September 29, 2020 — The Envoy Product Security Team (PST) announced the availability of a security fix and a series of patches for Envoy versions 1.12,1.13, 1.14 and 1.15 to address two high-risk vulnerabilities related to header values and HTTP URL paths. In response to CVE-2020-25017. Additionally the Istio community recommends users to upgrade to 1.6.11+ for 1.6.x deployments or 1.7.3 or later for 1.7.x deployments.
Istio founders and contributors Zack Butcher, Sven Mawson, and Liam White discussed all things Istio– covering the latest Istio 1.7 release, what’s to come in 1.8, and practical advice for end users of Istio and the Envoy proxy in Tetrate’s September Istio AMA session.
The release of Istio 1.7 was highly anticipated by the service mesh community and end-users because it addresses a problem that Tetrate was founded to solve: Bringing VMs into the mesh.
Organizations often want to know how a service mesh can help provide better visibility into their deployments, so they can get a clearer understanding of their user experience.
But neither metrics nor logs can provide specifics on individual cases. That’s where tracing comes in.
As an Open Source project, Envoy has a huge following, and the user numbers are continuing to grow because of how it can be used to solve networking problems that occur in any large, distributed system. But what is it? How do you get started?
Tetrate, the enterprise service mesh company, is introducing a new feature of its open source GetEnvoy project that makes it easier for developers to extend and customize the Envoy proxy.
Istio, the leading Open Source service mesh offering, today announced the general availability of their 1.7 release. The new features make it easier to bootstrap clusters and to maintain their own versions of software add-ons like Prometheus and Jaeger.
Istio’s 1.7 release was highly anticipated because of its focus on extending the mesh to work in virtual machine-based cloud environments. Tetrate was founded to solve this problem and has been solving this problem for the past year in partnership with customers in real deployments. In the 1.6 release, we expanded the mesh to include the VM environment while the 1.7 release, managed by Tetrate’s Cynthia Coan, addressed the gap of needing a verifiable identity for the VM.
CNCF’s flagship conference, KubeCon + CloudNativeCon EU 2020, ran virtually this year (Aug. 17-20), bringing 4,100 attendees from 109 countries to its digital lobby and expo hall.
One of the most repeated pieces of advice for anyone getting started with microservices is to make sure you can see everything that’s going on inside your services. Leverage the power of observability. However, observability is a loaded term – so it’s valuable to understand what that terms mean, and what’s involved.
The Istio community has released a fix for a recently discovered vulnerability CVE-2020-16844. The vulnerability was classed as MEDIUM severity, with a CVSS score of 6.8.
