# 4.13.61 Created: 2025-10-16 13:17:24 +0000 UTC Image Digest: `sha256:af436630f9002ba9e9eab19aa9cdffd1e72bec29af620be7f6934d635b64d8dd` ## Changes from 4.13.19 ### Components * Kubernetes upgraded from 1.26.9 to 1.26.15 * Red Hat Enterprise Linux CoreOS upgraded from 413.92.202310210500-0 to 413.92.202510150118-0 ### Rebuilt images without code change * [alibaba-cloud-csi-driver](https://github.com/openshift/alibaba-cloud-csi-driver) git [6384f904](https://github.com/openshift/alibaba-cloud-csi-driver/commit/6384f904d041b761670532ac183271b8110707f2) `sha256:0445312a8dcd699a2c04eb5ec2703d227215cbd3eb278d65d64d3018fa6c8cd6` * [alibaba-disk-csi-driver-operator](https://github.com/openshift/alibaba-disk-csi-driver-operator) git [7e415973](https://github.com/openshift/alibaba-disk-csi-driver-operator/commit/7e415973dda671d82ae58d0107af274ff053db5c) `sha256:55d851739ea425c4f86f4a93d559d438757204d05cd5897eea39a025c1d73710` * [alibaba-machine-controllers](https://github.com/openshift/cluster-api-provider-alibaba) git [4c0f96a6](https://github.com/openshift/cluster-api-provider-alibaba/commit/4c0f96a692dee91100d7085c05a68f3efb7e281d) `sha256:3e2999d1fee9b828ecb4c9348c28bff3197538f89dfc301274e26299582ebccd` * [azure-file-csi-driver-operator](https://github.com/openshift/azure-file-csi-driver-operator) git [70e05302](https://github.com/openshift/azure-file-csi-driver-operator/commit/70e0530255150e513061730f7624c9c235ee7c38) `sha256:48f32025b28312d781574d1d21ec6a15358582db5f58bcc76dc9c8992ef39773` * [cluster-bootstrap](https://github.com/openshift/cluster-bootstrap) git [ee908b6b](https://github.com/openshift/cluster-bootstrap/commit/ee908b6bb91dee3e61aface46d53a00b4e9288a2) `sha256:37be8cb1369576faa6d39dd80fd57f06e7fde58b5860a995376327187fa1ba64` * [cluster-platform-operators-manager](https://github.com/openshift/platform-operators) git [312c5f24](https://github.com/openshift/platform-operators/commit/312c5f24b5711a764350de899b83443a87296983) `sha256:7d300004537072646938a9b5b04be2f2362b607202c40ec711b228f918aedb53` * [configmap-reloader](https://github.com/openshift/configmap-reload) git [9adad592](https://github.com/openshift/configmap-reload/commit/9adad592e7d9bd5a723add16488e68365a64977f) `sha256:ca133f881064998b88a22a614a9f1482a6800d62e6e471e6564a06368d9d8e37` * [csi-driver-nfs](https://github.com/openshift/csi-driver-nfs) git [2b914c21](https://github.com/openshift/csi-driver-nfs/commit/2b914c2161722ebf11f9275fa29e00a0b1306da1) `sha256:3be950222006c82f1f5823e56cb7f047781962dd45d3979ad130839ab13fdc2e` * [csi-external-attacher](https://github.com/openshift/csi-external-attacher) git [d9290843](https://github.com/openshift/csi-external-attacher/commit/d92908438817984fc47558fdaa03805d8c3b256c) `sha256:2d538ceb3d4aea764810ad8652bec24334502ed6a13b4937652f138b5c572f63` * [csi-external-provisioner](https://github.com/openshift/csi-external-provisioner) git [0bf126b7](https://github.com/openshift/csi-external-provisioner/commit/0bf126b77a721ddaa4706fcb41f8b7be8d292492) `sha256:90c5c064c3286eb543578f63a4bdfe6b9eb45d8b3d988ce07262c91cb54ce6f1` * [csi-external-resizer](https://github.com/openshift/csi-external-resizer) git [e8036caf](https://github.com/openshift/csi-external-resizer/commit/e8036caff2482648a18c1ac776cf9d2474569d10) `sha256:1d0d1814f11de86b6e91576f30be5484aabebabdba63fb04d86eab199495be97` * [csi-livenessprobe](https://github.com/openshift/csi-livenessprobe) git [3587db51](https://github.com/openshift/csi-livenessprobe/commit/3587db51b8a672a2d3be2ac48ea107e474f33402) `sha256:9c1f99c7e1c3edd7942c77fcf0fe6176f60a546e7933abab5d7a47f6d6c12d00` * [csi-node-driver-registrar](https://github.com/openshift/csi-node-driver-registrar) git [9ea90f34](https://github.com/openshift/csi-node-driver-registrar/commit/9ea90f34485500a525fcaad3d79ee82a41402d47) `sha256:e2fbd3a84effbf5bcbe5fa7cf4fbc4befdef5ac795b77077307d26e71306f5b2` * [driver-toolkit](https://github.com/openshift/driver-toolkit) git [d719bdcf](https://github.com/openshift/driver-toolkit/commit/d719bdcfa49bc18b729117ee513a86a1ddecb63a) `sha256:e1dc1da17f539c968496aed6d0fbad5518e2fe4680834333006a4bcba8bb4b43` * [gcp-pd-csi-driver](https://github.com/openshift/gcp-pd-csi-driver) git [81e60746](https://github.com/openshift/gcp-pd-csi-driver/commit/81e6074605854246cdab8425a7289ad83169571a) `sha256:90b6079e093d15b41331477436b4fc40a33f60a98a218153da13bbe3589f5aff` * [gcp-pd-csi-driver-operator](https://github.com/openshift/gcp-pd-csi-driver-operator) git [08c561b8](https://github.com/openshift/gcp-pd-csi-driver-operator/commit/08c561b8292b4a5de3d5bc553a3e463b1f93ec0c) `sha256:fbe4ae6105099d25b30fd6be15f54764feb8caa3be7df22be69198ffa002d5a5` * [ironic-machine-os-downloader](https://github.com/openshift/ironic-rhcos-downloader) git [ce291779](https://github.com/openshift/ironic-rhcos-downloader/commit/ce2917794de5723248fe3302c8833f89fb54265a) `sha256:5891892a01f0965ab06d0f587965e381dbe167fa71592a1798ee143f436eb791` * [ironic-static-ip-manager](https://github.com/openshift/ironic-static-ip-manager) git [4536724a](https://github.com/openshift/ironic-static-ip-manager/commit/4536724a8644fda91a74b23901ba1789eaff7179) `sha256:444cd3417c37d7ecd0c41e5f946633d7903012531adc14454676c9a18e4691b6` * [kubevirt-cloud-controller-manager](https://github.com/openshift/cloud-provider-kubevirt) git [ee2033ec](https://github.com/openshift/cloud-provider-kubevirt/commit/ee2033ecd471dc9fc08d101c421a04916f4f55c5) `sha256:96877c6136e69364d0d51e793181d5707b0f00d73f80dd431c3900a7f1c25e8d` * [kuryr-cni](https://github.com/openshift/kuryr-kubernetes) git [36754b7b](https://github.com/openshift/kuryr-kubernetes/commit/36754b7b90928e26811e1c5ea13e7d0bd85709de) `sha256:1e271947705a26de876f199425165b2bcfe2b7ac7b1de048f5e7afa76579c7b0` * [kuryr-controller](https://github.com/openshift/kuryr-kubernetes) git [36754b7b](https://github.com/openshift/kuryr-kubernetes/commit/36754b7b90928e26811e1c5ea13e7d0bd85709de) `sha256:7616fabeceda8283e20f5660c0eaabbf642af38ef8c572365960ad3adb95cc85` * [libvirt-machine-controllers](https://github.com/openshift/cluster-api-provider-libvirt) git [d4b7a8ab](https://github.com/openshift/cluster-api-provider-libvirt/commit/d4b7a8ab790a970ce2f0374146248b2307df0185) `sha256:868205ad63eb5bb9055b62963d98afcc64d9bc19478a44c00aa3f5f2ae1f8d24` * machine-os-content `sha256:d279492706320a457733897e0231b8c37427fe1da60e71f28665be03b27543ad` * [multus-route-override-cni](https://github.com/openshift/route-override-cni) git [ca3bbec5](https://github.com/openshift/route-override-cni/commit/ca3bbec5c75ebcd6814bdd74856b27db755c9fa3) `sha256:f18266f3353ae4d734c5b3669be6ae2b22184bc0aec59e0edd1ca5d9b131e6ad` * [network-interface-bond-cni](https://github.com/openshift/bond-cni) git [84bda2af](https://github.com/openshift/bond-cni/commit/84bda2afb2ab260253b77d5d282df773cc6b3438) `sha256:5ae39578cfaedc98bce0904bf219c8900fe217478bb6b4b5d462904f597c396f` * [network-tools](https://github.com/openshift/network-tools) git [073feda1](https://github.com/openshift/network-tools/commit/073feda14fbd894c4238d693afa38a06392f2360) `sha256:a963d9403644a2c1e5ba14a146ee168f15f7b538de0f65027b9e6745b3a0b3bd` * [oauth-proxy](https://github.com/openshift/oauth-proxy) git [44af5a3a](https://github.com/openshift/oauth-proxy/commit/44af5a3a021fd158c2e44d9951ad59a3d474cdf3) `sha256:cceda0d3c835c0dc4a456cf507cfb33dd5c616f12a4d6f1118b788512192e206` * [ovirt-machine-controllers](https://github.com/openshift/cluster-api-provider-ovirt) git [22d89b3f](https://github.com/openshift/cluster-api-provider-ovirt/commit/22d89b3fd9e2e395a62f71092487d26c8940052e) `sha256:2b371b7205ec068c43c1f805959267a2e69ffc29a1afeca540594f49c919250b` * [prom-label-proxy](https://github.com/openshift/prom-label-proxy) git [b501d5e2](https://github.com/openshift/prom-label-proxy/commit/b501d5e2aff82d46a141223636b522aeae95b915) `sha256:d805261a712408f0062d4aba4c45e145425176aef88bf78fdca9e8821cb42915` * rhel-coreos `sha256:8db15246eb6959f6abbb42a5dd30be5b6f7abe3badb83d1ad4f6219699b430b1` * rhel-coreos-extensions `sha256:3dc02dd595bade485e5121ea86b5c0e49626807ac4f89e81c78a3a06a6115220` * [route-controller-manager](https://github.com/openshift/route-controller-manager) git [6667a6cb](https://github.com/openshift/route-controller-manager/commit/6667a6cbf9a87331fcc4407375118c0bb884c925) `sha256:5d3320348fa12473103789b67288275f40badfed981815e7796685929890f75e` * [vsphere-csi-driver](https://github.com/openshift/vmware-vsphere-csi-driver) git [4d3036a6](https://github.com/openshift/vmware-vsphere-csi-driver/commit/4d3036a6c7fe0c850bbadd942267426afe2ec16a) `sha256:475506c3b8d93e222c14b175b3c781ed06e73f929b9bcdd32aa369014f77d5a5` * [vsphere-csi-driver-operator](https://github.com/openshift/vmware-vsphere-csi-driver-operator) git [a9e5036e](https://github.com/openshift/vmware-vsphere-csi-driver-operator/commit/a9e5036e12facff0193d563b752847191fc9dc91) `sha256:d36ba26f1e631c0a732a8b17e2e18abd7fe4898dc569fbbff1f541611349542a` * [vsphere-csi-driver-syncer](https://github.com/openshift/vmware-vsphere-csi-driver) git [4d3036a6](https://github.com/openshift/vmware-vsphere-csi-driver/commit/4d3036a6c7fe0c850bbadd942267426afe2ec16a) `sha256:8404aaed34fdf6d4ad8b280eeadfc07ce65317b328bd9fb42d87e3eb79d54473` ### [agent-installer-api-server](https://github.com/openshift/assisted-service/tree/f8f78392c30c58862f230f368086e9108580b0a8) * [OCPBUGS-59112](https://issues.redhat.com/browse/OCPBUGS-59112), [OCPBUGS-59113](https://issues.redhat.com/browse/OCPBUGS-59113): Bump glog to v1.2.5 in release-4.13 (#7918) [#7918](https://github.com/openshift/assisted-service/pull/7918) * [OCPBUGS-53693](https://issues.redhat.com/browse/OCPBUGS-53693): Bump jwt to 4.5.2 in release-4.13 (#7512) [#7512](https://github.com/openshift/assisted-service/pull/7512) * [OCPBUGS-13611](https://issues.redhat.com/browse/OCPBUGS-13611): Update version go-http-metrics/gin (#6919) [#6919](https://github.com/openshift/assisted-service/pull/6919) * [MGMT-17595](https://issues.redhat.com/browse/MGMT-17595): Bump x/net to v0.24.0 to mitigate CVE-2023-45288 (#6215) [#6215](https://github.com/openshift/assisted-service/pull/6215) * [MGMT-17588](https://issues.redhat.com/browse/MGMT-17588): Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#6202) [#6202](https://github.com/openshift/assisted-service/pull/6202) * [MGMT-17541](https://issues.redhat.com/browse/MGMT-17541): Replace broken golangci reference (#6196) [#6196](https://github.com/openshift/assisted-service/pull/6196) * NO-ISSUE: replace postgres images as current one disappeared from quay (#6133) [#6133](https://github.com/openshift/assisted-service/pull/6133) * [Full changelog](https://github.com/openshift/assisted-service/compare/06189bcdb0bea068f8ac51a3550fcdcbde522a76...f8f78392c30c58862f230f368086e9108580b0a8) ### [agent-installer-csr-approver, agent-installer-orchestrator](https://github.com/openshift/assisted-installer/tree/46c4e76ac9a7af1002a06f8bc8302c956e6893e2) * [OCPBUGS-59114](https://issues.redhat.com/browse/OCPBUGS-59114): CVE-2024-45339: Bump glog pkg to version 1.2.4 (#1195) [#1195](https://github.com/openshift/assisted-installer/pull/1195) * [OCPBUGS-53717](https://issues.redhat.com/browse/OCPBUGS-53717): Bump jwt to 4.5.2 in release-4.13 (#1094) [#1094](https://github.com/openshift/assisted-installer/pull/1094) * Bump golang.org/x/net to 0.33.0 (#1015) [#1015](https://github.com/openshift/assisted-installer/pull/1015) * [OCPBUGS-13612](https://issues.redhat.com/browse/OCPBUGS-13612): Update version go-http-metrics/gin (#935) [#935](https://github.com/openshift/assisted-installer/pull/935) * [MGMT-17595](https://issues.redhat.com/browse/MGMT-17595): Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#835) [#835](https://github.com/openshift/assisted-installer/pull/835) * [MGMT-17588](https://issues.redhat.com/browse/MGMT-17588): Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#829) [#829](https://github.com/openshift/assisted-installer/pull/829) * [MGMT-17541](https://issues.redhat.com/browse/MGMT-17541): Replace broken golangci reference (#826) [#826](https://github.com/openshift/assisted-installer/pull/826) * [Full changelog](https://github.com/openshift/assisted-installer/compare/edf25423e34294b754ac16a67dbaf1aed7467ca4...46c4e76ac9a7af1002a06f8bc8302c956e6893e2) ### [agent-installer-node-agent](https://github.com/openshift/assisted-installer-agent/tree/dad2cd4be76c0797fab8918c896b97c2e31a1375) * [OCPBUGS-59116](https://issues.redhat.com/browse/OCPBUGS-59116), [OCPBUGS-59117](https://issues.redhat.com/browse/OCPBUGS-59117): Bump glog to v1.2.5 in release-4.13 (#1076) [#1076](https://github.com/openshift/assisted-installer-agent/pull/1076) * [OCPBUGS-53709](https://issues.redhat.com/browse/OCPBUGS-53709): Bump golang-jwt/jwt/v4 to 4.5.2 in release-4.13 (#974) [#974](https://github.com/openshift/assisted-installer-agent/pull/974) * [OCPBUGS-46952](https://issues.redhat.com/browse/OCPBUGS-46952): Bump golang.org/x/net to 0.33.0 (#886) [#886](https://github.com/openshift/assisted-installer-agent/pull/886) * [MGMT-17595](https://issues.redhat.com/browse/MGMT-17595): Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#706) [#706](https://github.com/openshift/assisted-installer-agent/pull/706) * NO-ISSUE: Quick fix for broken ignition download test in 4.13 release (#700) [#700](https://github.com/openshift/assisted-installer-agent/pull/700) * [MGMT-17588](https://issues.redhat.com/browse/MGMT-17588): Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#702) [#702](https://github.com/openshift/assisted-installer-agent/pull/702) * [MGMT-17541](https://issues.redhat.com/browse/MGMT-17541): Replace broken golangci reference (#697) [#697](https://github.com/openshift/assisted-installer-agent/pull/697) * [MGMT-13111](https://issues.redhat.com/browse/MGMT-13111): Freeze on `404 Not Found` (#628) [#628](https://github.com/openshift/assisted-installer-agent/pull/628) * [Full changelog](https://github.com/openshift/assisted-installer-agent/compare/35357f5725d925f451c29668c0b9e307998c6ac5...dad2cd4be76c0797fab8918c896b97c2e31a1375) ### [alibaba-cloud-controller-manager](https://github.com/openshift/cloud-provider-alibaba-cloud/tree/e41e11ccf25fa74e4cfb4ace124f35cffc0191a7) * [OCPBUGS-21238](https://issues.redhat.com/browse/OCPBUGS-21238): Bump golang.org/x/net to v0.19.0 [#43](https://github.com/openshift/cloud-provider-alibaba-cloud/pull/43) * [Full changelog](https://github.com/openshift/cloud-provider-alibaba-cloud/compare/b5200baa784513b77437809c63fcc80cfd53c9df...e41e11ccf25fa74e4cfb4ace124f35cffc0191a7) ### [apiserver-network-proxy](https://github.com/openshift/apiserver-network-proxy/tree/f56c606ae15041b0c981e654ab577d2b0a3a0a8f) * [OCPBUGS-38066](https://issues.redhat.com/browse/OCPBUGS-38066): Revert "Agent: Respect HTTPS_PROXY env vars for proxied connections" [#61](https://github.com/openshift/apiserver-network-proxy/pull/61) * [OCPBUGS-31984](https://issues.redhat.com/browse/OCPBUGS-31984): Bump golang.org/x/net to v0.23.0 [#52](https://github.com/openshift/apiserver-network-proxy/pull/52) * [HOSTEDCP-1323](https://issues.redhat.com/browse/HOSTEDCP-1323): Merge latest code into 4.14 branch [#45](https://github.com/openshift/apiserver-network-proxy/pull/45) * [Full changelog](https://github.com/openshift/apiserver-network-proxy/compare/15cd4347b9384fac3d93029c6426dc15b964f557...f56c606ae15041b0c981e654ab577d2b0a3a0a8f) ### [aws-cloud-controller-manager](https://github.com/openshift/cloud-provider-aws/tree/95c03b7b838f7c78efe8957b50c50a22cd625be7) * [OCPBUGS-32073](https://issues.redhat.com/browse/OCPBUGS-32073): update for CVE-2023-45288 [release-4.13] [#84](https://github.com/openshift/cloud-provider-aws/pull/84) * [OCPBUGS-27964](https://issues.redhat.com/browse/OCPBUGS-27964): bump go.opentelemetry.io [#72](https://github.com/openshift/cloud-provider-aws/pull/72) * [OCPBUGS-20738](https://issues.redhat.com/browse/OCPBUGS-20738): Update golang.org/x/net to v0.17.0 [#54](https://github.com/openshift/cloud-provider-aws/pull/54) * [Full changelog](https://github.com/openshift/cloud-provider-aws/compare/946daa07dbf49c4a1860a1c3fc4c05fa685c6590...95c03b7b838f7c78efe8957b50c50a22cd625be7) ### [aws-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-aws/tree/27360a3967ed742a9eb1b0c2ed539d99ec6b9424) * [OCPBUGS-32470](https://issues.redhat.com/browse/OCPBUGS-32470): UPSTREAM: 4670:Update awsmachine providerID and instanceID immediately after ec2:RunInstances is called [#509](https://github.com/openshift/cluster-api-provider-aws/pull/509) * [OCPBUGS-20836](https://issues.redhat.com/browse/OCPBUGS-20836): bump golang.org/x/net to v0.17.0 [#482](https://github.com/openshift/cluster-api-provider-aws/pull/482) * [Full changelog](https://github.com/openshift/cluster-api-provider-aws/compare/acb52a088682bf4019d616523881401526437fd3...27360a3967ed742a9eb1b0c2ed539d99ec6b9424) ### [aws-ebs-csi-driver](https://github.com/openshift/aws-ebs-csi-driver/tree/8205d51c798f8fea91eb6c1702fb63e7d6c17005) * [OCPBUGS-33363](https://issues.redhat.com/browse/OCPBUGS-33363): [release-4.13] UPSTREAM: 1919: Add reserved-volume-attachments [#266](https://github.com/openshift/aws-ebs-csi-driver/pull/266) * [Full changelog](https://github.com/openshift/aws-ebs-csi-driver/compare/325cb029f5dac51e4efabe89a62315af134cad8d...8205d51c798f8fea91eb6c1702fb63e7d6c17005) ### [aws-ebs-csi-driver-operator](https://github.com/openshift/aws-ebs-csi-driver-operator/tree/8f05d9cd9f35c40ab0929577a9650a02c88a2be0) * [OCPBUGS-33363](https://issues.redhat.com/browse/OCPBUGS-33363): Explicitly reserve 1 attachment for the root disk [#307](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/307) * [Full