Cilium - v1.12.7

Security

The Cilium core team is pleased to announce v1.12.7. These releases include a range of bugfixes and updates Envoy to v1.22.7 to pull in an updated BoringSSL library dependency to address CVE-2023-0286.

Summary of Changes

Minor Changes: * envoy: Bump envoy version to 1.22.7 (Backport PR #23632, Upstream PR #23502, @sayboras)

Bugfixes: * Avoid deprecation warnings for CiliumEgressNATPolicy when the resource isn't used. (#23226, @pchaigno) * clustermesh: make global and shared service annotations behavior uniform (Backport PR #23515, Upstream PR #23298, @giorio94) * egressgw: ensure stale IP routes/rules are deleted (Backport PR #23465, Upstream PR #23286, @jibi) * etcd kvstore: rate limit watch retries on list errors (Backport PR #23515, Upstream PR #23467, @giorio94) * Fix masquerading bug that caused kube-proxy to pick the wrong IPv4 address in case of tunneling with endpoint routes. (Backport PR #23465, Upstream PR #23241, @pchaigno) * proxy: Fix deadlock in error path of CreateOrUpdateRedirect (Backport PR #23465, Upstream PR #23377, @gandro)

CI Changes: * .github: set do not use provenance from docker buildx (Backport PR #23465, Upstream PR #23431, @aanm) * certloader flake fixes (Backport PR #23465, Upstream PR #22995, @kaworu) * test: print log messages that need to be investigated (Backport PR #23465, Upstream PR #23338, @aanm) * tests: add exception for etcd error (Backport PR #23465, Upstream PR #23334, @aanm)

Misc Changes: * .github/workflows: add version number in GH action (#23623, @aanm) * .github/workflows: fix external contribution detection (Backport PR #23465, Upstream PR #23406, @aanm) * .github/workflows: fix typo in organization parameter (Backport PR #23465, Upstream PR #23424, @aanm) * .github/workflows: PR labeler fix GH workflow if expression (Backport PR #23515, Upstream PR #23482, @aanm) * .github/workflows: set right secret name (Backport PR #23465, Upstream PR #23437, @aanm) * build(deps): bump actions/cache from 3.2.3 to 3.2.4 (#23457, @dependabot[bot]) * build(deps): bump actions/github-script from 6.3.3 to 6.4.0 (#23418, @dependabot[bot]) * build(deps): bump actions/github-script from 6.3.3 to 6.4.0 (#23512, @dependabot[bot]) * build(deps): bump docker/build-push-action from 3.3.0 to 4.0.0 (#23492, @dependabot[bot]) * build(deps): bump docker/setup-buildx-action from 2.2.1 to 2.4.0 (#23458, @dependabot[bot]) * build(deps): bump docker/setup-buildx-action from 2.4.0 to 2.4.1 (#23595, @dependabot[bot]) * build(deps): bump github/codeql-action from 2.1.39 to 2.2.1 (#23417, @dependabot[bot]) * build(deps): bump github/codeql-action from 2.2.1 to 2.2.2 (#23612, @dependabot[bot]) * build(deps): bump KyleMayes/install-llvm-action from 1.6.1 to 1.7.0 (#23391, @dependabot[bot]) * chore(deps): update docker.io/library/alpine docker tag to v3.16.4 (v1.12) (#23683, @renovate[bot]) * chore(deps): update docker.io/library/ubuntu:20.04 docker digest to b33325a (v1.12) (#23472, @renovate[bot]) * cilium: Fix missing error log dump from compilation (Backport PR #23465, Upstream PR #23339, @borkmann) * docs: Disable exclusive lock when chaining with aws-cni (Backport PR #23465, Upstream PR #23159, @jaygridley) * fqdn/dnsproxy: move init LRU cache call out of StartDNSProxy. (Backport PR #23515, Upstream PR #23429, @tommyp1ckles) * images/runtime: bump iptables package to 1.8.8 (Backport PR #23384, Upstream PR #23163, @jibi) * iptables: add support for iptables >= 1.8.7 (Backport PR #23384, Upstream PR #21096, @jibi) * Pick up etcd v3.5.7 (Backport PR #23515, Upstream PR #23463, @michi-covalent) * support reset backoff period (Backport PR #23515, Upstream PR #21937, @wu0407)

Other Changes: * [v1.12] renovate: Replace update-hubble-version.sh with Renovate Bot (#23530, @gandro) * gha: Replace deprecated set-output commands (#23363, @sayboras) * install: Update image digests for v1.12.6 (#23402, @qmonnet)

Docker Manifests

cilium

docker.io/cilium/cilium:v1.12.7@sha256:8cb6b4742cc27b39e4f789d282a1fc2041decb6f5698bfe09112085a07b1fd61
quay.io/cilium/cilium:v1.12.7@sha256:8cb6b4742cc27b39e4f789d282a1fc2041decb6f5698bfe09112085a07b1fd61
docker.io/cilium/cilium:stable@sha256:8cb6b4742cc27b39e4f789d282a1fc2041decb6f5698bfe09112085a07b1fd61
quay.io/cilium/cilium:stable@sha256:8cb6b4742cc27b39e4f789d282a1fc2041decb6f5698bfe09112085a07b1fd61

clustermesh-apiserver

docker.io/cilium/clustermesh-apiserver:v1.12.7@sha256:999a7599d7088701272acb10dde62169cf1e392e1ec24eade1c592376c39cbb0
quay.io/cilium/clustermesh-apiserver:v1.12.7@sha256:999a7599d7088701272acb10dde62169cf1e392e1ec24eade1c592376c39cbb0
docker.io/cilium/clustermesh-apiserver:stable@sha256:999a7599d7088701272acb10dde62169cf1e392e1ec24eade1c592376c39cbb0
quay.io/cilium/clustermesh-apiserver:stable@sha256:999a7599d7088701272acb10dde62169cf1e392e1ec24eade1c592376c39cbb0

docker-plugin

docker.io/cilium/docker-plugin:v1.12.7@sha256:f6985c1b82828e86894457aef6d035a35191122066df00fc2fc1b8c32177c59d
quay.io/cilium/docker-plugin:v1.12.7@sha256:f6985c1b82828e86894457aef6d035a35191122066df00fc2fc1b8c32177c59d
docker.io/cilium/docker-plugin:stable@sha256:f6985c1b82828e86894457aef6d035a35191122066df00fc2fc1b8c32177c59d
quay.io/cilium/docker-plugin:stable@sha256:f6985c1b82828e86894457aef6d035a35191122066df00fc2fc1b8c32177c59d

hubble-relay

docker.io/cilium/hubble-relay:v1.12.7@sha256:edf491e362b52e2b5461b2bff346a79c76365c9595b675146edd01f9c28ae942
quay.io/cilium/hubble-relay:v1.12.7@sha256:edf491e362b52e2b5461b2bff346a79c76365c9595b675146edd01f9c28ae942
docker.io/cilium/hubble-relay:stable@sha256:edf491e362b52e2b5461b2bff346a79c76365c9595b675146edd01f9c28ae942
quay.io/cilium/hubble-relay:stable@sha256:edf491e362b52e2b5461b2bff346a79c76365c9595b675146edd01f9c28ae942

operator-alibabacloud

docker.io/cilium/operator-alibabacloud:v1.12.7@sha256:e7160f739c6c7d7bc25b080cce2e1dc367e05184625fcb731e7d36c6a968446d
quay.io/cilium/operator-alibabacloud:v1.12.7@sha256:e7160f739c6c7d7bc25b080cce2e1dc367e05184625fcb731e7d36c6a968446d
docker.io/cilium/operator-alibabacloud:stable@sha256:e7160f739c6c7d7bc25b080cce2e1dc367e05184625fcb731e7d36c6a968446d
quay.io/cilium/operator-alibabacloud:stable@sha256:e7160f739c6c7d7bc25b080cce2e1dc367e05184625fcb731e7d36c6a968446d

operator-aws

docker.io/cilium/operator-aws:v1.12.7@sha256:d4d4690aaf6cfffe059791a2657f3bf642fb04b78102d877058bf18cb3ae71ec
quay.io/cilium/operator-aws:v1.12.7@sha256:d4d4690aaf6cfffe059791a2657f3bf642fb04b78102d877058bf18cb3ae71ec
docker.io/cilium/operator-aws:stable@sha256:d4d4690aaf6cfffe059791a2657f3bf642fb04b78102d877058bf18cb3ae71ec
quay.io/cilium/operator-aws:stable@sha256:d4d4690aaf6cfffe059791a2657f3bf642fb04b78102d877058bf18cb3ae71ec

operator-azure

docker.io/cilium/operator-azure:v1.12.7@sha256:c3987e003f33a7e47febd751ce7802edb99de7af3c25d1beb160a8b16898d7e4
quay.io/cilium/operator-azure:v1.12.7@sha256:c3987e003f33a7e47febd751ce7802edb99de7af3c25d1beb160a8b16898d7e4
docker.io/cilium/operator-azure:stable@sha256:c3987e003f33a7e47febd751ce7802edb99de7af3c25d1beb160a8b16898d7e4
quay.io/cilium/operator-azure:stable@sha256:c3987e003f33a7e47febd751ce7802edb99de7af3c25d1beb160a8b16898d7e4

operator-generic

docker.io/cilium/operator-generic:v1.12.7@sha256:80f24810bf8484974c757382eb2c7408c9c024e5cb0719f4a56fba3f47695c72
quay.io/cilium/operator-generic:v1.12.7@sha256:80f24810bf8484974c757382eb2c7408c9c024e5cb0719f4a56fba3f47695c72
docker.io/cilium/operator-generic:stable@sha256:80f24810bf8484974c757382eb2c7408c9c024e5cb0719f4a56fba3f47695c72
quay.io/cilium/operator-generic:stable@sha256:80f24810bf8484974c757382eb2c7408c9c024e5cb0719f4a56fba3f47695c72

operator

docker.io/cilium/operator:v1.12.7@sha256:feb89658583c5e35197aebae147eb9888db96fe56e5db18897b788d179452e35
quay.io/cilium/operator:v1.12.7@sha256:feb89658583c5e35197aebae147eb9888db96fe56e5db18897b788d179452e35
docker.io/cilium/operator:stable@sha256:feb89658583c5e35197aebae147eb9888db96fe56e5db18897b788d179452e35
quay.io/cilium/operator:stable@sha256:feb89658583c5e35197aebae147eb9888db96fe56e5db18897b788d179452e35


Details

date
Feb. 14, 2023, 2:09 p.m.
name
1.12.7
type
Patch
👇
Register or login to:
  • 🔍View and search all Cilium releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or