Announcing Istio 1.9.6

Istio 1.9.6 patch release.

Jun 24, 2021

This release fixes the security vulnerabilities described in our June 24th post, ISTIO-SECURITY-2021-007 as well as a few minor bug fixes to improve robustness. This release note describes what’s different between Istio 1.9.5 and Istio 1.9.6.

BEFORE YOU UPGRADE

Things to know and prepare before upgrading.

DOWNLOAD

Download and install this release.

DOCS

Visit the documentation for this release.

SOURCE CHANGES

Inspect the full set of source code changes.

Security update

CVE-2021-34824: Istio contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces. See the ISTIO-SECURITY-2021-007 bulletin for more details.
- CVSS Score: 9.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Changes

Fixed an issue where IPv6 iptables rules were incorrect when the traffic.sidecar.istio.io/includeOutboundPorts annotation was used. (Issue #30868)
Fixed an issue causing Envoy Filters that merge the transport_socket field and have a custom transport socket name to be ignored.