Announcing Envoy Gateway v1.4

We are thrilled to announce the arrival of Envoy Gateway v1.4.0.

This release represents a significant achievement, and we extend our heartfelt gratitude to the entire Envoy Gateway community for their contributions, dedication, and support. Your collaborative efforts have been instrumental in reaching this pivotal release.

Thank you for being an integral part of this journey. We are excited to see how Envoy Gateway v1.4.0 will empower your operations and look forward to continuing our work together to drive the future of Cloud Native API Gateway.

What’s New

Envoy Gateway v1.4.0 introduces powerful new features across traffic management, observability, security, extensibility, and infrastructure — along with key stability improvements.

🚨 Breaking Changes

• Envoy Readiness Port: A dedicated listener port (19003) is now used for Envoy proxy readiness.
• Access Log Format: The default access log now uses the Envoy JSON formatter instead of the plain text formatter.
• xDS Snapshot Behavior: Envoy Gateway now skips xDS snapshot updates if errors occur during xDS translation.
• Extension Manager Behavior:
  • With failOpen: true, translation errors are logged and suppressed.
  • With failOpen: false, xDS updates are skipped for affected resources (no longer replaced).

✨ New Features

API & Traffic Management Enhancements

• Dynamic backend routing via the new DynamicResolver type based on request hostnames.
• Support for zone-aware routing.
• Percentage-based request mirroring support.
• New circuit breaker support for per-host thresholds.
• Request buffering using the Envoy Buffer filter.
• Support for merge-type configuration in BackendTrafficPolicy.
• Enhanced support for request retry configuration with Extension Services.
• Support for Shared Global RateLimiting buckets.
• Support distinct match support for Local Ratelimiting.

Security Enhancements

• SecurityPolicy now supports forwarding authenticated usernames to backends via configurable headers in Basic Auth.
• Support for local JWKS sources (inline or via ConfigMap) to validate JWT tokens.
• Support for injecting credentials from Kubernetes Secrets into request headers via HTTPRouteFilter.
• Support for HTTP method and header-based authorization via SecurityPolicy.

Observability & Tracing

• Added RequestID header configuration via ClientTrafficPolicy.
• OpenTelemetry sink improvements for JSON formatting.
• Per-route tracing configuration in BackendTrafficPolicy.
• Backend API support for Telemetry Backends

Infra

• Helm chart improvements:
  • HorizontalPodAutoscaler support for Envoy Gateway.
  • Global imageRegistry and imagePullSecrets configuration.
  • Helm config for TrafficDistribution field.
• Added support for CRD installation via gateway-crds-helm chart.
• Option to run infrastructure Envoy proxies in the Gateway namespace (experimental).
• Support for maxUnavailable in PodDisruptionBudget.

Extensibility

• Support for Lua-based EnvoyExtensionPolicy.
• Support for Extension Server in standalone mode.
• Retry support for Extension Service hooks.
• Support for FullDuplexedStreamed mode in External Processor filter.

🐞 Bug Fixes

• Traffic splitting now works correctly when filters are attached to backendRef.
• Fixed handling and validation of headers, OpenTelemetry fields, and duplicated API keys.
• Stats compressor and overload manager behavior corrected.
• Correct precedence in HTTPRoute header and query matching.
• Fixed behavior of TLS inspector filters for UDP/QUIC.
• Corrected retryOn behavior for BackendTrafficPolicy.
• Avoid HTTP/2 Connection Coalescing scenarios.

🚀 Performance Improvements

• Added cache for Wasm OCI image permission checks and pulled secrets asynchronously.

🛑 Deprecations

• The PreserveXRequestID field in ClientTrafficPolicy.Spec.Headers is deprecated. Use the new RequestID field instead.

📌 Other Notable Changes

• Updated to use gateway-api v1.3.0.

We encourage users to upgrade to v1.4.0 and explore these improvements. For full details, see the Release Notes and updated Documentation.