# 4.12.85 Created: 2026-02-05 15:21:41 +0000 UTC Image Digest: `sha256:ff7d04b2684670422141a33da362cef8b0475505c458ff9a74564b37e97868a9` ## Changes from 4.12.43 ### Components * Kubernetes upgraded from 1.25.14 to 1.25.16 * Red Hat Enterprise Linux CoreOS upgraded from 412.86.202311051457-0 to 412.86.202602021310-0 ### Rebuilt images without code change * [alibaba-cloud-csi-driver](https://github.com/openshift/alibaba-cloud-csi-driver) git [4d3b1125](https://github.com/openshift/alibaba-cloud-csi-driver/commit/4d3b1125cfd3acfe3fbafa4c83543bbb89de97a2) `sha256:b5ae4cde65a59cfc5345aab8ddaceb6d6808e8731b0904a89955545ebb7e6e9a` * [alibaba-disk-csi-driver-operator](https://github.com/openshift/alibaba-disk-csi-driver-operator) git [99bcda8d](https://github.com/openshift/alibaba-disk-csi-driver-operator/commit/99bcda8da7c9c2e4415f30b82371f0b79d527d3d) `sha256:a88199cf89e6ccfba41b7ac79262d9e721e6d79cae7ab3eddc7f8a86841fd32f` * [azure-disk-csi-driver-operator](https://github.com/openshift/azure-disk-csi-driver-operator) git [988b8cc8](https://github.com/openshift/azure-disk-csi-driver-operator/commit/988b8cc8ead51c2904c6cb75446529bfe3674ee3) `sha256:8f8c750a17bbbad778c9dc0c196bb977d1aa955cfe8fd11dbae31adc919b0028` * [azure-file-csi-driver](https://github.com/openshift/azure-file-csi-driver) git [15aade4d](https://github.com/openshift/azure-file-csi-driver/commit/15aade4d58785b54ac732a660f1359132d27f9b9) `sha256:2e211af60a527a60e8302d520522cdd775e10b124db28468b7e29a67538980a3` * [cluster-bootstrap](https://github.com/openshift/cluster-bootstrap) git [138a1cf2](https://github.com/openshift/cluster-bootstrap/commit/138a1cf2b98578acb4ccf098736bdf08614d2d6a) `sha256:0391a332b51740dea94584b4af61dcb6689f9848596b54a3c7c53841ae20d63e` * [cluster-platform-operators-manager](https://github.com/openshift/platform-operators) git [c930dc74](https://github.com/openshift/platform-operators/commit/c930dc745f23ee5bde8b48d13557976186c21c7c) `sha256:acef3b5367a3e5594aa44b414a6fd643432e23a056d92e9475cec721efce2de9` * [cluster-storage-operator](https://github.com/openshift/cluster-storage-operator) git [21ebf328](https://github.com/openshift/cluster-storage-operator/commit/21ebf328f53182111eb7dce344487ba633d09b1a) `sha256:fb341b0f6cc9964f910ff9db666bcd3efd8f5015fdec761aff84c0e328fab7d8` * [cluster-update-keys](https://github.com/openshift/cluster-update-keys) git [2796e173](https://github.com/openshift/cluster-update-keys/commit/2796e1732615521e818be82663058e0a3f1b3941) `sha256:d00bd1f7c4aab5538365daf6492acbe4e844c63cc024700a4f196403ebfc236e` * [configmap-reloader](https://github.com/openshift/configmap-reload) git [e4d9170e](https://github.com/openshift/configmap-reload/commit/e4d9170e71bdf8a79e9cde94dac53575a30f46f3) `sha256:a2711088892b471c19f8b33ae7b85be84f855e7e35643a4966a90ddd197cc500` * [csi-driver-nfs](https://github.com/openshift/csi-driver-nfs) git [d9099257](https://github.com/openshift/csi-driver-nfs/commit/d90992573acb3df6c7fbb6dbe1b215125d26fc34) `sha256:be48f763dff5c44895d81b66499badcfe66effaf71db17972df5d44c01190b1a` * [csi-external-attacher](https://github.com/openshift/csi-external-attacher) git [fac7b8fd](https://github.com/openshift/csi-external-attacher/commit/fac7b8fd905b4c68beadc2c968e6f981385463e8) `sha256:27a03c2be90e1da9683ca44d46d8a6b9f6c14165d67d58b32a7783baae5360ee` * [csi-external-provisioner](https://github.com/openshift/csi-external-provisioner) git [3aa7c527](https://github.com/openshift/csi-external-provisioner/commit/3aa7c527732e288c71119ea3e78fac739dfbd438) `sha256:85dc819e23fef52c4f9d06e766698ec6590e0917819c19a1460431a8703a195e` * [csi-external-resizer](https://github.com/openshift/csi-external-resizer) git [5b066ba4](https://github.com/openshift/csi-external-resizer/commit/5b066ba420bd74ec5327978d2731da989d57d4f2) `sha256:efe68b729065567fc67b1304b1518706e7c4a2a34a516582647cf955f5c3a54d` * [csi-livenessprobe](https://github.com/openshift/csi-livenessprobe) git [e6545e71](https://github.com/openshift/csi-livenessprobe/commit/e6545e71597df1da4635c266eb8f499fc376d970) `sha256:46bfa0f6967e05469cb16cea83ba95fff130b74eeabc5342215363ec189dc323` * [csi-node-driver-registrar](https://github.com/openshift/csi-node-driver-registrar) git [c316b896](https://github.com/openshift/csi-node-driver-registrar/commit/c316b8963a0b0ff8d45f2b32c56de972d55bfd37) `sha256:9deb30d1a60ba4023d02f2a2fed4bfeb7d8ee0c3aaa62e1441f9be6e7b664d7c` * [egress-router-cni](https://github.com/openshift/egress-router-cni) git [a92e4157](https://github.com/openshift/egress-router-cni/commit/a92e415791b531ca15ec84953550b71bd3534566) `sha256:9b270aef1c7c8105ec2b0429115888da92760054dd8ff0e2aac99c148e26a702` * [gcp-pd-csi-driver](https://github.com/openshift/gcp-pd-csi-driver) git [5dcfd675](https://github.com/openshift/gcp-pd-csi-driver/commit/5dcfd6755ea1eff7dcf1c0c831b048eda1b41736) `sha256:04fc134b3af096960dabf7a7d4c23a10e0cbd584e0252e42fee998d2e4a1d7cb` * [gcp-pd-csi-driver-operator](https://github.com/openshift/gcp-pd-csi-driver-operator) git [30e97ba5](https://github.com/openshift/gcp-pd-csi-driver-operator/commit/30e97ba511547edb057071b63498e1ca4c68ec16) `sha256:0fbf9cf75ea4ea60ed8635880775d619171ed92b19b5541b51b303ed6ba43180` * [ibmcloud-machine-controllers](https://github.com/openshift/machine-api-provider-ibmcloud) git [31a67dac](https://github.com/openshift/machine-api-provider-ibmcloud/commit/31a67daca92c374cb4d9a87928ec8c28528a0c0e) `sha256:26f61a4af0418f7b91312f515a2a8a60eb092c0d993492887016c48ebda2050a` * [ironic-machine-os-downloader](https://github.com/openshift/ironic-rhcos-downloader) git [c65c1f1c](https://github.com/openshift/ironic-rhcos-downloader/commit/c65c1f1c19a9b62ef5f4a857e5ce86ad6fca3d29) `sha256:3e3bb0d1a68297cb948924dd3f37631beccda9795886934250bbd8637aff1470` * [ironic-static-ip-manager](https://github.com/openshift/ironic-static-ip-manager) git [a8ade8fe](https://github.com/openshift/ironic-static-ip-manager/commit/a8ade8fe60ad5fb1ab225a514ec331123b256cff) `sha256:2bf43ef42928929ff56fa9c77523fa69a55c33511acaba14144d9112f240d6f9` * [keepalived-ipfailover](https://github.com/openshift/images) git [7e8a0105](https://github.com/openshift/images/commit/7e8a0105eb7369f3f92ad7b2581a2efffab5b28e) `sha256:5c89b29806a75feb8b47d5aeefc123a3118ddaf3658a8dcdbbb29f542fa6b299` * [kubevirt-cloud-controller-manager](https://github.com/openshift/cloud-provider-kubevirt) git [a19615cd](https://github.com/openshift/cloud-provider-kubevirt/commit/a19615cda3daf69008253d75cc848ac0ad397179) `sha256:596c6ba7d2a8cca456d36402cab684b58f82b40609da519ee6125257a8b16dc1` * [kubevirt-csi-driver](https://github.com/openshift/kubevirt-csi-driver) git [f407c8a7](https://github.com/openshift/kubevirt-csi-driver/commit/f407c8a71c831a8f7911bf0b4a99bb6b16e0e0b6) `sha256:7a6b74832f15e1fed112da057d632dae55aadb3b086958c0ef9a4b531c4cb957` * [kuryr-cni](https://github.com/openshift/kuryr-kubernetes) git [8fd2f8b0](https://github.com/openshift/kuryr-kubernetes/commit/8fd2f8b0f7e2849b1a7db252beba0c8250552e36) `sha256:2d3e13474125f18a759a61774f66074186aa4f4d3a012da61d7689752e91a9bb` * [kuryr-controller](https://github.com/openshift/kuryr-kubernetes) git [8fd2f8b0](https://github.com/openshift/kuryr-kubernetes/commit/8fd2f8b0f7e2849b1a7db252beba0c8250552e36) `sha256:94c0f2c4af761372445e7acb68815ce0fc1bb8bb488adbb9a7938899af53bd80` * [libvirt-machine-controllers](https://github.com/openshift/cluster-api-provider-libvirt) git [a2882f7a](https://github.com/openshift/cluster-api-provider-libvirt/commit/a2882f7aa56d4059a20bdc02486da905b5764062) `sha256:20e00ab2af71696f2e7e96ae08e0988bbd1de35bb00860c1b98cff84beb6f475` * machine-os-content `sha256:54879c594d7b2d54d2dcb70a402ab7046ed6825a6189403d5ae1f2a5bd39f94a` * [multus-route-override-cni](https://github.com/openshift/route-override-cni) git [efd6ffbb](https://github.com/openshift/route-override-cni/commit/efd6ffbb275a133196e30edfe9f241e2a3b4f0c0) `sha256:03509b845faa02ed5ec260522c1b6de51defa62ea474b3f8707c43d2b55f1bed` * [network-interface-bond-cni](https://github.com/openshift/bond-cni) git [30386d6b](https://github.com/openshift/bond-cni/commit/30386d6b8d4f3b05931842b6a9b85f15c241b09a) `sha256:f0342b067cdff090542475b5dc6cd301de3a091e0eb22ed9b96ac7d426e5690e` * [network-tools](https://github.com/openshift/network-tools) git [c76613c7](https://github.com/openshift/network-tools/commit/c76613c77c8785b91611bb3c4245bc34f3b14f76) `sha256:baa6f091dc4c3217b5a4d0127ee36cdacb7dca6cb57f29f1b4b5d73c6b80d4fb` * [oauth-proxy](https://github.com/openshift/oauth-proxy) git [03e5b13b](https://github.com/openshift/oauth-proxy/commit/03e5b13b8b7087dd70abfd70efb4c5b92f800a4f) `sha256:c6fa37bfaedd85e2cbfe81dc4235ed17aaf93e87b3f106e1e6243e8bb1cd8afd` * [openstack-cinder-csi-driver-operator](https://github.com/openshift/openstack-cinder-csi-driver-operator) git [d09e51ae](https://github.com/openshift/openstack-cinder-csi-driver-operator/commit/d09e51ae44b3ac6d27236b515c1f7c6da847689d) `sha256:21e882e46981621ed50f9e03b94eab7434de3d40a759c6d6b9b9a94fbafd5e0d` * [openstack-machine-api-provider](https://github.com/openshift/machine-api-provider-openstack) git [05657663](https://github.com/openshift/machine-api-provider-openstack/commit/05657663c02be6d03d074d0f39a2b247cef9286a) `sha256:0487d71c7b3d14d07929bac16f6986e2fb7507bfe7ecee397f871e900d757094` * [openstack-machine-controllers](https://github.com/openshift/cluster-api-provider-openstack) git [f13e381e](https://github.com/openshift/cluster-api-provider-openstack/commit/f13e381e962777d48fadcaa3570a583e72aa80c7) `sha256:ec195d279cea03bbd9def465d780dc10bf187144b7f031f01ed2e1017ab7daae` * [ovirt-machine-controllers](https://github.com/openshift/cluster-api-provider-ovirt) git [03e8cb50](https://github.com/openshift/cluster-api-provider-ovirt/commit/03e8cb50f9ffa28b48d8aeaeb8410ab1598750d1) `sha256:994bc355221732590afc6dbc0d56237dbd8290cf33e5e1f7098c2fdeb908196a` * [prom-label-proxy](https://github.com/openshift/prom-label-proxy) git [b1907888](https://github.com/openshift/prom-label-proxy/commit/b1907888004888b977918cf911b189de736642b2) `sha256:011af289a633ba25becfb5b14c932462f37ebd5e5f01d499438f02e31f85dd71` * [prometheus](https://github.com/openshift/prometheus) git [72ceaef4](https://github.com/openshift/prometheus/commit/72ceaef4a59ec0cfb0639563ba9bd28928f4bcc0) `sha256:36304d062e8d70e3b8da3b6b84ec0758f1e29de9b0e017d338838c4c2e88d56b` * [prometheus-alertmanager](https://github.com/openshift/prometheus-alertmanager) git [914cad82](https://github.com/openshift/prometheus-alertmanager/commit/914cad827e9a177b29b23e02eb48b4065da8dca2) `sha256:1383fc2387f0e7ffb72587e18f6deb198ee0c7ce34419da5953c60d0589c618f` * [prometheus-node-exporter](https://github.com/openshift/node_exporter) git [99077a3c](https://github.com/openshift/node_exporter/commit/99077a3c8c3b0fce152fe0affce1e31fc2c6efaa) `sha256:35989cf6a686932cadb003e0d43773373f85f0df4348699565bfd93d4e37a7c2` * rhel-coreos-8 `sha256:f4b8dd3f39fb14ba2050d826fb752a92303df79f45bdcc45b030c281ef026e61` * rhel-coreos-8-extensions `sha256:254c2e772b8a29152d14d985caa1e5390d8da62f69b0d8fe55cbd1181338db9c` * [route-controller-manager](https://github.com/openshift/route-controller-manager) git [0f141ce9](https://github.com/openshift/route-controller-manager/commit/0f141ce9d349fb30755e3d0d7f9f196a91782957) `sha256:ff3e40f0ce278d9bc47c17675196f54940f7ce61d36681556c602c10e424e6d7` * [vsphere-csi-driver-operator](https://github.com/openshift/vmware-vsphere-csi-driver-operator) git [d7cca470](https://github.com/openshift/vmware-vsphere-csi-driver-operator/commit/d7cca470e82158e8240a09b3586f99e6a84f121f) `sha256:faa18ed2ec35d420f922a2c4d15a49b1c6ed45354c0c85dc4bbba3f9771d3838` * [vsphere-problem-detector](https://github.com/openshift/vsphere-problem-detector) git [f25ae2ad](https://github.com/openshift/vsphere-problem-detector/commit/f25ae2add899bbd4b63b476c2e6178cfbaf68ac4) `sha256:62b310128a6500068a948d86dd520be34df2091b6be797d45d8f783c6da1aba2` ### [agent-installer-api-server](https://github.com/openshift/assisted-service/tree/ff26574e7a5e609ee62556022b3460b088604cc3) * [OCPBUGS-67386](https://issues.redhat.com/browse/OCPBUGS-67386): Bump logrus from 1.9.0 to 19.3 [#8768](https://github.com/openshift/assisted-service/pull/8768) * And 6 elided commits (e.g. from squash or rebase merges) * [Full changelog](https://github.com/openshift/assisted-service/compare/8149b9ca554ae6e1d716daa9f1c4f322ad710e07...ff26574e7a5e609ee62556022b3460b088604cc3) ### [agent-installer-csr-approver, agent-installer-orchestrator](https://github.com/openshift/assisted-installer/tree/8c32c801f72d2069db05aa75f30cf20dd23cfc0a) * [OCPBUGS-67388](https://issues.redhat.com/browse/OCPBUGS-67388): Bump logrus v1.9.0 to v1.9.3 [#1465](https://github.com/openshift/assisted-installer/pull/1465) * And 5 elided commits (e.g. from squash or rebase merges) * [Full changelog](https://github.com/openshift/assisted-installer/compare/61115db06f970b8fab00f8e0beeb49d4db3ee041...8c32c801f72d2069db05aa75f30cf20dd23cfc0a) ### [agent-installer-node-agent](https://github.com/openshift/assisted-installer-agent/tree/07762001765a8fbc59a0f511be5ff7dafc361344) * [OCPBUGS-67390](https://issues.redhat.com/browse/OCPBUGS-67390): Bump logrus v1.9.0 to v1.9.3 [#1287](https://github.com/openshift/assisted-installer-agent/pull/1287) * And 6 elided commits (e.g. from squash or rebase merges) * [Full changelog](https://github.com/openshift/assisted-installer-agent/compare/a7aa60002fc11c7320dd17c1681feb9956dd288f...07762001765a8fbc59a0f511be5ff7dafc361344) ### [alibaba-cloud-controller-manager](https://github.com/openshift/cloud-provider-alibaba-cloud/tree/191c9e34c1e70cf585d78f6293f95a2b89061a48) * [OCPBUGS-21218](https://issues.redhat.com/browse/OCPBUGS-21218): Bump golang.org/x/net to v0.19.0 [#45](https://github.com/openshift/cloud-provider-alibaba-cloud/pull/45) * [Full changelog](https://github.com/openshift/cloud-provider-alibaba-cloud/compare/1959de0e3f2c3457c32fd2f545fe5ca65f12cd6c...191c9e34c1e70cf585d78f6293f95a2b89061a48) ### [alibaba-machine-controllers](https://github.com/openshift/cluster-api-provider-alibaba/tree/871dac7e8e349607a5a71d0332d36713170aba16) * Updating ose-alibaba-machine-controllers images to