Announcing Istio 1.30.2

This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.30.1 and 1.30.2.

Changes

• Improved logging when a Gateway API CRD installed in the cluster is below the minimum version required by this Istio version. The message is now logged at warn level and explains that resources of that kind will not be processed until the CRDs are upgraded. Previously, this was logged at info level and easy to miss, which made TLS passthrough breakage after upgrading to 1.30 with stale CRDs hard to diagnose.

• Added trustDomains and notTrustDomains fields to the Source in AuthorizationPolicy, allowing users to match or exclude requests based on the trust domain derived from the peer certificate.

• Added a new environment variable PILOT_AGENT_MERGE_ENVOY_STATS to control whether pilot-agent merges Envoy stats into its stats endpoint. Set to false to disable merging Envoy stats with agent stats.

• Fixed a brief traffic outage when changing the istio.io/rev label on a Kubernetes Gateway (or ListenerSet). The previously-owning control plane no longer drops the resource and pushes empty xDS config to gateway pods that are still running on the old revision. Status writes for non-owning revisions are still suppressed, so revisions do not flap on each other’s status. (Issue #59959)

• Fixed duplicate and excessive pushes when using WasmPlugin resources due to TrafficExtension conversions.

• Fixed an issue where an ambient-enrolled pod could be left out of the host health-probe ipset following a node or kubelet restart, causing kubelet probes to be redirected to ztunnel and rejected until the istio-cni node agent restarted. On startup the node agent could evict still-enrolled pods from the ipset when their IP was not yet observable, and it now re-asserts probe ipset membership for enrolled pods during reconciliation.

• Fixed config generation for sidecars prior to 1.29.2.

• Fixed a memory leak in the krt controller framework where changing the key used in a Fetch filter (for example, relabeling a pod to point to a different waypoint) left stale reverse-index entries that were never cleaned up. Over time this could grow memory usage and cause unnecessary recomputations.

• Fixed an issue where pilot-agent metric merging produced incorrect results when Envoy reported metrics using the protobuf content type. pilot-agent could not handle the protobuf content type correctly, so allowed content types are now restricted to text/plain and application/openmetrics-text only. (Issue #60322)

Security update

For more information, see ISTIO-SECURITY-2026-005.

Envoy CVEs

• GHSA-p7c7-7c47-pwch: (CVSS score 7.5): Fixed a denial-of-service vulnerability in the HTTP/3 stack via QPACK blocked decoding. When a QPACK header block was blocked waiting for dynamic table updates, the HEADERS payload bytes were released from QUIC receive-flow-control accounting while still retained in an internal decoder heap buffer, allowing a remote attacker to drive unbounded memory growth and trigger an out-of-memory condition.
• CVE-2026-47692: (CVSS score 4.8): Fixed a bug where passthrough TLVs combined with added TLVs could exceed the maximum length, resulting in a mismatch between the size reported in the header and the number of bytes written. This could allow a smuggled request from the host writing the PROXY protocol header to the upstream host.
• CVE-2026-47207: (CVSS score 6.5): Fixed a bug where the ext_proc server sends unexpected ProcessingResponses to Envoy.
• CVE-2026-47205: (CVSS score 5.9): Fixed a use-after-free crash in the ext_authz filter when per-route service overrides are active and the downstream connection resets during an in-flight authorization check.
• CVE-2026-47220: (CVSS score 7.5): Fixed a crash bug in the %REQUESTED_SERVER_NAME% formatter where the host or original host is not set correctly but the formatter is configured to access the host value.
• CVE-2026-47221: (CVSS score 5.9): Fixed an issue when handling HTTP 303 internal redirects for body-less requests. The redirect handling code attempted to drain a request body buffer that was never allocated, causing a segmentation fault.
• CVE-2026-48044: (CVSS score 7.5): Fixed a memory exhaustion vulnerability in the Zstd decompressor where the MaxInflateRatio limit was only checked after each input slice was fully processed, allowing a maliciously crafted compressed payload to expand to hundreds of MB within a single process() call. The inflate ratio limit is now enforced inside the inner decompression loop, matching the gzip and brotli decompressors and aborting decompression as soon as the threshold is breached.
• CVE-2026-48090: (CVSS score 5.9): Fixed a bug where the asynchronous token change callback could be triggered after the filter had been torn down (onDestroy() had been called), which could lead to accessing dangling pointers and result in UAF/crash.
• CVE-2026-47778: (CVSS score 4.4): Fixed an issue where Envoy could fail to validate the Subject Alternative Name (SAN) of a peer certificate if the SAN contained an embedded NUL byte. Previously, the SAN parsing was vulnerable to NUL byte truncation in some configurations, potentially leading to incorrect trust decisions.
• CVE-2026-47204: (CVSS score 6.5): Fixed a crash or use-after-free when gRPC stats filter performs stat tracking on a direct response route.
• CVE-2026-48497: (CVSS score 5.9): Fixed sanity checking of the query name length to avoid abnormal process termination. Use ENVOY_BUG in case the sanity check fails.
• CVE-2026-48706: (CVSS score 5.9): Fixed a TcpStatsdSink buffer overflow issue with a large stats name.
• CVE-2026-48743: (CVSS score 7.5): Fixed HTTP/3 headers-only request and response content-length validation and reset stream if inconsistent. The change is guarded by runtime guard envoy.reloadable_features.quic_validate_headers_only_content_length.
• CVE-2026-47775: (CVSS score 6.8): Addressed a padding oracle in the OAuth2 filter’s AES-256-CBC cookie decryption. The filter now supports AES-256-GCM encryption with a gcm. algorithm marker, which authenticates the ciphertext and removes the oracle.
• CVE-2026-48042: (CVSS score 7.5): Limited JSON nesting depth to 1000. The limit could be relaxed to 10K by setting the envoy.reloadable_features.limit_json_parser_nesting_depth to false.