# 4.12.53 Created: 2024-03-12 16:56:05 +0000 UTC Image Digest: `sha256:b584f5458fb946115b0cf0f1793dc9224c5e6a4567e74018f0590805a03eb523` Promoted from registry.ci.openshift.org/ocp/release:4.12.0-0.nightly-2024-03-12-093838 ## Changes from 4.12.28 ### Components * Kubernetes upgraded from 1.25.11 to 1.25.16 * Red Hat Enterprise Linux CoreOS upgraded from 412.86.202307251341-0 to 412.86.202403120448-0 ### Rebuilt images without code change * [agent-installer-api-server](https://github.com/openshift/assisted-service) git [8149b9ca](https://github.com/openshift/assisted-service/commit/8149b9ca554ae6e1d716daa9f1c4f322ad710e07) `sha256:8d64b2a23284e932b42780dae248e9ee3fee70312f5fe92bc5750ae970d7eb49` * [alibaba-machine-controllers](https://github.com/openshift/cluster-api-provider-alibaba) git [b9287c05](https://github.com/openshift/cluster-api-provider-alibaba/commit/b9287c05091424c4d21fd95454020ccc225f5bcb) `sha256:8b12b541fe94a60cb4870439cda6bc2f5d18326b0bd4bc15894471b69f88cc07` * [cluster-samples-operator](https://github.com/openshift/cluster-samples-operator) git [f1b49e34](https://github.com/openshift/cluster-samples-operator/commit/f1b49e34512d38bf908183318edd1f9f9aeef883) `sha256:efe394c3c015c7c157dbaf57bfb6579a8c7a9515197e1be4ee9a73ce63819db5` * [cluster-update-keys](https://github.com/openshift/cluster-update-keys) git [2796e173](https://github.com/openshift/cluster-update-keys/commit/2796e1732615521e818be82663058e0a3f1b3941) `sha256:c9d4cd2f4b8a45be2d64d4f026984a85fa68eaabcf650080dfb87fa95a34f06e` * [configmap-reloader](https://github.com/openshift/configmap-reload) git [e4d9170e](https://github.com/openshift/configmap-reload/commit/e4d9170e71bdf8a79e9cde94dac53575a30f46f3) `sha256:34e47f64555975c32b29f6a7b9c28dcb7d4250a368526e85a1787488cb858fde` * [csi-driver-nfs](https://github.com/openshift/csi-driver-nfs) git [d9099257](https://github.com/openshift/csi-driver-nfs/commit/d90992573acb3df6c7fbb6dbe1b215125d26fc34) `sha256:828fceb95178a1a84d2af803b241f15ce35352dd9f5b9c340b0084198bf48d53` * [driver-toolkit](https://github.com/openshift/driver-toolkit) git [6e5c04c0](https://github.com/openshift/driver-toolkit/commit/6e5c04c066a428047d1755478cf88b290d32ad8f) `sha256:30ede70b8bbf8cfb43e888a1fa5626590ac54714c03c785b79bc671da31b10c9` * [egress-router-cni](https://github.com/openshift/egress-router-cni) git [a92e4157](https://github.com/openshift/egress-router-cni/commit/a92e415791b531ca15ec84953550b71bd3534566) `sha256:5f2ed6ba16d5caa03e406c1267e988b5831bd8f15307c3562814c829d4a8ac2f` * [ibmcloud-machine-controllers](https://github.com/openshift/machine-api-provider-ibmcloud) git [31a67dac](https://github.com/openshift/machine-api-provider-ibmcloud/commit/31a67daca92c374cb4d9a87928ec8c28528a0c0e) `sha256:ee29781687200947becf2b754751c1388434a98517cade2fdf06e08f936ad1cb` * [ironic-machine-os-downloader](https://github.com/openshift/ironic-rhcos-downloader) git [c65c1f1c](https://github.com/openshift/ironic-rhcos-downloader/commit/c65c1f1c19a9b62ef5f4a857e5ce86ad6fca3d29) `sha256:9ba57ccaab50a282935d0e2f98432a3aa2b90ff0635f89c72b77fd0bba6312f9` * [ironic-static-ip-manager](https://github.com/openshift/ironic-static-ip-manager) git [a8ade8fe](https://github.com/openshift/ironic-static-ip-manager/commit/a8ade8fe60ad5fb1ab225a514ec331123b256cff) `sha256:6cf6dad1ae311ffb689ad0351ac86401880a6225414ec04b9d853f24a0d53f55` * [keepalived-ipfailover](https://github.com/openshift/images) git [7e8a0105](https://github.com/openshift/images/commit/7e8a0105eb7369f3f92ad7b2581a2efffab5b28e) `sha256:94091dcae31700c8092bbdc495117e500190aa8ff077bbe478839455fe1ad1b1` * [kube-storage-version-migrator](https://github.com/openshift/kubernetes-kube-storage-version-migrator) git [596745ce](https://github.com/openshift/kubernetes-kube-storage-version-migrator/commit/596745cec38b8401d1d906bfb9d3d78fdaeabcde) `sha256:9d41ebccc790ab1ee272d027e5217286ae0981423556e3e3042b045d8df94d17` * [kubevirt-cloud-controller-manager](https://github.com/openshift/cloud-provider-kubevirt) git [a19615cd](https://github.com/openshift/cloud-provider-kubevirt/commit/a19615cda3daf69008253d75cc848ac0ad397179) `sha256:492cb28361f93c0c1bbec41ca8b0a5067e30982a5e7fd377068e75c763fb0606` * [kubevirt-csi-driver](https://github.com/openshift/kubevirt-csi-driver) git [f407c8a7](https://github.com/openshift/kubevirt-csi-driver/commit/f407c8a71c831a8f7911bf0b4a99bb6b16e0e0b6) `sha256:eaff4e7a52a636dc9589180b629504602613505e12c6327b64d9ff493bcee613` * [libvirt-machine-controllers](https://github.com/openshift/cluster-api-provider-libvirt) git [a2882f7a](https://github.com/openshift/cluster-api-provider-libvirt/commit/a2882f7aa56d4059a20bdc02486da905b5764062) `sha256:c5d914823c6b970eb4820c06fa690610fd21eb9497ce33e81f465a8f6a1cb32d` * machine-os-content `sha256:31e696777766e8906a9512f03f5c979c21c1da4c4ea15f91b12932d4de441dd9` * [machine-os-images](https://github.com/openshift/machine-os-images) git [566bf595](https://github.com/openshift/machine-os-images/commit/566bf59501f178bd80e410fda66cc424de6a4891) `sha256:149486c1113c983e6e48d4e0aa5fc973c6c7aab99c4a8c744a2ab77263bb94aa` * [multus-route-override-cni](https://github.com/openshift/route-override-cni) git [efd6ffbb](https://github.com/openshift/route-override-cni/commit/efd6ffbb275a133196e30edfe9f241e2a3b4f0c0) `sha256:e09f37da2488ff88123a06bcd069c0a662cfe9bf7ca0ebf3676436eff690bdb0` * [network-interface-bond-cni](https://github.com/openshift/bond-cni) git [30386d6b](https://github.com/openshift/bond-cni/commit/30386d6b8d4f3b05931842b6a9b85f15c241b09a) `sha256:28b490684f196e20a3821e5d66f6f4b11a825bad54d18ab40922e3743a58ffb4` * [network-tools](https://github.com/openshift/network-tools) git [c76613c7](https://github.com/openshift/network-tools/commit/c76613c77c8785b91611bb3c4245bc34f3b14f76) `sha256:0beae059c6c774920bb81d418f78c43a942eac7332e29f195ab355fafad95ddf` * [oauth-proxy](https://github.com/openshift/oauth-proxy) git [03e5b13b](https://github.com/openshift/oauth-proxy/commit/03e5b13b8b7087dd70abfd70efb4c5b92f800a4f) `sha256:eae6aa59a704a0ec6725084334ac42b8efaf47779591efb49d2d361237ec2690` * [oauth-server](https://github.com/openshift/oauth-server) git [0f83669b](https://github.com/openshift/oauth-server/commit/0f83669be9b7caa6f82799b4bd2fd659d3b31aee) `sha256:485c73965b2fd8b5e2ace9fa46ec0dc0657b269da8ae8ecf17d3da621b428137` * [openshift-controller-manager](https://github.com/openshift/openshift-controller-manager) git [b6528f9e](https://github.com/openshift/openshift-controller-manager/commit/b6528f9ea28164af9f1ceea0e50f18116fe3c90e) `sha256:537ee55f4ff725fd88cdf5657aa17a5b23ad00b2702ff7f86a4b558854815c0d` * [ovirt-machine-controllers](https://github.com/openshift/cluster-api-provider-ovirt) git [03e8cb50](https://github.com/openshift/cluster-api-provider-ovirt/commit/03e8cb50f9ffa28b48d8aeaeb8410ab1598750d1) `sha256:7430bb99b7126ac9fe95c4f1c5ee9c56bdf2dcf7976b7cb4aaa67eabeb0a1203` * [prom-label-proxy](https://github.com/openshift/prom-label-proxy) git [b1907888](https://github.com/openshift/prom-label-proxy/commit/b1907888004888b977918cf911b189de736642b2) `sha256:ea96fd5e09ed62156ba9d872516b8b93ae6da191d6c93b981f1fd2119e28ed34` * rhel-coreos-8 `sha256:d10705021a214c338f8b7fb2fd3f1cf8af04f4ad8bee51b87d751fe8b4f361b9` * rhel-coreos-8-extensions `sha256:e0b87cc2f53412d2b7af83289e9c1e4ed7e7a7c936d0ef6144550a9ff926f955` * [route-controller-manager](https://github.com/openshift/route-controller-manager) git [0f141ce9](https://github.com/openshift/route-controller-manager/commit/0f141ce9d349fb30755e3d0d7f9f196a91782957) `sha256:2c26673ab38e28885e995cdadb96e63a78ce9d6420af20cb63c0851d47fb3aca` ### [agent-installer-csr-approver, agent-installer-orchestrator](https://github.com/openshift/assisted-installer/tree/61115db06f970b8fab00f8e0beeb49d4db3ee041) * [MGMT-13586](https://issues.redhat.com/browse/MGMT-13586): Wait for ETCD Bootstrap to complete (#670) (#726) [#670](https://github.com/openshift/assisted-installer/pull/670) * [Full changelog](https://github.com/openshift/assisted-installer/compare/bb9c2fee04cd5bd1736fb1590db728643ba27ea1...61115db06f970b8fab00f8e0beeb49d4db3ee041) ### [agent-installer-node-agent](https://github.com/openshift/assisted-installer-agent/tree/a61cd6e1819f60b151bdad2efaf9afbdf453ed0d) * [OCPBUGS-23537](https://issues.redhat.com/browse/OCPBUGS-23537): backport of agent retries (#627) [#627](https://github.com/openshift/assisted-installer-agent/pull/627) * [Full changelog](https://github.com/openshift/assisted-installer-agent/compare/a7aa60002fc11c7320dd17c1681feb9956dd288f...a61cd6e1819f60b151bdad2efaf9afbdf453ed0d) ### [alibaba-cloud-controller-manager](https://github.com/openshift/cloud-provider-alibaba-cloud/tree/191c9e34c1e70cf585d78f6293f95a2b89061a48) * [OCPBUGS-21218](https://issues.redhat.com/browse/OCPBUGS-21218): Bump golang.org/x/net to v0.19.0 [#45](https://github.com/openshift/cloud-provider-alibaba-cloud/pull/45) * [Full changelog](https://github.com/openshift/cloud-provider-alibaba-cloud/compare/1959de0e3f2c3457c32fd2f545fe5ca65f12cd6c...191c9e34c1e70cf585d78f6293f95a2b89061a48) ### [alibaba-cloud-csi-driver](https://github.com/openshift/alibaba-cloud-csi-driver/tree/4d3b1125cfd3acfe3fbafa4c83543bbb89de97a2) * [OCPBUGS-21313](https://issues.redhat.com/browse/OCPBUGS-21313): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#38](https://github.com/openshift/alibaba-cloud-csi-driver/pull/38) * [Full changelog](https://github.com/openshift/alibaba-cloud-csi-driver/compare/664d8cb0a1f1263bad3797ac3cd3f910664dce8b...4d3b1125cfd3acfe3fbafa4c83543bbb89de97a2) ### [alibaba-disk-csi-driver-operator](https://github.com/openshift/alibaba-disk-csi-driver-operator/tree/99bcda8da7c9c2e4415f30b82371f0b79d527d3d) * [OCPBUGS-21404](https://issues.redhat.com/browse/OCPBUGS-21404): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#66](https://github.com/openshift/alibaba-disk-csi-driver-operator/pull/66) * [OCPBUGS-18417](https://issues.redhat.com/browse/OCPBUGS-18417): set TLS cipher suites in Kube RBAC sidecars [#58](https://github.com/openshift/alibaba-disk-csi-driver-operator/pull/58) * [Full changelog](https://github.com/openshift/alibaba-disk-csi-driver-operator/compare/e324a71cb6c48ce4944cdc8dcc96bbf5fa55ba32...99bcda8da7c9c2e4415f30b82371f0b79d527d3d) ### [apiserver-network-proxy](https://github.com/openshift/apiserver-network-proxy/tree/3362d673b054807a4974b4d600486933f7e0bd42) * [HOSTEDCP-1323](https://issues.redhat.com/browse/HOSTEDCP-1323): Merge latest code into 4.14 branch [#45](https://github.com/openshift/apiserver-network-proxy/pull/45) * [OCPBUGS-10187](https://issues.redhat.com/browse/OCPBUGS-10187): Updating ose-apiserver-network-proxy images to be consistent with ART [#30](https://github.com/openshift/apiserver-network-proxy/pull/30) * [Full changelog](https://github.com/openshift/apiserver-network-proxy/compare/61e198ca00b9426e2f7309cf2818ac74426486ff...3362d673b054807a4974b4d600486933f7e0bd42) ### [aws-cloud-controller-manager](https://github.com/openshift/cloud-provider-aws/tree/fa3185192cdd5a707f11879de370d8ca85d2f8d8) * [OCPBUGS-20722](https://issues.redhat.com/browse/OCPBUGS-20722): Update golang.org/x/net to v0.17.0 [#55](https://github.com/openshift/cloud-provider-aws/pull/55) * [Full changelog](https://github.com/openshift/cloud-provider-aws/compare/7fb891f4a534ff4f0a12a50ca3e13db8833560be...fa3185192cdd5a707f11879de370d8ca85d2f8d8) ### [aws-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-aws/tree/16156accbe3b9bcedbe39ef988170e1f644fcd75) * [OCPBUGS-20810](https://issues.redhat.com/browse/OCPBUGS-20810): bump golang.org/x/net to v0.17.0 [#483](https://github.com/openshift/cluster-api-provider-aws/pull/483) * [Full changelog](https://github.com/openshift/cluster-api-provider-aws/compare/e3a8e43349986d8a9ca99749b9289a4151f5ee1a...16156accbe3b9bcedbe39ef988170e1f644fcd75) ### [aws-ebs-csi-driver](https://github.com/openshift/aws-ebs-csi-driver/tree/722a0bacdba3235f3f5d209d0b8006180c6f8446) * [OCPBUGS-20919](https://issues.redhat.com/browse/OCPBUGS-20919): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#241](https://github.com/openshift/aws-ebs-csi-driver/pull/241) * [Full changelog](https://github.com/openshift/aws-ebs-csi-driver/compare/86fc1cd92a27b2bf1e51a88184fe534e8a202b4d...722a0bacdba3235f3f5d209d0b8006180c6f8446) ### [aws-ebs-csi-driver-operator](https://github.com/openshift/aws-ebs-csi-driver-operator/tree/0c97ef8f1171e0fc3a94b093131a89a2f225f73b) * [OCPBUGS-21018](https://issues.redhat.com/browse/OCPBUGS-21018): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#282](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/282) * [OCPBUGS-18417](https://issues.redhat.com/browse/OCPBUGS-18417): set TLS cipher suites in Kube RBAC sidecars [#265](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/265) * [Full changelog](https://github.com/openshift/aws-ebs-csi-driver-operator/compare/a76f01dbfd2d53a89e8e9b19ff41d6fc0c056c5c...0c97ef8f1171e0fc3a94b093131a89a2f225f73b) ### [aws-machine-controllers](https://github.com/openshift/machine-api-provider-aws/tree/d9412def9795e7d7d3d8c118b3d99b1eab8f1b46) * [OCPBUGS-21562](https://issues.redhat.com/browse/OCPBUGS-21562): Update golang.org/x/net to v0.17.0 [#90](https://github.com/openshift/machine-api-provider-aws/pull/90) * [Full changelog](https://github.com/openshift/machine-api-provider-aws/compare/b82e889d6eb39f72b0246175315ec0a7e5ac4126...d9412def9795e7d7d3d8c118b3d99b1eab8f1b46) ### [aws-pod-identity-webhook](https://github.com/openshift/aws-pod-identity-webhook/tree/684520730e011b5d6d9ae829dfa23fcb6dcfdd52) * [OCPBUGS-21312](https://issues.redhat.com/browse/OCPBUGS-21312): Upgrade golang/x/net for CVE-2023-39325 (4.12) [#185](https://github.com/openshift/aws-pod-identity-webhook/pull/185) * NO-ISSUE: Sync OWNERS with team members [#178](https://github.com/openshift/aws-pod-identity-webhook/pull/178) * NO-ISSUE: snyk: exclude vendor/ [#174](https://github.com/openshift/aws-pod-identity-webhook/pull/174) * [Full changelog](https://github.com/openshift/aws-pod-identity-webhook/compare/6197630be12b6a6df32f647e368e5664307fd04b...684520730e011b5d6d9ae829dfa23fcb6dcfdd52) ### [azure-cloud-controller-manager, azure-cloud-node-manager](https://github.com/openshift/cloud-provider-azure/tree/2193ccfa8575aeb0520a25b77ec963097a66cd6e) * [OCPBUGS-21401](https://issues.redhat.com/browse/OCPBUGS-21401): Bump golang.org/x/net to v0.18.0 [#95](https://github.com/openshift/cloud-provider-azure/pull/95) * [OCPBUGS-22832](https://issues.redhat.com/browse/OCPBUGS-22832): UPSTREAM: 2805: add disk lun check in AttachDisk to avoid race condition [#91](https://github.com/openshift/cloud-provider-azure/pull/91) * [OCPBUGS-17159](https://issues.redhat.com/browse/OCPBUGS-17159): Increase service idle max timeout to 100 minutes [#82](https://github.com/openshift/cloud-provider-azure/pull/82) * [Full changelog](https://github.com/openshift/cloud-provider-azure/compare/6ff1c8e52ad75cb72682b022952c174a41c1e471...2193ccfa8575aeb0520a25b77ec963097a66cd6e) ### [azure-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-azure/tree/32491247e933ad705424d5bdac0ab7770ac63789) * [OCPBUGS-21489](https://issues.redhat.com/browse/OCPBUGS-21489): bump golang.org/x/net to v0.17.0 [#289](https://github.com/openshift/cluster-api-provider-azure/pull/289) * [Full changelog](https://github.com/openshift/cluster-api-provider-azure/compare/d1d4f7700ca6c2d576fe43c988222c62545cdb00...32491247e933ad705424d5bdac0ab7770ac63789) ### [azure-disk-csi-driver](https://github.com/openshift/azure-disk-csi-driver/tree/a930c89beac514d4d98f6055bf6cfe78eeec25a5) * [OCPBUGS-22941](https://issues.redhat.com/browse/OCPBUGS-22941): UPSTREAM: 1755: fix: detach disk failure when there is throttling [#62](https://github.com/openshift/azure-disk-csi-driver/pull/62) * [OCPBUGS-22832](https://issues.redhat.com/browse/OCPBUGS-22832): UPSTREAM: 2805: add disk lun check in AttachDisk to avoid race condition [#60](https://github.com/openshift/azure-disk-csi-driver/pull/60) * [OCPBUGS-20675](https://issues.redhat.com/browse/OCPBUGS-20675): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#56](https://github.com/openshift/azure-disk-csi-driver/pull/56) * [Full changelog](https://github.com/openshift/azure-disk-csi-driver/compare/ba10578832b8389cd81373ef72bcc3749094ed27...a930c89beac514d4d98f6055bf6cfe78eeec25a5) ### [azure-disk-csi-driver-operator](https://github.com/openshift/azure-disk-csi-driver-operator/tree/988b8cc8ead51c2904c6cb75446529bfe3674ee3) * [OCPBUGS-20749](https://issues.redhat.com/browse/OCPBUGS-20749): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#103](https://github.com/openshift/azure-disk-csi-driver-operator/pull/103) * [OCPBUGS-18417](https://issues.redhat.com/browse/OCPBUGS-18417): set TLS cipher suites in Kube RBAC sidecars [#95](https://github.com/openshift/azure-disk-csi-driver-operator/pull/95) * [Full changelog](https://github.com/openshift/azure-disk-csi-driver-operator/compare/6b1d69d29271e0183885b0d27a3293579fd37e02...988b8cc8ead51c2904c6cb75446529bfe3674ee3) ### [azure-file-csi-driver](https://github.com/openshift/azure-file-csi-driver/tree/15aade4d58785b54ac732a660f1359132d27f9b9) * [OCPBUGS-20842](https://issues.redhat.com/browse/OCPBUGS-20842): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#39](https://github.com/openshift/azure-file-csi-driver/pull/39) * [Full changelog](https://github.com/openshift/azure-file-csi-driver/compare/746fab2b699a791064088a3544b8db06fbd50628...15aade4d58785b54ac732a660f1359132d27f9b9) ### [azure-file-csi-driver-operator](https://github.com/openshift/azure-file-csi-driver-operator/tree/060ba825fead5953bef544017ef4b3d0cbabe3e5) * [OCPBUGS-20946](https://issues.redhat.com/browse/OCPBUGS-20946): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#78](https://github.com/openshift/azure-file-csi-driver-operator/pull/78) * [OCPBUGS-18417](https://issues.redhat.com/browse/OCPBUGS-18417): set TLS cipher suites in Kube RBAC sidecars [#71](https://github.com/openshift/azure-file-csi-driver-operator/pull/71) * [Full changelog](https://github.com/openshift/azure-file-csi-driver-operator/compare/0a02fa02dd5623413d07c226987ac1d3181774fa...060ba825fead5953bef544017ef4b3d0cbabe3e5) ### [azure-machine-controllers](https://github.com/openshift/machine-api-provider-azure/tree/eaf8328a5e4c16a3903a29435ed9f73e80423e9e) * [OCPBUGS-24564](https://issues.redhat.com/browse/OCPBUGS-24564): Reduce cardinality [#97](https://github.com/openshift/machine-api-provider-azure/pull/97) * [OCPBUGS-20741](https://issues.redhat.com/browse/OCPBUGS-20741): Bump x/net package to v0.18.0 [#84](https://github.com/openshift/machine-api-provider-azure/pull/84) * [OCPBUGS-19549](https://issues.redhat.com/browse/OCPBUGS-19549), [OCPBUGS-22247](https://issues.redhat.com/browse/OCPBUGS-22247): Fix empty clusterName references for GenerateMachinePublicIPName [#82](https://github.com/openshift/machine-api-provider-azure/pull/82) * [OCPBUGS-17960](https://issues.redhat.com/browse/OCPBUGS-17960): Machine Actuator should not set metadata.name [#71](https://github.com/openshift/machine-api-provider-azure/pull/71) * [OCPBUGS-17221](https://issues.redhat.com/browse/OCPBUGS-17221): Add user defined Tags to NIC Azure resources [#69](https://github.com/openshift/machine-api-provider-azure/pull/69) * [Full changelog](https://github.com/openshift/machine-api-provider-azure/compare/cfb76acd1429fa8be4925cf15789f1dc62252d7f...eaf8328a5e4c16a3903a29435ed9f73e80423e9e) ### [baremetal-installer, installer, installer-artifacts](https://github.com/openshift/installer/tree/a6e1e5ae5e4f8cc9ddcd08099063139e545b8911) * [OCPBUGS-30134](https://issues.redhat.com/browse/OCPBUGS-30134): [release-4.12] bump containerd for vulnerability fix [#8091](https://github.com/openshift/installer/pull/8091) * [OCPBUGS-27454](https://issues.redhat.com/browse/OCPBUGS-27454): baremetal: correct external_http_url for v6-only BMCs [#7900](https://github.com/openshift/installer/pull/7900) * [OCPBUGS-25593](https://issues.redhat.com/browse/OCPBUGS-25593): [release-4.12] OCPBUGS-16640: Update azure cli version to 2.49.0 [#7849](https://github.com/openshift/installer/pull/7849) * [OCPBUGS-23184](https://issues.redhat.com/browse/OCPBUGS-23184): azure: validation: validate defaultMachinePlatform [#7709](https://github.com/openshift/installer/pull/7709) * [OCPBUGS-25476](https://issues.redhat.com/browse/OCPBUGS-25476): destroy: gcp: fix destroying regional disks [#7845](https://github.com/openshift/installer/pull/7845) * [OCPBUGS-23302](https://issues.redhat.com/browse/OCPBUGS-23302): images: installer: add xz to the container [#7726](https://github.com/openshift/installer/pull/7726) * [OCPBUGS-23379](https://issues.redhat.com/browse/OCPBUGS-23379): images: update govc image in upi-installer [#7739](https://github.com/openshift/installer/pull/7739) * [OCPBUGS-22116](https://issues.redhat.com/browse/OCPBUGS-22116): Add KMS encryption keys if provided [#7769](https://github.com/openshift/installer/pull/7769) * [OCPBUGS-23329](https://issues.redhat.com/browse/OCPBUGS-23329): Specify google cloud CLI to version 447.0.0 [#7731](https://github.com/openshift/installer/pull/7731) * [OCPBUGS-22933](https://issues.redhat.com/browse/OCPBUGS-22933): [release-4.12]: vsphere: fix validation of CPUS and CoresPerSocket [#7677](https://github.com/openshift/installer/pull/7677) * [OCPBUGS-13288](https://issues.redhat.com/browse/OCPBUGS-13288): use python3 for cloud sdk [#7170](https://github.com/openshift/installer/pull/7170) * [OCPBUGS-18645](https://issues.redhat.com/browse/OCPBUGS-18645): new Aws secret regions support [#7473](https://github.com/openshift/installer/pull/7473) * [OCPBUGS-22288](https://issues.redhat.com/browse/OCPBUGS-22288): Don't log password values [#7627](https://github.com/openshift/installer/pull/7627) * [OCPBUGS-18644](https://issues.redhat.com/browse/OCPBUGS-18644): terraform: aws: secret regions now support ALIAS record [#7472](https://github.com/openshift/installer/pull/7472) * [OCPBUGS-17651](https://issues.redhat.com/browse/OCPBUGS-17651): Validate that the rendevousIP is assigned to a master [#7416](https://github.com/openshift/installer/pull/7416) * [OCPBUGS-20145](https://issues.redhat.com/browse/OCPBUGS-20145): [release-4.12] Use updated ansible-core for Openstack image [#7560](https://github.com/openshift/installer/pull/7560) * [OCPBUGS-18646](https://issues.redhat.com/browse/OCPBUGS-18646): Allow destroy for C2S isolated (us-iso and us-isob) partitions [#7474](https://github.com/openshift/installer/pull/7474) * [OCPBUGS-10992](https://issues.redhat.com/browse/OCPBUGS-10992): bootstrap-pivot: skip pivot in SCOS Live ISO [#7035](https://github.com/openshift/installer/pull/7035) * [CORS-2792](https://issues.redhat.com/browse/CORS-2792): AWS Shared VPC Backport [release-4.12] [#7435](https://github.com/openshift/installer/pull/7435) * [OCPBUGS-18320](https://issues.redhat.com/browse/OCPBUGS-18320): CORS-2445: GCP: Add osImage to the install config [#7454](https://github.com/openshift/installer/pull/7454) * [OCPBUGS-17404](https://issues.redhat.com/browse/OCPBUGS-17404): backport openstack UPI for ansible 2.10 [#7399](https://github.com/openshift/installer/pull/7399) * [OCPBUGS-16778](https://issues.redhat.com/browse/OCPBUGS-16778): bump RHCOS 4.12 bootimage metadata to 412.86.202308081039-0 [#7420](https://github.com/openshift/installer/pull/7420) * [OCPBUGS-17467](https://issues.redhat.com/browse/OCPBUGS-17467): Allow override of networkType [#7406](https://github.com/openshift/installer/pull/7406) * [OCPBUGS-17174](https://issues.redhat.com/browse/OCPBUGS-17174): Set AdditionalTrustBundle in override when mirroring not enabled [#7386](https://github.com/openshift/installer/pull/7386) * [Full changelog](https://github.com/openshift/installer/compare/4c60efb2ab542cf213ed79574bc49853f057f1c2...a6e1e5ae5e4f8cc9ddcd08099063139e545b8911) ### [baremetal-machine-controllers](https://github.com/openshift/cluster-api-provider-baremetal/tree/24a47014aa42d649008687c5bd81771d6477c33c) * [OCPBUGS-21700](https://issues.redhat.com/browse/OCPBUGS-21700): Uplift x/net to v0.17.0 [#200](https://github.com/openshift/cluster-api-provider-baremetal/pull/200) * [Full changelog](https://github.com/openshift/cluster-api-provider-baremetal/compare/63dcaf1e98d673ac1c00bcb0119397c7fb1d3ef4...24a47014aa42d649008687c5bd81771d6477c33c) ### [baremetal-operator](https://github.com/openshift/baremetal-operator/tree/83283488bfa2b39c2ebde08a6cc4e36c3227263a) * [OCPBUGS-24490](https://issues.redhat.com/browse/OCPBUGS-24490): backport: Delay delete of detached hosts [#326](https://github.com/openshift/baremetal-operator/pull/326) * [OCPBUGS-23291](https://issues.redhat.com/browse/OCPBUGS-23291): hack for deploying V6-only clusters from dualstack hubs [#320](https://github.com/openshift/baremetal-operator/pull/320) * [OCPBUGS-21154](https://issues.redhat.com/browse/OCPBUGS-21154): Uplift x/net to v0.17.0 [#310](https://github.com/openshift/baremetal-operator/pull/310) * [OCPBUGS-17703](https://issues.redhat.com/browse/OCPBUGS-17703): Trigger reconcile on Secret change [#298](https://github.com/openshift/baremetal-operator/pull/298) * [OCPBUGS-17459](https://issues.redhat.com/browse/OCPBUGS-17459): Set minimum TLS version for webhook to 1.2 [#297](https://github.com/openshift/baremetal-operator/pull/297) * [Full changelog](https://github.com/openshift/baremetal-operator/compare/1b31014845f39a979180262be0ea13ab4acea507...83283488bfa2b39c2ebde08a6cc4e36c3227263a) ### [baremetal-runtimecfg](https://github.com/openshift/baremetal-runtimecfg/tree/474ed48e840fdb7bf859d769cd673b29705a7b91) * [OCPBUGS-26930](https://issues.redhat.com/browse/OCPBUGS-26930): Add .snyk file to ignore vendor and test files [#296](https://github.com/openshift/baremetal-runtimecfg/pull/296) * [OCPBUGS-20127](https://issues.redhat.com/browse/OCPBUGS-20127): Increase timeout for bootstrap kubeapi [#279](https://github.com/openshift/baremetal-runtimecfg/pull/279) * [OCPBUGS-18606](https://issues.redhat.com/browse/OCPBUGS-18606): Move haproxy firewall rule check earlier in loop [#272](https://github.com/openshift/baremetal-runtimecfg/pull/272) * [OCPBUGS-17715](https://issues.redhat.com/browse/OCPBUGS-17715): Don't render config with incomplete unicast peer list [#268](https://github.com/openshift/baremetal-runtimecfg/pull/268) * [Full changelog](https://github.com/openshift/baremetal-runtimecfg/compare/6ff3189d0cc9d1db4f0de6252a41e4031a23e941...474ed48e840fdb7bf859d769cd673b29705a7b91) ### [cli, cli-artifacts, deployer, tools](https://github.com/openshift/oc/tree/d4c9e3c75516a96850ac843d0384f4b1eb4f4957) * [OCPBUGS-25642](https://issues.redhat.com/browse/OCPBUGS-25642): Add client version in must-gather summary [#1639](https://github.com/openshift/oc/pull/1639) * [OCPBUGS-24462](https://issues.redhat.com/browse/OCPBUGS-24462): Overwrite template's namespace with the explicit one [#1618](https://github.com/openshift/oc/pull/1618) * [OCPBUGS-23222](https://issues.redhat.com/browse/OCPBUGS-23222): regeneratemco: explicitly check for PlatformStatus field [#1598](https://github.com/openshift/oc/pull/1598) * [OCPBUGS-20248](https://issues.redhat.com/browse/OCPBUGS-20248): oc process: Set original namespace if it differs [#1560](https://github.com/openshift/oc/pull/1560) * [OCPBUGS-20291](https://issues.redhat.com/browse/OCPBUGS-20291): Truncate existing files when writing from inspect [#1563](https://github.com/openshift/oc/pull/1563) * [OCPBUGS-20299](https://issues.redhat.com/browse/OCPBUGS-20299): Use quay redis image instead docker mysql [#1567](https://github.com/openshift/oc/pull/1567) * [OCPBUGS-16173](https://issues.redhat.com/browse/OCPBUGS-16173): Add tls-server-name when property exists in kubeconfig [#1507](https://github.com/openshift/oc/pull/1507) * [OCPBUGS-1283](https://issues.redhat.com/browse/OCPBUGS-1283): Bump golang.org/x dependencies [#1421](https://github.com/openshift/oc/pull/1421) * [OCPBUGS-16056](https://issues.redhat.com/browse/OCPBUGS-16056): mcs cert: account for environments that use IP directly [#1501](https://github.com/openshift/oc/pull/1501) * [Full changelog](https://github.com/openshift/oc/compare/49844f7424dd87611bf5f7caea3ec854240b6150...d4c9e3c75516a96850ac843d0384f4b1eb4f4957) ### [cloud-credential-operator](https://github.com/openshift/cloud-credential-operator/tree/c1c1417e8e9003a4289fb5a0fc9e92dc37bc2e3e) * [OCPBUGS-21348](https://issues.redhat.com/browse/OCPBUGS-21348): Upgrade golang/x/net for CVE-2023-39325 [#624](https://github.com/openshift/cloud-credential-operator/pull/624) * NO-ISSUE: snyk: exclude vendor/ [#619](https://github.com/openshift/cloud-credential-operator/pull/619) * NO-ISSUE: Removing andrew from OWNERS [#618](https://github.com/openshift/cloud-credential-operator/pull/618) * [Full changelog](https://github.com/openshift/cloud-credential-operator/compare/d4f6bcaa06269bf2745b42de240ccdf15be4de37...c1c1417e8e9003a4289fb5a0fc9e92dc37bc2e3e) ### [cloud-network-config-controller](https://github.com/openshift/cloud-network-config-controller/tree/0b191405af9a0632a09d9f857bb550c7efbba20f) * [OCPBUGS-22949](https://issues.redhat.com/browse/OCPBUGS-22949): Azure: skip backend pool if attached to an outbound rule [#128](https://github.com/openshift/cloud-network-config-controller/pull/128) * [Full changelog](https://github.com/openshift/cloud-network-config-controller/compare/d05b0abca416426868d770addd5b7f4d8b4d4541...0b191405af9a0632a09d9f857bb550c7efbba20f) ### [cluster-authentication-operator](https://github.com/openshift/cluster-authentication-operator/tree/4f7f6b1af4b674b24270e65c40728b19071ab3e3) * [OCPBUGS-20683](https://issues.redhat.com/browse/OCPBUGS-20683): CVE 