deps: bump github.com/cilium/cilium from 1.15.16 to 1.17.6 #3835

dependabot · 2025-07-16T09:58:08Z

Bumps github.com/cilium/cilium from 1.15.16 to 1.17.6.

Release notes

Sourced from github.com/cilium/cilium's releases.

1.17.5

Summary of Changes

Bugfixes:

aws/ENI: Only use pagination when not specifying IDs (Backport PR cilium/cilium#39564, Upstream PR cilium/cilium#39120, @HadrienPatte)

Fix connections to deleted service backends not getting terminated in certain cases involving services with multiple protocol ports. (Backport PR cilium/cilium#39564, Upstream PR cilium/cilium#37745, @foyerunix)

Fix handle_policy_egress programs not being cleaned up during endpoint teardown (Backport PR cilium/cilium#39685, Upstream PR cilium/cilium#39560, @ti-mo)

Fixed bug where datapath is unable to compile when active connection tracking and IPv6 are enabled at the same time. (Backport PR cilium/cilium#39564, Upstream PR cilium/cilium#39509, @dylandreimerink)

Fixes a bug where a CIDRRule of 0.0.0.0/0 would not select all external traffic. (Backport PR cilium/cilium#39765, Upstream PR cilium/cilium#39693, @squeed)

gateway-api: Use original source address for GAMMA (Backport PR cilium/cilium#39685, Upstream PR cilium/cilium#39206, @sayboras)

helm/hubble: Fix wrong value for metrics server tls existingSecret (Backport PR cilium/cilium#39685, Upstream PR cilium/cilium#39668, @devodev)

install/kubernetes: change mapDynamicSizeRatio from number to string (Backport PR cilium/cilium#39963, Upstream PR cilium/cilium#39834, @aanm)

operator: skip retry of node taint update when node not found (Backport PR cilium/cilium#39564, Upstream PR cilium/cilium#39517, @jshr-w)

Persist parent interface index of endpoint across agent restarts (Backport PR cilium/cilium#39765, Upstream PR cilium/cilium#39575, @dylandreimerink)

Policy updates to Envoy no longer consider a single selector as an L3 wildcard. Cilium bpf datapath policy enforcement is not done for Cilium Ingress policy enforcement so the L3 identity needs to be enforced in all cases. (Backport PR cilium/cilium#39564, Upstream PR cilium/cilium#39511, @jrajahalme)

CI Changes:

bpf: test: fix up mis-spelled HAVE_NETNS_COOKIE (Backport PR cilium/cilium#39564, Upstream PR cilium/cilium#39420, @julianwiedmann)

call for metrics in smoke tests from runner instead of installing apt/curl on cilium pod (Backport PR cilium/cilium#39862, Upstream PR cilium/cilium#37362, @Artyop)

gh: e2e: enable secondary-network LB testing for all KPR=true configs (Backport PR cilium/cilium#39780, Upstream PR cilium/cilium#39718, @julianwiedmann)

gh: eks: restore concurrent execution of connectivity tests (Backport PR cilium/cilium#39685, Upstream PR cilium/cilium#39673, @julianwiedmann)

Re-optimize CI build process (Backport PR cilium/cilium#39862, Upstream PR cilium/cilium#39802, @aanm)

Misc Changes:

cilium/cilium#39801@aanm)

cilium/cilium#38233@julianwiedmann)

