Skip to content

Commit

Permalink
release: update changelog for v3.9.0 release
Browse files Browse the repository at this point in the history
Signed-off-by: Lance Austin <[email protected]>
  • Loading branch information
Lance Austin committed Nov 13, 2023
1 parent ec880db commit ad25a61
Show file tree
Hide file tree
Showing 2 changed files with 71 additions and 12 deletions.
30 changes: 26 additions & 4 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -85,15 +85,37 @@ it will be removed; but as it won't be user-visible this isn't considered a brea

## RELEASE NOTES

## [3.9.0] TBD
## [3.9.0] November 13, 2023
[3.9.0]: https://github.com/emissary-ingress/emissary/compare/v3.8.0...v3.9.0

### Emissary-ingress and Ambassador Edge Stack

- Feature: This upgrades Emissary-ingress to be built on Envoy v1.27.2 which provides security,
performance and feature enhancements. You can read more about them here: <a
href="https://www.envoyproxy.io/docs/envoy/v1.27.2/version_history/version_history">Envoy Proxy
1.27.2 Release Notes</a>

- Feature: By default, Emissary-ingress will return an `UNAVAILABLE` code when a request using gRPC
is rate limited. The `RateLimitService` resource now exposes a new
`grpc.use_resource_exhausted_code` field that when set to `true`, Emissary-ingress will return a
`RESOURCE_EXHAUSTED` gRPC code instead. Thanks to <a href="https://github.com/jeromefroe">Jerome
Froelich</a> for contributing this feature!

- Feature: Envoy runtime fields that were provided to mitigate the recent HTTP/2 rapid reset
vulnerability can now be configured via the Module resource so the configuration will persist
between restarts. This configuration is added to the Envoy bootstrap config, so restarting
Emissary is necessary after changing these fields for the configuration to take effect.
vulnerability can now be configured via the Module resource so the configuration will persist
between restarts. This configuration is added to the Envoy bootstrap config, so restarting
Emissary is necessary after changing these fields for the configuration to take effect.

- Change: APIExt would previously allow for TLS 1.0 connections. We have updated it to now only use
a minimum TLS version of 1.3 to resolve security concerns.

- Change: - Update default image to Emissary-ingress v3.9.0. <br/>

- Bugfix: The APIExt server provides CRD conversion between the stored version v2 and the version
watched for by Emissary-ingress v3alpha1. Since this component is required to operate
Emissary-ingress, we have introduced an init container that will ensure it is available before
starting. This will help address some of the intermittent issues seen during install and
upgrades.

## [3.8.0] August 29, 2023
[3.8.0]: https://github.com/emissary-ingress/emissary/compare/v3.7.2...v3.8.0
Expand Down
53 changes: 45 additions & 8 deletions docs/releaseNotes.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,16 +34,53 @@ changelog: https://github.com/emissary-ingress/emissary/blob/$branch$/CHANGELOG.
items:
- version: 3.9.0
prevVersion: 3.8.0
date: 'TBD'
date: '2023-11-13'
notes:
- title: Upgrade to Envoy 1.27.2
type: feature
body: >-
This upgrades $productName$ to be built on Envoy v1.27.2 which provides security, performance
and feature enhancements. You can read more about them here:
<a href="https://www.envoyproxy.io/docs/envoy/v1.27.2/version_history/version_history">Envoy Proxy 1.27.2 Release Notes</a>
docs: https://www.envoyproxy.io/docs/envoy/v1.27.2/version_history/version_history

- title: Added support for RESOURCE_EXHAUSTED responses to grpc clients when rate limited
type: feature
body: >-
By default, $productName$ will return an <code>UNAVAILABLE</code> code when a request using gRPC
is rate limited. The <code>RateLimitService</code> resource now exposes a new <code>grpc.use_resource_exhausted_code</code>
field that when set to <code>true</code>, $productName$ will return a <code>RESOURCE_EXHAUSTED</code> gRPC code instead.
Thanks to <a href="https://github.com/jeromefroe">Jerome Froelich</a> for contributing this feature!
- title: Added support for setting specific Envoy runtime flags in the Module
type: feature
body: >-
Envoy runtime fields that were provided to mitigate the recent HTTP/2 rapid reset vulnerability
can now be configured via the Module resource so the configuration will persist between restarts.
This configuration is added to the Envoy bootstrap config, so restarting Emissary is necessary after
changing these fields for the configuration to take effect.
- title: Update APIExt minimum TLS version
type: change
body: >-
APIExt would previously allow for TLS 1.0 connections. We have updated it to now only use a minimum
TLS version of 1.3 to resolve security concerns.
docs: https://www.tenable.com/plugins/nessus/104743

- title: Shipped Helm chart v8.9.0
type: change
body: >-
- Update default image to $productName$ v3.9.0. <br/>
docs: https://github.com/emissary-ingress/emissary/blob/master/charts/emissary-ingress/CHANGELOG.md

- title: Added support for setting specific Envoy runtime flags in the Module
type: feature
body: >-
Envoy runtime fields that were provided to mitigate the recent HTTP/2 rapid reset
vulnerability can now be configured via the Module resource so the configuration will
persist between restarts. This configuration is added to the Envoy bootstrap config, so
restarting Emissary is necessary after changing these fields for the configuration to take effect.
- title: Ensure APIExt server is available before starting Emissary-ingress
type: bugfix
body: >-
The APIExt server provides CRD conversion between the stored version v2 and the version watched for
by $productName$ v3alpha1. Since this component is required to operate $productName$, we have
introduced an init container that will ensure it is available before starting. This will help address
some of the intermittent issues seen during install and upgrades.
docs: https://artifacthub.io/packages/helm/datawire/edge-stack/$emissaryChartVersion$

- version: 3.8.0
prevVersion: 3.7.2
Expand Down

0 comments on commit ad25a61

Please sign in to comment.