Cilium

The interactive file manager requires Javascript. Please enable it or use sftp or scp.
You may still browse the files here.

Name	Modified	Size	InfoDownloads / Week
Parent folder
1.17.5 source code.tar.gz	2025-06-18	47.2 MB	0
1.17.5 source code.zip	2025-06-18	63.2 MB	0
README.md	2025-06-18	7.8 kB	0
Totals: 3 Items		110.5 MB	0

Summary of Changes

Bugfixes: * aws/ENI: Only use pagination when not specifying IDs (Backport PR [#39564], Upstream PR [#39120], @HadrienPatte) * Fix connections to deleted service backends not getting terminated in certain cases involving services with multiple protocol ports. (Backport PR [#39564], Upstream PR [#37745], @foyerunix) * Fix handle_policy_egress programs not being cleaned up during endpoint teardown (Backport PR [#39685], Upstream PR [#39560], @ti-mo) * Fixed bug where datapath is unable to compile when active connection tracking and IPv6 are enabled at the same time. (Backport PR [#39564], Upstream PR [#39509], @dylandreimerink) * Fixes a bug where a CIDRRule of 0.0.0.0/0 would not select all external traffic. (Backport PR [#39765], Upstream PR [#39693], @squeed) * gateway-api: Use original source address for GAMMA (Backport PR [#39685], Upstream PR [#39206], @sayboras) * helm/hubble: Fix wrong value for metrics server tls existingSecret (Backport PR [#39685], Upstream PR [#39668], @devodev) * install/kubernetes: change mapDynamicSizeRatio from number to string (Backport PR [#39963], Upstream PR [#39834], @aanm) * operator: skip retry of node taint update when node not found (Backport PR [#39564], Upstream PR [#39517], @jshr-w) * Persist parent interface index of endpoint across agent restarts (Backport PR [#39765], Upstream PR [#39575], @dylandreimerink) * Policy updates to Envoy no longer consider a single selector as an L3 wildcard. Cilium bpf datapath policy enforcement is not done for Cilium Ingress policy enforcement so the L3 identity needs to be enforced in all cases. (Backport PR [#39564], Upstream PR [#39511], @jrajahalme)

CI Changes: * bpf: test: fix up mis-spelled HAVE_NETNS_COOKIE (Backport PR [#39564], Upstream PR [#39420], @julianwiedmann) * call for metrics in smoke tests from runner instead of installing apt/curl on cilium pod (Backport PR [#39862], Upstream PR [#37362], @Artyop) * gh: e2e: enable secondary-network LB testing for all KPR=true configs (Backport PR [#39780], Upstream PR [#39718], @julianwiedmann) * gh: eks: restore concurrent execution of connectivity tests (Backport PR [#39685], Upstream PR [#39673], @julianwiedmann) * Re-optimize CI build process (Backport PR [#39862], Upstream PR [#39802], @aanm)

Misc Changes: * .github/workflows: remove cilium-cli from build-go-caches ([#39801], @aanm) * [v1.17] bpf: host: don't detect WG traffic in from-netdev@cilium_wg0 ([#38233], @julianwiedmann) * Add a section to talk about the native routing masquerading in the cloud environment. (Backport PR [#39564], Upstream PR [#39343], @liyihuang) * bpf: host: flag Cilium's ESP traffic as TRACE_REASON_ENCRYPTED (Backport PR [#39685], Upstream PR [#39558], @julianwiedmann) * bpf: Skip lxc src IP check for proxy traffic (Backport PR [#39564], Upstream PR [#39530], @sayboras) * bpf:wireguard: reuse MARK_MAGIC_ENCRYPT for encrypted packets (Backport PR [#39652], Upstream PR [#39651], @smagnani96) * chore(deps): update all github action dependencies (v1.17) ([#39476], @cilium-renovate[bot]) * chore(deps): update all github action dependencies (v1.17) ([#39704], @cilium-renovate[bot]) * chore(deps): update all-dependencies (v1.17) ([#39570], @cilium-renovate[bot]) * chore(deps): update all-dependencies (v1.17) ([#39687], @cilium-renovate[bot]) * chore(deps): update all-dependencies (v1.17) ([#39821], @cilium-renovate[bot]) * chore(deps): update all-dependencies (v1.17) ([#39879], @cilium-renovate[bot]) * chore(deps): update dependency protocolbuffers/protobuf to v31 (v1.17) ([#39607], @cilium-renovate[bot]) * chore(deps): update dependency protocolbuffers/protobuf to v31.1 (v1.17) ([#39951], @cilium-renovate[bot]) * chore(deps): update docker.io/library/golang:1.24.3 docker digest to 4c0a181 (v1.17) ([#39725], @cilium-renovate[bot]) * chore(deps): update docker.io/library/golang:1.24.3 docker digest to 81bf592 (v1.17) ([#39822], @cilium-renovate[bot]) * chore(deps): update docker.io/library/golang:1.24.3 docker digest to 86b4cff (v1.17) ([#39605], @cilium-renovate[bot]) * chore(deps): update gcr.io/distroless/static:nonroot docker digest to 188ddfb (v1.17) ([#39606], @cilium-renovate[bot]) * chore(deps): update go to v1.24.4 (v1.17) ([#39949], @cilium-renovate[bot]) * chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.32.6-1749031919-98c55b1d0c1154fb6c9e760583c2dcd7778686e2 (v1.17) ([#39886], @cilium-renovate[bot]) * chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.32.6-1749271279-0864395884b263913eac200ee2048fd985f8e626 (v1.17) ([#39935], @cilium-renovate[bot]) * chore(deps): update stable lvh-images (v1.17) (patch) ([#39703], @cilium-renovate[bot]) * chore(deps): update stable lvh-images (v1.17) (patch) ([#39950], @cilium-renovate[bot]) * HELM: Adding Label Support to clustermesh apiserver service (Backport PR [#39564], Upstream PR [#39520], @camrossi) * mtu/endpoint_updater.go: Check for unix.EINVAL not os.ErrInvalid (Backport PR [#39862], Upstream PR [#39658], @dylandreimerink) * mtu: Catch expected error in endpoint MTU updater (Backport PR [#39685], Upstream PR [#36596], @dylandreimerink) * pkg/fswatcher: Rewrite without underlying use of fsnotify (Backport PR [#39963], Upstream PR [#38537], @glibsm)

