The Istio Security Committee wants to address a possible Man-in-the-Middle attack scenario in which a VirtualService can redirect or intercept traffic within the service mesh. It affects only namespace-based Multi-Tenant environments.

This attack allows an attacker with the VirtualService permission in one namespace to redirect traffic from any Pod in the Istio service mesh to an attacker-controlled service. The attack scenario abuses the ability to set arbitrary hostnames in the spec.hosts.[] field of the VirtualService resource when the mesh gateway is set. An attacker can intercept, redirect, and drop the traffic communicated between services. This affects traffic to other services in the mesh and to external services. However, the attacker cannot bypass the Authorization Policies or the mutual TLS authentication configured on the destination service.

Please note that the issues even extend beyond the cluster scope in a “single mesh with multiple clusters” deployment.

The Istio maintainers consider this issue to be expected behavior in Istio. Several of their resources, like VirtualService, DestinationRule, and ServiceEntry, modify traffic to a particular hostname across the mesh, and even though these resources are namespaced, they affect the mesh’s traffic patterns (within a given cluster). This is a purposeful user experience trade-off to avoid tedious admin controls for each hostname and namespace. In contrast to the newer Kubernetes Gateway API, these CRDs were created and effectively stabilized before namespace-based RBAC even made its way to Kubernetes, and changes would break existing functionality.

Therefore, operators running Istio in namespace-based multi-tenancy setups or operating a single mesh across multiple clusters should apply additional safeguards to maintain strong isolation. Without these controls, unintended cross-namespace traffic manipulation can occur at the data plane level.

The recommended mitigation is to migrate to the newer Gateway API in those setups. When such changes and restrictions aren’t feasible in legacy setups, further hardening and restrictions should be applied to reduce the impact of these weaknesses.

Further details about the issue and mitigation can be found in the blog post.

The Istio Security Committee would like to thank Sven Nobis and Lorin Lehawany from ERNW Enno Rey Netzwerke GmbH for disclosing this issue.

CVE

Envoy CVEs

• CVE-2026-26308: (CVSS score 7.5, High): Fixed RBAC header matcher to validate each header value individually instead of concatenating multiple header values into a single string. This prevents potential bypasses when requests contain multiple values for the same header.
• CVE-2026-26311: (CVSS score 5.9, Medium): Fixed an issue where filter chain execution could continue on HTTP streams that had been reset but not yet destroyed, potentially causing use-after-free conditions.
• CVE-2026-26310: (CVSS score 5.9, Medium): Fixed a crash in Utility::getAddressWithPort when called with a scoped IPv6 address (e.g., fe80::1%eth0).
• CVE-2026-26309: (CVSS score 5.3, Medium): Fixed an off-by-one write in JsonEscaper::escapeString() that could corrupt the string null terminator.
• CVE-2026-26330: (CVSS score 5.3, Medium): Fixed a bug in the gRPC rate limit client that could lead to potential use-after-free issues. Only affects Istio 1.28 and 1.29.

Istio CVEs

• CVE-2026-31838 / GHSA-974c-2wxh-g4ww: (CVSS score 6.9, Medium): Debug Endpoints Allow Cross-Namespace Proxy Data Access. Reported by 1seal.
• CVE-2026-31837 / GHSA-v75c-crr9-733c: (CVSS score 8.7, High): JWKS Resolver Failure May Allow Authentication Bypass Using Known Default Keys. Reported by 1seal.

Other Istio Security Fixes

• Fixed XDS debug endpoints on plaintext port 15010 to require authentication, preventing unauthenticated access to proxy configuration. Reported by 1seal.
• Fixed potential SSRF in WasmPlugin image fetching by validating bearer token realm URLs. Reported by Sergey Kanibor (Luntry).
• Fixed HTTP debug endpoints on port 15014 to enforce namespace-based authorization, preventing cross-namespace proxy data access. Reported by Sergey Kanibor (Luntry).

Am I Impacted?

All users running affected Istio versions are potentially impacted.

• The Envoy RBAC header matching vulnerability can be exploited when authorization policies match on headers that may contain multiple values, allowing policy bypass.

• The JWKS resolver vulnerability could allow authentication bypass when a JWKS fetch fails, as istiod falls back to publicly known default keys that an attacker can use to forge valid JWTs. Users with RequestAuthentication resources configured with jwksUri are directly impacted.

• The XDS debug endpoint vulnerability allowed unauthenticated access to debug endpoints (such as config_dump) on the plaintext XDS port 15010, which could leak sensitive proxy configuration to any workload with network access to istiod. After upgrading, debug endpoint authentication is enabled by default. The ENABLE_DEBUG_ENDPOINT_AUTH and DEBUG_ENDPOINT_AUTH_ALLOWED_NAMESPACES environment variables can be used to adjust compatibility with legacy systems if required.

• The SSRF vulnerability in WasmPlugin image fetching could allow an attacker to redirect bearer token credentials to an arbitrary URL.

Security update

For more information, see ISTIO-SECURITY-2026-001.

Envoy CVEs

• CVE-2026-26308 (CVSS score 7.5, High): Fix multivalue header bypass in RBAC.
• CVE-2026-26311 (CVSS score 5.9, Medium): HTTP decode methods blocked after downstream reset.
• CVE-2026-26310 (CVSS score 5.9, Medium): Fix crash in getAddressWithPort() with scoped IPv6 address.
• CVE-2026-26309 (CVSS score 5.3, Medium): JSON off-by-one write fix.
• CVE-2026-26330 (CVSS score 5.3, Medium): Ratelimit response phase crash fix.

Istio CVEs

• CVE-2026-31838 / GHSA-974c-2wxh-g4ww: (CVSS score 6.9, Medium): Debug Endpoints Allow Cross-Namespace Proxy Data Access. Reported by 1seal.
• CVE-2026-31837 / GHSA-v75c-crr9-733c: (CVSS score 8.7, High): JWKS Resolver Failure May Allow Authentication Bypass Using Known Default Keys. Reported by 1seal.

Istio Security Fixes

• Fixed XDS debug endpoints on plaintext port 15010 to require authentication, preventing unauthenticated access to proxy configuration. Reported by 1seal.
• Fixed HTTP debug endpoints on port 15014 to enforce namespace-based authorization, preventing cross-namespace proxy data access. Reported by Sergey Kanibor (Luntry).
• Added the ability to specify authorized namespaces for debug endpoints when ENABLE_DEBUG_ENDPOINT_AUTH=true. Enable by setting DEBUG_ENDPOINT_AUTH_ALLOWED_NAMESPACES to a comma separated list of authorized namespaces. The system namespace (typically istio-system) is always authorized.
• Fixed JWKS resolver to use a safe fallback when JWKS fetch fails, preventing authentication bypass via publicly known default keys. Reported by 1seal.
• Fixed potential SSRF in WasmPlugin image fetching by validating bearer token realm URLs. Reported by Sergey Kanibor (Luntry).

Changes

• Fixed incorrect mapping of meshConfig.tlsDefaults.minProtocolVersion to tls_minimum_protocol_version in downstream TLS context.
• Fixed Gateway API CORS origin parsing to be stricter with wildcards, and to ignore unmatched preflights. (Issue #59018)
• Fixed an issue where waypoints failed to add the TLS inspector listener filter when only TLS ports existed, causing SNI-based routing to fail for wildcard ServiceEntry with resolution: DYNAMIC_DNS. (Issue #59024)
• Fixed an issue where baggage-based peer metadata discovery interfered with TLS or PROXY traffic policies. As a short term fix, baggage-based metadata discovery is disabled for routes with TLS or PROXY traffic policies configured, which may result in incomplete telemetry in multicluster deployments. (Issue #59117)
• Fixed a nil pointer dereference that occurs during the upgrade process in multi-primary deployment. (Issue #59153)
• Fixed a nil pointer dereference in ServiceEntry validation for DYNAMIC_DNS resolution that could crash istiod. (Issue #59171)
• Fixed istiod crashing when PILOT_ENABLE_AMBIENT=true but AMBIENT_ENABLE_MULTI_NETWORK is not set and a WorkloadEntry resource exists with a different network than the local cluster.
• Fixed an issue where setting resource limits or requests to null would cause validation errors. (Issue #58805)

Security update

For more information, see ISTIO-SECURITY-2026-001.

Envoy CVEs

• CVE-2026-26308 (CVSS score 7.5, High): Fix multivalue header bypass in RBAC.
• CVE-2026-26311 (CVSS score 5.9, Medium): HTTP decode methods blocked after downstream reset.
• CVE-2026-26310 (CVSS score 5.9, Medium): Fix crash in getAddressWithPort() with scoped IPv6 address.
• CVE-2026-26309 (CVSS score 5.3, Medium): JSON off-by-one write fix.
• CVE-2026-26330 (CVSS score 5.3, Medium): Ratelimit response phase crash fix.

Istio CVEs

• CVE-2026-31838 / GHSA-974c-2wxh-g4ww: (CVSS score 6.9, Medium): Debug Endpoints Allow Cross-Namespace Proxy Data Access. Reported by 1seal.
• CVE-2026-31837 / GHSA-v75c-crr9-733c: (CVSS score 8.7, High): JWKS Resolver Failure May Allow Authentication Bypass Using Known Default Keys. Reported by 1seal.

Istio Security Fixes

• Fixed XDS debug endpoints on plaintext port 15010 to require authentication, preventing unauthenticated access to proxy configuration. Reported by 1seal.
• Fixed potential SSRF in WasmPlugin image fetching by validating bearer token realm URLs. Reported by Sergey Kanibor (Luntry).
• Fixed HTTP debug endpoints on port 15014 to enforce namespace-based authorization, preventing cross-namespace proxy data access. Reported by Sergey Kanibor (Luntry).
• Added the ability to specify authorized namespaces for debug endpoints when ENABLE_DEBUG_ENDPOINT_AUTH=true. Enable by setting DEBUG_ENDPOINT_AUTH_ALLOWED_NAMESPACES to a comma separated list of authorized namespaces. The system namespace (typically istio-system) is always authorized.

Changes

• Fixed an issue where InferencePool configurations were lost during VirtualService merging when multiple HTTPRoutes referencing different InferencePools were attached to the same Gateway. (Issue #58392)

Security update

For more information, see ISTIO-SECURITY-2026-001.

Envoy CVEs

• CVE-2026-26308 (CVSS score 7.5, High): Fix multivalue header bypass in RBAC.
• CVE-2026-26311 (CVSS score 5.9, Medium): HTTP decode methods blocked after downstream reset.
• CVE-2026-26310 (CVSS score 5.9, Medium): Fix crash in getAddressWithPort() with scoped IPv6 address.
• CVE-2026-26309 (CVSS score 5.3, Medium): JSON off-by-one write fix.

Istio CVEs

• CVE-2026-31838 / GHSA-974c-2wxh-g4ww: (CVSS score 6.9, Medium): Debug Endpoints Allow Cross-Namespace Proxy Data Access. Reported by 1seal.
• CVE-2026-31837 / GHSA-v75c-crr9-733c: (CVSS score 8.7, High): JWKS Resolver Failure May Allow Authentication Bypass Using Known Default Keys. Reported by 1seal.

Istio Security Fixes

• Fixed XDS debug endpoints on plaintext port 15010 to require authentication, preventing unauthenticated access to proxy configuration. Reported by 1seal.
• Fixed potential SSRF in WasmPlugin image fetching by validating bearer token realm URLs. Reported by Sergey Kanibor (Luntry).
• Fixed HTTP debug endpoints on port 15014 to enforce namespace-based authorization, preventing cross-namespace proxy data access. Reported by Sergey Kanibor (Luntry).
• Added the ability to specify authorized namespaces for debug endpoints when ENABLE_DEBUG_ENDPOINT_AUTH=true. Enable by setting DEBUG_ENDPOINT_AUTH_ALLOWED_NAMESPACES to a comma separated list of authorized namespaces. The system namespace (typically istio-system) is always authorized.

At that point we will stop back-porting fixes for security issues and critical bugs to 1.27, so we encourage you to upgrade to the latest version of Istio (1.29.1). If you don’t do this you may put yourself in the position of having to do a major upgrade on a short timeframe to pick up a critical fix.

We care about you and your clusters, so please be kind to yourself and upgrade.

What’s new?

Ambient Mesh Production-Ready Enhancements

Istio 1.29 adds two operational improvements enabled by default for ambient mesh: DNS capture is now enabled by default for ambient workloads, improving security and performance while enabling advanced features like better service discovery and traffic management. This enhancement ensures that DNS traffic from ambient workloads is properly proxied through the mesh infrastructure.

Additionally, iptables reconciliation is now enabled by default, providing automatic network rule updates when the istio-cni DaemonSet is upgraded. This eliminates the manual intervention previously required to ensure existing ambient pods receive updated networking configuration, making ambient mesh operations more seamless and reliable for production environments.

Enhanced Security Posture

This release adds security enhancements across multiple components. Certificate Revocation List (CRL) support is now available in ztunnel, allowing validation and rejection of revoked certificates when using plugged in certificate authorities. This strengthens the security posture of service mesh deployments using external CAs.

Debug endpoint authorization is enabled by default, providing namespace based access controls for debug endpoints on port 15014. Non system namespaces are now restricted to specific endpoints (config_dump, ndsz, edsz) and same namespace proxies only, improving security without impacting normal operations. Special thanks to Sergey KANIBOR at Luntry for reporting the debug endpoint authorization issue.

Optional NetworkPolicy deployment is now available for istiod, istio-cni, and ztunnel components, enabling users to deploy default NetworkPolicies with global.networkPolicy.enabled=true for enhanced network security.

TLS Traffic Management for Wildcard Hosts

Istio 1.29 introduces alpha support for wildcard hosts in ServiceEntry resources with DYNAMIC_DNS resolution specifically for TLS traffic. Enables routing based on SNI (Server Name Indication) from TLS handshakes without terminating the TLS connection to inspect Host headers.

While this feature has important security implications due to potential SNI spoofing, it provides powerful capabilities for managing external TLS services when used with trusted clients. The feature requires explicit enablement via the ENABLE_WILDCARD_HOST_SERVICE_ENTRIES_FOR_TLS feature flag.

Performance and Observability Improvements

HTTP compression for Envoy metrics is now enabled by default, providing automatic compression (brotli, gzip, and zstd) for the Prometheus stats endpoint based on client Accept-Header values. This reduces network overhead for metrics collection while maintaining compatibility with existing monitoring infrastructure.

Baggage based telemetry support has been added in alpha for ambient mesh, particularly benefiting multinetwork deployments. When enabled via the AMBIENT_ENABLE_BAGGAGE pilot environment variable, this feature ensures proper source and destination attribution for cross-network traffic metrics, improving observability in complex network topologies.

Simplified Operations and Resource Management

Istio 1.29 introduces pilot resource filtering capabilities through the PILOT_IGNORE_RESOURCES environment variable, enabling administrators to deploy Istio as a Gateway API only controller or with specific resource subsets. This is particularly valuable for GAMMA (Gateway API for Mesh Management and Administration) deployments.

Memory management has been improved with istiod now automatically setting GOMEMLIMIT to 90% of memory limits (via the automemlimit library), reducing the risk of OOM kills while maintaining optimal performance. Circuit breaker metrics tracking is now disabled by default, improving proxy memory usage while maintaining the option to enable legacy behavior when needed.

Inference Extension Support Promoted to Beta

Support for the Gateway API Inference Extension has been promoted to beta in Istio 1.29. The inference extension is an official Kubernetes project that utilizes a new InferencePool CRD object, along with existing Kubernetes Gateway API traffic management objects (Gateway, HTTPRoute), in order to optimize the serving of self-hosted Generative AI models in Kubernetes.

Istio 1.29 is conformant with the v1.0.1 version of the inference extension, and is available to try by enabling the ENABLE_GATEWAY_API_INFERENCE_EXTENSION pilot environment variable. Future releases of Gateway API Inference Extension will be supported in upcoming versions of Istio.

See our guide and original blog post in order to get started.

Multi-network multicluster ambient goes Beta

This release also promotes multi-network multicluster in ambient to beta status. Lots of improvements were made for robustness and completeness. The main area of focus for this transition was telemetry, where important gaps were addressed, including the implementation of more advanced peer metadata exchange in the ambient data-plane.

This means some confusing cases in multinetwork telemetry were addressed. In scenarios where Waypoints wouldn’t be properly reported in L4 metrics to cases where peer information was not fully available for requests traversing different networks through an E/W Gateway.

Also, we now have a quick guide showing how to deploy Prometheus and Kiali for multi-network multicluster in ambient mode.

Note that some of these improvements may also be behind the AMBIENT_ENABLE_BAGGAGE feature flag mentioned in the sections above, so make sure to enable it if you want to try them out. If you need more information on how to deploy multi-network multicluster using the ambient data-plane, please follow this guide. You’ll find more details about the feature on the release notes.

Don’t forget to share your feedback with us!

Plus Much More

• Enhanced istioctl capabilities: New --wait flag for istioctl waypoint status, support for --all-namespaces flag, and improved proxy admin port specification
• Installation improvements: Configurable terminationGracePeriodSeconds for istio-cni pods, safeguards for gateway deployment controller, and support for custom envoy file flush intervals
• Traffic management enhancements: Support for LEAST_REQUEST load balancing and circuit breaking in gRPC proxyless clients, improved ambient multicluster ingress routing
• Telemetry advances: Source and destination workload identification in waypoint proxy traces, timeout and headers support for Zipkin tracing provider

Read about these and more in the full release notes.

Upgrading to 1.29

We would like to hear from you regarding your experience upgrading to Istio 1.29. You can provide feedback in the #release-1.29 channel in our Slack workspace.

Would you like to contribute directly to Istio? Find and join one of our Working Groups and help us improve.

Security update

• CVE-2025-61732 (CVSS score 8.6, High): A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.
• CVE-2025-68121 (CVSS score 4.8, Moderate): A flaw in crypto/tls session resumption allows resumed handshakes to succeed when they should fail if ClientCAs or RootCAs are mutated between the initial and resumed handshake. This can occur when using Config.Clone with mutations or Config.GetConfigForClient. As a result, clients may resume sessions with unintended servers, and servers may resume sessions with unintended clients.

Changes

• Added an opt-in feature when using istio-cni in ambient mode to create an Istio owned CNI config file which contains the contents of the primary CNI config file and the Istio CNI plugin. This opt-in feature is a solution to the issue of traffic bypassing the mesh on node restart when the istio-cni DaemonSet is not ready, the Istio CNI plugin is not installed, or the plugin is not invoked to configure traffic redirection from pods to their node ztunnels. This feature is enabled by setting cni.istioOwnedCNIConfig to true in the istio-cni Helm chart values. If no value is set for cni.istioOwnedCNIConfigFilename, the Istio owned CNI config file will be named 02-istio-cni.conflist. The istioOwnedCNIConfigFilename must have a higher lexicographical priority than the primary CNI configuration filename. Ambient and chained CNI plugins must be enabled for this feature to work.

• Added safeguards to the gateway deployment controller to validate object types, names, and namespaces, preventing the creation of arbitrary Kubernetes resources through template injection. (Issue #58891)

• Added a retry mechanism when checking if a pod is ambient enabled in istio-cni. This is to address potential transient failures resulting in potential mesh bypassing. This feature is disabled by default and can be enabled by setting ambient.enableAmbientDetectionRetry in the istio-cni chart.

• Added namespace-based authorization for debug endpoints on port 15014. Non-system namespaces are restricted to config_dump/ndsz/edsz endpoints and same-namespace proxies only. Disable with ENABLE_DEBUG_ENDPOINT_AUTH=false if needed for compatibility.

• Fixed translation function lookup errors for MeshConfig and MeshNetworks in istioctl. (Issue #57967)

• Fixed a bug where BackendTLSPolicy status could lose track of the Gateway ancestorRef due to internal index corruption. (Issue #58731)

• Fixed an issue where the istio-cni DaemonSet treated NodeAffinity changes as upgrades, causing CNI config to be incorrectly left in place when a node no longer matched the DaemonSet’s NodeAffinity rules. (Issue #58768)

• Fixed resource annotation validation to reject newlines and control characters that could inject containers into pod specs via template rendering. (Issue #58889)

• Fixed incorrect mapping of meshConfig.tlsDefaults.minProtocolVersion to tls_minimum_protocol_version in downstream TLS context.

• Fixed an issue causing the ambient multicluster cluster registry to become unstable periodically, leading to incorrect configuration being pushed to proxies.

Security update

• CVE-2025-61732 (CVSS score 8.6, High): A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.
• CVE-2025-68121 (CVSS score 4.8, Moderate): A flaw in crypto/tls session resumption allows resumed handshakes to succeed when they should fail if ClientCAs or RootCAs are mutated between the initial and resumed handshake. This can occur when using Config.Clone with mutations or Config.GetConfigForClient. As a result, clients may resume sessions with unintended servers, and servers may resume sessions with unintended clients.

Changes

There are no other changes introduced in this release outside of the above mentioned security updates.

• Promoted the cni.ambient.dnsCapture value to default to true. This enables DNS proxying for workloads in ambient mesh by default, improving security and performance while enabling a number of features. This can be disabled explicitly or with compatibilityVersion=1.24. Note: only new pods will have DNS enabled. To enable DNS for existing pods, pods must be manually restarted, or the iptables reconciliation feature must be enabled with --set cni.ambient.reconcileIptablesOnStartup=true.

• Promoted cni.ambient.reconcileIptablesOnStartup to default to true. This enables automatic reconciliation of iptables/nftables rules for existing ambient pods when the istio-cni DaemonSet is upgraded, eliminating the need to manually restart pods to receive updated networking configuration. This can be disabled explicitly or by using compatibilityVersion=1.28.

• Promoted support for Gateway API Inference Extension to beta. This feature currently remains off by default and can be turned on with the ENABLE_GATEWAY_API_INFERENCE_EXTENSION environment variable. (usage) (Issue #58533)

• Promoted multi-network multicluster support to Beta in ambient mode. Check out the announcements for more details.

• Added support for Istio locality label topology.istio.io/locality, which takes precedence over istio-locality.

• Added an option, gateway.istio.io/tls-cipher-suites, to specify the custom cipher suites on a Gateway. The value is a comma separated list of cipher suites. (Issue #58366)

• Added alpha support for a baggage-based telemetry system for ambient mesh. Users of multinetwork ambient will want to enable this feature via the AMBIENT_ENABLE_BAGGAGE pilot environment variable so that metrics for cross-network traffic are properly attributed with source and destination labels. Note that ztunnel already sends baggage in requests; this feature augments that functionality with waypoint-generated baggage as well. As such, this feature is off by default for waypoints and on by default in ztunnels (configurable via the ENABLE_RESPONSE_BAGGAGE environment variable in ztunnel).

• Added logic to designate a Workload Discovery (WDS) Service as canonical. A canonical WDS Service is used by ztunnel during name resolution unless another WDS Service in the same namespace as the client exists to override it. A canonical service will be configured from either (1) a Kubernetes Service resource or (2) the oldest Istio ServiceEntry resource that specifies that hostname. (Issue #58576)

• Added a new feature flag DISABLE_TRACK_REMAINING_CB_METRICS to control circuit breaker remaining metrics tracking. When set to false (default), circuit breaker remaining metrics will not be tracked, improving performance. When set to true, circuit breaker remaining metrics will be tracked (legacy behavior). This feature flag will be removed in a future release.

• Added support for LEAST_REQUEST load balancing policy in gRPC proxyless clients.

• Added support for circuit breaking (http2MaxRequests) in gRPC proxyless clients.

• Added support for wildcard hosts in ServiceEntry resources with DYNAMIC_DNS resolution for TLS hosts. The TLS protocol implies that connections will be routed based on the request’s SNI (from the TLS handshake) without terminating the TLS connection to inspect the Host header for routing. The implementation relies on an alpha API and has significant security implications (i.e., SNI spoofing). Therefore, this feature is disabled by default and can be enabled by setting the feature flag ENABLE_WILDCARD_HOST_SERVICE_ENTRIES_FOR_TLS to true. Please consider using this feature carefully and only with trusted clients. (Issue #54540)

• Fixed an issue where sidecars tried to route requests to ambient east/west gateways incorrectly. (Issue #57878)

• Fixed Istio CNI node agent startup failure in MicroK8s environments when using ambient mode with nftables backend. (Issue #58185)

• Fixed an issue where InferencePool configurations were lost during VirtualService merging when multiple HTTPRoute referencing different InferencePools were attached to the same Gateway. (Issue #58392)

• Fixed an issue where setting ambient.istio.io/bypass-inbound-capture: "true" caused inbound HBONE traffic to timeout because the iptables rule for tracking the ztunnel mark on connections was not applied. This change allows inbound HBONE connections to function normally while preserving the expected bypass behavior for inbound “passthrough” connections. (Issue #58546)

• Fixed a bug where the BackendTLSPolicy status could lose track of the Gateway ancestorRef due to internal index corruption. (Issue #58731)

• Fixed an issue where warmup aggression is not aligned with Envoy configuration. (Issue #3395)

• Fixed an issue where ingress gateways in ambient multi-cluster did not route requests to exposed remote backends. This fix is behind a new feature flag AMBIENT_ENABLE_MULTI_NETWORK_INGRESS, which is false by default. If the user wants to use this functionality, they need to set it to true.

• Fixed an issue causing the ambient multicluster cluster registry to become unstable periodically, leading to incorrect configuration being pushed to proxies.

