diff --git a/VERSION.txt b/VERSION.txt index bc938e6a4fd3..8eead96fe934 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -1.30.6-dev +1.30.6 diff --git a/changelogs/1.28.7.yaml b/changelogs/1.28.7.yaml new file mode 100644 index 000000000000..da5d914b7bcc --- /dev/null +++ b/changelogs/1.28.7.yaml @@ -0,0 +1,22 @@ +date: September 19, 2024 + +behavior_changes: +- area: http + change: | + The default configuration of Envoy will continue to trust internal addresses while in the future it will not trust them by default. + If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary ``x-envoy`` + headers) please explictily include those addresses or CIDR ranges into :ref:`internal_address_config + ` + See the config examples from the above ``internal_address_config`` link. This default no trust internal address can be turned on by + setting runtime guard ``envoy.reloadable_features.explicit_internal_address_config`` to ``true``. + +minor_behavior_changes: +- area: access_log + change: | + Sanitize SNI for potential log injection. The invalid character will be replaced by ``_`` with an ``invalid:`` marker. If runtime + flag ``envoy.reloadable_features.sanitize_sni_in_access_log`` is set to ``false``, the sanitize behavior is disabled. + +bug_fixes: +- area: http_async_client + change: | + Fixed the local reply and destroy order crashes when using the http async client for websocket handshake. diff --git a/changelogs/1.29.9.yaml b/changelogs/1.29.9.yaml new file mode 100644 index 000000000000..dbd5efcf2390 --- /dev/null +++ b/changelogs/1.29.9.yaml @@ -0,0 +1,27 @@ +date: September 19, 2024 + +behavior_changes: +- area: http + change: | + The default configuration of Envoy will continue to trust internal addresses while in the future it will not trust them by default. + If you have tooling such as probes on your private network which need to be treated as trusted (e.g. changing arbitrary ``x-envoy`` + headers) please explictily include those addresses or CIDR ranges into :ref:`internal_address_config + ` + See the config examples from the above ``internal_address_config`` link. This default no trust internal address can be turned on by + setting runtime guard ``envoy.reloadable_features.explicit_internal_address_config`` to ``true``. + +minor_behavior_changes: +- area: access_log + change: | + Sanitize SNI for potential log injection. The invalid character will be replaced by ``_`` with an ``invalid:`` marker. If runtime + flag ``envoy.reloadable_features.sanitize_sni_in_access_log`` is set to ``false``, the sanitize behavior is disabled. + +bug_fixes: +- area: jwt + change: | + Fixed a bug where using ``clear_route_cache`` with remote JWKs works + incorrectly and may cause a crash when the modified request does not match + any route. +- area: http_async_client + change: | + Fixed the local reply and destroy order crashes when using the http async client for websocket handshake. diff --git a/changelogs/current.yaml b/changelogs/current.yaml index 4fc915462b40..dbd5efcf2390 100644 --- a/changelogs/current.yaml +++ b/changelogs/current.yaml @@ -1,7 +1,6 @@ -date: Pending +date: September 19, 2024 behavior_changes: -# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required* - area: http change: | The default configuration of Envoy will continue to trust internal addresses while in the future it will not trust them by default. @@ -12,14 +11,12 @@ behavior_changes: setting runtime guard ``envoy.reloadable_features.explicit_internal_address_config`` to ``true``. minor_behavior_changes: -# *Changes that may cause incompatibilities for some users, but should not for most* - area: access_log change: | Sanitize SNI for potential log injection. The invalid character will be replaced by ``_`` with an ``invalid:`` marker. If runtime flag ``envoy.reloadable_features.sanitize_sni_in_access_log`` is set to ``false``, the sanitize behavior is disabled. bug_fixes: -# *Changes expected to improve the state of the world and are unlikely to have negative effects* - area: jwt change: | Fixed a bug where using ``clear_route_cache`` with remote JWKs works @@ -28,10 +25,3 @@ bug_fixes: - area: http_async_client change: | Fixed the local reply and destroy order crashes when using the http async client for websocket handshake. - -removed_config_or_runtime: -# *Normally occurs at the end of the* :ref:`deprecation period ` - -new_features: - -deprecated: diff --git a/docs/inventories/v1.28/objects.inv b/docs/inventories/v1.28/objects.inv index 2fd3b18a0dfb..fd7a066d88dd 100644 Binary files a/docs/inventories/v1.28/objects.inv and b/docs/inventories/v1.28/objects.inv differ diff --git a/docs/inventories/v1.29/objects.inv b/docs/inventories/v1.29/objects.inv index 11b1c785f665..d6586b52fa2a 100644 Binary files a/docs/inventories/v1.29/objects.inv and b/docs/inventories/v1.29/objects.inv differ diff --git a/docs/inventories/v1.30/objects.inv b/docs/inventories/v1.30/objects.inv index 7f19724f3b29..2a52602afc3a 100644 Binary files a/docs/inventories/v1.30/objects.inv and b/docs/inventories/v1.30/objects.inv differ diff --git a/docs/versions.yaml b/docs/versions.yaml index f8b03e1204bb..f66aee8c286b 100644 --- a/docs/versions.yaml +++ b/docs/versions.yaml @@ -21,6 +21,6 @@ "1.25": 1.25.11 "1.26": 1.26.8 "1.27": 1.27.7 -"1.28": 1.28.6 -"1.29": 1.29.8 -"1.30": 1.30.4 +"1.28": 1.28.7 +"1.29": 1.29.9 +"1.30": 1.30.5