Log in Get started

Back to Istio Io

Announcing Istio 1.5.8

content/en/news/releases/1.5.x/announcing-1.5.8/index.md

latest1.2 KB

Original Source

This release fixes the security vulnerability described in our July 9th, 2020 news post.

These release notes describe what's different between Istio 1.5.8 and Istio 1.5.7.

{{< relnote >}}

Security update

CVE-2020-15104: When validating TLS certificates, Envoy incorrectly allows wildcards in DNS Subject Alternative Name (SAN) to apply to multiple subdomains. For example, with a SAN of *.example.com, Envoy incorrectly allows nested.subdomain.example.com, when it should only allow subdomain.example.com.
- CVSS Score: 6.6 AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N/E:F/RL:O/RC:C

Changes

Allowed setting status.sidecar.istio.io/port to zero (Issue 24722)
Improved istioctl validate to disallow unknown fields not included in the Open API specification (Issue 24860)
Fixed a bug in Mixer where it would incorrectly return source names when it did lookup by IP.