Overview All releases

Version History

v1.16.0-pre.1 v1.16.0-pre.0 v1.15.4 v1.15.3 v1.15.2 v1.15.1 v1.15.0 v1.15.0-rc.1 v1.15.0-rc.0 v1.15.0-pre.3 v1.15.0-pre.2 v1.15.0-pre.1 v1.15.0-pre.0 v1.14.10 v1.14.9 v1.14.8 v1.14.7 v1.14.6 v1.14.5 v1.14.4 v1.14.3 v1.14.2 v1.14.1 v1.14.0 v1.14.0-snapshot.4 v1.14.0-snapshot.3

v1.14.0-snapshot.2

v1.14.0-snapshot.1

v1.14.0-snapshot.0

v1.14.0-rc.1 v1.14.0-rc.0 v1.13.15 v1.13.14 v1.13.13 v1.13.12 v1.13.11 v1.13.10 v1.13.9 v1.13.8 v1.13.7 v1.13.6 v1.13.5 v1.13.4 v1.13.3 v1.13.2 v1.13.1 v1.13.0

v1.13.0-rc5

v1.13.0-rc4

v1.13.0-rc3

v1.13.0-rc2

v1.13.0-rc1

v1.13.0-rc0

v1.12.19 v1.12.18 v1.12.17 v1.12.16 v1.12.15 v1.12.14 v1.12.13 v1.12.12 v1.12.11 v1.12.10 v1.12.9 v1.12.8 v1.12.7 v1.12.6 v1.12.5 v1.12.4 v1.12.3 v1.12.2 v1.12.1 v1.12.0

v1.12.0-rc3

v1.12.0-rc2

v1.12.0-rc1

v1.12.0-rc0

v1.11.20 v1.11.19

v1.11.18

v1.11.17 v1.11.16 v1.11.15 v1.11.14 v1.11.13 v1.11.12 v1.11.11 v1.11.10 v1.11.9 v1.11.8 v1.11.7 v1.11.6 v1.11.5 v1.11.4 v1.11.3 v1.11.2 v1.11.1

v1.11.0

v1.11.0-rc3

v1.11.0-rc2

v1.11.0-rc1

v1.11.0-rc0

v1.10.20 v1.10.19 v1.10.18 v1.10.17 v1.10.16 v1.10.15 v1.10.14 v1.10.13 v1.10.12 v1.10.11 v1.10.10 v1.10.9 v1.10.8 v1.10.7

v1.10.6

v1.10.5

v1.10.4

v1.10.3

v1.10.2

v1.10.1

v1.10.0

v1.10.0-rc2

v1.10.0-rc1

v1.10.0-rc0

v1.9.18 v1.9.17 v1.9.16 v1.9.15 v1.9.14 v1.9.13 v1.9.12

v1.9.11

v1.9.10

v1.9.9

v1.9.8

v1.9.7

v1.9.6

v1.9.5

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc3

v1.9.0-rc2

v1.9.0-rc1

v1.8.13

v1.8.12

v1.8.11

v1.8.10

v1.8.9

v1.8.8

v1.8.7

v1.8.6

v1.8.5

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc4

v1.8.0-rc3

v1.8.0-rc2

v1.8.0-rc1

v1.7.16

v1.7.15

v1.7.14

v1.7.13

v1.7.12

v1.7.11

v1.7.10

v1.7.9

v1.7.8

v1.7.7

v1.7.6

v1.7.5

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc4

v1.7.0-rc3

v1.7.0-rc2

v1.7.0-rc1

v1.6.12

v1.6.11

v1.6.10

v1.6.9

v1.6.8

v1.6.7

v1.6.6

v1.6.5

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.13

v1.5.12

v1.5.11

v1.5.10

v1.5.9

v1.5.8

v1.5.7

v1.5.6

v1.5.5

v1.5.4

v1.5.3

v1.5.1

v1.5.0

v1.4.10

v1.4.9

v1.4.8

v1.4.7

v1.4.6

v1.4.5

1.4.4

1.4.3

v1.4.2

1.4.1

v1.4.0

v1.3.8

v1.3.7

1.3.6

1.3.5

v1.3.4

v1.3.3

1.3.2

v1.3.1

1.3.0

v1.2.8

v1.2.7

v1.2.6

v1.2.5

v1.2.4

v1.2.3

1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc1

v1.1.6

1.1.5

v1.1.4

1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.1.0-rc4

v1.1.0-rc3

v1.1.0-rc2

v1.1.0-rc1

v1.0.7

1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v1.0.0-rc9

v1.0.0-rc8

v1.0.0-rc7

v1.0.0-rc6

v1.0.0-rc5

v1.0.0-rc4

v1.0.0-rc2

v1.0.0-rc14

v1.0.0-rc13

v1.0.0-rc11

v1.0.0-rc10

v1.0.0-rc1

v0.11

0.10.1

v0.10.0

v0.9.0

v0.9.0-rc1

v0.8.2

v0.8.1

v0.8.0

Cilium - v1.11.18

We are pleased to release Cilium v1.11.18. This release promotes Deny Policies from beta to stable. It contains fixes related to IPsec, WireGuard, Hubble flow data, as well as a range of other regular bugfixes.

