Cilium - v1.10.14

Security

We are pleased to release Cilium v1.10.14. This release fixes a moderate severity security issue GHSA-pfhr-pccp-hwmh, addresses a regression that caused a crash on startup, and fixes a few other bugs in handling of K8s EndpointSlices and ENI mode.

See the notes below for a full description of the changes.

Summary of Changes

Minor Changes:
* add an option to wait for kube-proxy (Backport PR #20628, Upstream PR #20517, @michi-covalent)
* Add metric on number of requests rejected by DNS Proxy semaphore (Backport PR #20620, Upstream PR #20491, @rahulkjoshi)

Bugfixes:
* Add EndpointSlice support for clustermesh-apiserver (Backport PR #20838, Upstream PR #20697, @YutaroHayakawa)
* Fix bug where network policies that select namespace labels may incorrectly select identities (Advisory, commit 5cacb1bbb9e4)
* Fix ineffective post-start hook in ENI mode (Backport PR #20838, Upstream PR #20741, @bmcustodio)
* Fix parsing of string map command line options when more than one separator is present. (Backport PR #20838, Upstream PR #20673, @tklauser)
* helm: Guard apply sysctl init container (Backport PR #20838, Upstream PR #20643, @sayboras)
* iptables: handle case where kernel IPv6 support is disabled (Backport PR #20838, Upstream PR #20680, @jibi)
* pkg/k8s/version: Also set EndpointSlice when forcing version (Backport PR #20620, Upstream PR #20383, @joamaki)
* Fix bug where Cilium would crash on startup with an error about being unable to delete iptables rules. (Backport PR #20892, Upstream PR #20885, @jibi)

CI Changes:
* ci: fix code changes detection on push events (Backport PR #20838, Upstream PR #20685, @nbusseneau)

Misc Changes:
* build(deps): bump actions/cache from 3.0.5 to 3.0.6 (#20803, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.6 to 3.0.7 (#20871, @dependabot[bot])
* build(deps): bump docker/build-push-action from 3.0.0 to 3.1.0 (#20591, @dependabot[bot])
* build(deps): bump docker/build-push-action from 3.1.0 to 3.1.1 (#20802, @dependabot[bot])
* build(deps): bump KyleMayes/install-llvm-action from 1.5.3 to 1.5.4 (#20579, @dependabot[bot])
* Consider $GO environment variable make precheck checks (Backport PR #20838, Upstream PR #20750, @tklauser)
* contrib: Add CRD generation to release process (Backport PR #20838, Upstream PR #20564, @joestringer)
* daemon: Improve dnsproxy error when EP not found (Backport PR #20838, Upstream PR #20649, @joestringer)
* docs(masquerading): add missing "address" (Backport PR #20620, Upstream PR #20538, @raphink)
* docs: update etcd kvstore migration instructions (Backport PR #20838, Upstream PR #20624, @hhoover)
* Fix subnet_id label value being empty in IP allocation and interface creation in ENI IPAM metrics (Backport PR #20838, Upstream PR #20449, @wu0407)
* fqdn/dnsproxy: fix test build (Backport PR #20620, Upstream PR #20537, @tklauser)
* Optimize CIDR label functions (Backport PR #20620, Upstream PR #19843, @christarazi)
* pkg/k8s: do not wait for endpointslice cache sync in k8s >= 1.17 (Backport PR #20620, Upstream PR #20569, @aanm)
* pkg/k8s: set the right IP addresses in log messages (Backport PR #20838, Upstream PR #20757, @aanm)

Other Changes:
* install: Update image digests for v1.10.13 (#20560, @joestringer)

Docker Manifests

cilium

docker.io/cilium/cilium:v1.10.14@sha256:65c78132e247c72c396ef2e02375665d0d0b05850ddfe4fa978fe8ac194a2149
quay.io/cilium/cilium:v1.10.14@sha256:65c78132e247c72c396ef2e02375665d0d0b05850ddfe4fa978fe8ac194a2149

clustermesh-apiserver

docker.io/cilium/clustermesh-apiserver:v1.10.14@sha256:ebd5c66c7ed9bbab7634263b9f5a38008827648be30cb8334aa3353aaaac8f48
quay.io/cilium/clustermesh-apiserver:v1.10.14@sha256:ebd5c66c7ed9bbab7634263b9f5a38008827648be30cb8334aa3353aaaac8f48

docker-plugin

docker.io/cilium/docker-plugin:v1.10.14@sha256:03f2d70b9ad40391d94997749212f7e59267e1bec349d0f323d3a7a8f736ff14
quay.io/cilium/docker-plugin:v1.10.14@sha256:03f2d70b9ad40391d94997749212f7e59267e1bec349d0f323d3a7a8f736ff14

hubble-relay

docker.io/cilium/hubble-relay:v1.10.14@sha256:a6d131f1eb66c950712d2faf8ca788ac4b81353f5b0884f31a3fa9dee82e33c9
quay.io/cilium/hubble-relay:v1.10.14@sha256:a6d131f1eb66c950712d2faf8ca788ac4b81353f5b0884f31a3fa9dee82e33c9

operator-alibabacloud

docker.io/cilium/operator-alibabacloud:v1.10.14@sha256:fafc53bfa40ed47befdd5b9b28d68b33bde04d00b3a277ed15a59ab829bdb2be
quay.io/cilium/operator-alibabacloud:v1.10.14@sha256:fafc53bfa40ed47befdd5b9b28d68b33bde04d00b3a277ed15a59ab829bdb2be

operator-aws

docker.io/cilium/operator-aws:v1.10.14@sha256:6e54d5d670e32d0854c774934b3094e5fda514a96dc923f1140e0b119bbf8be4
quay.io/cilium/operator-aws:v1.10.14@sha256:6e54d5d670e32d0854c774934b3094e5fda514a96dc923f1140e0b119bbf8be4

operator-azure

docker.io/cilium/operator-azure:v1.10.14@sha256:cf3400449d0e883d7338f08a55e29fed2872add031be655824bc012446bf1633
quay.io/cilium/operator-azure:v1.10.14@sha256:cf3400449d0e883d7338f08a55e29fed2872add031be655824bc012446bf1633

operator-generic

docker.io/cilium/operator-generic:v1.10.14@sha256:fff61fed88fe07fe5e67eb51d2eb4297a65a51b0c367046ceb9c928b70443c6b
quay.io/cilium/operator-generic:v1.10.14@sha256:fff61fed88fe07fe5e67eb51d2eb4297a65a51b0c367046ceb9c928b70443c6b

operator

docker.io/cilium/operator:v1.10.14@sha256:e01f2f87c5f1e993533ed3185a13debe32157aa4770b5ff4a916c4460db6ee53
quay.io/cilium/operator:v1.10.14@sha256:e01f2f87c5f1e993533ed3185a13debe32157aa4770b5ff4a916c4460db6ee53


Security

Security wording was detected, but no CVEs were found.

Details

date
Aug. 17, 2022, 12:35 a.m.
name
1.10.14
type
Patch
👇
Register or login to:
  • 🔍View and search all Cilium releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or