1.9.0 (Dec 20, 2018)
====================

Changes
-------

* access log: added a :ref:`JSON logging mode <v1.9.0:config_access_log_format_dictionaries>` to output access logs in JSON format.
* access log: added dynamic metadata to access log messages streamed over gRPC.
* access log: added DOWNSTREAM_CONNECTION_TERMINATION.
* admin: :http:post:`/logging` now responds with 200 while there are no params.
* admin: added support for displaying subject alternate names in :ref:`certs <v1.9.0:operations_admin_interface_certs>` end point.
* admin: added host weight to the :http:get:`/clusters?format=json` end point response.
* admin: :http:get:`/server_info` now responds with a JSON object instead of a single string.
* admin: :http:get:`/server_info` now exposes what stage of initialization the server is currently in.
* admin: added support for displaying command line options in :http:get:`/server_info` end point.
* circuit-breaker: added cx_open, rq_pending_open, rq_open and rq_retry_open gauges to expose live
  state via :ref:`circuit breakers statistics <v1.9.0:config_cluster_manager_cluster_stats_circuit_breakers>`.
* cluster: set a default of 1s for :ref:`option <v1.9.0:envoy_api_field_Cluster.CommonLbConfig.update_merge_window>`.
* config: removed support for the v1 API.
* config: added support for :ref:`rate limiting <v1.9.0:envoy_api_msg_core.RateLimitSettings>` discovery request calls.
* cors: added :ref:`invalid/valid stats <v1.9.0:cors-statistics>` to filter.
* ext-authz: added support for providing per route config - optionally disable the filter and provide context extensions.
* fault: removed integer percentage support.
* grpc-json: added support for :ref:`ignoring query parameters
  <v1.9.0:envoy_api_field_config.filter.http.transcoder.v2.GrpcJsonTranscoder.ignored_query_parameters>`.
* health check: added :ref:`logging health check failure events <v1.9.0:envoy_api_field_core.HealthCheck.always_log_health_check_failures>`.
* health check: added ability to set :ref:`authority header value
  <v1.9.0:envoy_api_field_core.HealthCheck.GrpcHealthCheck.authority>` for gRPC health check.
* http: added HTTP/2 WebSocket proxying via :ref:`extended CONNECT <v1.9.0:envoy_api_field_core.Http2ProtocolOptions.allow_connect>`.
* http: added limits to the number and length of header modifications in all fields request_headers_to_add and response_headers_to_add. These limits are very high and should only be used as a last-resort safeguard.
* http: added support for a :ref:`request timeout <v1.9.0:envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.request_timeout>`. The timeout is disabled by default.
* http: no longer adding whitespace when appending X-Forwarded-For headers. **Warning**: this is not
  compatible with 1.7.0 builds prior to `9d3a4eb4ac44be9f0651fcc7f87ad98c538b01ee <https://github.com/envoyproxy/envoy/pull/3610>`_.
  See `#3611 <https://github.com/envoyproxy/envoy/issues/3611>`_ for details.
* http: augmented the ``sendLocalReply`` filter API to accept an optional ``GrpcStatus``
  value to override the default HTTP to gRPC status mapping.
* http: no longer close the TCP connection when a HTTP/1 request is retried due
  to a response with empty body.
* http: added support for more gRPC content-type headers in :ref:`gRPC bridge filter <v1.9.0:config_http_filters_grpc_bridge>`, like application/grpc+proto.
* listeners: all listener filters are now governed by the :ref:`listener_filters_timeout
  <v1.9.0:envoy_api_field_Listener.listener_filters_timeout>` setting. The hard coded 15s timeout in
  the :ref:`TLS inspector listener filter <v1.9.0:config_listener_filters_tls_inspector>` is superseded by
  this setting.
* listeners: added the ability to match :ref:`FilterChain <v1.9.0:envoy_api_msg_listener.FilterChain>` using :ref:`source_type <v1.9.0:envoy_api_field_listener.FilterChainMatch.source_type>`.
* load balancer: added a `configuration <v1.9.0:envoy_api_msg_Cluster.LeastRequestLbConfig>` option to specify the number of choices made in P2C.
