From 0c8bae9564e06071fddfd501d444c968d38540ed Mon Sep 17 00:00:00 2001 From: Istio Automation Date: Tue, 11 Oct 2022 11:11:09 -0700 Subject: [PATCH] [master] Release notes for Istio 1.13.9 (#12082) * Release notes for Istio 1.13.9 * Fix lint * Fix lint * Fix lint * Fix lint * Revisions * Update notes * An edit * Update release date * Edit notes Co-authored-by: Lei Tang <32078630+lei-tang@users.noreply.github.com> --- .spelling | 1 + .../1.13.x/announcing-1.13.9/index.md | 26 +++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 content/en/news/releases/1.13.x/announcing-1.13.9/index.md diff --git a/.spelling b/.spelling index 93ea124c83..93cd038e9d 100644 --- a/.spelling +++ b/.spelling @@ -302,6 +302,7 @@ CVE-2022-29226 CVE-2022-29227 CVE-2022-29228 CVE-2022-31045 +CVE-2022-41715 cves CVEs cvss diff --git a/content/en/news/releases/1.13.x/announcing-1.13.9/index.md b/content/en/news/releases/1.13.x/announcing-1.13.9/index.md new file mode 100644 index 0000000000..6a0041fceb --- /dev/null +++ b/content/en/news/releases/1.13.x/announcing-1.13.9/index.md @@ -0,0 +1,26 @@ +--- +title: Announcing Istio 1.13.9 +linktitle: 1.13.9 +subtitle: Patch Release +description: Istio 1.13.9 patch release. +publishdate: 2022-10-11 +release: 1.13.9 +--- + +This release contains a patch for [CVE-2022-41715](https://github.com/golang/go/issues/55949) and bug fixes to improve robustness. This release note describes what is different between Istio 1.13.8 and Istio 1.13.9. + +{{< relnote >}} + +## Security update + +- Patch for [CVE-2022-41715](https://github.com/golang/go/issues/55949). Replaces all uses of `stdlib` `regexp` with the Go 1.19.2 `stdlib` implementation. This will guard against DOS via malformed regular expressions. + +## Changes + +- **Fixed** an issue where the user can not delete the Istio Operator resource with revision if istiod is not running. ([Issue #40796](https://github.com/istio/istio/issues/40796)) + +- **Fixed** a bug where the return dynamically generated by `jwks` was not base64 encoded, causing Envoy to fail to parse it. + +- **Fixed** an issue where a root namespace `Sidecar` configuration would be ignored. + +- **Fixed** the gateway API integration to not fail when the `v1alpha2` version is removed.