istio(1.29.1): Critical Security Patches, Gateway API Enhancements, and Ambient Mesh Stability
📋 Recommended Actions ⚠️ Action Required Immediate patching is strongly recommended to address critical security vulnerabilities, especially the JWKS private key leak and XDS debug endpoint authentication bypass. Review all updates to ensure smooth operation and leverage new features. 📝 Summary Istio 1.29.1 delivers crucial security fixes, fortifying your mesh against potential exploits. This release patches a critical JWKS private key leak, preventing attackers from forging JWT tokens, and tightens authentication on XDS debug endpoints. Gateway API users will appreciate enhanced CORS wildcard handling and robust backend policy dependency tracking. For ambient mode, a panic with cross-network WorkloadEntries has been resolved, along with a fix for TLS inspection on exclusively TLS ports, improving routing reliability. Deployments now correctly handle null or zero resource limits, eliminating validation errors. Additional improvements include IP allocator stability, SSRF protection in WasmPlugin image fetching, and various nil-pointer dereference fixes, ensuring a more resilient and secure Istio experience. Upgrade promptly to secure your environment. ...