Announcing Istio 1.7.4
Istio 1.7.4 patch release.
This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.7.3 and Istio 1.7.4
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
Download and install this release.
Visit the documentation for this release.
Inspect the full set of source code changes.
Improved TLS configuration on sidecar server-side inbound paths to enforce TLS 2.0 version along with recommended cipher suites. This is disabled by default and can enabled by setting the environment variable
Added ability to configure domain suffix for multicluster installation. (Issue #27300)
istioctl proxy-statusand other commands will attempt to contact the control plane using both port-forwarding and exec before giving up, restoring functionality on clusters that do not offer port-forwarding to the control plane. (Issue #27421)
Added support for
securityContextin the Kubernetes settings for the operator API. (Issue #26275)
Added support for revision based istiod to istioctl version. (Issue #27756)
Fixed deleting the remote-secret for multicluster installation removes remote endpoints.
Fixed an issue that Istiod’s
cacert.pemis under the
testdatadirectory. (Issue #27574)
istio-egressgatewaydoes not match any pods. (Issue #27730)
Fixed an issue preventing calls to wildcard (such as *.example.com) domains when a port is set in the Host header.
Fixed an issue periodically causing a deadlock in Pilot’s
outboundTrafficPolicyfrom global values. (Issue #27494)