mirror of https://github.com/istio/istio.io.git
zh-translation: /news/release-latest (#6201)
This commit is contained in:
2BFL
Istio Automation
parent
e3e0a322c2
commit
bbfe806702
|
|
@ -1,25 +1,26 @@
|
|||
---
|
||||
title: Announcing Istio 1.2.10
|
||||
title: Istio 1.2.10 发布公告
|
||||
linktitle: 1.2.10
|
||||
subtitle: Patch Release
|
||||
description: Istio 1.2.10 patch release.
|
||||
subtitle: 补丁发布
|
||||
description: Istio 1.2.10 补丁发布。
|
||||
publishdate: 2019-12-10
|
||||
release: 1.2.10
|
||||
aliases:
|
||||
- /zh/news/announcing-1.2.10
|
||||
---
|
||||
|
||||
This release contains fixes for the security vulnerability described in [our December 10th, 2019 news post](/zh/news/security/istio-security-2019-007). This release note describes what’s different between Istio 1.2.9 and Istio 1.2.10.
|
||||
此版本包含了 [我们在 2019 年 12 月 10 日新闻](/zh/news/security/istio-security-2019-007) 中描述的安全漏洞的修复程序。此发行说明描述了 Istio 1.2.9 和 Istio 1.2.10 之间的区别。
|
||||
|
||||
{{< relnote >}}
|
||||
|
||||
## Security update
|
||||
## 安全更新{#security-update}
|
||||
|
||||
- **ISTIO-SECURITY-2019-007** A heap overflow and improper input validation have been discovered in Envoy.
|
||||
- **ISTIO-SECURITY-2019-007** 在 Envoy 中发现了堆溢出和不正确的输入验证。
|
||||
|
||||
__[CVE-2019-18801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18801)__: Fix a vulnerability affecting Envoy's processing of large HTTP/2 request headers. A successful exploitation of this vulnerability could lead to a denial of service, escalation of privileges, or information disclosure.
|
||||
__[CVE-2019-18802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18802)__: Fix a vulnerability resulting from whitespace after HTTP/1 header values which could allow an attacker to bypass Istio's policy checks, potentially resulting in information disclosure or escalation of privileges.
|
||||
__[CVE-2019-18801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18801)__:修复了一个影响 Envoy 处理大型 HTTP/2 请求 header 的漏洞。 成功利用此漏洞可能导致拒绝服务、特权提升或信息泄露。
|
||||
|
||||
## Bug fix
|
||||
__[CVE-2019-18802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18802)__:修复了 HTTP/1 header 值后的空格引起的漏洞,该漏洞可能使攻击者绕过 Istio 的策略检查,从而可能导致信息泄露或特权提升。
|
||||
|
||||
- Add support for Citadel to automatically rotate root cert. ([Issue 17059](https://github.com/istio/istio/issues/17059))
|
||||
## Bug 修复{#bug-fix}
|
||||
|
||||
- 添加对 Citadel 的支持以自动轮转根证书。([Issue 17059](https://github.com/istio/istio/issues/17059))
|
||||
|
|
|
|||
|
|
@ -9,22 +9,24 @@ aliases:
|
|||
- /zh/news/announcing-1.3.6
|
||||
---
|
||||
|
||||
This release contains fixes for the security vulnerability described in [our December 10th, 2019 news post](/zh/news/security/istio-security-2019-007) as well as bug fixes to improve robustness. This release note describes what's different between Istio 1.3.5 and Istio 1.3.6.
|
||||
此版本包含了 [我们在 2019 年 12 月 10 日新闻](/zh/news/security/istio-security-2019-007) 中描述的安全漏洞的修复程序。此发行说明描述了 Istio 1.3.5 和 Istio 1.3.6 之间的区别。
|
||||
|
||||
{{< relnote >}}
|
||||
|
||||
## Security update
|
||||
## 安全更新{#security-update}
|
||||
|
||||
- **ISTIO-SECURITY-2019-007** A heap overflow and improper input validation have been discovered in Envoy.
|
||||
- **ISTIO-SECURITY-2019-007** 在 Envoy 中发现了堆溢出和不正确的输入验证。
|
||||
|
||||
__[CVE-2019-18801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18801)__: Fix a vulnerability affecting Envoy's processing of large HTTP/2 request headers. A successful exploitation of this vulnerability could lead to a denial of service, escalation of privileges, or information disclosure.
|
||||
__[CVE-2019-18802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18802)__: Fix a vulnerability resulting from whitespace after HTTP/1 header values which could allow an attacker to bypass Istio's policy checks, potentially resulting in information disclosure or escalation of privileges.
