This release note describes the changes of Solo builds between Istio versions 1.24.6-patch0 and 1.24.6-patch1, a Solo-specific release.

Security Notice

This build includes backports of fixes for Envoy CVEs:

  • CVE-2025-66220: (CVSS score 8.1, High): TLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates with OTHERNAME SANs containing an embedded null byte as valid.
  • CVE-2025-64527: (CVSS score 6.5, Medium): Envoy crashes when JWT authentication is configured with the remote JWKS fetching.
  • CVE-2025-64763: (CVSS score 5.3, Medium): Potential request smuggling from early data after the CONNECT upgrade.

General

This version was built against upstream Istio release 1.24.6.

No other Solo-specific changes were included in this build.