RATATOSKRATATOSK
ログイン

リリース

CNCF graduated・incubatingプロジェクトのリリースノートのAI分析。

プロジェクト: Istio解除 ×

Istio

Networking & Messaging2026年7月1日

Istio 1.28.10は単一のバグ修正を含むルーティンパッチです。krtコントローラフレームワークで、Fetchフィルターのキー変更時に古い逆引きインデックスエントリが残り続けるメモリリークを修正しました。

主な変更 (1)
  • krtコントローラでFetchフィルターのキーが変更された際(例: Podを別のウェイポイントに付け替えた場合)、逆引きインデックスの古いエントリが残り続けていたメモリリークを修正。放置するとメモリ使用量の増加と不要な再計算が生じていた
原文

Istio

Networking & Messaging2026年6月25日

Istio 1.28.9 is a security release bundling 14 Envoy CVE fixes under ISTIO-SECURITY-2026-005, with the most severe issues covering HTTP/3 DoS, decompressor memory exhaustion, and JSON parsing depth limits.

主な変更 (8)
  • 14 Envoy CVEs fixed under ISTIO-SECURITY-2026-005, max severity HIGH
  • HIGH: HTTP/3 QPACK blocked decoding DoS (GHSA-p7c7-7c47-pwch)
  • HIGH: Zstd decompressor memory exhaustion from delayed MaxInflateRatio check (CVE-2026-48044)
  • HIGH: JSON parser nesting depth now capped at 1000 by default, configurable via envoy.reloadable_features.limit_json_parser_nesting_depth (CVE-2026-48042)
  • HIGH: HTTP/3 headers-only content-length validation fix, guarded by envoy.reloadable_features.quic_validate_headers_only_content_length (CVE-2026-48743)
  • Multiple MEDIUM fixes: ext_authz use-after-free on connection reset, gRPC stats filter crash on direct response routes, SAN validation bypass with embedded NUL byte, OAuth2 filter padding oracle in AES-256-CBC cookie decryption (now supports AES-256-GCM)
  • Additional MEDIUM fixes: TLV length mismatch, ext_proc unexpected response handling, HTTP 303 internal redirect issue, DNS query name length check, TcpStatsdSink buffer overflow, token callback after filter teardown
  • Plus general bug fixes improving robustness alongside the security patches
原文

Istio

Networking & Messaging2026年6月25日

Istio 1.29.5 is a security release fixing 14 Envoy CVEs under ISTIO-SECURITY-2026-005, with several rated HIGH (DoS, crash, use-after-free). It also repairs a gateway revision-label traffic outage, an ambient ipset health-probe gap, a krt memory leak, and a multicluster controller panic.

  • security14 Envoy CVEs fixed (max severity HIGH) — ISTIO-SECURITY-2026-005

    All 14 Envoy CVEs under ISTIO-SECURITY-2026-005 are fixed in 1.29.5. The highest-severity issues include an HTTP/3 QPACK decoding DoS (GHSA-p7C7-7c47-pwch), a compressed-payload inflation bypass of MaxInflateRatio (CVE-2026-48044), a %REQUESTED_SERVER_NAME% formatter crash (CVE-2026-47220), a QUIC content-length validation issue guarded by envoy.reloadable_features.quic_validate_headers_only_content_length (CVE-2026-48743), and a PROXY protocol TLV length mismatch (CVE-2026-47692). Upgrade all 1.29.x deployments to 1.29.5.

  • securityOAuth2 filter padding oracle in AES-256-CBC cookie decryption (CVE-2026-47775)

    Operators using the OAuth2 filter with AES-256-CBC cookie encryption should upgrade immediately. The filter now supports AES-256-GCM with a gcm. algorithm marker; plan migration away from AES-256-CBC after upgrading.

  • securityext_authz use-after-free with per-route service overrides (CVE-2026-47205)

    Clusters using ext_authz with per-route service overrides are exposed to a use-after-free crash when a downstream connection resets during an in-flight authorization check (CVE-2026-47205). Upgrade to 1.29.5 to eliminate the crash window.

  • breakingJSON nesting depth limit reduced to 1000 (CVE-2026-48042)

    JSON parser nesting depth is now capped at 1000 by default (down from 10000). If any Envoy configuration relies on deeper nesting, the old limit can be restored temporarily by setting the runtime flag envoy.reloadable_features.limit_json_parser_nesting_depth to false, but plan to eliminate deep nesting.

