Istio 1.1.2 and 1.0.7 will be released on April 5th 10am PT with two important security fixes


This post was edited to change the release date from April 2nd to April 5th 10am PT to make it consistent with an update from the Envoy community made on 3/28.

Hello everyone,

We’d like to call your attention to two recent Envoy announcements that affect Istio.


Just a quick announcement to share and remind that Envoy maintains a Private Distributors list, which consists of organizations that maintain Envoy distributions or run public Envoy based services. Members of this list receive advanced notification of pending security releases.

If you are eligible to be a member of this list and are willing to be involved in Envoy’s security release process, we highly encourage you to apply. You can find the full details at:


The Envoy maintainers would like to announce the forthcoming release of Envoy 1.9.1.

This release will be made available on the 2nd 5th of April 2019 at 10am PDT (5pm GMT). This release will fix 2 security defects. These security defects are considered as moderate severity.

No further details or patches will be made available in advance of the release.

At the same time the Envoy community makes 1.9.1 available (April 2nd 5th at 10am PDT), the Istio team will publish Istio 1.0.7 and 1.1.2 containing fixes for the same two defects. At the same time, we’ll also publish documentation describing the impact of the defects on unpatched Istio deployments.

Please understand that we have to be vague on the details until such a time that all necessary patches are widely available.