istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
istio.io/archive/v1.20/zh/blog/2023/ada-logics-security-assessment/index.html

69 lines
25 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html><html lang=zh itemscope itemtype=https://schema.org/WebPage><head><meta charset=utf-8><meta http-equiv=X-UA-Compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=theme-color content="#466BB0"><meta name=title content="Istio 发布版 2022 年安全审计结果"><meta name=description content="Istio 的安全审查在 Go 标准库中发现了一个 CVE。"><meta name=author content="Craig Box (ARMO)Istio 产品安全工作组"><meta name=keywords content="microservices,services,mesh,istio,security,audit,ada logics,assessment,cncf,ostif"><meta property="og:title" content="Istio 发布版 2022 年安全审计结果"><meta property="og:type" content="website"><meta property="og:description" content="Istio 的安全审查在 Go 标准库中发现了一个 CVE。"><meta property="og:url" content="/v1.20/zh/blog/2023/ada-logics-security-assessment/"><meta property="og:image" content="https://raw.githubusercontent.com/istio/istio.io/master/static/img/istio-social.png"><meta property="og:image:alt" content="The Istio sailboat logo"><meta property="og:image:width" content="4096"><meta property="og:image:height" content="2048"><meta property="og:site_name" content="Istio"><meta name=twitter:card content="summary_large_image"><meta name=twitter:site content="@IstioMesh"><title>Istioldie 1.20 / Istio 发布版 2022 年安全审计结果</title>
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-98480406-2"></script><script>window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","UA-98480406-2")</script><link rel=alternate type=application/rss+xml title="Istio Blog" href=/v1.20/blog/feed.xml><link rel=alternate type=application/rss+xml title="Istio News" href=/v1.20/news/feed.xml><link rel=alternate type=application/rss+xml title="Istio Blog and News" href=/v1.20/feed.xml><link rel="shortcut icon" href=/v1.20/favicons/favicon.ico><link rel=apple-touch-icon href=/v1.20/favicons/apple-touch-icon-180x180.png sizes=180x180><link rel=icon type=image/png href=/v1.20/favicons/favicon-16x16.png sizes=16x16><link rel=icon type=image/png href=/v1.20/favicons/favicon-32x32.png sizes=32x32><link rel=icon type=image/png href=/v1.20/favicons/android-36x36.png sizes=36x36><link rel=icon type=image/png href=/v1.20/favicons/android-48x48.png sizes=48x48><link rel=icon type=image/png href=/v1.20/favicons/android-72x72.png sizes=72x72><link rel=icon type=image/png href=/v1.20/favicons/android-96x96.png sizes=96xW96><link rel=icon type=image/png href=/v1.20/favicons/android-144x144.png sizes=144x144><link rel=icon type=image/png href=/v1.20/favicons/android-192x192.png sizes=192x192><link rel=icon type=image/svg+xml href=/v1.20/favicons/favicon.svg><link rel=icon type=image/png