zh-translation: content/news/* (#6057)

* sync: content/news

* Fix : error links.

content/zh/news/_index.md

@@ -5,4 +5,7 @@ linktitle: News
 sidebar_multicard: true
 icon: bullhorn
 decoration: pill
+outputs:
+    - html
+    - rss    
 ---

content/zh/news/releases/1.2.x/announcing-1.2.10/index.md

@@ -0,0 +1,25 @@
+---
+title: Announcing Istio 1.2.10
+linktitle: 1.2.10
+subtitle: Patch Release
+description: Istio 1.2.10 patch release.
+publishdate: 2019-12-10
+release: 1.2.10
+aliases:
+    - /zh/news/announcing-1.2.10
+---
+
+This release contains fixes for the security vulnerability described in [our December 10th, 2019 news post](/zh/news/security/istio-security-2019-007). This release note describes what’s different between Istio 1.2.9 and Istio 1.2.10.
+
+{{< relnote >}}
+
+## Security update
+
+- **ISTIO-SECURITY-2019-007** A heap overflow and improper input validation have been discovered in Envoy.
+
+__[CVE-2019-18801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18801)__: Fix a vulnerability affecting Envoy's processing of large HTTP/2 request headers.  A successful exploitation of this vulnerability could lead to a denial of service, escalation of privileges, or information disclosure.
+__[CVE-2019-18802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18802)__: Fix a vulnerability resulting from whitespace after HTTP/1 header values which could allow an attacker to bypass Istio's policy checks, potentially resulting in information disclosure or escalation of privileges.
+
+## Bug fix
+
+- Add support for Citadel to automatically rotate root cert. ([Issue 17059](https://github.com/istio/istio/issues/17059))

content/zh/news/releases/1.3.x/announcing-1.3.6/index.md

@@ -0,0 +1,30 @@
+---
+title: Announcing Istio 1.3.6
+linktitle: 1.3.6
+description: Istio 1.3.6 patch release.
+publishdate: 2019-12-10
+subtitle: Patch Release
+release: 1.3.6
+aliases:
+    - /zh/news/announcing-1.3.6
+---
+
+This release contains fixes for the security vulnerability described in [our December 10th, 2019 news post](/zh/news/security/istio-security-2019-007) as well as bug fixes to improve robustness. This release note describes what's different between Istio 1.3.5 and Istio 1.3.6.
+
+{{< relnote >}}
+
+## Security update
+
+- **ISTIO-SECURITY-2019-007** A heap overflow and improper input validation have been discovered in Envoy.
+
+__[CVE-2019-18801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18801)__: Fix a vulnerability affecting Envoy's processing of large HTTP/2 request headers.  A successful exploitation of this vulnerability could lead to a denial of service, escalation of privileges, or information disclosure.
+__[CVE-2019-18802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18802)__: Fix a vulnerability resulting from whitespace after HTTP/1 header values which could allow an attacker to bypass Istio's policy checks, potentially resulting in information disclosure or escalation of privileges.
+
+## Bug fixes
+
+- **Fixed** an issue where a duplicate listener was generated for a proxy's IP address when using a headless `TCP` service. ([Issue 17748](https://github.com/istio/istio/issues/17748))
+- **Fixed** an issue with the `destination_service` label in HTTP related metrics incorrectly falling back to `request.host` which can cause a metric cardinality explosion for ingress traffic. ([Issue 18818](https://github.com/istio/istio/issues/18818))
+
+## Minor enhancements
+
+- **Improved** load-shedding options for Mixer. Added support for a `requests-per-second` threshold for load-shedding enforcement. This allows operators to turn off load-shedding for Mixer in low traffic scenarios.

content/zh/news/releases/1.4.x/announcing-1.4.2/index.md

@@ -0,0 +1,21 @@
+---
+title: Announcing Istio 1.4.2
+linktitle: 1.4.2
+subtitle: Patch Release
+description: Istio 1.4.2 patch release.
+publishdate: 2019-12-10
+release: 1.4.2
+aliases:
+    - /zh/news/announcing-1.4.2
+---
+
+This release contains fixes for the security vulnerability described in [our December 10th, 2019 news post](/zh/news/security/istio-security-2019-007). This release note describes what’s different between Istio 1.4.1 and Istio 1.4.2.
+
+{{< relnote >}}
+
+## Security update
+
+- **ISTIO-SECURITY-2019-007** A heap overflow and improper input validation have been discovered in Envoy.
+
+__[CVE-2019-18801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18801)__: Fix a vulnerability affecting Envoy's processing of large HTTP/2 request headers.  A successful exploitation of this vulnerability could lead to a denial of service, escalation of privileges, or information disclosure.
+__[CVE-2019-18802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18802)__: Fix a vulnerability resulting from whitespace after HTTP/1 header values which could allow an attacker to bypass Istio's policy checks, potentially resulting in information disclosure or escalation of privileges.

content/zh/news/security/incorrect-sidecar-image-1.2.4/index.md

@@ -1,6 +1,7 @@
 ---
 title: Istio 1.2.4 sidecar image vulnerability
 description: An erroneous 1.2.4 sidecar image was available due to a faulty release operation.
+releases: ["1.2 to 1.2.4"]
 publishdate: 2019-09-10
 keywords: [community,blog,security]
 aliases:
@@ -30,4 +31,4 @@ We have noticed this problem and pushed back the fixed image on Sep 6th 2019 09:
 
 We are sorry for any inconvenience you may have experienced due to this incident, and [are working towards a better release system](https://github.com/istio/istio/issues/16887), as well as a more efficient way to deal with vulnerability reports.
 
-The release managers for 1.2
+- The release managers for 1.2

content/zh/news/security/istio-security-2019-007/index.md

@@ -0,0 +1,32 @@
+---
+title: ISTIO-SECURITY-2019-007
+subtitle: Security Bulletin
+description: Heap overflow and improper input validation in Envoy.
+cves: [CVE-2019-18801,CVE-2019-18802]
+cvss: "9.0"
+vector: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
+releases: ["1.2 to 1.2.9", "1.3 to 1.3.5", "1.4 to 1.4.1"]
+publishdate: 2019-12-10
+keywords: [CVE]
+skip_seealso: true
+---
+
+{{< security_bulletin >}}
+
+Envoy, and subsequently Istio are vulnerable to two newly discovered vulnerabilities:
+
+* __[CVE-2019-18801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18801)__: This vulnerability affects Envoy’s HTTP/1 codec in its way it processes downstream's requests with large HTTP/2 headers. A successful exploitation of this vulnerability could lead to a denial of Service, escalation of privileges, or information disclosure.
+
+* __[CVE-2019-18802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18802)__: HTTP/1 codec incorrectly fails to trim whitespace after header values. This could allow an attacker to bypass Istio's policy either for information disclosure or escalation of privileges.
+
+## Impact and detection
+
+Both Istio gateways and sidecars are vulnerable to this issue. If you are running one of the affected releases where downstream's requests are HTTP/2 while upstream's are HTTP/1, then your cluster is vulnerable.  We expect this to be true of most clusters.
+
+## Mitigation
+
+* For Istio 1.2.x deployments: update to a [Istio 1.2.10](/zh/news/releases/1.2.x/announcing-1.2.10) or later.
+* For Istio 1.3.x deployments: update to a [Istio 1.3.6](/zh/news/releases/1.3.x/announcing-1.3.6) or later.
+* For Istio 1.4.x deployments: update to a [Istio 1.4.2](/zh/news/releases/1.4.x/announcing-1.4.2) or later.
+
+{{< boilerplate "security-vulnerability" >}}