# 4.11.58 Created: 2024-02-05 14:09:12 +0000 UTC Image Digest: `sha256:60091111bfb629d995977e4a91f090a2306e5be609d3a2652f31280ce0eea1f3` Promoted from registry.ci.openshift.org/ocp/release:4.11.0-0.nightly-2024-02-04-144352 ## Changes from 4.11.22 ### Components * Kubernetes upgraded from 1.24.6 to 1.24.16 * Red Hat Enterprise Linux CoreOS upgraded from 411.86.202212072103-0 to 411.86.202402040351-0 ### Rebuilt images without code change * [agent-installer-node-agent](https://github.com/openshift/assisted-installer-agent) git [e74ffbf5](https://github.com/openshift/assisted-installer-agent/commit/e74ffbf509d382c42891884b90a8a9fb82922f5e) `sha256:bf4f4c0ef447f6d712d9d6de45b7e32531f6cd65cddd73ebbfbe4e737b5ae234` * [alibaba-cloud-controller-manager](https://github.com/openshift/cloud-provider-alibaba-cloud) git [0daf34f1](https://github.com/openshift/cloud-provider-alibaba-cloud/commit/0daf34f1c7f85d5f02f77684105d06d13e3d2c3f) `sha256:b7cd54187abcc6c519d2250e1ce3c8af5fabcd7d56f77f0f6a60ea82effa0bc4` * [alibaba-machine-controllers](https://github.com/openshift/cluster-api-provider-alibaba) git [41451089](https://github.com/openshift/cluster-api-provider-alibaba/commit/414510891904915fd490e5f2d3f5f53320998c98) `sha256:2ffdf882d1cca43273f9504a549ec1ef3add1b87d9138a5ceabbb93c1be581ca` * [cluster-autoscaler](https://github.com/openshift/kubernetes-autoscaler) git [bf6c1c32](https://github.com/openshift/kubernetes-autoscaler/commit/bf6c1c328ac39a367417e93c74fcbb3fe8628825) `sha256:66f8bdcdfb1fc4d9209d8d788366e730634974d1ea1385b84aa106274b04e7cf` * [cluster-update-keys](https://github.com/openshift/cluster-update-keys) git [289032fb](https://github.com/openshift/cluster-update-keys/commit/289032fb67e5e358f21808fab87350bcf5e5e85b) `sha256:ab5c74c74db9934d529ac37165c0c1203dddca7dc83caf487596f767a0f8a192` * [configmap-reloader](https://github.com/openshift/configmap-reload) git [b7c03bb0](https://github.com/openshift/configmap-reload/commit/b7c03bb081cb4389b6492f3a38c1405c2518f9e3) `sha256:d03c994169fa3e10f499ef49c12f670ea40e04adb47d34fd4dd23538f62ebdac` * [csi-driver-nfs](https://github.com/openshift/csi-driver-nfs) git [f144bb43](https://github.com/openshift/csi-driver-nfs/commit/f144bb436b5b13c5647983dcc4cb0bfcb730e25a) `sha256:e472dd54bcc52597090a6ff0d9ff3b5e3006749833475aa679e73172f324ee1c` * [egress-router-cni](https://github.com/openshift/egress-router-cni) git [fccaf1d9](https://github.com/openshift/egress-router-cni/commit/fccaf1d9818617b8e6349d49cf9d7bbd7443c1e1) `sha256:fdf9e7e5ec337a0190d60100f8dee8c5ac0e162c0c94864134aa8d8c0320f046` * [ironic-machine-os-downloader](https://github.com/openshift/ironic-rhcos-downloader) git [876128b5](https://github.com/openshift/ironic-rhcos-downloader/commit/876128b5ac733a244a3838b151b0a6df663937aa) `sha256:e29d14e943f2b7cddf5418f74a8d72271750e9acddb297b02ae83dd81ca92164` * [keepalived-ipfailover](https://github.com/openshift/images) git [f1330f6f](https://github.com/openshift/images/commit/f1330f6fb99d1056544bca67f30c098059ef3edf) `sha256:29d432ba9e1b45b137378e2b3b527a09ac959960818ab25a511ee9ac89ee4be0` * [kube-storage-version-migrator](https://github.com/openshift/kubernetes-kube-storage-version-migrator) git [596745ce](https://github.com/openshift/kubernetes-kube-storage-version-migrator/commit/596745cec38b8401d1d906bfb9d3d78fdaeabcde) `sha256:4d46b53dc7a9b715a84e00e9d1c9f6d574b983d4db2f46e694bfeefd461c0a2b` * [libvirt-machine-controllers](https://github.com/openshift/cluster-api-provider-libvirt) git [b6e14eab](https://github.com/openshift/cluster-api-provider-libvirt/commit/b6e14eabe93e25323cf32b7661edd0e7422b4e4b) `sha256:64436868904c9fc79b48da603f902a14a082a410cc2044a6795725ba774c17c9` * machine-os-content `sha256:398c7ed04694ccfa30305cd13d363fda824c0fcf9ad543d24e7e40f8954a3d61` * [machine-os-images](https://github.com/openshift/machine-os-images) git [b1580a29](https://github.com/openshift/machine-os-images/commit/b1580a29e6bc76598c2d408c0e27460bc6b638be) `sha256:2dc7d68363a16f24e4c7c3577633600f64361750d828fa70e503315516b99784` * [multus-route-override-cni](https://github.com/openshift/route-override-cni) git [523b7904](https://github.com/openshift/route-override-cni/commit/523b79044306b7590ad449d7eab06a233d687d86) `sha256:75d3b5e649edd5ca301865dfdabd774f6627fbc892fb81d5f95803cb0c395326` * [must-gather](https://github.com/openshift/must-gather) git [44f6adac](https://github.com/openshift/must-gather/commit/44f6adacb094952723f957d4d7d61043b6f2fe04) `sha256:3e820bcd457391e149b217af6b55cbaf3b6d6c5b42f18f5677bf280b2c438724` * [network-interface-bond-cni](https://github.com/openshift/bond-cni) git [b76a6770](https://github.com/openshift/bond-cni/commit/b76a677034edb66ddaf123cb79a2bb20a301f694) `sha256:cb5ba153b6402e1f0bc8b75738ce1e86f0c22baea4ca7b78d6910318f131bd72` * [network-tools](https://github.com/openshift/network-tools) git [4e87286c](https://github.com/openshift/network-tools/commit/4e87286cff4d645777cf2632a0671eed0d82270c) `sha256:f91e862bfae1a170046c33e0c569d917405943a2cb20f7a32148711bfe31d590` * [nutanix-machine-controllers](https://github.com/openshift/machine-api-provider-nutanix) git [a94eb77c](https://github.com/openshift/machine-api-provider-nutanix/commit/a94eb77c298d1420219d350df6a6c7bca575aac0) `sha256:1402cb503df184067ee499bbd0a8b8f7c25d3f42b79c3d524b2111b17da0b18d` * [oauth-apiserver](https://github.com/openshift/oauth-apiserver) git [c9c2dd15](https://github.com/openshift/oauth-apiserver/commit/c9c2dd15751d391a6a81ceee744db7b2d07a208b) `sha256:ce22a038bbe01f91d61197ef11958a66b451d6a04e6fee12312c687d9843c605` * [oauth-proxy](https://github.com/openshift/oauth-proxy) git [aad1b28f](https://github.com/openshift/oauth-proxy/commit/aad1b28fcf4b32d9ad592eee33e439bd575565a2) `sha256:eee8800965968a994aa2a4ee20081c308a497e1cdd49fda76c6ba7ae07a40435` * [oauth-server](https://github.com/openshift/oauth-server) git [8d80088e](https://github.com/openshift/oauth-server/commit/8d80088ebf859d717e470b47fed9f9014b9226a0) `sha256:c2bc6dbc4b8f3c95afdce3d7ccba9570c65beb676f9aedf24e6d201d244a3ed2` * [ovirt-csi-driver](https://github.com/openshift/ovirt-csi-driver) git [cd3370fb](https://github.com/openshift/ovirt-csi-driver/commit/cd3370fb298994289659a5a9c73262c007e8a836) `sha256:e07e979fe6a2c8b9e33a34d8a05e2be121f658e24c55dde23cf9af36ba027887` * [ovirt-machine-controllers](https://github.com/openshift/cluster-api-provider-ovirt) git [5a93d94c](https://github.com/openshift/cluster-api-provider-ovirt/commit/5a93d94c208baf4867bc41529cc379aeb25c9cc4) `sha256:e3f09fc626a9558593ec653c45a9e46fdca5339a4a64eaa8a0fe879c4856feef` * [prom-label-proxy](https://github.com/openshift/prom-label-proxy) git [af12fbc4](https://github.com/openshift/prom-label-proxy/commit/af12fbc4482a0d8fe9e4748c675d56bbc43975f2) `sha256:654070cc43163d91427a3bf3eee0bd0dcb44d2db9c70e7f07d3968358bb910c1` * [service-ca-operator](https://github.com/openshift/service-ca-operator) git [0899d112](https://github.com/openshift/service-ca-operator/commit/0899d1127049ab3906484bade3d47c306d5e3677) `sha256:f04ce22df713f4fe665e2ade786bfe2017f1f09008106f4b2ab9a1e262e5361e` * [vsphere-cloud-controller-manager](https://github.com/openshift/cloud-provider-vsphere) git [91f7b1fa](https://github.com/openshift/cloud-provider-vsphere/commit/91f7b1fab3342f890274bec2b93b2bc0de8d99e1) `sha256:40cbab289e087ae28c8ba6a288cebe3b1ffebb4f15471627206f89aebf5ffe2a` ### [agent-installer-api-server](https://github.com/openshift/assisted-service/tree/bc51be826e96cae9e00d0fff0970fd273c078d9a) * Updating ose-agent-installer-api-server images to be consistent with ART (#3980) [#3980](https://github.com/openshift/assisted-service/pull/3980) * [MGMT-11799](https://issues.redhat.com/browse/MGMT-11799): change all 'go get' commands (#4887) [#4887](https://github.com/openshift/assisted-service/pull/4887) * [Full changelog](https://github.com/openshift/assisted-service/compare/0f526475e7ec16c6586ee351c5216ef6ae225b1b...bc51be826e96cae9e00d0fff0970fd273c078d9a) ### [agent-installer-csr-approver, agent-installer-orchestrator](https://github.com/openshift/assisted-installer/tree/aa467482746b55af2a64137302a7b3ef556c83c4) * NO-ISSUE: Update OWNERS to match master branch (#682) [#682](https://github.com/openshift/assisted-installer/pull/682) * [CVE-2022](https://issues.redhat.com/browse/CVE-2022), [OCPBUGS-15068](https://issues.redhat.com/browse/OCPBUGS-15068): 21235 github.com/Masterminds/vcs command inj (#681) [#681](https://github.com/openshift/assisted-installer/pull/681) * [Full changelog](https://github.com/openshift/assisted-installer/compare/6521f30171eef41729efd0907d15d6ae1665e7d3...aa467482746b55af2a64137302a7b3ef556c83c4) ### [alibaba-cloud-csi-driver](https://github.com/openshift/alibaba-cloud-csi-driver/tree/10cd3a7e86f948d28143e83ea22ac935cfcb0162) * [OCPBUGS-21292](https://issues.redhat.com/browse/OCPBUGS-21292): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#39](https://github.com/openshift/alibaba-cloud-csi-driver/pull/39) * [Full changelog](https://github.com/openshift/alibaba-cloud-csi-driver/compare/8dd7ae6f2fce71f6302eb3d59163c8f87d362bd4...10cd3a7e86f948d28143e83ea22ac935cfcb0162) ### [alibaba-disk-csi-driver-operator](https://github.com/openshift/alibaba-disk-csi-driver-operator/tree/481b4d44ce58757d136ee571ba5dbbdf109400ec) * [OCPBUGS-21389](https://issues.redhat.com/browse/OCPBUGS-21389): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#67](https://github.com/openshift/alibaba-disk-csi-driver-operator/pull/67) * [OCPBUGS-18418](https://issues.redhat.com/browse/OCPBUGS-18418): set TLS cipher suites in Kube RBAC sidecars [#59](https://github.com/openshift/alibaba-disk-csi-driver-operator/pull/59) * [Full changelog](https://github.com/openshift/alibaba-disk-csi-driver-operator/compare/f70a51b838ead1110b0824989e8c529292b003a0...481b4d44ce58757d136ee571ba5dbbdf109400ec) ### [apiserver-network-proxy](https://github.com/openshift/apiserver-network-proxy/tree/3362d673b054807a4974b4d600486933f7e0bd42) * [HOSTEDCP-1323](https://issues.redhat.com/browse/HOSTEDCP-1323): Merge latest code into 4.14 branch [#45](https://github.com/openshift/apiserver-network-proxy/pull/45) * [OCPBUGS-10187](https://issues.redhat.com/browse/OCPBUGS-10187): Updating ose-apiserver-network-proxy images to be consistent with ART [#30](https://github.com/openshift/apiserver-network-proxy/pull/30) * [Full changelog](https://github.com/openshift/apiserver-network-proxy/compare/61e198ca00b9426e2f7309cf2818ac74426486ff...3362d673b054807a4974b4d600486933f7e0bd42) ### [aws-cloud-controller-manager](https://github.com/openshift/cloud-provider-aws/tree/611fef9447b1bd6602561a07a69e4d11ff1ca161) * [OCPBUGS-20708](https://issues.redhat.com/browse/OCPBUGS-20708): Update golang.org/x/net to v0.17.0 [#56](https://github.com/openshift/cloud-provider-aws/pull/56) * [Full changelog](https://github.com/openshift/cloud-provider-aws/compare/ea1a9b23afdcb03ed30bceba58c3d29e1b1200b5...611fef9447b1bd6602561a07a69e4d11ff1ca161) ### [aws-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-aws/tree/b7408966b5e5952e60588ca08794c876f2cb575f) * [OCPBUGS-20791](https://issues.redhat.com/browse/OCPBUGS-20791): bump golang.org/x/net to v0.17.0 [#484](https://github.com/openshift/cluster-api-provider-aws/pull/484) * [Full changelog](https://github.com/openshift/cluster-api-provider-aws/compare/b3fe15befffb31732d16db3bbca56aa8b3eb7cc6...b7408966b5e5952e60588ca08794c876f2cb575f) ### [aws-ebs-csi-driver](https://github.com/openshift/aws-ebs-csi-driver/tree/46bd913789c6c1c246ecff2d982e4b3b4654254d) * [OCPBUGS-20892](https://issues.redhat.com/browse/OCPBUGS-20892): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#242](https://github.com/openshift/aws-ebs-csi-driver/pull/242) * [OCPBUGS-19069](https://issues.redhat.com/browse/OCPBUGS-19069): Volume unmount repeats after successful unmount, preventing pod delete [#234](https://github.com/openshift/aws-ebs-csi-driver/pull/234) * [OCPBUGS-12932](https://issues.redhat.com/browse/OCPBUGS-12932): 4.11: Bump golang.org/x/text [#227](https://github.com/openshift/aws-ebs-csi-driver/pull/227) * [Full changelog](https://github.com/openshift/aws-ebs-csi-driver/compare/ba03552281a83293b5a1020012165db49a5b4fd2...46bd913789c6c1c246ecff2d982e4b3b4654254d) ### [aws-ebs-csi-driver-operator](https://github.com/openshift/aws-ebs-csi-driver-operator/tree/2c9edc2a947c6677fa9def34172f8e8be532084b) * [OCPBUGS-20997](https://issues.redhat.com/browse/OCPBUGS-20997): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#283](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/283) * [OCPBUGS-18418](https://issues.redhat.com/browse/OCPBUGS-18418): set TLS cipher suites in Kube RBAC sidecars [#266](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/266) * [Full changelog](https://github.com/openshift/aws-ebs-csi-driver-operator/compare/2c7529e739914d3901f757519f2cd5adce36eb28...2c9edc2a947c6677fa9def34172f8e8be532084b) ### [aws-machine-controllers](https://github.com/openshift/machine-api-provider-aws/tree/48926df1a7c81558cc17c588a9ef822ef58e05b1) * [OCPBUGS-21554](https://issues.redhat.com/browse/OCPBUGS-21554): Update golang.org/x/net to v0.17.0 [#91](https://github.com/openshift/machine-api-provider-aws/pull/91) * Updating ose-machine-api-provider-aws images to be consistent with ART [#57](https://github.com/openshift/machine-api-provider-aws/pull/57) * [Full changelog](https://github.com/openshift/machine-api-provider-aws/compare/f6cf48823cee9ac0c2449abb31141c3033970ed5...48926df1a7c81558cc17c588a9ef822ef58e05b1) ### [aws-pod-identity-webhook](https://github.com/openshift/aws-pod-identity-webhook/tree/7bcd87c48a619d699eab6d4c6369d8e70102d90f) * [OCPBUGS-21295](https://issues.redhat.com/browse/OCPBUGS-21295): Upgrade golang/x/net for CVE-2023-39325 (4.11) [#186](https://github.com/openshift/aws-pod-identity-webhook/pull/186) * NO-ISSUE: snyk: exclude vendor/ [#175](https://github.com/openshift/aws-pod-identity-webhook/pull/175) * [Full changelog](https://github.com/openshift/aws-pod-identity-webhook/compare/a085f1cd579f3241f40ef6a31c70ff9fdd8d3938...7bcd87c48a619d699eab6d4c6369d8e70102d90f) ### [azure-cloud-controller-manager, azure-cloud-node-manager](https://github.com/openshift/cloud-provider-azure/tree/673e7b9d40ecdd9b9aa938113aedefb8aa33412e) * [OCPBUGS-21387](https://issues.redhat.com/browse/OCPBUGS-21387): Bump golang.org/x/net to v0.18.0 [#96](https://github.com/openshift/cloud-provider-azure/pull/96) * [Full changelog](https://github.com/openshift/cloud-provider-azure/compare/6bf2e3359731d80e75ae7c4d73316f6ef49d751a...673e7b9d40ecdd9b9aa938113aedefb8aa33412e) ### [azure-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-azure/tree/2118fe60689f382c8ce1c9150c6014cd9340b965) * [OCPBUGS-21476](https://issues.redhat.com/browse/OCPBUGS-21476): bump golang.org/x/net to v0.17.0 [#290](https://github.com/openshift/cluster-api-provider-azure/pull/290) * [Full changelog](https://github.com/openshift/cluster-api-provider-azure/compare/a851a3546a4f17acfc3a0ad5d3743665bfb91eaa...2118fe60689f382c8ce1c9150c6014cd9340b965) ### [azure-disk-csi-driver](https://github.com/openshift/azure-disk-csi-driver/tree/f4bb81ea10d3c72f245c11ae99e9c5cddd2761a7) * [OCPBUGS-20662](https://issues.redhat.com/browse/OCPBUGS-20662): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#57](https://github.com/openshift/azure-disk-csi-driver/pull/57) * [Full