From 1a411b40732e0b74780f1e8e934899b90616f1ed Mon Sep 17 00:00:00 2001 From: Christopher Tauchen Date: Tue, 5 May 2026 16:36:11 +0100 Subject: [PATCH 1/7] Prepare for release CE 3.21.7 Co-Authored-By: Claude Opus 4.7 (1M context) --- .../version-3.21-2/release-notes/index.mdx | 10 + .../version-3.21-2/releases.json | 261 ++++++++++++++++++ .../version-3.21-2/variables.js | 6 +- 3 files changed, 274 insertions(+), 3 deletions(-) diff --git a/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx b/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx index 32499b8345..03867905b2 100644 --- a/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx +++ b/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx @@ -216,3 +216,13 @@ February 6, 2025 To update an existing installation of Calico Enterprise 3.21, see [Install a patch release](../getting-started/manifest-archive.mdx). +### Calico Enterprise 3.21.7 bug fix release + +May 5, 2026 + +#### Bug fixes + +* TBD + +To update an existing installation of Calico Enterprise 3.21, see [Install a patch release](../getting-started/manifest-archive.mdx). + diff --git a/calico-enterprise_versioned_docs/version-3.21-2/releases.json b/calico-enterprise_versioned_docs/version-3.21-2/releases.json index ae04eb8b8b..77c7160a17 100644 --- a/calico-enterprise_versioned_docs/version-3.21-2/releases.json +++ b/calico-enterprise_versioned_docs/version-3.21-2/releases.json @@ -1,4 +1,265 @@ [ + { + "title": "v3.21.7", + "tigera-operator": { + "version": "v1.38.12", + "image": "tigera/operator", + "registry": "quay.io" + }, + "calico": { + "minor_version": "v3.30", + "archive_path": "archive" + }, + "components": { + "alertmanager": { + "version": "v3.21.7", + "image": "tigera/alertmanager" + }, + "calicoctl": { + "version": "v3.21.7", + "image": "tigera/calicoctl" + }, + "calicoq": { + "version": "v3.21.7", + "image": "tigera/calicoq" + }, + "cnx-apiserver": { + "version": "v3.21.7", + "image": "tigera/cnx-apiserver" + }, + "cnx-kube-controllers": { + "version": "v3.21.7", + "image": "tigera/kube-controllers" + }, + "cnx-manager": { + "version": "v3.21.7", + "image": "tigera/cnx-manager" + }, + "cnx-node": { + "version": "v3.21.7", + "image": "tigera/cnx-node" + }, + "cnx-node-windows": { + "version": "v3.21.7", + "image": "tigera/cnx-node-windows" + }, + "cnx-queryserver": { + "version": "v3.21.7", + "image": "tigera/cnx-queryserver" + }, + "compliance-benchmarker": { + "version": "v3.21.7", + "image": "tigera/compliance-benchmarker" + }, + "compliance-controller": { + "version": "v3.21.7", + "image": "tigera/compliance-controller" + }, + "compliance-reporter": { + "version": "v3.21.7", + "image": "tigera/compliance-reporter" + }, + "compliance-server": { + "version": "v3.21.7", + "image": "tigera/compliance-server" + }, + "compliance-snapshotter": { + "version": "v3.21.7", + "image": "tigera/compliance-snapshotter" + }, + "coreos-alertmanager": { + "version": "v0.28.1" + }, + "coreos-config-reloader": { + "version": "v0.76.2" + }, + "coreos-dex": { + "version": "v2.41.1" + }, + "coreos-fluentd": { + "version": "1.18.0" + }, + "coreos-prometheus": { + "version": "v2.55.1" + }, + "coreos-prometheus-operator": { + "version": "v0.76.2" + }, + "csi": { + "version": "v3.21.7", + "image": "tigera/csi" + }, + "csi-node-driver-registrar": { + "version": "v3.21.7", + "image": "tigera/node-driver-registrar" + }, + "deep-packet-inspection": { + "version": "v3.21.7", + "image": "tigera/deep-packet-inspection" + }, + "dex": { + "version": "v3.21.7", + "image": "tigera/dex" + }, + "dikastes": { + "version": "v3.21.7", + "image": "tigera/dikastes" + }, + "eck-elasticsearch": { + "version": "8.18.8" + }, + "eck-elasticsearch-operator": { + "version": "2.16.0" + }, + "eck-kibana": { + "version": "8.18.8" + }, + "egress-gateway": { + "version": "v3.21.7", + "image": "tigera/egress-gateway" + }, + "elastic-tsee-installer": { + "version": "v3.21.7", + "image": "tigera/intrusion-detection-job-installer" + }, + "elasticsearch": { + "version": "v3.21.7", + "image": "tigera/elasticsearch" + }, + "elasticsearch-metrics": { + "version": "v3.21.7", + "image": "tigera/elasticsearch-metrics" + }, + "elasticsearch-operator": { + "version": "v3.21.7", + "image": "tigera/eck-operator" + }, + "envoy": { + "version": "v3.21.7", + "image": "tigera/envoy" + }, + "envoy-init": { + "version": "v3.21.7", + "image": "tigera/envoy-init" + }, + "es-gateway": { + "version": "v3.21.7", + "image": "tigera/es-gateway" + }, + "firewall-integration": { + "version": "v3.21.7", + "image": "tigera/firewall-integration" + }, + "flexvol": { + "version": "v3.21.7", + "image": "tigera/pod2daemon-flexvol" + }, + "fluentd": { + "version": "v3.21.7", + "image": "tigera/fluentd" + }, + "fluentd-windows": { + "version": "v3.21.7", + "image": "tigera/fluentd-windows" + }, + "gateway-api-envoy-gateway": { + "version": "v3.21.7", + "image": "tigera/envoy-gateway" + }, + "gateway-api-envoy-proxy": { + "version": "v3.21.7", + "image": "tigera/envoy-proxy" + }, + "gateway-api-envoy-ratelimit": { + "version": "v3.21.7", + "image": "tigera/envoy-ratelimit" + }, + "guardian": { + "version": "v3.21.7", + "image": "tigera/guardian" + }, + "ingress-collector": { + "version": "v3.21.7", + "image": "tigera/ingress-collector" + }, + "intrusion-detection-controller": { + "version": "v3.21.7", + "image": "tigera/intrusion-detection-controller" + }, + "key-cert-provisioner": { + "version": "v3.21.7", + "image": "tigera/key-cert-provisioner" + }, + "kibana": { + "version": "v3.21.7", + "image": "tigera/kibana" + }, + "l7-admission-controller": { + "version": "v3.21.7", + "image": "tigera/l7-admission-controller" + }, + "l7-collector": { + "version": "v3.21.7", + "image": "tigera/l7-collector" + }, + "license-agent": { + "version": "v3.21.7", + "image": "tigera/license-agent" + }, + "linseed": { + "version": "v3.21.7", + "image": "tigera/linseed" + }, + "packetcapture": { + "version": "v3.21.7", + "image": "tigera/packetcapture" + }, + "policy-recommendation": { + "version": "v3.21.7", + "image": "tigera/policy-recommendation" + }, + "prometheus": { + "version": "v3.21.7", + "image": "tigera/prometheus" + }, + "prometheus-config-reloader": { + "version": "v3.21.7", + "image": "tigera/prometheus-config-reloader" + }, + "prometheus-operator": { + "version": "v3.21.7", + "image": "tigera/prometheus-operator" + }, + "tigera-cni": { + "version": "v3.21.7", + "image": "tigera/cni" + }, + "tigera-cni-windows": { + "version": "v3.21.7", + "image": "tigera/cni-windows" + }, + "tigera-prometheus-service": { + "version": "v3.21.7", + "image": "tigera/prometheus-service" + }, + "typha": { + "version": "v3.21.7", + "image": "tigera/typha" + }, + "ui-apis": { + "version": "v3.21.7", + "image": "tigera/ui-apis" + }, + "voltron": { + "version": "v3.21.7", + "image": "tigera/voltron" + }, + "webhooks-processor": { + "version": "v3.21.7", + "image": "tigera/webhooks-processor" + } + } + }, { "title": "v3.21.6", "tigera-operator": { diff --git a/calico-enterprise_versioned_docs/version-3.21-2/variables.js b/calico-enterprise_versioned_docs/version-3.21-2/variables.js index 517cee45ba..1fb06af958 100644 --- a/calico-enterprise_versioned_docs/version-3.21-2/variables.js +++ b/calico-enterprise_versioned_docs/version-3.21-2/variables.js @@ -2,13 +2,13 @@ const releases = require('./releases.json'); const componentImage = require('../../src/components/utils/componentImage'); const variables = { - releaseTitle: 'v3.21.6', + releaseTitle: 'v3.21.7', prodname: 