1.20.0 (October 5, 2021)

Incompatible Behavior Changes

Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required

• config: due to the switch to using work-in-progress annotations and warnings to indicate APIs
  subject to change, the following API packages have been force migrated from v3alpha to v3:
  envoy.extensions.access_loggers.open_telemetry.v3,
  envoy.extensions.cache.simple_http_cache.v3,
  envoy.extensions.filters.http.admission_control.v3,
  envoy.extensions.filters.http.bandwidth_limit.v3,
  envoy.extensions.filters.http.cache.v3,
  envoy.extensions.filters.http.cdn_loop.v3,
  envoy.extensions.filters.http.ext_proc.v3,
  envoy.extensions.filters.http.oauth2.v3,
  envoy.extensions.filters.network.sni_dynamic_forward_proxy.v3,
  envoy.extensions.filters.udp.dns_filter.v3,
  envoy.extensions.transport_sockets.s2a.v3,
  envoy.extensions.watchdog.profile_action.v3,
  envoy.service.ext_proc.v3, and
  envoy.watchdog.v3. If your production deployment was using one of these APIs, you will be
  forced to potentially vendor the old proto file to continue serving old versions of Envoy.
  The project realizes this is unfortunate because some of these are known to be used in production,
  however the project does not have the resources to undergo a migration in which we support
  v3alpha and v3 at the same time. The switch to using work-in-progress annotations with
  clear and explicit warnings will avoid any such issue in the future. We apologize again for any
  difficulty this change causes, though it is for the best. Additionally, some of the above
  namespaces have had their work-in-progress annotations removed due to known production usage.
  Thus, they will not warn and are offered full API stability support by the project from this
  point forward.
• config: the --bootstrap-version CLI flag has been removed, Envoy has only been able to accept v3
  bootstrap configurations since 1.18.0.
• contrib: the :ref:squash filter <config_http_filters_squash> has been moved to
  :ref:contrib images <install_contrib>.
• contrib: the :ref:kafka broker filter <config_network_filters_kafka_broker> has been moved to
  :ref:contrib images <install_contrib>.
• contrib: the :ref:RocketMQ proxy filter <config_network_filters_rocketmq_proxy> has been moved to
  :ref:contrib images <install_contrib>.
• contrib: the :ref:Postgres proxy filter <config_network_filters_postgres_proxy> has been moved to
  :ref:contrib images <install_contrib>.
• contrib: the :ref:MySQL proxy filter <config_network_filters_mysql_proxy> has been moved to
  :ref:contrib images <install_contrib>.
• dns_filter: :ref:dns_filter <envoy_v3_api_msg_extensions.filters.udp.dns_filter.v3.DnsFilterConfig>
  protobuf fields have been renumbered to restore compatibility with Envoy
  1.18, breaking compatibility with Envoy 1.19.0 and 1.19.1. The new field
  numbering allows control planes supporting Envoy 1.18 to gracefully upgrade to
  :ref:dns_resolution_config <envoy_v3_api_field_extensions.filters.udp.dns_filter.v3.DnsFilterConfig.ClientContextConfig.dns_resolution_config>,
  provided they skip over Envoy 1.19.0 and 1.19.1.
  Control planes upgrading from Envoy 1.19.0 and 1.19.1 will need to
  vendor the corresponding protobuf definitions to ensure that the
  renumbered fields have the types expected by those releases.
• extensions: deprecated extension names now default to triggering a configuration error.
  The previous warning-only behavior may be temporarily reverted by setting the runtime key
  envoy.deprecated_features.allow_deprecated_extension_names to true.

