Announcing Istio 1.3.5

Istio 1.3.5 patch release.

Nov 11, 2019

This release contains fixes for the security vulnerability described in our November 11, 2019 news post as well as bug fixes to improve robustness. This release note describes what’s different between Istio 1.3.4 and Istio 1.3.5.

Security update

CVE-2019-18817: An infinite loop can be triggered in Envoy if the option continue_on_listener_filters_timeout is set to True, which is the case in Istio. This vulnerability could be leveraged for a DoS attack. If you applied the mitigation mentioned in our November 11, 2019 news post, you can remove the mitigation once you upgrade to Istio 1.3.5 or newer.

Bug fixes

Minor enhancements