1.16.11
Summary of Changes
Bugfixes:
- Fixed bug where datapath is unable to compile when active connection tracking and IPv6 are enabled at the same time. (Backport PR #39563, Upstream PR #39509, @dylandreimerink)
- Policy updates to Envoy no longer consider a single selector as an L3 wildcard. Cilium bpf datapath policy enforcement is not done for Cilium Ingress policy enforcement so the L3 identity needs to be enforced in all cases. (Backport PR #39563, Upstream PR #39511, @jrajahalme)
CI Changes:
- bpf: test: fix up mis-spelled HAVE_NETNS_COOKIE (Backport PR #39563, Upstream PR #39420, @julianwiedmann)
- call for metrics in smoke tests from runner instead of installing apt/curl on cilium pod (Backport PR #39863, Upstream PR #37362, @Artyop)
- Re-optimize CI build process (Backport PR #39863, Upstream PR #39802, @aanm)
Misc Changes:
- Add a section to talk about the native routing masquerading in the cloud environment. (Backport PR #39563, Upstream PR #39343, @liyihuang)
- bpf: Skip lxc src IP check for proxy traffic (Backport PR #39563, Upstream PR #39530, @sayboras)
- chore(deps): update all github action dependencies (v1.16) (#39320, @cilium-renovate[bot])
- chore(deps): update all github action dependencies (v1.16) (#39711, @cilium-renovate[bot])
- chore(deps): update all-dependencies (v1.16) (#39571, @cilium-renovate[bot])
- chore(deps): update all-dependencies (v1.16) (#39705, @cilium-renovate[bot])
- chore(deps): update all-dependencies (v1.16) (#39880, @cilium-renovate[bot])
- chore(deps): update dependency protocolbuffers/protobuf to v31 (v1.16) (#39610, @cilium-renovate[bot])
- chore(deps): update docker.io/library/golang:1.24.3 docker digest to 4c0a181 (v1.16) (#39706, @cilium-renovate[bot])
- chore(deps): update docker.io/library/golang:1.24.3 docker digest to 86b4cff (v1.16) (#39608, @cilium-renovate[bot])
- chore(deps): update go to v1.24.4 (v1.16) (#39952, @cilium-renovate[bot])
- chore(deps): update kindest/node docker tag to v1.30.13 (v1.16) (#39609, @cilium-renovate[bot])
- chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.32.6-1749031919-98c55b1d0c1154fb6c9e760583c2dcd7778686e2 (v1.16) (#39887, @cilium-renovate[bot])
- chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.32.6-1749271279-0864395884b263913eac200ee2048fd985f8e626 (v1.16) (#39936, @cilium-renovate[bot])
- chore(deps): update stable lvh-images (v1.16) (patch) (#39707, @cilium-renovate[bot])
- pkg/fswatcher: Rewrite without underlying use of fsnotify (Backport PR #39964, Upstream PR #38537, @glibsm)
Other Changes:
- [v1.16] ci: don't run k8s conformance tests in conformance-k8s-kind (#40010, @tklauser)
- [v1.16] proxy: Bump cilium/proxy version (#39591, @sayboras)
- install: Update image digests for v1.16.10 (#39547, @cilium-release-bot[bot])
Docker Manifests
cilium
quay.io/cilium/cilium:v1.16.11@sha256:62b179173d9d3f32bdd09023887898e7eeb9cc211fdcc787a54007eb931e5d57
clustermesh-apiserver
quay.io/cilium/clustermesh-apiserver:v1.16.11@sha256:60f2322bedb4211aefc99c2d156f6195b05ecbf5dc349213de4b4fc3086db97b
docker-plugin
quay.io/cilium/docker-plugin:v1.16.11@sha256:f8159930333ad8d4795365cdd20149d0cf07208324a2d4d68c73fc8fb0c8e4b6
hubble-relay
quay.io/cilium/hubble-relay:v1.16.11@sha256:332d66b17d0a1248b2d5b36d991a37bbaa23ac209a9de92fc3f4baa074d97310
operator-alibabacloud
quay.io/cilium/operator-alibabacloud:v1.16.11@sha256:6fca4b1243a9ed66eb908851ccddc92a97e8c429b6f78f73104663738d0ed4b2
operator-aws
quay.io/cilium/operator-aws:v1.16.11@sha256:507295bd07da671bf74d5bb0a478f244469be493eff1474933e31d0c50e16d85
operator-azure
quay.io/cilium/operator-azure:v1.16.11@sha256:d7cc7d82e5a6726b3a71ba6fb98bbefb662f9be7d659867437872e869fe726a0
operator-generic
quay.io/cilium/operator-generic:v1.16.11@sha256:b66f5243f544303c74fa1a7104914afa497012a47a51a62dcb6ceaac5461b602
operator
quay.io/cilium/operator:v1.16.11@sha256:4b2af48ed98211e592233b2bf86de4515435eaf3625a7218cb80a055475b3508