# 4.12.4 Created: 2023-02-15 09:46:01 +0000 UTC Image Digest: `sha256:bbf1f27e5942a2f7a0f298606029d10600ba0462a09ab654f006ce14d314cb2c` Promoted from registry.ci.openshift.org/ocp/release:4.12.0-0.nightly-2023-02-14-151855 ## Changes from 4.12.3 ### Components * Kubernetes 1.25.4 * Red Hat Enterprise Linux CoreOS upgraded from 412.86.202302091057-0 to 412.86.202302091419-0 ### Rebuilt images without code change * machine-os-content `sha256:4c7415ccb431312f41550c7e81b2f15e325709d2e2f1c58d86cbb1b5bb77d6c1` * [machine-os-images](https://github.com/openshift/machine-os-images) git [566bf595](https://github.com/openshift/machine-os-images/commit/566bf59501f178bd80e410fda66cc424de6a4891) `sha256:2efb8fda6fa1a7900187dc2ac54aecbc39f3be455f6e773e9eb9b7ace75bb52f` * [network-tools](https://github.com/openshift/network-tools) git [c76613c7](https://github.com/openshift/network-tools/commit/c76613c77c8785b91611bb3c4245bc34f3b14f76) `sha256:a8642b799958817ab8d71f152c44e1521510a1967ff4a50ea426d35e5db4a4a0` * rhel-coreos-8 `sha256:329a8968765c2eca37d8cbd95ecab0400b5252a680eea9d279f41d7a8b4fdb93` * rhel-coreos-8-extensions `sha256:296b61f3af32dad27b20692467909f57080f56c76ae45b4eff6195baa0cbed6b` ### [baremetal-installer, installer, installer-artifacts](https://github.com/openshift/installer/tree/3539b13d710d656867912e8497e761c507d14b6e) * [OCPBUGS-6807](https://issues.redhat.com/browse/OCPBUGS-6807): Check platform baremetal settings against default values [#6815](https://github.com/openshift/installer/pull/6815) * [OCPBUGS-7103](https://issues.redhat.com/browse/OCPBUGS-7103): Set the configured proxy settings for agent installer [#6830](https://github.com/openshift/installer/pull/6830) * [Full changelog](https://github.com/openshift/installer/compare/b8d24572d4c5484864c499215ba967ac801675e8...3539b13d710d656867912e8497e761c507d14b6e) ### [cluster-network-operator](https://github.com/openshift/cluster-network-operator/tree/43bc195cf9fef2db627369f86d10e0f501e9d3fa) * [OCPBUGS-7044](https://issues.redhat.com/browse/OCPBUGS-7044): HyperShift: Add .hypershift.local to no proxy list [#1706](https://github.com/openshift/cluster-network-operator/pull/1706) * [OCPBUGS-7044](https://issues.redhat.com/browse/OCPBUGS-7044): HyperShift: Do not use proxy for internal routes [#1704](https://github.com/openshift/cluster-network-operator/pull/1704) * [OCPBUGS-4778](https://issues.redhat.com/browse/OCPBUGS-4778): Fix handling of deployment and statefulset updates [#1663](https://github.com/openshift/cluster-network-operator/pull/1663) * [Full changelog](https://github.com/openshift/cluster-network-operator/compare/68d109ac3b8605525c2aabc29789415bc302c9c7...43bc195cf9fef2db627369f86d10e0f501e9d3fa) ### [cluster-samples-operator](https://github.com/openshift/cluster-samples-operator/tree/ab23d0e04237ffc8cf69cbf9b73f8bc2eee190bb) * [OCPBUGS-7208](https://issues.redhat.com/browse/OCPBUGS-7208): When setting allowedRegistries urls the openshift-samples operator is degraded [#489](https://github.com/openshift/cluster-samples-operator/pull/489) * [Full changelog](https://github.com/openshift/cluster-samples-operator/compare/212a4553b3bf87d56f2f360b562187a685099c3e...ab23d0e04237ffc8cf69cbf9b73f8bc2eee190bb) ### [csi-driver-manila-operator](https://github.com/openshift/csi-driver-manila-operator/tree/2c0d3b1c56f485cf6f4ad2787753545975326e6d) * [OCPBUGS-6599](https://issues.redhat.com/browse/OCPBUGS-6599): Address CVE-2022-41717 [#166](https://github.com/openshift/csi-driver-manila-operator/pull/166) * [Full changelog](https://github.com/openshift/csi-driver-manila-operator/compare/6cad8759f4456659c9397a61d20a7f084bd90304...2c0d3b1c56f485cf6f4ad2787753545975326e6d) ### [csi-driver-nfs](https://github.com/openshift/csi-driver-nfs/tree/d90992573acb3df6c7fbb6dbe1b215125d26fc34) * [OCPBUGS-6590](https://issues.redhat.com/browse/OCPBUGS-6590): Address CVE-2022-41717 [#105](https://github.com/openshift/csi-driver-nfs/pull/105) * [Full changelog](https://github.com/openshift/csi-driver-nfs/compare/b7393faceb18e18eae133a6de89e4b4339295fa8...d90992573acb3df6c7fbb6dbe1b215125d26fc34) ### [hypershift](https://github.com/openshift/hypershift/tree/54001d77ed2b14074f002aed2a7350ef3a1a946b) * Skip destroyAWSDefaultSecurityGroup if not AWS [#2168](https://github.com/openshift/hypershift/pull/2168) * Create default security group for AWS clusters [#2162](https://github.com/openshift/hypershift/pull/2162) * [AUTH-323](https://issues.redhat.com/browse/AUTH-323): pki: split out konnectivity certs