Overview All releases

Version History

v1.16.0-pre.1 v1.16.0-pre.0 v1.15.4 v1.15.3 v1.15.2 v1.15.1 v1.15.0 v1.15.0-rc.1 v1.15.0-rc.0 v1.15.0-pre.3 v1.15.0-pre.2 v1.15.0-pre.1 v1.15.0-pre.0 v1.14.10 v1.14.9 v1.14.8 v1.14.7 v1.14.6 v1.14.5 v1.14.4 v1.14.3 v1.14.2 v1.14.1 v1.14.0 v1.14.0-snapshot.4 v1.14.0-snapshot.3

v1.14.0-snapshot.2

v1.14.0-snapshot.1

v1.14.0-snapshot.0

v1.14.0-rc.1 v1.14.0-rc.0 v1.13.15 v1.13.14 v1.13.13 v1.13.12 v1.13.11 v1.13.10 v1.13.9 v1.13.8 v1.13.7 v1.13.6 v1.13.5 v1.13.4 v1.13.3 v1.13.2 v1.13.1 v1.13.0

v1.13.0-rc5

v1.13.0-rc4

v1.13.0-rc3

v1.13.0-rc2

v1.13.0-rc1

v1.13.0-rc0

v1.12.19 v1.12.18 v1.12.17 v1.12.16

v1.12.15

v1.12.14 v1.12.13 v1.12.12 v1.12.11 v1.12.10 v1.12.9 v1.12.8 v1.12.7 v1.12.6 v1.12.5 v1.12.4 v1.12.3 v1.12.2 v1.12.1 v1.12.0

v1.12.0-rc3

v1.12.0-rc2

v1.12.0-rc1

v1.12.0-rc0

v1.11.20 v1.11.19 v1.11.18 v1.11.17 v1.11.16 v1.11.15 v1.11.14 v1.11.13 v1.11.12 v1.11.11 v1.11.10 v1.11.9 v1.11.8 v1.11.7 v1.11.6 v1.11.5 v1.11.4 v1.11.3 v1.11.2 v1.11.1

v1.11.0

v1.11.0-rc3

v1.11.0-rc2

v1.11.0-rc1

v1.11.0-rc0

v1.10.20 v1.10.19 v1.10.18 v1.10.17 v1.10.16 v1.10.15 v1.10.14 v1.10.13 v1.10.12 v1.10.11 v1.10.10 v1.10.9 v1.10.8 v1.10.7

