Announcing Istio 1.5.5
Istio 1.5.5 security release.
This release fixes the security vulnerability described in our June 11th, 2020 news post.
This release note describes what’s different between Istio 1.5.5 and Istio 1.5.4.
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
Download and install this release.
Visit the documentation for this release.
Inspect the full set of source code changes.
- ISTIO-SECURITY-2020-006 Excessive CPU usage when processing HTTP/2 SETTINGS frames with too many parameters, potentially leading to a denial of service.
CVE-2020-11080: By sending a specially crafted packet, an attacker could cause the CPU to spike at 100%. This could be sent to the ingress gateway or a sidecar.