# 4.15.39 Created: 2024-11-21 15:07:01 +0000 UTC Image Digest: `sha256:8d8a016f337a14624b70341f63ce4a1d9210326940775e7b3f9765730677668a` ## Changes from 4.15.3 ### Components * Kubernetes upgraded from 1.28.7 to 1.28.14 * Red Hat Enterprise Linux CoreOS upgraded from 415.92.202403080220-0 to 415.92.202411201723-0 ### Rebuilt images without code change * [agent-installer-utils](https://github.com/openshift/agent-installer-utils) git [33b7d855](https://github.com/openshift/agent-installer-utils/commit/33b7d855fdebd24a972f32dafafd29e40b117e46) `sha256:2f25636b36ca9be1987bdf3585fa7d1ef2879d9c931d86ac00536f9acde260cc` * [alibaba-cloud-controller-manager](https://github.com/openshift/cloud-provider-alibaba-cloud) git [abf4fa96](https://github.com/openshift/cloud-provider-alibaba-cloud/commit/abf4fa96550caf09e788b66fc06f1df802768397) `sha256:e78d772f393dac9b0fc10c056306cc84a61510b5c313faa9ba07d0a31d39ad59` * [alibaba-cloud-csi-driver](https://github.com/openshift/alibaba-cloud-csi-driver) git [be4888d3](https://github.com/openshift/alibaba-cloud-csi-driver/commit/be4888d3dc176b9801364981fbb34d831f6d6ffe) `sha256:a3758e2f1343e66e07a7d718d7a0422613af5036f3cdacd1377ca7c8bcc0eb3a` * [alibaba-disk-csi-driver-operator](https://github.com/openshift/alibaba-disk-csi-driver-operator) git [41b367ae](https://github.com/openshift/alibaba-disk-csi-driver-operator/commit/41b367ae3bb6de9292539c0ecd98c81c5edc8294) `sha256:43ae9b3caf604552af82506db8b65ce74aa6df4ec690061274b8dd1cfda46c8c` * [aws-machine-controllers](https://github.com/openshift/machine-api-provider-aws) git [0129b1e3](https://github.com/openshift/machine-api-provider-aws/commit/0129b1e3e6cf8d142dbff58d6f25ec9d42b0d382) `sha256:4bbdce0904037ef3bc8d92271653256111bcd2b61e33dc80124e8bd4a41f1378` * [azure-disk-csi-driver](https://github.com/openshift/azure-disk-csi-driver) git [dcb7e1c7](https://github.com/openshift/azure-disk-csi-driver/commit/dcb7e1c7d239ab5a26d70d7abcff1eb97b634b8d) `sha256:384885f84bf9d310b5cdaee78be71266bd64d02c660ecae05bbbc05025ce9167` * [azure-disk-csi-driver-operator](https://github.com/openshift/azure-disk-csi-driver-operator) git [160cf624](https://github.com/openshift/azure-disk-csi-driver-operator/commit/160cf624a88f500de7a1f79e6dd9384bb7d17842) `sha256:8a4e7e39b40ade2bb49232f871f85ea3544e8e8d0599515ea8b2a4350dc75ce3` * [cluster-bootstrap](https://github.com/openshift/cluster-bootstrap) git [0849c462](https://github.com/openshift/cluster-bootstrap/commit/0849c462de13b9a5765b9a8c882acb9e6e8bf39e) `sha256:dd295795dfce5af35e9331fec567b6e55782d83795d86c2f6cd2b038ec11a491` * [cluster-kube-cluster-api-operator](https://github.com/openshift/cluster-api-operator) git [128d8e08](https://github.com/openshift/cluster-api-operator/commit/128d8e08c48e2002c416e84d0dec816bf5999c7e) `sha256:bbeb808d73ba58fd09ca8abfcaa7264a841539f26126b436fea90d1da9ba17bc` * [cluster-olm-operator](https://github.com/openshift/cluster-olm-operator) git [a7ba8987](https://github.com/openshift/cluster-olm-operator/commit/a7ba89874970cd10765e1d0753405e32fb357d84) `sha256:1f19f196fd21d1932114fb121666d16acb6c337393845f8187845b49aca1fa18` * [cluster-platform-operators-manager](https://github.com/openshift/platform-operators) git [37a0a919](https://github.com/openshift/platform-operators/commit/37a0a919b1032f7affa49b756eda4762d77751d5) `sha256:8899bb592362323d8505f0fff5827307099e9a8de51e35fc1e4dbb5c68758946` * [cluster-policy-controller](https://github.com/openshift/cluster-policy-controller) git [cc48f315](https://github.com/openshift/cluster-policy-controller/commit/cc48f3152213bfe6e42fdd82f760246e862d208f) `sha256:5cdbb9784502ea54539d8dd5a4941da68736acd830fe88feb7719c22118828dd` * [configmap-reloader](https://github.com/openshift/configmap-reload) git [617398f5](https://github.com/openshift/configmap-reload/commit/617398f581faadbad2c7ded993bfa3169a87b6ab) `sha256:7a60e7e6d309a74a357f49c3ebc575fd2f264e7857e204ceff3c7f89ade3a35b` * [csi-driver-nfs](https://github.com/openshift/csi-driver-nfs) git [d032dc10](https://github.com/openshift/csi-driver-nfs/commit/d032dc1050b58a965e6bb9f923baef6d3c95538e) `sha256:d64a4a3864bde7d65bb1212f2ad8549d4b0554841156d8bd275c18071b6ed4e7` * [csi-driver-shared-resource](https://github.com/openshift/csi-driver-shared-resource) git [260a085a](https://github.com/openshift/csi-driver-shared-resource/commit/260a085ae25606bba7a94cdfed88f67265905ba9) `sha256:7d325ad92f081bbf39237580b8faf2e33a33f9972b737b463e082798b2c150b9` * [csi-driver-shared-resource-operator](https://github.com/openshift/csi-driver-shared-resource-operator) git [8d017b7f](https://github.com/openshift/csi-driver-shared-resource-operator/commit/8d017b7f19f0226dfd4fc7933271939c550d180f) `sha256:d515492559e8f381e148fa4788abb64fa0561d56445f8d61aae496cfa2113baf` * [csi-driver-shared-resource-webhook](https://github.com/openshift/csi-driver-shared-resource) git [260a085a](https://github.com/openshift/csi-driver-shared-resource/commit/260a085ae25606bba7a94cdfed88f67265905ba9) `sha256:c9c9dcf899a8c044e907589cbe268bef5fc4b0924602f23bc1d6b51de2980aac` * [csi-external-attacher](https://github.com/openshift/csi-external-attacher) git [f806f266](https://github.com/openshift/csi-external-attacher/commit/f806f266600fbc0db4d072e4d041fc80e28deee7) `sha256:bff58bf534619e113d9b9a9b389a3925f6a9e2f2ce95d33abe2beea0d67dbe1f` * [csi-external-provisioner](https://github.com/openshift/csi-external-provisioner) git [ce5a1a33](https://github.com/openshift/csi-external-provisioner/commit/ce5a1a33fadf10bba0c90510c09dfc879dcfec87) `sha256:daffe9030d66adbcf28d9268978bbc46cbdd987cdcbe80dbb923f2fb3e19f56a` * [csi-external-resizer](https://github.com/openshift/csi-external-resizer) git [3b4236d3](https://github.com/openshift/csi-external-resizer/commit/3b4236d382e4593ca41ecc6f394775be467b1a0d) `sha256:ca7faa09e91269aa60f39158c7b002c26d7426a9055aa00b472346b527fc93ce` * [csi-livenessprobe](https://github.com/openshift/csi-livenessprobe) git [240bb8c0](https://github.com/openshift/csi-livenessprobe/commit/240bb8c0c7b24d0b18831be4ace39bcbc8d599e3) `sha256:876d9494a0a1d6a33b1dedfbea60f769b2b098173c8dd0efe4300078b289db01` * [csi-node-driver-registrar](https://github.com/openshift/csi-node-driver-registrar) git [9005584e](https://github.com/openshift/csi-node-driver-registrar/commit/9005584ee45c4d3158e383870aafa5d78a03b141) `sha256:6042a7e185684f3a7218ab25e9595d7929d3a621e69d24c79b9346654a5d1e5d` * [driver-toolkit](https://github.com/openshift/driver-toolkit) git [7a448c2e](https://github.com/openshift/driver-toolkit/commit/7a448c2ee026c772e293dd344da587493c859f82) `sha256:fe303523b2334599f4233e483875cad332d111c7a4b45040dfc4f38819eb4ddc` * [gcp-machine-controllers](https://github.com/openshift/machine-api-provider-gcp) git [b15daaf5](https://github.com/openshift/machine-api-provider-gcp/commit/b15daaf5836910277b7154a006800505f018aa5a) `sha256:01085d9bcb75ce842f0ec56782cff5f5c0e143025934fac46a9bc6784f7fb792` * [gcp-pd-csi-driver](https://github.com/openshift/gcp-pd-csi-driver) git [856ee3e2](https://github.com/openshift/gcp-pd-csi-driver/commit/856ee3e23802cd341619cc4fc3181cf6ebbbd548) `sha256:cbce4aeb5a5454e3fb0dd36ae6d0d9faef37b97c83a654e3dd8c7ba4bf3269e6` * [gcp-pd-csi-driver-operator](https://github.com/openshift/gcp-pd-csi-driver-operator) git [3b91ee31](https://github.com/openshift/gcp-pd-csi-driver-operator/commit/3b91ee310c8a7394ceb2d4de6a51dd18a3800312) `sha256:dac3107373f5edb3c5f472956bd3e37cd6a63c4e3a203f5f71276f1e9276867a` * [ibmcloud-machine-controllers](https://github.com/openshift/machine-api-provider-ibmcloud) git [6b0b8ea7](https://github.com/openshift/machine-api-provider-ibmcloud/commit/6b0b8ea7b16d407fd012ef134b1f9a65ed0bc3a1) `sha256:6c4479fdcacc95ea62188e0032e2628b4c20b68acdb00e326e3a4daa4fe5ade9` * [ironic-machine-os-downloader](https://github.com/openshift/ironic-rhcos-downloader) git [bcbcd95b](https://github.com/openshift/ironic-rhcos-downloader/commit/bcbcd95b6209afc8248b34c55294686dbd3831a3) `sha256:b743ddd5ae7fb285889df76eba38758e917ced13211f9e158178c7cec0d87a73` * [ironic-static-ip-manager](https://github.com/openshift/ironic-static-ip-manager) git [47200021](https://github.com/openshift/ironic-static-ip-manager/commit/472000211344be4a5e9581820e94895144cf2bfc) `sha256:b584074a5f61626d0205e2e68df5695f7f2221cf87368daf5633a23c22787268` * [kube-metrics-server](https://github.com/openshift/kubernetes-metrics-server) git [bcbf241c](https://github.com/openshift/kubernetes-metrics-server/commit/bcbf241cece8ef455be32a910f1570bae827b4a1) `sha256:b00b936d521569a39512b7babb931c238fa42867072f6d0eae4e43d4df826f9a` * [kube-state-metrics](https://github.com/openshift/kube-state-metrics) git [037b59c2](https://github.com/openshift/kube-state-metrics/commit/037b59c265454c599dfb0829a856e14b1ab07896) `sha256:026964bbc41824c0e37e7c99b88dfca948a457f99e75f31edbe808268ce812ec` * [kube-storage-version-migrator](https://github.com/openshift/kubernetes-kube-storage-version-migrator) git [e8749689](https://github.com/openshift/kubernetes-kube-storage-version-migrator/commit/e8749689edb8e7fea42eca5f2b67c3187192cdeb) `sha256:6b22596b31f6f1c4a7a840fb8bfe97d61267d1b94287b1583dc8b0bd706b89dd` * [libvirt-machine-controllers](https://github.com/openshift/cluster-api-provider-libvirt) git [1e096cdf](https://github.com/openshift/cluster-api-provider-libvirt/commit/1e096cdf1bfd60e9bf5ee6c90585a8f96cc0c09a) `sha256:fc7766c5bf0eea15bc8702065f9bca311ecc537d0685f6a52d6fa06cd9c51553` * [machine-image-customization-controller](https://github.com/openshift/image-customization-controller) git [97d87657](https://github.com/openshift/image-customization-controller/commit/97d87657caab4323f82f9d0958e6d30fc8fd1846) `sha256:1bc7e23fc2b778ea3f0c545fc36a3ac34d3c791807fad393d6262d800878e6ed` * machine-os-content `sha256:53e558ad29e24c4219ca695c3d69bd059e918608c01d55309a8c46ee287c5873` * [machine-os-images](https://github.com/openshift/machine-os-images) git [9e9c920f](https://github.com/openshift/machine-os-images/commit/9e9c920f985a375536e8d4caafd2d7ed579e27f3) `sha256:92df035ea707fa13405c10d6c3072f9987bda728ae3c8d9a1b3f60bcb08e0bdc` * [network-interface-bond-cni](https://github.com/openshift/bond-cni) git [f91decaa](https://github.com/openshift/bond-cni/commit/f91decaa10cfa233c9e680c96ec7ae642e30a03c) `sha256:a452654467ca642f66a1c287c7aa5a9c0cec8475298963070a71ba5e177b84a9` * [oauth-proxy](https://github.com/openshift/oauth-proxy) git [241a88c4](https://github.com/openshift/oauth-proxy/commit/241a88c47cb01d0e61ff105ceff81ad14fd9ea6e) `sha256:c2728f324baf36227168099e4d7bb97cfff52649360e9b599a7d929c8f5a10aa` * [olm-rukpak](https://github.com/openshift/operator-framework-rukpak) git [5b09cd44](https://github.com/openshift/operator-framework-rukpak/commit/5b09cd44e9ca7b2ec91fd6f906ac4612636277e3) `sha256:2d5931d6733d4d73e7a958d942871ef9f99e97de43c8cf71930548238c2bf896` * [openshift-state-metrics](https://github.com/openshift/openshift-state-metrics) git [1915f645](https://github.com/openshift/openshift-state-metrics/commit/1915f64591a18c11138d10c00c50b3f5cff632ce) `sha256:07c59f0bcf740b27abab98f09ed9dd1b8409665d6833bcd1423ecc4fccd0b3f1` * [ovirt-csi-driver](https://github.com/openshift/ovirt-csi-driver) git [b8d25ad6](https://github.com/openshift/ovirt-csi-driver/commit/b8d25ad6d140a198e96527b46a9dbde65aae41ce) `sha256:abf43a8e6d2b8680ccffe83642c48fb54596799bc66ec410f2340c6a1b50aeb4` * [ovirt-csi-driver-operator](https://github.com/openshift/ovirt-csi-driver-operator) git [e9b0fa23](https://github.com/openshift/ovirt-csi-driver-operator/commit/e9b0fa233d75a97e6d29106265938b42bc16d677) `sha256:d334b9574d445e13ccf5c36b82870d512580d60f4687ebbdc8c2b55fa146a334` * [ovirt-machine-controllers](https://github.com/openshift/cluster-api-provider-ovirt) git [5d708631](https://github.com/openshift/cluster-api-provider-ovirt/commit/5d708631fca37aff0ede7d7f8fc9ba76c7fcee47) `sha256:ed1feb528be7d661db14fcca5322f58b2a306569fa93627d857c5ad317075622` * [powervs-block-csi-driver-operator](https://github.com/openshift/ibm-powervs-block-csi-driver-operator) git [a3729dcb](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/commit/a3729dcb75a7da8c9ee7466da5de07e2f1fe5951) `sha256:7ac5cb9e95f5374f3d477ce345d76ec156da3e96921226086011bad43b326667` * [prom-label-proxy](https://github.com/openshift/prom-label-proxy) git [f3f1f5d1](https://github.com/openshift/prom-label-proxy/commit/f3f1f5d1161df6c25a0e1d04218dfc6447782ab4) `sha256:e91f03f76367ea1a5168bc35ca8483918ea4ac764b0ee1679904010613e019f2` * [prometheus](https://github.com/openshift/prometheus) git [6828e446](https://github.com/openshift/prometheus/commit/6828e4464c45f239a89c7965233c2fef49c6b1fb) `sha256:f30a0e312c6787c29d81fb4e4be45dfdcc6346b3f22bb3da502b45bcb88aec0a` * [prometheus-alertmanager](https://github.com/openshift/prometheus-alertmanager) git [870ade52](https://github.com/openshift/prometheus-alertmanager/commit/870ade52a6097bc55cec29c1a9cc028967c5d23c) `sha256:6f677afe9840f90d7e91eda509389e345d11c958894457980255e55c8a3d2c61` * [prometheus-node-exporter](https://github.com/openshift/node_exporter) git [aed837c3](https://github.com/openshift/node_exporter/commit/aed837c322b6eb54d88956acada07b5b390b5c25) `sha256:2a61af05c5a766f9ba0273f65e2dbcca74971f69b27af9d42316ca5059361c12` * rhel-coreos `sha256:527a76ea6df69f9cb36276cc1822c74b47beb3b30f1357feacfe2119758d8550` * rhel-coreos-extensions `sha256:7f693bce2f1b5e20912d0f952e96161767c5f48611f8439985b9d72cbcb75422` * [route-controller-manager](https://github.com/openshift/route-controller-manager) git [c5cc7a73](https://github.com/openshift/route-controller-manager/commit/c5cc7a73705e4086759e2a36811b055b7716def4) `sha256:d2b84de7001b640f4bf7e76603fe6dbc3d3f9afc97fbabe4efc124e01c2547be` * [thanos](https://github.com/openshift/thanos) git [66161ad4](https://github.com/openshift/thanos/commit/66161ad4e03e5593f5a3a33aaaffbcd41555d62a) `sha256:7f577f00bca316721093ec1c9c8b8fdf96d05d178b95549660619ce71d3da1e5` * [vsphere-csi-driver-operator](https://github.com/openshift/vmware-vsphere-csi-driver-operator) git [e0d46570](https://github.com/openshift/vmware-vsphere-csi-driver-operator/commit/e0d46570a06caff3439b410b9c9f75cb383a3d2d) `sha256:d10b6f9fa501805a94b52db32bcd646f87e2ffb0204f5cd0f1db1ef79dcac5e2` ### [agent-installer-api-server](https://github.com/openshift/assisted-service/tree/59ec11581b77fb1e03e153f7399ccc2e97e8c0bf) * [OCPBUGS-22539](https://issues.redhat.com/browse/OCPBUGS-22539): Bump otelhttp from 0.35.1 to 0.44.0 using replace approach (#6858) [#6858](https://github.com/openshift/assisted-service/pull/6858) * [OCPBUGS-43022](https://issues.redhat.com/browse/OCPBUGS-43022): Update go-jose to v2.6.3 to mitigate CVE-2024-28180 (#6894) [#6894](https://github.com/openshift/assisted-service/pull/6894) * [OCPBUGS-42571](https://issues.redhat.com/browse/OCPBUGS-42571): Libraries bump to mitigate CVE-2024-27289 (#6834) [#6834](https://github.com/openshift/assisted-service/pull/6834) * [OCPBUGS-36577](https://issues.redhat.com/browse/OCPBUGS-36577): Switch to github.com/docker/distribution/reference to Mitigate CVE-2024-3727 (#6753) [#6753](https://github.com/openshift/assisted-service/pull/6753) * [OCPBUGS-34641](https://issues.redhat.com/browse/OCPBUGS-34641): Invalid Pull-Secret when using password which contains a colon character (#6381) [#6381](https://github.com/openshift/assisted-service/pull/6381) * [OCPBUGS-31631](https://issues.redhat.com/browse/OCPBUGS-31631): Deploy dual stack with IPv6 on top of bond/vlan fails (#6245) [#6245](https://github.com/openshift/assisted-service/pull/6245) * [MGMT-17593](https://issues.redhat.com/browse/MGMT-17593): Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#6217) [#6217](https://github.com/openshift/assisted-service/pull/6217) * 17549: Bump runc version to 1.1.12 to Mitigate CVE-2024-21626 (#6211) [#6211](https://github.com/openshift/assisted-service/pull/6211) * Revert "MGMT-17549: Bump runc version to 1.1.12 to Mitigate CVE-2024-21626 (#6194)" (#6208) [#6194](https://github.com/openshift/assisted-service/pull/6194) * [MGMT-17549](https://issues.redhat.com/browse/MGMT-17549): Bump runc version to 1.1.12 to Mitigate CVE-2024-21626 (#6194) [#6194](https://github.com/openshift/assisted-service/pull/6194) * [MGMT-17541](https://issues.redhat.com/browse/MGMT-17541): Replace broken golangci reference (#6191) [#6191](https://github.com/openshift/assisted-service/pull/6191) * [OCPBUGS-30232](https://issues.redhat.com/browse/OCPBUGS-30232): Handle skipping hostPrefix validation for IPv6 For non-OVN/SDN networkTypes, the hostPrefix validation is not required and it is skipped. This fixes a regression introduced in the fix for https://issues.redhat.com/browse/OCPBUGS-23069 in which IPv6 CIDRs were not using the correct default hostPrefix. In addition, all cases where the validation is used are now covered. (#6137) [#6137](https://github.com/openshift/assisted-service/pull/6137) * NO-ISSUE: replace postgres images as current one disappeared from quay (#6135) [#6135](https://github.com/openshift/assisted-service/pull/6135) * [Full changelog](https://github.com/openshift/assisted-service/compare/d60e80f8658cf8a756ff4aa318983ddcf0e70bca...59ec11581b77fb1e03e153f7399ccc2e97e8c0bf) ### [agent-installer-csr-approver, agent-installer-orchestrator](https://github.com/openshift/assisted-installer/tree/fde2b2eace2f7ceaedc1ac63f0da77f21cfd78f7) * [OCPBUGS-43026](https://issues.redhat.com/browse/OCPBUGS-43026): Pick up latest CVE changes by bumping service (#921) [#921](https://github.com/openshift/assisted-installer/pull/921) * [OCPBUGS-42301](https://issues.redhat.com/browse/OCPBUGS-42301): Switch to github.com/docker/distribution/reference to Mitigate CVE-2024-3727 (#907) [#907](https://github.com/openshift/assisted-installer/pull/907) * [OCPBUGS-36779](https://issues.redhat.com/browse/OCPBUGS-36779): Reload host inventory on conflict (#891) [#891](https://github.com/openshift/assisted-installer/pull/891) * [OCPBUGS-35894](https://issues.redhat.com/browse/OCPBUGS-35894): Fix race to mark node Joined (#859) [#859](https://github.com/openshift/assisted-installer/pull/859) * [MGMT-16843](https://issues.redhat.com/browse/MGMT-16843): Use hostnamectl to replace illegal hostname (#851) [#851](https://github.com/openshift/assisted-installer/pull/851) * [MGMT-17593](https://issues.redhat.com/browse/MGMT-17593): Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#833) [#833](https://github.com/openshift/assisted-installer/pull/833) * [MGMT-17549](https://issues.redhat.com/browse/MGMT-17549): Bump runc version to 1.1.12 to Mitigate CVE-2024-21626 (#827) [#827](https://github.com/openshift/assisted-installer/pull/827) * [MGMT-17541](https://issues.redhat.com/browse/MGMT-17541): Replace broken golangci reference (#824) [#824](https://github.com/openshift/assisted-installer/pull/824) * [Full changelog](https://github.com/openshift/assisted-installer/compare/550f2a568d4b4a494b3637ebba725bdd9c26ecd9...fde2b2eace2f7ceaedc1ac63f0da77f21cfd78f7) ### [agent-installer-node-agent](https://github.com/openshift/assisted-installer-agent/tree/366295f2cba23d0e7e1a61b384e226f707ff56a6) * [OCPBUGS-43032](https://issues.redhat.com/browse/OCPBUGS-43032): Pick