href=/v1.20/favicons/favicon.png><link rel=mask-icon href=/v1.20/favicons/safari-pinned-tab.svg color=#466BB0><link rel=manifest href=/v1.20/manifest.json><meta name=apple-mobile-web-app-title content="Istio"><meta name=application-name content="Istio"><meta name=msapplication-config content="/browserconfig.xml"><meta name=msapplication-TileColor content="#466BB0"><meta name=theme-color content="#466BB0"><link rel=stylesheet href=/v1.20/css/all.css><link rel=preconnect href=https://fonts.googleapis.com><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css2?family=Barlow:ital,wght@0,400;0,500;0,600;0,700;1,400;1,600&display=swap"><script src=/v1.20/js/themes_init.min.js></script></head><body class="language-unknown archive-site"><script>const branchName="release-1.20",docTitle="Istio 发布版 2022 年安全审计结果",iconFile="/v1.20//img/icons.svg",buttonCopy="复制到剪切板",buttonPrint="打印",buttonDownload="下载"</script><script src="https://www.google.com/cse/brand?form=search-form" defer></script><script src=/v1.20/js/all.min.js data-manual defer></script><header class=main-navigation><nav class="main-navigation-wrapper container-l"><div class=main-navigation-header><a id=brand href=/v1.20/zh/ aria-label=logotype><span class=logo><svg xmlns="http://www.w3.org/2000/svg" width="128" height="60" viewBox="0 0 128 60"><path d="M58.434 48.823A.441.441.0 0158.3 48.497V22.583a.444.444.0 01.134-.326.446.446.0 01.327-.134h3.527a.447.447.0 01.325.134.447.447.0 01.134.326v25.914a.443.443.0 01-.134.326.444.444.0 01-.325.134h-3.527a.444.444.0 01-.327-.134z"/><path d="m70.969 48.477a6.556 6.556.0 01-2.818-1.955 4.338 4.338.0 01-1-2.78v-.345a.443.443.0 01.134-.326.444.444.0 01.326-.135h3.374a.444.444.0 01.326.135.445.445.0 01.134.326v.077a2.014 2.014.0 001.054 1.667 4.672 4.672.0 002.664.709 4.446 4.446.0 002.492-.633 1.862 1.862.0 00.958-1.591 1.426 1.426.0 00-.786-1.322 12.7 12.7.0 00-2.549-.939l-1.457-.46a21.526 21.526.0 01-3.3-1.227 6.57 6.57.0 01-2.262-1.783 4.435 4.435.0 01-.92-2.894 5.081 5.081.0 012.109-4.275 8.993 8.993.0 015.558-1.591 10.445 10.445.0 014.1.748 6.3 6.3.0 012.722 2.07 5 5 0 01.958 3.009.441.441.0 01-.134.326.441.441.0 01-.325.134h-3.258a.441.441.0 01-.326-.134.443.443.0 01-.134-.326 1.974 1.974.0 00-.978-1.667 4.647 4.647.0 00-2.665-.671 4.741 4.741.0 00-2.435.556 1.724 1.724.0 00-.938 1.553 1.512 1.512.0 00.9 1.4 15.875 15.875.0 003.01 1.055l.843.229a27.368 27.368.0 013.412 1.246 6.67 6.67.0 012.338 1.763 4.387 4.387.0 01.958 2.933 4.988 4.988.0 01-2.146 4.275 9.543 9.543.0 01-5.712 1.552 11.626 11.626.0 01-4.227-.709z"/><path d="m97.039 32.837a.443.443.0 01-.326.135h-3.911a.169.169.0 00-.191.192v9.239a2.951 2.951.0 00.632 2.108 2.7 2.7.0 002.013.652h1.15a.444.444.0 01.325.134.441.441.0 01.134.326v2.875a.471.471.0 