Announcing Istio 1.14.5
Istio 1.14.5 patch release.
This release contains a fix for CVE-2022-39278 and bug fixes to improve robustness. This release note describes what is different between Istio 1.14.4 and Istio 1.14.5.
FYI, This release includes security fixes in Go 1.18.7 (released 2022-10-04) for the
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
Download and install this release.
Visit the documentation for this release.
Inspect the full set of source code changes.
ServiceEntryhost names can cause non-deterministic Envoy routes. (Issue #38678)
kube-injectcrashes when the pod annotation
Fixed an issue where the user can not delete the Istio Operator resource with revision if istiod is not running. (Issue #40796)
Fixed an issue that the default
idleTimeoutfor the passthrough cluster was changed to
0sin 1.14.0, disabling the timeout. Restored the previous behavior to using Envoy’s default value of 1 hour. (Issue #41114)
Fixed a bug where the return dynamically generated by
jwkswas not base64 encoded, causing Envoy to fail to parse it.
Fixed an issue where adding a
ServiceEntrycould affect an existing
ServiceEntrywith the same host name. (Issue #40166)
Fixed an issue where a root namespace
Sidecarconfig would be ignored.
Fixed the gateway API integration to not fail when the
v1alpha2version is removed.