Istio 1.0.6
This release includes security vulnerability fixes and improvements to robustness. This release note describes what's different between Istio 1.0.5 and Istio 1.0.6.
Security vulnerability fixes
- Updated Go
requests
andurllib3
libraries in Bookinfo sample code perCVE-2018-18074
andCVE-2018-20060
. - Fixed username and password being exposed in
Grafana
andKiali
(Issue 7446, Issue 7447). - Removed in-memory service registry in Pilot. This allowed adding endpoints to proxy configurations from within the cluster through a Pilot debug API.
Robustness improvements
- Fixed Pilot failing to push configuration under load (Issue 10360).
- Fixed a race condition that would lead Pilot to crash and restart (Issue 10868).
- Fixed a memory leak in Pilot (Issue 10822).
- Fixed a memory leak in Mixer (Issue 10393).