fix(deps): update module github.com/cilium/cilium to v1.15.13 [security] (v1.1)

[cilium-renovate]

This PR contains the following updates:

Package	Type	Update	Change
github.com/cilium/cilium	require	patch	v1.15.10 -> v1.15.13

---

DoS in Cilium agent DNS proxy from crafted DNS responses

BIT-cilium-2025-23028 / BIT-cilium-operator-2025-23028 / BIT-hubble-relay-2025-23028 / CVE-2025-23028 / GHSA-9m5p-c77c-f9j7

More information

Details

Impact

In a Kubernetes cluster where Cilium is configured to proxy DNS traffic, an attacker can crash Cilium agents by sending a crafted DNS response to workloads from outside the cluster.

For traffic that is allowed but without using DNS-based policy, the dataplane will continue to pass traffic as configured at the time of the DoS. For workloads that have DNS-based policy configured, existing connections may continue to operate, and new connections made without relying on DNS resolution may continue to be established, but new connections which rely on DNS resolution may be disrupted. Any configuration changes that affect the impacted agent may not be applied until the agent is able to restart.

Patches

This issue affects:

• Cilium v1.14 between v1.14.0 and v1.14.17 inclusive
• Cilium v1.15 between v1.15.0 and v1.15.11 inclusive
• Cilium v1.16 between v1.16.0 and v1.16.4 inclusive

This issue is fixed in:

• Cilium v1.14.18
• Cilium v1.15.12
• Cilium v1.16.5

Workarounds

There are no known workarounds to this issue.

Acknowledgements

The Cilium community has worked together with members of Isovalent and the Cisco Advanced Security Initiatives Group (ASIG) to prepare these mitigations. Special thanks to @​kokelley-cisco for reporting this issue and @​bimmlerd for the fix.

For more information

If you have any questions or comments about this advisory, please reach out on Slack.

If you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at [email protected]. This is a private mailing list for the Cilium security team, and your report will be treated as top priority.

Severity

• CVSS Score: 5.3 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

• https://github.com/cilium/cilium/security/advisories/GHSA-9m5p-c77c-f9j7
• https://nvd.nist.gov/vuln/detail/CVE-2025-23028
• https://github.com/cilium/cilium/pull/36252
• https://github.com/cilium/cilium/commit/1971bc684b6b36703ebae0dd7539c623f988a257
• https://github.com/cilium/cilium/commit/b1948e217a4212b81175d8bf763d0ef350fcc96c
• https://github.com/cilium/cilium

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Cilium has an information leakage via insecure default Hubble UI CORS header

BIT-cilium-2025-23047 / BIT-cilium-operator-2025-23047 / BIT-hubble-relay-2025-23047 / CVE-2025-23047 / GHSA-h78m-j95m-5356

More information

Details

Impact

For users who deploy Hubble UI using either Cilium CLI or via the Cilium Helm chart, an insecure default Access-Control-Allow-Origin header value could lead to sensitive data exposure. A user with access to a Hubble UI instance affected by this issue could leak configuration details about the Kubernetes cluster which Hubble UI is monitoring, including node names, IP addresses, and other metadata about workloads and the cluster networking configuration. In order for this vulnerability to be exploited, a victim would have to first visit a malicious page.

Patches

This issue was patched in cilium/cilium@a3489f1

This issue affects:

• Cilium between v1.14.0 and v1.14.18 inclusive
• Cilium between v1.15.0 and v1.15.12 inclusive
• Cilium between v1.16.0 and v1.16.5 inclusive

This issue is patched in:

• Cilium v1.14.19
• Cilium v1.15.13
• Cilium v1.16.6

Workarounds

Users who deploy Hubble UI using the Cilium Helm chart directly can remove the CORS headers from the Helm template as shown in the patch.

Acknowledgements

The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @​ciffelia for reporting this issue and to @​geakstr for the fix.

For more information

If you have any questions or comments about this advisory, please reach out on Slack.

If you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at [email protected]. This is a private mailing list for the Cilium security team, and your report will be treated as top priority.

