Announcing Istio 1.9.6
Istio 1.9.6 patch release.
This release fixes the security vulnerabilities described in our June 24th post, ISTIO-SECURITY-2021-007 as well as a few minor bug fixes to improve robustness. This release note describes what’s different between Istio 1.9.5 and Istio 1.9.6.
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
Download and install this release.
Visit the documentation for this release.
Inspect the full set of source code changes.
Istio contains a remotely exploitable vulnerability where credentials specified in the
credentialNamefield can be accessed from different namespaces. See the ISTIO-SECURITY-2021-007 bulletin for more details.
- CVSS Score: 9.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Fixed an issue where IPv6 iptables rules were incorrect when the
traffic.sidecar.istio.io/includeOutboundPortsannotation was used. (Issue #30868)
Fixed an issue causing Envoy Filters that merge the
transport_socketfield and have a custom transport socket name to be ignored.