01-.459.5l-1.994.039a8 8 0 01-4.524-1.035q-1.495-1.035-1.533-3.91V33.166A.17.17.0 0088.164 32.974H85.978A.441.441.0 0185.652 32.839.441.441.0 0185.518 32.513V29.83a.441.441.0 01.134-.326.444.444.0 01.326-.135h2.186a.169.169.0 00.191-.192v-4.485a.438.438.0 01.134-.326.44.44.0 01.325-.134h3.336a.443.443.0 01.325.134.442.442.0 01.135.326v4.485a.169.169.0 00.191.192h3.911a.446.446.0 01.326.135.446.446.0 01.134.326v2.683a.446.446.0 01-.133.324z"/><path d="m101.694 25.917a2.645 2.645.0 01-.767-1.955 2.65 2.65.0 01.767-1.955 2.65 2.65.0 011.955-.767 2.65 2.65.0 011.955.767 2.652 2.652.0 01.767 1.955 2.647 2.647.0 01-.767 1.955 2.646 2.646.0 01-1.955.767 2.645 2.645.0 01-1.955-.767zm-.211 22.906a.441.441.0 01-.134-.326V29.79a.444.444.0 01.134-.326.446.446.0 01.326-.134h3.527a.446.446.0 01.326.134.445.445.0 01.134.326v18.707a.443.443.0 01-.134.326.443.443.0 01-.326.134h-3.527a.443.443.0 01-.326-.134z"/><path d="m114.019 47.734a8.1 8.1.0 01-3.047-4.255 14.439 14.439.0 01-.652-4.37 14.3 14.3.0 01.614-4.371A7.869 7.869.0 01114 30.56a9.072 9.072.0 015.252-1.5 8.543 8.543.0 015.041 1.5 7.985 7.985.0 013.009 4.14 12.439 12.439.0 01.69 4.37 13.793 13.793.0 01-.651 4.37 8.255 8.255.0 01-3.028 4.275 8.475 8.475.0 01-5.1 1.553 8.754 8.754.0 01-5.194-1.534zm7.629-3.1a4.536 4.536.0 001.476-2.262 11.335 11.335.0 00.383-3.221 10.618 10.618.0 00-.383-3.22 4.169 4.169.0 00-1.457-2.243 4.066 4.066.0 00-2.531-.785 3.942 3.942.0 00-2.453.785 4.376 4.376.0 00-1.5 2.243 11.839 11.839.0 00-.383 3.22 11.84 11.84.0 00.383 3.221 4.222 4.222.0 001.476 2.262 4.075 4.075.0 002.549.8 3.8 3.8.0 002.44-.809z"/><path d="m15.105 32.057v15.565a.059.059.0 01-.049.059L.069 50.25A.06.06.0 01.005 50.167l14.987-33.47a.06.06.0 01.114.025z"/><path d="m17.631 23.087v24.6a.06.06.0 00.053.059l22.449 2.507a.06.06.0 00.061-.084L17.745.032a.06.06.0 00-.114.024z"/><path d="m39.961 52.548-24.833 7.45a.062.062.0 01-.043.0L.079 52.548a.059.059.0 01.026-.113h39.839a.06.06.0 01.017.113z"/></svg></span>
</a><button id=hamburger class=main-navigation-toggle aria-label="Open navigation">
<svg class="icon menu-hamburger"><use xlink:href="/v1.20/img/icons.svg#menu-hamburger"/></svg>
</button>
<button id=menu-close class=main-navigation-toggle aria-label="Close navigation"><svg class="icon menu-close"><use xlink:href="/v1.20/img/icons.svg#menu-close"/></svg></button></div><div id=header-links class=main-navigation-links-wrapper><ul class=main-navigation-links><li class=main-navigation-links-item><a class="main-navigation-links-link has-dropdown"><span>关于</span><svg class="icon dropdown-arrow"><use xlink:href="/v1.20/img/icons.svg#dropdown-arrow"/></svg></a><ul class=main-navigation-links-dropdown><li class=main-navigation-links-dropdown-item><a href=/v1.20/zh/about/service-mesh