• Fixed an issue where the overload manager resource monitor for global downstream max connections was set to the maximum integer value and could not be configured via Runtime Flags. Users can now configure the global downstream max connections limit via proxy metadata ISTIO_META_GLOBAL_DOWNSTREAM_MAX_CONNECTIONS. The runtime flag overload.global_downstream_max_connections is still honored if specified for backwards compatibility but is deprecated in favor of this new approach using proxy metadata.

  If overload.global_downstream_max_connections is specified, Envoy deprecated warnings will appear.

  If both ISTIO_META_GLOBAL_DOWNSTREAM_MAX_CONNECTIONS and overload.global_downstream_max_connections are specified, proxy metadata will take precedence over the runtime flag. (Issue #58594)

• Fixed warning about CONSISTENT_HASH load balancing policy in gRPC proxyless clients.

• Fixed gRPC xDS Listener to send both current and deprecated TLS certificate provider fields, enabling compatibility across old and new gRPC clients (pre-1.66 and 1.66+).

• Fixed an issue where CNI initialization could fail when creating host iptables/nftables rules for health check probes. The initialization now retries up to 10 times with a 2-second delay between attempts to handle transient failures.

Security

• Improved remote cluster trust domain handling by implementing watching of remote meshConfig. Istiod now automatically watches and updates trust domain information from remote clusters, ensuring accurate SAN matching for services that belong to more than one trust domain.

• Added an opt-in feature when using istio-cni in ambient mode to create an Istio-owned CNI config file that contains the contents of the primary CNI config file and the Istio CNI plugin. This opt-in feature is a solution to the issue of traffic bypassing the mesh on node restart when the istio-cni DaemonSet is not ready, the Istio CNI plugin is not installed, or the plugin is not invoked to configure traffic redirection from pods to their node ztunnels. This feature is enabled by setting cni.istioOwnedCNIConfig to true in the istio-cni Helm chart values. If no value is set for cni.istioOwnedCNIConfigFilename, the Istio-owned CNI config file will be named 02-istio-cni.conflist. The istioOwnedCNIConfigFilename must have a higher lexicographical priority than the primary CNI. Ambient and chained CNI plugins must be enabled for this feature to work.

• Added optional NetworkPolicy deployment for istiod and istio-cni

  You can set global.networkPolicy.enabled=true to deploy a default NetworkPolicy for istiod, istio-cni and gateways. (Issue #56877)

• Added support for watching symlink secrets in the Istio node agent.

• Added Certificate Revocation List (CRL) support in ztunnel. When a ca-crl.pem file is provided via plugged-in CA, istiod automatically distributes CRLs to all participating namespaces in the cluster. (Issue #58733)

• Added an experimental feature to allow dry-run of AuthorizationPolicy resources in ztunnel. This feature will be disabled by default. See the Upgrade Note for details. (usage) (Issue #1933)

• Added support to block CIDRs in JWKS URIs when fetching public keys for JWT validation. If any resolved IP from a JWKS URI matches a blocked CIDR, Istio will skip fetching the public key and use a fake JWKS instead to reject requests with JWT tokens.

• Added a retry mechanism when checking if a pod is ambient enabled in istio-cni. This is to address potential transient failures resulting in potential mesh bypassing. This feature is disabled by default and can be enabled by setting ambient.enableAmbientDetectionRetry in the istio-cni chart.

• Added namespace-based authorization for debug endpoints on port 15014. Non-system namespaces restricted to config_dump/ndsz/edsz endpoints and same-namespace proxies only. Disable with ENABLE_DEBUG_ENDPOINT_AUTH=false if needed for compatibility.

• Fixed resource annotation validation to reject newlines and control characters that could inject containers into pod specs via template rendering. (Issue #58889)

Telemetry

• Deprecated the sidecar.istio.io/statsCompression annotation, which is replaced by the statsCompression proxyConfig option. Per-pod overrides are still possible via proxy.istio.io/config annotation. (Issue #48051)

• Added statsCompression option in proxyConfig to allow global configuration of HTTP compression for the Envoy stats endpoint exposing its metrics. This is enabled by default, offering brotli, gzip and zstd depending on the Accept-Header sent by the client. (Issue #48051)

• Added source and destination workload identification to waypoint proxy traces. Waypoint proxies now include istio.source_workload, istio.source_namespace, istio.destination_workload, istio.destination_namespace and other source peer tags in trace spans, matching the observability capabilities of sidecar proxies. (Issue #58348)

• Added support for Formatter type custom tag the in Telemetry API.

• Added istiod_remote_cluster_sync_status gauge metric to Pilot to track the synchronization status of remote clusters.

• Added waypoint span tags istio.downstream.workload, istio.downstream.namespace, istio.upstream.workload, and istio.upstream.namespace to the upstream and downstream workload and namespace.

• Added timeout and headers fields to ZipkinTracingProvider to the MeshConfig’s extensionProviders. The timeout field configures the HTTP request timeout when sending spans to the Zipkin collector, providing better control over trace export reliability. The headers field allows including custom HTTP headers for authentication, authorization, and custom metadata use cases. Headers support both direct values and environment variable references for secure credential management. (Envoy) (reference) (usage)

• Fixed an issue causing metrics to be reported with unknown labels in ambient multi-network deployments even when baggage-based peer metadata discovery was enabled by setting AMBIENT_ENABLE_BAGGAGE environment variable to true for pilot. (Issue #58794),(Issue #58476)

Installation

• Updated istiod to set GOMEMLIMIT to 90% of the memory limit (previously 100%) to reduce the risk of OOM kills. This is now handled automatically via the automemlimit library. Users can override this by setting the GOMEMLIMIT environment variable directly, or adjust the ratio using the AUTOMEMLIMIT environment variable (e.g., AUTOMEMLIMIT=0.85 for 85%).

• Updated Kiali addon to version v2.21.0.

• Added support for filtering resources that Pilot will watch, based on the environment variable PILOT_IGNORE_RESOURCES.

  This variable is a comma-separated list of resources and prefixes that should be ignored by the Istio CRD watcher. If there is a need to explicitly include a resource, even when it is on the ignore list, this can be done using the variable PILOT_INCLUDE_RESOURCES.

  This feature enables administrators to deploy Istio as a Gateway API-only controller, ignoring mesh resources, or to deploy Istio with support only for Gateway API HTTPRoute (e.g., GAMMA support). (Issue #58425)

• Added support to customize the Envoy file flush interval and buffer configurations in ProxyConfig. (Issue #58545)

• Added safeguards to the gateway deployment controller to validate object types, names, and namespaces, to prevent the creation of arbitrary Kubernetes resources through template injection. (Issue #58891)

• Added a setting values.pilot.crlConfigMapName that allows configuring the name of the ConfigMap that istiod uses to propagate its Certificate Revocation List (CRL) in the cluster. This allows running multiple control planes with overlapping namespaces in the same cluster.

• Added support for configuring terminationGracePeriodSeconds on the istio-cni pod, and updated the default value from 5 secs to 30 secs. (Issue #58572)

• Fixed an issue where iptables command was not waiting to acquire a lock on /run/xtables.lock, causing some misleading errors in the logs. (Issue #58507)

• Fixed an issue where the istio-cni DaemonSet treated nodeAffinity changes as upgrades, causing CNI config to be incorrectly left in place when a node no longer matched the DaemonSet’s nodeAffinity rules. (Issue #58768)

• Fixed istio-gateway helm chart values schema to allow top-level enabled field. (Issue #58277)

• Removed obsolete manifests from the base Helm chart. See Upgrade Notes for more information.

istioctl

• Added a --wait flag to the istioctl waypoint status command to specify whether to wait for the waypoint to become ready (default is true).

Specifying this flag with --wait=false will not wait for the waypoint to be ready, and will directly display the status of the waypoint. (Issue #57075)

• Added the printing of headers to the istioctl ztunnel-config all and istioctl proxy-config all commands.

• Added --all-namespaces flag for the istioctl waypoint status command to display the status of waypoints in all namespaces.

• Added support for specifying the proxy admin port in istioctl ztunnel-config.

• Fixed translation function lookup errors for MeshConfig and MeshNetworks in istioctl (Issue #57967)

Changes

• Added safeguards to the gateway deployment controller to validate object types, names, and namespaces, preventing creation of arbitrary Kubernetes resources through template injection. (Issue #58891)

• Added namespace-based authorization for debug endpoints on port 15014. Non-system namespaces are now restricted to config_dump/ndsz/edsz endpoints and same-namespace proxies only. If needed for compatibility, this behavior can be disabled with ENABLE_DEBUG_ENDPOINT_AUTH=false.

• Added service.selectorLabels field to the gateway Helm chart for custom service selector labels during revision-based migrations.

• Fixed resource annotation validation to reject newline and control characters that could inject containers into pod specs via template rendering. (Issue #58889)

• Fixed incorrect mapping of meshConfig.tlsDefaults.minProtocolVersion to tls_minimum_protocol_version in downstream TLS context.

Changes

• Added service.selectorLabels field to gateway Helm chart for custom service selector labels during revision-based migrations.

• Fixed an issue with goroutine memory leaks in ambient mode. (Issue #58478)

• Fixed an issue in ambient multicluster where informer failures for remote clusters wouldn’t be fixed until an istiod restart. (Issue #58047)

• Fixed an issue with crashing NFT operations and pod deletion failures. (Issue #58492)

At this point we will no longer back-port fixes for security issues and critical bugs to 1.26. We highly recommend that you upgrade to the latest version of Istio (1.29.1) if you haven’t already.

Security Update

• CVE-2025-62408 (CVSS score 5.3, Moderate): Use after free can crash Envoy due to malfunctioning or compromised DNS. This is a heap use-after-free vulnerability in the c-ares library that can be exploited by an attacker controlling the local DNS infrastructure to cause a Denial of Service (DoS) in Envoy.

Changes

• Fixed rare race condition where deleting a ServiceEntry that shares a hostname with another ServiceEntry in the same namespace occasionally causes ambient clients to lose the ability to send traffic to that hostname until istiod restarts.

• Fixed use cases where upgrading from the iptables backend to the nftables backend in ambient created stale iptables rules on the network. The code now continues to use iptables on the node until it is rebooted. (Issue #58353)

• Fixed DNS name table creation for headless services where pods entries did not account for pods to have multiple IPs. (Issue #58397)

• Fixed annotation sidecar.istio.io/statsEvictionInterval with values 60 seconds or more causing istio-proxy sidecar startup failure. (Issue #58500)

• Fixed an issue where Envoy proxies that connect to waypoint proxies would in rare cases either get extraneous XDS updates or miss some updates entirely.

Security Update

• CVE-2025-62408 (CVSS score 5.3, Moderate): Use after free can crash Envoy due to malfunctioning or compromised DNS. This is a heap use-after-free vulnerability in the c-ares library that can be exploited by an attacker controlling the local DNS infrastructure to cause a Denial of Service (DoS) in Envoy.

Changes

• Fixed DNS name table creation for headless services where pods entries did not account for pods to have multiple IPs. (Issue #58397)

Security Update

• CVE-2025-62408 (CVSS score 5.3, Moderate): Use after free can crash Envoy due to malfunctioning or compromised DNS. This is a heap use-after-free vulnerability in the c-ares library that can be exploited by an attacker controlling the local DNS infrastructure to cause a Denial of Service (DoS) in Envoy.

Changes

• Fixed an issue where HTTPS servers processed first prevented HTTP servers from creating routes on the same port with different bind addresses. (Issue #57706)

CVE

Envoy CVEs

• CVE-2025-66220: (CVSS score 8.1, High): TLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates with OTHERNAME SANs containing an embedded null byte as valid.
• CVE-2025-64527: (CVSS score 6.5, Medium): Envoy crashes when JWT authentication is configured with the remote JWKS fetching.
• CVE-2025-64763: (CVSS score 5.3, Medium): Potential request smuggling from early data after the CONNECT upgrade

Am I Impacted?

If you are using Istio to accept WebSocket traffic, you are potentially vulnerable to request smuggling from early data after the CONNECT upgrade. You may also be vulnerable if you are using custom certificates with OTHERNAME SANs or custom JWT authentication with remote JWKS fetching using EnvoyFilter.

This release implements the security updates described in our 3rd of December post, ISTIO-SECURITY-2025-003.

Changes

• Added support for multiple targetPorts in an InferencePool. The possibility to have >1 targetPort was added as part of GIE v1.1.0. (Issue #57638)

• Fixed status conflicts on Route resources when multiple Istio revisions are installed. (Issue #57734)

• Fixed ServiceEntry resources with overlapping hostnames within the same namespace causing unpredictable behavior in ambient mode. (Issue #57291)

• Fixed a failure in istio-init when using native nftables with TPROXY mode and had an empty traffic.sidecar.istio.io/includeInboundPorts annotation. (Issue #58135)

• Fixed an issue where EDS generation code did not consider service scope and, as a result, remote cluster endpoints that should not be accessible were included in waypoint configuration. (Issue #58139)

• Fixed an issue where, due to incorrect EDS caching in pilot, ambient E/W gateway or waypoints would be configured with unusable EDS endpoints. (Issue #58141)

• Fixed an issue where Envoy Secret resources could get stuck in WARMING state when the same Kubernetes Secret is referenced from Istio Gateway objects using both secret-name and namespace/secret-name formats. (Issue #58146)

• Fixed an issue where IPv6 nftables rules were programmed when IPv6 was explicitly disabled in ambient mode. (Issue #58249)

• Fixed DNS name table creation for headless services where pods entries did not account for pods having multiple IPs. (Issue #58397)

• Fixed an issue causing ambient multi-network connections to fail when using a custom trust domain. (Issue #58427)

• Fixed an issue where HTTPS servers processed first prevented HTTP servers from creating routes on the same port with different bind addresses. (Issue #57706)

• Fixed a bug causing the experimental XListenerSet resources to not be able to access TLS Secrets.

This release implements the security updates described in our 3rd of December post, ISTIO-SECURITY-2025-003.

Changes

• Fixed status conflicts on Route resources when multiple istio revisions are installed. (Issue #57734)

• Fixed an issue with waypoints where an EnvoyFilter with targetRef kind GatewayClass and group gateway.networking.k8s.io in the root namespace would not work.

• Fixed a failure in istio-init when using native nftables with TPROXY mode and had an empty traffic.sidecar.istio.io/includeInboundPorts annotation. (Issue #58135)

• Fixed an issue where Envoy Secret resources could get stuck in WARMING state when the same Kubernetes Secret is referenced from Istio Gateway objects using both secret-name and namespace/secret-name formats. (Issue #58146)

• Fixed DNS name table creation for headless services where pods entries did not account for pods having multiple IPs. (Issue #58397)

• Fixed an issue where HTTPS servers processed first prevented HTTP servers from creating routes on the same port with different bind addresses. (Issue #57706)

• Fixed a bug causing the experimental XListenerSet resources to not be able to access TLS Secrets.

This release implements the security updates described in our 3rd of December post, ISTIO-SECURITY-2025-001.

Changes

• Fixed a goroutine leak in multicluster where krt collections with data from remote clusters would stay in memory even after that cluster was removed. (Issue #57269)

• Fixed an issue where Envoy Secret resources could get stuck in WARMING state when the same Kubernetes Secret is referenced from Istio Gateway objects using both secret-name and namespace/secret-name formats. (Issue #58146)

At that point we will stop back-porting fixes for security issues and critical bugs to 1.26, so we encourage you to upgrade to the latest version of Istio (1.29.1). If you don’t do this you may put yourself in the position of having to do a major upgrade on a short timeframe to pick up a critical fix.

We care about you and your clusters, so please be kind to yourself and upgrade.

What’s new?

Inference Extension Support

Istio 1.28 continues to build on the Gateway API Inference Extension support with the introduction of InferencePool v1. This enhancement provides better management and routing of AI inference workloads, making it easier to deploy and scale Generative AI models on Kubernetes with intelligent traffic management.

The InferencePool v1 API offers improved stability and functionality for managing pools of inference endpoints, enabling more sophisticated load balancing and failover strategies for AI workloads.

Ambient Multicluster

Istio 1.28 brings significant improvements to ambient multicluster deployments. Waypoints can now route traffic to remote networks in ambient multicluster configurations, expanding ambient capabilities. This enhancement enables outlier detection and other L7 policies for requests crossing networks, making it easier to manage multi-network service mesh deployments.

Ambient multicluster remains an alpha feature and there are several known issues that will be addressed in future releases. If the recent changes negatively impacted your ambient multicluster deployment, it’s possible to disable the recent waypoint behavior change by setting AMBIENT_ENABLE_MULTI_NETWORK_WAYPOINT pilot environment variable to false.

We welcome feedback and bug reports from early adopters of ambient multicluster.

Native nftables Support in Ambient Mode

Istio 1.28 introduces support for native nftables when using ambient mode. This significant enhancement allows you to use nftables instead of iptables to manage network rules, providing a more flexible rule management. To enable nftables mode, use --set values.global.nativeNftables=true when installing Istio.

This addition complements the existing nftables support in sidecar mode, ensuring Istio stays current with modern Linux networking frameworks.

Dual-stack Support Promoted to Beta

Istio’s dual-stack networking support has been promoted to beta in this release. This advancement provides robust IPv4/IPv6 networking capabilities, enabling organizations to deploy Istio in modern network environments that require both IP protocol versions.

Enhanced Security Features

This release includes several important security improvements:

• Enhanced JWT Authentication: Improved JWT filter configuration now supports custom space-delimited claims in addition to default claims like “scope” and “permission”. This enhancement ensures proper validation of JWT tokens with custom claims using the spaceDelimitedClaims field in RequestAuthentication resources
• NetworkPolicy Support: Optional NetworkPolicy deployment for istiod with global.networkPolicy.enabled=true
• Enhanced Container Security: Support for configuring seccompProfile in istio-validation and istio-proxy containers for better security compliance
• Gateway API Security: Support for FrontendTLSValidation (GEP-91) enabling mutual TLS ingress gateway configurations
• Improved Certificate Handling: Better root certificate parsing that filters out malformed certificates instead of rejecting the entire bundle

Gateway API and Traffic Management Enhancements

• BackendTLSPolicy v1: Full Gateway API v1.4 support with enhanced TLS configuration options
• ServiceEntry Integration: Support for ServiceEntry as a targetRef in BackendTLSPolicy for external service TLS configuration
• Wildcard Host Support: ServiceEntry resources now support wildcard hosts with DYNAMIC_DNS resolution (HTTP traffic only, requires ambient mode and waypoint)

Plus Much More

• Persona-based Installations: New resourceScope option in Helm charts for namespace or cluster-scoped resource management
• Improved Load Balancing: Cookie attributes support in consistent hash load-balancing with security options like SameSite, Secure, and HttpOnly
• Enhanced Telemetry: Dual B3/W3C header propagation support for better tracing interoperability
• istioctl Improvements: Automatic default revision detection and enhanced debugging capabilities

Read about these and more in the full release notes.

Upgrading to 1.28

We would like to hear from you regarding your experience upgrading to Istio 1.28. You can provide feedback in the #release-1.28 channel in our Slack workspace.

Would you like to contribute directly to Istio? Find and join one of our Working Groups and help us improve.

• Promoted Istio dual-stack support to beta. (Issue #54127)

• Updated the default value for maximum accepted connections per socket event. The default value now is 1 for inbound and outbound listeners explicitly binding to ports in sidecars. Listeners with no iptables interception will benefit from better performance under high connection churn scenarios. To get the old behavior, you can set MAX_CONNECTIONS_PER_SOCKET_EVENT_LOOP to zero.

• Added support for cookie attributes in consistent hash load-balancing. You can now specify additional attributes, such as SameSite, Secure and HttpOnly. This allows for more secure and compliant cookie handling in load-balancing scenarios. (Issue #56468), (Issue #49870)

• Added DISABLE_SHADOW_HOST_SUFFIX environment variable to control shadow host suffix behavior in mirroring policies. When set to true (default), shadow host suffixes are added to hostnames of mirrored requests. When set to false, shadow host suffixes are not added. This provides backward compatibility for users upgrading from older Istio versions where shadow host suffixes were added by default via compatibility profiles. (Issue #57530)

• Added support for sectionName in Gateway API BackendTLSPolicy to enable port-specific TLS configuration. This allows targeting specific ports of a Service by name, enabling different TLS settings per port. For example, you can now configure TLS settings for only the https port of a Service while leaving other ports unaffected.

• Added support for ServiceEntry as a targetRef in BackendTLSPolicy. This allows users to apply TLS settings to external services defined by ServiceEntry resources. (Issue #57521)

• Added support for native nftables when using Istio ambient mode. This update makes it possible to use nftables instead of iptables to manage network rules. To enable the nftables mode, use --set values.global.nativeNftables=true when installing Istio. (Issue #57324)

• Added support for wildcard hosts in ServiceEntry resources with DYNAMIC_DNS resolution. This is only supported for HTTP traffic for now. It requires ambient mode and a waypoint configured as an egress gateway. (Issue #54540)

• Added support for X-Forwarded headers in ProxyConfig.ProxyHeaders.

• Enabled waypoints to route traffic to remote networks in ambient multi-cluster. (Issue #57537)

• Fixed a bug where ztunnel wouldn’t correctly use the WorkloadEntry port map when referencing a Service port name. (Issue #56251)

• Fixed an issue where the tag watcher didn’t consider the default revision to be the same as the default tag. This would cause issues where Kubernetes gateways wouldn’t be programmed. (Issue #56767)

• Fixed a bug where a shadow Service port number for an InferencePool would start with 543210 instead of 54321. (Issue #57472)

• Fixed an issue where the ambient dataplane did not correctly handle ServiceEntries with resolution set to NONE. Previously, the configuration would have a VIP but no endpoints, which would result in a “no healthy upstream” error. This scenario is now configured as a PASSTHROUGH service, meaning the addresses called by the client will be used as the backend. (Issue #57656)

• Fixed an issue where HTTP/2 connection pool settings were not applied when enabling HTTP/2 upgrades. (Issue #57583)

• Fixed waypoint deployments to use the default Kubernetes terminationGracePeriodSeconds (30 seconds) instead of a hard-coded 2 seconds value.

• Added support for InferencePool v1. (Issue #57219)

• Removed support for InferencePool alpha and release candidate versions.

Security

• Improved root certificate parsing when some certificates were invalid. Istio now filters out malformed certificates instead of rejecting the entire bundle.

• Added caCertCredentialName field in ServerTLSSettings to reference a Secret/ConfigMap that holds CA certificates for mTLS. See usage or reference for more information. (Issue #43966)

• Added optional NetworkPolicy deployment for istiod. You can set global.networkPolicy.enabled=true to deploy a default NetworkPolicy for istiod and gateways. We’re planning to extend this to later also include NetworkPolicy for istio-cni and ztunnel. (Issue #56877)

• Added support for configuring seccompProfile in the istio-validation and istio-proxy containers within the sidecar injection template. Users can now set the seccompProfile.type to RuntimeDefault for enhanced security compliance. (Issue #57004)

• Added support for FrontendTLSValidation (GEP-91) in Gateway API. See usage and reference for more information. (Issue #43966)

• Fixed JWT filter configuration to support custom space-delimited claims. The JWT filter configuration now correctly includes user-specified custom space-delimited claims in addition to the default claims (“scope” and “permission”). This ensures that the Envoy JWT filter treats these claims as space-delimited strings, allowing for proper validation of JWT tokens that include these claims. To set custom space-delimited claims, use the spaceDelimitedClaims field in the JWT rule configuration inside the RequestAuthentication resource. (Issue #56873)

• Removed use of MD5 to optimize comparisons. Istio does not and has not used MD5 for cryptographic purposes. The change is merely to make the code easier to audit and to run in FIPS 140-3 mode.

Telemetry

• Updated environment variable PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY default value to true, enabling the spawning of upstream spans for gateway requests by default.

• Added support for annotations sidecar.istio.io/statsFlushInterval and sidecar.istio.io/statsEvictionInterval.

• Added support for Zipkin’s TraceContextOption configuration to enable dual B3/W3C header propagation. Configure with trace_context_option: USE_B3_WITH_W3C_PROPAGATION in MeshConfig extensionProviders to extract B3 headers preferentially, fall back to W3C traceparent headers, and inject both header types upstream for better tracing interoperability. See Envoy docs and MeshConfig reference and usage for more information.

• Removed metric expiry support. Use StatsEviction in bootstrap configuration instead.

Extensibility

• Fixed an issue where EnvoyFilter using targetRef with kind GatewayClass and group gateway.networking.k8s.io in the root namespace was not correctly propagated.

Installation

• Updated the istiod helm chart to create EndpointSlice resources instead of Endpoints for remote istiod installs due to Endpoints’ deprecation as of Kubernetes 1.33. (Issue #57037)

• Updated Kiali addon to version v2.17.0.

• Added ability to completely null out resource limits or requests in the gateway chart.

• Added support for “persona-based” installations to our Helm charts based on the scope of generated/applied resources.

  • If no resourceScope is set, all resources will be installed. This is the same behavior a user would expect from 1.27 charts.
  • If resourceScope is set to namespace, only namespace-scoped resources will be installed.
  • If resourceScope is set to cluster, only cluster-scoped resources will be installed. This can enable a Kubernetes administrator to manage the resources in the cluster and the mesh administrator to manage the resources in the mesh. For the ztunnel chart, resourceScope is a top-level field. For all other charts, it is a field under global. (Issue #57530)

• Added support for the environment variable FORCE_IPTABLES_BINARY to override iptables backend detection and use a specific binary. (Issue #57827)

• Added .Values.podLabels and .Values.daemonSetLabels to istio-cni Helm chart.

