New Features
- Adds lambda option to persist original request info that otherwise is lost. Defaults to false to avoid leaking potentially sensitive info. Similar to envoy's x-forwarded-for header and may be desirable to be false when envoy is in a mesh deployment. Implemented here to allow for usage of original request path in access logs. (#5560)
- Adds parse_callback_path_as_regex to the OidcAuthorizationCodeConfig. When enabled, the enterprise extauth service will parse a callback path as a regular expression. (#5059)
Fixes
- Add new sts refresh timer in addition to filewatch. The extra overhead is countered by the fact that file events sometimes seem to be lost. The new behavior is only applied if the refresh time is set and should mitigate instances of stale credentials. (#5253)