Cilium - v1.10.16


We are pleased to release Cilium v1.10.16. This release contains fixes related to the DNS proxy and to IPsec, as well as a range of other regular bugfixes.

See the notes below for a full description of the changes.

Summary of Changes

Bugfixes:
* daemon: avoid nil pointer dereference on invalid endpoint state (Backport PR #21469, Upstream PR #21449, @tklauser)
* daemon: Fix a nil dereference on cleanup when DNS proxy is not enabled (Backport PR #21469, Upstream PR #21365, @joamaki)
* DNS proxy: forward the original security identity (#21485, @aspsk)
* Fix bug that can cause some traffic covered by an L7 policy to be dropped when IPsec is enabled on EKS. (Backport PR #21641, Upstream PR #21595, @pchaigno)
* Fix bug where traffic sent outside the cluster via ToFQDNs policy would be denied despite a policy that allows it (Backport PR #21563, Upstream PR #20721, @joestringer)

CI Changes:
* Remove Slack notifications (Backport PR #21469, Upstream PR #21239, @michi-covalent)

Misc Changes:
* bugtool: Dump envoy config for troubleshooting (Backport PR #21469, Upstream PR #21348, @sayboras)
* build(deps): bump 8398a7/action-slack from 3.13.2 to 3.14.0 (#21441, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.8 to 3.0.10 (#21555, @dependabot[bot])
* build(deps): bump actions/checkout from 3.0.2 to 3.1.0 (#21575, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.22 to 2.1.24 (#21340, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.24 to 2.1.25 (#21395, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.25 to 2.1.26 (#21515, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.26 to 2.1.27 (#21623, @dependabot[bot])
* build(deps): bump helm/kind-action from 1.3.0 to 1.4.0 (#21424, @dependabot[bot])
* cmd/bpf: Log if no policy maps found (Backport PR #21469, Upstream PR #21429, @aditighag)
* contrib: avoid reviews from non-collaborators (Backport PR #21632, Upstream PR #21577, @bimmlerd)
* Fix a typo in the comment example (Backport PR #21469, Upstream PR #21402, @farcaller)
* helm: Fix post-start and pre-stop hooks for cilium-nodeinit on Ubuntu EKS images (Backport PR #21469, Upstream PR #20979, @dctrwatson)
* images: update cilium-{runtime,builder} (#21659, @qmonnet)
* ipcache: Fix lock leak (Backport PR #21563, Upstream PR #20833, @joestringer)
* ipsec: Fix slightly incorrect assumption in XFRM IN policies (Backport PR #21641, Upstream PR #21621, @pchaigno)
* ipsec: Refactoring around UpsertIPsecEndpoint (Backport PR #21632, Upstream PR #21461, @pchaigno)
* ipsec: Simplify XFRM FWD policies (Backport PR #21641, Upstream PR #21602, @pchaigno)
* ipsec: Simplify XFRM IN policies (Backport PR #21469, Upstream PR #21370, @pchaigno)
* makefile: use versioned Go container when formatting after api generate. (Backport PR #21469, Upstream PR #21254, @tommyp1ckles)

Other Changes:
* install: Update image digests for v1.10.15 (#21307, @nebril)

Docker Manifests

cilium

docker.io/cilium/cilium:v1.10.16@sha256:2906afd6fb63e5b0e6746dd3ec8273fd3b0154db1cad3daf7c397e7172e7935e
quay.io/cilium/cilium:v1.10.16@sha256:2906afd6fb63e5b0e6746dd3ec8273fd3b0154db1cad3daf7c397e7172e7935e

clustermesh-apiserver

docker.io/cilium/clustermesh-apiserver:v1.10.16@sha256:9340d9c5cf803e5e7f3e9092cd4737c88077b9fa045772946f2affcb34502f73
quay.io/cilium/clustermesh-apiserver:v1.10.16@sha256:9340d9c5cf803e5e7f3e9092cd4737c88077b9fa045772946f2affcb34502f73

docker-plugin

docker.io/cilium/docker-plugin:v1.10.16@sha256:39f19823fd586631cfca52f16bec08034b440f3539269cf9a27833b813bd86b1
quay.io/cilium/docker-plugin:v1.10.16@sha256:39f19823fd586631cfca52f16bec08034b440f3539269cf9a27833b813bd86b1

hubble-relay

docker.io/cilium/hubble-relay:v1.10.16@sha256:673264a0eb53b8b7ae00d697dec1999d16e5065e2b0b6e31baa88e22401a2c02
quay.io/cilium/hubble-relay:v1.10.16@sha256:673264a0eb53b8b7ae00d697dec1999d16e5065e2b0b6e31baa88e22401a2c02

operator-alibabacloud

docker.io/cilium/operator-alibabacloud:v1.10.16@sha256:ba1c37261ba83f34f11addc6e76479d275c25504b401455b5216e02835cf726a
quay.io/cilium/operator-alibabacloud:v1.10.16@sha256:ba1c37261ba83f34f11addc6e76479d275c25504b401455b5216e02835cf726a

operator-aws

docker.io/cilium/operator-aws:v1.10.16@sha256:a44736e1ad08f26a43721687cddce74a59614d99d2f4bdd48e9bcf04462ecdb7
quay.io/cilium/operator-aws:v1.10.16@sha256:a44736e1ad08f26a43721687cddce74a59614d99d2f4bdd48e9bcf04462ecdb7

operator-azure

docker.io/cilium/operator-azure:v1.10.16@sha256:b10bc5d246803dc8deae52400a7aa73ab67847d814fa8b02cb96812029d962b8
quay.io/cilium/operator-azure:v1.10.16@sha256:b10bc5d246803dc8deae52400a7aa73ab67847d814fa8b02cb96812029d962b8

operator-generic

docker.io/cilium/operator-generic:v1.10.16@sha256:7fe246a59599b37a33d815eb5069223a0713ec751803cfb674176c0438816c69
quay.io/cilium/operator-generic:v1.10.16@sha256:7fe246a59599b37a33d815eb5069223a0713ec751803cfb674176c0438816c69

operator

docker.io/cilium/operator:v1.10.16@sha256:be052d4f0ec5df53d589dafbe2ee5c2f5249e2bd949d8455a672af9aa257c25c
quay.io/cilium/operator:v1.10.16@sha256:be052d4f0ec5df53d589dafbe2ee5c2f5249e2bd949d8455a672af9aa257c25c


Details

date
Oct. 17, 2022, 5:31 p.m.
name
1.10.16
type
Patch
👇
Register or login to:
  • 🔍View and search all Cilium releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or