class=main-navigation-links-link>服务网格</a></li><li class=main-navigation-links-dropdown-item><a href=/v1.20/zh/about/solutions class=main-navigation-links-link>解决方案</a></li><li class=main-navigation-links-dropdown-item><a href=/v1.20/zh/about/case-studies class=main-navigation-links-link>案例学习</a></li><li class=main-navigation-links-dropdown-item><a href=/v1.20/zh/about/ecosystem class=main-navigation-links-link>生态系统</a></li><li class=main-navigation-links-dropdown-item><a href=/v1.20/zh/about/deployment class=main-navigation-links-link>部署</a></li><li class=main-navigation-links-dropdown-item><a href=/v1.20/zh/about/faq class=main-navigation-links-link>FAQ</a></li></ul></li><li class=main-navigation-links-item><a href=/v1.20/zh/blog/ class=main-navigation-links-link><span>博客</span></a></li><li class=main-navigation-links-item><a href=/v1.20/zh/news/ class=main-navigation-links-link><span>新闻</span></a></li><li class=main-navigation-links-item><a href=/v1.20/zh/get-involved/ class=main-navigation-links-link><span>加入我们</span></a></li><li class=main-navigation-links-item><a href=/v1.20/zh/docs/ class=main-navigation-links-link><span>文档</span></a></li></ul><div class=main-navigation-footer><button id=search-show class=search-show title='搜索 istio.io' aria-label=搜索><svg class="icon magnifier"><use xlink:href="/v1.20/img/icons.svg#magnifier"/></svg></button>
<a href=/v1.20/zh/docs/setup/getting-started class="btn btn--primary" id=try-istio>试用 Istio</a></div></div><form id=search-form class=search name=cse role=search><input type=hidden name=cx value=002184991200833970123:iwwf17ikgf4>
<input type=hidden name=ie value=utf-8>
<input type=hidden name=hl value=zh>
<input type=hidden id=search-page-url value=/zh/search>
<input id=search-textbox class="search-textbox form-control" name=q type=search aria-label='搜索 istio.io' placeholder=搜索>
<button id=search-close title=取消搜索 type=reset aria-label=取消搜索><svg class="icon menu-close"><use xlink:href="/v1.20/img/icons.svg#menu-close"/></svg></button></form></nav></header><div class=banner-container></div><article class=post itemscope itemtype=http://schema.org/BlogPosting><div class=header-content><h1>Istio 发布版 2022 年安全审计结果</h1><p>Istio 的安全审查在 Go 标准库中发现了一个 CVE。</p></div><p class=post-author>Jan 30, 2023 <span>| </span>By Craig Box - ARMOIstio 产品安全工作组</p><div><p>Istio 是一个被平台工程师信任的项目,可以在其 Kubernetes
生产环境中实施安全策略。我们非常注意代码的安全性,
并致力于维护一个健壮的<a href=/v1.20/zh/docs/releases/security-vulnerabilities/>漏洞程序集</a>
为了验证我们的工作,我们定期邀请项目以外的组织开展审查流程,
我们很高兴发布<a href=./Istio%20audit%20report%20-%20ADA%20Logics%20-%202023-01-30%20-%20v1.0.pdf>第二次安全审计的结果(英文)</a></p><p>审计员的评估结论是**“Istio 是一个维护良好的项目,
具有强大且可持续的安全应对方法”**。没有发现严重问题;
该报告的亮点是发现了 Go 编程语言中的一个漏洞。</p><p>我们要感谢<a href=https://cncf.io/>云原生计算基金会</a>资助这项工作,
