Istio 1.0.6

This release includes security vulnerability fixes and improvements to robustness. This release note describes what’s different between Istio 1.0.5 and Istio 1.0.6.

Security vulnerability fixes

  • Updated Go requests and urllib3 libraries in Bookinfo sample code per CVE-2018-18074 and CVE-2018-20060.
  • Fixed username and password being exposed in Grafana and Kiali (Issue 7446, Issue 7447). If you have trouble to start the Grafana pod after upgrade to 1.0.6, please follow the steps to create the secrete first.
  • Removed in-memory service registry in Pilot. This allowed adding endpoints to proxy configurations from within the cluster through a Pilot debug API.

Robustness improvements

  • Fixed Pilot failing to push configuration under load (Issue 10360).
  • Fixed a race condition that would lead Pilot to crash and restart (Issue 10868).
  • Fixed a memory leak in Pilot (Issue 10822).
  • Fixed a memory leak in Mixer (Issue 10393).