Announcing Istio 1.5.9

Patch Release

August 11, 2020

This release fixes the security vulnerability described in our August 11th, 2020 news post.

These release notes describe what’s different between Istio 1.5.8 and Istio 1.5.9.

Things to know and prepare before upgrading.

Download and install this release.

Visit the documentation for this release.

Inspect the full set of source code changes.

Security update

CVE-2020-16844: Callers to TCP services that have a defined Authorization Policies with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields will never be denied access.
- CVSS Score: 6.8 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Was this information useful?

Do you have any suggestions for improvement?

Thanks for your feedback!