RATATOSKRATATOSK
Sign in

Cilium

v1.18.10Networking & Messaging
May 14, 2026

Cilium v1.18.10 is a stability-focused patch release fixing agent crashes, IPsec panics, Cluster Mesh backend gaps, and a data race in IPAM — all backported from upstream.

  • breakingUpgrade encrypted clusters to fix IPsec panic risk

    A panic in parseSPI on malformed IPsec input could crash the agent on nodes running encrypted traffic. If you use IPsec encryption, treat this as a priority upgrade — a malformed packet or misconfigured peer can take down the agent process entirely.

  • securitymoby/spdystream and x/net security updates are included

    This release pulls in a security fix for github.com/moby/spdystream and bumps x/net to v0.53. Both are network-layer dependencies. If your policy or threat model tracks transitive dependency CVEs, this patch justifies the upgrade on its own.

  • enhancementCluster Mesh users with shared target ports should upgrade

    The missing global service backends bug silently dropped backends from services where multiple ports mapped to the same target port. Traffic would route correctly within a single cluster but fail cross-cluster. Upgrade and verify affected services post-rollout using hubble observe or service endpoint inspection.

Key changes (5)

  • Agent no longer crashes fatally on transient network errors during CiliumNode updates — it retries instead
  • IPsec panic on malformed SPI input fixed, preventing node-level disruption in encrypted clusters
  • Cluster Mesh now correctly propagates global service backends when multiple ports share the same target port
  • CiliumLocalRedirectPolicy no longer hijacks an existing Service frontend before its backend pods are Ready
  • Data race in MultiPoolManager IPAM node updates resolved; x/net bumped to v0.53 for security