Announcing Istio 1.5.9

This release fixes the security vulnerability described in our August 11th, 2020 news post.

These release notes describe what's different between Istio 1.5.8 and Istio 1.5.9.

{{< relnote >}}

Security update

• CVE-2020-16844: Callers to TCP services that have a defined Authorization Policies with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields will never be denied access.
  • CVSS Score: 6.8 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N