changelog](https://github.com/openshift/azure-disk-csi-driver/compare/2757f099dcb8ba645d2f36b84447907104af8c58...f4bb81ea10d3c72f245c11ae99e9c5cddd2761a7) ### [azure-disk-csi-driver-operator](https://github.com/openshift/azure-disk-csi-driver-operator/tree/c9fa000ca7bccec9261f50b30cd9a9c826f48dde) * [OCPBUGS-20733](https://issues.redhat.com/browse/OCPBUGS-20733): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#104](https://github.com/openshift/azure-disk-csi-driver-operator/pull/104) * [OCPBUGS-18418](https://issues.redhat.com/browse/OCPBUGS-18418): set TLS cipher suites in Kube RBAC sidecars [#96](https://github.com/openshift/azure-disk-csi-driver-operator/pull/96) * [OCPBUGS-7987](https://issues.redhat.com/browse/OCPBUGS-7987): Adjust client-side QPS, burst and worker threads in provisioner and attacher sidecars [#71](https://github.com/openshift/azure-disk-csi-driver-operator/pull/71) * [Full changelog](https://github.com/openshift/azure-disk-csi-driver-operator/compare/ca54bcb70d0b79e6b284f3f0663a86f612bb15ed...c9fa000ca7bccec9261f50b30cd9a9c826f48dde) ### [azure-file-csi-driver](https://github.com/openshift/azure-file-csi-driver/tree/c322c8f3392dcd6c978241adf75cc7a0e580a8e7) * [OCPBUGS-20822](https://issues.redhat.com/browse/OCPBUGS-20822): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#40](https://github.com/openshift/azure-file-csi-driver/pull/40) * [Full changelog](https://github.com/openshift/azure-file-csi-driver/compare/67c3831e8262bb2faaf22228f194ccc926f43390...c322c8f3392dcd6c978241adf75cc7a0e580a8e7) ### [azure-file-csi-driver-operator](https://github.com/openshift/azure-file-csi-driver-operator/tree/a5c172bdbe328e75192f7333369e74f5df2d6abb) * [OCPBUGS-20924](https://issues.redhat.com/browse/OCPBUGS-20924): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#79](https://github.com/openshift/azure-file-csi-driver-operator/pull/79) * [OCPBUGS-18418](https://issues.redhat.com/browse/OCPBUGS-18418): set TLS cipher suites in Kube RBAC sidecars [#72](https://github.com/openshift/azure-file-csi-driver-operator/pull/72) * [Full changelog](https://github.com/openshift/azure-file-csi-driver-operator/compare/4ddaca2a5bbc76e6721b92146cf4bf62af4ff12f...a5c172bdbe328e75192f7333369e74f5df2d6abb) ### [azure-machine-controllers](https://github.com/openshift/machine-api-provider-azure/tree/b3c71cfab08545a4f095549afeb712bb25c4b2c4) * [OCPBUGS-20725](https://issues.redhat.com/browse/OCPBUGS-20725): Bump x/net package to v0.17.0 [#85](https://github.com/openshift/machine-api-provider-azure/pull/85) * [OCPBUGS-14012](https://issues.redhat.com/browse/OCPBUGS-14012): Add user defined tags to Azure NIC resources [#70](https://github.com/openshift/machine-api-provider-azure/pull/70) * [Full changelog](https://github.com/openshift/machine-api-provider-azure/compare/415f448b1570b7d15aebe60bae12052e06df59b4...b3c71cfab08545a4f095549afeb712bb25c4b2c4) ### [baremetal-installer, installer, installer-artifacts](https://github.com/openshift/installer/tree/080693d2736ac301bfebf09f83da79cc4cf902d8) * [OCPBUGS-23478](https://issues.redhat.com/browse/OCPBUGS-23478): Specify google cloud CLI to version 256.0.0 [#7747](https://github.com/openshift/installer/pull/7747) * [OCPBUGS-494](https://issues.redhat.com/browse/OCPBUGS-494): [release-4.11] Switch libvirt VM's to vnc graphic mode [#6252](https://github.com/openshift/installer/pull/6252) * [OCPBUGS-18545](https://issues.redhat.com/browse/OCPBUGS-18545): CORS-2445: GCP: Add osImage to the install config [#7468](https://github.com/openshift/installer/pull/7468) * [OCPBUGS-16779](https://issues.redhat.com/browse/OCPBUGS-16779): bump RHCOS 4.11 bootimage metadata to 411.86.202308081056-0 [#7424](https://github.com/openshift/installer/pull/7424) * [OCPBUGS-17246](https://issues.redhat.com/browse/OCPBUGS-17246): azurestack: do not use gen2 images [#7393](https://github.com/openshift/installer/pull/7393) * [OCPBUGS-16915](https://issues.redhat.com/browse/OCPBUGS-16915): [release-4.11] azure: skip LB creation when not needed [#7372](https://github.com/openshift/installer/pull/7372) * [OCPBUGS-16353](https://issues.redhat.com/browse/OCPBUGS-16353): ic: azure: validate diskTypes in AzureStack [#7341](https://github.com/openshift/installer/pull/7341) * [OCPBUGS-17002](https://issues.redhat.com/browse/OCPBUGS-17002): GCP: add europe-west12 region to the survey as supported region [#7377](https://github.com/openshift/installer/pull/7377) * [OCPBUGS-5708](https://issues.redhat.com/browse/OCPBUGS-5708): hold bootkube service until bootstrap has pivoted [#6759](https://github.com/openshift/installer/pull/6759) * [OCPBUGS-13104](https://issues.redhat.com/browse/OCPBUGS-13104): openstack: Add netcat to the Installer image [#7163](https://github.com/openshift/installer/pull/7163) * [OCPBUGS-14288](https://issues.redhat.com/browse/OCPBUGS-14288): baremetal: Extra time for provisioning interface [#7214](https://github.com/openshift/installer/pull/7214) * [OCPBUGS-12750](https://issues.redhat.com/browse/OCPBUGS-12750): [Alibaba] update the bandwidth value of EIP [#7132](https://github.com/openshift/installer/pull/7132) * [OCPBUGS-11663](https://issues.redhat.com/browse/OCPBUGS-11663): AWS - Remove ACLs from s3 ign [#7085](https://github.com/openshift/installer/pull/7085) * [OCPBUGS-10594](https://issues.redhat.com/browse/OCPBUGS-10594): [release-4.11] aws: bump aws-sdk-go version [#7000](https://github.com/openshift/installer/pull/7000) * [OCPBUGS-7530](https://issues.redhat.com/browse/OCPBUGS-7530): bump RHCOS 4.11 bootimage metadata [#6875](https://github.com/openshift/installer/pull/6875) * [OCPBUGS-5665](https://issues.redhat.com/browse/OCPBUGS-5665): CVE-2021-4238: goutils: update for randomness fix [#6765](https://github.com/openshift/installer/pull/6765) * [OCPBUGS-5422](https://issues.redhat.com/browse/OCPBUGS-5422): Switch back to gp2 ebs volume type for bootstrap instance [#6743](https://github.com/openshift/installer/pull/6743) * [OCPBUGS-4685](https://issues.redhat.com/browse/OCPBUGS-4685): out-of-bounds read in golang.org/x/text/language leads to DoS [#6685](https://github.com/openshift/installer/pull/6685) * [OCPBUGS-3193](https://issues.redhat.com/browse/OCPBUGS-3193): [release-4.11] [AWS] Add AWS r6i into tested instance types table [#6350](https://github.com/openshift/installer/pull/6350) * [Full changelog](https://github.com/openshift/installer/compare/616d13577a49a887c7adc0236e22903dfcdb1ac5...080693d2736ac301bfebf09f83da79cc4cf902d8) ### [baremetal-machine-controllers](https://github.com/openshift/cluster-api-provider-baremetal/tree/1a6f3aa469970c91987f7025f5204a542839d875) * [OCPBUGS-21699](https://issues.redhat.com/browse/OCPBUGS-21699): Uplift x/net to v0.17.0 [#201](https://github.com/openshift/cluster-api-provider-baremetal/pull/201) * [Full changelog](https://github.com/openshift/cluster-api-provider-baremetal/compare/3cbef7f4537f9d2a1d1d32ad34a4c3eff49251b5...1a6f3aa469970c91987f7025f5204a542839d875) ### [baremetal-operator](https://github.com/openshift/baremetal-operator/tree/f7b90bfd5b29699406ce2a925ac124ec44ab373a) * [OCPBUGS-21136](https://issues.redhat.com/browse/OCPBUGS-21136): Uplift x/net to v0.17.0 [#311](https://github.com/openshift/baremetal-operator/pull/311) * [OCPBUGS-17955](https://issues.redhat.com/browse/OCPBUGS-17955): Trigger reconcile on Secret change [#299](https://github.com/openshift/baremetal-operator/pull/299) * [OCPBUGS-11612](https://issues.redhat.com/browse/OCPBUGS-11612): allow namespace to continue with terminating when deprovisioning at t… [#262](https://github.com/openshift/baremetal-operator/pull/262) * [OCPBUGS-8298](https://issues.redhat.com/browse/OCPBUGS-8298): cve: 2022-21698: upgrade prometheus/client_golang [#256](https://github.com/openshift/baremetal-operator/pull/256) * [Full changelog](https://github.com/openshift/baremetal-operator/compare/3122fabe86a4583ef637cdc41c03449ee825977e...f7b90bfd5b29699406ce2a925ac124ec44ab373a) ### [baremetal-runtimecfg](https://github.com/openshift/baremetal-runtimecfg/tree/09f56048506bcf0a27a21cc835a799a91a50aab9) * [OCPBUGS-18815](https://issues.redhat.com/browse/OCPBUGS-18815): Move haproxy firewall rule check earlier in loop [#273](https://github.com/openshift/baremetal-runtimecfg/pull/273) * [OCPBUGS-18096](https://issues.redhat.com/browse/OCPBUGS-18096): Don't render config with incomplete unicast peer list [#269](https://github.com/openshift/baremetal-runtimecfg/pull/269) * [OCPBUGS-15539](https://issues.redhat.com/browse/OCPBUGS-15539): Use machine-config state instead of comparing roles [#263](https://github.com/openshift/baremetal-runtimecfg/pull/263) * [OCPBUGS-13544](https://issues.redhat.com/browse/OCPBUGS-13544): Verify kubelet version in upgrade check [#250](https://github.com/openshift/baremetal-runtimecfg/pull/250) * [OCPBUGS-11297](https://issues.redhat.com/browse/OCPBUGS-11297): fix isUpgradeStillRunning() [#233](https://github.com/openshift/baremetal-runtimecfg/pull/233) * [Full changelog](https://github.com/openshift/baremetal-runtimecfg/compare/ea6a9491f37f6c14b36e2f8de37ebb473567b390...09f56048506bcf0a27a21cc835a799a91a50aab9) ### [cli, cli-artifacts, deployer, tools](https://github.com/openshift/oc/tree/bf40a6c2b28d2ed7dec6a9d481ff4da057796de8) * [OCPBUGS-26599](https://issues.redhat.com/browse/OCPBUGS-26599): release-4.11: use correct namespace with sample templates [#1649](https://github.com/openshift/oc/pull/1649) * [ART-8372](https://issues.redhat.com/browse/ART-8372): el7 version of oc in 4.11 [#1609](https://github.com/openshift/oc/pull/1609) * [OCPBUGS-20292](https://issues.redhat.com/browse/OCPBUGS-20292): Truncate existing files when writing from inspect [#1564](https://github.com/openshift/oc/pull/1564) * [OCPBUGS-20309](https://issues.redhat.com/browse/OCPBUGS-20309): Use quay redis image instead docker mysql [#1568](https://github.com/openshift/oc/pull/1568) * [OCPBUGS-16059](https://issues.redhat.com/browse/OCPBUGS-16059): mcs cert: account for environments that use IP directly [#1504](https://github.com/openshift/oc/pull/1504) * [OCPBUGS-16195](https://issues.redhat.com/browse/OCPBUGS-16195): reboot: set ignition version to 3.1 [#1510](https://github.com/openshift/oc/pull/1510) * [OCPBUGS-4812](https://issues.redhat.com/browse/OCPBUGS-4812): [release-4.11] New-App Using Git via SSH [#1283](https://github.com/openshift/oc/pull/1283) * handle the error case of node retrieval while waiting for reboot [#1486](https://github.com/openshift/oc/pull/1486) * bring some cert rotation helpers back into 4.11 [fix unit-tests] [#1479](https://github.com/openshift/oc/pull/1479) * [OCPBUGS-10772](https://issues.redhat.com/browse/OCPBUGS-10772): bump repo sclorg/s2i-ruby-container location for newapp test [#1380](https://github.com/openshift/oc/pull/1380) * [OCPBUGS-8205](https://issues.redhat.com/browse/OCPBUGS-8205): pkg/cli/admin/upgrade/channel: Use PATCH instead of POST for spec updates [#1360](https://github.com/openshift/oc/pull/1360) * [Full changelog](https://github.com/openshift/oc/compare/1928ac4250660378a7d8c3430478dfe77977cb2a...bf40a6c2b28d2ed7dec6a9d481ff4da057796de8) ### [cloud-credential-operator](https://github.com/openshift/cloud-credential-operator/tree/85f6afd591103fd54dae6bc07d85511d3d80fcb3) * [OCPBUGS-21328](https://issues.redhat.com/browse/OCPBUGS-21328): Upgrade golang/x/net for CVE-2023-39325 [#625](https://github.com/openshift/cloud-credential-operator/pull/625) * NO-ISSUE: snyk: exclude vendor/ [#621](https://github.com/openshift/cloud-credential-operator/pull/621) * NO-ISSUE: Removing andrew from OWNERS [#620](https://github.com/openshift/cloud-credential-operator/pull/620) * [OCPBUGS-13792](https://issues.redhat.com/browse/OCPBUGS-13792): Determine AWS partition based on region for readOnlyAnonUserPolicyTemplate bucket ARN. [#540](https://github.com/openshift/cloud-credential-operator/pull/540) * [OCPBUGS-11708](https://issues.redhat.com/browse/OCPBUGS-11708): ccoctl: Enable public anon read access to default OIDC S3 bucket [#530](https://github.com/openshift/cloud-credential-operator/pull/530) * [Full changelog](https://github.com/openshift/cloud-credential-operator/compare/a36704a02f087478e726d5ee7fe55ea81625c10b...85f6afd591103fd54dae6bc07d85511d3d80fcb3) ### [cloud-network-config-controller](https://github.com/openshift/cloud-network-config-controller/tree/fd849e37f0073049d64b85ccdd58794640aee011) * [OCPBUGS-13240](https://issues.redhat.com/browse/OCPBUGS-13240): pull project name from subnet uri [#109](https://github.com/openshift/cloud-network-config-controller/pull/109) * Bug OCPBUGS-5359: Add ApplicationSecurityGroups to InterfaceIPConfiguration [#93](https://github.com/openshift/cloud-network-config-controller/pull/93) * [Full changelog](https://github.com/openshift/cloud-network-config-controller/compare/7cae6d8df95f59093c97ac9453ae0276fcf8f3cc...fd849e37f0073049d64b85ccdd58794640aee011) ### [cluster-authentication-operator](https://github.com/openshift/cluster-authentication-operator/tree/bc149c8ede402ee1bb12b526030508114aabdfd3) * [OCPBUGS-27231](https://issues.redhat.com/browse/OCPBUGS-27231): increase timeout for probes [#648](https://github.com/openshift/cluster-authentication-operator/pull/648) * [Full changelog](https://github.com/openshift/cluster-authentication-operator/compare/e2bcbaafc381ad909b5f51c6a10e7286e8af97bc...bc149c8ede402ee1bb12b526030508114aabdfd3) ### [cluster-autoscaler-operator](https://github.com/openshift/cluster-autoscaler-operator/tree/1731b6650d41a46207dc08f4d0993873b3b5d99f) * [OCPBUGS-20737](https://issues.redhat.com/browse/OCPBUGS-20737): Bump x/net package to v0.18.0 [#301](https://github.com/openshift/cluster-autoscaler-operator/pull/301) * [Full changelog](https://github.com/openshift/cluster-autoscaler-operator/compare/fcffbcda0262923ec12b455e2c353ea135e9d6ac...1731b6650d41a46207dc08f4d0993873b3b5d99f) ### [cluster-baremetal-operator](https://github.com/openshift/cluster-baremetal-operator/tree/4d2ec1ddc45644a6ce86eda78c916a28382fe863) * [OCPBUGS-20828](https://issues.redhat.com/browse/OCPBUGS-20828): Uplift x/net to v0.17.0 [#372](https://github.com/openshift/cluster-baremetal-operator/pull/372) * [OCPBUGS-5628](https://issues.redhat.com/browse/OCPBUGS-5628): Update dependencies [#321](https://github.com/openshift/cluster-baremetal-operator/pull/321) * Updating ose-cluster-baremetal-operator images to be consistent with ART [#264](https://github.com/openshift/cluster-baremetal-operator/pull/264) * [OCPBUGS-5075](https://issues.redhat.com/browse/OCPBUGS-5075): Do not fail the reconciler when no master Machines exist [#318](https://github.com/openshift/cluster-baremetal-operator/pull/318) * [Full changelog](https://github.com/openshift/cluster-baremetal-operator/compare/c5fa43802a55f60843eded25969fb0e3270dd68b...4d2ec1ddc45644a6ce86eda78c916a28382fe863) ### [cluster-bootstrap](https://github.com/openshift/cluster-bootstrap/tree/ffb5e2e417ab7e9da1caf7dd76007f5cfe8fc5a5) * [OCPBUGS-14387](https://issues.redhat.com/browse/OCPBUGS-14387): Update dependencies and image [#92](https://github.com/openshift/cluster-bootstrap/pull/92) * Add API team to the OWNERS [#95](https://github.com/openshift/cluster-bootstrap/pull/95) * [Full changelog](https://github.com/openshift/cluster-bootstrap/compare/f22d1c60c188a4b5ce1731a8b1db7c20067dc7e9...ffb5e2e417ab7e9da1caf7dd76007f5cfe8fc5a5) ### [cluster-capi-controllers](https://github.com/openshift/cluster-api/tree/793bb48245f0e50e9dde2182286a4d219829ae6f) * [OCPBUGS-21509](https://issues.redhat.com/browse/OCPBUGS-21509): bump