build(deps): bump github.com/cilium/cilium from 1.18.4 to 1.18.8 by dependabot[bot] · Pull Request #67 · encodeous/nylon

dependabot · 2026-03-26T16:52:04Z

Bumps github.com/cilium/cilium from 1.18.4 to 1.18.8.

Release notes

Sourced from github.com/cilium/cilium's releases.

1.18.8

Known issues

Users who deploy Cilium on GKE should skip this version or upgrade to 1.19.2 due to a known regression.

Summary of Changes

Minor Changes:

Allow to attach Cilium's XDP program on network interfaces that have jumbo MTU configured and support xdp.frags program type. (Backport PR cilium/cilium#44499, Upstream PR cilium/cilium#41967, @viktor-kurchenko)

Bugfixes:

bpf: nodeport: use hairpin redirect for L7 LB on bridge devices (Backport PR cilium/cilium#44758, Upstream PR cilium/cilium#44658, @smagnani96)

cilium-dbg: fix seg-fault ip get -l reserved:host (Backport PR cilium/cilium#44519, Upstream PR cilium/cilium#44443, @aanm)

Enable Cilium upgrade and downgrade when existing XDP attach types differ from new XDP programs (Backport PR cilium/cilium#44499, Upstream PR cilium/cilium#44209, @dylandreimerink)

Fix a bug where node IPv6 updates and deletes were not correctly propagated to the Linux kernel neighbor subsystem. (Backport PR cilium/cilium#44592, Upstream PR cilium/cilium#44540, @tklauser)

Fix a bug where removed addresses from EndpointSlices might be missed if multiple EndpointSlices share the same name (Backport PR cilium/cilium#44021, Upstream PR cilium/cilium#43999, @EmilyShepherd)

Fix envoy admin socket being created as world-accessible (Backport PR cilium/cilium#44592, Upstream PR cilium/cilium#44512, @0xch4z)

Fixed an issue where wildcard FQDN network policy identities were not correctly pushed to Envoy when using SNI-based policies. (Backport PR cilium/cilium#44519, Upstream PR cilium/cilium#44462, @liyihuang)

Fixed VTEP ARP responses returning 00:00:00:00:00:00 MAC due to interface MAC missing from eBPF Overlay configuration. (Backport PR cilium/cilium#44700, Upstream PR cilium/cilium#44513, @akos011221)

gateway-api: Fix hostname intersection bug that was preventing cert-manager challenges from working correctly. (Backport PR cilium/cilium#44519, Upstream PR cilium/cilium#44492, @youngnick)

l7lb: fix bypassing ingress policies for local backends (Backport PR cilium/cilium#44804, Upstream PR cilium/cilium#44693, @smagnani96)

loadbalancer/healthserver: refresh ProxyRedirect per request (Backport PR cilium/cilium#44399, Upstream PR cilium/cilium#44286, @mhofstetter)

CI Changes:

gh: e2e-upgrade: don't hardcode IPsec encryption algorithm (Backport PR cilium/cilium#44519, Upstream PR cilium/cilium#44381, @julianwiedmann)

Misc Changes:

cilium/cilium#44372@cilium-renovate[bot])

cilium/cilium#44480@cilium-renovate[bot])

cilium/cilium#44579@cilium-renovate[bot])

cilium/cilium#44681@cilium-renovate[bot])

cilium/cilium#44791@cilium-renovate[bot])

cilium/cilium#44369@cilium-renovate[bot])

cilium/cilium#44580@cilium-renovate[bot])

cilium/cilium#44678@cilium-renovate[bot])

cilium/cilium#44810@cilium-renovate[bot])

cilium/cilium#44344@cilium-renovate[bot])

cilium/cilium#44401@cilium-renovate[bot])

cilium/cilium#44577@cilium-renovate[bot])

cilium/cilium#44679@cilium-renovate[bot])

cilium/cilium#44476@cilium-renovate[bot])

cilium/cilium#44797@cilium-renovate[bot])

cilium/cilium#44575@cilium-renovate[bot])

cilium/cilium#44370@cilium-renovate[bot])

cilium/cilium#44680@cilium-renovate[bot])

cilium/cilium#44371@cilium-renovate[bot])

cilium/cilium#44478@cilium-renovate[bot])

cilium/cilium#44676@cilium-renovate[bot])

... (truncated)

Changelog

Sourced from github.com/cilium/cilium's changelog.

v1.18.8

Summary of Changes

Minor Changes:

Allow to attach Cilium's XDP program on network interfaces that have jumbo MTU configured and support xdp.frags program type. (Backport PR cilium/cilium#44499, Upstream PR cilium/cilium#41967, @viktor-kurchenko)

Bugfixes:

bpf: nodeport: use hairpin redirect for L7 LB on bridge devices (Backport PR cilium/cilium#44758, Upstream PR cilium/cilium#44658, @smagnani96)

cilium-dbg: fix seg-fault ip get -l reserved:host (Backport PR cilium/cilium#44519, Upstream PR cilium/cilium#44443, @aanm)

