Solo distribution of Istio changelog

1.25.5

Solo build of Istio version 1.25.5 patch release.

This release note describes the changes of Solo builds between Istio versions 1.25.4 and 1.25.5.

Security Notice

This build includes a fix of the Envoy CVE:

CVE-2025-55162 (CVSS score: 6.3, Moderate): “oAuth2 Filter Signout route will not clear cookies because of missing ‘Secure;’ flag.”

General

This version was built against upstream Istio release 1.25.5.

Added the telemetry field pilot_xds_recv_max to allow monitoring the maximum size of XDS requests received through gRPC. This is a backport from upstream feature that will be introduced in Istio 1.28.

1.25.5-patch0 1.25.4