Envoyproxy came with its new version a few days ago. Version 1.19.1 comes with very few updates. It provides a few minor behavioural changes and a few bug fixes to make the user experience smoother. In this article, we will cover all of the new changes.
What is Envoyproxy?
Envoy is an open-source edge and service proxy designed for cloud-native applications. It is a project hosted by the Cloud Native Computing Foundation (CNCF).
Minor Behaviour Changes
Behavioural changes are those changes that may cause incompatibilities for some users but should not for most. This release brings a few of them. All of the behavioural changes took place for HTTP.
Version 1.19.1 comes with the rejection of requests with #fragment in the URI path for HTTP. The fragment is not allowed to be part of the request URI according to RFC3986 (3.5), RFC7230 (5.1) and RFC 7540 (220.127.116.11). You can change the rejection of requests to stripping the #fragment instead by setting the runtime guard
envoy.reloadable_features.http_reject_path_with_fragment to false.
You can further change this behaviour to the deprecated behaviour of keeping the fragment by setting the runtime guard
envoy.reloadable_features.http_strip_fragment_from_path_unsafe_if_disabled. You must set this runtime guard to false when existing non-compliant traffic relies on #fragment in URI. When you enable this option, you may bypass the Envoy request authorization extensions. You will see the decommissioning of this override and its associated behaviour after the standard deprecation period.
Again, we can see the stopping of processing pending H/2 frames if the connection transitioned to the closed state. You can revert this behaviour temporarily by setting the
envoy.reloadable_features.skip_dispatching_frames_for_closed_connection to false.
For ext_authz, we can see the fixing of the ext_authz filter to correctly merge multiple same headers using the ‘,’ as separator in the check request to the external authorization service.
For HTTP, we can see the limit in using deferred resets in the HTTP2 codec to server-side connections. The use of deferred reset for client connections can result in incorrect behaviour and performance problems.
We have seen all of the changes and fixes in Envoyproxy with the arrival of version 1.19.1. Try the new version by installing Envoproxy with the detailed steps by clicking here. Contribute to the project by clicking here. We will come again with a new blog; until then, have a great blast with Envoyproxy.
You will find more of our blogs below. Happy learning!