release: v2.9.0 (#8653)

Author: abernix

.circleci/config.yml

@@ -11,53 +11,53 @@ orbs:
 executors:
   amd_linux_build: &amd_linux_build_executor
     docker:
-      - image: ghcr.io/apollographql/ci-utility-docker-images/apollo-rust-builder:0.19.0
+      - image: ghcr.io/apollographql/ci-utility-docker-images/apollo-rust-builder:0.21.1
     resource_class: xlarge
     environment:
       CARGO_BUILD_JOBS: 4
       RUST_TEST_THREADS: 6
       MISE_ENV: ci
   amd_linux_helm: &amd_linux_helm_executor
     docker:
-      - image: ghcr.io/apollographql/ci-utility-docker-images/apollo-rust-builder:0.19.0
+      - image: ghcr.io/apollographql/ci-utility-docker-images/apollo-rust-builder:0.21.1
     resource_class: small
     environment:
       MISE_ENV: ci
   amd_linux_test: &amd_linux_test_executor
     docker:
-      - image: ghcr.io/apollographql/ci-utility-docker-images/apollo-rust-builder:0.19.0
-      - image: cimg/redis:7.4.6
+      - image: ghcr.io/apollographql/ci-utility-docker-images/apollo-rust-builder:0.21.1
+      - image: cimg/redis:7.4.7
       - image: openzipkin/zipkin:3.5.1
-      - image: ghcr.io/datadog/dd-apm-test-agent/ddapm-test-agent:v1.36.0
+      - image: ghcr.io/datadog/dd-apm-test-agent/ddapm-test-agent:v1.38.0
       # redis cluster - 3 primaries, 3 replicas
-      - image: cimg/redis:7.4.6
+      - image: cimg/redis:7.4.7
         command: [ "redis-server", "--protected-mode", "no", "--port", "7000", "--cluster-enabled", "yes" ]
-      - image: cimg/redis:7.4.6
+      - image: cimg/redis:7.4.7
         command: [ "redis-server", "--protected-mode", "no", "--port", "7001", "--cluster-enabled", "yes" ]
-      - image: cimg/redis:7.4.6
+      - image: cimg/redis:7.4.7
         command: [ "redis-server", "--protected-mode", "no", "--port", "7002", "--cluster-enabled", "yes" ]
-      - image: cimg/redis:7.4.6
+      - image: cimg/redis:7.4.7
         command: [ "redis-server", "--protected-mode", "no", "--port", "7003", "--cluster-enabled", "yes" ]
-      - image: cimg/redis:7.4.6
+      - image: cimg/redis:7.4.7
         command: [ "redis-server", "--protected-mode", "no", "--port", "7004", "--cluster-enabled", "yes" ]
-      - image: cimg/redis:7.4.6
+      - image: cimg/redis:7.4.7
         command: [ "redis-server", "--protected-mode", "no", "--port", "7005", "--cluster-enabled", "yes" ]
-      - image: cimg/redis:7.4.6
+      - image: cimg/redis:7.4.7
         command: [ "sh", "-c", "sleep 30; echo yes | redis-cli --cluster create --cluster-replicas 1 localhost:7000 localhost:7001 localhost:7002 localhost:7003 localhost:7004 localhost:7005" ]
     resource_class: 2xlarge
     environment:
       MISE_ENV: ci
       CARGO_BUILD_JOBS: 4
   arm_linux_build: &arm_linux_build_executor
     docker:
-      - image: ghcr.io/apollographql/ci-utility-docker-images/apollo-rust-builder:0.19.0
+      - image: ghcr.io/apollographql/ci-utility-docker-images/apollo-rust-builder:0.21.1
     resource_class: arm.xlarge
     environment:
       MISE_ENV: ci
       CARGO_BUILD_JOBS: 8
   arm_linux_test: &arm_linux_test_executor
     docker:
-      - image: ghcr.io/apollographql/ci-utility-docker-images/apollo-rust-builder:0.19.0
+      - image: ghcr.io/apollographql/ci-utility-docker-images/apollo-rust-builder:0.21.1
     resource_class: arm.xlarge
     environment:
       MISE_ENV: ci
@@ -68,7 +68,7 @@ executors:
       # at https://circleci.com/docs/using-macos#supported-xcode-versions.
       # We use the major.minor notation to bring in compatible patches.
       xcode: "15.4.0"
-    resource_class: m2pro.large
+    resource_class: m4pro.large
     environment:
       MISE_ENV: ci,ci-mac
   macos_test: &macos_test_executor
@@ -77,7 +77,7 @@ executors:
       # at https://circleci.com/docs/using-macos#supported-xcode-versions.
       # We use the major.minor notation to bring in compatible patches.
       xcode: "15.4.0"
-    resource_class: m2pro.large
+    resource_class: m4pro.large
     environment:
       MISE_ENV: ci,ci-mac
   windows_build: &windows_build_executor
@@ -846,7 +846,7 @@ jobs:
 
