1# -*- fill-column: 100 -*-
2
3# This file should be placed in the folder for the version of the
4# product that's meant to be documented. A `/release-notes` page will
5# be automatically generated and populated at build time.
6#
7# Note that an entry needs to be added to the `doc-links.yml` file in
8# order to surface the release notes in the table of contents.
9#
10# The YAML in this file should contain:
11#
12# changelog: An (optional) URL to the CHANGELOG for the product.
13# items: An array of releases with the following attributes:
14# - version: The (optional) version number of the release, if applicable.
15# - date: The date of the release in the format YYYY-MM-DD.
16# - notes: An array of noteworthy changes included in the release, each having the following attributes:
17# - type: The type of change, one of `bugfix`, `feature`, `security` or `change`.
18# - title: A short title of the noteworthy change.
19# - body: >-
20# Two or three sentences describing the change and why it
21# is noteworthy. This is HTML, not plain text or
22# markdown. It is handy to use YAML's ">-" feature to
23# allow line-wrapping.
24# - image: >-
25# The URL of an image that visually represents the
26# noteworthy change. This path is relative to the
27# `release-notes` directory; if this file is
28# `FOO/releaseNotes.yml`, then the image paths are
29# relative to `FOO/release-notes/`.
30# - docs: The path to the documentation page where additional information can be found.
31# - href: A path from the root to a resource on the getambassador website, takes precedence over a docs link.
32
33changelog: https://github.com/emissary-ingress/emissary/blob/$branch$/CHANGELOG.md
34items:
35 - version: 2.5.1
36 date: '2022-12-08'
37 notes:
38 - title: Re-add support for getambassador.io/v1
39 type: feature
40 body: >-
41 Support for the <code>getambassador.io/v1</code> apiVersion has been re-introduced, in
42 order to facilitate smoother migrations from $productName$ 1.y. Previously, in order to
43 make migrations possible, an "unserved" <code>v1</code> version was declared to
44 Kubernetes, but was unsupported by $productName$. That unserved <code>v1</code> could
45 cause an excess of errors to be logged by the Kubernetes Nodes (regardless of whether the
46 installation was migrated from 1.y or was a fresh 2.y install); fully supporting
47 <code>v1</code> again should resolve these errors.
48
49 - title: Update Golang to 1.19.4
50 type: security
51 body: >-
52 Update Golang to release 1.19.4. Two CVE's were annouced in this z patch release.
53 CVE-2022-41720 only affects Windows environments and $productName$ runs in linux. The second one
54 CVE-2022-41717 only affects HTTP/2 server connections exposed to external clients. $productName$ does
55 not expose any Golang http servers to outside clients. The data-plane of Envoy
56 is not affected by either of these.
57
58 - title: Update Golang to 1.19.3
59 type: security
60 body: >-
61 Updated Golang to the latest z patch. We are not vulnerable to the CVE-2022-3602 that was
62 released in 1.19.3 and you can read more about it here: <https://medium.com/ambassador-api-gateway/ambassador-labs-security-impact-assessment-of-nov-1-openssl-golang-vulnerabilities-f11b5ec37a7e>.
63 Updating to the latest z patch as part of our normal dependency update process
64 and this will help reduce the noise of security scanners.
65
66 - version: 2.5.0
67 date: '2022-11-03'
68 notes:
69 - title: Diagnostics stats properly handles parsing envoy metrics with colons
70 type: bugfix
71 body: >-
72 If a <code>Host</code> or <code>TLSContext</code> contained a hostname with a <code>:</code> then when using the
73 diagnostics endpoints <code>ambassador/v0/diagd</code> then an error would be thrown due to the parsing logic not
74 being able to handle the extra colon. This has been fixed and $productName$ will not throw an error when parsing
75 envoy metrics for the diagnostics user interface.
76
77 - title: Bump Golang to 1.19.2
78 type: security
79 body: >-
80 Bump Go from 1.17.12 to 1.19.2. This is to keep the Go version current.
81
82 - version: 2.4.0
83 date: '2022-09-19'
84 prevVersion: 2.3.2
85 notes:
86 - title: Add support for Host resources using secrets from different namespaces
87 type: feature
88 body: >-
89 Previously the <code>Host</code> resource could only use secrets that are in the namespace as the
90 Host. The <code>tlsSecret</code> field in the Host has a new subfield <code>namespace</code> that will allow
91 the use of secrets from different namespaces.
92
93 - title: Allow bypassing of EDS for manual endpoint insertion
94 type: change
95 body: >-
96 Set `AMBASSADOR_EDS_BYPASS` to `true` to bypass EDS handling of endpoints and have endpoints be
97 inserted to clusters manually. This can help resolve with `503 UH` caused by certification rotation relating to
98 a delay between EDS + CDS. The default is `false`.
99
100 - title: Properly populate alt_state_name for Tracing, Auth and RateLimit Services
101 type: bugfix
102 body: >-
103 Previously, setting the <code>stats_name</code> for the <code>TracingService</code>, <code>RateLimitService</code>
104 or the <code>AuthService</code> would have no affect because it was not being properly passed to the Envoy cluster
105 config. This has been fixed and the <code>alt_stats_name</code> field in the cluster config is now set correctly.
106 (Thanks to <a href="https://github.com/psalaberria002">Paul</a>!)
107
108 - title: Add support for config change batch window before reconfiguring Envoy
109 type: feature
110 body: >-
111 The <code>AMBASSADOR_RECONFIG_MAX_DELAY</code> env var can be optionally set to batch changes for the specified
112 non-negative window period in seconds before doing an Envoy reconfiguration. Default is "1" if not set.
113
114 - title: TCPMappings use correct SNI configuration
115 type: bugfix
116 body: >-
117 $productName$ 2.0.0 introduced a bug where a <code>TCPMapping</code> that uses SNI,
118 instead of using the hostname glob in the <code>TCPMapping</code>, uses the hostname glob
119 in the <code>Host</code> that the TLS termination configuration comes from.
120
121 - title: TCPMappings configure TLS termination without a Host resource
122 type: bugfix
123 body: >-
124 $productName$ 2.0.0 introduced a bug where a <code>TCPMapping</code> that terminates TLS
125 must have a corresponding <code>Host</code> that it can take the TLS configuration from.
126 This was semi-intentional, but didn't make much sense. You can now use a
127 <code>TLSContext</code> without a <code>Host</code>as in $productName$ 1.y releases, or a
128 <code>Host</code> with or without a <code>TLSContext</code> as in prior 2.y releases.
129
130 - title: TCPMappings and HTTP Hosts can coexist on Listeners that terminate TLS
131 type: bugfix
132 body: >-
133 Prior releases of $productName$ had the arbitrary limitation that a
134 <code>TCPMapping</code> cannot be used on the same port that HTTP is served on, even if
135 TLS+SNI would make this possible. $productName$ now allows <code>TCPMappings</code> to be
136 used on the same <code>Listener</code> port as HTTP <code>Hosts</code>, as long as that
137 <code>Listener</code> terminates TLS.
138
139 - version: 1.14.5
140 date: 'TBD'
141 notes:
142 - title: When using gzip, upstreams will no longer receive encoded data
143 type: bugfix
144 body: >-
145 When using gzip compression, upstream services will no longer receive compressed
146 data. This bug was introduced in 1.14.0. The fix restores the default behavior of
147 not sending compressed data to upstream services.
148 github:
149 - title: 3818
150 link: https://github.com/emissary-ingress/emissary/issues/3818
151 docs: https://github.com/emissary-ingress/emissary/issues/3818
152
153 - version: 2.3.2
154 date: '2022-08-01'
155 prevVersion: 2.3.1
156 notes:
157 - title: Fix regression in the agent for the metrics transfer.
158 type: bugfix
159 body: >-
160 A regression was introduced in 2.3.0 causing the agent to miss some of the metrics coming from
161 emissary ingress before sending them to Ambassador cloud. This issue has been resolved to ensure
162 that all the nodes composing the emissary ingress cluster are reporting properly.
163 - title: Update Golang to 1.17.12
164 type: security
165 body: >-
166 Updated Golang to 1.17.12 to address the CVEs: CVE-2022-23806, CVE-2022-28327, CVE-2022-24675,
167 CVE-2022-24921, CVE-2022-23772.
168 - title: Update Curl to 7.80.0-r2
169 type: security
170 body: >-
171 Updated Curl to 7.80.0-r2 to address the CVEs: CVE-2022-32207, CVE-2022-27782, CVE-2022-27781,
172 CVE-2022-27780.
173 - title: Update openSSL-dev to 1.1.1q-r0
174 type: security
175 body: >-
176 Updated openSSL-dev to 1.1.1q-r0 to address CVE-2022-2097.
177 - title: Update ncurses to 1.1.1q-r0
178 type: security
179 body: >-
180 Updated ncurses to 1.1.1q-r0 to address CVE-2022-29458
181
182 - version: 1.14.4
183 date: '2022-06-13'
184 notes:
185 - title: Envoy security updates
186 type: security
187 body: >-
188 We have backported patches from the Envoy 1.19.5 security update to $productName$'s
189 1.17-based Envoy, addressing CVE-2022-29224 and CVE-2022-29225. $productName$ is not
190 affected by CVE-2022-29226, CVE-2022-29227, or CVE-2022-29228; as it <a
191 href="https://github.com/emissary-ingress/emissary/issues/2846">does not support internal
192 redirects</a>, and does not use Envoy's built-in OAuth2 filter.
193 docs: https://groups.google.com/g/envoy-announce/c/8nP3Kn4jV7k
194
195 - version: 2.3.1
196 date: '2022-06-09'
197 notes:
198 - title: fix regression in tracing service config
199 type: bugfix
200 body: >-
201 A regression was introduced in 2.3.0 that leaked zipkin default config fields into the configuration
202 for the other drivers (lightstep, etc...). This caused $productName$ to crash on startup. This issue has been resolved
203 to ensure that the defaults are only applied when driver is <code>zipkin</code>
204 github:
205 - title: "#4267"
206 link: https://github.com/emissary-ingress/emissary/issues/4267
207 - title: Envoy security updates
208 type: security
209 body: >-
210 We have backported patches from the Envoy 1.19.5 security update to $productName$'s
211 1.17-based Envoy, addressing CVE-2022-29224 and CVE-2022-29225. $productName$ is not
212 affected by CVE-2022-29226, CVE-2022-29227, or CVE-2022-29228; as it <a
213 href="https://github.com/emissary-ingress/emissary/issues/2846">does not support internal
214 redirects</a>, and does not use Envoy's built-in OAuth2 filter.
215 docs: https://groups.google.com/g/envoy-announce/c/8nP3Kn4jV7k
216 - version: 2.3.0
217 date: '2022-06-06'
218 notes:
219 - title: Remove unused packages
220 type: security
221 body: >-
222 Completely remove gdbm, pip, smtplib, and sqlite packages, as they are unused.
223 - title: Allow setting propagation modes for Lightstep tracing
224 type: feature
225 body: >-
226 It is now possible to set <code>propagation_modes</code> in the
227 <code>TracingService</code> config when using lightstep as the driver.
228 (Thanks to <a href="https://github.com/psalaberria002">Paul</a>!)
229 github:
230 - title: "#4179"
231 link: https://github.com/emissary-ingress/emissary/pull/4179
232 - title: Added support for TLS certificate revocation list
233 type: feature
234 body: >-
235 It is now possible to set `crl_secret` in `Host` and `TLSContext` resources
236 to check peer certificates against a certificate revocation list.
237 github:
238 - title: "#1743"
239 link: https://github.com/emissary-ingress/emissary/issues/1743
240 - title: Added support for the LogService v3 transport protocol
241 type: feature
242 body: >-
243 Previously, a <code>LogService</code> would always have $productName$ communicate with the
244 external log service using the <code>envoy.service.accesslog.v2.AccessLogService</code>
245 API. It is now possible for the <code>LogService</code> to specify
246 <code>protocol_version: v3</code> to use the newer
247 <code>envoy.service.accesslog.v3.AccessLogService</code> API instead. This functionality
248 is not available if you set the <code>AMBASSADOR_ENVOY_API_VERSION=V2</code> environment
249 variable.
250 - title: CORS now happens before auth
251 type: bugfix
252 body: >-
253 When CORS is specified (either in a <code>Mapping</code> or in the <code>Ambassador</code>
254 <code>Module</code>), CORS processing will happen before authentication. This corrects a
255 problem where XHR to authenticated endpoints would fail.
256 - title: Correctly handle caching of Mappings with the same name in different namespaces
257 type: bugfix
258 body: >-
259 In 2.x releases of $productName$ when there are multiple <code>Mapping</code>s that have the same
260 <code>metadata.name</code> across multiple namespaces, their old config would not properly be removed
261 from the cache when their config was updated. This resulted in an inability to update configuration
262 for groups of <code>Mapping</code>s that share the same name until the $productName$ pods restarted.
263 - title: Fix support for Zipkin API-v1 with Envoy xDS-v3
264 type: bugfix
265 body: >-
266 It is now possible for a <code>TracingService</code> to specify
267 <code>collector_endpoint_version: HTTP_JSON_V1</code> when using xDS v3 to configure Envoy
268 (which has been the default since $productName$ 1.14.0). The <code>HTTP_JSON_V1</code>
269 value configures Envoy to speak to Zipkin using Zipkin's old API-v1, while the
270 <code>HTTP_JSON</code> value configures Envoy to speak to Zipkin using Zipkin's new
271 API-v2. In previous versions of $productName$ it was only possible to use
272 <code>HTTP_JSON_V1</code> when explicitly setting the
273 <code>AMBASSADOR_ENVOY_API_VERSION=V2</code> environment variable to force use of xDS v2
274 to configure Envoy.
275
276 - version: 2.2.2
277 date: '2022-02-25'
278 prevVersion: 2.2.1
279 notes:
280 - title: TLS Secret validation is now opt-in
281 type: change
282 body: >-
283 You may now choose to enable TLS Secret validation by setting the
284 <code>AMBASSADOR_FORCE_SECRET_VALIDATION=true</code> environment variable. The default configuration does not
285 enforce secret validation.
286
287 - title: Correctly validate EC (Elliptic Curve) Private Keys
288 type: bugfix
289 body: >-
290 Kubernetes Secrets that should contain an EC (Elliptic Curve) TLS Private Key are now properly validated.
291 github:
292 - title: 4134
293 link: https://github.com/emissary-ingress/emissary/issues/4134
294 docs: https://github.com/emissary-ingress/emissary/issues/4134
295
296 - title: Decrease metric sync frequency
297 type: change
298 body: >-
299 The new delay between two metrics syncs is now 30s.
300 github:
301 - title: "#4122"
302 link: https://github.com/emissary-ingress/emissary/pull/4122
303
304 - version: 1.14.3
305 date: '2022-02-25'
306 notes:
307 - title: Envoy security updates
308 type: security
309 body: >-
310 Upgraded Envoy to address security vulnerabilities CVE-2021-43824, CVE-2021-43825, CVE-2021-43826,
311 CVE-2022-21654, and CVE-2022-21655.
312 docs: https://groups.google.com/g/envoy-announce/c/bIUgEDKHl4g
313
314 - version: 2.2.1
315 date: '2022-02-22'
316 notes:
317 - title: Envoy V2 API deprecation
318 type: change
319 body: >-
320 Support for the Envoy V2 API is deprecated as of $productName$ v2.1, and will be removed in $productName$
321 v3.0. The <code>AMBASSADOR_ENVOY_API_VERSION</code> environment variable will be removed at the same
322 time. Only the Envoy V3 API will be supported (this has been the default since $productName$ v1.14.0).
323
324 - title: Correctly support canceling rollouts
325 type: bugfix
326 body: >-
327 The Ambassador Agent now correctly supports requests to cancel a rollout.
328 docs: ../../../argo/latest/howtos/manage-rollouts-using-cloud
329
330 - version: 2.2.0
331 date: '2022-02-10'
332 notes:
333 - title: Envoy V2 API deprecation
334 type: change
335 body: >-
336 Support for the Envoy V2 API is deprecated as of $productName$ v2.1, and will be removed in $productName$
337 v3.0. The <code>AMBASSADOR_ENVOY_API_VERSION</code> environment variable will be removed at the same
338 time. Only the Envoy V3 API will be supported (this has been the default since $productName$ v1.14.0).
339
340 - title: Emissary-ingress will watch for Cloud Connect Tokens
341 type: change
342 body: >-
343 $productName$ will now watch for ConfigMap or Secret resources specified by the
344 <code>AGENT_CONFIG_RESOURCE_NAME</code> environment variable in order to allow all
345 components (and not only the Ambassador Agent) to authenticate requests to
346 Ambassador Cloud.
347 image: ./v2.2.0-cloud.png
348
349 - title: Update Alpine and libraries
350 type: security
351 body: >-
352 $productName$ has updated Alpine to 3.15, and Python and Go dependencies
353 to their latest compatible versions, to incorporate numerous security patches.
354
355 - title: Support a log-level metric
356 type: feature
357 body: >-
358 $productName$ now supports the metric <code>ambassador_log_level{label="debug"}</code>
359 which will be set to 1 if debug logging is enabled for the running Emissary
360 instance, or to 0 if not. This can help to be sure that a running production
361 instance was not actually left doing debugging logging, for example.
362 (Thanks to <a href="https://github.com/jfrabaute">Fabrice</a>!)
363 github:
364 - title: "#3906"
365 link: https://github.com/emissary-ingress/emissary/issues/3906
366 docs: topics/running/statistics/8877-metrics/
367
368 - title: Envoy configuration % escaping
369 type: feature
370 body: >-
371 $productName$ is now leveraging a new Envoy Proxy patch that allows Envoy to accept escaped
372 '%' characters in its configuration. This means that error_response_overrides and other
373 custom user content can now contain '%' symbols escaped as '%%'.
374 docs: topics/running/custom-error-responses
375 github:
376 - title: "DW Envoy: 74"
377 link: https://github.com/datawire/envoy/pull/74
378 - title: "Upstream Envoy: 19383"
379 link: https://github.com/envoyproxy/envoy/pull/19383
380 image: ./v2.2.0-percent-escape.png
381
382 - title: Stream metrics from Envoy to Ambassador Cloud
383 type: feature
384 body: >-
385 Support for streaming Envoy metrics about the clusters to Ambassador Cloud.
386 github:
387 - title: "#4053"
388 link: https://github.com/emissary-ingress/emissary/pull/4053
389 docs: https://github.com/emissary-ingress/emissary/pull/4053
390
391 - title: Support received commands to pause, continue and abort a Rollout via Agent directives
392 type: feature
393 body: >-
394 The Ambassador agent now receives commands to manipulate Rollouts (pause, continue, and
395 abort are currently supported) via directives and executes them in the cluster. A report
396 is sent to Ambassador Cloud including the command ID, whether it ran successfully, and
397 an error message in case there was any.
398 github:
399 - title: "#4040"
400 link: https://github.com/emissary-ingress/emissary/pull/4040
401 docs: https://github.com/emissary-ingress/emissary/pull/4040
402
403 - title: Validate certificates in TLS Secrets
404 type: bugfix
405 body: >-
406 Kubernetes Secrets that should contain TLS certificates are now validated before being
407 accepted for configuration. A Secret that contains an invalid TLS certificate will be logged
408 as an invalid resource.
409 github:
410 - title: "#3821"
411 link: https://github.com/emissary-ingress/emissary/issues/3821
412 docs: ../topics/running/tls
413 image: ./v2.2.0-tls-cert-validation.png
414
415 edgeStackNotes:
416 - title: Devportal support for using API server definitions from OpenAPI docs
417 type: feature
418 body: >-
419 You can now set <code>preserve_servers</code> in Ambassador Edge Stack's
420 <code>DevPortal</code> resource to configure the DevPortal to use server definitions from
421 the OpenAPI document when displaying connection information for services in the DevPortal.
422
423 - version: 2.1.2
424 prevVersion: 2.1.0
425 date: '2022-01-25'
426 notes:
427 - title: Envoy V2 API deprecation
428 type: change
429 body: >-
430 Support for the Envoy V2 API is deprecated as of $productName$ v2.1, and will be removed in $productName$
431 v3.0. The <code>AMBASSADOR_ENVOY_API_VERSION</code> environment variable will be removed at the same
432 time. Only the Envoy V3 API will be supported (this has been the default since $productName$ v1.14.0).
433
434 - title: Docker BuildKit always used for builds
435 type: change
436 body: >-
437 Docker BuildKit is enabled for all Emissary builds. Additionally, the Go
438 build cache is fully enabled when building images, speeding up repeated builds.
439 docs: https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/syntax.md
440
441 - title: Fix support for for v2 Mappings with CORS
442 type: bugfix
443 body: >-
444 Emissary-ingress 2.1.0 generated invalid Envoy configuration for
445 <code>getambassador.io/v2</code> <code>Mappings</code> that set
446 <code>spec.cors.origins</code> to a string rather than a list of strings; this has been
447 fixed, and these <code>Mappings</code> should once again function correctly.
448 docs: topics/using/cors/#the-cors-attribute
449 image: ./v2.1.2-mapping-cors.png
450
451 - title: Correctly handle canary Mapping weights when reconfiguring
452 type: bugfix
453 body: >-
454 Changes to the <code>weight</code> of <code>Mapping</code> in a canary group
455 will now always be correctly managed during reconfiguration; such changes could
456 have been missed in earlier releases.
457 docs: topics/using/canary/#the-weight-attribute
458
459 - title: Correctly handle solitary Mappings with explicit weights
460 type: bugfix
461 body: >-
462 A <code>Mapping</code> that is not part of a canary group, but that has a
463 <code>weight</code> less than 100, will be correctly configured to receive all
464 traffic as if the <code>weight</code> were 100.
465 docs: topics/using/canary/#the-weight-attribute
466 image: ./v2.1.2-mapping-less-weighted.png
467
468 - title: Correctly handle empty rewrite in a Mapping
469 type: bugfix
470 body: >-
471 Using <code>rewrite: ""</code> in a <code>Mapping</code> is correctly handled
472 to mean "do not rewrite the path at all".
473 docs: topics/using/rewrites
474 image: ./v2.1.2-mapping-no-rewrite.png
475
476 - title: Correctly use Mappings with host redirects
477 type: bugfix
478 body: >-
479 Any <code>Mapping</code> that uses the <code>host_redirect</code> field is now properly discovered and used. Thanks
480 to <a href="https://github.com/gferon">Gabriel Féron</a> for contributing this bugfix!
481 github:
482 - title: "#3709"
483 link: https://github.com/emissary-ingress/emissary/issues/3709
484 docs: https://github.com/emissary-ingress/emissary/issues/3709
485
486 - title: Correctly handle DNS wildcards when associating Hosts and Mappings
487 type: bugfix
488 body: >-
489 <code>Mapping</code>s with DNS wildcard <code>hostname</code> will now be correctly
490 matched with <code>Host</code>s. Previously, the case where both the <code>Host</code>
491 and the <code>Mapping</code> use DNS wildcards for their hostnames could sometimes
492 not correctly match when they should have.
493 docs: howtos/configure-communications/
494 image: ./v2.1.2-host-mapping-matching.png
495
496 - title: Fix overriding global settings for adding or removing headers
497 type: bugfix
498 body: >-
499 If the <code>ambassador</code> <code>Module</code> sets a global default for
500 <code>add_request_headers</code>, <code>add_response_headers</code>,
501 <code>remove_request_headers</code>, or <code>remove_response_headers</code>, it is often
502 desirable to be able to turn off that setting locally for a specific <code>Mapping</code>.
503 For several releases this has not been possible for <code>Mappings</code> that are native
504 Kubernetes resources (as opposed to annotations), as an empty value ("mask the global
505 default") was erroneously considered to be equivalent to unset ("inherit the global
506 default"). This is now fixed.
507 docs: topics/using/defaults/
508
509 - title: Fix empty error_response_override bodies
510 type: bugfix
511 body: >-
512 It is now possible to set a <code>Mapping</code>
513 <code>spec.error_response_overrides</code> <code>body.text_format</code> to an empty
514 string or <code>body.json_format</code> to an empty dict. Previously, this was possible
515 for annotations but not for native Kubernetes resources.
516 docs: topics/running/custom-error-responses/
517
518 - title: Annotation conversion and validation
519 type: bugfix
520 body: >-
521 Resources that exist as <code>getambassador.io/config</code> annotations rather than as
522 native Kubernetes resources are now validated and internally converted to v3alpha1 and,
523 the same as native Kubernetes resources.
524 image: ./v2.1.2-annotations.png
525
526 - title: Validation error reporting
527 type: bugfix
528 body: >-
529 Resource validation errors are now reported more consistently; it was the case that in
530 some situations a validation error would not be reported.
531
532 - version: 2.1.1
533 date: 'N/A'
534 notes:
535 - title: Never issued
536 type: change
537 isHeadline: true
538 body: >-
539 <i>Emissary-ingress 2.1.1 was not issued; Ambassador Edge Stack 2.1.1 uses
540 Emissary-ingress 2.1.0.</i>
541
542 - version: 2.1.0
543 date: '2021-12-16'
544 notes:
545 - title: Not recommended; upgrade to 2.1.2 instead
546 type: change
547 isHeadline: true
548 body: >-
549 <i>Emissary-ingress 2.1.0 is not recommended; upgrade to 2.1.2 instead.</i>
550
551 - title: Envoy V2 API deprecation
552 type: change
553 body: >-
554 Support for the Envoy V2 API is deprecated as of $productName$ v2.1, and will be removed in $productName$
555 v3.0. The <code>AMBASSADOR_ENVOY_API_VERSION</code> environment variable will be removed at the same
556 time. Only the Envoy V3 API will be supported (this has been the default since $productName$ v1.14.0).
557
558 - title: Smoother migrations with support for getambassador.io/v2 CRDs
559 type: feature
560 body: >-
561 $productName$ supports <code>getambassador.io/v2</code> CRDs, to simplify migration from $productName$
562 1.X. <b>Note:</b> it is important to read the <a href="../topics/install/migration-matrix">migration
563 documentation</a> before starting migration.
564 docs: topics/install/migration-matrix
565 image: ./v2.1.0-smoother-migration.png
566
567 - title: Correctly handle all changing canary configurations
568 type: bugfix
569 body: >-
570 The incremental reconfiguration cache could miss some updates when multiple
571 <code>Mapping</code>s had the same <code>prefix</code> ("canary"ing multiple
572 <code>Mapping</code>s together). This has been corrected, so that all such
573 updates correctly take effect.
574 github:
575 - title: "#3945"
576 link: https://github.com/emissary-ingress/emissary/issues/3945
577 docs: https://github.com/emissary-ingress/emissary/issues/3945
578 image: ./v2.1.0-canary.png
579
580 - title: Secrets used for ACME private keys will not log errors
581 type: bugfix
582 body: >-
583 When using Kubernetes Secrets to store ACME private keys (as the Edge Stack
584 ACME client does), an error would always be logged about the Secret not being
585 present, even though it was present, and everything was working correctly.
586 This error is no longer logged.
587
588 - title: When using gzip, upstreams will no longer receive encoded data
589 type: bugfix
590 body: >-
591 When using gzip compression, upstream services will no longer receive compressed
592 data. This bug was introduced in 1.14.0. The fix restores the default behavior of
593 not sending compressed data to upstream services.
594 github:
595 - title: "#3818"
596 link: https://github.com/emissary-ingress/emissary/issues/3818
597 docs: https://github.com/emissary-ingress/emissary/issues/3818
598 image: ./v2.1.0-gzip-enabled.png
599
600 - title: Update to busybox 1.34.1
601 type: security
602 body: >-
603 Update to busybox 1.34.1 to resolve CVE-2021-28831, CVE-2021-42378,
604 CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383,
605 CVE-2021-42384, CVE-2021-42385, and CVE-2021-42386.
606
607 - title: Update Python dependencies
608 type: security
609 body: >-
610 Update Python dependencies to resolve CVE-2020-28493 (jinja2), CVE-2021-28363
611 (urllib3), and CVE-2021-33503 (urllib3).
612
613 - title: Remove test-only code from the built image
614 type: security
615 body: >-
616 Previous built images included some Python packages used only for test. These
617 have now been removed, resolving CVE-2020-29651.
618
619 - version: 2.0.5
620 date: '2021-11-08'
621 notes:
622 - title: AuthService circuit breakers
623 type: feature
624 body: >-
625 It is now possible to set the <code>circuit_breakers</code> for <code>AuthServices</code>,
626 exactly the same as for <code>Mappings</code> and <code>TCPMappings</code>. This makes it
627 possible to configure your <code>AuthService</code> to be able to handle more than 1024
628 concurrent requests.
629 docs: topics/running/services/auth-service/
630 image: ./v2.0.5-auth-circuit-breaker.png
631
632 - title: Improved validity checking for error response overrides
633 type: bugfix
634 body: >-
635 Any token delimited by '%' is now validated agains a whitelist of valid
636 Envoy command operators. Any mapping containing an <code>error_response_overrides</code>
637 section with invalid command operators will be discarded.
638 docs: topics/running/custom-error-responses
639
640 - title: mappingSelector is now correctly supported in the Host CRD
641 type: bugfix
642 body: >-
643 The <code>Host</code> CRD now correctly supports the <code>mappingSelector</code>
644 element, as documented. As a transition aid, <code>selector</code> is a synonym for
645 <code>mappingSelector</code>; a future version of $productName$ will remove the
646 <code>selector</code> element.
647 github:
648 - title: "#3902"
649 link: https://github.com/emissary-ingress/emissary/issues/3902
650 docs: https://github.com/emissary-ingress/emissary/issues/3902
651 image: ./v2.0.5-mappingselector.png
652
653 - version: 2.0.4
654 date: '2021-10-19'
655 notes:
656 - title: General availability!
657 type: feature
658 body: >-
659 We're pleased to introduce $productName$ 2.0.4 for general availability! The
660 2.X family introduces a number of changes to allow $productName$ to more
661 gracefully handle larger installations, reduce global configuration to better
662 handle multitenant or multiorganizational installations, reduce memory footprint, and
663 improve performance. We welcome feedback!! Join us on
664 <a href="https://a8r.io/slack">Slack</a> and let us know what you think.
665 isHeadline: true
666 docs: about/changes-2.x
667 image: ./emissary-ga.png
668
669 - title: API version getambassador.io/v3alpha1
670 type: change
671 body: >-
672 The <code>x.getambassador.io/v3alpha1</code> API version has become the
673 <code>getambassador.io/v3alpha1</code> API version. The <code>Ambassador-</code> prefixes
674 from <code>x.getambassador.io/v3alpha1</code> resource kind names
675 (e.g. <code>AmbassadorHost</code>) have been removed for ease of migration from
676 $productName$ 1.x. As with previous 2.0.x releases, you <b>must</b> supply a
677 <code>Host</code> (<code>AmbassadorHost</code> in previous 2.0.x releases) resource to
678 terminate TLS: unlike in 1.x it is no longer sufficient to define a
679 <code>TLSContext</code> (although <code>TLSContext</code>s are still the best way to
680 define TLS configuration information to be shared across multiple <code>Host</code>s).
681 <b>Note that <code>getambassador.io/v3alpha1</code> is the only supported API version for
682 2.0.4</b> — full support for <code>getambassador.io/v2</code> will arrive soon in a
683 later 2.X version.
684 docs: about/changes-2.x
685 image: ./v2.0.4-v3alpha1.png
686
687 - title: Support for Kubernetes 1.22
688 type: feature
689 body: >-
690 The <code>getambassador.io/v3alpha1</code> API version and the published chart
691 and manifests have been updated to support Kubernetes 1.22. Thanks to
692 <a href="https://github.com/imoisharma">Mohit Sharma</a> for contributions to
693 this feature!
694 docs: about/changes-2.x
695 image: ./v2.0.4-k8s-1.22.png
696
697 - title: Mappings support configuring strict or logical DNS
698 type: feature
699 body: >-
700 You can now set <code>dns_type</code> between <code>strict_dns</code> and
701 <code>logical_dns</code> in a <code>Mapping</code> to configure the Service
702 Discovery Type.
703 docs: topics/using/mappings/#dns-configuration-for-mappings
704 image: ./v2.0.4-mapping-dns-type.png
705
706 - title: Mappings support controlling DNS refresh with DNS TTL
707 type: feature
708 body: >-
709 You can now set <code>respect_dns_ttl</code> to <code>true</code> to force the
710 DNS refresh rate for a <code>Mapping</code> to be set to the record's TTL
711 obtained from DNS resolution.
712 docs: topics/using/mappings/#dns-configuration-for-mappings
713
714 - title: Support configuring upstream buffer sizes
715 type: feature
716 body: >-
717 You can now set <code>buffer_limit_bytes</code> in the <code>ambassador</code>
718 <code>Module</code> to to change the size of the upstream read and write buffers.
719 The default is 1MiB.
720 docs: topics/running/ambassador/#modify-default-buffer-size
721
722 - title: Version number reported correctly
723 type: bugfix
724 body: >-
725 The release now shows its actual released version number, rather than
726 the internal development version number.
727 github:
728 - title: "#3854"
729 link: https://github.com/emissary-ingress/emissary/issues/3854
730 docs: https://github.com/emissary-ingress/emissary/issues/3854
731 image: ./v2.0.4-version.png
732
733 - title: Large configurations work correctly with Ambassador Cloud
734 type: bugfix
735 body: >-
736 Large configurations no longer cause $productName$ to be unable
737 to communicate with Ambassador Cloud.
738 github:
739 - title: "#3593"
740 link: https://github.com/emissary-ingress/emissary/issues/3593
741 docs: https://github.com/emissary-ingress/emissary/issues/3593
742
743 - title: Listeners correctly support l7Depth
744 type: bugfix
745 body: >-
746 The <code>l7Depth</code> element of the <code>Listener</code> CRD is
747 properly supported.
748 docs: topics/running/listener#l7depth
749 image: ./v2.0.4-l7depth.png
750
751 - version: 2.0.3-ea
752 date: '2021-09-16'
753 notes:
754 - title: Developer Preview!
755 body: We're pleased to introduce $productName$ 2.0.3 as a <b>developer preview</b>. The 2.X family introduces a number of changes to allow $productName$ to more gracefully handle larger installations, reduce global configuration to better handle multitenant or multiorganizational installations, reduce memory footprint, and improve performance. We welcome feedback!! Join us on <a href="https://a8r.io/slack">Slack</a> and let us know what you think.
756 type: change
757 isHeadline: true
758 docs: about/changes-2.x
759
760 - title: AES_LOG_LEVEL more widely effective
761 body: The environment variable <code>AES_LOG_LEVEL</code> now also sets the log level for the <code>diagd</code> logger.
762 type: feature
763 docs: topics/running/running/
764 github:
765 - title: "#3686"
766 link: https://github.com/emissary-ingress/emissary/issues/3686
767 - title: "#3666"
768 link: https://github.com/emissary-ingress/emissary/issues/3666
769
770 - title: AmbassadorMapping supports setting the DNS type
771 body: You can now set <code>dns_type</code> in the <code>AmbassadorMapping</code> to configure how Envoy will use the DNS for the service.