up latest CVE changes by bumping service (#803) [#803](https://github.com/openshift/assisted-installer-agent/pull/803) * [OCPBUGS-42304](https://issues.redhat.com/browse/OCPBUGS-42304): Switch to github.com/docker/distribution/reference to Mitigate CVE-2024-3727 (#786) [#786](https://github.com/openshift/assisted-installer-agent/pull/786) * [OCPBUGS-33404](https://issues.redhat.com/browse/OCPBUGS-33404): Make removable disks eligible (#718) [#718](https://github.com/openshift/assisted-installer-agent/pull/718) * [MGMT-17593](https://issues.redhat.com/browse/MGMT-17593): Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#704) [#704](https://github.com/openshift/assisted-installer-agent/pull/704) * [MGMT-17549](https://issues.redhat.com/browse/MGMT-17549): Bump runc version to 1.1.12 to Mitigate CVE-2024-21626 (#699) [#699](https://github.com/openshift/assisted-installer-agent/pull/699) * [MGMT-17541](https://issues.redhat.com/browse/MGMT-17541): Replace broken golangci reference (#695) [#695](https://github.com/openshift/assisted-installer-agent/pull/695) * [Full changelog](https://github.com/openshift/assisted-installer-agent/compare/b0beda7b7323ff17e5f13262f23ac01c35a56485...366295f2cba23d0e7e1a61b384e226f707ff56a6) ### [alibaba-machine-controllers](https://github.com/openshift/cluster-api-provider-alibaba/tree/f7f5eed811b33b9beee1ed6a34f956449fbf7fc7) * [[release-4.15] OCPBUGS-41800: set required-scc for openshift workloads [#57](https://github.com/openshift/cluster-api-provider-alibaba/pull/57) * [Full changelog](https://github.com/openshift/cluster-api-provider-alibaba/compare/d3ba04c35e77e4e937aa9b7b4d069753cd514335...f7f5eed811b33b9beee1ed6a34f956449fbf7fc7) ### [apiserver-network-proxy](https://github.com/openshift/apiserver-network-proxy/tree/adccbd5c16daecfe861fa530acdcbba5ec682a3a) * [OCPBUGS-38065](https://issues.redhat.com/browse/OCPBUGS-38065): Revert "Agent: Respect HTTPS_PROXY env vars for proxied connections" [#60](https://github.com/openshift/apiserver-network-proxy/pull/60) * Update golang Docker tag to v1.23.1 [#58](https://github.com/openshift/apiserver-network-proxy/pull/58) * [OCPBUGS-31953](https://issues.redhat.com/browse/OCPBUGS-31953): Bump golang.org/x/net to v0.23.0 [#51](https://github.com/openshift/apiserver-network-proxy/pull/51) * [Full changelog](https://github.com/openshift/apiserver-network-proxy/compare/dc30b80c9931de88a841eb0677dadbd1d63c27a6...adccbd5c16daecfe861fa530acdcbba5ec682a3a) ### [aws-cloud-controller-manager](https://github.com/openshift/cloud-provider-aws/tree/fd77d92ced47559dadf53fb8c97d1cbeb64dde8c) * [OCPBUGS-38577](https://issues.redhat.com/browse/OCPBUGS-38577): Ensure that addresses are added in network device index order [#92](https://github.com/openshift/cloud-provider-aws/pull/92) * [OCPBUGS-31954](https://issues.redhat.com/browse/OCPBUGS-31954): update for CVE-2023-45288 [release-4.15] [#81](https://github.com/openshift/cloud-provider-aws/pull/81) * [OCPBUGS-29079](https://issues.redhat.com/browse/OCPBUGS-29079): Updates build-rpm.sh to set release to build time [#76](https://github.com/openshift/cloud-provider-aws/pull/76) * [Full changelog](https://github.com/openshift/cloud-provider-aws/compare/2e3cca19638cae3066cba27608ed61c284b4d529...fd77d92ced47559dadf53fb8c97d1cbeb64dde8c) ### [aws-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-aws/tree/7f00d2cde7a40b8438c5e0d5e64a4d15a035883a) * [OCPBUGS-44294](https://issues.redhat.com/browse/OCPBUGS-44294): [release-4.15] OSD-25934: Only tag NetworkInterfaces in RunInstances if IAM Allows It [#532](https://github.com/openshift/cluster-api-provider-aws/pull/532) * [OCPBUGS-30117](https://issues.redhat.com/browse/OCPBUGS-30117): manifests: Add in CustomNoUpgrade [#511](https://github.com/openshift/cluster-api-provider-aws/pull/511) * [OCPBUGS-32114](https://issues.redhat.com/browse/OCPBUGS-32114): UPSTREAM: <carry>: Fix instance PrivateDNSName when domain-name is set in dhcpOpts [#508](https://github.com/openshift/cluster-api-provider-aws/pull/508) * [OCPBUGS-31036](https://issues.redhat.com/browse/OCPBUGS-31036): UPSTREAM: 4670:Update awsmachine providerID and instanceID immediately after ec2:RunInstances is called [#501](https://github.com/openshift/cluster-api-provider-aws/pull/501) * [OCPBUGS-30595](https://issues.redhat.com/browse/OCPBUGS-30595): fix e2e tests on release branches [#504](https://github.com/openshift/cluster-api-provider-aws/pull/504) * [Full changelog](https://github.com/openshift/cluster-api-provider-aws/compare/3e23a968b30cd41b648010ef3be053a0bfefab0c...7f00d2cde7a40b8438c5e0d5e64a4d15a035883a) ### [aws-ebs-csi-driver](https://github.com/openshift/aws-ebs-csi-driver/tree/7043c1cca6e17dd3c90006140f6361cf0e776d69) * [OCPBUGS-33043](https://issues.redhat.com/browse/OCPBUGS-33043): UPSTREAM: 1919: Add reserved-volume-attachments [#263](https://github.com/openshift/aws-ebs-csi-driver/pull/263) * [Full changelog](https://github.com/openshift/aws-ebs-csi-driver/compare/b692edb1bcad959162c5c62969c13f85d0266fa2...7043c1cca6e17dd3c90006140f6361cf0e776d69) ### [aws-ebs-csi-driver-operator](https://github.com/openshift/csi-operator/tree/2a2b9dd109ba9d4abce11411c96787b21887f929) * [OCPBUGS-33043](https://issues.redhat.com/browse/OCPBUGS-33043): Explicitly reserve 1 attachment for the root disk [#222](https://github.com/openshift/csi-operator/pull/222) * [OCPBUGS-30621](https://issues.redhat.com/browse/OCPBUGS-30621): remove legacy directory and duplicate Dockerfile.*.test files [#201](https://github.com/openshift/csi-operator/pull/201) * [OCPBUGS-30621](https://issues.redhat.com/browse/OCPBUGS-30621): move test manifest to top-level directory [#195](https://github.com/openshift/csi-operator/pull/195) * [Full changelog](https://github.com/openshift/csi-operator/compare/f258bd0bf4e0ed13d6f555962d594818bd756f2d...2a2b9dd109ba9d4abce11411c96787b21887f929) ### [aws-pod-identity-webhook](https://github.com/openshift/aws-pod-identity-webhook/tree/13385034ec9a843a6b40f8b3aec9966ada785115) * [OCPBUGS-32886](https://issues.redhat.com/browse/OCPBUGS-32886): Upgrade go-jose module to 2.6.3 [#188](https://github.com/openshift/aws-pod-identity-webhook/pull/188) * [Full changelog](https://github.com/openshift/aws-pod-identity-webhook/compare/a63743aff1004f4834b347812833834ba508c27b...13385034ec9a843a6b40f8b3aec9966ada785115) ### [azure-cloud-controller-manager, azure-cloud-node-manager](https://github.com/openshift/cloud-provider-azure/tree/0d799a261f70bbdf546d911f5f8b59e2c324bd16) * [OCPBUGS-33127](https://issues.redhat.com/browse/OCPBUGS-33127): Improvements to client timeouts to prevent hangs [#118](https://github.com/openshift/cloud-provider-azure/pull/118) * [OCPBUGS-33092](https://issues.redhat.com/browse/OCPBUGS-33092): Bump otelgrpc [#117](https://github.com/openshift/cloud-provider-azure/pull/117) * [OCPBUGS-30970](https://issues.redhat.com/browse/OCPBUGS-30970): Update acr-credential-provider.spec [#115](https://github.com/openshift/cloud-provider-azure/pull/115) * [OCPBUGS-30970](https://issues.redhat.com/browse/OCPBUGS-30970): Adds acr-credential-provider spec file and build script [#114](https://github.com/openshift/cloud-provider-azure/pull/114) * [Full changelog](https://github.com/openshift/cloud-provider-azure/compare/5beac87d7395d2f9c5d76a66669ad17e13d1ca07...0d799a261f70bbdf546d911f5f8b59e2c324bd16) ### [azure-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-azure/tree/44832d2da09778d7ff4d2413c9e10852f330a55d) * [OCPBUGS-36024](https://issues.redhat.com/browse/OCPBUGS-36024): Update go-retryablehttp to v0.7.7 [#311](https://github.com/openshift/cluster-api-provider-azure/pull/311) * [OCPBUGS-29502](https://issues.redhat.com/browse/OCPBUGS-29502): Bump helm to v3.14.4 [#303](https://github.com/openshift/cluster-api-provider-azure/pull/303) * [Full changelog](https://github.com/openshift/cluster-api-provider-azure/compare/84ef752bcb274d97ccf57c0b61b1c7a8800c7aee...44832d2da09778d7ff4d2413c9e10852f330a55d) ### [azure-file-csi-driver](https://github.com/openshift/azure-file-csi-driver/tree/bcf919dc0467f84192758155aac4976df5054da6) * [OCPBUGS-39444](https://issues.redhat.com/browse/OCPBUGS-39444): bump mount-utils to treat ENODEV error as corrupted mount [#78](https://github.com/openshift/azure-file-csi-driver/pull/78) * [OCPBUGS-33038](https://issues.redhat.com/browse/OCPBUGS-33038): Rebase v1.29.5 for OCP 4.15 [#65](https://github.com/openshift/azure-file-csi-driver/pull/65) * [Full changelog](https://github.com/openshift/azure-file-csi-driver/compare/364d90d4dd15bfbe15835b0427c8c7d8f1100fb9...bcf919dc0467f84192758155aac4976df5054da6) ### [azure-file-csi-driver-operator](https://github.com/openshift/azure-file-csi-driver-operator/tree/367c4e45899033f7fb7494c0004b83157b6723aa) * [OCPBUGS-33038](https://issues.redhat.com/browse/OCPBUGS-33038): add token audience for Azure File [#103](https://github.com/openshift/azure-file-csi-driver-operator/pull/103) * [Full changelog](https://github.com/openshift/azure-file-csi-driver-operator/compare/1c6294a4815b076ea3932c4bed4510043d738504...367c4e45899033f7fb7494c0004b83157b6723aa) ### [azure-machine-controllers](https://github.com/openshift/machine-api-provider-azure/tree/615b457bcfa1a40e7900585154952aac8194bed4) * [CFE-1050](https://issues.redhat.com/browse/CFE-1050): Added support of capacity reservation group [#110](https://github.com/openshift/machine-api-provider-azure/pull/110) * [OCPBUGS-30215](https://issues.redhat.com/browse/OCPBUGS-30215): Remove startupScript vmextension lookup [#103](https://github.com/openshift/machine-api-provider-azure/pull/103) * [Full changelog](https://github.com/openshift/machine-api-provider-azure/compare/90771aba5adb0c3883b0927956875c94fa88e69e...615b457bcfa1a40e7900585154952aac8194bed4) ### [azure-workload-identity-webhook](https://github.com/openshift/azure-workload-identity/tree/2333b7fae0592ae26d77cbac49ce23e7fbaa00b1) * [OCPBUGS-32895](https://issues.redhat.com/browse/OCPBUGS-32895): Upgrade go-jose module to 2.6.3 [#17](https://github.com/openshift/azure-workload-identity/pull/17) * [Full changelog](https://github.com/openshift/azure-workload-identity/compare/1fd2e4e8c0a56e5a5e9367f11b3dafbb79d31ea1...2333b7fae0592ae26d77cbac49ce23e7fbaa00b1) ### [baremetal-installer, installer, installer-altinfra, installer-artifacts](https://github.com/openshift/installer/tree/4caaa383b8dfa4853d1962a966a430da27417423) * [OCPBUGS-44035](https://issues.redhat.com/browse/OCPBUGS-44035): IBMCloud: Handle pagination for subnets [#9160](https://github.com/openshift/installer/pull/9160) * [OCPBUGS-43760](https://issues.redhat.com/browse/OCPBUGS-43760): azure: use filter when listing SKUs [#9135](https://github.com/openshift/installer/pull/9135) * [OCPBUGS-42139](https://issues.redhat.com/browse/OCPBUGS-42139): add tested instance type for IBMCloud [#9032](https://github.com/openshift/installer/pull/9032) * [OCPBUGS-42335](https://issues.redhat.com/browse/OCPBUGS-42335): Bump extract-machine-os timout to 20m [#9051](https://github.com/openshift/installer/pull/9051) * [OCPBUGS-42180](https://issues.redhat.com/browse/OCPBUGS-42180): Add AWS r8g to arm tested instance types [#9040](https://github.com/openshift/installer/pull/9040) * [OCPBUGS-39288](https://issues.redhat.com/browse/OCPBUGS-39288), [OCPBUGS-42011](https://issues.redhat.com/browse/OCPBUGS-42011): Openstack UPI - Reintroduce unique resource names [#9047](https://github.com/openshift/installer/pull/9047) * [OCPBUGS-38198](https://issues.redhat.com/browse/OCPBUGS-38198): Remove timed context for gcp client [#8824](https://github.com/openshift/installer/pull/8824) * [OCPBUGS-29591](https://issues.redhat.com/browse/OCPBUGS-29591): vsphere-fix convert if only provided name [#8034](https://github.com/openshift/installer/pull/8034) * [OCPBUGS-32179](https://issues.redhat.com/browse/OCPBUGS-32179): Fix task for attaching IPv6 subnet to router. [#8262](https://github.com/openshift/installer/pull/8262) * [OCPBUGS-34721](https://issues.redhat.com/browse/OCPBUGS-34721): fix usage of host and user CA bundle in the agent ignition [#8512](https://github.com/openshift/installer/pull/8512) * [OCPBUGS-36090](https://issues.redhat.com/browse/OCPBUGS-36090): [release-4.15]: bump go-retryablehttp for CVE fix [#8655](https://github.com/openshift/installer/pull/8655) * [OCPBUGS-37064](https://issues.redhat.com/browse/OCPBUGS-37064): Changed vsphere CPMS to not include fields controlled by failure domains. [#8735](https://github.com/openshift/installer/pull/8735) * [OCPBUGS-37182](https://issues.redhat.com/browse/OCPBUGS-37182): ic: fix typo in warning message [#8770](https://github.com/openshift/installer/pull/8770) * [OCPBUGS-37067](https://issues.redhat.com/browse/OCPBUGS-37067): update RHCOS 4.15 bootimage metadata to 415.92.202407091355-0 [#8746](https://github.com/openshift/installer/pull/8746) * [OCPBUGS-33354](https://issues.redhat.com/browse/OCPBUGS-33354), [OCPBUGS-33402](https://issues.redhat.com/browse/OCPBUGS-33402): Use assisted-image-service for ignition editing [#8635](https://github.com/openshift/installer/pull/8635) * : OCPBUGS-36400: PowerVS: add ibmcloud plugins [#8687](https://github.com/openshift/installer/pull/8687) * [OCPBUGS-36225](https://issues.redhat.com/browse/OCPBUGS-36225): Make vSphere default ResourcePool formatting not contain double slash. [#8664](https://github.com/openshift/installer/pull/8664) * [OCPBUGS-35131](https://issues.redhat.com/browse/OCPBUGS-35131), [OCPBUGS-35141](https://issues.redhat.com/browse/OCPBUGS-35141), [OCPBUGS-35144](https://issues.redhat.com/browse/OCPBUGS-35144): [CVE-2023-48795] Bump golang.org/x/crypto to v0.21.0 [#8646](https://github.com/openshift/installer/pull/8646) * [OCPBUGS-35359](https://issues.redhat.com/browse/OCPBUGS-35359): GCP: Prevent cluster installation with mismatched worker assets and worker replicas [#8581](https://github.com/openshift/installer/pull/8581) * [OCPBUGS-35502](https://issues.redhat.com/browse/OCPBUGS-35502): [release-4.15] azure: bump profile used for network [#8607](https://github.com/openshift/installer/pull/8607) * [OCPBUGS-35586](https://issues.redhat.com/browse/OCPBUGS-35586): [release-4.15] bump github.com/containers/image for CVE fix [#8621](https://github.com/openshift/installer/pull/8621) * [OCPBUGS-31387](https://issues.redhat.com/browse/OCPBUGS-31387): If host is offline or disconnected don't check ver [#8208](https://github.com/openshift/installer/pull/8208) * [OCPBUGS-35355](https://issues.redhat.com/browse/OCPBUGS-35355): baremetal: Don't always enable provisioning-interface.service [#8580](https://github.com/openshift/installer/pull/8580) * [OCPBUGS-35032](https://issues.redhat.com/browse/OCPBUGS-35032): [release-4.15] aws: terraform: add spot instance support for masters [#8540](https://github.com/openshift/installer/pull/8540) * [OCPBUGS-35059](https://issues.redhat.com/browse/OCPBUGS-35059): images: change libvirt-installer base [#8550](https://github.com/openshift/installer/pull/8550) * [OCPBUGS-33672](https://issues.redhat.com/browse/OCPBUGS-33672): add quota support to ca-west-1 [#8412](https://github.com/openshift/installer/pull/8412) * [OCPBUGS-33454](https://issues.redhat.com/browse/OCPBUGS-33454): go.mod: bump aws-sdk-go for ca-west-1 support [#8381](https://github.com/openshift/installer/pull/8381) * [OCPBUGS-33205](https://issues.redhat.com/browse/OCPBUGS-33205): Gcp bootstraping release 4.15 [#8339](https://github.com/openshift/installer/pull/8339) * [OCPBUGS-33542](https://issues.redhat.com/browse/OCPBUGS-33542): images: do not force terraform-providers to be statically linked [#8392](https://github.com/openshift/installer/pull/8392) * [OCPBUGS-29929](https://issues.redhat.com/browse/OCPBUGS-29929): GCP Destroy cleanup correct zones/records [#8062](https://github.com/openshift/installer/pull/8062) * [OCPBUGS-32383](https://issues.redhat.com/browse/OCPBUGS-32383): sdk/aws: add ssh security group rule for compute [#8282](https://github.com/openshift/installer/pull/8282) * [OCPBUGS-32690](https://issues.redhat.com/browse/OCPBUGS-32690): AWS: bump CCO for permission fix [#8302](https://github.com/openshift/installer/pull/8302) * [OCPBUGS-32264](https://issues.redhat.com/browse/OCPBUGS-32264): always save serial logs if they were gathered [#8274](https://github.com/openshift/installer/pull/8274) * [OCPBUGS-30944](https://issues.redhat.com/browse/OCPBUGS-30944): Don't run libvirt validations in agent installer [#8167](https://github.com/openshift/installer/pull/8167) * NO-ISSUE: test fix to support slightly different nmstate error messages [#8285](https://github.com/openshift/installer/pull/8285) * [OCPBUGS-32259](https://issues.redhat.com/browse/OCPBUGS-32259): escape '%' in proxy settings [#8272](https://github.com/openshift/installer/pull/8272) * [OCPBUGS-32355](https://issues.redhat.com/browse/OCPBUGS-32355): Updated libvirt installer to include multi-arch yq and symlink for backwards compatibility [#8277](https://github.com/openshift/installer/pull/8277) * [OCPBUGS-31335](https://issues.redhat.com/browse/OCPBUGS-31335): openstack: Honour worker server group policy [#8202](https://github.com/openshift/installer/pull/8202) * : OCPBUGS-31590: GCP: Skip populating Private/Public Zones within DNS manifest [#8220](https://github.com/openshift/installer/pull/8220) * [OCPBUGS-30922](https://issues.redhat.com/browse/OCPBUGS-30922): coreos-installer iso kargs show broken on Agent ISO [#8163](https://github.com/openshift/installer/pull/8163) * [OCPBUGS-30822](https://issues.redhat.com/browse/OCPBUGS-30822): Validate control plane replicas [#8143](https://github.com/openshift/installer/pull/8143) * [OCPBUGS-31274](https://issues.redhat.com/browse/OCPBUGS-31274): IBMCloud: Restrict CIS and DNS Service lookup [#8197](https://github.com/openshift/installer/pull/8197) * [OCPBUGS-30605](https://issues.redhat.com/browse/OCPBUGS-30605): upi: aws: fix typo in worker templates [#8125](https://github.com/openshift/installer/pull/8125) * Bug OCPBUGS-31284: OpenStack: enable 30000:32767 nodePort IPv6 traffic [#8199](https://github.com/openshift/installer/pull/8199) * [OCPBUGS-31087](https://issues.redhat.com/browse/OCPBUGS-31087): Fix vsi image missing [#8186](https://github.com/openshift/installer/pull/8186) * [OCPBUGS-30098](https://issues.redhat.com/browse/OCPBUGS-30098): feat: add check for SNO bootstrap condition [#8089](https://github.com/openshift/installer/pull/8089) * [OCPBUGS-30601](https://issues.redhat.com/browse/OCPBUGS-30601): update RHCOS 4.15 bootimage metadata to 415.92.202402201450-0 [#8122](https://github.com/openshift/installer/pull/8122) * [OCPBUGS-30854](https://issues.redhat.com/browse/OCPBUGS-30854): Power VS: Fix wait_for_workspace [#8159](https://github.com/openshift/installer/pull/8159) * [OCPBUGS-29964](https://issues.redhat.com/browse/OCPBUGS-29964): fix Azure API SKU calls timing out [#8086](https://github.com/openshift/installer/pull/8086) * [OCPBUGS-30792](https://issues.redhat.com/browse/OCPBUGS-30792): Enable deploy by Service ID on PowerVS [#8138](https://github.com/openshift/installer/pull/8138) * [OCPBUGS-30577](https://issues.redhat.com/browse/OCPBUGS-30577): Authn with platform-services-go-sdk for PowerVS [#8118](https://github.com/openshift/installer/pull/8118) * [Full changelog](https://github.com/openshift/installer/compare/d0a415f1cca1fa2c164aff142afa1269b6fd9865...4caaa383b8dfa4853d1962a966a430da27417423) ### [baremetal-machine-controllers](https://github.com/openshift/cluster-api-provider-baremetal/tree/73a72cc821224eb7ad0fad25d3bcc8272658238b) * [OCPBUGS-30876](https://issues.redhat.com/browse/OCPBUGS-30876): Bump golang-protobuf version [#214](https://github.com/openshift/cluster-api-provider-baremetal/pull/214) * [Full changelog](https://github.com/openshift/cluster-api-provider-baremetal/compare/26641cde1dfee3edc8039fccafdf0e57f0c3bf8b...73a72cc821224eb7ad0fad25d3bcc8272658238b) ### [baremetal-operator](https://github.com/openshift/baremetal-operator/tree/62a7d56e20785c3f4cf02cb2511270a7aa32deea) * [OCPBUGS-38939](https://issues.redhat.com/browse/OCPBUGS-38939): [OCP] Ability to disable agent power off after deployment [#373](https://github.com/openshift/baremetal-operator/pull/373) * [OCPBUGS-34682](https://issues.redhat.com/browse/OCPBUGS-34682): PreprovisioningImage should not be created on poweroff [#358](https://github.com/openshift/baremetal-operator/pull/358) * [Full changelog](https://github.com/openshift/baremetal-operator/compare/c17023eb3546d24d0529cdb4b7db96fc9ce288a7...62a7d56e20785c3f4cf02cb2511270a7aa32deea) ### [baremetal-runtimecfg](https://github.com/openshift/baremetal-runtimecfg/tree/1fbb2c0c1e6af304a673d5ac43803d4bb5dca95c) * [OCPBUGS-37704](https://issues.redhat.com/browse/OCPBUGS-37704): Change mechanism of debug flag [#325](https://github.com/openshift/baremetal-runtimecfg/pull/325) * [OCPBUGS-36278](https://issues.redhat.com/browse/OCPBUGS-36278): Fix handling of ELB Node IP detection [#322](https://github.com/openshift/baremetal-runtimecfg/pull/322) * [OCPBUGS-35543](https://issues.redhat.com/browse/OCPBUGS-35543): Add support for OVN HostCidrs annotation [#319](https://github.com/openshift/baremetal-runtimecfg/pull/319) * [OCPBUGS-32024](https://issues.redhat.com/browse/OCPBUGS-32024): Decrease log level when detecting node IP [#304](https://github.com/openshift/baremetal-runtimecfg/pull/304) * [Full changelog](https://github.com/openshift/baremetal-runtimecfg/compare/6f83b6f752ce27c6f997f2d0706b3a79b84aa763...1fbb2c0c1e6af304a673d5ac43803d4bb5dca95c) ### [cli, cli-artifacts, deployer, tools](https://github.com/openshift/oc/tree/82316376e25f6453b58258df6bf1e11ec4abb670) * [OCPBUGS-42726](https://issues.redhat.com/browse/OCPBUGS-42726): Check cast result in adm prune deployments to prevent panic [#1893](https://github.com/openshift/oc/pull/1893) * [OCPBUGS-39426](https://issues.redhat.com/browse/OCPBUGS-39426): Ignore pruning when deployment points to replicationcontroller [#1865](https://github.com/openshift/oc/pull/1865) * [OCPBUGS-36329](https://issues.redhat.com/browse/OCPBUGS-36329): Set required-scc annotation to privileged for node debug pods [#1818](https://github.com/openshift/oc/pull/1818) * [OCPBUGS-35201](https://issues.redhat.com/browse/OCPBUGS-35201): Bump joelanford/ignore to bump go-git to 5.11.0 [#1798](https://github.com/openshift/oc/pull/1798) * [OCPBUGS-32840](https://issues.redhat.com/browse/OCPBUGS-32840): Bump go-jose indirect reference to 2.6.3 [#1749](https://github.com/openshift/oc/pull/1749) * [OCPBUGS-31879](https://issues.redhat.com/browse/OCPBUGS-31879): Add OIDC specific certificate authority bundle flag [#1730](https://github.com/openshift/oc/pull/1730) * [OCPBUGS-31726](https://issues.redhat.com/browse/OCPBUGS-31726): Remove some of newapp unit tests relying on external deprecated images [#1726](https://github.com/openshift/oc/pull/1726) * [OCPBUGS-30286](https://issues.redhat.com/browse/OCPBUGS-30286): oc adm catalog mirror: use ToSlash and FromSlash to unify the path separators [#1698](https://github.com/openshift/oc/pull/1698) * [Full changelog](https://github.com/openshift/oc/compare/d6175ebd387c07d8fd6354b476f6b1092f15ee1d...82316376e25f6453b58258df6bf1e11ec4abb670) ### [cloud-credential-operator](https://github.com/openshift/cloud-credential-operator/tree/60b3edb85025c66c2962fdb31c800afd484c8ba1) * [OCPBUGS-43646](https://issues.redhat.com/browse/OCPBUGS-43646): Only attempt timed token credentials on supported platforms. [#774](https://github.com/openshift/cloud-credential-operator/pull/774) * [OCPBUGS-43338](https://issues.redhat.com/browse/OCPBUGS-43338): Update github.com/sirupsen/logrus v1.9.3 [#768](https://github.com/openshift/cloud-credential-operator/pull/768) * [OCPBUGS-41235](https://issues.redhat.com/browse/OCPBUGS-41235): List secrets in batches to avoid api timeout [#754](https://github.com/openshift/cloud-credential-operator/pull/754) * [OCPBUGS-38377](https://issues.redhat.com/browse/OCPBUGS-38377): Update google.golang.org/grpc v1.65.0 [#749](https://github.com/openshift/cloud-credential-operator/pull/749) * [OCPBUGS-37461](https://issues.redhat.com/browse/OCPBUGS-37461): Set required-scc for openshift workloads [#736](https://github.com/openshift/cloud-credential-operator/pull/736) * [OCPBUGS-37277](https://issues.redhat.com/browse/OCPBUGS-37277): Update to cloud.google.com/go/storage v1.43.0 [#729](https://github.com/openshift/cloud-credential-operator/pull/729) * [OCPBUGS-37288](https://issues.redhat.com/browse/OCPBUGS-37288): GCP passthrough permissions check to ignore problematic permissions. [#730](https://github.com/openshift/cloud-credential-operator/pull/730) * [OCPBUGS-37419](https://issues.redhat.com/browse/OCPBUGS-37419): SNYK ignore go-client misreporting [#738](https://github.com/openshift/cloud-credential-operator/pull/738) * [OCPBUGS-37061](https://issues.redhat.com/browse/OCPBUGS-37061): Update to azidentity v1.7.0 [#728](https://github.com/openshift/cloud-credential-operator/pull/728) * [OCPBUGS-36030](https://issues.redhat.com/browse/OCPBUGS-36030): IBM/go-sdk-core update to v5.17.4 [#720](https://github.com/openshift/cloud-credential-operator/pull/720) * [OCPBUGS-36291](https://issues.redhat.com/browse/OCPBUGS-36291): AWS STS should not error when a credentailsRequest does not have awsSTSIAMRoleARN [#709](https://github.com/openshift/cloud-credential-operator/pull/709) * [OCPBUGS-32900](https://issues.redhat.com/browse/OCPBUGS-32900): Upgrade go-jose module to 2.6.3 [#696](https://github.com/openshift/cloud-credential-operator/pull/696) * [OCPBUGS-31924](https://issues.redhat.com/browse/OCPBUGS-31924): aws: remove non-existent permission [#691](https://github.com/openshift/cloud-credential-operator/pull/691) * [Full changelog](https://github.com/openshift/cloud-credential-operator/compare/06a42948bf78b104e03a51bb5a555b6819db1b0a...60b3edb85025c66c2962fdb31c800afd484c8ba1) ### [cloud-network-config-controller](https://github.com/openshift/cloud-network-config-controller/tree/6864da0642026d6004df171539fa9fd5bcb6c2df) * [OCPBUGS-33780](https://issues.redhat.com/browse/OCPBUGS-33780): Avoid panic when looking up attachedOutboundRule.ID in azure [#145](https://github.com/openshift/cloud-network-config-controller/pull/145) * [OCPBUGS-31754](https://issues.redhat.com/browse/OCPBUGS-31754): Avoid nil pointer panic while assigning private IP on Azure [#137](https://github.com/openshift/cloud-network-config-controller/pull/137) * [Full changelog](https://github.com/openshift/cloud-network-config-controller/compare/81ab2a17f2886bccd90dddf3deb213ed368c5be2...6864da0642026d6004df171539fa9fd5bcb6c2df) ### [cluster-authentication-operator](https://github.com/openshift/cluster-authentication-operator/tree/7aaa40eb28afdae8c5994b672b33cd4be31cc7d1) * [OCPBUGS-34795](https://issues.redhat.com/browse/OCPBUGS-34795): set required-scc for openshift workloads [#675](https://github.com/openshift/cluster-authentication-operator/pull/675) * [Full changelog](https://github.com/openshift/cluster-authentication-operator/compare/52a7d25ade22ddcf791bf6488504e3f7ef3ae770...7aaa40eb28afdae8c5994b672b33cd4be31cc7d1) ### [cluster-autoscaler](https://github.com/openshift/kubernetes-autoscaler/tree/e78ea20540f3f445f7417cf4fe138738f3a4143a) * [OCPBUGS-40930](https://issues.redhat.com/browse/OCPBUGS-40930): update VPA golang.org/x/net for http rapid reset for CVE-2024-8421 [#315](https://github.com/openshift/kubernetes-autoscaler/pull/315) * [OCPBUGS-33885](https://issues.redhat.com/browse/OCPBUGS-33885): fix: scale up broken for providers not implementing NodeGroup.GetOptions() [#301](https://github.com/openshift/kubernetes-autoscaler/pull/301) * [OCPBUGS-31464](https://issues.redhat.com/browse/OCPBUGS-31464): add check for taint.value == nil [#293](https://github.com/openshift/kubernetes-autoscaler/pull/293) * [Full changelog](https://github.com/openshift/kubernetes-autoscaler/compare/b4a9dc6dd40c6c9e458e69bbfd2c667e9cb23e18...e78ea20540f3f445f7417cf4fe138738f3a4143a) ### [cluster-autoscaler-operator](https://github.com/openshift/cluster-autoscaler-operator/tree/8425d88b5bedd5d22acfb0f6c0edf929ec401288) * [OCPBUGS-41798](https://issues.redhat.com/browse/OCPBUGS-41798): set required-scc for openshift workloads [#332](https://github.com/openshift/cluster-autoscaler-operator/pull/332) * [OCPBUGS-31947](https://issues.redhat.com/browse/OCPBUGS-31947): Update x/net to v0.24.0 [#319](https://github.com/openshift/cluster-autoscaler-operator/pull/319) * [Full changelog](https://github.com/openshift/cluster-autoscaler-operator/compare/d90c9299f6699cb26c0598af26cc8f791f8c4f28...8425d88b5bedd5d22acfb0f6c0edf929ec401288) ### [cluster-baremetal-operator](https://github.com/openshift/cluster-baremetal-operator/tree/934c2181e98f11c1a2629bd34d4a09e61323ffd6) * [[release-4.15] OCPBUGS-41800: set required-scc for openshift workloads [#443](https://github.com/openshift/cluster-baremetal-operator/pull/443) * [OCPBUGS-31948](https://issues.redhat.com/browse/OCPBUGS-31948): bump x/net to 0.23.0 [#437](https://github.com/openshift/cluster-baremetal-operator/pull/437) * [Full changelog](https://github.com/openshift/cluster-baremetal-operator/compare/fdce2d0892e255240ff760e91fa8a738ae4a7556...934c2181e98f11c1a2629bd34d4a09e61323ffd6) ### [cluster-capi-controllers](https://github.com/openshift/cluster-api/tree/2053e13cb0fda9188e9b685db83c1e1f492e6efa) * [OCPBUGS-30117](https://issues.redhat.com/browse/OCPBUGS-30117): manifests: Add in CustomNoUpgrade [#206](https://github.com/openshift/cluster-api/pull/206) * [OCPBUGS-33200](https://issues.redhat.com/browse/OCPBUGS-33200): Bump protobuf to v1.33.0 [#204](https://github.com/openshift/cluster-api/pull/204) * [OCPBUGS-30595](https://issues.redhat.com/browse/OCPBUGS-30595): fix e2e tests on release branches [#201](https://github.com/openshift/cluster-api/pull/201) * [Full changelog](https://github.com/openshift/cluster-api/compare/c3b9ac8a39fd5bbf3d2e910fa17b38c86a58ac3a...2053e13cb0fda9188e9b685db83c1e1f492e6efa) ### [cluster-capi-operator](https://github.com/openshift/cluster-capi-operator/tree/203435ef87a2bed13fc43db893deb8bee1dff97f) * [OCPBUGS-37849](https://issues.redhat.com/browse/OCPBUGS-37849): fix: sort CredentialsRequest manifests after namespace [#193](https://github.com/openshift/cluster-capi-operator/pull/193) * [OCPBUGS-30117](https://issues.redhat.com/browse/OCPBUGS-30117): manifests-gen: also add CustomNoUpgrade annotation value [#166](https://github.com/openshift/cluster-capi-operator/pull/166) * [OCPBUGS-30118](https://issues.redhat.com/browse/OCPBUGS-30118): create openshift-cluster-api namespace in CustomNoUpgrade [#167](https://github.com/openshift/cluster-capi-operator/pull/167) * [Full changelog](https://github.com/openshift/cluster-capi-operator/compare/c8c94baccbe1d87f08d2d2349749ca31296b85ba...203435ef87a2bed13fc43db893deb8bee1dff97f) ### [cluster-cloud-controller-manager-operator](https://github.com/openshift/cluster-cloud-controller-manager-operator/tree/56181136d91dff7bac4aa5acb2c1461381ac6e34) * [OCPBUGS-36821](https://issues.redhat.com/browse/OCPBUGS-36821): Increase GCP Concurrent Service Syncs to 10 [#359](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/359) * [OCPBUGS-33547](https://issues.redhat.com/browse/OCPBUGS-33547): update azure and ash tolerations on node manager [#343](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/343) * Bug OCPBUGS-32246: Allow to patch events in OpenStack RBAC [#339](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/339) * [Full changelog](https://github.com/openshift/cluster-cloud-controller-manager-operator/compare/a125bc59fe576ad165c800badd90a93aba99c154...56181136d91dff7bac4aa5acb2c1461381ac6e34) ### [cluster-config-api](https://github.com/openshift/api/tree/0a58f8c30a8c309baaa4aecd05580039b4d3888b) * [CFE-1047](https://issues.redhat.com/browse/CFE-1047): Added new field for capacityReservationGroupID in AzureMachineProviderSpec [#1925](https://github.com/openshift/api/pull/1925) * [OCPBUGS-36208](https://issues.redhat.com/browse/OCPBUGS-36208): Ingress - add connect timeout to tuning options [#1937](https://github.com/openshift/api/pull/1937) * [OCPBUGS-35214](https://issues.redhat.com/browse/OCPBUGS-35214): [Release 4-15] Add transit switch config to 4.15 [#1872](https://github.com/openshift/api/pull/1872) * [OCPBUGS-28928](https://issues.redhat.com/browse/OCPBUGS-28928): Add UnservableInFutureVersions route status condition type [#1751](https://github.com/openshift/api/pull/1751) * [Full changelog](https://github.com/openshift/api/compare/4511c790cc60bf2a0393c34739cf9e71d1648b39...0a58f8c30a8c309baaa4aecd05580039b4d3888b) ### [cluster-config-operator](https://github.com/openshift/cluster-config-operator/tree/0b4c69fd7e282b9037cbb2b6e2d09c96bcc29818) * [OCPBUGS-36151](https://issues.redhat.com/browse/OCPBUGS-36151): Set required-scc for openshift workloads [#420](https://github.com/openshift/cluster-config-operator/pull/420) * [OCPBUGS-26542](https://issues.redhat.com/browse/OCPBUGS-26542): remove duplicate manifests in image [#395](https://github.com/openshift/cluster-config-operator/pull/395) * [Full changelog](https://github.com/openshift/cluster-config-operator/compare/cc1fb201a307c049036c8307d950e5cde9e565ca...0b4c69fd7e282b9037cbb2b6e2d09c96bcc29818) ### [cluster-control-plane-machine-set-operator](https://github.com/openshift/cluster-control-plane-machine-set-operator/tree/c03231f93a4630b94d86dde98688f357777c14b6) * [[release-4.15] OCPBUGS-41800: set required-scc for openshift workloads [#326](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/326) * [OCPBUGS-24632](https://issues.redhat.com/browse/OCPBUGS-24632): Prevent rollout due to irrelevant path artifacts [#317](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/317) * [CFE-1087](https://issues.redhat.com/browse/CFE-1087): API Bump for capacity Reservation [#318](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/318) * [OCPBUGS-34971](https://issues.redhat.com/browse/OCPBUGS-34971): Add unreadyNodeGracePeriod for allowing brief node hiccups [#299](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/299) * [OCPBUGS-35496](https://issues.redhat.com/browse/OCPBUGS-35496): Wait for ControlPlaneMachineSet to be created when waiting for it to be updated [#308](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/308) * [OCPBUGS-35255](https://issues.redhat.com/browse/OCPBUGS-35255): Improved debugging of API listing errors [#301](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/301) * [Release 4.15] OCPBUGS-32414: Fix ExportFailureDomain to handle empty platform spec [#290](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/290) * [Release 4.15] OCPBUGS-32357: Modified webhook to allow templates by name instead of just by path. [#289](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/289) * [Full changelog](https://github.com/openshift/cluster-control-plane-machine-set-operator/compare/673e7da36cad22402065e2952b4e06aff0cb9c99...c03231f93a4630b94d86dde98688f357777c14b6) ### [cluster-csi-snapshot-controller-operator](https://github.com/openshift/cluster-csi-snapshot-controller-operator/tree/65dbb12b710b7126f662f5f7f2d8272f9f6868cc) * [OCPBUGS-36377](https://issues.redhat.com/browse/OCPBUGS-36377): Set required-scc for openshift workloads [#211](https://github.com/openshift/cluster-csi-snapshot-controller-operator/pull/211) * [OCPBUGS-31599](https://issues.redhat.com/browse/OCPBUGS-31599): create suitable role and roleBinding for csi-snapshot-webhook [#203](https://github.com/openshift/cluster-csi-snapshot-controller-operator/pull/203) * [Full changelog](https://github.com/openshift/cluster-csi-snapshot-controller-operator/compare/1afe553a46159bd5b65061c98e15138bf48327cc...65dbb12b710b7126f662f5f7f2d8272f9f6868cc) ### [cluster-dns-operator](https://github.com/openshift/cluster-dns-operator/tree/49290d7db2194df73dfaeb1e719580dabf166690) * [OCPBUGS-32093](https://issues.redhat.com/browse/OCPBUGS-32093): Add RBAC related to featuregates to fix hypershift upgrade [#407](https://github.com/openshift/cluster-dns-operator/pull/407) * [Full changelog](https://github.com/openshift/cluster-dns-operator/compare/9eb983497cd90c4115d7dc476e4bcf0dfb5ee002...49290d7db2194df73dfaeb1e719580dabf166690) ### [cluster-etcd-operator](https://github.com/openshift/cluster-etcd-operator/tree/b72a596d1f588da8eca821f28f286dfd609691d1) * [OCPBUGS-33564](https://issues.redhat.com/browse/OCPBUGS-33564): return errors in wait-for-ceo [#1261](https://github.com/openshift/cluster-etcd-operator/pull/1261) * [OCPBUGS-32952](https://issues.redhat.com/browse/OCPBUGS-32952): remove etcd-health-probe log [#1257](https://github.com/openshift/cluster-etcd-operator/pull/1257) * [OCPBUGS-31942](https://issues.redhat.com/browse/OCPBUGS-31942): update golang x net [#1253](https://github.com/openshift/cluster-etcd-operator/pull/1253) * [OCPBUGS-31865](https://issues.redhat.com/browse/OCPBUGS-31865): bump(library-go)=release-4.15 [#1220](https://github.com/openshift/cluster-etcd-operator/pull/1220) * [OCPBUGS-30915](https://issues.redhat.com/browse/OCPBUGS-30915): CEO aliveness check should only detect deadlocks [#1225](https://github.com/openshift/cluster-etcd-operator/pull/1225) * [Full changelog](https://github.com/openshift/cluster-etcd-operator/compare/9d596e149a662ff77d235b3c7e4b69f34638c2ed...b72a596d1f588da8eca821f28f286dfd609691d1) ### [cluster-image-registry-operator](https://github.com/openshift/cluster-image-registry-operator/tree/6776f554e8b0664f6e7f54abc4a2c03f42a2a378) * [OCPBUGS-43918](https://issues.redhat.com/browse/OCPBUGS-43918): fix proxy config and leader election test flakes [#1150](https://github.com/openshift/cluster-image-registry-operator/pull/1150) * [OCPBUGS-42930](https://issues.redhat.com/browse/OCPBUGS-42930): Continuous pull-secret updates / slow initialization on build01 (test platform infrastructure) [#1136](https://github.com/openshift/cluster-image-registry-operator/pull/1136) * [OCPBUGS-43656](https://issues.redhat.com/browse/OCPBUGS-43656): pkg/storage/azure: also check for auth failure error code on deletion [#1146](https://github.com/openshift/cluster-image-registry-operator/pull/1146) * [OCPBUGS-42934](https://issues.redhat.com/browse/OCPBUGS-42934): azureclient: stop validating credentials when creating the client [#1135](https://github.com/openshift/cluster-image-registry-operator/pull/1135) * [OCPBUGS-39099](https://issues.redhat.com/browse/OCPBUGS-39099): Avoid Shared Access Key usage for Azure Storage Account when using Managed Identity based auth [#1111](https://github.com/openshift/cluster-image-registry-operator/pull/1111) * [OCPBUGS-38895](https://issues.redhat.com/browse/OCPBUGS-38895): pkg/resource: invoke update-ca-trust extract with --output [#1105](https://github.com/openshift/cluster-image-registry-operator/pull/1105) * [OCPBUGS-36325](https://issues.redhat.com/browse/OCPBUGS-36325): Set required-scc for openshift workloads [#1067](https://github.com/openshift/cluster-image-registry-operator/pull/1067) * [OCPBUGS-36036](https://issues.redhat.com/browse/OCPBUGS-36036): go.