Announcing Istio 1.27.7
Istio 1.27.7 patch release.
This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.27.6 and 1.27.7.
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
DOWNLOAD
Download and install this release.
DOCS
Visit the documentation for this release.
SOURCE CHANGES
Inspect the full set of source code changes.
Security update
- CVE-2025-61732 (CVSS score 8.6, High): A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.
- CVE-2025-68121 (CVSS score 4.8, Moderate): A flaw in
crypto/tlssession resumption allows resumed handshakes to succeed when they should fail if ClientCAs or RootCAs are mutated between the initial and resumed handshake. This can occur when usingConfig.Clonewith mutations orConfig.GetConfigForClient. As a result, clients may resume sessions with unintended servers, and servers may resume sessions with unintended clients.
Changes
There are no other changes introduced in this release outside of the above mentioned security updates.