- access log: added a new flag for upstream retry count exceeded.
- access log: added a :ref:`gRPC filter <v1.10.0:envoy_api_msg_config.filter.accesslog.v2.GrpcStatusFilter>` to allow filtering on gRPC status.
- access log: added a new flag for stream idle timeout.
- access log: added a new field for upstream transport failure reason in :ref:`file access logger <v1.10.0:config_access_log_format_upstream_transport_failure_reason>` and :ref:`gRPC access logger <v1.10.0:envoy_api_field_data.accesslog.v2.AccessLogCommon.upstream_transport_failure_reason>` for HTTP access logs.
- access log: added new fields for downstream x509 information (URI sans and subject) to file and gRPC access logger.
- admin: the admin server can now be accessed via HTTP/2 (prior knowledge).
- admin: changed HTTP response status code from 400 to 405 when attempting to GET a POST-only route (such as /quitquitquit).
- buffer: fix vulnerabilities when allocation fails.
- build: releases are built with GCC-7 and linked with LLD.
- build: dev docker images :ref:`have been split <v1.10.0:install_binaries>` from tagged images for easier discoverability in Docker Hub. Additionally, we now build images for point releases.
- config: added support of using google.protobuf.Any in opaque configs for extensions.
- config: logging warnings when deprecated fields are in use.
- config: removed deprecated --v2-config-only from command line config.
- config: removed deprecated_v1 sds_config from :ref:`Bootstrap config <v1.10.0:config_overview_v2_bootstrap>`.
- config: removed the deprecated_v1 config option from :ref:`ring hash <v1.10.0:envoy_api_msg_Cluster.RingHashLbConfig>`.
- config: removed REST_LEGACY as a valid :ref:`ApiType <v1.10.0:envoy_api_field_core.ApiConfigSource.api_type>`.
- config: finish cluster warming only when a named response i.e. ClusterLoadAssignment associated to the cluster being warmed comes in the EDS response. This is a behavioural change from the current implementation where warming of cluster completes on missing load assignments also.
- config: use Envoy cpuset size to set the default number or worker threads if :option:`--cpuset-threads` is enabled.
- config: added support for :ref:`initial_fetch_timeout <v1.10.0:envoy_api_field_core.ConfigSource.initial_fetch_timeout>`. The timeout is disabled by default.
- cors: added :ref:`filter_enabled & shadow_enabled RuntimeFractionalPercent flags <v1.10.0:cors-runtime>` to filter.
- csrf: added
- ext_authz: added support for buffering request body.
- ext_authz: migrated from v2alpha to v2 and improved docs.
- ext_authz: added a configurable option to make the gRPC service cross-compatible with V2Alpha. Note that this feature is already deprecated. It should be used for a short time, and only when transitioning from alpha to V2 release version.
- ext_authz: migrated from v2alpha to v2 and improved the documentation.
- ext_authz: authorization request and response configuration has been separated into two distinct objects: :ref:`authorization request <v1.10.0:envoy_api_field_config.filter.http.ext_authz.v2.HttpService.authorization_request>` and :ref:`authorization response <v1.10.0:envoy_api_field_config.filter.http.ext_authz.v2.HttpService.authorization_response>`. In addition, :ref:`client headers <v1.10.0:envoy_api_field_config.filter.http.ext_authz.v2.AuthorizationResponse.allowed_client_headers>` and :ref:`upstream headers <v1.10.0:envoy_api_field_config.filter.http.ext_authz.v2.AuthorizationResponse.allowed_upstream_headers>` replaces the previous allowed_authorization_headers object. All the control header lists now support :ref:`string matcher <v1.10.0:envoy_api_msg_type.matcher.StringMatcher>` instead of standard string.
- fault: added the :ref:`max_active_faults <v1.10.0:envoy_api_field_config.filter.http.fault.v2.HTTPFault.max_active_faults>` setting, as well as :ref:`statistics <v1.10.0:config_http_filters_fault_injection_stats>` for the number of active faults and the number of faults the overflowed.
- fault: added :ref:`response rate limit <v1.10.0:envoy_api_field_config.filter.http.fault.v2.HTTPFault.response_rate_limit>` fault injection.
- fault: added :ref:`HTTP header fault configuration <v1.10.0:config_http_filters_fault_injection_http_header>` to the HTTP fault filter.
- governance: extending Envoy deprecation policy from 1 release (0-3 months) to 2 releases (3-6 months).
- health check: expected response codes in http health checks are now :ref:`configurable <v1.10.0:envoy_api_msg_core.HealthCheck.HttpHealthCheck>`.
- http: added new grpc_http1_reverse_bridge filter for converting gRPC requests into HTTP/1.1 requests.
- http: fixed a bug where Content-Length:0 was added to HTTP/1 204 responses.
- http: added :ref:`max request headers size <v1.10.0:envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.max_request_headers_kb>`. The default behaviour is unchanged.
- http: added modifyDecodingBuffer/modifyEncodingBuffer to allow modifying the buffered request/response data.
- http: added encodeComplete/decodeComplete. These are invoked at the end of the stream, after all data has been encoded/decoded respectively. Default implementation is a no-op.
- outlier_detection: added support for :ref:`outlier detection event protobuf-based logging <v1.10.0:arch_overview_outlier_detection_logging>`.
