Announcing Istio 1.7.3

Security Release

September 29, 2020

This release fixes the security vulnerability described in our September 29 post.

Things to know and prepare before upgrading.

Download and install this release.

Visit the documentation for this release.

Inspect the full set of source code changes.

Security update

CVE-2020-25017: In some cases, Envoy only considers the first value when multiple headers are present. Also, Envoy does not replace all existing occurrences of a non-inline header.
- CVSS Score: 8.3 AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Was this information useful?

Do you have any suggestions for improvement?

Thanks for your feedback!