Istio 1.0.6

This release includes security vulnerability fixes and improvements to robustness. This release note describes what's different between Istio 1.0.5 and Istio 1.0.6.

DOWNLOAD 1.0.6 CHANGES IN 1.0.6

Security vulnerability fixes

Updated Go requests and urllib3 libraries in Bookinfo sample code per CVE-2018-18074 and CVE-2018-20060.
Fixed username and password being exposed in Grafana and Kiali (Issue 7446, Issue 7447).
Removed in-memory service registry in Pilot. This allowed adding endpoints to proxy configurations from within the cluster through a Pilot debug API.

Robustness improvements

Fixed Pilot failing to push configuration under load (Issue 10360).
Fixed a race condition that would lead Pilot to crash and restart (Issue 10868).
Fixed a memory leak in Pilot (Issue 10822).
Fixed a memory leak in Mixer (Issue 10393).