1.27.3

This release note describes what’s different between Solo builds of Istio versions 1.27.2 and 1.27.3.

Security Notice link

This build includes fixes for the Envoy CVEs:

• CVE-2025-62504: (CVSS score 6.5, Medium): Lua modified large enough response body will cause Envoy to crash.
• CVE-2025-62409: (CVSS score 6.6, Medium): Large requests and responses can cause TCP connection pool crash.

General Changes link

• Built against upstream Istio version 1.27.3, release note can be found here.

Solo Flavor Changes link

No changes in this section.

FIPS Flavor Changes link

No changes in this section.