• Added service.clusterIP configuration to Gateway chart to support overriding the spec.clusterIP of the Service resource. This could be useful in cases where the user wants to set a specific cluster IP for the Gateway service instead of relying on automatic assignment.

• Added a new representation of revision tags using cluster IP services, meant to stop using mutating webhooks in ambient mode. istioctl tag set <tag> --revision <rev> and the revisionTags Helm value will both create a MutatingWebhook using the current specifications and a Service similar to the istiod Service but including the istio.io/tag label to store the mapping.

• Added internalTrafficPolicy option for gateway service (needed, for example when installing ArgoCD with gateway which is an internal application).

• Fixed an issue where the PDB created by a default installation was blocking the draining of Kubernetes nodes. (Issue #12602)

• Upgraded Gateway API support to v1.4. This introduces support for BackendTLSPolicy v1.

istioctl

• Added automatic detection of the default revision in istioctl commands. When --revision is not explicitly specified, the default revision (as configured by istioctl tag set default) will be used automatically. (Issue #54518)

• Added support for specifying both --level and --stack-trace-level for istioctl admin log. (Issue #57007)

• Added support specifying the proxy admin port for istioctl experimental authz, istioctl proxystatus, istioctl bug-report and istioctl experimental describe with the flag --proxy-admin-port.

• Added flags to support list debug types for istioctl experimental internal-debug. (Issue #57372)

• Added support for displaying connection information for istioctl ztunnel-config all

• Fixed IST0173 analyzer (DestinationRuleSubsetNotSelectPods) incorrectly flagging DestinationRule subsets as not selecting any pods when the subsets used topology labels.

CVE

Envoy CVEs

• CVE-2025-62504: (CVSS score 6.5, Medium): Lua modified large enough response body will cause Envoy to crash.
• CVE-2025-62409: (CVSS score 6.6, Medium): Large requests and responses can cause TCP connection pool crash.

Am I Impacted?

You are impacted if you use Lua via EnvoyFilter that returns an oversized response body exceeding the per_connection_buffer_limit_bytes (default 1MB) or where you have large requests and responses where a connection can be closed but data from upstream is still being sent.

Security Update

This release implements the security updates described in our 20th of October post, ISTIO-SECURITY-2025-002.

Changes

There are no other changes introduced in this release outside of the above mentioned security updates.

Security Update

This release implements the security updates described in our 20th of October post, ISTIO-SECURITY-2025-002.

Changes

There are no other changes introduced in this release outside of the above mentioned security updates.

Changes

• Improved access to referenced TLS secrets to require both namespace and service accounts to match (previously only the namespace), or to have an explicit ReferenceGrant, for Kubernetes Gateway API gateways. Gateways that use a hostname address remain namespace-only.

• Fixed a goroutine leak in multicluster where krt collections with data from remote clusters would stay in memory even after that cluster was removed. (Issue #57269)

• Fixed the behavior of istio-cni cleanup when the get daemonset command fails with an error other than “not found”. It now defaults to not cleaning up the CNI config and binary when it cannot be determined whether an upgrade, deletion, or node reboot is in progress. (Issue #57316)

• Fixed the cluster waypoint correct_originate configuration when PILOT_SKIP_VALIDATE_TRUST_DOMAIN is set. (Issue #56741)

• Fixed an annotation issue where both istio.io/reroute-virtual-interfaces and the deprecated traffic.sidecar.istio.io/kubevirtInterfaces were processed. The newer reroute-virtual-interfaces annotation now correctly takes precedence. (Issue #57662)

• Fixed ServiceEntry resolution in ztunnel to match port names to pod container ports, aligning behavior with sidecars, when there isn’t an explicit targetPort set. (Issue #57713)

• Fixed missing gateway reconciliation for MeshConfig changes. (Issue #57890)

• Removed the istioctl installation dependency between pilot and CNI. CNI installation is no longer dependent on pilot being installed first. If the istio-cni configuration exists before installation (which can be the case when using an istio-owned CNI config), pilot installation will not fail while waiting for CNI readiness since CNI installation is no longer dependent on pilot. (Issue #57600)

Changes

• Improved access to referenced TLS secrets to require both namespace and service accounts to match (previously only the namespace), or to have an explicit ReferenceGrant, for Kubernetes Gateway API gateways. Gateways that use a hostname address remain namespace-only.

• Added the ability to turn off associating pods to proxies by IP address if association by name and namespace fails. This is on by default, matching the old behavior, and can be disabled with ENABLE_PROXY_FIND_POD_BY_IP=off. Future versions have this off by default.

• Fixed the cluster waypoint correct_originate configuration when PILOT_SKIP_VALIDATE_TRUST_DOMAIN is set. (Issue #56741)

• Fixed an annotation issue where both istio.io/reroute-virtual-interfaces and the deprecated traffic.sidecar.istio.io/kubevirtInterfaces were processed. The newer reroute-virtual-interfaces annotation now correctly takes precedence. (Issue #57662)

• Fixed ServiceEntry resolution in ztunnel to match port names to pod container ports, aligning behavior with sidecars, when there isn’t an explicit targetPort set. (Issue #57713)

• Fixed missing gateway reconciliation for MeshConfig changes. (Issue #57890)

• Removed the istioctl installation dependency between pilot and CNI. CNI installation is no longer dependent on pilot being installed first. If the istio-cni configuration exists before installation (which can be the case when using an istio-owned CNI config), pilot installation will not fail while waiting for CNI readiness since CNI installation is no longer dependent on pilot. (Issue #57600)

At this point we will no longer back-port fixes for security issues and critical bugs to 1.25. We highly recommend that you upgrade to the latest version of Istio (1.29.1) if you haven’t already.

CVE

Envoy CVEs

• CVE-2025-55162: (CVSS score 6.3, Moderate): OAuth2 Filter Signout route will not clear cookies because of missing “secure;” flag
• CVE-2025-54588: (CVSS score 7.5, High): Use after free in DNS cache

Am I Impacted?

You are impacted if you are using Istio 1.27.0, 1.26.0 to 1.26.3, or 1.25.0 to 1.25.4, and you use cookies named with prefix __Secure- or __Host-, or you are using EnvoyFilter with dynamic_forward_proxy.

This release implements the security updates described in our 3rd of September post, ISTIO-SECURITY-2025-001.

Changes

• Fixed an issue where istio-iptables would sometimes ignore the IPv4 state in favor of the IPv6 state when deciding whether new iptables rules needed to be applied. (Issue #56587)

• Fixed a bug where our tag watcher code didn’t consider the default revision to be the same as the default tag. This would cause issues where Kubernetes gateways wouldn’t be programmed. (Issue #56767)

• Fixed an issue causing Gateway chart installation failures with Helm v3.18.5 due to a stricter JSON schema validator. The chart’s schema has been updated to be compatible. (Issue #57354)

• Fixed an issue where the PreserveHeaderCase option was overriding other HTTP/1.x protocol options, such as HTTP/1.0. (Issue #57528)

• Fixed a change in output of istioctl proxy-status to be more consistent with previous versions. (Issue #57339)

• Fixed iptables detection logic to fall back to iptables-nft when the iptable_nat module is missing. (Issue #57380)

• Fixed a bug that incorrectly rejected traffic policies when only retry_budget was set.

This release implements the security updates described in our 3rd of September post, ISTIO-SECURITY-2025-001.

Changes

• Fixed an issue where istio-iptables would sometimes ignore the IPv4 state in favor of the IPv6 state when deciding whether new iptables rules needed to be applied. (Issue #56587)

• Fixed a bug where our tag watcher code didn’t consider the default revision to be the same as the default tag. This would cause issues where Kubernetes gateways wouldn’t be programmed. (Issue #56767)

• Fixed an issue causing Gateway chart installation failures with Helm v3.18.5 due to a stricter JSON schema validator. The chart’s schema has been updated to be compatible. (Issue #57354)

• Fixed an issue where the PreserveHeaderCase option was overriding other HTTP/1.x protocol options, such as HTTP/1.0. (Issue #57528)

This release implements the security updates described in our 3rd of September post, ISTIO-SECURITY-2025-001.

Changes

• Fixed an issue where istio-iptables would sometimes ignore the IPv4 state in favor of the IPv6 state when deciding whether new iptables rules needed to be applied. (Issue #56587)

• Fixed a bug where our tag watcher code didn’t consider the default revision to be the same as the default tag. This would cause issues where Kubernetes gateways wouldn’t be programmed. (Issue #56767)

• Fixed an issue causing Gateway chart installation failures with Helm v3.18.5 due to a stricter JSON schema validator. The chart’s schema has been updated to be compatible. (Issue #57354)

• Fixed an issue where the PreserveHeaderCase option was overriding other HTTP/1.x protocol options, such as HTTP/1.0. (Issue #57528)

At that point we will stop back-porting fixes for security issues and critical bugs to 1.25, so we encourage you to upgrade to the latest version of Istio (1.29.1). If you don’t do this you may put yourself in the position of having to do a major upgrade on a short timeframe to pick up a critical fix.

We care about you and your clusters, so please be kind to yourself and upgrade.

What’s new?

Inference Extension Support

Gateway API Inference Extension is an official Kubernetes project designed to optimize the self-hosting of Generative AI models on Kubernetes. It provides a standardized, vendor-neutral approach to intelligent AI traffic management.

Istio 1.27 includes a fully-compliant implementation of the extension when using the Gateway API for cluster ingress traffic control.

Learn more about the extension and Istio’s implementation.

Ambient Multicluster

Support for multi-cluster deployments in ambient mode is now available in Alpha. This enables multiple ambient mode clusters to be connected into the same mesh, expanding the scope of no-sidecar networking to larger and more distributed environments.

In this initial release, testing has been focused on multi-network, multi-primary topologies, where each cluster runs its own control plane. Support for more complex topologies will follow as the baseline feature matures.

CRL Support for Plugged-in CAs

Certificate Revocation List (CRL) support is now available for users who have “plugged in” their own certificate authority, rather than using the default provided by Istio. This allows proxies to validate and reject revoked certificates, strengthening the security posture of mesh deployments using plugged-in CAs.

ListenerSets Support

The new ListenerSets API allows you to define a reusable set of listeners that can be attached to a Gateway resource. This promotes consistency and reduces duplication when managing multiple Gateways that share common listener configurations.

Native nftables Support in Sidecar Mode

Istio now supports the native nftables backend in Sidecar mode. nftables is the modern successor to iptables, providing better performance, improved maintainability, and more flexible rule management for transparent traffic redirection to and from the Envoy sidecar proxy.

Many major Linux distributions are adopting nftables as the default packet filtering framework, and Istio’s native support ensures compatibility with this shift.

Support for nftables in ambient mode is actively being developed and will arrive in a future release.

Upgrading to 1.27

We would like to hear from you regarding your experience upgrading to Istio 1.27. You can provide feedback in the #release-1.27 channel in our Slack workspace.

Would you like to contribute directly to Istio? Find and join one of our Working Groups and help us improve.

• Updated traffic distribution to disregard subzone when the Kubernetes Service trafficDistribution field is set to PreferClose. (Issue #55848)

• Added support for multiple server certificates in gateway (istio & Gateway API). (Issue #36181)

• Added alpha support for specifying ServiceScope in the MeshConfig in ambient multicluster configurations. ServiceScope enables the selection of individual services or services in a namespace to be global or local. A locally scoped service is only discoverable by the data plane in the same cluster as the service. A local service is not discoverable by the data planes in other clusters. A globally-scoped service is discoverable by the data planes in all clusters. Defining selectors for the serviceScopeConfigs determines which services and workloads are shared with the data plane and which clusters and listeners are configured for the waypoints (including e/w gateways) in the mesh.

• Added feature flag EnableGatewayAPICopyLabelsAnnotations to allow users to choose whether the deployment resources will inherit attributes from the parent Gateway API resource. This feature is enabled by default.

• Added support for PreferSameNode and PreferSameZone on the Kubernetes Service trafficDistribution field. (Issue #55848)

• Added Pilot environment variables PILOT_IP_AUTOALLOCATE_IPV4_PREFIX and PILOT_IP_AUTOALLOCATE_IPV6_PREFIX to configure the IP CIDR prefix(es) for auto-allocated IPs. This allows users to set a specific range of IPs for auto-allocation, providing more control over the IP address space used for VIPs by the ipallocate controller.

• Added logging of a secret’s namespace and name when a certificate is invalid. (Issue #56651)

• Added support for Gateway API Inference Extension. This feature is off by default and can be turned on with the SUPPORT_GATEWAY_API_INFERENCE_EXTENSION environment variable. (Issue #55768)

• Added support for merge operations when applying to LISTENER_FILTER in EnvoyFilter.

• Added feature ENABLE_LAZY_SIDECAR_EVALUATION that allows to enable lazy initialization of sidecar resources, Only computing internal indexes when SidecarScopes are actually used by a Proxy. This feature supersedes the previous PILOT_CONVERT_SIDECAR_SCOPE_CONCURRENCY which would allow concurrent conversion with specific given concurrency, instead ENABLE_LAZY_SIDECAR_EVALUATION will use the same concurrency as PILOT_PUSH_THROTTLE.

• Added support for native nftables when using Istio sidecar mode. This update makes it possible to use nftables instead of iptables to manage network rules, offering more efficient approach to traffic redirection for pods and services. To enable the nftables mode, use --set values.global.nativeNftables=true at the time of installation. (Issue #56487)

• Added support for specifying traffic distribution mode for services. (Issue #53354)

• Added feature ENABLE_PROXY_FIND_POD_BY_IP that allows enabling association of Pods to Proxies by IP address, if the association by name and namespace fails.

• Added support of retry budget in DestinationRule resources.

• Fixed an issue where the gateway status controller leader election was not running per revision, which could lead to issues in multi-revision setups. The leader election is now correctly scoped to each revision, ensuring that the gateway status controller operates independently for each revision. (Issue #55717)

• Fixed an issue where virtual service routes were ignored when the virtual service was configured with hosts containing mixed-case letters. (Issue #55767)

• Fixed a regression in Istio 1.26.0 that caused a panic in istiod when processing Gateway API hostnames. (Issue #56300)

• Fixed an issue where mTLS was disabled unexpectedly when PILOT_ENABLE_TELEMETRY_LABEL or PILOT_ENDPOINT_TELEMETRY_LABEL was set to false (Issue #56352)

• Fixed an issue where ambient host network iptables rules were being skipped due to higher-priority CNI rules in some deployments. (Issue #56414)

• Fixed an issue where EnvoyFilter with targetRefs matched incorrect resources. (Issue #56417)

• Fixed ambient index to filter configurations by their revision. (Issue #56477)

• Fixed an issue where the topology.istio.io/network label was not properly skipped on the system namespace when discoverySelectors were in use. (Issue #56687)

• Fixed an issue where the CNI plugin incorrectly handled pod deletion when the pod was not yet marked as enrolled in the mesh. In some cases, this could cause a pod, which had been deleted, to be included in the ZDS snapshot and never cleaned up. If this occurred, ztunnel would not be able to become ready. (Issue #56738)

• Fixed an issue where Istio’s outbound route configuration did not include the absolute domain name (fully-qualified domain name with trailing dot) in the domains list for VirtualHost entries. This change ensures that requests using absolute domain names (ending with a dot, e.g., my-service.my-ns.svc.cluster.local.) are properly routed to the intended service instead of falling back to PassthroughCluster. (Issue #56007)

Security

• Added support for omitting the issuer claim in JWT tokens. Either the issuer claim or a JWKSUri is required, but not both. This allows for more flexible configurations when using JWT tokens for authentication, particularly in scenarios where the issuer claim may be dynamic. (Issue #14400)

• Added an opt-in feature when using istio-cni in ambient mode, to create an Istio-owned CNI config file which contains the contents of the primary CNI config file and the Istio CNI plugin. This opt-in feature is a solution to the issue of traffic bypassing the mesh on node restart when the Istio CNI DaemonSet is not ready, the Istio CNI plugin is not installed, or the plugin is not invoked to configure traffic redirection from pods their node ztunnels. This feature is enabled by setting cni.istioOwnedCNIConfig to true in the istio-cni Helm chart values. If no value is set for cni.istioOwnedCNIConfigFilename, the Istio-owned CNI config file will be named 02-istio-cni.conflist. The istioOwnedCNIConfigFilename value must have a higher lexicographical priority than the primary CNI. Ambient and chained CNI plugins must be enabled for this feature to work.

• Added validation for the istioctl --clusterAliases command argument. It should not have more than one alias per cluster. (Issue #56022)

• Added support for ClusterTrustBundle by migrating from certificates.k8s.io/v1alpha1 to the stable v1beta1 API in Kubernetes 1.33+. This improves compatibility and future-proofs Istio’s certificate distribution mechanism. (Issue #56306)

• Added support for external Secret Discovery Service (SDS) providers in the Gateway TLS configuration. Istio now provides improved integration with external SDS providers for TLS certificate management at the Gateway. (Issue #56522)

• Added certificate revocation list (CRL) support for plugged-in CAs, enabling Istio to watch for ca-crl.pem files and automatically distribute CRLs across all namespaces in the cluster. This enhancement allows proxies to validate and reject revoked certificates, strengthening the security posture of service mesh deployments using plugged-in CAs. (Issue #56529)

• Added the Post-Quantum Cryptography (PQC) option to COMPLIANCE_POLICY. This policy enforces TLS v1.3, cipher suites TLS_AES_128_GCM_SHA256 and TLS_AES_256_GCM_SHA384, and post-quantum-safe key exchange X25519MLKEM768. To enable this compliance policy in ambient mode, it must be set in the pilot and ztunnel containers. This policy applies to the following data paths:

  • mTLS communication between Envoy proxies and ztunnels;
  • regular TLS on the downstream and the upstream of Envoy proxies (e.g. gateway);
  • Istio xDS server. (Issue #56330)

• Fixed an issue where sidecars with the old CLUSTER_ID setting were not able to connect to istiod with the new CLUSTER_ID settings when --clusterAliases command argument was being used. (Issue #56022)

• Fixed an issue in the pluginca feature where istiod would silently fallback to the self-signed CA if the provided cacerts bundle was incomplete. The system now properly validates the presence of all required CA files and fails with an error if the bundle is incomplete.

Telemetry

• Fixed an issue where Grafana dashboard was linking to the Istio Mesh Dashboard using path-based links that no longer work. Workload and Service links now use dashboard UIDs. (Issue #50124)

• Fixed an issue where access logs were not being updated when the referenced service was created later than the Telemetry resource. (Issue #56825)

• Removed support of the Lightstep tracing provider. (Issue #54002)

Extensibility

• Added an option to reload the Wasm VM on new requests if the VM has failed.

Installation

• Promoted the environment variable ENABLE_NATIVE_SIDECARS to default to true. This means native sidecars will be injected into all eligible pods unless explicitly disabled. This can be disabled explicitly or for specific workloads by adding the annotation sidecar.istio.io/native-side: "false" to individual pods or pod templates. (Issue #48794)

• Added a setting values.global.trustBundleName that allows configuring the name of the ConfigMap that istiod uses to propagate its root CA certificate in the cluster. This allows running multiple control planes with overlapping namespaces in the same cluster.

• Added support for customizing ambient enablement Labels. (Issue #53578)

• Added support for configuring additionalContainers and initContainers on the Gateway Helm Chart.

• Added support for configuring ztunnel tolerations via Helm chart values. (Issue #56086)

• Added support for configuring istio-cni tolerations via Helm chart values. (Issue #56087)

• Added defined defaults for GOMEMLIMIT and GOMAXPROCS divisors to fix an Argo perpetual out-of-sync issue.

• Added bootstrap override config for the gateway-injection-template. (Issue #28302)

• Added ENABLE_NATIVE_SIDECARS Helm value in the compatibility profiles of Istio 1.24, 1.25, and 1.26, allowing users to disable the default enabling of native sidecars.

• Added support for proxy protocol on status port. (reference) (Issue #39868)

• Added Helm value .Values.istiodRemote.enabledLocalInjectorIstiod to support sidecar injection in remote clusters. When profile=remote, .Values.istiodRemote.enabledLocalInjectorIstiod=true, and .Values.global.remotePilotAddress="${DISCOVERY_ADDRESS}", the remote worker cluster installs istiod for local sidecar injection, while XDS is still served by the remote primary cluster. (Issue #56328)

• Added the istio.io/rev label to the istio remote service when istiodRemote is enabled (Issue #56142)

• Added support for deploymentAnnotations in the istiod Helm chart. Users can now specify custom annotations to be applied to the istiod Deployment object, in addition to the existing podAnnotations support. This is useful for integration with monitoring tools, GitOps workflows, and policy enforcement systems that operate at the deployment level.

• Fixed an issue where the ISTIO_KUBE_APP_PROBERS environment variable was not set for probe rewrites when the Istio webhook was re-invoked. (Issue #56102)

• Fixed an issue where secrets references in the env of istio/gateway Helm chart were incorrectly rendered as a string. (Issue #55141)

• Fixed an injection failure that occurred when the gateway template was combined with another template, like spire, which overrides workload-socket, resulted in Kubernetes not creating other volumes, like those with emptyDir and csi settings.

• Fixed a panic in istioctl manifest translate when the IstioOperator config contained multiple gateways. (Issue #56223)

• Fixed assignment of incorrect UIDs and GIDs for istio-proxy and istio-validation containers on OpenShift clusters when TPROXY mode was enabled.

• Fixed an issue where ClusterTrustBundle was not properly configured when ENABLE_CLUSTER_TRUST_BUNDLE_API was enabled.

• Removed unused multicluster-related Helm values.

istioctl

• Added the --kubeclient-timeout flag to istioctl root flags. May be unset, or set to a valid time.Duration string. When specified, this will override the default 15s timeout for all istioctl commands that use the Kubernetes client. This is useful for environments with slow Kubernetes API servers, such as those with high latency or low bandwidth. Note that this flag is just used for the Kubernetes client, and does not affect other timeouts in istioctl, such as installation timeouts. (Issue #54962)

• Added --revision flags for istioctl dashboard controlz and istioctl dashboard istiod-debug.

• Added support in the istioctl proxy-status command to dynamically display all xDS/CRD types as columns in the output table. (Issue #56005)

• Added support for customizing the timeout of istioctl waypoint status and istioctl waypoint apply. (Issue #56453)

• Added support for displaying stack-trace-level in the command istioctl admin log. (Issue #56465)

• Added support for displaying traffic type in the command istioctl waypoint list.

• Added support for the --weight parameter in the command istioctl experimental workload group create.

• Added support for configuring the log level of ip-autoallocate in istioctl admin log. (Issue #55741)

• Fixed an issue where, during installation, istio-revision-tag-default and MutatingWebhookConfiguration were not created when the revision was not the default. (Issue #55980)

• Fixed an issue where false positive of IST0134 were raised in istioctl analyze when PILOT_ENABLE_IP_AUTOALLOCATE was set to true. (Issue #56083)

• Fixed an issue where analysis included Kubernetes system namespaces (e.g., kube-system, kube-node-lease). (Issue #55022)

• Fixed an issue where create-remote-secret created redundant RBAC resources. (Issue #56558)

Changes

• Fixed an issue where Istio upgrade from 1.24 to 1.25 caused service disruption due to preexisting iptables rules. The iptables binary detection logic has been improved to verify a degree of baseline kernel support exists, and prefer nft in a tie situation.

• Fixed an issue causing false positives with istioctl analyze raising IST0134 even when PILOT_ENABLE_IP_AUTOALLOCATE was set to true. (Issue #56083)

• Fixed a panic in istioctl manifest translate when the IstioOperator config contained multiple gateways. (Issue #56223)

• Fixed ambient index to filter configs by revision. (Issue #56477)

• Fixed incorrect UID and GID assignment for istio-proxy and istio-validation containers on OpenShift when TPROXY mode was enabled.

• Fixed logic to properly ignore the topology.istio.io/network label on the system namespace when discoverySelectors are in use. (Issue #56687)

• Fixed an issue where access logs were not updated when the referenced service was created later than the Telemetry resource. (Issue #56825)

Changes

• Fixed ambient index to filter configs by revision. (Issue #56477)

• Fixed an issue where the topology.istio.io/network label was not properly skipped on the system namespace when discoverySelectors were in use. (Issue #56687)

• Fixed an issue where the CNI plugin incorrectly handled pod deletion when the pod was not yet marked as enrolled in the mesh. In some cases, this could cause a pod, which had been deleted, to be included in the ZDS snapshot and never cleaned up. If this occurred, ztunnel would not be able to become ready. (Issue #56738)

• Fixed an issue where access logs were not updated when the referenced service was created later than the Telemetry resource. (Issue #56825)

• Fixed an issue where ClusterTrustBundle was not configured properly when ENABLE_CLUSTER_TRUST_BUNDLE_API was enabled.

• Fixed an issue where Istio access logs were never sent to the OTLP endpoint. (Issue 56825)

• Fixed an issue where high CPU usage could occur if an item was actively being worked on by a different worker until that worker was done with that item.