Other Changes: * [v1.17] chore(deps): revert etcd bump to v3.6.0 ([#39628], @giorio94) * [v1.17] vendor: Bump Hive and StateDB ([#39689], @joamaki) * install: Update image digests for v1.17.4 ([#39548], @cilium-release-bot[bot])

Docker Manifests

quay.io/cilium/cilium:v1.17.5@sha256:baf8541723ee0b72d6c489c741c81a6fdc5228940d66cb76ef5ea2ce3c639ea6 quay.io/cilium/cilium:stable@sha256:baf8541723ee0b72d6c489c741c81a6fdc5228940d66cb76ef5ea2ce3c639ea6

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.17.5@sha256:78dc40b9cb8d7b1ad21a76ff3e11541809acda2ac4ef94150cc832100edc247d quay.io/cilium/clustermesh-apiserver:stable@sha256:78dc40b9cb8d7b1ad21a76ff3e11541809acda2ac4ef94150cc832100edc247d

docker-plugin

quay.io/cilium/docker-plugin:v1.17.5@sha256:0da0960b1d34d07ff1aba99d491e2413f0285cf09d94b183c4329e7e7b6949cb quay.io/cilium/docker-plugin:stable@sha256:0da0960b1d34d07ff1aba99d491e2413f0285cf09d94b183c4329e7e7b6949cb

hubble-relay

quay.io/cilium/hubble-relay:v1.17.5@sha256:fbb8a6afa8718200fca9381ad274ed695792dbadd2417b0e99c36210ae4964ff quay.io/cilium/hubble-relay:stable@sha256:fbb8a6afa8718200fca9381ad274ed695792dbadd2417b0e99c36210ae4964ff

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.17.5@sha256:654db67929f716b6178a34a15cb8f95e391465085bcf48cdba49819a56fcd259 quay.io/cilium/operator-alibabacloud:stable@sha256:654db67929f716b6178a34a15cb8f95e391465085bcf48cdba49819a56fcd259

operator-aws

quay.io/cilium/operator-aws:v1.17.5@sha256:3e189ec1e286f1bf23d47c45bdeac6025ef7ec3d2dc16190ee768eb94708cbc3 quay.io/cilium/operator-aws:stable@sha256:3e189ec1e286f1bf23d47c45bdeac6025ef7ec3d2dc16190ee768eb94708cbc3

operator-azure

quay.io/cilium/operator-azure:v1.17.5@sha256:add78783fdaced7453a324612eeb9ebecf56002b56c14c73596b3b4923321026 quay.io/cilium/operator-azure:stable@sha256:add78783fdaced7453a324612eeb9ebecf56002b56c14c73596b3b4923321026

operator-generic

quay.io/cilium/operator-generic:v1.17.5@sha256:f954c97eeb1b47ed67d08cc8fb4108fb829f869373cbb3e698a7f8ef1085b09e quay.io/cilium/operator-generic:stable@sha256:f954c97eeb1b47ed67d08cc8fb4108fb829f869373cbb3e698a7f8ef1085b09e

operator

quay.io/cilium/operator:v1.17.5@sha256:815f6e0648724ed4cdbdc072889ad4223de251f21e0503035af91d41dd547cc4 quay.io/cilium/operator:stable@sha256:815f6e0648724ed4cdbdc072889ad4223de251f21e0503035af91d41dd547cc4

Source: README.md, updated 2025-06-18

Cilium Files

eBPF-based networking, security, and observability

Summary of Changes

Docker Manifests