Releases: containernetworking/plugins
Releases · containernetworking/plugins
CNI plugins v1.9.0
What's Changed
This release fixes CVE-2025-67499, a bug in the nftables backend for the portmap plugin that can cause traffic to be unexpectedly intercepted.
Bugs
Other changes
- Fix file exists errro in dummy cni by @liuyuan10 in #1205
- Ignore settling with down state since it would never settle by @bn222 in #1207
Full Changelog: v1.8.0...v1.9.0
Contributors
champtar, liuyuan10, and bn222
Assets 26
- 52.8 MB
2025-12-09T10:49:23Z - 101 Bytes
2025-12-09T10:49:23Z - 165 Bytes
2025-12-09T10:49:22Z - 49.3 MB
2025-12-09T10:49:23Z - 99 Bytes
2025-12-09T10:49:23Z - 163 Bytes
2025-12-09T10:49:22Z - 48.9 MB
2025-12-09T10:49:25Z - 101 Bytes
2025-12-09T10:49:24Z - 165 Bytes
2025-12-09T10:49:24Z - 47.8 MB
2025-12-09T10:49:25Z -
2025-11-13T11:10:49Z -
2025-11-13T11:10:49Z - Loading
CNI plugins v1.8.0
The Bridge CNI plugin has removed limitations on VLAN trunk implementation. This aligns with recommended access and trunk port configurations, ensuring proper VLAN isolation and enhanced usability.
What's Changed
- Allow vlan parameter to set native vlan on trunk ports by @mlguerrero12 in #1180
- Set default value of PreserveDefaultVlan to False by @mlguerrero12 in #1181
- remove duplicate route.Table and route.Scope assignments by @runsisi in #1192
- Set value of gw to nil for opt121 routes in DHCP by @omartin2010 in #1187
New Contributors
- @runsisi made their first contribution in #1192
- @omartin2010 made their first contribution in #1187
Full Changelog: v1.7.0...v1.8.0
Contributors
runsisi, omartin2010, and mlguerrero12
Assets 26
CNI plugins v1.7.1
What's Changed
(Administrative note: the GitHub release v1.7.0 somehow got split in to two immutable releases. v1.7.1 is a re-release that corrects the issue. Apologies for the trouble).
New features / options
- bridge: Add option to enable port isolation by @ormergi in #1141
- Add a new firewall ingress-policy "isolated" by @swagatbora90 in #1140
Other improvements
- host-device: Return interface name in result by @sriramy in #1147
- Add retries for netlink calls that may return a EINTR by @adrianmoisey in #1154
- Enable KeepAddrOnDown for ipv6 addresses by @mlguerrero12 in #1155
- Implement exponential backoff in vrf plugin by @mlguerrero12 in #1156
Bug fixes
- DHCP lease maintenance should terminate when interface no longer exists. by @dougbtv in #1143
- Fix addresses and routes reinserted to the VRF by @mlguerrero12 in #1151
- Check error returned by ipv6 SettleAddresses by @mlguerrero12 in #1168
New Contributors
- @sriramy made their first contribution in #1147
- @swagatbora90 made their first contribution in #1140
- @dougbtv made their first contribution in #1143
- @adrianmoisey made their first contribution in #1154
Full Changelog: v1.6.2...v1.7.1
Contributors
adrianmoisey, dougbtv, and 4 other contributors
Assets 26
v1.7.0: build(deps): bump github.com/onsi/gomega in the golang group
Bumps the golang group with 1 update: [github.com/onsi/gomega](https://github.com/onsi/gomega). Updates `github.com/onsi/gomega` from 1.36.3 to 1.37.0 - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.36.3...v1.37.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-version: 1.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang ... Signed-off-by: dependabot[bot] <[email protected]>
v1.7.0: build(deps): bump github.com/onsi/gomega in the golang group
Bumps the golang group with 1 update: [github.com/onsi/gomega](https://github.com/onsi/gomega). Updates `github.com/onsi/gomega` from 1.36.3 to 1.37.0 - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.36.3...v1.37.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-version: 1.37.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang ... Signed-off-by: dependabot[bot] <[email protected]>
v1.6.2
(administrative note: release v1.6.1 was somehow double-created in GitHub; v1.6.2 is identical but fixes the duplication.)
What's Changed
- portmap: fix nftables backend by @champtar in #1116
- ipmasq: fix nftables backend by @champtar in #1120
- portmap: fix iptables conditions detection by @champtar in #1117
Full Changelog: v1.6.0...v1.6.2
Contributors
champtar
Assets 26
v1.6.1: portmap: fix iptables conditions detection
As show in the docs, iptables conditions can also start with '!' Fixes 01a94e17c77e6ff8e5019e15c42d8d92cf87194f Signed-off-by: Etienne Champetier <[email protected]>
CNI plugins v1.6.0
This is the v1.6.0 release of the CNI community plugins.
Changelog
Important
- revert htb changes due to ongoing issues and missing maintainer by @h0nIg in #1105. This reverts the (undocumented) feature added in v1.5 where traffic from a specific CIDR would be exempted from bandwidth shaping. Unfortunately the implementation was lacking. We hope to re-add this feature in the future.
New features
- nftables support for ipmasq and portmap by @danwinship in #935
- dhcp: Add priority option to dhcp. by @lisongmin in #1091
CNI v1.1 support
- Use of Scope for routes in IPAM by @LionelJouin in #1087
- Pass status along ipam update by @LionelJouin in #1082
Other improvements
- macvlan: add bcqueuelen setting by @champtar in #1074
- SBR: option to pass the table id by @LionelJouin in #1088
- host-device: use temp network namespace for rename by @champtar in #1073
Fixes
- Fix unnecessary retrying when the link is down in dhcp by @lisongmin in #1076
- Fix inadvertent txqueuelen being set to zero by @gudmundur in #1100
- VRF: Wait for the local/host routes to be added by @LionelJouin in #1104
- fix(dhcp): can not renew an ip address by @lisongmin in #1092
Misc / CI
- Change chown to change current dir as well by @s1061123 in #1058
- ci, go.mod: bump to go 1.23 by @squeed in #1094
- Ignore link-local routes in SBR tests by @LionelJouin in #1102
New Contributors
- @lisongmin made their first contribution in #1076
- @LionelJouin made their first contribution in #1088
- @gudmundur made their first contribution in #1100
- @h0nIg made their first contribution in #1105
Full Changelog: v1.5.1...v1.6.0
Contributors
gudmundur, danwinship, and 6 other contributors
Assets 26
v1.5.1
What's Changed
Full Changelog: v1.5.0...v1.5.1
Contributors
s1061123
Assets 26
CNI Plugins v1.5.0
What's Changed
New Features:
- Support DeviceID on Auxiliary Bus by @adrianchiris in #1003
- Dev/exclude subnets from traffic shaping by @oOraph in #921
Fixes:
- Fix release script in github action by @s1061123 in #1037.
- Use temporary name for netdevice when moving in/out of NS by @adrianchiris in #1002
New Contributors
- @oOraph made their first contribution in #921
- @samuelkarp made their first contribution in #1029
- @testwill made their first contribution in #1034
Full Changelog: v1.4.1...v1.5.0
Contributors
s1061123, samuelkarp, and 3 other contributors