1.27.1
Solo build of Istio version 1.27.1 patch release.
This release note describes the changes of Solo builds between Istio versions 1.27.0-patch0 and 1.27.1.
Security Notice
This build includes fixes of the Envoy CVEs:
- CVE-2025-55162 (CVSS score: 6.3, Moderate): “oAuth2 Filter Signout route will not clear cookies because of missing ‘Secure;’ flag.”
- CVE-2025-54588 (CVSS score: 7.5, High): “Use after free in DNS cache.”
General
This version was built against upstream Istio release 1.27.1.
Solo Flavor Changes
Added the telemetry field
pilot_xds_recv_maxto allow monitoring the maximum size of XDS requests received through gRPC. This is a backport from upstream feature that will be introduced in Istio 1.28.Fixed a race condition that occasionally missed global Services when peering from remote clusters.
Fixed an issue where changes to Service resources were not propagated to their associated global services.
Fixed an issue where any external modification of autogenerated resources for multi-cluster peering would be restored to its original state.
Fixed a race condition where gateway status updates were conflicting with gateway updates. Retries are now attempted when an error occurs.
Fixed ambient workloads attempting to send HBONE to plaintext workloads on other clusters when using flat network multicluster.
FIPS Flavor Changes
No changes in this section.