Add a section to talk about the native routing masquerading in the cloud environment. (Backport PR cilium/cilium#39564, Upstream PR cilium/cilium#39343, @liyihuang)

bpf: host: flag Cilium's ESP traffic as TRACE_REASON_ENCRYPTED (Backport PR cilium/cilium#39685, Upstream PR cilium/cilium#39558, @julianwiedmann)

bpf: Skip lxc src IP check for proxy traffic (Backport PR cilium/cilium#39564, Upstream PR cilium/cilium#39530, @sayboras)

bpf:wireguard: reuse MARK_MAGIC_ENCRYPT for encrypted packets (Backport PR cilium/cilium#39652, Upstream PR cilium/cilium#39651, @smagnani96)

cilium/cilium#39476@cilium-renovate[bot])

cilium/cilium#39704@cilium-renovate[bot])

cilium/cilium#39570@cilium-renovate[bot])

cilium/cilium#39687@cilium-renovate[bot])

cilium/cilium#39821@cilium-renovate[bot])

cilium/cilium#39879@cilium-renovate[bot])

cilium/cilium#39607@cilium-renovate[bot])

cilium/cilium#39951@cilium-renovate[bot])

cilium/cilium#39725@cilium-renovate[bot])

cilium/cilium#39822@cilium-renovate[bot])

cilium/cilium#39605@cilium-renovate[bot])

cilium/cilium#39606@cilium-renovate[bot])

cilium/cilium#39949@cilium-renovate[bot])

cilium/cilium#39886@cilium-renovate[bot])

cilium/cilium#39935@cilium-renovate[bot])

cilium/cilium#39703@cilium-renovate[bot])

cilium/cilium#39950@cilium-renovate[bot])

HELM: Adding Label Support to clustermesh apiserver service (Backport PR cilium/cilium#39564, Upstream PR cilium/cilium#39520, @camrossi)

mtu/endpoint_updater.go: Check for unix.EINVAL not os.ErrInvalid (Backport PR cilium/cilium#39862, Upstream PR cilium/cilium#39658, @dylandreimerink)

... (truncated)

Changelog

Sourced from github.com/cilium/cilium's changelog.

v1.17.6

Summary of Changes

Minor Changes:

helm: KPR subflag changes (Backport PR cilium/cilium#40222, Upstream PR cilium/cilium#39721, @brb)

Bugfixes:

Deny policies are now synced to Envoy so that they can be enforced for Ingress policies. (Backport PR cilium/cilium#40187, Upstream PR cilium/cilium#39736, @jrajahalme)

Do not fail the agent startup in case IPv6 support is enabled and the node does not have an IPv6 address assigned yet (Backport PR cilium/cilium#40205, Upstream PR cilium/cilium#40143, @pippolo84)

cilium/cilium#40361@giorio94)

Fix data race involving DumpReliablyWithCallback map operation. (Backport PR cilium/cilium#40094, Upstream PR cilium/cilium#38590, @aditighag)

Fix IPAM IP release racing condition when IP reassigned back to ENI (Backport PR cilium/cilium#40289, Upstream PR cilium/cilium#40019, @victorcq)

hubble automatically pick the hubble-prefer-ipv6 to true if ipv4 not enabled (Backport PR cilium/cilium#40289, Upstream PR cilium/cilium#40210, @chengjoey)

LBIPAM: Fix deletion of CiliumLoadBalancerIPPool with multiple IP blocks that led to an operator crash (Backport PR cilium/cilium#40094, Upstream PR cilium/cilium#40013, @pippolo84)

pkg/egressgateway: ensure gateway IP is IPv4 (Backport PR cilium/cilium#40332, Upstream PR cilium/cilium#40209, @rgo3)

cilium/cilium#40404@fristonio)

CI Changes:

cilium/cilium#39443@ldelossa)

cilium/cilium#40434@smagnani96)

Misc Changes:

.github/workflows: remove reviewers if ciliumbot approved PR (Backport PR cilium/cilium#40094, Upstream PR cilium/cilium#39989, @aanm)

auto-approve: add repository as part command (Backport PR cilium/cilium#40094, Upstream PR cilium/cilium#40050, @aanm)

auto-approve: add repository as part command (Backport PR cilium/cilium#40332, Upstream PR cilium/cilium#40089, @aanm)

cilium/cilium#40158@cilium-renovate[bot])

cilium/cilium#40044@cilium-renovate[bot])

cilium/cilium#40458@cilium-renovate[bot])

