Announcing Istio 1.4.4
Istio 1.4.4 patch release.
This release includes bug fixes to improve robustness and user experience as well as a fix for the security vulnerability described in our February 11th, 2020 news post. This release note describes what’s different between Istio 1.4.3 and Istio 1.4.4.
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
Download and install this release.
Visit the documentation for this release.
Inspect the full set of source code changes.
- ISTIO-SECURITY-2020-001 An improper input validation has been discovered in
CVE-2020-8595: A bug in Istio’s Authentication Policy exact path matching logic allows unauthorized access to resources without a valid JWT token.
- Fixed Debian packaging of
iptablesscripts (Issue 19615).
- Fixed an issue where Pilot generated a wrong Envoy configuration when the same port was used more than once (Issue 19935).
- Fixed an issue where running multiple instances of Pilot could lead to a crash (Issue 20047).
- Fixed a potential flood of configuration pushes from Pilot to Envoy when scaling the deployment to zero (Issue 17957).
- Fixed an issue where Mixer could not fetch the correct information from the request/response when pod contains a dot in its name (Issue 20028).
- Fixed an issue where Pilot sometimes would not send a correct pod configuration to Envoy (Issue 19025).
- Fixed an issue where sidecar injector with SDS enabled was overwriting pod
securityContextsection, instead of just patching it (Issue 20409).