作为我们 <a href=https://www.cncf.io/blog/2022/09/28/istio-sails-into-the-cloud-native-computing-foundation/>8 月份加入 CNCF</a>
后提供给我们的福利。这项工作<a href=https://ostif.org/the-audit-of-istio-is-complete>由 OSTIF 安排</a>
<a href=https://adalogics.com/blog/istio-security-audit>由 ADA Logics 执行</a></p><h2 id=scope-and-overall-findings>工作范围和总体调查结果</h2><p><a href=/v1.20/zh/blog/2021/ncc-security-assessment/>Istio 在 2020 年接受了第一次安全评估</a>
其数据平面和 <a href=https://envoyproxy.io/>Envoy 代理</a>都已经过
<a href=https://github.com/envoyproxy/envoy#security-audit>2018 年和 2021 年的独立评估</a>
因此Istio 产品安全工作组和 ADA Logics 确定了以下工作范围:</p><ul><li>生成正式的威胁模型,以指导本次和未来的安全审计</li><li>对安全问题进行手动代码审计</li><li>审查 2020 年审计中发现的问题修复</li><li>审查和改进 Istio 的模糊测试套件</li><li>对 Istio 进行 SLSA 审查</li></ul><p>再一次,在审查中没有发现任何严重问题。在评估中总共发现了 11 个安全问题;
其中两个 High四个 Medium四个 Low 和一个信息级别的问题。
所有报告的问题都已被修复。</p><div><aside class="callout quote"><div class=type><svg class="large-icon"><use xlink:href="/v1.20/img/icons.svg#callout-quote"/></svg></div><div class=content><strong>“Istio 是一个维护良好且安全的项目,具有完善的代码库、
完善的安全实践和响应迅速的产品安全团队。” - ADA Logics</strong></div></aside></div><p>除了上述发现之外,审计员还指出 Istio
在处理安全性方面遵循高水平的行业标准。他们还特别强调了:</p><ul><li>Istio 产品安全工作组迅速响应安全披露</li><li>关于项目安全性的文档是全面的、高质量的且更新及时</li><li>遵循行业标准进行安全漏洞的披露,安全建议清晰且详细</li><li>安全修复都包含回归测试</li></ul><h2 id=resolution-and-learnings>决议和经验</h2><h3 id=request-smuggling-vulnerability-in-go>Go 语言中的请求走私漏洞</h3><p>审计人员发现 Istio 可以接受使用 HTTP/2 Over Cleartexth2c的流量
这是一种与 HTTP/1.1 建立未加密连接然后升级到 HTTP/2 的方法。
<a href=https://pkg.go.dev/golang.org/x/net/http2/h2c>用于 h2c 连接的 Go 语言库</a>将整个请求读入内存,
并指出如果您想避免这种情况,请求应该被包裹在 <code>MaxBytesHandler</code> 中。</p><p>在修复这个错误时Istio TOC 成员 John Howard
注意到推荐的修复方式引入了一个<a href=https://portswigger.net/web-security/request-smuggling>请求走私漏洞</a>
Go 语言团队因此发布了
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41721">CVE-2022-41721</a> — 本次审计发现的唯一漏洞!</p><p>Istio 已更改为始终禁用 h2c 升级支持。</p><h3 id=improvements-to-file-fetching>文件获取的改进</h3><p>发现的最常见问题类别与 Istio 通过网络获取文件有关(例如,
Istio Operator 安装 Helm Chart或 WebAssembly 模块下载器):</p><ul><li>精雕细琢的 Helm Chart 可能会耗尽磁盘空间(#1或覆盖
Operator 的 Pod 中的其他文件(#2</li><li>文件句柄在发生错误的情况下不会关闭,并且可能会被耗尽(#3</li><li>精雕细琢的文件可能会耗尽内存(#4 和 #5</li></ul><p>要执行这些代码路径,攻击者需要足够的权限来为 Helm Chart
或 WebAssembly 模块指定 URL。有了这样的访问权限
他们就不再需要某些功能:他们已经可以将任意 Chart 安装到集群或将任意
WebAssembly 模块加载到代理服务器的内存中。</p><p>审核员和维护者都注意到不建议将 Operator 作为安装方式,
因为这需要高权限控制器才能在集群中运行。</p><h3 id=other-issues>其他问题</h3><p>发现的其余问题是:</p><ul><li>在某些测试代码中,或者控制平面组件通过 localhost 连接到另一个组件的情况下,
未强制执行最低 TLS 设置(#6</li><li>失败的操作可能不会返回错误代码(#7</li><li>已弃用的库依然在被使用(#8</li><li><a href=https://en.wikipedia.org/wiki/Time-of-check_to_time-of-use>TOC/TOU</a>