2023 39325 [4.12] [#653](https://github.com/openshift/cluster-authentication-operator/pull/653) * [OCPBUGS-22689](https://issues.redhat.com/browse/OCPBUGS-22689): increase timeout for probes [#639](https://github.com/openshift/cluster-authentication-operator/pull/639) * [Full changelog](https://github.com/openshift/cluster-authentication-operator/compare/fe4212ab101ff47fc72bde475d39f30158969974...4f7f6b1af4b674b24270e65c40728b19071ab3e3) ### [cluster-autoscaler](https://github.com/openshift/kubernetes-autoscaler/tree/dd2b39d6fa6f1d139e1f34f8335215411660b9c8) * [OCPBUGS-23274](https://issues.redhat.com/browse/OCPBUGS-23274): Rebase 4.12 branch onto cluster autoscaler 1.25.3 [#267](https://github.com/openshift/kubernetes-autoscaler/pull/267) * [Full changelog](https://github.com/openshift/kubernetes-autoscaler/compare/6ab8e62b7089dabaded0de89be3a9621f92b7653...dd2b39d6fa6f1d139e1f34f8335215411660b9c8) ### [cluster-autoscaler-operator](https://github.com/openshift/cluster-autoscaler-operator/tree/67999a5e79d0200ee0a4aab3dcfbfd18e097b514) * [OCPBUGS-20754](https://issues.redhat.com/browse/OCPBUGS-20754): Bump x/net package to v0.18.0 [#300](https://github.com/openshift/cluster-autoscaler-operator/pull/300) * [Full changelog](https://github.com/openshift/cluster-autoscaler-operator/compare/8b2322559f794ffcb4580a9c11c3b5e16fc8e306...67999a5e79d0200ee0a4aab3dcfbfd18e097b514) ### [cluster-baremetal-operator](https://github.com/openshift/cluster-baremetal-operator/tree/18c92d2feec0eb2e0665fcf6e914b5f512e634f6) * [OCPBUGS-23291](https://issues.redhat.com/browse/OCPBUGS-23291): hack for deploying V6-only clusters from dualstack hubs [#389](https://github.com/openshift/cluster-baremetal-operator/pull/389) * [OCPBUGS-20845](https://issues.redhat.com/browse/OCPBUGS-20845): Uplift x/net to v0.17.0 [#371](https://github.com/openshift/cluster-baremetal-operator/pull/371) * [OCPBUGS-19557](https://issues.redhat.com/browse/OCPBUGS-19557): Guard against nil PlatformStatus [#367](https://github.com/openshift/cluster-baremetal-operator/pull/367) * [Full changelog](https://github.com/openshift/cluster-baremetal-operator/compare/19f84baecc49add23693ad80fd3f407209a9d81c...18c92d2feec0eb2e0665fcf6e914b5f512e634f6) ### [cluster-bootstrap](https://github.com/openshift/cluster-bootstrap/tree/138a1cf2b98578acb4ccf098736bdf08614d2d6a) * [OCPBUGS-14386](https://issues.redhat.com/browse/OCPBUGS-14386): Update dependencies and image [#91](https://github.com/openshift/cluster-bootstrap/pull/91) * [Full changelog](https://github.com/openshift/cluster-bootstrap/compare/c91313dbad10c43d92fe48637cefde47d4e684b2...138a1cf2b98578acb4ccf098736bdf08614d2d6a) ### [cluster-capi-controllers](https://github.com/openshift/cluster-api/tree/03d89f216e0f2c3e1b2a647b0e37d52bbfdaefee) * [OCPBUGS-21521](https://issues.redhat.com/browse/OCPBUGS-21521): bump golang.org/x/net to v0.17.0 [#186](https://github.com/openshift/cluster-api/pull/186) * [Full changelog](https://github.com/openshift/cluster-api/compare/f9c215c4f298710ccf76676395465685b5d15268...03d89f216e0f2c3e1b2a647b0e37d52bbfdaefee) ### [cluster-capi-operator](https://github.com/openshift/cluster-capi-operator/tree/60a36d8320ddfd196840a1597e61c065603778ee) * [OCPBUGS-21055](https://issues.redhat.com/browse/OCPBUGS-21055): Bump golang.org/x/net to v0.17.0 [#138](https://github.com/openshift/cluster-capi-operator/pull/138) * [Full changelog](https://github.com/openshift/cluster-capi-operator/compare/3bfe36aa9d1abbdfb11facf86a7ec6510abc390a...60a36d8320ddfd196840a1597e61c065603778ee) ### [cluster-cloud-controller-manager-operator](https://github.com/openshift/cluster-cloud-controller-manager-operator/tree/3b1f0843e2bd25fb4e39659ef47424f67ccaa727) * [OCPBUGS-21148](https://issues.redhat.com/browse/OCPBUGS-21148): Bump golang.org/x/net to v0.18.0 [#297](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/297) * [Full changelog](https://github.com/openshift/cluster-cloud-controller-manager-operator/compare/103cb2ecf326e92f9d1d8d99324d2896d28afc58...3b1f0843e2bd25fb4e39659ef47424f67ccaa727) ### [cluster-config-operator](https://github.com/openshift/cluster-config-operator/tree/92c3b10237c1ebf7ab7a0c744db3949377614e52) * [OCPBUGS-16243](https://issues.redhat.com/browse/OCPBUGS-16243): retire LatencySensitive featureset [#336](https://github.com/openshift/cluster-config-operator/pull/336) * : OCPBUGS-21245: bump library-go to include switch to HTTP/1.1 [#373](https://github.com/openshift/cluster-config-operator/pull/373) * [CORS-2794](https://issues.redhat.com/browse/CORS-2794): AWS Shared VPC API Bump [release-4.12] [#344](https://github.com/openshift/cluster-config-operator/pull/344) * [Full changelog](https://github.com/openshift/cluster-config-operator/compare/4c6e171d26cc3c302c6d6193060344456bc381a1...92c3b10237c1ebf7ab7a0c744db3949377614e52) ### [cluster-control-plane-machine-set-operator](https://github.com/openshift/cluster-control-plane-machine-set-operator/tree/b7ca2f16de7ae23b3793abee945d0453223f7aaf) * [OCPBUGS-21342](https://issues.redhat.com/browse/OCPBUGS-21342): Bump golang.org/x/net to v0.17.0 [#260](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/260) * [Full changelog](https://github.com/openshift/cluster-control-plane-machine-set-operator/compare/119d7a734d3bda3380c32b6af716ab4e16846f13...b7ca2f16de7ae23b3793abee945d0453223f7aaf) ### [cluster-csi-snapshot-controller-operator](https://github.com/openshift/cluster-csi-snapshot-controller-operator/tree/afc1c5d34086fc7522bf98af7b2d9c58bc9bd03a) * [OCPBUGS-21442](https://issues.redhat.com/browse/OCPBUGS-21442): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#169](https://github.com/openshift/cluster-csi-snapshot-controller-operator/pull/169) * [Full changelog](https://github.com/openshift/cluster-csi-snapshot-controller-operator/compare/06bd5f665f2b9e70dee288a7e55f3c5038c330ac...afc1c5d34086fc7522bf98af7b2d9c58bc9bd03a) ### [cluster-dns-operator](https://github.com/openshift/cluster-dns-operator/tree/e955534113ef9a65ad055198eab63ba7d60fbd21) * [OCPBUGS-21525](https://issues.redhat.com/browse/OCPBUGS-21525): Bump golang.org/x/net/http2 to v0.17.0 for CVE-2023-39325 in cluster-dns-operator [#391](https://github.com/openshift/cluster-dns-operator/pull/391) * [OCPBUGS-19933](https://issues.redhat.com/browse/OCPBUGS-19933): update-node-resolver.sh: Check for errors from >> [#385](https://github.com/openshift/cluster-dns-operator/pull/385) * [OCPBUGS-19933](https://issues.redhat.com/browse/OCPBUGS-19933): ensure original hosts file contents are preserved [#383](https://github.com/openshift/cluster-dns-operator/pull/383) * [OCPBUGS-15251](https://issues.redhat.com/browse/OCPBUGS-15251): Add support for protocolStrategy API field to enable force_tcp configuration [#378](https://github.com/openshift/cluster-dns-operator/pull/378) * [Full changelog](https://github.com/openshift/cluster-dns-operator/compare/1c136fe38b8cd5c0de99577d23157f884728d20b...e955534113ef9a65ad055198eab63ba7d60fbd21) ### [cluster-etcd-operator](https://github.com/openshift/cluster-etcd-operator/tree/ea5555a4551686bce78c44af004bd87191da2d0d) * [OCPBUGS-27776](https://issues.redhat.com/browse/OCPBUGS-27776): [4.13] Remove z-upgrades from UpgradeBackupController [#1185](https://github.com/openshift/cluster-etcd-operator/pull/1185) * [OCPBUGS-23151](https://issues.redhat.com/browse/OCPBUGS-23151): relax readiness to local serializable requests [#1156](https://github.com/openshift/cluster-etcd-operator/pull/1156) * [OCPBUGS-21127](https://issues.redhat.com/browse/OCPBUGS-21127): fixing CVE-2023-39325 by updating dependencies [#1148](https://github.com/openshift/cluster-etcd-operator/pull/1148) * [OCPBUGS-20100](https://issues.redhat.com/browse/OCPBUGS-20100): [4.12] Backports of backup/restore fixes [#1137](https://github.com/openshift/cluster-etcd-operator/pull/1137) * [OCPBUGS-19837](https://issues.redhat.com/browse/OCPBUGS-19837): Update staticpod file permissions to conform with CIS benchmarks [#1128](https://github.com/openshift/cluster-etcd-operator/pull/1128) * [OCPBUGS-17808](https://issues.redhat.com/browse/OCPBUGS-17808): reset snapshot default counts to avoid file already lo… [#1100](https://github.com/openshift/cluster-etcd-operator/pull/1100) * [Full changelog](https://github.com/openshift/cluster-etcd-operator/compare/c316ecad3fd151e1eefe6af82d37ad108807b23d...ea5555a4551686bce78c44af004bd87191da2d0d) ### [cluster-image-registry-operator](https://github.com/openshift/cluster-image-registry-operator/tree/0e04e37acf8ea366dd94dfadec274df06e35eb44) * [OCPBUGS-22125](https://issues.redhat.com/browse/OCPBUGS-22125): increase storage account key cache expiration [#939](https://github.com/openshift/cluster-image-registry-operator/pull/939) * [OCPBUGS-20684](https://issues.redhat.com/browse/OCPBUGS-20684): mitigate effects of rapid reset [#947](https://github.com/openshift/cluster-image-registry-operator/pull/947) * [Full changelog](https://github.com/openshift/cluster-image-registry-operator/compare/e9a895af74906435bea0bb230773a3bc1898abc6...0e04e37acf8ea366dd94dfadec274df06e35eb44) ### [cluster-ingress-operator](https://github.com/openshift/cluster-ingress-operator/tree/5e62d563730970b50de6463a035e0e033210484d) * [OCPBUGS-20765](https://issues.redhat.com/browse/OCPBUGS-20765): Bump golang.org/x/net for CVE-2023-44487 [#988](https://github.com/openshift/cluster-ingress-operator/pull/988) * [OCPBUGS-22432](https://issues.redhat.com/browse/OCPBUGS-22432): test/e2e: Don't use openshift/origin-node [#992](https://github.com/openshift/cluster-ingress-operator/pull/992) * [NE-1372](https://issues.redhat.com/browse/NE-1372): Add support for AWS shared VPC in another account #966 [#971](https://github.com/openshift/cluster-ingress-operator/pull/971) * [OCPBUGS-13049](https://issues.redhat.com/browse/OCPBUGS-13049): bump controller-runtime to fix the multi namespace cache indexing [#922](https://github.com/openshift/cluster-ingress-operator/pull/922) * [OCPBUGS-15467](https://issues.redhat.com/browse/OCPBUGS-15467): Add missing AWS permission for ListTagsForResources [#954](https://github.com/openshift/cluster-ingress-operator/pull/954) * [OCPBUGS-16620](https://issues.redhat.com/browse/OCPBUGS-16620): Deflake TestRouterCompressionOperation [#963](https://github.com/openshift/cluster-ingress-operator/pull/963) * [OCPBUGS-16621](https://issues.redhat.com/browse/OCPBUGS-16621): Fix TestClientTLS flakes [#964](https://github.com/openshift/cluster-ingress-operator/pull/964) * [Full changelog](https://github.com/openshift/cluster-ingress-operator/compare/7a507e4e92b382ec1275544458516d67fd834032...5e62d563730970b50de6463a035e0e033210484d) ### [cluster-kube-apiserver-operator](https://github.com/openshift/cluster-kube-apiserver-operator/tree/09d7ddbaba9eb5715313e716476e6a33848d045c) * [OCPBUGS-22736](https://issues.redhat.com/browse/OCPBUGS-22736): pkg/operator/configobserver: check that the serving certificate refer… [#1571](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1571) * : OCPBUGS-20855: bump library-go to include switch to HTTP/1.1 [#1574](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1574) * [OCPBUGS-19837](https://issues.redhat.com/browse/OCPBUGS-19837): Update staticpod file permissions to conform with CIS benchmarks [#1559](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1559) * [OCPBUGS-17139](https://issues.redhat.com/browse/OCPBUGS-17139): make webhook connection failure a warning in log [#1533](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1533) * [Full changelog](https://github.com/openshift/cluster-kube-apiserver-operator/compare/353171ffeb5b211e65c304e2152295036f15826c...09d7ddbaba9eb5715313e716476e6a33848d045c) ### [cluster-kube-cluster-api-operator](https://github.com/openshift/cluster-api-operator/tree/d50f7322addd997cc73a0ba8294eadb977974c3f) * [OCPBUGS-20962](https://issues.redhat.com/browse/OCPBUGS-20962): bump golang.org/x/net to v0.17.0 [#29](https://github.com/openshift/cluster-api-operator/pull/29) * [Full changelog](https://github.com/openshift/cluster-api-operator/compare/7bb05468cc7d1c0752c81ca3f9e5d8e19c966f24...d50f7322addd997cc73a0ba8294eadb977974c3f) ### [cluster-kube-controller-manager-operator](https://github.com/openshift/cluster-kube-controller-manager-operator/tree/c3c07bebb7a644fe75bccd590fa088bcccd3749a) * [OCPBUGS-27068](https://issues.redhat.com/browse/OCPBUGS-27068): bump(library-go)=release-4.12 [#789](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/789) * [OCPBUGS-21048](https://issues.redhat.com/browse/OCPBUGS-21048): Bump deps to address CVE-2023-44487 [4.12] [#759](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/759) * [OCPBUGS-19837](https://issues.redhat.com/browse/OCPBUGS-19837): Update staticpod file permissions to conform with CIS benchmarks [#754](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/754) * [Full changelog](https://github.com/openshift/cluster-kube-controller-manager-operator/compare/1c2157df6e9031bf6abb9250d2bec901608fe5b4...c3c07bebb7a644fe75bccd590fa088bcccd3749a) ### [cluster-kube-scheduler-operator](https://github.com/openshift/cluster-kube-scheduler-operator/tree/48cd96c9dc27c801beff17fa5ea8c3dac374f10d) * [OCPBUGS-27067](https://issues.redhat.com/browse/OCPBUGS-27067): bump(library-go)=release-4.12 [#529](https://github.com/openshift/cluster-kube-scheduler-operator/pull/529) * [OCPBUGS-21239](https://issues.redhat.com/browse/OCPBUGS-21239): Sync deps CVE 2023 39325 4.12 [#505](https://github.com/openshift/cluster-kube-scheduler-operator/pull/505) * [OCPBUGS-19837](https://issues.redhat.com/browse/OCPBUGS-19837): Update staticpod file permissions to conform with CIS benchmarks [#499](https://github.com/openshift/cluster-kube-scheduler-operator/pull/499) * [Full changelog](https://github.com/openshift/cluster-kube-scheduler-operator/compare/f260530473d36272959d21eb2ddfd0f7d944ea3f...48cd96c9dc27c801beff17fa5ea8c3dac374f10d) ### [cluster-kube-storage-version-migrator-operator](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/tree/1a251f4d00c050404dc313c698279da435d08c07) * : OCPBUGS-21336: bump library-go to include switch to HTTP/1.1 [#98](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/98) * [Full changelog](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/compare/12d050abd0cf37dae8973d453930bcf494a2499b...1a251f4d00c050404dc313c698279da435d08c07) ### [cluster-machine-approver](https://github.com/openshift/cluster-machine-approver/tree/7b08a4de4a08da8cdb341948e0902395eb0da961) * [OCPBUGS-23486](https://issues.redhat.com/browse/OCPBUGS-23486): Filter non node CSRs in metrics [#220](https://github.com/openshift/cluster-machine-approver/pull/220) * [OCPBUGS-21430](https://issues.redhat.com/browse/OCPBUGS-21430): Bump