This release note describes the changes of Solo builds between Istio versions 1.22.8-patch1 and 1.22.8-patch2, a Solo-specific build.

Security Notice

This build includes a backport of a fix for Envoy CVE:

  • CVE-2025-55162 (CVSS score: 6.3, Moderate): “oAuth2 Filter Signout route will not clear cookies because of missing ‘Secure;’ flag.”

General

This version was built against upstream Istio release 1.22.8.

This build only includes the above Envoy CVE fix.