Skip to content

1.9.16

Compare
Choose a tag to compare
@joestringer joestringer released this 16 May 19:54
· 8549 commits to master since this release
v1.9.16

We are pleased to release Cilium v1.9.16.

The following security issues have been identified and resolved by the community. These vulnerabilities first require an adversary to gain node-level access to nodes where Cilium is running, for instance gaining root access to the nodes, or gaining access to a user associated with group 1000. See the individual security advisories below for more details:

  • CVE-2022-29179 (CVSS score: High, 7.5, CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
  • CVE-2022-29178 (CVSS score:Moderate, 4.2, CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L)

Users are recommended to update following the upgrade guide to ensure that the Cilium ClusterRoles are correctly upgraded.

Summary of Changes

Minor Changes:

CI Changes:

Misc Changes:

  • build(deps): bump docker/login-action from 1.14.1 to 2 (#19741, @dependabot[bot])
  • build(deps): bump docker/setup-buildx-action from 1.6.0 to 1.7.0 (#19621, @dependabot[bot])
  • build(deps): bump docker/setup-buildx-action from 1.7.0 to 2 (#19740, @dependabot[bot])
  • docs: fix version warning URL to point to docs.cilium.io (Backport PR #19583, Upstream PR #19563, @aanm)
  • docs: set the right url for API version check (Backport PR #19680, Upstream PR #19610, @aanm)
  • docs: Update max MTU value for Nodeport XDP on AWS (Backport PR #19680, Upstream PR #19593, @qmonnet)
  • images/cilium: remove cilium group from Dockerfile (Backport PR #19733, Upstream PR #19711, @aanm)
  • LRP minor improvements (Backport PR #19583, Upstream PR #19489, @aditighag)
  • pkg/k8s: use subresource "nodes/status" to update node annotations (Backport PR #19675, Upstream PR #19590, @aanm)
  • Trimmed down Cilium's Cluster Roles to only the necessary rules (Backport PR #19675, Upstream PR #19074, @aanm)

Other Changes:

Docker Manifests

cilium

docker.io/cilium/cilium:v1.9.16@sha256:984fe4256c6a88595c4661ec04a76c51c189a7f50c676f5dbbc0383b82104d78
quay.io/cilium/cilium:v1.9.16@sha256:984fe4256c6a88595c4661ec04a76c51c189a7f50c676f5dbbc0383b82104d78

clustermesh-apiserver

docker.io/cilium/clustermesh-apiserver:v1.9.16@sha256:c66958e4785f609892fa0bd08d1102e816e60c5bcf266de14a1533a8726e0188
quay.io/cilium/clustermesh-apiserver:v1.9.16@sha256:c66958e4785f609892fa0bd08d1102e816e60c5bcf266de14a1533a8726e0188

docker-plugin

docker.io/cilium/docker-plugin:v1.9.16@sha256:b4d4e191cdc58c53f5ffcd75b79376cc71d986e616605bb5f6caee510f105429
quay.io/cilium/docker-plugin:v1.9.16@sha256:b4d4e191cdc58c53f5ffcd75b79376cc71d986e616605bb5f6caee510f105429

hubble-relay

docker.io/cilium/hubble-relay:v1.9.16@sha256:1f1fc947bb0315c9d2b38c11a4e8c9158d6d800c81aef7cfd025ce05e63b6958
quay.io/cilium/hubble-relay:v1.9.16@sha256:1f1fc947bb0315c9d2b38c11a4e8c9158d6d800c81aef7cfd025ce05e63b6958

operator-aws

docker.io/cilium/operator-aws:v1.9.16@sha256:37b34b522e6008626a403724faae0fa05db5551d8b6b76f16084697d7fa94800
quay.io/cilium/operator-aws:v1.9.16@sha256:37b34b522e6008626a403724faae0fa05db5551d8b6b76f16084697d7fa94800

operator-azure

docker.io/cilium/operator-azure:v1.9.16@sha256:e883d83314435e7c9ec7c1815746d63505b28eb97f4eb3f8c87177ef7e62bb18
quay.io/cilium/operator-azure:v1.9.16@sha256:e883d83314435e7c9ec7c1815746d63505b28eb97f4eb3f8c87177ef7e62bb18

operator-generic

docker.io/cilium/operator-generic:v1.9.16@sha256:0cd8f0e7de19c873e7c5af02fbfa9f21b50ff4078f4c76dfa439c9a3c249738c
quay.io/cilium/operator-generic:v1.9.16@sha256:0cd8f0e7de19c873e7c5af02fbfa9f21b50ff4078f4c76dfa439c9a3c249738c

operator

docker.io/cilium/operator:v1.9.16@sha256:d1fa15e86dd8b2e06d1c918f21a8876b771090bbe11030c1ce15646fffce28f6
quay.io/cilium/operator:v1.9.16@sha256:d1fa15e86dd8b2e06d1c918f21a8876b771090bbe11030c1ce15646fffce28f6