github cilium/cilium v1.14.9
1.14.9

latest releases: v1.13.15, v1.14.10, v1.15.4...
29 days ago

We are pleased to release Cilium v1.14.9.

Security Advisories

This release addresses a security vulnerability. For more information, see GHSA-pwqm-x5x6-5586.

Summary of Changes

Minor Changes:

Bugfixes:

  • [v1.14 - Author backport] envoy: enable k8s secret watch even if only CEC is enabled (#31452, @mhofstetter)
  • Fix a bug where pod label updates are not reflected in endpoint labels in presence of filtered labels. (Backport PR #31474, Upstream PR #31395, @tklauser)
  • gateway-api: Retrieve LB service from same namespace (Backport PR #31495, Upstream PR #31271, @sayboras)
  • Handle InvalidParameterValue as well for PD fallback (Backport PR #31495, Upstream PR #31016, @hemanthmalla)
  • helm: Update pod affinity for cilium-envoy (Backport PR #31495, Upstream PR #31150, @sayboras)
  • Hubble: fix traffic direction and is reply when IPSec is enabled (Backport PR #31569, Upstream PR #31211, @kaworu)
  • k8s/utils: correctly filter out labels in StripPodSpecialLabels (Backport PR #31474, Upstream PR #31421, @tklauser)

CI Changes:

Misc Changes:

  • Add monitor aggregation for all events related to packets ingressing to the network-facing device. (Backport PR #31335, Upstream PR #31015, @learnitall)
  • Address race condition in TestGetIdentity (Backport PR #31542, Upstream PR #30885, @bimmlerd)
  • bgpv1: Adjust ConnectionRetryTimeSeconds to 1 in component tests (Backport PR #31335, Upstream PR #31218, @YutaroHayakawa)
  • chore(deps): update all github action dependencies (v1.14) (#31483, @renovate[bot])
  • chore(deps): update all github action dependencies (v1.14) (#31583, @renovate[bot])
  • chore(deps): update dependency cilium/cilium-cli to v0.16.3 (v1.14) (#31465, @renovate[bot])
  • chore(deps): update docker.io/library/golang:1.21.8 docker digest to 8560736 (v1.14) (#31481, @renovate[bot])
  • chore(deps): update gcr.io/distroless/static-debian11:nonroot docker digest to 55c6361 (v1.14) (#31482, @renovate[bot])
  • cilium-dbg: listing load-balancing configurations displays L7LB proxy port (Backport PR #31569, Upstream PR #31503, @mhofstetter)
  • doc: Clarified GwAPI KPR prerequisites (Backport PR #31495, Upstream PR #31366, @PhilipSchmid)
  • docs: Warn on key rotations during upgrades (Backport PR #31495, Upstream PR #31437, @pchaigno)
  • Downgrade L2 Neighbor Discovery failure log to Debug (Backport PR #31335, Upstream PR #31179, @YutaroHayakawa)
  • ingress: Update docs with network policy example (Backport PR #31335, Upstream PR #31060, @sayboras)

Other Changes:

Don't miss a new cilium release

NewReleases is sending notifications on new releases.