   publish_github_release:
     docker:
-      - image: ghcr.io/apollographql/ci-utility-docker-images/apollo-rust-builder:0.19.0
+      - image: ghcr.io/apollographql/ci-utility-docker-images/apollo-rust-builder:0.21.1
     resource_class: small
     environment:
       <<: *common_job_environment

.config/mise/config.ci-mac.toml

@@ -1,5 +1,5 @@
 [tools]
 # renovate-automation: rustc version
-rust = { version = "1.90.0", targets = "x86_64-apple-darwin,aarch64-apple-darwin", profile = "default", components = "llvm-tools" }
+rust = { version = "1.91.1", targets = "x86_64-apple-darwin,aarch64-apple-darwin", profile = "default", components = "llvm-tools" }
 "cargo:cargo-llvm-cov" = "0.6.16"
 "ubi:codecov/codecov-cli" = "10.4.0"

.config/mise/config.toml

@@ -1,7 +1,7 @@
 [tools]
 # renovate-automation: rustc version
-rust = "1.90.0"
-"aqua:cargo-bins/cargo-binstall" = "1.15.7"
+rust = "1.91.1"
+"aqua:cargo-bins/cargo-binstall" = "1.16.0"
 "cargo:cargo-nextest" = "0.9.70"
 "cargo:cargo-deny" = "0.18.2"
 "cargo:cargo-edit" = "0.13.0"
@@ -11,9 +11,9 @@ rust = "1.90.0"
 "cargo:cargo-watch" = "8.5.3"
 "cargo:cargo-machete" = "0.9.0"
 "cargo:typos-cli" = "1.31.1"
-protoc = "33.0"
+protoc = "33.1"
 gh = "2.72.0"
-helm = "3.19.0"
+helm = "3.19.2"
 helm-docs = "1.14.2"
-yq = "4.48.1"
+yq = "4.48.2"
 jq = "1.8.1"

.github/workflows/update_apollo_protobuf.yaml

@@ -9,7 +9,7 @@ jobs:
   Update-Protobuf-Schema:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
       - name: Make changes to pull request
         run: |
           curl -f https://usage-reporting.api.apollographql.com/proto/reports.proto > ./apollo-router/src/plugins/telemetry/proto/reports.proto

.github/workflows/update_uplink_schema.yml

@@ -9,7 +9,7 @@ jobs:
   Update-Uplink-Schema:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5
       - name: Install Rover
         run: |
           curl -sSL https://rover.apollo.dev/nix/v0.14.1 | sh

.gitleaks.toml

@@ -1,3 +1,11 @@
+[[ rules ]]
+    id = "generic-api-key"
+    [ rules.allowlist ]
+        paths = [
+            '''Cargo.lock$'''
+            ,'''^\.changesets\/.+\.md$'''
+            ,'''^CHANGELOG\.md$'''
+        ]
 
 [[ rules ]]
     id = "generic-api-key"
@@ -41,6 +49,7 @@
 
         paths = [
             '''^apollo-router\/src\/.+\/testdata\/.+''',
+            '''^apollo-router\/tests\/integration\/fixtures\/.+''',
         ]
 
 [[ rules ]]

CHANGELOG.md

@@ -2,6 +2,173 @@
 
 This project adheres to [Semantic Versioning v2.0.0](https://semver.org/spec/v2.0.0.html).
 