At this point we will no longer back-port fixes for security issues and critical bugs to 1.24. We highly recommend that you upgrade to the latest version of Istio (1.29.1) if you haven’t already.

Changes

• Fixed incorrect UID and GID assignment for istio-proxy and istio-validation containers on OpenShift when TPROXY mode is enabled.

• Fixed an issue where changing a HTTPRoute object could cause istiod to crash. (Issue #56456)

• Fixed a race condition where status updates for Kubernetes objects could be missed by istiod. (Issue #56401)

At that point we will stop back-porting fixes for security issues and critical bugs to 1.24, so we encourage you to upgrade to the latest version of Istio (1.29.1). If you don’t do this you may put yourself in the position of having to do a major upgrade on a short timeframe to pick up a critical fix.

We care about you and your clusters, so please be kind to yourself and upgrade.

Traffic Management

• Updated Gateway API version to 1.3.0 from 1.3.0-rc.1. (Issue #56310)

• Fixed a regression in Istio 1.26.0 that caused a panic in istiod when processing Gateway API hostnames. (Issue #56300)

Security

• Fixed an issue in the pluginca feature where istiod would silently fallback to the self-signed CA if the provided cacerts bundle was incomplete. The system now properly validates the presence of all required CA files and fails with an error if the bundle is incomplete.

Installation

• Fixed a panic in istioctl manifest translate when the IstioOperator config contains multiple gateways. (Issue #56223)

istioctl

• Fixed false positives when istioctl analyze raised error IST0134 even when PILOT_ENABLE_IP_AUTOALLOCATE was set to true. (Issue #56083)

Security Updates

• CVE-2025-46821 (CVSS Score 5.3, Medium): Bypass of RBAC uri_template permission.

If you use ** within an AuthorizationPolicy’s path field, it is recommended you upgrade to Istio 1.25.3.

Changes

• Removed the restriction where revision tag only worked when istiodRemote was not enabled in the istiod helm chart. Revision tags now work as long as the revisionTags is specified without regard to whether istiodRemote is enabled or not. (Issue #54743)

Security Updates

• CVE-2025-46821 (CVSS Score 5.3, Medium): Bypass of RBAC uri_template permission.

If you use ** within an AuthorizationPolicy’s path field, it is recommended you upgrade to Istio 1.24.6.

Changes

• Fixed an issue where validation webhook incorrectly reported a warning when a ServiceEntry configured workloadSelector with DNS resolution. (Issue #50164)

• Removed the restriction where revision tag only worked when istiodRemote was not enabled in the istiod helm chart. Revision tags now work as long as the revisionTags is specified without regard to whether istiodRemote is enabled or not. (Issue #54743)

A note on EnvoyFilter support in ambient mode

EnvoyFilter is Istio’s break-glass API for advanced configuration of Envoy proxies. Please note that EnvoyFilter is not currently supported for any existing Istio version with waypoint proxies. While it may be possible to use EnvoyFilter with waypoints in limited scenarios, its use is not supported, and is actively discouraged by the maintainers. The alpha API may break in future releases as it evolves. We expect official support will be provided at a later date.

What’s new?

Customization of resources provisioned by the Gateway API

When you create a Gateway or a waypoint using the Gateway API, a Service and a Deployment are created automatically. It has been a common request to allow customization of these objects, and that is now supported in Istio 1.26 by specifying a ConfigMap of parameters. If configuration for a HorizontalPodAutoscaler or PodDisruptionBudget is provided, those resources will automatically be created also. Learn more about customizing the generated Gateway API resources.

New Gateway API support

TCPRoute is now available in waypoints, allowing TCP traffic shifting in ambient mode.

We also added support for the experimental BackendTLSPolicy and started the implementation of BackendTrafficPolicy in Gateway API 1.3, which will eventually set retry constraints.

Support for the new Kubernetes ClusterTrustBundle

We’ve added experimental support for the experimental ClusterTrustBundle resource in Kubernetes, allowing support for the new method of bundling a certificate and its root of trust into a single object.

Plus much, much more

• istioctl analyze can now run specific checks!
• The CNI node agent no longer runs in the hostNetwork namespace by default, reducing the chance of port conflicts with other services running on a host!
• Required ResourceQuota resources and cniBinDir values are set automatically when installing on GKE!
• An EnvoyFilter can now match a VirtualHost on a domain name!

Read about these and more in the full release notes.

Catch up with the Istio project

If you only check in with us when we have a new release, you might have missed that we published a security audit on ztunnel, we compared performance of ambient mode throughput vs. running in-kernel, or that we had a major presence at KubeCon EU. Check those posts out!

Upgrading to 1.26

We would like to hear from you regarding your experience upgrading to Istio 1.26. You can provide feedback in the #release-1.26 channel in our Slack workspace.

Would you like to contribute directly to Istio? Find and join one of our Working Groups and help us improve.

• Improved the CNI agent to no longer require hostNetwork, enhancing compatibility. Dynamic switching to the host network is now performed as needed. The previous behavior can be temporarily restored by setting the ambient.shareHostNetworkNamespace field in the istio-cni chart. (Issue #54726)

• Improved iptables binary detection to validate baseline kernel support and to prefer nft when both legacy and nft are available but neither has existing rules.

• Updated the default value of maximum connections accepted per socket event to 1 to improve performance. To revert to the previous behavior, set MAX_CONNECTIONS_PER_SOCKET_EVENT_LOOP to zero.

• Added the ability for EnvoyFilter to match a VirtualHost by domain name.

• Added initial support for the experimental Gateway API features BackendTLSPolicy and XBackendTrafficPolicy. These are disabled by default and require setting PILOT_ENABLE_ALPHA_GATEWAY_API=true. (Issue #54131), (Issue #54132)

• Added support for referencing ConfigMaps, in addition to Secrets, for DestinationRule TLS in SIMPLE mode — useful when only a CA certificate is required. (Issue #54131), (Issue #54132)

• Added customization support for Gateway API automated deployments. This applies to both Istio Gateway types (ingress and egress) and Istio Waypoint Gateway types (ambient waypoints). Users can now customize generated resources such as Service, Deployment, ServiceAccount, HorizontalPodAutoscaler, and PodDisruptionBudget.

• Added a new environment variable ENABLE_GATEWAY_API_MANUAL_DEPLOYMENT for istiod. When set to false, it disables automatic attachment of Gateway API resources to existing gateway deployments. By default, this is true to maintain the current behavior.

• Added the ability to configure retry host predicates using the Retry API (retry_ignore_previous_hosts).

• Added support for specifying backoff intervals during retries.

• Added support for using TCPRoute in waypoint proxies.

• Fixed a bug where the validation webhook incorrectly reported a warning when a ServiceEntry configured a workloadSelector with DNS resolution. (Issue #50164)

• Fixed an issue where FQDNs did not work in a WorkloadEntry using ambient mode.

• Fixed a case where ReferenceGrants did not function when mTLS was enabled on a Gateway listener. (Issue #55623)

• Fixed an issue where Istio failed to correctly retrieve allowedRoutes for a sandboxed waypoint. (Issue #56010)

• Fixed a bug where ServiceEntry endpoints were leaked when a pod was evicted. (Issue #54997)

• Fixed an issue where the listener address was duplicated for dual stack services with IPv6 priority. (Issue #56151)

Security

• Added experimental support for the v1alpha1 ClusterTrustBundle API. This can be enabled by setting values.pilot.env.ENABLE_CLUSTER_TRUST_BUNDLE_API=true. Ensure the corresponding feature gates are enabled in your cluster; see KEP-3257 for details. (Issue #43986)

Telemetry

• Added support for the omit_empty_values field in the EnvoyFileAccessLog provider via the Telemetry API. (Issue #54930)

• Added environment variable PILOT_SPAWN_UPSTREAM_SPAN_FOR_GATEWAY, which separates tracing spans for server and client gateways. This currently defaults to false, but will become the default in the future.

• Added a warning message for use of deprecated telemetry providers Lightstep and OpenCensus. (Issue #54002)

Installation

• Improved the installation experience on GKE. When global.platform=gke is set, required ResourceQuota resources are deployed automatically. When installing via istioctl, this setting is also auto-enabled if GKE is detected. Additionally, the cniBinDir is now configured appropriately.

• Improved the ztunnel Helm chart to not assign resource names to .Release.Name, defaulting instead to ztunnel. This reverts a change introduced in Istio 1.25.

• Added support for setting the reinvocationPolicy in the revision-tag webhook when installing Istio via istioctl or Helm.

• Added the ability to configure the service loadBalancerClass in the Gateway Helm chart. (Issue #39079)

• Added a values ConfigMap that stores both the user-provided Helm values and the merged values after applying profiles for the istiod chart.

• Added support for reading header values from istiod environment variables. (Issue #53408)

• Added a configurable updateStrategy for the ztunnel and istio-cni Helm charts.

• Fixed a bug in the sidecar injection template that incorrectly removed existing init containers when both traffic interception and native sidecar were disabled. (Issue #54562)

• Fixed missing topology.istio.io/network labels on gateway pods when --set networkGateway is used. (Issue #54909)

• Fixed a problem where setting replicaCount=0 in the istio/gateway Helm chart caused the replicas field to be omitted instead of explicitly set to 0. (Issue #55092)

• Fixed an issue that caused file-based certificate references (e.g., from DestinationRule or Gateway) to fail when using SPIRE as the CA.

• Removed the deprecated ENABLE_AUTO_SNI flag and associated code paths.

istioctl

• Added a --locality parameter on istioctl experimental workload group create. (Issue #54022)

• Added the ability to run specific analyzer checks using the istioctl analyze command.

• Added a --tls-server-name parameter to istioctl create-remote-secret, allowing the tls-server-name to be set in the generated kubeconfig. This ensures successful TLS connections when the server field is overridden with a gateway proxy hostname.

• Added support for the envVarFrom field in the istiod chart.

• Fixed an issue where istioctl analyze reported an unknown annotation sidecar.istio.io/statsCompression. (Issue #52082)

• Fixed an error that blocked installation when IstioOperator.components.gateways.ingressGateways.label or IstioOperator.components.gateways.ingressGateways.label was omitted. (Issue #54955)

• Fixed a bug where istioctl ignored the tag fields under IstioOperator.components.gateways.ingressGateways and egressGateways. (Issue #54955)

• Fixed an issue where istioctl waypoint delete could remove a non-waypoint Gateway resource when a name was specified. (Issue #55235)

• Fixed an issue where istioctl experimental describe did not respect the --namespace flag. (Issue #55243)

• Fixed a bug that prevented simultaneous generation of istio.io/waypoint-for and istio.io/rev labels when creating a waypoint proxy using istioctl. (Issue #55437)

• Fixed an issue where istioctl admin log could not modify the log level for ingress status. (Issue #55741)

• Fixed a validation failure when reconcileIptablesOnStartup: true was set in the istioctl YAML configuration. (Issue #55347)

At this point we will no longer back-port fixes for security issues and critical bugs to 1.23. We highly recommend that you upgrade to the latest version of Istio (1.29.1) if you haven’t already.

Changes

• Added an environment variable prefix CA_HEADER_ (similar to XDS_HEADER_) that can be added to CA requests for different purposes, such as routing to appropriate external istiods. Istio sidecar proxy, router, and waypoint now support this feature. (Issue #55064)

• Fixed corner cases where istio-cni might block its own upgrade. Added fallback logging (in case agent is down) to a fixed-size node-local log file. (Issue #55215)

• Fixed an issue where AuthorizationPolicy’s WaypointAccepted status condition was not being updated to reflect the resolution of a GatewayClass target reference.

• Fixed an issue where WaypointAccepted status condition for AuthorizationPolicies that referenced a GatewayClass and did not reside in the root namespace was not being updated with the correct reason and message.

• Fixed an issue where proxy memory goes up with gRPC streaming services.

• Fixed an issue causing changes to ExternalName services to sometimes be skipped due to a cache eviction bug.

• Fixed a regression where the SDS ROOTCA resource included only a single root certificate, even if the control plane was configured with both an active root and a passive root certificate that was introduced in 1.25.1. (Issue #55793)

Changes

• Fixed corner cases where istio-cni might block its own upgrade. Added fallback logging (in case agent is down) to a fixed-size node-local log file. (Issue #55215)

• Fixed an issue where validation webhook incorrectly reported a warning when a ServiceEntry configured workloadSelector with DNS resolution. (Issue #50164)

• Fixed an issue where proxy memory goes up with gRPC streaming services.

• Fixed an issue causing changes to ExternalName services to sometimes be skipped due to a cache eviction bug.

• Fixed a regression where the SDS ROOTCA resource included only a single root certificate, even if the control plane was configured with both an active root and a passive root certificate that was introduced in 1.24.4. (Issue #55793)

Security Updates

• CVE-2025-30157 (CVSS Score 6.5, Medium): Envoy crashes when HTTP ext_proc processes local replies.

For the purposes of Istio, this CVE is only exploitable in circumstances where ext_proc is configured via EnvoyFilter.

Changes

• Fixed an issue where customizing the workload identity SDS socket name via WORKLOAD_IDENTITY_SOCKET_FILE did not work due to the Envoy bootstrap not being updated. (Issue #51979)

• Fixed an issue where Istiod fails with an LDS error for proxies <1.23 when meshConfig.accessLogEncoding is set to JSON. (Issue #55116)

• Fixed an issue where gateway injection template did not respect the kubectl.kubernetes.io/default-logs-container and kubectl.kubernetes.io/default-container annotations.

• Fixed an issue where validation webhook would reject an otherwise valid connectionPool.tcp.IdleTimeout=0s. (Issue #55409)

• Fixed an issue where the validation webhook incorrectly reported a warning when a ServiceEntry configured workloadSelector with DNS resolution. (Issue #50164)

• Fixed an issue where ingress gateways did not use WDS discovery to retrieve metadata for ambient destinations.

• Fixed DNS traffic (UDP and TCP) to now be affected by traffic annotations like traffic.sidecar.istio.io/excludeOutboundIPRanges and traffic.sidecar.istio.io/excludeOutboundPorts. Before, UDP/DNS traffic would uniquely ignore these traffic annotations, even if a DNS port was specified, because of the rule structure. The behavior change actually happened in the 1.23 release series, but was left out of the release notes for 1.23. (Issue #53949)

Security Update

• CVE-2025-30157 (CVSS Score 6.5, Medium): Envoy crashes when HTTP ext_proc processes local replies.

For the purposes of Istio, this CVE is only exploitable in circumstances where ext_proc is configured via EnvoyFilter.

Changes

• Added status information to HTTPRoute resources to indicate the status of parentRefs for service and service entry resources, as well as a new condition to indicate the status of waypoint configuration when in ambient mode.

• Fixed validation webhook rejecting an otherwise valid connectionPool.tcp.IdleTimeout=0s configuration. (Issue #55409)

• Fixed an issue where validation webhook incorrectly reported a warning when a ServiceEntry configured workloadSelector with DNS resolution. (Issue #50164)

• Fixed an issue where HTTPRoute status was not reporting a parentRef associated with a single result due to complex logic for collapsing parentRefs of the same reference, but different sectionNames.

• Fixed IstioCertificateService to ensure IstioCertificateResponse.CertChain contained only a single certificate per element in the array. (Issue #1061)

• Fixed an issue causing waypoints to downgrade HTTP2 traffic to HTTP/1.1 if the port was not explicitly declared as http2.

Security Updates

• CVE-2025-30157 (CVSS Score 6.5, Medium): Envoy crashes when HTTP ext_proc processes local replies.

For the purposes of Istio, this CVE is only exploitable in circumstances where ext_proc is configured via EnvoyFilter.

Changes

• Fixed a bug with mixed-case Hosts in Gateway and TLS redirect resulted in stale RDS. (Issue #49638)

• Fixed an issue where Ambient PeerAuthentication policies were overly strict. (Issue #53884)

• Fixed failure to patch managed gateway/waypoint deployments during upgrade to 1.24. (Issue #54145)

• Fixed a bug in where multiple STRICT port-level mTLS rules in an ambient mode PeerAuthentication policy would effectively result in a permissive policy due to incorrect evaluation logic (AND vs. OR). (Issue #54146)

• Fixed the wording of the status message when L7 rules are present in an AuthorizationPolicy which is bound to ztunnel, to be clearer. (Issue #54334)

• Fixed a bug where the request mirror filter incorrectly computed the percentage. (Issue #54357)

• Fixed an issue where using a tag in the istio.io/rev label on a gateway caused the gateway to be improperly programmed, and to lack status. (Issue #54458)

• Fixed an issue where out-of-order ztunnel disconnects could put istio-cni in a state where it believes it has no connections. (Issue #54544),(Issue #53843)

• Fixed an issue where access log order caused instability during connection draining. (Issue #54672)

• Fixed an issue in the gateway chart where --set platform worked but --set global.platform did not.

• Fixed an issue where ingress gateways did not use WDS discovery to retrieve metadata for ambient mode destinations.

• Fixed an issue causing the istio-iptables command to fail when a non-built-in table is present in the system.

• Fixed an issue causing configuration to be rejected when there is a partial overlap between IP addresses across multiple services. For example, a Service with [IP-A] and one with [IP-B, IP-A]. (Issue #52847)

• Fixed DNS traffic (UDP and TCP) is now affected by traffic annotations like traffic.sidecar.istio.io/excludeOutboundIPRanges and traffic.sidecar.istio.io/excludeOutboundPorts. Before, UDP/DNS traffic would uniquely ignore these traffic annotations, even if a DNS port was specified, because of the rule structure. The behavior change actually happened in the 1.23 release series, but was left out of the release notes for 1.23. (Issue #53949)

• Fixed validation webhook rejecting an otherwise valid configuration connectionPool.tcp.IdleTimeout=0s. (Issue #55409)

At that point we will stop back-porting fixes for security issues and critical bugs to 1.23, so we encourage you to upgrade to the latest version of Istio (1.29.1). If you don’t do this you may put yourself in the position of having to do a major upgrade on a short timeframe to pick up a critical fix.

We care about you and your clusters, so please be kind to yourself and upgrade.

What’s new?

DNS proxying on by default for ambient mode

Istio will generally route traffic based on HTTP headers. In ambient mode, the ztunnel only sees traffic at Layer 4, and does not have access to HTTP headers. Therefore, DNS proxying is required to enable resolution of ServiceEntry addresses, especially in the case of sending egress traffic to waypoints.

To make this easier in the default case, DNS proxying is enabled by default in ambient mode installations of Istio 1.25. An annotation has been added to allow workloads to opt out of DNS proxying. Check the upgrade notes for more information.

Default deny policy available for waypoints

In sidecar mode, authorization policy is attached to workloads via a selector. In ambient mode, policy targeted by selector is enforced by ztunnel only. Waypoint proxies use Gateway API-style binding using the targetRef field. This led to a potential configuration where a workload was default-denied the ability to talk to an endpoint, but could bypass that configuration by connecting to a waypoint that was allowed to talk to that endpoint, and thus reach it anyway.

In this release, we have added the ability to target policy to a named GatewayClass, as well as a named Gateway. This allows you to set policy on the istio-waypoint class, which apply to all instances of a waypoint.

Zonal routing enhancements

Whether for reliability, performance, or cost reasons, controlling cross-zone and cross-region traffic is often an important “day 2” operation for users. With Istio 1.25, this just got even easier!

Kubernetes’s traffic distribution feature is now fully supported, offering a simplified interface to keep traffic local. The existing Istio locality load balancing settings remain available for more complex use cases.

In ambient mode, ztunnel will now report the additional source_zone, source_region, destination_zone, and destination_region labels to all metrics, giving a clear view of cross-zonal traffic.

Other new features

• We have added the ability to provide a list of virtual interfaces whose inbound traffic will be unconditionally treated as outbound. This allows workloads using virtual networking (KubeVirt, VMs, docker-in-docker, etc) to function correctly with both sidecar and ambient mode traffic capture.
• The istio-cni DaemonSet can now be safely upgraded in-place in an active cluster, without requiring a node cordon to prevent pods spawned during the upgrade process from escaping ambient traffic capture.

See the full change notes for everything else that is new.

Upgrading to 1.25

We would like to hear from you regarding your experience upgrading to Istio 1.25. You can provide feedback in the #release-1.25 channel in our Slack workspace.

Would you like to contribute directly to Istio? Find and join one of our Working Groups and help us improve.

Attending KubeCon Europe 2025? Be sure to stop by the co-located Istio Day to catch some great talks, or swing by the Istio project booth to chat.

Ambient mode pod upgrade reconciliation

When a new istio-cni DaemonSet pod starts up, it will inspect pods that were previously enrolled in the ambient mesh, and upgrade their in-pod iptables rules to the current state if there is a diff or delta. This is off by default as of 1.25.0, but will eventually be enabled by default. This feature can be enabled by helm install cni --set ambient.reconcileIptablesOnStartup=true (Helm) or istioctl install --set values.cni.ambient.reconcileIptablesOnStartup=true (istioctl).

DNS traffic (TCP and UDP) now respects traffic exclusion annotations

DNS traffic (UDP and TCP) now respects pod-level traffic annotations like traffic.sidecar.istio.io/excludeOutboundIPRanges and traffic.sidecar.istio.io/excludeOutboundPorts. Before, UDP/DNS traffic would uniquely ignore these traffic annotations, even if a DNS port was specified, because of the rule structure. This behavior change actually happened in the 1.23 release series, but was left out of the release notes for 1.23.

Ambient mode DNS capture on by default

DNS proxying is enabled by default for ambient mode workloads in this release. Note that only new pods will have DNS enabled: existing pods will not have their DNS traffic captured. To enable this feature for existing pods, they must either be manually restarted, or alternatively the iptables reconciliation feature can be enabled when upgrading istio-cni via --set cni.ambient.reconcileIptablesOnStartup=true. This will reconcile existing pods automatically on upgrade.

Individual pods may opt-out of global ambient mode DNS capture by applying theambient.istio.io/dns-capture=false annotation.

Grafana dashboard changes

The dashboards shipped with Istio 1.25 require version 7.2 or later of Grafana.

OpenCensus support has been removed

Because Envoy has removed the OpenCensus tracing extension, we have removed OpenCensus support from Istio. If you are using OpenCensus, you should migrate to OpenTelemetry. Learn more about the deprecation of OpenCensus.

ztunnel Helm chart changes

In previous releases, resources in the ztunnel Helm chart were always named ztunnel. In this release, they are now named .Resource.Name.

If you are installing the chart with a release name other than ztunnel, the resource names will change, triggering downtime. In this scenario, it is recommended to set --set resourceName=ztunnel to override back to the previous default.

These notices describe functionality that will be removed in a future release according to Istio’s deprecation policy. Please consider upgrading your environment to remove the deprecated functionality.

• Deprecated use of ISTIO_META_DNS_AUTO_ALLOCATE in proxyMetadata in favor of a newer version of DNS auto-allocation. New users of Istio IP auto-allocation should adopt the new status based controller. Existing users may continue to use the older implementation. (Issue #53596)

• Deprecated traffic.sidecar.istio.io/kubevirtInterfaces, in favor of istio.io/reroute-virtual-interfaces. (Issue #49829)

Traffic Management

• Promoted the cni.ambient.dnsCapture value to default to true. This enables the DNS proxying for workloads in ambient mesh by default, improving security, performance, and enabling a number of features. This can be disabled explicitly or with compatibilityVersion=1.24. Note: only new pods will have DNS enabled. To enable for existing pods, pods must be manually restarted, or the iptables reconciliation feature must be enabled with --set cni.ambient.reconcileIptablesOnStartup=true.

• Promoted the PILOT_ENABLE_IP_AUTOALLOCATE value to default to true. This enables the new iteration of IP auto-allocation, fixing long-standing issues around allocation instability, ambient support, and increased visibility. ServiceEntry objects without spec.address set will now see a new field, status.addresses, automatically set. Note: these will not be used unless proxies are configured to do DNS proxying, which remains off-by-default.

• Updated the PILOT_SEND_UNHEALTHY_ENDPOINTS feature (which is off by default) to not include terminating endpoints. This ensures a service is not considered unhealthy during scale down or rollout events.

• Updated DNS proxying algorithm to randomly select which upstream to forward DNS requests to. (Issue #53414)

• Added new istiod environment variable PILOT_DNS_JITTER_DURATION that sets jitter for periodic DNS resolution. See dns_jitter in https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto. (Issue #52877)

• Added ObservedGeneration to ambient status conditions. This field will show the generation of the object that was observed by the controller when the condition was generated. (Issue #53331)

• Added Istiod environment variable PILOT_DNS_CARES_UDP_MAX_QUERIES that controls the udp_max_queries field of Envoy’s default Cares DNS resolver. This value defaults to 100 when unset. For more information, see Envoy documentation (Issue #53577)

• Added support for reconciling in-pod iptables rules of existing ambient pods from the previous version on istio-cni upgrade. Feature can be toggled with --set cni.ambient.reconcileIptablesOnStartup=true, and will be enabled by default in future releases. (Issue #1360)

• Added istio.io/reroute-virtual-interfaces annotation, a comma separated list of virtual interfaces whose inbound traffic will be unconditionally treated as outbound. This allows workloads using virtual networking (KubeVirt, VMs, docker-in-docker, etc) to function correctly with both sidecar and ambient mesh traffic capture.

