bug_fixes: - area: balsa change: | Fix incorrect handling of non-101 1xx responses. This fix can be temporarily reverted by setting runtime guard - ``envoy.reloadable_features.wait_for_first_byte_before_balsa_msg_done`` to false. + ``envoy.reloadable_features.wait_for_first_byte_before_balsa_msg_done`` to ``false``. - area: dns_cache change: | - Fixed a bug where the DNS refresh rate was the DNS TTL instead of the configured dns_refresh_rate/dns_failure_refresh_rate + Fixed a bug where the DNS refresh rate was the DNS TTL instead of the configured ``dns_refresh_rate``/``dns_failure_refresh_rate`` when we failed to resolve the DNS query after a successful resolution. - area: http2 change: | @@ -249,17 +249,17 @@ new_features: Added support for keys and select. - area: wasm change: | - Added the wasm vm reload support to reload wasm vm when the wasm vm is failed with runtime errors. See + Added the Wasm VM reload support to reload Wasm VM when the Wasm VM is failed with runtime errors. See :ref:`failure_policy ` for more details. The ``FAIL_RELOAD`` reload policy will be used by default. - area: wasm change: | - Added support for wasm plugins written in Go with the github.com/proxy-wasm/proxy-wasm-go-sdk and compiled with Go v1.24+. + Added support for Wasm plugins written in Go with the ``github.com/proxy-wasm/proxy-wasm-go-sdk`` and compiled with Go v1.24+. - area: aws_request_signing change: | Added an optional field :ref:`credential_provider ` - to the AWS request signing filter to explicitly specify a source for AWS credentials. Credential file and AssumeRoleWithWebIdentity + to the AWS request signing filter to explicitly specify a source for AWS credentials. Credential file and ``AssumeRoleWithWebIdentity`` behaviour can also be overridden with this field. - area: tls change: | @@ -279,7 +279,7 @@ new_features: Added support for ADS replacement by invoking ``xdsManager().setAdsConfigSource()`` with a new config source. - area: wasm change: | - added ``clear_route_cache`` foreign function to clear the route cache. + Added ``clear_route_cache`` foreign function to clear the route cache. - area: access_log change: | Added ``%DOWNSTREAM_LOCAL_EMAIL_SAN%``, ``%DOWNSTREAM_PEER_EMAIL_SAN%``, ``%DOWNSTREAM_LOCAL_OTHERNAME_SAN%`` and @@ -303,7 +303,7 @@ new_features: get more stats from the QUIC transport. - area: http_inspector change: | - Added default-false ``envoy.reloadable_features.http_inspector_use_balsa_parser`` for HttpInspector to use BalsaParser. + Added default-false ``envoy.reloadable_features.http_inspector_use_balsa_parser`` for ``HttpInspector`` to use ``BalsaParser``. - area: overload change: | Added support for scaling :ref:`max connection duration @@ -314,7 +314,7 @@ new_features: Set resource ``telemetry.sdk.*`` and scope ``otel.scope.name|version`` attributes for the OpenTelemetry tracer. - area: lua change: | - Added ssl :ref:`parsedSubjectPeerCertificate() ` API. + Added SSL :ref:`parsedSubjectPeerCertificate() ` API. - area: lua cluster specifier change: | Added ability for a Lua script to query clusters for current requests and connections. @@ -341,18 +341,18 @@ new_features: for appending IP tags via ip-tagging filter instead of using the default header ``x-envoy-ip-tags``. - area: c-ares change: | - added two new options to c-ares resolver for configuring custom timeouts and tries while resolving DNS + Added two new options to c-ares resolver for configuring custom timeouts and tries while resolving DNS queries. Custom timeouts could be configured by specifying :ref:`query_timeout_seconds ` and custom tries could be configured by specifying :ref:`query_tries `. - area: rbac change: | - added :ref:`sourced_metadata ` which allows + Added :ref:`sourced_metadata ` which allows specifying an optional source for the metadata to be matched in addition to the metadata matcher. - area: c-ares change: | - added nameserver rotation option to c-ares resolver. When enabled via :ref:`rotate_nameservers + Added nameserver rotation option to c-ares resolver. When enabled via :ref:`rotate_nameservers `, this performs round-robin selection of the configured nameservers for each resolution to help distribute query load. - area: access_log @@ -367,7 +367,7 @@ new_features: the key ``envoy.udp_proxy.cluster`` without setting ``envoy.upstream.dynamic_host``. - area: ext_authz change: | - added filter state field ``latency_us``, ``bytesSent`` and ``bytesReceived`` access for CEL and logging. + Added filter state field ``latency_us``, ``bytesSent`` and ``bytesReceived`` access for CEL and logging. - area: sni_dynamic_forward_proxy change: | Added support in SNI dynamic forward proxy for saving the resolved upstream address in the filter state. @@ -402,7 +402,7 @@ new_features: Added a new http filter for :ref:`gRPC to JSON transcoding `. - area: attributes change: | - added new ``xds.virtual_host_name`` and ``xds.virtual_host_metadata`` attributes support. See + Added new ``xds.virtual_host_name`` and ``xds.virtual_host_metadata`` attributes support. See :ref:`attributes ` for looking up xDS configuration information. - area: redis change: | @@ -432,7 +432,7 @@ new_features: deprecated: - area: rbac change: | - :ref:`metadata ` is now deprecated in the + :ref:`metadata ` is now deprecated in favor of :ref:`sourced_metadata `. - area: cluster change: |