*,vendor: bump go-retryablehttp [#1068](https://github.com/openshift/cluster-image-registry-operator/pull/1068) * [OCPBUGS-34571](https://issues.redhat.com/browse/OCPBUGS-34571): azure-path-fix: get client secret from k8s secret [#1049](https://github.com/openshift/cluster-image-registry-operator/pull/1049) * [OCPBUGS-34539](https://issues.redhat.com/browse/OCPBUGS-34539): pkg/storage/s3: use force path style in favour of virtual hosted style config [#1048](https://github.com/openshift/cluster-image-registry-operator/pull/1048) * [OCPBUGS-33208](https://issues.redhat.com/browse/OCPBUGS-33208): azurepathfix: check if platform status is nil before accessing it [#1031](https://github.com/openshift/cluster-image-registry-operator/pull/1031) * [OCPBUGS-32396](https://issues.redhat.com/browse/OCPBUGS-32396): azure-path-fix: support auth via account key (without clientID) [#1022](https://github.com/openshift/cluster-image-registry-operator/pull/1022) * [OCPBUGS-31641](https://issues.redhat.com/browse/OCPBUGS-31641): bump aws-sdk-go from v1.44 to v1.50 [#1014](https://github.com/openshift/cluster-image-registry-operator/pull/1014) * [Full changelog](https://github.com/openshift/cluster-image-registry-operator/compare/f122f0b9a706abff7610f732cba4dd6eca9771f6...6776f554e8b0664f6e7f54abc4a2c03f42a2a378) ### [cluster-ingress-operator](https://github.com/openshift/cluster-ingress-operator/tree/9e0d092565a4589dbcbafb7b1212651afa6d36fa) * [OCPBUGS-42480](https://issues.redhat.com/browse/OCPBUGS-42480): Limit SHA-1 check to the leaf cert in default cert chain [#1154](https://github.com/openshift/cluster-ingress-operator/pull/1154) * [OCPBUGS-41635](https://issues.redhat.com/browse/OCPBUGS-41635): Refine logging for accurate infra CR status updates [#1141](https://github.com/openshift/cluster-ingress-operator/pull/1141) * [OCPBUGS-36466](https://issues.redhat.com/browse/OCPBUGS-36466): Allow operator to update Route spec.subdomain [#1100](https://github.com/openshift/cluster-ingress-operator/pull/1100) * [OCPBUGS-36208](https://issues.redhat.com/browse/OCPBUGS-36208): Implement connect timeout tuning option [#1097](https://github.com/openshift/cluster-ingress-operator/pull/1097) * [OCPBUGS-36279](https://issues.redhat.com/browse/OCPBUGS-36279): Add Regexp Anchor to TestAll [#1096](https://github.com/openshift/cluster-ingress-operator/pull/1096) * [OCPBUGS-28928](https://issues.redhat.com/browse/OCPBUGS-28928): Prevent upgrades for SHA1 default cert and SHA1 route certs [#1014](https://github.com/openshift/cluster-ingress-operator/pull/1014) * [OCPBUGS-35028](https://issues.redhat.com/browse/OCPBUGS-35028): internalServiceChanged: Fix target port logic [#1081](https://github.com/openshift/cluster-ingress-operator/pull/1081) * [OCPBUGS-34887](https://issues.redhat.com/browse/OCPBUGS-34887): TestHostNetworkPortBinding: Delete t.Parallel() [#1075](https://github.com/openshift/cluster-ingress-operator/pull/1075) * [OCPBUGS-34252](https://issues.redhat.com/browse/OCPBUGS-34252): Use centos7 tag for quay.io/centos7/httpd-24-centos7 image [#1058](https://github.com/openshift/cluster-ingress-operator/pull/1058) * [Full changelog](https://github.com/openshift/cluster-ingress-operator/compare/0106cb99b340a2f266a88700b4250f11457ffb05...9e0d092565a4589dbcbafb7b1212651afa6d36fa) ### [cluster-kube-apiserver-operator](https://github.com/openshift/cluster-kube-apiserver-operator/tree/aabc7863cdbd76f8909a10fbc1be53b032e4ec31) * [OCPBUGS-37566](https://issues.redhat.com/browse/OCPBUGS-37566): add disabled syncer as reason to CFE for PSA [#1716](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1716) * [OCPBUGS-35832](https://issues.redhat.com/browse/OCPBUGS-35832): add SNO control plane high cpu usage alert [#1706](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1706) * [OCPBUGS-29361](https://issues.redhat.com/browse/OCPBUGS-29361): operator: stop removing kube-apiserver-slos asset [#1643](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1643) * [OCPBUGS-34492](https://issues.redhat.com/browse/OCPBUGS-34492): Create one-shot migrations for the flowcontrol group. [#1692](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1692) * [OCPBUGS-33697](https://issues.redhat.com/browse/OCPBUGS-33697): add a controller that reconciles SCCs' volumes [#1679](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1679) * [OCPBUGS-33277](https://issues.redhat.com/browse/OCPBUGS-33277): Fix incorrect name for hostmount-anyuid SCC ClusterRole [#1672](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1672) * [OCPBUGS-31807](https://issues.redhat.com/browse/OCPBUGS-31807): Use RotatedSigningCASecret in update only mode [#1662](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1662) * [Full changelog](https://github.com/openshift/cluster-kube-apiserver-operator/compare/9fe0ab100bc6241030bf6ad1fc3f554ad0b0faf1...aabc7863cdbd76f8909a10fbc1be53b032e4ec31) ### [cluster-kube-controller-manager-operator](https://github.com/openshift/cluster-kube-controller-manager-operator/tree/ee8cf52558df0862f9927dbc7275fbe6cc1a1e5f) * [OCPBUGS-31807](https://issues.redhat.com/browse/OCPBUGS-31807): use RotatedSigningCASecret and RotatedSelfSignedCertKeySecret only in update mode [#801](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/801) * [OCPBUGS-31865](https://issues.redhat.com/browse/OCPBUGS-31865): bump(library-go)=release-4.15 [#797](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/797) * [Full changelog](https://github.com/openshift/cluster-kube-controller-manager-operator/compare/642fb08461913d9352b781693311727da42ffc0a...ee8cf52558df0862f9927dbc7275fbe6cc1a1e5f) ### [cluster-kube-scheduler-operator](https://github.com/openshift/cluster-kube-scheduler-operator/tree/f054dfaf189b43b262c11ef7f97038c79592c796) * [OCPBUGS-31865](https://issues.redhat.com/browse/OCPBUGS-31865): bump(library-go)=release-4.15 [#537](https://github.com/openshift/cluster-kube-scheduler-operator/pull/537) * [Full changelog](https://github.com/openshift/cluster-kube-scheduler-operator/compare/e1a1e3a845fd27d2dc8cbd7eb40975505ff294ab...f054dfaf189b43b262c11ef7f97038c79592c796) ### [cluster-kube-storage-version-migrator-operator](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/tree/e76cea5f52bd5a125d051c6a0da4127a4dae6700) * [OCPBUGS-36322](https://issues.redhat.com/browse/OCPBUGS-36322): Set required-scc for openshift workloads [#112](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/112) * [Full changelog](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/compare/37015e879a7ef647d7a953edea902d67e2ae91a7...e76cea5f52bd5a125d051c6a0da4127a4dae6700) ### [cluster-machine-approver](https://github.com/openshift/cluster-machine-approver/tree/6a809ce320324a3f841c7ac992cc77eafe1d97d7) * [OCPBUGS-44705](https://issues.redhat.com/browse/OCPBUGS-44705): Client internal DNS checks should be case insensitive [#245](https://github.com/openshift/cluster-machine-approver/pull/245) * [Full changelog](https://github.com/openshift/cluster-machine-approver/compare/3a6b6ae6933cf1a6550e0a4008eadd4a29f271ba...6a809ce320324a3f841c7ac992cc77eafe1d97d7) ### [cluster-monitoring-operator](https://github.com/openshift/cluster-monitoring-operator/tree/2eb5a2c888b61fdbf80a238c3ff13787f989b7b2) * [OCPBUGS-44006](https://issues.redhat.com/browse/OCPBUGS-44006): fix(monitoring-plugin): disable emitting nginx version on error pages [#2519](https://github.com/openshift/cluster-monitoring-operator/pull/2519) * [OCPBUGS-43876](https://issues.redhat.com/browse/OCPBUGS-43876): Add runbook url for TelemeterClientFail… [#2509](https://github.com/openshift/cluster-monitoring-operator/pull/2509) * [OCPBUGS-42586](https://issues.redhat.com/browse/OCPBUGS-42586): Exclude windows nodes from kubelet servicemonitor [#2487](https://github.com/openshift/cluster-monitoring-operator/pull/2487) * [OCPBUGS-41913](https://issues.redhat.com/browse/OCPBUGS-41913): filter alerts sent to Telemeter [#2472](https://github.com/openshift/cluster-monitoring-operator/pull/2472) * [OCPBUGS-39172](https://issues.redhat.com/browse/OCPBUGS-39172): Backport #2441 for 4.15 [#2448](https://github.com/openshift/cluster-monitoring-operator/pull/2448) * [OCPBUGS-37608](https://issues.redhat.com/browse/OCPBUGS-37608): set required-scc for openshift workloads [#2420](https://github.com/openshift/cluster-monitoring-operator/pull/2420) * [OCPBUGS-36563](https://issues.redhat.com/browse/OCPBUGS-36563): add runbook_url annotations [#2406](https://github.com/openshift/cluster-monitoring-operator/pull/2406) * [OCPBUGS-37194](https://issues.redhat.com/browse/OCPBUGS-37194): Making sure proxy settings are correctly forwarded in the generated remote write configs [#2413](https://github.com/openshift/cluster-monitoring-operator/pull/2413) * [OCPBUGS-36312](https://issues.redhat.com/browse/OCPBUGS-36312): inject trusted CA bundle into UWM Alertmanager [#2400](https://github.com/openshift/cluster-monitoring-operator/pull/2400) * [OCPBUGS-34596](https://issues.redhat.com/browse/OCPBUGS-34596): Ipsec state backport [#2384](https://github.com/openshift/cluster-monitoring-operator/pull/2384) * [OCPBUGS-33512](https://issues.redhat.com/browse/OCPBUGS-33512): fix Thanos ruler alert generator url [#2343](https://github.com/openshift/cluster-monitoring-operator/pull/2343) * [OCPBUGS-32055](https://issues.redhat.com/browse/OCPBUGS-32055): backport ols metric allowlist to 4.15 [#2313](https://github.com/openshift/cluster-monitoring-operator/pull/2313) * [OCPBUGS-28769](https://issues.redhat.com/browse/OCPBUGS-28769): fix generation of telemeter token hash [#2303](https://github.com/openshift/cluster-monitoring-operator/pull/2303) * [Full changelog](https://github.com/openshift/cluster-monitoring-operator/compare/a13d634285e9142a75b82f84c4ce62d2ac7e3ed1...2eb5a2c888b61fdbf80a238c3ff13787f989b7b2) ### [cluster-network-operator](https://github.com/openshift/cluster-network-operator/tree/7b8459dc88657a44785995a4c0cc88403a95954d) * [OCPBUGS-42753](https://issues.redhat.com/browse/OCPBUGS-42753): Set mount propagation to HostToContainer for /var/lib/kubelet [#2520](https://github.com/openshift/cluster-network-operator/pull/2520) * [OCPBUGS-42865](https://issues.redhat.com/browse/OCPBUGS-42865): Add configurable subnets while running hybrid-overlay-node binary [#2523](https://github.com/openshift/cluster-network-operator/pull/2523) * [OCPBUGS-43268](https://issues.redhat.com/browse/OCPBUGS-43268): Update network operator status for IPsec [#2530](https://github.com/openshift/cluster-network-operator/pull/2530) * [OCPBUGS-43099](https://issues.redhat.com/browse/OCPBUGS-43099): Configure narrowing=yes for IPsec connections [#2529](https://github.com/openshift/cluster-network-operator/pull/2529) * [OCPBUGS-42020](https://issues.redhat.com/browse/OCPBUGS-42020): HyperShift: do not use antiaffinity on single replica control planes [#2504](https://github.com/openshift/cluster-network-operator/pull/2504) * [OCPBUGS-41947](https://issues.redhat.com/browse/OCPBUGS-41947): Add proxy env vars to onvkube-node [#2503](https://github.com/openshift/cluster-network-operator/pull/2503) * [OCPBUGS-31447](https://issues.redhat.com/browse/OCPBUGS-31447): Tighten the permissions on whereabouts.conf [#2324](https://github.com/openshift/cluster-network-operator/pull/2324) * [NP-1064](https://issues.redhat.com/browse/NP-1064), [OCPBUGS-39336](https://issues.redhat.com/browse/OCPBUGS-39336): Remove managed cluster checking for live migration [#2485](https://github.com/openshift/cluster-network-operator/pull/2485) * [OCPBUGS-34613](https://issues.redhat.com/browse/OCPBUGS-34613), [OCPBUGS-34726](https://issues.redhat.com/browse/OCPBUGS-34726), [OCPBUGS-34727](https://issues.redhat.com/browse/OCPBUGS-34727): Live migration backports [#2393](https://github.com/openshift/cluster-network-operator/pull/2393) * [OCPBUGS-37962](https://issues.redhat.com/browse/OCPBUGS-37962): Fix IC distributed control plane alerts [#2459](https://github.com/openshift/cluster-network-operator/pull/2459) * [OCPBUGS-35837](https://issues.redhat.com/browse/OCPBUGS-35837): Propogate hypershift control plane priority class override to multus and preserve container resource requests [#2420](https://github.com/openshift/cluster-network-operator/pull/2420) * [OCPBUGS-37205](https://issues.redhat.com/browse/OCPBUGS-37205): Check every MachineConfigPool for IPsec plugin existence [#2439](https://github.com/openshift/cluster-network-operator/pull/2439) * [OCPBUGS-34809](https://issues.redhat.com/browse/OCPBUGS-34809): Ensure that the node-identity webhook address contains colons for IPv6 [#2396](https://github.com/openshift/cluster-network-operator/pull/2396) * [OCPBUGS-36347](https://issues.redhat.com/browse/OCPBUGS-36347): Create the configmap mtu if not found [#2426](https://github.com/openshift/cluster-network-operator/pull/2426) * [OCPBUGS-36499](https://issues.redhat.com/browse/OCPBUGS-36499): [release-4.15] Bump Openshift API and backport configurable subnet knobs (transit / join / masquerade) [#2375](https://github.com/openshift/cluster-network-operator/pull/2375) * [OCPBUGS-36367](https://issues.redhat.com/browse/OCPBUGS-36367): update whereabouts crd [#2427](https://github.com/openshift/cluster-network-operator/pull/2427) * [OCPBUGS-32989](https://issues.redhat.com/browse/OCPBUGS-32989): Add conditions for ignored-namespaces [#2379](https://github.com/openshift/cluster-network-operator/pull/2379) * [OCPBUGS-29739](https://issues.redhat.com/browse/OCPBUGS-29739): Run dhcp-daemon pods as system-node-critical priority [#2283](https://github.com/openshift/cluster-network-operator/pull/2283) * [OCPBUGS-34596](https://issues.redhat.com/browse/OCPBUGS-34596): Add ipsec state metric [#2389](https://github.com/openshift/cluster-network-operator/pull/2389) * [OCPBUGS-32515](https://issues.redhat.com/browse/OCPBUGS-32515): Fix wait logic for IPsec certificate signing request [#2348](https://github.com/openshift/cluster-network-operator/pull/2348) * [OCPBUGS-29092](https://issues.redhat.com/browse/OCPBUGS-29092): Add probes to node-network-identity [#2253](https://github.com/openshift/cluster-network-operator/pull/2253) * [OCPBUGS-29654](https://issues.redhat.com/browse/OCPBUGS-29654): Fully disable network-node-identity on ROKS [#2314](https://github.com/openshift/cluster-network-operator/pull/2314) * [OCPBUGS-30927](https://issues.redhat.com/browse/OCPBUGS-30927): ensure local networking deployments within hypershift use the client side load balancer to be resilient to control plane node failures [#2310](https://github.com/openshift/cluster-network-operator/pull/2310) * [OCPBUGS-30615](https://issues.redhat.com/browse/OCPBUGS-30615): Fix managed cluster detection on ARO [#2304](https://github.com/openshift/cluster-network-operator/pull/2304) * [Full changelog](https://github.com/openshift/cluster-network-operator/compare/4ad3c08b7b9f35224bdad111fc7b0205e0732f93...7b8459dc88657a44785995a4c0cc88403a95954d) ### [cluster-node-tuning-operator](https://github.com/openshift/cluster-node-tuning-operator/tree/4010bec15ab232b10d847df430b72913c8e66573) * [OCPBUGS-44275](https://issues.redhat.com/browse/OCPBUGS-44275): Drop sched_migration_cost_ns setting (#1207) [#1207](https://github.com/openshift/cluster-node-tuning-operator/pull/1207) * [OCPBUGS-44283](https://issues.redhat.com/browse/OCPBUGS-44283): right-hand-side profile_dirs take precedence (#1208) [#1208](https://github.com/openshift/cluster-node-tuning-operator/pull/1208) * [OCPBUGS-42284](https://issues.redhat.com/browse/OCPBUGS-42284): Add cluster-wide proxy env file (#1171) [#1171](https://github.com/openshift/cluster-node-tuning-operator/pull/1171) * TuneD prior to kubelet in one-shot mode (#1125) [#1125](https://github.com/openshift/cluster-node-tuning-operator/pull/1125) * set required-scc for openshift workloads (#1117) [#1117](https://github.com/openshift/cluster-node-tuning-operator/pull/1117) * [OCPBUGS-36870](https://issues.redhat.com/browse/OCPBUGS-36870): Remove tuned/rendered object (#1110) [#1110](https://github.com/openshift/cluster-node-tuning-operator/pull/1110) * [OCPBUGS-36355](https://issues.redhat.com/browse/OCPBUGS-36355): Backport fix for OCPBUGS-30647 (#1095) [#1095](https://github.com/openshift/cluster-node-tuning-operator/pull/1095) * [OCPBUGS-33929](https://issues.redhat.com/browse/OCPBUGS-33929): Negative net interface name does not reduce queues (#1066) [#1066](https://github.com/openshift/cluster-node-tuning-operator/pull/1066) * Add a '.snyk' to silence static code analysis warnings (#1001) [#1001](https://github.com/openshift/cluster-node-tuning-operator/pull/1001) * fix extra-reboot on upgrade with paused mcp worker (#1049) [#1049](https://github.com/openshift/cluster-node-tuning-operator/pull/1049) * fix rendering extra ctrcfgs (#975) [#975](https://github.com/openshift/cluster-node-tuning-operator/pull/975) * [OCPBUGS-31694](https://issues.redhat.com/browse/OCPBUGS-31694): E2E: Workload hints test cases fixes (#1012) (#1043) [#1012](https://github.com/openshift/cluster-node-tuning-operator/pull/1012) * Reduce number of reboots in offline tests (#1014) [#1014](https://github.com/openshift/cluster-node-tuning-operator/pull/1014) * Systemd processes not being moved to cpuset/systemd.slice fix (#1016) [#1016](https://github.com/openshift/cluster-node-tuning-operator/pull/1016) * Scheduler plugin: ignore IRQs (#983) [#983](https://github.com/openshift/cluster-node-tuning-operator/pull/983) * e2e: when crun is enabled by default skip checking runc config (#1013) [#1013](https://github.com/openshift/cluster-node-tuning-operator/pull/1013) * [OCPBUGS-30507](https://issues.redhat.com/browse/OCPBUGS-30507): Add performance real time tuned template (#984) [#984](https://github.com/openshift/cluster-node-tuning-operator/pull/984) * Report duplicate priority only for multiple matching profiles (#965) [#965](https://github.com/openshift/cluster-node-tuning-operator/pull/965) * hack: fix backport of render-sync.sh (#996) [#996](https://github.com/openshift/cluster-node-tuning-operator/pull/996) * [Full