Skip to content
home
latest
Reference
Changelog
Solo distribution of Istio changelog
1.25

1.25.5-patch6

Page as Markdown
Solo build of Istio version 1.25.5-patch6 patch release.
This release note describes what’s different between Solo builds of Istio versions 1.25.5-patch5 and 1.25.5-patch6.
Security Notice

  • Envoy Transformation Filter CONNECT Request Crash: (Severity: High): A vulnerability exists in Solo’s transformation filter. When a route or virtual host is configured with a transformation rule that includes a path-based request matcher, an unauthenticated attacker can send an HTTP CONNECT request, causing Envoy to crash. This is a potential Denial of Service (DoS) attack vector. The crash can be triggered only if you have a transformation with a path matcher defined. This is only possible with an EnvoyFilter with a transformation that includes a path matcher:
patch:
  operation: MERGE
  value:
    typed_per_filter_config:
    io.solo.transformation:
        "@type": "type.googleapis.com/transformation.options.gloo.solo.io.TransformationPerRoute"
        staged_transformations:
        regular:
            request_transforms:
            - matcher:
                prefix: '/'
            request_transformation: {}
Solo Flavor Changes

No changes in this section.
FIPS Flavor Changes

No changes in this section.
1.25.5-patch5