-
Notifications
You must be signed in to change notification settings - Fork 4.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
repo: Sync version histories (#36255)
Signed-off-by: publish-envoy[bot] Co-authored-by: publish-envoy[bot] <140627008+publish-envoy[bot]@users.noreply.github.com>
- Loading branch information
1 parent
5b320f5
commit 7a831dd
Showing
9 changed files
with
111 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| date: September 19, 2024 | ||
|
|
||
| behavior_changes: | ||
| - area: http | ||
| change: | | ||
| The default configuration of Envoy will continue to trust internal addresses while in the future it will not trust them by default. | ||
| If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary ``x-envoy`` | ||
| headers) please explictily include those addresses or CIDR ranges into :ref:`internal_address_config | ||
| <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.internal_address_config>` | ||
| See the config examples from the above ``internal_address_config`` link. This default no trust internal address can be turned on by | ||
| setting runtime guard ``envoy.reloadable_features.explicit_internal_address_config`` to ``true``. | ||
| minor_behavior_changes: | ||
| - area: access_log | ||
| change: | | ||
| Sanitize SNI for potential log injection. The invalid character will be replaced by ``_`` with an ``invalid:`` marker. If runtime | ||
| flag ``envoy.reloadable_features.sanitize_sni_in_access_log`` is set to ``false``, the sanitize behavior is disabled. | ||
| bug_fixes: | ||
| - area: http_async_client | ||
| change: | | ||
| Fixed the local reply and destroy order crashes when using the http async client for websocket handshake. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| date: September 19, 2024 | ||
|
|
||
| behavior_changes: | ||
| - area: http | ||
| change: | | ||
| The default configuration of Envoy will continue to trust internal addresses while in the future it will not trust them by default. | ||
| If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary ``x-envoy`` | ||
| headers) please explictily include those addresses or CIDR ranges into :ref:`internal_address_config | ||
| <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.internal_address_config>` | ||
| See the config examples from the above ``internal_address_config`` link. This default no trust internal address can be turned on by | ||
| setting runtime guard ``envoy.reloadable_features.explicit_internal_address_config`` to ``true``. | ||
| minor_behavior_changes: | ||
| - area: access_log | ||
| change: | | ||
| Sanitize SNI for potential log injection. The invalid character will be replaced by ``_`` with an ``invalid:`` marker. If runtime | ||
| flag ``envoy.reloadable_features.sanitize_sni_in_access_log`` is set to ``false``, the sanitize behavior is disabled. | ||
| bug_fixes: | ||
| - area: jwt | ||
| change: | | ||
| Fixed a bug where using ``clear_route_cache`` with remote JWKs works | ||
| incorrectly and may cause a crash when the modified request does not match | ||
| any route. | ||
| - area: http_async_client | ||
| change: | | ||
| Fixed the local reply and destroy order crashes when using the http async client for websocket handshake. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| date: September 19, 2024 | ||
|
|
||
| behavior_changes: | ||
| - area: http | ||
| change: | | ||
| The default configuration of Envoy will continue to trust internal addresses while in the future it will not trust them by default. | ||
| If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary ``x-envoy`` | ||
| headers) please explictily include those addresses or CIDR ranges into :ref:`internal_address_config | ||
| <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.internal_address_config>` | ||
| See the config examples from the above ``internal_address_config`` link. This default no trust internal address can be turned on by | ||
| setting runtime guard ``envoy.reloadable_features.explicit_internal_address_config`` to ``true``. | ||
| minor_behavior_changes: | ||
| - area: access_log | ||
| change: | | ||
| Sanitize SNI for potential log injection. The invalid character will be replaced by ``_`` with an ``invalid:`` marker. If runtime | ||
| flag ``envoy.reloadable_features.sanitize_sni_in_access_log`` is set to ``false``, the sanitize behavior is disabled. | ||
| bug_fixes: | ||
| - area: jwt | ||
| change: | | ||
| Fixed a bug where using ``clear_route_cache`` with remote JWKs works | ||
| incorrectly and may cause a crash when the modified request does not match | ||
| any route. | ||
| - area: http_async_client | ||
| change: | | ||
| Fixed the local reply and destroy order crashes when using the http async client for websocket handshake. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| date: September 19, 2024 | ||
|
|
||
| behavior_changes: | ||
| - area: http | ||
| change: | | ||
| The default configuration of Envoy will continue to trust internal addresses while in the future it will not trust them by default. | ||
| If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary | ||
| ``x-envoy`` headers) please explictily include those addresses or CIDR ranges into :ref:`internal_address_config | ||
| <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.internal_address_config>` | ||
| See the config examples from the above ``internal_address_config`` link. This default no trust internal address can be turned on by | ||
| setting runtime guard ``envoy.reloadable_features.explicit_internal_address_config`` to ``true``. | ||
| - area: http2 | ||
| change: | | ||
| Changes the default value of ``envoy.reloadable_features.http2_use_oghttp2`` to ``false``. This changes the codec used for HTTP/2 | ||
| requests and responses to address to address stability concerns. This behavior can be reverted by setting the feature to ``true``. | ||
| minor_behavior_changes: | ||
| - area: access_log | ||
| change: | | ||
| Sanitize SNI for potential log injection. The invalid character will be replaced by ``_`` with an ``invalid:`` marker. If runtime | ||
| flag ``envoy.reloadable_features.sanitize_sni_in_access_log`` is set to ``false``, the sanitize behavior is disabled. | ||
| bug_fixes: | ||
| - area: jwt | ||
| change: | | ||
| Fixed a bug where using ``clear_route_cache`` with remote JWKs works | ||
| incorrectly and may cause a crash when the modified request does not match | ||
| any route. | ||
| - area: http_async_client | ||
| change: | | ||
| Fixed the local reply and destroy order crashes when using the http async client for websocket handshake. |
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters