repo: Release v1.33.0

**Summary of changes**: * c-ares: - [CVE-2024-25629](GHSA-mg26-v6qh-x48q) Out of bounds read in c-ares (DNS) * HTTP: - RFC1918 addresses are no longer considered to be internal addresses by default. This addresses a security issue for Envoys in multi-tenant mesh environments. - Shadow requests are now streamed in parallel with the original request. - Local replies now traverse the filter chain if 1xx headers have been sent to the client. * Tracing: - Removed support for (long deprecated) Opencensus tracing extension. * Wasm: - The route cache will *not* be cleared by default if a Wasm extension modifies the request headers and the ABI version of wasm extension is larger than 0.2.1. - Remove previously deprecated xDS attributes from `get_property`, use `xds` attributes instead. - Added Wasm VM reload support and support for plugins writtin in Go. * Access log: - New implementation of the JSON formatter is enabled by default. * CSRF: - Increase the statistics counter `missing_source_origin` only for requests with a missing source origin. * DNS: - Added nameserver rotation and query timeouts/retries to the c-ares resolver. * Formatter: - `NaN` and `Infinity` values of float will be serialized to `null` and `inf` respectively in the metadata (`DYNAMIC_METADATA`, `CLUSTER_METADATA`, etc.) formatters. * OAuth2: - `use_refresh_token` is now enabled by default. - Implement the Signed Double-Submit Cookie pattern. * QUIC: - Enable UDP GRO in QUIC client connections by default. * SDS: - Relaxed the backing cluster validation for Secret Discovery Service (SDS). * TLS: - Added support for P-384 and P-521 curves for server certificates, improved upstream SNI and SAN validation support. **Docker images**: https://hub.docker.com/r/envoyproxy/envoy/tags?page=1&name=v1.33.0 **Docs**: https://www.envoyproxy.io/docs/envoy/v1.33.0/ **Release notes**: https://www.envoyproxy.io/docs/envoy/v1.33.0/version_history/v1.33/v1.33.0 **Full changelog**: v1.32.0...v1.33.0
envoyproxy · Jan 14, 2025 · b0f43d6 · b0f43d6
1 parent c93cf7a
commit b0f43d6
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 12 deletions.
diff --git a/VERSION.txt b/VERSION.txt
@@ -1 +1 @@
-1.33.0-dev
+1.33.0
diff --git a/changelogs/current.yaml b/changelogs/current.yaml
@@ -1,7 +1,6 @@
-date: Pending
+date: January 14, 2025
 
 behavior_changes:
-# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
 - area: ext_proc
   change: |
     Previously, tracing spans generated by ``ext_proc`` were always sampled by default. Now, the default sampling
@@ -38,9 +37,7 @@ behavior_changes:
     ``ActiveStreamDecoderFilter::recreateStream()`` is called. This behavior change can be temporarily reverted by flipping
     ``envoy.reloadable_features.filter_chain_aborted_can_not_continue`` to ``false``.
 
-
 minor_behavior_changes:
-# *Changes that may cause incompatibilities for some users, but should not for most*
 - area: access_log
   change: |
     New implementation of the JSON formatter will be enabled by default.
@@ -102,13 +99,13 @@ minor_behavior_changes:
     by setting the runtime guard ``envoy.reloadable_features.local_reply_traverses_filter_chain_after_1xx`` to ``false``.
 - area: cluster
   change: |
-      Clusters can no longer use unregistered extension types in
-      :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>`.
+    Clusters can no longer use unregistered extension types in
+    :ref:`cluster_type<envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>`.
 - area: cluster
   change: |
-      Clusters factories are registered by configuration type for
-      :ref:`cluster_type <envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>`
-      and will use configuration type to lookup the corresponding factory when available.
+    Clusters factories are registered by configuration type for
+    :ref:`cluster_type <envoy_v3_api_field_config.cluster.v3.Cluster.cluster_type>`
+    and will use configuration type to lookup the corresponding factory when available.
 - area: dns
   change: |
     Patched c-ares to address CVE-2024-25629.
@@ -136,7 +133,6 @@ minor_behavior_changes:
     ``envoy.reloadable_features.shadow_policy_inherit_trace_sampling`` to ``false``.
 
 bug_fixes:
-# *Changes expected to improve the state of the world and are unlikely to have negative effects*
 - area: lrs
   change: |
     Fixes errors stat being incremented and warning log spamming for ``LoadStatsReporting`` graceful stream close.
@@ -218,7 +214,6 @@ bug_fixes:
     runtime guard ``envoy.reloadable_features.http2_propagate_reset_events`` to false.
 
 removed_config_or_runtime:
-# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
 - area: router
   change: |
     Removed runtime guard ``envoy_reloadable_features_send_local_reply_when_no_buffer_and_upstream_request``.