772 type: feature
773 docs: topics/using/mappings/#using-dns_type
774
775 - title: Building Emissary no longer requires setting DOCKER_BUILDKIT
776 body: It is no longer necessary to set <code>DOCKER_BUILDKIT=0</code> when building Emissary. A future change will fully support BuildKit.
777 type: bugfix
778 docs: https://github.com/emissary-ingress/emissary/issues/3707
779 github:
780 - title: "#3707"
781 link: https://github.com/emissary-ingress/emissary/issues/3707
782
783 - version: 2.0.2-ea
784 date: '2021-08-24'
785 notes:
786 - title: Developer Preview!
787 body: We're pleased to introduce $productName$ 2.0.2 as a <b>developer preview</b>. The 2.X family introduces a number of changes to allow $productName$ to more gracefully handle larger installations, reduce global configuration to better handle multitenant or multiorganizational installations, reduce memory footprint, and improve performance. We welcome feedback!! Join us on <a href="https://a8r.io/slack">Slack</a> and let us know what you think.
788 type: change
789 isHeadline: true
790 docs: about/changes-2.x
791
792 - title: Envoy security updates
793 type: bugfix
794 body: "Upgraded envoy to 1.17.4 to address security vulnerabilities CVE-2021-32777, CVE-2021-32778, CVE-2021-32779, and CVE-2021-32781."
795 docs: https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE?pli=1
796
797 - title: Expose Envoy's allow_chunked_length HTTPProtocolOption
798 type: feature
799 body: "You can now set <code>allow_chunked_length</code> in the Ambassador Module to configure the same value in Envoy."
800 docs: topics/running/ambassador/#content-length-headers
801
802 - title: Envoy-configuration snapshots saved
803 type: change
804 body: Envoy-configuration snapshots get saved (as <code>ambex-#.json</code>) in <code>/ambassador/snapshots</code>. The number of snapshots is controlled by the <code>AMBASSADOR_AMBEX_SNAPSHOT_COUNT</code> environment variable; set it to 0 to disable. The default is 30.
805 docs: topics/running/running/
806
807 - version: 2.0.1-ea
808 date: "2021-08-12"
809 notes:
810 - title: Developer Preview!
811 body: We're pleased to introduce $productName$ 2.0.1 as a <b>developer preview</b>. The 2.X family introduces a number of changes to allow $productName$ to more gracefully handle larger installations, reduce global configuration to better handle multitenant or multiorganizational installations, reduce memory footprint, and improve performance. We welcome feedback!! Join us on <a href="https://a8r.io/slack">Slack</a> and let us know what you think.
812 type: change
813 isHeadline: true
814 docs: about/changes-2.x
815
816 - title: Improved Ambassador Cloud visibility
817 type: feature
818 body: Ambassador Agent reports sidecar process information and <code>AmbassadorMapping</code> OpenAPI documentation to Ambassador Cloud to provide more visibility into services and clusters.
819 docs: /docs/cloud/latest/service-catalog/quick-start/
820
821 - title: Configurable per-AmbassadorListener statistics prefix
822 body: The optional <code>stats_prefix</code> element of the <code>AmbassadorListener</code> CRD now determines the prefix of HTTP statistics emitted for a specific <code>AmbassadorListener</code>.
823 type: feature
824 docs: topics/running/listener
825
826 - title: Configurable statistics names
827 body: The optional <code>stats_name</code> element of <code>AmbassadorMapping</code>, <code>AmbassadorTCPMapping</code>, <code>AuthService</code>, <code>LogService</code>, <code>RateLimitService</code>, and <code>TracingService</code> now sets the name under which cluster statistics will be logged. The default is the <code>service</code>, with non-alphanumeric characters replaced by underscores.
828 type: feature
829 docs: topics/running/statistics
830
831 - title: Updated klog to reduce log noise
832 type: bugfix
833 body: We have updated to <code>k8s.io/klog/v2</code> to track upstream and to quiet unnecessary log output.
834 docs: https://github.com/emissary-ingress/emissary/issues/3603
835
836 - title: Subsecond time resolution in logs
837 type: change
838 body: Logs now include subsecond time resolutions, rather than just seconds.
839 docs: https://github.com/emissary-ingress/emissary/pull/3650
840
841 - title: Configurable Envoy-configuration rate limiting
842 type: change
843 body: Set <code>AMBASSADOR_AMBEX_NO_RATELIMIT</code> to <code>true</code> to completely disable ratelimiting Envoy reconfiguration under memory pressure. This can help performance with the endpoint or Consul resolvers, but could make OOMkills more likely with large configurations. The default is <code>false</code>, meaning that the rate limiter is active.
844 docs: topics/concepts/rate-limiting-at-the-edge/
845
846 - version: 2.0.0-ea
847 date: "2021-06-24"
848 notes:
849 - title: Developer Preview!
850 body: We're pleased to introduce $productName$ 2.0.0 as a <b>developer preview</b>. The 2.X family introduces a number of changes to allow $productName$ to more gracefully handle larger installations, reduce global configuration to better handle multitenant or multiorganizational installations, reduce memory footprint, and improve performance. We welcome feedback!! Join us on <a href="https://a8r.io/slack">Slack</a> and let us know what you think.
851 type: change
852 docs: about/changes-2.x
853 isHeadline: true
854
855 - title: Configuration API v3alpha1
856 body: >-
857 $productName$ 2.0.0 introduces API version <code>x.getambassador.io/v3alpha1</code> for
858 configuration changes that are not backwards compatible with the 1.X family. API versions
859 <code>getambassador.io/v0</code>, <code>getambassador.io/v1</code>, and
860 <code>getambassador.io/v2</code> are deprecated. Further details are available in the <a
861 href="../about/changes-2.x/#1-configuration-api-version-getambassadoriov3alpha1">Major Changes
862 in 2.X</a> document.
863 type: feature
864 docs: about/changes-2.x/#1-configuration-api-version-getambassadoriov3alpha1
865 image: ./edge-stack-2.0.0-v3alpha1.png
866
867 - title: The AmbassadorListener Resource
868 body: The new <code>AmbassadorListener</code> CRD defines where and how to listen for requests from the network, and which <code>AmbassadorHost</code> definitions should be used to process those requests. Note that the <code>AmbassadorListener</code> CRD is <b>mandatory</b> and consolidates <i>all</i> port configuration; see the <a href="../topics/running/listener"><code>AmbassadorListener</code> documentation</a> for more details.
869 type: feature
870 docs: topics/running/listener
871 image: ./edge-stack-2.0.0-listener.png
872
873 - title: AmbassadorMapping hostname DNS glob support
874 body: >-
875 Where <code>AmbassadorMapping</code>'s <code>host</code> field is either an exact match or (with <code>host_regex</code> set) a regex,
876 the new <code>hostname</code> element is always a DNS glob. Use <code>hostname</code> instead of <code>host</code> for best results.
