Any recommendation/caveats for use of istio distroless version in production?

Hi istio community,

We have had an internal flagging for the default istio image which uses ubuntu base image where there were vulnerabilities found. We are using 1.16.x which was flagged.

As per istio docs on using hardened images Istio / Harden Docker Container Images , its an Alpha feature which as per the lifecycle itself might be having stability and vulnerabilities.

So, is there any recommendation/caveats w.r.t a real world usage of this that any team has done for production at scale (10000 users/day)