Announcing Istio 1.10.2
Istio 1.10.2 patch release.
This release fixes the security vulnerabilities described in our June 24th post, ISTIO-SECURITY-2021-007 as well as a few minor bug fixes to improve robustness. This release note describes what’s different between Istio 1.10.1 and 1.10.2.
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
Download and install this release.
Visit the documentation for this release.
Inspect the full set of source code changes.
Istio contains a remotely exploitable vulnerability where credentials specified in the
credentialNamefield can be accessed from different namespaces. See the ISTIO-SECURITY-2021-007 bulletin for more details.
- CVSS Score: 9.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Fixed an issue where IPv6 iptables rules were incorrect when the
traffic.sidecar.istio.io/includeOutboundPortsannotation was used. (Issue #30868)
Fixed a bug where secret files were not watched after being removed and then added back. (Issue #33293)
Fixed an issue causing Envoy Filters that merged the
transport_socketfield and had a custom transport socket name to be ignored.