用于复制文件的库中的竞争条件(#9</li><li>如果在调试模式下运行,用户可能会耗尽 Security Token Service 的内存(#11</li></ul><p>详情请参考<a href=./Istio%20audit%20report%20-%20ADA%20Logics%20-%202023-01-30%20-%20v1.0.pdf>报告全文(英文)</a></p><h3 id=reviewing-the-2020-report>对 2020 年报告的回顾</h3><p>Istio 的第一次安全评估中报告的所有 18 个问题都已被发现并得到修复。</p><h3 id=fuzzing>模糊测试</h3><p><a href=https://google.github.io/oss-fuzz/>OSS-Fuzz 项目</a>帮助开源项目执行免费的<a href=https://en.wikipedia.org/wiki/Fuzzing>模糊测试</a>
Istio 已被集成到 OSS-Fuzz 中,有 63 个连续运行的模糊测试器:
这种支持是<a href=https://adalogics.com/blog/fuzzing-istio-cve-CVE-2022-23635>由 ADA Logics 和 Istio 团队于 2021 年底建立</a></p><div><aside class="callout quote"><div class=type><svg class="large-icon"><use xlink:href="/v1.20/img/icons.svg#callout-quote"/></svg></div><div class=content><strong>“[我们]通过优先考虑 Istio 的安全关键部分来开始模糊测试评估。
我们在其中发现令人印象深刻的测试覆盖率,这几乎已经没有可以改进余地。” - ADA Logics</strong></div></aside></div><p>评估指出“Istio 在很大程度上受益于拥有在 OSS-Fuzz
上持续运行的大量模糊测试套件”,并确定了安全关键代码中的一些 API
将受益于进一步的模糊测试,因此这项工作的结果是贡献了六个新的模糊测试器;
到审计结束时,新测试已经运行了超过 <strong>30 亿</strong> 次。</p><h3 id=slsa>SLSA</h3><p><a href=https://slsa.dev/>软件制品供应链级别</a>SLSA是用于防止篡改、
提高完整性以及保护软件包和基础设施的一份标准及控制清单。
它被组织成一系列级别,提供越来越多的完整性保证。</p><p>Istio 目前不生成制品,因此并不满足任何 SLSA 级别的要求。
<a href=https://github.com/istio/istio/issues/42517>目前正在进行达到 SLSA 1 级的工作</a>
如果您想参与,请加入 <a href=https://slack.istio.io/>Istio Slack</a>
并联系我们的<a href=https://istio.slack.com/archives/C6FCV6WN4>测试和发布工作组</a></p><h2 id=get-involved>参与进来</h2><p>如果您想参与 Istio 产品安全,或成为一名维护者,我们很乐意邀请您!
<a href=https://github.com/istio/community/blob/master/WORKING-GROUPS.md>加入我们的公开会议</a>来提出问题或了解我们为确保 Istio 安全所做的工作。</p></div><nav class=pagenav><div class=left><a title="Istio 指导委员会欢迎来自 Google、IBM、Huawei 和 Red Hat 的贡献者们。" href=/v1.20/zh/blog/2023/steering-contribution-seat-results/ class=next-link><svg class="icon left-arrow"><use xlink:href="/v1.20/img/icons.svg#left-arrow"/></svg>宣布 2023 年技术指导委员会的贡献席位</a></div><div class=right></div></nav></article><footer class=footer><div class="footer-wrapper container-l"><div class="user-links footer-links"><a class=channel title='Istio 的代码在 GitHub 上开发' href=https://github.com/istio/community aria-label=GitHub><svg class="icon github"><use xlink:href="/v1.20/img/icons.svg#github"/></svg>
</a><a class=channel title='如果您想深入了解 Istio 的技术细节,请查看我们日益完善的设计文档' href=https://groups.google.com/forum/#!forum/istio-team-drive-access aria-label="team drive"><svg class="icon drive"><use xlink:href="/v1.20/img/icons.svg#drive"/></svg>
</a><a class=channel title='在 Slack 上与 Istio 社区交互讨论开发问题(仅限邀请)' href=https://slack.istio.io aria-label=slack><svg class="icon slack"><use xlink:href="/v1.20/img/icons.svg#slack"/></svg>
</a><a class=channel title='Stack Overflow 中列举了针对实际问题以及部署、配置和使用 Istio 的各项回答' href=https://stackoverflow.com/questions/tagged/istio aria-label="Stack Overflow"><svg class="icon stackoverflow"><use xlink:href="/v1.20/img/icons.svg#stackoverflow"/></svg>
