forked from envoyproxy/envoy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcurrent.yaml
97 lines (91 loc) · 4.16 KB
/
current.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
date: Pending
behavior_changes:
# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
minor_behavior_changes:
# *Changes that may cause incompatibilities for some users, but should not for most*
- area: tcp
change: |
Added support for :ref:`connection_pool_per_downstream_connection
<envoy_v3_api_field_config.cluster.v3.Cluster.connection_pool_per_downstream_connection>` flag in tcp connection pool.
- area: lua
change: |
When Lua script executes httpCall, backpressure is exercised when receiving body from downstream client. This behavior can be reverted
by setting the runtime guard ``envoy.reloadable_features.lua_flow_control_while_http_call`` to false.
bug_fixes:
# *Changes expected to improve the state of the world and are unlikely to have negative effects*
- area: dns
change: |
The DNS filter no longer returns FORMERR if a message has an ID of 0.
- area: quic
change: |
Fixes access log formatter %CONNECTION_ID% for QUIC connections.
- area: ext_authz
change: |
Fixed fail-open behaviour of the :ref:`failure_mode_allow config option
<envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.failure_mode_allow>`
when a grpc external authz server is used.
The behaviour can be enabled by ``envoy_reloadable_features_process_ext_authz_grpc_error_codes_as_errors``.
removed_config_or_runtime:
# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
- area: upstream
change: |
Removed runtime flag ``envoy.reloadable_features.avoid_zombie_streams`` and legacy code paths.
- area: ext_proc
change: |
Removed runtime flag ``envoy_reloadable_features_immediate_response_use_filter_mutation_rule`` and legacy code
path.
- area: ext_proc
change: |
Removed runtime flag ``envoy_reloadable_features_send_header_raw_value`` and legacy code path.
- area: http
change: |
Removed runtime flag ``envoy.reloadable_features.no_downgrade_to_canonical_name`` and legacy code
path.
- area: DNS
change: |
Removed ``envoy.reloadable_features.dns_cache_set_first_resolve_complete`` runtime flag and legacy code paths.
- area: tls
change: |
Removed runtime flag ``envoy.reloadable_features.ssl_transport_failure_reason_format``.
- area: http
change: |
Removed runtime flag ``envoy.reloadable_features.abort_filter_chain_on_stream_reset`` and legacy
code path.
- area: grpc reverse bridge
change: |
Removed ``envoy.reloadable_features.grpc_http1_reverse_bridge_handle_empty_response`` runtime
flag and legacy code paths.
- area: grpc reverse bridge
change: |
Removed ``envoy.reloadable_features.grpc_http1_reverse_bridge_change_http_status`` runtime flag
and legacy code paths.
- area: stateful_session
change: |
Removed ``envoy.reloadable_features.stateful_session_encode_ttl_in_cookie`` runtime flag and legacy code paths.
new_features:
- area: tls
change: |
Added :ref:`prefer_client_ciphers
<envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.prefer_client_ciphers>`
to support enabling client cipher preference instead of server's for TLS handshakes.
- area: ext_authz
change: |
Added config field
:ref:`filter_metadata <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.filter_metadata>`
for injecting arbitrary data to the filter state for logging.
- area: access_log
change: |
added %UPSTREAM_CLUSTER_RAW% access log formatter to log the original upstream cluster name, regadless of whether
``alt_stat_name`` is set.
- area: sockets
change: |
Added socket ``type`` field for specifying a socket type to apply the socket option to under :ref:`SocketOption
<envoy_v3_api_msg_config.core.v3.SocketOption>`. If not specified, the socket option will be applied to all socket
types.
- area: tls
change: |
Added an extension point :ref:`custom_tls_certificate_selector
<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CommonTlsContext.custom_tls_certificate_selector>`
to allow overriding TLS certificate selection behavior.
An extension can select certificate base on the incoming SNI, in both sync and async mode.
deprecated: