We are pleased to release Cilium v1.10.16. This release contains fixes related to the DNS proxy and to IPsec, as well as a range of other regular bugfixes.
See the notes below for a full description of the changes.
Summary of Changes
Bugfixes:
- daemon: avoid nil pointer dereference on invalid endpoint state (Backport PR #21469, Upstream PR #21449, @tklauser)
- daemon: Fix a nil dereference on cleanup when DNS proxy is not enabled (Backport PR #21469, Upstream PR #21365, @joamaki)
- DNS proxy: forward the original security identity (#21485, @aspsk)
- Fix bug that can cause some traffic covered by an L7 policy to be dropped when IPsec is enabled on EKS. (Backport PR #21641, Upstream PR #21595, @pchaigno)
- Fix bug where traffic sent outside the cluster via ToFQDNs policy would be denied despite a policy that allows it (Backport PR #21563, Upstream PR #20721, @joestringer)
CI Changes:
- Remove Slack notifications (Backport PR #21469, Upstream PR #21239, @michi-covalent)
Misc Changes:
- bugtool: Dump envoy config for troubleshooting (Backport PR #21469, Upstream PR #21348, @sayboras)
- build(deps): bump 8398a7/action-slack from 3.13.2 to 3.14.0 (#21441, @dependabot[bot])
- build(deps): bump actions/cache from 3.0.8 to 3.0.10 (#21555, @dependabot[bot])
- build(deps): bump actions/checkout from 3.0.2 to 3.1.0 (#21575, @dependabot[bot])
- build(deps): bump github/codeql-action from 2.1.22 to 2.1.24 (#21340, @dependabot[bot])
- build(deps): bump github/codeql-action from 2.1.24 to 2.1.25 (#21395, @dependabot[bot])
- build(deps): bump github/codeql-action from 2.1.25 to 2.1.26 (#21515, @dependabot[bot])
- build(deps): bump github/codeql-action from 2.1.26 to 2.1.27 (#21623, @dependabot[bot])
- build(deps): bump helm/kind-action from 1.3.0 to 1.4.0 (#21424, @dependabot[bot])
- cmd/bpf: Log if no policy maps found (Backport PR #21469, Upstream PR #21429, @aditighag)
- contrib: avoid reviews from non-collaborators (Backport PR #21632, Upstream PR #21577, @bimmlerd)
- Fix a typo in the comment example (Backport PR #21469, Upstream PR #21402, @farcaller)
- helm: Fix post-start and pre-stop hooks for cilium-nodeinit on Ubuntu EKS images (Backport PR #21469, Upstream PR #20979, @dctrwatson)
- images: update cilium-{runtime,builder} (#21659, @qmonnet)
- ipcache: Fix lock leak (Backport PR #21563, Upstream PR #20833, @joestringer)
- ipsec: Fix slightly incorrect assumption in XFRM IN policies (Backport PR #21641, Upstream PR #21621, @pchaigno)
- ipsec: Refactoring around
UpsertIPsecEndpoint(Backport PR #21632, Upstream PR #21461, @pchaigno) - ipsec: Simplify XFRM FWD policies (Backport PR #21641, Upstream PR #21602, @pchaigno)
- ipsec: Simplify XFRM IN policies (Backport PR #21469, Upstream PR #21370, @pchaigno)
- makefile: use versioned Go container when formatting after api generate. (Backport PR #21469, Upstream PR #21254, @tommyp1ckles)
Other Changes:
Docker Manifests
cilium
docker.io/cilium/cilium:v1.10.16@sha256:2906afd6fb63e5b0e6746dd3ec8273fd3b0154db1cad3daf7c397e7172e7935e
quay.io/cilium/cilium:v1.10.16@sha256:2906afd6fb63e5b0e6746dd3ec8273fd3b0154db1cad3daf7c397e7172e7935e
clustermesh-apiserver
docker.io/cilium/clustermesh-apiserver:v1.10.16@sha256:9340d9c5cf803e5e7f3e9092cd4737c88077b9fa045772946f2affcb34502f73
quay.io/cilium/clustermesh-apiserver:v1.10.16@sha256:9340d9c5cf803e5e7f3e9092cd4737c88077b9fa045772946f2affcb34502f73
docker-plugin
docker.io/cilium/docker-plugin:v1.10.16@sha256:39f19823fd586631cfca52f16bec08034b440f3539269cf9a27833b813bd86b1
quay.io/cilium/docker-plugin:v1.10.16@sha256:39f19823fd586631cfca52f16bec08034b440f3539269cf9a27833b813bd86b1
hubble-relay
docker.io/cilium/hubble-relay:v1.10.16@sha256:673264a0eb53b8b7ae00d697dec1999d16e5065e2b0b6e31baa88e22401a2c02
quay.io/cilium/hubble-relay:v1.10.16@sha256:673264a0eb53b8b7ae00d697dec1999d16e5065e2b0b6e31baa88e22401a2c02
operator-alibabacloud
docker.io/cilium/operator-alibabacloud:v1.10.16@sha256:ba1c37261ba83f34f11addc6e76479d275c25504b401455b5216e02835cf726a
quay.io/cilium/operator-alibabacloud:v1.10.16@sha256:ba1c37261ba83f34f11addc6e76479d275c25504b401455b5216e02835cf726a
operator-aws
docker.io/cilium/operator-aws:v1.10.16@sha256:a44736e1ad08f26a43721687cddce74a59614d99d2f4bdd48e9bcf04462ecdb7
quay.io/cilium/operator-aws:v1.10.16@sha256:a44736e1ad08f26a43721687cddce74a59614d99d2f4bdd48e9bcf04462ecdb7
operator-azure
docker.io/cilium/operator-azure:v1.10.16@sha256:b10bc5d246803dc8deae52400a7aa73ab67847d814fa8b02cb96812029d962b8
quay.io/cilium/operator-azure:v1.10.16@sha256:b10bc5d246803dc8deae52400a7aa73ab67847d814fa8b02cb96812029d962b8
operator-generic
docker.io/cilium/operator-generic:v1.10.16@sha256:7fe246a59599b37a33d815eb5069223a0713ec751803cfb674176c0438816c69
quay.io/cilium/operator-generic:v1.10.16@sha256:7fe246a59599b37a33d815eb5069223a0713ec751803cfb674176c0438816c69
operator
docker.io/cilium/operator:v1.10.16@sha256:be052d4f0ec5df53d589dafbe2ee5c2f5249e2bd949d8455a672af9aa257c25c
quay.io/cilium/operator:v1.10.16@sha256:be052d4f0ec5df53d589dafbe2ee5c2f5249e2bd949d8455a672af9aa257c25c