Announcing Istio 1.5.4

This release fixes the security vulnerability described in our May 12th, 2020 news post.

This release note describes what's different between Istio 1.5.4 and Istio 1.5.3.

{{< relnote >}}

Security update

• ISTIO-SECURITY-2020-005 Denial of Service with Telemetry V2 enabled.

CVE-2020-10739: By sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar.