Affected by GO-2024-3290
and 6 other vulnerabilities
GO-2024-3290: Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in github.com/cilium/cilium
GO-2025-3415: DoS in Cilium agent DNS proxy from crafted DNS responses in github.com/cilium/cilium
GO-2025-3416: Cilium has an information leakage via insecure default Hubble UI CORS header in github.com/cilium/cilium
GO-2025-3560: Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers in github.com/cilium/cilium
GO-2025-3561: Cilium node based network policies may incorrectly allow workload traffic in github.com/cilium/cilium
GO-2025-3635: In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters in github.com/cilium/cilium
GO-2025-4167: Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic in Ciliumgithub.com/cilium/cilium
MatchAllAnchoredPattern is the simplest pattern that match all inputs. This resulting
parsed regular expression is the same as an empty string regex (""), but this
value is easier to reason about when serializing to and from json.
MatchAllUnAnchoredPattern is the same as MatchAllAnchoredPattern, except that
it can be or-ed (joined with "|") with other rules, and still match all rules.
ToAnchoredRegexp converts a MatchPattern field into a regexp string. It does not
validate the pattern. It also adds anchors to ensure it match the whole string.
It supports:
* to select 0 or more DNS valid characters
ToUnAnchoredRegexp converts a MatchPattern field into a regexp string. It does not
validate the pattern. It does not add regexp anchors.
It supports:
* to select 0 or more DNS valid characters
Affected by 
Documentation
¶
Source Files