Release Notes

Artifacts

Grey Matter v1.2 artifacts are now available. Artifacts can be found in the staging repositories:

Server versions (if changed from 1.2.1):

Server versions (if changed from 1.2.0):

JWT-Security filter cache now respects token expiration and internally limits the max cache size
Sidecar now supports FIPS-compliant builds
Sidecar base build updated to Envoy 1.13.3
JWT Security Service (Gov) uses RFC3339 for logging
JWT Security Service (Gov) allows omitting JWT_AAC_SERVER_CN
greymatter CLI import-zone now properly works with the output of export-zone
greymatter deep delete and list summary format works for all objects
Dashboard paginates routes on instance views and can disable routes tabs entirely
Dashboard misc bug fixes and browser support
SLO service Alpine binary no longer throws segmentation fault in Alpine

Server versions:

Allow setting Envoy HTTP filters
Allow setting Envoy Network filters
Allow setting Network and HTTP filters on Grey Matter Listener object
Allow setting all Envoy cluster load balancing policies (excepting deprecated options)
Control server now has a simple healthcheck endpoint
Sidecar environment variables now support tracing with Zipkin/Jaeger
Sidecar can now disable or restrict Sidecar admin endpoint
Sidecar filters now support per-route metadata and configurations
Sidecar environment variables can now setup Envoy Redis and TCP network filter static resources
New gm.oidc-authentication filter
New gm.oidc-validation filter
New gm.ensure-variables filter
New gm.jwt-security filter

Sidecar base Envoy build updated to 1.13.1
gm.inheaders filter will now return 403 if certificates are not present
Update trace defaults to v2 APIs
Data server will now error early if it can't write to the intended storage medium
Data server: improved documentation, CLI messages, and server logs

Control EDS resolution of instances now properly causes an update to be sent to the Sidecar
Change internal protocol selection to USE_DOWNSTREM_PROTOCOL to fully support HTTP2
Control server no longer overwrites defined static resources for the data plane
Set better default health checks to prevent rejection by Envoy
Retry Policies can now be turned off by setting num_retries to 0
Listeners now properly always use the set IP rather than defaulting to 0.0.0.0
Fixed nil pointer reference in some configurations of listener
Allow not setting validation certs in Cluster SSLConfig and Domain SSLConfig
Sidecar Observables TLS and mTLS support now working properly
Sidecar Observables kafka connection logic now properly terminates
Sidecar Observables are now proper JSON when outputting to files
Sidecar filters no longer dropping T and ST in USER_DN fields (PKI)
Removed frame when outputting observables to file that created invalid JSON

#3482 The Catalog API requires that cluster name be unique, if you have two services with the same name and version values. Failure to do so will lead to a mismatch in the Sense Dashboard and you will not see one of the services. If the versions are unique then you can use the same name value.
#761 The proxy requires a route to be configured on the domain/listener in order for observables to be enabled.
#65 The Grey Matter Control variable GM_CONTROL_STATS_BACKENDS is ineffectual and does not output stats to prometheus.
#305 Grey Matter control domain object redirects can't perform port rewrites.

Last updated 4 years ago

Was this helpful?