golang.org/x/net to v0.17.0 [#187](https://github.com/openshift/cluster-api/pull/187) * [Full changelog](https://github.com/openshift/cluster-api/compare/f9c215c4f298710ccf76676395465685b5d15268...793bb48245f0e50e9dde2182286a4d219829ae6f) ### [cluster-capi-operator](https://github.com/openshift/cluster-capi-operator/tree/8c08e223b1ec06969955abd696bf3220a8126109) * [OCPBUGS-21027](https://issues.redhat.com/browse/OCPBUGS-21027): bump golang.org/x/net to v0.17.0 [#139](https://github.com/openshift/cluster-capi-operator/pull/139) * [Full changelog](https://github.com/openshift/cluster-capi-operator/compare/06d77efa3d9693bd945b3ee0fd151759632710ee...8c08e223b1ec06969955abd696bf3220a8126109) ### [cluster-cloud-controller-manager-operator](https://github.com/openshift/cluster-cloud-controller-manager-operator/tree/2dbffc67e4fb2ef972f4ba6e6c1a76447193c6ce) * [OCPBUGS-5781](https://issues.redhat.com/browse/OCPBUGS-5781): Try to limit groups for the REST mapper discovery [#216](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/216) * [Full changelog](https://github.com/openshift/cluster-cloud-controller-manager-operator/compare/a21df2426485f83187a445df5e4a9637c9992c86...2dbffc67e4fb2ef972f4ba6e6c1a76447193c6ce) ### [cluster-config-operator](https://github.com/openshift/cluster-config-operator/tree/4fbf99986d7d55885c0dc4a53610a53f97171242) * : OCPBUGS-21231: bump library-go to include switch to HTTP/1.1 [#374](https://github.com/openshift/cluster-config-operator/pull/374) * [Full changelog](https://github.com/openshift/cluster-config-operator/compare/0e01b06b43d710eee7f2fe2d3cce987990510644...4fbf99986d7d55885c0dc4a53610a53f97171242) ### [cluster-csi-snapshot-controller-operator](https://github.com/openshift/cluster-csi-snapshot-controller-operator/tree/a95aec84224c06e448601b4de4906dfa49e1d429) * [OCPBUGS-21425](https://issues.redhat.com/browse/OCPBUGS-21425): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#170](https://github.com/openshift/cluster-csi-snapshot-controller-operator/pull/170) * [OCPBUGS-19513](https://issues.redhat.com/browse/OCPBUGS-19513): Fix readOnlyRootFilesystem for 4.11 [#165](https://github.com/openshift/cluster-csi-snapshot-controller-operator/pull/165) * [Full changelog](https://github.com/openshift/cluster-csi-snapshot-controller-operator/compare/8d0774fd2bb6beb10e5ee61b41c82af500553415...a95aec84224c06e448601b4de4906dfa49e1d429) ### [cluster-dns-operator](https://github.com/openshift/cluster-dns-operator/tree/69b0ceb465c42e22ef51a01952f25ef7bb1f5d99) * [OCPBUGS-21511](https://issues.redhat.com/browse/OCPBUGS-21511): Bump golang.org/x/net/http2 to v0.17.0 for CVE-2023-39325 in cluster-dns-operator [#392](https://github.com/openshift/cluster-dns-operator/pull/392) * [Full changelog](https://github.com/openshift/cluster-dns-operator/compare/8abe243f0c4edbaea1a9d1b6a59c7590b2315053...69b0ceb465c42e22ef51a01952f25ef7bb1f5d99) ### [cluster-etcd-operator](https://github.com/openshift/cluster-etcd-operator/tree/5617740c013848971699d210a8b28e208938e0d8) * [OCPBUGS-21108](https://issues.redhat.com/browse/OCPBUGS-21108): fixing CVE-2023-39325 by updating dependencies [#1150](https://github.com/openshift/cluster-etcd-operator/pull/1150) * [OCPBUGS-22785](https://issues.redhat.com/browse/OCPBUGS-22785): [4.11] Backports of backup/restore fixes [#1145](https://github.com/openshift/cluster-etcd-operator/pull/1145) * [OCPBUGS-18283](https://issues.redhat.com/browse/OCPBUGS-18283): reset snapshot default counts to avoid file already lo… [#1103](https://github.com/openshift/cluster-etcd-operator/pull/1103) * [OCPBUGS-9908](https://issues.redhat.com/browse/OCPBUGS-9908): Garbage collect grafana-dashboard-etcd [#1022](https://github.com/openshift/cluster-etcd-operator/pull/1022) * [OCPBUGS-9967](https://issues.redhat.com/browse/OCPBUGS-9967): increase live/ready timeout and failure thresholds [#1025](https://github.com/openshift/cluster-etcd-operator/pull/1025) * [OCPBUGS-7720](https://issues.redhat.com/browse/OCPBUGS-7720): set default timeouts in etcdcli [#1007](https://github.com/openshift/cluster-etcd-operator/pull/1007) * [OCPBUGS-7510](https://issues.redhat.com/browse/OCPBUGS-7510): [release-4.11] fail early on missing node status envs [#1006](https://github.com/openshift/cluster-etcd-operator/pull/1006) * [OCPBUGS-4785](https://issues.redhat.com/browse/OCPBUGS-4785): only allow TLS1.2/1.3 ciphersuites in etcd and CEO [#973](https://github.com/openshift/cluster-etcd-operator/pull/973) * [Full changelog](https://github.com/openshift/cluster-etcd-operator/compare/c831f3c2ee3ff0b1d43930d901708f373733a3a1...5617740c013848971699d210a8b28e208938e0d8) ### [cluster-image-registry-operator](https://github.com/openshift/cluster-image-registry-operator/tree/d34b3ef1941864e566ebdf9ee04c55d14b8b4cd9) * [OCPBUGS-20672](https://issues.redhat.com/browse/OCPBUGS-20672): mitigate effects of rapid reset [#954](https://github.com/openshift/cluster-image-registry-operator/pull/954) * [OCPBUGS-9921](https://issues.redhat.com/browse/OCPBUGS-9921): bump aws-sdk-go [#848](https://github.com/openshift/cluster-image-registry-operator/pull/848) * add myself to OWNERS [#831](https://github.com/openshift/cluster-image-registry-operator/pull/831) * [OCPBUGS-6907](https://issues.redhat.com/browse/OCPBUGS-6907): OpenStack: Add support for Proxy [#836](https://github.com/openshift/cluster-image-registry-operator/pull/836) * [OCPBUGS-5778](https://issues.redhat.com/browse/OCPBUGS-5778): swift: Retry connecting to OpenStack [#830](https://github.com/openshift/cluster-image-registry-operator/pull/830) * [Full changelog](https://github.com/openshift/cluster-image-registry-operator/compare/6e62cdf082840c085d8305efb205a74cac2c59a0...d34b3ef1941864e566ebdf9ee04c55d14b8b4cd9) ### [cluster-ingress-operator](https://github.com/openshift/cluster-ingress-operator/tree/9e60f1f1e166b8097e21a6187123fd49ea0e02c2) * [OCPBUGS-20748](https://issues.redhat.com/browse/OCPBUGS-20748): Bump golang.org/x/net for CVE-2023-44487 [#989](https://github.com/openshift/cluster-ingress-operator/pull/989) * [OCPBUGS-22433](https://issues.redhat.com/browse/OCPBUGS-22433): test/e2e: Don't use openshift/origin-node [#993](https://github.com/openshift/cluster-ingress-operator/pull/993) * [OCPBUGS-14456](https://issues.redhat.com/browse/OCPBUGS-14456), [OCPBUGS-14457](https://issues.redhat.com/browse/OCPBUGS-14457): Handle mTLS CRLs, and fix accidental CRL duplication [#942](https://github.com/openshift/cluster-ingress-operator/pull/942) * [OCPBUGS-3560](https://issues.redhat.com/browse/OCPBUGS-3560): Allow PROXY protocol for "Private" strategy [#914](https://github.com/openshift/cluster-ingress-operator/pull/914) * [OCPBUGS-8000](https://issues.redhat.com/browse/OCPBUGS-8000): certificate-publisher: Don't publish extraneous certificates [#894](https://github.com/openshift/cluster-ingress-operator/pull/894) * [Full changelog](https://github.com/openshift/cluster-ingress-operator/compare/f0ed74846785b1c0e6d98d58c245506ac18578d4...9e60f1f1e166b8097e21a6187123fd49ea0e02c2) ### [cluster-kube-apiserver-operator](https://github.com/openshift/cluster-kube-apiserver-operator/tree/06f0a3d686b9f4a8e70ca430059093ad6d71fced) * [OCPBUGS-26405](https://issues.redhat.com/browse/OCPBUGS-26405): pkg/operator/configobserver: check that the serving certificate refer… [#1616](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1616) * : OCPBUGS-20839: bump library-go to include switch to HTTP/1.1 [#1575](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1575) * [OCPBUGS-7756](https://issues.redhat.com/browse/OCPBUGS-7756): Guard pod set readiness probe endpoint explicitly [#1448](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1448) * [OCPBUGS-2938](https://issues.redhat.com/browse/OCPBUGS-2938): Duplicate prometheus rules for API SLOs after upgrade [#1397](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1397) * [OCPBUGS-4551](https://issues.redhat.com/browse/OCPBUGS-4551): guard controller: set an explicit hostname to avoid name collisions [#1429](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1429) * [OCPBUGS-4301](https://issues.redhat.com/browse/OCPBUGS-4301): bootstrap-kube-apiserver: specify resources.requests [#1412](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1412) * [OCPBUGS-3290](https://issues.redhat.com/browse/OCPBUGS-3290): routes/status resources can leak sensitive data, exclude it from audit [#1422](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1422) * [Full changelog](https://github.com/openshift/cluster-kube-apiserver-operator/compare/f28fe4d8dc2cb1201657d9904b24db195cad9e35...06f0a3d686b9f4a8e70ca430059093ad6d71fced) ### [cluster-kube-cluster-api-operator](https://github.com/openshift/cluster-api-operator/tree/5ad359ecbb8edee5ebf0352e5d0969ee95dfe4d0) * [OCPBUGS-20943](https://issues.redhat.com/browse/OCPBUGS-20943): bump golang.org/x/net to v0.17.0 [#30](https://github.com/openshift/cluster-api-operator/pull/30) * [Full changelog](https://github.com/openshift/cluster-api-operator/compare/21da027d835977c0216a9a7303a0b3851f46379a...5ad359ecbb8edee5ebf0352e5d0969ee95dfe4d0) ### [cluster-kube-controller-manager-operator](https://github.com/openshift/cluster-kube-controller-manager-operator/tree/97ab7ed27bee6bf9e58f71aae573f20a028c5601) * [OCPBUGS-21036](https://issues.redhat.com/browse/OCPBUGS-21036): Bump deps to address CVE-2023-44487 [4.11] [#765](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/765) * [OCPBUGS-7756](https://issues.redhat.com/browse/OCPBUGS-7756): Guard pod set readiness probe endpoint explicitly [#703](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/703) * [OCPBUGS-4551](https://issues.redhat.com/browse/OCPBUGS-4551): guard controller: set an explicit hostname to avoid name collisions [#690](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/690) * [OCPBUGS-4304](https://issues.redhat.com/browse/OCPBUGS-4304): resources.requests for operator pod [#667](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/667) * [Full changelog](https://github.com/openshift/cluster-kube-controller-manager-operator/compare/74584b7e3c7fd13b71bcb93c517d070d54a29409...97ab7ed27bee6bf9e58f71aae573f20a028c5601) ### [cluster-kube-scheduler-operator](https://github.com/openshift/cluster-kube-scheduler-operator/tree/554fc89c4317e6108851fd3c729dcd11a78f7834) * [OCPBUGS-21220](https://issues.redhat.com/browse/OCPBUGS-21220): bump(golang.org/x/net,openshift) to address CVE-2023-44487 [#506](https://github.com/openshift/cluster-kube-scheduler-operator/pull/506) * [OCPBUGS-7756](https://issues.redhat.com/browse/OCPBUGS-7756): Guard controller: set the readiness probe endpoint explicitly [#464](https://github.com/openshift/cluster-kube-scheduler-operator/pull/464) * [OCPBUGS-4551](https://issues.redhat.com/browse/OCPBUGS-4551): guard controller: set an explicit hostname to avoid name collisions [#458](https://github.com/openshift/cluster-kube-scheduler-operator/pull/458) * [Full changelog](https://github.com/openshift/cluster-kube-scheduler-operator/compare/730f219306e9738f9e533dd8f4bd61a9e5f39d06...554fc89c4317e6108851fd3c729dcd11a78f7834) ### [cluster-kube-storage-version-migrator-operator](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/tree/56b2189809bbc3b39c04db7e6b4d27235ad2ab9a) * : OCPBUGS-21314: bump library-go to include switch to HTTP/1.1 [#99](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/99) * [Full changelog](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/compare/12d050abd0cf37dae8973d453930bcf494a2499b...56b2189809bbc3b39c04db7e6b4d27235ad2ab9a) ### [cluster-machine-approver](https://github.com/openshift/cluster-machine-approver/tree/0533fa53b62f0261977101b8bd16076ac6480871) * [OCPBUGS-25377](https://issues.redhat.com/browse/OCPBUGS-25377): Filter non node CSRs in metrics [#221](https://github.com/openshift/cluster-machine-approver/pull/221) * [OCPBUGS-21413](https://issues.redhat.com/browse/OCPBUGS-21413): Bump x/net package to v0.18.0 [#215](https://github.com/openshift/cluster-machine-approver/pull/215) * [OCPBUGS-10382](https://issues.redhat.com/browse/OCPBUGS-10382): ignore case when checking csr hostnames [#181](https://github.com/openshift/cluster-machine-approver/pull/181) * [Full changelog](https://github.com/openshift/cluster-machine-approver/compare/3ee1fe4d777f8e04b26bade2960609fc9b151d94...0533fa53b62f0261977101b8bd16076ac6480871) ### [cluster-monitoring-operator](https://github.com/openshift/cluster-monitoring-operator/tree/07fe9fa0623bc34306e4ab965d4cbaf54d59a78d) * [OCPBUGS-22845](https://issues.redhat.com/browse/OCPBUGS-22845): [release-4.11] add RHACS telemetry metrics [#2141](https://github.com/openshift/cluster-monitoring-operator/pull/2141) * [OCPBUGS-21214](https://issues.redhat.com/browse/OCPBUGS-21214): upgrade golang.org/x/net to v0.17.0 [#2124](https://github.com/openshift/cluster-monitoring-operator/pull/2124) * [OCPBUGS-20073](https://issues.redhat.com/browse/OCPBUGS-20073): Limit the value of GOMAXPROCS on node-exporter to 4 [#2110](https://github.com/openshift/cluster-monitoring-operator/pull/2110) * [OCPBUGS-11759](https://issues.redhat.com/browse/OCPBUGS-11759): add startup probe for prometheus-adapter [#1947](https://github.com/openshift/cluster-monitoring-operator/pull/1947) * [OCPBUGS-11465](https://issues.redhat.com/browse/OCPBUGS-11465): jsonnet: Add prometheus container in UWM [#1938](https://github.com/openshift/cluster-monitoring-operator/pull/1938) * [Full changelog](https://github.com/openshift/cluster-monitoring-operator/compare/7ebe9421bfdf4a168d94230e108062c681cbba00...07fe9fa0623bc34306e4ab965d4cbaf54d59a78d) ### [cluster-network-operator](https://github.com/openshift/cluster-network-operator/tree/33da9fb933f67f53f2c317f3a021a458a41ce159) * [OCPBUGS-21714](https://issues.redhat.com/browse/OCPBUGS-21714): Bump golang.org/x/net and github.com/openshift/library-go [#2125](https://github.com/openshift/cluster-network-operator/pull/2125) * [OCPBUGS-23321](https://issues.redhat.com/browse/OCPBUGS-23321): IBMCloud specific: patch out management workload for dataplane component thats needed for bootstrapping [#2109](https://github.com/openshift/cluster-network-operator/pull/2109) * [OCPBUGS-13661](https://issues.redhat.com/browse/OCPBUGS-13661): AUTH: update cluster-reader to include k8s.ovn.org [#1811](https://github.com/openshift/cluster-network-operator/pull/1811) * [OCPBUGS-11763](https://issues.redhat.com/browse/OCPBUGS-11763): HyperShift: Add POD_NAME env to ovnkube-node [#1780](https://github.com/openshift/cluster-network-operator/pull/1780) * [OCPBUGS-12277](https://issues.redhat.com/browse/OCPBUGS-12277): remove TLS_RSA_WITH_AES_128_CBC_SHA256 cipher [#1789](https://github.com/openshift/cluster-network-operator/pull/1789) * [OCPBUGS-10487](https://issues.redhat.com/browse/OCPBUGS-10487): Enable configuration of node healthz server on ovnkube [#1742](https://github.com/openshift/cluster-network-operator/pull/1742) * [OCPBUGS-5954](https://issues.redhat.com/browse/OCPBUGS-5954): Backport Added missing API field podref to OverlappingRangeIPReservation CRD [#1686](https://github.com/openshift/cluster-network-operator/pull/1686) * [OCPBUGS-6993](https://issues.redhat.com/browse/OCPBUGS-6993): HyperShift: Co-locate OVN-Kubernetes master with other hcp pods [#1702](https://github.com/openshift/cluster-network-operator/pull/1702) * [OCPBUGS-3462](https://issues.redhat.com/browse/OCPBUGS-3462): CNI binary copy should account for the possibility of symlinks [backport 4.11] [#1616](https://github.com/openshift/cluster-network-operator/pull/1616) * [OCPBUGS-6920](https://issues.redhat.com/browse/OCPBUGS-6920): Configure ignored namespaces into multus-admission-controller [#1698](https://github.com/openshift/cluster-network-operator/pull/1698) * [OCPBUGS-3971](https://issues.redhat.com/browse/OCPBUGS-3971): HyperShift: Do not accept empty infrastructure name [#1635](https://github.com/openshift/cluster-network-operator/pull/1635) * [Full changelog](https://github.com/openshift/cluster-network-operator/compare/ae7c9d9bda28637ce8bd5667d0940246ee872ef8...33da9fb933f67f53f2c317f3a021a458a41ce159) ### [cluster-node-tuning-operator](https://github.com/openshift/cluster-node-tuning-operator/tree/e65d78b5407738b4aa3b52d74ac63de7a561dbd1) * Merge [#548](https://github.com/openshift/cluster-node-tuning-operator/pull/548) * [Full changelog](https://github.com/openshift/cluster-node-tuning-operator/compare/6ddb8d914b9e53ab9129d12f6b26876492cd15d3...e65d78b5407738b4aa3b52d74ac63de7a561dbd1) ### [cluster-openshift-apiserver-operator](https://github.com/openshift/cluster-openshift-apiserver-operator/tree/0e82f58c55a5d966cc46e0cb489e33601eb1df6f) * [OCPBUGS-27231](https://issues.redhat.com/browse/OCPBUGS-27231): increase timeout for probes [#565](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/565) * : OCPBUGS-20679: bump library-go to include switch to HTTP/1.1 [#557](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/557) * [OCPBUGS-3290](https://issues.redhat.com/browse/OCPBUGS-3290): routes/status resources can leak sensitive data, exclude it from audit [#513](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/513) * [Full changelog](https://github.com/openshift/cluster-openshift-apiserver-operator/compare/5ddbeef319c297618a94d97a79dcb0cc0a2ec497...0e82f58c55a5d966cc46e0cb489e33601eb1df6f) ### [cluster-openshift-controller-manager-operator](https://github.com/openshift/cluster-openshift-controller-manager-operator/tree/a3473662f96140be5a462203885fc03d0e83f95c) * [OCPBUGS-20757](https://issues.redhat.com/browse/OCPBUGS-20757): bump(k8s,openshift) to address CVE-2023-44487 [#312](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/312) * [Full changelog](https://github.com/openshift/cluster-openshift-controller-manager-operator/compare/a536525dd9f9f5e64921ee0ce474f1fb3b416787...a3473662f96140be5a462203885fc03d0e83f95c) ### [cluster-policy-controller](https://github.com/openshift/cluster-policy-controller/tree/83e97b522ef2e757440362f099593222121684d1) * [OCPBUGS-21062](https://issues.redhat.com/browse/OCPBUGS-21062): Bump deps to address CVE-2023-44487 [4.11] [#142](https://github.com/openshift/cluster-policy-controller/pull/142) * [OCPBUGS-5787](https://issues.redhat.com/browse/OCPBUGS-5787): clusterquotareconciliation: do not sync quota monitor cache with no monitors registered [#96](https://github.com/openshift/cluster-policy-controller/pull/96) * [Full changelog](https://github.com/openshift/cluster-policy-controller/compare/c7201edacb6e4ac1f8a1624b152911f3c404dbc7...83e97b522ef2e757440362f099593222121684d1) ### [cluster-samples-operator](https://github.com/openshift/cluster-samples-operator/tree/051761b88ee7a2327130172afdb8a3107405df94) * [OCPBUGS-15758](https://issues.redhat.com/browse/OCPBUGS-15758): Update Jenkins and Jenkins Agent Base image versions [#507](https://github.com/openshift/cluster-samples-operator/pull/507) * [OCPBUGS-7330](https://issues.redhat.com/browse/OCPBUGS-7330): When setting allowedRegistries urls the openshift-samples operator is degraded [#490](https://github.com/openshift/cluster-samples-operator/pull/490) * [Full changelog](https://github.com/openshift/cluster-samples-operator/compare/99469697ca5df630e42a65f7258b76e206fdbfc9...051761b88ee7a2327130172afdb8a3107405df94) ### [cluster-storage-operator](https://github.com/openshift/cluster-storage-operator/tree/bc69ea348a1d38a8f4d765e13de81afe9744e4c7) * [OCPBUGS-21253](https://issues.redhat.com/browse/OCPBUGS-21253): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#408](https://github.com/openshift/cluster-storage-operator/pull/408) * [Full changelog](https://github.com/openshift/cluster-storage-operator/compare/e4de8c765590b962d7abe957dfad8aea19845b6c...bc69ea348a1d38a8f4d765e13de81afe9744e4c7) ### [cluster-version-operator](https://github.com/openshift/cluster-version-operator/tree/8966b291a649d3a262d1b714aef02c6d9d3ff402) * [OCPBUGS-5011](https://issues.redhat.com/browse/OCPBUGS-5011): Backport `SecurityContext` reconciliation behavior [#940](https://github.com/openshift/cluster-version-operator/pull/940) * [OCPBUGS-13043](https://issues.redhat.com/browse/OCPBUGS-13043): pkg/cvo: reset payload load status [#935](https://github.com/openshift/cluster-version-operator/pull/935) * [OCPBUGS-10671](https://issues.redhat.com/browse/OCPBUGS-10671): pkg/cvo/availableupdates: Prioritize conditional risks for largest target version [#915](https://github.com/openshift/cluster-version-operator/pull/915) * [OCPBUGS-5882](https://issues.redhat.com/browse/OCPBUGS-5882): Set upgradeability check throttling period to 2m [#885](https://github.com/openshift/cluster-version-operator/pull/885) * [Full changelog](https://github.com/openshift/cluster-version-operator/compare/1261db49c832bfdf4077159596586d973be06e00...8966b291a649d3a262d1b714aef02c6d9d3ff402) ### [console](https://github.com/openshift/console/tree/71da8a5d97fff0e6c6bf78356ff21e12246b8266) * [OCPBUGS-23064](https://issues.redhat.com/browse/OCPBUGS-23064): add support for new features annotations while preservi… [#13315](https://github.com/openshift/console/pull/13315) * [OCPBUGS-19930](https://issues.redhat.com/browse/OCPBUGS-19930): Web console slowness on Project>Project access page [#13206](https://github.com/openshift/console/pull/13206) * [OCPBUGS-19297](https://issues.redhat.com/browse/OCPBUGS-19297): Fix topology crash when a console.topology/data/factory extension tries to resolve a resource with version from the CRDs which doesn't exists [#13158](https://github.com/openshift/console/pull/13158) * [OCPBUGS-20217](https://issues.redhat.com/browse/OCPBUGS-20217): Fixed Edit Application form for Knative Services [#13220](https://github.com/openshift/console/pull/13220) * [OCPBUGS-18486](https://issues.redhat.com/browse/OCPBUGS-18486): Fix stop PLR option [#13131](https://github.com/openshift/console/pull/13131) * [OCPBUGS-19409](https://issues.redhat.com/browse/OCPBUGS-19409): Backport tab extension to fix LOG-4504 (support LOG-3388 on OCP 4.11) [#13171](https://github.com/openshift/console/pull/13171) * [OCPBUGS-19359](https://issues.redhat.com/browse/OCPBUGS-19359): Remove PipelineResource CRD check because it's not installed with PO 1.11 anymore [#13079](https://github.com/openshift/console/pull/13079) * [OCPBUGS-17375](https://issues.redhat.com/browse/OCPBUGS-17375): When removing the project owner from the project in GUI, instead of that user, the group (the default group added as project admin through the project template) will be removed. [#13071](https://github.com/openshift/console/pull/13071) * [OCPBUGS-15562](https://issues.redhat.com/browse/OCPBUGS-15562): only copy workload annotations to debug pod [#12956](https://github.com/openshift/console/pull/12956) * [OCPBUGS-15532](https://issues.redhat.com/browse/OCPBUGS-15532): visiting Configurations page returns error Cannot read… [#12953](https://github.com/openshift/console/pull/12953) * [OCPBUGS-14004](https://issues.redhat.com/browse/OCPBUGS-14004): use PipelineRun template from 'pipelines-as-code-pipelinerun-go' configMap for Go runtime [#12845](https://github.com/openshift/console/pull/12845) * [OCPBUGS-14413](https://issues.redhat.com/browse/OCPBUGS-14413): Modified git import flow module to handle create button enable-disable issue [#12874](https://github.com/openshift/console/pull/12874) * [OCPBUGS-13214](https://issues.redhat.com/browse/OCPBUGS-13214): the name of the object (imagestream-name) does not match the name on the URL (deployment_name) [#12835](https://github.com/openshift/console/pull/12835) * [OCPBUGS-12284](https://issues.redhat.com/browse/OCPBUGS-12284): Fix to use and set correct secretReference for build-config triggers [#12762](https://github.com/openshift/console/pull/12762) * [OCPBUGS-13864](https://issues.redhat.com/browse/OCPBUGS-13864): delete associated pipeline, triggertemplate and eventlistener when deleting app [#12837](https://github.com/openshift/console/pull/12837) * [OCPBUGS-13730](https://issues.redhat.com/browse/OCPBUGS-13730): Show type of sample on the samples view [#12826](https://github.com/openshift/console/pull/12826) * [OCPBUGS-13746](https://issues.redhat.com/browse/OCPBUGS-13746): PipelineRun templates must be fetched from OpenShift namespace [#12827](https://github.com/openshift/console/pull/12827) * [OCPBUGS-12279](https://issues.redhat.com/browse/OCPBUGS-12279): Do not show builder ImageStreams without `sampleRepo` as samples [#12759](https://github.com/openshift/console/pull/12759) * [OCPBUGS-12959](https://issues.redhat.com/browse/OCPBUGS-12959): update the default pipelineRun template name [#12790](https://github.com/openshift/console/pull/12790) * [OCPBUGS-12231](https://issues.redhat.com/browse/OCPBUGS-12231): Get the Event type value from the latest PLR of the Repository [#12749](https://github.com/openshift/console/pull/12749) * [OCPBUGS-10708](https://issues.redhat.com/browse/OCPBUGS-10708): delete application should delete all part-of resources [#12772](https://github.com/openshift/console/pull/12772) * [OCPBUGS-13012](https://issues.redhat.com/browse/OCPBUGS-13012): Show Tag label and tag name if tag is detected in repository PipelineRun list and details page [#12793](https://github.com/openshift/console/pull/12793) * [OCPBUGS-10613](https://issues.redhat.com/browse/OCPBUGS-10613): add subject kind dropdown in the project access form [#12663](https://github.com/openshift/console/pull/12663) * [OCPBUGS-11580](https://issues.redhat.com/browse/OCPBUGS-11580): In DeploymentConfig both the Form view and Yaml view are not in sync [#12714](https://github.com/openshift/console/pull/12714) * [OCPBUGS-6984](https://issues.redhat.com/browse/OCPBUGS-6984): Add Git Repository (PAC) showed empty permission content and non-working help link until a git url is entered [#12523](https://github.com/openshift/console/pull/12523) * [OCPBUGS-7949](https://issues.redhat.com/browse/OCPBUGS-7949): Webhook Secret (1 of 2) is not removed when Knative Service is deleted [#12602](https://github.com/openshift/console/pull/12602) * [OCPBUGS-6954](https://issues.redhat.com/browse/OCPBUGS-6954): Fix to show correct help texts for each git repo status error code [#12518](https://github.com/openshift/console/pull/12518) * [OCPBUGS-7764](https://issues.redhat.com/browse/OCPBUGS-7764): Fix crash when pinnedResources is null [#12581](https://github.com/openshift/console/pull/12581) * [OCPBUGS-2916](https://issues.redhat.com/browse/OCPBUGS-2916): Storage -> PVC -> upload data, does not support source reference [#12221](https://github.com/openshift/console/pull/12221) * [OCPBUGS-6687](https://issues.redhat.com/browse/OCPBUGS-6687): Hide silent switch for alerting rule if no associated alerts are present in devconsole [#12479](https://github.com/openshift/console/pull/12479) * [OCPBUGS-2844](https://issues.redhat.com/browse/OCPBUGS-2844): [OKD/nanokube] Fix NPE when project or build status is not defined [#12207](https://github.com/openshift/console/pull/12207) * [OCPBUGS-12243](https://issues.redhat.com/browse/OCPBUGS-12243): disable operator-install-single-namespace.spec.ts to solve CI issues [#12751](https://github.com/openshift/console/pull/12751) * [OCPBUGS-7950](https://issues.redhat.com/browse/OCPBUGS-7950): Repositories list does not show the running pipelinerun as last pipelinerun [#12603](https://github.com/openshift/console/pull/12603) * [OCPBUGS-7494](https://issues.redhat.com/browse/OCPBUGS-7494): fix broken pipeline secret [#12569](https://github.com/openshift/console/pull/12569) * [OCPBUGS-7789](https://issues.redhat.com/browse/OCPBUGS-7789): [4.11.z] Fix kubevirt-console tests [#12325](https://github.com/openshift/console/pull/12325) * [OCPBUGS-7539](https://issues.redhat.com/browse/OCPBUGS-7539): Fix rerender loop/crash when bindable-kinds is found but has no status [#12570](https://github.com/openshift/console/pull/12570) * [OCPBUGS-7043](https://issues.redhat.com/browse/OCPBUGS-7043): Fix to provide an option to delete all app resources on delete-resource modal for D/DC/KSVC [#12532](https://github.com/openshift/console/pull/12532) * [OCPBUGS-7127](https://issues.redhat.com/browse/OCPBUGS-7127): Editing Pipeline in the ocp console should show correct information [#12540](https://github.com/openshift/console/pull/12540) * [OCPBUGS-6879](https://issues.redhat.com/browse/OCPBUGS-6879): Remove `refs-heads` from the branch name for Repository pipelineRun row [#12509](https://github.com/openshift/console/pull/12509) * [OCPBUGS-7069](https://issues.redhat.com/browse/OCPBUGS-7069): PipelineRun task status overlaps status text [#12534](https://github.com/openshift/console/pull/12534) * [OCPBUGS-6492](https://issues.redhat.com/browse/OCPBUGS-6492): Add RBAC check on Create a Project link in all-namespaces pages [#12514](https://github.com/openshift/console/pull/12514) * [OCPBUGS-6989](https://issues.redhat.com/browse/OCPBUGS-6989): Don't proxy CORS response headers [#12524](https://github.com/openshift/console/pull/12524) * [OCPBUGS-5459](https://issues.redhat.com/browse/OCPBUGS-5459): Fix that topology sidebar actions shows outdated data (Edit Pod Count, Edit labels, Edit annotations, etc.) [#12417](https://github.com/openshift/console/pull/12417) * [OCPBUGS-6689](https://issues.redhat.com/browse/OCPBUGS-6689): Fix NPE when displaying CSV with incomplete information [#12478](https://github.com/openshift/console/pull/12478) * [OCPBUGS-1727](https://issues.redhat.com/browse/OCPBUGS-1727): Allow regular users to access debug pods [#12100](https://github.com/openshift/console/pull/12100) * [OCPBUGS-5258](https://issues.redhat.com/browse/OCPBUGS-5258): add support for version v1beta1 for knativeServing and knativeEventing [#12403](https://github.com/openshift/console/pull/12403) * [OCPBUGS-5418](https://issues.redhat.com/browse/OCPBUGS-5418): Add DevSandbox specific telemetry config (to allow these cluster to enforce cluster type and opt-out) [#12413](https://github.com/openshift/console/pull/12413) * [Full changelog](https://github.com/openshift/console/compare/74ace977d5137de749295292e7d6a6ab2a17b664...71da8a5d97fff0e6c6bf78356ff21e12246b8266) ### [console-operator](https://github.com/openshift/console-operator/tree/488fe1393f90ed89881fb4963e957e3603e6d778) * [OCPBUGS-18424](https://issues.redhat.com/browse/OCPBUGS-18424): Add missing watch permission for helm-chartrepos-viewers [#804](https://github.com/openshift/console-operator/pull/804) * [OCPBUGS-11343](https://issues.redhat.com/browse/OCPBUGS-11343): Distinguish between route conditions and remove the old ones [#745](https://github.com/openshift/console-operator/pull/745) * [OCPBUGS-11969](https://issues.redhat.com/browse/OCPBUGS-11969): Changing field on any of routes in the