Ambassador Edge Stack Release Notes

We have backported patches from the Envoy 1.19.5 security update to Ambassador Edge Stack's 1.17-based Envoy, addressing CVE-2022-29224 and CVE-2022-29225. Ambassador Edge Stack is not affected by CVE-2022-29226, CVE-2022-29227, or CVE-2022-29228; as it does not support internal redirects, and does not use Envoy's built-in OAuth2 filter.

Upgraded Envoy to address security vulnerabilities CVE-2021-43824, CVE-2021-43825, CVE-2021-43826, CVE-2022-21654, and CVE-2022-21655.

You can now set respect_dns_ttl in Ambassador Mappings. When true it configures that upstream's refresh rate to be set to resource record’s TTL

You can now set dns_type in Ambassador Mappings to use Envoy's logical_dns resolution instead of the default strict_dns.

You can now set buffer_limit_bytes in the ambassador Module to to change the size of the upstream read and write buffers. The default is 1MiB.

You can now set preserve_servers in Ambassador Edge Stack's DevPortal resource to configure the DevPortal to use server definitions from the OpenAPI document when displaying connection information for services in the DevPortal.

Upgraded envoy to 1.17.4 to address security vulnerabilities

Upgraded Envoy from 1.15 to 1.17, see the Envoy changelog for more information

You can now set allow_chunked_length in the Ambassador Module to configure the same value in Envoy

The default Envoy API version has changed from V2 to V3, as V2 has fallen out of support, and has been removed as of Envoy 1.18.0.

Logs now include subsecond time resolutions, rather than just seconds.

Fixed a regression when specifying a comma separated string for cors.origins on the Mapping resource. ([#3609](https://github.com/emissary-ingress/emissary/issues/3609))

Envoy-configuration snapshots get saved (as ambex-#.json) in /ambassador/snapshots. The number of snapshots is controlled by the AMBASSADOR_AMBEX_SNAPSHOT_COUNT environment variable; set it to 0 to disable. The default is 30.

Set AMBASSADOR_AMBEX_NO_RATELIMIT to true to completely disable ratelimiting Envoy reconfiguration under memory pressure. This can help performance with the endpoint or Consul resolvers, but could make OOMkills more likely with large configurations. The default is false, meaning that the rate limiter is active.

The Mapping resource can now specify docs.timeout_ms to set the timeout when the Dev Portal is fetching API specifications.

The Dev Portal will now strip HTML tags when displaying search results, showing just the actual content of the search result.

Consul certificate-rotation logging now includes the fingerprints and validity timestamps of certificates being rotated.

Fixed a bug which caused Ambassador Edge Stack to generate invalid Envoy configuration when two TCPMappings were configured with the same port, but different hosts.

Fixed a bug that occasionally caused missing version information for a service in the Ambassador Service Catalog, especially in clusters with high pod churn.

Ambassador Agent now reports the state of ArgoCD configurations and Deployments in order to provide proper configurations to the users while setting up the Argo Rollouts feature.

An AMBASSADOR_JSON_LOGGING environment variable has been added. When set to true JSON format will be used for most of the control plane logs. Some (but few) logs from gunicorn and the Kubernetes client-go package will still be in text only format.

The TCPMapping has the ability to specify a resolver, however the ConsulResolver did not work properly with it. It now utilizes the Consul Connect service discovery instead of falling back to attempting to register an arbitrary endpoint.

The internal memory usage calculation that Ambassador Edge Stack performs has been updated to exclude cache memory. This now matches how the kernel OOMKiller calculates memory and should avoid situations where Envoy updates are throttled unnecessarily.

Ambassador Edge Stack has been updated to Envoy 1.15.5, which addresses a high severity security vulnerability (CVE-2021-29492). Ambassador Edge Stack can now be configured to reject client requests that contain escaped slashes.