This is a follow-up to the email advisory that was sent on June 12, 2020, also posted as this announcement in this customer portal:
This month, we have dynamically enabled the following Rancher releases for supporting the new Istio versions that provide the fix for CVE-2020-11080:
- Rancher v2.4.5 (supports Istio v1.5.8)
- Rancher v2.3.8 (supports Istio v1.4.10; Istio made this final release on June 22nd that is after its originally announced EOL date.)
After Istio v1.4.10 was released, there were additional CVEs announced by Istio:
- istio-security-2020-007 addresses the following CVEs:
- istio-security-2020-008 addresses the following CVEs:
As Istio v1.4.x is past its EOL date, these CVEs have been patched only in the 1.5.8 release.