istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add release notes for 1.24.6 and 1.25.3 (#16483) 

* add release notes for 1.24.6 and 1.25.3

Signed-off-by: Daniel Hawton <daniel@hawton.org>

* bump CVE table in supported releases page

Signed-off-by: Daniel Hawton <daniel@hawton.org>

---------

Signed-off-by: Daniel Hawton <daniel@hawton.org>
This commit is contained in:
Daniel Hawton 2025-05-13 17:52:12 +02:00 committed by GitHub
parent 354c2ffb05
commit b37c0a45e6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 53 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.spelling
View File

@ -414,6 +414,7 @@ CVE-2024-53269
CVE-2024-53270 CVE-2024-53270
CVE-2024-53271 CVE-2024-53271
CVE-2025-30157 CVE-2025-30157
CVE-2025-46821
CVEs CVEs
cves cves
cvss cvss

4
content/en/docs/releases/supported-releases/index.md
View File

@ -71,8 +71,8 @@ Please keep up-to-date and use a supported version.
| Minor Releases | Patched versions with no known CVEs | | Minor Releases | Patched versions with no known CVEs |
|----------------|-------------------------------------| |----------------|-------------------------------------|
| 1.26.x | 1.26.0+ | | 1.26.x | 1.26.0+ |
| 1.25.x | 1.25.0+ | | 1.25.x | 1.25.3+ |
| 1.24.x | 1.24.0+ | | 1.24.x | 1.24.6+ |
## Supported Envoy Versions ## Supported Envoy Versions

27
content/en/news/releases/1.24.x/announcing-1.24.6/index.md Normal file
View File

@ -0,0 +1,27 @@
---
title: Announcing Istio 1.24.6
linktitle: 1.24.6
subtitle: Patch Release
description: Istio 1.24.6 patch release.
publishdate: 2025-05-13
release: 1.24.6
---
This release contains bug fixes to improve robustness. This release note describes whats different between Istio 1.24.5 and Istio 1.24.6.
{{< relnote >}}
## Security Updates
- [CVE-2025-46821](https://nvd.nist.gov/vuln/detail/CVE-2025-46821) (CVSS Score 5.3, Medium): Bypass of RBAC `uri_template` permission.
If you use `**` within an `AuthorizationPolicy`'s path field, it is recommended you upgrade to Istio 1.24.6.
## Changes
- **Fixed** an issue where validation webhook incorrectly reported a warning when a `ServiceEntry` configured `workloadSelector` with DNS resolution.
([Issue #50164](https://github.com/istio/istio/issues/50164))
- **Removed** the restriction where revision tag only worked when `istiodRemote` was not enabled in the istiod helm chart. Revision tags now work as long as the `revisionTags` is specified without regard to whether `istiodRemote` is enabled or not.
([Issue #54743](https://github.com/istio/istio/issues/54743))

23
content/en/news/releases/1.25.x/announcing-1.25.3/index.md Normal file
View File

@ -0,0 +1,23 @@
---
title: Announcing Istio 1.25.3
linktitle: 1.25.3
subtitle: Patch Release
description: Istio 1.25.3 patch release.
publishdate: 2025-05-13
release: 1.25.3
---
This release contains bug fixes to improve robustness. This release note describes whats different between Istio 1.25.2 and Istio 1.25.3.
{{< relnote >}}
## Security Updates
- [CVE-2025-46821](https://nvd.nist.gov/vuln/detail/CVE-2025-46821) (CVSS Score 5.3, Medium): Bypass of RBAC `uri_template` permission.
If you use `**` within an `AuthorizationPolicy`'s path field, it is recommended you upgrade to Istio 1.25.3.
## Changes
- **Removed** the restriction where revision tag only worked when `istiodRemote` was not enabled in the istiod helm chart. Revision tags now work as long as the `revisionTags` is specified without regard to whether `istiodRemote` is enabled or not.
([Issue #54743](https://github.com/istio/istio/issues/54743))