|
| 1 | +date: May 1, 2025 |
| 2 | + |
| 3 | +# Changes that are expected to cause an incompatibility with previous versions, such as deletions or modifications to existing APIs. |
| 4 | +breaking changes: | |
| 5 | + Use a dedicated listener port(19003) for envoy proxy readiness |
| 6 | + Uses the envoy JSON formatter for the default access log instead of text formatter. |
| 7 | + Envoy Gateway would skip xDS snapshot updates in case of errors during xDS translation. |
| 8 | + When Extension Manager is configured to Fail Open, translation errors are logged and suppressed. |
| 9 | + When Extension Manager is configured to not Fail Open, EG will no longer replace affected resources. Instead, xDS snapshot update would be skipped. |
| 10 | +
|
| 11 | +# Updates addressing vulnerabilities, security flaws, or compliance requirements. |
| 12 | +security updates: | |
| 13 | + Fixed CVE-2025-25294 |
| 14 | +
|
| 15 | +# New features or capabilities added in this release. |
| 16 | +new features: | |
| 17 | + Added support for configuring maxUnavailable in KubernetesPodDisruptionBudgetSpec |
| 18 | + Added support for percentage-based request mirroring |
| 19 | + Allow matchExpressions in TargetSelector |
| 20 | + Add defaulter for gateway-api resources loading from file to be able to set default values. |
| 21 | + Added support for defining Lua EnvoyExtensionPolicies |
| 22 | + Added RequestID field in ClientTrafficPolicy.HeaderSettings to configure Envoy X-Request-ID behavior. |
| 23 | + Added support for HorizontalPodAutoscaler to helm chart |
| 24 | + Added support for distinct header and distinct source CIDR based local rate limiting |
| 25 | + Added support for forwarding the authenticated username to the backend via a configurable header in BasicAuth |
| 26 | + Added support for HTTP Methods and Headers based authorization in SecurityPolicy |
| 27 | + Added support for zone aware routing |
| 28 | + Added support for BackendTLSPolicy to target ServiceImport |
| 29 | + Added support for kubernetes.io/h2c application protocol in ServiceImport |
| 30 | + Added support for per-host circuit breaker thresholds |
| 31 | + Added support for injecting a credential from a Kubernetes Secret into a request header. Credentials can be injected using either an HTTPRouteFilter or a BackendRef filter. |
| 32 | + Added support for egctl Websocket in addation to SPDY |
| 33 | + Added a configuration option in the Helm chart to set the TrafficDistribution field in the Envoy Gateway Service |
| 34 | + Added support for setting the log level to trace for the Envoy Proxy |
| 35 | + Added support for global imageRegistry and imagePullSecrets to the Helm chart |
| 36 | + Added support for using a local JWKS in an inline string or in a ConfigMap to validate JWT tokens in SecurityPolicy |
| 37 | + Added support for logging the status of resources in standalone mode. |
| 38 | + Added support for per-route tracing in BackendTrafficPolicy |
| 39 | + Added support for configuring retry settings for Extension Service hooks in EnvoyGateway config. |
| 40 | + Added support for request buffering using the Envoy Buffer filter |
| 41 | + Added support for merge type in BackendTrafficPolicy |
| 42 | + Added support for `OverlappingTLSConfig` condition in Gateway status. This condition is set if there are overlapping hostnames or certificates between listeners. The ALPN protocol is set to HTTP/1.1 for the overlapping listeners to avoid HTTP/2 Connection Coalescing. |
| 43 | +
|
| 44 | +bug fixes: | |
| 45 | + Fix traffic splitting when filters are attached to the backendRef. |
| 46 | + Added support for Secret and ConfigMap parsing in Standalone mode. |
| 47 | + Bypass overload manager for stats and ready listeners |
| 48 | + Fix translating backendSettings for extAuth |
| 49 | + Fix an issue that stats compressor was not working. |
| 50 | + Added support for BackendTLSPolicy and EnvoyExtensionPolicy parsing in Standalone mode. |
| 51 | + Retrigger reconciliation when backendRef of type ServiceImport is updated or when EndpointSlice(s) for a ServiceImport are updated. |
| 52 | + Fix not logging an error and returning it in the K8s Reconcile method when a GatewayClass is not accepted. |
| 53 | + Fix allowing empty text field for opentelemetry sink when using JSON format. |
| 54 | + Fix an issue that SamplingFraction was not working. |
| 55 | + Fix kubernetes resources not being deleted when the customized name used. |
| 56 | + Do not treat essential resource like namespace as the missing resource while loading from file. |
| 57 | + Do not set retriable status codes to 503 when RetryOn is configured in BackendTrafficPolicy. |
| 58 | + Make the Topology Injector Webhook best effort, and skip on failures. |
| 59 | +
|
| 60 | +# Enhancements that improve performance. |
| 61 | +performance improvements: | |
| 62 | + Added a cache for the Wasm OCI image permission checks and check the pullSecrets against the OCI image registry in |
| 63 | + a background goroutine. |
| 64 | +
|
| 65 | +# Deprecated features or APIs. |
| 66 | +deprecations: | |
| 67 | + Deprecated the PreserveXRequestID field. |
| 68 | +
|
| 69 | +# Other notable changes not covered by the above sections. |
| 70 | +Other changes: | |
| 71 | + Updated gateway-api to v1.3.0 |
0 commit comments