Announcing Istio 1.5.8
This release fixes the security vulnerability described in our July 9th, 2020 news post.
These release notes describe what’s different between Istio 1.5.8 and Istio 1.5.7.
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
Download and install this release.
Visit the documentation for this release.
Inspect the full set of source code changes.
When validating TLS certificates, Envoy incorrectly allows wildcards in DNS Subject Alternative Name (SAN) to apply to multiple subdomains. For example, with a SAN of
*.example.com, Envoy incorrectly allows
nested.subdomain.example.com, when it should only allow
- CVSS Score: 6.6 AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N/E:F/RL:O/RC:C