changelog](https://github.com/openshift/cluster-node-tuning-operator/compare/fc57075824faa9ccb64f7f4d2cd381c204c48490...4010bec15ab232b10d847df430b72913c8e66573) ### [cluster-openshift-apiserver-operator](https://github.com/openshift/cluster-openshift-apiserver-operator/tree/078c81f6e3e39675e8b1edd864e1ddf72472bb73) * [OCPBUGS-36150](https://issues.redhat.com/browse/OCPBUGS-36150): Set required-scc for openshift workloads [#581](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/581) * [Full changelog](https://github.com/openshift/cluster-openshift-apiserver-operator/compare/74013916aadbe6a18ac06e93c0ff72e8735a9668...078c81f6e3e39675e8b1edd864e1ddf72472bb73) ### [cluster-openshift-controller-manager-operator](https://github.com/openshift/cluster-openshift-controller-manager-operator/tree/68e8bcd5c5df5072d5eefb8abd9c9ecab289adf4) * [OCPBUGS-35922](https://issues.redhat.com/browse/OCPBUGS-35922): lots of churn during image registry managed/removed transition [#358](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/358) * [OCPBUGS-35869](https://issues.redhat.com/browse/OCPBUGS-35869): nil pointer reference in ocm-operator [#357](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/357) * [OCPBUGS-36152](https://issues.redhat.com/browse/OCPBUGS-36152): Set required-scc for openshift workloads [#361](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/361) * [OCPBUGS-31708](https://issues.redhat.com/browse/OCPBUGS-31708): Update opentelemetry dependency 415 [#342](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/342) * [OCPBUGS-25985](https://issues.redhat.com/browse/OCPBUGS-25985): Disable deployer-controller when deploymentconfig is disabled [#322](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/322) * [Full changelog](https://github.com/openshift/cluster-openshift-controller-manager-operator/compare/f189a00839491e166cd0220afe11d35cdb844754...68e8bcd5c5df5072d5eefb8abd9c9ecab289adf4) ### [cluster-samples-operator](https://github.com/openshift/cluster-samples-operator/tree/dac17316605b5dbdc0b12f84af7ff3aa41e8f577) * [OCPBUGS-37464](https://issues.redhat.com/browse/OCPBUGS-37464): Set required-scc for openshift workloads [#548](https://github.com/openshift/cluster-samples-operator/pull/548) * [OCPBUGS-38157](https://issues.redhat.com/browse/OCPBUGS-38157): add mfrancisc and metlos as owners add owners 4.15 [#550](https://github.com/openshift/cluster-samples-operator/pull/550) * [OCPBUGS-22034](https://issues.redhat.com/browse/OCPBUGS-22034): bump K8s version to 29.2 [#538](https://github.com/openshift/cluster-samples-operator/pull/538) * [Full changelog](https://github.com/openshift/cluster-samples-operator/compare/d546ec2c5146e3a701840ab1a84cdca5b3682dc2...dac17316605b5dbdc0b12f84af7ff3aa41e8f577) ### [cluster-storage-operator](https://github.com/openshift/cluster-storage-operator/tree/4c2b89d6a00e5a0c300b61dbad2a9e289c404e98) * [OCPBUGS-36374](https://issues.redhat.com/browse/OCPBUGS-36374): Set required-scc for openshift workloads [#484](https://github.com/openshift/cluster-storage-operator/pull/484) * [OCPBUGS-33466](https://issues.redhat.com/browse/OCPBUGS-33466): Fix problem-detector proxy setting [#471](https://github.com/openshift/cluster-storage-operator/pull/471) * [Full changelog](https://github.com/openshift/cluster-storage-operator/compare/1a2443a7fe8a00597f8c19382fb8ce617943029c...4c2b89d6a00e5a0c300b61dbad2a9e289c404e98) ### [cluster-update-keys](https://github.com/openshift/cluster-update-keys/tree/802233d84243d3eeceef50a29579501e94ebbf26) * [OCPBUGS-43626](https://issues.redhat.com/browse/OCPBUGS-43626): keys: Update Red Hat keys to use SHA256 signatures [#65](https://github.com/openshift/cluster-update-keys/pull/65) * [Full changelog](https://github.com/openshift/cluster-update-keys/compare/be6ba5b0acee8970345b5259025506a04562ad37...802233d84243d3eeceef50a29579501e94ebbf26) ### [cluster-version-operator](https://github.com/openshift/cluster-version-operator/tree/fbb41e8d40fd3753fb44cffe68189b717356c564) * [OCPBUGS-44328](https://issues.redhat.com/browse/OCPBUGS-44328): Fix desired before sync_worker's work is initialized [#1104](https://github.com/openshift/cluster-version-operator/pull/1104) * [OCPBUGS-36817](https://issues.redhat.com/browse/OCPBUGS-36817): Set required-scc for openshift workloads [#1068](https://github.com/openshift/cluster-version-operator/pull/1068) * [OCPBUGS-33984](https://issues.redhat.com/browse/OCPBUGS-33984): Add admin-gate for OCP 4.16 [#1049](https://github.com/openshift/cluster-version-operator/pull/1049) * [Full changelog](https://github.com/openshift/cluster-version-operator/compare/705f11a24965df33c4c3ae69147c0215e2109208...fbb41e8d40fd3753fb44cffe68189b717356c564) ### [console](https://github.com/openshift/console/tree/8e9e4015d859afb4219ae4c770a258fdf8aca565) * [OCPBUGS-44355](https://issues.redhat.com/browse/OCPBUGS-44355): A value submitted in From view is wrapped with single quotation after switching to Yaml view. [#14476](https://github.com/openshift/console/pull/14476) * [OCPBUGS-42355](https://issues.redhat.com/browse/OCPBUGS-42355): Fix TypeError: Cannot read properties of null (reading 'metadata') in Topology view [#14319](https://github.com/openshift/console/pull/14319) * [OCPBUGS-43414](https://issues.redhat.com/browse/OCPBUGS-43414): Console crashes when ssh is selected in add secret for starting a pipeline run [#14401](https://github.com/openshift/console/pull/14401) * [OCPBUGS-36559](https://issues.redhat.com/browse/OCPBUGS-36559): Increase login flow state paramater length/entropy [#14422](https://github.com/openshift/console/pull/14422) * [OCPBUGS-37202](https://issues.redhat.com/browse/OCPBUGS-37202): Bump github.com/cloudevents/sdk-go/v2 to 2.15.2 [#14073](https://github.com/openshift/console/pull/14073) * [OCPBUGS-42470](https://issues.redhat.com/browse/OCPBUGS-42470): List of default Camel K event sources disappears when adding a custom event source [#14331](https://github.com/openshift/console/pull/14331) * [OCPBUGS-42471](https://issues.redhat.com/browse/OCPBUGS-42471): Need to allow blank for Project/namespace when setting SA Subject in 'Project access tab' [#14332](https://github.com/openshift/console/pull/14332) * [OCPBUGS-33283](https://issues.redhat.com/browse/OCPBUGS-33283): Adjust NAD name to "network-xxx-xxx" when creating [#14020](https://github.com/openshift/console/pull/14020) * [OCPBUGS-42611](https://issues.redhat.com/browse/OCPBUGS-42611): Topology screen crashes when completed pod is selected [#14353](https://github.com/openshift/console/pull/14353) * [OCPBUGS-42648](https://issues.redhat.com/browse/OCPBUGS-42648): Switch to use annotations as labels from PipelineRuns created through Pipelines as Code is deprecated [#14358](https://github.com/openshift/console/pull/14358) * [OCPBUGS-38764](https://issues.redhat.com/browse/OCPBUGS-38764): Fix "Auto deploy when new image is available" becomes unchecked when editing a deployment from web console [#14177](https://github.com/openshift/console/pull/14177) * [OCPBUGS-41991](https://issues.redhat.com/browse/OCPBUGS-41991): Values entered into the Instantiate Template form are automatically cleared [#14294](https://github.com/openshift/console/pull/14294) * [OCPBUGS-42384](https://issues.redhat.com/browse/OCPBUGS-42384): Fix updating the "Until" field on the Silence > Edit page [#14322](https://github.com/openshift/console/pull/14322) * [OCPBUGS-39343](https://issues.redhat.com/browse/OCPBUGS-39343): The filepath including leading slash makes error during parsing devfile using Gitlab [#14227](https://github.com/openshift/console/pull/14227) * [OCPBUGS-42144](https://issues.redhat.com/browse/OCPBUGS-42144): Use vCenterCluster value from CM as primary resource [#14307](https://github.com/openshift/console/pull/14307) * [OCPBUGS-38537](https://issues.redhat.com/browse/OCPBUGS-38537): Include PatternFly-4 chart styles so they are available for dynamic plugins that still use PF4 react-charts [#14158](https://github.com/openshift/console/pull/14158) * [OCPBUGS-38108](https://issues.redhat.com/browse/OCPBUGS-38108): Revert - terminal: use username if uid is not present [#14114](https://github.com/openshift/console/pull/14114) * [OCPBUGS-32793](https://issues.redhat.com/browse/OCPBUGS-32793): Fix that telemetry events didn't incl. an userId anymore [#13792](https://github.com/openshift/console/pull/13792) * [OCPBUGS-38970](https://issues.redhat.com/browse/OCPBUGS-38970): DeploymentConfigs deprecation info alert should not present on the Edit deployment page [#14195](https://github.com/openshift/console/pull/14195) * [OCPBUGS-38969](https://issues.redhat.com/browse/OCPBUGS-38969): Tooltip on Pipeline when expression is not shows [#14194](https://github.com/openshift/console/pull/14194) * [OCPBUGS-39085](https://issues.redhat.com/browse/OCPBUGS-39085): Fix utilization card limits/total display [#14209](https://github.com/openshift/console/pull/14209) * [OCPBUGS-33938](https://issues.redhat.com/browse/OCPBUGS-33938): Add validation for vSphere fields Handle submit errors correctly [#14210](https://github.com/openshift/console/pull/14210) * [OCPBUGS-39112](https://issues.redhat.com/browse/OCPBUGS-39112): Disable Knative e2e tests [#14197](https://github.com/openshift/console/pull/14197) * [OCPBUGS-33076](https://issues.redhat.com/browse/OCPBUGS-33076): Remove deprecated resources from spec of the Pipeline [#13801](https://github.com/openshift/console/pull/13801) * [OCPBUGS-35495](https://issues.redhat.com/browse/OCPBUGS-35495): fix crash if helm chart metadata is nil [#13977](https://github.com/openshift/console/pull/13977) * [OCPBUGS-37452](https://issues.redhat.com/browse/OCPBUGS-37452): Redirects to new PipelineRun logs URL from old PipelineRun logs URL [#14083](https://github.com/openshift/console/pull/14083) * [OCPBUGS-38496](https://issues.redhat.com/browse/OCPBUGS-38496): Fix password set to Secret created through Start Pipeline form [#14152](https://github.com/openshift/console/pull/14152) * [OCPBUGS-37399](https://issues.redhat.com/browse/OCPBUGS-37399): Add default sorting column for VirtualizedTable component of dynamic plugin sdk [#14079](https://github.com/openshift/console/pull/14079) * [OCPBUGS-37099](https://issues.redhat.com/browse/OCPBUGS-37099): fix BMH restart annotation [#14071](https://github.com/openshift/console/pull/14071) * [OCPBUGS-37458](https://issues.redhat.com/browse/OCPBUGS-37458): one OAuth.config.openshift.io item on Global Configuration page links to non-existing resource [#14085](https://github.com/openshift/console/pull/14085) * [OCPBUGS-34477](https://issues.redhat.com/browse/OCPBUGS-34477): Import from Git allow users to import an app with Build option Pipeline also when no Pipeline is available [#13897](https://github.com/openshift/console/pull/13897) * [OCPBUGS-36971](https://issues.redhat.com/browse/OCPBUGS-36971): ensure correct API version for OperandDetails [#14058](https://github.com/openshift/console/pull/14058) * [OCPBUGS-34912](https://issues.redhat.com/browse/OCPBUGS-34912): Improve Pipeline list page performance [#13929](https://github.com/openshift/console/pull/13929) * [OCPBUGS-33642](https://issues.redhat.com/browse/OCPBUGS-33642): Patch PF dynamic module parser to exclude 'next' modules [#13849](https://github.com/openshift/console/pull/13849) * [OCPBUGS-32501](https://issues.redhat.com/browse/OCPBUGS-32501): Pipeline details page Metrics tab crashed due to no custom data [#13781](https://github.com/openshift/console/pull/13781) * [OCPBUGS-34478](https://issues.redhat.com/browse/OCPBUGS-34478): UI inconsistency in topology when application grouping is collapsed [#13898](https://github.com/openshift/console/pull/13898) * [OCPBUGS-34350](https://issues.redhat.com/browse/OCPBUGS-34350): Create Serverless form does not create BuildConfig [#13891](https://github.com/openshift/console/pull/13891) * [OCPBUGS-32029](https://issues.redhat.com/browse/OCPBUGS-32029): Use UserInfo username field when logging out as kubeadmin [#13748](https://github.com/openshift/console/pull/13748) * [OCPBUGS-30208](https://issues.redhat.com/browse/OCPBUGS-30208): Fix asynccache bugs [#13807](https://github.com/openshift/console/pull/13807) * [OCPBUGS-33838](https://issues.redhat.com/browse/OCPBUGS-33838): TaskRuns should not be fetched for Failed PLR's [#13863](https://github.com/openshift/console/pull/13863) * [OCPBUGS-34703](https://issues.redhat.com/browse/OCPBUGS-34703): fix bug where textarea is not resizable [#13913](https://github.com/openshift/console/pull/13913) * Revert "OCPBUGS-34550: Dont render ARN mode role field and warning for HyperShift clusters" [#13905](https://github.com/openshift/console/pull/13905) * [OCPBUGS-33263](https://issues.redhat.com/browse/OCPBUGS-33263): Pipeline list page is crashed when navigating from Search page [#13819](https://github.com/openshift/console/pull/13819) * [OCPBUGS-33166](https://issues.redhat.com/browse/OCPBUGS-33166): Fix NAD always on default namespace [#13865](https://github.com/openshift/console/pull/13865) * [OCPBUGS-31863](https://issues.redhat.com/browse/OCPBUGS-31863): make sure folder is encapsulated with quotas [#13737](https://github.com/openshift/console/pull/13737) * [OCPBUGS-33506](https://issues.redhat.com/browse/OCPBUGS-33506): Fix Pipeline details page with when expression using CEL expression [#13835](https://github.com/openshift/console/pull/13835) * [OCPBUGS-32505](https://issues.redhat.com/browse/OCPBUGS-32505): Add visual connector between VMs and non VMs workloads [#13782](https://github.com/openshift/console/pull/13782) * [OCPBUGS-33548](https://issues.redhat.com/browse/OCPBUGS-33548): restrict Masthead logo to max-height [#13839](https://github.com/openshift/console/pull/13839) * [OCPBUGS-32497](https://issues.redhat.com/browse/OCPBUGS-32497): Improve Create serverless function error message [#13778](https://github.com/openshift/console/pull/13778) * [OCPBUGS-33191](https://issues.redhat.com/browse/OCPBUGS-33191): Hide dev perspective Pipelines nav option if dynamic plugin nav option is enable [#13810](https://github.com/openshift/console/pull/13810) * [OCPBUGS-33058](https://issues.redhat.com/browse/OCPBUGS-33058): fix issues with Edit Route form [#13800](https://github.com/openshift/console/pull/13800) * [OCPBUGS-32187](https://issues.redhat.com/browse/OCPBUGS-32187): Add flag to hide Output tab contributed by pipelines-plugin [#13756](https://github.com/openshift/console/pull/13756) * [OCPBUGS-32716](https://issues.redhat.com/browse/OCPBUGS-32716): Helm Plugin's Catalog incorrectly renders a single index entry into multiple tiles [#13788](https://github.com/openshift/console/pull/13788) * [OCPBUGS-32506](https://issues.redhat.com/browse/OCPBUGS-32506): setting correct image trigger annotation [#13783](https://github.com/openshift/console/pull/13783) * [OCPBUGS-32933](https://issues.redhat.com/browse/OCPBUGS-32933): change OperatorHub filter FIPS Mode to Designed for FIPS [#13796](https://github.com/openshift/console/pull/13796) * [OCPBUGS-31799](https://issues.redhat.com/browse/OCPBUGS-31799): Improve PipelineRun list view performance [#13731](https://github.com/openshift/console/pull/13731) * [OCPBUGS-32796](https://issues.redhat.com/browse/OCPBUGS-32796): auth: fix OIDC logging out [#13793](https://github.com/openshift/console/pull/13793) * [OCPBUGS-31445](https://issues.redhat.com/browse/OCPBUGS-31445): Upgrade Pipeline trigger resources to v1beta1 [#13704](https://github.com/openshift/console/pull/13704) * [OCPBUGS-31045](https://issues.redhat.com/browse/OCPBUGS-31045): fix for execute inline markdown syntax issue [#13681](https://github.com/openshift/console/pull/13681) * [OCPBUGS-32518](https://issues.redhat.com/browse/OCPBUGS-32518): Add warning about service binding operator will not be supported from 4.15 [#13784](https://github.com/openshift/console/pull/13784) * [OCPBUGS-32391](https://issues.redhat.com/browse/OCPBUGS-32391): Routes created by devfiles do not always use HTTPS [#13771](https://github.com/openshift/console/pull/13771) * [OCPBUGS-32340](https://issues.redhat.com/browse/OCPBUGS-32340): Increased max nodes limit to 200 in topology page [#13767](https://github.com/openshift/console/pull/13767) * [OCPBUGS-32399](https://issues.redhat.com/browse/OCPBUGS-32399): Update devfile library to v2.2.2 [#13762](https://github.com/openshift/console/pull/13762) * [OCPBUGS-32156](https://issues.redhat.com/browse/OCPBUGS-32156): TaskRun status is not displayed near the name [#13752](https://github.com/openshift/console/pull/13752) * [OCPBUGS-31806](https://issues.redhat.com/browse/OCPBUGS-31806): Use bearer-token for local dev with auth [#13732](https://github.com/openshift/console/pull/13732) * [OCPBUGS-31839](https://issues.redhat.com/browse/OCPBUGS-31839): fix bug where paused MCPs were incorrectly unpausing w… [#13735](https://github.com/openshift/console/pull/13735) * [OCPBUGS-31105](https://issues.redhat.com/browse/OCPBUGS-31105): Update to pf5.2 to fix quick starts [#13686](https://github.com/openshift/console/pull/13686) * [OCPBUGS-31476](https://issues.redhat.com/browse/OCPBUGS-31476): Requesting for country codes in localization of openshift - webconsole [#13707](https://github.com/openshift/console/pull/13707) * [OCPBUGS-31046](https://issues.redhat.com/browse/OCPBUGS-31046): Application creation fail when manually entering input scaling value in local setup [#13682](https://github.com/openshift/console/pull/13682) * [OCPBUGS-30916](https://issues.redhat.com/browse/OCPBUGS-30916), [OCPBUGS-30917](https://issues.redhat.com/browse/OCPBUGS-30917): PipelineRuns in Console show wrong status or load indefinitely [#13672](https://github.com/openshift/console/pull/13672) * [OCPBUGS-30869](https://issues.redhat.com/browse/OCPBUGS-30869): TaskRun with same name in different project don't show 2 entries when listing in all namespace [#13668](https://github.com/openshift/console/pull/13668) * [OCPBUGS-31107](https://issues.redhat.com/browse/OCPBUGS-31107): Upload Jar form's Clear button is not functioning [#13688](https://github.com/openshift/console/pull/13688) * [OCPBUGS-30759](https://issues.redhat.com/browse/OCPBUGS-30759): Fix bugs in Console dynamic plugin SDK webpack code [#13678](https://github.com/openshift/console/pull/13678) * [OCPBUGS-30871](https://issues.redhat.com/browse/OCPBUGS-30871): fix Configure link in AlertmanagerReceiversNotConfigur… [#13669](https://github.com/openshift/console/pull/13669) * [OCPBUGS-29963](https://issues.redhat.com/browse/OCPBUGS-29963): i18n upload/download routine task - chore(i18n): update translations [#13670](https://github.com/openshift/console/pull/13670) * [OCPBUGS-30801](https://issues.redhat.com/browse/OCPBUGS-30801): Switch to service to get the PLR and TR logs from the Tekton results summary API [#13663](https://github.com/openshift/console/pull/13663) * [OCPBUGS-30275](https://issues.redhat.com/browse/OCPBUGS-30275): adjusting documentation links for 4.15 [#13648](https://github.com/openshift/console/pull/13648) * [OCPBUGS-30870](https://issues.redhat.com/browse/OCPBUGS-30870): chore(i18n): update