877 docs: about/changes-2.x/#ambassadorhost-and-ambassadormapping-association
878 type: feature
879
880 - title: Memory usage improvements for installations with many AmbassadorHosts
881 body: The behavior of the Ambassador module <code>prune_unreachable_routes</code> field is now automatic, which should reduce Envoy memory requirements for installations with many <code>AmbassadorHost</code>s
882 docs: topics/running/ambassador/#prune-unreachable-routes
883 image: ./edge-stack-2.0.0-prune_routes.png
884 type: feature
885
886 - title: Independent Host actions supported
887 body: Each <code>AmbassadorHost</code> can specify its <code>requestPolicy.insecure.action</code> independently of any other <code>AmbassadorHost</code>, allowing for HTTP routing as flexible as HTTPS routing.
888 docs: topics/running/host-crd/#secure-and-insecure-requests
889 github:
890 - title: "#2888"
891 link: https://github.com/datawire/ambassador/issues/2888
892 image: ./edge-stack-2.0.0-insecure_action_hosts.png
893 type: bugfix
894
895 - title: Correctly set Ingress resource status in all cases
896 body: $productName$ 2.0.0 fixes a regression in detecting the Ambassador Kubernetes service that could cause the wrong IP or hostname to be used in Ingress statuses -- thanks, <a href="https://github.com/impl">Noah Fontes</a>!
897 docs: topics/running/ingress-controller
898 type: bugfix
899 image: ./edge-stack-2.0.0-ingressstatus.png
900
901 - title: Stricter mTLS enforcement
902 body: $productName$ 2.0.0 fixes a bug where mTLS could use the wrong configuration when SNI and the <code>:authority</code> header didn't match
903 type: bugfix
904
905 - title: Port configuration outside AmbassadorListener has been moved to AmbassadorListener
906 body: The <code>TLSContext</code> <code>redirect_cleartext_from</code> and <code>AmbassadorHost</code> <code>requestPolicy.insecure.additionalPort</code> elements are no longer supported. Use a <code>AmbassadorListener</code> for this functionality instead.
907 type: change
908 docs: about/changes-2.x/#tlscontext-redirect_cleartext_from-and-host-insecureadditionalport
909
910 - title: PROXY protocol configuration has been moved to AmbassadorListener
911 body: The <code>use_proxy_protocol</code> element of the Ambassador <code>Module</code> is no longer supported, as it is now part of the <code>AmbassadorListener</code> resource (and can be set per-<code>AmbassadorListener</code> rather than globally).
912 type: change
913 docs: about/changes-2.x/#proxy-protocol-configuration
914
915 - title: Stricter rules for AmbassadorHost/AmbassadorMapping association
916 body: An <code>AmbassadorMapping</code> will only be matched with an <code>AmbassadorHost</code> if the <code>AmbassadorMapping</code>'s <code>host</code> or the <code>AmbassadorHost</code>'s <code>selector</code> (or both) are explicitly set, and match. This change can significantly improve $productName$'s memory footprint when many <code>AmbassadorHost</code>s are involved. Further details are available in the <a href="../about/changes-2.x/#host-and-mapping-association">Major Changes in 2.X</a> document.
917 docs: about/changes-2.x/#host-and-mapping-association
918 type: change
919
920 - title: AmbassadorHost or Ingress now required for TLS termination
921 body: An <code>AmbassadorHost</code> or <code>Ingress</code> resource is now required when terminating TLS -- simply creating a <code>TLSContext</code> is not sufficient. Further details are available in the <a href="../about/changes-2.x/#host-tlscontext-and-tls-termination"><code>AmbassadorHost</code> CRD documentation.</a>
922 docs: about/changes-2.x/#host-tlscontext-and-tls-termination
923 type: change
924 image: ./edge-stack-2.0.0-host_crd.png
925
926 - title: Envoy V3 APIs
927 body: By default, $productName$ will configure Envoy using the V3 Envoy API. This change is mostly transparent to users, but note that Envoy V3 does not support unsafe regular expressions or, e.g., Zipkin's V1 collector protocol. Further details are available in the <a href="../about/changes-2.x">Major Changes in 2.X</a> document.
928 type: change
929 docs: about/changes-2.x/#envoy-v3-api-by-default
930
931 - title: Module-based TLS no longer supported
932 body: The <code>tls</code> module and the <code>tls</code> field in the Ambassador module are no longer supported. Please use <code>TLSContext</code> resources instead.
933 docs: about/changes-2.x/#tls-the-ambassador-module-and-the-tls-module
934 image: ./edge-stack-2.0.0-tlscontext.png
935 type: change
936
937 - title: Higher performance while generating Envoy configuration now enabled by default
938 body: The environment variable <code>AMBASSADOR_FAST_RECONFIGURE</code> is now set by default, enabling the higher-performance implementation of the code that $productName$ uses to generate and validate Envoy configurations.
939 docs: topics/running/scaling/#ambassador_fast_reconfigure-and-ambassador_legacy_mode-flags
940 type: change
941
942 - title: Service Preview no longer supported
943 body: >-
944 Service Preview and the <code>AGENT_SERVICE</code> environment variable are no longer supported.
945 The Telepresence product replaces this functionality.
946 docs: https://www.getambassador.io/docs/telepresence/
947 type: change
948
949 - title: edgectl no longer supported
950 body: The <code>edgectl</code> CLI tool has been deprecated; please use the <code>emissary-ingress</code> helm chart instead.
951 docs: topics/install/helm/
952 type: change
953
954 - version: 1.14.2
955 date: '2021-09-29'
956 notes:
957 - title: Mappings support controlling DNS refresh with DNS TTL
958 type: feature
959 body: >-
960 You can now set <code>respect_dns_ttl</code> in Ambassador Mappings. When true it
961 configures that upstream's refresh rate to be set to resource record’s TTL
962 docs: topics/using/mappings/#dns-configuration-for-mappings
963
964 - title: Mappings support configuring strict or logical DNS
965 type: feature
966 body: >-
967 You can now set <code>dns_type</code> in Ambassador Mappings to use Envoy's
968 <code>logical_dns</code> resolution instead of the default <code>strict_dns</code>.
969 docs: topics/using/mappings/#dns-configuration-for-mappings
970
971 - title: Support configuring upstream buffer size
972 type: feature
973 body: >-
974 You can now set <code>buffer_limit_bytes</code> in the <code>ambassador</code>
975 <code>Module</code> to to change the size of the upstream read and write buffers.
976 The default is 1MiB.
977 docs: topics/running/ambassador/#modify-default-buffer-size
978
979 - version: 1.14.1
980 date: '2021-08-24'
981 notes:
982 - title: Envoy security updates
983 type: change
984 body: >-
985 Upgraded Envoy to 1.17.4 to address security vulnerabilities CVE-2021-32777,
986 CVE-2021-32778, CVE-2021-32779, and CVE-2021-32781.
987 docs: https://groups.google.com/g/envoy-announce/c/5xBpsEZZDfE
988
989 - version: 1.14.0
990 date: "2021-08-19"
991 notes:
992 - title: Envoy upgraded to 1.17.3!
993 type: change
994 body: >-
995 Update from Envoy 1.15 to 1.17.3
996 docs: https://www.envoyproxy.io/docs/envoy/latest/version_history/version_history
997
998 - title: Expose Envoy's allow_chunked_length HTTPProtocolOption
999 type: feature
1000 body: >-
1001 You can now set <code>allow_chunked_length</code> in the Ambassador Module to configure
1002 the same value in Envoy.