See the notes below for a full description of the changes.

:warning: Warning - IPsec :warning:

Do NOT upgrade to this release if you are using IPsec.

Summary of Changes

Major Changes:
* policy: Promote Deny Policies from Beta to Stable (#25496, @nathanjsweet)

Minor Changes:
* Add agent flag enable-ipsec-key-watcher to allow users to disable the IPsec key watcher and thus require an agent restart for the key rotation to take effect. (Backport PR #26007, Upstream PR #25893, @pchaigno)
* docs: fix wording for the upgrade guide (#26164, @aspsk)

Bugfixes:
* Fix a bug due to which we would leak Linux XFRM policies, potentially leading to increased CPU consumption, when IPsec is enabled with Azure or ENI IPAM. (Backport PR #26021, Upstream PR #25784, @pchaigno)
* Fix a bug that would cause connectivity drops of type XfrmInNoStates on upgrade when IPsec is enabled with ENI or Azure IPAM mode. (Backport PR #26021, Upstream PR #25724, @pchaigno)
* Fix a bug that would cause connectivity drops of type XfrmOutPolBlock on upgrade when IPsec is enabled. (Backport PR #26021, Upstream PR #25735, @pchaigno)
* Fix a possible deadlock when using WireGuard transparent encryption. (Backport PR #25935, Upstream PR #25419, @bimmlerd)
* Fix bug affecting EKS installations with IPsec encryption enabled, where Cilium wouldn't attach its IPsec BPF program to new ENI interfaces, resulting in connectivity loss between pods on remote nodes. (Backport PR #26021, Upstream PR #25744, @joamaki)
* Fix false error log message when IPsec is enabled with IPAM modes ENI or Azure and a remote node is deleted. (Backport PR #26021, Upstream PR #26093, @pchaigno)
* Fix incorrect hubble flow data when HTTP requests contain an x-forwarded-for header by adding an explicit use_remote_address: true config to Envoy HTTP configuration to always use the actual remote address of the incoming connection rather than the value of x-forwarded-for header, which may originate from an untrusted source. This change has no effect on Cilium policy enforcement where the source security identity is always resolved before HTTP headers are parsed. Previous Cilium behavior of not adding x-forwarded-for headers is retained via an explicit skip_xff_append: true config setting, except for Cilium Ingress where the source IP address is now appended to x-forwarded-for header. (Backport PR #25733, Upstream PR #25674, @jrajahalme)
* Fix leak of IPsec XFRM FWD policies in IPAM modes cluster-pool, kubernetes, and crd when nodes are deleted. Fix incorrect catch-all default-drop XFRM OUT policy for IPsec IPv6 traffic that could lead to leaking plain-text IPv6 traffic if combined with some other bug. (Backport PR #26021, Upstream PR #25953, @pchaigno)
* Fix three issues in the bug fix to attach IPsec BPF programs to ENI interfaces: do not fatal if loading unexpectedly fails (which may happen if the device is suddenly deleted), ignore veth device changes in order not to reinitialize when new endpoints appear and wait 1 second for further device state changes between reinitializations. (Backport PR #26021, Upstream PR #25936, @joamaki)

CI Changes:
* [v1.11 backport] test: Switch target FQDN (#25586, @nbusseneau)
* Add github workflow to push development helm charts to quay.io (Backport PR #26089, Upstream PR #25205, @chancez)
* Pick up the latest startup-script image (Backport PR #25920, Upstream PR #25774, @michi-covalent)
* Re-enable the smoke test and the conformance-kind test for the CI. (#26153, @aspsk)
* Temporarily disable part of the conformance-kind test. (#25983, @aspsk)
* test: Collect sysdump as part of artifacts (Backport PR #25920, Upstream PR #25079, @pchaigno)

