Announcing Istio 1.16.6
Istio 1.16.6 patch release.
This release fixes the security vulnerabilities described in our July 14th post, ISTIO-SECURITY-2023-002.
This release note describes what’s different between Istio 1.16.5 and 1.16.6. There will be an additional security release made on or after July 25th, 2023 that will fix numerous security defects with the highest security defect considered high severity. For more information, please see the announcement.
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
Download and install this release.
Visit the documentation for this release.
Inspect the full set of source code changes.
- CVE-2023-35945: (CVSS Score 7.5, High):
HTTP/2 memory leak in
Added support for
PodDisruptionBudget(PDB) in the Gateway chart. (Issue #44469)
Fixed an issue where the certificate validity was not accurate for
istioctl proxy-config secretcommand.
Fixed CPU usage was abnormally high when the certificate specified by DestinationRule is invalid. (Issue #44986)
Fixed an issue where Istiod might crash when a cluster is deleted and xDS cache is disabled. (Issue #45798)
Fixed an issue where specifying multiple include conditions using
--includein a bug report didn’t work as expected. (Issue #45839)
Fixed an issue where disabling a log provider through Istio telemetry API would not work.
Fixed an issue where
Telemetrywould not be fully disabled unless
match.metric=ALL_METRICSwas explicitly specified; matching all metrics is now correctly considered as the default.