Minor Behavior Changes

Changes that may cause incompatibilities for some users, but should not for most

• client_ssl_auth filter: now sets additional termination details and UAEX response flag when the client certificate is not in the allowed-list.
• config: configuration files ending in .yml now load as YAML.
• config: configuration file extensions now ignore case when deciding the file type. E.g., .JSON files load as JSON.
• config: reduced log level for "Unable to establish new stream" xDS logs to debug. The log level
  for "gRPC config stream closed" is now reduced to debug when the status is Ok or has been
  retriable (DeadlineExceeded, ResourceExhausted, or Unavailable) for less than 30
  seconds.
• config: use of work-in-progress API files, messages, or fields will now generate an explicit
  warning. Please read the text about (xds.annotations.v3.file_status).work_in_progress,
  (xds.annotations.v3.message_status).work_in_progress, and
  (xds.annotations.v3.field_status).work_in_progress
here <https://github.com/envoyproxy/envoy/blob/main/api/STYLE.md>_ for more information. Some
  APIs that are known to be implicitly not work-in-progress have been force migrated and are
  individually indicated elsewhere in the release notes. A server-wide wip_protos counter has
  also been added in :ref:server statistics <server_statistics> to track this.
• ext_authz: fixed skipping authentication when returning either a direct response or a redirect. This behavior can be temporarily reverted by setting the envoy.reloadable_features.http_ext_authz_do_not_skip_direct_response_and_redirect runtime guard to false.
• grpc: gRPC async client can be cached and shared across filter instances in the same thread, this feature is turned off by default, can be turned on by setting runtime guard envoy.reloadable_features.enable_grpc_async_client_cache to true.
• http: correct the use of the x-forwarded-proto header and the :scheme header. Where they differ
  (which is rare) :scheme will now be used for serving redirect URIs and cached content. This behavior
  can be reverted by setting runtime guard correct_scheme_and_xfp to false.
• http: reject requests with #fragment in the URI path. The fragment is not allowed to be part of the request
  URI according to RFC3986 (3.5), RFC7230 (5.1) and RFC 7540 (8.1.2.3). Rejection of requests can be changed
  to stripping the #fragment instead by setting the runtime guard envoy.reloadable_features.http_reject_path_with_fragment
  to false. This behavior can further be changed to the deprecated behavior of keeping the fragment by setting the runtime guard
  envoy.reloadable_features.http_strip_fragment_from_path_unsafe_if_disabled. This runtime guard must only be set
  to false when existing non-compliant traffic relies on #fragment in URI. When this option is enabled, Envoy request
  authorization extensions may be bypassed. This override and its associated behavior will be decommissioned after the standard deprecation period.
• http: set the default :ref:lazy headermap threshold <arch_overview_http_header_map_settings> to 3,
  which defines the minimal number of headers in a request/response/trailers required for using a
  dictionary in addition to the list. Setting the envoy.http.headermap.lazy_map_min_size runtime
  feature to a non-negative number will override the default value.
• http: stop processing pending H/2 frames if connection transitioned to a closed state. This behavior can be temporarily reverted by setting the envoy.reloadable_features.skip_dispatching_frames_for_closed_connection to false.
• listener: added the :ref:enable_reuse_port <envoy_v3_api_field_config.listener.v3.Listener.enable_reuse_port>
  field and changed the default for reuse_port from false to true, as the feature is now well
  supported on the majority of production Linux kernels in use. The default change is aware of the hot
  restart, as otherwise, the change would not be backward compatible between restarts. This means
  that hot restarting onto a new binary will retain the default of false until the binary undergoes
  a full restart. To retain the previous behavior, either explicitly set the new configuration
  field to false, or set the runtime feature flag envoy.reloadable_features.listener_reuse_port_default_enabled
  to false. As part of this change, the use of reuse_port for TCP listeners on both macOS and
  Windows has been disabled due to suboptimal behavior. See the field documentation for more
  information.
• listener: destroy per network filter chain stats when a network filter chain is removed during the listener in-place update.
• quic: enables IETF connection migration. This feature requires a stable UDP packet routine in the L4 load balancer with the same first-4-bytes in connection id. It can be turned off by setting runtime guard envoy.reloadable_features.FLAGS_quic_reloadable_flag_quic_connection_migration_use_new_cid_v2 to false.
• thrift_proxy: allow Framed and Header transport combinations to perform :ref:payload passthrough <envoy_v3_api_field_extensions.filters.network.thrift_proxy.v3.ThriftProxy.payload_passthrough>.

Bug Fixes

Changes expected to improve the state of the world and are unlikely to have negative effects

• access log: fix %UPSTREAM_CLUSTER% when used in http upstream access logs. Previously, it was always logging as an unset value.
• aws request signer: fix the AWS Request Signer extension to correctly normalize the path and query string to be signed according to AWS' guidelines, so that the hash on the server side matches. See AWS SigV4 documentation <https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html>_.
• cluster: delete pools when they're idle to fix unbounded memory use when using PROXY protocol upstream with tcp_proxy. This behavior can be temporarily reverted by setting the envoy.reloadable_features.conn_pool_delete_when_idle runtime guard to false.
• cluster: finish cluster warming even if ho...