UNCLASSIFIED - NO CUI

Skip to content

istio update to 1.23.2-bb.1

Package Merge Request

Package Changes

https://repo1.dso.mil/big-bang/product/packages/istio-controlplane/-/blob/1.23.2-bb.1/CHANGELOG.md

Package MR

big-bang/product/packages/istio-controlplane!323 (merged)

For Issue

Closes big-bang/product/packages/istio-controlplane#239 (closed)

Upgrade Notices

This release adds a default EnvoyFilter to increase the security of the Istio cluster. This filter which defaults to enabled can be disabled using e.g. istio.Values.defaultSecurityHeaders.enabled: false. The filter will add the following HTTP headers when the backend service does not already provide the header.

  • StrictTransportSecurity: maxage=31536000; includeSubDomains
  • XFrameOptions: SAMEORIGIN
  • XContentTypeOptions: nosniff
  • ReferrerPolicy: strictorigin

In the event these additional headers cause issues with any deployment, you can disable the filter and reach out to the Big Bang team.

Edited by Michael Martin

Merge request reports

Loading