.. _version_history_1.32.0:

1.32.0 (Pending)
=================





Minor behavior changes
----------------------

*Changes that may cause incompatibilities for some users, but should not for most*



* **lua**: When Lua script executes httpCall, backpressure is exercised when receiving body from downstream client. This behavior can be reverted
  by setting the runtime guard ``envoy.reloadable_features.lua_flow_control_while_http_call`` to false.
* **tcp**: Added support for :ref:`connection_pool_per_downstream_connection
  <envoy_v3_api_field_config.cluster.v3.Cluster.connection_pool_per_downstream_connection>` flag in tcp connection pool.



Bug fixes
---------

*Changes expected to improve the state of the world and are unlikely to have negative effects*



* **dns**: The DNS filter no longer returns FORMERR if a message has an ID of 0.
* **ext_authz**: Fixed fail-open behaviour of the :ref:`failure_mode_allow config option
  <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.failure_mode_allow>`
  when a grpc external authz server is used.
  The behaviour can be enabled by ``envoy_reloadable_features_process_ext_authz_grpc_error_codes_as_errors``.
* **quic**: Fixes access log formatter %CONNECTION_ID% for QUIC connections.



Removed config or runtime
-------------------------

*Normally occurs at the end of the* :ref:`deprecation period <deprecated>`



* **DNS**: Removed ``envoy.reloadable_features.dns_cache_set_first_resolve_complete`` runtime flag and legacy code paths.
* **ext_proc**: Removed runtime flag ``envoy_reloadable_features_immediate_response_use_filter_mutation_rule`` and legacy code
  path.
* **ext_proc**: Removed runtime flag ``envoy_reloadable_features_send_header_raw_value`` and legacy code path.
* **grpc reverse bridge**: Removed ``envoy.reloadable_features.grpc_http1_reverse_bridge_change_http_status`` runtime flag
  and legacy code paths.
* **grpc reverse bridge**: Removed ``envoy.reloadable_features.grpc_http1_reverse_bridge_handle_empty_response`` runtime
  flag and legacy code paths.
* **http**: Removed runtime flag ``envoy.reloadable_features.abort_filter_chain_on_stream_reset`` and legacy
  code path.
* **http**: Removed runtime flag ``envoy.reloadable_features.no_downgrade_to_canonical_name`` and legacy code
  path.
* **stateful_session**: Removed ``envoy.reloadable_features.stateful_session_encode_ttl_in_cookie`` runtime flag and legacy code paths.
* **tls**: Removed runtime flag ``envoy.reloadable_features.ssl_transport_failure_reason_format``.
* **upstream**: Removed runtime flag ``envoy.reloadable_features.avoid_zombie_streams`` and legacy code paths.



New features
------------


* **access_log**: added %UPSTREAM_CLUSTER_RAW% access log formatter to log the original upstream cluster name, regadless of whether
  ``alt_stat_name`` is set.
* **ext_authz**: Added config field
  :ref:`filter_metadata <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.filter_metadata>`
  for injecting arbitrary data to the filter state for logging.
* **sockets**: Added socket ``type`` field for specifying a socket type to apply the socket option to under :ref:`SocketOption
  <envoy_v3_api_msg_config.core.v3.SocketOption>`. If not specified, the socket option will be applied to all socket
  types.
* **tls**: Added :ref:`prefer_client_ciphers
  <envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.prefer_client_ciphers>`
  to support enabling client cipher preference instead of server's for TLS handshakes.
* **tls**: Added an extension point :ref:`custom_tls_certificate_selector
  <envoy_v3_api_field_extensions.transport_sockets.tls.v3.CommonTlsContext.custom_tls_certificate_selector>`
  to allow overriding TLS certificate selection behavior.
  An extension can select certificate base on the incoming SNI, in both sync and async mode.