This release note describes the changes of Solo builds between Istio versions 1.24.6-patch0 and 1.24.6-patch1, a Solo-specific release.

Security Notice

This build includes fixes for the Envoy CVEs:

  • CVE-2025-62504: (CVSS score 6.5, Medium): Lua modified large enough response body will cause Envoy to crash.
  • CVE-2025-62409: (CVSS score 6.6, Medium): Large requests and responses can cause TCP connection pool crash.

General

This version was built against upstream Istio release 1.24.6.

No other Solo-specific changes were included in this build.