Skip to content

[zh] Sync 1.27.3 and 1.26.6 release notes with security update (with fix) into Chinese #16943

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[zh] Sync 1.27.3 and 1.26.6 release notes with security update (with fix) into Chinese #16943

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 2 additions & 4 deletions content/zh/docs/releases/supported-releases/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,9 +70,8 @@ Istio 不保证超出支持窗口期的次要版本都有已知的 CVE 补丁。

| 次要版本 | 没有已知 CVE 的补丁版本 |
|------------------|------------------------------------|
| 1.27.x | 1.27.1+ |
| 1.26.x | 1.26.4+ |
| 1.25.x | 1.25.5+ |
| 1.27.x | 1.27.3+ |
| 1.26.x | 1.26.6+ |

## 支持的 Envoy 版本 {#supported-envoy-versions}

Expand All @@ -84,7 +83,6 @@ Istio 的数据面基于 [Envoy](https://github.com/envoyproxy/envoy)。
|---------------|----------------------|
| 1.27.x | release/v1.35 |
| 1.26.x | release/v1.34 |
| 1.25.x | release/v1.33 |

您可以在 [`istio/proxy` 仓库](https://github.com/istio/proxy/blob/{{< source_branch_name >}}/WORKSPACE#L26)中找到
Istio 使用的具体 Envoy 提交:查找 `ENVOY_SHA` 变量。
24 changes: 24 additions & 0 deletions content/zh/news/releases/1.26.x/announcing-1.26.6/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
---
title: 发布 Istio 1.26.6
linktitle: 1.26.6
subtitle: 补丁发布
description: Istio 1.26.6 补丁发布。
publishdate: 2025-10-20
release: 1.26.6
aliases:
- /zh/news/announcing-1.26.6
---

此版本包含一些错误修复,以提高稳定性。
本发行说明描述了 Istio 1.26.5 和 Istio 1.26.6 之间的区别。

{{< relnote >}}

## 安全更新 {security-update}

本次发布实现了 10 月 20 日公布的安全更新
[`ISTIO-SECURITY-2025-002`](/zh/news/security/istio-security-2025-002)。

## 变更 {#changes}

除了上述安全更新之外,此版本中没有引入其他更改。
24 changes: 24 additions & 0 deletions content/zh/news/releases/1.27.x/announcing-1.27.3/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
---
title: 发布 Istio 1.27.3
linktitle: 1.27.3
subtitle: 补丁发布
description: Istio 1.27.3 补丁发布。
publishdate: 2025-10-20
release: 1.27.3
aliases:
- /zh/news/announcing-1.27.3
---

此版本包含一些错误修复,以提高稳定性。
本发行说明描述了 Istio 1.27.2 和 Istio 1.27.3 之间的区别。

{{< relnote >}}

## 安全更新 {security-update}

本次发布实现了 10 月 20 日公布的安全更新
[`ISTIO-SECURITY-2025-002`](/zh/news/security/istio-security-2025-002)。

## 变更 {#changes}

除了上述安全更新之外,此版本中没有引入其他更改。
29 changes: 29 additions & 0 deletions content/zh/news/security/istio-security-2025-002/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
---
title: ISTIO-SECURITY-2025-002
subtitle: 安全公告
description: Envoy 上报的 CVE 漏洞。
cves: [CVE-2025-55162, CVE-2025-54588]
cvss: "6.6"
vector: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
releases: ["1.27.0 to 1.27.1", "1.26.0 to 1.26.5"]
publishdate: 2025-10-10
keywords: [CVE]
skip_seealso: true
---

{{< security_bulletin >}}

## CVE

### Envoy CVE {#envoy-cves}

- __[CVE-2025-62504](https://nvd.nist.gov/vuln/detail/CVE-2025-62504)__:
(CVSS score 6.5, Medium):Lua 修改的响应体足够大会导致 Envoy 崩溃。
- __[CVE-2025-62409](https://nvd.nist.gov/vuln/detail/CVE-2025-62409)__:
(CVSS score 6.6, Medium):大量的请求和响应可能会导致 TCP 连接池崩溃。

## 我受到影响了吗?{#am-i-impacted}

如果您通过 `EnvoyFilter` 使用 Lua,并且返回的响应主体超过
`per_connection_buffer_limit_bytes`(默认为 1 MB),或者您有大量请求和响应,
而连接可以关闭但上游的数据仍在发送,那么您会受到影响。