Enable Cilium upgrade and downgrade when existing XDP attach types differ from new XDP programs (Backport PR cilium/cilium#44499, Upstream PR cilium/cilium#44209, @dylandreimerink)

Fix a bug where node IPv6 updates and deletes were not correctly propagated to the Linux kernel neighbor subsystem. (Backport PR cilium/cilium#44592, Upstream PR cilium/cilium#44540, @tklauser)

Fix a bug where removed addresses from EndpointSlices might be missed if multiple EndpointSlices share the same name (Backport PR cilium/cilium#44021, Upstream PR cilium/cilium#43999, @EmilyShepherd)

Fix envoy admin socket being created as world-accessible (Backport PR cilium/cilium#44592, Upstream PR cilium/cilium#44512, @0xch4z)

Fixed an issue where wildcard FQDN network policy identities were not correctly pushed to Envoy when using SNI-based policies. (Backport PR cilium/cilium#44519, Upstream PR cilium/cilium#44462, @liyihuang)

Fixed VTEP ARP responses returning 00:00:00:00:00:00 MAC due to interface MAC missing from eBPF Overlay configuration. (Backport PR cilium/cilium#44700, Upstream PR cilium/cilium#44513, @akos011221)

gateway-api: Fix hostname intersection bug that was preventing cert-manager challenges from working correctly. (Backport PR cilium/cilium#44519, Upstream PR cilium/cilium#44492, @youngnick)

l7lb: fix bypassing ingress policies for local backends (Backport PR cilium/cilium#44804, Upstream PR cilium/cilium#44693, @smagnani96)

loadbalancer/healthserver: refresh ProxyRedirect per request (Backport PR cilium/cilium#44399, Upstream PR cilium/cilium#44286, @mhofstetter)

CI Changes:

gh: e2e-upgrade: don't hardcode IPsec encryption algorithm (Backport PR cilium/cilium#44519, Upstream PR cilium/cilium#44381, @julianwiedmann)

Misc Changes:

cilium/cilium#44372@cilium-renovate[bot])

cilium/cilium#44480@cilium-renovate[bot])

cilium/cilium#44579@cilium-renovate[bot])

cilium/cilium#44681@cilium-renovate[bot])

cilium/cilium#44791@cilium-renovate[bot])

cilium/cilium#44369@cilium-renovate[bot])

cilium/cilium#44580@cilium-renovate[bot])

cilium/cilium#44678@cilium-renovate[bot])

cilium/cilium#44810@cilium-renovate[bot])

cilium/cilium#44344@cilium-renovate[bot])

cilium/cilium#44401@cilium-renovate[bot])

cilium/cilium#44577@cilium-renovate[bot])

cilium/cilium#44679@cilium-renovate[bot])

cilium/cilium#44476@cilium-renovate[bot])

cilium/cilium#44797@cilium-renovate[bot])

cilium/cilium#44575@cilium-renovate[bot])

cilium/cilium#44370@cilium-renovate[bot])

cilium/cilium#44680@cilium-renovate[bot])

cilium/cilium#44371@cilium-renovate[bot])

cilium/cilium#44478@cilium-renovate[bot])

cilium/cilium#44676@cilium-renovate[bot])

cilium/cilium#44789@cilium-renovate[bot])

cilium/cilium#44807@cilium-renovate[bot])

cilium/cilium#44252@cilium-renovate[bot])

cilium/cilium#44479@cilium-renovate[bot])

... (truncated)

Commits

7d6f03e Prepare for release v1.18.8
e7bcefb datapath: add missing interface MAC configuration for BPFOverlay config
6b16cd2 images: update cilium-{runtime,builder}
f58c44f chore(deps): update base-images to v1.25.8
5194a75 chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.35.9-1773656...
d77647a l7lb: fix bypassing ingress policies for local backends
650c5c6 bpf: l7lb: add tests for local backend with per-endpoint routes disabled
94c69f0 bpf: tests: rename l7_lb_hairpin.c to l7_lb_hairpin_netdev.c
063c022 chore(deps): update gcr.io/distroless/static:nonroot docker digest to e3f9456
1fbd4ef chore(deps): update stable lvh-images
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [github.com/cilium/cilium](https://github.com/cilium/cilium) from 1.18.4 to 1.18.8. - [Release notes](https://github.com/cilium/cilium/releases) - [Changelog](https://github.com/cilium/cilium/blob/1.18.8/CHANGELOG.md) - [Commits](cilium/cilium@1.18.4...1.18.8) --- updated-dependencies: - dependency-name: github.com/cilium/cilium dependency-version: 1.18.8 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Mar 26, 2026

dependabot bot mentioned this pull request Mar 26, 2026

build(deps): bump github.com/cilium/cilium from 1.18.4 to 1.18.5 #64

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump github.com/cilium/cilium from 1.18.4 to 1.18.8#67

build(deps): bump github.com/cilium/cilium from 1.18.4 to 1.18.8#67
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/github.com/cilium/cilium-1.18.8

dependabot bot commented on behalf of github Mar 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 26, 2026

1.18.8

Known issues

Summary of Changes

v1.18.8

Summary of Changes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants