tigera · ctauchen · Jan 12, 2026 · Jan 8, 2026 · Copilot · Jan 8, 2026
@@ -204,6 +204,7 @@ We've also added more feedback into the UI to keep you informed on the progress
   This occurs because some Calico images are missing the required nftables binaries and incorrectly rely on legacy iptables modules that have been removed from newer operating systems.
   As a workaround, ensure your host platform has legacy iptables kernel modules installed and loaded until a full fix is delivered in an upcoming patch release.
 * Kibana attempts external API calls that are blocked by network policies related to Elastic Fleet. Errors will show in the logs. There is no further impact.
+* Felix panics when WAF/L7 features are enabled in eBPF mode.
-* Felix panics when WAF/L7 features are enabled in eBPF mode.
+* Felix can panic on nodes that run the eBPF data plane when WAF or other L7 features (such as L7 logging) are enabled.
+  This causes Felix to restart on the affected nodes, which can delay or temporarily interrupt the programming of network policy and dataplane state.
+  As a workaround until a fix is available, avoid enabling WAF/L7 features on clusters using the eBPF data plane, or disable those features on affected nodes and use non-L7 policies only.
-* Felix panics when WAF/L7 features are enabled in eBPF mode.
+* Felix can panic on nodes that run the eBPF data plane when WAF or other L7 features (such as L7 logging) are enabled.
+  This causes Felix to restart on the affected nodes, which can delay or temporarily interrupt the programming of network policy and dataplane state.
+  As a workaround until a fix is available, avoid enabling WAF/L7 features on clusters using the eBPF data plane, or disable those features on affected nodes and use non-L7 policies only.
 
 #### Upgrading
 To update an existing installation of Calico Enterprise 3.22, see [Install a patch release](../getting-started/manifest-archive.mdx).