Anthos Service Mesh release notes

This page contains release notes for each version of Anthos Service Mesh.

You can periodically check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/servicemesh-release-notes.xml

December 14, 2021

Anthos Service Mesh 1.7-1.9 are no longer supported. For more information, see Supported versions.

August 24, 2021

The Istio project recently disclosed a series of CVEs that can expose Anthos Service Mesh to remotely exploitable vulnerabilities. For more information, see the security bulletin.

1.8.6-asm.8 is now available.

This patch release contains the fixes for the security vulnerabilities listed in GCP-2021-016. For details on upgrading Anthos Service Mesh, refer to the following upgrade guides:

Anthos Service Mesh now supports skip-version upgrades for single-project clusters on GKE running versions 1.7 and higher. This means you can now upgrade 1.7 and 1.8 installations directly to 1.10. For more information, see Upgrading Anthos Service Mesh to the latest version.

July 28, 2021

1.8.6-asm.7 is now available. This patch release:

  • Fixes a bug that could lead to memory leaks in the proxy.
  • Fixes a bug causing invalid cipherSuites in the Gateway configuration that could cause broken traffic.

July 22, 2021

The 1.x version of kpt breaks Anthos Service Mesh installations and upgrades. Anthos Service Mesh requires a pre -1.x version of kpt. The latest version of the gcloud command-line tool includes the 1.x kpt that breaks installs and upgrades.

Make sure that you are running a pre 1.x version of kpt:

kpt version

The output should be similar to the following:

0.39.2

If you have kpt version 1.x or higher, use the curl command in Setting up your environment to download the required version for your operating system.

If you are installing or upgrading Anthos Service Mesh using the install_asm script, make sure to download the most recent version of the script. The updated version of install_asm checks your kpt version. If needed, install_asm downloads and uses the required kpt version. Run install_asm --version to make sure you have a version of install_asm that has the workaround. You need the following install_asm versions or higher:

June 24, 2021

The Istio project recently announced a security vulnerability (CVE-2021-34824) where where credentials specified in the Gateway and DestinationRule credentialName field can be accessed from different namespaces.

For more information, see the GCP-2021-012 security bulletin.

1.8.6-asm.4 and 1.9.6-asm.1 are now available. This release updates the envoy versions for the following Anthos Service Mesh versions:

  • 1.8.6-asm.2 uses Envoy v1.16.3.
  • 1.9.6-asm.1 uses Envoy v1.17.2.

These patch releases contains a fix for CVE-2021-34824. For details on upgrading Anthos Service Mesh, refer to the following upgrade guides:

May 17, 2021

1.9.5-asm.2, 1.8.6-asm.3, and 1.7.8-asm.8 are now available.

This release fixes the following security vulnerabilities:

For details on upgrading Anthos Service Mesh, refer to the following upgrade guides:

Anthos Service Mesh uses a proxy that is based on OSS Envoy. The Envoy version that the Anthos Service Mesh proxy uses differs by Anthos Service Mesh version, as follows:

April 20, 2021

1.9.3-asm.2, 1.8.5-asm.2, 1.7.8-asm.1, and 1.6.14-asm.2 are now available.

Fixes the security issue, ISTIO-SECURITY-2021-003, with the same fixes as Istio 1.9.3. These fixes were also backported to the specified Anthos Service Mesh versions.

This release updates the envoy versions for the following Anthos Service Mesh versions:

For details on upgrading Anthos Service Mesh, refer to the following upgrade guides:

Adding multiple private clusters from different projects into a single Mesh on GKE is now available as a public preview feature.

February 23, 2021

1.8.3-asm.2 is now available.

This patch release contains the same bug fixes that are in Istio 1.8.3. For details on upgrading Anthos Service Mesh, refer to the following upgrade guides:

February 02, 2021

1.8.2-asm.2 is now available.

This patch release contains the same bug fixes that are in Istio 1.8.2. For details on upgrading Anthos Service Mesh, refer to the following upgrade guides:

The install_asm script lets you reinstall the same version

You can use the install_asm script when you need to reinstall the same Anthos Service Mesh version to change the control plane configuration. For more information, see the following:

December 16, 2020

1.8.1-asm.5 is now available.

Multi-cluster support for GKE on-prem Beta

Anthos Service Mesh now supports multi-cluster meshes when running on GKE on-prem. For more information, see Add clusters to Anthos Service Mesh on-prem.

New flags for the install_asm script

The install_asm script was enhanced to provide you with more granular control over the changes that the script makes on your project and GKE on Google Cloud cluster. For more information, see the Enablement flags section in the documentation for the script.

Third-party add-ons removed from all profiles

The Prometheus, Grafana, and Kiali add-ons were removed from all Anthos Service Mesh profiles. For information on why the add-ons were removed, see Reworking our Addon Integrations. Installation of these third-party add-ons was removed from the 1.8 IstioOperator API, which means that they can't be installed with the istioctl install command. For information on installing a demo version of the add-ons, see Integrating with third-party add-ons.

Note that by default, metrics are still exported to Prometheus in the asm-multicloud profile. You can optionally enable metrics export to Prometheus in the asm-gcp-multiproject profile.

Anthos Service Mesh 1.8 isn't supported on Anthos attached clusters and GKE on AWS

Anthos Service Mesh 1.8 currently isn't supported on Anthos attached clusters (Microsoft AKS and Amazon EKS) and GKE on AWS (Amazon EC2). Anthos Service Mesh 1.7 and 1.6 are supported for these environments. For more information, see the following guides:

Reduced permissions required for installation

The permissions required for installation have been scaled back. Testing has shown that the Project Editor role can be replaced with more granular roles. For the complete list, see Permissions required to install Anthos Service Mesh.