Announcing Istio 1.3.8

Patch Release

 February 11, 2020

This release contains a fix for the security vulnerability described in our February 11th, 2020 news post. This release note describes what’s different between Istio 1.3.7 and Istio 1.3.8.

BEFORE YOU UPGRADE

Things to know and prepare before upgrading.

DOWNLOAD

Download and install this release.

DOCS

Visit the documentation for this release.

SOURCE CHANGES

Inspect the full set of source code changes.

Security update

  • ISTIO-SECURITY-2020-001 Improper input validation have been discovered in AuthenticationPolicy.

CVE-2020-8595: A bug in Istio’s Authentication Policy exact path matching logic allows unauthorized access to resources without a valid JWT token.

Was this information useful?
Do you have any suggestions for improvement?

Thanks for your feedback!