Announcing Istio 1.17.5
Istio 1.17.5 patch release.
This release fixes the security vulnerabilities described in our July 25th post, ISTIO-SECURITY-2023-003.
This release note describes what’s different between Istio 1.17.4 and 1.17.5.
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
Download and install this release.
Visit the documentation for this release.
Inspect the full set of source code changes.
- CVE-2023-35941: (CVSS Score 8.6, High): OAuth2 credentials exploit with permanent validity.
- CVE-2023-35942: (CVSS Score 6.5, Moderate): gRPC access log crash caused by the listener draining.
- CVE-2023-35943: (CVSS Score 6.3, Moderate): CORS filter segfault when origin header is removed.
- CVE-2023-35944: (CVSS Score 8.2, High): Incorrect handling of HTTP requests and responses with mixed case schemes in Envoy.