* logging: added missing [ in log prefix.
* mongo_proxy: added :ref:`dynamic metadata <v1.9.0:config_network_filters_mongo_proxy_dynamic_metadata>`.
* network: removed the reference to ``FilterState`` in ``Connection`` in favor of ``StreamInfo``.
* rate-limit: added :ref:`configuration <v1.9.0:envoy_api_field_config.filter.http.rate_limit.v2.RateLimit.rate_limited_as_resource_exhausted>`
  to specify whether the ``GrpcStatus`` status returned should be ``RESOURCE_EXHAUSTED`` or
  ``UNAVAILABLE`` when a gRPC call is rate limited.
* rate-limit: removed support for the legacy ratelimit service and made the data-plane-api
  :ref:`rls.proto <v1.9.0:envoy_api_file_envoy/service/ratelimit/v2/rls.proto>` based implementation default.
* rate-limit: removed the deprecated cluster_name attribute in :ref:`rate limit service configuration <v1.9.0:envoy_api_file_envoy/config/ratelimit/v2/rls.proto>`.
* rate-limit: added :ref:`rate_limit_service <v1.9.0:envoy_api_msg_config.filter.http.rate_limit.v2.RateLimit>` configuration to filters.
* rbac: added dynamic metadata to the network level filter.
* rbac: added support for permission matching by :ref:`requested server name <v1.9.0:envoy_api_field_config.rbac.v2alpha.permission.requested_server_name>`.
* redis: static cluster configuration is no longer required. Redis proxy will work with clusters
  delivered via CDS.
* router: added ability to configure arbitrary :ref:`retriable status codes. <v1.9.0:envoy_api_field_route.routeaction.retrypolicy.retriable_status_codes>`
* router: added ability to set attempt count in upstream requests, see :ref:`virtual host's include request
  attempt count flag <v1.9.0:envoy_api_field_route.VirtualHost.include_request_attempt_count>`.
* router: added internal :ref:`grpc-retry-on <v1.9.0:config_http_filters_router_x-envoy-retry-grpc-on>` policy.
* router: added :ref:`scheme_redirect <v1.9.0:envoy_api_field_route.RedirectAction.scheme_redirect>` and
  :ref:`port_redirect <v1.9.0:envoy_api_field_route.RedirectAction.port_redirect>` to define the respective
  scheme and port rewriting RedirectAction.
* router: when :ref:`max_grpc_timeout <v1.9.0:envoy_api_field_route.RouteAction.max_grpc_timeout>`
  is set, Envoy will now add or update the grpc-timeout header to reflect Envoy's expected timeout.
* router: per try timeouts now starts when an upstream stream is ready instead of when the request has
  been fully decoded by Envoy.
* router: added support for not retrying :ref:`rate limited requests <v1.9.0:config_http_filters_router_x-envoy-ratelimited>`. Rate limit filter now sets the :ref:`x-envoy-ratelimited <v1.9.0:config_http_filters_router_x-envoy-ratelimited>`
  header so the rate limited requests that may have been retried earlier will not be retried with this change.
* router: added support for enabling upgrades on a :ref:`per-route <v1.9.0:envoy_api_field_route.RouteAction.upgrade_configs>` basis.
* router: support configuring a default fraction of mirror traffic via
  :ref:`runtime_fraction <v1.9.0:envoy_api_field_route.RouteAction.RequestMirrorPolicy.runtime_key>`.
* sandbox: added :ref:`cors sandbox <v1.9.0:install_sandboxes_cors>`.
* server: added ``SIGINT`` (Ctrl-C) handler to gracefully shutdown Envoy like ``SIGTERM``.
* stats: added :ref:`stats_matcher <v1.9.0:envoy_api_field_config.metrics.v2.StatsConfig.stats_matcher>` to the bootstrap config for granular control of stat instantiation.
* stream: renamed the ``RequestInfo`` namespace to ``StreamInfo`` to better match
  its behaviour within TCP and HTTP implementations.
* stream: renamed ``perRequestState`` to ``filterState`` in ``StreamInfo``.