• Added support for attaching policy defaults for istio-waypoint by targeting the GatewayClass. (Issue #54696)

• Added ambient.istio.io/dns-capture annotation, which may be unset, or set to true or false. When specified on a Pod enrolled in ambient mesh, controls whether DNS traffic (TCP and UDP on port 53) will be captured and proxied in ambient. This pod-level annotation, if present on a pod, will override the global istio-cni AMBIENT_DNS_CAPTURE setting, which as of 1.25 defaults to true. Note: setting this to false will break some Istio features, such as ServiceEntries and egress waypoints, but may be desirable for workloads that interact poorly with DNS proxies. (Issue #49829)

• Added support for configuring the istio.io/ingress-use-waypoint label at the namespace level.

• Added support to preserve the original case of HTTP/1.x headers. (Issue #53680)

• Added support for the Service.spec.trafficDistribution field and networking.istio.io/traffic-distribution annotation, allowing a simpler mechanism to make traffic prefer geographically close endpoints. Note: this feature previously existed only for ztunnel, but is now supported across all data planes.

• Fixed a bug with mixed cased Hosts in Gateway and TLS redirect which resulted in stale RDS. (Issue #49638)

• Fixed an issue where an HTTPRoute in a VirtualService with a matcher specifying sourceLabels would be applied to a waypoint. (Issue #51565)

• Fixed an issue where if a WASM image fetch fails, an allow all RBAC filter is used. Now if failStrategy is set to FAIL_CLOSE, a DENY-ALL RBAC filter will be used. (Issue #53279), (Issue #23624)

• Fixed waypoint proxy to respect trust domain.

• Fixed an issue where merging Duration in an EnvoyFilter could lead to all listeners associated attributes unexpectedly being modified because all listeners shared the same pointer type (listener_filters_timeout).

• Fixed an issue where errors were being raised during cleanup of iptables rules that were conditional.

• Fixed a configuration issue so that DNS traffic (UDP and TCP) is now affected by traffic annotations like traffic.sidecar.istio.io/excludeOutboundIPRanges and traffic.sidecar.istio.io/excludeOutboundPorts. Before, UDP/DNS traffic would uniquely ignore these traffic annotations, even if a DNS port was specified, because of the rule structure. The behavior change actually happened in the 1.23 release series, but was left out of the release notes for 1.23. (Issue #53949)

• Fixed an issue where istiod did not handle RequestAuthentication correctly for cross-namespace waypoint proxies. (Issue #54051)

• Fixed an issue that caused patches to a managed gateway/waypoint deployment to fail during upgrade to 1.24. (Issue #54145)

• Fixed an issue where non-default revisions controlling gateways lacked istio.io/rev labels. (Issue #54280)

• Fixed the wording of the status message when L7 rules are present in an AuthorizationPolicy which is bound to ztunnel to be more clear. (Issue #54334)

• Fixed a bug where request mirror filter incorrectly computed the percentage. (Issue #54357)

• Fixed an issue where using a tag in the istio.io/rev label on a gateway causes the gateway to be improperly programmed and to lack status. (Issue #54458)

• Fixed an issue where out-of-order ztunnel disconnects could put istio-cni in a state where it believes it has no connections. (Issue #54544), (Issue #53843)

• Fixed excessive iptables info-level log entries for rule checks and deletions. Detailed logging can be re-enabled by switching to debug-level logs, if necessary. (Issue #54644)

• Fixed an issue that caused ExternalName services to fail to resolve when using ambient mode and DNS proxying.

• Fixed an issue causing configuration to be rejected when there is a partial overlap between IP addresses across multiple services. For example, a Service with [IP-A] and one with [IP-B, IP-A]. (Issue #52847)

• Fixed an issue causing VirtualService header name validation to reject valid header names.

• Fixed an issue when upgrading waypoint proxies from Istio 1.23.x to Istio 1.24.x. (Issue #53883)

Security

• Added the DAC_OVERRIDE capability to the istio-cni-node DaemonSet. This fixes issues when running in environments where certain files are owned by non-root users. Note: prior to Istio 1.24, the istio-cni-node ran as privileged. Istio 1.24 removed this, but removed some required privileges which are now added back. Relatively to Istio 1.23, istio-cni-node still has fewer privileges than it does with this change.

• Added unconfined AppArmor annotation to the istio-cni-node DaemonSet to avoid conflicts with AppArmor profiles which block certain privileged pod capabilities. Previously, AppArmor (when enabled) was bypassed for the istio-cni-node DaemonSet since privileged was set to true in the SecurityContext. This change ensures that the AppArmor profile is set to unconfined for the istio-cni-node DaemonSet.

• Fixed an issue where ambient PeerAuthentication policies were overly strict. (Issue #53884)

• Fixed a possible race conditions in JWK resolution cache for JWT policies that, when triggered, would cause cache misses & failures to update signing keys when rotated. (Issue #52121)

• Fixed a bug in ambient (only) where multiple STRICT port-level mTLS rules in a PeerAuthentication policy would effectively result in a permissive policy due to incorrect evaluation logic (AND vs. OR). (Issue #54146)

• Fixed an issue where ingress gateways did not use WDS discovery to retrieve metadata for ambient destinations.

Telemetry

• Added support for additional label exchange for telemetry in sidecar mode. (Issue #54000)

• Added a new service.istio.io/workload-name label that can be added to a Pod or WorkloadEntry to override the “workload name” reported in telemetry.

• Added a fallback to use the WorkloadGroup name as the “workload name” (as reported in telemetry) for WorkloadEntrys created by a WorkloadGroup.

• Fixed $(HOST_IP) interpolation causes istio-proxy failures when Datadog tracing enabled on IPv6 clusters. (Issue #54267)

• Fixed an issue where access log order instability caused connection draining. (Issue #54672)

• Fixed an issue where many panels in the Grafana dashboards showed No data if Prometheus had a scrape interval configured to be larger than 15s. (Background information and usage)

• Removed OpenCensus support.

Installation

• Improved Both platform and profile Helm values overrides now equivalently support global or local override forms, e.g.

  • --set global.platform=foo
  • --set global.profile=bar
  • --set platform=foo
  • --set profile=bar

• Improved the ztunnel Helm chart to set resource names to .Release.Name instead of being hard-coded to ztunnel.

• Added new messages to the WaypointBound condition to represent a service binding to a waypoint proxy for ingress.

• Added an issue where istioctl install not working on Windows.

• Added a pod dnsPolicy of ClusterFirstWithHostNet to istio-cni when it runs with hostNetwork=true (i.e. ambient mode).

• Added GKE platform profile for ambient mode. When installing on GKE, use --set global.platform=gke (Helm) or --set values.global.platform=gke (istioctl) to apply GKE-specific value overrides. This replaces the previous GKE auto detection based on K8S version used in the istio-cni chart.

• Added support for Envoy config parameter to skip deprecated logs, with the default set to true. Setting the ENVOY_SKIP_DEPRECATED_LOGS environment variable to false will enable deprecated logs.

• Added ambient dataplane exclusion labels to Istio-shipped gateways by default, to avoid out-of-the-box confusing behavior if installing gateways outside of istio-system. (Issue #54824)

• Fixed an issue where ipset entry creation would fail on certain kinds of Docker-based Kubernetes nodes. (Issue #53512)

• Fixed Helm render to properly apply annotations on pilot serviceAccount. (Issue #51289)

• Fixed a issue where includeInboundPorts: "" not working when istio-cni is enabled. (Issue #54288)

• Fixed an issue where the CNI installation left temporary files when a container was repeatedly killed during the binary copy, which could have filled the storage space. (Issue #54311)

• Fixed an issue in the gateway chart where --set platform worked but --set global.platform did not.

• Fixed an issue where gateway injection template did not respect the kubectl.kubernetes.io/default-logs-container and kubectl.kubernetes.io/default-container annotations.

• Fixed an issue causing the istio-iptables command to fail when a non-built-in table is present in the system.

• Fixed an issue preventing the PodDisruptionBudget maxUnavailable field from being customizable. (Issue #54087)

• Fixed an issue where injection configuration errors were being silenced (i.e. logged and not returned) when the sidecar injector was unable to process the sidecar config. This change will now propagate the error to the user instead of continuing to process a faulty config. (Issue #53357)

istioctl

• Improved the output of istioctl proxy-config secret to display trust bundles provided by Spire.

• Added alias -r for --revision flags in istioctl analyze.

• Added support for AuthorizationPolicies with CUSTOM action in the istioct x authz check command.

• Added support for the --network parameter to the istioctl experimental workload group create command. (Issue #54022)

• Added the ability to safely restart/upgrade the system-node-critical istio-cni node agent DaemonSet in-place. This works by preventing new pods from starting on the node while istio-cni is being restarted or upgraded. This feature is enabled by default and can be disabled by setting the environment variable AMBIENT_DISABLE_SAFE_UPGRADE=true in istio-cni. (Issue #49009)

• Added changes for rootca-compare command to handle the case when pod has multiple root CA. (Issue #54545)

• Added support for istioctl waypoint delete to delete specified revision waypoints.

• Added support for the analyzer to report negative status conditions on select Istio and Kubernetes Gateway API resources. (Issue #55055)

• Improved the performance of istioctl proxy-config secret and istioctl proxy-config. (Issue #53931)

• Fixed an issue in the rootca-compare command to handle the case when a pod has multiple root CAs. (Issue #54545)

• Fixed an issue where istioctl install deadlocks if multiple ingress gateways are specified in the IstioOperator file. (Issue #53875)

• Fixed an issue where istioctl waypoint delete --all would delete all gateway resources, even non-waypoints. (Issue #54056)

• Fixed the istioctl experimental injector list command to not print redundant namespaces for injector webhooks.

• Fixed istioctl analyze reporting IST0145 errors when using the same host with different ports and multiple gateways. (Issue #54643)

• Fixed an issue where istioctl --as implicitly set --as-group="" when --as is used without --as-group.

• Removed --recursive flags and set recursion to true for istioctl analyze.

• Removed the experimental flag --xds-via-agents from the istioctl proxy-status command.

Changes

• Fixed a bug where mixed-case Hosts in Gateway and TLS redirect resulted in stale RDS. (Issue #49638)

• Fixed an issue where ambient mode PeerAuthentication policies were overly strict. (Issue #53884)

• Fixed a bug in where multiple STRICT port-level mTLS rules in an ambient mode PeerAuthentication policy would effectively result in a permissive policy due to incorrect evaluation logic (AND vs. OR). (Issue #54146)

• Fixed non-default revisions controlling gateways lacking istio.io/rev labels. (Issue #54280)

• Fixed an issue where access log order instability caused connection draining. (Issue #54672)

• Fixed a bug where Istiod would send an incompatible access log format to <1.23 proxies. (Issue #54795)

• Improved Istiod’s validation webhook to accept versions it does not know about. This ensures that an older Istio can validate resources created by newer CRDs.

Changes

• Fixed a bug with mixed-case Hosts in Gateway and TLS redirect resulted in stale RDS. (Issue #49638)

• Fixed an issue where Ambient PeerAuthentication policies were overly strict. (Issue #53884)

• Fixed failure to patch managed gateway/waypoint deployments during upgrade to 1.24. (Issue #54145)

• Fixed a bug in where multiple STRICT port-level mTLS rules in an ambient mode PeerAuthentication policy would effectively result in a permissive policy due to incorrect evaluation logic (AND vs. OR). (Issue #54146)

• Fixed the wording of the status message when L7 rules are present in an AuthorizationPolicy which is bound to ztunnel, to be clearer. (Issue #54334)

• Fixed a bug where the request mirror filter incorrectly computed the percentage. (Issue #54357)

• Fixed an issue where using a tag in the istio.io/rev label on a gateway caused the gateway to be improperly programmed, and to lack status. (Issue #54458)

• Fixed an issue where out-of-order ztunnel disconnects could put istio-cni in a state where it believes it has no connections. (Issue #54544), (Issue #53843)

• Fixed an issue where access log order caused instability during connection draining. (Issue #54672)

• Fixed an issue in the gateway chart where --set platform worked but --set global.platform did not.

• Fixed an issue where ingress gateways did not use WDS discovery to retrieve metadata for ambient mode destinations.

• Fixed an issue causing the istio-iptables command to fail when a non-built-in table is present in the system.

• Fixed an issue causing configuration to be rejected when there is a partial overlap between IP addresses across multiple services. For example, a Service with [IP-A] and one with [IP-B, IP-A]. (Issue #52847)

• Fixed DNS traffic (UDP and TCP) is now affected by traffic annotations like traffic.sidecar.istio.io/excludeOutboundIPRanges and traffic.sidecar.istio.io/excludeOutboundPorts. Before, UDP/DNS traffic would uniquely ignore these traffic annotations, even if a DNS port was specified, because of the rule structure. The behavior change actually happened in the 1.23 release series, but was left out of the release notes for 1.23. (Issue #53949)

At this point we will no longer back-port fixes for security issues and critical bugs to 1.22. We highly recommend that you upgrade to the latest version of Istio (1.29.1) if you haven’t already.

Changes

• Fixed an issue where Ambient PeerAuthentication policies were overly strict. (Issue #53884)

• Fixed a bug in Ambient (only) where multiple STRICT port-level mTLS rules in a PeerAuthentication policy would effectively result in a permissive policy due to incorrect evaluation logic (AND vs. OR). (Issue #54146)

• Fixed an issue that access log order instability causing connection draining. (Issue #54672)

At that point we will stop back-porting fixes for security issues and critical bugs to 1.22, so we encourage you to upgrade to the latest version of Istio (1.29.1). If you don’t do this you may put yourself in the position of having to do a major upgrade on a short timeframe to pick up a critical fix.

We care about you and your clusters, so please be kind to yourself and upgrade.

CVE

Envoy CVEs

• CVE-2024-53269: (CVSS Score 4.5, Moderate): Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting.
• CVE-2024-53270: (CVSS Score 7.5, High): HTTP/1: sending overload crashes when the request is reset beforehand.
• CVE-2024-53271: (CVSS Score 7.1, High): HTTP/1.1: multiple issues with envoy.reloadable_features.http1_balsa_delay_reset.

Am I Impacted?

You are impacted if you are using Istio 1.22.0 to 1.22.6, 1.23.0 to 1.23.3, or 1.24 to 1.24.1, please upgrade immediately. If you have created a custom EnvoyFilter to enable the Overload manager, avoid using the http1_server_abort_dispatch load shed point.

This release implements the security updates described in our 18th of December post, ISTIO-SECURITY-2024-007.

Changes

• Added the DAC_OVERRIDE capability to the istio-cni-node DaemonSet. This fixes issues when running in environments where certain files are owned by non-root users. Note: prior to Istio 1.24, the istio-cni-node ran as privileged. Istio 1.24 removed this, but removed some required privileges which are now added back. Relatively to Istio 1.23, istio-cni-node still has fewer privileges than it does with this change.

• Fixed Helm rendering to properly apply annotations on Pilot’s ServiceAccount. (Issue #51289)

• Fixed an issue where istiod did not handle RequestAuthentication correctly for cross-namespace waypoint proxies. (Issue #54051)

• Fixed an issue where non-default revisions controlled gateways lacked istio.io/rev labels. (Issue #54280)

• Fixed an issue where ExternalName services failed to resolve when using ambient mode and DNS proxying.

• Fixed an issue preventing the PodDisruptionBudget maxUnavailable field from being configured. (Issue #54087)

• Fixed an issue where injection config errors were being silenced (i.e. logged and not returned) when the sidecar injector was unable to process the sidecar config. This change will now propagate the error to the user instead of continuing to process a faulty config. (Issue #53357)

This release implements the security updates described in our 18th of December post, ISTIO-SECURITY-2024-007.

Changes

• Added support for providing arbitrary environment variables to istio-cni chart.

• Fixed an issue where merging Duration with an EnvoyFilter could lead to all listener associated attributes unexpectedly being modified because all listeners shared the same pointer typed listener_filters_timeout.

• Fixed Helm rendering to properly apply annotations on Pilot’s ServiceAccount. (Issue #51289)

• Fixed an issue where injection config errors were being silenced (i.e. logged and not returned) when the sidecar injector was unable to process the sidecar config. This change will now propagate the error to the user instead of continuing to process a faulty config. (Issue #53357)

This release implements the security updates described in our 18th of December post, ISTIO-SECURITY-2024-007.

There are no additional user-facing changes in this release.

What’s new?

Ambient mode is generally available

We are thrilled to announce the General Availability of Istio’s ambient mode! The core features (ztunnel, waypoints and APIs) have been marked as Stable by the Istio TOC. This marks the final stage in Istio’s feature phase progression, signaling the features are fully ready for broad production usage.

Since its announcement in 2022, the community has been hard at work innovating, scaling, stabilizing, and tuning ambient mode to be ready for prime time.

On top of countless changes since the Beta release, Istio 1.24 comes with a number of enhancements to ambient mode:

• New status messages are now written to a variety of resources, including Services and AuthorizationPolicies, to help understand the current state of the object.
• Policies can now be attached directly to ServiceEntrys. Give it a try with a simplified egress gateway!
• A brand new, exhaustive, troubleshooting guide. Fortunately, a number of bug fixes in Istio 1.24 makes many of these troubleshooting steps no longer needed!
• Many bug fixes. In particular, edge cases around pods with multiple interfaces, GKE intranode visibility, IPv4-only clusters, and many more issues have been resolved.

Improved retries

Automatic retries has been a core part of Istio’s traffic management functionality. In Istio 1.24, it gets even better.

Previously, retries were exclusively implemented on the client sidecar. However, a common source of connection failures actually comes from communicating between the server sidecar and the server application, typically from attempting to re-use a connection the backend is closing. With this improved functionality, we are able to detect this case and retry on the server sidecar automatically.

Additionally, the default policy of retrying 503 errors has been removed. This was initially added primarily to handle the above failure types, but has some negative side effects on some applications.

Upgrading to 1.24

We would like to hear from you regarding your experience upgrading to Istio 1.24. You can provide feedback in the #release-1.24 channel in our Slack workspace.

Would you like to contribute directly to Istio? Find and join one of our Working Groups and help us improve.

Attending KubeCon North America 2024? Be sure to stop by the co-located Istio Day to catch some great talks, or swing by the Istio project booth to chat.

Updated compatibility profiles

To support compatibility with older versions, Istio 1.24 introduces a new 1.23 compatibility profile and updates its other profiles to account for changes in Istio 1.24.

This profile sets the following values:

ENABLE_INBOUND_RETRY_POLICY: "false"
EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY: "false"
PREFER_DESTINATIONRULE_TLS_FOR_EXTERNAL_SERVICES: "false"
ENABLE_ENHANCED_DESTINATIONRULE_MERGE: "false"
PILOT_UNIFIED_SIDECAR_SCOPE: "false"
ENABLE_DEFERRED_STATS_CREATION: "false"
BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS: "false"

See the individual change and upgrade notes for more information.

Ambient upgrade with DNS proxy

For upgrades to Istio 1.24.0 when using Ambient mode, with cni.ambient.dnsCapture=true configured, users will need to follow a specific set of upgrade steps:

1. Upgrade Istio CNI
2. Restart any workloads enrolled into ambient mode
3. Upgrade Ztunnel

Failure to do so will result in DNS resolution failures. If this occurs, you can restart the workloads to resolve the issue.

This is expected to be improved in future patch releases; follow the issue for more information.

Istio CRDs are templated by default and can be installed and upgraded via helm install istio-base

This changes how CRDs are upgraded. Previously, we recommended and documented:

• Install: helm install istio-base
• Upgrade: kubectl apply -f manifests/charts/base/files/crd-all.gen.yaml or similar.
• Uninstall: kubectl get crd -oname | grep --color=never 'istio.io' | xargs kubectl delete

This change allows:

• Install: helm install istio-base
• Upgrade: helm upgrade istio-base
• Uninstall: kubectl get crd -oname | grep --color=never 'istio.io' | xargs kubectl delete

Previously this only worked under certain conditions, and when certain install flags were used, could result in non-Helm-upgradable CRDs being generated that required manual intervention to fix.

With this change, out-of-band install and upgrade of Istio CRDs with the kubectl command when using Helm is no longer required.

If you do not use Helm to install, template, or manage Istio resources, you can continue to do so and install CRDs manually with kubectl apply -f manifests/charts/base/files/crd-all.gen.yaml

If you previously installed CRDs with helm install istio-base OR kubectl apply, you can begin safely upgrading Istio CRDs with only helm upgrade istio-base from this and all subsequent releases after running the below kubectl commands as a one-time migration:

• kubectl label $(kubectl get crds -l chart=istio -o name && kubectl get crds -l app.kubernetes.io/part-of=istio -o name) "app.kubernetes.io/managed-by=Helm"
• kubectl annotate $(kubectl get crds -l chart=istio -o name && kubectl get crds -l app.kubernetes.io/part-of=istio -o name) "meta.helm.sh/release-name=istio-base" (replace with actual istio-base Helm release name)
• kubectl annotate $(kubectl get crds -l chart=istio -o name && kubectl get crds -l app.kubernetes.io/part-of=istio -o name) "meta.helm.sh/release-namespace=istio-system" (replace with actual istio namespace)

If desired, the legacy labels can be generated by setting base.enableCRDTemplates=false during helm install base, but this option will be removed in a future release.

istiod-remote chart replaced with remote profile

Installing istio clusters with a remote/external control plane via Helm has never been officially documented or stable. This changes how clusters that use a remote istio instance are installed, in preparation for documenting this.

The istiod-remote Helm chart has been merged with the regular istio-discovery Helm chart.

Previously:

• helm install istiod-remote istio/istiod-remote

With this change:

• helm install helm install istiod istio/istiod --set profile=remote

Note that, as per the above upgrade note, installing istio-base chart is now required in both local and remote clusters.

Sidecar scoping changes

During processing of services, Istio has a variety of conflict resolution strategies. Historically, these have subtly differed when a user has a Sidecar resource defined, compared to when they do not. This applied even if the Sidecar resource with just egress: "*/*", which should be the same as not having one defined.

In this version, the behavior between the two has been unified:

Multiple services defined with the same hostname Behavior before, without Sidecar: prefer a Kubernetes Service (rather than a ServiceEntry), else pick an arbitrary one. Behavior before, with Sidecar: prefer the Service in the same namespace as the proxy, else pick an arbitrary one. New behavior: prefer the Service in the same namespace as the proxy, then the Kubernetes Service (not ServiceEntry), else pick an arbitrary one.

Multiple Gateway API Route defined for the same service Behavior before, without Sidecar: prefer the local proxy namespace, to allow consumer overrides. Behavior before, with Sidecar: arbitrary order. New behavior: prefer the local proxy namespace, to allow consumer overrides.

The old behavior can be retained, temporarily, by setting PILOT_UNIFIED_SIDECAR_SCOPE=false.

Standardization of the peer metadata attributes

CEL expressions in the telemetry API must use the standard Envoy attributes instead of the custom Wasm extended attributes.

Peer metadata is now stored in filter_state.downstream_peer and filter_state.upstream_peer instead of filter_state["wasm.downstream_peer"] andfilter_state["wasm.upstream_peer"]. Node metadata is stored in xds.node instead of node. Wasm attributes must be fully qualified, e.g. use filter_state["wasm.istio_responseClass"] instead of istio_responseClass.

Presence operator can be used for backwards compatible expressions in a mixed proxy scenario, e.g. has(filter_state.downstream_peer) ? filter_state.downstream_peer.namespace : filter_state["wasm.downstream_peer"].namespace to read the namespace of the peer.

The peer metadata uses baggage encoding with the following field attributes:

• namespace
• cluster
• service
• revision
• app
• version
• workload
• type (e.g. "deployment")
• name (e.g. "pod-foo-12345")

Compatibility with cert-manager’s istio-csr

In this release, Istio introduces increased validation checks in gRPC communication to the control plane. Note this only impacts Istio’s own internal gRPC usage, not users’ traffic.

While Istio’s control plane is not impacted by this, a popular third-party CA implementation, istio-csr is. While this has been fixed upstream, there is not yet a released version with the fix at the time of writing (v0.12.0 does not have the fix).

This can be worked around in the meantime by installing Istio with the following settings:

meshConfig:
  defaultConfig:
    proxyMetadata:
      GRPC_ENFORCE_ALPN_ENABLED: "false"

If you are impacted by this issue, you will see an error message like "transport: authentication handshake failed: credentials: cannot check peer: missing selected ALPN property".

• Added support for attaching policies to ServiceEntry for waypoints.

• Added a new annotation, ambient.istio.io/bypass-inbound-capture, that can be applied to make ztunnel only capture outbound traffic. This can be useful to skip an unnecessary hop for workloads that only accept traffic from out-of-mesh clients (such as internet-facing pods).

• Added a new annotation, networking.istio.io/traffic-distribution, that can be applied to make ztunnel prefer sending traffic to local pods. This behaves the same as the spec.trafficDistribution field on Service, but allows usage on older Kubernetes versions (as the field was added as beta in Kubernetes 1.31). Note that waypoints automatically set this.

• Fixed an issue preventing server first protocols from working with waypoints.

• Improved logs from Envoy when connection failures occur in ambient mode to show more error details.

• Added support for Telemetry customization in the waypoint proxy.

• Added writing a status condition for binding AuthorizationPolicy to a waypoint proxy. The formatting of conditions is experimental and will change. Policy with multiple targetRefs presently receive a single condition. Once a pattern for conditions with multiple references is adopted by upstream Kubernetes Gateway API, Istio will adopt the convention to provide greater detail when multiple targetRefs are used. (Issue #52699)

• Fixed an issue causing hostNetwork pods to function incorrectly in ambient mode.

