Skip to content
home
main
Reference
Changelog
Solo distribution of Istio changelog
1.26
You are viewing the documentation for Solo Enterprise for Istio, formerly known as Gloo Mesh (OSS APIs). This version of the documentation is currently under development. Select latest from the version drop down or go to the landing page of the latest stable version.

1.26.7

Page as Markdown
Solo build of Istio version 1.26.7 patch release.
This release note describes what’s different between Solo builds of Istio versions 1.26.6 and 1.26.7.
Security Notice

This build includes a fix of Envoy CVEs:
  • CVE-2025-66220: (CVSS score 8.1, High): TLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates with OTHERNAME SANs containing an embedded null byte as valid.
  • CVE-2025-64527: (CVSS score 6.5, Medium): Envoy crashes when JWT authentication is configured with the remote JWKS fetching.
  • CVE-2025-64763: (CVSS score 5.3, Medium): Potential request smuggling from early data after the CONNECT upgrade.
General Changes

  • Built against upstream Istio version 1.26.7, release note can be found here.
Solo Flavor Changes

No changes in this section.
FIPS Flavor Changes

No changes in this section.
Last updated on 
1.26.81.26.6