Announcing Istio 1.3.8

Patch Release

This release contains a fix for the security vulnerability described in our February 11th, 2020 news post. This release note describes what’s different between Istio 1.3.7 and Istio 1.3.8.

Security update

  • ISTIO-SECURITY-2020-001 Improper input validation have been discovered in AuthenticationPolicy.

CVE-2020-8595: A bug in Istio’s Authentication Policy exact path matching logic allows unauthorized access to resources without a valid JWT token.

Was this information useful?
Do you have any suggestions for improvement?

Thanks for your feedback!