Announcing Istio 1.11.6
Istio 1.11.6 patch release.
This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.11.5 and Istio 1.11.6
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
Download and install this release.
Visit the documentation for this release.
Inspect the full set of source code changes.
Added privileged flag to Istio-CNI Helm charts to set
securityContextflag. (Issue #34211)
Added an option to disable a number of nonstandard kubeconfig authentication methods when using multicluster secret by configuring the
PILOT_INSECURE_MULTICLUSTER_KUBECONFIG_OPTIONSenvironment variable in Istiod. By default, this option is configured to allow all methods; future versions will restrict this by default.
Fixed an issue where enabling tracing with telemetry API would cause a malformed host header being used at the trace report request. (Issue #35750),(Issue #36166),(Issue #36521)
Fixed error format after json marshal in virtual machine config. (Issue #36358)
Fixed endpoint slice cache memory leak.
Fixed an issue where
virtualOutbound-blackholecould cause memory leaks.
Fixed an issue where using
ISTIO_MUTUALTLS mode in Gateways while also setting
credentialNamecauses mutual TLS to not be configured. For backwards compatibility, this only introduces a warning. To enable the new behavior, set the
PILOT_ENABLE_LEGACY_ISTIO_MUTUAL_CREDENTIAL_NAME=trueenvironment variable in Istiod. This will cause invalid configurations to be rejected, and will be the default behavior in future releases.