- access log: added FILTER_STATE :ref:`access log formatters <config_access_log_format>` and gRPC access logger.
- admin: added the ability to filter :ref:`/config_dump <operations_admin_interface_config_dump>`.
- access log: added a :ref:`typed JSON logging mode <config_access_log_format_dictionaries>` to output access logs in JSON format with non-string values
- access log: fixed UPSTREAM_LOCAL_ADDRESS :ref:`access log formatters <config_access_log_format>` to work for http requests
- access log: added HOSTNAME.
- api: remove all support for v1
- api: added ability to specify mode for :ref:`Pipe <envoy_api_field_core.Pipe.mode>`.
- api: support for the v3 xDS API added. See :ref:`api_supported_versions`.
- aws_request_signing: added new alpha :ref:`HTTP AWS request signing filter <config_http_filters_aws_request_signing>`.
- buffer: remove old implementation
- build: official released binary is now built against libc++.
- cluster: added :ref:`aggregate cluster <arch_overview_aggregate_cluster>` that allows load balancing between clusters.
- config: all category names of internal envoy extensions are prefixed with the 'envoy.' prefix to follow the reverse DNS naming notation.
- decompressor: remove decompressor hard assert failure and replace with an error flag.
- ext_authz: added :ref:`configurable ability<envoy_api_field_config.filter.http.ext_authz.v2.ExtAuthz.include_peer_certificate>` to send the :ref:`certificate<envoy_api_field_service.auth.v2.AttributeContext.Peer.certificate>` to the ext_authz service.
- fault: fixed an issue where the http fault filter would repeatedly check the percentage of abort/delay when the x-envoy-downstream-service-cluster header was included in the request to ensure that the actual percentage of abort/delay matches the configuration of the filter.
- health check: gRPC health checker sets the gRPC deadline to the configured timeout duration.
- health check: added :ref:`TlsOptions <envoy_api_msg_core.HealthCheck.TlsOptions>` to allow TLS configuration overrides.
- health check: added :ref:`service_name_matcher <envoy_api_field_core.HealthCheck.HttpHealthCheck.service_name_matcher>` to better compare the service name patterns for health check identity.
- http: added strict validation that CONNECT is refused as it is not yet implemented. This can be reversed temporarily by setting the runtime feature envoy.reloadable_features.strict_method_validation to false.
- http: added support for http1 trailers. To enable use :ref:`enable_trailers <envoy_api_field_core.Http1ProtocolOptions.enable_trailers>`.
- http: added the ability to sanitize headers nominated by the Connection header. This new behavior is guarded by envoy.reloadable_features.connection_header_sanitization which defaults to true.
- http: blocks unsupported transfer-encodings. Can be reverted temporarily by setting runtime feature envoy.reloadable_features.reject_unsupported_transfer_encodings to false.
- http: support :ref:`auto_host_rewrite_header<envoy_api_field_config.filter.http.dynamic_forward_proxy.v2alpha.PerRouteConfig.auto_host_rewrite_header>` in the dynamic forward proxy.
- jwt_authn: added :ref:`allow_missing<envoy_api_field_config.filter.http.jwt_authn.v2alpha.JwtRequirement.allow_missing>` option that accepts request without token but rejects bad request with bad tokens.
- jwt_authn: added :ref:`bypass_cors_preflight<envoy_api_field_config.filter.http.jwt_authn.v2alpha.JwtAuthentication.bypass_cors_preflight>` to allow bypassing the CORS preflight request.
- lb_subset_config: new fallback policy for selectors: :ref:`KEYS_SUBSET<envoy_api_enum_value_Cluster.LbSubsetConfig.LbSubsetSelector.LbSubsetSelectorFallbackPolicy.KEYS_SUBSET>`
- listeners: added :ref:`reuse_port<envoy_api_field_Listener.reuse_port>` option.
- logger: added :ref:`--log-format-escaped <operations_cli>` command line option to escape newline characters in application logs.
- ratelimit: added :ref:`local rate limit <config_network_filters_local_rate_limit>` network filter.
- rbac: added support for matching all subject alt names instead of first in :ref:`principal_name <envoy_api_field_config.rbac.v2.Principal.Authenticated.principal_name>`.
- redis: performance improvement for larger split commands by avoiding string copies.
- redis: correctly follow MOVE/ASK redirection for mirrored clusters.
