On this page
1.28.2
Solo build of Istio version 1.28.2 patch release.
This release note describes what’s different between Solo builds of Istio versions 1.28.1-patch0 and 1.28.2.
Security Notice
This build includes a fix of a CVE in the c-ares dependency of Envoy:
- CVE-2025-62408: (CVSS score 5.9, Medium): Use after free due to connection being cleaned up after error.
General Changes
- Built against upstream Istio commit
5ee02944487b3047e7a637309829834ae36b186b. Compare.
Solo Flavor Changes
Improved
istioctlcommand help descriptions and examples with clearer guidance forbootstrap,ecs service-add,multicluster check,multicluster expose, andmulticluster linkcommands.Added a mesh-wide escape hatch based on port matching for outbound traffic being impacted by ztunnel capture. Configure via
AMBIENT_EXCLUDE_OUTBOUND_PORTSenvironment variable (for example,AMBIENT_EXCLUDE_OUTBOUND_PORTS="1443,16000-16010").
FIPS Flavor Changes
No changes in this section.