authz: update the change notes for deny and exclude matching (#6798)

2020-03-06 12:35:49 -08:00 · 2020-03-06 12:35:49 -08:00 · 5de726aae4
parent bd34b44c77
commit 5de726aae4
1 changed files with 1 additions and 1 deletions
--- a/content/en/news/releases/1.5.x/announcing-1.5/change-notes/index.md
+++ b/content/en/news/releases/1.5.x/announcing-1.5/change-notes/index.md
@ -23,7 +23,7 @@ weight: 10

 - **Graduated** SDS to stable and enabled by default. It provides identity provisioning for Istio Envoy proxies.
 - **Added** Beta authentication API. The new API separates peer (i.e mutual TLS) and origin (JWT) authentication into [`PeerAuthentication`](https://github.com/istio/api/blob/master/security/v1beta1/peer_authentication.proto) and [`RequestAuthentication`](https://github.com/istio/api/blob/master/security/v1beta1/request_authentication.proto) respectively. Both new APIs are workload-oriented, as opposed to service-oriented in alpha `AuthenticationPolicy`.
- **Added** [deny semantics](https://github.com/istio/api/blob/master/security/v1beta1/authorization.proto#L28) to Authorization Policy
+- **Added** [deny semantics](/docs/tasks/security/authorization/authz-deny) and [exclusion matching](/docs/concepts/security/#exclusion-matching) to Authorization Policy.
 - **Graduated** [auto mutual TLS](/docs/tasks/security/authentication/authn-policy/#auto-mutual-tls) from alpha to beta. This feature is now enabled by default.
 - **Improved** [SDS security](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret) by merging Node Agent with Pilot Agent as Istio Agent and removing cross-pod UDS, which no longer requires users to deploy Kubernetes pod security policies for UDS connections.
 - **Improved** Istio by including certificate provisioning functionality within istiod.