changelog](https://github.com/openshift/aws-ebs-csi-driver-operator/compare/3cb879a801f54ecc5d03c7404deba7ca25bb5af5...8f05d9cd9f35c40ab0929577a9650a02c88a2be0) ### [aws-machine-controllers](https://github.com/openshift/machine-api-provider-aws/tree/e1a57b5e4ce731e8f90cd2c0d4ded81e40fa7a37) * [OCPBUGS-24563](https://issues.redhat.com/browse/OCPBUGS-24563): Reduce metrics cardinality [#96](https://github.com/openshift/machine-api-provider-aws/pull/96) * [OCPBUGS-21568](https://issues.redhat.com/browse/OCPBUGS-21568): Update golang.org/x/net to v0.17.0 [#89](https://github.com/openshift/machine-api-provider-aws/pull/89) * [Full changelog](https://github.com/openshift/machine-api-provider-aws/compare/ba3b3a31ca9efcc984015280965a4b28ffd740e0...e1a57b5e4ce731e8f90cd2c0d4ded81e40fa7a37) ### [aws-pod-identity-webhook](https://github.com/openshift/aws-pod-identity-webhook/tree/ae01a272aff73b1390ee4c3934cc2382370a1660) * [OCPBUGS-32882](https://issues.redhat.com/browse/OCPBUGS-32882): Upgrade go-jose module to 2.6.3 [#190](https://github.com/openshift/aws-pod-identity-webhook/pull/190) * [OCPBUGS-21331](https://issues.redhat.com/browse/OCPBUGS-21331): Upgrade golang/x/net for CVE-2023-39325 [#184](https://github.com/openshift/aws-pod-identity-webhook/pull/184) * NO-ISSUE: Sync OWNERS with team members [#177](https://github.com/openshift/aws-pod-identity-webhook/pull/177) * snyk: exclude vendor/ [#172](https://github.com/openshift/aws-pod-identity-webhook/pull/172) * [Full changelog](https://github.com/openshift/aws-pod-identity-webhook/compare/125a4b45d02ac7596406e43810398688b25ec91d...ae01a272aff73b1390ee4c3934cc2382370a1660) ### [azure-cloud-controller-manager, azure-cloud-node-manager](https://github.com/openshift/cloud-provider-azure/tree/bf9bd02236e13c426d58c9828685dd6c598ff15f) * [OCPBUGS-21419](https://issues.redhat.com/browse/OCPBUGS-21419): Bump golang.org/x/net to v0.18.0 [#94](https://github.com/openshift/cloud-provider-azure/pull/94) * [Full changelog](https://github.com/openshift/cloud-provider-azure/compare/b8d243397ff297baf875a88132f84d8cef34b968...bf9bd02236e13c426d58c9828685dd6c598ff15f) ### [azure-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-azure/tree/3f757a8f2ada44c7124f5d0205feb29b0fff1977) * [OCPBUGS-36022](https://issues.redhat.com/browse/OCPBUGS-36022): Update go-retryablehttp to v0.7.7 [#314](https://github.com/openshift/cluster-api-provider-azure/pull/314) * [OCPBUGS-21503](https://issues.redhat.com/browse/OCPBUGS-21503): bump golang.org/x/net to v0.17.0 [#288](https://github.com/openshift/cluster-api-provider-azure/pull/288) * [Full changelog](https://github.com/openshift/cluster-api-provider-azure/compare/8846366f4ae63a63ab75a35761cca1c95dee3c84...3f757a8f2ada44c7124f5d0205feb29b0fff1977) ### [azure-disk-csi-driver](https://github.com/openshift/azure-disk-csi-driver/tree/b6d3fbcbf312f03247092323a88a43873b693f22) * [OCPBUGS-23216](https://issues.redhat.com/browse/OCPBUGS-23216): Update to v1.26.7 [#63](https://github.com/openshift/azure-disk-csi-driver/pull/63) * [Full changelog](https://github.com/openshift/azure-disk-csi-driver/compare/9251edb7ba225155e9df56938c9e2975523ecf50...b6d3fbcbf312f03247092323a88a43873b693f22) ### [azure-disk-csi-driver-operator](https://github.com/openshift/azure-disk-csi-driver-operator/tree/8534d7563e209e12eec38a2027cd1d9efd530071) * [OCPBUGS-20766](https://issues.redhat.com/browse/OCPBUGS-20766): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#102](https://github.com/openshift/azure-disk-csi-driver-operator/pull/102) * [Full changelog](https://github.com/openshift/azure-disk-csi-driver-operator/compare/842415aa35f7151c34645161ef6aede60354ae2a...8534d7563e209e12eec38a2027cd1d9efd530071) ### [azure-file-csi-driver](https://github.com/openshift/azure-file-csi-driver/tree/15e6f80ec4be826cd5d03ef4126be0dd171b506e) * [OCPBUGS-41678](https://issues.redhat.com/browse/OCPBUGS-41678): bump mount-utils to treat ENODEV error as corrupted mount [#81](https://github.com/openshift/azure-file-csi-driver/pull/81) * [Full changelog](https://github.com/openshift/azure-file-csi-driver/compare/33d52ecd52b09ba3ab431ce2e2850262a88c2282...15e6f80ec4be826cd5d03ef4126be0dd171b506e) ### [azure-machine-controllers](https://github.com/openshift/machine-api-provider-azure/tree/62f6e0f3091262a84e1d6240e2086f35635b5b5b) * [OCPBUGS-29906](https://issues.redhat.com/browse/OCPBUGS-29906): Don't create availability set when using spot instances [#104](https://github.com/openshift/machine-api-provider-azure/pull/104) * [OCPBUGS-24563](https://issues.redhat.com/browse/OCPBUGS-24563): Reduce metrics cardinality [#89](https://github.com/openshift/machine-api-provider-azure/pull/89) * [OCPBUGS-20758](https://issues.redhat.com/browse/OCPBUGS-20758): Bump x/net package to v0.18.0 [#83](https://github.com/openshift/machine-api-provider-azure/pull/83) * [Full changelog](https://github.com/openshift/machine-api-provider-azure/compare/2c0c0ec9d486f737044033f5010a91e117c4e492...62f6e0f3091262a84e1d6240e2086f35635b5b5b) ### [baremetal-installer, installer, installer-artifacts](https://github.com/openshift/installer/tree/f9f4b9c0624d32db9fe77f8573ed4ea53c6ed169) * [OCPBUGS-62848](https://issues.redhat.com/browse/OCPBUGS-62848): Release 4.13 bump terraform provider azurerm [#10006](https://github.com/openshift/installer/pull/10006) * [OCPBUGS-55034](https://issues.redhat.com/browse/OCPBUGS-55034): IBMCloud: Move to IBM TF openshift fork [#9668](https://github.com/openshift/installer/pull/9668) * [OCPBUGS-39217](https://issues.redhat.com/browse/OCPBUGS-39217): Add yq v4 to ci image [#8922](https://github.com/openshift/installer/pull/8922) * [OCPBUGS-36088](https://issues.redhat.com/browse/OCPBUGS-36088): [release-4.13]: bump go-retryablehttp for CVE fix [#8659](https://github.com/openshift/installer/pull/8659) * [OCPBUGS-29124](https://issues.redhat.com/browse/OCPBUGS-29124): IBMCloud: Handle disk delete errors [#7989](https://github.com/openshift/installer/pull/7989) * [OCPBUGS-37168](https://issues.redhat.com/browse/OCPBUGS-37168): Add yq-v4 to the upi-installer image for CI [#8743](https://github.com/openshift/installer/pull/8743) * [OCPBUGS-35976](https://issues.redhat.com/browse/OCPBUGS-35976): [release-4.13] bump github.com/containers/image for CVE fix [#8651](https://github.com/openshift/installer/pull/8651) * [OCPBUGS-33732](https://issues.redhat.com/browse/OCPBUGS-33732): preserve category name when trying to find tag category [#8419](https://github.com/openshift/installer/pull/8419) * [OCPBUGS-33062](https://issues.redhat.com/browse/OCPBUGS-33062): openstack: Honour worker server group policy [#8323](https://github.com/openshift/installer/pull/8323) * [OCPBUGS-32359](https://issues.redhat.com/browse/OCPBUGS-32359): Updated libvirt installer to include multi-arch yq and symlink for backwards compatibility [#8284](https://github.com/openshift/installer/pull/8284) * [OCPBUGS-22979](https://issues.redhat.com/browse/OCPBUGS-22979): IBMCloud: Add eu-es region [#7685](https://github.com/openshift/installer/pull/7685) * [OCPBUGS-30629](https://issues.redhat.com/browse/OCPBUGS-30629): baremetal: populate customDeploy in advance [#8129](https://github.com/openshift/installer/pull/8129) * [OCPBUGS-29627](https://issues.redhat.com/browse/OCPBUGS-29627): update RHCOS 4.13 bootimage metadata to 413.92.202402131523-0 [#8038](https://github.com/openshift/installer/pull/8038) * [OCPBUGS-30000](https://issues.redhat.com/browse/OCPBUGS-30000): [release-4.13] Bump containerd for vulnerability fix [#8073](https://github.com/openshift/installer/pull/8073) * [OCPBUGS-28654](https://issues.redhat.com/browse/OCPBUGS-28654): Fix depreciated typo [#7963](https://github.com/openshift/installer/pull/7963) * [OCPBUGS-27453](https://issues.redhat.com/browse/OCPBUGS-27453): baremetal: correct external_http_url for v6-only BMCs [#7934](https://github.com/openshift/installer/pull/7934) * [OCPBUGS-23499](https://issues.redhat.com/browse/OCPBUGS-23499): update RHCOS 4.13 bootimage metadata to 413.92.202401100947-0 [#7920](https://github.com/openshift/installer/pull/7920) * [OCPBUGS-25420](https://issues.redhat.com/browse/OCPBUGS-25420): destroy: gcp: fix destroying regional disks [#7840](https://github.com/openshift/installer/pull/7840) * [OCPBUGS-23464](https://issues.redhat.com/browse/OCPBUGS-23464): Add KMS encryption keys if provided [#7746](https://github.com/openshift/installer/pull/7746) * [OCPBUGS-23141](https://issues.redhat.com/browse/OCPBUGS-23141): Specify google cloud CLI to version 447.0.0 [#7706](https://github.com/openshift/installer/pull/7706) * [OCPBUGS-22939](https://issues.redhat.com/browse/OCPBUGS-22939): azure: validation: validate defaultMachinePlatform [#7679](https://github.com/openshift/installer/pull/7679) * [OCPBUGS-14551](https://issues.redhat.com/browse/OCPBUGS-14551): [vSphere] Upi installation failed due to VMs for master and worker node creation failed [#7229](https://github.com/openshift/installer/pull/7229) * [Full changelog](https://github.com/openshift/installer/compare/71282c9c511cd7fa549f6e77c831d1e265bce601...f9f4b9c0624d32db9fe77f8573ed4ea53c6ed169) ### [baremetal-machine-controllers](https://github.com/openshift/cluster-api-provider-baremetal/tree/a2c6ca64501e5a4b251ab7873adb2bbe31b1320d) * [OCPBUGS-46640](https://issues.redhat.com/browse/OCPBUGS-46640): Bump x/net 0.33.0 [#229](https://github.com/openshift/cluster-api-provider-baremetal/pull/229) * [OCPBUGS-29822](https://issues.redhat.com/browse/OCPBUGS-29822): Extend metal3remediation aggregation role [#212](https://github.com/openshift/cluster-api-provider-baremetal/pull/212) * [Full changelog](https://github.com/openshift/cluster-api-provider-baremetal/compare/e9877cef729ea81e8f8e7ab233c2f3ec8d70db09...a2c6ca64501e5a4b251ab7873adb2bbe31b1320d) ### [baremetal-operator](https://github.com/openshift/baremetal-operator/tree/3f56e498ce77b472070c804fca0522eb234ed99f) * [OCPBUGS-53334](https://issues.redhat.com/browse/OCPBUGS-53334): BMO can expose any secret via BMCEventSubscription CRD 4.13 [#411](https://github.com/openshift/baremetal-operator/pull/411) * [OCPBUGS-30629](https://issues.redhat.com/browse/OCPBUGS-30629): Do not update instance_info and deploy_interface for active nodes [#337](https://github.com/openshift/baremetal-operator/pull/337) * [OCPBUGS-23504](https://issues.redhat.com/browse/OCPBUGS-23504): hack for deploying V6-only clusters from dualstack hubs [#321](https://github.com/openshift/baremetal-operator/pull/321) * [Full changelog](https://github.com/openshift/baremetal-operator/compare/40c492621f69ea4420dfa6257ba4d8fa3a62b1fe...3f56e498ce77b472070c804fca0522eb234ed99f) ### [baremetal-runtimecfg](https://github.com/openshift/baremetal-runtimecfg/tree/1280cf541c220af73b9886379dad2dfa4921f73b) * [OCPBUGS-26929](https://issues.redhat.com/browse/OCPBUGS-26929): Add .snyk file to ignore vendor and test files [#295](https://github.com/openshift/baremetal-runtimecfg/pull/295) * [OCPBUGS-22207](https://issues.redhat.com/browse/OCPBUGS-22207): deps: upgrade x/sys [#282](https://github.com/openshift/baremetal-runtimecfg/pull/282) * [Full changelog](https://github.com/openshift/baremetal-runtimecfg/compare/1bfd3bca2b8fb38a33cf9e250fe0eeb66bcd5341...1280cf541c220af73b9886379dad2dfa4921f73b) ### [cli, cli-artifacts, deployer, tools](https://github.com/openshift/oc/tree/d192e901ece237d9ae1580d73e78f423ec2ef322) * [OCPBUGS-30288](https://issues.redhat.com/browse/OCPBUGS-30288): oc adm catalog mirror: use ToSlash and FromSlash to unify the path separators [#1700](https://github.com/openshift/oc/pull/1700) * [OCPBUGS-25418](https://issues.redhat.com/browse/OCPBUGS-25418): Add client version in must-gather summary [#1635](https://github.com/openshift/oc/pull/1635) * [OCPBUGS-24461](https://issues.redhat.com/browse/OCPBUGS-24461): Overwrite template's namespace with the explicit one [#1617](https://github.com/openshift/oc/pull/1617) * [AUTH-443](https://issues.redhat.com/browse/AUTH-443): Add OAuth2 Authorization Code Grant Flow for login [#1599](https://github.com/openshift/oc/pull/1599) * [OCPBUGS-22815](https://issues.redhat.com/browse/OCPBUGS-22815): regeneratemco: explicitly check for PlatformStatus field [#1593](https://github.com/openshift/oc/pull/1593) * [Full changelog](https://github.com/openshift/oc/compare/717d4a58931ec44cacd43af6dbc5eded5e8a9ab5...d192e901ece237d9ae1580d73e78f423ec2ef322) ### [cloud-credential-operator](https://github.com/openshift/cloud-credential-operator/tree/134ade41c3293d81d0966e4d4644d18f0e7368e6) * [OCPBUGS-53419](https://issues.redhat.com/browse/OCPBUGS-53419): github.com/golang/glog v1.2.4 [#846](https://github.com/openshift/cloud-credential-operator/pull/846) * [OCPBUGS-51546](https://issues.redhat.com/browse/OCPBUGS-51546): Ignore SNYK-GOLANG-GOLANGORGXOAUTH2JWS-8749594 due to not being affected [#831](https://github.com/openshift/cloud-credential-operator/pull/831) * [OCPBUGS-43340](https://issues.redhat.com/browse/OCPBUGS-43340): Update github.com/sirupsen/logrus v1.8.3 [#770](https://github.com/openshift/cloud-credential-operator/pull/770) * [OCPBUGS-37834](https://issues.redhat.com/browse/OCPBUGS-37834): Resolve SNYK errors in security job. [#743](https://github.com/openshift/cloud-credential-operator/pull/743) * [OCPBUGS-37421](https://issues.redhat.com/browse/OCPBUGS-37421): SNYK ignore go-client misreporting [#740](https://github.com/openshift/cloud-credential-operator/pull/740) * [OCPBUGS-36028](https://issues.redhat.com/browse/OCPBUGS-36028): IBM/go-sdk-core update to v5.17.4 [#722](https://github.com/openshift/cloud-credential-operator/pull/722) * [OCPBUGS-32898](https://issues.redhat.com/browse/OCPBUGS-32898): Upgrade go-jose module to 2.6.3 [#698](https://github.com/openshift/cloud-credential-operator/pull/698) * [OCPBUGS-27912](https://issues.redhat.com/browse/OCPBUGS-27912): Resolve all outstanding snyk vulnerabilities [#651](https://github.com/openshift/cloud-credential-operator/pull/651) * NO-JIRA: Removing andrew from OWNERS [#644](https://github.com/openshift/cloud-credential-operator/pull/644) * [OCPBUGS-25369](https://issues.redhat.com/browse/OCPBUGS-25369): Discover AWS dns suffix from partition and region. [#640](https://github.com/openshift/cloud-credential-operator/pull/640) * [OCPBUGS-21367](https://issues.redhat.com/browse/OCPBUGS-21367): Upgrade golang/x/net for CVE-2023-39325 [#623](https://github.com/openshift/cloud-credential-operator/pull/623) * snyk: exclude vendor/ [#616](https://github.com/openshift/cloud-credential-operator/pull/616) * [Full changelog](https://github.com/openshift/cloud-credential-operator/compare/0621fcaf818f57ab05602259c1eb14db07b68dce...134ade41c3293d81d0966e4d4644d18f0e7368e6) ### [cloud-network-config-controller](https://github.com/openshift/cloud-network-config-controller/tree/d377281c10ab68ea3faf4775f015c1651004b0ff) * [OCPBUGS-32180](https://issues.redhat.com/browse/OCPBUGS-32180): Avoid nil pointer panic while assigning private IP on Azure [#139](https://github.com/openshift/cloud-network-config-controller/pull/139) * [OCPBUGS-22299](https://issues.redhat.com/browse/OCPBUGS-22299): Azure: skip backend pool if attached to an outbound rule [#126](https://github.com/openshift/cloud-network-config-controller/pull/126) * [Full changelog](https://github.com/openshift/cloud-network-config-controller/compare/4f190d6b8c06257071e01b4d75ea9ae33fd20885...d377281c10ab68ea3faf4775f015c1651004b0ff) ### [cluster-authentication-operator](https://github.com/openshift/cluster-authentication-operator/tree/1801056c175da7d1e8d5507fa4558564740c7f4d) * [OCPBUGS-28760](https://issues.redhat.com/browse/OCPBUGS-28760): Fix http2 [4.13] [#654](https://github.com/openshift/cluster-authentication-operator/pull/654) * [AUTH-443](https://issues.redhat.com/browse/AUTH-443): Add openshift-cli-client OAuth Client [#641](https://github.com/openshift/cluster-authentication-operator/pull/641) * [OCPBUGS-22210](https://issues.redhat.com/browse/OCPBUGS-22210): increase timeout for probes [#638](https://github.com/openshift/cluster-authentication-operator/pull/638) * [Full changelog](https://github.com/openshift/cluster-authentication-operator/compare/a044dd9175d25911b799082fb189e4886391807b...1801056c175da7d1e8d5507fa4558564740c7f4d) ### [cluster-autoscaler](https://github.com/openshift/kubernetes-autoscaler/tree/3ce55c7137713427df9f9fe163b1cb9c775290b6) * [OCPBUGS-45151](https://issues.redhat.com/browse/OCPBUGS-45151): [release-4.13] VPA: Update OWNERS file [#328](https://github.com/openshift/kubernetes-autoscaler/pull/328) * [OCPBUGS-40929](https://issues.redhat.com/browse/OCPBUGS-40929): update VPA golang.org/x/net for http rapid reset for CVE-2024-8421 [#317](https://github.com/openshift/kubernetes-autoscaler/pull/317) * [OCPBUGS-31702](https://issues.redhat.com/browse/OCPBUGS-31702): add check for taint.value == nil [#295](https://github.com/openshift/kubernetes-autoscaler/pull/295) * [OCPBUGS-30874](https://issues.redhat.com/browse/OCPBUGS-30874): Fix unstructured taint parsing in Cluster API provider [#289](https://github.com/openshift/kubernetes-autoscaler/pull/289) * [OCPBUGS-23272](https://issues.redhat.com/browse/OCPBUGS-23272): Rebase 4.13 branch onto cluster autoscaler 1.26.4 [#268](https://github.com/openshift/kubernetes-autoscaler/pull/268) * [Full changelog](https://github.com/openshift/kubernetes-autoscaler/compare/c58c53bf7a82ee46414c7f7c0f2e0e438da93eeb...3ce55c7137713427df9f9fe163b1cb9c775290b6) ### [cluster-autoscaler-operator](https://github.com/openshift/cluster-autoscaler-operator/tree/0007e9081f1d7aecd652c0843815be4844f67453) * [OCPBUGS-31992](https://issues.redhat.com/browse/OCPBUGS-31992): Update x/net to v0.25.0 [#324](https://github.com/openshift/cluster-autoscaler-operator/pull/324) * [OCPBUGS-20770](https://issues.redhat.com/browse/OCPBUGS-20770): Bump x/net package to v0.18.0 [#299](https://github.com/openshift/cluster-autoscaler-operator/pull/299) * [Full changelog](https://github.com/openshift/cluster-autoscaler-operator/compare/8531634cd2984370912b7530798a85ff4eb86c1e...0007e9081f1d7aecd652c0843815be4844f67453) ### [cluster-baremetal-operator](https://github.com/openshift/cluster-baremetal-operator/tree/cc237f106bbe804c1e16c2781c8a2a73fb5a1099) * [OCPBUGS-31993](https://issues.redhat.com/browse/OCPBUGS-31993): bump x/net to 0.23.0 [#439](https://github.com/openshift/cluster-baremetal-operator/pull/439) * [OCPBUGS-23504](https://issues.redhat.com/browse/OCPBUGS-23504): hack for deploying V6-only clusters from dualstack hubs [#391](https://github.com/openshift/cluster-baremetal-operator/pull/391) * [OCPBUGS-23444](https://issues.redhat.com/browse/OCPBUGS-23444): Update the deprecated field APIServerInternalIP to APIServerInternalIPs [#385](https://github.com/openshift/cluster-baremetal-operator/pull/385) * [Full changelog](https://github.com/openshift/cluster-baremetal-operator/compare/7fdf58c173b5834d1d3b412a31364d6e2272561f...cc237f106bbe804c1e16c2781c8a2a73fb5a1099) ### [cluster-capi-controllers](https://github.com/openshift/cluster-api/tree/12f767b2bd5de1a2641962f5d86d8564333afc65) * [OCPBUGS-21531](https://issues.redhat.com/browse/OCPBUGS-21531): bump golang.org/x/net to v0.17.0 [#185](https://github.com/openshift/cluster-api/pull/185) * [Full changelog](https://github.com/openshift/cluster-api/compare/507f873307be10d8ddbbbe0fecba68aea7c2b5c1...12f767b2bd5de1a2641962f5d86d8564333afc65) ### [cluster-capi-operator](https://github.com/openshift/cluster-capi-operator/tree/b247793dd364f280ad097f5266b4164740e43a44) * [OCPBUGS-21082](https://issues.redhat.com/browse/OCPBUGS-21082): bump golang.org/x/net to v0.17.0 [#137](https://github.com/openshift/cluster-capi-operator/pull/137) * [Full changelog](https://github.com/openshift/cluster-capi-operator/compare/ce1c9a359ec9ab0c5526cd8594ea59bb52044026...b247793dd364f280ad097f5266b4164740e43a44) ### [cluster-cloud-controller-manager-operator](https://github.com/openshift/cluster-cloud-controller-manager-operator/tree/38f638f020ff1e34d33fd44c42b0351912a74486) * [OCPBUGS-35562](https://issues.redhat.com/browse/OCPBUGS-35562): update azure and ash tolerations on node manager [#353](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/353) * [OCPBUGS-35562](https://issues.redhat.com/browse/OCPBUGS-35562): update unit tests [release-4.13] [#354](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/354) * [OCPBUGS-21169](https://issues.redhat.com/browse/OCPBUGS-21169): Bump golang.org/x/net to v0.18.0 [#296](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/296) * [Full changelog](https://github.com/openshift/cluster-cloud-controller-manager-operator/compare/ef4594ef3f4ca535aa1d34878b79184323ecf481...38f638f020ff1e34d33fd44c42b0351912a74486) ### [cluster-config-operator](https://github.com/openshift/cluster-config-operator/tree/a6d56530c7156bef726005d640c3ded3565104ec) * [OCPBUGS-28802](https://issues.redhat.com/browse/OCPBUGS-28802): Add required PSa labels [#404](https://github.com/openshift/cluster-config-operator/pull/404) * : OCPBUGS-21269: bump library-go to include switch to HTTP/1.1 [#372](https://github.com/openshift/cluster-config-operator/pull/372) * [Full changelog](https://github.com/openshift/cluster-config-operator/compare/a9e658abf7de525b411ff005b65e061e39f58bd6...a6d56530c7156bef726005d640c3ded3565104ec) ### [cluster-control-plane-machine-set-operator](https://github.com/openshift/cluster-control-plane-machine-set-operator/tree/c5fb62818751e8372d1febd631d9671d83f62962) * [OCPBUGS-48259](https://issues.redhat.com/browse/OCPBUGS-48259): Add unreadyNodeGracePeriod for allowing brief node hiccups [#342](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/342) * [OCPBUGS-35380](https://issues.redhat.com/browse/OCPBUGS-35380): Improved debugging of API listing errors [#304](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/304) * [OCPBUGS-30156](https://issues.redhat.com/browse/OCPBUGS-30156): Never delete a Machine when there's a single Machine in an index [#286](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/286) * [OCPBUGS-21364](https://issues.redhat.com/browse/OCPBUGS-21364): Bump golang.org/x/net to v0.17.0 [#259](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/259) * [Full changelog](https://github.com/openshift/cluster-control-plane-machine-set-operator/compare/383a69c568e3fa2ff1ba33f470ff3e58f62d537f...c5fb62818751e8372d1febd631d9671d83f62962) ### [cluster-csi-snapshot-controller-operator](https://github.com/openshift/cluster-csi-snapshot-controller-operator/tree/c068540d9976ba0fd272e2848de9b0d31a2b7a17) * [OCPBUGS-32334](https://issues.redhat.com/browse/OCPBUGS-32334): create suitable role and roleBinding for csi-snapshot-webhook [#206](https://github.com/openshift/cluster-csi-snapshot-controller-operator/pull/206) * [Full changelog](https://github.com/openshift/cluster-csi-snapshot-controller-operator/compare/544bc12e412d94153ef711cc0bb55eb40ab6d43e...c068540d9976ba0fd272e2848de9b0d31a2b7a17) ### [cluster-dns-operator](https://github.com/openshift/cluster-dns-operator/tree/65a8fdac5800978f535260997def3e58245f814b) * [OCPBUGS-52501](https://issues.redhat.com/browse/OCPBUGS-52501): [release-4.13] Add runbook_url for CoreDNSErrorsHigh [#434](https://github.com/openshift/cluster-dns-operator/pull/434) * [OCPBUGS-11449](https://issues.redhat.com/browse/OCPBUGS-11449): Enable topology-aware hints iff nodes in >=2 zones [#418](https://github.com/openshift/cluster-dns-operator/pull/418) * [OCPBUGS-11449](https://issues.redhat.com/browse/OCPBUGS-11449): Ignore max unavailable for status [#417](https://github.com/openshift/cluster-dns-operator/pull/417) * [OCPBUGS-11449](https://issues.redhat.com/browse/OCPBUGS-11449): Set DNS DaemonSet's maxSurge value to 10% [#366](https://github.com/openshift/cluster-dns-operator/pull/366) * [Full changelog](https://github.com/openshift/cluster-dns-operator/compare/807ae60ff7447adf83c8a12dc9491ab5f8a62764...65a8fdac5800978f535260997def3e58245f814b) ### [cluster-etcd-operator](https://github.com/openshift/cluster-etcd-operator/tree/c46a23ef3c5724b51a8bbae4174eb34f4437882b) * [OCPBUGS-53509](https://issues.redhat.com/browse/OCPBUGS-53509): fix CVE-2025-30204 [#1415](https://github.com/openshift/cluster-etcd-operator/pull/1415) * [OCPBUGS-35077](https://issues.redhat.com/browse/OCPBUGS-35077): return errors in wait-for-ceo [#1273](https://github.com/openshift/cluster-etcd-operator/pull/1273) * [OCPBUGS-31988](https://issues.redhat.com/browse/OCPBUGS-31988): update golang x net [#1255](https://github.com/openshift/cluster-etcd-operator/pull/1255) * [OCPBUGS-30248](https://issues.redhat.com/browse/OCPBUGS-30248): fix panic in health check timeouts [#1217](https://github.com/openshift/cluster-etcd-operator/pull/1217) * [OCPBUGS-30245](https://issues.redhat.com/browse/OCPBUGS-30245): [4.13] Replace nodelister with master nodelister everywhere [#1216](https://github.com/openshift/cluster-etcd-operator/pull/1216) * [OCPBUGS-23572](https://issues.redhat.com/browse/OCPBUGS-23572): Add annotation in the etcd-guard static pod for worklo… [#1163](https://github.com/openshift/cluster-etcd-operator/pull/1163) * [OCPBUGS-23106](https://issues.redhat.com/browse/OCPBUGS-23106): [4.13] Remove z-upgrades from UpgradeBackupController [#1154](https://github.com/openshift/cluster-etcd-operator/pull/1154) * Revert "[release-4.13] OCPBUGS-23044: remove revision stability check from bootstrap complet…" [#1166](https://github.com/openshift/cluster-etcd-operator/pull/1166) * [OCPBUGS-22783](https://issues.redhat.com/browse/OCPBUGS-22783): relax readiness to local serializable requests [#1144](https://github.com/openshift/cluster-etcd-operator/pull/1144) * [OCPBUGS-23044](https://issues.redhat.com/browse/OCPBUGS-23044): remove revision stability check from bootstrap complet… [#1151](https://github.com/openshift/cluster-etcd-operator/pull/1151) * [OCPBUGS-21155](https://issues.redhat.com/browse/OCPBUGS-21155): fixing CVE-2023-39325 by updating dependencies [#1143](https://github.com/openshift/cluster-etcd-operator/pull/1143) * [Full changelog](https://github.com/openshift/cluster-etcd-operator/compare/8b90ac1721e420b8d1875b40ff458f16f581e94c...c46a23ef3c5724b51a8bbae4174eb34f4437882b) ### [cluster-image-registry-operator](https://github.com/openshift/cluster-image-registry-operator/tree/6e62a8590840cd2242e198d8d9acfe6afdc7c8b4) * [OCPBUGS-53869](https://issues.redhat.com/browse/OCPBUGS-53869): Bump github.com/golang-jwt/jwt [#1235](https://github.com/openshift/cluster-image-registry-operator/pull/1235) * [OCPBUGS-51602](https://issues.redhat.com/browse/OCPBUGS-51602): bump golang.org/x/oauth2 [#1222](https://github.com/openshift/cluster-image-registry-operator/pull/1222) * [OCPBUGS-36034](https://issues.redhat.com/browse/OCPBUGS-36034): go.*,vendor: bump go-retryablehttp [#1070](https://github.com/openshift/cluster-image-registry-operator/pull/1070) * [OCPBUGS-29935](https://issues.redhat.com/browse/OCPBUGS-29935): pkg/storage/s3: enable bucket key on encryption settings [#1007](https://github.com/openshift/cluster-image-registry-operator/pull/1007) * [OCPBUGS-22126](https://issues.redhat.com/browse/OCPBUGS-22126): increase storage account key cache expiration [#940](https://github.com/openshift/cluster-image-registry-operator/pull/940) * [OCPBUGS-20698](https://issues.redhat.com/browse/OCPBUGS-20698): mitigate effects of rapid reset [#946](https://github.com/openshift/cluster-image-registry-operator/pull/946) * [Full changelog](https://github.com/openshift/cluster-image-registry-operator/compare/3ed61e2b86c3ff0eddc66baa038a6b30a579ce15...6e62a8590840cd2242e198d8d9acfe6afdc7c8b4) ### [cluster-ingress-operator](https://github.com/openshift/cluster-ingress-operator/tree/a45f7a3a44ead85d2e36a57723fc05fc0919c63e) * [OCPBUGS-43095](https://issues.redhat.com/browse/OCPBUGS-43095): Add alert for RFC 7230 violation in Transfer-Encoding headers [#1161](https://github.com/openshift/cluster-ingress-operator/pull/1161) * [OCPBUGS-43095](https://issues.redhat.com/browse/OCPBUGS-43095): Add e2e test for duplicate Transfer-Encoding headers [#1150](https://github.com/openshift/cluster-ingress-operator/pull/1150) * [OCPBUGS-36551](https://issues.redhat.com/browse/OCPBUGS-36551): Add Regexp Anchor to TestAll [#1104](https://github.com/openshift/cluster-ingress-operator/pull/1104) * [OCPBUGS-35453](https://issues.redhat.com/browse/OCPBUGS-35453): [release-4.13] internal service changed fix target port logic [#1089](https://github.com/openshift/cluster-ingress-operator/pull/1089) * [OCPBUGS-35094](https://issues.redhat.com/browse/OCPBUGS-35094): TestHostNetworkPortBinding: Delete t.Parallel() [#1082](https://github.com/openshift/cluster-ingress-operator/pull/1082) * [OCPBUGS-34765](https://issues.redhat.com/browse/OCPBUGS-34765): Don't add clientca-configmap finalizer if deleting [#1073](https://github.com/openshift/cluster-ingress-operator/pull/1073) * [OCPBUGS-34409](https://issues.redhat.com/browse/OCPBUGS-34409): desiredRouterDeployment: Set HostPort if needed [#1062](https://github.com/openshift/cluster-ingress-operator/pull/1062) * [OCPBUGS-33990](https://issues.redhat.com/browse/OCPBUGS-33990): Avoid spurious updates for internalTrafficPolicy [Backport to 4.13] [#1055](https://github.com/openshift/cluster-ingress-operator/pull/1055) * [OCPBUGS-34476](https://issues.redhat.com/browse/OCPBUGS-34476): Use centos7 tag for quay.io/centos7/httpd-24-centos7 image [#1065](https://github.com/openshift/cluster-ingress-operator/pull/1065) * [OCPBUGS-20781](https://issues.redhat.com/browse/OCPBUGS-20781): Bump golang.org/x/net for CVE-2023-44487 [#987](https://github.com/openshift/cluster-ingress-operator/pull/987) * [OCPBUGS-22402](https://issues.redhat.com/browse/OCPBUGS-22402): test/e2e: Don't use openshift/origin-node [#991](https://github.com/openshift/cluster-ingress-operator/pull/991) * [Full changelog](https://github.com/openshift/cluster-ingress-operator/compare/2ecad04e6dcd3338b7180529a9f55cb13dff276d...a45f7a3a44ead85d2e36a57723fc05fc0919c63e) ### [cluster-kube-apiserver-operator](https://github.com/openshift/cluster-kube-apiserver-operator/tree/e9e717254ca8e479db297144d316363467f2f5fe) * [OCPBUGS-50850](https://issues.redhat.com/browse/OCPBUGS-50850): Increase waitForFallbackDegradedConditionTimeout [#1809](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1809) * [OCPBUGS-34062](https://issues.redhat.com/browse/OCPBUGS-34062): [4.13] add a controller that reconciles SCCs' volumes [#1677](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1677) * [OCPBUGS-25922](https://issues.redhat.com/browse/OCPBUGS-25922): [release-4.13] dashboard: use recording rules for most metrics [#1611](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1611) * : OCPBUGS-24023: Add workload partitioning annotation [#1591](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1591) * : OCPBUGS-20880: bump library-go to include switch to HTTP/1.1 [#1573](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1573) * [Full changelog](https://github.com/openshift/cluster-kube-apiserver-operator/compare/d525f5d788e2a8bbf7dd01902084c3587d32a58f...e9e717254ca8e479db297144d316363467f2f5fe) ### [cluster-kube-cluster-api-operator](https://github.com/openshift/cluster-api-operator/tree/18c076b1b56e06086fc3e4ea89d6922cca2d6b4a) * [OCPBUGS-20981](https://issues.redhat.com/browse/OCPBUGS-20981): bump golang.org/x/net to v0.17.0 [#28](https://github.com/openshift/cluster-api-operator/pull/28) * [Full changelog](https://github.com/openshift/cluster-api-operator/compare/8d627a55e6d765019f4879ea20e2016e6cc0be63...18c076b1b56e06086fc3e4ea89d6922cca2d6b4a) ### [cluster-kube-controller-manager-operator](https://github.com/openshift/cluster-kube-controller-manager-operator/tree/dac7113696160d1170d9b3773afa4a4b7cb2099b) * [OCPBUGS-27066](https://issues.redhat.com/browse/OCPBUGS-27066): bump(library-go)=release-4.13 [#788](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/788) * [OCPBUGS-21103](https://issues.redhat.com/browse/OCPBUGS-21103): Drop flags removed in k8s 1.26 [4.13] [#766](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/766) * [OCPBUGS-21078](https://issues.redhat.com/browse/OCPBUGS-21078): Bump deps to address CVE-2023-44487 [4.13] [#758](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/758) * [Full changelog](https://github.com/openshift/cluster-kube-controller-manager-operator/compare/cc6a31430749e2e0a1b0d9db18c6e664dd4b626e...dac7113696160d1170d9b3773afa4a4b7cb2099b) ### [cluster-kube-scheduler-operator](https://github.com/openshift/cluster-kube-scheduler-operator/tree/2e7c269b358223b89632b35840e6a91cdc7bb9aa) * [OCPBUGS-27065](https://issues.redhat.com/browse/OCPBUGS-27065): bump(library-go)=release-4.13 [#528](https://github.com/openshift/cluster-kube-scheduler-operator/pull/528) * [OCPBUGS-21811](https://issues.redhat.com/browse/OCPBUGS-21811): Bump deps to address CVE-2023-44487 [#502](https://github.com/openshift/cluster-kube-scheduler-operator/pull/502) * [Full changelog](https://github.com/openshift/cluster-kube-scheduler-operator/compare/b4c50a4d65f6971abeed1da815aac038d8700715...2e7c269b358223b89632b35840e6a91cdc7bb9aa) ### [cluster-kube-storage-version-migrator-operator](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/tree/721de5d64083b17c22f6b784bb2c78af39d7b3b0) * : OCPBUGS-21355: bump library-go to include switch to HTTP/1.1 [#97](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/97) * [Full changelog](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/compare/9f475980d1e6a70f0e9400aec6f15e5f5a6132b6...721de5d64083b17c22f6b784bb2c78af39d7b3b0) ### [cluster-machine-approver](https://github.com/openshift/cluster-machine-approver/tree/25fe7b4bd96baba2eef8c0c22521fdc8c08f981d) * [OCPBUGS-21447](https://issues.redhat.com/browse/OCPBUGS-21447): Bump x/net package to v0.18.0 [#213](https://github.com/openshift/cluster-machine-approver/pull/213) * [OCPBUGS-23368](https://issues.redhat.com/browse/OCPBUGS-23368): Filter non node CSRs in metrics [#210](https://github.com/openshift/cluster-machine-approver/pull/210) * [Full changelog](https://github.com/openshift/cluster-machine-approver/compare/ce66cd5420829c20837662770451ee1c64294d47...25fe7b4bd96baba2eef8c0c22521fdc8c08f981d) ### [cluster-monitoring-operator](https://github.com/openshift/cluster-monitoring-operator/tree/3aa76870066af1d0266ab39201856ba711fd08d7) * [OCPBUGS-33581](https://issues.redhat.com/browse/OCPBUGS-33581): label for infra nodes for metric cluster:capacity_cpu_cores:sum [#2344](https://github.com/openshift/cluster-monitoring-operator/pull/2344) * [OCPBUGS-28767](https://issues.redhat.com/browse/OCPBUGS-28767): fix generation of telemeter token hash [#2305](https://github.com/openshift/cluster-monitoring-operator/pull/2305) * [OCPBUGS-25388](https://issues.redhat.com/browse/OCPBUGS-25388): Add RHACM telemetry metric for 4.13 [#2203](https://github.com/openshift/cluster-monitoring-operator/pull/2203) * [OCPBUGS-21457](https://issues.redhat.com/browse/OCPBUGS-21457): Set the new --disable-http2 flag for prometheus-adapter to disable HTTP2 [#2146](https://github.com/openshift/cluster-monitoring-operator/pull/2146) * [OCPBUGS-22920](https://issues.redhat.com/browse/OCPBUGS-22920): jsonnet: pin commits [#2144](https://github.com/openshift/cluster-monitoring-operator/pull/2144) * [OCPBUGS-22842](https://issues.redhat.com/browse/OCPBUGS-22842): [release-4.13] add RHACS telemetry metrics [#2139](https://github.com/openshift/cluster-monitoring-operator/pull/2139) * [OCPBUGS-22308](https://issues.redhat.com/browse/OCPBUGS-22308): fix: force HTTP/1.1 connections [#2134](https://github.com/openshift/cluster-monitoring-operator/pull/2134) * [OCPBUGS-21250](https://issues.redhat.com/browse/OCPBUGS-21250): upgrade golang.org/x/net to v0.17.0 [#2122](https://github.com/openshift/cluster-monitoring-operator/pull/2122) * [Full changelog](https://github.com/openshift/cluster-monitoring-operator/compare/5b66d200aee0f3e89c27be21ae2bfd2d2a94911a...3aa76870066af1d0266ab39201856ba711fd08d7) ### [cluster-network-operator](https://github.com/openshift/cluster-network-operator/tree/df5cf2735b29eb5ca630ec89579ab2bb7a7425b2) * [OCPBUGS-43856](https://issues.redhat.com/browse/OCPBUGS-43856): manifests/02-cncc-credentials: Set skipServiceCheck for GCP [#2547](https://github.com/openshift/cluster-network-operator/pull/2547) * [OCPBUGS-38403](https://issues.redhat.com/browse/OCPBUGS-38403): Add missing runbook for OVNKubernetesNorthdInactive [#2471](https://github.com/openshift/cluster-network-operator/pull/2471) * [OCPBUGS-37941](https://issues.redhat.com/browse/OCPBUGS-37941): update whereabouts crd [#2458](https://github.com/openshift/cluster-network-operator/pull/2458) * [OCPBUGS-30150](https://issues.redhat.com/browse/OCPBUGS-30150): ipsec: fix openssl typo [#2290](https://github.com/openshift/cluster-network-operator/pull/2290) * [OCPBUGS-29674](https://issues.redhat.com/browse/OCPBUGS-29674): add env var in whereabouts-reconciler daemonset [#2279](https://github.com/openshift/cluster-network-operator/pull/2279) * [OCPBUGS-29301](https://issues.redhat.com/browse/OCPBUGS-29301): Update ingressconfig_controller to use field Manager [#2267](https://github.com/openshift/cluster-network-operator/pull/2267) * [OCPBUGS-28208](https://issues.redhat.com/browse/OCPBUGS-28208): ipsec: fix oopsy from 2e3fc8e (cherry-pick of 980c08318e) [#2222](https://github.com/openshift/cluster-network-operator/pull/2222) * [OCPBUGS-28777](https://issues.redhat.com/browse/OCPBUGS-28777): fix whereabouts conformance test failures [#2241](https://github.com/openshift/cluster-network-operator/pull/2241) * [OCPBUGS-27958](https://issues.redhat.com/browse/OCPBUGS-27958): Add ConfigMap mount to the whereabouts-reconciler DaemonSet [#2220](https://github.com/openshift/cluster-network-operator/pull/2220) * NO-JIRA: add kyrtapz as reviewer and approver for release 4.13 [#2229](https://github.com/openshift/cluster-network-operator/pull/2229) * [OCPBUGS-22293](https://issues.redhat.com/browse/OCPBUGS-22293): remove all managed fields used by old manager [#2094](https://github.com/openshift/cluster-network-operator/pull/2094) * [OCPBUGS-24570](https://issues.redhat.com/browse/OCPBUGS-24570): Disable weak SSH cipher suitesRm weak ciphers 4.13 [#2163](https://github.com/openshift/cluster-network-operator/pull/2163) * [OCPBUGS-21716](https://issues.redhat.com/browse/OCPBUGS-21716): Bump golang.org/x/net and github.com/openshift/library-go [#2123](https://github.com/openshift/cluster-network-operator/pull/2123) * [OCPBUGS-22896](https://issues.redhat.com/browse/OCPBUGS-22896): run update-codegen after adding maxLogFiles cfg [#2162](https://github.com/openshift/cluster-network-operator/pull/2162) * [OCPBUGS-22971](https://issues.redhat.com/browse/OCPBUGS-22971): HyperShift: Use the local konnectivity proxy when checking proxy readiness [#2098](https://github.com/openshift/cluster-network-operator/pull/2098) * [OCPBUGS-22896](https://issues.redhat.com/browse/OCPBUGS-22896): Remove oldest ovn acl log files when file limit exceeded [#2097](https://github.com/openshift/cluster-network-operator/pull/2097) * [SDN-4184](https://issues.redhat.com/browse/SDN-4184): Limit OVN-Kubernetes RBAC permissions [#2093](https://github.com/openshift/cluster-network-operator/pull/2093) * [OCPBUGS-20278](https://issues.redhat.com/browse/OCPBUGS-20278): Edited multus-admission-controller deployment config to not add autoount a service account token [#1885](https://github.com/openshift/cluster-network-operator/pull/1885) * [Full changelog](https://github.com/openshift/cluster-network-operator/compare/961ca3d65ce046e29cd105e2c18563bd91dbfdae...df5cf2735b29eb5ca630ec89579ab2bb7a7425b2) ### [cluster-node-tuning-operator](https://github.com/openshift/cluster-node-tuning-operator/tree/978a6c56e163f119f757d7116fa99d6b05f7d7f5) * E2E: workload hints: compare existing profile with changes being made to avoid mcp getting stuck (#1069) [#1069](https://github.com/openshift/cluster-node-tuning-operator/pull/1069) * [OCPBUGS-33030](https://issues.redhat.com/browse/OCPBUGS-33030): [release-4.13][manual]Reduce number of reboots in offline tests (#1048) [#1048](https://github.com/openshift/cluster-node-tuning-operator/pull/1048) * Scheduler plugin: ignore IRQs (#1027) [#1027](https://github.com/openshift/cluster-node-tuning-operator/pull/1027) * irqbalance: set banned cpus list to 0 (#1003) [#1003](https://github.com/openshift/cluster-node-tuning-operator/pull/1003) * [OCPBUGS-24353](https://issues.redhat.com/browse/OCPBUGS-24353): rps: cherry-picks of rps fixes (#865) [#865](https://github.com/openshift/cluster-node-tuning-operator/pull/865) * Disable HTTP/2 for webhook and metrics servers (#846) [#846](https://github.com/openshift/cluster-node-tuning-operator/pull/846) * Remove obsolete protocols and weak ciphers (#843) [#843](https://github.com/openshift/cluster-node-tuning-operator/pull/843) * [OCPBUGS-18493](https://issues.redhat.com/browse/OCPBUGS-18493): e2e: deflake IRQ load-balancing (#782) [#782](https://github.com/openshift/cluster-node-tuning-operator/pull/782) * [Full changelog](https://github.com/openshift/cluster-node-tuning-operator/compare/fad5b5ca117a750d89797dc891e592726a75f9e7...978a6c56e163f119f757d7116fa99d6b05f7d7f5) ### [cluster-openshift-apiserver-operator](https://github.com/openshift/cluster-openshift-apiserver-operator/tree/9abb220ac11f370f323f2c248d3ee377394c88b8) * : OCPBUGS-20707: bump library-go to include switch to HTTP/1.1 [#555](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/555) * [OCPBUGS-22210](https://issues.redhat.com/browse/OCPBUGS-22210): increase timeout for probes [#553](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/553) * [Full changelog](https://github.com/openshift/cluster-openshift-apiserver-operator/compare/ea4f097def493950e6e65068284084935b8ce4d9...9abb220ac11f370f323f2c248d3ee377394c88b8) ### [cluster-openshift-controller-manager-operator](https://github.com/openshift/cluster-openshift-controller-manager-operator/tree/6e7e7835519d30ea22e4c4954039bab21de19c80) * [OCPBUGS-38455](https://issues.redhat.com/browse/OCPBUGS-38455): Update opentelemetry to mitigate CVE [#365](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/365) * [OCPBUGS-20796](https://issues.redhat.com/browse/OCPBUGS-20796): bump(k8s,openshift) to address CVE-2023-44487 [#310](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/310) * [Full changelog](https://github.com/openshift/cluster-openshift-controller-manager-operator/compare/9a8aba8cad6491a31e743a7e366d758351482d88...6e7e7835519d30ea22e4c4954039bab21de19c80) ### [cluster-policy-controller](https://github.com/openshift/cluster-policy-controller/tree/3b0d075530fdbfdacdfe574151a3313f5231459c) * [OCPBUGS-21103](https://issues.redhat.com/browse/OCPBUGS-21103): Bump deps to address CVE-2023-44487 [4.13] [#135](https://github.com/openshift/cluster-policy-controller/pull/135) * [Full changelog](https://github.com/openshift/cluster-policy-controller/compare/8d2af85d0b6dcf09256bd9fecc5d36ac77bc41d1...3b0d075530fdbfdacdfe574151a3313f5231459c) ### [cluster-samples-operator](https://github.com/openshift/cluster-samples-operator/tree/7e7affad59551611aeb3fb2e5a21f1ec8d99181b) * [OCPBUGS-54812](https://issues.redhat.com/browse/OCPBUGS-54812): add rhdmalone to owners [#628](https://github.com/openshift/cluster-samples-operator/pull/628) * [OCPBUGS-49663](https://issues.redhat.com/browse/OCPBUGS-49663): add shannon and aroyoredhat as owners [#599](https://github.com/openshift/cluster-samples-operator/pull/599) * [OCPBUGS-21198](https://issues.redhat.com/browse/OCPBUGS-21198): update k8s.io/apiserver version [#589](https://github.com/openshift/cluster-samples-operator/pull/589) * [OCPBUGS-22390](https://issues.redhat.com/browse/OCPBUGS-22390): Sync library to remove invalid dockerhub references for OKD [#521](https://github.com/openshift/cluster-samples-operator/pull/521) * [Full changelog](https://github.com/openshift/cluster-samples-operator/compare/f785bad1227439dfdb627538b3f7ecd0eb28f33c...7e7affad59551611aeb3fb2e5a21f1ec8d99181b) ### [cluster-storage-operator](https://github.com/openshift/cluster-storage-operator/tree/b38c26ae676c9e775f901a04c072848fd8726b90) * [OCPBUGS-33468](https://issues.redhat.com/browse/OCPBUGS-33468): Fix problem-detector proxy setting [#473](https://github.com/openshift/cluster-storage-operator/pull/473) * [Full changelog](https://github.com/openshift/cluster-storage-operator/compare/5cd56c344f5aae7ce53f1301115e247a1fd6fed5...b38c26ae676c9e775f901a04c072848fd8726b90) ### [cluster-update-keys](https://github.com/openshift/cluster-update-keys/tree/7033b4836e4c79a2237c66f31986396d98ac270b) * NO-ISSUE: Updating ose-cluster-update-keys-container image to be consistent with ART for 4.13 [#78](https://github.com/openshift/cluster-update-keys/pull/78) * [OCPBUGS-43886](https://issues.redhat.com/browse/OCPBUGS-43886): keys: Update Red Hat keys to use SHA256 signatures [#67](https://github.com/openshift/cluster-update-keys/pull/67) * [Full changelog](https://github.com/openshift/cluster-update-keys/compare/5b725937d51e9f089c3f99e27e4ee77a6d2cbbcd...7033b4836e4c79a2237c66f31986396d98ac270b) ### [cluster-version-operator](https://github.com/openshift/cluster-version-operator/tree/8b3acaebb7de946e86d20bfdf637e7caaaeb1fb3) * [OCPBUGS-45332](https://issues.redhat.com/browse/OCPBUGS-45332): deps: bump golang.org/x/net to 0.31.0 [#1121](https://github.com/openshift/cluster-version-operator/pull/1121) * [OCPBUGS-27049](https://issues.redhat.com/browse/OCPBUGS-27049): pkg/cvo/availableupdates: Only bump LastAttempt on Cincinnati pulls [#1019](https://github.com/openshift/cluster-version-operator/pull/1019) * [OCPBUGS-20744](https://issues.redhat.com/browse/OCPBUGS-20744): [4.13] Bump http-related deps [#989](https://github.com/openshift/cluster-version-operator/pull/989) * [Full changelog](https://github.com/openshift/cluster-version-operator/compare/50feca20f68b18d1d1b2722792fcbfa8474f6039...8b3acaebb7de946e86d20bfdf637e7caaaeb1fb3) ### [console](https://github.com/openshift/console/tree/b6b545cf6f39181f2c8548035aa7fc71204adec3) * [OCPBUGS-44160](https://issues.redhat.com/browse/OCPBUGS-44160): bump dompurify to latest [#15594](https://github.com/openshift/console/pull/15594) * [OCPBUGS-57100](https://issues.redhat.com/browse/OCPBUGS-57100): Add all files to `vendor` regardless of gitignore [#15136](https://github.com/openshift/console/pull/15136) * [OCPBUGS-54892](https://issues.redhat.com/browse/OCPBUGS-54892): Show Observe section without PROMETHEUS and MONITORING flags [#14960](https://github.com/openshift/console/pull/14960) * [OCPBUGS-45292](https://issues.redhat.com/browse/OCPBUGS-45292): A value submitted in From view is wrapped with single quotation after switching to Yaml view. [#14573](https://github.com/openshift/console/pull/14573) * [OCPBUGS-44356](https://issues.redhat.com/browse/OCPBUGS-44356): Application creation fail when manually entering input scaling value in local setup [#14509](https://github.com/openshift/console/pull/14509) * [OCPBUGS-45197](https://issues.redhat.com/browse/OCPBUGS-45197): Edit the secret and add the Chinese in the web-console, garbled characters will be displayed [#14552](https://github.com/openshift/console/pull/14552) * [OCPBUGS-44585](https://issues.redhat.com/browse/OCPBUGS-44585): Need to allow blank for Project/namespace when setting SA Subject in 'Project access tab' [#14497](https://github.com/openshift/console/pull/14497) * [OCPBUGS-36557](https://issues.redhat.com/browse/OCPBUGS-36557): Increase login flow state paramater length/entropy [#14483](https://github.com/openshift/console/pull/14483) * [OCPBUGS-42951](https://issues.redhat.com/browse/OCPBUGS-42951): The filepath including leading slash makes error during parsing devfile using Gitlab [#14383](https://github.com/openshift/console/pull/14383) * [OCPBUGS-41594](https://issues.redhat.com/browse/OCPBUGS-41594): Redirects to new PipelineRun logs URL from old PipelineRun logs URL [#14263](https://github.com/openshift/console/pull/14263) * [OCPBUGS-35259](https://issues.redhat.com/browse/OCPBUGS-35259): fix vCenter cluster being empty [#13952](https://github.com/openshift/console/pull/13952) * [OCPBUGS-32147](https://issues.redhat.com/browse/OCPBUGS-32147): Bump graphql-go to v1.3.0 [#13922](https://github.com/openshift/console/pull/13922) * [OCPBUGS-33978](https://issues.redhat.com/browse/OCPBUGS-33978): Helm Plugin's Catalog incorrectly renders a single index entry into multiple tiles [#13872](https://github.com/openshift/console/pull/13872) * [OCPBUGS-34342](https://issues.redhat.com/browse/OCPBUGS-34342): Fix PipelineRun Logs tab navigation [#13890](https://github.com/openshift/console/pull/13890) * [OCPBUGS-24395](https://issues.redhat.com/browse/OCPBUGS-24395): Extra space is in the translation text(Chinese) of 'Create rolebinding' and 'replicate rolebinding' [#13405](https://github.com/openshift/console/pull/13405) * [OCPBUGS-33777](https://issues.redhat.com/browse/OCPBUGS-33777): restrict Masthead logo to max-height to 60px [#13860](https://github.com/openshift/console/pull/13860) * [OCPBUGS-33749](https://issues.redhat.com/browse/OCPBUGS-33749): Add visual connector between VMs and non VMs workloads [#13857](https://github.com/openshift/console/pull/13857) * [OCPBUGS-33382](https://issues.redhat.com/browse/OCPBUGS-33382): Routes created by devfiles do not always use HTTPS [#13827](https://github.com/openshift/console/pull/13827) * [OCPBUGS-33650](https://issues.redhat.com/browse/OCPBUGS-33650): fix issues with Edit Route form [#13851](https://github.com/openshift/console/pull/13851) * [OCPBUGS-32500](https://issues.redhat.com/browse/OCPBUGS-32500): PipelineRuns in Console show wrong status or load indefinitely [#13780](https://github.com/openshift/console/pull/13780) * [OCPBUGS-31077](https://issues.redhat.com/browse/OCPBUGS-31077): Pipeline Name gets changed to "new-pipeline" on the Edit Pipeline YAML/Builder [#13683](https://github.com/openshift/console/pull/13683) * [OCPBUGS-31595](https://issues.redhat.com/browse/OCPBUGS-31595): Fix operands list endpoint. [#13714](https://github.com/openshift/console/pull/13714) * [OCPBUGS-29063](https://issues.redhat.com/browse/OCPBUGS-29063): add additional check to determine if file is binary [#13579](https://github.com/openshift/console/pull/13579) * [OCPBUGS-28788](https://issues.redhat.com/browse/OCPBUGS-28788): Copy response code from proxied plugin requests [#13561](https://github.com/openshift/console/pull/13561) * [OCPBUGS-29243](https://issues.redhat.com/browse/OCPBUGS-29243): Add a new allowInsecure option to the internet proxy [#13593](https://github.com/openshift/console/pull/13593) * [OCPBUGS-27406](https://issues.redhat.com/browse/OCPBUGS-27406): Add Pipeline metrics tab using plugin [#13525](https://github.com/openshift/console/pull/13525) * [OCPBUGS-23483](https://issues.redhat.com/browse/OCPBUGS-23483): add access to create, edit and delete silences for developer user from developer perspective [#13349](https://github.com/openshift/console/pull/13349) * [OCPBUGS-25427](https://issues.redhat.com/browse/OCPBUGS-25427): Fix plugin proxy handler [#13449](https://github.com/openshift/console/pull/13449) * [OCPBUGS-25465](https://issues.redhat.com/browse/OCPBUGS-25465): fix runtime error on Node details Overview when Machin… [#13452](https://github.com/openshift/console/pull/13452) * [OCPBUGS-25146](https://issues.redhat.com/browse/OCPBUGS-25146): add access review for impersonate [#13437](https://github.com/openshift/console/pull/13437) * [OCPBUGS-24591](https://issues.redhat.com/browse/OCPBUGS-24591): ConsolePlugin metrics must no longer be grouped by the vendor [#13424](https://github.com/openshift/console/pull/13424) * [OCPBUGS-22241](https://issues.redhat.com/browse/OCPBUGS-22241): Save also the location.search and .hash values in localStorage to restore them after login [#13271](https://github.com/openshift/console/pull/13271) * [OCPBUGS-24240](https://issues.redhat.com/browse/OCPBUGS-24240): Subsequent PipelineRuns take initial PipelineRun name into account [#13385](https://github.com/openshift/console/pull/13385) * [OCPBUGS-23497](https://issues.redhat.com/browse/OCPBUGS-23497): Cannot Edit Shipwright Build [#13352](https://github.com/openshift/console/pull/13352) * [OCPBUGS-11316](https://issues.redhat.com/browse/OCPBUGS-11316): Fix description for BuildAdapter SDK extension [#12703](https://github.com/openshift/console/pull/12703) * [OCPBUGS-22986](https://issues.redhat.com/browse/OCPBUGS-22986): Correct logout process [#13310](https://github.com/openshift/console/pull/13310) * [OCPBUGS-23065](https://issues.redhat.com/browse/OCPBUGS-23065): remove expandable toggle for conditional update risk d… [#13316](https://github.com/openshift/console/pull/13316) * [OCPBUGS-22784](https://issues.redhat.com/browse/OCPBUGS-22784): add support for new features annotations while preservi… [#13299](https://github.com/openshift/console/pull/13299) * [Full