主な変更 (7)
  • 14 Envoy CVEs addressed under ISTIO-SECURITY-2026-005 (max HIGH); notable issues: HTTP/3 QPACK DoS (GHSA-p7c7-7c47-pwch), compressed-payload inflation bypass (CVE-2026-48044), REQUESTED_SERVER_NAME formatter crash (CVE-2026-47220), PROXY protocol TLV length mismatch (CVE-2026-47692), and QUIC header validation (CVE-2026-48743)
  • OAuth2 filter padding oracle fixed (CVE-2026-47775); AES-256-GCM now supported as replacement for AES-256-CBC cookie encryption
  • JSON parser nesting depth defaulted to 1000 (was 10000); runtime flag envoy.reloadable_features.limit_json_parser_nesting_depth=false restores the old limit (CVE-2026-48042)
  • ext_authz use-after-free with per-route service overrides fixed (CVE-2026-47205); plus ext_proc unexpected response and gRPC stats UAF/crash fixes
  • Fixed a traffic outage when changing the istio.io/rev label on a Kubernetes Gateway or ListenerSet — the previously-owning control plane no longer pushes empty xDS config to running gateway pods
  • Fixed ambient-enrolled pods being left out of the host health-probe ipset after a node or kubelet restart, causing kubelet probes to be rejected by ztunnel
  • Fixed a krt memory leak from stale reverse-index entries when a pod is relabeled to a different waypoint, plus a multicluster secret controller panic on rapid kubeconfig secret updates and a sidecar config generation regression pre-1.29.2
原文

Istio

Networking & Messaging2026年6月25日

Istio 1.30.2 is a security-plus-bugfix patch release, its main content is fixes for 14 Envoy CVEs (one high-severity HTTP/3 DoS via QPACK, others medium to high) under ISTIO-SECURITY-2026-005, alongside operator-relevant changes to pilot-agent metric merging and new AuthorizationPolicy trust-domain fields.

  • security14 Envoy CVEs fixed under ISTIO-SECURITY-2026-005, several high severity

    Applies to all 1.30.x deployments. Fixed a DoS in the HTTP/3 stack via QPACK blocked decoding, plus a JSON parser change limiting nesting depth to 1000 (previously the 10K fallback is reachable only if envoy.reloadable_features.limit_json_parser_nesting_depth is set to false) and a headers-only content-length validation fix gated by envoy.reloadable_features.quic_validate_headers_only_content_length. Upgrade to 1.30.2.

  • securityMultiple use-after-free and crash fixes across ext_authz, ext_proc, gRPC stats, and OAuth2 filters

    Applies when ext_authz per-route service overrides are active and a downstream connection resets mid-authorization-check (CVE-2026-47205), or when ext_proc/gRPC stats/OAuth2 filters are in use. Upgrade to close use-after-free and padding-oracle issues; the OAuth2 filter now also supports AES-256-GCM cookie encryption via a gcm. marker.

  • breakingpilot-agent metric merging now rejects protobuf content type

    Applies to deployments using pilot-agent metric merging (PILOT_AGENT_MERGE_ENVOY_STATS). Allowed content types are now restricted to text/plain and application/openmetrics-text; protobuf-based scraping of merged metrics will break. Check scrape configs before upgrading.

  • enhancementAuthorizationPolicy gains trust-domain matching

    Applies to AuthorizationPolicy authors who want mTLS trust-domain-based access control. New trustDomains and notTrustDomains fields on Source let policies match or exclude requests by the trust domain in the peer certificate.

主な変更 (8)
  • ISTIO-SECURITY-2026-005 bundles fixes for 14 Envoy CVEs (max severity high); most notable are the HTTP/3 QPACK blocked-decoding DoS (GHSA-p7c7-7c47-pwch), the Zstd decompressor memory exhaustion (CVE-2026-48044), the %REQUESTED_SERVER_NAME% formatter crash (CVE-2026-47220), and the JSON nesting depth limit of 1000 (CVE-2026-48042)
  • Use-after-free/crash fixes land in ext_authz (per-route overrides during connection reset), ext_proc, gRPC stats filter, and the async token callback path
  • OAuth2 filter closes a padding oracle in AES-256-CBC cookie decryption and adds AES-256-GCM support
  • pilot-agent metric merging now restricts allowed content types to text/plain and application/openmetrics-text, dropping protobuf support; a new PILOT_AGENT_MERGE_ENVOY_STATS env var controls the merge behavior
  • AuthorizationPolicy Source gains trustDomains and notTrustDomains fields for trust-domain-based request matching
  • Fixed a brief traffic outage on istio.io/rev label changes for Kubernetes Gateway/ListenerSet, and duplicate/excessive xDS pushes from WasmPlugin-to-TrafficExtension conversions
  • Ambient mode: fixed pods dropping out of the host health-probe ipset after node/kubelet restart, which had caused kubelet probes to be rejected by ztunnel
  • Plus several smaller fixes: warn-level logging for outdated Gateway API CRDs, sidecar config generation for pre-1.29.2, and a krt controller memory leak from stale reverse-index entries
原文

Istio

Networking & Messaging2026年6月5日

Istio 1.29.4 patches a high-severity DoS CVE in Envoy plus six bug fixes, including a critical ambient mode traffic routing bug that could silently send traffic to unhealthy endpoints cluster-wide.

  • securityPatch CVE-2026-47774 immediately — unauthenticated HTTP/2 DoS

    CVE-2026-47774 lets any unauthenticated attacker exhaust Envoy's memory via crafted HTTP/2 requests. Cookie header bytes aren't fully counted in header size validation, and HPACK limits apply only to encoded bytes — not decoded totals. If you're on 1.29.x, upgrade to 1.29.4 now. This is exploitable from outside the mesh wherever Envoy terminates HTTP/2, including ingress gateways.

  • breakingAmbient mode users: audit Services using publishNotReadyAddresses + traffic distribution

    If any Service in your ambient mesh combines publishNotReadyAddresses:true with PreferSameZone or PreferSameNode traffic distribution, every other Service sharing that traffic-distribution preset was receiving healthPolicy:AllowAll — meaning traffic could route to not-ready endpoints across the entire cluster. After upgrading to 1.29.4, verify endpoint health policies are correct. Check ztunnel logs for unexpected AllowAll entries before and after the upgrade to confirm the fix took effect.

  • enhancementCNI on older kernels: nftables fallback now automatic

    Hosts running an nft binary compiled without JSON support were causing the CNI agent to log errors and retry indefinitely on every pod removal — a silent drain on the agent's reliability. The new startup check detects this and switches to iptables automatically. No action needed for most users, but if you've been seeing 'JSON support not compiled-in' errors in CNI agent logs, this fix resolves the root cause.

主な変更 (5)
  • CVE-2026-47774 (CVSS 7.5): Envoy memory exhaustion via crafted HTTP/2 requests exploiting cookie header accounting gaps and HPACK decoded-size limits
  • Ambient mode bug fix: a single Service with publishNotReadyAddresses:true + traffic distribution preset was poisoning healthPolicy for all other Services sharing that preset
  • CNI agent now detects nft binary JSON support at startup and falls back to iptables backend instead of retrying indefinitely on every pod removal
  • Fixed concurrent map writes panic in istio-cni when two pods joined ambient mesh simultaneously on the same node
  • HTTPS listeners via ListenerSet now correctly deliver TLS certificates when the parent Gateway uses manual deployment
原文

Istio

Networking & Messaging2026年6月5日

Istio 1.28.8 patches a high-severity DoS CVE in Envoy's HTTP/2 memory handling, plus three bug fixes covering TLS delivery, route filter status reporting, and a nasty ambient mode health policy contamination bug.

  • securityPatch CVE-2026-47774 immediately if you expose HTTP/2 endpoints

    An unauthenticated attacker can crash your Envoy sidecars by sending specially crafted HTTP/2 requests that bypass header size validation — cookie bytes aren't counted properly, and HPACK limits apply only to encoded size, not decoded. Any cluster accepting external or untrusted HTTP/2 traffic is at risk. Upgrade to 1.28.8 now. If you can't upgrade immediately, consider adding Envoy-level request header size limits or WAF rules to filter malformed HTTP/2 frames as a temporary measure.

  • breakingAudit ambient mode clusters using publishNotReadyAddresses with zonal traffic distribution

    If you run ambient mode and any Service sets publishNotReadyAddresses:true alongside PreferSameZone or PreferSameNode, you've likely been routing traffic to not-ready endpoints across your entire cluster — not just for that Service, but for every Service sharing the same traffic-distribution preset. This is a silent data-plane correctness bug. After upgrading, verify endpoint health behavior across affected Services and check whether any downstream systems received traffic from unhealthy pods during the window this was active.

