Announcing Istio 1.10.2

Istio 1.10.2 patch release.

Jun 24, 2021

This release fixes the security vulnerabilities described in our June 24th post, ISTIO-SECURITY-2021-007 as well as a few minor bug fixes to improve robustness. This release note describes what’s different between Istio 1.10.1 and 1.10.2.

BEFORE YOU UPGRADE

Things to know and prepare before upgrading.

DOWNLOAD

Download and install this release.

DOCS

Visit the documentation for this release.

SOURCE CHANGES

Inspect the full set of source code changes.

Security update

CVE-2021-34824: Istio contains a remotely exploitable vulnerability where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces. See the ISTIO-SECURITY-2021-007 bulletin for more details.
- CVSS Score: 9.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Changes

Fixed an issue where IPv6 iptables rules were incorrect when the traffic.sidecar.istio.io/includeOutboundPorts annotation was used. (Issue #30868)
Fixed a bug where secret files were not watched after being removed and then added back. (Issue #33293)
Fixed an issue causing Envoy Filters that merged the transport_socket field and had a custom transport socket name to be ignored.