diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9c42a10f62..99809156c5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -85,37 +85,45 @@ it will be removed; but as it won't be user-visible this isn't considered a brea
## RELEASE NOTES
+## [3.9.1] November 17, 2023
+[3.9.1]: https://github.com/emissary-ingress/emissary/compare/v3.9.0...v3.9.1
+
+### Emissary-ingress and Ambassador Edge Stack
+
+- Bugfix: Previously, after reconfiguration, routes could briefly be misconfigured due to a shift in
+ the routes list. This has now been patched. Thanks to Joe
+ Andaverde for contributing this bugfix!
+
## [3.9.0] November 13, 2023
[3.9.0]: https://github.com/emissary-ingress/emissary/compare/v3.8.0...v3.9.0
### Emissary-ingress and Ambassador Edge Stack
- Feature: This upgrades Emissary-ingress to be built on Envoy v1.27.2 which provides security,
- performance and feature enhancements. You can read more about them here: Envoy Proxy
1.27.2 Release Notes
-- Feature: By default, Emissary-ingress will return an `UNAVAILABLE` code when a request using gRPC
+- Feature: By default, Emissary-ingress will return an `UNAVAILABLE` code when a request using gRPC
is rate limited. The `RateLimitService` resource now exposes a new
- `grpc.use_resource_exhausted_code` field that when set to `true`, Emissary-ingress will return a
- `RESOURCE_EXHAUSTED` gRPC code instead. Thanks to Jerome
+ `grpc.use_resource_exhausted_code` field that when set to `true`, Emissary-ingress will return a
+ `RESOURCE_EXHAUSTED` gRPC code instead. Thanks to Jerome
Froelich for contributing this feature!
- Feature: Envoy runtime fields that were provided to mitigate the recent HTTP/2 rapid reset
- vulnerability can now be configured via the Module resource so the configuration will persist
- between restarts. This configuration is added to the Envoy bootstrap config, so restarting
- Emissary is necessary after changing these fields for the configuration to take effect.
+ vulnerability can now be configured via the Module resource so the configuration will persist
+ between restarts. This configuration is added to the Envoy bootstrap config, so restarting
+ Emissary is necessary after changing these fields for the configuration to take effect.
- Change: APIExt would previously allow for TLS 1.0 connections. We have updated it to now only use
- a minimum TLS version of 1.3 to resolve security concerns.
+ a minimum TLS version of 1.3 to resolve security concerns.
- Change: - Update default image to Emissary-ingress v3.9.0.
- Bugfix: The APIExt server provides CRD conversion between the stored version v2 and the version
- watched for by Emissary-ingress v3alpha1. Since this component is required to operate
- Emissary-ingress, we have introduced an init container that will ensure it is available before
- starting. This will help address some of the intermittent issues seen during install and
- upgrades.
+ watched for by Emissary-ingress v3alpha1. Since this component is required to operate
+ Emissary-ingress, we have introduced an init container that will ensure it is available before
+ starting. This will help address some of the intermittent issues seen during install and upgrades.
## [3.8.0] August 29, 2023
[3.8.0]: https://github.com/emissary-ingress/emissary/compare/v3.7.2...v3.8.0
diff --git a/charts/emissary-ingress/CHANGELOG.md b/charts/emissary-ingress/CHANGELOG.md
index fef69795ca..01dcb6f0fc 100644
--- a/charts/emissary-ingress/CHANGELOG.md
+++ b/charts/emissary-ingress/CHANGELOG.md
@@ -2,6 +2,10 @@
This file documents all notable changes to Ambassador Helm Chart. The release
numbering uses [semantic versioning](http://semver.org).