x/net package to v0.18.0 [#214](https://github.com/openshift/cluster-machine-approver/pull/214) * [Full changelog](https://github.com/openshift/cluster-machine-approver/compare/60081982654993534de29d224d6a42c251762420...7b08a4de4a08da8cdb341948e0902395eb0da961) ### [cluster-monitoring-operator](https://github.com/openshift/cluster-monitoring-operator/tree/60117fa0c7cf54be1dd1ea275e592ab54f85db53) * [OCPBUGS-25389](https://issues.redhat.com/browse/OCPBUGS-25389): Add RHACM telemetry metric for 4.12 [#2204](https://github.com/openshift/cluster-monitoring-operator/pull/2204) * [OCPBUGS-21441](https://issues.redhat.com/browse/OCPBUGS-21441): Set the new --disable-http2 flag for prometheus-adapter to disable HTTP2 [#2148](https://github.com/openshift/cluster-monitoring-operator/pull/2148) * [OCPBUGS-22843](https://issues.redhat.com/browse/OCPBUGS-22843): [release-4.12] add RHACS telemetry metrics [#2140](https://github.com/openshift/cluster-monitoring-operator/pull/2140) * [OCPBUGS-21234](https://issues.redhat.com/browse/OCPBUGS-21234): upgrade golang.org/x/net to v0.17.0 [#2123](https://github.com/openshift/cluster-monitoring-operator/pull/2123) * [OCPBUGS-17125](https://issues.redhat.com/browse/OCPBUGS-17125): backport metrics collection profiles selector logic to prevent users from double scraping when they upgrade from 4.12 to 4.13 [#2047](https://github.com/openshift/cluster-monitoring-operator/pull/2047) * [Full changelog](https://github.com/openshift/cluster-monitoring-operator/compare/0d0d81d892dd8da4d7ab38334de8a7a6a20e75a2...60117fa0c7cf54be1dd1ea275e592ab54f85db53) ### [cluster-network-operator](https://github.com/openshift/cluster-network-operator/tree/c1a891129c310d01b8d6940f1eefd26058c0f5b6) * [OCPBUGS-29167](https://issues.redhat.com/browse/OCPBUGS-29167): fix whereabouts conformance test failures [#2256](https://github.com/openshift/cluster-network-operator/pull/2256) * [OCPBUGS-29884](https://issues.redhat.com/browse/OCPBUGS-29884): add env var in whereabouts-reconciler daemonset [#2284](https://github.com/openshift/cluster-network-operator/pull/2284) * [OCPBUGS-29302](https://issues.redhat.com/browse/OCPBUGS-29302): Update ingressconfig_controller to use field Manager [#2268](https://github.com/openshift/cluster-network-operator/pull/2268) * [OCPBUGS-28801](https://issues.redhat.com/browse/OCPBUGS-28801): [release-4.12] Add ConfigMap mount to the whereabouts-reconciler DaemonSet [#2244](https://github.com/openshift/cluster-network-operator/pull/2244) * NO-JIRA: add kyrtapz as reviewer and approver for release 4.12 [#2230](https://github.com/openshift/cluster-network-operator/pull/2230) * [release 4.12] OCPBUGS-23025: Add maxLogFiles config for OVN-K Audit Logging [#2188](https://github.com/openshift/cluster-network-operator/pull/2188) * [OCPBUGS-24039](https://issues.redhat.com/browse/OCPBUGS-24039): remove all managed fields used by old manager [#2099](https://github.com/openshift/cluster-network-operator/pull/2099) * [OCPBUGS-21715](https://issues.redhat.com/browse/OCPBUGS-21715): Bump golang.org/x/net and github.com/openshift/library-go [#2124](https://github.com/openshift/cluster-network-operator/pull/2124) * [OCPBUGS-24571](https://issues.redhat.com/browse/OCPBUGS-24571): Disable weak SSH cipher suites [#2164](https://github.com/openshift/cluster-network-operator/pull/2164) * [OCPBUGS-25128](https://issues.redhat.com/browse/OCPBUGS-25128): Update to go 1.19 and x/net 0.8.0 [#2157](https://github.com/openshift/cluster-network-operator/pull/2157) * [OCPBUGS-23293](https://issues.redhat.com/browse/OCPBUGS-23293): IBMCloud specific: patch out management workload for dataplane component thats needed for bootstrapping [#2108](https://github.com/openshift/cluster-network-operator/pull/2108) * [OCPBUGS-20277](https://issues.redhat.com/browse/OCPBUGS-20277): Edited multus-admission-controller deployment config to not add autoount a service account token [#1884](https://github.com/openshift/cluster-network-operator/pull/1884) * [OCPBUGS-20197](https://issues.redhat.com/browse/OCPBUGS-20197): remove prestop hooks for northd, sbdbd and nbdb [#2055](https://github.com/openshift/cluster-network-operator/pull/2055) * [OCPBUGS-17656](https://issues.redhat.com/browse/OCPBUGS-17656): prevent creation of multiple cni-sysctl-allowlist-ds pods [#1948](https://github.com/openshift/cluster-network-operator/pull/1948) * [OCPBUGS-11547](https://issues.redhat.com/browse/OCPBUGS-11547): Hypershift: Add RollingUpdate parameters to multus-admission-controller [#1775](https://github.com/openshift/cluster-network-operator/pull/1775) * [Full changelog](https://github.com/openshift/cluster-network-operator/compare/f04476e2ceeb0802b89991bd4c71d0eb85b0898b...c1a891129c310d01b8d6940f1eefd26058c0f5b6) ### [cluster-node-tuning-operator](https://github.com/openshift/cluster-node-tuning-operator/tree/dd95a4d7dbf6e5188a9c260e3d331f627c124747) * Disable HTTP/2 for webhook and metrics servers (#849) [#849](https://github.com/openshift/cluster-node-tuning-operator/pull/849) * Remove obsolete protocols and weak ciphers (#847) [#847](https://github.com/openshift/cluster-node-tuning-operator/pull/847) * [OCPBUGS-21837](https://issues.redhat.com/browse/OCPBUGS-21837): nto: pao avoid timeout when there are too many CSV (#838) [#838](https://github.com/openshift/cluster-node-tuning-operator/pull/838) * Tighten the rules for modifying Tuned Profiles (#790) [#790](https://github.com/openshift/cluster-node-tuning-operator/pull/790) * [OCPBUGS-19459](https://issues.redhat.com/browse/OCPBUGS-19459): check for object being nil (#821) [#821](https://github.com/openshift/cluster-node-tuning-operator/pull/821) * [OCPBUGS-18868](https://issues.redhat.com/browse/OCPBUGS-18868): [release-4.14] e2e: add expected max latancy to hwlatdetec test & rename constant (#788) (#808) (#809) [#788](https://github.com/openshift/cluster-node-tuning-operator/pull/788) * Release leader election on manager exit (#789) [#789](https://github.com/openshift/cluster-node-tuning-operator/pull/789) * Fix a race in e2e test rollback.go code (#742) [#742](https://github.com/openshift/cluster-node-tuning-operator/pull/742) * [Full changelog](https://github.com/openshift/cluster-node-tuning-operator/compare/df809e1767c1bd2dd67c729481cf6454e7b06c96...dd95a4d7dbf6e5188a9c260e3d331f627c124747) ### [cluster-openshift-apiserver-operator](https://github.com/openshift/cluster-openshift-apiserver-operator/tree/b870fc67ef5a0e92df5e5bed1ba0cb1cf197d8c6) * [OCPBUGS-22689](https://issues.redhat.com/browse/OCPBUGS-22689): increase timeout for probes [#558](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/558) * : OCPBUGS-20694: bump library-go to include switch to HTTP/1.1 [#556](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/556) * [Full changelog](https://github.com/openshift/cluster-openshift-apiserver-operator/compare/99197928a584d45697eddbf5f652d8eb1d2ecf68...b870fc67ef5a0e92df5e5bed1ba0cb1cf197d8c6) ### [cluster-openshift-controller-manager-operator](https://github.com/openshift/cluster-openshift-controller-manager-operator/tree/ab963d8ad0387788c947b884a96eb9b2fed470b6) * [OCPBUGS-20777](https://issues.redhat.com/browse/OCPBUGS-20777): bump(k8s,openshift) to address CVE-2023-44487 [#311](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/311) * [Full changelog](https://github.com/openshift/cluster-openshift-controller-manager-operator/compare/d1915d130481541b8bacb5b98eddbc1541809d0a...ab963d8ad0387788c947b884a96eb9b2fed470b6) ### [cluster-platform-operators-manager](https://github.com/openshift/platform-operators/tree/c930dc745f23ee5bde8b48d13557976186c21c7c) * [OCPBUGS-20979](https://issues.redhat.com/browse/OCPBUGS-20979): [release-4.12] Bump golang.org/x/net to v0.17.0 [#99](https://github.com/openshift/platform-operators/pull/99) * [Full changelog](https://github.com/openshift/platform-operators/compare/d40fae81256939670a8fd96b3822fbf1edf21d98...c930dc745f23ee5bde8b48d13557976186c21c7c) ### [cluster-policy-controller](https://github.com/openshift/cluster-policy-controller/tree/cb8862b0042ac2e7130a7c018e3e083ebc46705e) * [OCPBUGS-21080](https://issues.redhat.com/browse/OCPBUGS-21080): Bump deps to address CVE-2023-44487 [4.12] [#136](https://github.com/openshift/cluster-policy-controller/pull/136) * [Full changelog](https://github.com/openshift/cluster-policy-controller/compare/67ef456a781429a06bdc744aae89783cff25315d...cb8862b0042ac2e7130a7c018e3e083ebc46705e) ### [cluster-storage-operator](https://github.com/openshift/cluster-storage-operator/tree/21ebf328f53182111eb7dce344487ba633d09b1a) * [OCPBUGS-21266](https://issues.redhat.com/browse/OCPBUGS-21266): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#407](https://github.com/openshift/cluster-storage-operator/pull/407) * [OCPBUGS-18131](https://issues.redhat.com/browse/OCPBUGS-18131): Add patch for allowing configmap updates via clusterrole [#402](https://github.com/openshift/cluster-storage-operator/pull/402) * [Full changelog](https://github.com/openshift/cluster-storage-operator/compare/e0ae9c225039ae0f997a6e358c6d402ee39cd9e6...21ebf328f53182111eb7dce344487ba633d09b1a) ### [cluster-version-operator](https://github.com/openshift/cluster-version-operator/tree/8e2c472a67964065c8aa271f85ef7f7e57726ac4) * [OCPBUGS-27443](https://issues.redhat.com/browse/OCPBUGS-27443): pkg/cvo/availableupdates: Only bump LastAttempt on Cincinnati pulls [#1024](https://github.com/openshift/cluster-version-operator/pull/1024) * [OCPBUGS-20729](https://issues.redhat.com/browse/OCPBUGS-20729): [4.12] Bump http-related deps [#990](https://github.com/openshift/cluster-version-operator/pull/990) * [OCPBUGS-22408](https://issues.redhat.com/browse/OCPBUGS-22408): pkg/clusterconditions/promql: Warm cache with 1s delay [#988](https://github.com/openshift/cluster-version-operator/pull/988) * [OCPBUGS-22198](https://issues.redhat.com/browse/OCPBUGS-22198): Reconcile Volumes in SCCs [#985](https://github.com/openshift/cluster-version-operator/pull/985) * [OCPBUGS-14096](https://issues.redhat.com/browse/OCPBUGS-14096): Trigger new sync round on ClusterOperator Available changes [#938](https://github.com/openshift/cluster-version-operator/pull/938) * [Full changelog](https://github.com/openshift/cluster-version-operator/compare/f2620f65500d06c52419988cf3bf7def063b5eb2...8e2c472a67964065c8aa271f85ef7f7e57726ac4) ### [console](https://github.com/openshift/console/tree/5d4bea1fb74f6483ecd5d1121e54163ff21b6271) * [OCPBUGS-27479](https://issues.redhat.com/browse/OCPBUGS-27479): Bump helm pkg [#13528](https://github.com/openshift/console/pull/13528) * [OCPBUGS-29746](https://issues.redhat.com/browse/OCPBUGS-29746): Add Pipeline metrics tab using plugin [#13621](https://github.com/openshift/console/pull/13621) * [OCPBUGS-29348](https://issues.redhat.com/browse/OCPBUGS-29348): Added Proxy to non k8s endpoints [#13600](https://github.com/openshift/console/pull/13600) * [OCPBUGS-22431](https://issues.redhat.com/browse/OCPBUGS-22431): Check if filtered object contains name property [#13285](https://github.com/openshift/console/pull/13285) * [OCPBUGS-25213](https://issues.redhat.com/browse/OCPBUGS-25213): add access review for impersonate [#13440](https://github.com/openshift/console/pull/13440) * [OCPBUGS-18116](https://issues.redhat.com/browse/OCPBUGS-18116): Bump helm version [#13104](https://github.com/openshift/console/pull/13104) * [OCPBUGS-24236](https://issues.redhat.com/browse/OCPBUGS-24236): Remove tech preview badge from Pipeline repository pages [#13384](https://github.com/openshift/console/pull/13384) * [OCPBUGS-23413](https://issues.redhat.com/browse/OCPBUGS-23413): Correct logout process [#13342](https://github.com/openshift/console/pull/13342) * [OCPBUGS-24364](https://issues.redhat.com/browse/OCPBUGS-24364): Subsequent PipelineRuns take initial PipelineRun name into account [#13401](https://github.com/openshift/console/pull/13401) * [OCPBUGS-13357](https://issues.redhat.com/browse/OCPBUGS-13357): add multipath device type to LocalVolumeSet [#12805](https://github.com/openshift/console/pull/12805) * [OCPBUGS-23346](https://issues.redhat.com/browse/OCPBUGS-23346): update the KnativeServing API version to v1beta1 for global-config extension [#13334](https://github.com/openshift/console/pull/13334) * [OCPBUGS-23154](https://issues.redhat.com/browse/OCPBUGS-23154): remove expandable toggle for conditional update risk d… [#13322](https://github.com/openshift/console/pull/13322) * [OCPBUGS-22964](https://issues.redhat.com/browse/OCPBUGS-22964): add support for new features annotations while preservi… [#13305](https://github.com/openshift/console/pull/13305) * [OCPBUGS-19382](https://issues.redhat.com/browse/OCPBUGS-19382): Could not import multiple resources via JSON (while YAML supports this) [#13168](https://github.com/openshift/console/pull/13168) * [OCPBUGS-20071](https://issues.redhat.com/browse/OCPBUGS-20071): Fix that "Delete application" doesn't work in topology when Pipelines operator is not installed [#13212](https://github.com/openshift/console/pull/13212) * [OCPBUGS-21727](https://issues.redhat.com/browse/OCPBUGS-21727): fetch TaskRuns without selector and reduces the get TaskRuns requests [#13251](https://github.com/openshift/console/pull/13251) * [OCPBUGS-21731](https://issues.redhat.com/browse/OCPBUGS-21731): show all the legends for Pipeline metrics in PipelineRun TaskRun Duration chart [#13252](https://github.com/openshift/console/pull/13252) * [OCPBUGS-13580](https://issues.redhat.com/browse/OCPBUGS-13580): Regression: OpenShift Console no-longer filters SecretList when displaying ServiceAccount [#12747](https://github.com/openshift/console/pull/12747) * [OCPBUGS-19907](https://issues.redhat.com/browse/OCPBUGS-19907): Fixed Edit Application form for Knative Services [#13205](https://github.com/openshift/console/pull/13205) * [OCPBUGS-19045](https://issues.redhat.com/browse/OCPBUGS-19045): Web console slowness on Project>Project access page [#13155](https://github.com/openshift/console/pull/13155) * [OCPBUGS-18273](https://issues.redhat.com/browse/OCPBUGS-18273): Fix topology crash when a console.topology/data/factory extension tries to resolve a resource with version from the CRDs which doesn't exists [#13113](https://github.com/openshift/console/pull/13113) * [OCPBUGS-18563](https://issues.redhat.com/browse/OCPBUGS-18563): OLM Pages work when copied CSVs are disabled [#13055](https://github.com/openshift/console/pull/13055) * [OCPBUGS-17530](https://issues.redhat.com/browse/OCPBUGS-17530): fix bug where binary secret values are corrupted on edit and add test coverage [#13087](https://github.com/openshift/console/pull/13087) * [OCPBUGS-18366](https://issues.redhat.com/browse/OCPBUGS-18366): Fix DeploymentConfig list performance issues by lazy