Severity

• CVSS Score: 6.5 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References

• https://github.com/cilium/cilium/security/advisories/GHSA-h78m-j95m-5356
• https://nvd.nist.gov/vuln/detail/CVE-2025-23047
• https://github.com/cilium/cilium/commit/a3489f190ba6e87b5336ee685fb6c80b1270d06d
• https://github.com/cilium/cilium

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

cilium/cilium (github.com/cilium/cilium)

v1.15.13: 1.15.13

Compare Source

Summary of Changes

Major Changes:

• Add feature tracking in Cilium agent as prometheus metrics (Backport PR #​36483, Upstream PR #​35852, @​aanm)
• Add feature tracking in Cilium Operator as prometheus metrics (Backport PR #​36483, Upstream PR #​36077, @​aanm)

Minor Changes:

• envoy: Use yaml format for bootstrap config (Backport PR #​36864, Upstream PR #​36820, @​sayboras)
• Reject CNP/CCNP with CIDR rules where CIDRGroupRef is used in combination with ExceptCIDRs (#​36560, @​pippolo84)

Bugfixes:

• envoy: Configure internal address config based on IP family (Backport PR #​36864, Upstream PR #​36733, @​sayboras)
• metrics/features: remove reporting metrics' defaults by default (Backport PR #​36483, Upstream PR #​36298, @​aanm)
• ui: drop CORS headers from api response (Backport PR #​36871, Upstream PR #​35762, @​geakstr)

CI Changes:

• [v1.15] .github: Remove CI Fuzz workflow (#​36642, @​joestringer)
• [v1.15] gha: bump ubuntu version in conformance-externalworkloads (#​36857, @​giorio94)
• [v1.15] gha: use /test to trigger tests in stable branches (#​36674, @​giorio94)
• [v1.15] Unblock verifier test LVH image updates (#​36689, @​tklauser)
• ci: fix job names for various ci workflows (Backport PR #​36483, Upstream PR #​36397, @​marseel)
• Extend the check-ipsec-leak bpftrace script to capture additional details of leaked packets (Backport PR #​36783, Upstream PR #​33398, @​giorio94)
• gh: e2e-upgrade: de-renovate the config example (Backport PR #​36638, Upstream PR #​36463, @​julianwiedmann)
• gha: correctly downgrade to patch release in ipsec workflows (Backport PR #​36985, Upstream PR #​36858, @​giorio94)
• gha: merge artifacts in net-perf-gke workflow (Backport PR #​36483, Upstream PR #​36236, @​giorio94)
• gha: Use ubuntu-24.04 for integration-test (Backport PR #​36660, Upstream PR #​36628, @​sayboras)
• Use Clang from cilium-builder image to build BPF code in CI (Backport PR #​36871, Upstream PR #​31754, @​gentoo-root)

Misc Changes:

• .github/workflows: always install cilium-cli (Backport PR #​36483, Upstream PR #​36234, @​aanm)
• .github/workflows: do not fail ginkgo if unable to fetch features (Backport PR #​36483, Upstream PR #​36461, @​aanm)
• .github: fix conformance-k8s NP test (Backport PR #​36483, Upstream PR #​36355, @​aanm)
• [v1.15] Use bash syntax to consume env variable (#​36634, @​ferozsalam)
• Add more features tracking in Cilium agent as prometheus metrics (Backport PR #​36483, Upstream PR #​36078, @​aanm)
• Add policy-related features tracking in Cilium agent as prometheus metrics (Backport PR #​36483, Upstream PR #​36203, @​aanm)
• build: Remove debug leftover from Makefile (Backport PR #​36985, Upstream PR #​36917, @​gentoo-root)
• chore(deps): update all github action dependencies (v1.15) (#​36616, @​cilium-renovate[bot])
• chore(deps): update all github action dependencies (v1.15) (#​36951, @​cilium-renovate[bot])
• chore(deps): update all github action dependencies (v1.15) (patch) (#​36445, @​cilium-renovate[bot])
• chore(deps): update all-dependencies (v1.15) (#​36613, @​cilium-renovate[bot])
• chore(deps): update all-dependencies (v1.15) (#​36903, @​cilium-renovate[bot])
• chore(deps): update dependency cilium/cilium-cli to v0.16.23 (v1.15) (#​36891, @​cilium-renovate[bot])
• chore(deps): update dependency cilium/hubble to v1.16.5 (v1.15) (#​36764, @​cilium-renovate[bot])
• chore(deps): update docker.io/library/golang:1.22.10 docker digest to 1a6e657 (v1.15) (#​36614, @​cilium-renovate[bot])
• chore(deps): update stable lvh-images (v1.15) (patch) (#​36765, @​cilium-renovate[bot])
• docs: Clarify Identity-Relevant Labels description (Backport PR #​36985, Upstream PR #​36924, @​joestringer)
• docs: Clarify the behavior of CiliumNetworkPolicies toCIDRSet (Backport PR #​36638, Upstream PR #​36549, @​verysonglaa)
• Fix make -C Documentation update-cmdref when make uses --jobserver-style=fifo. (Backport PR #​36871, Upstream PR #​36788, @​gentoo-root)
• fix(deps): update module golang.org/x/net to v0.33.0 [security] (v1.15) (#​36712, @​cilium-renovate[bot])
• ingress, gateway-api: Convert test fixtures to file based (Backport PR #​36783, Upstream PR #​36732, @​sayboras)
• metrics/features: enable ClusterMesh (Backport PR #​36483, Upstream PR #​36402, @​aanm)
• metrics/features: refactor metric names (Backport PR #​36483, Upstream PR #​36209, @​aanm)
• Remove reference to DNS polling (Backport PR #​36783, Upstream PR #​36679, @​JacobHenner)

Other Changes:

• [v1.15] envoy: Demote expected initial fetch timeout warning to info level (#​37014, @​sayboras)
• install: Update image digests for v1.15.12 (#​36655, @​cilium-release-bot[bot])

Docker Manifests

cilium

quay.io/cilium/cilium:v1.15.13@​sha256:61d27c5adda269e4d4dffbc3fa619590c2c601bb23e62255d14515c8d6aed9a6

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.15.13@​sha256:e5c925b5109ae93a5eca521acc2a225c1a2ea516a6502ff2a51d1a724b68681d

docker-plugin

quay.io/cilium/docker-plugin:v1.15.13@​sha256:5b242fab9f4a6b6ed3eff3729c8b4974bf997c0446f72a155d8ae593d864c4bc

hubble-relay

quay.io/cilium/hubble-relay:v1.15.13@​sha256:68456e4b0dd3181000af51d89c0664c8b08e8c55d0d8d9ff949efea2a84bdf11

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.15.13@​sha256:360c5d0a26498606fece10cc67fdac859f963934611d17ab0bb3c5fa30b4223e

operator-aws

quay.io/cilium/operator-aws:v1.15.13@​sha256:cca2e5133c4f257cef10f0ad63d0ed5632b7ad556e311b1ae39574eb351b7fe3

operator-azure

quay.io/cilium/operator-azure:v1.15.13@​sha256:9c2f0898a19887c8f043f4742b40ac9b3496934f2c90442b42abf8bb47c26ed8

operator-generic

quay.io/cilium/operator-generic:v1.15.13@​sha256:7ee922f169575ae201cb39c89973f931ce2306df792b8850ab9e3591b9d704a8

operator

quay.io/cilium/operator:v1.15.13@​sha256:9ef72a85e70d87397cf1e5cd1daffdb972960783bfe6cb6d5e6546fc908f2f2e

v1.15.12: 1.15.12

Compare Source

Summary of Changes

Bugfixes:

• bgp: fix race in bgp stores (Backport PR #​36071, Upstream PR #​35971, @​harsimran-pabla)
• cilium-health-ep controller is made to be more robust against successive failures. (Backport PR #​36071, Upstream PR #​35936, @​jrajahalme)
• gateway-api: Fix gateway checks for namespace (Backport PR #​36464, Upstream PR #​35452, @​sayboras)
• Unbreak the cilium-dbg preflight migrate-identity command (Backport PR #​36285, Upstream PR #​36089, @​giorio94)

CI Changes:

• [v1.15] ci: modularize chart CI push workflow (#​35963, @​ferozsalam)
• [v1.15] gha: Upgrade helm/kind-action to the latest upstream (#​36415, @​aanm)
• gha: configure environment in build-images-base/image-digests job (Backport PR #​36464, Upstream PR #​36318, @​giorio94)
• github: Pass the workflow step timeout to go test (Backport PR #​36071, Upstream PR #​35814, @​jrajahalme)
• Remove unnecessary hubble port-forward commands (Backport PR #​36071, Upstream PR #​33523, @​michi-covalent)

Misc Changes:

