Istio 1.7.8 and 1.8.3 CVE fixes delayed


The Istio 1.7.8 and 1.8.3 CVE patch releases will not be released on Tuesday February 9th. There is no currently planned date for it at this time. We will let you know when we have more information about the release date.

Be assured that this is a top priority for the Istio Product Security Working Group, but due to the details we cannot release more information at this time.


Jacob Delgado
on behalf of the Istio Product Security Working Group

Hi @Jacob_Delgado . It’s more than a month now since this update - can you advise if there is any progress/ETA on resolving the CVE issue with 1.8.3? Thanks


We apologize for the late response. The vulnerability fix required some research and we have been actively working with related experts to address it. This unfortunately caused the delay. To give the update, we have made the fix plan and currently we are implementing the fix. We plan to release the patch releases around April 20th. Hope this helps!

Thank you very much,