'Calico Enterprise', prodnamedash: 'calico-enterprise', version: 'v3.21', openSourceVersion: releases[0].calico.minor_version.slice(1), baseUrl: '/calico-enterprise/3.21', - filesUrl: 'https://downloads.tigera.io/ee/v3.21.6', + filesUrl: 'https://downloads.tigera.io/ee/v3.21.7', rpmsUrl: 'https://downloads.tigera.io/ee/rpms/' + releases[0].title.slice(0, 5), tutorialFilesURL: 'https://docs.tigera.io/files', tmpScriptsURL: 'https://docs.tigera.io/calico-enterprise/3.21', @@ -20,7 +20,7 @@ const variables = { rootDirWindows: 'C:\\TigeraCalico', registry: 'quay.io/', envoyVersion: '1.3.2', - chart_version_name: 'v3.21.6-0', + chart_version_name: 'v3.21.7-0', tigeraOperator: releases[0]['tigera-operator'], dikastesVersion: releases[0].components.dikastes.version, releases, From 1525be1c84595e46991ef3a1732f9f06ee6b795e Mon Sep 17 00:00:00 2001 From: Rene Dekker Date: Tue, 12 May 2026 14:03:22 -0700 Subject: [PATCH 2/7] Draft 3.21.7 release notes Co-Authored-By: Claude Opus 4.7 (1M context) --- .../version-3.21-2/release-notes/index.mdx | 44 ++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx b/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx index 03867905b2..55820267da 100644 --- a/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx +++ b/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx @@ -220,9 +220,51 @@ To update an existing installation of Calico Enterprise 3.21, see [Install a pat May 5, 2026 +#### Enhancements + +* Display the `Degraded` condition's message when running `kubectl get tigerastatus`, making it easier to see error details at a glance without needing to describe the resource. + + ```console + $ kubectl get tigerastatus + NAME AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE + apiserver True False False 4m51s All objects available + calico False False True 106s Pod calico-system/calico-node-tjlnv failed to pull container image for: ebpf-bootstrap + intrusion-detection False False True 11m Error creating TLS certificate: secret tigera-operator/deep-packet-inspection-tls must specify ext key usages: ExtKeyUsageClientAuth, ExtKeyUsageServerAuth + log-storage-access False False True 11m Pod tigera-elasticsearch/tigera-linseed-58745b7574-p6zmx has crash looping container: tigera-linseed + manager True False False 6s All objects available; Warning: user provided certificate "manager-tls" expires in 21 days + ... + ``` + +* Surface certificate metadata (issuer, expiry, DNS SANs, IP SANs) as annotations and add filtering labels (`secret-type`, `signer`) on TLS secrets produced by `Secret()` and `CreateSelfSignedSecret()`. + + ```console + $ kubectl get secrets -n tigera-operator -l operator.tigera.io/signer \ + -o custom-columns='NAME:.metadata.name,EXPIRY:.metadata.annotations.operator\.tigera\.io/cert-expiry,SIGNER:.metadata.annotations.operator\.tigera\.io/cert-signer' + NAME EXPIRY SIGNER + calico-apiserver-certs 2028-05-28T23:56:09Z tigera-operator-signer + calico-kube-controllers-metrics-tls 2028-05-28T23:56:09Z tigera-operator-signer + calico-node-prometheus-client-tls 2028-05-29T18:28:09Z tigera-operator-signer + ... + ``` + +* Added a named "https" port on the calico-manager Service and, when the OpenShift IDP is configured, publish a tigera-ca-public Secret in calico-system so OpenShift's Ingress→Route conversion can produce a reencrypt Route fronting the manager. + #### Bug fixes -* TBD +* Fixed Kibana crashloop when upgrading from Calico Enterprise 3.20 or earlier to 3.21. The orphan `ingest_manager_settings` saved object left by Fleet 7.17 is now discarded during Kibana 8.x saved-object migration. +* ECK certificates are now rotated 30 days before expiry, just like all certificates that are managed by our operator. +* Deprecated the Installation.spec.nonPrivileged