Announcing Istio 1.5.4
Istio 1.5.4 security release.
This release fixes the security vulnerability described in our May 12th, 2020 news post.
This release note describes what’s different between Istio 1.5.4 and Istio 1.5.3.
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
DOWNLOAD
Download and install this release.
DOCS
Visit the documentation for this release.
SOURCE CHANGES
Inspect the full set of source code changes.
Security update
- ISTIO-SECURITY-2020-005 Denial of Service with Telemetry V2 enabled.
CVE-2020-10739: By sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar.