Announcing Istio 1.7.4

Patch Release

 October 27, 2020 |  2 minute read  

This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.7.3 and Istio 1.7.4

BEFORE YOU UPGRADE

Things to know and prepare before upgrading.

DOWNLOAD

Download and install this release.

DOCS

Visit the documentation for this release.

SOURCE CHANGES

Inspect the full set of source code changes.

Changes

  • Improved TLS configuration on sidecar server-side inbound paths to enforce TLS 2.0 version along with recommended cipher suites. This is disabled by default and can enabled by setting the environment variable PILOT_SIDECAR_ENABLE_INBOUND_TLS_V2 to true.

  • Added ability to configure domain suffix for multicluster installation. (Issue #27300)

  • Added istioctl proxy-status and other commands will attempt to contact the control plane using both port-forwarding and exec before giving up, restoring functionality on clusters that do not offer port-forwarding to the control plane. (Issue #27421)

  • Added support for securityContext in the Kubernetes settings for the operator API. (Issue #26275)

  • Added support for revision based istiod to istioctl version. (Issue #27756)

  • Fixed deleting the remote-secret for multicluster installation removes remote endpoints.

  • Fixed an issue that Istiod’s cacert.pem is under the testdata directory. (Issue #27574)

  • Fixed PodDisruptionBudget of istio-egressgateway does not match any pods. (Issue #27730)

  • Fixed an issue preventing calls to wildcard (such as *.example.com) domains when a port is set in the Host header.

  • Fixed an issue periodically causing a deadlock in Pilot’s syncz debug endpoint.

  • Removed deprecated outboundTrafficPolicy from global values. (Issue #27494)

Was this information useful?
Do you have any suggestions for improvement?

Thanks for your feedback!