be consistent with ART [#35](https://github.com/openshift/cluster-api-provider-alibaba/pull/35) * [Full changelog](https://github.com/openshift/cluster-api-provider-alibaba/compare/b9287c05091424c4d21fd95454020ccc225f5bcb...871dac7e8e349607a5a71d0332d36713170aba16) ### [apiserver-network-proxy](https://github.com/openshift/apiserver-network-proxy/tree/f56c606ae15041b0c981e654ab577d2b0a3a0a8f) * [OCPBUGS-38066](https://issues.redhat.com/browse/OCPBUGS-38066): Revert "Agent: Respect HTTPS_PROXY env vars for proxied connections" [#61](https://github.com/openshift/apiserver-network-proxy/pull/61) * [OCPBUGS-31984](https://issues.redhat.com/browse/OCPBUGS-31984): Bump golang.org/x/net to v0.23.0 [#52](https://github.com/openshift/apiserver-network-proxy/pull/52) * [HOSTEDCP-1323](https://issues.redhat.com/browse/HOSTEDCP-1323): Merge latest code into 4.14 branch [#45](https://github.com/openshift/apiserver-network-proxy/pull/45) * [Full changelog](https://github.com/openshift/apiserver-network-proxy/compare/15cd4347b9384fac3d93029c6426dc15b964f557...f56c606ae15041b0c981e654ab577d2b0a3a0a8f) ### [aws-cloud-controller-manager](https://github.com/openshift/cloud-provider-aws/tree/f90fb443bc71b2319d8cce276b280c26d0f18fb7) * [OCPBUGS-32079](https://issues.redhat.com/browse/OCPBUGS-32079): update for CVE-2023-45288 [release-4.12] [#85](https://github.com/openshift/cloud-provider-aws/pull/85) * [Full changelog](https://github.com/openshift/cloud-provider-aws/compare/fa3185192cdd5a707f11879de370d8ca85d2f8d8...f90fb443bc71b2319d8cce276b280c26d0f18fb7) ### [aws-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-aws/tree/16156accbe3b9bcedbe39ef988170e1f644fcd75) * [OCPBUGS-20810](https://issues.redhat.com/browse/OCPBUGS-20810): bump golang.org/x/net to v0.17.0 [#483](https://github.com/openshift/cluster-api-provider-aws/pull/483) * [Full changelog](https://github.com/openshift/cluster-api-provider-aws/compare/e3a8e43349986d8a9ca99749b9289a4151f5ee1a...16156accbe3b9bcedbe39ef988170e1f644fcd75) ### [aws-ebs-csi-driver](https://github.com/openshift/aws-ebs-csi-driver/tree/bbab20f9559a1be6f39fed8e604712d41f507b49) * [OCPBUGS-33457](https://issues.redhat.com/browse/OCPBUGS-33457): UPSTREAM: 1919: Add reserved-volume-attachments [#267](https://github.com/openshift/aws-ebs-csi-driver/pull/267) * [Full changelog](https://github.com/openshift/aws-ebs-csi-driver/compare/722a0bacdba3235f3f5d209d0b8006180c6f8446...bbab20f9559a1be6f39fed8e604712d41f507b49) ### [aws-ebs-csi-driver-operator](https://github.com/openshift/aws-ebs-csi-driver-operator/tree/71bb7838f93bc88e679b0a967fbf1660cdf8aff1) * [OCPBUGS-33457](https://issues.redhat.com/browse/OCPBUGS-33457): Explicitly reserve 1 attachment for the root disk [#308](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/308) * [Full changelog](https://github.com/openshift/aws-ebs-csi-driver-operator/compare/0c97ef8f1171e0fc3a94b093131a89a2f225f73b...71bb7838f93bc88e679b0a967fbf1660cdf8aff1) ### [aws-machine-controllers](https://github.com/openshift/machine-api-provider-aws/tree/440886d004a6ecbc45d5bc04c2f703fb0efaa632) * [OCPBUGS-24564](https://issues.redhat.com/browse/OCPBUGS-24564): Reduce metrics cardinality [#97](https://github.com/openshift/machine-api-provider-aws/pull/97) * [OCPBUGS-21562](https://issues.redhat.com/browse/OCPBUGS-21562): Update golang.org/x/net to v0.17.0 [#90](https://github.com/openshift/machine-api-provider-aws/pull/90) * [Full changelog](https://github.com/openshift/machine-api-provider-aws/compare/b82e889d6eb39f72b0246175315ec0a7e5ac4126...440886d004a6ecbc45d5bc04c2f703fb0efaa632) ### [aws-pod-identity-webhook](https://github.com/openshift/aws-pod-identity-webhook/tree/31917a5f3e7557916b8e92a0a9ae529ab176f738) * [OCPBUGS-32880](https://issues.redhat.com/browse/OCPBUGS-32880): Upgrade go-jose module to 2.6.3 [#191](https://github.com/openshift/aws-pod-identity-webhook/pull/191) * [OCPBUGS-21312](https://issues.redhat.com/browse/OCPBUGS-21312): Upgrade golang/x/net for CVE-2023-39325 (4.12) [#185](https://github.com/openshift/aws-pod-identity-webhook/pull/185) * NO-ISSUE: Sync OWNERS with team members [#178](https://github.com/openshift/aws-pod-identity-webhook/pull/178) * [Full changelog](https://github.com/openshift/aws-pod-identity-webhook/compare/c8593795189137fc774ed60002e3850e5ad50026...31917a5f3e7557916b8e92a0a9ae529ab176f738) ### [azure-cloud-controller-manager, azure-cloud-node-manager](https://github.com/openshift/cloud-provider-azure/tree/2193ccfa8575aeb0520a25b77ec963097a66cd6e) * [OCPBUGS-21401](https://issues.redhat.com/browse/OCPBUGS-21401): Bump golang.org/x/net to v0.18.0 [#95](https://github.com/openshift/cloud-provider-azure/pull/95) * [Full changelog](https://github.com/openshift/cloud-provider-azure/compare/2f884660644ef9d172c45c8ad3999438c7726af5...2193ccfa8575aeb0520a25b77ec963097a66cd6e) ### [azure-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-azure/tree/a1b2a37b7d31951708a8f6e1db201fe0c1ff687a) * [OCPBUGS-36021](https://issues.redhat.com/browse/OCPBUGS-36021): Update go-retryablehttp to v0.7.7 [#315](https://github.com/openshift/cluster-api-provider-azure/pull/315) * [OCPBUGS-21489](https://issues.redhat.com/browse/OCPBUGS-21489): bump golang.org/x/net to v0.17.0 [#289](https://github.com/openshift/cluster-api-provider-azure/pull/289) * [Full changelog](https://github.com/openshift/cluster-api-provider-azure/compare/d1d4f7700ca6c2d576fe43c988222c62545cdb00...a1b2a37b7d31951708a8f6e1db201fe0c1ff687a) ### [azure-disk-csi-driver](https://github.com/openshift/azure-disk-csi-driver/tree/eaff73991bfa79e71e20ec858497e30df5f10cc2) * [OCPBUGS-56067](https://issues.redhat.com/browse/OCPBUGS-56067): tech debt: rework vendor patches [#106](https://github.com/openshift/azure-disk-csi-driver/pull/106) * [OCPBUGS-22941](https://issues.redhat.com/browse/OCPBUGS-22941): UPSTREAM: 1755: fix: detach disk failure when there is throttling [#62](https://github.com/openshift/azure-disk-csi-driver/pull/62) * [OCPBUGS-22832](https://issues.redhat.com/browse/OCPBUGS-22832): UPSTREAM: 2805: add disk lun check in AttachDisk to avoid race condition [#60](https://github.com/openshift/azure-disk-csi-driver/pull/60) * [Full changelog](https://github.com/openshift/azure-disk-csi-driver/compare/4217846684c1c57af6571a6831b9b729cc9db671...eaff73991bfa79e71e20ec858497e30df5f10cc2) ### [azure-file-csi-driver-operator](https://github.com/openshift/azure-file-csi-driver-operator/tree/71d2f5699b1ecf3c9e366a795d684dfed22fcbaf) * [OCPBUGS-67404](https://issues.redhat.com/browse/OCPBUGS-67404): Bump github.com/sirupsen/logrus to v1.8.3 [#116](https://github.com/openshift/azure-file-csi-driver-operator/pull/116) * [Full changelog](https://github.com/openshift/azure-file-csi-driver-operator/compare/060ba825fead5953bef544017ef4b3d0cbabe3e5...71d2f5699b1ecf3c9e366a795d684dfed22fcbaf) ### [azure-machine-controllers](https://github.com/openshift/machine-api-provider-azure/tree/6b5bfffdcf6315871d6c296025db7d0812132868) * [OCPBUGS-36148](https://issues.redhat.com/browse/OCPBUGS-36148): Fix mapi_instance_create_failed metric with accelerated networking [#115](https://github.com/openshift/machine-api-provider-azure/pull/115) * [OCPBUGS-30809](https://issues.redhat.com/browse/OCPBUGS-30809): Don't create availability set when using spot instances [#105](https://github.com/openshift/machine-api-provider-azure/pull/105) * [OCPBUGS-24564](https://issues.redhat.com/browse/OCPBUGS-24564): Reduce cardinality [#97](https://github.com/openshift/machine-api-provider-azure/pull/97) * [OCPBUGS-20741](https://issues.redhat.com/browse/OCPBUGS-20741): Bump x/net package to v0.18.0 [#84](https://github.com/openshift/machine-api-provider-azure/pull/84) * [Full changelog](https://github.com/openshift/machine-api-provider-azure/compare/4dc16ae8666a8680cf29f6c8bc9ffe6b4fe1c84f...6b5bfffdcf6315871d6c296025db7d0812132868) ### [baremetal-installer, installer, installer-artifacts](https://github.com/openshift/installer/tree/cd642be85c3751ba9cf9f762121c5507decbcbf6) * [OCPBUGS-66250](https://issues.redhat.com/browse/OCPBUGS-66250): Replace terraform-provider-google with Openshift fork [#10144](https://github.com/openshift/installer/pull/10144) * [OCPBUGS-62820](https://issues.redhat.com/browse/OCPBUGS-62820): Release 4.12 bump terraform provider azurerm [#10002](https://github.com/openshift/installer/pull/10002) * [OCPBUGS-55035](https://issues.redhat.com/browse/OCPBUGS-55035): IBMCloud: Move to IBM TF openshift fork [#9670](https://github.com/openshift/installer/pull/9670) * [OTA-1310](https://issues.redhat.com/browse/OTA-1310): data/manifests/bootkube/cvo-overrides: Default to eus-4.12 [#9373](https://github.com/openshift/installer/pull/9373) * [OCPBUGS-36087](https://issues.redhat.com/browse/OCPBUGS-36087): [release-4.12]: bump go-retryablehttp for CVE fix [#8660](https://github.com/openshift/installer/pull/8660) * [OCPBUGS-39290](https://issues.redhat.com/browse/OCPBUGS-39290): Add yq v4 to ci image [#8929](https://github.com/openshift/installer/pull/8929) * [OCPBUGS-36179](https://issues.redhat.com/browse/OCPBUGS-36179): [release-4.12]: bump github.com/container/images for CVE fix [#8663](https://github.com/openshift/installer/pull/8663) * [OCPBUGS-22981](https://issues.redhat.com/browse/OCPBUGS-22981): IBMCloud: Add eu-es region [#7686](https://github.com/openshift/installer/pull/7686) * [OCPBUGS-30630](https://issues.redhat.com/browse/OCPBUGS-30630): baremetal: populate customDeploy in advance [#8144](https://github.com/openshift/installer/pull/8144) * [OCPBUGS-32449](https://issues.redhat.com/browse/OCPBUGS-32449): Updated libvirt installer to include multi-arch yq and symlink for backwards compatibility [#8290](https://github.com/openshift/installer/pull/8290) * [OCPBUGS-30768](https://issues.redhat.com/browse/OCPBUGS-30768): update RHCOS 4.12 bootimage metadata to 412.86.202402272018-0 [#8140](https://github.com/openshift/installer/pull/8140) * [OCPBUGS-30134](https://issues.redhat.com/browse/OCPBUGS-30134): [release-4.12] bump containerd for vulnerability fix [#8091](https://github.com/openshift/installer/pull/8091) * [OCPBUGS-27454](https://issues.redhat.com/browse/OCPBUGS-27454): baremetal: correct external_http_url for v6-only BMCs [#7900](https://github.com/openshift/installer/pull/7900) * [OCPBUGS-25593](https://issues.redhat.com/browse/OCPBUGS-25593): [release-4.12] OCPBUGS-16640: Update azure cli version to 2.49.0 [#7849](https://github.com/openshift/installer/pull/7849) * [OCPBUGS-23184](https://issues.redhat.com/browse/OCPBUGS-23184): azure: validation: validate defaultMachinePlatform [#7709](https://github.com/openshift/installer/pull/7709) * [OCPBUGS-25476](https://issues.redhat.com/browse/OCPBUGS-25476): destroy: gcp: fix destroying regional disks [#7845](https://github.com/openshift/installer/pull/7845) * [OCPBUGS-23302](https://issues.redhat.com/browse/OCPBUGS-23302): images: installer: add xz to the container [#7726](https://github.com/openshift/installer/pull/7726) * [OCPBUGS-23379](https://issues.redhat.com/browse/OCPBUGS-23379): images: update govc image in upi-installer [#7739](https://github.com/openshift/installer/pull/7739) * [OCPBUGS-22116](https://issues.redhat.com/browse/OCPBUGS-22116): Add KMS encryption keys if provided [#7769](https://github.com/openshift/installer/pull/7769) * [OCPBUGS-23329](https://issues.redhat.com/browse/OCPBUGS-23329): Specify google cloud CLI to version 447.0.0 [#7731](https://github.com/openshift/installer/pull/7731) * [OCPBUGS-22933](https://issues.redhat.com/browse/OCPBUGS-22933): [release-4.12]: vsphere: fix validation of CPUS and CoresPerSocket [#7677](https://github.com/openshift/installer/pull/7677) * [Full changelog](https://github.com/openshift/installer/compare/032045c15f667970cd47a34b4aa5d3fffe95243d...cd642be85c3751ba9cf9f762121c5507decbcbf6) ### [baremetal-machine-controllers](https://github.com/openshift/cluster-api-provider-baremetal/tree/dc5e4cefeac81e39429ab6fca6bc133318bed6f6) * [OCPBUGS-46642](https://issues.redhat.com/browse/OCPBUGS-46642): Bump x/net to 0.33.0 [#230](https://github.com/openshift/cluster-api-provider-baremetal/pull/230) * [Full changelog](https://github.com/openshift/cluster-api-provider-baremetal/compare/24a47014aa42d649008687c5bd81771d6477c33c...dc5e4cefeac81e39429ab6fca6bc133318bed6f6) ### [baremetal-operator](https://github.com/openshift/baremetal-operator/tree/6817f4e2b1d2005492b380381a2a960d912d5c2c) * [OCPBUGS-53335](https://issues.redhat.com/browse/OCPBUGS-53335): CVE-2025-29781 ose-baremetal-operator-container: Bare Metal Operator (BMO) can expose any secret from other namespaces via BMCEventSubscription CRD [openshift-4.12.z] [#412](https://github.com/openshift/baremetal-operator/pull/412) * [OCPBUGS-30630](https://issues.redhat.com/browse/OCPBUGS-30630): Do not update instance_info and deploy_interface for active nodes [#338](https://github.com/openshift/baremetal-operator/pull/338) * [OCPBUGS-24490](https://issues.redhat.com/browse/OCPBUGS-24490): backport: Delay delete of detached hosts [#326](https://github.com/openshift/baremetal-operator/pull/326) * [OCPBUGS-23291](https://issues.redhat.com/browse/OCPBUGS-23291): hack for deploying V6-only clusters from dualstack hubs [#320](https://github.com/openshift/baremetal-operator/pull/320) * [Full changelog](https://github.com/openshift/baremetal-operator/compare/1bf52cbb24e2e8c7802f44d62de159c1012a04ff...6817f4e2b1d2005492b380381a2a960d912d5c2c) ### [baremetal-runtimecfg](https://github.com/openshift/baremetal-runtimecfg/tree/474ed48e840fdb7bf859d769cd673b29705a7b91) * [OCPBUGS-26930](https://issues.redhat.com/browse/OCPBUGS-26930): Add .snyk file to ignore vendor and test files [#296](https://github.com/openshift/baremetal-runtimecfg/pull/296) * [Full changelog](https://github.com/openshift/baremetal-runtimecfg/compare/9ef9bd909ccd6855da0c4f927da820401b2b600f...474ed48e840fdb7bf859d769cd673b29705a7b91) ### [cli, cli-artifacts, deployer, tools](https://github.com/openshift/oc/tree/d691257345aeeec951c763e11658a944037f9b39) * [OCPBUGS-30289](https://issues.redhat.com/browse/OCPBUGS-30289): oc adm catalog mirror: use ToSlash and FromSlash to unify