Announcing Istio 1.4.4
Patch Release
This release includes bug fixes to improve robustness and user experience as well as a fix for the security vulnerability described in our February 11th, 2020 news post. This release note describes what’s different between Istio 1.4.3 and Istio 1.4.4.
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
DOWNLOAD
Download and install this release.
DOCS
Visit the documentation for this release.
SOURCE CHANGES
Inspect the full set of source code changes.
Security update
- ISTIO-SECURITY-2020-001 An improper input validation has been discovered in
AuthenticationPolicy
.
CVE-2020-8595: A bug in Istio’s Authentication Policy exact path matching logic allows unauthorized access to resources without a valid JWT token.
Bug fixes
- Fixed Debian packaging of
iptables
scripts (Issue 19615). - Fixed an issue where Pilot generated a wrong Envoy configuration when the same port was used more than once (Issue 19935).
- Fixed an issue where running multiple instances of Pilot could lead to a crash (Issue 20047).
- Fixed a potential flood of configuration pushes from Pilot to Envoy when scaling the deployment to zero (Issue 17957).
- Fixed an issue where Mixer could not fetch the correct information from the request/response when pod contains a dot in its name (Issue 20028).
- Fixed an issue where Pilot sometimes would not send a correct pod configuration to Envoy (Issue 19025).
- Fixed an issue where sidecar injector with SDS enabled was overwriting pod
securityContext
section, instead of just patching it (Issue 20409).