Istio 1.4.4 Released, authorization bypassing vulnerability is fixed

Editorial Staff

February 11, the development team of Istio, a service mesh platform, released the latest stable version “Istio 1.4.4”.

Istio is a service mesh platform for Kubernetes cluster.  It is equipped with features like service management and net connection management for microservice architecture.  It is an open-source project initiated by Google.  Version 1.0 was released in 2018.

Istio 1.4.4 is the latest point release of the “Istio 1.4,” released in November 2019.  Its main focus is on bug fixes.  Most notable is that the authorization-bypassing vulnerability (CVE-2020-8595), which had been occurring from Istio 1.3 until 1.4.3,  has been fixed.  If this vulnerability is exploited, it could allow unwanted intruder access the resource without a valid JWT token or permission.

Also, the compatibility with Google CA has been improved.  Error message by the analyzer when JWT-based Policies aren’t configured properly, is added.  It is overall more robust with improved user experience.   There are many bug fixes, for example the crash problem which occurred when running multiple Pilot instances has been fixed.

Istio
https://istio.io/