Announcing Istio 1.4.7

Istio 1.4.7 patch release.

Mar 25, 2020

This release contains fixes for the security vulnerabilities described in our March 25th, 2020 news post. This release note describes what’s different between Istio 1.4.6 and Istio 1.4.7.

Security Update

CVE-2020-1764: Istio uses a default signing key to install Kiali. This can allow an attacker with access to Kiali to bypass authentication and gain administrative privileges over Istio. In addition, another CVE is fixed in this release, described in the Kiali 1.15.1 release.