+# [2.9.0] - 2025-11-27
+
+## 🚀 Features
+
+### Add CORS Private Network Access support ([PR #8279](https://github.com/apollographql/router/pull/8279))
+
+CORS configuration now supports [private network access](https://wicg.github.io/private-network-access/) (PNA). Enable PNA for a CORS policy by specifying the `private_network_access` field, which supports two optional subfields: `access_id` and `access_name`.
+
+**Example configuration:**
+
+```yaml
+cors:
+  policies:
+    - origins: ["https://studio.apollographql.com"]
+      private_network_access:
+        access_id:
+    - match_origins: ["^https://(dev|staging|www)?\\.my-app\\.(com|fr|tn)$"]
+      private_network_access:
+        access_id: "01:23:45:67:89:0A"
+        access_name: "mega-corp device"
+```
+
+By [@TylerBloom](https://github.com/TylerBloom) in https://github.com/apollographql/router/pull/8279
+
+### Configure maximum HTTP/2 header list size ([PR #8636](https://github.com/apollographql/router/pull/8636))
+
+The router now supports configuring the maximum size for HTTP/2 header lists via the `limits.http2_max_headers_list_bytes` setting. This protects against excessive resource usage from clients sending large sets of HTTP/2 headers.
+
+The default remains 16KiB. When a client sends a request with HTTP/2 headers whose total size exceeds the configured limit, the router rejects the request with a 431 error code.
+
+**Example configuration:**
+
+```yaml
+limits:
+  http2_max_headers_list_bytes: "48KiB"
+```
+
+By [@aaronArinder](https://github.com/aaronArinder) in https://github.com/apollographql/router/pull/8636
+
+### Customize response cache key per subgraph via context ([PR #8543](https://github.com/apollographql/router/pull/8543))
+
+The response cache key can now be customized per subgraph using the `apollo::response_cache::key` context entry. The new `subgraphs` field enables defining separate cache keys for individual subgraphs.
+
+Subgraph-specific data takes precedence over data in the `all` field—the router doesn't merge them. To set common data when providing subgraph-specific data, add it to the subgraph-specific section.
+
+**Example payload:**
+
+```json
+{
+  "all": 1,
+  "subgraph_operation1": "key1",
+  "subgraph_operation2": {
+    "data": "key2"
+  },
+  "subgraphs": {
+    "my_subgraph": {
+      "locale": "be"
+    }
+  }
+}
+```
+
+By [@bnjjj](https://github.com/bnjjj) in https://github.com/apollographql/router/pull/8543
+
+### Add telemetry selector for Cache-Control metrics ([PR #8524](https://github.com/apollographql/router/pull/8524))
+
+The new `response_cache_control` selector enables telemetry metrics based on the computed [`Cache-Control` header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control) from subgraph responses.
+
+**Example configuration:**
+
+```yaml
+telemetry:
+  exporters:
+    metrics:
+      common:
+        service_name: apollo-router
+        views:
+          - name: subgraph.response.cache_control.max_age
+            aggregation:
+              histogram:
+                buckets:
+                - 10
+                - 100
+                - 1000
+                - 10000
+                - 100000
+  instrumentation:
+    instruments:
+      subgraph:
+        subgraph.response.cache_control.max_age:
+          value:
+            response_cache_control: max_age
+          type: histogram
+          unit: s
+          description: A histogram of the computed TTL for a subgraph response
+```
+
+By [@bnjjj](https://github.com/bnjjj) in https://github.com/apollographql/router/pull/8524
+
+## 🐛 Fixes
+
+### Remove `_redacted` suffix from event attributes in `apollo.router.state.change.total` metric ([Issue #8464](https://github.com/apollographql/router/issues/8464))
+
+Event names in the `apollo.router.state.change.total` metric no longer include the `_redacted` suffix. The metric now uses the `Display` trait instead of `Debug` for event names, changing values like `updateconfiguration_redacted` to `updateconfiguration` in APM platforms.
+
+The custom behavior for `UpdateLicense` events is retained—the license state name is still appended.
+
+By [@rohan-b99](https://github.com/rohan-b99) in https://github.com/apollographql/router/pull/8464
+
+### Preserve Content-Length header for responses with known size ([Issue #7941](https://github.com/apollographql/router/issues/7941))
+
+The router now uses the `Content-Length` header for GraphQL responses with known content lengths instead of `transfer-encoding: chunked`. Previously, the `fleet_detector` plugin destroyed HTTP body size hints when collecting metrics.
+
+This extends the fix from [#6538](https://github.com/apollographql/router/pull/6538), which preserved size hints for `router → subgraph` requests, to also cover `client → router` requests and responses. Size hints now flow correctly through the entire pipeline for optimal HTTP header selection.
+
+By [@morriswchris](https://github.com/morriswchris) in https://github.com/apollographql/router/pull/7977
+
+### Correct `apollo.router.operations.subscriptions.events` metric counting ([PR #8483](https://github.com/apollographql/router/pull/8483))
+
+The `apollo.router.operations.subscriptions.events` metric now increments correctly for each subscription event (excluding ping/pong/close messages). The counter call has been moved into the stream to trigger on each event.
+
+This change also removes custom pong response handling before connection acknowledgment, which previously caused duplicate pongs because the WebSocket implementation already handles pings by default.
+
+By [@rohan-b99](https://github.com/rohan-b99) in https://github.com/apollographql/router/pull/8483
+
+### Unify timeout codes in response caching metrics ([PR #8515](https://github.com/apollographql/router/pull/8515))
+
+Tokio- and Redis-based timeouts now use the same `timeout` code in `apollo.router.operations.response_cache.*.error` metrics. Previously, they were inadvertently given different code values.
+
+By [@carodewig](https://github.com/carodewig) in https://github.com/apollographql/router/pull/8515
+
+## 📃 Configuration
+
+### Remove unused TTL parameter from response cache Redis configuration ([PR #8513](https://github.com/apollographql/router/pull/8513))
+
+The `ttl` parameter under `redis` configuration had no effect and is removed. Configure TTL at the `subgraph` level to control cache entry expiration:
+
+```yaml
+preview_response_cache:
+  enabled: true
+  subgraph:
+    all:
+      enabled: true
+      ttl: 10m  # ✅ Configure TTL here
+      redis:
+        urls: [ "redis://..." ]
+        # ❌ ttl was here previously (unused)
+```
+
+By [@carodewig](https://github.com/carodewig) in https://github.com/apollographql/router/pull/8513
+
+## 📚 Documentation
+
+### Document active subgraph requests selector ([PR #8530](https://github.com/apollographql/router/pull/8530))
+
+The telemetry selectors documentation now correctly reflects the `active_subgraph_requests` attribute.
+
+By [@faisalwaseem](https://github.com/faisalwaseem) in https://github.com/apollographql/router/pull/8530
+
+### Add Redis cache suggestions to response cache documentation ([PR #8624](https://github.com/apollographql/router/pull/8624))
+
+The FAQ now includes information about supported Redis versions and Redis key eviction setup.
+
+By [@carodewig](https://github.com/carodewig) in https://github.com/apollographql/router/pull/8624
+
+
+
 # [2.8.2] - 2025-11-11
 
