Announcing Istio 1.11.6
Istio 1.11.6 patch release.
This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.11.5 and Istio 1.11.6
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
DOWNLOAD
Download and install this release.
DOCS
Visit the documentation for this release.
SOURCE CHANGES
Inspect the full set of source code changes.
Changes
Added privileged flag to Istio-CNI Helm charts to set
securityContextflag. (Issue #34211)Added an option to disable a number of nonstandard kubeconfig authentication methods when using multicluster secret by configuring the
PILOT_INSECURE_MULTICLUSTER_KUBECONFIG_OPTIONSenvironment variable in Istiod. By default, this option is configured to allow all methods; future versions will restrict this by default.Fixed an issue where enabling tracing with telemetry API would cause a malformed host header being used at the trace report request. (Issue #35750),(Issue #36166),(Issue #36521)
Fixed error format after json marshal in virtual machine config. (Issue #36358)
Fixed endpoint slice cache memory leak.
Fixed an issue where
EnvoyFilterpatches onvirtualOutbound-blackholecould cause memory leaks.Fixed an issue where using
ISTIO_MUTUALTLS mode in Gateways while also settingcredentialNamecauses mutual TLS to not be configured. For backwards compatibility, this only introduces a warning. To enable the new behavior, set thePILOT_ENABLE_LEGACY_ISTIO_MUTUAL_CREDENTIAL_NAME=falseenvironment variable in Istiod. This will cause invalid configurations to be rejected, and will be the default behavior in future releases.