loading their ReplicationControllers [#13122](https://github.com/openshift/console/pull/13122) * [OCPBUGS-16660](https://issues.redhat.com/browse/OCPBUGS-16660): Manual cherry-pick of #12978 [#13039](https://github.com/openshift/console/pull/13039) * [OCPBUGS-17192](https://issues.redhat.com/browse/OCPBUGS-17192): "Duplicate RoleBinding" leads to "Unsupported value" error [#13063](https://github.com/openshift/console/pull/13063) * [OCPBUGS-16846](https://issues.redhat.com/browse/OCPBUGS-16846): Fix stop PLR option [#13051](https://github.com/openshift/console/pull/13051) * [Full changelog](https://github.com/openshift/console/compare/124e6d61be8c007639c027bf12af0ff98cb1490e...5d4bea1fb74f6483ecd5d1121e54163ff21b6271) ### [console-operator](https://github.com/openshift/console-operator/tree/7ea10a2488ec62b73cd4a9b462ff675ef0c9af3d) * [OCPBUGS-18951](https://issues.redhat.com/browse/OCPBUGS-18951): Add haproxy timeout annotation to console routes [#792](https://github.com/openshift/console-operator/pull/792) * [OCPBUGS-18309](https://issues.redhat.com/browse/OCPBUGS-18309): Add missing watch permission for helm-chartrepos-viewers [#789](https://github.com/openshift/console-operator/pull/789) * [OCPBUGS-15834](https://issues.redhat.com/browse/OCPBUGS-15834): Dockerfile: Shift ConsolePlugin CRD after the operator Deployment [#791](https://github.com/openshift/console-operator/pull/791) * [OCPBUGS-18563](https://issues.redhat.com/browse/OCPBUGS-18563): OLM Pages work when copied CSVs are disabled [#780](https://github.com/openshift/console-operator/pull/780) * [Full changelog](https://github.com/openshift/console-operator/compare/309915563e5f07545aa6ad035b4d379bd0828931...7ea10a2488ec62b73cd4a9b462ff675ef0c9af3d) ### [container-networking-plugins](https://github.com/openshift/containernetworking-plugins/tree/1b33971993ca1013be9f24690c44560d2c58c70a) * [OCPBUGS-20593](https://issues.redhat.com/browse/OCPBUGS-20593): build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 [backport 4.12] [#131](https://github.com/openshift/containernetworking-plugins/pull/131) * [Full changelog](https://github.com/openshift/containernetworking-plugins/compare/6d237727d7af8981b373cb62509dce1fe19d35b8...1b33971993ca1013be9f24690c44560d2c58c70a) ### [coredns](https://github.com/openshift/coredns/tree/cc1194ea004f6b4bcb132fd1c6cebee68666d38f) * [OCPBUGS-21023](https://issues.redhat.com/browse/OCPBUGS-21023): UPSTREAM: <carry>: openshift: Address CVE-2023-39325 [#103](https://github.com/openshift/coredns/pull/103) * [OCPBUGS-20144](https://issues.redhat.com/browse/OCPBUGS-20144): UPSTREAM: <carry>: openshift: Fix OCPBUGS-20144 [#98](https://github.com/openshift/coredns/pull/98) * [Full changelog](https://github.com/openshift/coredns/compare/9aaa7e0a86b69bafb9f544a0e5cb1873535a8f6b...cc1194ea004f6b4bcb132fd1c6cebee68666d38f) ### [csi-driver-manila, openstack-cinder-csi-driver, openstack-cloud-controller-manager](https://github.com/openshift/cloud-provider-openstack/tree/2f1d9f8ac6af4364d8118c874b0071d9e9f3ee65) * Make sure LB status is updated immediately (#2067) [#2067](https://github.com/openshift/cloud-provider-openstack/pull/2067) * Allow deleting LBs in ERROR status (#2037) [#2037](https://github.com/openshift/cloud-provider-openstack/pull/2037) * Protect from `AllocateLoadBalancerNodePorts=false` (#1988) [#1988](https://github.com/openshift/cloud-provider-openstack/pull/1988) * Do not create HTTP monitors for UDP on old Octavia (#2000) [#2000](https://github.com/openshift/cloud-provider-openstack/pull/2000) * fix CSI CI issue (#2020) [#2020](https://github.com/openshift/cloud-provider-openstack/pull/2020) * tests: Replace use of deprecated ginkgo flag (#2007) [#2007](https://github.com/openshift/cloud-provider-openstack/pull/2007) * Add docs on running tests (#2006) [#2006](https://github.com/openshift/cloud-provider-openstack/pull/2006) * Remove duplicate errors (#2009) [#2009](https://github.com/openshift/cloud-provider-openstack/pull/2009) * Manage Security Groups for Octavia (#1984) [#1984](https://github.com/openshift/cloud-provider-openstack/pull/1984) * : fix pagination, avoid unnecessary memory allocation, add more logs (#2308) [#2308](https://github.com/openshift/cloud-provider-openstack/pull/2308) * Add dulek and kayrus as approvers (#2318) (#2331) [#2318](https://github.com/openshift/cloud-provider-openstack/pull/2318) * fix gate (#2312) [#2312](https://github.com/openshift/cloud-provider-openstack/pull/2312) * [Full changelog](https://github.com/openshift/cloud-provider-openstack/compare/25e2824af9a2f4c6ba92a1274f5fe35e1bda51c8...2f1d9f8ac6af4364d8118c874b0071d9e9f3ee65) ### [csi-driver-manila-operator](https://github.com/openshift/csi-driver-manila-operator/tree/a0d079a079603589b9e272465f99befb001c23db) * [OCPBUGS-18475](https://issues.redhat.com/browse/OCPBUGS-18475): Don't cache OpenStack client [#202](https://github.com/openshift/csi-driver-manila-operator/pull/202) * [OCPBUGS-18417](https://issues.redhat.com/browse/OCPBUGS-18417): set TLS cipher suites in Kube RBAC sidecars [#199](https://github.com/openshift/csi-driver-manila-operator/pull/199) * [Full changelog](https://github.com/openshift/csi-driver-manila-operator/compare/af25a1f4319ee69d0852f10ecbd330450609f514...a0d079a079603589b9e272465f99befb001c23db) ### [csi-driver-shared-resource, csi-driver-shared-resource-webhook](https://github.com/openshift/csi-driver-shared-resource/tree/d054948fbc78ef04c7a55ac2a4b3ac0ed5648585) * [OCPBUGS-28953](https://issues.redhat.com/browse/OCPBUGS-28953): Replace 'coreydaley' with 'sayan-biswas' in OWNERS file [#169](https://github.com/openshift/csi-driver-shared-resource/pull/169) * [OCPBUGS-23118](https://issues.redhat.com/browse/OCPBUGS-23118): Should reference configmaps instead of secrets [#154](https://github.com/openshift/csi-driver-shared-resource/pull/154) * [OCPBUGS-20703](https://issues.redhat.com/browse/OCPBUGS-20703): bump golang.org/x/net to v0.17.0 [#148](https://github.com/openshift/csi-driver-shared-resource/pull/148) * [Full changelog](https://github.com/openshift/csi-driver-shared-resource/compare/20cffc04d37e0ac2ea5014c08513c8408715179c...d054948fbc78ef04c7a55ac2a4b3ac0ed5648585) ### [csi-driver-shared-resource-operator](https://github.com/openshift/csi-driver-shared-resource-operator/tree/cc297702e6d2d4fb5a2b57a734c26d0d0a7bec1c) * [OCPBUGS-28959](https://issues.redhat.com/browse/OCPBUGS-28959): Replace 'coreydaley' with 'sayan-biswas' in OWNERS file [#105](https://github.com/openshift/csi-driver-shared-resource-operator/pull/105) * [OCPBUGS-20787](https://issues.redhat.com/browse/OCPBUGS-20787): bump golang.org/x/net to v0.17.0 [#88](https://github.com/openshift/csi-driver-shared-resource-operator/pull/88) * [Full changelog](https://github.com/openshift/csi-driver-shared-resource-operator/compare/3201431c8f52827d599556fd041049ec121cc067...cc297702e6d2d4fb5a2b57a734c26d0d0a7bec1c) ### [csi-external-attacher](https://github.com/openshift/csi-external-attacher/tree/fac7b8fd905b4c68beadc2c968e6f981385463e8) * [OCPBUGS-21139](https://issues.redhat.com/browse/OCPBUGS-21139): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#62](https://github.com/openshift/csi-external-attacher/pull/62) * [Full changelog](https://github.com/openshift/csi-external-attacher/compare/6945eef88ccf4e57545fea636113afe4103058bc...fac7b8fd905b4c68beadc2c968e6f981385463e8) ### [csi-external-provisioner](https://github.com/openshift/csi-external-provisioner/tree/3aa7c527732e288c71119ea3e78fac739dfbd438) * [OCPBUGS-20743](https://issues.redhat.com/browse/OCPBUGS-20743): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#74](https://github.com/openshift/csi-external-provisioner/pull/74) * [Full changelog](https://github.com/openshift/csi-external-provisioner/compare/140851f6c0e70cf917b3361808b31628c68ea8a5...3aa7c527732e288c71119ea3e78fac739dfbd438) ### [csi-external-resizer](https://github.com/openshift/csi-external-resizer/tree/5b066ba420bd74ec5327978d2731da989d57d4f2) * [OCPBUGS-20885](https://issues.redhat.com/browse/OCPBUGS-20885): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#149](https://github.com/openshift/csi-external-resizer/pull/149) * [Full changelog](https://github.com/openshift/csi-external-resizer/compare/239d751f51743214417dd5058645c2c1d390d1b5...5b066ba420bd74ec5327978d2731da989d57d4f2) ### [csi-external-snapshotter, csi-snapshot-controller, csi-snapshot-validation-webhook](https://github.com/openshift/csi-external-snapshotter/tree/6fdb648f67640dbb8b5eed10a1eab9830e6f8cdf) * [OCPBUGS-29244](https://issues.redhat.com/browse/OCPBUGS-29244): cherry-pick:release-4.12: OCPBUGS-29244 Update VolumeSnapshot and VolumeSnapshotContent using JSON patch [#140](https://github.com/openshift/csi-external-snapshotter/pull/140) * [OCPBUGS-20991](https://issues.redhat.com/browse/OCPBUGS-20991): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#111](https://github.com/openshift/csi-external-snapshotter/pull/111) * [Full changelog](https://github.com/openshift/csi-external-snapshotter/compare/7e2325666da25db833027acee53344fd0a6cd9e3...6fdb648f67640dbb8b5eed10a1eab9830e6f8cdf) ### [csi-livenessprobe](https://github.com/openshift/csi-livenessprobe/tree/e6545e71597df1da4635c266eb8f499fc376d970) * [OCPBUGS-20629](https://issues.redhat.com/browse/OCPBUGS-20629): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#52](https://github.com/openshift/csi-livenessprobe/pull/52) * [Full changelog](https://github.com/openshift/csi-livenessprobe/compare/9cb056421c5a2e37435dbedbd7d73de8db1e094a...e6545e71597df1da4635c266eb8f499fc376d970) ### [csi-node-driver-registrar](https://github.com/openshift/csi-node-driver-registrar/tree/c316b8963a0b0ff8d45f2b32c56de972d55bfd37) * [OCPBUGS-20674](https://issues.redhat.com/browse/OCPBUGS-20674): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#54](https://github.com/openshift/csi-node-driver-registrar/pull/54) * [Full changelog](https://github.com/openshift/csi-node-driver-registrar/compare/805d5ac247137b02e6081e3eb7aa1fb9f4c7b4b2...c316b8963a0b0ff8d45f2b32c56de972d55bfd37) ### [docker-builder](https://github.com/openshift/builder/tree/a1cce53440f2f491c16c1b2c5a5b9986ba28c3fc) * [OCPBUGS-23037](https://issues.redhat.com/browse/OCPBUGS-23037): Add -p flag to cp command to preserve timestamps [#372](https://github.com/openshift/builder/pull/372) * [OCPBUGS-20695](https://issues.redhat.com/browse/OCPBUGS-20695): [release-4.12]Bump golang.org/x/net [#364](https://github.com/openshift/builder/pull/364) * [OCPBUGS-17228](https://issues.redhat.com/browse/OCPBUGS-17228): bump github.com/containers/buildah to v1.26.6 [#325](https://github.com/openshift/builder/pull/325) * [Full changelog](https://github.com/openshift/builder/compare/885e27e023c372891e6bba458b412c8e455d3604...a1cce53440f2f491c16c1b2c5a5b9986ba28c3fc) ### [docker-registry](https://github.com/openshift/image-registry/tree/9e75355ca282cf5abac5595585a4b089e6a95e6f) * [OCPBUGS-19306](https://issues.redhat.com/browse/OCPBUGS-19306): bump docker-distribution [#382](https://github.com/openshift/image-registry/pull/382) * [Full changelog](https://github.com/openshift/image-registry/compare/95e39bf0e31a5af9ebcee698a69a4996a39e221a...9e75355ca282cf5abac5595585a4b089e6a95e6f) ### [etcd](https://github.com/openshift/etcd/tree/bb43fb58e2284fb9732045bdfafb9e702490f449) * [OCPBUGS-27102](https://issues.redhat.com/browse/OCPBUGS-27102): Rebase etcd 3.5.11 openshift 4.12 [#240](https://github.com/openshift/etcd/pull/240) * [OCPBUGS-21187](https://issues.redhat.com/browse/OCPBUGS-21187): [4.12] Carrying fixes for CVE-2023-44487 [#228](https://github.com/openshift/etcd/pull/228) * [OCPBUGS-15860](https://issues.redhat.com/browse/OCPBUGS-15860): [4.12] Rebase openshift/etcd to 3.5.9 [#207](https://github.com/openshift/etcd/pull/207) * [Full changelog](https://github.com/openshift/etcd/compare/c1d76ffd4b4cf0a0d2a6056a505fbef0b187c027...bb43fb58e2284fb9732045bdfafb9e702490f449) ### [gcp-cloud-controller-manager](https://github.com/openshift/cloud-provider-gcp/tree/8a84952ec7ff1aa001f885b10ec583540f298c73) * [OCPBUGS-21282](https://issues.redhat.com/browse/OCPBUGS-21282): Bump golang.org/x/net to v0.18.0 [#44](https://github.com/openshift/cloud-provider-gcp/pull/44) * [Full changelog](https://github.com/openshift/cloud-provider-gcp/compare/8d208a7f549b0c039420f67ca7aeff43fc1dcdfc...8a84952ec7ff1aa001f885b10ec583540f298c73) ### [gcp-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-gcp/tree/e00019faa4bd74f70826344a8cc085ba13768422) * [OCPBUGS-21380](https://issues.redhat.com/browse/OCPBUGS-21380): Bump golang.org/x/net to v0.17.0 [#205](https://github.com/openshift/cluster-api-provider-gcp/pull/205) * [Full changelog](https://github.com/openshift/cluster-api-provider-gcp/compare/eea0586cdf2bc859533fa874e1b6df536a6df40d...e00019faa4bd74f70826344a8cc085ba13768422) ### [gcp-machine-controllers](https://github.com/openshift/machine-api-provider-gcp/tree/d6d8c1cc5b58ff7cf311bcb72dbeb00eb704511a) * [OCPBUGS-24564](https://issues.redhat.com/browse/OCPBUGS-24564): Reduce metrics cardinality. [#76](https://github.com/openshift/machine-api-provider-gcp/pull/76) * [OCPBUGS-20833](https://issues.redhat.com/browse/OCPBUGS-20833): Bump x/net package to v0.18.0 [#69](https://github.com/openshift/machine-api-provider-gcp/pull/69) * [Full changelog](https://github.com/openshift/machine-api-provider-gcp/compare/e7cecfc120f25169435e3b00ee020e996f487034...d6d8c1cc5b58ff7cf311bcb72dbeb00eb704511a) ### [gcp-pd-csi-driver](https://github.com/openshift/gcp-pd-csi-driver/tree/5dcfd6755ea1eff7dcf1c0c831b048eda1b41736) * [OCPBUGS-20718](https://issues.redhat.com/browse/OCPBUGS-20718): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#47](https://github.com/openshift/gcp-pd-csi-driver/pull/47) * [Full changelog](https://github.com/openshift/gcp-pd-csi-driver/compare/223d84646af2611d801ad5633e9ce4088772cab4...5dcfd6755ea1eff7dcf1c0c831b048eda1b41736) ### [gcp-pd-csi-driver-operator](https://github.com/openshift/gcp-pd-csi-driver-operator/tree/30e97ba511547edb057071b63498e1ca4c68ec16) * [OCPBUGS-20807](https://issues.redhat.com/browse/OCPBUGS-20807): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#89](https://github.com/openshift/gcp-pd-csi-driver-operator/pull/89) * [OCPBUGS-18417](https://issues.redhat.com/browse/OCPBUGS-18417): set TLS cipher suites in Kube RBAC sidecars [#82](https://github.com/openshift/gcp-pd-csi-driver-operator/pull/82) * [Full changelog](https://github.com/openshift/gcp-pd-csi-driver-operator/compare/020aeb670fa7897ae3e564d052577042c26b1921...30e97ba511547edb057071b63498e1ca4c68ec16) ### [haproxy-router](https://github.com/openshift/router/tree/bfb66253ac1ed27efea087d6cf0f9ba9d9cb73df) * [OCPBUGS-21098](https://issues.redhat.com/browse/OCPBUGS-21098): Bump golang.org/x/net to v0.17.0 