Announcing Istio 1.10.2
Istio 1.10.2 patch release.
This release fixes the security vulnerabilities described in our June 24th post, ISTIO-SECURITY-2021-007 as well as a few minor bug fixes to improve robustness. This release note describes what’s different between Istio 1.10.1 and 1.10.2.
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
DOWNLOAD
Download and install this release.
DOCS
Visit the documentation for this release.
SOURCE CHANGES
Inspect the full set of source code changes.
Security update
- CVE-2021-34824:
Istio contains a remotely exploitable vulnerability where credentials specified in the
Gateway
andDestinationRule
credentialName
field can be accessed from different namespaces. See the ISTIO-SECURITY-2021-007 bulletin for more details.- CVSS Score: 9.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Changes
Fixed an issue where IPv6 iptables rules were incorrect when the
traffic.sidecar.istio.io/includeOutboundPorts
annotation was used. (Issue #30868)Fixed a bug where secret files were not watched after being removed and then added back. (Issue #33293)
Fixed an issue causing Envoy Filters that merged the
transport_socket
field and had a custom transport socket name to be ignored.