• Improved how ztunnel determines which Pod it is acting on behalf of. Previously, this relied on IP addresses, which was unreliable in some scenarios.

• Fixed an issue causing any portLevelSettings to be ignored in DestinationRule in waypoints. (Issue #52532)

• Fixed an issue when using mirror policies with waypoints. (Issue #52713)

• Added support for connection.sni rule in AuthorizationPolicy applied to a waypoint. (Issue #52752)

• Updated the redirection method used in Ambient from TPROXY to REDIRECT. For most users, this should have no impact, but fixes a few compatibility issues with TPROXY. (Issue #52260), (Issue #52576)

Traffic Management

• Promoted Istio dual-stack support to Alpha (Issue #47998)

• Added warmup.aggression, warmup.duration, warmup.minimumPercent parameters to DestinationRule to provide more control on warmup behavior. (Issue #3215)

• Added retry policy for inbound requests that automatically resets the requests that the service has not seen/processed. It can be reverted by setting ENABLE_INBOUND_RETRY_POLICY to false. (Issue #51704)

• Fixed default retry policy to exclude retries on 503 which is potentially unsafe for idempotent requests. This behavior can be temporarily reverted with EXCLUDE_UNSAFE_503_FROM_DEFAULT_RETRY=false. (Issue #50506)

• Updated the behavior of XDS generation to be aligned when a user has a Sidecar configured and when they do not. See upgrade notes for more information.

• Improved Istiod’s validation webhook to accept versions it does not know about. This ensures that an older Istio can validate resources created by newer CRDs.

• Improved support for dual-stack services by associating multiple IPs with one single endpoint, rather than treating them as two distinct endpoints. (Issue #40394)

• Added support for matching multiple IPs (for dual-stack services) in HTTP route.

• Added VirtualService sourceNamespaces will now be taken into account when filtering unneeded configuration.

• Added support for by passing overload manager for static listeners. This can be reverted by setting BYPASS_OVERLOAD_MANAGER_FOR_STATIC_LISTENERS to false in agent Deployment. (Issue #41859), (Issue #52663)

• Added new istiod environment variable ENVOY_DNS_JITTER_DURATION, with a default value of 100ms that sets jitter for periodic DNS resolution. See dns_jitter in https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto. This can help decrease the load on the cluster DNS server. (Issue #52877)

• Added support for configuring certificate details while populating XFCC header via a new ProxyConfig field, proxyHeaders.setCurrentClientCertDetails.

• Added Allow users to put extra white spaces between namespaces in networking.istio.io/exportTo annotation. (Issue #53429)

• Added an experimental feature to enable lazily create subset of Envoy statistics. This will save memory and CPU cycles when creating the objects that own these stats, if those stats are never referenced throughout the lifetime of the process. This can be disabled by setting ENABLE_DEFERRED_STATS_CREATION to false in agent Deployment.

• Fixed matching multiple service VIPs in ServiceEntry. See upgrade notes for more information. (Issue #51747), (Issue #30282)

• Fixed MeshConfig’s serviceSettings.settings.clusterLocal to favor more precise hostnames, allowing host exclusions.

• Fixed DestinationRules on same host to not merge if they have different exportTo values. The hold behavior can be temporarily restored with ENABLE_ENHANCED_DESTINATIONRULE_MERGE=false. (Issue #52519)

• Fixed an issue where controller-assigned IPs did not respect per-proxy DNS capture the same way that ephemeral auto-allocated IPs did. (Issue #52609)

• Fixed an issue causing Waypoints to ignore auto-allocated IPs for ServiceEntry in some cases. (Issue #52746)

• Fixed an issue where the ISTIO_OUTPUT iptables chain was not removed with pilot-agent istio-clean-iptables command. (Issue #52835)

• Fixed an issue where using HTTPS in slow request scenarios such as high packet loss networks could potentially lead to Envoy memory leak. (Issue #52850)

• Fixed a bug where DNS proxying contained unready endpoints for headless services.

• Removed the deprecated istio.io/gateway-name label, please use gateway.networking.k8s.io/gateway-name label instead.

• Removed writing kubeconfig to CNI net directory. (Issue #52315)

• Removed CNI_NET_DIR from the istio-cni configmap, as it now does nothing. (Issue #52315)

Telemetry

• Updated CEL vocabulary used in the telemetry APIs and extensions. See upgrade notes for more information.

• Added add new pattern variable (%SERVICE_NAME%) for stat prefix (Issue #52177)

• Added logAsJson value to ztunnel helm chart (Issue #52631)

• Added stats tags configuration for watchdog metrics. (Issue #52731)

• Added support headers and timeout configurations of gRPC requests when exporting traces to OpenTelemetry Collector. (Issue #52873)

• Added support customized Zipkin collector endpoint under meshConfig.extensionProviders.zipkin.path. (Issue #53086)

• Fixed Added the metrics port to the pods created by Gateway automated deployments.

• Fixed The citadel_server_root_cert_expiry_timestamp, citadel_server_root_cert_expiry_seconds, citadel_server_cert_chain_expiry_timestamp, and citadel_server_cert_chain_expiry_seconds update when new certificates are loaded.

• Added SECRET_GRACE_PERIOD_RATIO_JITTER with a default value of 0.01 to introduce a randomized offset in SECRET_GRACE_PERIOD_RATIO. Without this configuration, proxies deployed at the same time will all request renewed certificates simultaneously which can cause excessive CA server load. The new default behavior of renewing certificates every 12 hours is augmented by this value to be +/- approximately 15 minutes. (Issue #52102)

Installation

• Updated securityContext.privileged to false for istio-cni in favor of feature-specific permissions. istio-cni remains a “privileged” container as per the Kubernetes Pod Security Standards, since even without this flag it has privileged capabilities, namely CAP_SYS_ADMIN. (Issue #52558)

• Improved Waypoint resources are now configurable using global.waypoint.resources. (Issue #51496)

• Improved Waypoint pod affinity is now configurable using waypoint.affinity. (Issue #52883)

• Improved Waypoint pod topologySpreadConstraints are now configurable using global.waypoint.topologySpreadConstraints. (Issue #52901)

• Improved Waypoint pod tolerations are now configurable using global.waypoint.tolerations. (Issue #52901)

• Improved Waypoint pod nodeSelector are now configurable using global.waypoint.nodeSelector. (Issue #52901)

• Improved the memory footprint of the istio-cni-node DaemonSet. In many cases this can result in up to 80% memory reduction. (Issue #53493)

• Updated Kiali addon sample to version v2.0.

• Updated all Istio components to read v1 CRDs where applicable. This should have no impact, unless the cluster is using Istio CRDs from 1.21 or older (which is not a supported version skew).

• Added the app.kubernetes.io/name, app.kubernetes.io/instance, app.kubernetes.io/part-of, app.kubernetes.io/version, app.kubernetes.io/managed-by, and helm.sh/chart labels to almost all resources. (Issue #52034)

• Added Platform-specific configurations for Helm installs. Example: helm install istio-cni --set profile=ambient --set global.platform=k3s helm install istiod --set profile=ambient --set global.platform=k3s

  For list of currently-supported platform overrides, see manifests/charts/platform-xxx.yaml files.

Removed the openshift profile variants, replaced with global.platform overrides. Example: helm install istio-cni --set profile=ambient-openshift is now helm install istio-cni --set profile=ambient --set global.platform=openshift

• Added Add the ability to configure initContainers for Istiod. (Issue #53120)

• Added Add settings (strategy, minReadySeconds, and terminationGracePeriodSeconds) to stabilize gateways for high traffic. (Issue #53121)

• Added value seLinuxOptions to istio-cni chart. On some platforms (e.g. OpenShift) it is necessary to set seLinuxOptions.type to spc_t in order to work around some SELinux constraints related to hostPath volumes. Without this setting, the istio-cni-node pods may fail to start. (Issue #53558)

• Added support for providing arbitrary environment variables to istio-cni chart

• Added a new annotation sidecar.istio.io/nativeSidecar to allow users to control native sidecar injection on a per-pod basis. This annotation can be set to true or false to enable or disable native sidecar injection for a pod. This annotation takes precedence over the global ENABLE_NATIVE_SIDECARS environment variable. (Issue #53452)

• Added Allow user to add customized annotation to MutatingWebhookConfiguration for revision-tags through helm chart.

• Fixed kube-virt-interfaces rules not being removed by istio-clean-iptables tool. (Issue #48368)

• Fixed Allow for re-executions of istio-iptables by skipping apply step if existing rules are compatible.

• Fixed an issue where some installation status lines were not finalized correctly which can cause odd rendering when terminal windows are resized. (Issue #52525)

• Fixed Set allowPrivilegeEscalation to true in ztunnel - it has always been forced to true in reality but K8S does not properly validate this: https://github.com/kubernetes/kubernetes/issues/119568.

• Fixed Remove non-critical components from base chart, and remove pilot.enabled from istiod-remote and istio-discovery charts.

• Fixed templated CRD installation in the base chart by default. Previously this only worked under certain conditions, and when certain install flags were used, could result in CRDs that could only be upgraded via manual kubectl intervention. See upgrade notes for more information.

• Deprecated Values.base.enableCRDTemplates. This option now defaults to true and will be removed in a future release. Until then, the legacy behavior can be enabled by setting this to false (Issue #43204)

• Removed some fields from the helm values API that had been without effect and in some cases long-deprecated. Removed fields are: pilot.configNamespace, pilot.configSource, pilot.enableProtocolSniffingForOutbound, pilot.enableProtocolSniffingForInbound, pilot.useMCP, global.autoscalingV2API, global.configRootNamespace, global.defaultConfigVisibilitySettings, global.useMCP, sidecarInjectorWebhook.objectSelector, and sidecarInjectorWebhook.useLegacySelectors. (Issue #51987)

• Removed unused istio_cni values from the istiod chart that were marked as deprecated (#49290) 2 releases ago. (Issue #52645)

• Removed istiod-remote chart in favor of helm install istio-discovery --set profile=remote.

• Removed support for the 1.20 compatibilityProfile. This configured the following settings: ENABLE_EXTERNAL_NAME_ALIAS, PERSIST_OLDEST_FIRST_HEURISTIC_FOR_VIRTUAL_SERVICE_HOST_MATCHING, VERIFY_CERTIFICATE_AT_CLIENT, and ENABLE_AUTO_SNI. All of these flags, except for ENABLE_AUTO_SNI, have also been removed from Istio entirely.

• Removed the sidecar.istio.io/enableCoreDump annotation. See the sample provided in samples/proxy-coredump for more preferred approaches to enable core dumps.

• Removed the legacy --log_rotate_* flag options. Users wishing to use log rotation should use external log rotation tools.

istioctl

• Added automatic detection of a variety of platform-specific incompatibilities during installation.

• Added a new command, istioctl manifest translate, to help migrate from istioctl install to helm.

• Added a new flag remote-contexts to the istioctl analyze command to specify remote cluster contexts during multi-cluster analysis. (Issue #51934)

• Added support for filtering Pods by label selector to istioctl x envoy-stats.

• Added support for filtering resources by namespace to istioctl experimental injector list.

• Added support for the --impersonate flags in the istioctl. (Issue #52285)

• Fixed istioctl analyze report IST0145 error with wildcard host and specific subdomain. (Issue #52413)

• Fixed istioctl experimental injector list prints webhooks not related to istio.

• Removed istioctl manifest diff and istioctl manifest profile diff commands. Users looking to compare manifest can use generic YAML comparison tools.

• Removed istioctl profile command. The same information can be found in Istio documentation.

Documentation changes

• Improved legibility of Istio’s documentation by renaming the sleep sample to curl. (Issue #15725)

Changes

• Added clusterLocal host exclusions for multi-cluster.

• Added the metrics port in the DaemonSet containers spec of the istio-cni chart.

• Added the metrics port in the kube-gateway container spec of the istio-discovery chart.

• Fixed kube-virt-interfaces rules not being removed by istio-clean-iptables tool. (Issue #48368)

Changes

• Fixed support for clusterLocal host exclusions for multi-cluster.

• Fixed kube-virt-related rules not being removed by istio-clean-iptables tool. (Issue #48368)

At this point we will no longer back-port fixes for security issues and critical bugs to 1.21. We highly recommend that you upgrade to the latest version of Istio (1.29.1) if you haven’t already.

Changes

• Fixed PILOT_SIDECAR_USE_REMOTE_ADDRESS functionality on sidecars to support setting internal addresses to mesh network rather than localhost to prevent header sanitization if envoy.reloadable_features.explicit_internal_address_config is enabled.

• Fixed VirtualMachine WorkloadEntry locality label missing during auto registration. (Issue #51800)

CVE

Envoy CVEs

• CVE-2024-45807: (CVSS Score 7.5, High): oghttp2 may crash on OnBeginHeadersForStream.

• CVE-2024-45808: (CVSS Score 6.5, Moderate): Lack of validation for REQUESTED_SERVER_NAME field for access loggers enables injection of unexpected content into access logs.

• CVE-2024-45806: (CVSS Score 6.5, Moderate): Potential for x-envoy headers to be manipulated by external sources.

• CVE-2024-45809: (CVSS Score 5.3, Moderate): JWT filter crash in the clear route cache with remote JWKs.

• CVE-2024-45810: (CVSS Score 6.5, Moderate): Envoy crashes for LocalReply in HTTP async client.

Am I Impacted?

You are impacted if you are using Istio 1.22.0 to 1.22.4 or 1.23.0 to 1.23.1.

If you deploy an Istio Ingress Gateway, you are potentially vulnerable to x-envoy header manipulation by external sources. Envoy previously considered all private IP to be internal by default and as a result, did not sanitize headers from external sources with private IPs. Envoy added support for the flag envoy.reloadable_features.explicit_internal_address_config to explicitly un-trust all IPs. Envoy and Istio currently disable the flag by default for backwards compatibility. In future Envoy and Istio release the flag envoy.reloadable_features.explicit_internal_address_config will be enabled by default. The Envoy flag can be set mesh-wide or per-proxy via the ProxyConfig in runtimeValues.

Mesh-wide example configuration:

meshConfig:
  defaultConfig:
    runtimeValues:
      "envoy.reloadable_features.explicit_internal_address_config": "true"

Per-proxy example configuration:

annotations:
  proxy.istio.io/config: |
    runtimeValues:
      "envoy.reloadable_features.explicit_internal_address_config": "true"

Note fields in ProxyConfig are not dynamically configured; changes will require restart of workloads to take effect.

Changes

• Fixed PILOT_SIDECAR_USE_REMOTE_ADDRESS functionality on sidecars to support setting internal addresses to mesh network rather than localhost to prevent header sanitization if envoy.reloadable_features.explicit_internal_address_config is enabled.

Changes

• Fixed PILOT_SIDECAR_USE_REMOTE_ADDRESS functionality on sidecars to support setting internal addresses to mesh network rather than localhost to prevent header sanitization if envoy.reloadable_features.explicit_internal_address_config is enabled.

• Removed a change in 1.22.4 to the handling of multiple service VIPs in ServiceEntry. (Issue #52944), (Issue #52847)

Changes

• Fixed an issue where controller-assigned IPs did not respect per-proxy DNS capture the same way that ephemeral auto-allocated IPs did. (Issue #52609)

• Fixed an issue where waypoints required DNS proxy to be enabled in order to consume auto-allocated IPs. (Issue #52746)

• Fixed an issue where the ISTIO_OUTPUT iptables chain was not removed with pilot-agent istio-clean-iptables command. (Issue #52835)

• Fixed an issue causing any portLevelSettings to be ignored in DestinationRules for waypoints. (Issue #52532)

• Removed writing kubeconfig to CNI net directory. (Issue #52315)

• Removed CNI_NET_DIR from the istio-cni ConfigMap, as it now does nothing. (Issue #52315)

• Removed a change in Istio 1.23.0 causing regressions for ServiceEntries with multiple addresses defined. Note: the reverted change did fix an issue around missing addresses (#51747), but introduce a new set of issues. The original issue can be worked around by creating a sidecar resource. (Issue #52944), (Issue #52847)

At that point we will stop back-porting fixes for security issues and critical bugs to 1.21, so we encourage you to upgrade to the latest version of Istio (1.29.1). If you don’t do this you may put yourself in the position of having to do a major upgrade on a short timeframe to pick up a critical fix.

We care about you and your clusters, so please be kind to yourself and upgrade.

Changes

• Fixed an issue where the VirtualMachine WorkloadEntry locality label was missing during auto-registration. (Issue #51800)

• Fixed an issue where listeners were missing for addresses beyond the first in a ServiceEntry. (Issue #51747)

• Fixed inconsistent behavior with the istio_agent_cert_expiry_seconds metric.

• Fixed the istiod chart installation for older Helm versions (v3.6 and v3.7) by ensuring that .Values.profile is set to a string. (Issue #52016)

• Fixed an omission in ztunnel helm charts which resulted in some Kubernetes resources being created without labels.

• Fixed handling of a failure adding a pod to the dataplane where the pod was still added to ipset. (Issue #52218)

• Fixed an issue causing resources to incorrectly be reported by istioctl proxy-status as STALE. (Issue #51612)

• Fixed an issue that can trigger a deadlock when discoverySelectors (configured in MeshConfig) and a namespace, which has an Ingress object or a Kubernetes Gateway object, would move from being selected to unselected.

• Fixed an issue causing stale endpoints when the same IP address was present in multiple WorkloadEntries.

• Removed writing the experimental field GatewayClass.status.supportedFeatures, as it was unstable in the API.

What’s new?

Ambient, ambient, ambient

Hot on the tail of the recent promotion of ambient mode to Beta in Istio 1.22, Istio 1.23 comes with a huge set of improvements. Working closely with the many users who have been adopting ambient mode, we have been working diligently to address all the feedback we have received. These improvements include broader platform support, added features, bug fixes, and performance improvements.

A small sample of the highlights:

• Support for DestinationRule in waypoint proxies.
• Support for DNS ServiceEntries in waypoints and ztunnel.
• Support for sharing waypoints across namespaces.
• Support for the new Service field trafficDistribution, allowing keeping traffic in local zones/regions.
• Support for Dual Stack and IPv6 clusters.
• A new Grafana dashboard for ztunnel.
• A single Helm chart for installing all the ambient mode components at once.
• Performance improvements: our testing shows up to a 50% improvement in throughput compared to Istio 1.22.
• Tons of bug fixes: improvements to pod startup, support for Services without selectors, improvements to logging, and more!

DNS auto-allocation improvements

For years, Istio has has an address allocation option for use with the DNS proxy mode. This solves a number of problems for Service routing.

In Istio 1.23, a new implementation of this feature was added. In the new approach, the allocated IP addresses are persisted in the ServiceEntry status field, ensuring that they are never changed. This fixes long-standing reliability issues with the old approach, where the allocation would occasionally shuffle and cause issues. Additionally, this approach is more standard, easier to debug, and makes the feature work with ambient mode!

This mode is off by default in 1.23, but can be enabled with PILOT_ENABLE_IP_AUTOALLOCATE=true.

Retry improvements preview

In this release, a new feature preview for an enhancement to the default retry policy has been implemented. Historically, retries were done only on outbound traffic. For many cases, this is what you want: the request can be retried to a different pod, which has a better chance to succeed. However, this left a gap: often, a request would fail simply because the application had closed a connection we had kept alive and tried to re-use.

We have added to detect this scenario, and retry. This is expected to reduce a common source of 503 errors in the mesh.

This can be enabled with ENABLE_INBOUND_RETRY_POLICY=true. It is expected to be on by default in future releases.

A coat of paint for Bookinfo

Improvements in 1.23 are not limited to Istio itself: in this release, everyone’s favorite sample application, Bookinfo, also gets a facelift!

The new application features a more modern design, and performance improvements that resolve some unexpected slowness in the productpage and details services.

Other highlights

• The distroless images were upgraded to use the Wolfi container base OS.
• The istioctl proxy-status command was improved to include the time since last change, and more relevant status values.

Deprecating the in-cluster Operator

Three years ago, we updated our documentation to discourage the use of the in-cluster operator for new Istio installations. We are now ready to formally mark it as deprecated in Istio 1.23. People leveraging the operator — which we estimate to be fewer than 10% of our user base — will need to migrate to other install and upgrade mechanisms in order to upgrade to Istio 1.24 or above. The expected release date for 1.24 is November 2024.

We recommend users move to Helm and istioctl, which remain supported by the Istio project. Migrating to istioctl is trivial; migrating to Helm will require tooling which we will publish along with the 1.24 release.

Users who wish to stick with the operator pattern have two third-party options in the istio-ecosystem org.

Please check out our deprecation announcement blog post for more details on the change.

Upgrading to 1.23

We would like to hear from you regarding your experience upgrading to Istio 1.23. You can provide feedback in the #release-1.23 channel in our Slack workspace.

Would you like to contribute directly to Istio? Find and join one of our Working Groups and help us improve.

Internal API protobuf changes

If you do not use Istio APIs from Go (via istio.io/api or istio.io/client-go) or Protobuf (from istio.io/api), this change does not impact you.

In prior versions, Istio APIs had identical contents replicated across multiple versions. For example, the same VirtualService protobuf message is defined 3 times (v1alpha3, v1beta1, and v1). These schemas are identical except in the package they reside in.

In this version of Istio, these have been consolidated down to a single version. For resources that had multiple versions, the oldest version is retained.

• If you use Istio APIs only via Kubernetes (YAML), there is no impact at all.
• If you use Istio APIs by Go types, there is essentially no impact. Each removed version has been replaced with type aliases to the remaining version, ensuring backwards compatibility. However, niche use cases (reflection, etc) may have some impact.
• If you use Istio APIs directly by Protobuf, and use newer versions, these will no longer be included as part of the API. Please reach out to the team if you are impacted.

• Deprecated the in-cluster Operator. Please check out our deprecation announcement blog post for more details on the change.

Traffic Management

• Added support for proxying 100 Continue headers. This can be disabled by setting ENABLE_100_CONTINUE_HEADERS to false.

• Added a way to read the traffic type for a waypoint from the istio.io/waypoint-for label on the parent Gateway class. This value overrides the global default and will be overridden if the label is applied to the waypoint resource. (Issue #50933)

• Added support for matching multiple service VIPs in a waypoint proxy. (Issue #51886)

• Added an experimental feature to enable cluster creation on worker threads inline during requests. This will save memory and CPU cycles in cases where there are lots of inactive clusters and > 1 worker thread. This can be disabled by setting ENABLE_DEFERRED_CLUSTER_CREATION to false in agent Deployment.

• Added support for the new reset-before-request retry policy added in Envoy 1.31. (Issue #51704)

• Fixed a bug where UDP traffic in the ISTIO_OUTPUT iptables chain exits early. (Issue #51377)

• Fixed ServiceEntry status addresses field not supporting IP address assignments to individual hosts, which led to an undesired divergence in behavior between the new and old implementations for automatic allocations. Added a “Host” field to the Address in order to support mapping allocated IP to a host.

• Fixed an issue where CORS filter forwarded preflight requests if the origin was not allowed.

• Fixed retry logic to make getting envoy metrics safer on EXIT_ON_ZERO_ACTIVE_CONNECTIONS mode. (Issue #50596)

• Fixed propagation of IPv6 config to the istio-cni. Note that IPv6 support is still unstable. (Issue #50162)

• Fixed an issue where ZDS did not pass down trust_domain. (Issue #51182)

• Fixed an issue with iptables rules for ambient when dealing with IPv6.

• Fixed IP auto allocation for ServiceEntry to allocate per-host rather than per-ServiceEntry. (Issue #52319)

• Fixed ServiceEntry validation to suppress the “address required” warning when using the auto IP allocation controller. (Issue #52422)

• Fixed an issue where TLS settings in DestinationRule are not respected when connecting from a gateway or sidecar to a backend enrolled using ambient mode.

• Fixed an issue preventing DestinationRule proxyProtocol from working when TLS is disabled.

• Removed the ISTIO_ENABLE_OPTIMIZED_SERVICE_PUSH feature flag.

• Removed the ENABLE_OPTIMIZED_CONFIG_REBUILD feature flag.

• Removed the experimental PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING feature flag and corresponding istioctl experimental wait command.

• Updated istio-cni config map to only expose environment variables that are user-configurable.

Security

• Added stricter validation of CSRs when Istio is functioning as the RA and is configured with an external CA for workload certificate signing. (Issue #51966)

• Improved the ability to use SPIRE for SDS by allowing a custom server socket filename. Previously, SPIRE docs forced the SPIRE SDS server be configured to use the Istio-default SDS socket name. This release introduces WORKLOAD_IDENTITY_SOCKET_FILE as an agent environment variable. If set to a non-default value, the agent will expect to find a non-Istio SDS server socket at the hard-coded path: WorkloadIdentityPath/WORKLOAD_IDENTITY_SOCKET_FILE and will throw an error if no healthy socket was found. Otherwise, it will listen to it. If this is unset, the agent will start and Istio default SDS server instance with a hard-coded path and hard-coded socket file of: WorkloadIdentityPath/DefaultWorkloadIdentitySocketFile and listen to it. This removes/replaces the agent environment variable USE_EXTERNAL_WORKLOAD_SDS (added in #45941)(Issue #48845)

Telemetry

• Added access log formatter support for OpenTelemetry. Users can add CEL/METADATA/REQ_WITHOUT_QUERY commands after all proxies are upgraded to Istio 1.23+.