field. The Operator ignores this setting and will mark Calico as Degraded if it is set to Enabled. +* Fixed the rendering resource limits and requests for Egress Gateway. +* Added validation for the logstorage node count and replicas settings. +* Fixed flow logs not recording pass policies in transit_policies when all forward or pre-DNAT tiers pass without an explicit allow or deny verdict. Pass-only forward and pre-DNAT policies now appear in transit_policies on both iptables/nftables and BPF dataplanes. +* Fixed flow log aggregation to preserve distinct transit policy traces instead of overwriting them, ensuring accurate policy trace reporting at all aggregation levels. +* Fixed l7-admission-controller webhook returning an invalid response when a pod has the sidecar label but no feature annotations. +* Fixed an issue in the eBPF dataplane where link-local discovery packets were incorrectly dropped during strict reverse path forwarding (RPF) checks. +* Fixed eBPF dataplane to delete stale NAT conntrack entries from userspace. +* Fixed a panic in Felix's NetworkSet processor on invalid CIDRs. +* Fixed the LoadBalancer controller to prevent a nil pointer dereference in handleBlockUpdate. +* Multi-NIC support: fix the projectcalico.org/network label; strip the namespace prefix added by Multus in recent versions. The prefix was not documented in our docs and, due to using a / separator, it could fail validation when CNI plugin tried to read a multi-NIC endpoint after node reboot causing pods to fail to come back up after reboot. +* Security updates. To update an existing installation of Calico Enterprise 3.21, see [Install a patch release](../getting-started/manifest-archive.mdx). From fd99964d922c7277e04ce407daa2a99cecc247f9 Mon Sep 17 00:00:00 2001 From: Rene Dekker Date: Tue, 12 May 2026 14:06:59 -0700 Subject: [PATCH 3/7] Clarify transit_policies field reference in 3.21.7 release note Co-Authored-By: Claude Opus 4.7 (1M context) --- .../version-3.21-2/release-notes/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx b/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx index 55820267da..e1fcd93f51 100644 --- a/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx +++ b/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx @@ -256,7 +256,7 @@ May 5, 2026 * Deprecated the Installation.spec.nonPrivileged field. The Operator ignores this setting and will mark Calico as Degraded if it is set to Enabled. * Fixed the rendering resource limits and requests for Egress Gateway. * Added validation for the logstorage node count and replicas settings. -* Fixed flow logs not recording pass policies in transit_policies when all forward or pre-DNAT tiers pass without an explicit allow or deny verdict. Pass-only forward and pre-DNAT policies now appear in transit_policies on both iptables/nftables and BPF dataplanes. +* Fixed flow logs so the [`transit_policies` field](../observability/elastic/flow/datatypes.mdx) records pass-only forward and pre-DNAT host-endpoint policies even when all tiers pass without an explicit allow or deny verdict. Applies to iptables, nftables, and BPF dataplanes. * Fixed flow log aggregation to preserve distinct transit policy traces instead of overwriting them, ensuring accurate policy trace reporting at all aggregation levels. * Fixed l7-admission-controller webhook returning an invalid response when a pod has the sidecar label but no feature annotations. * Fixed an issue in the eBPF dataplane where link-local discovery packets were incorrectly dropped during strict reverse path forwarding (RPF) checks. From 8bfef79c6cfe25b2cf803c8de6d76b5ae66c8617 Mon Sep 17 00:00:00 2001 From: Rene Dekker Date: Tue, 12 May 2026 14:07:35 -0700 Subject: [PATCH 4/7] Backtick