to address CVE-2023-39325 [#532](https://github.com/openshift/router/pull/532) * [OCPBUGS-17766](https://issues.redhat.com/browse/OCPBUGS-17766): haproxy/template: mitigate CVE-2023-40225 [#507](https://github.com/openshift/router/pull/507) * [OCPBUGS-18639](https://issues.redhat.com/browse/OCPBUGS-18639): properly handle weight=0 [#511](https://github.com/openshift/router/pull/511) * [Full changelog](https://github.com/openshift/router/compare/3a1f43ca2b7e1549c6d108b6311cda59fcca28d6...bfb66253ac1ed27efea087d6cf0f9ba9d9cb73df) ### [hyperkube, pod](https://github.com/openshift/kubernetes/tree/9946c637298dd1bb175ac54f32e84d3fafaddbcb) * [OCPBUGS-15527](https://issues.redhat.com/browse/OCPBUGS-15527): Prevent partially filled HPA behaviors from crashing kube-controller-manager [#1887](https://github.com/openshift/kubernetes/pull/1887) * [OCPBUGS-25815](https://issues.redhat.com/browse/OCPBUGS-25815): Fix device uncertain errors on reboot 4.12 [#1833](https://github.com/openshift/kubernetes/pull/1833) * [OCPBUGS-25214](https://issues.redhat.com/browse/OCPBUGS-25214): legacy-cloud-providers: prevent index out-of-range in getNextUnitNumber [#1835](https://github.com/openshift/kubernetes/pull/1835) * [OCPBUGS-23568](https://issues.redhat.com/browse/OCPBUGS-23568): Update to kubernetes 1.25.16 [#1807](https://github.com/openshift/kubernetes/pull/1807) * [OCPBUGS-23288](https://issues.redhat.com/browse/OCPBUGS-23288): UPSTREAM: 121881: Use golang library instead of mklink [#1803](https://github.com/openshift/kubernetes/pull/1803) * [OCPBUGS-20113](https://issues.redhat.com/browse/OCPBUGS-20113): UPSTREAM: <carry>: Do not allow nodes to set forbidden openshift labels [#1747](https://github.com/openshift/kubernetes/pull/1747) * openshift-hack: Fix sporadic 141 errors in build-rpms [#1774](https://github.com/openshift/kubernetes/pull/1774) * [OCPBUGS-21435](https://issues.redhat.com/browse/OCPBUGS-21435): [release-4.12] UPSTREAM: 121125: [1.25][CVE-2023-39325] .: bump golang.org/x/net to v0.17.0 [#1760](https://github.com/openshift/kubernetes/pull/1760) * [OCPBUGS-18288](https://issues.redhat.com/browse/OCPBUGS-18288), [OCPBUGS-19483](https://issues.redhat.com/browse/OCPBUGS-19483): Update to kubernetes 1.25.14 [#1719](https://github.com/openshift/kubernetes/pull/1719) * [OCPBUGS-18768](https://issues.redhat.com/browse/OCPBUGS-18768): UPSTREAM: <carry>: Force using host go always and use host libriaries [#1694](https://github.com/openshift/kubernetes/pull/1694) * [OCPBUGS-17188](https://issues.redhat.com/browse/OCPBUGS-17188): Update to Kubernetes 1.25.12 [#1669](https://github.com/openshift/kubernetes/pull/1669) * [OCPBUGS-17159](https://issues.redhat.com/browse/OCPBUGS-17159): Increase service idle max timeout to 100 minutes [#1662](https://github.com/openshift/kubernetes/pull/1662) * [Full changelog](https://github.com/openshift/kubernetes/compare/1485cc947720a841d83204046599f02432d32707...9946c637298dd1bb175ac54f32e84d3fafaddbcb) ### [hypershift](https://github.com/openshift/hypershift/tree/6f1e70162329ed38cb7e58622fc79955e4338f02) * [MULTIARCH-3709](https://issues.redhat.com/browse/MULTIARCH-3709): PowerVS - Add reuse resource flags to e2e test [#2994](https://github.com/openshift/hypershift/pull/2994) * [MULTIARCH-3732](https://issues.redhat.com/browse/MULTIARCH-3732): PowerVS - Fix cluster deletion when existing resources passed [#2993](https://github.com/openshift/hypershift/pull/2993) * [MULTIARCH-3733](https://issues.redhat.com/browse/MULTIARCH-3733): Add dev flags in destroy cluster powervs command [#2998](https://github.com/openshift/hypershift/pull/2998) * Updated secret permissions for openshift-route-controller-manager [#2924](https://github.com/openshift/hypershift/pull/2924) * fix(hcco): Add HCP label to HCCO by default [#2972](https://github.com/openshift/hypershift/pull/2972) * fix(ignition): Add HCP label to ignition-server by default [#2949](https://github.com/openshift/hypershift/pull/2949) * [Full changelog](https://github.com/openshift/hypershift/compare/1dcc63aa8650f82075274f41400cc439270f9f34...6f1e70162329ed38cb7e58622fc79955e4338f02) ### [ibm-cloud-controller-manager](https://github.com/openshift/cloud-provider-ibm/tree/8bd0ea8fadbbb09ed912984d3dc6903a0aad0562) * [OCPBUGS-24644](https://issues.redhat.com/browse/OCPBUGS-24644): Add Snyk file to exclude vendor directory on scan [#67](https://github.com/openshift/cloud-provider-ibm/pull/67) * [OCPBUGS-21113](https://issues.redhat.com/browse/OCPBUGS-21113): Bump golang.org/x/net to v0.18.0 [#57](https://github.com/openshift/cloud-provider-ibm/pull/57) * [Full changelog](https://github.com/openshift/cloud-provider-ibm/compare/e5f25fc64911215a3a78cab186cba49cbd51dec6...8bd0ea8fadbbb09ed912984d3dc6903a0aad0562) ### [ibm-vpc-block-csi-driver](https://github.com/openshift/ibm-vpc-block-csi-driver/tree/3ddaa8298f63cf342aa344003dcef6ecd4a721f2) * [OCPBUGS-20583](https://issues.redhat.com/browse/OCPBUGS-20583): [IBM VPC] failed provisioning volume in proxy cluster [#56](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/56) * [OCPBUGS-21206](https://issues.redhat.com/browse/OCPBUGS-21206): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#52](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/52) * [Full changelog](https://github.com/openshift/ibm-vpc-block-csi-driver/compare/e0f7a3bc39c7941dfb8b03f4c111f98edbe4792f...3ddaa8298f63cf342aa344003dcef6ecd4a721f2) ### [ibm-vpc-block-csi-driver-operator](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/tree/946ac1326c83727a7791218f1cdf3290dd55ed17) * [OCPBUGS-20583](https://issues.redhat.com/browse/OCPBUGS-20583): [IBM VPC] failed provisioning volume in proxy cluster [#79](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/79) * [OCPBUGS-21302](https://issues.redhat.com/browse/OCPBUGS-21302): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#83](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/83) * [Full changelog](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/compare/f70fcceadbe82a58c92157df3e4d5a047e87fba0...946ac1326c83727a7791218f1cdf3290dd55ed17) ### [ibm-vpc-node-label-updater](https://github.com/openshift/ibm-vpc-node-label-updater/tree/f9da23ac8abe04dc1615763e120cd174bde6e617) * [OCPBUGS-21415](https://issues.redhat.com/browse/OCPBUGS-21415): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#29](https://github.com/openshift/ibm-vpc-node-label-updater/pull/29) * [Full changelog](https://github.com/openshift/ibm-vpc-node-label-updater/compare/737d00c9dd2aa49dbe421e7bbc0df4f94239f78a...f9da23ac8abe04dc1615763e120cd174bde6e617) ### [ibmcloud-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-ibmcloud/tree/0fe74f674bf5a1e464a5e2f872def13e1a9bb2a9) * [OCPBUGS-21397](https://issues.redhat.com/browse/OCPBUGS-21397): UPSTREAM: <carry>: bump golang.org/x/net to v0.18.0 [#67](https://github.com/openshift/cluster-api-provider-ibmcloud/pull/67) * [Full changelog](https://github.com/openshift/cluster-api-provider-ibmcloud/compare/c1304c80d736559ced3049c076535d53020d5d9d...0fe74f674bf5a1e464a5e2f872def13e1a9bb2a9) ### [insights-operator](https://github.com/openshift/insights-operator/tree/d55652c3dd4c2c502a9c5f4b2cfaee9da2a8a560) * [OCPBUGS-28519](https://issues.redhat.com/browse/OCPBUGS-28519): Add extra check in ids to bypass validations (#906) [#906](https://github.com/openshift/insights-operator/pull/906) * adds helm information gather (#890) [#890](https://github.com/openshift/insights-operator/pull/890) * [OCPBUGS-23439](https://issues.redhat.com/browse/OCPBUGS-23439): remove username & password config options (#869) [#869](https://github.com/openshift/insights-operator/pull/869) * [OCPBUGS-22922](https://issues.redhat.com/browse/OCPBUGS-22922): create Prometheus rules programmatically according the… (#860) (#862) [#860](https://github.com/openshift/insights-operator/pull/860) * [OCPBUGS-20731](https://issues.redhat.com/browse/OCPBUGS-20731): update dependencies (#841) [#841](https://github.com/openshift/insights-operator/pull/841) * Add cherry-pick from 4.13 (#853) [#853](https://github.com/openshift/insights-operator/pull/853) * [OCPBUGS-19476](https://issues.redhat.com/browse/OCPBUGS-19476): update Insights report config logging (#831) [#831](https://github.com/openshift/insights-operator/pull/831) * [OCPBUGS-19405](https://issues.redhat.com/browse/OCPBUGS-19405): workload info gatherer, add external image repo (#823) [#823](https://github.com/openshift/insights-operator/pull/823) * [Full changelog](https://github.com/openshift/insights-operator/compare/3f61aabe3d7b0c74bb6d7b18dbadf22791b42287...d55652c3dd4c2c502a9c5f4b2cfaee9da2a8a560) ### [ironic](https://github.com/openshift/ironic-image/tree/4d127a2c0af92a5f31d166e84bb5dd9df8a78b64) * [OCPBUGS-29229](https://issues.redhat.com/browse/OCPBUGS-29229): Fix Inspector iPXE config for IPv6 addresses [#454](https://github.com/openshift/ironic-image/pull/454) * [OCPBUGS-23979](https://issues.redhat.com/browse/OCPBUGS-23979): Ironic side of external_http_url (METAL-163) is not wired in correctly [#431](https://github.com/openshift/ironic-image/pull/431) * [OCPBUGS-23357](https://issues.redhat.com/browse/OCPBUGS-23357): Upgrade werkzeug dependency [#423](https://github.com/openshift/ironic-image/pull/423) * [OCPBUGS-23182](https://issues.redhat.com/browse/OCPBUGS-23182): Use bash process substitution instead of pipe [#419](https://github.com/openshift/ironic-image/pull/419) * [OCPBUGS-19064](https://issues.redhat.com/browse/OCPBUGS-19064): Handle Eject DVD in 4.12 [#417](https://github.com/openshift/ironic-image/pull/417) * [OCPBUGS-21849](https://issues.redhat.com/browse/OCPBUGS-21849): bump eventlet version [#409](https://github.com/openshift/ironic-image/pull/409) * [OCPBUGS-17642](https://issues.redhat.com/browse/OCPBUGS-17642): Expand regex for fcos/okd packages list [#392](https://github.com/openshift/ironic-image/pull/392) * [Full changelog](https://github.com/openshift/ironic-image/compare/f2dd4fc1b003a1f4be0f4be68fdeb61c76fbea78...4d127a2c0af92a5f31d166e84bb5dd9df8a78b64) ### [ironic-agent](https://github.com/openshift/ironic-agent-image/tree/38fe5bbf9371da3770319a12b9f7d1321d14bbf0) * [OCPBUGS-29769](https://issues.redhat.com/browse/OCPBUGS-29769): Always add ignition to set hostname on /etc/hostname [#112](https://github.com/openshift/ironic-agent-image/pull/112) * [OCPBUGS-19008](https://issues.redhat.com/browse/OCPBUGS-19008): better compatibility with old hostnamectl [#92](https://github.com/openshift/ironic-agent-image/pull/92) * [OCPBUGS-19008](https://issues.redhat.com/browse/OCPBUGS-19008): backport hostname fixes [#90](https://github.com/openshift/ironic-agent-image/pull/90) * [Full changelog](https://github.com/openshift/ironic-agent-image/compare/5e2d8a3feebcdbb5ad131ca797646632885d5ee4...38fe5bbf9371da3770319a12b9f7d1321d14bbf0) ### [k8s-prometheus-adapter](https://github.com/openshift/k8s-prometheus-adapter/tree/36c06694097a1a09a8c4e1f70a9025187814cb1a) * [OCPBUGS-21441](https://issues.redhat.com/browse/OCPBUGS-21441): upgrade golang.org/x/net to 0.17.0 to address CVE [#91](https://github.com/openshift/k8s-prometheus-adapter/pull/91) * [OCPBUGS-20580](https://issues.redhat.com/browse/OCPBUGS-20580): limit number of simultaneous client requests [#79](https://github.com/openshift/k8s-prometheus-adapter/pull/79) * [Full changelog](https://github.com/openshift/k8s-prometheus-adapter/compare/987e5da8ebf294300e16500b201fb72d03af8ed3...36c06694097a1a09a8c4e1f70a9025187814cb1a) ### [kube-proxy, sdn](https://github.com/openshift/sdn/tree/9706f967ca7bb1ade1a789123c71fe6cb55a025e) * [OCPBUGS-20753](https://issues.redhat.com/browse/OCPBUGS-20753): update x/net to v0.17.0 [#615](https://github.com/openshift/sdn/pull/615) * [OCPBUGS-22972](https://issues.redhat.com/browse/OCPBUGS-22972): Change the permission of 80-openshift-network.conf to 600 [#583](https://github.com/openshift/sdn/pull/583) * [OCPBUGS-18325](https://issues.redhat.com/browse/OCPBUGS-18325): Vendor o/k to consume update to prefer local TCP eps for DNS [#573](https://github.com/openshift/sdn/pull/573) * [Full changelog](https://github.com/openshift/sdn/compare/bf4cf1e72ec69861ea75193f3b3267ed9125a11e...9706f967ca7bb1ade1a789123c71fe6cb55a025e) ### [kube-rbac-proxy](https://github.com/openshift/kube-rbac-proxy/tree/b17014fefeb55512dd015d3024184c8c4692588b) * [OCPBUGS-20687](https://issues.redhat.com/browse/OCPBUGS-20687): trim down http2, make it configurable 4.12 [#85](https://github.com/openshift/kube-rbac-proxy/pull/85) * [Full changelog](https://github.com/openshift/kube-rbac-proxy/compare/94f3fde785a22afdc77768f5c346c7d3195274d2...b17014fefeb55512dd015d3024184c8c4692588b) ### [kube-state-metrics](https://github.com/openshift/kube-state-metrics/tree/748f71317b9d3e3e5a96b14131294e2695f26434) * [OCPBUGS-20764](https://issues.redhat.com/browse/OCPBUGS-20764): bump x/net to v0.17.0 [#103](https://github.com/openshift/kube-state-metrics/pull/103) * [Full changelog](https://github.com/openshift/kube-state-metrics/compare/9a1bf9b8c6b2da07214eb934e4d1f86d1700a2ce...748f71317b9d3e3e5a96b14131294e2695f26434) ### [kuryr-cni, kuryr-controller](https://github.com/openshift/kuryr-kubernetes/tree/8fd2f8b0f7e2849b1a7db252beba0c8250552e36) * Bug OCPBUGS-16376: Fix np retry [#740](https://github.com/openshift/kuryr-kubernetes/pull/740) * [Full changelog](https://github.com/openshift/kuryr-kubernetes/compare/e524c41758924da4844577c1c76c4c04c874154c...8fd2f8b0f7e2849b1a7db252beba0c8250552e36) ### [machine-api-operator](https://github.com/openshift/machine-api-operator/tree/04504fbb32683c4d06fe2ccf0ef941305a61bc2e) * [OCPBUGS-25303](https://issues.redhat.com/browse/OCPBUGS-25303): Update reference URL [#1189](https://github.com/openshift/machine-api-operator/pull/1189) * [OCPBUGS-21501](https://issues.redhat.com/browse/OCPBUGS-21501): Bump golang.org/x/net to v0.18.0 [#1176](https://github.com/openshift/machine-api-operator/pull/1176) * [Full changelog](https://github.com/openshift/machine-api-operator/compare/a6c42a425610c1f634475f5e1014ee8b2dbd9437...04504fbb32683c4d06fe2ccf0ef941305a61bc2e) ### [machine-config-operator](https://github.com/openshift/machine-config-operator/tree/5a05d1fdbbf6713b43ec284f614949fa70a6f5bd) * [OCPBUGS-30329](https://issues.redhat.com/browse/OCPBUGS-30329): set nodeStatusReportFrequency [#4246](https://github.com/openshift/machine-config-operator/pull/4246) * [OCPBUGS-19659](https://issues.redhat.com/browse/OCPBUGS-19659): After dual-stack conversion reconcile IPFamilies [#3936](https://github.com/openshift/machine-config-operator/pull/3936) * [OCPBUGS-29366](https://issues.redhat.com/browse/OCPBUGS-29366): release-4.12: fix nodeStatusUpdateFrequency [#4180](https://github.com/openshift/machine-config-operator/pull/4180) * [OCPBUGS-29278](https://issues.redhat.com/browse/OCPBUGS-29278): crio: drop automatic image cleanup on upgrades [#4178](https://github.com/openshift/machine-config-operator/pull/4178) * [OCPBUGS-14071](https://issues.redhat.com/browse/OCPBUGS-14071): Imageinspect takes type of error into account, drop podman inspect fallback [#3717](https://github.com/openshift/machine-config-operator/pull/3717) * [OCPBUGS-21038](https://issues.redhat.com/browse/OCPBUGS-21038): update library-go and kube deps to latest version [#4013](https://github.com/openshift/machine-config-operator/pull/4013) * [OCPBUGS-22719](https://issues.redhat.com/browse/OCPBUGS-22719): Backport logspam PRs [#4008](https://github.com/openshift/machine-config-operator/pull/4008) * [OCPBUGS-21723](https://issues.redhat.com/browse/OCPBUGS-21723): keepalived/ingress: change healthcheck script [#3985](https://github.com/openshift/machine-config-operator/pull/3985) * [OCPBUGS-18433](https://issues.redhat.com/browse/OCPBUGS-18433): Prevent NM from unsetting the hostname [#3900](https://github.com/openshift/machine-config-operator/pull/3900) * [OCPBUGS-20509](https://issues.redhat.com/browse/OCPBUGS-20509): resolv-prepender: avoid pulling baremetalRuntimeCfgImage again if it … [#3969](https://github.com/openshift/machine-config-operator/pull/3969) * [OCPBUGS-19779](https://issues.redhat.com/browse/OCPBUGS-19779): daemon: always use `podman cp` to copy extensions container content [#3944](https://github.com/openshift/machine-config-operator/pull/3944) * [OCPBUGS-19515](https://issues.redhat.com/browse/OCPBUGS-19515): The kubeconfig copied on to each node has 644 permissions [#3931](https://github.com/openshift/machine-config-operator/pull/3931) * [OCPBUGS-17862](https://issues.redhat.com/browse/OCPBUGS-17862): Agent-based install process the container machine-config-controller will be oom [#3875](https://github.com/openshift/machine-config-operator/pull/3875) * [OCPBUGS-17461](https://issues.redhat.com/browse/OCPBUGS-17461): The machine-config-controller pod restart in SNO+1 causing daemonsets to restart [#3844](https://github.com/openshift/machine-config-operator/pull/3844) * [Full changelog](https://github.com/openshift/machine-config-operator/compare/43b51b1824650420cbfa4177468c103c434421a4...5a05d1fdbbf6713b43ec284f614949fa70a6f5bd) ### [machine-image-customization-controller](https://github.com/openshift/image-customization-controller/tree/e456249dbf0c5456bd0671d41a4445bd266b3660) * [OCPBUGS-27090](https://issues.redhat.com/browse/OCPBUGS-27090): configurable ironic agent vlan creation [#119](https://github.com/openshift/image-customization-controller/pull/119) * [OCPBUGS-21543](https://issues.redhat.com/browse/OCPBUGS-21543): Uplift x/net to v0.17.0 [#106](https://github.com/openshift/image-customization-controller/pull/106) * [OCPBUGS-19008](https://issues.redhat.com/browse/OCPBUGS-19008): Pass BareMetalHost name to IPA (take 2) [#101](https://github.com/openshift/image-customization-controller/pull/101) * [OCPBUGS-18687](https://issues.redhat.com/browse/OCPBUGS-18687): Watch networkData Secrets for changes [#96](https://github.com/openshift/image-customization-controller/pull/96) * [Full changelog](https://github.com/openshift/image-customization-controller/compare/27777d0e032119965c7ea5ce5b8f74bd885990bd...e456249dbf0c5456bd0671d41a4445bd266b3660) ### [multus-admission-controller](https://github.com/openshift/multus-admission-controller/tree/e27952fc813ac994e64f715a8690f3d36a9ec778) * [OCPBUGS-21330](https://issues.redhat.com/browse/OCPBUGS-21330): Update go.mod for CVE-2023-39325 [Release-4.12] [#73](https://github.com/openshift/multus-admission-controller/pull/73) * [Full changelog](https://github.com/openshift/multus-admission-controller/compare/5bd752a1dfe37d5894cd59b66aff6fe4a6a64cfc...e27952fc813ac994e64f715a8690f3d36a9ec778) ### [multus-cni](https://github.com/openshift/multus-cni/tree/f677359951fac9e8d292974d30d2693078f9093d) * [OCPBUGS-21061](https://issues.redhat.com/browse/OCPBUGS-21061): Update go.mod for CVE-2023-39325 [Release-4.12] [#196](https://github.com/openshift/multus-cni/pull/196) * [OCPBUGS-22461](https://issues.redhat.com/browse/OCPBUGS-22461): fix multiple default gw [#200](https://github.com/openshift/multus-cni/pull/200) * [Full changelog](https://github.com/openshift/multus-cni/compare/210e5408299551d74ef0129155ed665e7590b541...f677359951fac9e8d292974d30d2693078f9093d) ### [multus-networkpolicy](https://github.com/openshift/multus-networkpolicy/tree/644461f25fb6b45054d1a8be7a996670959a5a9d) * [OCPBUGS-21420](https://issues.redhat.com/browse/OCPBUGS-21420): Update go.mod for CVE-2023-39325 (#36) [#36](https://github.com/openshift/multus-networkpolicy/pull/36) * [Full changelog](https://github.com/openshift/multus-networkpolicy/compare/421718ab8efebb735fd8e0ec5a3c94d78d1d7ac1...644461f25fb6b45054d1a8be7a996670959a5a9d) ### [multus-whereabouts-ipam-cni](https://github.com/openshift/whereabouts-cni/tree/60a4bcef7c21402cb7c69dad7ab58bc4b4c24fa1) * [OCPBUGS-28801](https://issues.redhat.com/browse/OCPBUGS-28801): [release-4.12] Enable whereabouts config [#244](https://github.com/openshift/whereabouts-cni/pull/244) * [OCPBUGS-16008](https://issues.redhat.com/browse/OCPBUGS-16008): Cherry pick fix assignment 4.12 [#238](https://github.com/openshift/whereabouts-cni/pull/238) * [OCPBUGS-21499](https://issues.redhat.com/browse/OCPBUGS-21499): update golang.org/x/net to v0.17.0 [#209](https://github.com/openshift/whereabouts-cni/pull/209) * [OCPBUGS-5953](https://issues.redhat.com/browse/OCPBUGS-5953): Denormalize IP name before checking if pod is alive [Backport 4.12] [#178](https://github.com/openshift/whereabouts-cni/pull/178) * [Full changelog](https://github.com/openshift/whereabouts-cni/compare/46d23d6dcf1a301a46a2904f78dbe9fc52fe93f5...60a4bcef7c21402cb7c69dad7ab58bc4b4c24fa1) ### [must-gather](https://github.com/openshift/must-gather/tree/dc23fd8103fdf54262f101c16b11102242d9d002) * [OCPBUGS-24523](https://issues.redhat.com/browse/OCPBUGS-24523): [release-4.12] Add csi-proxy logs collection in must-gather for Windows nodes [#394](https://github.com/openshift/must-gather/pull/394) * [Full changelog](https://github.com/openshift/must-gather/compare/5fd2176182e7aec687da553fe185b9f6f739bbb2...dc23fd8103fdf54262f101c16b11102242d9d002) ### [network-metrics-daemon](https://github.com/openshift/network-metrics-daemon/tree/fad45782360032bdde3a10b9a28ba30ecc14684f) * Added METRIC_TEST_IMAGE var (#92) [#92](https://github.com/openshift/network-metrics-daemon/pull/92) * Update the k8s dependencies to 1.25.15 (#84) [#84](https://github.com/openshift/network-metrics-daemon/pull/84) * [Full changelog](https://github.com/openshift/network-metrics-daemon/compare/74202ec3b360556526e9652dc25ba6e2f19d19bb...fad45782360032bdde3a10b9a28ba30ecc14684f) ### [nutanix-machine-controllers](https://github.com/openshift/machine-api-provider-nutanix/tree/708c6daea2aba7d0de0b8c55590e1c777639829f) * [OCPBUGS-25675](https://issues.redhat.com/browse/OCPBUGS-25675): Fix CI by running tests natively by default [#62](https://github.com/openshift/machine-api-provider-nutanix/pull/62) * [Full changelog](https://github.com/openshift/machine-api-provider-nutanix/compare/25aea2d4b370e42e67edab85c15c9ed56b98e134...708c6daea2aba7d0de0b8c55590e1c777639829f) ### [oauth-apiserver](https://github.com/openshift/oauth-apiserver/tree/f07bf80ded344ebf02003e8874dd21f45175869d) * [OCPBUGS-21049](https://issues.redhat.com/browse/OCPBUGS-21049): Bump K8s to v1.25 [#104](https://github.com/openshift/oauth-apiserver/pull/104) * [Full changelog](https://github.com/openshift/oauth-apiserver/compare/cfafdccf09150ab55b8b853df16e4395ff3bda4b...f07bf80ded344ebf02003e8874dd21f45175869d) ### [oc-mirror](https://github.com/openshift/oc-mirror/tree/c75a5fddc8182a5c450f7b2a140fb71f7bd227c3) * [OCPBUGS-385](https://issues.redhat.com/browse/OCPBUGS-385): Capability to override default channel (#749) (#796) [#749](https://github.com/openshift/oc-mirror/pull/749) * [OCPBUGS-19429](https://issues.redhat.com/browse/OCPBUGS-19429): Fix cross EUS channel upgrade path calculation (#779) [#779](https://github.com/openshift/oc-mirror/pull/779) * [OCPBUGS-21440](https://issues.redhat.com/browse/OCPBUGS-21440): fix: CVE-2023-39325 and CVE-2023-44487 (#713) [#713](https://github.com/openshift/oc-mirror/pull/713) * [Full changelog](https://github.com/openshift/oc-mirror/compare/3ac49d9bd7c2193ede794e328dfa1142d7735f2e...c75a5fddc8182a5c450f7b2a140fb71f7bd227c3) ### [olm-rukpak](https://github.com/openshift/operator-framework-rukpak/tree/f219ce7af993e4ca2c994b74375ddc8dbb4a5333) * : OCPBUGS-27593,OCPBUGS-27678: Update go-git to v5.11.0 [#76](https://github.com/openshift/operator-framework-rukpak/pull/76) * [OCPBUGS-23449](https://issues.redhat.com/browse/OCPBUGS-23449): [release-4.12] Address http2 Vulnerability [#64](https://github.com/openshift/operator-framework-rukpak/pull/64) * [OCPBUGS-21343](https://issues.redhat.com/browse/OCPBUGS-21343): [release-4.12] Bump golang.org/x/net to v0.17.0 [#41](https://github.com/openshift/operator-framework-rukpak/pull/41) * UPSTREAM: <carry>: add downstream owners [#43](https://github.com/openshift/operator-framework-rukpak/pull/43) * [Full changelog](https://github.com/openshift/operator-framework-rukpak/compare/1b52bfeb6823c07702bd3b3fb63972ef8e5e718a...f219ce7af993e4ca2c994b74375ddc8dbb4a5333) ### [openshift-apiserver](https://github.com/openshift/openshift-apiserver/tree/e9ad64992e81a10230e1759db6577db078f18b38) * : OCPBUGS-21429: Enable HTTP/2 CVE mitigation [#399](https://github.com/openshift/openshift-apiserver/pull/399) * [Full changelog](https://github.com/openshift/openshift-apiserver/compare/635ed5cc49f0d9668969a8a78bec91d426b4d26b...e9ad64992e81a10230e1759db6577db078f18b38) ### [openshift-state-metrics](https://github.com/openshift/openshift-state-metrics/tree/3d5dc18d2bee5ba7132560bf40790af997952d33) * [OCPBUGS-20706](https://issues.redhat.com/browse/OCPBUGS-20706): bump `x/net` to v0.17.0 [#106](https://github.com/openshift/openshift-state-metrics/pull/106) * [Full changelog](https://github.com/openshift/openshift-state-metrics/compare/4c711c74a0857e55604d11bd975b32b9956db6a0...3d5dc18d2bee5ba7132560bf40790af997952d33) ### [openstack-cinder-csi-driver-operator](https://github.com/openshift/openstack-cinder-csi-driver-operator/tree/d09e51ae44b3ac6d27236b515c1f7c6da847689d) * [OCPBUGS-21557](https://issues.redhat.com/browse/OCPBUGS-21557): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#137](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/137) * [OCPBUGS-18417](https://issues.redhat.com/browse/OCPBUGS-18417): set TLS cipher suites in Kube RBAC sidecars [#130](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/130) * [Full changelog](https://github.com/openshift/openstack-cinder-csi-driver-operator/compare/308a62d84a29b0d45c504fbe43a85fcb8e3199da...d09e51ae44b3ac6d27236b515c1f7c6da847689d) ### [openstack-machine-api-provider](https://github.com/openshift/machine-api-provider-openstack/tree/05657663c02be6d03d074d0f39a2b247cef9286a) * Bug OCPBUGS-19770: Set controller's SyncPeriod to 1 hour [#86](https://github.com/openshift/machine-api-provider-openstack/pull/86) * [Full changelog](https://github.com/openshift/machine-api-provider-openstack/compare/fe08e72a39a50604b3fb8c59a732a13a4594e3d4...05657663c02be6d03d074d0f39a2b247cef9286a) ### [openstack-machine-controllers](https://github.com/openshift/cluster-api-provider-openstack/tree/f13e381e962777d48fadcaa3570a583e72aa80c7) * [OCPBUGS-20780](https://issues.redhat.com/browse/OCPBUGS-20780): deps: Upgrade golang.org/x/net to v0.17.0 [#277](https://github.com/openshift/cluster-api-provider-openstack/pull/277) * [Full changelog](https://github.com/openshift/cluster-api-provider-openstack/compare/8bd9c35fa7dfa81697f9e62b9ea598cba699ca02...f13e381e962777d48fadcaa3570a583e72aa80c7) ### [operator-lifecycle-manager, operator-registry](https://github.com/openshift/operator-framework-olm/tree/9dd28b4133df91b7c14b48d1ca6e7042c5dab25b) * [OCPBUGS-27563](https://issues.redhat.com/browse/OCPBUGS-27563), [OCPBUGS-27568](https://issues.redhat.com/browse/OCPBUGS-27568), [OCPBUGS-27648](https://issues.redhat.com/browse/OCPBUGS-27648), [OCPBUGS-27653](https://issues.redhat.com/browse/OCPBUGS-27653): bump go-git/v5 to 5.11.0 [#688](https://github.com/openshift/operator-framework-olm/pull/688) * [OCPBUGS-27962](https://issues.redhat.com/browse/OCPBUGS-27962): [CARRY] SSC RBAC [#671](https://github.com/openshift/operator-framework-olm/pull/671) * [OCPBUGS-28229](https://issues.redhat.com/browse/OCPBUGS-28229): Registry Pod Controller Flag [#673](https://github.com/openshift/operator-framework-olm/pull/673) * [OCPBUGS-24619](https://issues.redhat.com/browse/OCPBUGS-24619): Update to latest k8s v0.25.15 API server and enable HTTP/2 DoS mitigations [#660](https://github.com/openshift/operator-framework-olm/pull/660) * [OCPBUGS-22132](https://issues.redhat.com/browse/OCPBUGS-22132): [release-4.12] Bump golang.org/x/net to v0.17.0 [#590](https://github.com/openshift/operator-framework-olm/pull/590) * [OCPBUGS-18512](https://issues.redhat.com/browse/OCPBUGS-18512), [RHIBMCS-168](https://issues.redhat.com/browse/RHIBMCS-168): Copied csv listing backport [#559](https://github.com/openshift/operator-framework-olm/pull/559) * Introduce DOWNSTREAM_OWNERS file [#541](https://github.com/openshift/operator-framework-olm/pull/541) * [Full changelog](https://github.com/openshift/operator-framework-olm/compare/63a91b941f37a6d73a64d29dd0722efd6cc2ee7c...9dd28b4133df91b7c14b48d1ca6e7042c5dab25b) ### [operator-marketplace](https://github.com/operator-framework/operator-marketplace/tree/06a56643da746dee338cf1625f82a7ff07c9cdac) * [OCPBUGS-20955](https://issues.redhat.com/browse/OCPBUGS-20955): [release-4.12] bump golang.org/x/net to 0.17.0 [#550](https://github.com/operator-framework/operator-marketplace/pull/550) * [OCPBUGS-18503](https://issues.redhat.com/browse/OCPBUGS-18503): remove a race condition [#533](https://github.com/operator-framework/operator-marketplace/pull/533) * [Full changelog](https://github.com/operator-framework/operator-marketplace/compare/d321a25ba74ff6210258da3356ef8ca7e930ecc4...06a56643da746dee338cf1625f82a7ff07c9cdac) ### [ovirt-csi-driver](https://github.com/openshift/ovirt-csi-driver/tree/87ab37895e56ea3c80be0163571fa593ce96d86b) * [OCPBUGS-23162](https://issues.redhat.com/browse/OCPBUGS-23162): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#131](https://github.com/openshift/ovirt-csi-driver/pull/131) * [Full changelog](https://github.com/openshift/ovirt-csi-driver/compare/64d58fb5438d5f22550ab20951cad32a886952ef...87ab37895e56ea3c80be0163571fa593ce96d86b) ### [ovirt-csi-driver-operator](https://github.com/openshift/ovirt-csi-driver-operator/tree/e5e02335951010745a42f472a0656b5948ffdade) * [OCPBUGS-23266](https://issues.redhat.com/browse/OCPBUGS-23266): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#128](https://github.com/openshift/ovirt-csi-driver-operator/pull/128) * [OCPBUGS-18417](https://issues.redhat.com/browse/OCPBUGS-18417): set