This release note describes the changes of Solo builds between Istio versions 1.24.6 and 1.24.6-patch0.

Security Notice

This build includes a fix of the Envoy CVE:

  • CVE-2025-55162 (CVSS score: 6.3, Moderate): “oAuth2 Filter Signout route will not clear cookies because of missing ‘Secure;’ flag.”

General

This version was built against upstream Istio release 1.24.6.

No other Solo-specific changes were included in this build.