Announcing Istio 1.6.3

Patch Release

This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.6.2 and Istio 1.6.3.

Changes

  • Fixed an issue preventing the operator from recreating watched resources if they are deleted (Issue 23238).
  • Fixed an issue where Istio crashed with the message: proto.Message is *client.QuotaSpecBinding, not *client.QuotaSpecBinding(Issue 24624).
  • Fixed an issue preventing operator reconciliation due to improper labels on watched resources (Issue 23603).
  • Added support for the k8s.v1.cni.cncf.io/networks annotation (Issue 24425).
  • Updated the SidecarInjectionSpec CRD to read the imagePullSecret from .Values.global (Pull 24365).
  • Updated split horizon to skip gateways that resolve hostnames.
  • Fixed istioctl experimental metrics to only flag error response codes as errors (Issue 24322)
  • Updated istioctl analyze to sort output formats.
  • Updated gateways to use proxyMetadata
  • Updated the Prometheus sidecar to use proxyMetadata(Issue 24415).
  • Removed invalid configuration from PodSecurityContext when gateway.runAsRoot is enabled (Issue 24469).

Grafana addon security fixes

We’ve updated the version of Grafana shipped with Istio from 6.5.2 to 6.7.4. This addresses a Grafana security issue, rated high, that can allow access to internal cluster resources using the Grafana avatar feature. (CVE-2020-13379)

Was this information useful?
Do you have any suggestions for improvement?

Thanks for your feedback!