 ## 🐛 Fixes

CONTRIBUTING.md

@@ -82,7 +82,7 @@ Don't be a bad actor.
 
 It’s important that every piece of code in Apollo packages is reviewed by at least one core contributor familiar with that codebase. Here are some things we look for:
 
-1. **Required CI checks pass.** This is a prerequisite for the review, and it is the PR author's responsibility. As long as the tests don’t pass, the PR won't get reviewed. To learn more about our CI pipeline, read about it [below](#pipelines)
+1. **Required CI checks pass.** This is a prerequisite for the review, and it is the PR author's responsibility. As long as the tests don’t pass, the PR won't get reviewed. To learn more about our CI pipeline, read about it [above](#continuous-integration).
 2. **Simplicity.** Is this the simplest way to achieve the intended goal? If there are too many files, redundant functions, or complex lines of code, suggest a simpler way to do the same thing. In particular, avoid implementing an overly general solution when a simple, small, and pragmatic fix will do.
 3. **Testing.** Please make sure that the tests ensure that the code won’t break when other stuff change around it. The error messages in the test should help identify what is broken exactly and how. The tests should test every edge case if possible. Please make sure you get as much coverage as possible.
 4. **No unnecessary or unrelated changes.** PRs shouldn’t come with random formatting changes, especially in unrelated parts of the code. If there is some refactoring that needs to be done, it should be in a separate PR from a bug fix or feature, if possible.