  • enhancementFix for silent route filter drops enables reliable config debugging

    Previously, HTTPRoute or GRPCRoute filters with invalid header values would vanish from Envoy config without any status signal — making it nearly impossible to diagnose why traffic wasn't behaving as expected. Now Istio reports an invalid filter status, which surfaces in the Gateway API resource status. After upgrading, re-check any routes you may have debugged by guesswork; the explicit status message will clarify whether a header filter was rejected.

主な変更 (4)
  • CVE-2026-47774 (CVSS 7.5): Unauthenticated attackers can exhaust Envoy memory via crafted HTTP/2 requests exploiting gaps in cookie header accounting and HPACK decoded size limits
  • HTTPS listeners on ListenerSet with manual Gateway deployment now correctly deliver TLS certificates
  • HTTPRoute/GRPCRoute filters with invalid header values now report an invalid filter status instead of silently disappearing from Envoy config
  • Critical ambient mode fix: a Service with publishNotReadyAddresses:true plus PreferSameZone/PreferSameNode no longer poisons healthPolicy for all other Services sharing the same traffic-distribution preset
原文

Istio

Networking & Messaging2026年6月5日

Istio 1.30.1 patches a high-severity DoS CVE in Envoy's HTTP/2 handling plus fixes 13 bugs including a CNI agent panic, a traffic distribution poison bug, and a consistent hash load balancing regression.

  • securityPatch CVE-2026-47774 immediately — unauthenticated HTTP/2 DoS

    An attacker can exhaust Envoy's memory using crafted HTTP/2 requests that exploit gaps in Cookie header accounting and HPACK decoded-size limits. No authentication required. If you're running any Istio 1.30.x version, upgrade to 1.30.1 now. Check whether your ingress gateways are exposed to untrusted traffic — those are the highest-risk surfaces.

  • breakingAmbient users with traffic distribution policies: audit Services immediately

    If you use ambient mode with any Service that sets publishNotReadyAddresses: true alongside PreferSameZone or PreferSameNode traffic distribution, the bug caused ztunnel to apply healthPolicy: AllowAll to OTHER unrelated Services sharing that preset. This means traffic has potentially been routed to not-ready endpoints across your cluster. After upgrading to 1.30.1, verify endpoint health state and check whether any unexpected traffic reached unready pods.

  • enhancementRun 'istioctl analyze' after upgrading to catch stale Gateway API CRDs

    Upgrading Istio without updating Gateway API CRDs was silently breaking TLS passthrough in 1.30.0 — istiod would filter resources without any visible error. The new IST0176 check surfaces this. After upgrading, run istioctl analyze and resolve any IST0176 findings before they cause silent routing failures in production.

主な変更 (5)
  • CVE-2026-47774 (CVSS 7.5): Envoy HTTP/2 memory exhaustion via crafted Cookie headers and HPACK decoding — patch immediately
  • Fatal CNI agent panic fixed: concurrent pod additions to ambient mesh on the same node triggered a map write race
  • Ambient mode traffic distribution bug: publishNotReadyAddresses + PreferSameZone/Node could corrupt healthPolicy for unrelated Services cluster-wide
  • New istioctl analyze check IST0176 detects stale Gateway API CRDs below Istio's minimum required version
  • nftables backend now falls back to iptables if the host's nft binary lacks JSON support, ending infinite retry loops on CNI pod removal
原文

Istio

Networking & Messaging2026年5月19日

Istio 1.30 ships experimental AI-focused agentgateway, ambient mode CIDR support, a new TrafficExtension API, and tightened debug endpoint auth that breaks existing setups.

  • breakingDebug endpoint auth is on by default — audit your tooling now

    Port 15010 XDS debug endpoints now enforce authentication with ENABLE_DEBUG_ENDPOINT_AUTH=true as the default. Any internal tooling, dashboards, or scripts hitting syncz or config_dump without credentials will start failing after upgrade. Before upgrading, inventory everything that talks to port 15010 and either add auth or explicitly allowlist namespaces via DEBUG_ENDPOINT_AUTH_ALLOWED_NAMESPACES.

