HTTP/2

📋 Recommended Actions ⚠️ Action Required Immediate upgrade is recommended. Critical bugs affecting Ambient mesh traffic distribution and CNI stability have been fixed. Review Gateway API header validation changes and unmanaged Gateway SA behavior. 📝 Summary Istio 1.29.4 delivers crucial stability and correctness enhancements, particularly for Ambient mesh deployments and Gateway API users. This patch release resolves a critical bug where PreferSameZone or PreferSameNode traffic distribution, combined with publishNotReadyAddresses: true, could lead to traffic being routed to unready endpoints cluster-wide. Another significant fix addresses a concurrent map writes panic in the CNI agent, improving Ambient mesh robustness. Gateway API users benefit from new header validation logic, preventing silently dropped configurations and providing clearer feedback for invalid HTTPRoute and GRPCRoute header values. Multi-network Ambient ingress routing also sees improvements, ensuring correct waypoint traversal based on configuration. This release also streamlines HTTP/2 handling and includes numerous dependency updates, reinforcing overall platform reliability. Upgrade now to secure these vital fixes and bolster your Istio environment. ...

📋 Recommended Actions ⚠️ Action Required Immediate upgrade is highly recommended to address CVE-2024-24791 and benefit from the latest security patches in underlying dependencies. 📝 Summary cert-manager v1.18.6 delivers critical security enhancements, primarily addressing the CVE-2024-24791 vulnerability found in the Go standard library’s HTTP/2 implementation. This high-severity fix mitigates a potential denial-of-service risk, making an immediate upgrade essential for operational security. Beyond the Go toolchain bump to 1.24.13, this release also incorporates refreshed distroless base images (Debian 12). These updates bring the latest security patches from the Debian ecosystem, ensuring a more robust and secure runtime environment for your cert-manager deployments. No new features or breaking changes are introduced; this is a focused stability and security release. Operations engineers should prioritize this update to safeguard their Kubernetes clusters and maintain certificate issuance integrity. Review the release notes for full details. ...