cilium/cilium#39948@cilium-renovate[bot])

cilium/cilium#40424@cilium-renovate[bot])

cilium/cilium#40466@cilium-renovate[bot])

cilium/cilium#40157@cilium-renovate[bot])

cilium: fix socket termination for v4-in-v6 clients (Backport PR cilium/cilium#40295, Upstream PR cilium/cilium#39994, @borkmann)

contrib/git: add merge drivers to automate post-merge commands (Backport PR cilium/cilium#40289, Upstream PR cilium/cilium#40189, @aanm)

disk-cleanup: parallelize cleanup process to speed up step (Backport PR cilium/cilium#40094, Upstream PR cilium/cilium#40054, @aanm)

doc:ipsec:kvstore: explicit limitations that could lead to staling XFRM states and no connectivity (Backport PR cilium/cilium#40176, Upstream PR cilium/cilium#39719, @smagnani96)

docs/ipsec: Fix incorrect statement on hostns encryption (Backport PR cilium/cilium#40176, Upstream PR cilium/cilium#40133, @pchaigno)

Makefile: Require API generation commands to succeed (Backport PR cilium/cilium#40205, Upstream PR cilium/cilium#40199, @joestringer)

operator/secretsync: silence reconciliation logs (Backport PR cilium/cilium#40289, Upstream PR cilium/cilium#40217, @tklauser)

proxy: Use upstream envoy control plane API (Backport PR cilium/cilium#40216, Upstream PR cilium/cilium#39672, @sayboras)

cilium/cilium#40480@brb)

Other Changes:

cilium/cilium#40088@sayboras)

cilium/cilium#40317@tamilmani1989)

cilium/cilium#40448@jrajahalme)

cilium/cilium#40368@sayboras)

cilium/cilium#40117@cilium-release-bot[bot])

... (truncated)

Commits

ee3ca4a Prepare for release v1.17.6
3f4aade helm: Restore hostPort.enabled flag
8ed7d66 chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.33.4-1752151...
1575b57 docs: Document encapsulation options
c2619fe images: update cilium-{runtime,builder}
554570b chore(deps): update go to v1.24.5
567e89f images: update cilium-{runtime,builder}
285be39 chore(deps): update all-dependencies
97e1275 bpf: Recreate CT entry in forward direction only
02d2e02 envoy: Bump cilium-envoy to the latest v1.33.x
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/cilium/cilium](https://github.com/cilium/cilium) from 1.15.16 to 1.17.6. - [Release notes](https://github.com/cilium/cilium/releases) - [Changelog](https://github.com/cilium/cilium/blob/1.17.6/CHANGELOG.md) - [Commits](cilium/cilium@1.15.16...1.17.6) --- updated-dependencies: - dependency-name: github.com/cilium/cilium dependency-version: 1.17.6 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Dependencies only. label Jul 16, 2025

dependabot bot requested a review from a team as a code owner July 16, 2025 09:58

dependabot bot requested a review from anubhabMajumdar July 16, 2025 09:58

dependabot bot mentioned this pull request Jul 16, 2025

deps: bump github.com/cilium/cilium from 1.15.15 to 1.17.5 #3744

Closed

dependabot bot requested a review from miguelgoms July 16, 2025 09:58

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

deps: bump github.com/cilium/cilium from 1.15.16 to 1.17.6 #3835

deps: bump github.com/cilium/cilium from 1.15.16 to 1.17.6 #3835

Uh oh!

dependabot bot commented on behalf of github Jul 16, 2025

Uh oh!

Uh oh!

deps: bump github.com/cilium/cilium from 1.15.16 to 1.17.6 #3835

Are you sure you want to change the base?

deps: bump github.com/cilium/cilium from 1.15.16 to 1.17.6 #3835

Uh oh!

Conversation

dependabot bot commented on behalf of github Jul 16, 2025

1.17.5

Summary of Changes

v1.17.6

Summary of Changes

Uh oh!

Uh oh!