* stream: added ``downstreamDirectRemoteAddress`` to ``StreamInfo``.
* thrift_proxy: introduced thrift rate limiter filter.
* tls: added ssl.curves.<curve>, ssl.sigalgs.<sigalg> and ssl.versions.<version> to
  :ref:`listener metrics <v1.9.0:config_listener_stats>` to track TLS algorithms and versions in use.
* tls: added support for :ref:`client-side session resumption <v1.9.0:envoy_api_field_auth.UpstreamTlsContext.max_session_keys>`.
* tls: added support for CRLs in :ref:`trusted_ca <v1.9.0:envoy_api_field_auth.CertificateValidationContext.trusted_ca>`.
* tls: added support for :ref:`multiple server TLS certificates <v1.9.0:arch_overview_ssl_cert_select>`.
* tls: added support for :ref:`password encrypted private keys <v1.9.0:envoy_api_field_auth.TlsCertificate.password>`.
* tls: added the ability to build :ref:`BoringSSL FIPS <v1.9.0:arch_overview_ssl_fips>` using ``--define boringssl=fips`` Bazel option.
* tls: removed support for ECDSA certificates with curves other than P-256.
* tls: removed support for RSA certificates with keys smaller than 2048-bits.
* tracing: added support to the Zipkin tracer for the :ref:`b3 <v1.9.0:config_http_conn_man_headers_b3>` single header format.
* tracing: added support for :ref:`Datadog <v1.9.0:arch_overview_tracing>` tracer.
* upstream: added :ref:`scale_locality_weight <v1.9.0:envoy_api_field_Cluster.LbSubsetConfig.scale_locality_weight>` to enable
  scaling locality weights by number of hosts removed by subset lb predicates.
* upstream: changed how load calculation for :ref:`priority levels <v1.9.0:arch_overview_load_balancing_priority_levels>` and :ref:`panic thresholds <v1.9.0:arch_overview_load_balancing_panic_threshold>` interact. As long as normalized total health is 100% panic thresholds are disregarded.
* upstream: changed the default hash for :ref:`ring hash <v1.9.0:envoy_api_msg_Cluster.RingHashLbConfig>` from std::hash to `xxHash <https://github.com/Cyan4973/xxHash>`_.
* upstream: when using active health checking and STRICT_DNS with several addresses that resolve
  to the same hosts, Envoy will now health check each host independently.

Deprecated
----------

* Order of execution of the network write filter chain has been reversed. Prior to this release cycle it was incorrect, see `#4599 <https://github.com/envoyproxy/envoy/issues/4599>`_. In the 1.9.0 release cycle we introduced ``bugfix_reverse_write_filter_order`` in `lds.proto <https://github.com/envoyproxy/envoy/blob/main/api/envoy/api/v2/lds.proto>`_ to temporarily support both old and new behaviors. Note this boolean field is deprecated.
* Order of execution of the HTTP encoder filter chain has been reversed. Prior to this release cycle it was incorrect, see `#4599 <https://github.com/envoyproxy/envoy/issues/4599>`_. In the 1.9.0 release cycle we introduced ``bugfix_reverse_encode_order`` in `http_connection_manager.proto <https://github.com/envoyproxy/envoy/blob/main/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto>`_ to temporarily support both old and new behaviors. Note this boolean field is deprecated.
* Use of the v1 REST_LEGACY ApiConfigSource is deprecated.
* Use of std::hash in the ring hash load balancer is deprecated.
* Use of ``rate_limit_service`` configuration in the `bootstrap configuration <https://github.com/envoyproxy/envoy/blob/main/api/envoy/config/bootstrap/v2/bootstrap.proto>`_ is deprecated.
* Use of ``runtime_key`` in ``RequestMirrorPolicy``, found in
  `route.proto <https://github.com/envoyproxy/envoy/blob/main/api/envoy/api/v2/route/route.proto>`_
  is deprecated. Set the ``runtime_fraction`` field instead.
* Use of buffer filter ``max_request_time`` is deprecated in favor of the request timeout found in `HttpConnectionManager <https://github.com/envoyproxy/envoy/blob/main/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto>`_