• [v1.15] docs: egress masquerade selector (#​36407, @​nbusseneau)
• [v1.15] images: bump cni plugins to v1.6.0 (#​36090, @​ferozsalam)
• chore(deps): update all github action dependencies (v1.15) (#​36159, @​cilium-renovate[bot])
• chore(deps): update all github action dependencies (v1.15) (#​36280, @​cilium-renovate[bot])
• chore(deps): update all github action dependencies (v1.15) (#​36449, @​cilium-renovate[bot])
• chore(deps): update all-dependencies (v1.15) (#​36156, @​cilium-renovate[bot])
• chore(deps): update cilium/little-vm-helper action to v0.0.19 (v1.15) (#​36157, @​cilium-renovate[bot])
• chore(deps): update dependency cilium/cilium-cli to v0.16.22 (v1.15) (#​36506, @​cilium-renovate[bot])
• chore(deps): update dependency cilium/hubble to v1.16.4 (v1.15) (#​36146, @​cilium-renovate[bot])
• chore(deps): update docker.io/library/golang:1.22.9 docker digest to 147f428 (v1.15) (#​36223, @​cilium-renovate[bot])
• chore(deps): update go to v1.22.10 (v1.15) (#​36446, @​cilium-renovate[bot])
• chore(deps): update old stable lvh-images (v1.15) (patch) (#​36158, @​cilium-renovate[bot])
• chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.30.7-1733138674-96535afceef9d9f5c28a96cabe4068bf4472d053 (v1.15) (#​36181, @​cilium-renovate[bot])
• chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.30.8-1733718623-70f73cfb053b8039d0541fdd0c120afc5f57a43d (v1.15) (#​36456, @​cilium-renovate[bot])
• chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.30.8-1733837904-eaae5aca0fb988583e5617170a65ac5aa51c0aa8 (v1.15) (#​36496, @​cilium-renovate[bot])
• chore(deps): update quay.io/lvh-images/kind docker tag to bpf-20241129.013349 (v1.15) (#​36281, @​cilium-renovate[bot])
• chore(deps): update quay.io/lvh-images/kind docker tag to bpf-20241206.013345 (v1.15) (#​36447, @​cilium-renovate[bot])
• docs: In k0s guide, remove dashes to fix invalid Bash variable names. (Backport PR #​36071, Upstream PR #​35923, @​yilas)
• docs: WireGuard doesn't require overlay port in Network Firewalls (Backport PR #​36285, Upstream PR #​36208, @​julianwiedmann)
• envoy: Configure internal_address_config to avoid warning log (Backport PR #​36017, Upstream PR #​35943, @​sayboras)
• fix(deps): update module golang.org/x/crypto to v0.31.0 [security] (v1.15) (#​36531, @​cilium-renovate[bot])
• images: Use cilium-builder image instead of golang to build hubble (Backport PR #​36313, Upstream PR #​35697, @​learnitall)
• Makefile: fix swagger definition for automatic renovate updates (Backport PR #​36071, Upstream PR #​35979, @​aanm)
• Update documentation for egress masquerading behavior (Backport PR #​36464, Upstream PR #​36267, @​liyihuang)

Other Changes:

• [1.15] xdp: make cilium_calls_xdp map per-endpoint (#​36099, @​ti-mo)
• install: Update image digests for v1.15.11 (#​36046, @​cilium-release-bot[bot])

Docker Manifests

cilium

quay.io/cilium/cilium:v1.15.12@​sha256:d1793b67d976e1bc0a4ab01b34c94adfcd35a8be7612d04c6d618bf25f50f0d1

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.15.12@​sha256:96541f82229725e21b036adffffd92270c82b4bc0f8c27795058b5f115ad5bd0

docker-plugin

quay.io/cilium/docker-plugin:v1.15.12@​sha256:f564af976d82c09e37f17945e7de9bfc17f76a7f0f4d5529795c22d3fffd2adb

hubble-relay

quay.io/cilium/hubble-relay:v1.15.12@​sha256:19a6458a8ea824052fe74ff06f37222f42e72df41f06b548fe07b9a22daa1203