openshift-console namespace wont trigger sync loop [#753](https://github.com/openshift/console-operator/pull/753) * [OCPBUGS-5518](https://issues.redhat.com/browse/OCPBUGS-5518): Deleting downloads deployment should not fail if already deleted [#715](https://github.com/openshift/console-operator/pull/715) * [Bug 1770297](https://bugzilla.redhat.com/show_bug.cgi?id=1770297): State that odo is comunity supported [#700](https://github.com/openshift/console-operator/pull/700) * [Full changelog](https://github.com/openshift/console-operator/compare/2161b0cfbb0ebf7b7b5f79d5a7fd9568c299612a...488fe1393f90ed89881fb4963e957e3603e6d778) ### [container-networking-plugins](https://github.com/openshift/containernetworking-plugins/tree/1addd7c74290115ec4071de171f5069a17633153) * [OCPBUGS-20592](https://issues.redhat.com/browse/OCPBUGS-20592): build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 [backport 4.11] [#132](https://github.com/openshift/containernetworking-plugins/pull/132) * [Full changelog](https://github.com/openshift/containernetworking-plugins/compare/0ad9da648b87c8ad866264ab5129ef88790f62d2...1addd7c74290115ec4071de171f5069a17633153) ### [coredns](https://github.com/openshift/coredns/tree/e195fdd7d4c05474aeb2786a3909e00ba7be60b8) * [OCPBUGS-20359](https://issues.redhat.com/browse/OCPBUGS-20359): UPSTREAM: <carry>: openshift: Fix OCPBUGS-20359 [#99](https://github.com/openshift/coredns/pull/99) * [OCPBUGS-21009](https://issues.redhat.com/browse/OCPBUGS-21009): UPSTREAM: <carry>: openshift: Address CVE-2023-39325 [#104](https://github.com/openshift/coredns/pull/104) * [Full changelog](https://github.com/openshift/coredns/compare/227d72792347fcec2e2f1c14a44ea7eee4f97054...e195fdd7d4c05474aeb2786a3909e00ba7be60b8) ### [csi-driver-manila, openstack-cinder-csi-driver, openstack-cloud-controller-manager](https://github.com/openshift/cloud-provider-openstack/tree/f985eeeb426c803a2a1d8e14e6b703ccc7114309) * [OCPBUGS-21216](https://issues.redhat.com/browse/OCPBUGS-21216): Upgrade dependencies [#243](https://github.com/openshift/cloud-provider-openstack/pull/243) * [OCPBUGS-20576](https://issues.redhat.com/browse/OCPBUGS-20576): [release-4.11] CARRY: Add DOWNSTREAM_OWNERS [#230](https://github.com/openshift/cloud-provider-openstack/pull/230) * [OCPBUGS-6684](https://issues.redhat.com/browse/OCPBUGS-6684): Merge https://github.com/kubernetes/cloud-provider-openstack:release-1.24 into release-4.11 [#176](https://github.com/openshift/cloud-provider-openstack/pull/176) * [OCPBUGS-6046](https://issues.redhat.com/browse/OCPBUGS-6046): Merge https://github.com/kubernetes/cloud-provider-openstack:release-1.24 into release-4.11 [#166](https://github.com/openshift/cloud-provider-openstack/pull/166) * [Full changelog](https://github.com/openshift/cloud-provider-openstack/compare/246ae15ed9faaffbc909271f5c119c5a25159425...f985eeeb426c803a2a1d8e14e6b703ccc7114309) ### [csi-driver-manila-operator](https://github.com/openshift/csi-driver-manila-operator/tree/d3cb2f5c7f5fdbad0657b05dd11f8558a4c4abe7) * [OCPBUGS-18418](https://issues.redhat.com/browse/OCPBUGS-18418): set TLS cipher suites in Kube RBAC sidecars [#200](https://github.com/openshift/csi-driver-manila-operator/pull/200) * [OCPBUGS-18782](https://issues.redhat.com/browse/OCPBUGS-18782): Don't cache OpenStack client [#203](https://github.com/openshift/csi-driver-manila-operator/pull/203) * [OCPBUGS-8067](https://issues.redhat.com/browse/OCPBUGS-8067): Fix SCC admission failure race during initial deployment [#188](https://github.com/openshift/csi-driver-manila-operator/pull/188) * [OCPBUGS-10605](https://issues.redhat.com/browse/OCPBUGS-10605): Bump go.mongodb.org/mongo-driver to v1.5.1 [#177](https://github.com/openshift/csi-driver-manila-operator/pull/177) * [OCPBUGS-7278](https://issues.redhat.com/browse/OCPBUGS-7278): Address CVE-2022-41717 [#168](https://github.com/openshift/csi-driver-manila-operator/pull/168) * [Full changelog](https://github.com/openshift/csi-driver-manila-operator/compare/12cb253a2a490f6bc12993ff5f63f2598a1ba18a...d3cb2f5c7f5fdbad0657b05dd11f8558a4c4abe7) ### [csi-driver-shared-resource, csi-driver-shared-resource-webhook](https://github.com/openshift/csi-driver-shared-resource/tree/c53236512eb9747c8969e466deeba4e9c615f91c) * [OCPBUGS-28954](https://issues.redhat.com/browse/OCPBUGS-28954): Replace 'coreydaley' with 'sayan-biswas' in OWNERS file [#170](https://github.com/openshift/csi-driver-shared-resource/pull/170) * [OCPBUGS-23123](https://issues.redhat.com/browse/OCPBUGS-23123): Should reference configmaps instead of secrets [#155](https://github.com/openshift/csi-driver-shared-resource/pull/155) * [OCPBUGS-20690](https://issues.redhat.com/browse/OCPBUGS-20690): bump golang.org/x/net to v0.17.0 [#149](https://github.com/openshift/csi-driver-shared-resource/pull/149) * [Full changelog](https://github.com/openshift/csi-driver-shared-resource/compare/3f69f2f23fc179f8b29126dfca8b5a52f969c656...c53236512eb9747c8969e466deeba4e9c615f91c) ### [csi-driver-shared-resource-operator](https://github.com/openshift/csi-driver-shared-resource-operator/tree/cef0485335717f66460da9e7216a431ef3bb722c) * [OCPBUGS-28960](https://issues.redhat.com/browse/OCPBUGS-28960): Replace 'coreydaley' with 'sayan-biswas' in OWNERS file [#106](https://github.com/openshift/csi-driver-shared-resource-operator/pull/106) * [OCPBUGS-20768](https://issues.redhat.com/browse/OCPBUGS-20768): bump golang.org/x/net to v0.17.0 [#89](https://github.com/openshift/csi-driver-shared-resource-operator/pull/89) * [Full changelog](https://github.com/openshift/csi-driver-shared-resource-operator/compare/d3985eb1fe6e6ae8199103a990ff0853055a7d72...cef0485335717f66460da9e7216a431ef3bb722c) ### [csi-external-attacher](https://github.com/openshift/csi-external-attacher/tree/1e15b60167c2fc326dc81f3d23a9f47852f0f858) * [OCPBUGS-21119](https://issues.redhat.com/browse/OCPBUGS-21119): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#63](https://github.com/openshift/csi-external-attacher/pull/63) * [Full changelog](https://github.com/openshift/csi-external-attacher/compare/da5442f11eaacda8c5840e9cd2fa995bb35b0480...1e15b60167c2fc326dc81f3d23a9f47852f0f858) ### [csi-external-provisioner](https://github.com/openshift/csi-external-provisioner/tree/7729f3835e2a1a68953bb9f9265e2e89e7d04184) * [OCPBUGS-20727](https://issues.redhat.com/browse/OCPBUGS-20727): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#75](https://github.com/openshift/csi-external-provisioner/pull/75) * [Full changelog](https://github.com/openshift/csi-external-provisioner/compare/86277ec2a03307ac6549d09c1aa77b775a4ba7f0...7729f3835e2a1a68953bb9f9265e2e89e7d04184) ### [csi-external-resizer](https://github.com/openshift/csi-external-resizer/tree/15ef7669ad93f1c70c6916d5e07f86cdd9fa167e) * [OCPBUGS-20865](https://issues.redhat.com/browse/OCPBUGS-20865): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#150](https://github.com/openshift/csi-external-resizer/pull/150) * [Full changelog](https://github.com/openshift/csi-external-resizer/compare/2cea576d12c3e5581cedb5c1507611639ab399fc...15ef7669ad93f1c70c6916d5e07f86cdd9fa167e) ### [csi-external-snapshotter, csi-snapshot-controller, csi-snapshot-validation-webhook](https://github.com/openshift/csi-external-snapshotter/tree/54d2f3dc5227bbaaf0c76e256dc49f4d58cfb33c) * [OCPBUGS-20971](https://issues.redhat.com/browse/OCPBUGS-20971): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#112](https://github.com/openshift/csi-external-snapshotter/pull/112) * [Full changelog](https://github.com/openshift/csi-external-snapshotter/compare/0afdf7314a60d9ec65630ab8513ef9f5cbfaab0a...54d2f3dc5227bbaaf0c76e256dc49f4d58cfb33c) ### [csi-livenessprobe](https://github.com/openshift/csi-livenessprobe/tree/d8ed786f0e3ee68f51c82701e0f1918614fc6c41) * [OCPBUGS-20625](https://issues.redhat.com/browse/OCPBUGS-20625): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#53](https://github.com/openshift/csi-livenessprobe/pull/53) * [OCPBUGS-13820](https://issues.redhat.com/browse/OCPBUGS-13820): Bump gRPC from 1.38.0 to 1.49.0 [#42](https://github.com/openshift/csi-livenessprobe/pull/42) * [Full changelog](https://github.com/openshift/csi-livenessprobe/compare/7319607cea791ab692ad332445cec670e6dcd876...d8ed786f0e3ee68f51c82701e0f1918614fc6c41) ### [csi-node-driver-registrar](https://github.com/openshift/csi-node-driver-registrar/tree/d5100c1d61be6cdc84a55730a0d86ed6f177c85e) * [OCPBUGS-20657](https://issues.redhat.com/browse/OCPBUGS-20657): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#55](https://github.com/openshift/csi-node-driver-registrar/pull/55) * [Full changelog](https://github.com/openshift/csi-node-driver-registrar/compare/710109c8778ea400ca37042797b8382d00dad10e...d5100c1d61be6cdc84a55730a0d86ed6f177c85e) ### [docker-builder](https://github.com/openshift/builder/tree/f3147a0c11eb471ee57a0bd4f56ddf06521726e1) * [OCPBUGS-23041](https://issues.redhat.com/browse/OCPBUGS-23041): Add -p flag to cp command to preserve timestamps [#373](https://github.com/openshift/builder/pull/373) * [OCPBUGS-20685](https://issues.redhat.com/browse/OCPBUGS-20685): [release-4.11] Bump golang.org/x/net [#365](https://github.com/openshift/builder/pull/365) * [OCPBUGS-15645](https://issues.redhat.com/browse/OCPBUGS-15645): Add the git-lfs package [#354](https://github.com/openshift/builder/pull/354) * [OCPBUGS-11401](https://issues.redhat.com/browse/OCPBUGS-11401): manage-dockerfile: use the original form of HEALTHCHECK [#339](https://github.com/openshift/builder/pull/339) * [Full changelog](https://github.com/openshift/builder/compare/09e95c1c65eba1323f5d34ebefe6eb2609b18e11...f3147a0c11eb471ee57a0bd4f56ddf06521726e1) ### [docker-registry](https://github.com/openshift/image-registry/tree/431737b34e0ee40bab77b6d6f0e67e2c57fa7e08) * [OCPBUGS-18302](https://issues.redhat.com/browse/OCPBUGS-18302): bump docker-distribution [#384](https://github.com/openshift/image-registry/pull/384) * [OCPBUGS-11366](https://issues.redhat.com/browse/OCPBUGS-11366): bump docker-distribution [#367](https://github.com/openshift/image-registry/pull/367) * [OCPBUGS-9921](https://issues.redhat.com/browse/OCPBUGS-9921): bump aws-sdk-go [#364](https://github.com/openshift/image-registry/pull/364) * [Full changelog](https://github.com/openshift/image-registry/compare/247ec2e398763f2d95613f18666ad42a5b0f5e15...431737b34e0ee40bab77b6d6f0e67e2c57fa7e08) ### [driver-toolkit](https://github.com/openshift/driver-toolkit/tree/28589b0a149df1fa10b2759fff13b1885d0dfa14) * Adding rpm-build to the Dockerfile (#119) [#119](https://github.com/openshift/driver-toolkit/pull/119) * [Full changelog](https://github.com/openshift/driver-toolkit/compare/13ccef8780beaa079803888088e77bed20898835...28589b0a149df1fa10b2759fff13b1885d0dfa14) ### [etcd](https://github.com/openshift/etcd/tree/e73305f67d109e401acfb86f099065e3a5797c5c) * [OCPBUGS-27105](https://issues.redhat.com/browse/OCPBUGS-27105): Rebase etcd 3.5.11 openshift 4.11 [#241](https://github.com/openshift/etcd/pull/241) * [OCPBUGS-21173](https://issues.redhat.com/browse/OCPBUGS-21173): [4.11] Carrying fixes for CVE-2023-44487 [#229](https://github.com/openshift/etcd/pull/229) * [OCPBUGS-16791](https://issues.redhat.com/browse/OCPBUGS-16791): [4.11] Rebase openshift/etcd to 3.5.9 [#210](https://github.com/openshift/etcd/pull/210) * Update owners [#186](https://github.com/openshift/etcd/pull/186) * Updating ose-etcd images to be consistent with ART [#158](https://github.com/openshift/etcd/pull/158) * [OCPBUGS-5876](https://issues.redhat.com/browse/OCPBUGS-5876): UPSTREAM:<carry>: etcdserver: process the scenaro of the last WAL rec… [#178](https://github.com/openshift/etcd/pull/178) * [OCPBUGS-3101](https://issues.redhat.com/browse/OCPBUGS-3101): Rebase openshift/etcd 4.11 onto v3.5.6 [#170](https://github.com/openshift/etcd/pull/170) * [Full changelog](https://github.com/openshift/etcd/compare/53284bc6743964f36f869fa8db3b796f5c802137...e73305f67d109e401acfb86f099065e3a5797c5c) ### [gcp-cloud-controller-manager](https://github.com/openshift/cloud-provider-gcp/tree/51f5a82f90d254e769d3cb18e761aff903777e18) * [OCPBUGS-21261](https://issues.redhat.com/browse/OCPBUGS-21261): Bump golang.org/x/net to v0.18.0 [#45](https://github.com/openshift/cloud-provider-gcp/pull/45) * [Full changelog](https://github.com/openshift/cloud-provider-gcp/compare/a5a0048a47a79fd203f2347a6bcc99a360d356b7...51f5a82f90d254e769d3cb18e761aff903777e18) ### [gcp-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-gcp/tree/09063c1edef1f7f50fa3a3d12639f2471372622e) * [OCPBUGS-21358](https://issues.redhat.com/browse/OCPBUGS-21358): UPSTREAM: <carry>: bump golang.org/x/net to v0.17.0 [#206](https://github.com/openshift/cluster-api-provider-gcp/pull/206) * [Full changelog](https://github.com/openshift/cluster-api-provider-gcp/compare/ff20dda81d59a00036901661942be56d2b2bfa61...09063c1edef1f7f50fa3a3d12639f2471372622e) ### [gcp-machine-controllers](https://github.com/openshift/machine-api-provider-gcp/tree/e7ff9c41c80344d8c9dcf56b17afac5fa2506826) * [OCPBUGS-20813](https://issues.redhat.com/browse/OCPBUGS-20813): Bump x/net package to v0.18.0 [#70](https://github.com/openshift/machine-api-provider-gcp/pull/70) * [Full changelog](https://github.com/openshift/machine-api-provider-gcp/compare/9363d87de998726d9f8081463f8b2bd9267ad71d...e7ff9c41c80344d8c9dcf56b17afac5fa2506826) ### [gcp-pd-csi-driver](https://github.com/openshift/gcp-pd-csi-driver/tree/86fbfaebf646bf4ef2cab54e70c770d8b29db0dc) * [OCPBUGS-20704](https://issues.redhat.com/browse/OCPBUGS-20704): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#48](https://github.com/openshift/gcp-pd-csi-driver/pull/48) * [OCPBUGS-11000](https://issues.redhat.com/browse/OCPBUGS-11000): UPSTREAM: 988: Simplify node backoff logic [#34](https://github.com/openshift/gcp-pd-csi-driver/pull/34) * [Full changelog](https://github.com/openshift/gcp-pd-csi-driver/compare/f9d7fdce42b5ae816d4e8af7e47422b4588828a8...86fbfaebf646bf4ef2cab54e70c770d8b29db0dc) ### [gcp-pd-csi-driver-operator](https://github.com/openshift/gcp-pd-csi-driver-operator/tree/89605b14ce5e8e6c55f7eeee339c6a45186e7079) * [OCPBUGS-20788](https://issues.redhat.com/browse/OCPBUGS-20788): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#90](https://github.com/openshift/gcp-pd-csi-driver-operator/pull/90) * [OCPBUGS-18418](https://issues.redhat.com/browse/OCPBUGS-18418): set TLS cipher suites in Kube RBAC sidecars [#83](https://github.com/openshift/gcp-pd-csi-driver-operator/pull/83) * [Full changelog](https://github.com/openshift/gcp-pd-csi-driver-operator/compare/bc7bad4f6d3c1c3917adeb7151053556ccacbc8b...89605b14ce5e8e6c55f7eeee339c6a45186e7079) ### [haproxy-router](https://github.com/openshift/router/tree/60fb6ea5d782172ea2dc3eadf74b90b5e9022cc8) * [OCPBUGS-21071](https://issues.redhat.com/browse/OCPBUGS-21071): Bump golang.org/x/net to v0.17.0 to address CVE-2023-39325 [#533](https://github.com/openshift/router/pull/533) * [OCPBUGS-18474](https://issues.redhat.com/browse/OCPBUGS-18474): haproxy/template: mitigate CVE-2023-40225 [#509](https://github.com/openshift/router/pull/509) * [OCPBUGS-14456](https://issues.redhat.com/browse/OCPBUGS-14456), [OCPBUGS-14457](https://issues.redhat.com/browse/OCPBUGS-14457): Handle mTLS CRLs, and fix accidental CRL duplication [#492](https://github.com/openshift/router/pull/492) * [Full