Announcing Istio 1.3.7

Istio 1.3.7 patch release.

Feb 4, 2020

This release includes bug fixes to improve robustness. This release note describes what’s different between Istio 1.3.6 and Istio 1.3.7.

Bug fixes

Minor enhancements

Security update

CVE-2020-8843: Under certain circumstances it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to source equal to ingress. Istio 1.3 to 1.3.6 is vulnerable.