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.15.12@​sha256:f62872cb96278159e968e3f384ad2ebab30eef9335c2a3838c5bc0bc528398ce

operator-aws

quay.io/cilium/operator-aws:v1.15.12@​sha256:a9d63cbd89e0c7ccf46460809b95e37045092dd297a1bc934afa19a83f4884aa

operator-azure

quay.io/cilium/operator-azure:v1.15.12@​sha256:a89046318bbb87f9ae357566dab448871384cfc7797ef2a3c31abd903d9ec8dc

operator-generic

quay.io/cilium/operator-generic:v1.15.12@​sha256:e48d863367bfd39843917400aa7454ca6a4af74f995cf29a2edb81d7d13c7277

operator

quay.io/cilium/operator:v1.15.12@​sha256:3c40d1c94de94629c02c2c8ee8b69ee6e16c9e60e94ecd343e2a48ebf4a6c430

v1.15.11: 1.15.11

Compare Source

Summary of Changes

Minor Changes:

• hubble-relay: Return underlying connection errors when connecting to peer manager (Backport PR #​35778, Upstream PR #​35632, @​chancez)

Bugfixes:

• config: Remove superfluous warning on native routing CIDR (Backport PR #​35778, Upstream PR #​35738, @​gandro)
• Fix packet drops for pod-to-pod connections that pass through ingress & egress proxy when using IPsec, caused by MTU misconfiguration. (Backport PR #​35586, Upstream PR #​35173, @​smagnani96)
• Fix redirect from L3 device to remote endpoint via overlay network. (Backport PR #​35586, Upstream PR #​35165, @​julianwiedmann)
• Fixed bug which prevented IP surge allocation from working (Backport PR #​35419, Upstream PR #​34090, @​dlapcevic)
• ipam: Validate CiliumNode resource in ENI mode (Backport PR #​35793, Upstream PR #​35784, @​sayboras)
• l7lb: fix registration of flag loadbalancer-l7 (Backport PR #​35778, Upstream PR #​35623, @​mhofstetter)

CI Changes:

• .github/conformance-ginkgo: replace deprecated jq flag (Backport PR #​35469, Upstream PR #​35399, @​aanm)
• Additionally test KVStore mode in E2E/IPSec workflows (Backport PR #​35909, Upstream PR #​35679, @​giorio94)
• ci: conformance-kind: re-enable flaky Aggregator test (Backport PR #​35586, Upstream PR #​35286, @​julianwiedmann)
• gha: Correct number of connect retry param in LVH (Backport PR #​35778, Upstream PR #​32598, @​sayboras)
• gha: Update chmod command (Backport PR #​35469, Upstream PR #​35400, @​sayboras)
• Refactor and set a default for GH_RUNNER_EXTRA_POWER (Backport PR #​35320, Upstream PR #​35267, @​aanm)

Misc Changes:

