BB_AUTO_MR_TOKEN requested to merge update-istio-controlplane-tag-1.23.2-bb.1 into master Oct 30, 2024

Package Merge Request

Package Changes

https://repo1.dso.mil/big-bang/product/packages/istio-controlplane/-/blob/1.23.2-bb.1/CHANGELOG.md

Package MR

big-bang/product/packages/istio-controlplane!323 (merged)

For Issue

Closes big-bang/product/packages/istio-controlplane#239 (closed)

Upgrade Notices

This release adds a default EnvoyFilter to increase the security of the Istio cluster. This filter which defaults to enabled can be disabled using e.g. istio.Values.defaultSecurityHeaders.enabled: false. The filter will add the following HTTP headers when the backend service does not already provide the header.

StrictTransportSecurity: maxage=31536000; includeSubDomains
XFrameOptions: SAMEORIGIN
XContentTypeOptions: nosniff
ReferrerPolicy: strictorigin

In the event these additional headers cause issues with any deployment, you can disable the filter and reach out to the Big Bang team.

Edited Oct 30, 2024 by Michael Martin

Admin message

istio update to 1.23.2-bb.1

Package Merge Request

Package Changes

Package MR

For Issue

Upgrade Notices

Merge request reports