• Fixed an issue where the status code was unset when using OpenTelemetry tracing. (Issue #50195)

• Fixed an issue where the span name was not set when using the OpenTelemetry tracing provider.

• Fixed statsMatcher’s regular expression not matching a route’s stat_prefix.

• Fixed an issue where the cluster_name and http_conn_manager_prefix labels were incorrectly truncated for services without a .svc.cluster.local suffix.

• Removed Istio Stackdriver metrics from XDS. (Issue #50808)

• Removed the OpenCensus tracer from Istio XDS. (Issue #50808)

• Removed the feature flag ENABLE_OTEL_BUILTIN_RESOURCE_LABELS.

Extensibility

• Removed internal multi-version protobuf files from the API. This is an internal change for most users. If you directly consume Istio APIs as protobufs, read the upgrade notes. (Issue #3127)

Installation

• Added .Values.pilot.trustedZtunnelNamespace to the istiod Helm chart. Set this if installing ztunnel to a different namespace from istiod. This value supersedes .Values.pilot.env.CA_TRUSTED_NODE_ACCOUNTS (which is still respected if set).

• Added the releaseChannel:extended flag to non-GA features and APIs. (Issue #173)

• Added outlier log path configuration to the mesh proxy config which allows users to configure the path to the outlier detection log file. (Issue #50781)

• Added an ambient umbrella Helm chart that wraps the baseline Istio components required for installing Istio with ambient support.

• Added support for readiness checks over https to istiod for use in clusters utilizing a remote control plane for sidecar injection. (Issue #51506)

• Fixed an issue where the CNI plugin inherited the CNI agent log level.

• Fixed an issue with service account annotation formatting by removing dashes. (Issue #51289)

• Fixed an issue where custom annotations were not propagated to the ztunnel chart.

• Fixed an issue where sidecar.istio.io/proxyImage annotation was ignored during the gateway injection. (Issue #51888)

• Fixed an issue where netlink errors were not be correctly parsed, leading to istio-cni not properly ignoring leftover ipsets.

• Improved CNI logging config. (Issue #50958)

• Improved the Helm installation for Istiod multi-cluster for primary-remote. Now, Helm installations only require setting global.externalIstiod, instead of also requiring pilot.env.EXTERNAL_ISTIOD to be set. (Issue #51595)

• Removed values.cni.logLevel is now deprecated. Use values.{cni|global}.logging.level instead.

• Updated the distroless images to be based on Wolfi. This should have no user-facing impact.

• Updated Kiali addon to version 1.87.0.

• Upgraded base debug images to use the latest Ubuntu LTS, ubuntu:noble. Previously, ubuntu:focal was used.

istioctl

• Added a status subcommand that prints out the status of gateway(s) for a given namespace. (Issue #51294)

• Added the ability for users to set the seccompProfile.type (e.g. to RuntimeDefault) for auto deployed waypoints by setting values.gateways.seccompProfile.type in the istiod injection config.

• Added an overwrite flag to istioctl apply command to allow overwriting existing resources in the cluster (initially, just namespace waypoint enrollments). (Issue #51312)

• Improved the output for istioctl version to be more user-friendly. (Issue #51296)

• Improved the istioctl proxy-status command.

  • Each status now includes the time since the last change.
  • If a proxy is not subscribed to a resource, it will now be shown as IGNORED instead of NOT SENT. NOT SENT continues to be used for resources that are requested, but never sent.
  • Include a new ERROR status when configuration is rejected.

Samples

• Improved the look and feel of the Bookinfo app.

Changes

• Updated Go version to include security fixes for the net/http package related to CVE-2024-24791

• Updated Envoy version to include security fixes related to CVE-2024-39305

• Fixed a bug where router’s merged gateway was not immediately recomputed when a service was created or updated. (Issue #51726)

• Fixed inconsistent behavior with the istio_agent_cert_expiry_seconds metric.

• Removed sorting of JSON access logs pending Envoy fix.

Changes

• Updated Go version to include security fixes for the net/http package related to CVE-2024-24791

• Updated Envoy version to include security fixes related to CVE-2024-39305

• Fixed a bug where router’s merged gateway was not immediately recomputed when a service was created or updated. (Issue #51726)

Changes

• Added gateways.securityContext to manifests to provide an option to customize the gateway securityContext. (Issue #49549)

• Fixed an issue where JWKS fetched from URIs were not updated promptly when there are errors fetching other URIs. (Issue #51636)

• Fixed 503 errors returned by auto-passthrough gateways created after enabling mTLS.

• Fixed serviceRegistry ordering of the proxy labels, so we put the Kubernetes registry in front. (Issue #50968)

CVE

Envoy CVEs

• GHSA-8mq4-c2v5-3h39: (CVSS Score 7.5, Moderate): Datadog: Datadog tracer does not handle trace headers with Unicode characters.

Am I Impacted?

You are impacted if you are using Istio 1.21.0 to 1.21.3 or 1.22.0 to 1.22.1 and have enabled the Datadog tracer.

This release note describes what is different between Istio 1.22.1 and 1.22.2.

Changes

• Improved waypoint proxies to no longer run as root.

• Added gateways.securityContext to manifests to provide an option to customize the gateway securityContext. (Issue #49549)

• Added a new option in ztunnel to completely disable IPv6, to enable running on kernels with IPv6 disabled.

• Fixed an issue where istioctl analyze returned IST0162 false positives. (Issue #51257)

• Fixed ENABLE_ENHANCED_RESOURCE_SCOPING not being part of helm compatibility profiles for Istio 1.20/1.21. (Issue #51399)

• Fixed Kubernetes job pod IPs may not be fully unenrolled from ambient despite being in a terminated state.

• Fixed false positives in IST0128 and IST0129 when credentialName and workloadSelector were set. (Issue #51567)

• Fixed an issue where JWKS fetched from URIs were not updated promptly when there are errors fetching other URIs. (Issue #51636)

• Fixed an issue causing workloadSelector policies to apply to the wrong namespace in ztunnel. (Issue #51556)

• Fixed a bug causing discoverySelectors to accidentally filter out all GatewayClasses.

• Fixed certificate chains parsing avoid unnecessary parsing errors by trimming unnecessary intermediate certificates.

• Fixed a bug in ambient mode causing requests at the start of a Pod lifetime to be rejected with unknown source.

• Fixed an issue in ztunnel where some expected connection terminations were reported as errors.

• Fixed an issue in ztunnel when connecting to a service with a targetPort that exists only on a subset of pods.

• Fixed an issue when deleting a ServiceEntry when there are duplicate hostnames across multiple ServiceEntries.

• Fixed an issue where ztunnel would send directly to pods when connecting to a LoadBalancer IP, instead of going through the LoadBalancer.

• Fixed an issue where ztunnel would send traffic to terminating pods.

This release note describes what is different between Istio 1.21.3 and 1.21.4.

Changes

• Added gateways.securityContext to manifests to provide an option to customize the gateway securityContext. (Issue #49549)

• Fixed an issue where istioctl analyze returned IST0162 false positives. (Issue #51257)

• Fixed false positives in IST0128 and IST0129 when credentialName and workloadSelector were set. (Issue #51567)

• Fixed an issue where JWKS fetched from URIs were not updated promptly when there are errors fetching other URIs. (Issue #51636)

• Fixed 503 errors returned by auto-passthrough gateways created after enabling mTLS.

• Fixed serviceRegistry ordering of the proxy labels, so we put the Kubernetes registry in front. (Issue #50968)

At this point we will no longer back-port fixes for security issues and critical bugs to 1.20. We highly recommend that you upgrade to the latest version of Istio (1.29.1) if you haven’t already.

CVE

Envoy CVEs

• CVE-2024-23326: (CVSS Score 5.9, Moderate): Incorrect handling of responses to HTTP/1 upgrade requests that can lead to request smuggling.

• CVE-2024-32974: (CVSS Score 5.9, Moderate): Vulnerability in QUIC stack that can lead to abnormal process termination.

• CVE-2024-32975: (CVSS Score 5.9, Moderate): Vulnerability in QUIC stack that can lead to abnormal process termination.

• CVE-2024-32976: (CVSS Score 7.5, High): Vulnerability in Brotli decompressor that can lead to infinite loop.

• CVE-2024-34362: (CVSS Score 5.9, Moderate): Vulnerability in QUIC stack that can lead to abnormal process termination.

• CVE-2024-34363: (CVSS Score 7.5, High): Vulnerability in Envoy access log JSON formatter, that can lead to abnormal process termination.

• CVE-2024-34364: (CVSS Score 5.7, Moderate): Unbounded memory consumption in ext_proc and ext_authz.

Am I Impacted?

If you are using JSON access log formatting in Istio 1.22, you are impacted, please upgrade as soon as possible. The request smuggling will also affect users of Websockets.

This release note describes what’s different between Istio 1.22.0 and 1.22.1.

Changes

• Added a new, optional experimental admission policy that only allows stable features/fields to be used in Istio APIs when using a remote Istiod cluster. (Issue #173)

• Fixed adding of pod IPs to the host’s ipset to explicitly fail instead of silently overwriting.

• Fixed an issue causing outboundstatname in MeshConfig to not be honored for subset clusters.

• Fixed custom injection of the istio-proxy container not working properly when SecurityContext.RunAs fields were set.

• Fixed returning 503 errors by auto-passthrough gateways created after enabling mTLS.

• Fixed serviceRegistry orders influence the proxy labels, so we put the Kubernetes registry in front. (Issue #50968)

This release note describes what’s different between Istio 1.21.2 and 1.21.3.

Changes

• Fixed building of EDS-typed cluster endpoints with domain address. (Issue #50688)

• Fixed custom injection of the istio-proxy container not working properly when SecurityContext.RunAs fields were set.

• Fixed a regression in Istio 1.21.0 causing VirtualServices routing to ExternalName services to not work when ENABLE_EXTERNAL_NAME_ALIAS=false was configured.

• Fixed list matching for the audience claims in JWT tokens. (Issue #49913)

• Fixed a behavioral change in Istio 1.20 that caused merging of ServiceEntries with the same hostname and port names to give unexpected results. (Issue #50478)

This release note describes what’s different between Istio 1.20.6 and 1.20.7.

Changes

• Fixed building of EDS-typed cluster endpoints with domain address. (Issue #50688)

• Fixed custom injection of the istio-proxy container not working properly when SecurityContext.RunAs fields were set.

• Fixed a regression in Istio 1.21.0 causing VirtualServices routing to ExternalName services to not work when ENABLE_EXTERNAL_NAME_ALIAS=false was configured.

• Fixed a behavioral change in Istio 1.20 that caused merging of ServiceEntries with the same hostname and port names to give unexpected results. (Issue #50478)

At that point we will stop back-porting fixes for security issues and critical bugs to 1.20, so we encourage you to upgrade to the latest version of Istio (1.29.1). If you don’t do this you may put yourself in the position of having to do a major upgrade on a short timeframe to pick up a critical fix.

We care about you and your clusters, so please be kind to yourself and upgrade.

We would like to thank the Release Managers for this release, Jianpeng He from Tetrate, Sumit Vij from Credit Karma and Zhonghu Xu from Huawei. Once again, the release managers owe a debt of gratitude to Test & Release WG lead Eric Van Norman for his help and guidance; more on him later.

What’s new

Ambient mode now in Beta

Istio’s ambient mode is designed for simplified operations without requiring changes or restarts to your application. It introduces lightweight, shared node proxies and optional Layer 7 per-workload proxies, thus removing the need for traditional sidecars from the data plane. Compared to sidecar mode, ambient mode reduces memory overhead and CPU usage by over 90% in many cases.

Under development since 2022, the Beta release status indicates ambient mode’s features and stability are ready for production workloads with appropriate precautions. Our ambient mode blog post has all the details.

Istio APIs promoted to v1

Istio provides APIs that are crucial for ensuring the robust security, seamless connectivity, and effective observability of services within the service mesh. These APIs are used on thousands of clusters across the world, securing and enhancing critical infrastructure. Most of the features powered by these APIs have been considered stable for some time, but the API version has remained at v1beta1. As a reflection of the stability, adoption, and value of these resources, the Istio community has decided to promote these APIs to v1 in Istio 1.22. Learn about what this means in a blog post introducing the v1 APIs.

Gateway API now Stable for service mesh

We are thrilled to announce that Service Mesh support for the Gateway API is now officially marked as “Stable”! With the release of Gateway API v1.1 and its support in Istio 1.22, you can make use of Kubernetes’ next-generation traffic management APIs for both ingress (“north-south”) and service mesh (“east-west”) use cases. Read more about the improvements in our Gateway API v1.1 blog.

Delta xDS now on by default

Configuration is distributed to Istio’s Envoy sidecars (as well as ztunnel and waypoints) using the xDS protocol. Traditionally, this has been through a “state of the world” design, where if one out of a thousand services is modified, Istio would send information about all 1,000 services to every sidecar. This was very costly in terms of CPU usage (both in the control plane, and aggregated across the sidecars) and network throughput.

To improve performance, we implemented the delta (or incremental) xDS APIs, which sends only changed configurations. We have worked hard over the past 3 years to ensure that the outcome with delta xDS is provably the same as using the state of the world system. and it has been a supported option in the last few Istio releases. In 1.22, we have made it the default. To learn more about the development of this feature, check out this EnvoyCon talk.

Path templating in Authorization Policy

Up until now, you have had to list every path to which you wanted to apply an AuthorizationPolicy object. Istio 1.22 takes advantage of a new feature in Envoy allowing you to specify template wildcards to match of a path.

You can now safely allow path matches like /tenants/{*}/application_forms/guest — a long-requested feature!

Special thanks to Emre Savcı from Trendyol for building a prototype, and for never giving up.

A thank you

Finally, we would like to take this opportunity to congratulate Eric Van Norman on the eve of his retirement, after 34 years at IBM.

Eric is a much respected member of the Istio community. Joining the project in early 2019, he served as a Release Manager for Istio 1.4, a maintainer in the Documentation working group, the lead of the Test and Release working group, and was an obvious choice to join the Technical Oversight Committee in 2021.

Much of Eric’s development work is behind-the-scenes, making sure the various pipelines that build and test Istio’s releases and documentation continue to operate and improve. Indeed, Eric is the second largest contributor to Istio on GitHub.

While Eric will be stepping down from the TOC, he has promised to stay around in the community - although we may have to change from Slack to ham radio to reach him!

Upgrading to 1.22

We would like to hear from you regarding your experience upgrading to Istio 1.22. You can provide feedback in the #release-1.22 channel in our Slack workspace.

Would you like to contribute directly to Istio? Find and join one of our Working Groups and help us improve.

Delta xDS on by default

In previous versions, Istio used the “State of the world” xDS protocol to configure Envoy. In this release, the “Delta” xDS protocol is enabled by default.

This should be an internal implementation detail, but because this controls the core configuration protocol in Istio, an upgrade notice is present in an abundance of caution.

The expected impacts of this change is improved performance of configuration distribution. This may result in reduced CPU and memory utilization in Istiod and proxies, as well as less network traffic between the two. Note that while this release changes the protocol to be incremental, Istio does not yet send perfect minimal incremental updates. However, there are already optimizations in place for a variety of critical code paths, and this change enables us to continue optimizations.

If you experience unexpected impacts of this change, please set the ISTIO_DELTA_XDS=false environment variable in proxies and file a GitHub issue.

Default tracing to zipkin.istio-system.svc removed

In previous versions of Istio, tracing was automatically configured to send traces to zipkin.istio-system.svc. This default setting has been removed; users will need to explicitly configure where to send traces moving forward.

istioctl x precheck --from-version=1.21 can automatically detect if you may be impacted by this change.

If you previously had tracing enabled implicitly, you can enable it by doing one of:

• Installing with --set compatibilityVersion=1.21.
• Following Configure tracing with Telemetry API.

Default value of the feature flag ENHANCED_RESOURCE_SCOPING to true

ENHANCED_RESOURCE_SCOPING is enabled by default. This means that the pilot will processes only the Istio Custom Resource configurations that are in scope of what is specified from meshConfig.discoverySelectors. Root-ca certificate distribution is also affected.

If this is not desired, use the new compatibilityVersion feature to fallback to old behavior.

ServiceEntry with resolution: NONE now respects targetPort

ServiceEntry with resolution: NONE previously ignored any targetPort specifier. In this release, the targetPort is now respected. If undesired set --compatibilityVersion=1.21 to revert to the old behavior, or remove the targetPort specification.

New ambient mode waypoint attachment method

Waypoints in Istio’s ambient mode no longer use the original service account or namespace attachment semantics. If you were using a namespace-scope waypoint previously migration should be fairly straight forward. Label your namespace with the appropriate waypoint and it should function in a similar way. Please check the doc. If you were using service account attachment there will be more to understand.

Under the old waypoint logic all types of traffic, both addressed to a service as well as addressed to a workload, were treated similarly because there wasn’t a good way to properly associate a waypoint to a service. With the new attachment this limitation has been resolved. This includes adding a distinction between service addressed and workload addressed traffic. Annotating a service, or service-like kind, will redirect traffic which is service addressed to your waypoint. Likewise annotating a workload will redirect workload addressed traffic. It is therefore important to understand how consumers address your providers and select a waypoint attachment method which corresponds to this method of access.

These notices describe functionality that will be removed in a future release according to Istio’s deprecation policy. Please consider upgrading your environment to remove the deprecated functionality.

• Deprecated usage of values.istio_cni in favor of values.pilot.cni. (Issue #49290)

Traffic Management

• Improved ServiceEntry with resolution: NONE to respect targetPort, if specified. This is particularly useful when doing TLS origination, allowing to set port:80, targetPort: 443. If undesired, set --compatibilityVersion=1.21 to revert to the old behavior or remove the targetPort specification.

• Added support for skipping the initial installation of the CNI entirely.

• Added a node taint controller to istiod which removes the cni.istio.io/not-ready taint from a node once the Istio CNI pod is ready on that node. (Issue #48818), (Issue #48286)

• Added endpoints acked generation to the proxy distribution report available through the pilot debug API /debug/config_distribution. (Issue #48985)

• Added support for configuring waypoint proxies for Services.

• Added capability to annotate pods, services, namespaces and other similar kinds with an annotation, istio.io/use-waypoint, to specify a waypoint in the form [<namespace name>/]<waypoint name>. This replaces the old requirement for waypoints either being scoped to the entire namespace or to a single service account. Opting out of a waypoint can also be done with a value of #none to allow a namespace-wide waypoint where specific pods or services are not guarded by a waypoint allowing greater flexibility in waypoint specification and use. (Issue #49436)

• Added support for the istio.io/waypoint-for annotations in waypoint proxies. (Issue #49851)

• Added a check to prevent creation of ztunnel config when user has specified a gateway as targetRef in their AuthorizationPolicy. (Issue #50110)

• Added the annotation networking.istio.io/address-type to allow istio class Gateways to use ClusterIP for status addresses.

• Added the ability to annotate workloads or services with istio.io/use-waypoint pointing to Gateways of arbitrary gateway classes. These changes allow configuring a standard Istio gateway as a waypoint. For this to work, it must be configured as a ClusterIP Service with redirection enabled. This is colloquially referred to as a “gateway sandwich” where the ztunnel layer handles mTLS. (Issue #48362)

• Added functionality to enroll individual pods into ambient by labeling them with istio.io/dataplane-mode=ambient. (Issue #50355)

• Added the ability to allow pods to be opted out of ambient redirection by using the istio.io/dataplane-mode=none label. (Issue #50736)

• Removed the ability to opt-out pods from ambient redirection using the ambient.istio.io/redirection=disabled annotation, as that is a status annotation reserved for the CNI. (Issue #50736)

• Added an environment variable for istiod PILOT_GATEWAY_API_DEFAULT_GATEWAYCLASS_NAME that allows overriding the name of the default GatewayClass Gateway API resource. The default value is istio.

• Added an environment variable for istiod PILOT_GATEWAY_API_CONTROLLER_NAME that allows overriding the name of the Istio Gateway API controller as exposed in the spec.controllerName field in the GatewayClass resource. The default value is istio.io/gateway-controller.

• Added support for using the PROXY Protocol for outbound traffic. By specifying proxyProtocol in a DestinationRule.trafficPolicy, the sidecar will send PROXY Protocol headers to the upstream service. This feature is not supported with HBONE proxy for now.

• Added validation checks to reject DestinationRules with duplicate subset names.

• Added field supportedFeatures on a Gateway API’s class status before the controller accepts the Gateway class. (Issue #2162)

• Added checking services’ Resolution, LabelSelector, ServiceRegistry, and namespace when merging services during SidecarScope construction.

• Enabled Delta xDS by default. See upgrade notes for more information. (Issue #47949)

• Fixed an issue where the Kubernetes gateway was not working correctly with the namespace-scoped waypoint proxy.

• Fixed an issue where the delta ADS client received a response which contained RemoveResources.

• Fixed an issue that when using withoutHeaders to configure route matching rules in VirtualService. If the fields specified in withoutHeaders do not exist in the request header, Istio cannot match the request. (Issue #49537)

• Fixed an issue where the priority of envoy filters is ignored when they are in root namespace and proxy namespace. (Issue #49555)

• Fixed an issue where --log_as_json option did not work for the istio-init container. (Issue #44352)

• Fixed an issue with massive Virtual IPs reshuffling when adding or removing a duplicated host. (Issue #49965)

• Fixed Gateway status addresses receiving Service VIPs from outside the cluster.

• Fixed annotation use-waypoint to be a label, for consistency. (Issue #50572)

• Fixed build EDS-typed cluster endpoints with domain address. (Issue #50688)

• Fixed a bug where injection template incorrectly evaluated when InboundTrafficPolicy was set to “localhost”. (Issue #50700)

• Fixed added server-side keepalive to waypoint HBONE endpoints. (Issue #50737)

• Fixed empty prefix match in HTTPMatchRequest not being rejected by the validating webhook. (Issue #48534)

• Fixed a behavioral change in Istio 1.20 that caused merging of ServiceEntries with the same hostname and port names to give unexpected results. (Issue #50478)

• Fixed a bug when a Sidecar resource not merging ports correctly when it is configured with multiple egress listeners with different ports of a Kubernetes service. This lead to creating only one Cluster with the first port, and the second port was ignored.

• Fixed an issue causing routes to be overwritten by other virtual services.

• Removed the values.cni.privileged flag from istio-cni node agent chart in favor of feature-specific permissions. (Issue #49004)

• Removed the PILOT_ENABLE_HEADLESS_SERVICE_POD_LISTENERS feature flag.

• Removed the PILOT_ENABLE_INBOUND_PASSTHROUGH setting, which has been enabled-by-default for the past 8 releases. This feature can now be configured using a new Inbound Traffic Policy Mode.

Security

• Updated the default value of the feature flag ENABLE_AUTO_ENHANCED_RESOURCE_SCOPING to true.

• Added support for path templating in AuthorizationPolicy. See Envoy URI template docs. (Issue #16585)

• Added support for customizing the connection timeout setting when resolving jwksUri. (Issue #47328)

• Added support for Istio CA to handle node authorization for CSRs with impersonating the identity of remote clusters. This could help Istio CA to authenticate ztunnel in remote clusters in an external control plane scenario. (Issue #47489)

• Added an environment variable METRICS_LOCALHOST_ACCESS_ONLY for disabling metrics endpoint from outside of the pod, to allow only localhost access. User can set this with command arguments --set values.pilot.env.METRICS_LOCALHOST_ACCESS_ONLY=true for control plane and --set meshConfig.defaultConfig.proxyMetadata.METRICS_LOCALHOST_ACCESS_ONLY=true for proxy during istioctl installation.

• Added Certificate Revocation List (CRL) support for peer certificate validation based on file paths specified in ClientTLSSettings in destination rule for Sidecars, and in ServerTLSSettings in Gateway for Gateways.

• Fixed list matching for the audience claims in JWT tokens. (Issue #49913)

• Removed the first-party-jwt legacy option for values.global.jwtPolicy. Support for the more secure third-party-jwt has been default for many years and is supported in all Kubernetes platforms.

Telemetry

• Improved JSON access logs to emit keys in a consistent order.

• Added option to export OpenTelemetry traces via HTTP. (reference) (Issue #47835)

• Enabled configuring Dynatrace Sampler as the OpenTelemetryTracingProvider in MeshConfig. (Issue #50001)

• Enabled configuring Resource Detectors as the OpenTelemetryTracingProvider in MeshConfig. (Issue #48885)

• Fixed an issue where TraceId was not propagated when using OpenTelemetry access logger. (Issue #49911)

• Removed default tracing configuration that enables tracing to zipkin.istio-system.svc. See upgrade notes for more information.

Extensibility

• Improved using the tag-stripped URL and checksum as a Wasm module cache key, where the tagged URL is separately cached. This may increase the chance of cache hits (e.g., trying to find the same image with both of the tagged and digest URLs.) In addition, this will be a base to implement ImagePullPolicy.

Installation

• Improved Helm value field names to configure whether an existing CNI install will be used. Instead of values.istio_cni the enablement fields will be in values.pilot.cni, as istiod is the affected component. The new setting is more clear than having values.cni for install config and values.istio_cni for enablement in istiod. The old values.istio_cni fields will still be supported for at least two releases. (Issue #49290)

• Improved the meshConfig.defaultConfig.proxyMetadata field to do a deep merge when overridden, rather than replacing all values.