- mysql: added a MySQL proxy filter that is capable of parsing SQL queries over MySQL wire protocol. Refer to :ref:`MySQL proxy <v1.10.0:config_network_filters_mysql_proxy>` for more details.
- performance: new buffer implementation (disabled by default; to test it, add "--use-libevent-buffers 0" to the command-line arguments when starting Envoy).
- jwt_authn: added :ref:`filter_state_rules <v1.10.0:envoy_api_field_config.filter.http.jwt_authn.v2alpha.jwtauthentication.rules>` to allow specifying requirements from filterState by other filters.
- ratelimit: removed deprecated rate limit configuration from bootstrap.
- redis: added :ref:`hashtagging <v1.10.0:envoy_api_field_config.filter.network.redis_proxy.v2.RedisProxy.ConnPoolSettings.enable_hashtagging>` to guarantee a given key's upstream.
- redis: added :ref:`latency stats <v1.10.0:config_network_filters_redis_proxy_per_command_stats>` for commands.
- redis: added :ref:`success and error stats <v1.10.0:config_network_filters_redis_proxy_per_command_stats>` for commands.
- redis: migrate hash function for host selection to MurmurHash2 from std::hash. MurmurHash2 is compatible with std::hash in GNU libstdc++ 3.4.20 or above. This is typically the case when compiled on Linux and not macOS.
- redis: added :ref:`latency_in_micros <v1.10.0:envoy_api_field_config.filter.network.redis_proxy.v2.RedisProxy.latency_in_micros>` to specify the redis commands stats time unit in microseconds.
- router: added ability to configure a :ref:`retry policy <v1.10.0:envoy_api_msg_route.RetryPolicy>` at the virtual host level.
- router: added reset reason to response body when upstream reset happens. After this change, the response body will be of the form upstream connect error or disconnect/reset before headers. reset reason:
- router: added :ref:`rq_reset_after_downstream_response_started <v1.10.0:config_http_filters_router_stats>` counter stat to router stats.
- router: added per-route configuration of :ref:`internal redirects <v1.10.0:envoy_api_field_route.RouteAction.internal_redirect_action>`.
- router: removed deprecated route-action level headers_to_add/remove.
- router: made :ref:`max retries header <v1.10.0:config_http_filters_router_x-envoy-max-retries>` take precedence over the number of retries in route and virtual host retry policies.
- router: added support for prefix wildcards in :ref:`virtual host domains <v1.10.0:envoy_api_field_route.VirtualHost.domains>`
- stats: added support for histograms in prometheus
- stats: added usedonly flag to prometheus stats to only output metrics which have been updated at least once.
- stats: added gauges tracking remaining resources before circuit breakers open.
- tap: added new alpha :ref:`HTTP tap filter <v1.10.0:config_http_filters_tap>`.
- tls: enabled TLS 1.3 on the server-side (non-FIPS builds).
- upstream: add hash_function to specify the hash function for :ref:`ring hash <v1.10.0:envoy_api_msg_Cluster.RingHashLbConfig>` as either xxHash or murmurHash2. MurmurHash2 is compatible with std::hash in GNU libstdc++ 3.4.20 or above. This is typically the case when compiled on Linux and not macOS.
- upstream: added :ref:`degraded health value <v1.10.0:arch_overview_load_balancing_degraded>` which allows routing to certain hosts only when there are insufficient healthy hosts available.
- upstream: add cluster factory to allow creating and registering :ref:`custom cluster type <v1.10.0:arch_overview_service_discovery_types_custom>`.
- upstream: added a :ref:`circuit breaker <v1.10.0:arch_overview_circuit_break_cluster_maximum_connection_pools>` to limit the number of concurrent connection pools in use.
- tracing: added :ref:`verbose <v1.10.0:envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.tracing>` to support logging annotations on spans.
- upstream: added support for host weighting and :ref:`locality weighting <v1.10.0:arch_overview_load_balancing_locality_weighted_lb>` in the :ref:`ring hash load balancer <v1.10.0:arch_overview_load_balancing_types_ring_hash>`, and added a :ref:`maximum_ring_size <v1.10.0:envoy_api_field_Cluster.RingHashLbConfig.maximum_ring_size>` config parameter to strictly bound the ring size.
- zookeeper: added a ZooKeeper proxy filter that parses ZooKeeper messages (requests/responses/events). Refer to :ref:`ZooKeeper proxy <v1.10.0:config_network_filters_zookeeper_proxy>` for more details.
- upstream: added configuration option to select any host when the fallback policy fails.
- upstream: stopped incrementing upstream_rq_total for HTTP/1 conn pool when request is circuit broken.
- Use of use_alpha in :ref:`Ext-Authz Authorization Service <v1.10.0:envoy_api_file_envoy/service/auth/v2/external_auth.proto>` is deprecated. It should be used for a short time, and only when transitioning from alpha to V2 release version.
- Use of
enabled
inCorsPolicy
, found in :ref:`route.proto <v1.10.0:envoy_api_file_envoy/api/v2/route/route.proto>`. Set thefilter_enabled
field instead. - Use of the
type
field in theFaultDelay
message (found in :ref:`fault.proto <v1.10.0:envoy_api_file_envoy/config/filter/fault/v2/fault.proto>`) has been deprecated. It was never used and setting it has no effect. It will be removed in the following release.