+## v8.9.1
+- Upgrade Emissary to v3.9.1 [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md)
+- Fix: Route Shifting Bug
+
## v8.9.0
- Upgrade Emissary to v3.9.0 [CHANGELOG](https://github.com/emissary-ingress/emissary/blob/master/CHANGELOG.md)
diff --git a/docs/releaseNotes.yml b/docs/releaseNotes.yml
index f282681042..c5c6c4389e 100644
--- a/docs/releaseNotes.yml
+++ b/docs/releaseNotes.yml
@@ -32,6 +32,16 @@
changelog: https://github.com/emissary-ingress/emissary/blob/$branch$/CHANGELOG.md
items:
+ - version: 3.9.1
+ prevVersion: 3.9.0
+ date: '2023-11-17'
+ notes:
+ - title: Fix Route Shifting Bug
+ type: bugfix
+ body: >-
+ Previously, after reconfiguration, routes could briefly be misconfigured due to a shift in the routes list. This has now been patched.
+ Thanks to Joe Andaverde for contributing this bugfix!
+
- version: 3.9.0
prevVersion: 3.8.0
date: '2023-11-13'
@@ -39,34 +49,34 @@ items:
- title: Upgrade to Envoy 1.27.2
type: feature
body: >-
- This upgrades $productName$ to be built on Envoy v1.27.2 which provides security, performance
- and feature enhancements. You can read more about them here:
+ This upgrades $productName$ to be built on Envoy v1.27.2 which provides security, performance
+ and feature enhancements. You can read more about them here:
Envoy Proxy 1.27.2 Release Notes
docs: https://www.envoyproxy.io/docs/envoy/v1.27.2/version_history/version_history
- title: Added support for RESOURCE_EXHAUSTED responses to grpc clients when rate limited
type: feature
body: >-
- By default, $productName$ will return an UNAVAILABLE code when a request using gRPC
- is rate limited. The RateLimitService resource now exposes a new grpc.use_resource_exhausted_code
- field that when set to true, $productName$ will return a RESOURCE_EXHAUSTED gRPC code instead.
+ By default, $productName$ will return an UNAVAILABLE code when a request using gRPC
+ is rate limited. The RateLimitService resource now exposes a new grpc.use_resource_exhausted_code
+ field that when set to true, $productName$ will return a RESOURCE_EXHAUSTED gRPC code instead.
Thanks to Jerome Froelich for contributing this feature!
- title: Added support for setting specific Envoy runtime flags in the Module
type: feature
body: >-
- Envoy runtime fields that were provided to mitigate the recent HTTP/2 rapid reset vulnerability
- can now be configured via the Module resource so the configuration will persist between restarts.
- This configuration is added to the Envoy bootstrap config, so restarting Emissary is necessary after
+ Envoy runtime fields that were provided to mitigate the recent HTTP/2 rapid reset vulnerability
+ can now be configured via the Module resource so the configuration will persist between restarts.
+ This configuration is added to the Envoy bootstrap config, so restarting Emissary is necessary after
changing these fields for the configuration to take effect.
- title: Update APIExt minimum TLS version
type: change
body: >-
- APIExt would previously allow for TLS 1.0 connections. We have updated it to now only use a minimum
+ APIExt would previously allow for TLS 1.0 connections. We have updated it to now only use a minimum
TLS version of 1.3 to resolve security concerns.
docs: https://www.tenable.com/plugins/nessus/104743
-
+
- title: Shipped Helm chart v8.9.0
type: change
body: >-
@@ -76,9 +86,9 @@ items:
- title: Ensure APIExt server is available before starting Emissary-ingress
type: bugfix
body: >-
- The APIExt server provides CRD conversion between the stored version v2 and the version watched for
- by $productName$ v3alpha1. Since this component is required to operate $productName$, we have
- introduced an init container that will ensure it is available before starting. This will help address
+ The APIExt server provides CRD conversion between the stored version v2 and the version watched for
+ by $productName$ v3alpha1. Since this component is required to operate $productName$, we have
+ introduced an init container that will ensure it is available before starting. This will help address
some of the intermittent issues seen during install and upgrades.
docs: https://artifacthub.io/packages/helm/datawire/edge-stack/$emissaryChartVersion$