</a><a class=channel title='关注我们的 Twitter 来获取最新信息' href=https://twitter.com/IstioMesh aria-label=Twitter><svg class="icon twitter"><use xlink:href="/v1.20/img/icons.svg#twitter"/></svg></a></div><hr class=footer-separator role=separator><div class="info footer-info"><a class=logo href=/v1.20/zh/ aria-label=logotype><svg xmlns="http://www.w3.org/2000/svg" width="128" height="60" viewBox="0 0 128 60"><path d="M58.434 48.823A.441.441.0 0158.3 48.497V22.583a.444.444.0 01.134-.326.446.446.0 01.327-.134h3.527a.447.447.0 01.325.134.447.447.0 01.134.326v25.914a.443.443.0 01-.134.326.444.444.0 01-.325.134h-3.527a.444.444.0 01-.327-.134z"/><path d="m70.969 48.477a6.556 6.556.0 01-2.818-1.955 4.338 4.338.0 01-1-2.78v-.345a.443.443.0 01.134-.326.444.444.0 01.326-.135h3.374a.444.444.0 01.326.135.445.445.0 01.134.326v.077a2.014 2.014.0 001.054 1.667 4.672 4.672.0 002.664.709 4.446 4.446.0 002.492-.633 1.862 1.862.0 00.958-1.591 1.426 1.426.0 00-.786-1.322 12.7 12.7.0 00-2.549-.939l-1.457-.46a21.526 21.526.0 01-3.3-1.227 6.57 6.57.0 01-2.262-1.783 4.435 4.435.0 01-.92-2.894 5.081 5.081.0 012.109-4.275 8.993 8.993.0 015.558-1.591 10.445 10.445.0 014.1.748 6.3 6.3.0 012.722 2.07 5 5 0 01.958 3.009.441.441.0 01-.134.326.441.441.0 01-.325.134h-3.258a.441.441.0 01-.326-.134.443.443.0 01-.134-.326 1.974 1.974.0 00-.978-1.667 4.647 4.647.0 00-2.665-.671 4.741 4.741.0 00-2.435.556 1.724 1.724.0 00-.938 1.553 1.512 1.512.0 00.9 1.4 15.875 15.875.0 003.01 1.055l.843.229a27.368 27.368.0 013.412 1.246 6.67 6.67.0 012.338 1.763 4.387 4.387.0 01.958 2.933 4.988 4.988.0 01-2.146 4.275 9.543 9.543.0 01-5.712 1.552 11.626 11.626.0 01-4.227-.709z"/><path d="m97.039 32.837a.443.443.0 01-.326.135h-3.911a.169.169.0 00-.191.192v9.239a2.951 2.951.0 00.632 2.108 2.7 2.7.0 002.013.652h1.15a.444.444.0 01.325.134.441.441.0 01.134.326v2.875a.471.471.0 01-.459.5l-1.994.039a8 8 0 01-4.524-1.035q-1.495-1.035-1.533-3.91V33.166A.17.17.0 0088.164 32.974H85.978A.441.441.0 0185.652 32.839.441.441.0 0185.518 32.513V29.83a.441.441.0 01.134-.326.444.444.0 01.326-.135h2.186a.169.169.0 00.191-.192v-4.485a.438.438.0 01.134-.326.44.44.0 01.325-.134h3.336a.443.443.0 01.325.134.442.442.0 01.135.326v4.485a.169.169.0 00.191.192h3.911a.446.446.0 01.326.135.446.446.0 01.134.326v2.683a.446.446.0 01-.133.324z"/><path d="m101.694 25.917a2.645 2.645.0 01-.767-1.955 2.65 2.65.0 01.767-1.955 2.65 2.65.0 011.955-.767 2.65 2.65.0 011.955.767 2.652 2.652.0 01.767 1.955 2.647 2.647.0 01-.767 1.955 2.646 2.646.0 01-1.955.767 2.645 2.645.0 01-1.955-.767zm-.211 22.906a.441.441.0 01-.134-.326V29.79a.444.444.0 01.134-.326.446.446.0 01.326-.134h3.527a.446.446.0 01.326.134.445.445.0 01.134.326v18.707a.443.443.0 01-.134.326.443.443.0 01-.326.134h-3.527a.443.443.0 01-.326-.134z"/><path d="m114.019 47.734a8.1 8.1.0 01-3.047-4.255 14.439 14.439.0 