diff --git a/content/en/news/2019/announcing-1.4/change-notes/index.md b/content/en/news/2019/announcing-1.4/change-notes/index.md index 0dae8aeef9..f0df17964d 100644 --- a/content/en/news/2019/announcing-1.4/change-notes/index.md +++ b/content/en/news/2019/announcing-1.4/change-notes/index.md @@ -9,6 +9,9 @@ weight: 10 - **Added** support for [mirroring](/docs/tasks/traffic-management/mirroring/) a percentage of traffic. - **Improved** the Envoy sidecar. The Envoy sidecar now exits when it crashes. This change makes it easier to see whether or not the Envoy sidecar is healthy. - **Improved** Pilot to skip sending redundant configuration to Envoy when no changes are required. +- **Improved** headless services to avoid conflicts with different services on the same port. +- **Disabled** default [circuit breakers](/docs/tasks/traffic-management/circuit-breaking/). +- **Updated** the default regex engine to `re2`. Please see the [Upgrade Notes](/news/2019/announcing-1.4/upgrade-notes) for details. ## Security diff --git a/content/en/news/2019/announcing-1.4/upgrade-notes/index.md b/content/en/news/2019/announcing-1.4/upgrade-notes/index.md index 660f2781bf..50e5947a2b 100644 --- a/content/en/news/2019/announcing-1.4/upgrade-notes/index.md +++ b/content/en/news/2019/announcing-1.4/upgrade-notes/index.md @@ -12,6 +12,8 @@ familiar with the use and operation of Istio 1.3. ## Traffic management +### HTTP services on port 443 + Services of type `http` are no longer allowed on port 443. This change was made to prevent protocol conflicts with external HTTPS services. If you depend on this behavior, there are a few options: @@ -22,6 +24,12 @@ If you depend on this behavior, there are a few options: See [Protocol Selection](/docs/ops/traffic-management/protocol-selection/) for more information about specifying the protocol of a port +### Regex Engine Changes + +To prevent excessive resource consumption from large regular expressions, Envoy has moved to a new regular expression engine based on [`re2`](https://github.com/google/re2). Previously, `std::regex` was used. These two engines may have slightly different syntax; in particular, the regex fields are now limited to 100 bytes. + +If you depend on specific behavior of the old regex engine, you can opt out of this change by adding the environment variable `PILOT_ENABLE_UNSAFE_REGEX=true` to the Pilot deployment. Note: this will be removed in future releases. + ## Configuration management We introduced OpenAPI v3 schemas in the Kubernetes [Custom Resource Definitions (CRD)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/#customresourcedefinitions) of Istio resources. The schemas describe the Istio resources and help ensure the Istio resources you create and modify are structurally correct.