the path separators [#1701](https://github.com/openshift/oc/pull/1701) * [OCPBUGS-25642](https://issues.redhat.com/browse/OCPBUGS-25642): Add client version in must-gather summary [#1639](https://github.com/openshift/oc/pull/1639) * [OCPBUGS-24462](https://issues.redhat.com/browse/OCPBUGS-24462): Overwrite template's namespace with the explicit one [#1618](https://github.com/openshift/oc/pull/1618) * [OCPBUGS-23222](https://issues.redhat.com/browse/OCPBUGS-23222): regeneratemco: explicitly check for PlatformStatus field [#1598](https://github.com/openshift/oc/pull/1598) * [Full changelog](https://github.com/openshift/oc/compare/a55beda49bb1ece8e1af610a5dddc580a2be0960...d691257345aeeec951c763e11658a944037f9b39) ### [cloud-credential-operator](https://github.com/openshift/cloud-credential-operator/tree/5a4483cd9e34aaced47484339874cb4a8aeda9b9) * [OCPBUGS-53420](https://issues.redhat.com/browse/OCPBUGS-53420): github.com/golang/glog v1.2.4 [#847](https://github.com/openshift/cloud-credential-operator/pull/847) * [OCPBUGS-51538](https://issues.redhat.com/browse/OCPBUGS-51538): Ignore SNYK-GOLANG-GOLANGORGXOAUTH2JWS-8749594 due to not being affected [#832](https://github.com/openshift/cloud-credential-operator/pull/832) * [OCPBUGS-37322](https://issues.redhat.com/browse/OCPBUGS-37322): update modules: grpc, protobuf, logrus [#764](https://github.com/openshift/cloud-credential-operator/pull/764) * [OCPBUGS-42166](https://issues.redhat.com/browse/OCPBUGS-42166): Resolve SNYK errors in security job. [#760](https://github.com/openshift/cloud-credential-operator/pull/760) * [OCPBUGS-37422](https://issues.redhat.com/browse/OCPBUGS-37422): SNYK ignore go-client misreporting [#744](https://github.com/openshift/cloud-credential-operator/pull/744) * NO-JIRA: Add jstuever to OWNERS [#733](https://github.com/openshift/cloud-credential-operator/pull/733) * [OCPBUGS-36027](https://issues.redhat.com/browse/OCPBUGS-36027): IBM/go-sdk-core update to v5.17.4 [#723](https://github.com/openshift/cloud-credential-operator/pull/723) * [OCPBUGS-32897](https://issues.redhat.com/browse/OCPBUGS-32897): Upgrade go-jose module to 2.6.3 [#699](https://github.com/openshift/cloud-credential-operator/pull/699) * [OCPBUGS-21348](https://issues.redhat.com/browse/OCPBUGS-21348): Upgrade golang/x/net for CVE-2023-39325 [#624](https://github.com/openshift/cloud-credential-operator/pull/624) * [Full changelog](https://github.com/openshift/cloud-credential-operator/compare/9f11e06f6fef0d93e64a6806054eda64d1251198...5a4483cd9e34aaced47484339874cb4a8aeda9b9) ### [cloud-network-config-controller](https://github.com/openshift/cloud-network-config-controller/tree/c086bed76ee3d3b3fe9f516f873414e7b4348acd) * [OCPBUGS-33198](https://issues.redhat.com/browse/OCPBUGS-33198): Avoid nil pointer panic while assigning private IP on Azure [#141](https://github.com/openshift/cloud-network-config-controller/pull/141) * [OCPBUGS-22949](https://issues.redhat.com/browse/OCPBUGS-22949): Azure: skip backend pool if attached to an outbound rule [#128](https://github.com/openshift/cloud-network-config-controller/pull/128) * [Full changelog](https://github.com/openshift/cloud-network-config-controller/compare/d05b0abca416426868d770addd5b7f4d8b4d4541...c086bed76ee3d3b3fe9f516f873414e7b4348acd) ### [cluster-authentication-operator](https://github.com/openshift/cluster-authentication-operator/tree/4f7f6b1af4b674b24270e65c40728b19071ab3e3) * [OCPBUGS-20683](https://issues.redhat.com/browse/OCPBUGS-20683): CVE 2023 39325 [4.12] [#653](https://github.com/openshift/cluster-authentication-operator/pull/653) * [OCPBUGS-22689](https://issues.redhat.com/browse/OCPBUGS-22689): increase timeout for probes [#639](https://github.com/openshift/cluster-authentication-operator/pull/639) * [Full changelog](https://github.com/openshift/cluster-authentication-operator/compare/fe4212ab101ff47fc72bde475d39f30158969974...4f7f6b1af4b674b24270e65c40728b19071ab3e3) ### [cluster-autoscaler](https://github.com/openshift/kubernetes-autoscaler/tree/d16352d90b619d85e9934346116a5812611ebdff) * [OCPBUGS-45152](https://issues.redhat.com/browse/OCPBUGS-45152): [release-4.12] VPA: Update OWNERS file [#329](https://github.com/openshift/kubernetes-autoscaler/pull/329) * [OCPBUGS-40928](https://issues.redhat.com/browse/OCPBUGS-40928): update VPA golang.org/x/net for http rapid reset for CVE-2024-8421 [#318](https://github.com/openshift/kubernetes-autoscaler/pull/318) * [OCPBUGS-30911](https://issues.redhat.com/browse/OCPBUGS-30911): Fix unstructured taint parsing in Cluster API provider [#291](https://github.com/openshift/kubernetes-autoscaler/pull/291) * [OCPBUGS-23274](https://issues.redhat.com/browse/OCPBUGS-23274): Rebase 4.12 branch onto cluster autoscaler 1.25.3 [#267](https://github.com/openshift/kubernetes-autoscaler/pull/267) * [Full changelog](https://github.com/openshift/kubernetes-autoscaler/compare/6ab8e62b7089dabaded0de89be3a9621f92b7653...d16352d90b619d85e9934346116a5812611ebdff) ### [cluster-autoscaler-operator](https://github.com/openshift/cluster-autoscaler-operator/tree/29a6e57c10cf027f5f04e9bcb2e8842497f63bf6) * [OCPBUGS-32005](https://issues.redhat.com/browse/OCPBUGS-32005): Update x/net to v0.25.0 [#325](https://github.com/openshift/cluster-autoscaler-operator/pull/325) * [OCPBUGS-20754](https://issues.redhat.com/browse/OCPBUGS-20754): Bump x/net package to v0.18.0 [#300](https://github.com/openshift/cluster-autoscaler-operator/pull/300) * [Full changelog](https://github.com/openshift/cluster-autoscaler-operator/compare/8b2322559f794ffcb4580a9c11c3b5e16fc8e306...29a6e57c10cf027f5f04e9bcb2e8842497f63bf6) ### [cluster-baremetal-operator](https://github.com/openshift/cluster-baremetal-operator/tree/537a74cd0b0cc48189684a273013c32d1269ddd9) * [OCPBUGS-32006](https://issues.redhat.com/browse/OCPBUGS-32006): bump x/net to 0.23.0 [#440](https://github.com/openshift/cluster-baremetal-operator/pull/440) * [OCPBUGS-23291](https://issues.redhat.com/browse/OCPBUGS-23291): hack for deploying V6-only clusters from dualstack hubs [#389](https://github.com/openshift/cluster-baremetal-operator/pull/389) * [Full changelog](https://github.com/openshift/cluster-baremetal-operator/compare/b2b3be6256f34cea10b320ea0ef34e6630eb7ad1...537a74cd0b0cc48189684a273013c32d1269ddd9) ### [cluster-capi-controllers](https://github.com/openshift/cluster-api/tree/03d89f216e0f2c3e1b2a647b0e37d52bbfdaefee) * [OCPBUGS-21521](https://issues.redhat.com/browse/OCPBUGS-21521): bump golang.org/x/net to v0.17.0 [#186](https://github.com/openshift/cluster-api/pull/186) * [Full changelog](https://github.com/openshift/cluster-api/compare/f9c215c4f298710ccf76676395465685b5d15268...03d89f216e0f2c3e1b2a647b0e37d52bbfdaefee) ### [cluster-capi-operator](https://github.com/openshift/cluster-capi-operator/tree/60a36d8320ddfd196840a1597e61c065603778ee) * [OCPBUGS-21055](https://issues.redhat.com/browse/OCPBUGS-21055): Bump golang.org/x/net to v0.17.0 [#138](https://github.com/openshift/cluster-capi-operator/pull/138) * [Full changelog](https://github.com/openshift/cluster-capi-operator/compare/3bfe36aa9d1abbdfb11facf86a7ec6510abc390a...60a36d8320ddfd196840a1597e61c065603778ee) ### [cluster-cloud-controller-manager-operator](https://github.com/openshift/cluster-cloud-controller-manager-operator/tree/3b1f0843e2bd25fb4e39659ef47424f67ccaa727) * [OCPBUGS-21148](https://issues.redhat.com/browse/OCPBUGS-21148): Bump golang.org/x/net to v0.18.0 [#297](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/297) * [Full changelog](https://github.com/openshift/cluster-cloud-controller-manager-operator/compare/103cb2ecf326e92f9d1d8d99324d2896d28afc58...3b1f0843e2bd25fb4e39659ef47424f67ccaa727) ### [cluster-config-operator](https://github.com/openshift/cluster-config-operator/tree/92c3b10237c1ebf7ab7a0c744db3949377614e52) * [OCPBUGS-16243](https://issues.redhat.com/browse/OCPBUGS-16243): retire LatencySensitive featureset [#336](https://github.com/openshift/cluster-config-operator/pull/336) * : OCPBUGS-21245: bump library-go to include switch to HTTP/1.1 [#373](https://github.com/openshift/cluster-config-operator/pull/373) * [Full changelog](https://github.com/openshift/cluster-config-operator/compare/c589595f3839f6347226c9dd7945925ed3fd0985...92c3b10237c1ebf7ab7a0c744db3949377614e52) ### [cluster-control-plane-machine-set-operator](https://github.com/openshift/cluster-control-plane-machine-set-operator/tree/fb7f08a2a6e85f3ca76c40dcf980ba0ec904a617) * [OCPBUGS-48325](https://issues.redhat.com/browse/OCPBUGS-48325): Add unreadyNodeGracePeriod for allowing brief node hiccups [#344](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/344) * [OCPBUGS-35421](https://issues.redhat.com/browse/OCPBUGS-35421): Improved debugging of API listing errors [#306](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/306) * [OCPBUGS-21342](https://issues.redhat.com/browse/OCPBUGS-21342): Bump golang.org/x/net to v0.17.0 [#260](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/260) * [Full changelog](https://github.com/openshift/cluster-control-plane-machine-set-operator/compare/119d7a734d3bda3380c32b6af716ab4e16846f13...fb7f08a2a6e85f3ca76c40dcf980ba0ec904a617) ### [cluster-csi-snapshot-controller-operator](https://github.com/openshift/cluster-csi-snapshot-controller-operator/tree/f573eded61847fc153874615b29704d93ddcad8d) * [OCPBUGS-32429](https://issues.redhat.com/browse/OCPBUGS-32429): create suitable role and roleBinding for csi-snapshot-webhook [#207](https://github.com/openshift/cluster-csi-snapshot-controller-operator/pull/207) * [Full changelog](https://github.com/openshift/cluster-csi-snapshot-controller-operator/compare/afc1c5d34086fc7522bf98af7b2d9c58bc9bd03a...f573eded61847fc153874615b29704d93ddcad8d) ### [cluster-dns-operator](https://github.com/openshift/cluster-dns-operator/tree/09a1de9faff75611ce9bdbfc472f052159780922) * [OCPBUGS-52502](https://issues.redhat.com/browse/OCPBUGS-52502): [release-4.12] Add runbook_url for CoreDNSErrorsHigh [#435](https://github.com/openshift/cluster-dns-operator/pull/435) * [Full changelog](https://github.com/openshift/cluster-dns-operator/compare/e955534113ef9a65ad055198eab63ba7d60fbd21...09a1de9faff75611ce9bdbfc472f052159780922) ### [cluster-etcd-operator](https://github.com/openshift/cluster-etcd-operator/tree/50c4daa4abe51896fcec5ea8c7ca040383af61f8) * [OCPBUGS-53508](https://issues.redhat.com/browse/OCPBUGS-53508): fix CVE-2025-30204 [#1416](https://github.com/openshift/cluster-etcd-operator/pull/1416) * [OCPBUGS-35501](https://issues.redhat.com/browse/OCPBUGS-35501): return errors in wait-for-ceo [#1277](https://github.com/openshift/cluster-etcd-operator/pull/1277) * [OCPBUGS-32001](https://issues.redhat.com/browse/OCPBUGS-32001): update golang x net [#1256](https://github.com/openshift/cluster-etcd-operator/pull/1256) * [OCPBUGS-30914](https://issues.redhat.com/browse/OCPBUGS-30914): Replace nodelister with master nodelister everywhere [#1224](https://github.com/openshift/cluster-etcd-operator/pull/1224) * [OCPBUGS-30938](https://issues.redhat.com/browse/OCPBUGS-30938): fix panic in health check timeouts [#1228](https://github.com/openshift/cluster-etcd-operator/pull/1228) * [OCPBUGS-27776](https://issues.redhat.com/browse/OCPBUGS-27776): [4.13] Remove z-upgrades from UpgradeBackupController [#1185](https://github.com/openshift/cluster-etcd-operator/pull/1185) * [OCPBUGS-23151](https://issues.redhat.com/browse/OCPBUGS-23151): relax readiness to local serializable requests [#1156](https://github.com/openshift/cluster-etcd-operator/pull/1156) * [Full changelog](https://github.com/openshift/cluster-etcd-operator/compare/40e59cfbb4cfa709895e35631420da21c5a1c225...50c4daa4abe51896fcec5ea8c7ca040383af61f8) ### [cluster-image-registry-operator](https://github.com/openshift/cluster-image-registry-operator/tree/8e213784a9209d08b88b321be412239924142f1b) * [OCPBUGS-53868](https://issues.redhat.com/browse/OCPBUGS-53868): Bump github.com/golang-jwt/jwt [#1236](https://github.com/openshift/cluster-image-registry-operator/pull/1236) * [OCPBUGS-51594](https://issues.redhat.com/browse/OCPBUGS-51594): bump golang.org/x/oauth2 [#1223](https://github.com/openshift/cluster-image-registry-operator/pull/1223) * [OCPBUGS-36033](https://issues.redhat.com/browse/OCPBUGS-36033): go.