Misc Changes:
* backport (v1.11): docs: Promote Deny Policies out of Beta (#26149, @nathanjsweet)
* chore(deps): update dependency cilium/hubble to v0.11.6 (v1.11) (#26044, @renovate[bot])
* chore(deps): update quay.io/cilium/hubble docker tag to v0.11.6 (v1.11) (#26000, @renovate[bot])
* install: Fail helm if kube-proxy-replacement is not valid (Backport PR #26007, Upstream PR #25907, @jrajahalme)
* ipsec: Fix cleanup of XFRM states and policies (Backport PR #26021, Upstream PR #26072, @pchaigno)
* Slim down Node handler interface (Backport PR #25935, Upstream PR #25450, @bimmlerd)

Other Changes:
* install: Update image digests for v0.11.17 (#25515, @jrajahalme)
* Reduce complexity of bpf_lxc by splitting per-packet lb to its own tail call (#25993, @aspsk)
* v1.11: Fix L4LB GHA (#25528, @brb)

Docker Manifests

cilium

docker.io/cilium/cilium:v1.11.18@sha256:dda94072012c328fe0d00838f2f7d8ead071019d1d1950ecf44060640bf93cae
quay.io/cilium/cilium:v1.11.18@sha256:dda94072012c328fe0d00838f2f7d8ead071019d1d1950ecf44060640bf93cae

clustermesh-apiserver

docker.io/cilium/clustermesh-apiserver:v1.11.18@sha256:b3e8de4e56c5e16ab8f4482cebf3a12bb12826ba3da3e5890de1ecdc2b34a3ed
quay.io/cilium/clustermesh-apiserver:v1.11.18@sha256:b3e8de4e56c5e16ab8f4482cebf3a12bb12826ba3da3e5890de1ecdc2b34a3ed

docker-plugin

docker.io/cilium/docker-plugin:v1.11.18@sha256:b086fc1ec24b9b2b0bc5f7f525ef76ff608c26dc1bdd76d46729871cbbfb4b08
quay.io/cilium/docker-plugin:v1.11.18@sha256:b086fc1ec24b9b2b0bc5f7f525ef76ff608c26dc1bdd76d46729871cbbfb4b08

hubble-relay

docker.io/cilium/hubble-relay:v1.11.18@sha256:4899d8a98c05ccb7bb3d0b54e18dc72147995b2e8a18db19805d15933ec6e45d
quay.io/cilium/hubble-relay:v1.11.18@sha256:4899d8a98c05ccb7bb3d0b54e18dc72147995b2e8a18db19805d15933ec6e45d

operator-alibabacloud

docker.io/cilium/operator-alibabacloud:v1.11.18@sha256:590062c3797c0d0732d848b8fa09cd5aaf5ce2cbbbc5f5fc860bde79d27c743c
quay.io/cilium/operator-alibabacloud:v1.11.18@sha256:590062c3797c0d0732d848b8fa09cd5aaf5ce2cbbbc5f5fc860bde79d27c743c

operator-aws

docker.io/cilium/operator-aws:v1.11.18@sha256:4b3aeeb5d0de096d68ab249845c4c53c7c595735d529a13a81540597a6b29bb5
quay.io/cilium/operator-aws:v1.11.18@sha256:4b3aeeb5d0de096d68ab249845c4c53c7c595735d529a13a81540597a6b29bb5

operator-azure

docker.io/cilium/operator-azure:v1.11.18@sha256:c833cd215dafcb9a73dc1d435d984038fc46ebd9a0b3d50ceeb8f8c4c7e9ac3d
quay.io/cilium/operator-azure:v1.11.18@sha256:c833cd215dafcb9a73dc1d435d984038fc46ebd9a0b3d50ceeb8f8c4c7e9ac3d

operator-generic

docker.io/cilium/operator-generic:v1.11.18@sha256:bccdcc3036b38581fd44bf7154255956a58d7d13006aae44f419378911dec986
quay.io/cilium/operator-generic:v1.11.18@sha256:bccdcc3036b38581fd44bf7154255956a58d7d13006aae44f419378911dec986

operator

docker.io/cilium/operator:v1.11.18@sha256:0c09e5188d5d8899e7b037fafcc1928a68872f1e48e5f7a128799594c99f8282
quay.io/cilium/operator:v1.11.18@sha256:0c09e5188d5d8899e7b037fafcc1928a68872f1e48e5f7a128799594c99f8282

Details

date

June 15, 2023, 4:14 p.m.

name

1.11.18

type

Patch

official page

https://github.com/cilium/cilium/releases/tag/v1.11.18

👇

🔍View and search all Cilium releases.
🛠️Create and share lists to track your tools.
🚨Setup notifications for major, security, feature or patch updates.
🚀Much more coming soon!

Continue with GitHub

Continue with Google

Username

Password

Password (again)

leave this field blank to prove your humanity