Skip to content
home
latest
Reference
Changelog
Solo distribution of Istio changelog
1.27
You are viewing the documentation for Solo Enterprise for Istio, formerly known as Gloo Mesh (OSS APIs).

1.27.8-patch0

Page as Markdown
Solo build of Istio version 1.27.8-patch0 patch release.
This release note describes what’s different between Solo builds of Istio versions 1.27.8 and 1.27.8-patch0.
Security Notice

  • Envoy Transformation Filter CONNECT Request Crash: (Severity: High): A vulnerability exists in Solo’s transformation filter. When a route or virtual host is configured with a transformation rule that includes a path-based request matcher, an unauthenticated attacker can send an HTTP CONNECT request, causing Envoy to crash. This is a potential Denial of Service (DoS) attack vector. The crash can be triggered only if you have a transformation with a path matcher defined. This is only possible with an EnvoyFilter with a transformation that includes a path matcher:
patch:
  operation: MERGE
  value:
    typed_per_filter_config:
    io.solo.transformation:
        "@type": "type.googleapis.com/transformation.options.gloo.solo.io.TransformationPerRoute"
        staged_transformations:
        regular:
            request_transforms:
            - matcher:
                prefix: '/'
            request_transformation: {}
General Changes

  • Built against upstream Istio commit cc3c1929ae431003cd50b37b7ad2038c2cfa312d. See the commit and history here. Compare
Solo Flavor Changes

  • Added support for running istioctl multicluster check against extracted bug-report directories,
enabling offline multicluster analysis without direct cluster access.
  • Fixed an issue where adding the traffic distribution annotation to a Gateway (waypoint) caused a restart.
FIPS Flavor Changes

No changes in this section.
Last updated on 
1.27.8