Aspen Mesh Carrier-Grade 1.11.8-am1 release notes#
Introduction#
These release notes describe the differences between Aspen Mesh Carrier-Grade 1.11.7-am1 and 1.11.8-am1.
This release includes security updates and important bug fixes.
Supported platforms#
This release is officially supported on these platforms and versions:
Platform |
Version |
Recommended Helm version |
|---|---|---|
OpenShift |
4.7 |
3.8 |
Security updates#
Istio 1.11.8#
CVE-2022-24726 (CVSS score 7.5, High): Unauthenticated control plane denial of service attack due to stack exhaustion.
Istio 1.11.8 proxy (Envoy)#
(The following security update in the open source Istio 1.11.8 sidecar proxy was included in Aspen Mesh 1.11.7-am1: CVE-2022-21657.)
AM-4030: Fixed an issue that can cause a segmentation fault to occur when configuration updates are pushed to a sidecar proxy (due to accessing uninitialized variables during teardown of an Envoy listener).
Aspen Mesh features#
(No security updates)
Other changes#
Istio 1.11.8#
(No changes)
Aspen Mesh features#
AM-4049: Added a custom sidecar proxy image that can be installed and used to collect debug information from Istio sidecar proxies when necessary.
AM-3783: Fixed an issue that prevented Jaeger 1.22 from listening to Zipkin HTTP traffic.
Known issues#
AM-3069: OpenShift clusters using either the Multi-Primary or the Multi-Primary on different networks configuration for multicluster connectivity fail to create the remote secret with the following error:
$ istioctl x create-remote-secret --name=cluster1 error: could not get access token to read resources from local kube-apiserver: wrong number of secrets (2) in serviceaccount istio-system/istio-reader-service-account error: could not get access token to read resources from local kube-apiserver: wrong number of secrets (2) in serviceaccount istio-system/istio-reader-service-account
AM-3547: Pods with Istio sidecars get evicted when a node runs low on storage because they don’t request ephemeral storage.
Download#
Use either of the following methods to download the release archive file: