istio
37 строк · 1.7 Кб
1apiVersion: release-notes/v2
2
3# This YAML file describes the format for specifying a release notes entry for Istio.
4# This should be filled in for all user facing changes.
5
6# kind describes the type of change that this represents.
7# Valid Values are:
8# - bug-fix -- Used to specify that this change represents a bug fix.
9# - security-fix -- Used to specify that this change represents a security fix.
10# - feature -- Used to specify a new feature that has been added.
11# - test -- Used to describe additional testing added. This file is optional for
12# tests, but included for completeness.
13kind: security-fix
14
15# area describes the area that this change affects.
16# Valid values are:
17# - traffic-management
18# - security
19# - telemetry
20# - installation
21# - istioctl
22# - documentation
23area: security
24
25# releaseNotes is a markdown listing of any user facing changes. This will appear in the
26# release notes.
27releaseNotes:
28- |
29**Fixed** an issue preventing the use of source principal based authorization at Istio Gateway when the Server's TLS mode is ISTIO_MUTUAL.
30
31# securityNotes is a markdown listing of any changes related to the security of
32# Istio.
33securityNotes:
34- |
35__Source principal validation at Gateway does not work even with ISTIO_MUTUAL TLS mode__:
36When the Gateway server's TLS mode is ISTIO_MUTUAL, Istio's authN filter is not installed on the appropriate filter chain. Consequently, any Istio Authorization policy with source principal based rules will not work when applied to a Gateway workload.
37- __CVSS Score__: 5.9 [AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N&version=3.1)
38