changelog](https://github.com/openshift/console/compare/b19a69104789b0d68106e757a2edb53ad15db6b2...b6b545cf6f39181f2c8548035aa7fc71204adec3) ### [console-operator](https://github.com/openshift/console-operator/tree/cb4657d2d8cc94b611bc9b1f4260f2776c30c0f0) * [OCPBUGS-18674](https://issues.redhat.com/browse/OCPBUGS-18674): Reset console operator's conditions [#894](https://github.com/openshift/console-operator/pull/894) * [OCPBUGS-30599](https://issues.redhat.com/browse/OCPBUGS-30599): Disable HTTP/2 for webhook [#875](https://github.com/openshift/console-operator/pull/875) * [OCPBUGS-21008](https://issues.redhat.com/browse/OCPBUGS-21008): [release-4.13] Bump library-go and golang.org/x/net [#866](https://github.com/openshift/console-operator/pull/866) * [OCPBUGS-6208](https://issues.redhat.com/browse/OCPBUGS-6208): Updating openshift-enterprise-console-operator images to be consistent with ART [#872](https://github.com/openshift/console-operator/pull/872) * [OCPBUGS-24591](https://issues.redhat.com/browse/OCPBUGS-24591): ConsolePlugin metrics must no longer be grouped by the vendor [#821](https://github.com/openshift/console-operator/pull/821) * [OCPBUGS-22333](https://issues.redhat.com/browse/OCPBUGS-22333): Make enabled plugins unique [#805](https://github.com/openshift/console-operator/pull/805) * [Full changelog](https://github.com/openshift/console-operator/compare/dd6939f9a9bf2e3a800ba10a78b4e309f2a0a3c3...cb4657d2d8cc94b611bc9b1f4260f2776c30c0f0) ### [container-networking-plugins](https://github.com/openshift/containernetworking-plugins/tree/3086cf651514b87cc891b3dfbb65a645bd0b100e) * [ART-13080](https://issues.redhat.com/browse/ART-13080): Fix Hermeto build issues [#197](https://github.com/openshift/containernetworking-plugins/pull/197) * [OCPBUGS-20594](https://issues.redhat.com/browse/OCPBUGS-20594): build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 [backport 4.13] [#130](https://github.com/openshift/containernetworking-plugins/pull/130) * [Full changelog](https://github.com/openshift/containernetworking-plugins/compare/dbf24deae8df2b7ccc4c468fddcbb4a19214afa5...3086cf651514b87cc891b3dfbb65a645bd0b100e) ### [coredns](https://github.com/openshift/coredns/tree/d3037cb9c6c13078d0ea2a7c6e7a4b6c21b29362) * [OCPBUGS-60804](https://issues.redhat.com/browse/OCPBUGS-60804): Bump github.com/golang/glog to v1.2.4 [#150](https://github.com/openshift/coredns/pull/150) * [OCPBUGS-38431](https://issues.redhat.com/browse/OCPBUGS-38431): UPSTREAM: 6354: openshift: key cache on Checking Disabled (CD) bit [#129](https://github.com/openshift/coredns/pull/129) * [OCPBUGS-28205](https://issues.redhat.com/browse/OCPBUGS-28205): UPSTREAM: 6277: openshift: Fix OCPBUGS-28205 [#113](https://github.com/openshift/coredns/pull/113) * [OCPBUGS-21046](https://issues.redhat.com/browse/OCPBUGS-21046): UPSTREAM: <carry>: openshift: Address CVE-2023-39325 [#102](https://github.com/openshift/coredns/pull/102) * [Full changelog](https://github.com/openshift/coredns/compare/598440f54234b44ab650be9af7b88f70336b3941...d3037cb9c6c13078d0ea2a7c6e7a4b6c21b29362) ### [csi-driver-manila, openstack-cinder-csi-driver, openstack-cloud-controller-manager](https://github.com/openshift/cloud-provider-openstack/tree/ba00838c583d1fdc9c235ebfc0a28193d932cf41) * [OCPBUGS-58888](https://issues.redhat.com/browse/OCPBUGS-58888): CARRY: don't ignore json files [#344](https://github.com/openshift/cloud-provider-openstack/pull/344) * [OCPBUGS-52414](https://issues.redhat.com/browse/OCPBUGS-52414): Merge https://github.com/kubernetes/cloud-provider-openstack:release-1.26 into release-4.13 [#313](https://github.com/openshift/cloud-provider-openstack/pull/313) * Switch to a new CI [#2444](https://github.com/openshift/cloud-provider-openstack/pull/2444) * And 14 elided commits (e.g. from squash or rebase merges) * [Full changelog](https://github.com/openshift/cloud-provider-openstack/compare/171da3f92694db5d29f5e42787873e40bcb480e2...ba00838c583d1fdc9c235ebfc0a28193d932cf41) ### [csi-driver-manila-operator](https://github.com/openshift/csi-driver-manila-operator/tree/596a53c8fb79eddf85bad8deb504536adf228128) * [OCPBUGS-26224](https://issues.redhat.com/browse/OCPBUGS-26224): Fix selector for manila-csi-driver-controller-metrics service [#224](https://github.com/openshift/csi-driver-manila-operator/pull/224) * [Full changelog](https://github.com/openshift/csi-driver-manila-operator/compare/b1295cd1a5978faa503c199d59d129e3ecfe2aeb...596a53c8fb79eddf85bad8deb504536adf228128) ### [csi-driver-shared-resource, csi-driver-shared-resource-webhook](https://github.com/openshift/csi-driver-shared-resource/tree/01bbb23b627835354f6177b4b44cfc50bd6d9a2e) * [OCPBUGS-28953](https://issues.redhat.com/browse/OCPBUGS-28953): Replace 'coreydaley' with 'sayan-biswas' in OWNERS file [#168](https://github.com/openshift/csi-driver-shared-resource/pull/168) * [OCPBUGS-23116](https://issues.redhat.com/browse/OCPBUGS-23116): Should reference configmaps instead of secrets [#153](https://github.com/openshift/csi-driver-shared-resource/pull/153) * [Full changelog](https://github.com/openshift/csi-driver-shared-resource/compare/9724dcf486c1699ca7117318b9c74f408fdc495d...01bbb23b627835354f6177b4b44cfc50bd6d9a2e) ### [csi-driver-shared-resource-operator](https://github.com/openshift/csi-driver-shared-resource-operator/tree/bc169d2d8d1cd128770d2202c6cc00e5328e4e73) * [OCPBUGS-28958](https://issues.redhat.com/browse/OCPBUGS-28958): Replace 'coreydaley' with 'sayan-biswas' in OWNERS file [#104](https://github.com/openshift/csi-driver-shared-resource-operator/pull/104) * [Full changelog](https://github.com/openshift/csi-driver-shared-resource-operator/compare/1dc475bba65ceda2c317543cca13d60c59db93c1...bc169d2d8d1cd128770d2202c6cc00e5328e4e73) ### [csi-external-snapshotter, csi-snapshot-controller, csi-snapshot-validation-webhook](https://github.com/openshift/csi-external-snapshotter/tree/c8a7a097f68b37ad06a87a4b5c480daeab45be85) * [OCPBUGS-29728](https://issues.redhat.com/browse/OCPBUGS-29728): cherry-pick:release-4.13: OCPBUGS-29244 Update VolumeSnapshot and VolumeSnapshotContent using JSON patch [#141](https://github.com/openshift/csi-external-snapshotter/pull/141) * [Full changelog](https://github.com/openshift/csi-external-snapshotter/compare/5ce4b5cac86efa3a45d5056c0a95004373cabb7b...c8a7a097f68b37ad06a87a4b5c480daeab45be85) ### [docker-builder](https://github.com/openshift/builder/tree/b379980d6f626dc45a91f0a715bc94e75fb4b309) * [OCPBUGS-43295](https://issues.redhat.com/browse/OCPBUGS-43295): Buildah dependency bump to 1.29.5 [#460](https://github.com/openshift/builder/pull/460) * [OCPBUGS-43191](https://issues.redhat.com/browse/OCPBUGS-43191): runc library bump to 1.1.12 [#439](https://github.com/openshift/builder/pull/439) * [OCPBUGS-48836](https://issues.redhat.com/browse/OCPBUGS-48836): skipping some unit tests to avoid failures as they are duplicate [#434](https://github.com/openshift/builder/pull/434) * [OCPBUGS-48655](https://issues.redhat.com/browse/OCPBUGS-48655): Add new team members to the OWNERS file [#431](https://github.com/openshift/builder/pull/431) * Replace 'coreydaley' with 'sayan-biswas' [#407](https://github.com/openshift/builder/pull/407) * [BUILD-854](https://issues.redhat.com/browse/BUILD-854): Add adambkaplan as approver [#405](https://github.com/openshift/builder/pull/405) * [OCPBUGS-22468](https://issues.redhat.com/browse/OCPBUGS-22468): [release-4.13] Bump github.com/sigstore/rekor [#374](https://github.com/openshift/builder/pull/374) * [OCPBUGS-23021](https://issues.redhat.com/browse/OCPBUGS-23021): Add -p flag to cp command to preserve timestamps [#371](https://github.com/openshift/builder/pull/371) * [OCPBUGS-20709](https://issues.redhat.com/browse/OCPBUGS-20709): [release-4.13] Bump golang.org/x/net [#363](https://github.com/openshift/builder/pull/363) * [Full changelog](https://github.com/openshift/builder/compare/1fec8a28a78b81aabc2bcbe8ac4843c8b7938230...b379980d6f626dc45a91f0a715bc94e75fb4b309) ### [docker-registry](https://github.com/openshift/image-registry/tree/d00c2694d7ccfe28536fad6ac9b9dd3967d01107) * [OCPBUGS-53653](https://issues.redhat.com/browse/OCPBUGS-53653): bump jwt and oauth dependencies [#436](https://github.com/openshift/image-registry/pull/436) * [Full changelog](https://github.com/openshift/image-registry/compare/47a15ac8b7233bb1de44c1364bbd787de2edaaf0...d00c2694d7ccfe28536fad6ac9b9dd3967d01107) ### [egress-router-cni](https://github.com/openshift/egress-router-cni/tree/dfe03737f1562e81aa09101e4a48f039245bd339) * [OCPBUGS-11648](https://issues.redhat.com/browse/OCPBUGS-11648): update go-yaml to v2.4.0 [#68](https://github.com/openshift/egress-router-cni/pull/68) * [Full changelog](https://github.com/openshift/egress-router-cni/compare/756e38455b8e08a34510e188673c77503dca3ff1...dfe03737f1562e81aa09101e4a48f039245bd339) ### [etcd](https://github.com/openshift/etcd/tree/a6b7ad436ea8139436c6e9a456fdacd09ec7f054) * [OCPBUGS-32920](https://issues.redhat.com/browse/OCPBUGS-32920): Revert "Merge pull request #262 from Elbehery/rebase-etcd-3.5.13-open… [#266](https://github.com/openshift/etcd/pull/266) * [OCPBUGS-31653](https://issues.redhat.com/browse/OCPBUGS-31653): Rebase etcd 3.5.13 openshift 4.13 [#262](https://github.com/openshift/etcd/pull/262) * [ETCD-537](https://issues.redhat.com/browse/ETCD-537): Revert "bump build root go1.20" [#263](https://github.com/openshift/etcd/pull/263) * [OCPBUGS-28734](https://issues.redhat.com/browse/OCPBUGS-28734): Rebase etcd 3.5.12 openshift 4.13 [#245](https://github.com/openshift/etcd/pull/245) * [ETCD-537](https://issues.redhat.com/browse/ETCD-537): bump build root go1.20 [#252](https://github.com/openshift/etcd/pull/252) * [OCPBUGS-26925](https://issues.redhat.com/browse/OCPBUGS-26925): Rebase etcd 3.5.11 openshift 4.13 [#239](https://github.com/openshift/etcd/pull/239) * [OCPBUGS-22697](https://issues.redhat.com/browse/OCPBUGS-22697): [4.13] Carrying fixes for CVE-2023-44487 [#225](https://github.com/openshift/etcd/pull/225) * [Full changelog](https://github.com/openshift/etcd/compare/7efbc019a20e4c025d482749d49d0d72892dbfe1...a6b7ad436ea8139436c6e9a456fdacd09ec7f054) ### [gcp-cloud-controller-manager](https://github.com/openshift/cloud-provider-gcp/tree/507fea9800dc63da95ce551d2fb03219d0b0597a) * [OCPBUGS-21303](https://issues.redhat.com/browse/OCPBUGS-21303): Bump golang.org/x/net to v0.18.0 [#43](https://github.com/openshift/cloud-provider-gcp/pull/43) * [Full changelog](https://github.com/openshift/cloud-provider-gcp/compare/efaf4dc692072338d472f086c9f691c71f4a028d...507fea9800dc63da95ce551d2fb03219d0b0597a) ### [gcp-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-gcp/tree/b8a2772574aacf16a998ff7c7ba24000eff60d07) * [OCPBUGS-21398](https://issues.redhat.com/browse/OCPBUGS-21398): Bump golang.org/x/net to v0.17.0 [#204](https://github.com/openshift/cluster-api-provider-gcp/pull/204) * [Full changelog](https://github.com/openshift/cluster-api-provider-gcp/compare/eaeccca9082e1c02ad3422ff49e69cc595bd2ec6...b8a2772574aacf16a998ff7c7ba24000eff60d07) ### [gcp-machine-controllers](https://github.com/openshift/machine-api-provider-gcp/tree/ad18bf13488c04f34d3daff4b1b6370543aab74b) * [OCPBUGS-56916](https://issues.redhat.com/browse/OCPBUGS-56916): Disable shielded VMs for non-UEFI disks [#120](https://github.com/openshift/machine-api-provider-gcp/pull/120) * [OCPBUGS-24563](https://issues.redhat.com/browse/OCPBUGS-24563): Reduce metrics cardinality. [#74](https://github.com/openshift/machine-api-provider-gcp/pull/74) * [OCPBUGS-20851](https://issues.redhat.com/browse/OCPBUGS-20851): Bump x/net package to v0.18.0 [#68](https://github.com/openshift/machine-api-provider-gcp/pull/68) * [Full changelog](https://github.com/openshift/machine-api-provider-gcp/compare/38ddff06b72b364d1c994582d7ae3f119ef5d1a8...ad18bf13488c04f34d3daff4b1b6370543aab74b) ### [haproxy-router](https://github.com/openshift/router/tree/8b39926371f49a623ad814851533ab4d87f3af1a) * [OCPBUGS-43095](https://issues.redhat.com/browse/OCPBUGS-43095): add duplicate_te_header_total metric [#626](https://github.com/openshift/router/pull/626) * [OCPBUGS-34673](https://issues.redhat.com/browse/OCPBUGS-34673): Properly handle rewrite-target annotation [#608](https://github.com/openshift/router/pull/608) * [OCPBUGS-33911](https://issues.redhat.com/browse/OCPBUGS-33911): Reject routes with MD5 certs [#600](https://github.com/openshift/router/pull/600) * [OCPBUGS-33448](https://issues.redhat.com/browse/OCPBUGS-33448): Count active services before setting weight to 1 [#594](https://github.com/openshift/router/pull/594) * [OCPBUGS-33280](https://issues.redhat.com/browse/OCPBUGS-33280): Route 'haproxy.router.openshift.io/timeout' value is not validated [#591](https://github.com/openshift/router/pull/591) * [OCPBUGS-21117](https://issues.redhat.com/browse/OCPBUGS-21117): Bump golang.org/x/net to v0.17.0 to address CVE-2023-39325 [#531](https://github.com/openshift/router/pull/531) * [Full changelog](https://github.com/openshift/router/compare/057eae91f82fb3900fc3d18172b5e6e6ad2d59d8...8b39926371f49a623ad814851533ab4d87f3af1a) ### [hyperkube, pod](https://github.com/openshift/kubernetes/tree/53fd427d5826f19785655e0f8c33642009e0a12b) * [OCPBUGS-41678](https://issues.redhat.com/browse/OCPBUGS-41678): mount-utils: treat syscall.ENODEV as corrupted mount [#2083](https://github.com/openshift/kubernetes/pull/2083) * [OCPBUGS-37280](https://issues.redhat.com/browse/OCPBUGS-37280): UPSTREAM: 126104: Add funcs in pkg/filesystem/util that can actually … [#2045](https://github.com/openshift/kubernetes/pull/2045) * [OCPBUGS-28660](https://issues.redhat.com/browse/OCPBUGS-28660): UPSTREAM: <carry>: kubelet/cm: use MkdirAll when creating cpuset to ignore file exists error [#1875](https://github.com/openshift/kubernetes/pull/1875) * UPSTREAM: <drop>: Bump golang.org/x/net to v0.23.0 [#1938](https://github.com/openshift/kubernetes/pull/1938) * [OCPBUGS-31505](https://issues.redhat.com/browse/OCPBUGS-31505): Update to kubernetes 1.26.15 [#1930](https://github.com/openshift/kubernetes/pull/1930) * Address CVE [#14](https://github.com/openshift/kubernetes/pull/14) * [OCPBUGS-29663](https://issues.redhat.com/browse/OCPBUGS-29663): Update to kubernetes 1.26.14 [#1889](https://github.com/openshift/kubernetes/pull/1889) * [OCPBUGS-12210](https://issues.redhat.com/browse/OCPBUGS-12210): Prevent partially filled HPA behaviors from crashing kube-controller-manager [#1876](https://github.com/openshift/kubernetes/pull/1876) * [OCPBUGS-27370](https://issues.redhat.com/browse/OCPBUGS-27370): Update to kubernetes 1.26.13 [#1859](https://github.com/openshift/kubernetes/pull/1859) * [OCPBUGS-25814](https://issues.redhat.com/browse/OCPBUGS-25814): Fix device uncertain errors on reboot - 4.13 [#1831](https://github.com/openshift/kubernetes/pull/1831) * [OCPBUGS-25988](https://issues.redhat.com/browse/OCPBUGS-25988): Update to kubernetes 1.26.12 [#1839](https://github.com/openshift/kubernetes/pull/1839) * [OCPBUGS-25767](https://issues.redhat.com/browse/OCPBUGS-25767): legacy-cloud-providers: prevent index out-of-range in getNextUnitNumber [#1834](https://github.com/openshift/kubernetes/pull/1834) * [OCPBUGS-23521](https://issues.redhat.com/browse/OCPBUGS-23521): UPSTREAM: <carry>: support for both icsp and idms objects [#1798](https://github.com/openshift/kubernetes/pull/1798) * [OCPBUGS-23567](https://issues.redhat.com/browse/OCPBUGS-23567): Update to kubernetes 1.26.11 [#1809](https://github.com/openshift/kubernetes/pull/1809) * [OCPBUGS-18829](https://issues.redhat.com/browse/OCPBUGS-18829): cm: reorder setting of sched_load_balance for sandbox slice [#1696](https://github.com/openshift/kubernetes/pull/1696) * [OCPBUGS-23287](https://issues.redhat.com/browse/OCPBUGS-23287): UPSTREAM: 121881: Use golang library instead of mklink [#1802](https://github.com/openshift/kubernetes/pull/1802) * [Full changelog](https://github.com/openshift/kubernetes/compare/636f2be6157d45217eb99744b72cc51e5e9c7e10...53fd427d5826f19785655e0f8c33642009e0a12b) ### [hypershift](https://github.com/openshift/hypershift/tree/e548ac784e78cbcada7558444908a177d5e7abdb) * [OCPBUGS-53901](https://issues.redhat.com/browse/OCPBUGS-53901): bump golang-jwt v4 [#5948](https://github.com/openshift/hypershift/pull/5948) * [OCPBUGS-39184](https://issues.redhat.com/browse/OCPBUGS-39184): fix: bump github.com/IBM/go-sdk-core/v5 [#4627](https://github.com/openshift/hypershift/pull/4627) * [OCPBUGS-41515](https://issues.redhat.com/browse/OCPBUGS-41515): set Konnectivity cipher suites [#4284](https://github.com/openshift/hypershift/pull/4284) * NO-JIRA: hack: make the e2e script generic [#4202](https://github.com/openshift/hypershift/pull/4202) * [HOSTEDCP-1146](https://issues.redhat.com/browse/HOSTEDCP-1146): cpo: use CPO spec container image if it is a sha256 reference [#3296](https://github.com/openshift/hypershift/pull/3296) * [OCPBUGS-22971](https://issues.redhat.com/browse/OCPBUGS-22971): Add konnectivity-proxy container to CNO [#3167](https://github.com/openshift/hypershift/pull/3167) * [OCPBUGS-23455](https://issues.redhat.com/browse/OCPBUGS-23455): Use the same etcd snapshot for all replicas during etcd restore [#3205](https://github.com/openshift/hypershift/pull/3205) * NO-JIRA: Red Hat Trusted App Pipeline purge hypershift-operator-release-413 [#3217](https://github.com/openshift/hypershift/pull/3217) * [Full changelog](https://github.com/openshift/hypershift/compare/2c52769df12895ea389c8e87c6175dc59aedd4d6...e548ac784e78cbcada7558444908a177d5e7abdb) ### [ibm-cloud-controller-manager](https://github.com/openshift/cloud-provider-ibm/tree/b5bcaf9caa96561a32ec5e7b79ca41e173ecfe25) * [OCPBUGS-24999](https://issues.redhat.com/browse/OCPBUGS-24999): Add Snyk file to exclude vendor directory on scan [#66](https://github.com/openshift/cloud-provider-ibm/pull/66) * [OCPBUGS-21137](https://issues.redhat.com/browse/OCPBUGS-21137): Bump golang.org/x/net to v0.18.0 [#56](https://github.com/openshift/cloud-provider-ibm/pull/56) * [Full changelog](https://github.com/openshift/cloud-provider-ibm/compare/59edd923386b36f2cad99150b7fd11fb7bbb1688...b5bcaf9caa96561a32ec5e7b79ca41e173ecfe25) ### [ibm-vpc-block-csi-driver](https://github.com/openshift/ibm-vpc-block-csi-driver/tree/f4ded0e923b8f7ad4ed23c64fa97f444520c94e1) * [OCPBUGS-59124](https://issues.redhat.com/browse/OCPBUGS-59124): bump github.com/golang/glog to v1.2.4 [#110](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/110) * [OCPBUGS-56066](https://issues.redhat.com/browse/OCPBUGS-56066): tech debt: rework vendor patches [#94](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/94) * [OCPBUGS-53909](https://issues.redhat.com/browse/OCPBUGS-53909): bump github.com/golang-jwt/jwt/v4 to v4.5.2 [#87](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/87) * [OCPBUGS-36064](https://issues.redhat.com/browse/OCPBUGS-36064): CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 [#74](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/74) * [OCPBUGS-18143](https://issues.redhat.com/browse/OCPBUGS-18143): [IBM VPC] failed provisioning volume in proxy cluster [#47](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/47) * [Full changelog](https://github.com/openshift/ibm-vpc-block-csi-driver/compare/f78d4760df79530679b5f8244065a681f41397c3...f4ded0e923b8f7ad4ed23c64fa97f444520c94e1) ### [ibm-vpc-block-csi-driver-operator](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/tree/40786cd2e559a71bf6c8abe922fc2e5b580115cc) * [OCPBUGS-59874](https://issues.redhat.com/browse/OCPBUGS-59874): [IBM VPC] set offlineExpansion to false in e2e test manifest [#152](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/152) * [OCPBUGS-36070](https://issues.redhat.com/browse/OCPBUGS-36070): CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 [#123](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/123) * [Full changelog](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/compare/38c439da0b0ff924ad6b3d0af6461605a8b498ac...40786cd2e559a71bf6c8abe922fc2e5b580115cc) ### [ibm-vpc-node-label-updater](https://github.com/openshift/ibm-vpc-node-label-updater/tree/6d619f62a27ba0ac0cab05e035f07aef9095d9c9) * [OCPBUGS-56066](https://issues.redhat.com/browse/OCPBUGS-56066): tech debt: rework vendor patches [#51](https://github.com/openshift/ibm-vpc-node-label-updater/pull/51) * [OCPBUGS-53541](https://issues.redhat.com/browse/OCPBUGS-53541): bump github.com/golang-jwt/jwt/v4 to v4.5.2 [#47](https://github.com/openshift/ibm-vpc-node-label-updater/pull/47) * [OCPBUGS-36010](https://issues.redhat.com/browse/OCPBUGS-36010): CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 [#43](https://github.com/openshift/ibm-vpc-node-label-updater/pull/43) * [Full changelog](https://github.com/openshift/ibm-vpc-node-label-updater/compare/7721a9e75b92bdd12ff9a05acc9274c0d0580aba...6d619f62a27ba0ac0cab05e035f07aef9095d9c9) ### [ibmcloud-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-ibmcloud/tree/f2694417d53b759212fdb3e0c905f26aae09b838) * [OCPBUGS-36076](https://issues.redhat.com/browse/OCPBUGS-36076): UPSTREAM: <carry>: Fix go-retryablehttp CVE - 4.13 [#90](https://github.com/openshift/cluster-api-provider-ibmcloud/pull/90) * [OCPBUGS-21418](https://issues.redhat.com/browse/OCPBUGS-21418): UPSTREAM: <carry>: bump golang.org/x/net to v0.18.0 [#66](https://github.com/openshift/cluster-api-provider-ibmcloud/pull/66) * [Full changelog](https://github.com/openshift/cluster-api-provider-ibmcloud/compare/d221afa4bee0d722a97f49c0212dfb7954f49b93...f2694417d53b759212fdb3e0c905f26aae09b838) ### [ibmcloud-machine-controllers](https://github.com/openshift/machine-api-provider-ibmcloud/tree/4698265e2146188ede16036bf1193b33d7668930) * [OCPBUGS-36082](https://issues.redhat.com/browse/OCPBUGS-36082): Bump dependency for CVE [#56](https://github.com/openshift/machine-api-provider-ibmcloud/pull/56) * [Full changelog](https://github.com/openshift/machine-api-provider-ibmcloud/compare/bb253a0c607f7d1f8139ffd401bd6c9c432090d1...4698265e2146188ede16036bf1193b33d7668930) ### [insights-operator](https://github.com/openshift/insights-operator/tree/162554e15ece3653649c9a61567d332a462f079a) * [OCPBUGS-36475](https://issues.redhat.com/browse/OCPBUGS-36475): properly encode the URL for the advisor links (#962) (#965) [#962](https://github.com/openshift/insights-operator/pull/962) * [OCPBUGS-33449](https://issues.redhat.com/browse/OCPBUGS-33449): anonymization - externalIP can be nil (#931) (#933) (#935) [#931](https://github.com/openshift/insights-operator/pull/931) * [OCPBUGS-31991](https://issues.redhat.com/browse/OCPBUGS-31991): bump golang.org/x/net version (#927) [#927](https://github.com/openshift/insights-operator/pull/927) * [OCPBUGS-28157](https://issues.redhat.com/browse/OCPBUGS-28157): Add extra check in ids to bypass validations (#905) [#905](https://github.com/openshift/insights-operator/pull/905) * gather etcd_server_slow metrics (#902) (#909) [#902](https://github.com/openshift/insights-operator/pull/902) * [OCPBUGS-23962](https://issues.redhat.com/browse/OCPBUGS-23962): adds helm information gather (#868) (#883) [#868](https://github.com/openshift/insights-operator/pull/868) * [OCPBUGS-22958](https://issues.redhat.com/browse/OCPBUGS-22958): adds cluster storageclasses gather (#858) (#875) [#858](https://github.com/openshift/insights-operator/pull/858) * [OCPBUGS-22953](https://issues.redhat.com/browse/OCPBUGS-22953): create Prometheus rules programmatically according the… (#860) [#860](https://github.com/openshift/insights-operator/pull/860) * [OCPBUGS-22914](https://issues.redhat.com/browse/OCPBUGS-22914): remove username & password config options (#859) [#859](https://github.com/openshift/insights-operator/pull/859) * [OCPBUGS-20750](https://issues.redhat.com/browse/OCPBUGS-20750): update dependencies (#840) [#840](https://github.com/openshift/insights-operator/pull/840) * [Full changelog](https://github.com/openshift/insights-operator/compare/3f785f9212ed905b5e8b87cf24097aa577f20a69...162554e15ece3653649c9a61567d332a462f079a) ### [ironic](https://github.com/openshift/ironic-image/tree/fe91b38ace1a3a6bdf4c6f42346344bdffe2bb21) * [OCPBUGS-48146](https://issues.redhat.com/browse/OCPBUGS-48146), [OCPBUGS-48595](https://issues.redhat.com/browse/OCPBUGS-48595): Bump jinja2 to 3.0.1-6.el9.2 [#626](https://github.com/openshift/ironic-image/pull/626) * [OCPBUGS-43952](https://issues.redhat.com/browse/OCPBUGS-43952), [OCPBUGS-43960](https://issues.redhat.com/browse/OCPBUGS-43960): Bump python-waitress [4.13] [#608](https://github.com/openshift/ironic-image/pull/608) * [OCPBUGS-37764](https://issues.redhat.com/browse/OCPBUGS-37764), [OCPBUGS-39384](https://issues.redhat.com/browse/OCPBUGS-39384): Include fixes for CVE-2024-44082 [#585](https://github.com/openshift/ironic-image/pull/585) * [OCPBUGS-38509](https://issues.redhat.com/browse/OCPBUGS-38509): set min version for python3-webob [#557](https://github.com/openshift/ironic-image/pull/557) * [OCPBUGS-33374](https://issues.redhat.com/browse/OCPBUGS-33374): bump werkzeug [#543](https://github.com/openshift/ironic-image/pull/543) * [OCPBUGS-34898](https://issues.redhat.com/browse/OCPBUGS-34898): bump jinja2 [#538](https://github.com/openshift/ironic-image/pull/538) * [OCPBUGS-37116](https://issues.redhat.com/browse/OCPBUGS-37116): Update eventlet version [#525](https://github.com/openshift/ironic-image/pull/525) * [OCPBUGS-32363](https://issues.redhat.com/browse/OCPBUGS-32363): [4.13] remove unused prometheus-exporter [#488](https://github.com/openshift/ironic-image/pull/488) * [OCPBUGS-32387](https://issues.redhat.com/browse/OCPBUGS-32387): Use unix sockets by default for reverse proxy communication [#476](https://github.com/openshift/ironic-image/pull/476) * [OCPBUGS-29190](https://issues.redhat.com/browse/OCPBUGS-29190): Fix Inspector iPXE config for IPv6 addresses [#453](https://github.com/openshift/ironic-image/pull/453) * [OCPBUGS-23978](https://issues.redhat.com/browse/OCPBUGS-23978): Ironic side of external_http_url (METAL-163) is not wired in correctly [#430](https://github.com/openshift/ironic-image/pull/430) * [OCPBUGS-23506](https://issues.redhat.com/browse/OCPBUGS-23506): Uplift eventlet version [#427](https://github.com/openshift/ironic-image/pull/427) * [OCPBUGS-23356](https://issues.redhat.com/browse/OCPBUGS-23356): Upgrade werkzeug dependency [#422](https://github.com/openshift/ironic-image/pull/422) * [OCPBUGS-19078](https://issues.redhat.com/browse/OCPBUGS-19078): Handle Eject DVD 4.13 [#416](https://github.com/openshift/ironic-image/pull/416) * [OCPBUGS-23072](https://issues.redhat.com/browse/OCPBUGS-23072): Use bash process substitution instead of pipe [#413](https://github.com/openshift/ironic-image/pull/413) * [Full changelog](https://github.com/openshift/ironic-image/compare/fc1cca95711797767336878bfb9e2e4b9801ecfa...fe91b38ace1a3a6bdf4c6f42346344bdffe2bb21) ### [ironic-agent](https://github.com/openshift/ironic-agent-image/tree/92e3efb4c38dba903316d7cb88afa4bbaa04d259) * [OCPBUGS-39384](https://issues.redhat.com/browse/OCPBUGS-39384): Include fixes for CVE-2024-44082 [#164](https://github.com/openshift/ironic-agent-image/pull/164) * [OCPBUGS-38509](https://issues.redhat.com/browse/OCPBUGS-38509): set webob and bump werkzeug [#152](https://github.com/openshift/ironic-agent-image/pull/152) * [OCPBUGS-29725](https://issues.redhat.com/browse/OCPBUGS-29725): Always add ignition to set hostname on /etc/hostname [#111](https://github.com/openshift/ironic-agent-image/pull/111) * [Full changelog](https://github.com/openshift/ironic-agent-image/compare/508e61245eb34d1f83771b1522021ffcde59fecc...92e3efb4c38dba903316d7cb88afa4bbaa04d259) ### [k8s-prometheus-adapter](https://github.com/openshift/k8s-prometheus-adapter/tree/0fce7c7c97d56ba0a0ae4c6a2ba32e559b8a03d7) * [OCPBUGS-21457](https://issues.redhat.com/browse/OCPBUGS-21457): upgrade golang.org/x/net to 0.17.0 to address CVE [#90](https://github.com/openshift/k8s-prometheus-adapter/pull/90) * [Full changelog](https://github.com/openshift/k8s-prometheus-adapter/compare/8ebc578de004962aedefdb9b2b3a43e79e80a0d2...0fce7c7c97d56ba0a0ae4c6a2ba32e559b8a03d7) ### [keepalived-ipfailover](https://github.com/openshift/images/tree/1a14e5c9896976b43767ab325a6fe35527a514a5) * [OCPBUGS-6236](https://issues.redhat.com/browse/OCPBUGS-6236): Updating openshift-enterprise-egress-router images to be consistent with ART [#121](https://github.com/openshift/images/pull/121) * [Full changelog](https://github.com/openshift/images/compare/04659348dbad0cd9b56596d5977d2934fa01d509...1a14e5c9896976b43767ab325a6fe35527a514a5) ### [kube-proxy, sdn](https://github.com/openshift/sdn/tree/9c882377e3a4cfc447b490e0a760697f3c9fa9ba) * [OCPBUGS-55758](https://issues.redhat.com/browse/OCPBUGS-55758): Handle `openshift-host-network` namespace as special when it modifies [#656](https://github.com/openshift/sdn/pull/656) * [OCPBUGS-20771](https://issues.redhat.com/browse/OCPBUGS-20771): update x/net to v0.17.0 [#590](https://github.com/openshift/sdn/pull/590) * [OCPBUGS-22932](https://issues.redhat.com/browse/OCPBUGS-22932): Change the permission of 80-openshift-network.conf to 600 [#582](https://github.com/openshift/sdn/pull/582) * [Full changelog](https://github.com/openshift/sdn/compare/415800a4ce4760df355076d89d29b051f078f00e...9c882377e3a4cfc447b490e0a760697f3c9fa9ba) ### [kube-rbac-proxy](https://github.com/openshift/kube-rbac-proxy/tree/f35f954ae0550e6ebeb94e244401fc069dc346b8) * [OCPBUGS-31987](https://issues.redhat.com/browse/OCPBUGS-31987): CVE-2023-45288 [4.13] [#107](https://github.com/openshift/kube-rbac-proxy/pull/107) * [Full changelog](https://github.com/openshift/kube-rbac-proxy/compare/ae32bfa0f11ae2854339ab9af83c44ee1c04fe31...f35f954ae0550e6ebeb94e244401fc069dc346b8) ### [kube-state-metrics](https://github.com/openshift/kube-state-metrics/tree/fd791df54d7271c1611090505509a03454168689) * [OCPBUGS-20778](https://issues.redhat.com/browse/OCPBUGS-20778): bump x/net to v0.17.0 [#102](https://github.com/openshift/kube-state-metrics/pull/102) * [Full changelog](https://github.com/openshift/kube-state-metrics/compare/4b9698489404f06195ba8a4646d58d67e13501d4...fd791df54d7271c1611090505509a03454168689) ### [kube-storage-version-migrator](https://github.com/openshift/kubernetes-kube-storage-version-migrator/tree/ac20da35bc6d9cded6dbf7fa0c27e867c7a69cb7) * NO-JIRA: Add DOWNSTREAM_OWNERS (release 4-13). [#230](https://github.com/openshift/kubernetes-kube-storage-version-migrator/pull/230) * [Full changelog](https://github.com/openshift/kubernetes-kube-storage-version-migrator/compare/bad104d13ba95bc850f5aaf96436f793d7985864...ac20da35bc6d9cded6dbf7fa0c27e867c7a69cb7) ### [kubevirt-csi-driver](https://github.com/openshift/kubevirt-csi-driver/tree/9d909f7f3a3efd27d7efb71bf0324796aa6e8788) * "OCPBUGS-29791: [release-4.13] Address CVE-2024-1725: Restrict access to infrastructure PVCs by requiring matching infraClusterLabels on tenant PVCs" [#35](https://github.com/openshift/kubevirt-csi-driver/pull/35) * [Full changelog](https://github.com/openshift/kubevirt-csi-driver/compare/efa0b9432bf0f44a965dc978ada75ea9b0f3e511...9d909f7f3a3efd27d7efb71bf0324796aa6e8788) ### [machine-api-operator](https://github.com/openshift/machine-api-operator/tree/a950acc5d06dda8089dbbe4b9d4ad95e7fe78b62) * [OCPBUGS-43856](https://issues.redhat.com/browse/OCPBUGS-43856): install/0000_30_machine-api-operator_00_credentials-request: Set skipServiceCheck again for GCP [#1304](https://github.com/openshift/machine-api-operator/pull/1304) * [OCPBUGS-32015](https://issues.redhat.com/browse/OCPBUGS-32015): Fix zone tag value reconciliation for vSphere machines [#1225](https://github.com/openshift/machine-api-operator/pull/1225) * [OCPBUGS-31994](https://issues.redhat.com/browse/OCPBUGS-31994): Update x/net to v0.25.0 [#1245](https://github.com/openshift/machine-api-operator/pull/1245) * NO-JIRA: [release-4.13] Fix data race conditions in unit tests [#1254](https://github.com/openshift/machine-api-operator/pull/1254) * [OCPBUGS-25165](https://issues.redhat.com/browse/OCPBUGS-25165): Add Snyk file to exclude vendor directory on scan [#1194](https://github.com/openshift/machine-api-operator/pull/1194) * [OCPBUGS-24277](https://issues.redhat.com/browse/OCPBUGS-24277): Update reference URL [#1188](https://github.com/openshift/machine-api-operator/pull/1188) * [OCPBUGS-24277](https://issues.redhat.com/browse/OCPBUGS-24277): Use docs URL instead of KCS article [#1181](https://github.com/openshift/machine-api-operator/pull/1181) * [OCPBUGS-21513](https://issues.redhat.com/browse/OCPBUGS-21513): Bump golang.org/x/net to v0.18.0 [#1175](https://github.com/openshift/machine-api-operator/pull/1175) * [Full changelog](https://github.com/openshift/machine-api-operator/compare/370fdaa43c6964e2af6abbde2bf37789de509bec...a950acc5d06dda8089dbbe4b9d4ad95e7fe78b62) ### [machine-config-operator](https://github.com/openshift/machine-config-operator/tree/a57ca291235422f8466ac53496e9d192eecfe1e4) * [OCPBUGS-61234](https://issues.redhat.com/browse/OCPBUGS-61234): Trigger a new build [#5278](https://github.com/openshift/machine-config-operator/pull/5278) * [OCPBUGS-59125](https://issues.redhat.com/browse/OCPBUGS-59125): [release-4.13] Bump golang/glog to fix CVE-2024-45339 [#5175](https://github.com/openshift/machine-config-operator/pull/5175) * [OCPBUGS-44206](https://issues.redhat.com/browse/OCPBUGS-44206): Panic seen in CI job for MCC pod [#4680](https://github.com/openshift/machine-config-operator/pull/4680) * [OCPBUGS-38372](https://issues.redhat.com/browse/OCPBUGS-38372): Revert "MCD-pull: run after network-online.target in Azure" [#4527](https://github.com/openshift/machine-config-operator/pull/4527) * [OCPBUGS-38295](https://issues.redhat.com/browse/OCPBUGS-38295): daemon/update: disable systemd unit before overwriting [#4522](https://github.com/openshift/machine-config-operator/pull/4522) * [OCPBUGS-37783](https://issues.redhat.com/browse/OCPBUGS-37783): Openshift uncordoned compute-node that was intentionally cordoned [#4507](https://github.com/openshift/machine-config-operator/pull/4507) * [OCPBUGS-37160](https://issues.redhat.com/browse/OCPBUGS-37160): MCD-pull: run after network-online.target in Azure [#4474](https://github.com/openshift/machine-config-operator/pull/4474) * [OCPBUGS-36782](https://issues.redhat.com/browse/OCPBUGS-36782): daemon: Handle correctly OS Version for 4.1 and 4.2 bootimages [#4464](https://github.com/openshift/machine-config-operator/pull/4464) * [OCPBUGS-32208](https://issues.redhat.com/browse/OCPBUGS-32208): Run resolv-prepender entirely async [#4314](https://github.com/openshift/machine-config-operator/pull/4314) * [OCPBUGS-33327](https://issues.redhat.com/browse/OCPBUGS-33327): make verify should use MCO's kube version [#4352](https://github.com/openshift/machine-config-operator/pull/4352) * [OCPBUGS-29721](https://issues.redhat.com/browse/OCPBUGS-29721): Add existing kubeletconfig/ctrcfg mc-name-suffix annotation [#4206](https://github.com/openshift/machine-config-operator/pull/4206) * [OCPBUGS-30285](https://issues.redhat.com/browse/OCPBUGS-30285): set nodeStatusReportFrequency [#4243](https://github.com/openshift/machine-config-operator/pull/4243) * [OCPBUGS-28740](https://issues.redhat.com/browse/OCPBUGS-28740): crio: drop automatic image cleanup on upgrades [#4154](https://github.com/openshift/machine-config-operator/pull/4154) * [OCPBUGS-29151](https://issues.redhat.com/browse/OCPBUGS-29151): fix nodeStatusUpdateFrequency [#4170](https://github.com/openshift/machine-config-operator/pull/4170) * [OCPBUGS-24661](https://issues.redhat.com/browse/OCPBUGS-24661): daemon: Add support for new nmstate logic [#4036](https://github.com/openshift/machine-config-operator/pull/4036) * [OCPBUGS-27816](https://issues.redhat.com/browse/OCPBUGS-27816): use *resource.Quantity to not automatically set 0 [#4141](https://github.com/openshift/machine-config-operator/pull/4141) * [OCPBUGS-22272](https://issues.redhat.com/browse/OCPBUGS-22272), [OCPBUGS-27172](https://issues.redhat.com/browse/OCPBUGS-27172): kubelet: fix kubelet labels [#4120](https://github.com/openshift/machine-config-operator/pull/4120) * [OCPBUGS-27096](https://issues.redhat.com/browse/OCPBUGS-27096): Azure Run ovs-configuration.service before dnsmasq.service [#4115](https://github.com/openshift/machine-config-operator/pull/4115) * [OCPBUGS-19658](https://issues.redhat.com/browse/OCPBUGS-19658): After dual-stack conversion reconcile IPFamilies [#3935](https://github.com/openshift/machine-config-operator/pull/3935) * [OCPBUGS-23468](https://issues.redhat.com/browse/OCPBUGS-23468): support icsp and idms objects [#4027](https://github.com/openshift/machine-config-operator/pull/4027) * [OCPBUGS-23536](https://issues.redhat.com/browse/OCPBUGS-23536): Introduce kubelet-dependencies.target and firstboot-osupdate.target [#4043](https://github.com/openshift/machine-config-operator/pull/4043) * [OCPBUGS-21052](https://issues.redhat.com/browse/OCPBUGS-21052): Update library-go and kube deps to latest version [#4011](https://github.com/openshift/machine-config-operator/pull/4011) * [OCPBUGS-22205](https://issues.redhat.com/browse/OCPBUGS-22205): Consider ingress VIPs when selecting node IP [#3991](https://github.com/openshift/machine-config-operator/pull/3991) * [OCPBUGS-18031](https://issues.redhat.com/browse/OCPBUGS-18031): on-prem: run resolv-prepender on NM reapply event [#3880](https://github.com/openshift/machine-config-operator/pull/3880) * [OCPBUGS-22412](https://issues.redhat.com/browse/OCPBUGS-22412): bootstrap_test: always set APIVersion and Kind for DNS [#4002](https://github.com/openshift/machine-config-operator/pull/4002) * [Full changelog](https://github.com/openshift/machine-config-operator/compare/645056ffc4f42e40fd6d2c0158231fc41be32676...a57ca291235422f8466ac53496e9d192eecfe1e4) ### [machine-image-customization-controller](https://github.com/openshift/image-customization-controller/tree/34a4abe6ec47fff69476695eccffdb27fe23780c) * [OCPBUGS-27089](https://issues.redhat.com/browse/OCPBUGS-27089): configurable ironic agent vlan creation [#117](https://github.com/openshift/image-customization-controller/pull/117) * [Full changelog](https://github.com/openshift/image-customization-controller/compare/48318552407d37ec7dfefff0a7253f63b8957db9...34a4abe6ec47fff69476695eccffdb27fe23780c) ### [machine-os-images](https://github.com/openshift/machine-os-images/tree/7e2e6cac68ac86ae3cc3578354169658b5620e12) * [OCPBUGS-54172](https://issues.redhat.com/browse/OCPBUGS-54172): Change rhcos release browser url [#60](https://github.com/openshift/machine-os-images/pull/60) * [Full changelog](https://github.com/openshift/machine-os-images/compare/b14856ffbc8fbe1f986cf1b7b835bbeaa786ce5e...7e2e6cac68ac86ae3cc3578354169658b5620e12) ### [multus-admission-controller](https://github.com/openshift/multus-admission-controller/tree/39a2173ffa2fb9b0cdc812121a67d0b46ecd19bd) * [OCPBUGS-60293](https://issues.redhat.com/browse/OCPBUGS-60293): Bump github.com/golang/glog to v1.2.4 [#106](https://github.com/openshift/multus-admission-controller/pull/106) * [OCPBUGS-60841](https://issues.redhat.com/browse/OCPBUGS-60841): Update owners [#108](https://github.com/openshift/multus-admission-controller/pull/108) * [OCPBUGS-21353](https://issues.redhat.com/browse/OCPBUGS-21353): Update go.mod for CVE-2023-39325 [Release-4.13] [#72](https://github.com/openshift/multus-admission-controller/pull/72) * [Full changelog](https://github.com/openshift/multus-admission-controller/compare/f76d674edb07d7006f04748338c1013499c0e7ab...39a2173ffa2fb9b0cdc812121a67d0b46ecd19bd) ### [multus-cni](https://github.com/openshift/multus-cni/tree/12897bd18a928b8d0ea22fca0c05cee480285752) * [OCPBUGS-28020](https://issues.redhat.com/browse/OCPBUGS-28020): Fix SAST scan issues for multus-cni-container [4.13] [#224](https://github.com/openshift/multus-cni/pull/224) * [OCPBUGS-21076](https://issues.redhat.com/browse/OCPBUGS-21076): Update go.mod for CVE-2023-39325 [Release-4.13] [#195](https://github.com/openshift/multus-cni/pull/195) * [Full changelog](https://github.com/openshift/multus-cni/compare/bb616eff56bf0b71ad85009360231f4686a6e4a9...12897bd18a928b8d0ea22fca0c05cee480285752) ### [multus-networkpolicy](https://github.com/openshift/multus-networkpolicy/tree/7176ab75edaf6328bb1da06ba55378815271d218) * [OCPBUGS-21438](https://issues.redhat.com/browse/OCPBUGS-21438): Update go.mod for CVE-2023-39325 (#35) [#35](https://github.com/openshift/multus-networkpolicy/pull/35) * [Full changelog](https://github.com/openshift/multus-networkpolicy/compare/7b99c194d5d2b092a64dc7b8673ef96a399cc7a8...7176ab75edaf6328bb1da06ba55378815271d218) ### [multus-whereabouts-ipam-cni](https://github.com/openshift/whereabouts-cni/tree/9f8d13c74cfe33562c520a77b1a7dbf2e1bd1ef9) * [OCPBUGS-37941](https://issues.redhat.com/browse/OCPBUGS-37941), [OCPBUGS-37944](https://issues.redhat.com/browse/OCPBUGS-37944): [release-4.13] Stateful fixes [#306](https://github.com/openshift/whereabouts-cni/pull/306) * [OCPBUGS-27958](https://issues.redhat.com/browse/OCPBUGS-27958): Enable reconciler configuration [#241](https://github.com/openshift/whereabouts-cni/pull/241) * [OCPBUGS-27367](https://issues.redhat.com/browse/OCPBUGS-27367): [release-4.13] Backport fix assignment [#236](https://github.com/openshift/whereabouts-cni/pull/236) * [OCPBUGS-21512](https://issues.redhat.com/browse/OCPBUGS-21512): update golang.org/x/net to v0.17.0 [#208](https://github.com/openshift/whereabouts-cni/pull/208) * [Full changelog](https://github.com/openshift/whereabouts-cni/compare/7ea40205ffef4c3e047153f4655444245c2792d3...9f8d13c74cfe33562c520a77b1a7dbf2e1bd1ef9) ### [must-gather](https://github.com/openshift/must-gather/tree/339046b6478094030fa5ebf1ebceed2bb03a55f4) * [OCPBUGS-48085](https://issues.redhat.com/browse/OCPBUGS-48085): Update owners [#476](https://github.com/openshift/must-gather/pull/476) * [Full changelog](https://github.com/openshift/must-gather/compare/288ef2fcfe63cbfab0af69a41b508c044ee890aa...339046b6478094030fa5ebf1ebceed2bb03a55f4) ### [network-metrics-daemon](https://github.com/openshift/network-metrics-daemon/tree/aa24d460383cf426963226783e3db981f0d3b714) * [OCPBUGS-59699](https://issues.redhat.com/browse/OCPBUGS-59699): Bump github.com/golang/glog to v1.2.4 (#117) [#117](https://github.com/openshift/network-metrics-daemon/pull/117) * [release 4.13] OCPBUGS-60541: Replace e2e test image (#132) [#132](https://github.com/openshift/network-metrics-daemon/pull/132) * swtich golint install method (#129) [#129](https://github.com/openshift/network-metrics-daemon/pull/129) * Correct 4.16 owners file (#130) [#130](https://github.com/openshift/network-metrics-daemon/pull/130) * Added METRIC_TEST_IMAGE var (#90) [#90](https://github.com/openshift/network-metrics-daemon/pull/90) * Update the k8s dependencies to 1.26.10 (#83) [#83](https://github.com/openshift/network-metrics-daemon/pull/83) * [Full changelog](https://github.com/openshift/network-metrics-daemon/compare/e72c8ad1581132817c09e23295f55425a14a5c58...aa24d460383cf426963226783e3db981f0d3b714) ### [nutanix-cloud-controller-manager](https://github.com/openshift/cloud-provider-nutanix/tree/4fe0c590767f41ca443bdd2688e1decd4f66d60a) * [OCPBUGS-12645](https://issues.redhat.com/browse/OCPBUGS-12645), [OCPBUGS-20879](https://issues.redhat.com/browse/OCPBUGS-20879): bump golang.org/x/net to v0.17.0 [#36](https://github.com/openshift/cloud-provider-nutanix/pull/36) * [Full changelog](https://github.com/openshift/cloud-provider-nutanix/compare/4d1c58e2b97f00e64ab4332d18dfdd531fb9cc4e...4fe0c590767f41ca443bdd2688e1decd4f66d60a) ### [nutanix-machine-controllers](https://github.com/openshift/machine-api-provider-nutanix/tree/cc3a11a909651dec994e23e147e5e505173c21f2) * [OCPBUGS-51856](https://issues.redhat.com/browse/OCPBUGS-51856): Fixing CVE-2025-22868 [#119](https://github.com/openshift/machine-api-provider-nutanix/pull/119) * [OCPBUGS-47262](https://issues.redhat.com/browse/OCPBUGS-47262): fixing CVE-2024-45338 [#115](https://github.com/openshift/machine-api-provider-nutanix/pull/115) * [OCPBUGS-20976](https://issues.redhat.com/browse/OCPBUGS-20976): bump golang.org/x/net to v0.17.0 [#86](https://github.com/openshift/machine-api-provider-nutanix/pull/86) * [OCPBUGS-24563](https://issues.redhat.com/browse/OCPBUGS-24563): Reduce metrics cardinality [#59](https://github.com/openshift/machine-api-provider-nutanix/pull/59) * [OCPBUGS-25459](https://issues.redhat.com/browse/OCPBUGS-25459): Fix CI by running tests natively by default [#60](https://github.com/openshift/machine-api-provider-nutanix/pull/60) * [Full changelog](https://github.com/openshift/machine-api-provider-nutanix/compare/be43191e5b20c7d6a5755a39a22d31e7734b241a...cc3a11a909651dec994e23e147e5e505173c21f2) ### [oauth-apiserver](https://github.com/openshift/oauth-apiserver/tree/6a5971643b971170d28b96f676225b344c4cff3c) * [OCPBUGS-31996](https://issues.redhat.com/browse/OCPBUGS-31996): bump x/net to 0.24.0 [#112](https://github.com/openshift/oauth-apiserver/pull/112) * [OCPBUGS-28674](https://issues.redhat.com/browse/OCPBUGS-28674): Fix HTTP/2 deps for release-4.13 [#102](https://github.com/openshift/oauth-apiserver/pull/102) * [Full changelog](https://github.com/openshift/oauth-apiserver/compare/41c2dfea104b3c686a00b068654843b48b4db53f...6a5971643b971170d28b96f676225b344c4cff3c) ### [oauth-server](https://github.com/openshift/oauth-server/tree/eb54be281d8f215a6eaa6e10ed1b303c7d064bac) * [AUTH-443](https://issues.redhat.com/browse/AUTH-443): update osin to latest version [#139](https://github.com/openshift/oauth-server/pull/139) * [Full changelog](https://github.com/openshift/oauth-server/compare/b841149f2ec0c1ffcb0393e6f70b1e4547f3b18e...eb54be281d8f215a6eaa6e10ed1b303c7d064bac) ### [oc-mirror](https://github.com/openshift/oc-mirror/tree/96338efcec8152baebfd57036b728697b2fda89a) * changes the owners file (#1012) [#1012](https://github.com/openshift/oc-mirror/pull/1012) * [OCPBUGS-48513](https://issues.redhat.com/browse/OCPBUGS-48513): e2e: use same version of crane as in go.mod (#1025) [#1025](https://github.com/openshift/oc-mirror/pull/1025) * Bump version to include v5.11.0 of go-git (#823) [#823](https://github.com/openshift/oc-mirror/pull/823) * [OCPBUGS-385](https://issues.redhat.com/browse/OCPBUGS-385): Capability to override default channel (#749) (#791) [#749](https://github.com/openshift/oc-mirror/pull/749) * [OCPBUGS-19429](https://issues.redhat.com/browse/OCPBUGS-19429): Fix cross EUS channel upgrade path calculation (#775) [#775](https://github.com/openshift/oc-mirror/pull/775) * [OCPBUGS-21460](https://issues.redhat.com/browse/OCPBUGS-21460): Fix CVE-2023-44487 and CVE-2023-39325 (#714) [#714](https://github.com/openshift/oc-mirror/pull/714) * [Full changelog](https://github.com/openshift/oc-mirror/compare/3742681e417aee146fe258cf779b6cdfae8054a3...96338efcec8152baebfd57036b728697b2fda89a) ### [olm-rukpak](https://github.com/openshift/operator-framework-rukpak/tree/7dde3cd3e7a7dbbc9b5d134cc4f69f1503ed0a68) * : OCPBUGS-27594,OCPBUGS-27679: Update go-git to v5.11.0 [#75](https://github.com/openshift/operator-framework-rukpak/pull/75) * [OCPBUGS-23403](https://issues.redhat.com/browse/OCPBUGS-23403): [release-4.13] Address http2 vulnerability [#58](https://github.com/openshift/operator-framework-rukpak/pull/58) * And 1 elided commits (e.g. from squash or rebase merges) * [Full changelog](https://github.com/openshift/operator-framework-rukpak/compare/4bcf0496b39a9ec5287d62552b2e7de2228174d9...7dde3cd3e7a7dbbc9b5d134cc4f69f1503ed0a68) ### [openshift-apiserver](https://github.com/openshift/openshift-apiserver/tree/3a7ac1b91f496b0d4bf179debcd697daa75bc11b) * [OCPBUGS-32446](https://issues.redhat.com/browse/OCPBUGS-32446): bump(x/net) to v0.23.0 [#430](https://github.com/openshift/openshift-apiserver/pull/430) * : OCPBUGS-21449: Enable HTTP/2 CVE mitigation [#398](https://github.com/openshift/openshift-apiserver/pull/398) * [Full changelog](https://github.com/openshift/openshift-apiserver/compare/0b82768216c0c0ffb171457fce71b3806c586e7c...3a7ac1b91f496b0d4bf179debcd697daa75bc11b) ### [openshift-controller-manager](https://github.com/openshift/openshift-controller-manager/tree/00cef287411eb1f8b69a73bcac0e8e0b2b7e129b) * [OCPBUGS-58035](https://issues.redhat.com/browse/OCPBUGS-58035): Set node-pullsecrets volume to read-only to protect image pull credentials [#402](https://github.com/openshift/openshift-controller-manager/pull/402) * [OCPBUGS-57051](https://issues.redhat.com/browse/OCPBUGS-57051): Empty proxy variables are causing issues during the build [#388](https://github.com/openshift/openshift-controller-manager/pull/388) * [OCPBUGS-48656](https://issues.redhat.com/browse/OCPBUGS-48656): Add new team members to the OWNERS file [#362](https://github.com/openshift/openshift-controller-manager/pull/362) * [release 4.13] OCPBUGS-38407, OCPBUGS-38408: Update opentelemetry dependency [#326](https://github.com/openshift/openshift-controller-manager/pull/326) * [OCPBUGS-41952](https://issues.redhat.com/browse/OCPBUGS-41952): Add adambkaplan as approver [#335](https://github.com/openshift/openshift-controller-manager/pull/335) * [Full changelog](https://github.com/openshift/openshift-controller-manager/compare/385057e57752b7b4f21ef32d7a7993d266a591eb...00cef287411eb1f8b69a73bcac0e8e0b2b7e129b) ### [openshift-state-metrics](https://github.com/openshift/openshift-state-metrics/tree/9be421f0c013c7f134c1d7cfe1c0ee2f2ae8eaf6) * [OCPBUGS-20723](https://issues.redhat.com/browse/OCPBUGS-20723): bump `x/net` to v0.17.0 [#108](https://github.com/openshift/openshift-state-metrics/pull/108) * [Full changelog](https://github.com/openshift/openshift-state-metrics/compare/7beb8807e2c0092b5e580a29903ff060140d8ff0...9be421f0c013c7f134c1d7cfe1c0ee2f2ae8eaf6) ### [openstack-cinder-csi-driver-operator](https://github.com/openshift/openstack-cinder-csi-driver-operator/tree/b50a649be8b691a6081487330da17e55d242a2e5) * [OCPBUGS-21565](https://issues.redhat.com/browse/OCPBUGS-21565): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#136](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/136) * [Full changelog](https://github.com/openshift/openstack-cinder-csi-driver-operator/compare/90ee04bcfbfc0eb6173bc9fbea8c9f87ec1dea7d...b50a649be8b691a6081487330da17e55d242a2e5) ### [openstack-machine-api-provider](https://github.com/openshift/machine-api-provider-openstack/tree/27f786052c3d35154aa2d16413d20ec3447b502b) * [OCPBUGS-34422](https://issues.redhat.com/browse/OCPBUGS-34422): Ensure portSecurity is correctly set in the Instance Ports [#119](https://github.com/openshift/machine-api-provider-openstack/pull/119) * [Full changelog](https://github.com/openshift/machine-api-provider-openstack/compare/7bce9d67fba63a0ed6a39b78488da8e85bf07dbd...27f786052c3d35154aa2d16413d20ec3447b502b) ### [operator-lifecycle-manager, operator-registry](https://github.com/openshift/operator-framework-olm/tree/5f66f1ac4075c0926cb1b162d3153972d5b29a01) * [OCPBUGS-61470](https://issues.redhat.com/browse/OCPBUGS-61470): [release-4.13] Add NetworkPolicy as a supported kind [#1053](https://github.com/openshift/operator-framework-olm/pull/1053) * [OCPBUGS-61391](https://issues.redhat.com/browse/OCPBUGS-61391): [4.13] e2e stability fixes [#1086](https://github.com/openshift/operator-framework-olm/pull/1086) * [OCPBUGS-46924](https://issues.redhat.com/browse/OCPBUGS-46924), [OCPBUGS-46931](https://issues.redhat.com/browse/OCPBUGS-46931), [OCPBUGS-47311](https://issues.redhat.com/browse/OCPBUGS-47311): x/net bump to v0.34.0 [release-4.13] [#942](https://github.com/openshift/operator-framework-olm/pull/942) * [OCPBUGS-47507](https://issues.redhat.com/browse/OCPBUGS-47507): CRD upgrade existing CR validation fix (#3442) [#924](https://github.com/openshift/operator-framework-olm/pull/924) * NO-ISSUE: [release-4.13] Backport e2e fixes [#876](https://github.com/openshift/operator-framework-olm/pull/876) * [OCPBUGS-42146](https://issues.redhat.com/browse/OCPBUGS-42146): adds paginating lister for evaluating CRs' upgrade fitness versus new CRDs. [#871](https://github.com/openshift/operator-framework-olm/pull/871) * [OCPBUGS-38254](https://issues.redhat.com/browse/OCPBUGS-38254): [CARRY] perform operator apiService certificate validity checks directly [#836](https://github.com/openshift/operator-framework-olm/pull/836) * [OCPBUGS-38608](https://issues.redhat.com/browse/OCPBUGS-38608): (fix) Resolver: list CatSrc using client, instead of referring to registry-server cache (#3349) [#843](https://github.com/openshift/operator-framework-olm/pull/843) * [OCPBUGS-32856](https://issues.redhat.com/browse/OCPBUGS-32856): bump go-jose to v2.6.3 [#780](https://github.com/openshift/operator-framework-olm/pull/780) * [OCPBUGS-35241](https://issues.redhat.com/browse/OCPBUGS-35241): Unblock CI [#772](https://github.com/openshift/operator-framework-olm/pull/772) * [OCPBUGS-27564](https://issues.redhat.com/browse/OCPBUGS-27564), [OCPBUGS-27569](https://issues.redhat.com/browse/OCPBUGS-27569), [OCPBUGS-27649](https://issues.redhat.com/browse/OCPBUGS-27649), [OCPBUGS-27654](https://issues.redhat.com/browse/OCPBUGS-27654): bump go-git/v5 to 5.11.0 [#682](https://github.com/openshift/operator-framework-olm/pull/682) * [OCPBUGS-28228](https://issues.redhat.com/browse/OCPBUGS-28228): Registry Pod Controller Flag [#672](https://github.com/openshift/operator-framework-olm/pull/672) * [OCPBUGS-27891](https://issues.redhat.com/browse/OCPBUGS-27891): [CARRY] SSC RBAC [#669](https://github.com/openshift/operator-framework-olm/pull/669) * [OCPBUGS-8653](https://issues.redhat.com/browse/OCPBUGS-8653): bump golang-migrate to v4.16.1 (#1107) [#649](https://github.com/openshift/operator-framework-olm/pull/649) * [OCPBUGS-20815](https://issues.redhat.com/browse/OCPBUGS-20815): [release-4.13] fix apiserver vulnerability [#616](https://github.com/openshift/operator-framework-olm/pull/616) * [Full changelog](https://github.com/openshift/operator-framework-olm/compare/e12f07a59ea7109475221063404cd56d00df7f3d...5f66f1ac4075c0926cb1b162d3153972d5b29a01) ### [operator-marketplace](https://github.com/operator-framework/operator-marketplace/tree/2a1df4ec9d0216a716ae239921cdbe8ecb3776fd) * [OCPBUGS-49430](https://issues.redhat.com/browse/OCPBUGS-49430): Upgrade golang.org/x/net [release-4.13] [#590](https://github.com/operator-framework/operator-marketplace/pull/590) * [OCPBUGS-32074](https://issues.redhat.com/browse/OCPBUGS-32074): update golang.org/x/net for CVE-2023-45288 [#566](https://github.com/operator-framework/operator-marketplace/pull/566) * [Full changelog](https://github.com/operator-framework/operator-marketplace/compare/867e7ed80fdbc6f5bb88f1589da740d9bd1d5721...2a1df4ec9d0216a716ae239921cdbe8ecb3776fd) ### [ovirt-csi-driver](https://github.com/openshift/ovirt-csi-driver/tree/54958deb4998e08696af0abe3585486a6b5b6800) * [OCPBUGS-23155](https://issues.redhat.com/browse/OCPBUGS-23155): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#130](https://github.com/openshift/ovirt-csi-driver/pull/130) * [Full changelog](https://github.com/openshift/ovirt-csi-driver/compare/f21b470f4927f97eca93a0a390cffccd7d724043...54958deb4998e08696af0abe3585486a6b5b6800) ### [ovirt-csi-driver-operator](https://github.com/openshift/ovirt-csi-driver-operator/tree/b293972fe2c5eef4262130de621e75e5d0c37d8e) * [OCPBUGS-23241](https://issues.redhat.com/browse/OCPBUGS-23241): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#127](https://github.com/openshift/ovirt-csi-driver-operator/pull/127) * [Full changelog](https://github.com/openshift/ovirt-csi-driver-operator/compare/aca579dfc9aa1921849f9573f5179fcb2bf89f28...b293972fe2c5eef4262130de621e75e5d0c37d8e) ### [ovn-kubernetes-microshift-rhel-9, ovn-kubernetes-rhel-9](https://github.com/openshift/ovn-kubernetes/tree/7929612eb59edfd2d1ecd558a7b84620f7378368) * [OCPBUGS-59934](https://issues.redhat.com/browse/OCPBUGS-59934): Dockerfile: Remove ovs version pinning [#2697](https://github.com/openshift/ovn-kubernetes/pull/2697) * [OCPBUGS-55950](https://issues.redhat.com/browse/OCPBUGS-55950): Bump ovs and ovn to latest patch releases [#2553](https://github.com/openshift/ovn-kubernetes/pull/2553) * [OCPBUGS-38264](https://issues.redhat.com/browse/OCPBUGS-38264): [release-4.13] Bump OVSDBTimeout and make it configurable [#2289](https://github.com/openshift/ovn-kubernetes/pull/2289) * [OCPBUGS-37119](https://issues.redhat.com/browse/OCPBUGS-37119): EgressIP: Reload certificates for the grpc heatlhcheck server [#2226](https://github.com/openshift/ovn-kubernetes/pull/2226) * [OCPBUGS-35100](https://issues.redhat.com/browse/OCPBUGS-35100): [release-4.13] ipv6+all protocols conntrack flush [#2200](https://github.com/openshift/ovn-kubernetes/pull/2200) * [OCPBUGS-34669](https://issues.redhat.com/browse/OCPBUGS-34669), [SDN-4186](https://issues.redhat.com/browse/SDN-4186): Introduce a validating webhook for ovnkube-node [#2053](https://github.com/openshift/ovn-kubernetes/pull/2053) * [OCPBUGS-29865](https://issues.redhat.com/browse/OCPBUGS-29865): CVE-2022-41723: net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [#2095](https://github.com/openshift/ovn-kubernetes/pull/2095) * [OCPBUGS-33730](https://issues.redhat.com/browse/OCPBUGS-33730): Improves service iptables efficiency on start up [#2172](https://github.com/openshift/ovn-kubernetes/pull/2172) * [OCPBUGS-32988](https://issues.redhat.com/browse/OCPBUGS-32988): Bumping OVS [#2143](https://github.com/openshift/ovn-kubernetes/pull/2143) * [OCPBUGS-33421](https://issues.redhat.com/browse/OCPBUGS-33421): [release-4.13] Full implementation of KEP-1669 ProxyTerminatingEndpoints + ETP=local fix [#2130](https://github.com/openshift/ovn-kubernetes/pull/2130) * [OCPBUGS-33218](https://issues.redhat.com/browse/OCPBUGS-33218): [release-4.13] OVN bump to 23.06.1-112 [#2153](https://github.com/openshift/ovn-kubernetes/pull/2153) * [OCPBUGS-28983](https://issues.redhat.com/browse/OCPBUGS-28983), [OCPBUGS-30920](https://issues.redhat.com/browse/OCPBUGS-30920): Update netpol namespace address sets usage to the old ways [#2097](https://github.com/openshift/ovn-kubernetes/pull/2097) * [OCPBUGS-29851](https://issues.redhat.com/browse/OCPBUGS-29851): Egress IP, Services: use all node IP addresses [#2090](https://github.com/openshift/ovn-kubernetes/pull/2090) * [OCPBUGS-28630](https://issues.redhat.com/browse/OCPBUGS-28630): Synchronize node primary address update [#2036](https://github.com/openshift/ovn-kubernetes/pull/2036) * [OCPBUGS-25611](https://issues.redhat.com/browse/OCPBUGS-25611): Avoid panic due to stale ACLs with 1013 priority [#1987](https://github.com/openshift/ovn-kubernetes/pull/1987) * [OCPBUGS-27257](https://issues.redhat.com/browse/OCPBUGS-27257): Ensure session affinity cleanup on backend removal [#2022](https://github.com/openshift/ovn-kubernetes/pull/2022) * [OCPBUGS-27736](https://issues.redhat.com/browse/OCPBUGS-27736): CARRY: Updates owners and adds Surya [#2024](https://github.com/openshift/ovn-kubernetes/pull/2024) * [OCPBUGS-24419](https://issues.redhat.com/browse/OCPBUGS-24419): OVNK/GW: Ignore headless services in syncServices [#1971](https://github.com/openshift/ovn-kubernetes/pull/1971) * [OCPBUGS-23258](https://issues.redhat.com/browse/OCPBUGS-23258): Update leaderelection config to allow retries [#1992](https://github.com/openshift/ovn-kubernetes/pull/1992) * [OCPBUGS-26242](https://issues.redhat.com/browse/OCPBUGS-26242): Fix Egress IP Deletion Handler to Prevent OVN Policy Leaks [#2011](https://github.com/openshift/ovn-kubernetes/pull/2011) * [OCPBUGS-25923](https://issues.redhat.com/browse/OCPBUGS-25923): Forward ICMP packets to OVN loadbalancer [#2004](https://github.com/openshift/ovn-kubernetes/pull/2004) * [OCPBUGS-25224](https://issues.redhat.com/browse/OCPBUGS-25224): [release-4.13] fixes MTU configuration on gateway router [#1988](https://github.com/openshift/ovn-kubernetes/pull/1988) * [OCPBUGS-14799](https://issues.redhat.com/browse/OCPBUGS-14799): Updating endpoints when using allocateLBNP=0, lgw mode fails [#1940](https://github.com/openshift/ovn-kubernetes/pull/1940) * [OCPBUGS-25095](https://issues.redhat.com/browse/OCPBUGS-25095): Fragment oversized reply packets in LGW mode [#1983](https://github.com/openshift/ovn-kubernetes/pull/1983) * [OCPBUGS-24391](https://issues.redhat.com/browse/OCPBUGS-24391): Limit OVN-Kubernetes RBAC permissions [#1950](https://github.com/openshift/ovn-kubernetes/pull/1950) * [OCPBUGS-23014](https://issues.redhat.com/browse/OCPBUGS-23014): Netpol retryFramework cleanup [#1957](https://github.com/openshift/ovn-kubernetes/pull/1957) * [OCPBUGS-24263](https://issues.redhat.com/browse/OCPBUGS-24263): Bump OVN to 23.06.1-39.el9fdp [#1966](https://github.com/openshift/ovn-kubernetes/pull/1966) * [Full changelog](https://github.com/openshift/ovn-kubernetes/compare/cfe89e5a298b402df4323de38df1597be3c546a4...7929612eb59edfd2d1ecd558a7b84620f7378368) ### [powervs-block-csi-driver](https://github.com/openshift/ibm-powervs-block-csi-driver/tree/16fa55557367097b075093d2549e0205558c7527) * [OCPBUGS-36094](https://issues.redhat.com/browse/OCPBUGS-36094): Fix CVE-2024-6104 by updating http-retryable to 0.7.7 [#91](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/91) * [OCPBUGS-33638](https://issues.redhat.com/browse/OCPBUGS-33638): Fix CVE2023-45288 by bumping x/net to v0.24.0 -4.13 [#82](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/82) * [OCPBUGS-24728](https://issues.redhat.com/browse/OCPBUGS-24728): synk: ignore vendor dir [#61](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/61) * [Full changelog](https://github.com/openshift/ibm-powervs-block-csi-driver/compare/62f7b1e12357e5f7c99d8b05c1a01ad1e75f770e...16fa55557367097b075093d2549e0205558c7527) ### [powervs-block-csi-driver-operator](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/tree/e70c980e2561788b710d710efc3e09974ad7374c) * [OCPBUGS-25716](https://issues.redhat.com/browse/OCPBUGS-25716): snyk: ignore vendor dir [#61](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/pull/61) * [Full changelog](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/compare/c0adbc0d8f7b6c91a81eec51f427947022ac9c8b...e70c980e2561788b710d710efc3e09974ad7374c) ### [powervs-cloud-controller-manager](https://github.com/openshift/cloud-provider-powervs/tree/c040f3774af48d6d0bd8c31188626cb445be5b83) * [OCPBUGS-36104](https://issues.redhat.com/browse/OCPBUGS-36104): UPSTREAM: <carry>: Fix go-retryablehttp CVE 4.13 [#76](https://github.com/openshift/cloud-provider-powervs/pull/76) * [OCPBUGS-24731](https://issues.redhat.com/browse/OCPBUGS-24731): UPSTREAM: <carry>: snyk code scan exclude vendor directory [#53](https://github.com/openshift/cloud-provider-powervs/pull/53) * [Full changelog](https://github.com/openshift/cloud-provider-powervs/compare/6f7d5cecc8403b9d6a5d133b3b242616aaf235a4...c040f3774af48d6d0bd8c31188626cb445be5b83) ### [powervs-machine-controllers](https://github.com/openshift/machine-api-provider-powervs/tree/87399d677a021fb002649c0bc18762a6929ab313) * [OCPBUGS-54013](https://issues.redhat.com/browse/OCPBUGS-54013): Fix for CVE-2025-30204 & CVE-2024-51744 in github.com/golang-jwt/jwt/v4 in release-4.13 [#122](https://github.com/openshift/machine-api-provider-powervs/pull/122) * [OCPBUGS-41980](https://issues.redhat.com/browse/OCPBUGS-41980): Update go.mod to fix CVE - 4.13 [#87](https://github.com/openshift/machine-api-provider-powervs/pull/87) * [OCPBUGS-24563](https://issues.redhat.com/browse/OCPBUGS-24563): Reduce metrics cardinality [#69](https://github.com/openshift/machine-api-provider-powervs/pull/69) * [OCPBUGS-24741](https://issues.redhat.com/browse/OCPBUGS-24741): snyk code scan exclude vendor directory [#64](https://github.com/openshift/machine-api-provider-powervs/pull/64) * [Full changelog](https://github.com/openshift/machine-api-provider-powervs/compare/6d9678bf4f29da8e569f24bfdc7db106c3c887ea...87399d677a021fb002649c0bc18762a6929ab313) ### [prometheus](https://github.com/openshift/prometheus/tree/72886096272245e064297c480b24ac4895230c89) * [OCPBUGS-26423](https://issues.redhat.com/browse/OCPBUGS-26423): Add Exemplars support for all time series [#191](https://github.com/openshift/prometheus/pull/191) * [OCPBUGS-21240](https://issues.redhat.com/browse/OCPBUGS-21240): update golang.org/x/net to v0.17.0 [4.13] [#174](https://github.com/openshift/prometheus/pull/174) * [Full changelog](https://github.com/openshift/prometheus/compare/8279148fd0d8b2aa2a1613a2e9810aea80f487df...72886096272245e064297c480b24ac4895230c89) ### [prometheus-alertmanager](https://github.com/openshift/prometheus-alertmanager/tree/df2f11e2ddc206ad1924ed766b4a394d84c9236f) * [OCPBUGS-21043](https://issues.redhat.com/browse/OCPBUGS-21043): Bump golang.org/x/net to v0.17.0 [#81](https://github.com/openshift/prometheus-alertmanager/pull/81) * [Full changelog](https://github.com/openshift/prometheus-alertmanager/compare/f44d574d8e170d6788cfbf2bdbc866d3e1fc1054...df2f11e2ddc206ad1924ed766b4a394d84c9236f) ### [prometheus-config-reloader, prometheus-operator, prometheus-operator-admission-webhook](https://github.com/openshift/prometheus-operator/tree/30fdccd139b2c63a9207bd30509aec8ddec7ff5d) * [OCPBUGS-20861](https://issues.redhat.com/browse/OCPBUGS-20861): Bump golang.org/x/net to v0.17.0 [#248](https://github.com/openshift/prometheus-operator/pull/248) * [Full changelog](https://github.com/openshift/prometheus-operator/compare/95a117826360e23e092be5bbee2da8dbcf44f17a...30fdccd139b2c63a9207bd30509aec8ddec7ff5d) ### [prometheus-node-exporter](https://github.com/openshift/node_exporter/tree/59d699cac664bfbfe83ef6a1615e34e062fd283d) * [OCPBUGS-21143](https://issues.redhat.com/browse/OCPBUGS-21143): upgrade golang.org/x/net to v0.17.0 [#135](https://github.com/openshift/node_exporter/pull/135) * [Full changelog](https://github.com/openshift/node_exporter/compare/5409afd036445411969ed074e681c73f2df36909...59d699cac664bfbfe83ef6a1615e34e062fd283d) ### [service-ca-operator](https://github.com/openshift/service-ca-operator/tree/dba00dc5b1874904542bed87f49974bf64be168a) * [OCPBUGS-28759](https://issues.redhat.com/browse/OCPBUGS-28759): Fix HTTP/2 (4.13) [#232](https://github.com/openshift/service-ca-operator/pull/232) * [Full changelog](https://github.com/openshift/service-ca-operator/compare/5984aac13df6c2f4440c67a1a14d32958bce9ec3...dba00dc5b1874904542bed87f49974bf64be168a) ### [telemeter](https://github.com/openshift/telemeter/tree/0634a6d029bfd8fd311e99ccf5f2fd45b5751fa8) * [OCPBUGS-34829](https://issues.redhat.com/browse/OCPBUGS-34829): fix issuer check during JWT authentication 4.13 [#540](https://github.com/openshift/telemeter/pull/540) * [Full changelog](https://github.com/openshift/telemeter/compare/8c9a8a75108afb1ba7fe6398b004cbc8229cc645...0634a6d029bfd8fd311e99ccf5f2fd45b5751fa8) ### [tests](https://github.com/openshift/origin/tree/d14f9b8ec0093014491f498a1efaaa1d1fd57a81) * [OCPBUGS-55954](https://issues.redhat.com/browse/OCPBUGS-55954): [build] Ensure Git Clone Does Not Run Privileged [#29769](https://github.com/openshift/origin/pull/29769) * [OCPBUGS-54771](https://issues.redhat.com/browse/OCPBUGS-54771): Component Readiness: [Networking / ovn-kubernetes] [EgressFirewall] test regressed [#29661](https://github.com/openshift/origin/pull/29661) * [OCPBUGS-53285](https://issues.redhat.com/browse/OCPBUGS-53285): Add/remove team members to the OWNERS file for Builds [#29608](https://github.com/openshift/origin/pull/29608) * [OCPBUGS-53297](https://issues.redhat.com/browse/OCPBUGS-53297): Disable:Broken for [sig-builds][Feature:Builds][Slow] can use private repositories as build input build using an HTTP token should be able to clone source code via an HTTP token [#29610](https://github.com/openshift/origin/pull/29610) * [OCPBUGS-52584](https://issues.redhat.com/browse/OCPBUGS-52584): Use payload pullspec for image info test [#29592](https://github.com/openshift/origin/pull/29592) * [OCPBUGS-37921](https://issues.redhat.com/browse/OCPBUGS-37921): Removes dependency on samples operator images [#29007](https://github.com/openshift/origin/pull/29007) * [OCPBUGS-35053](https://issues.redhat.com/browse/OCPBUGS-35053): updated timeout to 3 seconds to account for network timing issues [#28862](https://github.com/openshift/origin/pull/28862) * [OCPBUGS-36501](https://issues.redhat.com/browse/OCPBUGS-36501): test/extended: skip etcd leader change check on hypershift [#28922](https://github.com/openshift/origin/pull/28922) * [OCPBUGS-35857](https://issues.redhat.com/browse/OCPBUGS-35857): Use centos7 tag instead of latest for cmd images tests [#28895](https://github.com/openshift/origin/pull/28895) * [OCPBUGS-33985](https://issues.redhat.com/browse/OCPBUGS-33985): Provide SCC access via RBAC [#28835](https://github.com/openshift/origin/pull/28835) * [AUTH-443](https://issues.redhat.com/browse/AUTH-443): Add oauth-server redirect URI validation e2e tests [#28396](https://github.com/openshift/origin/pull/28396) * [Full changelog](https://github.com/openshift/origin/compare/4b36925d62ba1174f2105cb826f0b3d2a9bff71c...d14f9b8ec0093014491f498a1efaaa1d1fd57a81) ### [thanos](https://github.com/openshift/thanos/tree/70fb57fb209e5aa491417fc421a97d417a5530bc) * [OCPBUGS-27206](https://issues.redhat.com/browse/OCPBUGS-27206): Bump otel/http to 0.44.0 [openshift-4.13.z] [#138](https://github.com/openshift/thanos/pull/138) * [Full changelog](https://github.com/openshift/thanos/compare/9d44429f5179099aa42dcc2920020d9e401cd8f7...70fb57fb209e5aa491417fc421a97d417a5530bc) ### [vsphere-cloud-controller-manager](https://github.com/openshift/cloud-provider-vsphere/tree/f56d57ba990f7f4ce1a6b1f9842331e9259c94f1) * [OCPBUGS-21506](https://issues.redhat.com/browse/OCPBUGS-21506): Bump golang.org/x/net to v0.18.0 [#55](https://github.com/openshift/cloud-provider-vsphere/pull/55) * [Full changelog](https://github.com/openshift/cloud-provider-vsphere/compare/0fe0c5c37d06893359f584e4b6f62d371703e9d1...f56d57ba990f7f4ce1a6b1f9842331e9259c94f1) ### [vsphere-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-vsphere/tree/da63f2b930cdd6090904ee607319b40615b245f6) * [OCPBUGS-21556](https://issues.redhat.com/browse/OCPBUGS-21556): bump golang.org/x/net to v0.17.0 [#23](https://github.com/openshift/cluster-api-provider-vsphere/pull/23) * [Full changelog](https://github.com/openshift/cluster-api-provider-vsphere/compare/24e08ddf65fd387ea7c71e229b13e47d6cd3643f...da63f2b930cdd6090904ee607319b40615b245f6) ### [vsphere-problem-detector](https://github.com/openshift/vsphere-problem-detector/tree/f50dbfffea8d8a94f250f63d7a9640e6e5136114) * [OCPBUGS-57511](https://issues.redhat.com/browse/OCPBUGS-57511): Ported VPD changes for permission check [#184](https://github.com/openshift/vsphere-problem-detector/pull/184) * [Full changelog](https://github.com/openshift/vsphere-problem-detector/compare/3ad7408fb53a9377d9f5b2cf5ae38570a9ec5c59...f50dbfffea8d8a94f250f63d7a9640e6e5136114)