changelog](https://github.com/openshift/router/compare/601ba575b7fadc1e05e7b4e2f35a660859db9788...60fb6ea5d782172ea2dc3eadf74b90b5e9022cc8) ### [hyperkube, pod](https://github.com/openshift/kubernetes/tree/2e1e13716c780e450a311e9a73bb90cf183f1e40) * [OCPBUGS-20122](https://issues.redhat.com/browse/OCPBUGS-20122): Make kubelet set alpha.kubernetes.io/provided-node-ip unconditionally [#1796](https://github.com/openshift/kubernetes/pull/1796) * [OCPBUGS-23289](https://issues.redhat.com/browse/OCPBUGS-23289): UPSTREAM: 121881: Use golang library instead of mklink [#1804](https://github.com/openshift/kubernetes/pull/1804) * [OCPBUGS-20112](https://issues.redhat.com/browse/OCPBUGS-20112): UPSTREAM: <carry>: Do not allow nodes to set forbidden openshift labels [#1748](https://github.com/openshift/kubernetes/pull/1748) * openshift-hack: Fix sporadic 141 errors in build-rpms [#1775](https://github.com/openshift/kubernetes/pull/1775) * [OCPBUGS-21471](https://issues.redhat.com/browse/OCPBUGS-21471): [release-4.11] UPSTREAM: <carry>: [CVE-2023-39325] .: bump golang.org/x/net to v0.17.0 [#1761](https://github.com/openshift/kubernetes/pull/1761) * [OCPBUGS-18843](https://issues.redhat.com/browse/OCPBUGS-18843): UPSTREAM: <carry>: Force using host go always and use host libriaries [#1697](https://github.com/openshift/kubernetes/pull/1697) * [OCPBUGS-17189](https://issues.redhat.com/browse/OCPBUGS-17189): Update to Kubernetes 1.24.16 [#1672](https://github.com/openshift/kubernetes/pull/1672) * [OCPBUGS-8736](https://issues.redhat.com/browse/OCPBUGS-8736): UPSTREAM: <drop>: bump apiserver-library-go [#1627](https://github.com/openshift/kubernetes/pull/1627) * [OCPBUGS-15361](https://issues.redhat.com/browse/OCPBUGS-15361): Bump to k8s 1.24.15 [#1607](https://github.com/openshift/kubernetes/pull/1607) * [OCPBUGS-14746](https://issues.redhat.com/browse/OCPBUGS-14746): [release-4.11] UPSTREAM: 118383: bump cadvisor for upstream patch 3301 [#1606](https://github.com/openshift/kubernetes/pull/1606) * [OCPBUGS-13166](https://issues.redhat.com/browse/OCPBUGS-13166): Bump to k8s 1.24.14 [#1588](https://github.com/openshift/kubernetes/pull/1588) * [OCPBUGS-11314](https://issues.redhat.com/browse/OCPBUGS-11314): UPSTREAM: <carry>: Force using the go tooling from the system [#1536](https://github.com/openshift/kubernetes/pull/1536) * [OCPBUGS-11314](https://issues.redhat.com/browse/OCPBUGS-11314): Bump to k8s 1.24.12 [#1529](https://github.com/openshift/kubernetes/pull/1529) * [OCPBUGS-10215](https://issues.redhat.com/browse/OCPBUGS-10215): Fix mounted volume expansion tests [#1509](https://github.com/openshift/kubernetes/pull/1509) * [OCPBUGS-7079](https://issues.redhat.com/browse/OCPBUGS-7079): Bump to k8s 1.24.11 [#1500](https://github.com/openshift/kubernetes/pull/1500) * [OCPBUGS-6683](https://issues.redhat.com/browse/OCPBUGS-6683): add message about possibly working with restricted SCC [#1459](https://github.com/openshift/kubernetes/pull/1459) * [Bug 2117679](https://bugzilla.redhat.com/show_bug.cgi?id=2117679): UPSTREAM: 110888: feat: fix a bug thaat not all event be ignored by gc controller [#1343](https://github.com/openshift/kubernetes/pull/1343) * [OCPBUGS-1991](https://issues.redhat.com/browse/OCPBUGS-1991): UPSTREAM: 110939: don't quota events.k8s.io events by default [#1379](https://github.com/openshift/kubernetes/pull/1379) * [Full changelog](https://github.com/openshift/kubernetes/compare/56584349e9412bc46cae8fe3107cae21eb7cb69a...2e1e13716c780e450a311e9a73bb90cf183f1e40) ### [hypershift](https://github.com/openshift/hypershift/tree/da0a576c1cdd3f3d4bbd7b3540bf6ac843fa4483) * [OCPBUGS-11608](https://issues.redhat.com/browse/OCPBUGS-11608): properly reconcile with user specified changes for in proxy configuration [#2396](https://github.com/openshift/hypershift/pull/2396) * install: add flag to wait for HyperShift operator rollout [#2370](https://github.com/openshift/hypershift/pull/2370) * OCPBUGS-10823 ensure well known public domains do not get proxied on image imports [#2352](https://github.com/openshift/hypershift/pull/2352) * cherry-pick #2006 [#2028](https://github.com/openshift/hypershift/pull/2028) * [Full changelog](https://github.com/openshift/hypershift/compare/8d5f8f497ed5bf63e000e2a4ade42a1412065732...da0a576c1cdd3f3d4bbd7b3540bf6ac843fa4483) ### [ibm-cloud-controller-manager](https://github.com/openshift/cloud-provider-ibm/tree/2ee983c42ac2ca664cd72febde5b176f4c928bbb) * [OCPBUGS-21096](https://issues.redhat.com/browse/OCPBUGS-21096): Bump golang.org/x/net to v0.18.0 [#58](https://github.com/openshift/cloud-provider-ibm/pull/58) * [Full changelog](https://github.com/openshift/cloud-provider-ibm/compare/ce8369695b436d879e45abac947f8abbda783239...2ee983c42ac2ca664cd72febde5b176f4c928bbb) ### [ibm-vpc-block-csi-driver](https://github.com/openshift/ibm-vpc-block-csi-driver/tree/60cd8f0d98508e453aa590a3f926ccd38f244235) * [OCPBUGS-21194](https://issues.redhat.com/browse/OCPBUGS-21194): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#53](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/53) * [Full changelog](https://github.com/openshift/ibm-vpc-block-csi-driver/compare/65f0da2df14ac53b24145d1082b73fea7c0992cc...60cd8f0d98508e453aa590a3f926ccd38f244235) ### [ibm-vpc-block-csi-driver-operator](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/tree/2f873ffe2b02a01b4df6c466695b572bb2af82e6) * [OCPBUGS-21283](https://issues.redhat.com/browse/OCPBUGS-21283): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#84](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/84) * [Full changelog](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/compare/e4a21800565e22c070498c04e5428ba9ad202d12...2f873ffe2b02a01b4df6c466695b572bb2af82e6) ### [ibm-vpc-node-label-updater](https://github.com/openshift/ibm-vpc-node-label-updater/tree/1b1d427f533e3282f2834f016481000e9ab245b4) * [OCPBUGS-21396](https://issues.redhat.com/browse/OCPBUGS-21396): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#30](https://github.com/openshift/ibm-vpc-node-label-updater/pull/30) * [Full changelog](https://github.com/openshift/ibm-vpc-node-label-updater/compare/32e18fa73e2b05654dc5e79c652fdce4c1b7fb9d...1b1d427f533e3282f2834f016481000e9ab245b4) ### [ibmcloud-machine-controllers](https://github.com/openshift/cluster-api-provider-ibmcloud/tree/fabf1f6680853595bda32b4b26d18d4edd5fa212) * [OCPBUGS-21376](https://issues.redhat.com/browse/OCPBUGS-21376): [release-4.11] Bump golang.org/x/net to v0.18.0 [#69](https://github.com/openshift/cluster-api-provider-ibmcloud/pull/69) * [Full changelog](https://github.com/openshift/cluster-api-provider-ibmcloud/compare/3bde969f2e83ca3dc2a57ef4001a194916e7fdd9...fabf1f6680853595bda32b4b26d18d4edd5fa212) ### [insights-operator](https://github.com/openshift/insights-operator/tree/325ecc86f380b8d4f8908e3cf9103e01079b497d) * adds helm information gather (#891) [#891](https://github.com/openshift/insights-operator/pull/891) * [OCPBUGS-20715](https://issues.redhat.com/browse/OCPBUGS-20715): update dependencies (#856) [#856](https://github.com/openshift/insights-operator/pull/856) * Add cherry-pick from 4.12 (#855) [#855](https://github.com/openshift/insights-operator/pull/855) * Add workload repo image gathering (#829) [#829](https://github.com/openshift/insights-operator/pull/829) * [OCPBUGS-15459](https://issues.redhat.com/browse/OCPBUGS-15459): gather PDBs only from openshift namespaces (#804) (#806) [#804](https://github.com/openshift/insights-operator/pull/804) * [OCPBUGS-15446](https://issues.redhat.com/browse/OCPBUGS-15446): extend configmap gatherer to get gateway-mode-config (#788) (#791) (#802) [#788](https://github.com/openshift/insights-operator/pull/788) * [OCPBUGS-7872](https://issues.redhat.com/browse/OCPBUGS-7872): Collect info about monitoring pods pv (#773) [#773](https://github.com/openshift/insights-operator/pull/773) * [OCPBUGS-11818](https://issues.redhat.com/browse/OCPBUGS-11818): update the cluster transfer interval to 12h (#765) (#766) [#765](https://github.com/openshift/insights-operator/pull/765) * [OCPBUGS-6832](https://issues.redhat.com/browse/OCPBUGS-6832): feat(recent_metrics) adds openshift_apps_deploymentconfigs_strategy_total (#726) (#739) [#726](https://github.com/openshift/insights-operator/pull/726) * [OCPBUGS-6783](https://issues.redhat.com/browse/OCPBUGS-6783): Create gatherer for gathering machines. (#737) [#737](https://github.com/openshift/insights-operator/pull/737) * [OCPBUGS-3380](https://issues.redhat.com/browse/OCPBUGS-3380): fix storage/ceph path structure (#698) [#698](https://github.com/openshift/insights-operator/pull/698) * [OCPBUGS-6025](https://issues.redhat.com/browse/OCPBUGS-6025): operators gatherer - handle ingresscontroller relatedObject & simplify (#719) (#722) [#719](https://github.com/openshift/insights-operator/pull/719) * [OCPBUGS-5349](https://issues.redhat.com/browse/OCPBUGS-5349): do not periodically update Available clusteroperator co… (#718) [#718](https://github.com/openshift/insights-operator/pull/718) * [Full changelog](https://github.com/openshift/insights-operator/compare/03eff2d0dea40724fd95e3781350eaf470b1bfc9...325ecc86f380b8d4f8908e3cf9103e01079b497d) ### [ironic](https://github.com/openshift/ironic-image/tree/240777d34c88ec9a6780510307ced3d4ac96b1ba) * [OCPBUGS-13585](https://issues.redhat.com/browse/OCPBUGS-13585): Add python-flask dependency [#381](https://github.com/openshift/ironic-image/pull/381) * [OCPBUGS-14654](https://issues.redhat.com/browse/OCPBUGS-14654): Include fix to OCPBUGS-13335 in OCP 4.11. [#380](https://github.com/openshift/ironic-image/pull/380) * [OCPBUGS-13645](https://issues.redhat.com/browse/OCPBUGS-13645): Bump python-sushy [#369](https://github.com/openshift/ironic-image/pull/369) * [OCPBUGS-7565](https://issues.redhat.com/browse/OCPBUGS-7565): Adding dep on python3-werkzeug >= 2.0.3-4 [#356](https://github.com/openshift/ironic-image/pull/356) * Bug OCPBUGS-5404: Adding dosfstools and util-linux tools to ironic-image [#344](https://github.com/openshift/ironic-image/pull/344) * [OCPBUGS-4908](https://issues.redhat.com/browse/OCPBUGS-4908): Update packages versions with latest available [#336](https://github.com/openshift/ironic-image/pull/336) * [OCPBUGS-5145](https://issues.redhat.com/browse/OCPBUGS-5145): Configure Ironic iLO driver to use web server [#342](https://github.com/openshift/ironic-image/pull/342) * [Full changelog](https://github.com/openshift/ironic-image/compare/3e5d14cb60eb31d03836bca2b4e545029e401dd2...240777d34c88ec9a6780510307ced3d4ac96b1ba) ### [ironic-agent](https://github.com/openshift/ironic-agent-image/tree/1dad35c5b3844f04b81468c4ad6b33953953cdc6) * [OCPBUGS-20486](https://issues.redhat.com/browse/OCPBUGS-20486): fix eventlet regression with Python 3.6 [#93](https://github.com/openshift/ironic-agent-image/pull/93) * [OCPBUGS-11438](https://issues.redhat.com/browse/OCPBUGS-11438): Adding dep on python3-werkzeug >= 2.0.3-4 [#74](https://github.com/openshift/ironic-agent-image/pull/74) * [OCPBUGS-5099](https://issues.redhat.com/browse/OCPBUGS-5099): make coreos-installer output available in the logs [#67](https://github.com/openshift/ironic-agent-image/pull/67) * [Full changelog](https://github.com/openshift/ironic-agent-image/compare/501911577eed7db671c45b2c8fdee43a392935ba...1dad35c5b3844f04b81468c4ad6b33953953cdc6) ### [ironic-static-ip-manager](https://github.com/openshift/ironic-static-ip-manager/tree/8c8af7bec058936780626d6b5d1b44f15b88791c) * [OCPBUGS-14564](https://issues.redhat.com/browse/OCPBUGS-14564): Flush addresses on provisioning interface with global scope only [#38](https://github.com/openshift/ironic-static-ip-manager/pull/38) * [Full changelog](https://github.com/openshift/ironic-static-ip-manager/compare/84a378e035d863ab3c4ee01d2f7006e548603de3...8c8af7bec058936780626d6b5d1b44f15b88791c) ### [k8s-prometheus-adapter](https://github.com/openshift/k8s-prometheus-adapter/tree/c223902cf8f136d8e2769bf955e079ffc0064e49) * [OCPBUGS-21423](https://issues.redhat.com/browse/OCPBUGS-21423): upgrade golang.org/x/net to 0.17.0 to address CVE [#92](https://github.com/openshift/k8s-prometheus-adapter/pull/92) * [OCPBUGS-21652](https://issues.redhat.com/browse/OCPBUGS-21652): limit number of simultaneous client requests [#87](https://github.com/openshift/k8s-prometheus-adapter/pull/87) * [Full changelog](https://github.com/openshift/k8s-prometheus-adapter/compare/32fb8ea09db7f2ec9425cb646be5078e08d3ddff...c223902cf8f136d8e2769bf955e079ffc0064e49) ### [kube-proxy, sdn](https://github.com/openshift/sdn/tree/e5b34b769cb7dd359cd027b9bb19cf4988a2c5dd) * [OCPBUGS-15084](https://issues.redhat.com/browse/OCPBUGS-15084): EgressNetworkPolicy DNS resolution does not fall back to TCP [#556](https://github.com/openshift/sdn/pull/556) * [OCPBUGS-14305](https://issues.redhat.com/browse/OCPBUGS-14305): fix possible concurrent map read/write [#552](https://github.com/openshift/sdn/pull/552) * [OCPBUGS-13917](https://issues.redhat.com/browse/OCPBUGS-13917): save and delete the old egress network policy [#544](https://github.com/openshift/sdn/pull/544) * [OCPBUGS-13902](https://issues.redhat.com/browse/OCPBUGS-13902): CVE-2018-17419 ose-node-container: dns: Denial of Service (DoS) [openshift-4] [#543](https://github.com/openshift/sdn/pull/543) * [OCPBUGS-10853](https://issues.redhat.com/browse/OCPBUGS-10853): Fix race in Egress IP Tracker start [#522](https://github.com/openshift/sdn/pull/522) * [OCPBUGS-8399](https://issues.redhat.com/browse/OCPBUGS-8399): Initialize egress node monitoring struct with previous reachability status [#513](https://github.com/openshift/sdn/pull/513) * [OCPBUGS-7515](https://issues.redhat.com/browse/OCPBUGS-7515): Handle race condition to setup default vnid flows [#506](https://github.com/openshift/sdn/pull/506) * [OCPBUGS-5926](https://issues.redhat.com/browse/OCPBUGS-5926): Add node egress IP assignment resync [#492](https://github.com/openshift/sdn/pull/492) * [OCPBUGS-4607](https://issues.redhat.com/browse/OCPBUGS-4607): pass ResourceVersion:0 for kube List() calls [#479](https://github.com/openshift/sdn/pull/479) * [OCPBUGS-998](https://issues.redhat.com/browse/OCPBUGS-998): [release-4.11] NetworkPolicy: Remove stale flows that may exist due to an upgrade [#488](https://github.com/openshift/sdn/pull/488) * [OCPBUGS-2105](https://issues.redhat.com/browse/OCPBUGS-2105): fix network policy egress [#464](https://github.com/openshift/sdn/pull/464) * [Full changelog](https://github.com/openshift/sdn/compare/c6fadea09079472f42320ba7b7ca118be79344d5...e5b34b769cb7dd359cd027b9bb19cf4988a2c5dd) ### [kube-rbac-proxy](https://github.com/openshift/kube-rbac-proxy/tree/c04896cdf9288341c9f88051a2744ca192300182) * [OCPBUGS-20676](https://issues.redhat.com/browse/OCPBUGS-20676): v4.11 CVE 44487 [#86](https://github.com/openshift/kube-rbac-proxy/pull/86) * [Full changelog](https://github.com/openshift/kube-rbac-proxy/compare/a805ba5e7ee18497af06404b85486804d0edf4c4...c04896cdf9288341c9f88051a2744ca192300182) ### [kube-state-metrics](https://github.com/openshift/kube-state-metrics/tree/7d0ca88aaf60227733ea06152114b623c5574779) * [OCPBUGS-20746](https://issues.redhat.com/browse/OCPBUGS-20746): bump x/net to v0.17.0 [#99](https://github.com/openshift/kube-state-metrics/pull/99) * [Full changelog](https://github.com/openshift/kube-state-metrics/compare/8dc2dc0b897ff81a9dee8c1288c943dbb8ad5cce...7d0ca88aaf60227733ea06152114b623c5574779) ### [kuryr-cni, kuryr-controller](https://github.com/openshift/kuryr-kubernetes/tree/c7326997276f4fb2bf78d0454d076795c2cfb645) * [OCPBUGS-14931](https://issues.redhat.com/browse/OCPBUGS-14931): KuryrPort