*,vendor: bump go-retryablehttp [#1071](https://github.com/openshift/cluster-image-registry-operator/pull/1071) * [OCPBUGS-22125](https://issues.redhat.com/browse/OCPBUGS-22125): increase storage account key cache expiration [#939](https://github.com/openshift/cluster-image-registry-operator/pull/939) * [Full changelog](https://github.com/openshift/cluster-image-registry-operator/compare/30625226cf0bf1e7f52a9a977c59af432c3df5e5...8e213784a9209d08b88b321be412239924142f1b) ### [cluster-ingress-operator](https://github.com/openshift/cluster-ingress-operator/tree/85e2d05159b7b4b2f16c8a95815c7d9927b68597) * [OCPBUGS-43703](https://issues.redhat.com/browse/OCPBUGS-43703): Add e2e test for duplicate Transfer-Encoding headers [#1158](https://github.com/openshift/cluster-ingress-operator/pull/1158) * [OCPBUGS-43703](https://issues.redhat.com/browse/OCPBUGS-43703): Add alert for RFC 7230 violation in Transfer-Encoding headers [#1162](https://github.com/openshift/cluster-ingress-operator/pull/1162) * [OCPBUGS-35454](https://issues.redhat.com/browse/OCPBUGS-35454): internal service changed fix target port logic [#1092](https://github.com/openshift/cluster-ingress-operator/pull/1092) * [OCPBUGS-35304](https://issues.redhat.com/browse/OCPBUGS-35304): TestHostNetworkPortBinding: Delete t.Parallel() [#1083](https://github.com/openshift/cluster-ingress-operator/pull/1083) * [OCPBUGS-35027](https://issues.redhat.com/browse/OCPBUGS-35027): Don't add clientca-configmap finalizer if deleting [#1080](https://github.com/openshift/cluster-ingress-operator/pull/1080) * [OCPBUGS-34888](https://issues.redhat.com/browse/OCPBUGS-34888): desiredRouterDeployment: Set HostPort if needed [#1076](https://github.com/openshift/cluster-ingress-operator/pull/1076) * [OCPBUGS-34757](https://issues.redhat.com/browse/OCPBUGS-34757): Avoid spurious updates for internalTrafficPolicy [#1070](https://github.com/openshift/cluster-ingress-operator/pull/1070) * [OCPBUGS-34110](https://issues.redhat.com/browse/OCPBUGS-34110): Avoid spurious updates for scope in IngressClass [#1056](https://github.com/openshift/cluster-ingress-operator/pull/1056) * [OCPBUGS-34548](https://issues.redhat.com/browse/OCPBUGS-34548): Use centos7 tag for quay.io/centos7/httpd-24-centos7 image [#1068](https://github.com/openshift/cluster-ingress-operator/pull/1068) * [Full changelog](https://github.com/openshift/cluster-ingress-operator/compare/5e62d563730970b50de6463a035e0e033210484d...85e2d05159b7b4b2f16c8a95815c7d9927b68597) ### [cluster-kube-apiserver-operator](https://github.com/openshift/cluster-kube-apiserver-operator/tree/9c3fdbdbbeccae35f8cab8e86012105fb7020a69) * [OCPBUGS-50880](https://issues.redhat.com/browse/OCPBUGS-50880): Increase waitForFallbackDegradedConditionTimeout [#1811](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1811) * [OCPBUGS-22736](https://issues.redhat.com/browse/OCPBUGS-22736): pkg/operator/configobserver: check that the serving certificate refer… [#1571](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1571) * : OCPBUGS-20855: bump library-go to include switch to HTTP/1.1 [#1574](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1574) * [Full changelog](https://github.com/openshift/cluster-kube-apiserver-operator/compare/fe5e2a108165f10bdab3e75e933d93fe359b2660...9c3fdbdbbeccae35f8cab8e86012105fb7020a69) ### [cluster-kube-cluster-api-operator](https://github.com/openshift/cluster-api-operator/tree/d50f7322addd997cc73a0ba8294eadb977974c3f) * [OCPBUGS-20962](https://issues.redhat.com/browse/OCPBUGS-20962): bump golang.org/x/net to v0.17.0 [#29](https://github.com/openshift/cluster-api-operator/pull/29) * [Full changelog](https://github.com/openshift/cluster-api-operator/compare/7bb05468cc7d1c0752c81ca3f9e5d8e19c966f24...d50f7322addd997cc73a0ba8294eadb977974c3f) ### [cluster-kube-controller-manager-operator](https://github.com/openshift/cluster-kube-controller-manager-operator/tree/c3c07bebb7a644fe75bccd590fa088bcccd3749a) * [OCPBUGS-27068](https://issues.redhat.com/browse/OCPBUGS-27068): bump(library-go)=release-4.12 [#789](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/789) * [Full changelog](https://github.com/openshift/cluster-kube-controller-manager-operator/compare/8138f98d9a482ca95975abcf440acb20e36b67f5...c3c07bebb7a644fe75bccd590fa088bcccd3749a) ### [cluster-kube-scheduler-operator](https://github.com/openshift/cluster-kube-scheduler-operator/tree/48cd96c9dc27c801beff17fa5ea8c3dac374f10d) * [OCPBUGS-27067](https://issues.redhat.com/browse/OCPBUGS-27067): bump(library-go)=release-4.12 [#529](https://github.com/openshift/cluster-kube-scheduler-operator/pull/529) * [OCPBUGS-21239](https://issues.redhat.com/browse/OCPBUGS-21239): Sync deps CVE 2023 39325 4.12 [#505](https://github.com/openshift/cluster-kube-scheduler-operator/pull/505) * [Full changelog](https://github.com/openshift/cluster-kube-scheduler-operator/compare/4f0ac8dda3d83119a4ef81f893c53940889ac5f6...48cd96c9dc27c801beff17fa5ea8c3dac374f10d) ### [cluster-kube-storage-version-migrator-operator](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/tree/1a251f4d00c050404dc313c698279da435d08c07) * : OCPBUGS-21336: bump library-go to include switch to HTTP/1.1 [#98](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/98) * [Full changelog](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/compare/12d050abd0cf37dae8973d453930bcf494a2499b...1a251f4d00c050404dc313c698279da435d08c07) ### [cluster-machine-approver](https://github.com/openshift/cluster-machine-approver/tree/7b08a4de4a08da8cdb341948e0902395eb0da961) * [OCPBUGS-23486](https://issues.redhat.com/browse/OCPBUGS-23486): Filter non node CSRs in metrics [#220](https://github.com/openshift/cluster-machine-approver/pull/220) * [OCPBUGS-21430](https://issues.redhat.com/browse/OCPBUGS-21430): Bump x/net package to v0.18.0 [#214](https://github.com/openshift/cluster-machine-approver/pull/214) * [Full changelog](https://github.com/openshift/cluster-machine-approver/compare/60081982654993534de29d224d6a42c251762420...7b08a4de4a08da8cdb341948e0902395eb0da961) ### [cluster-monitoring-operator](https://github.com/openshift/cluster-monitoring-operator/tree/ee4a20d4d0214c9c8fdacaede3482683436d36e0) * [OCPBUGS-35558](https://issues.redhat.com/browse/OCPBUGS-35558): label for infra nodes for metric cluster:capacity_cpu_cores:sum [#2383](https://github.com/openshift/cluster-monitoring-operator/pull/2383) * [OCPBUGS-28766](https://issues.redhat.com/browse/OCPBUGS-28766): fix generation of telemeter token hash [#2306](https://github.com/openshift/cluster-monitoring-operator/pull/2306) * [OCPBUGS-25389](https://issues.redhat.com/browse/OCPBUGS-25389): Add RHACM telemetry metric for 4.12 [#2204](https://github.com/openshift/cluster-monitoring-operator/pull/2204) * [OCPBUGS-21441](https://issues.redhat.com/browse/OCPBUGS-21441): Set the new --disable-http2 flag for prometheus-adapter to disable HTTP2 [#2148](https://github.com/openshift/cluster-monitoring-operator/pull/2148) * [Full changelog](https://github.com/openshift/cluster-monitoring-operator/compare/143075aaeb062764f031f196b84acbbafeda5141...ee4a20d4d0214c9c8fdacaede3482683436d36e0) ### [cluster-network-operator](https://github.com/openshift/cluster-network-operator/tree/28db40f169f64f881b0628c19bf7c64a7a9a2467) * [OCPBUGS-43872](https://issues.redhat.com/browse/OCPBUGS-43872): manifests/02-cncc-credentials: Set skipServiceCheck for GCP [#2548](https://github.com/openshift/cluster-network-operator/pull/2548) * [OCPBUGS-38905](https://issues.redhat.com/browse/OCPBUGS-38905): Add missing runbook for OVNKubernetesNorthdInactive [#2479](https://github.com/openshift/cluster-network-operator/pull/2479) * [OCPBUGS-37942](https://issues.redhat.com/browse/OCPBUGS-37942): [release-4.12] update whereabouts crd [#2461](https://github.com/openshift/cluster-network-operator/pull/2461) * [OCPBUGS-29167](https://issues.redhat.com/browse/OCPBUGS-29167): fix whereabouts conformance test failures [#2256](https://github.com/openshift/cluster-network-operator/pull/2256) * [OCPBUGS-29884](https://issues.redhat.com/browse/OCPBUGS-29884): add env var in whereabouts-reconciler daemonset [#2284](https://github.com/openshift/cluster-network-operator/pull/2284) * [OCPBUGS-29302](https://issues.redhat.com/browse/OCPBUGS-29302): Update ingressconfig_controller to use field Manager [#2268](https://github.com/openshift/cluster-network-operator/pull/2268) * [OCPBUGS-28801](https://issues.redhat.com/browse/OCPBUGS-28801): [release-4.12] Add ConfigMap mount to the whereabouts-reconciler DaemonSet [#2244](https://github.com/openshift/cluster-network-operator/pull/2244) * NO-JIRA: add kyrtapz as reviewer and approver for release 4.12 [#2230](https://github.com/openshift/cluster-network-operator/pull/2230) * [release 4.12] OCPBUGS-23025: Add maxLogFiles config for OVN-K Audit Logging [#2188](https://github.com/openshift/cluster-network-operator/pull/2188) * [OCPBUGS-24039](https://issues.redhat.com/browse/OCPBUGS-24039): remove all managed fields used by old manager [#2099](https://github.com/openshift/cluster-network-operator/pull/2099) * [OCPBUGS-21715](https://issues.redhat.com/browse/OCPBUGS-21715): Bump golang.org/x/net and github.com/openshift/library-go [#2124](https://github.com/openshift/cluster-network-operator/pull/2124) * [OCPBUGS-24571](https://issues.redhat.com/browse/OCPBUGS-24571): Disable weak SSH cipher suites [#2164](https://github.com/openshift/cluster-network-operator/pull/2164) * [OCPBUGS-25128](https://issues.redhat.com/browse/OCPBUGS-25128): Update to go 1.19 and x/net 0.8.0 [#2157](https://github.com/openshift/cluster-network-operator/pull/2157) * [OCPBUGS-23293](https://issues.redhat.com/browse/OCPBUGS-23293): IBMCloud specific: patch out management workload for dataplane component thats needed for bootstrapping [#2108](https://github.com/openshift/cluster-network-operator/pull/2108) * [OCPBUGS-20277](https://issues.redhat.com/browse/OCPBUGS-20277): Edited multus-admission-controller deployment config to not add autoount a service account token [#1884](https://github.com/openshift/cluster-network-operator/pull/1884) * [Full changelog](https://github.com/openshift/cluster-network-operator/compare/e748969ee5c38cfc3c8387a1aafc982251b87833...28db40f169f64f881b0628c19bf7c64a7a9a2467) ### [cluster-node-tuning-operator](https://github.com/openshift/cluster-node-tuning-operator/tree/20966da941ab8773261b5b4c133f3a1716699243) * irqbalance: set banned cpus list to 0 (#1006) [#1006](https://github.com/openshift/cluster-node-tuning-operator/pull/1006) * Refactor IRQ load balancing enable/disable test (#1038) [#1038](https://github.com/openshift/cluster-node-tuning-operator/pull/1038) * Scheduler plugin: ignore IRQs (#1034) [#1034](https://github.com/openshift/cluster-node-tuning-operator/pull/1034) * Disable HTTP/2 for webhook and metrics servers (#849) [#849](https://github.com/openshift/cluster-node-tuning-operator/pull/849) * Remove obsolete protocols and weak ciphers (#847) [#847](https://github.com/openshift/cluster-node-tuning-operator/pull/847) * [Full changelog](https://github.com/openshift/cluster-node-tuning-operator/compare/1f742af47cb31c8c2fc3344b39522daf4d99e80c...20966da941ab8773261b5b4c133f3a1716699243) ### [cluster-openshift-apiserver-operator](https://github.com/openshift/cluster-openshift-apiserver-operator/tree/b870fc67ef5a0e92df5e5bed1ba0cb1cf197d8c6) * [OCPBUGS-22689](https://issues.redhat.com/browse/OCPBUGS-22689): increase timeout for probes [#558](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/558) * : OCPBUGS-20694: bump library-go to include switch to HTTP/1.1 [#556](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/556) * [Full changelog](https://github.com/openshift/cluster-openshift-apiserver-operator/compare/99197928a584d45697eddbf5f652d8eb1d2ecf68...b870fc67ef5a0e92df5e5bed1ba0cb1cf197d8c6) ### [cluster-openshift-controller-manager-operator](https://github.com/openshift/cluster-openshift-controller-manager-operator/tree/ab963d8ad0387788c947b884a96eb9b2fed470b6) * [OCPBUGS-20777](https://issues.redhat.com/browse/OCPBUGS-20777): bump(k8s,openshift) to address CVE-2023-44487 [#311](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/311) * [Full changelog](https://github.com/openshift/cluster-openshift-controller-manager-operator/compare/d1915d130481541b8bacb5b98eddbc1541809d0a...ab963d8ad0387788c947b884a96eb9b2fed470b6) ### [cluster-policy-controller](https://github.com/openshift/cluster-policy-controller/tree/cb8862b0042ac2e7130a7c018e3e083ebc46705e) * [OCPBUGS-21080](https://issues.redhat.com/browse/OCPBUGS-21080): Bump deps to address CVE-2023-44487 [4.12] [#136](https://github.com/openshift/cluster-policy-controller/pull/136) * [Full changelog](https://github.com/openshift/cluster-policy-controller/compare/67ef456a781429a06bdc744aae89783cff25315d...cb8862b0042ac2e7130a7c018e3e083ebc46705e) ### [cluster-samples-operator](https://github.com/openshift/cluster-samples-operator/tree/24b10d4192fcc08e5aa9918caf3c571398a047e2) * [OCPBUGS-63521](https://issues.redhat.com/browse/OCPBUGS-63521): references to github.com/sclorg/django-ex.git now also refer to the branch [#663](https://github.com/openshift/cluster-samples-operator/pull/663) * [OCPBUGS-54913](https://issues.redhat.com/browse/OCPBUGS-54913): add rhdmalone to owners [#629](https://github.com/openshift/cluster-samples-operator/pull/629) * [OCPBUGS-49664](https://issues.redhat.com/browse/OCPBUGS-49664): add shannon and aroyoredhat as owners [#600](https://github.com/openshift/cluster-samples-operator/pull/600) * [OCPBUGS-21179](https://issues.redhat.com/browse/OCPBUGS-21179): update k8s.io/apiserver version [#590](https://github.com/openshift/cluster-samples-operator/pull/590) * [Full changelog](https://github.com/openshift/cluster-samples-operator/compare/f1b49e34512d38bf908183318edd1f9f9aeef883...24b10d4192fcc08e5aa9918caf3c571398a047e2) ### [cluster-version-operator](https://github.com/openshift/cluster-version-operator/tree/da2578c6dd81e83d331daacb357c4f1cc60bf234) * [OCPBUGS-45333](https://issues.redhat.com/browse/OCPBUGS-45333): deps: bump golang.org/x/net to 0.31.0 [#1122](https://github.com/openshift/cluster-version-operator/pull/1122) * [OCPBUGS-27443](https://issues.redhat.com/browse/OCPBUGS-27443): pkg/cvo/availableupdates: Only bump LastAttempt on Cincinnati pulls [#1024](https://github.com/openshift/cluster-version-operator/pull/1024) * [Full changelog](https://github.com/openshift/cluster-version-operator/compare/e5ddedc83bd82bf289f0ce9bd97c80c0439678a9...da2578c6dd81e83d331daacb357c4f1cc60bf234) ### [console](https://github.com/openshift/console/tree/c5c52ed8f54aaa5ea5fcfc08f7c7ceb2f58a9292) * [OCPBUGS-74435](https://issues.redhat.com/browse/OCPBUGS-74435): Bump lodash to latest [#15973](https://github.com/openshift/console/pull/15973) * [OCPBUGS-44155](https://issues.redhat.com/browse/OCPBUGS-44155): bump dompurify to latest [#15595](https://github.com/openshift/console/pull/15595) * [OCPBUGS-57101](https://issues.redhat.com/browse/OCPBUGS-57101): Add all files to `vendor` regardless of gitignore [#15137](https://github.com/openshift/console/pull/15137) * [OCPBUGS-55210](https://issues.redhat.com/browse/OCPBUGS-55210): Show Observe section without PROMETHEUS and MONITORING flags [#14986](https://github.com/openshift/console/pull/14986) * Dockerfile yarn line update [#14838](https://github.com/openshift/console/pull/14838) * [OCPBUGS-45291](https://issues.redhat.com/browse/OCPBUGS-45291): Application creation fail when manually entering input scaling value in local setup [#14572](https://github.com/openshift/console/pull/14572) * [OCPBUGS-45235](https://issues.redhat.com/browse/OCPBUGS-45235): Edit the secret and add the Chinese in the web-console, garbled characters will be displayed [#14561](https://github.com/openshift/console/pull/14561) * [OCPBUGS-36561](https://issues.redhat.com/browse/OCPBUGS-36561): Increase login flow state paramater length/entropy [#14539](https://github.com/openshift/console/pull/14539) * [OCPBUGS-43639](https://issues.redhat.com/browse/OCPBUGS-43639): Copy