Istio 1.1.x through 1.1.6 has Incorrect Access Control. When disablePolicyChecks
is set to false
, inbound TCP connections do not generate Check requests to istio-policy and external authorization is not applied.
This behavior is a result of a change to istio/pilot/pkg/networking/plugin/mixer/mixer.go
in 1.1.