istio.io/istio@v0.0.0-20240520182934-d79c90f27776/releasenotes/notes/25818.yaml (about) 1 apiVersion: release-notes/v2 2 3 # This YAML file describes the format for specifying a release notes entry for Istio. 4 # This should be filled in for all user facing changes. 5 6 # kind describes the type of change that this represents. 7 # Valid Values are: 8 # - bug-fix -- Used to specify that this change represents a bug fix. 9 # - security-fix -- Used to specify that this change represents a security fix. 10 # - feature -- Used to specify a new feature that has been added. 11 # - test -- Used to describe additional testing added. This file is optional for 12 # tests, but included for completeness. 13 kind: security-fix 14 15 # area describes the area that this change affects. 16 # Valid values are: 17 # - traffic-management 18 # - security 19 # - telemetry 20 # - installation 21 # - istioctl 22 # - documentation 23 area: security 24 25 # releaseNotes is a markdown listing of any user facing changes. This will appear in the 26 # release notes. 27 releaseNotes: 28 - | 29 **Fixed** an issue preventing the use of source principal based authorization at Istio Gateway when the Server's TLS mode is ISTIO_MUTUAL. 30 31 # securityNotes is a markdown listing of any changes related to the security of 32 # Istio. 33 securityNotes: 34 - | 35 __Source principal validation at Gateway does not work even with ISTIO_MUTUAL TLS mode__: 36 When the Gateway server's TLS mode is ISTIO_MUTUAL, Istio's authN filter is not installed on the appropriate filter chain. Consequently, any Istio Authorization policy with source principal based rules will not work when applied to a Gateway workload. 37 - __CVSS Score__: 5.9 [AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N&version=3.1)