days to Istio 1.5

Announcing Istio 1.2.7

Patch Release

We're pleased to announce the availability of Istio 1.2.7. Please see below for what's changed.

Security update

This release contains fixes for the security vulnerability described in our October 8th, 2019 news post. Specifically:

ISTIO-SECURITY-2019-005: A DoS vulnerability has been discovered by the Envoy community.

  • CVE-2019-15226: After investigation, the Istio team has found that this issue could be leveraged for a DoS attack in Istio if an attacker uses a high quantity of very small headers.

Bug fix

  • Fix a bug where nodeagent was failing to start when using citadel (Issue 15876)
Was this information useful?
Do you have any suggestions for improvement?

Thanks for your feedback!