response code from proxied plugin requests [#14423](https://github.com/openshift/console/pull/14423) * [OCPBUGS-33519](https://issues.redhat.com/browse/OCPBUGS-33519): Observe > Metrics targets, Alert user if they do not have access to information on this page (e.g. 403). [#14334](https://github.com/openshift/console/pull/14334) * [OCPBUGS-41600](https://issues.redhat.com/browse/OCPBUGS-41600): Fix plugin proxy handler [#14266](https://github.com/openshift/console/pull/14266) * [OCPBUGS-41854](https://issues.redhat.com/browse/OCPBUGS-41854): Redirects to new PipelineRun logs URL from old PipelineRun logs URL [#14283](https://github.com/openshift/console/pull/14283) * [OCPBUGS-34564](https://issues.redhat.com/browse/OCPBUGS-34564): Routes created by devfiles do not always use HTTPS [#13907](https://github.com/openshift/console/pull/13907) * [OCPBUGS-34933](https://issues.redhat.com/browse/OCPBUGS-34933): Helm Plugin's Catalog incorrectly renders a single index entry into multiple tiles [#13930](https://github.com/openshift/console/pull/13930) * [OCPBUGS-32146](https://issues.redhat.com/browse/OCPBUGS-32146): Bump graphql-go to v1.3.0 [#13923](https://github.com/openshift/console/pull/13923) * [OCPBUGS-34845](https://issues.redhat.com/browse/OCPBUGS-34845): Fix PipelineRun Logs tab navigation [#13920](https://github.com/openshift/console/pull/13920) * [OCPBUGS-33778](https://issues.redhat.com/browse/OCPBUGS-33778): fix issues with Edit Route form [#13859](https://github.com/openshift/console/pull/13859) * [OCPBUGS-27479](https://issues.redhat.com/browse/OCPBUGS-27479): Bump helm pkg [#13528](https://github.com/openshift/console/pull/13528) * [OCPBUGS-29746](https://issues.redhat.com/browse/OCPBUGS-29746): Add Pipeline metrics tab using plugin [#13621](https://github.com/openshift/console/pull/13621) * [OCPBUGS-29348](https://issues.redhat.com/browse/OCPBUGS-29348): Added Proxy to non k8s endpoints [#13600](https://github.com/openshift/console/pull/13600) * [OCPBUGS-22431](https://issues.redhat.com/browse/OCPBUGS-22431): Check if filtered object contains name property [#13285](https://github.com/openshift/console/pull/13285) * [OCPBUGS-25213](https://issues.redhat.com/browse/OCPBUGS-25213): add access review for impersonate [#13440](https://github.com/openshift/console/pull/13440) * [OCPBUGS-18116](https://issues.redhat.com/browse/OCPBUGS-18116): Bump helm version [#13104](https://github.com/openshift/console/pull/13104) * [OCPBUGS-24236](https://issues.redhat.com/browse/OCPBUGS-24236): Remove tech preview badge from Pipeline repository pages [#13384](https://github.com/openshift/console/pull/13384) * [OCPBUGS-23413](https://issues.redhat.com/browse/OCPBUGS-23413): Correct logout process [#13342](https://github.com/openshift/console/pull/13342) * [OCPBUGS-24364](https://issues.redhat.com/browse/OCPBUGS-24364): Subsequent PipelineRuns take initial PipelineRun name into account [#13401](https://github.com/openshift/console/pull/13401) * [OCPBUGS-13357](https://issues.redhat.com/browse/OCPBUGS-13357): add multipath device type to LocalVolumeSet [#12805](https://github.com/openshift/console/pull/12805) * [OCPBUGS-23346](https://issues.redhat.com/browse/OCPBUGS-23346): update the KnativeServing API version to v1beta1 for global-config extension [#13334](https://github.com/openshift/console/pull/13334) * [OCPBUGS-23154](https://issues.redhat.com/browse/OCPBUGS-23154): remove expandable toggle for conditional update risk d… [#13322](https://github.com/openshift/console/pull/13322) * [Full changelog](https://github.com/openshift/console/compare/ac4c1a7a20f383d736aca6c2067a2705db698d21...c5c52ed8f54aaa5ea5fcfc08f7c7ceb2f58a9292) ### [console-operator](https://github.com/openshift/console-operator/tree/32e6d25c4ac9fe71bb64fa7b30073a72547f4974) * [OCPBUGS-33386](https://issues.redhat.com/browse/OCPBUGS-33386): Reset console operator's conditions [#898](https://github.com/openshift/console-operator/pull/898) * [OCPBUGS-20988](https://issues.redhat.com/browse/OCPBUGS-20988): Disable HTTP/2 for webhook [#876](https://github.com/openshift/console-operator/pull/876) * [OCPBUGS-30990](https://issues.redhat.com/browse/OCPBUGS-30990): [release-4.12] Bump library-go and golang.org/x/net [#867](https://github.com/openshift/console-operator/pull/867) * [Full changelog](https://github.com/openshift/console-operator/compare/7ea10a2488ec62b73cd4a9b462ff675ef0c9af3d...32e6d25c4ac9fe71bb64fa7b30073a72547f4974) ### [container-networking-plugins](https://github.com/openshift/containernetworking-plugins/tree/cd87d3d3d8f2697b993a48fe8658c3af6e8cbf46) * [ART-13080](https://issues.redhat.com/browse/ART-13080): Fix Hermeto build issues [#198](https://github.com/openshift/containernetworking-plugins/pull/198) * [OCPBUGS-20593](https://issues.redhat.com/browse/OCPBUGS-20593): build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 [backport 4.12] [#131](https://github.com/openshift/containernetworking-plugins/pull/131) * [Full changelog](https://github.com/openshift/containernetworking-plugins/compare/6d237727d7af8981b373cb62509dce1fe19d35b8...cd87d3d3d8f2697b993a48fe8658c3af6e8cbf46) ### [coredns](https://github.com/openshift/coredns/tree/95d00296af2965045ef25de7d04da21d8846b9da) * [OCPBUGS-59711](https://issues.redhat.com/browse/OCPBUGS-59711): Bump github.com/golang/glog to v1.2.4 [#151](https://github.com/openshift/coredns/pull/151) * [Full changelog](https://github.com/openshift/coredns/compare/cc1194ea004f6b4bcb132fd1c6cebee68666d38f...95d00296af2965045ef25de7d04da21d8846b9da) ### [csi-driver-manila, openstack-cinder-csi-driver, openstack-cloud-controller-manager](https://github.com/openshift/cloud-provider-openstack/tree/793222bd9d2acf688cfc6c1903832b9d3d1949a4) * [OCPBUGS-58889](https://issues.redhat.com/browse/OCPBUGS-58889): CARRY: don't ignore json files [#345](https://github.com/openshift/cloud-provider-openstack/pull/345) * And 13 elided commits (e.g. from squash or rebase merges) * [Full changelog](https://github.com/openshift/cloud-provider-openstack/compare/501138d0701e53f30797a7ccc8e344abfb8032f4...793222bd9d2acf688cfc6c1903832b9d3d1949a4) ### [csi-driver-manila-operator](https://github.com/openshift/csi-driver-manila-operator/tree/8dab53208f3a161af85eedd6835c2701d337d5f9) * [OCPBUGS-30295](https://issues.redhat.com/browse/OCPBUGS-30295): Fix selector for manila-csi-driver-controller-metrics service [#228](https://github.com/openshift/csi-driver-manila-operator/pull/228) * [Full changelog](https://github.com/openshift/csi-driver-manila-operator/compare/a0d079a079603589b9e272465f99befb001c23db...8dab53208f3a161af85eedd6835c2701d337d5f9) ### [csi-driver-shared-resource, csi-driver-shared-resource-webhook](https://github.com/openshift/csi-driver-shared-resource/tree/d054948fbc78ef04c7a55ac2a4b3ac0ed5648585) * [OCPBUGS-28953](https://issues.redhat.com/browse/OCPBUGS-28953): Replace 'coreydaley' with 'sayan-biswas' in OWNERS file [#169](https://github.com/openshift/csi-driver-shared-resource/pull/169) * [OCPBUGS-23118](https://issues.redhat.com/browse/OCPBUGS-23118): Should reference configmaps instead of secrets [#154](https://github.com/openshift/csi-driver-shared-resource/pull/154) * [Full changelog](https://github.com/openshift/csi-driver-shared-resource/compare/3a55bd90a9338eea6dee207cbd215b40203265e7...d054948fbc78ef04c7a55ac2a4b3ac0ed5648585) ### [csi-driver-shared-resource-operator](https://github.com/openshift/csi-driver-shared-resource-operator/tree/cc297702e6d2d4fb5a2b57a734c26d0d0a7bec1c) * [OCPBUGS-28959](https://issues.redhat.com/browse/OCPBUGS-28959): Replace 'coreydaley' with 'sayan-biswas' in OWNERS file [#105](https://github.com/openshift/csi-driver-shared-resource-operator/pull/105) * [Full changelog](https://github.com/openshift/csi-driver-shared-resource-operator/compare/d59af21c477d52b680bf8627fb22b145582f1610...cc297702e6d2d4fb5a2b57a734c26d0d0a7bec1c) ### [csi-external-snapshotter, csi-snapshot-controller, csi-snapshot-validation-webhook](https://github.com/openshift/csi-external-snapshotter/tree/6fdb648f67640dbb8b5eed10a1eab9830e6f8cdf) * [OCPBUGS-29244](https://issues.redhat.com/browse/OCPBUGS-29244): cherry-pick:release-4.12: OCPBUGS-29244 Update VolumeSnapshot and VolumeSnapshotContent using JSON patch [#140](https://github.com/openshift/csi-external-snapshotter/pull/140) * [Full changelog](https://github.com/openshift/csi-external-snapshotter/compare/7f04d8aa1bf09e22bf750aa8757345ca2098609b...6fdb648f67640dbb8b5eed10a1eab9830e6f8cdf) ### [docker-builder](https://github.com/openshift/builder/tree/e3554521a3e6270238c4ad4e765187bc77d99e2d) * [OCPBUGS-43296](https://issues.redhat.com/browse/OCPBUGS-43296): Bump buildah to 1.26.9 [#449](https://github.com/openshift/builder/pull/449) * [OCPBUGS-43187](https://issues.redhat.com/browse/OCPBUGS-43187): runc library bump to 1.1.12 [#440](https://github.com/openshift/builder/pull/440) * [OCPBUGS-49345](https://issues.redhat.com/browse/OCPBUGS-49345): skipping some unit tests to avoid failures as they are duplicate [#437](https://github.com/openshift/builder/pull/437) * [OCPBUGS-48738](https://issues.redhat.com/browse/OCPBUGS-48738): Add new team members to the OWNERS file [#433](https://github.com/openshift/builder/pull/433) * Replace 'coreydaley' with 'sayan-biswas' [#408](https://github.com/openshift/builder/pull/408) * [BUILD-854](https://issues.redhat.com/browse/BUILD-854): Add adambkaplan as approver [#406](https://github.com/openshift/builder/pull/406) * [Full changelog](https://github.com/openshift/builder/compare/a1cce53440f2f491c16c1b2c5a5b9986ba28c3fc...e3554521a3e6270238c4ad4e765187bc77d99e2d) ### [docker-registry](https://github.com/openshift/image-registry/tree/e96baf4be1a6f236a44740d0c23847a6d614cf09) * [OCPBUGS-53652](https://issues.redhat.com/browse/OCPBUGS-53652): bump jwt and oauth dependencies [#442](https://github.com/openshift/image-registry/pull/442) * [Full changelog](https://github.com/openshift/image-registry/compare/9e75355ca282cf5abac5595585a4b089e6a95e6f...e96baf4be1a6f236a44740d0c23847a6d614cf09) ### [driver-toolkit](https://github.com/openshift/driver-toolkit/tree/8ab7a753b01301be406dfbbb0064836dcc6dd2de) * [OCPBUGS-63597](https://issues.redhat.com/browse/OCPBUGS-63597): Remove realtime kernel from 4.12.z [#176](https://github.com/openshift/driver-toolkit/pull/176) * [Full changelog](https://github.com/openshift/driver-toolkit/compare/6e5c04c066a428047d1755478cf88b290d32ad8f...8ab7a753b01301be406dfbbb0064836dcc6dd2de) ### [etcd](https://github.com/openshift/etcd/tree/bb82e891abeaddd57e1a07775874d71f2ddd9e85) * [OCPBUGS-28736](https://issues.redhat.com/browse/OCPBUGS-28736): Rebase etcd 3.5.12 openshift 4.12 [#246](https://github.com/openshift/etcd/pull/246) * [OCPBUGS-27102](https://issues.redhat.com/browse/OCPBUGS-27102): Rebase etcd 3.5.11 openshift 4.12 [#240](https://github.com/openshift/etcd/pull/240) * [OCPBUGS-21187](https://issues.redhat.com/browse/OCPBUGS-21187): [4.12] Carrying fixes for CVE-2023-44487 [#228](https://github.com/openshift/etcd/pull/228) * [Full changelog](https://github.com/openshift/etcd/compare/9f987a572bf0cbb244350f62731db57d9e05f9f7...bb82e891abeaddd57e1a07775874d71f2ddd9e85) ### [gcp-cloud-controller-manager](https://github.com/openshift/cloud-provider-gcp/tree/8a84952ec7ff1aa001f885b10ec583540f298c73) * [OCPBUGS-21282](https://issues.redhat.com/browse/OCPBUGS-21282): Bump golang.org/x/net to v0.18.0 [#44](https://github.com/openshift/cloud-provider-gcp/pull/44) * [Full changelog](https://github.com/openshift/cloud-provider-gcp/compare/8d208a7f549b0c039420f67ca7aeff43fc1dcdfc...8a84952ec7ff1aa001f885b10ec583540f298c73) ### [gcp-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-gcp/tree/e00019faa4bd74f70826344a8cc085ba13768422) * [OCPBUGS-21380](https://issues.redhat.com/browse/OCPBUGS-21380): Bump golang.org/x/net to v0.17.0 [#205](https://github.com/openshift/cluster-api-provider-gcp/pull/205) * [Full changelog](https://github.com/openshift/cluster-api-provider-gcp/compare/eea0586cdf2bc859533fa874e1b6df536a6df40d...e00019faa4bd74f70826344a8cc085ba13768422) ### [gcp-machine-controllers](https://github.com/openshift/machine-api-provider-gcp/tree/d6d8c1cc5b58ff7cf311bcb72dbeb00eb704511a) * [OCPBUGS-24564](https://issues.redhat.com/browse/OCPBUGS-24564): Reduce metrics cardinality. [#76](https://github.com/openshift/machine-api-provider-gcp/pull/76) * [OCPBUGS-20833](https://issues.redhat.com/browse/OCPBUGS-20833): Bump x/net package to v0.18.0 [#69](https://github.com/openshift/machine-api-provider-gcp/pull/69) * [Full changelog](https://github.com/openshift/machine-api-provider-gcp/compare/e7cecfc120f25169435e3b00ee020e996f487034...d6d8c1cc5b58ff7cf311bcb72dbeb00eb704511a) ### [haproxy-router](https://github.com/openshift/router/tree/6a092687d2ed1b709403e3bdebc2f069c0ce4a01) * [OCPBUGS-43703](https://issues.redhat.com/browse/OCPBUGS-43703): add duplicate_te_header_total metric [#632](https://github.com/openshift/router/pull/632) * [OCPBUGS-35875](https://issues.redhat.com/browse/OCPBUGS-35875): Properly handle rewrite-target annotation [#610](https://github.com/openshift/router/pull/610) * [OCPBUGS-33432](https://issues.redhat.com/browse/OCPBUGS-33432): Route 'haproxy.router.openshift.io/timeout' value is not validated [#593](https://github.com/openshift/router/pull/593) * [OCPBUGS-34212](https://issues.redhat.com/browse/OCPBUGS-34212): Reject routes with MD5 certs [#601](https://github.com/openshift/router/pull/601) * [OCPBUGS-33517](https://issues.redhat.com/browse/OCPBUGS-33517): Count active services before setting weight to 1 [#581](https://github.com/openshift/router/pull/581) * [Full changelog](https://github.com/openshift/router/compare/bfb66253ac1ed27efea087d6cf0f9ba9d9cb73df...6a092687d2ed1b709403e3bdebc2f069c0ce4a01) ### [hyperkube, pod](https://github.com/openshift/kubernetes/tree/1eb868227a9b8ed70f88be1681321405094d7adf) * [OCPBUGS-37282](https://issues.redhat.com/browse/OCPBUGS-37282): UPSTREAM: 126104: Add funcs in pkg/filesystem/util that can actually … [#2046](https://github.com/openshift/kubernetes/pull/2046) * [OCPBUGS-30454](https://issues.redhat.com/browse/OCPBUGS-30454): CVE 