Announcing Istio 1.6.8

This release fixes the security vulnerability described in our August 11th, 2020 news post.

This release contains bug fixes to improve robustness. These release notes describe what’s different between Istio 1.6.7 and Istio 1.6.8.

{{< relnote >}}

Security update

• CVE-2020-16844: Callers to TCP services that have a defined Authorization Policies with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields will never be denied access.
  • CVSS Score: 6.8 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N