Skip to content

Latest commit

 

History

History
134 lines (123 loc) · 19 KB

current.rst

File metadata and controls

134 lines (123 loc) · 19 KB

1.16.0 (Pending)

Incompatible Behavior Changes

Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required

  • build: added visibility rules for upstream. If these cause visibility related breakage, see notes in //BUILD.

Minor Behavior Changes

Changes that may cause incompatibilities for some users, but should not for most

Bug Fixes

Changes expected to improve the state of the world and are unlikely to have negative effects

  • csrf: fixed issues with regards to origin and host header parsing.
  • dynamic_forward_proxy: only perform DNS lookups for routes to Dynamic Forward Proxy clusters since other cluster types handle DNS lookup themselves.
  • fault: fixed an issue with active_faults gauge not being decremented for when abort faults were injected.
  • fault: made the HeaderNameValues::prefix() method const.
  • grpc-web: fixed an issue with failing HTTP/2 requests on some browsers. Notably, WebKit-based browsers (https://bugs.webkit.org/show_bug.cgi?id=210108), Internet Explorer 11, and Edge (pre-Chromium).
  • http: made the HeaderValues::prefix() method const.
  • jwt_authn: supports jwt payload without "iss" field.
  • rocketmq_proxy network-level filter: fixed an issue involving incorrect header lengths. In debug mode it causes crash and in release mode it causes underflow.
  • thrift_proxy: fixed crashing bug on request overflow.
  • udp_proxy: fixed a crash due to UDP packets being processed after listener removal.

Removed Config or Runtime

Normally occurs at the end of the :ref:`deprecation period <deprecated>`

  • http: removed legacy header sanitization and the runtime guard envoy.reloadable_features.strict_header_validation.
  • http: removed legacy transfer-encoding enforcement and runtime guard envoy.reloadable_features.reject_unsupported_transfer_encodings.
  • http: removed configurable strict host validation and runtime guard envoy.reloadable_features.strict_authority_validation.
  • http: removed the connection header sanitization runtime guard envoy.reloadable_features.connection_header_sanitization.

New Features

Deprecated