Announcing Istio 1.6.3
Patch Release
This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.6.2 and Istio 1.6.3.
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
DOWNLOAD
Download and install this release.
DOCS
Visit the documentation for this release.
SOURCE CHANGES
Inspect the full set of source code changes.
Changes
- Fixed an issue preventing the operator from recreating watched resources if they are deleted (Issue 23238).
- Fixed an issue where Istio crashed with the message:
proto.Message is *client.QuotaSpecBinding, not *client.QuotaSpecBinding
(Issue 24624). - Fixed an issue preventing operator reconciliation due to improper labels on watched resources (Issue 23603).
- Added support for the
k8s.v1.cni.cncf.io/networks
annotation (Issue 24425). - Updated the
SidecarInjectionSpec
CRD to read theimagePullSecret
from.Values.global
(Pull 24365). - Updated split horizon to skip gateways that resolve hostnames.
- Fixed
istioctl experimental metrics
to only flag error response codes as errors (Issue 24322) - Updated
istioctl analyze
to sort output formats. - Updated gateways to use
proxyMetadata
- Updated the Prometheus sidecar to use
proxyMetadata
(Issue 24415). - Removed invalid configuration from
PodSecurityContext
whengateway.runAsRoot
is enabled (Issue 24469).
Grafana addon security fixes
We’ve updated the version of Grafana shipped with Istio from 6.5.2 to 6.7.4. This addresses a Grafana security issue, rated high, that can allow access to internal cluster resources using the Grafana avatar feature. (CVE-2020-13379)