Announcing Istio 1.2.4

Istio 1.2.4 patch release.

Aug 13, 2019

We’re pleased to announce the availability of Istio 1.2.4. Please see below for what’s changed.

Security update

This release contains fixes for the security vulnerabilities described in ISTIO-SECURITY-2019-003] ISTIO-SECURITY-2019-004. Specifically:

ISTIO-SECURITY-2019-003: An Envoy user reported publicly an issue (c.f. Envoy Issue 7728) about regular expressions matching that crashes Envoy with very large URIs.

ISTIO-SECURITY-2019-004: Envoy, and subsequently Istio are vulnerable to a series of trivial HTTP/2-based DoS attacks:

Nothing else is included in this release except for the above security fixes.