• .github/build-images-base: checkout base branch to get scripts (Backport PR #​35320, Upstream PR #​35236, @​aanm)
• .github: remove retention days for image digests (Backport PR #​35469, Upstream PR #​35457, @​aanm)
• Accurately manage the teardown sequence of an Endpoint's BPF resources (Backport PR #​35786, Upstream PR #​32167, @​ti-mo)
• chore(deps): update all github action dependencies (v1.15) (#​35387, @​cilium-renovate[bot])
• chore(deps): update all github action dependencies (v1.15) (#​35444, @​cilium-renovate[bot])
• chore(deps): update all github action dependencies (v1.15) (#​35576, @​cilium-renovate[bot])
• chore(deps): update all github action dependencies (v1.15) (#​35711, @​cilium-renovate[bot])
• chore(deps): update all-dependencies (v1.15) (#​35442, @​cilium-renovate[bot])
• chore(deps): update all-dependencies (v1.15) (#​35663, @​cilium-renovate[bot])
• chore(deps): update all-dependencies (v1.15) (#​35914, @​cilium-renovate[bot])
• chore(deps): update dependency cilium/hubble to v1.16.3 (v1.15) (#​35664, @​cilium-renovate[bot])
• chore(deps): update docker.io/library/golang:1.22.8 docker digest to 0ca97f4 (v1.15) (#​35443, @​cilium-renovate[bot])
• chore(deps): update docker.io/library/golang:1.22.8 docker digest to b274ff1 (v1.15) (#​35383, @​cilium-renovate[bot])
• chore(deps): update go to v1.22.9 (v1.15) (#​35846, @​cilium-renovate[bot])
• chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.29.9-1729635771-fa4efeff33a344a45e14a4068c61dc438b3d2270 (v1.15) (#​35492, @​cilium-renovate[bot])
• chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.29.9-1729775735-a37f7d6081718666dab500533cfda5cecb4febf5 (v1.15) (#​35547, @​cilium-renovate[bot])
• chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.30.7-1730450803-0a83534f8c57b4d24405b213ed4b65e4e4987d8d (v1.15) (#​35715, @​cilium-renovate[bot])
• chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.30.7-1730965050-cd22d9ffa21eb4f214bf059bcc5d2f40f0c47882 (v1.15) (#​35836, @​cilium-renovate[bot])
• cilium: Small health cleanup improvements (Backport PR #​35639, Upstream PR #​33700, @​borkmann)
• dnsproxy: fix error when sessionUDPFactory fails (Backport PR #​35586, Upstream PR #​33998, @​marseel)
• docs: Change invalid Helm option --agent.enabled with --agent=false in upgrade documentation (Backport PR #​35320, Upstream PR #​35288, @​oneumyvakin)
• docs: tuning: XDP LB also supports tunnel routing (Backport PR #​35586, Upstream PR #​35574, @​julianwiedmann)
• Envoy simplify listener setup (Backport PR #​35766, Upstream PR #​35642, @​jrajahalme)
• envoy: Configure internal_address_config to avoid warning log (Backport PR #​35472, Upstream PR #​35090, @​sayboras)
• fqdn: Skip "open ports" check for statically configured ports (Backport PR #​35948, Upstream PR #​33230, @​gandro)
• image: Use cilium-builder instead of golang as operator builder image (Backport PR #​35586, Upstream PR #​35351, @​learnitall)
• ipam: lower loglevel from error to warn if eni link list can't be listed (Backport PR #​35469, Upstream PR #​32602, @​mhofstetter)
• makefile: add target to install Cilium in kvstore mode (Backport PR #​35909, Upstream PR #​35646, @​giorio94)
• Makefile: Refactor hubble-relay target (Backport PR #​35320, Upstream PR #​29867, @​chancez)
• Proxy persist proxy ports (Backport PR #​35684, Upstream PR #​32973, @​jrajahalme)
• proxy: Ensure proxy ports are written on shutdown (Backport PR #​35939, Upstream PR #​35839, @​jrajahalme)

Other Changes:

• [v1.15] tests-e2e-upgrade: No longer use secondary network for test 14 (#​35969, @​gandro)
• [v1.15] .github: Fix missing variable escaping in LVH command (#​35893, @​gandro)
• [v1.15] envoy: Bump envoy version from 1.29.x to 1.30.x (#​35564, @​sayboras)
• install: Update image digests for v1.15.10 (#​35360, @​cilium-release-bot[bot])

Docker Manifests

cilium

quay.io/cilium/cilium:v1.15.11@​sha256:4444c963c586dd29c9219f4f984b87b7d6f7ee5c0ce650b442111a6ab602b00f

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.15.11@​sha256:62a4aa3467fa94de65cc01bbbac97484edeee14f7510af7e096b51ab79a6ff71

docker-plugin

quay.io/cilium/docker-plugin:v1.15.11@​sha256:3a9c057f13d9447732ac12373286d23acab5024ce39ce9797ce3b05df43a53ff

hubble-relay

quay.io/cilium/hubble-relay:v1.15.11@​sha256:d352d3860707e8d734a0b185ff69e30b3ffd630a7ec06ba6a4402bed64b4456c

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.15.11@​sha256:62d67aafbfdc9faa4af1c7a1cae39ae61cf151da414670d317c7e2d60820b3de

operator-aws

quay.io/cilium/operator-aws:v1.15.11@​sha256:88088886ab884441c190211d25cae9056f2f4a26e9dcb857c020324062831ab6

operator-azure

quay.io/cilium/operator-azure:v1.15.11@​sha256:b80f4239af8617fa5ea131cedf5c2d3e3375b91916f69e348993a535f7c1fbc3

operator-generic

quay.io/cilium/operator-generic:v1.15.11@​sha256:8edf16ce4bc5c02457136cf0e7a58adf396f0880d6192ca0666f116f53f4979d

operator

quay.io/cilium/operator:v1.15.11@​sha256:945b54e27f3216e35e30b66d653de0517426e14a4e9200fd10cb73f5852e1b4a

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.