• Added the ability to add customized annotations to istiod service account resource through the Helm chart.

• Added the openshift-ambient profile. (Issue #42341)

• Added a new, optional experimental admission policy that only allows stable features/fields to be used in Istio APIs. (Issue #173)

• Added support for configuring CA bundles for validation and injection webhooks.

• Fixed gathering pprof data from the local ztunnel admin endpoint, which would fail due to the lack of a writable in-container /tmp. (Issue #50060)

• Removed deprecated external profile. Please use the remote profile instead for installation. (Issue #48634)

istioctl

• Added the istioctl proxy-status command, which is the promoted istioctl experimental proxy-status command. The old istioctl proxy-status command has been removed. This promotion should not result in any loss of functionality. However, the request is now sent based on xDS instead of HTTP, and we have introduced a set of new xDS-based flags to target the control plane.

• Added support for multi-cluster analysis in istioctl analyze command when there are remote cluster secrets set up through Install Multicluster.

• Added a new istioctl dashboard proxy command, which can be used to show the admin UI of different proxy pods, for example: Envoy, ztunnel, and waypoint.

• Added the --proxy option to istioctl experimental wait command. (Issue #48696)

• Added namespace filtering to istioctl proxy-config workload command using the --workloads-namespace flag to display workloads in the specified namespace.

• Added the istioctl dashboard istio-debug command to display the Istio debug endpoints dashboard.

• Added the istioctl experimental describe command to support displaying the details of policies for PortLevelSettings. (Issue #49802)

• Added ability to define the traffic address type (service, workload, all or none) for waypoints via the --for flag when using the istioctl experimental waypoint apply command. (Issue #49896)

• Added the ability to name waypoints through istioctl via the --name flag on the waypoint command. (Issue #49915), (Issue #50173)

• Removed the ability to specify a service account for the waypoint by deleting the --service-account flag on the waypoint command. (Issue #49915), (Issue #50173)

• Added the ability to enroll a waypoint proxy in the waypoint’s namespace through istioctl via the --enroll-namespace flag on the waypoint command. (Issue #50248)

• Added the istioctl ztunnel-config command. This allow users to view ztunnel configuration information via the istioctl ztunnel-config workload command. (Issue #49841)

• Removed the workload flag from proxy-config command. Use istioctl ztunnel-config workload command to view ztunnel configuration information instead. (Issue #49841)

• Added a warning when using istioctl experimental waypoint apply --enroll-namespace and the namespace is not labeled for ambient redirection. (Issue #50396)

• Added the --for flag to istioctl experimental waypoint generate command so that the user can preview the YAML before they apply it. (Issue #50790)

• Added an experimental OpenShift Kubernetes platform profile to istioctl. To install with the OpenShift profile, use istioctl install --set profile=openshift. See OpenShift Platform Setup and Install OpenShift using istioctl documents for more information.

• Added the flag --proxy-admin-port to the command istioctl experimental envoy-stats to set a custom proxy admin port.

• Fixed an issue where the istioctl experimental proxy-status <pod> compare command was not working due to unknown configs.

• Fixed the istioctl describe command not displaying Ingress information under non istio-system namespaces. (Issue #50074)

At this point we will no longer back-port fixes for security issues and critical bugs to 1.19. We highly recommend that you upgrade to the latest version of Istio (1.29.1) if you haven’t already.

CVE

Envoy CVEs

• CVE-2024-32475: (CVSS Score 7.5, High): Abnormal termination when using auto_sni with :authority header longer than 255 characters.

Am I Impacted?

You are impacted if you enabled the auto_sni feature of Envoy, are using Istio versions 1.21.0 or above where this was enabled by default, or are using an Egress Gateway.

This release note describes what’s different between Istio 1.21.1 and 1.21.2.

Changes

• Added pprof endpoints to profile the CNI pod (on port 9867). (Issue #49053)

• Improved CNI memory usage by avoiding keeping large files in memory. (Issue #49053)

This release note describes what’s different between Istio 1.20.5 and 1.20.6.

Changes

• Added pprof endpoints to profile the CNI pod (on port 9867). (Issue #49053)

• Improved CNI memory usage by avoiding keeping large files in memory. (Issue #49053)

This release note describes what’s different between Istio 1.19.9 and 1.19.10.

Changes

This release fixes the Envoy CVE mentioned above. No other changes in this release.

CVE

Envoy CVEs

• CVE-2024-27919: (CVSS Score 7.5, High): HTTP/2: memory exhaustion due to CONTINUATION frame flood.
• CVE-2024-30255: (CVSS Score 5.3, Moderate): HTTP/2: CPU exhaustion due to CONTINUATION frame flood.

Go CVEs

NOTE: At the time of publishing, the CVE was not yet scored or vectored.

• CVE-2023-45288: (CVSS Score Unpublished): HTTP/2 CONTINUATION frames can be utilized for DoS attacks.

Am I Impacted?

You are impacted if you accept HTTP/2 traffic from untrusted sources, which applies to most users. This especially applies if you use a Gateway exposed on the public internet.

This release note describes what’s different between Istio 1.21.0 and 1.21.1.

Changes

• Fixed a bug where VirtualServices containing duplicate hosts with different cases would cause routes to be rejected by Envoy. (Issue #49638)

• Fixed an issue where commands relying on Envoy config dump would not work due to the presence of ECDS config.

• Fixed an issue where telemetry EnvoyFilter resources were not correctly pruned during the installation process. (Issue #48126)

• Fixed an issue where pilot CPU consumption was abnormally high when the in-cluster analysis was enabled. (Issue #49340)

• Fixed an issue where updating a ServiceEntry’s TargetPort would not trigger an xDS push. (Issue #49878)

This release note describes what’s different between Istio 1.20.4 and 1.20.5.

Changes

• Fixed a bug where VirtualServices containing duplicate hosts with different cases would cause routes to be rejected by Envoy. (Issue #49638)

• Fixed an issue where commands relying on Envoy config dump would not work due to the presence of ECDS config.

• Fixed an issue where telemetry EnvoyFilter resources were not correctly pruned during the installation process. (Issue #48126)

• Fixed an issue where pilot CPU consumption was abnormally high when the in-cluster analysis was enabled. (Issue #49340)

• Fixed an issue where updating a ServiceEntry’s TargetPort would not trigger an xDS push. (Issue #49878)

This release note describes what’s different between Istio 1.19.8 and 1.19.9.

Changes

• Fixed an issue where updating a ServiceEntry’s TargetPort would not trigger an xDS push. (Issue #49878)

At that point we will stop back-porting fixes for security issues and critical bugs to 1.19, so we encourage you to upgrade to the latest version of Istio (1.29.1). If you don’t do this you may put yourself in the position of having to do a major upgrade on a short timeframe to pick up a critical fix.

We care about you and your clusters, so please be kind to yourself and upgrade.

Changes

• Added an environment variable COMPLIANCE_POLICY to Istio components for enforcing TLS restriction for compliance with FIPS. When set to fips-140-2 on the Istiod container, the Istio Proxy container, and all other Istio components, the TLS version is restricted to v1.2. The cipher suites are limited to a subset of ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-GCM-SHA384, and ECDH curves to P-256.

  These restrictions apply on the following data paths:

  • mTLS communication between Envoy proxies;
  • regular TLS on the downstream and the upstream of Envoy proxies (e.g. gateway);
  • Google gRPC side requests from Envoy proxies (e.g. Stackdriver extensions);
  • Istiod xDS server;
  • Istiod injection and validation webhook servers.

  The restrictions are not applied on the following data paths:

  • Istiod to Kubernetes API server;
  • JWK fetch from Istiod;
  • Wasm image and URL fetch from Istio Proxy containers;
  • ztunnel.

  Note that Istio injector will propagate the value of COMPLIANCE_POLICY to the injected proxy container, when set. (Issue #49081)

• Fixed an issue where the local client contained incorrect entries in the local DNS name table. (Issue #47340)

• Fixed a bug that made PeerAuthentication too restrictive in ambient mode.

• Fixed a bug where VirtualService containing wildcard hosts that aren’t present in the service registry are ignored. (Issue #49364)

• Fixed an issue where istioctl precheck inaccurately reports the IST0141 message related to resource permissions. (Issue #49379)

• Fixed a bug for IPv6 only clusters that prevented ServiceEntry-based listeners from having correct SNI matches. (Issue #49476)

• Fixed a bug when there is more than one service with the same host name within the same namespace, a STRICT_DNS cluster without endpoints error could occur. (Issue #49489)

• Fixed an issue that when using a delegate in a VirtualService, the effective VirtualService may not be consistent with expectations due to a sorting error. (Issue #49539)

• Fixed a bug where specifying a URI regex .* match within a VirtualService HTTP route did not short-circuit the subsequent HTTP routes.

• Fixed an issue where Endpoint and Service in the istiod-remote chart did not respect the revision value. (Issue #47552)

Changes

• Added an environment variable COMPLIANCE_POLICY to Istio components for enforcing TLS restriction for compliance with FIPS. When set to fips-140-2 on the Istiod container, the Istio Proxy container, and all other Istio components, the TLS version is restricted to v1.2. The cipher suites are limited to a subset of ECDHE-ECDSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-GCM-SHA384, and ECDH curves to P-256.

  These restrictions apply on the following data paths:

  • mTLS communication between Envoy proxies;
  • regular TLS on the downstream and the upstream of Envoy proxies (e.g. gateway);
  • Google gRPC side requests from Envoy proxies (e.g. Stackdriver extensions);
  • Istiod xDS server;
  • Istiod injection and validation webhook servers.

  The restrictions are not applied on the following data paths:

  • Istiod to Kubernetes API server;
  • JWK fetch from Istiod;
  • Wasm image and URL fetch from Istio Proxy containers;
  • ztunnel.

  Note that Istio injector will propagate the value of COMPLIANCE_POLICY to the injected proxy container, when set. (Issue #49081)

• Fixed an issue where the local client contained incorrect entries in the local DNS name table. (Issue #47340)

• Fixed a bug where VirtualService containing wildcard hosts that aren’t present in the service registry are ignored. (Issue #49364)

• Fixed an issue where istioctl precheck inaccurately reports the IST0141 message related to resource permissions. (Issue #49379)

• Fixed an issue that when using a delegate in a VirtualService, the effective VirtualService may not be consistent with expectations due to a sorting error. (Issue #49539)

• Fixed a bug where specifying a URI regex .* match within a VirtualService HTTP route did not short-circuit the subsequent HTTP routes.

What’s new

Easing upgrades with compatibility versions

Istio 1.21 introduces a new concept known as compatibility versions.

Compatibility versions solve a long running problem in Istio: as time passes, changes to the behavior of Istio may be desired to fix bugs, improve integration with the rest of the ecosystem, improve security, or fix surprising behaviors. However, even the smallest behavioral changes can cause issues on upgrade for a project like Istio deployed across thousands of companies in production. At best, this makes upgrades more challenging - at worst, it pushes users to not upgrade at all!

With compatibility versions, behavioral changes are decoupled from the Istio version. For example, if you want to upgrade to Istio 1.21 but don’t want to adopt the changes introduced yet, simply install with --set compatibilityVersion=1.20 to retain the 1.20 behavior.

Not sure if you need the old behavior? Not a problem, istioctl can tell you!

$ istioctl experimental precheck --from-version 1.28
Warning [IST0168] (DestinationRule default/tls) The configuration "ENABLE_AUTO_SNI"
changed in release 1.20: previously, no SNI would be set; now it will be automatically
set. Or, install with `--set compatibilityVersion=1.20` to retain the old default.

Error: Issues found when checking the cluster. Istio may not be safe to install or upgrade.
See https://istio.io/v1.21/docs/reference/config/analysis for more information about
causes and resolutions.

In this release, the following changes are gated behind compatibility versions:

• Improved ExternalName service support
• Automatic SNI for SIMPLE TLS origination in DestinationRule
• Default-on TLS verification for TLS origination in DestinationRule

istioctl experimental precheck can detect possibly impacted resources for all of these changes. For more info on these changes, see the Upgrade Notes.

Istio joins related projects like Kubernetes and Go who have introduced similar features.

Binary size reductions

With each release, Istio gets faster, more reliable, and more stable, and this release is no different. In this release, binary sizes have dropped across the board, with roughly 10MB smaller binaries.

This is especially important with the sidecar, because its deployed alongside every workload. Coming in at 25% smaller, the sidecar image can be pulled faster improving pod startup times. Additionally, the reduced binary size typically results in a 5MB RAM reduction - across many pods, this quickly adds up to cost savings.

Support for all CNIs in ambient mode

Our new ambient mode now works across all Kubernetes platforms and CNI implementations. Ambient mode has been tested with GKE, AKS, and EKS and all the CNI implementations they offer, 3rd-party CNIs like Calico and Cilium, and platforms like OpenShift, all with solid results. The engineering challenges behind this fix were described in a recent blog post.

Ambient mode is targeted to move to Beta in the upcoming Istio 1.22.

Upgrading to 1.21

We would like to hear from you regarding your experience upgrading to Istio 1.21. You can provide feedback in the #release-1.21 channel in our Slack workspace.

Would you like to contribute directly to Istio? Find and join one of our Working Groups and help us improve.

Default value of the feature flag ENABLE_AUTO_SNI to true

auto-sni is enabled by default. This means SNI will be set automatically based on the downstream HTTP host/authority header if DestinationRule does not explicitly set the same.

If this is not desired, use the new compatibilityVersion feature to fallback to old behavior.

Default value of the feature flag VERIFY_CERT_AT_CLIENT is set to true

This means server certificates will be automatically verified using the OS CA certificates when not using a DestinationRule caCertificates field. If this is not desired, use the new compatibilityVersion feature to fallback to old behavior, or use the insecureSkipVerify field in DestinationRule to skip the verification.

ExternalName support changes

Kubernetes ExternalName Services allow users to create new DNS entries. For example, you can create an example service that points to example.com. This is implemented by a DNS CNAME redirect.

In Istio, the implementation of ExternalName, historically, was substantially different. Each ExternalName represented its own service, and traffic matching the service was sent to the configured DNS name.

This caused a few issues:

• Ports are required in Istio, but not in Kubernetes. This can result in broken traffic if ports are not configured as Istio expects, despite them working without Istio.
• Ports not declared as HTTP would match all traffic on that port, making it easy to accidentally send all traffic on a port to the wrong place.
• Because the destination DNS name is treated as opaque, we cannot apply Istio policies to it as expected. For example, if I point an external name at another in-cluster Service (for example, example.default.svc.cluster.local), mTLS would not be used.

ExternalName support has been revamped to fix these problems. ExternalNames are now simply treated as aliases. Wherever we would match Host: <concrete service> we additionally will match Host: <external name service>. Note that the primary implementation of ExternalName – DNS – is handled outside of Istio in the Kubernetes DNS implementation, and remains unchanged.

If you are using ExternalName with Istio, please be advised of the following behavioral changes:

• The ports field is no longer needed, matching Kubernetes behavior. If it is set, it will have no impact.
• VirtualServices that route to an ExternalName service will no longer work unless the referenced service exists (as a Service or ServiceEntry).
• DestinationRule can no longer apply to ExternalName services. Instead, create rules where the host references service.

To opt-out, the ENABLE_EXTERNAL_NAME_ALIAS=false environment variable can be set.

Note: the same change was introduced in the previous release, but off by default. This release turns the flag on by default.

Gateway Name label modified

If you are using the Kubernetes Gateway to manage your Istio gateways, the label key used to identify the gateway name is changing from istio.io/gateway-name to gateway.networking.k8s.io/gateway-name. The old label will continue to be appended to the relevant label sets for backwards compatibility, but it will be removed in a future release. Furthermore, istiod’s gateway controller will automatically detect and continue to use the old label for label selectors belonging to existing Deployment and Service resources.

Therefore, once you’ve completed your Istio upgrade, you can change the label selector in Deployment and Service resources whenever you are ready to use the new label.

Additionally, please upgrade any other policies, resources, or scripts that rely on the old label.

• Improved pilot-agent to return the HTTP probe body and status code from the probe setting in the container.

• Improved support for ExternalName services. See Upgrade Notes for more information.

• Improved the variables PILOT_MAX_REQUESTS_PER_SECOND (which rate limits the incoming requests, previously defaulted to 25.0) and PILOT_PUSH_THROTTLE (which limits the number of concurrent responses, previously defaulted to 100) to automatically scale with the CPU size Istiod is running on if not explicitly configured.

• Added the ability to configure the IPv4 loopback CIDR used by istio-iptables in various firewall rules. (Issue #47211)

• Added support for automatically setting default network for workloads if they are added to the ambient mesh before the network topology is set. Before, when you set topology.istio.io/network on your Istio root namespace, you needed to manually rollout the ambient workloads to make the network change take effect. Now, the network of ambient workloads will be automatically updated even if they do not have a network label. Note that if your ztunnel is not in the same network as what you set in the topology.istio.io/network label in your Istio root namespace, your ambient workloads will not be able to communicate with each other.

• Added namespace discovery selector support on gateway deployment controller. It is protected under ENABLE_ENHANCED_RESOURCE_SCOPING. When enabled, the gateway controller will only watch the k8s gateways that match the selector. Note it will affect both gateway and waypoint deployment.

• Added support for the delta ADS client.

• Added support for concurrent SidecarScope conversion. You can use PILOT_CONVERT_SIDECAR_SCOPE_CONCURRENCY to adjust the number of concurrent executions. Its default value is 1 and will not be executed concurrently. When initSidecarScopes consumes a lot of time and you want to reduce time consumption by increasing CPU consumption, you can increase the number of concurrent executions by increasing the value of PILOT_CONVERT_SIDECAR_SCOPE_CONCURRENCY.

• Added support for setting the :authority header in virtual service’s HTTPRouteDestination. Now, we support host rewrite for both host and :authority.

• Added prefixes to the WasmPlugin resource name.

• Added support for setting idle_timeout in TcpProxy filters for outbound traffic.

• Added support for In-Cluster Gateway Deployments. Deployments now have both istio.io/gateway-name and gateway.networking.k8s.io/gateway-name labels like Pods and Services.

• Added support for max concurrent streams settings in the DestinationRules HTTP traffic policy for HTTP2 connections. (Issue #47166)

• Added support for setting TCP idle timeout for HTTP services.

• Added connection pool settings to the Sidecar API to enable configuring the inbound connection pool for sidecars in the mesh. Previously, the DestinationRule’s connection pool settings applied to both client and server sidecars. Using the updated Sidecar API, it’s now possible to configure the server’s connection pool separately from the clients’ in the mesh. (reference) (Issue #32130), (Issue #41235)

• Added idle_timeout to the TCP settings in the DestinationRule API to enable configuring idle timeout per TcpProxy filter.

• Enabled the Envoy configuration to use an endpoint cache when there is a delay in sending endpoint configurations from Istiod when a cluster is updated.

• Fixed a bug where overlapping wildcard hosts in a VirtualService would produce incorrect routing configuration when wildcard services were selected (e.g. in ServiceEntries). (Issue #45415)

• Fixed an issue where the WasmPlugin resource was not correctly applied to the waypoint. (Issue #47227)

• Fixed an issue where sometimes the network of waypoint was not properly configured.

• Fixed an issue where the pilot-agent istio-clean-iptables command was not able to clean up the iptables rules generated for the Istio DNS proxy. (Issue #47957)

• Fixed slow cleanup of auto-registered WorkloadEntry resources when auto-registration and cleanup would occur shortly after the initial WorkloadGroup creation. (Issue #44640)

• Fixed an issue where Istio was performing additional XDS pushes for StatefulSets/headless Service endpoints while scaling. (Issue #48207)

• Fixed a memory leak caused when a remote cluster is deleted or kubeConfig is rotated. (Issue #48224)

• Fixed an issue where if a DestinationRule’s exportTo includes a workload’s current namespace (not ‘.’), other namespaces are ignored from exportTo. (Issue #48349)

• Fixed an issue where the QUIC listeners were not correctly created when dual-stack is enabled. (Issue #48336)

• Fixed an issue where convertToEnvoyFilterWrapper returned an invalid patch that could cause a null pointer exception when it was applied.

• Fixed an issue where updating a Service’s targetPort does not trigger an xDS push. (Issue #48580)

• Fixed an issue where in-cluster analysis was unnecessarily performed when there was no configuration change. (Issue #48665)

• Fixed a bug that results in the incorrect generation of configurations for pods without associated services, which includes all services within the same namespace. This can occasionally lead to conflicting inbound listeners error.

• Fixed an issue where new endpoints may not be sent to proxies. (Issue #48373)

• Fixed Gateway API AllowedRoutes handling for NotIn and DoesNotExist label selector match expressions. (Issue #48044)

• Fixed VirtualService HTTP header present match not working when header-name: {} is set. (Issue #47341)

• Fixed multi-cluster leader election not prioritizing local over remote leader. (Issue #47901)

• Fixed a memory leak when hostNetwork Pods scale up and down. (Issue #47893)

• Fixed a memory leak when WorkloadEntries change their IP address. (Issue #47893)

• Fixed a memory leak when a ServiceEntry is removed. (Issue #47893)

• Fixed a bug when there is more than one service with the same host name within the same namespace, a STRICT_DNS cluster without endpoints error could occur. (Issue #49489)

• Fixed an issue that when using a delegate in a VirtualService, the effective VirtualService may not be consistent with expectations due to a sorting error. (Issue #49539)

• Fixed a bug where specifying a URI regex .* match within a VirtualService HTTP route did not short-circuit the subsequent HTTP routes.

• Fixed sending stale name table when pure HTTP headless service endpoints are changed.

• Fixed a bug for IPv6 only clusters that prevented ServiceEntry-based listeners from having correct SNI matches. (Issue #49476)

• Fixed an issue where the local client contained incorrect entries in the local DNS name table. (Issue #47340)

• Fixed a bug where VirtualService containing wildcard hosts that aren’t present in the service registry are ignored. (Issue #49364)

• Upgraded ambient traffic capture and redirection compatibility by switching to an in-pod mechanism. (Issue #48212)

• Removed the PILOT_ENABLE_INBOUND_PASSTHROUGH environment variable, which has been enabled-by-default for the past 8 releases.

Security

• Improved request JWT authentication to use the upstream Envoy JWT filter instead of the custom Istio Proxy filter. Because the new upstream JWT filter capabilities are needed, the feature is gated for the proxies that support them. Note that a custom Envoy or Wasm filter that used istio_authn dynamic metadata key needs to be updated to use envoy.filters.http.jwt_authn dynamic metadata key.

• Updated the default value of the feature flag ENABLE_AUTO_SNI to true. If undesired, please use the new compatibilityVersion feature to fallback to old behavior.

• Updated the default value of the feature flag VERIFY_CERT_AT_CLIENT to true. This means server certificates will be automatically verified using the OS CA certificates when not using a DestinationRule caCertificates field. If undesired, please use the new compatibilityVersion feature to fallback to old behavior, or insecureSkipVerify field in DestinationRule to skip the verification.

• Added an environment variable COMPLIANCE_POLICY to Istio components for enforcing TLS restriction for compliance with FIPS. When set to fips-140-2 on the Istiod container, the Istio Proxy container, and all other Istio components, TLS version is restricted to v1.2, the cipher suites to a subset of ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256, ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-RSA-AES256-GCM-SHA384, and ECDH curves to P-256.

  These restrictions apply on the following data paths:

  • mTLS communication between Envoy proxies.
  • regular TLS on the downstream and the upstream of Envoy proxies (e.g. gateway)
  • Google gRPC side requests from Envoy proxies (e.g. Stackdriver extensions).
  • Istiod xDS server.
  • Istiod injection and validation webhook servers.

  The restrictions are not applied on the following data paths:

  • Istiod to Kubernetes API server.
  • JWK fetch from Istiod.
  • Wasm image and URL fetch from Istio Proxy containers.
  • ztunnel.

  Note that Istio injector will propagate the value of COMPLIANCE_POLICY to the injected proxy container, when set. (Issue #49081)

• Added the ability for waypoints to run as non-root. (Issue #46592)

• Added a fallback field for PrivateKeyProvider to support falling back to the default BoringSSL implementation if the private key provider isn’t available.

• Added support to retrieve JWT from cookies. (Issue #47847)

• Fixed a bug that made PeerAuthentication too restrictive in ambient mode.

• Fixed an issue where auto-san-validation was enabled even when SNI was explicitly set in the DestinationRule.

• Fixed an issue where gateways were unable to fetch JWKS from jwksUri in RequestAuthentication when PILOT_FILTER_GATEWAY_CLUSTER_CONFIG was enabled and PILOT_JWT_ENABLE_REMOTE_JWKS was set to hybrid/true/envoy.

Telemetry

• Improved JSON access logs to emit keys in a stable ordering.

• Added support for brotli, gzip, and zstd compression for the Envoy stats endpoint. (Issue #30987)

• Added the istio.cluster_id tag to all tracing spans. (Issue #48336)

• Fixed a bug where destination_cluster reported by client proxies was occasionally incorrect when accessing workloads in a different network.

• Removed legacy EnvoyFilter implementation for Telemetry. For the majority of users, this change has no impact, and was already enabled in previous releases. However, the following fields are no longer respected: prometheus.configOverride, stackdriver.configOverride, stackdriver.disableOutbound, stackdriver.outboundAccessLogging.