2024-24786 [#1974](https://github.com/openshift/kubernetes/pull/1974) * UPSTREAM: <drop>: Bump golang.org/x/net to v0.23.0 [#1940](https://github.com/openshift/kubernetes/pull/1940) * Address CVE [#13](https://github.com/openshift/kubernetes/pull/13) * [OCPBUGS-15527](https://issues.redhat.com/browse/OCPBUGS-15527): Prevent partially filled HPA behaviors from crashing kube-controller-manager [#1887](https://github.com/openshift/kubernetes/pull/1887) * [OCPBUGS-25815](https://issues.redhat.com/browse/OCPBUGS-25815): Fix device uncertain errors on reboot 4.12 [#1833](https://github.com/openshift/kubernetes/pull/1833) * [OCPBUGS-25214](https://issues.redhat.com/browse/OCPBUGS-25214): legacy-cloud-providers: prevent index out-of-range in getNextUnitNumber [#1835](https://github.com/openshift/kubernetes/pull/1835) * [OCPBUGS-23568](https://issues.redhat.com/browse/OCPBUGS-23568): Update to kubernetes 1.25.16 [#1807](https://github.com/openshift/kubernetes/pull/1807) * [OCPBUGS-23288](https://issues.redhat.com/browse/OCPBUGS-23288): UPSTREAM: 121881: Use golang library instead of mklink [#1803](https://github.com/openshift/kubernetes/pull/1803) * [Full changelog](https://github.com/openshift/kubernetes/compare/bcb9a60b6dd786b47efadc18231a7db3856ec482...1eb868227a9b8ed70f88be1681321405094d7adf) ### [hypershift](https://github.com/openshift/hypershift/tree/99714862cffdb9d1ef30fee80eff1f521c067e7c) * Updating ose-hypershift-container image to be consistent with ART for 4.12 [#6976](https://github.com/openshift/hypershift/pull/6976) * [OCPBUGS-41516](https://issues.redhat.com/browse/OCPBUGS-41516): set Konnectivity cipher suites [#4283](https://github.com/openshift/hypershift/pull/4283) * [Full changelog](https://github.com/openshift/hypershift/compare/6f1e70162329ed38cb7e58622fc79955e4338f02...99714862cffdb9d1ef30fee80eff1f521c067e7c) ### [ibm-cloud-controller-manager](https://github.com/openshift/cloud-provider-ibm/tree/8bd0ea8fadbbb09ed912984d3dc6903a0aad0562) * [OCPBUGS-24644](https://issues.redhat.com/browse/OCPBUGS-24644): Add Snyk file to exclude vendor directory on scan [#67](https://github.com/openshift/cloud-provider-ibm/pull/67) * [OCPBUGS-21113](https://issues.redhat.com/browse/OCPBUGS-21113): Bump golang.org/x/net to v0.18.0 [#57](https://github.com/openshift/cloud-provider-ibm/pull/57) * [Full changelog](https://github.com/openshift/cloud-provider-ibm/compare/e5f25fc64911215a3a78cab186cba49cbd51dec6...8bd0ea8fadbbb09ed912984d3dc6903a0aad0562) ### [ibm-vpc-block-csi-driver](https://github.com/openshift/ibm-vpc-block-csi-driver/tree/5ce896a55cd577f54a4ef1acd16ffd90afd03786) * [OCPBUGS-58873](https://issues.redhat.com/browse/OCPBUGS-58873): bump github.com/golang/glog to v1.2.4 [#111](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/111) * [OCPBUGS-56067](https://issues.redhat.com/browse/OCPBUGS-56067): tech debt: rework vendor patches [#95](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/95) * [OCPBUGS-53908](https://issues.redhat.com/browse/OCPBUGS-53908): bump github.com/golang-jwt/jwt/v4 to v4.5.2 [#88](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/88) * [OCPBUGS-36063](https://issues.redhat.com/browse/OCPBUGS-36063): CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 [#75](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/75) * [Full changelog](https://github.com/openshift/ibm-vpc-block-csi-driver/compare/3ddaa8298f63cf342aa344003dcef6ecd4a721f2...5ce896a55cd577f54a4ef1acd16ffd90afd03786) ### [ibm-vpc-block-csi-driver-operator](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/tree/336d03edbdf5365ac358d798ac469d6398269977) * [OCPBUGS-60058](https://issues.redhat.com/browse/OCPBUGS-60058): [IBM VPC] set offlineExpansion to false in e2e test manifest [#153](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/153) * [OCPBUGS-36069](https://issues.redhat.com/browse/OCPBUGS-36069): CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 [#124](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/124) * [Full changelog](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/compare/946ac1326c83727a7791218f1cdf3290dd55ed17...336d03edbdf5365ac358d798ac469d6398269977) ### [ibm-vpc-node-label-updater](https://github.com/openshift/ibm-vpc-node-label-updater/tree/3cca5da2818c414e11e594c1d1087f86a39b2de2) * [OCPBUGS-56067](https://issues.redhat.com/browse/OCPBUGS-56067): tech debt: rework vendor patches [#52](https://github.com/openshift/ibm-vpc-node-label-updater/pull/52) * [OCPBUGS-53540](https://issues.redhat.com/browse/OCPBUGS-53540): bump github.com/golang-jwt/jwt/v4 to v4.5.2 [#48](https://github.com/openshift/ibm-vpc-node-label-updater/pull/48) * [Full changelog](https://github.com/openshift/ibm-vpc-node-label-updater/compare/f9da23ac8abe04dc1615763e120cd174bde6e617...3cca5da2818c414e11e594c1d1087f86a39b2de2) ### [ibmcloud-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-ibmcloud/tree/42fddaf18dee49d6ea02e63cbcc2053dbdce4f14) * [OCPBUGS-67292](https://issues.redhat.com/browse/OCPBUGS-67292): [release-4.12] Fix incomplete vendor/ [#134](https://github.com/openshift/cluster-api-provider-ibmcloud/pull/134) * [OCPBUGS-21397](https://issues.redhat.com/browse/OCPBUGS-21397): UPSTREAM: <carry>: bump golang.org/x/net to v0.18.0 [#67](https://github.com/openshift/cluster-api-provider-ibmcloud/pull/67) * [Full changelog](https://github.com/openshift/cluster-api-provider-ibmcloud/compare/c1304c80d736559ced3049c076535d53020d5d9d...42fddaf18dee49d6ea02e63cbcc2053dbdce4f14) ### [insights-operator](https://github.com/openshift/insights-operator/tree/6b543885144d6eb40c7c8342dac15f80e77bb4fa) * [OCPBUGS-32004](https://issues.redhat.com/browse/OCPBUGS-32004): bump golang.org/x/net version (#932) [#932](https://github.com/openshift/insights-operator/pull/932) * [OCPBUGS-28519](https://issues.redhat.com/browse/OCPBUGS-28519): Add extra check in ids to bypass validations (#906) [#906](https://github.com/openshift/insights-operator/pull/906) * adds helm information gather (#890) [#890](https://github.com/openshift/insights-operator/pull/890) * [OCPBUGS-23439](https://issues.redhat.com/browse/OCPBUGS-23439): remove username & password config options (#869) [#869](https://github.com/openshift/insights-operator/pull/869) * [OCPBUGS-22922](https://issues.redhat.com/browse/OCPBUGS-22922): create Prometheus rules programmatically according the… (#860) (#862) [#860](https://github.com/openshift/insights-operator/pull/860) * [Full changelog](https://github.com/openshift/insights-operator/compare/48e5abb52202bc14307ca63c80aa853e3d36e423...6b543885144d6eb40c7c8342dac15f80e77bb4fa) ### [ironic](https://github.com/openshift/ironic-image/tree/2869b1ec37e19ccf364d95c7fb7dac458032c5bd) * [OCPBUGS-48145](https://issues.redhat.com/browse/OCPBUGS-48145), [OCPBUGS-48596](https://issues.redhat.com/browse/OCPBUGS-48596): Bump jinja to 3.0.1-6.el9.2 [#627](https://github.com/openshift/ironic-image/pull/627) * [OCPBUGS-43949](https://issues.redhat.com/browse/OCPBUGS-43949), [OCPBUGS-43957](https://issues.redhat.com/browse/OCPBUGS-43957): Bump python-waitress [4.12] [#609](https://github.com/openshift/ironic-image/pull/609) * [OCPBUGS-37766](https://issues.redhat.com/browse/OCPBUGS-37766), [OCPBUGS-39385](https://issues.redhat.com/browse/OCPBUGS-39385): Include fixes for CVE-2024-44082 [#586](https://github.com/openshift/ironic-image/pull/586) * [OCPBUGS-38513](https://issues.redhat.com/browse/OCPBUGS-38513): set min version for python3-webob [#558](https://github.com/openshift/ironic-image/pull/558) * [OCPBUGS-33373](https://issues.redhat.com/browse/OCPBUGS-33373): bump werkzeug [#547](https://github.com/openshift/ironic-image/pull/547) * [OCPBUGS-34897](https://issues.redhat.com/browse/OCPBUGS-34897): bump jinja2 [#541](https://github.com/openshift/ironic-image/pull/541) * [OCPBUGS-32362](https://issues.redhat.com/browse/OCPBUGS-32362): [4.12] remove unused prometheus-exporter [#489](https://github.com/openshift/ironic-image/pull/489) * [OCPBUGS-32386](https://issues.redhat.com/browse/OCPBUGS-32386): Use unix sockets by default for reverse proxy communication [#477](https://github.com/openshift/ironic-image/pull/477) * [OCPBUGS-29229](https://issues.redhat.com/browse/OCPBUGS-29229): Fix Inspector iPXE config for IPv6 addresses [#454](https://github.com/openshift/ironic-image/pull/454) * [OCPBUGS-23979](https://issues.redhat.com/browse/OCPBUGS-23979): Ironic side of external_http_url (METAL-163) is not wired in correctly [#431](https://github.com/openshift/ironic-image/pull/431) * [OCPBUGS-23357](https://issues.redhat.com/browse/OCPBUGS-23357): Upgrade werkzeug dependency [#423](https://github.com/openshift/ironic-image/pull/423) * [OCPBUGS-23182](https://issues.redhat.com/browse/OCPBUGS-23182): Use bash process substitution instead of pipe [#419](https://github.com/openshift/ironic-image/pull/419) * [OCPBUGS-19064](https://issues.redhat.com/browse/OCPBUGS-19064): Handle Eject DVD in 4.12 [#417](https://github.com/openshift/ironic-image/pull/417) * [Full changelog](https://github.com/openshift/ironic-image/compare/92d89c5dff7a1529ee0e294fd93c525f1156db9d...2869b1ec37e19ccf364d95c7fb7dac458032c5bd) ### [ironic-agent](https://github.com/openshift/ironic-agent-image/tree/fc37dec83ae7cbd6878a5ddcc25126f424586095) * [OCPBUGS-39385](https://issues.redhat.com/browse/OCPBUGS-39385): Include fixes for CVE-2024-44082 [#165](https://github.com/openshift/ironic-agent-image/pull/165) * [OCPBUGS-38513](https://issues.redhat.com/browse/OCPBUGS-38513): set webob and bump werkzeug [#153](https://github.com/openshift/ironic-agent-image/pull/153) * [OCPBUGS-29769](https://issues.redhat.com/browse/OCPBUGS-29769): Always add ignition to set hostname on /etc/hostname [#112](https://github.com/openshift/ironic-agent-image/pull/112) * [Full changelog](https://github.com/openshift/ironic-agent-image/compare/726ddd3666be569f6bf443cbc7fa2ac67f6d5d26...fc37dec83ae7cbd6878a5ddcc25126f424586095) ### [k8s-prometheus-adapter](https://github.com/openshift/k8s-prometheus-adapter/tree/36c06694097a1a09a8c4e1f70a9025187814cb1a) * [OCPBUGS-21441](https://issues.redhat.com/browse/OCPBUGS-21441): upgrade golang.org/x/net to 0.17.0 to address CVE [#91](https://github.com/openshift/k8s-prometheus-adapter/pull/91) * [Full changelog](https://github.com/openshift/k8s-prometheus-adapter/compare/5fc351d2b57da06005e6d31c2e31a60963123a67...36c06694097a1a09a8c4e1f70a9025187814cb1a) ### [kube-proxy, sdn](https://github.com/openshift/sdn/tree/5fe565c4c0255b77ee1b2e45cc48e64f39f33e4c) * [OCPBUGS-56130](https://issues.redhat.com/browse/OCPBUGS-56130): Handle `openshift-host-network` namespace as special when it modifies [#657](https://github.com/openshift/sdn/pull/657) * [OCPBUGS-20753](https://issues.redhat.com/browse/OCPBUGS-20753): update x/net to v0.17.0 [#615](https://github.com/openshift/sdn/pull/615) * [OCPBUGS-22972](https://issues.redhat.com/browse/OCPBUGS-22972): Change the permission of 80-openshift-network.conf to 600 [#583](https://github.com/openshift/sdn/pull/583) * [Full changelog](https://github.com/openshift/sdn/compare/dc9f9af9098af5d29801b12d33c123f02c21cae0...5fe565c4c0255b77ee1b2e45cc48e64f39f33e4c) ### [kube-rbac-proxy](https://github.com/openshift/kube-rbac-proxy/tree/c69fae7877557d64dce64f36e0a78751952571c4) * [OCPBUGS-32000](https://issues.redhat.com/browse/OCPBUGS-32000): CVE-2023-45288 [4.12] [#106](https://github.com/openshift/kube-rbac-proxy/pull/106) * [Full changelog](https://github.com/openshift/kube-rbac-proxy/compare/b17014fefeb55512dd015d3024184c8c4692588b...c69fae7877557d64dce64f36e0a78751952571c4) ### [kube-state-metrics](https://github.com/openshift/kube-state-metrics/tree/748f71317b9d3e3e5a96b14131294e2695f26434) * [OCPBUGS-20764](https://issues.redhat.com/browse/OCPBUGS-20764): bump x/net to v0.17.0 [#103](https://github.com/openshift/kube-state-metrics/pull/103) * [Full changelog](https://github.com/openshift/kube-state-metrics/compare/9a1bf9b8c6b2da07214eb934e4d1f86d1700a2ce...748f71317b9d3e3e5a96b14131294e2695f26434) ### [kube-storage-version-migrator](https://github.com/openshift/kubernetes-kube-storage-version-migrator/tree/74ce8d51565468765cbb41a8ebf65fb9519522d5) * NO-JIRA: Add DOWNSTREAM_OWNERS (release 4-11). [#231](https://github.com/openshift/kubernetes-kube-storage-version-migrator/pull/231) * [Full changelog](https://github.com/openshift/kubernetes-kube-storage-version-migrator/compare/596745cec38b8401d1d906bfb9d3d78fdaeabcde...74ce8d51565468765cbb41a8ebf65fb9519522d5) ### [machine-api-operator](https://github.com/openshift/machine-api-operator/tree/b6c243d139f4345a88d5678eb6ba6041a2abb405) * [OCPBUGS-43872](https://issues.redhat.com/browse/OCPBUGS-43872): install/0000_30_machine-api-operator_00_credentials-request: Set skipServiceCheck again for GCP [#1305](https://github.com/openshift/machine-api-operator/pull/1305) * [OCPBUGS-32007](https://issues.redhat.com/browse/OCPBUGS-32007): Update x/net to v0.25.0 [#1257](https://github.com/openshift/machine-api-operator/pull/1257) * [OCPBUGS-25303](https://issues.redhat.com/browse/OCPBUGS-25303): Update reference URL [#1189](https://github.com/openshift/machine-api-operator/pull/1189) * [OCPBUGS-21501](https://issues.redhat.com/browse/OCPBUGS-21501): Bump golang.org/x/net to v0.18.0 [#1176](https://github.com/openshift/machine-api-operator/pull/1176) * [Full changelog](https://github.com/openshift/machine-api-operator/compare/a6c42a425610c1f634475f5e1014ee8b2dbd9437...b6c243d139f4345a88d5678eb6ba6041a2abb405) ### [machine-config-operator](https://github.com/openshift/machine-config-operator/tree/ec8a839096d23e263bc4612b0c93ebb3543db33f) * [OCPBUGS-58874](https://issues.redhat.com/browse/OCPBUGS-58874): [release-4.12] Bump golang/glog to fix CVE-2024-45339 [#5174](https://github.com/openshift/machine-config-operator/pull/5174) * [OCPBUGS-44325](https://issues.redhat.com/browse/OCPBUGS-44325): Panic seen in CI job for MCC pod [#4689](https://github.com/openshift/machine-config-operator/pull/4689) * [OCPBUGS-38382](https://issues.redhat.com/browse/OCPBUGS-38382): [release-4.12] daemon/update: disable systemd unit before