v1.10.6

v1.10.5

v1.10.4

v1.10.3

v1.10.2

v1.10.1

v1.10.0

v1.10.0-rc2

v1.10.0-rc1

v1.10.0-rc0

v1.9.18 v1.9.17 v1.9.16 v1.9.15 v1.9.14 v1.9.13 v1.9.12

v1.9.11

v1.9.10

v1.9.9

v1.9.8

v1.9.7

v1.9.6

v1.9.5

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc3

v1.9.0-rc2

v1.9.0-rc1

v1.8.13

v1.8.12

v1.8.11

v1.8.10

v1.8.9

v1.8.8

v1.8.7

v1.8.6

v1.8.5

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc4

v1.8.0-rc3

v1.8.0-rc2

v1.8.0-rc1

v1.7.16

v1.7.15

v1.7.14

v1.7.13

v1.7.12

v1.7.11

v1.7.10

v1.7.9

v1.7.8

v1.7.7

v1.7.6

v1.7.5

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc4

v1.7.0-rc3

v1.7.0-rc2

v1.7.0-rc1

v1.6.12

v1.6.11

v1.6.10

v1.6.9

v1.6.8

v1.6.7

v1.6.6

v1.6.5

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.13

v1.5.12

v1.5.11

v1.5.10

v1.5.9

v1.5.8

v1.5.7

v1.5.6

v1.5.5

v1.5.4

v1.5.3

v1.5.1

v1.5.0

v1.4.10

v1.4.9

v1.4.8

v1.4.7

v1.4.6

v1.4.5

1.4.4

1.4.3

v1.4.2

1.4.1

v1.4.0

v1.3.8

v1.3.7

1.3.6

1.3.5

v1.3.4

v1.3.3

1.3.2

v1.3.1

1.3.0

v1.2.8

v1.2.7

v1.2.6

v1.2.5

v1.2.4

v1.2.3

1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc1

v1.1.6

1.1.5

v1.1.4

1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.1.0-rc4

v1.1.0-rc3

v1.1.0-rc2

v1.1.0-rc1

v1.0.7

1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v1.0.0-rc9

v1.0.0-rc8

v1.0.0-rc7

v1.0.0-rc6

v1.0.0-rc5

v1.0.0-rc4

v1.0.0-rc2

v1.0.0-rc14

v1.0.0-rc13

v1.0.0-rc11

v1.0.0-rc10

v1.0.0-rc1

v0.11

0.10.1

v0.10.0

v0.9.0

v0.9.0-rc1

v0.8.2

v0.8.1

v0.8.0

Cilium - v1.12.15

Security

We are pleased to release Cilium v1.12.15. This is bug fix release addressing the recent HTTP/2 Stream Cancellation Attack (CVE-2023-44487) and other bugs:
- Envoy GHSA-jhv4-f7mr-xx76
- Go GHSA-qppj-fm5r-hxr3

Summary of Changes

Minor Changes:
* bump grpc dependency to 1.56.3 to fix security vulnerability https://github.com/advisories/GHSA-qppj-fm5r-hxr3 (#28529, @aanm)
* vendor, azure: Bump Azure SDK to Aug 2021 (Backport PR #28317, Upstream PR #28311, @christarazi)

Bugfixes:
* Add drop notifications for various error paths in the datapath. (Backport PR #28437, Upstream PR #25183, @julianwiedmann)
* Add drop notifications from various error paths in the BPF datapath. (Backport PR #28444, Upstream PR #26956, @julianwiedmann)
* bpf: fix error handling for invoke_tailcall_if() (Backport PR #28414, Upstream PR #26118, @julianwiedmann)
* bpf: lxc: fix one missing drop notification in CT lookup tail calls (Backport PR #28351, Upstream PR #26115, @julianwiedmann)
* envoy: Sync supported resources to fix not found issue (Backport PR #28351, Upstream PR #28272, @sayboras)
* Fix a bug that causes pod-to-pod traffic between nodes to be dropped when IPsec is enabled and kube-proxy installed rules in both iptables-nft and iptables-legacy. (Backport PR #28444, Upstream PR #28258, @pchaigno)
* Fix missing drop notifications on conntrack lookup failures when IPv4 and IPv6 are both enabled or socket-level load balancing is disabled. (Backport PR #28295, Upstream PR #25426, @bleggett)
* Fix the trace notification for hairpinned reply traffic, to indicate the correct security identity for the client. (Backport PR #28295, Upstream PR #28133, @julianwiedmann)
* Fixes a bug causing panic when counting IPsec keys number via "cilium encrypt status". (Backport PR #28295, Upstream PR #27996, @jschwinger233)
* pkg/node: Updates GetIPv6AllocCIDRs() to Properly Return Secondary CIDRs (Backport PR #28104, Upstream PR #27855, @danehans)

CI Changes:
* [v1.12] ci: Add a call to the update label backport action (#27879, @pippolo84)
* [v1.14] GHA: Add clustermesh upgrade and downgrade tests (Backport PR #28564, Upstream PR #28355, @giorio94)
* CI: Add conn-disrupt-test action for reuse (Backport PR #28152, Upstream PR #27567, @jschwinger233)
* CI: Add conn-disrupt-test action for reuse (Backport PR #28295, Upstream PR #27567, @jschwinger233)
* CI: Add IPsec key rotation test (Backport PR #28152, Upstream PR #27203, @jschwinger233)
* CI: Move IPsec CI jobs into separate pipelines (Backport PR #28152, Upstream PR #26730, @jschwinger233)
* ci: Run BPF lints on workflow definition changes (Backport PR #28295, Upstream PR #28122, @qmonnet)
* ci: update k8s versions support for v1.12 (#28246, @nbusseneau)
* Do not hardcode the AWS VPC CNI plugin version in the conformance-aws-cni GHA workflow (Backport PR #28444, Upstream PR #28392, @giorio94)
* Refactor CiliumExecContext() Retry Logic (Backport PR #28295, Upstream PR #28131, @carnerito)
* Update image registry to quay.io (Backport PR #28295, Upstream PR #23093, @oxxenix)
* v1.12: manual backport of #27193 (#28227, @nbusseneau)
* workflows/ipsec: Add missing --flush-ct for key rotation (Backport PR #28152, Upstream PR #27883, @pchaigno)

Misc Changes:
* chore(deps): update all github action dependencies (v1.12) (patch) (#28114, @renovate[bot])
* chore(deps): update all github action dependencies to v3 (v1.12) (major) (#28116, @renovate[bot])
* chore(deps): update all lvh-images main (v1.12) (patch) (#27948, @renovate[bot])
* chore(deps): update all lvh-images main (v1.12) (patch) (#28215, @renovate[bot])
* chore(deps): update aws-actions/configure-aws-credentials action to v4 (v1.12) (#28117, @renovate[bot])
* chore(deps): update dependency cilium/hubble to v0.12.1 (v1.12) (#28526, @renovate[bot])
* chore(deps): update dependency cilium/hubble to v0.12.2 (v1.12) (#28568, @renovate[bot])
* chore(deps): update docker.io/library/golang docker tag to v1.20.10 (v1.12) (#28517, @renovate[bot])
* chore(deps): update docker.io/library/golang:1.20.8 docker digest to 700d726 (v1.12) (#28113, @renovate[bot])
* chore(deps): update docker.io/library/ubuntu:20.04 docker digest to 0b5642e (v1.12) (#28582, @renovate[bot])
* chore(deps): update docker/build-push-action action to v4.2.1 (v1.12) (#28115, @renovate[bot])
* chore(deps): update docker/build-push-action action to v5 (v1.12) (#28118, @renovate[bot])
* chore(deps): update myrotvorets/set-commit-status-action action to v2 (v1.12) (#28119, @renovate[bot])
* chore(deps): update quay.io/cilium/hubble docker tag to v0.12.1 (v1.12) (#28544, @renovate[bot])
* chore(deps): update quay.io/cilium/hubble docker tag to v0.12.2 (v1.12) (#28573, @renovate[bot])
* ci: fix AWS EKS K8s versions comment (Backport PR #28295, Upstream PR #28249, @nbusseneau)
* docs: Add more details for the Cluster Mesh key rotation (Backport PR #28295, Upstream PR #28145, @margamanterola)
* docs: egressgw: document incompatibility with Clustermesh (Backport PR #28104, Upstream PR #27918, @julianwiedmann)
* docs: Makefile, check-build.sh clean-ups and perf improvements (Backport PR #28295, Upstream PR #28161, @qmonnet)
* docs: Mention RouteTableInterfacesOffset in system requirements (Backport PR #28444, Upstream PR #28358, @gandro)
* docs: Update Sphinx and its dependencies, Cilium theme (Backport PR #28295, Upstream PR #28172, @qmonnet)
* Fix potential nil pointer dereference in SelectorManager implementation (Backport PR #28104, Upstream PR #27805, @learnitall)
* fix(deps): update module golang.org/x/net to v0.17.0 [security] (#28552, @aanm)
* install/kubernetes: add the cilium/values.yaml target to .PHONY (Backport PR #28295, Upstream PR #28225, @nbusseneau)
* ipsec: Atomically upgrade XFRM states with new output-mark (Backport PR #28564, Upstream PR #28485, @pchaigno)
* Update docs theme (Backport PR #28444, Upstream PR #28403, @raphink)
* Update Hubble UI from v0.11.0 to v0.12.1 (#28536, @rolinh)

Other Changes:
* Backport v1.12: FQDN fixes (#28138, @joamaki)
* cocci: backport fix about incorrect warnings and resolve warning related to a const qualifier (#28287, @giorio94)
* envoy: Bump envoy version to v1.24.11 (#28501, @sayboras)

Security

CVE-2023-44487

Details

date

Oct. 18, 2023, 7:52 a.m.

name

1.12.15

type

Patch

official page

https://github.com/cilium/cilium/releases/tag/v1.12.15

👇

🔍View and search all Cilium releases.
🛠️Create and share lists to track your tools.
🚨Setup notifications for major, security, feature or patch updates.
🚀Much more coming soon!

Continue with GitHub

Continue with Google

Username

Password

Password (again)

leave this field blank to prove your humanity