## Security vulnerability fixes

- Updated Go `requests` and `urllib3` libraries in Bookinfo sample code per [`CVE-2018-18074`](https://nvd.nist.gov/vuln/detail/CVE-2018-18074) and [`CVE-2018-20060`](https://nvd.nist.gov/vuln/detail/CVE-2018-20060).
- Fixed username and password being exposed in `Grafana` and `Kiali` ([Issue 7446](https://github.com/istio/istio/issues/7476), [Issue 7447](https://github.com/istio/istio/issues/7447)). If you have trouble to start the `Grafana` pod after upgrade to 1.0.6, please follow [the steps]({{< github_tree >}}/install/kubernetes/helm/istio#installing-the-chart) to create the secrete first.
- Removed in-memory service registry in Pilot. This allowed adding endpoints to proxy configurations from within the cluster through a Pilot debug API.

## Robustness improvements

- Fixed Pilot failing to push configuration under load ([Issue 10360](https://github.com/istio/istio/issues/10360)).
- Fixed a race condition that would lead Pilot to crash and restart ([Issue 10868](https://github.com/istio/istio/issues/10868)).
- Fixed a memory leak in Pilot ([Issue 10822](https://github.com/istio/istio/issues/10822)).
- Fixed a memory leak in Mixer ([Issue 10393](https://github.com/istio/istio/issues/10393)).