projectcalico.org/network label in 3.21.7 release note Co-Authored-By: Claude Opus 4.7 (1M context) --- .../version-3.21-2/release-notes/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx b/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx index e1fcd93f51..5903f8b058 100644 --- a/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx +++ b/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx @@ -263,7 +263,7 @@ May 5, 2026 * Fixed eBPF dataplane to delete stale NAT conntrack entries from userspace. * Fixed a panic in Felix's NetworkSet processor on invalid CIDRs. * Fixed the LoadBalancer controller to prevent a nil pointer dereference in handleBlockUpdate. -* Multi-NIC support: fix the projectcalico.org/network label; strip the namespace prefix added by Multus in recent versions. The prefix was not documented in our docs and, due to using a / separator, it could fail validation when CNI plugin tried to read a multi-NIC endpoint after node reboot causing pods to fail to come back up after reboot. +* Multi-NIC support: fix the `projectcalico.org/network` label; strip the namespace prefix added by Multus in recent versions. The prefix was not documented in our docs and, due to using a / separator, it could fail validation when CNI plugin tried to read a multi-NIC endpoint after node reboot causing pods to fail to come back up after reboot. * Security updates. To update an existing installation of Calico Enterprise 3.21, see [Install a patch release](../getting-started/manifest-archive.mdx). From 31090886c9cae0251b3a0ee068ea798e8257d90b Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Tue, 12 May 2026 14:16:37 -0700 Subject: [PATCH 5/7] Minor tidy --- .../version-3.21-2/release-notes/index.mdx | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx b/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx index 5903f8b058..3ec05c32a8 100644 --- a/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx +++ b/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx @@ -247,22 +247,22 @@ May 5, 2026 ... ``` -* Added a named "https" port on the calico-manager Service and, when the OpenShift IDP is configured, publish a tigera-ca-public Secret in calico-system so OpenShift's Ingress→Route conversion can produce a reencrypt Route fronting the manager. +* Added a named "https" port on the calico-manager Service and, when the OpenShift IDP is configured, publish a `tigera-ca-public` Secret in the `calico-system` namespace so that OpenShift's Ingress→Route conversion can produce a reencrypt Route fronting the manager. #### Bug fixes * Fixed Kibana crashloop when upgrading from Calico Enterprise 3.20 or earlier to 3.21. The orphan `ingest_manager_settings` saved object left by Fleet 7.17 is now discarded during Kibana 8.x saved-object migration. * ECK certificates are now rotated 30 days before expiry, just like all certificates that are managed by our operator. -* Deprecated the Installation.spec.nonPrivileged field. The Operator ignores this setting and will mark Calico as Degraded if it is set to Enabled. +* Deprecated the `Installation.spec.nonPrivileged` field. The Operator ignores this setting and will mark Calico as Degraded if it is set to Enabled. * Fixed the rendering resource limits and requests for Egress Gateway. * Added validation for the logstorage node count and replicas settings. * Fixed flow logs so the [`transit_policies` field](../observability/elastic/flow/datatypes.mdx) records pass-only forward and pre-DNAT host-endpoint policies even when all tiers pass without an explicit allow or deny verdict. Applies to iptables, nftables, and BPF dataplanes. * Fixed flow log aggregation to preserve distinct transit policy traces instead of overwriting them, ensuring accurate policy trace