Icon Istio 1.0.6

This release includes security vulnerability fixes and improvements to robustness. This release note describes what's different between Istio 1.0.5 and Istio 1.0.6.

Security vulnerability fixes

  • Updated Go requests and urllib3 libraries in Bookinfo sample code per CVE-2018-18074 and CVE-2018-20060.
  • Fixed username and password being exposed in Grafana and Kiali (Issue 7446, Issue 7447).
  • Removed in-memory service registry in Pilot. This allowed adding endpoints to proxy configurations from within the cluster through a Pilot debug API.

Robustness improvements

  • Fixed Pilot failing to push configuration under load (Issue 10360).
  • Fixed a race condition that would lead Pilot to crash and restart (Issue 10868).
  • Fixed a memory leak in Pilot (Issue 10822).
  • Fixed a memory leak in Mixer (Issue 10393).