v1.33.0
Breaking Changes📦 envoyView on GitHub →
⚠ 2 breaking✨ 6 features🐛 2 fixes🔧 3 symbols
Summary
This release introduces new features like Wasm VM reload support, improved TLS curve support, and DNS resolver enhancements, while removing deprecated Opencensus tracing support and fixing a c-ares vulnerability.
⚠️ Breaking Changes
- Removed support for (long deprecated) Opencensus tracing extension. Users must migrate to a supported tracing extension.
- Previously deprecated xDS attributes in `get_property` have been removed; use `xds` attributes instead.
Migration Steps
- If using Opencensus tracing, migrate to a supported tracing extension.
- Update code referencing deprecated xDS attributes in `get_property` to use the `xds` attributes instead.
✨ New Features
- Added nameserver rotation and query timeouts/retries to the c-ares resolver.
- Implemented the Signed Double-Submit Cookie pattern for OAuth2.
- Added Wasm VM reload support and support for plugins written in Go.
- Added support for P-384 and P-521 curves for server certificates, improved upstream SNI and SAN validation support in TLS.
- Enabled UDP GRO in QUIC client connections by default.
- Relaxed the backing cluster validation for Secret Discovery Service (SDS).
🐛 Bug Fixes
- Increased the statistics counter `missing_source_origin` only for requests with a missing source origin (CSRF).
- The route cache will *not* be cleared by default if a Wasm extension modifies the request headers and the ABI version of wasm extension is larger than 0.2.1.
🔧 Affected Symbols
Opencensus tracing extensionget_propertyxds attributes