reporting at all aggregation levels. * Fixed l7-admission-controller webhook returning an invalid response when a pod has the sidecar label but no feature annotations. * Fixed an issue in the eBPF dataplane where link-local discovery packets were incorrectly dropped during strict reverse path forwarding (RPF) checks. -* Fixed eBPF dataplane to delete stale NAT conntrack entries from userspace. -* Fixed a panic in Felix's NetworkSet processor on invalid CIDRs. -* Fixed the LoadBalancer controller to prevent a nil pointer dereference in handleBlockUpdate. +* Fixed eBPF dataplane not deleting stale NAT conntrack entries from userspace. +* Fixed a panic in Felix's `NetworkSet` processor on invalid CIDRs. +* Fixed the `LoadBalancer` controller to prevent a nil pointer dereference in handleBlockUpdate. * Multi-NIC support: fix the `projectcalico.org/network` label; strip the namespace prefix added by Multus in recent versions. The prefix was not documented in our docs and, due to using a / separator, it could fail validation when CNI plugin tried to read a multi-NIC endpoint after node reboot causing pods to fail to come back up after reboot. * Security updates. From ac508a6f8380825ce70d21044d9b24ff235c2bac Mon Sep 17 00:00:00 2001 From: Rene Dekker Date: Tue, 12 May 2026 14:17:30 -0700 Subject: [PATCH 6/7] Sync third-party versions in v3.21.7 entry to release-calient-v3.21 Picks up the operator, CoreOS, and ECK bumps that landed on release-calient-v3.21 after the v3.21.6 cut: - tigera-operator: v1.38.12 -> v1.38.14 - coreos-config-reloader: v0.76.2 -> v0.91.0 - coreos-fluentd: 1.18.0 -> 1.19.2 - coreos-prometheus-operator: v0.76.2 -> v0.91.0 - eck-elasticsearch: 8.18.8 -> 8.19.15 - eck-elasticsearch-operator: 2.16.0 -> 2.16.1 - eck-kibana: 8.18.8 -> 8.19.15 Co-Authored-By: Claude Opus 4.7 (1M context) --- .../version-3.21-2/releases.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/calico-enterprise_versioned_docs/version-3.21-2/releases.json b/calico-enterprise_versioned_docs/version-3.21-2/releases.json index 77c7160a17..7f56b2bc3d 100644 --- a/calico-enterprise_versioned_docs/version-3.21-2/releases.json +++ b/calico-enterprise_versioned_docs/version-3.21-2/releases.json @@ -2,7 +2,7 @@ { "title": "v3.21.7", "tigera-operator": { - "version": "v1.38.12", + "version": "v1.38.14", "image": "tigera/operator", "registry": "quay.io" }, @@ -71,19 +71,19 @@ "version": "v0.28.1" }, "coreos-config-reloader": { - "version": "v0.76.2" + "version": "v0.91.0" }, "coreos-dex": { "version": "v2.41.1" }, "coreos-fluentd": { - "version": "1.18.0" + "version": "1.19.2" }, "coreos-prometheus": { "version": "v2.55.1" }, "coreos-prometheus-operator": { - "version": "v0.76.2" + "version": "v0.91.0" }, "csi": { "version": "v3.21.7", @@ -106,13 +106,13 @@ "image": "tigera/dikastes" }, "eck-elasticsearch": { - "version": "8.18.8" + "version": "8.19.15" }, "eck-elasticsearch-operator": { - "version": "2.16.0" + "version": "2.16.1" }, "eck-kibana": { - "version": "8.18.8" + "version": "8.19.15" }, "egress-gateway": { "version": "v3.21.7", From 36936d659a6c38c0fe981cefa459dd6aa4926e4e Mon Sep 17 00:00:00 2001 From: Saba Date: Wed, 13 May 2026 08:33:03 -0700 Subject: [PATCH 7/7] Update 3.21.7 release date to May 13, 2026 --- .../version-3.21-2/release-notes/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx b/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx index 3ec05c32a8..820410d14e 100644 --- a/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx +++ b/calico-enterprise_versioned_docs/version-3.21-2/release-notes/index.mdx @@ -218,7 +218,7 @@ To update an existing installation of Calico Enterprise 3.21, see [Install a pat ### Calico Enterprise 3.21.7 bug fix release -May 5, 2026 +May 13, 2026 #### Enhancements