Latest Released Image Contains Shellshock Vulnerability

[isugimpy]

As per title, https://hub.docker.com/layers/istio/coredns-plugin/0.2-istio-1.1/images/sha256-964eca01e487bcedcc769dd22644a4272daebf079b64170dd6bab16662651b99?context=explore contains the Shellshock vulnerability and hasn't been built in 2 years. Would it be possible for an updated version of the image to be built and released officially with the exploit patched?

[rshriram]

Hi. Sorry for the delay. This plugin is no longer maintained nor necessary as of Istio 1.8, as the DNS functionality is built into Istio sidecars. The functionality in 1.8 is far more richer and automatically configured than the current coredns plugin. I encourage you to take that for a spin.

Sidecar DNs is enabled by default in the preview profile. You can also enable it manually by setting the following config in the istio operator (Istio 1.8 onwards)

  meshConfig:
    defaultConfig:
      proxyMetadata:
        ISTIO_META_DNS_CAPTURE: "true"
        ISTIO_META_PROXY_XDS_VIA_AGENT: "true"

[isugimpy]

I appreciate the response on this, but 1.8 isn't a viable option for us yet, because we're still working on getting upgraded from k8s 1.14. Thank you for the information, though! I'll keep that in mind for when we're able to upgrade.