TLS cipher suites in Kube RBAC sidecars [#121](https://github.com/openshift/ovirt-csi-driver-operator/pull/121) * [Full changelog](https://github.com/openshift/ovirt-csi-driver-operator/compare/feb14fbb7c7e91fd721a23b5c7307469da5c1aec...e5e02335951010745a42f472a0656b5948ffdade) ### [ovn-kubernetes, ovn-kubernetes-microshift](https://github.com/openshift/ovn-kubernetes/tree/cc7638a92466b13cf6d0b304b661b3be13acd78b) * [OCPBUGS-23259](https://issues.redhat.com/browse/OCPBUGS-23259): [release-4.12] Update leaderelection config to allow retries [#2017](https://github.com/openshift/ovn-kubernetes/pull/2017) * [OCPBUGS-28598](https://issues.redhat.com/browse/OCPBUGS-28598): CARRY: Updates owners and adds Surya [#2034](https://github.com/openshift/ovn-kubernetes/pull/2034) * [OCPBUGS-26700](https://issues.redhat.com/browse/OCPBUGS-26700): [release-4.12] fixes MTU configuration on gateway router [#2015](https://github.com/openshift/ovn-kubernetes/pull/2015) * [OCPBUGS-24420](https://issues.redhat.com/browse/OCPBUGS-24420): OVNK/GW: Ignore headless services in syncServices [#1972](https://github.com/openshift/ovn-kubernetes/pull/1972) * [OCPBUGS-23981](https://issues.redhat.com/browse/OCPBUGS-23981): Netpol retryFramework cleanup [#1977](https://github.com/openshift/ovn-kubernetes/pull/1977) * [OCPBUGS-26243](https://issues.redhat.com/browse/OCPBUGS-26243): Fix Egress IP Deletion Handler to Prevent OVN Policy Leaks [#2006](https://github.com/openshift/ovn-kubernetes/pull/2006) * [OCPBUGS-25096](https://issues.redhat.com/browse/OCPBUGS-25096): Fragment oversized reply packets in LGW mode [#1984](https://github.com/openshift/ovn-kubernetes/pull/1984) * [OCPBUGS-22091](https://issues.redhat.com/browse/OCPBUGS-22091): Bump OVN to 23.06.1-39.el8fdp [#1943](https://github.com/openshift/ovn-kubernetes/pull/1943) * [OCPBUGS-18681](https://issues.redhat.com/browse/OCPBUGS-18681): Check libovsdbclient.ErrNotFound on wrapped errors [#1862](https://github.com/openshift/ovn-kubernetes/pull/1862) * [OCPBUGS-20241](https://issues.redhat.com/browse/OCPBUGS-20241): fix race condition in hybrid overlay DRIP alloc [#1932](https://github.com/openshift/ovn-kubernetes/pull/1932) * [OCPBUGS-18353](https://issues.redhat.com/browse/OCPBUGS-18353): Update bridge flow cache when the host address changes [#1872](https://github.com/openshift/ovn-kubernetes/pull/1872) * [OCPBUGS-14708](https://issues.redhat.com/browse/OCPBUGS-14708), [OCPBUGS-19089](https://issues.redhat.com/browse/OCPBUGS-19089), [OCPBUGS-19904](https://issues.redhat.com/browse/OCPBUGS-19904), [OCPBUGS-19906](https://issues.redhat.com/browse/OCPBUGS-19906): Dockerfile: bump OVN to ovn22.12-22.12.1-18.el8fdp [#1881](https://github.com/openshift/ovn-kubernetes/pull/1881) * [OCPBUGS-18054](https://issues.redhat.com/browse/OCPBUGS-18054): Emit node events only when retry failure [#1837](https://github.com/openshift/ovn-kubernetes/pull/1837) * [OCPBUGS-18652](https://issues.redhat.com/browse/OCPBUGS-18652): Do not return error if pod IP cannot be retrieved for `deletePeerPod` and perf improvements [#1903](https://github.com/openshift/ovn-kubernetes/pull/1903) * [OCPBUGS-19432](https://issues.redhat.com/browse/OCPBUGS-19432): Remove stale egressip status entry [#1892](https://github.com/openshift/ovn-kubernetes/pull/1892) * [OCPBUGS-18586](https://issues.redhat.com/browse/OCPBUGS-18586): Fix OVN SNATing on GR by enabling gateway_mtu on rtoe port of GR [#1856](https://github.com/openshift/ovn-kubernetes/pull/1856) * [OCPBUGS-18058](https://issues.redhat.com/browse/OCPBUGS-18058): [release-4.12] Create egress firewall with one db transaction [#1835](https://github.com/openshift/ovn-kubernetes/pull/1835) * [OCPBUGS-17675](https://issues.redhat.com/browse/OCPBUGS-17675): Don't return error on delete event that doesn't ave a chance to succeed. [#1814](https://github.com/openshift/ovn-kubernetes/pull/1814) * [OCPBUGS-17522](https://issues.redhat.com/browse/OCPBUGS-17522): [release-4.12] libovsdb: give monitor setup time to process than normal transactions [#1808](https://github.com/openshift/ovn-kubernetes/pull/1808) * [Full changelog](https://github.com/openshift/ovn-kubernetes/compare/f704c408df54f6e7f98832a7599654f6164d600d...cc7638a92466b13cf6d0b304b661b3be13acd78b) ### [powervs-block-csi-driver](https://github.com/openshift/ibm-powervs-block-csi-driver/tree/b78e8e7871bd50ff77a68fdae320775a17856373) * [OCPBUGS-24733](https://issues.redhat.com/browse/OCPBUGS-24733): synk: ignore vendor dir [#62](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/62) * [OCPBUGS-21079](https://issues.redhat.com/browse/OCPBUGS-21079): CVE-2023-39325 - Update net dependencies - 4.12 [#53](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/53) * Update OWNERS add yussufsh [#55](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/55) * [Full changelog](https://github.com/openshift/ibm-powervs-block-csi-driver/compare/5eb2b132aef490ff8fec4784d8696c7758561e7e...b78e8e7871bd50ff77a68fdae320775a17856373) ### [powervs-block-csi-driver-operator](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/tree/7dadc08acb9f515735c6c3fdb417424d0c668d44) * [OCPBUGS-25717](https://issues.redhat.com/browse/OCPBUGS-25717): snyk: ignore vendor dir [#62](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/pull/62) * [OCPBUGS-21168](https://issues.redhat.com/browse/OCPBUGS-21168): CVE-2023-39325 - Update net dependencies - 4.12 [#42](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/pull/42) * Update OWNERS add yussufsh [#46](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/pull/46) * [Full changelog](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/compare/b4da8bcc0ba35a656283c9781e0343a22fdcdfe7...7dadc08acb9f515735c6c3fdb417424d0c668d44) ### [powervs-cloud-controller-manager](https://github.com/openshift/cloud-provider-powervs/tree/4fb4334ca8aa9eb8290488359dd8d1cc5261da49) * [OCPBUGS-24740](https://issues.redhat.com/browse/OCPBUGS-24740): UPSTREAM: <carry>: snyk code scan exclude vendor directory [#52](https://github.com/openshift/cloud-provider-powervs/pull/52) * [OCPBUGS-21260](https://issues.redhat.com/browse/OCPBUGS-21260): CVE-2023-39325 - Update net dependencies - 4.12 [#47](https://github.com/openshift/cloud-provider-powervs/pull/47) * [Full changelog](https://github.com/openshift/cloud-provider-powervs/compare/d8ddc10c99451542b42a725c5346ee7c174dae1f...4fb4334ca8aa9eb8290488359dd8d1cc5261da49) ### [powervs-machine-controllers](https://github.com/openshift/machine-api-provider-powervs/tree/8a37e70af86197341dfe33077565cc1f7c919333) * [OCPBUGS-24564](https://issues.redhat.com/browse/OCPBUGS-24564): Reduce metrics cardinality [#75](https://github.com/openshift/machine-api-provider-powervs/pull/75) * [OCPBUGS-24738](https://issues.redhat.com/browse/OCPBUGS-24738): snyk code scan exclude vendor directory [#63](https://github.com/openshift/machine-api-provider-powervs/pull/63) * [OCPBUGS-21882](https://issues.redhat.com/browse/OCPBUGS-21882): CVE-2023-39325 - Bump golang.org/x/net to v0.17.0 - 4.12 [#57](https://github.com/openshift/machine-api-provider-powervs/pull/57) * [Full changelog](https://github.com/openshift/machine-api-provider-powervs/compare/3f498f79cf7af3e4013cfcbfdcfb006ae64e19e9...8a37e70af86197341dfe33077565cc1f7c919333) ### [prometheus](https://github.com/openshift/prometheus/tree/72ceaef4a59ec0cfb0639563ba9bd28928f4bcc0) * [OCPBUGS-21219](https://issues.redhat.com/browse/OCPBUGS-21219): update golang.org/x/net to v0.17.0 [4.12] [#175](https://github.com/openshift/prometheus/pull/175) * [Full changelog](https://github.com/openshift/prometheus/compare/c749fdb468ee6d0ac586156832ad9b094c76d867...72ceaef4a59ec0cfb0639563ba9bd28928f4bcc0) ### [prometheus-alertmanager](https://github.com/openshift/prometheus-alertmanager/tree/914cad827e9a177b29b23e02eb48b4065da8dca2) * [OCPBUGS-21031](https://issues.redhat.com/browse/OCPBUGS-21031): Bump golang.org/x/net to v0.17.0 [#82](https://github.com/openshift/prometheus-alertmanager/pull/82) * [Full changelog](https://github.com/openshift/prometheus-alertmanager/compare/86b18354a463c04bb8d54b1e686d9fe54ff449e9...914cad827e9a177b29b23e02eb48b4065da8dca2) ### [prometheus-config-reloader, prometheus-operator, prometheus-operator-admission-webhook](https://github.com/openshift/prometheus-operator/tree/d1e399d5cead91c677cee4a80a032f5057cb43e3) * [OCPBUGS-20843](https://issues.redhat.com/browse/OCPBUGS-20843): Bump golang.org/x/net to v0.17.0 [#249](https://github.com/openshift/prometheus-operator/pull/249) * [Full changelog](https://github.com/openshift/prometheus-operator/compare/57e7c5741af878b97e473827c5bd82462e996856...d1e399d5cead91c677cee4a80a032f5057cb43e3) ### [prometheus-node-exporter](https://github.com/openshift/node_exporter/tree/99077a3c8c3b0fce152fe0affce1e31fc2c6efaa) * [OCPBUGS-21123](https://issues.redhat.com/browse/OCPBUGS-21123): upgrade golang.org/x/net to v0.17.0 [#136](https://github.com/openshift/node_exporter/pull/136) * [Full changelog](https://github.com/openshift/node_exporter/compare/af2f49cac92d4ec56fd495c0ecfc0e0a4149eea5...99077a3c8c3b0fce152fe0affce1e31fc2c6efaa) ### [service-ca-operator](https://github.com/openshift/service-ca-operator/tree/ef1d057db0bf8d0846d96e09cdd1f55998a1f80b) * [OCPBUGS-21026](https://issues.redhat.com/browse/OCPBUGS-21026): CVE 2023 39325 (4.12) [#231](https://github.com/openshift/service-ca-operator/pull/231) * [Full changelog](https://github.com/openshift/service-ca-operator/compare/299b7097a49385fdd4f86eccedc07f3a192e2504...ef1d057db0bf8d0846d96e09cdd1f55998a1f80b) ### [telemeter](https://github.com/openshift/telemeter/tree/9c8092bb329c90d4ae12daf16906adb9b9620e20) * [OCPBUGS-21310](https://issues.redhat.com/browse/OCPBUGS-21310): [release-4.12] fix: Bump golang.org/x/net to v0.17.0 [#486](https://github.com/openshift/telemeter/pull/486) * [Full changelog](https://github.com/openshift/telemeter/compare/fc631fcbec5c87612ab52476818b4f264b7ab849...9c8092bb329c90d4ae12daf16906adb9b9620e20) ### [tests](https://github.com/openshift/origin/tree/7b7d4ef2acfb10117f21af59d5b99da177b19d3d) * Bug OCPBUGS-20557: Correct condition for rejecting connection [#28327](https://github.com/openshift/origin/pull/28327) * [OCPBUGS-18490](https://issues.redhat.com/browse/OCPBUGS-18490): bump monitoring SNO bounds [#28239](https://github.com/openshift/origin/pull/28239) * [OCPBUGS-18527](https://issues.redhat.com/browse/OCPBUGS-18527): Ignore timeout and connection refused errors during upgrade tests for 4.12 [#28270](https://github.com/openshift/origin/pull/28270) * [OCPBUGS-18309](https://issues.redhat.com/browse/OCPBUGS-18309): Add missing watch permission for console users [#28234](https://github.com/openshift/origin/pull/28234) * [OCPBUGS-16696](https://issues.redhat.com/browse/OCPBUGS-16696): Wait for DNS DS pods to be ready [#28083](https://github.com/openshift/origin/pull/28083) * [Full changelog](https://github.com/openshift/origin/compare/e89dca7f9736ab7fb3ab2a71d3e435ad28c56771...7b7d4ef2acfb10117f21af59d5b99da177b19d3d) ### [thanos](https://github.com/openshift/thanos/tree/2867a6b552eaddefd73aa979f13e95f6df338070) * [OCPBUGS-27100](https://issues.redhat.com/browse/OCPBUGS-27100): Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to 0.44.0 [#137](https://github.com/openshift/thanos/pull/137) * [OCPBUGS-21135](https://issues.redhat.com/browse/OCPBUGS-21135): Bump golang.org/x/net to v0.17.0 [#126](https://github.com/openshift/thanos/pull/126) * [Full changelog](https://github.com/openshift/thanos/compare/9f2b5ff512b8c396f7b4d006d7eafb5c7ca97fba...2867a6b552eaddefd73aa979f13e95f6df338070) ### [vsphere-cloud-controller-manager](https://github.com/openshift/cloud-provider-vsphere/tree/e170dce5c1fe5d3a025ccd8264e78c4c987b1d7a) * [OCPBUGS-21493](https://issues.redhat.com/browse/OCPBUGS-21493): Bump golang.org/x/net to v0.18.0 [#56](https://github.com/openshift/cloud-provider-vsphere/pull/56) * [Full changelog](https://github.com/openshift/cloud-provider-vsphere/compare/e993e31f6a3b02938b11fb2f18d67681d60d8922...e170dce5c1fe5d3a025ccd8264e78c4c987b1d7a) ### [vsphere-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-vsphere/tree/a61d43b751249c1a74376a48498571da1d665685) * [OCPBUGS-21548](https://issues.redhat.com/browse/OCPBUGS-21548): bump golang.org/x/net to v0.17.0 [#24](https://github.com/openshift/cluster-api-provider-vsphere/pull/24) * [Full changelog](https://github.com/openshift/cluster-api-provider-vsphere/compare/5c261b3bc8acb84fdf8263a67a80dd384fba698e...a61d43b751249c1a74376a48498571da1d665685) ### [vsphere-csi-driver, vsphere-csi-driver-syncer](https://github.com/openshift/vmware-vsphere-csi-driver/tree/e4c0e103ddbf264387d6efb26b612a4b915d362a) * [OCPBUGS-20417](https://issues.redhat.com/browse/OCPBUGS-20417): syncer: fix nil pointer dereference in log message [#98](https://github.com/openshift/vmware-vsphere-csi-driver/pull/98) * [OCPBUGS-21552](https://issues.redhat.com/browse/OCPBUGS-21552): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#92](https://github.com/openshift/vmware-vsphere-csi-driver/pull/92) * [Full changelog](https://github.com/openshift/vmware-vsphere-csi-driver/compare/942e50171c92cfdc15d333c9ad913fe979d22b80...e4c0e103ddbf264387d6efb26b612a4b915d362a) ### [vsphere-csi-driver-operator](https://github.com/openshift/vmware-vsphere-csi-driver-operator/tree/d7cca470e82158e8240a09b3586f99e6a84f121f) * [OCPBUGS-21416](https://issues.redhat.com/browse/OCPBUGS-21416): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#175](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/175) * [OCPBUGS-18131](https://issues.redhat.com/browse/OCPBUGS-18131): Block upgrade to 4.13 via admin ack [#171](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/171) * [OCPBUGS-18333](https://issues.redhat.com/browse/OCPBUGS-18333): disable controller hostNetwork [#167](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/167) * [Full changelog](https://github.com/openshift/vmware-vsphere-csi-driver-operator/compare/64cb29dc4ccfe90b86f47745d14dc3eb0470b33c...d7cca470e82158e8240a09b3586f99e6a84f121f) ### [vsphere-problem-detector](https://github.com/openshift/vsphere-problem-detector/tree/f25ae2add899bbd4b63b476c2e6178cfbaf68ac4) * [OCPBUGS-21574](https://issues.redhat.com/browse/OCPBUGS-21574): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#131](https://github.com/openshift/vsphere-problem-detector/pull/131) * [Full changelog](https://github.com/openshift/vsphere-problem-detector/compare/2fa9a1ec0f5b502c18fb997837605c88be3ba793...f25ae2add899bbd4b63b476c2e6178cfbaf68ac4)