  • breakingStart migrating off WasmPlugin to TrafficExtension API

    TrafficExtension is now the primary extensibility API, replacing WasmPlugin. WasmPlugin isn't being removed immediately, but new features will land in TrafficExtension first. If you run Wasm extensions in production, plan a migration window and test TrafficExtension parity before 1.31 hardens the deprecation.

  • enhancementUse CIDR ServiceEntry in ambient mode to simplify external IP routing

    Previously, ambient mode required enumerating individual IP endpoints in ServiceEntry. CIDR support means you can now cover entire subnets — useful for external databases, on-prem services, or shared infrastructure with dynamic IPs. If you've been maintaining large lists of individual endpoints, consolidate them now and reduce operational overhead.

主な変更 (5)
  • Experimental agentgateway: new Envoy-replacing data plane for AI/MCP traffic, enabled via PILOT_ENABLE_AGENTGATEWAY=true
  • Debug endpoints (syncz, config_dump) on port 15010 now require auth by default — ENABLE_DEBUG_ENDPOINT_AUTH=true is the new default
  • TrafficExtension API replaces WasmPlugin as the primary proxy extensibility mechanism for sidecars, gateways, and waypoints
  • Ambient mode gains CIDR support in ServiceEntry, optional XFCC synthesis at waypoints, and configurable HBONE window sizing
  • New sidecar-to-ambient migration guide published; migration is designed to be gradual and reversible
原文

Istio

Networking & Messaging2026年5月19日

Istio 1.29.3 patches two security vulnerabilities — an AuthorizationPolicy bypass and a cross-namespace XDS config leak — alongside a multicluster deadlock fix and AWS EKS ambient mesh probe fix.

  • securityAudit AuthorizationPolicy rules using suffix-match principals or namespace selectors — patch immediately

    Regex metacharacters (., [, etc.) in source.principals and source.namespaces were embedded into Envoy SafeRegex unescaped. This means a policy allowing 'spiffe://cluster.local/ns/foo/sa/bar.admin' could inadvertently also match 'spiffe://cluster.local/ns/foo/sa/barXadmin'. Any service with suffix-based wildcard principal matching is potentially affected. Upgrade to 1.29.3 and review policies where principals or namespace values contain dots, brackets, or other regex metacharacters.

  • securityRotate access controls on XDS debug endpoints — any authenticated workload could read cross-namespace configs

    The /debug/syncz and /debug/config_dump endpoints served by StatusGen had no namespace boundary enforcement. An authenticated workload in namespace A could enumerate and read Envoy configs of workloads in namespace B. If you run multi-tenant clusters or expose istiod debug endpoints, assume cross-namespace config data may have been accessible. Upgrade immediately and audit who has accessed these endpoints via your API server audit logs.

  • breakingMulti-cluster operators: the secret controller deadlock fix may change behavior during cluster updates

    The deadlock in the multicluster secret controller was triggered during remote cluster updates. If your control plane has been experiencing hangs or stalls in multi-cluster scenarios, this fix resolves the root cause — but test your cluster join/leave workflows after upgrading to confirm expected behavior is restored.

主な変更 (5)
  • Security fix: AuthorizationPolicy bypass via unescaped regex metacharacters in source.principals (suffix matches) and source.namespaces — legal Kubernetes names like 'foo.bar' could match unintended identities
  • Security fix: XDS debug endpoints (/debug/syncz, /debug/config_dump) now enforce same-namespace authorization — previously any authenticated workload could read config dumps across namespaces
  • Fixed deadlock in multicluster secret controller during remote cluster updates — critical for multi-cluster deployments
  • Fixed leaf certificate NotAfter time potentially exceeding the signing CA's expiration
  • AWS EKS ambient mesh fix: kubelet health probe failures for pods using Security Groups for Pods (branch ENI) resolved via new AMBIENT_ENABLE_AWS_BRANCH_ENI_PROBE flag (on by default)
原文

Istio

Networking & Messaging2026年5月19日

Istio 1.28.7 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Istio

Networking & Messaging2026年4月14日

Istio 1.29.2 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Istio

Networking & Messaging2026年4月14日

Istio 1.28.6 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Istio

Networking & Messaging2026年4月7日

Istio 1.27.9 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Istio

Networking & Messaging2026年3月11日

Istio 1.29.1 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Istio

Networking & Messaging2026年3月11日

Istio 1.28.5 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文

Istio

Networking & Messaging2026年3月11日

Istio 1.27.8 was released, but the published notes are too brief to summarize. See the original release notes for details.

原文