Announcing Istio 1.6.2

Patch Release

 June 11, 2020

This release fixes the security vulnerability described in our June 11th, 2020 news post.

This release note describes what’s different between Istio 1.6.2 and Istio 1.6.1.

BEFORE YOU UPGRADE

Things to know and prepare before upgrading.

DOWNLOAD

Download and install this release.

DOCS

Visit the documentation for this release.

SOURCE CHANGES

Inspect the full set of source code changes.

Security update

  • ISTIO-SECURITY-2020-006 Excessive CPU usage when processing HTTP/2 SETTINGS frames with too many parameters, potentially leading to a denial of service.

CVE-2020-11080: By sending a specially crafted packet, an attacker could cause the CPU to spike at 100%. This could be sent to the ingress gateway or a sidecar.

Was this information useful?
Do you have any suggestions for improvement?

Thanks for your feedback!