Announcing Built On Envoy: Making Envoy Extensions Accessible to Everyone

Learn more

Istio Security Release: 1.6.8 and 1.5.9

The Istio community has released a fix for a recently discovered vulnerability CVE-2020-16844. The vulnerability was classed as MEDIUM severity, with

Tia Louden
Istio%20Security%20Release%3A%201.6.8%20and%201.5.9

The Istio community has released a fix for a recently discovered vulnerability CVE-2020-16844. The vulnerability was classed as MEDIUM severity, with a CVSS score of 6.8.

Due to the vulnerability, callers to TCP services that had defined Authorization Policies to DENY actions containing wildcard suffixes (e.g. *-some-suffix) for source principles or namespace fields would never be denied access. 

Mitigation

Impacted users running on releases 1.5 to 1.5.8 and 1.6 to 1.6.7 should immediately upgrade to 1.5.9 and 1.6.8 respectively. 

Users are also advised NOT to use suffix matching in DENY policies in the source principle or namespace field for TCP services and use Prefix and Exact Matching where possible. 

Additionally, those impacted should consider, where possible, changing TCP to HTTP for port name suffices in services. 

For more information visit the Istio 1.6.8 patch release announcement

To report a vulnerability, follow the security vulnerability process outlined in the Istio docs. 

Tetrate supports organizations in preventing attacks by providing rapid notification and updates to respond to identified vulnerabilities.

Tia Louden
Product background Product background for tablets
Building AI agents

Agent Router Enterprise provides managed LLM & MCP Gateways plus AI Guardrails in your dedicated instance. Graduate agents from prototype to production with consistent model access, governed tool use, and runtime supervision — built on Envoy AI Gateway by its creators.

  • LLM Gateway – Unified model catalog with automatic fallback across providers
  • MCP Gateway – Curated tool access with per-profile authentication and filtering
  • AI Guardrails – Enforce policies, prevent data loss, and supervise agent behavior
    • Learn more
    Replacing NGINX Ingress

    Tetrate Enterprise Gateway for Envoy (TEG) is the enterprise-ready replacement for NGINX Ingress Controller. Built on Envoy Gateway and the Kubernetes Gateway API, TEG delivers advanced traffic management, security, and observability without vendor lock-in.

  • 100% upstream Envoy Gateway – CVE-protected builds
  • Kubernetes Gateway API native – Modern, portable, and extensible ingress
  • Enterprise-grade support – 24/7 production support from Envoy experts
    • Learn more
    Decorative CTA background pattern background background
    Tetrate logo in the CTA section Tetrate logo in the CTA section for mobile

    Ready to enhance your
    network
    with more
    intelligence?