|
||||
__[CVE-2019-18801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18801)__:修复了一个影响 Envoy 处理大型 HTTP/2 请求 header 的漏洞。 成功利用此漏洞可能导致拒绝服务、特权提升或信息泄露。
|
||||
|
||||
## Bug fixes
|
||||
__[CVE-2019-18802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18802)__:修复了 HTTP/1 header 值后的空格引起的漏洞,该漏洞可能使攻击者绕过 Istio 的策略检查,从而可能导致信息泄露或特权提升。
|
||||
|
||||
- **Fixed** an issue where a duplicate listener was generated for a proxy's IP address when using a headless `TCP` service. ([Issue 17748](https://github.com/istio/istio/issues/17748))
|
||||
- **Fixed** an issue with the `destination_service` label in HTTP related metrics incorrectly falling back to `request.host` which can cause a metric cardinality explosion for ingress traffic. ([Issue 18818](https://github.com/istio/istio/issues/18818))
|
||||
## Bug 修复{#bug-fix}
|
||||
|
||||
## Minor enhancements
|
||||
- **修复** 使用 headless TCP 服务时,为代理的 IP 地址生成重复的侦听器的问题。([Issue 17748](https://github.com/istio/istio/issues/17748))
|
||||
|
||||
- **Improved** load-shedding options for Mixer. Added support for a `requests-per-second` threshold for load-shedding enforcement. This allows operators to turn off load-shedding for Mixer in low traffic scenarios.
|
||||
- **修复** HTTP 相关指标中的 `destination_service` 标签不正确地退回到 `request.host`,可能导致 ingress 流量的指标基数激增的问题。([Issue 18818](https://github.com/istio/istio/issues/18818))
|
||||
|
||||
## 小的增强{#minor-enhancements}
|
||||
|
||||
- **改进** Mixer 的减载选项。增加了对 `每秒请求数` 阈值的支持,以实现减少负载。该选项使运维人员可以在低流量情况下关闭 Mixer 的减载。
|
||||
|
|
|
|||
|
|
@ -1,21 +1,22 @@
|
|||
---
|
||||
title: Announcing Istio 1.4.2
|
||||
title: Istio 1.4.2 发布公告
|
||||
linktitle: 1.4.2
|
||||
subtitle: Patch Release
|
||||
description: Istio 1.4.2 patch release.
|
||||
subtitle: 补丁发布
|
||||
description: Istio 1.4.2 补丁发布。
|
||||
publishdate: 2019-12-10
|
||||
release: 1.4.2
|
||||
aliases:
|
||||
- /zh/news/announcing-1.4.2
|
||||
---
|
||||
|
||||
This release contains fixes for the security vulnerability described in [our December 10th, 2019 news post](/zh/news/security/istio-security-2019-007). This release note describes what’s different between Istio 1.4.1 and Istio 1.4.2.
|
||||
此版本包含了 [我们在 2019 年 12 月 10 日新闻](/zh/news/security/istio-security-2019-007) 中描述的安全漏洞的修复程序。此发行说明描述了 Istio 1.4.1 和 Istio 1.4.2 之间的区别。
|
||||
|
||||
{{< relnote >}}
|
||||
|
||||
## Security update
|
||||
## 安全更新{#security-update}
|
||||
|
||||
- **ISTIO-SECURITY-2019-007** A heap overflow and improper input validation have been discovered in Envoy.
|
||||
- **ISTIO-SECURITY-2019-007** 在 Envoy 中发现了堆溢出和不正确的输入验证。
|
||||
|
||||
__[CVE-2019-18801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18801)__: Fix a vulnerability affecting Envoy's processing of large HTTP/2 request headers. A successful exploitation of this vulnerability could lead to a denial of service, escalation of privileges, or information disclosure.
|
||||
__[CVE-2019-18802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18802)__: Fix a vulnerability resulting from whitespace after HTTP/1 header values which could allow an attacker to bypass Istio's policy checks, potentially resulting in information disclosure or escalation of privileges.
|
||||
__[CVE-2019-18801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18801)__:修复了一个影响 Envoy 处理大型 HTTP/2 请求 header 的漏洞。 成功利用此漏洞可能导致拒绝服务、特权提升或信息泄露。
|
||||
|
||||
__[CVE-2019-18802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18802)__:修复了 HTTP/1 header 值后的空格引起的漏洞,该漏洞可能使攻击者绕过 Istio 的策略检查,从而可能导致信息泄露或特权提升。
|
||||
|
|
|
|||
Loading…
Reference in New Issue