1003 docs: topics/running/ambassador/#content-length-headers
1004
1005 - title: Default Envoy API version is now V3
1006 type: change
1007 body: >-
1008 <code>AMBASSADOR_ENVOY_API_VERSION</code> now defaults to <code>V3</code>
1009 docs: topics/running/running/#ambassador_envoy_api_version
1010
1011 - title: Subsecond time resolution in logs
1012 type: change
1013 body: Logs now include subsecond time resolutions, rather than just seconds.
1014 docs: https://github.com/emissary-ingress/emissary/pull/3650
1015
1016 - version: 1.13.10
1017 date: '2021-07-28'
1018 notes:
1019 - title: Fix for CORS origins configuration on the Mapping resource
1020 type: bugfix
1021 body: >-
1022 Fixed a regression when specifying a comma separated string for <code>cors.origins</code>
1023 on the <code>Mapping</code> resource.
1024 ([#3609](https://github.com/emissary-ingress/emissary/issues/3609))
1025 docs: topics/using/cors
1026 image: ../images/emissary-1.13.10-cors-origin.png
1027
1028 - title: New Envoy-configuration snapshots for debugging
1029 body: "Envoy-configuration snapshots get saved (as <code>ambex-#.json</code>) in <code>/ambassador/snapshots</code>. The number of snapshots is controlled by the <code>AMBASSADOR_AMBEX_SNAPSHOT_COUNT</code> environment variable; set it to 0 to disable. The default is 30."
1030 type: change
1031 docs: topics/running/environment/
1032
1033 - title: Optionally remove ratelimiting for Envoy reconfiguration
1034 body: >-
1035 Set <code>AMBASSADOR_AMBEX_NO_RATELIMIT</code> to <code>true</code> to completely disable
1036 ratelimiting Envoy reconfiguration under memory pressure. This can help performance with
1037 the endpoint or Consul resolvers, but could make OOMkills more likely with large
1038 configurations. The default is <code>false</code>, meaning that the rate limiter is
1039 active.
1040 type: change
1041 docs: topics/running/environment/
1042
1043 edgeStackNotes:
1044 - title: Mappings support configuring the DevPortal fetch timeout
1045 type: bugfix
1046 body: >-
1047 The <code>Mapping</code> resource can now specify <code>docs.timeout_ms</code> to set the
1048 timeout when the Dev Portal is fetching API specifications.
1049 docs: topics/using/dev-portal
1050 image: ../images/edge-stack-1.13.10-docs-timeout.png
1051
1052 - title: Dev Portal will strip HTML tags when displaying results
1053 type: bugfix
1054 body: >-
1055 The Dev Portal will now strip HTML tags when displaying search results, showing just the
1056 actual content of the search result.
1057 docs: topics/using/dev-portal
1058
1059 - title: Consul certificate rotation logs more information
1060 type: change
1061 body: >-
1062 Consul certificate-rotation logging now includes the fingerprints and validity timestamps
1063 of certificates being rotated.
1064 docs: howtos/consul/
1065 image: ../images/edge-stack-1.13.10-consul-cert-log.png
1066
1067 - version: 1.13.9
1068 date: '2021-06-30'
1069 notes:
1070 - title: Fix for TCPMappings
1071 body: >-
1072 Configuring multiple TCPMappings with the same ports (but different hosts) no longer
1073 generates invalid Envoy configuration.
1074 type: bugfix
1075 docs: topics/using/tcpmappings/
1076
1077 - version: 1.13.8
1078 date: '2021-06-08'
1079 notes:
1080 - title: Fix Ambassador Cloud Service Details
1081 body: >-
1082 Ambassador Agent now accurately reports up-to-date Endpoint information to Ambassador
1083 Cloud
1084 type: bugfix
1085 docs: tutorials/getting-started/#3-connect-your-cluster-to-ambassador-cloud
1086 image: ../images/edge-stack-1.13.8-cloud-bugfix.png
1087
1088 - title: Improved Argo Rollouts Experience with Ambassador Cloud
1089 body: >-
1090 Ambassador Agent reports ConfigMaps and Deployments to Ambassador Cloud to provide a
1091 better Argo Rollouts experience. See [Argo+Ambassador
1092 documentation](https://www.getambassador.io/docs/argo) for more info.
1093 type: feature
1094 docs: https://www.getambassador.io/docs/argo
1095
1096 - version: 1.13.7
1097 date: '2021-06-03'
1098 notes:
1099 - title: JSON logging support
1100 body: >-
1101 Add AMBASSADOR_JSON_LOGGING to enable JSON for most of the Ambassador control plane. Some
1102 (but few) logs from gunicorn and the Kubernetes client-go package still log text.
1103 image: ../images/edge-stack-1.13.7-json-logging.png
1104 docs: topics/running/running/#log-format
1105 type: feature
1106
1107 - title: Consul resolver bugfix with TCPMappings
1108 body: >-
1109 Fixed a bug where the Consul resolver would not actually use Consul endpoints with
1110 TCPMappings.
1111 image: ../images/edge-stack-1.13.7-tcpmapping-consul.png
1112 docs: topics/running/resolvers/#the-consul-resolver
1113 type: bugfix
1114
1115 - title: Memory usage calculation improvements
1116 body: >-
1117 Ambassador now calculates its own memory usage in a way that is more similar to how the
1118 kernel OOMKiller tracks memory.
1119 image: ../images/edge-stack-1.13.7-memory.png
1120 docs: topics/running/scaling/#inspecting-ambassador-performance
1121 type: change
1122
1123 - version: 1.13.6
1124 date: '2021-05-24'
1125 notes:
1126 - title: Quieter logs in legacy mode
1127 type: bugfix
1128 body: >-
1129 Fixed a regression where Ambassador snapshot data was logged at the INFO label
1130 when using <code>AMBASSADOR_LEGACY_MODE=true</code>.
1131
1132 - version: 1.13.5
1133 date: '2021-05-13'
1134 notes:
1135 - title: Correctly support proper_case and preserve_external_request_id
1136 type: bugfix
1137 body: >-
1138 Fix a regression from 1.8.0 that prevented <code>ambassador</code> <code>Module</code>
1139 config keys <code>proper_case</code> and <code>preserve_external_request_id</code>
1140 from working correctly.
1141 docs: topics/running/ambassador/#header-case
1142
1143 - title: Correctly support Ingress statuses in all cases
1144 type: bugfix
1145 body: >-
1146 Fixed a regression in detecting the Ambassador Kubernetes service that could cause the
1147 wrong IP or hostname to be used in Ingress statuses (thanks, [Noah
1148 Fontes](https://github.com/impl)!
1149 docs: topics/running/ingress-controller
1150
1151 - version: 1.13.4
1152 date: '2021-05-11'
1153 notes:
1154 - title: Envoy 1.15.5
1155 body: >-
1156 Incorporate the Envoy 1.15.5 security update by adding the
1157 <code>reject_requests_with_escaped_slashes</code> option to the Ambassador module.
1158 image: ../images/edge-stack-1.13.4.png
1159 docs: topics/running/ambassador/#rejecting-client-requests-with-escaped-slashes
1160 type: security
1161
1162# Don't go any further back than 1.13.4.
View as plain text