01-.652-4.37 14.3 14.3.0 01.614-4.371A7.869 7.869.0 01114 30.56a9.072 9.072.0 015.252-1.5 8.543 8.543.0 015.041 1.5 7.985 7.985.0 013.009 4.14 12.439 12.439.0 01.69 4.37 13.793 13.793.0 01-.651 4.37 8.255 8.255.0 01-3.028 4.275 8.475 8.475.0 01-5.1 1.553 8.754 8.754.0 01-5.194-1.534zm7.629-3.1a4.536 4.536.0 001.476-2.262 11.335 11.335.0 00.383-3.221 10.618 10.618.0 00-.383-3.22 4.169 4.169.0 00-1.457-2.243 4.066 4.066.0 00-2.531-.785 3.942 3.942.0 00-2.453.785 4.376 4.376.0 00-1.5 2.243 11.839 11.839.0 00-.383 3.22 11.84 11.84.0 00.383 3.221 4.222 4.222.0 001.476 2.262 4.075 4.075.0 002.549.8 3.8 3.8.0 002.44-.809z"/><path d="m15.105 32.057v15.565a.059.059.0 01-.049.059L.069 50.25A.06.06.0 01.005 50.167l14.987-33.47a.06.06.0 01.114.025z"/><path d="m17.631 23.087v24.6a.06.06.0 00.053.059l22.449 2.507a.06.06.0 00.061-.084L17.745.032a.06.06.0 00-.114.024z"/><path d="m39.961 52.548-24.833 7.45a.062.062.0 01-.043.0L.079 52.548a.059.059.0 01.026-.113h39.839a.06.06.0 01.017.113z"/></svg></a><div class=footer-languages><a tabindex=-1 lang=en id=switch-lang-en class=footer-languages-item>English
</a><a tabindex=-1 lang=zh id=switch-lang-zh class="footer-languages-item active"><svg class="icon tick"><use xlink:href="/v1.20/img/icons.svg#tick"/></svg>
中文</a></div></div><ul class=footer-policies><li class=footer-policies-item><a class=footer-policies-link href=https://www.linuxfoundation.org/legal/terms>条款
</a>|
<a class=footer-policies-link href=https://www.linuxfoundation.org/legal/privacy-policy>隐私政策
</a>|
<a class=footer-policies-link href=https://www.linuxfoundation.org/legal/trademark-usage>商标
</a>|
<a class=footer-policies-link href=https://github.com/istio/istio.io/edit/release-1.20/content/zh/index>在 GitHub 上编辑此页</a></li></ul><div class=footer-base><span class=footer-base-copyright>&copy; 2024 the Istio Authors.</span>
<span class=footer-base-version>部分内容可能滞后于英文版本,同步工作正在进行中<br>版本
Istio 归档
1.20.3</span><ul class=footer-base-releases><li class=footer-base-releases-item><a tabindex=-1 class=footer-base-releases-link onclick='return navigateToUrlOrRoot("https://istio.io/blog/2023/ada-logics-security-assessment/"),!1'>当前版本</a></li><li class=footer-base-releases-item><a tabindex=-1 class=footer-base-releases-link onclick='return navigateToUrlOrRoot("https://preliminary.istio.io/blog/2023/ada-logics-security-assessment/"),!1'>下个版本</a></li><li class=footer-base-releases-item><a tabindex=-1 class=footer-base-releases-link href=https://istio.io/archive>旧版本</a></li></ul></div></div></footer><div id=scroll-to-top-container aria-hidden=true><button id=scroll-to-top title=回到顶部 tabindex=-1><svg class="icon top"><use xlink:href="/v1.20/img/icons.svg#top"/></svg></button></div></body></html>
Reference in New Issue View Git Blame Copy Permalink