Announcing Istio 1.25.2
Istio 1.25.2 patch release.
This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.25.1 and Istio 1.25.2.
BEFORE YOU UPGRADE
Things to know and prepare before upgrading.
DOWNLOAD
Download and install this release.
DOCS
Visit the documentation for this release.
SOURCE CHANGES
Inspect the full set of source code changes.
Changes
Added an environment variable prefix
CA_HEADER_(similar toXDS_HEADER_) that can be added to CA requests for different purposes, such as routing to appropriate externalistiods. Istio sidecar proxy, router, and waypoint now support this feature. (Issue #55064)Fixed corner cases where
istio-cnimight block its own upgrade. Added fallback logging (in case agent is down) to a fixed-size node-local log file. (Issue #55215)Fixed an issue where
AuthorizationPolicy’sWaypointAcceptedstatus condition was not being updated to reflect the resolution of aGatewayClasstarget reference.Fixed an issue where
WaypointAcceptedstatus condition forAuthorizationPoliciesthat referenced aGatewayClassand did not reside in the root namespace was not being updated with the correct reason and message.Fixed an issue where proxy memory goes up with gRPC streaming services.
Fixed an issue causing changes to
ExternalNameservices to sometimes be skipped due to a cache eviction bug.Fixed a regression where the SDS
ROOTCAresource included only a single root certificate, even if the control plane was configured with both an active root and a passive root certificate that was introduced in 1.25.1. (Issue #55793)