Istio is an open-source service mesh platform that helps developers connect, secure, and manage microservices-based applications. With features such as traffic management, security policies, and observability tools, Istio simplifies the complexities of microservices architecture, enabling developers to build resilient and scalable applications. Through documentation, tutorials, and community support, Istio provides developers with the tools and resources needed to implement service mesh patterns and improve the reliability and performance of their distributed systems.

Istio

Istio 1.28.5 is a security-focused patch release addressing multiple CVEs. Key fixes include a high-severity JWKS resolver failure that could allow authentication bypass using known default keys (CVSS 8.7), a medium-severity cross-namespace proxy data access issue via debug endpoints (CVSS 6.9), an SSRF vulnerability in WasmPlugin image fetching, and five Envoy CVEs including a multivalue header bypass in RBAC (CVSS 7.5). The release also adds namespace-based authorization controls for debug endpoints via the DEBUG_ENDPOINT_AUTH_ALLOWED_NAMESPACES configuration option, and fixes an InferencePool configuration loss bug during VirtualService merging.

Announcing Istio 1.28.5