Announcing Istio 1.24.6
Istio 1.24.6 patch release.
This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.24.5 and Istio 1.24.6.
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
DOWNLOAD
Download and install this release.
DOCS
Visit the documentation for this release.
SOURCE CHANGES
Inspect the full set of source code changes.
Security Updates
- CVE-2025-46821 (CVSS Score 5.3, Medium): Bypass of RBAC
uri_templatepermission.
If you use ** within an AuthorizationPolicy’s path field, it is recommended you upgrade to Istio 1.24.6.
Changes
Fixed an issue where validation webhook incorrectly reported a warning when a
ServiceEntryconfiguredworkloadSelectorwith DNS resolution. (Issue #50164)Removed the restriction where revision tag only worked when
istiodRemotewas not enabled in the istiod helm chart. Revision tags now work as long as therevisionTagsis specified without regard to whetheristiodRemoteis enabled or not. (Issue #54743)