overwriting [#4530](https://github.com/openshift/machine-config-operator/pull/4530) * [OCPBUGS-33665](https://issues.redhat.com/browse/OCPBUGS-33665): Run resolv-prepender entirely async [#4364](https://github.com/openshift/machine-config-operator/pull/4364) * [OCPBUGS-30829](https://issues.redhat.com/browse/OCPBUGS-30829): Add existing kubeletconfig/ctrcfg mc-name-suffix annotation [#4257](https://github.com/openshift/machine-config-operator/pull/4257) * [OCPBUGS-30823](https://issues.redhat.com/browse/OCPBUGS-30823): Introduce kubelet-dependencies.target and firstboot-osupdate.target [#4268](https://github.com/openshift/machine-config-operator/pull/4268) * [OCPBUGS-30329](https://issues.redhat.com/browse/OCPBUGS-30329): set nodeStatusReportFrequency [#4246](https://github.com/openshift/machine-config-operator/pull/4246) * [OCPBUGS-19659](https://issues.redhat.com/browse/OCPBUGS-19659): After dual-stack conversion reconcile IPFamilies [#3936](https://github.com/openshift/machine-config-operator/pull/3936) * [OCPBUGS-29366](https://issues.redhat.com/browse/OCPBUGS-29366): release-4.12: fix nodeStatusUpdateFrequency [#4180](https://github.com/openshift/machine-config-operator/pull/4180) * [OCPBUGS-29278](https://issues.redhat.com/browse/OCPBUGS-29278): crio: drop automatic image cleanup on upgrades [#4178](https://github.com/openshift/machine-config-operator/pull/4178) * [OCPBUGS-14071](https://issues.redhat.com/browse/OCPBUGS-14071): Imageinspect takes type of error into account, drop podman inspect fallback [#3717](https://github.com/openshift/machine-config-operator/pull/3717) * [Full changelog](https://github.com/openshift/machine-config-operator/compare/ef25c81205a65d5361cfc464e16fd5d47c0c6f17...ec8a839096d23e263bc4612b0c93ebb3543db33f) ### [machine-image-customization-controller](https://github.com/openshift/image-customization-controller/tree/e456249dbf0c5456bd0671d41a4445bd266b3660) * [OCPBUGS-27090](https://issues.redhat.com/browse/OCPBUGS-27090): configurable ironic agent vlan creation [#119](https://github.com/openshift/image-customization-controller/pull/119) * [Full changelog](https://github.com/openshift/image-customization-controller/compare/c3f78200e83b7adf4f3886aa79cadd1b2a12bcc8...e456249dbf0c5456bd0671d41a4445bd266b3660) ### [machine-os-images](https://github.com/openshift/machine-os-images/tree/1964124713ead86fb22c93fd21b2a1a170551ff5) * [OCPBUGS-54173](https://issues.redhat.com/browse/OCPBUGS-54173): Change rhcos release browser url [#61](https://github.com/openshift/machine-os-images/pull/61) * [Full changelog](https://github.com/openshift/machine-os-images/compare/566bf59501f178bd80e410fda66cc424de6a4891...1964124713ead86fb22c93fd21b2a1a170551ff5) ### [multus-admission-controller](https://github.com/openshift/multus-admission-controller/tree/0a12d741af986ef1f8c4609b452cb96594088eb3) * [OCPBUGS-60292](https://issues.redhat.com/browse/OCPBUGS-60292): Bump github.com/golang/glog to v1.2.4 [#107](https://github.com/openshift/multus-admission-controller/pull/107) * [OCPBUGS-60850](https://issues.redhat.com/browse/OCPBUGS-60850): Update owners [#109](https://github.com/openshift/multus-admission-controller/pull/109) * [OCPBUGS-21330](https://issues.redhat.com/browse/OCPBUGS-21330): Update go.mod for CVE-2023-39325 [Release-4.12] [#73](https://github.com/openshift/multus-admission-controller/pull/73) * [Full changelog](https://github.com/openshift/multus-admission-controller/compare/5bd752a1dfe37d5894cd59b66aff6fe4a6a64cfc...0a12d741af986ef1f8c4609b452cb96594088eb3) ### [multus-cni](https://github.com/openshift/multus-cni/tree/07d8af54f06652b283dc0aa8db68d438c4bfe741) * [OCPBUGS-28520](https://issues.redhat.com/browse/OCPBUGS-28520): Fix SAST scan issues for multus-cni-container [4.12] [#225](https://github.com/openshift/multus-cni/pull/225) * [OCPBUGS-21061](https://issues.redhat.com/browse/OCPBUGS-21061): Update go.mod for CVE-2023-39325 [Release-4.12] [#196](https://github.com/openshift/multus-cni/pull/196) * [Full changelog](https://github.com/openshift/multus-cni/compare/365d09e587137574c2ec78b5e28f995f59528b7f...07d8af54f06652b283dc0aa8db68d438c4bfe741) ### [multus-networkpolicy](https://github.com/openshift/multus-networkpolicy/tree/644461f25fb6b45054d1a8be7a996670959a5a9d) * [OCPBUGS-21420](https://issues.redhat.com/browse/OCPBUGS-21420): Update go.mod for CVE-2023-39325 (#36) [#36](https://github.com/openshift/multus-networkpolicy/pull/36) * [Full changelog](https://github.com/openshift/multus-networkpolicy/compare/421718ab8efebb735fd8e0ec5a3c94d78d1d7ac1...644461f25fb6b45054d1a8be7a996670959a5a9d) ### [multus-whereabouts-ipam-cni](https://github.com/openshift/whereabouts-cni/tree/5993d022e7fad3a1bede89235502f1a90f618bf2) * [OCPBUGS-37942](https://issues.redhat.com/browse/OCPBUGS-37942), [OCPBUGS-38019](https://issues.redhat.com/browse/OCPBUGS-38019): [release-4.12] Stateful fixes [#310](https://github.com/openshift/whereabouts-cni/pull/310) * [OCPBUGS-28801](https://issues.redhat.com/browse/OCPBUGS-28801): [release-4.12] Enable whereabouts config [#244](https://github.com/openshift/whereabouts-cni/pull/244) * [OCPBUGS-16008](https://issues.redhat.com/browse/OCPBUGS-16008): Cherry pick fix assignment 4.12 [#238](https://github.com/openshift/whereabouts-cni/pull/238) * [OCPBUGS-21499](https://issues.redhat.com/browse/OCPBUGS-21499): update golang.org/x/net to v0.17.0 [#209](https://github.com/openshift/whereabouts-cni/pull/209) * [Full changelog](https://github.com/openshift/whereabouts-cni/compare/e56594f9a848625d2997b0f159959114e8ff5970...5993d022e7fad3a1bede89235502f1a90f618bf2) ### [must-gather](https://github.com/openshift/must-gather/tree/a4db96b0b046ee976cd63b1de4570d698eb6341a) * [OCPBUGS-48086](https://issues.redhat.com/browse/OCPBUGS-48086): Update owners [#477](https://github.com/openshift/must-gather/pull/477) * [OCPBUGS-24523](https://issues.redhat.com/browse/OCPBUGS-24523): [release-4.12] Add csi-proxy logs collection in must-gather for Windows nodes [#394](https://github.com/openshift/must-gather/pull/394) * [Full changelog](https://github.com/openshift/must-gather/compare/5fd2176182e7aec687da553fe185b9f6f739bbb2...a4db96b0b046ee976cd63b1de4570d698eb6341a) ### [network-metrics-daemon](https://github.com/openshift/network-metrics-daemon/tree/98d9349d6f0c71d5eecf4391da7a471a1e205471) * -sOCPBUGS-59700:Bump github.com/golang/glog to v1.2.4 (#125) [#125](https://github.com/openshift/network-metrics-daemon/pull/125) * Replace e2e test image (#134) [#134](https://github.com/openshift/network-metrics-daemon/pull/134) * swtich golint install method (#133) [#133](https://github.com/openshift/network-metrics-daemon/pull/133) * Correct 4.16 owners file (#131) [#131](https://github.com/openshift/network-metrics-daemon/pull/131) * Added METRIC_TEST_IMAGE var (#92) [#92](https://github.com/openshift/network-metrics-daemon/pull/92) * Update the k8s dependencies to 1.25.15 (#84) [#84](https://github.com/openshift/network-metrics-daemon/pull/84) * [Full changelog](https://github.com/openshift/network-metrics-daemon/compare/74202ec3b360556526e9652dc25ba6e2f19d19bb...98d9349d6f0c71d5eecf4391da7a471a1e205471) ### [nutanix-machine-controllers](https://github.com/openshift/machine-api-provider-nutanix/tree/d2ef4ae39a7a7264ac4d4e6fb94f95781bd26877) * [OCPBUGS-51849](https://issues.redhat.com/browse/OCPBUGS-51849): Fixing CVE-2025-22868 [#121](https://github.com/openshift/machine-api-provider-nutanix/pull/121) * [OCPBUGS-47263](https://issues.redhat.com/browse/OCPBUGS-47263): fixing CVE-2024-45338 [#114](https://github.com/openshift/machine-api-provider-nutanix/pull/114) * [OCPBUGS-20956](https://issues.redhat.com/browse/OCPBUGS-20956): bump golang.org/x/net to v0.17.0 [#88](https://github.com/openshift/machine-api-provider-nutanix/pull/88) * [OCPBUGS-25675](https://issues.redhat.com/browse/OCPBUGS-25675): Fix CI by running tests natively by default [#62](https://github.com/openshift/machine-api-provider-nutanix/pull/62) * [Full changelog](https://github.com/openshift/machine-api-provider-nutanix/compare/25aea2d4b370e42e67edab85c15c9ed56b98e134...d2ef4ae39a7a7264ac4d4e6fb94f95781bd26877) ### [oauth-apiserver](https://github.com/openshift/oauth-apiserver/tree/1053f14213faf18c67162760598a8fc47a5ad4b5) * [OCPBUGS-32010](https://issues.redhat.com/browse/OCPBUGS-32010): bump x/net to 0.24.0 [#113](https://github.com/openshift/oauth-apiserver/pull/113) * [OCPBUGS-21049](https://issues.redhat.com/browse/OCPBUGS-21049): Bump K8s to v1.25 [#104](https://github.com/openshift/oauth-apiserver/pull/104) * [Full changelog](https://github.com/openshift/oauth-apiserver/compare/cfafdccf09150ab55b8b853df16e4395ff3bda4b...1053f14213faf18c67162760598a8fc47a5ad4b5) ### [oauth-server](https://github.com/openshift/oauth-server/tree/0c434f420b178093a2e940dfb2c445ff638d1914) * [OCPBUGS-27478](https://issues.redhat.com/browse/OCPBUGS-27478): bump osin deps [#144](https://github.com/openshift/oauth-server/pull/144) * [Full changelog](https://github.com/openshift/oauth-server/compare/0f83669be9b7caa6f82799b4bd2fd659d3b31aee...0c434f420b178093a2e940dfb2c445ff638d1914) ### [oc-mirror](https://github.com/openshift/oc-mirror/tree/072aeade7ac676473fe24c06c0a9433ea187915f) * changes the owners file (#1011) [#1011](https://github.com/openshift/oc-mirror/pull/1011) * [OCPBUGS-48513](https://issues.redhat.com/browse/OCPBUGS-48513): e2e: use same version of crane as in go.mod (#1027) [#1027](https://github.com/openshift/oc-mirror/pull/1027) * Bump version to include v5.11.0 of go-git (#825) [#825](https://github.com/openshift/oc-mirror/pull/825) * [OCPBUGS-385](https://issues.redhat.com/browse/OCPBUGS-385): Capability to override default channel (#749) (#796) [#749](https://github.com/openshift/oc-mirror/pull/749) * [OCPBUGS-19429](https://issues.redhat.com/browse/OCPBUGS-19429): Fix cross EUS channel upgrade path calculation (#779) [#779](https://github.com/openshift/oc-mirror/pull/779) * [Full changelog](https://github.com/openshift/oc-mirror/compare/cb502f92989b252033c5e1f6259ac8b5082ae77a...072aeade7ac676473fe24c06c0a9433ea187915f) ### [olm-rukpak](https://github.com/openshift/operator-framework-rukpak/tree/bb06dd0133acc2d10fa5425d90557edc068f48a7) * : OCPBUGS-27593,OCPBUGS-27678: Update go-git to v5.11.0 [#76](https://github.com/openshift/operator-framework-rukpak/pull/76) * [OCPBUGS-23449](https://issues.redhat.com/browse/OCPBUGS-23449): [release-4.12] Address http2 Vulnerability [#64](https://github.com/openshift/operator-framework-rukpak/pull/64) * And 1 elided commits (e.g. from squash or rebase merges) * [Full changelog](https://github.com/openshift/operator-framework-rukpak/compare/535e32a7af638fa336c14a74b88be83a7e353d4e...bb06dd0133acc2d10fa5425d90557edc068f48a7) ### [openshift-apiserver](https://github.com/openshift/openshift-apiserver/tree/b0407e37de04934135f86b69d4629e8c6a190fdf) * [OCPBUGS-32447](https://issues.redhat.com/browse/OCPBUGS-32447): ose-openshift-apiserver-container: golang: net/http, x… [#481](https://github.com/openshift/openshift-apiserver/pull/481) * : OCPBUGS-21429: Enable HTTP/2 CVE mitigation [#399](https://github.com/openshift/openshift-apiserver/pull/399) * [Full changelog](https://github.com/openshift/openshift-apiserver/compare/635ed5cc49f0d9668969a8a78bec91d426b4d26b...b0407e37de04934135f86b69d4629e8c6a190fdf) ### [openshift-controller-manager](https://github.com/openshift/openshift-controller-manager/tree/d32006c1a8ac30273ea040dccbe6307db8e1fcba) * [OCPBUGS-58296](https://issues.redhat.com/browse/OCPBUGS-58296): Inconsistencies in dependencies are fixed [#410](https://github.com/openshift/openshift-controller-manager/pull/410) * [OCPBUGS-58157](https://issues.redhat.com/browse/OCPBUGS-58157): Set node-pullsecrets volume to read-only to protect image pull credentials [#403](https://github.com/openshift/openshift-controller-manager/pull/403) * [OCPBUGS-57171](https://issues.redhat.com/browse/OCPBUGS-57171): Empty proxy variables are causing issues during the build [#389](https://github.com/openshift/openshift-controller-manager/pull/389) * [OCPBUGS-49644](https://issues.redhat.com/browse/OCPBUGS-49644): Add new team members to the OWNERS file [#364](https://github.com/openshift/openshift-controller-manager/pull/364) * [OCPBUGS-41953](https://issues.redhat.com/browse/OCPBUGS-41953): Add adambkaplan as approver [#336](https://github.com/openshift/openshift-controller-manager/pull/336) * [Full changelog](https://github.com/openshift/openshift-controller-manager/compare/b6528f9ea28164af9f1ceea0e50f18116fe3c90e...d32006c1a8ac30273ea040dccbe6307db8e1fcba) ### [openshift-state-metrics](https://github.com/openshift/openshift-state-metrics/tree/3d5dc18d2bee5ba7132560bf40790af997952d33) * [OCPBUGS-20706](https://issues.redhat.com/browse/OCPBUGS-20706): bump `x/net` to v0.17.0 [#106](https://github.com/openshift/openshift-state-metrics/pull/106) * [Full changelog](https://github.com/openshift/openshift-state-metrics/compare/4c711c74a0857e55604d11bd975b32b9956db6a0...3d5dc18d2bee5ba7132560bf40790af997952d33) ### [operator-lifecycle-manager, operator-registry](https://github.com/openshift/operator-framework-olm/tree/fb533b02cdbe23831048f719f84eeb263f79f3d4) * [OCPBUGS-61471](https://issues.redhat.com/browse/OCPBUGS-61471): [release-4.12] Add NetworkPolicy as a supported kind [#1054](https://github.com/openshift/operator-framework-olm/pull/1054) * [OCPBUGS-61392](https://issues.redhat.com/browse/OCPBUGS-61392): [4.12] e2e stability fixes [#1087](https://github.com/openshift/operator-framework-olm/pull/1087) * [OCPBUGS-46925](https://issues.redhat.com/browse/OCPBUGS-46925), [OCPBUGS-46932](https://issues.redhat.com/browse/OCPBUGS-46932), [OCPBUGS-47312](https://issues.redhat.com/browse/OCPBUGS-47312): x/net bump to v0.34.0 [release-4.12] [#943](https://github.com/openshift/operator-framework-olm/pull/943) * NO-ISSUE: [release-4.12] Backport e2e fixes [#880](https://github.com/openshift/operator-framework-olm/pull/880) * [OCPBUGS-38610](https://issues.redhat.com/browse/OCPBUGS-38610): (fix) Resolver: list CatSrc using client, instead of referring to registry-server cache (#3349) [#875](https://github.com/openshift/operator-framework-olm/pull/875) * [OCPBUGS-42161](https://issues.redhat.com/browse/OCPBUGS-42161): adds paginating lister for evaluating CRs' upgrade fitness versus new CRDs [#873](https://github.com/openshift/operator-framework-olm/pull/873) * [OCPBUGS-41881](https://issues.redhat.com/browse/OCPBUGS-41881): [CARRY] perform operator apiService certificate validity checks directly [#866](https://github.com/openshift/operator-framework-olm/pull/866) * [OCPBUGS-32854](https://issues.redhat.com/browse/OCPBUGS-32854): bump go-jose to v2.6.3 [#782](https://github.com/openshift/operator-framework-olm/pull/782) * [OCPBUGS-35242](https://issues.redhat.com/browse/OCPBUGS-35242): Unblock CI [#773](https://github.com/openshift/operator-framework-olm/pull/773) * [OCPBUGS-27563](https://issues.redhat.com/browse/OCPBUGS-27563), [OCPBUGS-27568](https://issues.redhat.com/browse/OCPBUGS-27568), [OCPBUGS-27648](https://issues.redhat.com/browse/OCPBUGS-27648), [OCPBUGS-27653](https://issues.redhat.com/browse/OCPBUGS-27653): bump go-git/v5 to 5.11.0 [#688](https://github.com/openshift/operator-framework-olm/pull/688) * [OCPBUGS-27962](https://issues.redhat.com/browse/OCPBUGS-27962): [CARRY] SSC RBAC [#671](https://github.com/openshift/operator-framework-olm/pull/671) * [OCPBUGS-28229](https://issues.redhat.com/browse/OCPBUGS-28229): Registry Pod Controller Flag [#673](https://github.com/openshift/operator-framework-olm/pull/673) * [OCPBUGS-24619](https://issues.redhat.com/browse/OCPBUGS-24619): Update to latest k8s v0.25.15 API server and enable HTTP/2 DoS mitigations [#660](https://github.com/openshift/operator-framework-olm/pull/660) * [Full changelog](https://github.com/openshift/operator-framework-olm/compare/95f63f30d44cb1bce84d419611c5833a57875b3b...fb533b02cdbe23831048f719f84eeb263f79f3d4) ### [operator-marketplace](https://github.com/operator-framework/operator-marketplace/tree/a3aeac97943021b26c29c5eadcb5db364f6dfcd5) * [OCPBUGS-49426](https://issues.redhat.com/browse/OCPBUGS-49426): Upgrade golang.org/x/net [release-4.12] [#591](https://github.com/operator-framework/operator-marketplace/pull/591) * NO-ISSUE: Updating marketplace-operator images to be consistent with ART [4.12] [#510](https://github.com/operator-framework/operator-marketplace/pull/510) * [OCPBUGS-32081](https://issues.redhat.com/browse/OCPBUGS-32081): update golang.org/x/net for CVE-2023-45288 [#567](https://github.com/operator-framework/operator-marketplace/pull/567) * [Full changelog](https://github.com/operator-framework/operator-marketplace/compare/06a56643da746dee338cf1625f82a7ff07c9cdac...a3aeac97943021b26c29c5eadcb5db364f6dfcd5) ### [ovirt-csi-driver](https://github.com/openshift/ovirt-csi-driver/tree/87ab37895e56ea3c80be0163571fa593ce96d86b) * [OCPBUGS-23162](https://issues.redhat.com/browse/OCPBUGS-23162): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#131](https://github.com/openshift/ovirt-csi-driver/pull/131) * [Full changelog](https://github.com/openshift/ovirt-csi-driver/compare/64d58fb5438d5f22550ab20951cad32a886952ef...87ab37895e56ea3c80be0163571fa593ce96d86b) ### [ovirt-csi-driver-operator](https://github.com/openshift/ovirt-csi-driver-operator/tree/e5e02335951010745a42f472a0656b5948ffdade) * [OCPBUGS-23266](https://issues.redhat.com/browse/OCPBUGS-23266): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#128](https://github.com/openshift/ovirt-csi-driver-operator/pull/128) * [Full changelog](https://github.com/openshift/ovirt-csi-driver-operator/compare/35c7cb909a646a522605196779622bd3fcbb1d11...e5e02335951010745a42f472a0656b5948ffdade) ### [ovn-kubernetes, ovn-kubernetes-microshift](https://github.com/openshift/ovn-kubernetes/tree/cced5e1b397be7d36344599734604403b4a670c4) * [OCPBUGS-59935](https://issues.redhat.com/browse/OCPBUGS-59935): Dockerfile: Remove ovs version pinning [#2698](https://github.com/openshift/ovn-kubernetes/pull/2698) * NO-JIRA: Updating ose-ovn-kubernetes-container image to be consistent with ART for 4.12 [#2092](https://github.com/openshift/ovn-kubernetes/pull/2092) * [OCPBUGS-55951](https://issues.redhat.com/browse/OCPBUGS-55951): Bump ovn and ovs to latest 23.06 and 3.1 respectively [#2554](https://github.com/openshift/ovn-kubernetes/pull/2554) * [OCPBUGS-50502](https://issues.redhat.com/browse/OCPBUGS-50502): EgressIP: Reload certificates for the grpc heatlhcheck server [#2457](https://github.com/openshift/ovn-kubernetes/pull/2457) * [OCPBUGS-35876](https://issues.redhat.com/browse/OCPBUGS-35876): [release-4.12] ipv6+all protocols conntrack flush [#2214](https://github.com/openshift/ovn-kubernetes/pull/2214) * [OCPBUGS-29864](https://issues.redhat.com/browse/OCPBUGS-29864): CVE-2022-41723: avoid quadratic complexity in HPACK decoding [#2204](https://github.com/openshift/ovn-kubernetes/pull/2204) * [OCPBUGS-34273](https://issues.redhat.com/browse/OCPBUGS-34273), [OCPBUGS-34414](https://issues.redhat.com/browse/OCPBUGS-34414): Improves service iptables efficiency on start up + ICMP error messages to pass through [#2184](https://github.com/openshift/ovn-kubernetes/pull/2184) * [OCPBUGS-32990](https://issues.redhat.com/browse/OCPBUGS-32990): Bump OVS [#2144](https://github.com/openshift/ovn-kubernetes/pull/2144) * [OCPBUGS-33422](https://issues.redhat.com/browse/OCPBUGS-33422): [release-4.12] Full implementation of KEP-1669 ProxyTerminatingEndpoints + ETP=local fix [#2135](https://github.com/openshift/ovn-kubernetes/pull/2135) * [OCPBUGS-25889](https://issues.redhat.com/browse/OCPBUGS-25889): [release-4.12] OVN bump to 23.06.1-112 [#2154](https://github.com/openshift/ovn-kubernetes/pull/2154) * [OCPBUGS-23259](https://issues.redhat.com/browse/OCPBUGS-23259): [release-4.12] Update leaderelection config to allow retries [#2017](https://github.com/openshift/ovn-kubernetes/pull/2017) * [OCPBUGS-28598](https://issues.redhat.com/browse/OCPBUGS-28598): CARRY: Updates owners and adds Surya [#2034](https://github.com/openshift/ovn-kubernetes/pull/2034) * [OCPBUGS-26700](https://issues.redhat.com/browse/OCPBUGS-26700): [release-4.12] fixes MTU configuration on gateway router [#2015](https://github.com/openshift/ovn-kubernetes/pull/2015) * [OCPBUGS-24420](https://issues.redhat.com/browse/OCPBUGS-24420): OVNK/GW: Ignore headless services in syncServices [#1972](https://github.com/openshift/ovn-kubernetes/pull/1972) * [OCPBUGS-23981](https://issues.redhat.com/browse/OCPBUGS-23981): Netpol retryFramework cleanup [#1977](https://github.com/openshift/ovn-kubernetes/pull/1977) * [OCPBUGS-26243](https://issues.redhat.com/browse/OCPBUGS-26243): Fix Egress IP Deletion Handler to Prevent OVN Policy Leaks [#2006](https://github.com/openshift/ovn-kubernetes/pull/2006) * [OCPBUGS-25096](https://issues.redhat.com/browse/OCPBUGS-25096): Fragment oversized reply packets in LGW mode [#1984](https://github.com/openshift/ovn-kubernetes/pull/1984) * [OCPBUGS-22091](https://issues.redhat.com/browse/OCPBUGS-22091): Bump OVN to 23.06.1-39.el8fdp [#1943](https://github.com/openshift/ovn-kubernetes/pull/1943) * [Full changelog](https://github.com/openshift/ovn-kubernetes/compare/dd3c7ed8c1f41873168d3df26084ecbfd3d9a36b...cced5e1b397be7d36344599734604403b4a670c4) ### [powervs-block-csi-driver](https://github.com/openshift/ibm-powervs-block-csi-driver/tree/b78e8e7871bd50ff77a68fdae320775a17856373) * [OCPBUGS-24733](https://issues.redhat.com/browse/OCPBUGS-24733): synk: ignore vendor dir [#62](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/62) * [Full changelog](https://github.com/openshift/ibm-powervs-block-csi-driver/compare/dda4b0d0c09596aa3c0094ad3b4c2915bb335ee3...b78e8e7871bd50ff77a68fdae320775a17856373) ### [powervs-block-csi-driver-operator](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/tree/7dadc08acb9f515735c6c3fdb417424d0c668d44) * [OCPBUGS-25717](https://issues.redhat.com/browse/OCPBUGS-25717): snyk: ignore vendor dir [#62](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/pull/62) * [Full changelog](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/compare/a9b934de70200034587af224fbe675a33a12ace4...7dadc08acb9f515735c6c3fdb417424d0c668d44) ### [powervs-cloud-controller-manager](https://github.com/openshift/cloud-provider-powervs/tree/4fb4334ca8aa9eb8290488359dd8d1cc5261da49) * [OCPBUGS-24740](https://issues.redhat.com/browse/OCPBUGS-24740): UPSTREAM: <carry>: snyk code scan exclude vendor directory [#52](https://github.com/openshift/cloud-provider-powervs/pull/52) * [Full changelog](https://github.com/openshift/cloud-provider-powervs/compare/36c1b647f46f44e4cca85649186a3ecb406a20db...4fb4334ca8aa9eb8290488359dd8d1cc5261da49) ### [powervs-machine-controllers](https://github.com/openshift/machine-api-provider-powervs/tree/85e46655221c02114fa3ebbbf55113652c5df897) * [OCPBUGS-54012](https://issues.redhat.com/browse/OCPBUGS-54012): Fix for CVE-2025-30204 & CVE-2024-51744 in github.com/golang-jwt/jwt/v4 in release-4.12 [#123](https://github.com/openshift/machine-api-provider-powervs/pull/123) * [OCPBUGS-24564](https://issues.redhat.com/browse/OCPBUGS-24564): Reduce metrics cardinality [#75](https://github.com/openshift/machine-api-provider-powervs/pull/75) * [OCPBUGS-24738](https://issues.redhat.com/browse/OCPBUGS-24738): snyk code scan exclude vendor directory [#63](https://github.com/openshift/machine-api-provider-powervs/pull/63) * [Full changelog](https://github.com/openshift/machine-api-provider-powervs/compare/86ae68278ce7c48e79420fa08265e6eaa58b5a27...85e46655221c02114fa3ebbbf55113652c5df897) ### [prometheus-config-reloader, prometheus-operator, prometheus-operator-admission-webhook](https://github.com/openshift/prometheus-operator/tree/d1e399d5cead91c677cee4a80a032f5057cb43e3) * [OCPBUGS-20843](https://issues.redhat.com/browse/OCPBUGS-20843): Bump golang.org/x/net to v0.17.0 [#249](https://github.com/openshift/prometheus-operator/pull/249) * [Full changelog](https://github.com/openshift/prometheus-operator/compare/57e7c5741af878b97e473827c5bd82462e996856...d1e399d5cead91c677cee4a80a032f5057cb43e3) ### [service-ca-operator](https://github.com/openshift/service-ca-operator/tree/ef1d057db0bf8d0846d96e09cdd1f55998a1f80b) * [OCPBUGS-21026](https://issues.redhat.com/browse/OCPBUGS-21026): CVE 2023 39325 (4.12) [#231](https://github.com/openshift/service-ca-operator/pull/231) * [Full changelog](https://github.com/openshift/service-ca-operator/compare/299b7097a49385fdd4f86eccedc07f3a192e2504...ef1d057db0bf8d0846d96e09cdd1f55998a1f80b) ### [telemeter](https://github.com/openshift/telemeter/tree/c9592ded3e9a8daa8dfddfb7b8d874a2aaf1972c) * [OCPBUGS-34827](https://issues.redhat.com/browse/OCPBUGS-34827): fix issuer check during JWT authentication 4.12 [#541](https://github.com/openshift/telemeter/pull/541) * [Full changelog](https://github.com/openshift/telemeter/compare/9c8092bb329c90d4ae12daf16906adb9b9620e20...c9592ded3e9a8daa8dfddfb7b8d874a2aaf1972c) ### [tests](https://github.com/openshift/origin/tree/f638948e47267d022e847bad64ae822c6701d5bf) * [OCPBUGS-56120](https://issues.redhat.com/browse/OCPBUGS-56120): [build] Ensure Git Clone Does Not Run Privileged [#29788](https://github.com/openshift/origin/pull/29788) * [OCPBUGS-37799](https://issues.redhat.com/browse/OCPBUGS-37799): Disable:Broken for [sig-builds][Feature:Builds][Slow] can use private repositories as build input build using an HTTP token should be able to clone source code via an HTTP token [#29621](https://github.com/openshift/origin/pull/29621) * [OCPBUGS-54772](https://issues.redhat.com/browse/OCPBUGS-54772): Component Readiness: [Networking / ovn-kubernetes] [EgressFirewall] test regressed [#29662](https://github.com/openshift/origin/pull/29662) * [OCPBUGS-54147](https://issues.redhat.com/browse/OCPBUGS-54147): Add/remove team members to the OWNERS file for Builds [#29622](https://github.com/openshift/origin/pull/29622) * [OCPBUGS-52585](https://issues.redhat.com/browse/OCPBUGS-52585): Use payload pullspec for image info test [#29593](https://github.com/openshift/origin/pull/29593) * [OCPBUGS-41585](https://issues.redhat.com/browse/OCPBUGS-41585): Removes dependency on samples operator images [#29080](https://github.com/openshift/origin/pull/29080) * [Full changelog](https://github.com/openshift/origin/compare/7b7d4ef2acfb10117f21af59d5b99da177b19d3d...f638948e47267d022e847bad64ae822c6701d5bf) ### [thanos](https://github.com/openshift/thanos/tree/2867a6b552eaddefd73aa979f13e95f6df338070) * [OCPBUGS-27100](https://issues.redhat.com/browse/OCPBUGS-27100): Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to 0.44.0 [#137](https://github.com/openshift/thanos/pull/137) * [Full changelog](https://github.com/openshift/thanos/compare/d7ceb6277e36ea6ea92ee90e7f010e28cbecdaf7...2867a6b552eaddefd73aa979f13e95f6df338070) ### [vsphere-cloud-controller-manager](https://github.com/openshift/cloud-provider-vsphere/tree/e170dce5c1fe5d3a025ccd8264e78c4c987b1d7a) * [OCPBUGS-21493](https://issues.redhat.com/browse/OCPBUGS-21493): Bump golang.org/x/net to v0.18.0 [#56](https://github.com/openshift/cloud-provider-vsphere/pull/56) * [Full changelog](https://github.com/openshift/cloud-provider-vsphere/compare/e993e31f6a3b02938b11fb2f18d67681d60d8922...e170dce5c1fe5d3a025ccd8264e78c4c987b1d7a) ### [vsphere-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-vsphere/tree/a61d43b751249c1a74376a48498571da1d665685) * [OCPBUGS-21548](https://issues.redhat.com/browse/OCPBUGS-21548): bump golang.org/x/net to v0.17.0 [#24](https://github.com/openshift/cluster-api-provider-vsphere/pull/24) * [Full changelog](https://github.com/openshift/cluster-api-provider-vsphere/compare/5c261b3bc8acb84fdf8263a67a80dd384fba698e...a61d43b751249c1a74376a48498571da1d665685) ### [vsphere-csi-driver, vsphere-csi-driver-syncer](https://github.com/openshift/vmware-vsphere-csi-driver/tree/e4c0e103ddbf264387d6efb26b612a4b915d362a) * [OCPBUGS-20417](https://issues.redhat.com/browse/OCPBUGS-20417): syncer: fix nil pointer dereference in log message [#98](https://github.com/openshift/vmware-vsphere-csi-driver/pull/98) * [Full changelog](https://github.com/openshift/vmware-vsphere-csi-driver/compare/f67513c618c184e9bb4b9b6b83911521f7a3bf7a...e4c0e103ddbf264387d6efb26b612a4b915d362a)