cleanup: Fix issue of subport not found [#733](https://github.com/openshift/kuryr-kubernetes/pull/733) * Bug OCPBUGS-13428: Fix ValueError when Pod has no IP address [#727](https://github.com/openshift/kuryr-kubernetes/pull/727) * [OCPBUGS-12840](https://issues.redhat.com/browse/OCPBUGS-12840): Fix VIF revert on KuryrPort status update error [#725](https://github.com/openshift/kuryr-kubernetes/pull/725) * [Full changelog](https://github.com/openshift/kuryr-kubernetes/compare/93daed6bc4e8e4e59f1e609a493daad1a2d0d1ec...c7326997276f4fb2bf78d0454d076795c2cfb645) ### [machine-api-operator](https://github.com/openshift/machine-api-operator/tree/b00c052468ea0ea410494d615b2b46ab8733afd0) * [OCPBUGS-25304](https://issues.redhat.com/browse/OCPBUGS-25304): Update Reference URL [#1198](https://github.com/openshift/machine-api-operator/pull/1198) * [OCPBUGS-21490](https://issues.redhat.com/browse/OCPBUGS-21490): Bump golang.org/x/net to v0.18.0 [#1177](https://github.com/openshift/machine-api-operator/pull/1177) * [OCPBUGS-10719](https://issues.redhat.com/browse/OCPBUGS-10719): [release-4.11] - manual cp #1057 - machines stuck in provisioned or provisioning [#1141](https://github.com/openshift/machine-api-operator/pull/1141) * [OCPBUGS-11326](https://issues.redhat.com/browse/OCPBUGS-11326): Fix empty component version [#1133](https://github.com/openshift/machine-api-operator/pull/1133) * [OCPBUGS-10901](https://issues.redhat.com/browse/OCPBUGS-10901): Block machine deletion if extra disks are attached [#1131](https://github.com/openshift/machine-api-operator/pull/1131) * [OCPBUGS-8311](https://issues.redhat.com/browse/OCPBUGS-8311): Short circuit misfiring [#1124](https://github.com/openshift/machine-api-operator/pull/1124) * [OCPBUGS-8257](https://issues.redhat.com/browse/OCPBUGS-8257): Append annotations from machine template spec to the node [#1123](https://github.com/openshift/machine-api-operator/pull/1123) * [Full changelog](https://github.com/openshift/machine-api-operator/compare/f17d3d412280a9636bfc0e2ee4d611485f087522...b00c052468ea0ea410494d615b2b46ab8733afd0) ### [machine-config-operator](https://github.com/openshift/machine-config-operator/tree/15d0b0288a4330b90ac89f14c781dfa7349af52c) * [OCPBUGS-21016](https://issues.redhat.com/browse/OCPBUGS-21016): vendor: unpin deps and update library-go, container and kube deps [#4019](https://github.com/openshift/machine-config-operator/pull/4019) * [OCPBUGS-21995](https://issues.redhat.com/browse/OCPBUGS-21995): Prevent NM from unsetting the hostname [#3989](https://github.com/openshift/machine-config-operator/pull/3989) * [OCPBUGS-18075](https://issues.redhat.com/browse/OCPBUGS-18075): Agent-based install process the container machine-config-controller will be oom [#3882](https://github.com/openshift/machine-config-operator/pull/3882) * [OCPBUGS-11556](https://issues.redhat.com/browse/OCPBUGS-11556): Prevent possible split-brain scenario with keepalived unicast [#3667](https://github.com/openshift/machine-config-operator/pull/3667) * [OCPBUGS-11283](https://issues.redhat.com/browse/OCPBUGS-11283): Wrap podman commands in a while loop [#3657](https://github.com/openshift/machine-config-operator/pull/3657) * [OCPBUGS-9986](https://issues.redhat.com/browse/OCPBUGS-9986): configure-ovs: fix mtu-migration cleanup [#3607](https://github.com/openshift/machine-config-operator/pull/3607) * [OCPBUGS-10425](https://issues.redhat.com/browse/OCPBUGS-10425): Remove hard requirement for the afterburn from early-running aws-related services [#3615](https://github.com/openshift/machine-config-operator/pull/3615) * [OCPBUGS-8260](https://issues.redhat.com/browse/OCPBUGS-8260): [release-4.11] backport cleanupDuplicateMC [#3577](https://github.com/openshift/machine-config-operator/pull/3577) * [OCPBUGS-6002](https://issues.redhat.com/browse/OCPBUGS-6002): There are not enough logs in case "oc extract" is stuck in mco first boot in mco first boot [#3497](https://github.com/openshift/machine-config-operator/pull/3497) * [OCPBUGS-5694](https://issues.redhat.com/browse/OCPBUGS-5694): 4.11 - remove goutils from dependency tree [#3499](https://github.com/openshift/machine-config-operator/pull/3499) * [OCPBUGS-3507](https://issues.redhat.com/browse/OCPBUGS-3507): On-prem: Ensure resolv-prepender respects NM dispatcher timeout [#3422](https://github.com/openshift/machine-config-operator/pull/3422) * [OCPBUGS-6622](https://issues.redhat.com/browse/OCPBUGS-6622): controller: don't render new MC until base MCs update [#3511](https://github.com/openshift/machine-config-operator/pull/3511) * [OCPBUGS-4945](https://issues.redhat.com/browse/OCPBUGS-4945): Do not allow empty system reserved values [#3459](https://github.com/openshift/machine-config-operator/pull/3459) * [Full changelog](https://github.com/openshift/machine-config-operator/compare/92012a837e2ed0ed3c9e61c715579ac82ad0a464...15d0b0288a4330b90ac89f14c781dfa7349af52c) ### [machine-image-customization-controller](https://github.com/openshift/image-customization-controller/tree/30f98fdb5341d13f33c264faae0910af74424265) * [OCPBUGS-21528](https://issues.redhat.com/browse/OCPBUGS-21528): Uplift x/net to v0.17.0 [#107](https://github.com/openshift/image-customization-controller/pull/107) * [OCPBUGS-19424](https://issues.redhat.com/browse/OCPBUGS-19424): Watch networkData Secrets for changes [#100](https://github.com/openshift/image-customization-controller/pull/100) * [OCPBUGS-5652](https://issues.redhat.com/browse/OCPBUGS-5652): Update dependencies and explicit go 1.18 usage [#77](https://github.com/openshift/image-customization-controller/pull/77) * [Full changelog](https://github.com/openshift/image-customization-controller/compare/1c9e8a1efc92ad6457e00b0262adecd93ed3961c...30f98fdb5341d13f33c264faae0910af74424265) ### [multus-admission-controller](https://github.com/openshift/multus-admission-controller/tree/dbbd93bebf0fe24394ea26588c5e02de7d575764) * [OCPBUGS-21309](https://issues.redhat.com/browse/OCPBUGS-21309): Update go.mod for CVE-2023-39325 [Release-4.11] [#74](https://github.com/openshift/multus-admission-controller/pull/74) * Updating ose-multus-admission-controller images to be consistent with ART [#63](https://github.com/openshift/multus-admission-controller/pull/63) * [OCPBUGS-9784](https://issues.redhat.com/browse/OCPBUGS-9784): Client golang [backport 4.11] [#60](https://github.com/openshift/multus-admission-controller/pull/60) * [OCPBUGS-6176](https://issues.redhat.com/browse/OCPBUGS-6176): Configure ignored namespaces into multus-admission-controller [#56](https://github.com/openshift/multus-admission-controller/pull/56) * [Full changelog](https://github.com/openshift/multus-admission-controller/compare/f38aae4ff7f595b8c8864a550271d7651491fa9c...dbbd93bebf0fe24394ea26588c5e02de7d575764) ### [multus-cni](https://github.com/openshift/multus-cni/tree/a3dbf84666cbdabbbfbcfb63cefc98877fe67361) * [OCPBUGS-21040](https://issues.redhat.com/browse/OCPBUGS-21040): Update go.mod for CVE-2023-39325 [Release-4.11] [#197](https://github.com/openshift/multus-cni/pull/197) * Updating multus-cni images to be consistent with ART [#155](https://github.com/openshift/multus-cni/pull/155) * [OCPBUGS-9863](https://issues.redhat.com/browse/OCPBUGS-9863): Multus sync to OCP 4.11 mar-21-2023 [#152](https://github.com/openshift/multus-cni/pull/152) * [Full changelog](https://github.com/openshift/multus-cni/compare/3cc5a3acfd687808adc7c0b2acfc4b26bcfacabf...a3dbf84666cbdabbbfbcfb63cefc98877fe67361) ### [multus-networkpolicy](https://github.com/openshift/multus-networkpolicy/tree/6bc780e4f79cc1d666249da342fff1805c1121bf) * [OCPBUGS-21412](https://issues.redhat.com/browse/OCPBUGS-21412): Update go.mod for CVE-2023-39325 [Release-4.11] (#37) [#37](https://github.com/openshift/multus-networkpolicy/pull/37) * [Full changelog](https://github.com/openshift/multus-networkpolicy/compare/643fdaf6085747d7e8127f433ee5d4c729d24611...6bc780e4f79cc1d666249da342fff1805c1121bf) ### [multus-whereabouts-ipam-cni](https://github.com/openshift/whereabouts-cni/tree/7d544f9f2c44303f28dcc6dd4d5620da24907d9c) * [OCPBUGS-5954](https://issues.redhat.com/browse/OCPBUGS-5954): Denormalize IP name before checking if pod is alive [Backport 4.11] [#182](https://github.com/openshift/whereabouts-cni/pull/182) * [OCPBUGS-13241](https://issues.redhat.com/browse/OCPBUGS-13241): Added trailing 0 to ipv6 ranges that end in ":" [Backport 4.11] [#132](https://github.com/openshift/whereabouts-cni/pull/132) * [OCPBUGS-11067](https://issues.redhat.com/browse/OCPBUGS-11067): respect requested allocation range when exluding ranges [backport 4.11] [#124](https://github.com/openshift/whereabouts-cni/pull/124) * [OCPBUGS-3942](https://issues.redhat.com/browse/OCPBUGS-3942): Excluded ranges bug (#282) [#104](https://github.com/openshift/whereabouts-cni/pull/104) * [Full changelog](https://github.com/openshift/whereabouts-cni/compare/bdc15c08a928ca7ff9fa5640a0fdc2adf8c28034...7d544f9f2c44303f28dcc6dd4d5620da24907d9c) ### [network-metrics-daemon](https://github.com/openshift/network-metrics-daemon/tree/ec215698a4984fab85b29966bbdd420f1bbc58f4) * Update golang.org/x/net to v0.17.0 (#85) [#85](https://github.com/openshift/network-metrics-daemon/pull/85) * Update golang.org/x/text to 0.7.0 (#67) [#67](https://github.com/openshift/network-metrics-daemon/pull/67) * [Full changelog](https://github.com/openshift/network-metrics-daemon/compare/9482ac9af2f5ff31d5ef237dba3db9b3f5697935...ec215698a4984fab85b29966bbdd420f1bbc58f4) ### [oc-mirror](https://github.com/openshift/oc-mirror/tree/2dfc357af343e09f00eced3cd3b17127c82caf63) * [OCPBUGS-21422](https://issues.redhat.com/browse/OCPBUGS-21422): fix: CVE-2023-39325 and CVE-2023-44487 (#715) [#715](https://github.com/openshift/oc-mirror/pull/715) * changes the OWNERS file (#647) [#647](https://github.com/openshift/oc-mirror/pull/647) * fix: remove release architecture validation at the config level (#504) [#504](https://github.com/openshift/oc-mirror/pull/504) * [Full changelog](https://github.com/openshift/oc-mirror/compare/3c1c80ca6a5a22b5826c88897e7a9e5acd7c1a96...2dfc357af343e09f00eced3cd3b17127c82caf63) ### [openshift-apiserver](https://github.com/openshift/openshift-apiserver/tree/35df5a026c69f864c3ca499718256f6b2592d811) * [OCPBUGS-4340](https://issues.redhat.com/browse/OCPBUGS-4340): fix printer panic [#336](https://github.com/openshift/openshift-apiserver/pull/336) * [Full changelog](https://github.com/openshift/openshift-apiserver/compare/60c46df6ef2fd9f77e5d3cca4cbfd8e9986c5fd7...35df5a026c69f864c3ca499718256f6b2592d811) ### [openshift-controller-manager](https://github.com/openshift/openshift-controller-manager/tree/79bfbb51f113f5098a39821f1891a21ffd446434) * [OCPBUGS-23175](https://issues.redhat.com/browse/OCPBUGS-23175): [release-4.11] fix template namespace processing [#277](https://github.com/openshift/openshift-controller-manager/pull/277) * [Full changelog](https://github.com/openshift/openshift-controller-manager/compare/911da57501707c3c18ce79074bd9a6d8e332f89d...79bfbb51f113f5098a39821f1891a21ffd446434) ### [openshift-state-metrics](https://github.com/openshift/openshift-state-metrics/tree/78bc019d4b7d7a1b215711dcbeec240756a3d562) * [OCPBUGS-20691](https://issues.redhat.com/browse/OCPBUGS-20691): bump `x/net` to v0.17.0 [#105](https://github.com/openshift/openshift-state-metrics/pull/105) * [Full changelog](https://github.com/openshift/openshift-state-metrics/compare/1a7a5dcb06446039a5bc8ef3aedc07b25d58bb5d...78bc019d4b7d7a1b215711dcbeec240756a3d562) ### [openstack-cinder-csi-driver-operator](https://github.com/openshift/openstack-cinder-csi-driver-operator/tree/a6d74d7263737fda5684f54bae26b388e7cdee63) * [OCPBUGS-21553](https://issues.redhat.com/browse/OCPBUGS-21553): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#138](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/138) * [OCPBUGS-18418](https://issues.redhat.com/browse/OCPBUGS-18418): set TLS cipher suites in Kube RBAC sidecars [#131](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/131) * [Full changelog](https://github.com/openshift/openstack-cinder-csi-driver-operator/compare/df9f0367e66448b0e8736111e4d6c4f7d98eec4d...a6d74d7263737fda5684f54bae26b388e7cdee63) ### [openstack-machine-api-provider](https://github.com/openshift/machine-api-provider-openstack/tree/0446d771465fa6e03ea8ed24f1cea706d0d2b15e) * [OCPBUGS-10954](https://issues.redhat.com/browse/OCPBUGS-10954): machineset_controller: Stop caching clouds credentials [#67](https://github.com/openshift/machine-api-provider-openstack/pull/67) * [OCPBUGS-7322](https://issues.redhat.com/browse/OCPBUGS-7322): Address CVE-2022-41717 [#57](https://github.com/openshift/machine-api-provider-openstack/pull/57) * [Full changelog](https://github.com/openshift/machine-api-provider-openstack/compare/eb7e497ff47739d9289063cb864436277c6f7bc0...0446d771465fa6e03ea8ed24f1cea706d0d2b15e) ### [openstack-machine-controllers](https://github.com/openshift/cluster-api-provider-openstack/tree/4f21449a757895eebf1b21611c49a772669b11dc) * [OCPBUGS-20761](https://issues.redhat.com/browse/OCPBUGS-20761): deps: Upgrade golang.org/x/net to v0.17.0 [#278](https://github.com/openshift/cluster-api-provider-openstack/pull/278) * [Full changelog](https://github.com/openshift/cluster-api-provider-openstack/compare/38f15dbc704ea4ec65565194f27779177b4f1886...4f21449a757895eebf1b21611c49a772669b11dc) ### [operator-lifecycle-manager, operator-registry](https://github.com/openshift/operator-framework-olm/tree/5ea0428ed52bf0cae15094d7e4fb24b0953932d7) * [OCPBUGS-24618](https://issues.redhat.com/browse/OCPBUGS-24618): Update to latest k8s v0.24.x API server and enable HTTP/2 DoS mitigations [#662](https://github.com/openshift/operator-framework-olm/pull/662) * [OCPBUGS-22131](https://issues.redhat.com/browse/OCPBUGS-22131): [release-4.11] Bump golang.org/x/net to v0.17.0 [#591](https://github.com/openshift/operator-framework-olm/pull/591) * [OCPBUGS-18513](https://issues.redhat.com/browse/OCPBUGS-18513), [RHIBMCS-169](https://issues.redhat.com/browse/RHIBMCS-169): Copied csv listing backport [#560](https://github.com/openshift/operator-framework-olm/pull/560) * [OCPBUGS-16075](https://issues.redhat.com/browse/OCPBUGS-16075): fix dynamic conversion webhook [#536](https://github.com/openshift/operator-framework-olm/pull/536) * Introduce DOWNSTREAM_OWNERS file [#542](https://github.com/openshift/operator-framework-olm/pull/542) * [OCPBUGS-16126](https://issues.redhat.com/browse/OCPBUGS-16126): Catalog Pod Startup Probe Timeout [#509](https://github.com/openshift/operator-framework-olm/pull/509) * Allow cpb to be statically compiled / exempt from FIPS compliance [#513](https://github.com/openshift/operator-framework-olm/pull/513) * [OCPBUGS-12263](https://issues.redhat.com/browse/OCPBUGS-12263): cherry-pick pull request refactor FBC caching (#1051) f… [#482](https://github.com/openshift/operator-framework-olm/pull/482) * [OCPBUGS-3876](https://issues.redhat.com/browse/OCPBUGS-3876): Order an operator CR's status.Component.Refs array (#2880) [#413](https://github.com/openshift/operator-framework-olm/pull/413) * [OCPBUGS-4446](https://issues.redhat.com/browse/OCPBUGS-4446): fix service account token secret reference (#2862) [#416](https://github.com/openshift/operator-framework-olm/pull/416) * [Full changelog](https://github.com/openshift/operator-framework-olm/compare/60941887ec69e459e82398f5a523eac84b5b3996...5ea0428ed52bf0cae15094d7e4fb24b0953932d7) ### [operator-marketplace](https://github.com/operator-framework/operator-marketplace/tree/c3bae405daf605563d85fed86de0748d3b424bff) * [OCPBUGS-20937](https://issues.redhat.com/browse/OCPBUGS-20937): [release-4.11] bump golang.org/x/net to 0.17.0 [#551](https://github.com/operator-framework/operator-marketplace/pull/551) * [Full changelog](https://github.com/operator-framework/operator-marketplace/compare/c7a65336f4a37e48429bd7119ff05ce21ef03eb8...c3bae405daf605563d85fed86de0748d3b424bff) ### [ovirt-csi-driver-operator](https://github.com/openshift/ovirt-csi-driver-operator/tree/1c75c1240c4c0feda419378d6f63767cddab50df) * [OCPBUGS-18418](https://issues.redhat.com/browse/OCPBUGS-18418): set TLS cipher suites in Kube RBAC sidecars [#122](https://github.com/openshift/ovirt-csi-driver-operator/pull/122) * [Full changelog](https://github.com/openshift/ovirt-csi-driver-operator/compare/7a30e388c31d436bdf9269998896b16e7ec3aa26...1c75c1240c4c0feda419378d6f63767cddab50df) ### [ovn-kubernetes](https://github.com/openshift/ovn-kubernetes/tree/2e60df220e147198e60b63950f9bab91e68facd7) * [OCPBUGS-21762](https://issues.redhat.com/browse/OCPBUGS-21762): Update bridge flow cache when the host address changes [#1938](https://github.com/openshift/ovn-kubernetes/pull/1938) * [OCPBUGS-19911](https://issues.redhat.com/browse/OCPBUGS-19911): [release-4.11] Dockerfile: bump OVN to ovn22.12-22.12.1-18.el8fdp [#1918](https://github.com/openshift/ovn-kubernetes/pull/1918) * [OCPBUGS-19650](https://issues.redhat.com/browse/OCPBUGS-19650): Delete IGMP Groups when deleting stale chassis [#1901](https://github.com/openshift/ovn-kubernetes/pull/1901) * [OCPBUGS-12819](https://issues.redhat.com/browse/OCPBUGS-12819): Handle k8s watcher restart scenario [#1806](https://github.com/openshift/ovn-kubernetes/pull/1806) * [OCPBUGS-16691](https://issues.redhat.com/browse/OCPBUGS-16691): ovnkube-master pod failed to reconnect to ovn db due to ssl expire [#1779](https://github.com/openshift/ovn-kubernetes/pull/1779) * [OCPBUGS-15731](https://issues.redhat.com/browse/OCPBUGS-15731), [OCPBUGS-15745](https://issues.redhat.com/browse/OCPBUGS-15745): Improve syncNodes to remove stale data [#1734](https://github.com/openshift/ovn-kubernetes/pull/1734) * [OCPBUGS-15876](https://issues.redhat.com/browse/OCPBUGS-15876): Remove non-existing functions test. [#1740](https://github.com/openshift/ovn-kubernetes/pull/1740) * [OCPBUGS-16003](https://issues.redhat.com/browse/OCPBUGS-16003): Fix stale SNAT entries for completed pods [#1751](https://github.com/openshift/ovn-kubernetes/pull/1751) * [OCPBUGS-12791](https://issues.redhat.com/browse/OCPBUGS-12791): : Delete equivalent ACLs when searching by predicate. [#1666](https://github.com/openshift/ovn-kubernetes/pull/1666) * [OCPBUGS-11110](https://issues.redhat.com/browse/OCPBUGS-11110): [release-4.11] Batch potentially big transaction on egress firewall ACLs migration [#1629](https://github.com/openshift/ovn-kubernetes/pull/1629) * [OCPBUGS-10734](https://issues.redhat.com/browse/OCPBUGS-10734): Bump OVN to 22.12 and turn off neighbour response in router options. [#1599](https://github.com/openshift/ovn-kubernetes/pull/1599) * [OCPBUGS-10688](https://issues.redhat.com/browse/OCPBUGS-10688): Fix leak in service controller cache [#1598](https://github.com/openshift/ovn-kubernetes/pull/1598) * [OCPBUGS-11035](https://issues.redhat.com/browse/OCPBUGS-11035): [release-4.11] Handle Completed pods deletion [#1616](https://github.com/openshift/ovn-kubernetes/pull/1616) * [OCPBUGS-2303](https://issues.redhat.com/browse/OCPBUGS-2303): [4.11] Stale chassis are not removed [#1310](https://github.com/openshift/ovn-kubernetes/pull/1310) * [OCPBUGS-10486](https://issues.redhat.com/browse/OCPBUGS-10486): [release-4.11] node: add node healthz server for cloud load balancers [#1594](https://github.com/openshift/ovn-kubernetes/pull/1594) * [OCPBUGS-8510](https://issues.redhat.com/browse/OCPBUGS-8510): [release-4.11] Don't recreate clusterPGs and clusterRtrPGs unless needed [#1560](https://github.com/openshift/ovn-kubernetes/pull/1560) * [OCPBUGS-7858](https://issues.redhat.com/browse/OCPBUGS-7858): [release-4.11] Delete stale egress ip snat entries by node [#1543](https://github.com/openshift/ovn-kubernetes/pull/1543) * [OCPBUGS-6640](https://issues.redhat.com/browse/OCPBUGS-6640): Drop in-cluster traffic towards svcCIDR at wrong port [#1491](https://github.com/openshift/ovn-kubernetes/pull/1491) * [OCPBUGS-7319](https://issues.redhat.com/browse/OCPBUGS-7319): Bump OVN to 22.09, enable session affinity timeout [#1522](https://github.com/openshift/ovn-kubernetes/pull/1522) * [OCPBUGS-5245](https://issues.redhat.com/browse/OCPBUGS-5245): Move check_pkt_larger to gateway router ports [#1505](https://github.com/openshift/ovn-kubernetes/pull/1505) * [OCPBUGS-7010](https://issues.redhat.com/browse/OCPBUGS-7010): [release-4.11] Fix Egress FW ACL rules in dualstack mode [#1507](https://github.com/openshift/ovn-kubernetes/pull/1507) * [OCPBUGS-6813](https://issues.redhat.com/browse/OCPBUGS-6813): [release-4.11] Ensure loadbalancer cleanup doesn't fail [#1498](https://github.com/openshift/ovn-kubernetes/pull/1498) * [OCPBUGS-5928](https://issues.redhat.com/browse/OCPBUGS-5928): [release-4.11] Fix egress firewall to allow inbound connections in both gw modes [#1478](https://github.com/openshift/ovn-kubernetes/pull/1478) * [OCPBUGS-5766](https://issues.redhat.com/browse/OCPBUGS-5766): egressip: fix test data race accessing podAssignment cache [#1471](https://github.com/openshift/ovn-kubernetes/pull/1471) * [OCPBUGS-4761](https://issues.redhat.com/browse/OCPBUGS-4761): [4.11] Dockerfile: bump OVS to 2.17.0-62.el8fdp [#1438](https://github.com/openshift/ovn-kubernetes/pull/1438) * [Full changelog](https://github.com/openshift/ovn-kubernetes/compare/76ab6e39c92a1b03bc54932d4eddcc502a9968d3...2e60df220e147198e60b63950f9bab91e68facd7) ### [powervs-cloud-controller-manager](https://github.com/openshift/cloud-provider-powervs/tree/c08a0572fb47bf78646b010c5e91c1c0d30ac6df) * [OCPBUGS-24750](https://issues.redhat.com/browse/OCPBUGS-24750): UPSTREAM: <carry>: snyk code scan exclude vendor directory [#51](https://github.com/openshift/cloud-provider-powervs/pull/51) * [OCPBUGS-21242](https://issues.redhat.com/browse/OCPBUGS-21242): CVE-2023-39325 - Update net dependencies - 4.11 [#48](https://github.com/openshift/cloud-provider-powervs/pull/48) * [Full changelog](https://github.com/openshift/cloud-provider-powervs/compare/8ace6e949a4139e17ec0d9c5b7e8bfe180affca7...c08a0572fb47bf78646b010c5e91c1c0d30ac6df) ### [powervs-machine-controllers](https://github.com/openshift/machine-api-provider-powervs/tree/5dd624a2cd03fdb108338a5490c09a9b6474ef18) * [OCPBUGS-24724](https://issues.redhat.com/browse/OCPBUGS-24724): snyk code scan exclude vendor directory [#62](https://github.com/openshift/machine-api-provider-powervs/pull/62) * [OCPBUGS-21883](https://issues.redhat.com/browse/OCPBUGS-21883): CVE-2023-39325 - Bump golang.org/x/net to v0.17.0 - 4.11 [#56](https://github.com/openshift/machine-api-provider-powervs/pull/56) * [Full changelog](https://github.com/openshift/machine-api-provider-powervs/compare/76649b320ee304ef60d62dd2cc17f9689f3aca03...5dd624a2cd03fdb108338a5490c09a9b6474ef18) ### [prometheus](https://github.com/openshift/prometheus/tree/4e4243d54331efdbe2a32f7441740faa4d335acb) * [OCPBUGS-21199](https://issues.redhat.com/browse/OCPBUGS-21199): update golang.org/x/net to v0.17.0 [4.11] [#177](https://github.com/openshift/prometheus/pull/177) * [Full changelog](https://github.com/openshift/prometheus/compare/e751c61e3d18fb85fd9dfb1cd811568be6bd397d...4e4243d54331efdbe2a32f7441740faa4d335acb) ### [prometheus-alertmanager](https://github.com/openshift/prometheus-alertmanager/tree/7e3c773132f52d79c263320ce7c559349bce935b) * [OCPBUGS-21013](https://issues.redhat.com/browse/OCPBUGS-21013): Bump golang.org/x/net to v0.17.0 [#83](https://github.com/openshift/prometheus-alertmanager/pull/83) * [Full changelog](https://github.com/openshift/prometheus-alertmanager/compare/05cfc3903ea8081ef3c099f2748472496c4ee99b...7e3c773132f52d79c263320ce7c559349bce935b) ### [prometheus-config-reloader, prometheus-operator, prometheus-operator-admission-webhook](https://github.com/openshift/prometheus-operator/tree/ef9b02af91f3f5906f5a463b76e70f1318306cf9) * [OCPBUGS-20823](https://issues.redhat.com/browse/OCPBUGS-20823): Bump golang.org/x/net to v0.17.0 [#250](https://github.com/openshift/prometheus-operator/pull/250) * [OCPBUGS-7590](https://issues.redhat.com/browse/OCPBUGS-7590): Fixes ThanoRuler StatefulSet re-creation bug [#218](https://github.com/openshift/prometheus-operator/pull/218) * [Full changelog](https://github.com/openshift/prometheus-operator/compare/cb3afa25568219bcb6d17b194fe6a5d82fe5fc76...ef9b02af91f3f5906f5a463b76e70f1318306cf9) ### [prometheus-node-exporter](https://github.com/openshift/node_exporter/tree/31707a12bf07365256743ff63aef8c2695ac0cb1) * [OCPBUGS-21104](https://issues.redhat.com/browse/OCPBUGS-21104): upgrade golang.org/x/net to v0.17.0 [#137](https://github.com/openshift/node_exporter/pull/137) * [Full changelog](https://github.com/openshift/node_exporter/compare/40942c28fe65abf9c9cc097c5affd3c6a7dc80b2...31707a12bf07365256743ff63aef8c2695ac0cb1) ### [telemeter](https://github.com/openshift/telemeter/tree/f40faee6edd85acc9581382c99ae7b106bbaafc8) * [OCPBUGS-21298](https://issues.redhat.com/browse/OCPBUGS-21298): [release-4.11] fix: Bump golang.org/x/net to v0.17.0 [#488](https://github.com/openshift/telemeter/pull/488) * [Full changelog](https://github.com/openshift/telemeter/compare/b1f5dd2cdce31bcfacd9602e9b6c9a256e7fdd7d...f40faee6edd85acc9581382c99ae7b106bbaafc8) ### [tests](https://github.com/openshift/origin/tree/b34b8a2503424d03cd50b8ecd0860b380a492f4f) * [OCPBUGS-18424](https://issues.redhat.com/browse/OCPBUGS-18424): Add missing watch permission for console users [#28235](https://github.com/openshift/origin/pull/28235) * [OCPBUGS-18129](https://issues.redhat.com/browse/OCPBUGS-18129): Ignore timeout and connection refused errors during upgrade tests for 4.11 [#28247](https://github.com/openshift/origin/pull/28247) * [OCPBUGS-15942](https://issues.redhat.com/browse/OCPBUGS-15942): remove references to registry.centos.org [#28036](https://github.com/openshift/origin/pull/28036) * [OCPBUGS-15151](https://issues.redhat.com/browse/OCPBUGS-15151): Move from registry.centos.org to quay.io [#27985](https://github.com/openshift/origin/pull/27985) * [CCO-367](https://issues.redhat.com/browse/CCO-367): Allow CCO to be Upgradeable=False when credentialsMode=Manual [#27961](https://github.com/openshift/origin/pull/27961) * [OCPBUGS-12962](https://issues.redhat.com/browse/OCPBUGS-12962): Add (optional) dual-stack tests to the CNI certification test suite [#27904](https://github.com/openshift/origin/pull/27904) * [OCPBUGS-10215](https://issues.redhat.com/browse/OCPBUGS-10215): Bump(openshift/kubernetes): to get fix for resizing flake [#27796](https://github.com/openshift/origin/pull/27796) * [OCPBUGS-7727](https://issues.redhat.com/browse/OCPBUGS-7727): remove reference to old guard pods [#27735](https://github.com/openshift/origin/pull/27735) * [OCPBUGS-7319](https://issues.redhat.com/browse/OCPBUGS-7319): Unskip service session affinity tests [#27722](https://github.com/openshift/origin/pull/27722) * [OCPBUGS-6851](https://issues.redhat.com/browse/OCPBUGS-6851): [release-4.11] upgrade/adminack: guarantee one admin ack check post-upgrade [#27685](https://github.com/openshift/origin/pull/27685) * [OCPBUGS-5091](https://issues.redhat.com/browse/OCPBUGS-5091): Add Kuryr exception to "pods should successfully create sandboxes" test [#27621](https://github.com/openshift/origin/pull/27621) * [Full changelog](https://github.com/openshift/origin/compare/f61477ff79e35ffb263bc047bb70dc4e3c4611d2...b34b8a2503424d03cd50b8ecd0860b380a492f4f) ### [thanos](https://github.com/openshift/thanos/tree/45baf4b41798633ce46a944786bbea39ba8c074e) * [OCPBUGS-21109](https://issues.redhat.com/browse/OCPBUGS-21109): Bump golang.org/x/net to v0.17.0 [#127](https://github.com/openshift/thanos/pull/127) * [OCPBUGS-18299](https://issues.redhat.com/browse/OCPBUGS-18299): Update exporter-toolkit to 0.7.3 [#116](https://github.com/openshift/thanos/pull/116) * [OCPBUGS-14559](https://issues.redhat.com/browse/OCPBUGS-14559): require at least TLS 1.2 instead of 1.3 [#113](https://github.com/openshift/thanos/pull/113) * Updating thanos images to be consistent with ART [#99](https://github.com/openshift/thanos/pull/99) * [Full changelog](https://github.com/openshift/thanos/compare/f769b174108d65f161e0563b05d65607ded161ae...45baf4b41798633ce46a944786bbea39ba8c074e) ### [vsphere-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-vsphere/tree/dc8bb53005c6020143b4ff581925e1e9fdaa0078) * [OCPBUGS-21546](https://issues.redhat.com/browse/OCPBUGS-21546): bump golang.org/x/net to v0.17.0 [#25](https://github.com/openshift/cluster-api-provider-vsphere/pull/25) * [Full changelog](https://github.com/openshift/cluster-api-provider-vsphere/compare/f67d1d0237d61b9375c9005c05459954ef5c0e82...dc8bb53005c6020143b4ff581925e1e9fdaa0078) ### [vsphere-csi-driver, vsphere-csi-driver-syncer](https://github.com/openshift/vmware-vsphere-csi-driver/tree/f66027216f745565058ab288b0b9e78ea7b80485) * [OCPBUGS-21542](https://issues.redhat.com/browse/OCPBUGS-21542): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#93](https://github.com/openshift/vmware-vsphere-csi-driver/pull/93) * [OCPBUGS-7404](https://issues.redhat.com/browse/OCPBUGS-7404): fix for nil user session (#1859) [#58](https://github.com/openshift/vmware-vsphere-csi-driver/pull/58) * [Full changelog](https://github.com/openshift/vmware-vsphere-csi-driver/compare/d4721ba6c23605fcd535aa588999e17be2c3bbe5...f66027216f745565058ab288b0b9e78ea7b80485) ### [vsphere-csi-driver-operator](https://github.com/openshift/vmware-vsphere-csi-driver-operator/tree/565bbff8a2e2b44889be302cb76dbcbea4b6c849) * [OCPBUGS-21402](https://issues.redhat.com/browse/OCPBUGS-21402): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#176](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/176) * [OCPBUGS-5790](https://issues.redhat.com/browse/OCPBUGS-5790): Allow cluster to be upgraded even if using multiple datacenters [#130](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/130) * [OCPBUGS-5472](https://issues.redhat.com/browse/OCPBUGS-5472): Fix sc creation on resync [#127](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/127) * [Full changelog](https://github.com/openshift/vmware-vsphere-csi-driver-operator/compare/85df37ee6c1b4ef7ce13e864df44b7b32639a168...565bbff8a2e2b44889be302cb76dbcbea4b6c849) ### [vsphere-problem-detector](https://github.com/openshift/vsphere-problem-detector/tree/b4164c48266e43bbcccfdb65c6999a741ff7b77d) * [OCPBUGS-21569](https://issues.redhat.com/browse/OCPBUGS-21569): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#132](https://github.com/openshift/vsphere-problem-detector/pull/132) * [Full changelog](https://github.com/openshift/vsphere-problem-detector/compare/5910f330435f1c827717c2a6e9a6af3e0d9abaad...b4164c48266e43bbcccfdb65c6999a741ff7b77d)