Announcing Istio 1.5.5

Patch Release

This release fixes the security vulnerability described in our June 11th, 2020 news post.

This release note describes what’s different between Istio 1.5.5 and Istio 1.5.4.

Security update

  • ISTIO-SECURITY-2020-006 Excessive CPU usage when processing HTTP/2 SETTINGS frames with too many parameters, potentially leading to a denial of service.

CVE-2020-11080: By sending a specially crafted packet, an attacker could cause the CPU to spike at 100%. This could be sent to the ingress gateway or a sidecar.

Was this information useful?
Do you have any suggestions for improvement?

Thanks for your feedback!