ContextQMD
Back to Istio Io

Announcing Istio 1.27.7

content/en/news/releases/1.27.x/announcing-1.27.7/index.md

latest989 B
Original Source

This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.27.6 and 1.27.7.

{{< relnote >}}

Security update

  • CVE-2025-61732 (CVSS score 8.6, High): A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.
  • CVE-2025-68121 (CVSS score 4.8, Moderate): A flaw in crypto/tls session resumption allows resumed handshakes to succeed when they should fail if ClientCAs or RootCAs are mutated between the initial and resumed handshake. This can occur when using Config.Clone with mutations or Config.GetConfigForClient. As a result, clients may resume sessions with unintended servers, and servers may resume sessions with unintended clients.

Changes

There are no other changes introduced in this release outside of the above mentioned security updates.