Announcing Istio 1.17.5
Istio 1.17.5 patch release.
This release fixes the security vulnerabilities described in our July 25th post, ISTIO-SECURITY-2023-003.
This release note describes what’s different between Istio 1.17.4 and 1.17.5.
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
DOWNLOAD
Download and install this release.
DOCS
Visit the documentation for this release.
SOURCE CHANGES
Inspect the full set of source code changes.
Security update
- CVE-2023-35941: (CVSS Score 8.6, High): OAuth2 credentials exploit with permanent validity.
- CVE-2023-35942: (CVSS Score 6.5, Moderate): gRPC access log crash caused by the listener draining.
- CVE-2023-35943: (CVSS Score 6.3, Moderate): CORS filter segfault when origin header is removed.
- CVE-2023-35944: (CVSS Score 8.2, High): Incorrect handling of HTTP requests and responses with mixed case schemes in Envoy.