from the rootCA [#2156](https://github.com/openshift/hypershift/pull/2156) * fix(ibmcloud): Initialize image registry config on creates and bad config [#2104](https://github.com/openshift/hypershift/pull/2104) * fix(cpo): Allow KAS profiling disablement [#2122](https://github.com/openshift/hypershift/pull/2122) * [Full changelog](https://github.com/openshift/hypershift/compare/e0814ddb30f6dd05f1b5e7c6a5d7fd935e09b855...54001d77ed2b14074f002aed2a7350ef3a1a946b) ### [kube-proxy, sdn](https://github.com/openshift/sdn/tree/d8a02d36d5aaa4737246b7807b0a10f9cafccec0) * [OCPBUGS-7227](https://issues.redhat.com/browse/OCPBUGS-7227): Update for 4.12 / go 1.19, including gofmt updates [#482](https://github.com/openshift/sdn/pull/482) * [Full changelog](https://github.com/openshift/sdn/compare/d6903305ca12bf21f4ef6b96cb7aeed7defa2fc2...d8a02d36d5aaa4737246b7807b0a10f9cafccec0) ### [machine-config-operator](https://github.com/openshift/machine-config-operator/tree/4099f3c4f4ea9df85a7516a6300a4c6e5504a5cd) * [OCPBUGS-6943](https://issues.redhat.com/browse/OCPBUGS-6943): Improvements for `configure-ovs.sh` [#3528](https://github.com/openshift/machine-config-operator/pull/3528) * [OCPBUGS-6045](https://issues.redhat.com/browse/OCPBUGS-6045): There are not enough logs in case "oc extract" is stuck in mco first boot [#3503](https://github.com/openshift/machine-config-operator/pull/3503) * [OCPBUGS-6973](https://issues.redhat.com/browse/OCPBUGS-6973): configure-ovs: optionally generate configuration in /run [#3532](https://github.com/openshift/machine-config-operator/pull/3532) * [OCPBUGS-6779](https://issues.redhat.com/browse/OCPBUGS-6779): baremetal: clean state generated by NM when run by dracut [#3521](https://github.com/openshift/machine-config-operator/pull/3521) * [OCPBUGS-7241](https://issues.redhat.com/browse/OCPBUGS-7241): controller: default overwrite to true for files [#3546](https://github.com/openshift/machine-config-operator/pull/3546) * [Full changelog](https://github.com/openshift/machine-config-operator/compare/84e78c83d5f1d6cb97a43b264154f1f519b69fb2...4099f3c4f4ea9df85a7516a6300a4c6e5504a5cd) ### [openstack-machine-api-provider](https://github.com/openshift/machine-api-provider-openstack/tree/9176d8600a10d34527992d462f4006178d4bfcf7) * [OCPBUGS-7155](https://issues.redhat.com/browse/OCPBUGS-7155): Address CVE-2022-41717 [#55](https://github.com/openshift/machine-api-provider-openstack/pull/55) * [Full changelog](https://github.com/openshift/machine-api-provider-openstack/compare/5f1ea9f0dbdadb30f67e7539ff357170f9401773...9176d8600a10d34527992d462f4006178d4bfcf7) ### [operator-lifecycle-manager, operator-registry](https://github.com/openshift/operator-framework-olm/tree/2fe8e470f6ebcdb73da63252d78c6af11ecde02f) * [OCPBUGS-6260](https://issues.redhat.com/browse/OCPBUGS-6260): Catalog, fatal error: concurrent map read and map write [#440](https://github.com/openshift/operator-framework-olm/pull/440) * [Full changelog](https://github.com/openshift/operator-framework-olm/compare/ff8edefcf3d34c5e8cca9a208c70d0dc73a10999...2fe8e470f6ebcdb73da63252d78c6af11ecde02f) ### [ovn-kubernetes, ovn-kubernetes-microshift](https://github.com/openshift/ovn-kubernetes/tree/4b5172a7f3e68cd724a11b4beaaa0459ece307fa) * [OCPBUGS-7230](https://issues.redhat.com/browse/OCPBUGS-7230): Delete IGMP Groups when deleting stale chassis [#1516](https://github.com/openshift/ovn-kubernetes/pull/1516) * [Full changelog](https://github.com/openshift/ovn-kubernetes/compare/38cd36f558a793a46f4f46684adccb12f5a8b59b...4b5172a7f3e68cd724a11b4beaaa0459ece307fa) ### [tests](https://github.com/openshift/origin/tree/72810abf0110bd67b1103e889477075e2cd39865) * [OCPBUGS-7285](https://issues.redhat.com/browse/OCPBUGS-7285): extended: security: do not explicitly set api audience on token request [#27716](https://github.com/openshift/origin/pull/27716) * [Full changelog](https://github.com/openshift/origin/compare/35f8c051dd32b99490634ef52d73bb280d66194c...72810abf0110bd67b1103e889477075e2cd39865) ### [vsphere-problem-detector](https://github.com/openshift/vsphere-problem-detector/tree/c65eb79c378729ef266cdc219324ecc3e7c3ac87) * [OCPBUGS-6788](https://issues.redhat.com/browse/OCPBUGS-6788): Derive the fully qualified vSphere username when checking permissions [#98](https://github.com/openshift/vsphere-problem-detector/pull/98) * [Full changelog](https://github.com/openshift/vsphere-problem-detector/compare/7328d215995baa4bdf623021741c669251ea4296...c65eb79c378729ef266cdc219324ecc3e7c3ac87)