- redis: add :ref:`host_degraded_refresh_threshold <envoy_api_field_config.cluster.redis.RedisClusterConfig.host_degraded_refresh_threshold>` and :ref:`failure_refresh_threshold <envoy_api_field_config.cluster.redis.RedisClusterConfig.failure_refresh_threshold>` to refresh topology when nodes are degraded or when requests fails.
- router: added histograms to show timeout budget usage to the :ref:`cluster stats <config_cluster_manager_cluster_stats>`.
- router check tool: added support for testing and marking coverage for routes of runtime fraction 0.
- router: added :ref:`request_mirror_policies<envoy_api_field_route.RouteAction.request_mirror_policies>` to support sending multiple mirrored requests in one route.
- router: added support for REQ(header-name) :ref:`header formatter <config_http_conn_man_headers_custom_request_headers>`.
- router: added support for percentage-based :ref:`retry budgets <envoy_api_field_cluster.CircuitBreakers.Thresholds.retry_budget>`
- router: allow using a :ref:`query parameter <envoy_api_field_route.RouteAction.HashPolicy.query_parameter>` for HTTP consistent hashing.
- router: exposed DOWNSTREAM_REMOTE_ADDRESS as custom HTTP request/response headers.
- router: added support for :ref:`max_internal_redirects <envoy_api_field_route.RouteAction.max_internal_redirects>` for configurable maximum internal redirect hops.
- router: skip the Location header when the response code is not a 201 or a 3xx.
- router: added :ref:`auto_sni <envoy_api_field_core.UpstreamHttpProtocolOptions.auto_sni>` to support setting SNI to transport socket for new upstream connections based on the downstream HTTP host/authority header.
- router: added support for HOSTNAME :ref:`header formatter <config_http_conn_man_headers_custom_request_headers>`.
- server: added the :option:`--disable-extensions` CLI option, to disable extensions at startup.
- server: fixed a bug in config validation for configs with runtime layers.
- server: added :ref:`workers_started <config_listener_manager_stats>` that indicates whether listeners have been fully initialized on workers.
- tcp_proxy: added :ref:`ClusterWeight.metadata_match<envoy_api_field_config.filter.network.tcp_proxy.v2.TcpProxy.WeightedCluster.ClusterWeight.metadata_match>`.
- tcp_proxy: added :ref:`hash_policy<envoy_api_field_config.filter.network.tcp_proxy.v2.TcpProxy.hash_policy>`.
- thrift_proxy: added support for cluster header based routing.
- thrift_proxy: added stats to the router filter.
- tls: remove TLS 1.0 and 1.1 from client defaults
- tls: added support for :ref:`generic string matcher <envoy_api_field_auth.CertificateValidationContext.match_subject_alt_names>` for subject alternative names.
- tracing: added the ability to set custom tags on both the :ref:`HTTP connection manager<envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.tracing>` and the :ref:`HTTP route <envoy_api_field_route.Route.tracing>`.
- tracing: added upstream_address tag.
- tracing: added initial support for AWS X-Ray (local sampling rules only) :ref:`X-Ray Tracing <envoy_api_msg_config.trace.v2alpha.XRayConfig>`.
- tracing: added tags for gRPC request path, authority, content-type and timeout.
- udp: added initial support for :ref:`UDP proxy <config_udp_listener_filters_udp_proxy>`
- The request_headers_for_tags field in :ref:`HTTP connection manager <envoy_api_msg_config.filter.network.http_connection_manager.v2.HttpConnectionManager.Tracing>` has been deprecated in favor of the :ref:`custom_tags <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.tracing.custom_tags>` field.
- The verify_subject_alt_name field in :ref:`Certificate Validation Context <envoy_api_field_auth.CertificateValidationContext.verify_subject_alt_name>` has been deprecated in favor of the :ref:`match_subject_alt_names <envoy_api_field_auth.CertificateValidationContext.match_subject_alt_names>` field.
- The request_mirror_policy field in :ref:`RouteMatch <envoy_api_msg_route.RouteAction>` has been deprecated in favor of the request_mirror_policies field.
- The service_name field in :ref:`HTTP health checker <envoy_api_msg_core.HealthCheck.HttpHealthCheck>` has been deprecated in favor of the service_name_matcher field.
- The v2 xDS API is deprecated. It will be supported by Envoy until EOY 2020. See :ref:`api_supported_versions`.