1.21.3-asm.3 is now available for in-cluster Cloud Service Mesh

## Announcement **1.21.3-asm.3 is now available for in-cluster Cloud Service Mesh.** You can now download 1.21.3-asm.3 for in-cluster Cloud Service Mesh. It includes the features of [Istio 1.21.3](https://istio.io/latest/news/releases/1.21.x/announcing-1.21.3/) subject to the list of [supported features](https://cloud.google.com/service-mesh/docs/supported-features). Cloud Service Mesh 1.21.3-asm.3 uses Envoy v1.29.5. This release contains the fixes for the security vulnerabilities listed in [GCP-2024-032](https://cloud.google.com/service-mesh/docs/security-bulletins#gcp-2024-032). 1.21 isn't rolling out to the rapid release channel at this time. You can periodically check this page for announcements regarding rapid channel rollout. ## Breaking The following 3 changes break backwards compatibility in 1.21. 1. The default value of the feature flag `ENABLE_AUTO_SNI` has [changed from false to true](https://istio.io/latest/news/releases/1.21.x/announcing-1.21/upgrade-notes/#default-value-of-the-feature-flag-enable%5Fauto%5Fsni-to-true). To opt out, set the environment variable to `ENABLE_AUTO_SNI=false`. 2. The default value of the feature flag `VERIFY_CERT_AT_CLIENT` [changed from false to true](https://istio.io/latest/news/releases/1.21.x/announcing-1.21/upgrade-notes/#default-value-of-the-feature-flag-verify%5Fcert%5Fat%5Fclient-is-set-to-true). To opt out, set the environment variable to `VERIFY_CERT_AT_CLIENT=false`. 3. There are additional changes in [external name support](https://istio.io/latest/news/releases/1.21.x/announcing-1.21/upgrade-notes/#externalname-support-changes). To opt out, set the environment variable `ENABLE_EXTERNAL_NAME_ALIAS=false`. Note that opting out is only possible for in-cluster installations. If you do opt out, you must restore the default values before upgrading to 1.22. ## Security **1.18.7-asm.26 is now available for in-cluster Cloud Service Mesh.** This patch release contains the fix for the security vulnerability listed in [GCP-2024-032](https://cloud.google.com/service-mesh/docs/security-bulletins#gcp-2024-032). For details on upgrading Cloud Service Mesh, refer to [Upgrade Cloud Service Mesh](https://cloud.google.com/service-mesh/docs/upgrade/upgrade). Cloud Service Mesh v1.18.7-asm.26 uses Envoy v1.26.8. ## Security **1.19.10-asm.6 is now available for in-cluster Cloud Service Mesh.** This patch release contains the fix for the security vulnerability listed in [GCP-2024-032](https://cloud.google.com/service-mesh/docs/security-bulletins#gcp-2024-032). For details on upgrading Cloud Service Mesh, refer to [Upgrade Cloud Service Mesh](https://cloud.google.com/service-mesh/docs/upgrade/upgrade). Cloud Service Mesh v1.19.10-asm.6 uses Envoy v1.27.6. ## Security **1.20.7-asm.2 is now available for in-cluster Cloud Service Mesh.** This patch release contains the fix for the security vulnerability listed in [GCP-2024-032](https://cloud.google.com/service-mesh/docs/security-bulletins#gcp-2024-032). For details on upgrading Cloud Service Mesh, refer to [Upgrade Cloud Service Mesh](https://cloud.google.com/service-mesh/docs/upgrade/upgrade). Cloud Service Mesh v1.20.7-asm.2 uses Envoy v1.28.4.