content/en/news/releases/1.20.x/announcing-1.20.1/index.md
This release implements the security updates described in our Dec 12th post, ISTIO-SECURITY-2023-005 along with bug fixes to improve robustness.
This release note describes what’s different between Istio 1.20.0 and 1.20.1.
{{< relnote >}}
Fixed an issue where the webhook generated by istioctl tag set was unexpectedly being removed by the installer.
(Issue #47423)
Fixed an issue where the istioctl tag list command did not accept the --output flag.
(Issue #47696)
Fixed an issue where custom injection of the istio-proxy container was not working on OpenShift, due to how
OpenShift sets the pod's SecurityContext.RunAs field.
Fixed an issue where VirtualService HTTP header present match was not working when header-name: {} was set.
(Issue #47341)
Fixed multi-cluster leader election not being able to prioritize local over remote leaders. (Issue #47901)
Fixed a memory leak when hostNetwork pods scaled up and down.
(Issue #47893)
Fixed a memory leak when WorkloadEntries changed their IP address.
(Issue #47893)
Fixed a memory leak when a ServiceEntry was removed.
(Issue #47893)
Improved istioctl bug-report performance by reducing the number of calls to the Kubernetes API. The included
pod/node details in the report remain comprehensive but will be presented differently.
Removed the --rps-limit flag for istioctl bug-report and added the --rq-concurrency flag.
This change enables the bug reporter to limit request concurrency rather than the request rate to the Kubernetes API.
ISTIO-SECURITY-2023-005.