This release note describes the changes of Solo builds between Istio versions 1.23.6-patch2 and 1.23.6-patch3, a Solo-specific release.

Security Notice

This build includes fixes for the Envoy CVEs:

  • CVE-2025-62504: (CVSS score 6.5, Medium): Lua modified large enough response body will cause Envoy to crash.
  • CVE-2025-62409: (CVSS score 6.6, Medium): Large requests and responses can cause TCP connection pool crash.

General

This version was built against upstream Istio release 1.23.6.

There are no other changes including on this build.