translations: Completed OCP-4.15/Master Branch/Sprint 245 [#13641](https://github.com/openshift/console/pull/13641) * [Full changelog](https://github.com/openshift/console/compare/3ba6e63b106a9d10983887431ed705e48c401250...8e9e4015d859afb4219ae4c770a258fdf8aca565) ### [console-operator](https://github.com/openshift/console-operator/tree/5d7ebcddf5a58d44ba37d63b149b06d6fc5ae1d8) * [OCPBUGS-37408](https://issues.redhat.com/browse/OCPBUGS-37408): set required-scc for openshift workloads [#924](https://github.com/openshift/console-operator/pull/924) * [OCPBUGS-31520](https://issues.redhat.com/browse/OCPBUGS-31520): oidc: synchronize the CM with a CA to trust the issuer, if configured [#881](https://github.com/openshift/console-operator/pull/881) * [OCPBUGS-33720](https://issues.redhat.com/browse/OCPBUGS-33720): Add missing return statement to fix crash in healthcheck controller [#903](https://github.com/openshift/console-operator/pull/903) * [OCPBUGS-31499](https://issues.redhat.com/browse/OCPBUGS-31499): Update RHDH QuickStarts and add CR examples [#880](https://github.com/openshift/console-operator/pull/880) * [OCPBUGS-31619](https://issues.redhat.com/browse/OCPBUGS-31619): use InfrastructureTopology for clusters using external CP as the console deploys on the worker nodes [#882](https://github.com/openshift/console-operator/pull/882) * [OCPBUGS-29332](https://issues.redhat.com/browse/OCPBUGS-29332): Remove Janus IDP and update RHDH quickstarts [#863](https://github.com/openshift/console-operator/pull/863) * [Full changelog](https://github.com/openshift/console-operator/compare/e9ec54b60ce943bace46ef7493452e2be3c39983...5d7ebcddf5a58d44ba37d63b149b06d6fc5ae1d8) ### [container-networking-plugins](https://github.com/openshift/containernetworking-plugins/tree/401d35070f2d1d4db3f08ffe183b8262754b7287) * [OCPBUGS-30045](https://issues.redhat.com/browse/OCPBUGS-30045): [4.15] cherry-pick containernetworking/plugins#997 [#155](https://github.com/openshift/containernetworking-plugins/pull/155) * [Full changelog](https://github.com/openshift/containernetworking-plugins/compare/c6cfbfe37adc5ecf540b1771c41bb38ad0a982d7...401d35070f2d1d4db3f08ffe183b8262754b7287) ### [coredns](https://github.com/openshift/coredns/tree/1326282c9e158078634be4261b75ded247d233d7) * [OCPBUGS-37158](https://issues.redhat.com/browse/OCPBUGS-37158): UPSTREAM: 6354: openshift: key cache on Checking Disabled (CD) bit [#125](https://github.com/openshift/coredns/pull/125) * [Full changelog](https://github.com/openshift/coredns/compare/22f950eae53fcba187c2303ac4f1a8305b6c1c8a...1326282c9e158078634be4261b75ded247d233d7) ### [csi-driver-manila, openstack-cinder-csi-driver, openstack-cloud-controller-manager](https://github.com/openshift/cloud-provider-openstack/tree/6ab1226a552376801e1f5712e3189a27729a23ed) * [OCPBUGS-38170](https://issues.redhat.com/browse/OCPBUGS-38170): rebase CPO on 4.15 [#274](https://github.com/openshift/cloud-provider-openstack/pull/274) * [OCPBUGS-32246](https://issues.redhat.com/browse/OCPBUGS-32246): Remove enforcement of IPv6 LB as internal [#277](https://github.com/openshift/cloud-provider-openstack/pull/277) * [Full changelog](https://github.com/openshift/cloud-provider-openstack/compare/1bec5942cd0651a3c2f7114368591f334952ceda...6ab1226a552376801e1f5712e3189a27729a23ed) ### [csi-driver-manila-operator](https://github.com/openshift/csi-driver-manila-operator/tree/9bcf382eb68d3dd13a553dce41822d24da3870d0) * [OCPBUGS-38023](https://issues.redhat.com/browse/OCPBUGS-38023): Set required-scc for openshift workloads [#236](https://github.com/openshift/csi-driver-manila-operator/pull/236) * [Full changelog](https://github.com/openshift/csi-driver-manila-operator/compare/2fc4a7cc8f67164f6b11a0f4453201bbbb6fc9b7...9bcf382eb68d3dd13a553dce41822d24da3870d0) ### [csi-external-snapshotter, csi-snapshot-controller, csi-snapshot-validation-webhook](https://github.com/openshift/csi-external-snapshotter/tree/4f2955c7c90cd150f9dfae782148d0fa8eba7342) * [OCPBUGS-31599](https://issues.redhat.com/browse/OCPBUGS-31599): add cmdline args to enable group snapshot webhooks [#147](https://github.com/openshift/csi-external-snapshotter/pull/147) * [Full changelog](https://github.com/openshift/csi-external-snapshotter/compare/50fa049ccaa48d7f7dcb165fb6e20c185a0cbd13...4f2955c7c90cd150f9dfae782148d0fa8eba7342) ### [docker-builder](https://github.com/openshift/builder/tree/160e7cacc7ab7a6664e4c574b78139a29ace9cd3) * [OCPBUGS-32845](https://issues.redhat.com/browse/OCPBUGS-32845): bump go-jose to fix CVE-2024-28180 [#396](https://github.com/openshift/builder/pull/396) * [BUILD-854](https://issues.redhat.com/browse/BUILD-854): Add adambkaplan as approver [#381](https://github.com/openshift/builder/pull/381) * [Full changelog](https://github.com/openshift/builder/compare/630692db2a3a39369d3c772a2543d7f2ea198455...160e7cacc7ab7a6664e4c574b78139a29ace9cd3) ### [docker-registry](https://github.com/openshift/image-registry/tree/b9de67d83c9f850ed42317495b7b340109b3c9ac) * [OCPBUGS-36287](https://issues.redhat.com/browse/OCPBUGS-36287): use SelfSubjectReview to obtain user info #406 [#406](https://github.com/openshift/image-registry/pull/406) * [OCPBUGS-31641](https://issues.redhat.com/browse/OCPBUGS-31641): vendor: bump aws-sdk-go to support ca-west-1 [#396](https://github.com/openshift/image-registry/pull/396) * [Full changelog](https://github.com/openshift/image-registry/compare/340eda0bfc9a86254d7f0f37cd6a5320779ecf81...b9de67d83c9f850ed42317495b7b340109b3c9ac) ### [egress-router-cni](https://github.com/openshift/egress-router-cni/tree/f8ec690bc12a13ec7c9c45f0e3696ad02e143581) * [OCPBUGS-35524](https://issues.redhat.com/browse/OCPBUGS-35524): update to go 1.20 and k8s.io mods to v0.28.3 [#86](https://github.com/openshift/egress-router-cni/pull/86) * [Full changelog](https://github.com/openshift/egress-router-cni/compare/39ea8ee1d8299b9052be76bd4b50c79d731c9e38...f8ec690bc12a13ec7c9c45f0e3696ad02e143581) ### [etcd](https://github.com/openshift/etcd/tree/a7005ef1eae85eec6c59411860538169cea182fd) * [OCPBUGS-32768](https://issues.redhat.com/browse/OCPBUGS-32768): Revert "OCPBUGS-31644: Rebase etcd 3.5.13 openshift 4.15" [#264](https://github.com/openshift/etcd/pull/264) * [OCPBUGS-31644](https://issues.redhat.com/browse/OCPBUGS-31644): Rebase etcd 3.5.13 openshift 4.15 [#260](https://github.com/openshift/etcd/pull/260) * [OCPBUGS-28731](https://issues.redhat.com/browse/OCPBUGS-28731): Rebase etcd 3.5.12 openshift 4.15 [#243](https://github.com/openshift/etcd/pull/243) * [Full changelog](https://github.com/openshift/etcd/compare/5acb4f3078adbea40d050365ac5294229e574c67...a7005ef1eae85eec6c59411860538169cea182fd) ### [gcp-cloud-controller-manager](https://github.com/openshift/cloud-provider-gcp/tree/fc50272ac32348a96455688c470bf256b1042825) * [OCPBUGS-30970](https://issues.redhat.com/browse/OCPBUGS-30970): Update gcr-credential-provider.spec [#60](https://github.com/openshift/cloud-provider-gcp/pull/60) * [OCPBUGS-30970](https://issues.redhat.com/browse/OCPBUGS-30970): Adds auth-provider-gcp .spec file and build script [#59](https://github.com/openshift/cloud-provider-gcp/pull/59) * [Full changelog](https://github.com/openshift/cloud-provider-gcp/compare/118209dfa2ee7ce8acea2872db4544068aa9e1a1...fc50272ac32348a96455688c470bf256b1042825) ### [gcp-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-gcp/tree/bad54034ed075b24ee8962661e78cfbd84a7dd0a) * [OCPBUGS-30117](https://issues.redhat.com/browse/OCPBUGS-30117): manifests: Add in CustomNoUpgrade [#225](https://github.com/openshift/cluster-api-provider-gcp/pull/225) * [OCPBUGS-30595](https://issues.redhat.com/browse/OCPBUGS-30595): fix e2e tests on release branches [#223](https://github.com/openshift/cluster-api-provider-gcp/pull/223) * [Full changelog](https://github.com/openshift/cluster-api-provider-gcp/compare/8a32c37ba168db37780064dc2798f9e6b230dd85...bad54034ed075b24ee8962661e78cfbd84a7dd0a) ### [haproxy-router](https://github.com/openshift/router/tree/dc38fbd84dfbed3a897f2d36b469d0ccfd1ecda3) * [OCPBUGS-28928](https://issues.redhat.com/browse/OCPBUGS-28928): Upgrade Validation plugin for SHA1 certs [#585](https://github.com/openshift/router/pull/585) * [OCPBUGS-32977](https://issues.redhat.com/browse/OCPBUGS-32977): Count active services before setting weight to 1 [#586](https://github.com/openshift/router/pull/586) * [OCPBUGS-32693](https://issues.redhat.com/browse/OCPBUGS-32693): Reject routes with MD5 certs [#584](https://github.com/openshift/router/pull/584) * [OCPBUGS-32435](https://issues.redhat.com/browse/OCPBUGS-32435): Introduce 'idle-close-on-response' option for frontends [#579](https://github.com/openshift/router/pull/579) * [OCPBUGS-31544](https://issues.redhat.com/browse/OCPBUGS-31544): Properly handle rewrite-target annotation [#569](https://github.com/openshift/router/pull/569) * [Full changelog](https://github.com/openshift/router/compare/b7001137f832d02d4ed68cba27fe3001ff523fa6...dc38fbd84dfbed3a897f2d36b469d0ccfd1ecda3) ### [hyperkube, pod](https://github.com/openshift/kubernetes/tree/502c5ce31170c64d2cb97884b450aea9b63eb2e8) * [OCPBUGS-42169](https://issues.redhat.com/browse/OCPBUGS-42169): Bump k8s api to 1.28.14 [#2091](https://github.com/openshift/kubernetes/pull/2091) * [OCPBUGS-39016](https://issues.redhat.com/browse/OCPBUGS-39016): Update to Kubernetes v1.28.13 [#2063](https://github.com/openshift/kubernetes/pull/2063) * [OCPBUGS-31467](https://issues.redhat.com/browse/OCPBUGS-31467): Return from EnsureHostInPool on all NIC errors [#1964](https://github.com/openshift/kubernetes/pull/1964) * : OCPBUGS-38861: Upstream: 115702 kubelet: output log even file is rotated [#2058](https://github.com/openshift/kubernetes/pull/2058) * NO-JIRA: update downstream owners [#2050](https://github.com/openshift/kubernetes/pull/2050) * [OCPBUGS-37622](https://issues.redhat.com/browse/OCPBUGS-37622): Bump to Kubernetes v1.28.12 [#2037](https://github.com/openshift/kubernetes/pull/2037) * [OCPBUGS-35552](https://issues.redhat.com/browse/OCPBUGS-35552): Bump to Kubernetes v1.28.11 [#1994](https://github.com/openshift/kubernetes/pull/1994) * [OCPBUGS-33711](https://issues.redhat.com/browse/OCPBUGS-33711): Bump to Kubernetes v1.28.10 [#1969](https://github.com/openshift/kubernetes/pull/1969) * [OCPBUGS-33347](https://issues.redhat.com/browse/OCPBUGS-33347): Provide SCC access via RBAC [#1962](https://github.com/openshift/kubernetes/pull/1962) * [OCPBUGS-29613](https://issues.redhat.com/browse/OCPBUGS-29613): UPSTREAM: <carry>: bump structured-merge-diff [#1893](https://github.com/openshift/kubernetes/pull/1893) * [OCPBUGS-32299](https://issues.redhat.com/browse/OCPBUGS-32299): Bump to k8s 1.28.9 [#1946](https://github.com/openshift/kubernetes/pull/1946) * [OCPBUGS-29922](https://issues.redhat.com/browse/OCPBUGS-29922): UPSTREAM: <carry>: openshift-kube-apiserver: pod .spec.nodeName should not override project node selector in podNodeEnvironment admission plugin [#1897](https://github.com/openshift/kubernetes/pull/1897) * [OCPBUGS-31807](https://issues.redhat.com/browse/OCPBUGS-31807): UPSTREAM: <carry>: allow type mutation for specific secrets [#1939](https://github.com/openshift/kubernetes/pull/1939) * UPSTREAM: <carry>: OCPBUGS-31348: fix cpu manager cpuset check [#1915](https://github.com/openshift/kubernetes/pull/1915) * [OCPBUGS-31740](https://issues.redhat.com/browse/OCPBUGS-31740): 4.15: UPSTREAM: 124048: Use the right feature gate when updating uncertain volumes [#1935](https://github.com/openshift/kubernetes/pull/1935) * [OCPBUGS-31503](https://issues.redhat.com/browse/OCPBUGS-31503): Bump to 1.28.8 [#1926](https://github.com/openshift/kubernetes/pull/1926) * Address CVE [#11](https://github.com/openshift/kubernetes/pull/11) * [OCPBUGS-30963](https://issues.redhat.com/browse/OCPBUGS-30963): Set up CEL IP/CIDR library from 4.14 onwards [#1912](https://github.com/openshift/kubernetes/pull/1912) * [Full changelog](https://github.com/openshift/kubernetes/compare/6e2789bbd5893851c8bc4423e0090cd71b64f436...502c5ce31170c64d2cb97884b450aea9b63eb2e8) ### [hypershift](https://github.com/openshift/hypershift/tree/ff2600ab1d4ff8f5b6a860b5e9f9e9b38724e667) * NO-JIRA: chore(deps): update konflux references (release-4.15) [#5159](https://github.com/openshift/hypershift/pull/5159) * chore(deps): update konflux references (release-4.15) [#5136](https://github.com/openshift/hypershift/pull/5136) * NO-JIRA: chore(deps): update registry.access.redhat.com/ubi9-minimal docker tag to v9.5-1731604394 (release-4.15) [#5129](https://github.com/openshift/hypershift/pull/5129) * chore(deps): update konflux references (release-4.15) [#5118](https://github.com/openshift/hypershift/pull/5118) * NO-JIRA: chore(deps): update registry.access.redhat.com/ubi9-minimal docker tag to v9.5-1731518200 (release-4.15) [#5106](https://github.com/openshift/hypershift/pull/5106) * chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v9 (release-4.15) [#5110](https://github.com/openshift/hypershift/pull/5110) * NO-JIRA: Update Konflux references (release-4.15) [#5109](https://github.com/openshift/hypershift/pull/5109) * NO-JIRA: chore(deps): update konflux references to 11b7f08 (release-4.15) [#5101](https://github.com/openshift/hypershift/pull/5101) * chore(deps): update konflux references (release-4.15) [#5077](https://github.com/openshift/hypershift/pull/5077) * NO-JIRA: chore(deps): update konflux references (release-4.15) [#5054](https://github.com/openshift/hypershift/pull/5054) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.44 (release-4.15) [#5060](https://github.com/openshift/hypershift/pull/5060) * [OCPBUGS-44201](https://issues.redhat.com/browse/OCPBUGS-44201): add ValidIDPConfiguration condition to report IDP config issues [#5037](https://github.com/openshift/hypershift/pull/5037) * NO-JIRA: Update Konflux references to fedcfe0 (release-4.15) [#5040](https://github.com/openshift/hypershift/pull/5040) * chore(deps): update konflux references (release-4.15) [#5025](https://github.com/openshift/hypershift/pull/5025) * chore(deps): update konflux references to f53fe54 (release-4.15) [#5022](https://github.com/openshift/hypershift/pull/5022) * NO-JIRA: Update squidfunk/mkdocs-material Docker tag to v9.5.43 (release-4.15) [#5016](https://github.com/openshift/hypershift/pull/5016) * NO-JIRA: Update Konflux references (release-4.15) [#5010](https://github.com/openshift/hypershift/pull/5010) * NO-JIRA: chore(deps): update konflux references (release-4.15) [#4974](https://github.com/openshift/hypershift/pull/4974) * [OCPBUGS-43635](https://issues.redhat.com/browse/OCPBUGS-43635): label routes only when HCP router used [#4961](https://github.com/openshift/hypershift/pull/4961) * NO-JIRA: chore(deps): update konflux references (release-4.15) [#4957](https://github.com/openshift/hypershift/pull/4957) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.42 (release-4.15) [#4949](https://github.com/openshift/hypershift/pull/4949) * [OCPBUGS-43468](https://issues.redhat.com/browse/OCPBUGS-43468): Use guest DNS resolution in Konnectivity HTTPS proxy by default [#4929](https://github.com/openshift/hypershift/pull/4929) * NO-JIRA: chore(deps): update konflux references (release-4.15) [#4932](https://github.com/openshift/hypershift/pull/4932) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.41 (release-4.15) [#4916](https://github.com/openshift/hypershift/pull/4916) * NO-JIRA: chore(deps): update konflux references (release-4.15) [#4922](https://github.com/openshift/hypershift/pull/4922) * NO-JIRA: chore(deps): update konflux references to 674e70f (release-4.15) [#4909](https://github.com/openshift/hypershift/pull/4909) * [OCPBUGS-42881](https://issues.redhat.com/browse/OCPBUGS-42881): Let payload generation pick the release for the NodePool [#4867](https://github.com/openshift/hypershift/pull/4867) * [OCPBUGS-42992](https://issues.redhat.com/browse/OCPBUGS-42992): Conditionally manage kubeconfig secrets for DNS and Ingress operators [#4876](https://github.com/openshift/hypershift/pull/4876) * NO-JIRA: chore(deps): update konflux references (release-4.15) [#4897](https://github.com/openshift/hypershift/pull/4897) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.40 (release-4.15) [#4881](https://github.com/openshift/hypershift/pull/4881) * NO-JIRA: chore(deps): update konflux references to 37b9187 (release-4.15) [#4850](https://github.com/openshift/hypershift/pull/4850) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.39 (release-4.15) [#4807](https://github.com/openshift/hypershift/pull/4807) * NO-JIRA: chore(deps): update konflux references (release-4.15) [#4815](https://github.com/openshift/hypershift/pull/4815) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.37 (release-4.15) [#4793](https://github.com/openshift/hypershift/pull/4793) * NO-JIRA: chore(deps): update konflux references (release-4.15) [#4777](https://github.com/openshift/hypershift/pull/4777) * chore(deps): update registry.access.redhat.com/ubi9-minimal docker tag to v9.4-1227.1726694542 (release-4.15) [#4766](https://github.com/openshift/hypershift/pull/4766) * NO-JIRA: Update squidfunk/mkdocs-material Docker tag to v9 (release-4.15) [#4770](https://github.com/openshift/hypershift/pull/4770) * chore(deps): update squidfunk/mkdocs-material docker tag to v8.5.11 (release-4.15) [#4769](https://github.com/openshift/hypershift/pull/4769) * chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v1.21 (release-4.15) [#4767](https://github.com/openshift/hypershift/pull/4767) * NO-JIRA: chore(deps): update konflux references (release-4.15) [#4762](https://github.com/openshift/hypershift/pull/4762) * [OCPBUGS-41373](https://issues.redhat.com/browse/OCPBUGS-41373): CPO oauth idp converter: resolve names before dialing [#4746](https://github.com/openshift/hypershift/pull/4746) * NO-JIRA: Security fixes for openshift-ci-security job [#4751](https://github.com/openshift/hypershift/pull/4751) * [OCPBUGS-42214](https://issues.redhat.com/browse/OCPBUGS-42214): Make guest cluster components use the correct KAS port [#4749](https://github.com/openshift/hypershift/pull/4749) * [OCPBUGS-38059](https://issues.redhat.com/browse/OCPBUGS-38059): Add HTTP konnectivity proxy to OAuth server [#4497](https://github.com/openshift/hypershift/pull/4497) * [HOSTEDCP-1956](https://issues.redhat.com/browse/HOSTEDCP-1956): bump CCO and go-jose version [#4697](https://github.com/openshift/hypershift/pull/4697) * NO-JIRA: chore(deps): update konflux references (release-4.15) [#4719](https://github.com/openshift/hypershift/pull/4719) * [OCPBUGS-41701](https://issues.redhat.com/browse/OCPBUGS-41701): cmd: report server version, supported OCP [#4702](https://github.com/openshift/hypershift/pull/4702) * [OCPBUGS-38065](https://issues.redhat.com/browse/OCPBUGS-38065): [release-4.15] Use HTTP proxy for ingress controller [#4699](https://github.com/openshift/hypershift/pull/4699) * [OCPBUGS-41809](https://issues.redhat.com/browse/OCPBUGS-41809): copy image-registry AdditionalTrustedCA configmap into HC openshift-config [#4706](https://github.com/openshift/hypershift/pull/4706) * [HOSTEDCP-1896](https://issues.redhat.com/browse/HOSTEDCP-1896): [release-4.15] Allow setting Kube APIServer maximum requests in flight [#4552](https://github.com/openshift/hypershift/pull/4552) * [OCPBUGS-39463](https://issues.redhat.com/browse/OCPBUGS-39463): handle version skewed NodePools that do not have rhel9 binaries [#4666](https://github.com/openshift/hypershift/pull/4666) * [OCPBUGS-39077](https://issues.redhat.com/browse/OCPBUGS-39077): Set KCM node monitor grace period [#4628](https://github.com/openshift/hypershift/pull/4628) * [OCPBUGS-30465](https://issues.redhat.com/browse/OCPBUGS-30465): fix: bump google.golang.org/protobuf [#4616](https://github.com/openshift/hypershift/pull/4616) * [OCPBUGS-39171](https://issues.redhat.com/browse/OCPBUGS-39171): fix: bump github.com/IBM/go-sdk-core/v5 [#4625](https://github.com/openshift/hypershift/pull/4625) * [OCPBUGS-35815](https://issues.redhat.com/browse/OCPBUGS-35815): Add hypershift-cluster-version-operator image to release providers [#4243](https://github.com/openshift/hypershift/pull/4243) * NO-JIRA: test: relax mgmt KAS egress check [#4631](https://github.com/openshift/hypershift/pull/4631) * NO-JIRA: Tolerate restarts for kubevirt external infra [#4200](https://github.com/openshift/hypershift/pull/4200) * NO-JIRA: Flaky cert validation test [#4630](https://github.com/openshift/hypershift/pull/4630) * [OCPBUGS-38943](https://issues.redhat.com/browse/OCPBUGS-38943): copy oapi ca-trust recursively when building trust anchor [#4613](https://github.com/openshift/hypershift/pull/4613) * [OCPBUGS-39041](https://issues.redhat.com/browse/OCPBUGS-39041): set proxy envvars on aws and azure CCMs [#4624](https://github.com/openshift/hypershift/pull/4624) * [OCPBUGS-38613](https://issues.redhat.com/browse/OCPBUGS-38613): hcco: reconcile apiserver config into hosted cluster [#4567](https://github.com/openshift/hypershift/pull/4567) * [OCPBUGS-38561](https://issues.redhat.com/browse/OCPBUGS-38561): Let the CPO oidc check resolve through data plane [#4564](https://github.com/openshift/hypershift/pull/4564) * [OCPBUGS-34904](https://issues.redhat.com/browse/OCPBUGS-34904): remove weak ciphers from security profile [#4547](https://github.com/openshift/hypershift/pull/4547) * [OCPBUGS-37171](https://issues.redhat.com/browse/OCPBUGS-37171): OCPBUGS-35899: Doubled machineHealthCheck timeout on Agent and None [#4489](https://github.com/openshift/hypershift/pull/4489) * NO-JIRA: Update Konflux 4.15 and perform migration [#4487](https://github.com/openshift/hypershift/pull/4487) * NO-JIRA: [release-4.15] Kubevirt on Azure: Change KAS LB Port to 7443 [#4469](https://github.com/openshift/hypershift/pull/4469) * [OCPBUGS-36938](https://issues.redhat.com/browse/OCPBUGS-36938): [release-4.15]: Add HTTP(s) konnectivity proxy and use it with OpenShift APIServer [#4358](https://github.com/openshift/hypershift/pull/4358) * [OCPBUGS-37174](https://issues.redhat.com/browse/OCPBUGS-37174): Delete IDMS in dataplane once HCP ICS field is removed [#4457](https://github.com/openshift/hypershift/pull/4457) * NO-JIRA: [release-4.15] kubevirt-csi-driver: Pass infra kubeconfig in case of external infra [#4279](https://github.com/openshift/hypershift/pull/4279) * [HOSTEDCP-1795](https://issues.redhat.com/browse/HOSTEDCP-1795), [HOSTEDCP-1796](https://issues.redhat.com/browse/HOSTEDCP-1796): Customize the self-generated cert validity and rotation [#4444](https://github.com/openshift/hypershift/pull/4444) * [OCPBUGS-36916](https://issues.redhat.com/browse/OCPBUGS-36916): Add newline after TLS certs referenced by image.config [#4443](https://github.com/openshift/hypershift/pull/4443) * [OCPBUGS-37695](https://issues.redhat.com/browse/OCPBUGS-37695): Set right endpointSlice port [#4441](https://github.com/openshift/hypershift/pull/4441) * NO-JIRA: Red Hat Konflux update hypershift-release-mce-25 [#4433](https://github.com/openshift/hypershift/pull/4433) * NO-JIRA: [release-4.15] test/e2e: remove api budget checks [#4413](https://github.com/openshift/hypershift/pull/4413) * [OCPBUGS-37266](https://issues.redhat.com/browse/OCPBUGS-37266): extract rhel9 MCO binaries for rhel8 based MCO images [#4385](https://github.com/openshift/hypershift/pull/4385) * [OCPBUGS-36606](https://issues.redhat.com/browse/OCPBUGS-36606): enable audit log for oauth-openshift [#4320](https://github.com/openshift/hypershift/pull/4320) * [HOSTEDCP-1714](https://issues.redhat.com/browse/HOSTEDCP-1714): Kubernetes API Server Log Verbosity Annotation cherry pick to 4.15 [#4178](https://github.com/openshift/hypershift/pull/4178) * [OCPBUGS-35736](https://issues.redhat.com/browse/OCPBUGS-35736): Complete KAS migration to none endpoint reconciler type [#4228](https://github.com/openshift/hypershift/pull/4228) * [OCPBUGS-35935](https://issues.redhat.com/browse/OCPBUGS-35935): check mgmt cluster for route capability before DeleteIfNeeded for ovn sbdb route [#4265](https://github.com/openshift/hypershift/pull/4265) * NO-JIRA: chore(deps): update konflux references (release-4.15) [#4259](https://github.com/openshift/hypershift/pull/4259) * [OCPBUGS-35714](https://issues.redhat.com/browse/OCPBUGS-35714): Generate default worker security group rules based on machineCIDR [#4266](https://github.com/openshift/hypershift/pull/4266) * NO-JIRA: chore(deps): update konflux references (release-4.15) [#4252](https://github.com/openshift/hypershift/pull/4252) * [OCPBUGS-32404](https://issues.redhat.com/browse/OCPBUGS-32404): Fix failure to create a second hostedcluster in the same namespace [#3907](https://github.com/openshift/hypershift/pull/3907) * NO-JIRA: chore(deps): update konflux references to ff44cf3 (release-4.15) [#4246](https://github.com/openshift/hypershift/pull/4246) * NO-JIRA: feat(olm): Set packageserver replicas to 2 for IBMCloudPlatform [#4231](https://github.com/openshift/hypershift/pull/4231) * chore(deps): update konflux references to 2be7c9c (release-4.15) [#4224](https://github.com/openshift/hypershift/pull/4224) * [OCPBUGS-34580](https://issues.redhat.com/browse/OCPBUGS-34580): Add TrustedBundles to OAS container [#4211](https://github.com/openshift/hypershift/pull/4211) * NO-JIRA: hack: make the e2e script generic [#4199](https://github.com/openshift/hypershift/pull/4199) * [OCPBUGS-33627](https://issues.redhat.com/browse/OCPBUGS-33627): Restrict image registry overrides to control plane components [#4131](https://github.com/openshift/hypershift/pull/4131) * [OCPBUGS-34156](https://issues.redhat.com/browse/OCPBUGS-34156): fix router on 4.14 y-stream upgrade [#4077](https://github.com/openshift/hypershift/pull/4077) * [OCPBUGS-35002](https://issues.redhat.com/browse/OCPBUGS-35002): [release-4.15] HOSTEDCP-1122: Backport etcd defrag controller [#4162](https://github.com/openshift/hypershift/pull/4162) * NO-JIRA: Update Konflux references to 1025001 (release-4.15) [#4180](https://github.com/openshift/hypershift/pull/4180) * NO-JIRA: chore(deps): update konflux references (release-4.15) [#4167](https://github.com/openshift/hypershift/pull/4167) * [OCPBUGS-34997](https://issues.redhat.com/browse/OCPBUGS-34997): add AWS STS URL to OIDC provider audiences [#4157](https://github.com/openshift/hypershift/pull/4157) * [OCPBUGS-35074](https://issues.redhat.com/browse/OCPBUGS-35074): Fix disconnected metadata inspection for nodepool [#4175](https://github.com/openshift/hypershift/pull/4175) * [HOSTEDCP-1708](https://issues.redhat.com/browse/HOSTEDCP-1708): remove liveness and readiness probes that use the metrics [#4128](https://github.com/openshift/hypershift/pull/4128) * [OCPBUGS-34423](https://issues.redhat.com/browse/OCPBUGS-34423): Fixed audit-logs sigterm failing to terminate gracefully [#4089](https://github.com/openshift/hypershift/pull/4089) * [OCPBUGS-33526](https://issues.redhat.com/browse/OCPBUGS-33526): Disable DNS resolving for CNO [#4148](https://github.com/openshift/hypershift/pull/4148) * [OCPBUGS-34904](https://issues.redhat.com/browse/OCPBUGS-34904): remove weak cipher [#4156](https://github.com/openshift/hypershift/pull/4156) * [OCPBUGS-34510](https://issues.redhat.com/browse/OCPBUGS-34510): Reconcile KAS endpoints and endpoint slice [#4097](https://github.com/openshift/hypershift/pull/4097) * NO-JIRA: test/e2e: fix prometheus serviceaccount handling against 4.16+ [#4151](https://github.com/openshift/hypershift/pull/4151) * NO-JIRA: chore(deps): update rhtap references (release-4.15) [#4120](https://github.com/openshift/hypershift/pull/4120) * NO-JIRA: chore(deps): update rhtap references (release-4.15) [#4072](https://github.com/openshift/hypershift/pull/4072) * [OCPBUGS-33510](https://issues.redhat.com/browse/OCPBUGS-33510): Run haproxy to connect to kas from data plane if noproxy settings contain kas [#4014](https://github.com/openshift/hypershift/pull/4014) * NO-JIRA: chore(deps): update rhtap references to 7cd8020 (release-4.15) [#4064](https://github.com/openshift/hypershift/pull/4064) * NO-JIRA: Remove CLI inspection of release image [#4056](https://github.com/openshift/hypershift/pull/4056) * [HOSTEDCP-1518](https://issues.redhat.com/browse/HOSTEDCP-1518): Preserve container resource requests and limits [#4032](https://github.com/openshift/hypershift/pull/4032) * NO-JIRA: Update RHTAP references (release-4.15) [#4041](https://github.com/openshift/hypershift/pull/4041) * [OCPBUGS-33118](https://issues.redhat.com/browse/OCPBUGS-33118): Recycler-pod image now points to the OCP Payload reference [#3963](https://github.com/openshift/hypershift/pull/3963) * [OCPBUGS-32220](https://issues.redhat.com/browse/OCPBUGS-32220): Fix disconnected metadata inspection [#3881](https://github.com/openshift/hypershift/pull/3881) * NO-JIRA: Update RHTAP references to 1f62eaf (release-4.15) [#4030](https://github.com/openshift/hypershift/pull/4030) * [OCPBUGS-33117](https://issues.redhat.com/browse/OCPBUGS-33117): Reconcile over ICSP/IDMS [#3962](https://github.com/openshift/hypershift/pull/3962) * NO-JIRA: Update RHTAP references to 2d39df1 (release-4.15) [#4022](https://github.com/openshift/hypershift/pull/4022) * [HOSTEDCP-1480](https://issues.redhat.com/browse/HOSTEDCP-1480): Update TLS cert hash creation with sha512 [#4017](https://github.com/openshift/hypershift/pull/4017) * [HOSTEDCP-1513](https://issues.redhat.com/browse/HOSTEDCP-1513): Support hypershift-operator scoping for hostedclusters [#3998](https://github.com/openshift/hypershift/pull/3998) * Revert "[release-4.15] OCPBUGS-32013: Set OPERATOR_IMAGE environment variable" [#3939](https://github.com/openshift/hypershift/pull/3939) * [OCPBUGS-33207](https://issues.redhat.com/browse/OCPBUGS-33207): Remove kube-scheduler readiness probe [#3955](https://github.com/openshift/hypershift/pull/3955) * NO-JIRA: chore(deps): update rhtap references to c6fdbf4 (release-4.15) [#3989](https://github.com/openshift/hypershift/pull/3989) * [OCPBUGS-25858](https://issues.redhat.com/browse/OCPBUGS-25858): Improve description for agent APIServerAddress CLI flag [#3977](https://github.com/openshift/hypershift/pull/3977) * [OCPBUGS-33224](https://issues.redhat.com/browse/OCPBUGS-33224): disable OCM pull secret controller when imageregistry config managementstate is Removed [#3976](https://github.com/openshift/hypershift/pull/3976) * NO-JIRA: chore(deps): update rhtap references (release-4.15) [#3982](https://github.com/openshift/hypershift/pull/3982) * [OCPBUGS-31747](https://issues.redhat.com/browse/OCPBUGS-31747): update desired image even when HCP doesn't exist yet [#3839](https://github.com/openshift/hypershift/pull/3839) * NO-JIRA: chore(deps): update rhtap references to e9efe99 (release-4.15) [#3974](https://github.com/openshift/hypershift/pull/3974) * [OCPBUGS-32229](https://issues.redhat.com/browse/OCPBUGS-32229): disable autoscaler when no nodepool require it [#3884](https://github.com/openshift/hypershift/pull/3884) * NO-JIRA: chore(deps): update rhtap references (release-4.15) [#3967](https://github.com/openshift/hypershift/pull/3967) * [HOSTEDCP-1552](https://issues.redhat.com/browse/HOSTEDCP-1552): Update RHTAP tekton files for 0.3 -> 0.4 migration [#3957](https://github.com/openshift/hypershift/pull/3957) * [OCPBUGS-31826](https://issues.redhat.com/browse/OCPBUGS-31826): use dnsPolicy: Default for konnectivity-agent in data plane [#3845](https://github.com/openshift/hypershift/pull/3845) * NO-JIRA: Update RHTAP references (release-4.15) [#3935](https://github.com/openshift/hypershift/pull/3935) * [OCPBUGS-32715](https://issues.redhat.com/browse/OCPBUGS-32715): Fix OLM intilization args [#3923](https://github.com/openshift/hypershift/pull/3923) * [HOSTEDCP-1519](https://issues.redhat.com/browse/HOSTEDCP-1519): [release-4.15] feat(api): Add ingress-controller-load-balancer-scope annotation [#3908](https://github.com/openshift/hypershift/pull/3908) * NO-JIRA: chore(deps): update rhtap references (release-4.15) [#3921](https://github.com/openshift/hypershift/pull/3921) * [OCPBUGS-32164](https://issues.redhat.com/browse/OCPBUGS-32164): Fix ICSP and IDMS inclusion as registriesOverrides [#3870](https://github.com/openshift/hypershift/pull/3870) * NO-JIRA: chore(deps): update rhtap references (release-4.15) [#3904](https://github.com/openshift/hypershift/pull/3904) * [OCPBUGS-30280](https://issues.redhat.com/browse/OCPBUGS-30280): Switch to use service endpoint for Konnectivity [#3692](https://github.com/openshift/hypershift/pull/3692) * [OCPBUGS-32191](https://issues.redhat.com/browse/OCPBUGS-32191): Kas disable audit cherry pick release 4.15 [#3875](https://github.com/openshift/hypershift/pull/3875) * [OCPBUGS-32114](https://issues.redhat.com/browse/OCPBUGS-32114): Add new permission required in CAPA [#3861](https://github.com/openshift/hypershift/pull/3861) * NO-JIRA: Update RHTAP references (release-4.15) [#3887](https://github.com/openshift/hypershift/pull/3887) * NO-JIRA: [release-4.15] [e2e test framework] Add a flag to add an annotation to HostedCluster [#3893](https://github.com/openshift/hypershift/pull/3893) * [HOSTEDCP-1524](https://issues.redhat.com/browse/HOSTEDCP-1524): [release-4.15] Support additional node selectors for request serving nodes [#3883](https://github.com/openshift/hypershift/pull/3883) * NO-JIRA: chore(deps): update rhtap references (release-4.15) [#3873](https://github.com/openshift/hypershift/pull/3873) * NO-JIRA: chore(deps): update rhtap references (release-4.15) [#3868](https://github.com/openshift/hypershift/pull/3868) * [OCPBUGS-32013](https://issues.redhat.com/browse/OCPBUGS-32013): Set OPERATOR_IMAGE environment variable [#3853](https://github.com/openshift/hypershift/pull/3853) * NO-JIRA: chore(deps): update rhtap references (release-4.15) [#3857](https://github.com/openshift/hypershift/pull/3857) * NO-JIRA: Update RHTAP references (release-4.15) [#3835](https://github.com/openshift/hypershift/pull/3835) * [OCPBUGS-31766](https://issues.redhat.com/browse/OCPBUGS-31766): include hostnetwork SCC CPO role for 4.13 and earlier [#3840](https://github.com/openshift/hypershift/pull/3840) * [HOSTEDCP-1438](https://issues.redhat.com/browse/HOSTEDCP-1438): [release-4.15] Preserve container resources for more hosted control plane components [#3828](https://github.com/openshift/hypershift/pull/3828) * [OCPBUGS-31324](https://issues.redhat.com/browse/OCPBUGS-31324): Add missing PodSecurityViolation alert [#3798](https://github.com/openshift/hypershift/pull/3798) * NO-JIRA: Increase stability in autoscaled environments [#3777](https://github.com/openshift/hypershift/pull/3777) * [OCPBUGS-31471](https://issues.redhat.com/browse/OCPBUGS-31471): Reduce log file size for hypershift apiservers [#3816](https://github.com/openshift/hypershift/pull/3816) * [OCPBUGS-31604](https://issues.redhat.com/browse/OCPBUGS-31604): disable http2 for ignition server and proxy [#3825](https://github.com/openshift/hypershift/pull/3825) * [OCPBUGS-31426](https://issues.redhat.com/browse/OCPBUGS-31426): copy issuerCertificateAuthority configmap into HC openshift-config [#3808](https://github.com/openshift/hypershift/pull/3808) * [OCPBUGS-31265](https://issues.redhat.com/browse/OCPBUGS-31265): inject built-in MCP selector for KubeletConfigs and ContainerRuntimeConfigs [#3802](https://github.com/openshift/hypershift/pull/3802) * NO-JIRA: Update RHTAP references (release-4.15) [#3812](https://github.com/openshift/hypershift/pull/3812) * NO-JIRA: Remove unused ref to hostnetwork in cpo role [#3796](https://github.com/openshift/hypershift/pull/3796) * [OCPBUGS-31064](https://issues.redhat.com/browse/OCPBUGS-31064): ibmcloud KMS: remove breaking image check and enable KMS v2 support [#3774](https://github.com/openshift/hypershift/pull/3774) * [OCPBUGS-31377](https://issues.redhat.com/browse/OCPBUGS-31377): Manually cherry pick #3782 to 4.15 [#3803](https://github.com/openshift/hypershift/pull/3803) * [OCPBUGS-31326](https://issues.redhat.com/browse/OCPBUGS-31326): fix(ignition): Fix priority class override [#3800](https://github.com/openshift/hypershift/pull/3800) * [OCPBUGS-30804](https://issues.redhat.com/browse/OCPBUGS-30804): honor HC image configuration [#3730](https://github.com/openshift/hypershift/pull/3730) * "[release-4.15] OCPBUGS-30164: Ensure cloud resources are destroyed for all platforms when --destroy-cloud-resources is used" [#3677](https://github.com/openshift/hypershift/pull/3677) * [OCPBUGS-31116](https://issues.redhat.com/browse/OCPBUGS-31116): external OIDC: fix certificateAuthority field in structured auth config [#3783](https://github.com/openshift/hypershift/pull/3783) * [OCPBUGS-30862](https://issues.redhat.com/browse/OCPBUGS-30862): Manual cherry pick 3685&3727 to release 4.15 [#3740](https://github.com/openshift/hypershift/pull/3740) * NO-JIRA: chore(deps): update rhtap references (release-4.15) [#3791](https://github.com/openshift/hypershift/pull/3791) * NO-JIRA: Update RHTAP references (release-4.15) [#3785](https://github.com/openshift/hypershift/pull/3785) * [OCPBUGS-29881](https://issues.redhat.com/browse/OCPBUGS-29881): feat(ho): Add flag for dedicated request serving isolation [#3633](https://github.com/openshift/hypershift/pull/3633) * [OCPBUGS-30742](https://issues.redhat.com/browse/OCPBUGS-30742): [4.15] HCP deletion can get stuck if CPO is unable to delete the default worker security group [#3726](https://github.com/openshift/hypershift/pull/3726) * [OCPBUGS-30650](https://issues.redhat.com/browse/OCPBUGS-30650): Set KAS config pod security Enforce to privileged [#3719](https://github.com/openshift/hypershift/pull/3719) * NO-JIRA: Bump CPO API budget to 4000 in EnsureApiBudget [#3741](https://github.com/openshift/hypershift/pull/3741) * [OCPBUGS-30651](https://issues.redhat.com/browse/OCPBUGS-30651): Remove EnsurePSANotPrivileged [#3744](https://github.com/openshift/hypershift/pull/3744) * NO-JIRA: Update RHTAP references (release-4.15) [#3754](https://github.com/openshift/hypershift/pull/3754) * [HOSTEDCP-1488](https://issues.redhat.com/browse/HOSTEDCP-1488): Use regionalized STS endpoints in AWS [#3747](https://github.com/openshift/hypershift/pull/3747) * NO-JIRA: Update RHTAP references (release-4.15) [#3738](https://github.com/openshift/hypershift/pull/3738) * [OCPBUGS-30581](https://issues.redhat.com/browse/OCPBUGS-30581): [release-4.15] OCPBUGS-30220: Align PSA labels on guest cluster namespaces with standalone OCP [#3684](https://github.com/openshift/hypershift/pull/3684) * [OCPBUGS-30572](https://issues.redhat.com/browse/OCPBUGS-30572): [release-4.15] Update OLM Default Catalog Sources to 4.15 [#3696](https://github.com/openshift/hypershift/pull/3696) * [Full changelog](https://github.com/openshift/hypershift/compare/4f6c741c83626291f44d7cb623242056f7cde21c...ff2600ab1d4ff8f5b6a860b5e9f9e9b38724e667) ### [ibm-cloud-controller-manager](https://github.com/openshift/cloud-provider-ibm/tree/cc0d54159c5d626aaa91eef94a92a80b3d1a3870) * : OCPBUGS-37311: Bump otelgrpc to v0.49.0 [#74](https://github.com/openshift/cloud-provider-ibm/pull/74) * [Full changelog](https://github.com/openshift/cloud-provider-ibm/compare/19e64d5c78656c7c91cbec310ca312cbe92f60f0...cc0d54159c5d626aaa91eef94a92a80b3d1a3870) ### [ibm-vpc-block-csi-driver](https://github.com/openshift/ibm-vpc-block-csi-driver/tree/81877ac81f4c59eebcfaa1653ef2bb6ed2283d1d) * [OCPBUGS-36066](https://issues.redhat.com/browse/OCPBUGS-36066): CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 [#72](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/72) * [Full changelog](https://github.com/openshift/ibm-vpc-block-csi-driver/compare/ce7f53cdf24173b0625b9263ef38a8ed956adcd2...81877ac81f4c59eebcfaa1653ef2bb6ed2283d1d) ### [ibm-vpc-block-csi-driver-operator](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/tree/1c5b0f9fd714a3df22f6f0273aa8479bd37bbe18) * [OCPBUGS-42438](https://issues.redhat.com/browse/OCPBUGS-42438): Reorder static resources to create RBAC first [#130](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/130) * [OCPBUGS-36072](https://issues.redhat.com/browse/OCPBUGS-36072): CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 [#121](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/121) * [OCPBUGS-33641](https://issues.redhat.com/browse/OCPBUGS-33641): [ibm-vpc] Scheduling issue on IBM Cloud Bare Metal nodes [#116](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/116) * [Full changelog](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/compare/516264a98d130f9f2a03b20acf33dcc1b556e6a8...1c5b0f9fd714a3df22f6f0273aa8479bd37bbe18) ### [ibm-vpc-node-label-updater](https://github.com/openshift/ibm-vpc-node-label-updater/tree/5d72ced58e4ff3c4d4ad02f181578755dfa0312a) * [OCPBUGS-36012](https://issues.redhat.com/browse/OCPBUGS-36012): CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 [#41](https://github.com/openshift/ibm-vpc-node-label-updater/pull/41) * [Full changelog](https://github.com/openshift/ibm-vpc-node-label-updater/compare/e1a0adca08158691dd1e5b1a834741ceea6a6f8b...5d72ced58e4ff3c4d4ad02f181578755dfa0312a) ### [ibmcloud-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-ibmcloud/tree/b934c68cd083ea3abb65faf463cb6ab5383e5d7d) * [OCPBUGS-36078](https://issues.redhat.com/browse/OCPBUGS-36078): UPSTREAM: <carry>: Fix go-retryablehttp CVE - 4.15 [#87](https://github.com/openshift/cluster-api-provider-ibmcloud/pull/87) * [Full changelog](https://github.com/openshift/cluster-api-provider-ibmcloud/compare/34fb625247f6743637b0ef0c5767e000e0ec1e65...b934c68cd083ea3abb65faf463cb6ab5383e5d7d) ### [insights-operator](https://github.com/openshift/insights-operator/tree/692e90c04ac4546949eb4a537d88bb1b4801f6cb) * gather selected clusterroles (#1024) [#1024](https://github.com/openshift/insights-operator/pull/1024) * [OCPBUGS-39565](https://issues.redhat.com/browse/OCPBUGS-39565): Not able to enable repositories during entitled build in OCP Cluster on IBM-Z (#1015) [#1015](https://github.com/openshift/insights-operator/pull/1015) * [OCPBUGS-39395](https://issues.redhat.com/browse/OCPBUGS-39395): collect some nmstate customresources (#986) (#989) (#995) (#1002) [#986](https://github.com/openshift/insights-operator/pull/986) * Add haproxy metric (#983) [#983](https://github.com/openshift/insights-operator/pull/983) * [OCPBUGS-37672](https://issues.redhat.com/browse/OCPBUGS-37672): Ingress controller related certificates' validate dates gathering (#972) [#972](https://github.com/openshift/insights-operator/pull/972) * fix the configmapobserver notifications (#971) [#971](https://github.com/openshift/insights-operator/pull/971) * manifests: set required-scc for openshift workloads (#967) [#967](https://github.com/openshift/insights-operator/pull/967) * [OCPBUGS-35882](https://issues.redhat.com/browse/OCPBUGS-35882): properly encode the URL for the advisor links (#958) [#958](https://github.com/openshift/insights-operator/pull/958) * [OCPBUGS-35865](https://issues.redhat.com/browse/OCPBUGS-35865): Collect aggregated Prometheus Alertmanager instances (#950) [#950](https://github.com/openshift/insights-operator/pull/950) * [OCPBUGS-32702](https://issues.redhat.com/browse/OCPBUGS-32702): anonymization - externalIP can be nil (#931) [#931](https://github.com/openshift/insights-operator/pull/931) * [OCPBUGS-31946](https://issues.redhat.com/browse/OCPBUGS-31946): bump golang.org/x/net version (#925) [#925](https://github.com/openshift/insights-operator/pull/925) * [Full changelog](https://github.com/openshift/insights-operator/compare/a6923466398b283a68b78fad9b1f2c5ccf9eaded...692e90c04ac4546949eb4a537d88bb1b4801f6cb) ### [ironic](https://github.com/openshift/ironic-image/tree/6603bcfdfbb9b0a8a35cf4d14ec45480fce9efde) * [OCPBUGS-43953](https://issues.redhat.com/browse/OCPBUGS-43953), [OCPBUGS-43961](https://issues.redhat.com/browse/OCPBUGS-43961): Bump python-waitress [4.15] [#605](https://github.com/openshift/ironic-image/pull/605) * [OCPBUGS-39018](https://issues.redhat.com/browse/OCPBUGS-39018): Bump ironic-lib to fix utf8 decoding issue [#570](https://github.com/openshift/ironic-image/pull/570) * [OCPBUGS-38798](https://issues.redhat.com/browse/OCPBUGS-38798): redfish-virtualmedia fails on XFusion nodes [#565](https://github.com/openshift/ironic-image/pull/565) * [OCPBUGS-37761](https://issues.redhat.com/browse/OCPBUGS-37761), [OCPBUGS-39381](https://issues.redhat.com/browse/OCPBUGS-39381): Include fixes for CVE-2024-44082 [#583](https://github.com/openshift/ironic-image/pull/583) * [OCPBUGS-38512](https://issues.redhat.com/browse/OCPBUGS-38512): set min version for python3-webob [#554](https://github.com/openshift/ironic-image/pull/554) * [OCPBUGS-33332](https://issues.redhat.com/browse/OCPBUGS-33332): bump werkzeug [#536](https://github.com/openshift/ironic-image/pull/536) * [OCPBUGS-37407](https://issues.redhat.com/browse/OCPBUGS-37407): bump jinja2 [#529](https://github.com/openshift/ironic-image/pull/529) * [OCPBUGS-37113](https://issues.redhat.com/browse/OCPBUGS-37113): Update eventlet version [#523](https://github.com/openshift/ironic-image/pull/523) * Bug OCPBUGS-33736: Disable installation of .pyc files through pip [#511](https://github.com/openshift/ironic-image/pull/511) * [OCPBUGS-32365](https://issues.redhat.com/browse/OCPBUGS-32365): [4.15] Remove unused prometheus exporter [#485](https://github.com/openshift/ironic-image/pull/485) * [OCPBUGS-32351](https://issues.redhat.com/browse/OCPBUGS-32351): [4.15] Update to include fixes for ironic servicing feature [#479](https://github.com/openshift/ironic-image/pull/479) * [OCPBUGS-32389](https://issues.redhat.com/browse/OCPBUGS-32389): Use unix sockets by default for reverse proxy communication [#474](https://github.com/openshift/ironic-image/pull/474) * [OCPBUGS-31686](https://issues.redhat.com/browse/OCPBUGS-31686), [OCPBUGS-31802](https://issues.redhat.com/browse/OCPBUGS-31802), [OCPBUGS-31830](https://issues.redhat.com/browse/OCPBUGS-31830): [4.15] install ironic projects from source [#470](https://github.com/openshift/ironic-image/pull/470) * [OCPBUGS-31802](https://issues.redhat.com/browse/OCPBUGS-31802): [4.15] Add requirements placeholders for cachito [#467](https://github.com/openshift/ironic-image/pull/467) * [Full changelog](https://github.com/openshift/ironic-image/compare/e38f8df7cff70fb7c2b87aee3bf9a265e342d676...6603bcfdfbb9b0a8a35cf4d14ec45480fce9efde) ### [ironic-agent](https://github.com/openshift/ironic-agent-image/tree/d339f3ffb3bbf9879037c1f3d88303880dcb3068) * [OCPBUGS-39018](https://issues.redhat.com/browse/OCPBUGS-39018): Bump ironic-lib to fix utf8 decoding issue [#157](https://github.com/openshift/ironic-agent-image/pull/157) * [OCPBUGS-39381](https://issues.redhat.com/browse/OCPBUGS-39381): Include fixes for CVE-2024-44082 [#162](https://github.com/openshift/ironic-agent-image/pull/162) * [OCPBUGS-38512](https://issues.redhat.com/browse/OCPBUGS-38512): set webob and bump werkzeug [#150](https://github.com/openshift/ironic-agent-image/pull/150) * [OCPBUGS-33133](https://issues.redhat.com/browse/OCPBUGS-33133): update ironic-lib with latest fixes [#131](https://github.com/openshift/ironic-agent-image/pull/131) * [OCPBUGS-32173](https://issues.redhat.com/browse/OCPBUGS-32173): [4.15] Fix name in setup.cfg [#123](https://github.com/openshift/ironic-agent-image/pull/123) * [OCPBUGS-31811](https://issues.redhat.com/browse/OCPBUGS-31811): [4.15] Add makefile [#126](https://github.com/openshift/ironic-agent-image/pull/126) * [OCPBUGS-31811](https://issues.redhat.com/browse/OCPBUGS-31811): [4.15] Install ironic-python-agent from source [#125](https://github.com/openshift/ironic-agent-image/pull/125) * [OCPBUGS-31811](https://issues.redhat.com/browse/OCPBUGS-31811): [4.15] Add requirements placeholders for cachito [#121](https://github.com/openshift/ironic-agent-image/pull/121) * [Full changelog](https://github.com/openshift/ironic-agent-image/compare/39d5064babe4291e475268666b28b62004235e43...d339f3ffb3bbf9879037c1f3d88303880dcb3068) ### [k8s-prometheus-adapter](https://github.com/openshift/k8s-prometheus-adapter/tree/34e201936898455995cd60c6699c6329a696f288) * [OCPBUGS-35820](https://issues.redhat.com/browse/OCPBUGS-35820): Fix the podmetrics and nodemetrics command [#109](https://github.com/openshift/k8s-prometheus-adapter/pull/109) * [OCPBUGS-32214](https://issues.redhat.com/browse/OCPBUGS-32214), [OCPBUGS-32215](https://issues.redhat.com/browse/OCPBUGS-32215): upgrade deps [#102](https://github.com/openshift/k8s-prometheus-adapter/pull/102) * [Full changelog](https://github.com/openshift/k8s-prometheus-adapter/compare/c38187e7ff03fb341eab7c05b4b91d6b2c40410e...34e201936898455995cd60c6699c6329a696f288) ### [keepalived-ipfailover](https://github.com/openshift/images/tree/87c23b5aa611556ff5013822c7779e6c7551a0f0) * [OCPBUGS-19254](https://issues.redhat.com/browse/OCPBUGS-19254): Updating openshift-enterprise-keepalived-ipfailover images to be consistent with ART [#152](https://github.com/openshift/images/pull/152) * [OCPBUGS-30413](https://issues.redhat.com/browse/OCPBUGS-30413): update unit tests in egress/dns-proxy [#168](https://github.com/openshift/images/pull/168) * [Full changelog](https://github.com/openshift/images/compare/5d1de7f1b00d8517ba5c4b5b635fc60b954f2bff...87c23b5aa611556ff5013822c7779e6c7551a0f0) ### [kube-proxy, sdn](https://github.com/openshift/sdn/tree/f371b5be76a71a7f55f2e0b674f09a7f2ec5f5bf) * [OCPBUGS-42171](https://issues.redhat.com/browse/OCPBUGS-42171): fix redundant router-default iptables rule [4.15] [#634](https://github.com/openshift/sdn/pull/634) * [Full changelog](https://github.com/openshift/sdn/compare/71a6f28d69f77953d104219cee344a70f7cbede1...f371b5be76a71a7f55f2e0b674f09a7f2ec5f5bf) ### [kube-rbac-proxy](https://github.com/openshift/kube-rbac-proxy/tree/9308e7f2a6d984fa7b8ddc125524d7b7356f92ce) * [OCPBUGS-31941](https://issues.redhat.com/browse/OCPBUGS-31941): bump golang.org/x/net [4.15] [#109](https://github.com/openshift/kube-rbac-proxy/pull/109) * [Full changelog](https://github.com/openshift/kube-rbac-proxy/compare/e8e8c84bcc6d4419970726f3028df4b178c0b1c9...9308e7f2a6d984fa7b8ddc125524d7b7356f92ce) ### [kubevirt-cloud-controller-manager](https://github.com/openshift/cloud-provider-kubevirt/tree/dbaf9ea1edd5a953606a80cb45f723c934a73ded) * [OCPBUGS-31801](https://issues.redhat.com/browse/OCPBUGS-31801): Bump opentelemetry [#39](https://github.com/openshift/cloud-provider-kubevirt/pull/39) * [OCPBUGS-24118](https://issues.redhat.com/browse/OCPBUGS-24118): Updating ose-kubevirt-cloud-controller-manager-container image to be consistent with ART [#28](https://github.com/openshift/cloud-provider-kubevirt/pull/28) * [OCPBUGS-22061](https://issues.redhat.com/browse/OCPBUGS-22061): Bump golang.org/x/net to v0.18.0 [#34](https://github.com/openshift/cloud-provider-kubevirt/pull/34) * [Full changelog](https://github.com/openshift/cloud-provider-kubevirt/compare/e465e606e7d17c64392cdeba099f9382580e44b0...dbaf9ea1edd5a953606a80cb45f723c934a73ded) ### [kubevirt-csi-driver](https://github.com/openshift/kubevirt-csi-driver/tree/d3bdbce4b08eb05eea70be77f4ecf33e351ce4d3) * [OCPBUGS-29793](https://issues.redhat.com/browse/OCPBUGS-29793): [release-4.15] Address https://github.com/advisories/GHSA-fg9q-5cw2-p6r9: Restrict access to infrastructure PVCs by requiring matching infraClusterLabels on tenant PVCs [#33](https://github.com/openshift/kubevirt-csi-driver/pull/33) * [Full changelog](https://github.com/openshift/kubevirt-csi-driver/compare/aea7be8e2213a74d1945d39eba4d1efec0369c36...d3bdbce4b08eb05eea70be77f4ecf33e351ce4d3) ### [machine-api-operator](https://github.com/openshift/machine-api-operator/tree/3ab953de1bdc5c1977222011ebc31254d06c98d2) * [[release-4.15] OCPBUGS-41800: set required-scc for openshift workloads [#1288](https://github.com/openshift/machine-api-operator/pull/1288) * [CFE-1051](https://issues.redhat.com/browse/CFE-1051): Adding web-hook validation for capacityReservationGroupID [#1261](https://github.com/openshift/machine-api-operator/pull/1261) * [OCPBUGS-31949](https://issues.redhat.com/browse/OCPBUGS-31949): Update x/net to v0.24.0 [#1231](https://github.com/openshift/machine-api-operator/pull/1231) * [OCPBUGS-30215](https://issues.redhat.com/browse/OCPBUGS-30215): Azure MAO CredentialsRequest Contains Unnecessary virtualMachines/extensions Permissions [#1222](https://github.com/openshift/machine-api-operator/pull/1222) * [Full changelog](https://github.com/openshift/machine-api-operator/compare/e2b4537e57f4407e5469ad673dda126df5bb2a8b...3ab953de1bdc5c1977222011ebc31254d06c98d2) ### [machine-config-operator](https://github.com/openshift/machine-config-operator/tree/657ab58b76a99f2e566714bead33674c08ff9301) * [OCPBUGS-42137](https://issues.redhat.com/browse/OCPBUGS-42137): Removal of additionalTrustBundle CA does not remove certificate from node backport [#4687](https://github.com/openshift/machine-config-operator/pull/4687) * [OCPBUGS-44240](https://issues.redhat.com/browse/OCPBUGS-44240): Disable ESP offload for OVS attached interfaces [#4684](https://github.com/openshift/machine-config-operator/pull/4684) * [MCO-1341](https://issues.redhat.com/browse/MCO-1341): Backport Telemetry to 4.15 [#4648](https://github.com/openshift/machine-config-operator/pull/4648) * [OCPBUGS-42110](https://issues.redhat.com/browse/OCPBUGS-42110): Do not use 'restart' for 'oneshot' service [#4621](https://github.com/openshift/machine-config-operator/pull/4621) * [OCPBUGS-43582](https://issues.redhat.com/browse/OCPBUGS-43582): Panic seen in CI job for MCC pod [#4653](https://github.com/openshift/machine-config-operator/pull/4653) * [OCPBUGS-43575](https://issues.redhat.com/browse/OCPBUGS-43575): MCPs report wrong number of nodes when we move nodes from one custom MCP to another custom MCP [#4647](https://github.com/openshift/machine-config-operator/pull/4647) * [OCPBUGS-37704](https://issues.redhat.com/browse/OCPBUGS-37704): Make logging configurable for on-prem components [#4501](https://github.com/openshift/machine-config-operator/pull/4501) * [OCPBUGS-32329](https://issues.redhat.com/browse/OCPBUGS-32329): Fix configure-ip-forwarding.sh [#4324](https://github.com/openshift/machine-config-operator/pull/4324) * [OCPBUGS-37551](https://issues.redhat.com/browse/OCPBUGS-37551): On-Prem resolv prepender to watch for NM changes [#4499](https://github.com/openshift/machine-config-operator/pull/4499) * [OCPBUGS-38712](https://issues.redhat.com/browse/OCPBUGS-38712): SCC-pinning for openshift workloads [#4540](https://github.com/openshift/machine-config-operator/pull/4540) * [OCPBUGS-38370](https://issues.redhat.com/browse/OCPBUGS-38370): Revert "MCD-pull: run after network-online.target in Azure" [#4525](https://github.com/openshift/machine-config-operator/pull/4525) * [OCPBUGS-37768](https://issues.redhat.com/browse/OCPBUGS-37768): Move StartLimitIntervalSec to Unit section [#4506](https://github.com/openshift/machine-config-operator/pull/4506) * [OCPBUGS-37629](https://issues.redhat.com/browse/OCPBUGS-37629): Openshift uncordoned compute-node that was intentionally cordoned [#4495](https://github.com/openshift/machine-config-operator/pull/4495) * [OCPBUGS-36863](https://issues.redhat.com/browse/OCPBUGS-36863): Copy RHEL9 binaries used in HCP [#4476](https://github.com/openshift/machine-config-operator/pull/4476) * [OCPBUGS-35220](https://issues.redhat.com/browse/OCPBUGS-35220): Check both ready and health ingress endpoints [#4398](https://github.com/openshift/machine-config-operator/pull/4398) * [OCPBUGS-30139](https://issues.redhat.com/browse/OCPBUGS-30139): [release-4.15] Use NM's dns-change event for resolv.conf [#4220](https://github.com/openshift/machine-config-operator/pull/4220) * [OCPBUGS-36769](https://issues.redhat.com/browse/OCPBUGS-36769): daemon: Handle correctly OS Version for 4.1 and 4.2 bootimages [#4461](https://github.com/openshift/machine-config-operator/pull/4461) * [OCPBUGS-36550](https://issues.redhat.com/browse/OCPBUGS-36550): MCD-pull: run after network-online.target in Azure [#4454](https://github.com/openshift/machine-config-operator/pull/4454) * [OCPBUGS-27436](https://issues.redhat.com/browse/OCPBUGS-27436): Fix mirrorSourcePolicy error prompt imagecontentsourcepolicies [#4431](https://github.com/openshift/machine-config-operator/pull/4431) * [OCPBUGS-36258](https://issues.redhat.com/browse/OCPBUGS-36258): daemon/update: disable systemd unit before overwriting [#4441](https://github.com/openshift/machine-config-operator/pull/4441) * [OCPBUGS-32092](https://issues.redhat.com/browse/OCPBUGS-32092): Decrease logs of haproxy [#4313](https://github.com/openshift/machine-config-operator/pull/4313) * [OCPBUGS-35010](https://issues.redhat.com/browse/OCPBUGS-35010): set required-scc for openshift workloads [#4393](https://github.com/openshift/machine-config-operator/pull/4393) * [OCPBUGS-31461](https://issues.redhat.com/browse/OCPBUGS-31461): Remove weights from ingress check script [#4290](https://github.com/openshift/machine-config-operator/pull/4290) * [OCPBUGS-33847](https://issues.redhat.com/browse/OCPBUGS-33847): If multiple hostnames are returned, use the first one for the Node name [#4373](https://github.com/openshift/machine-config-operator/pull/4373) * [OCPBUGS-20152](https://issues.redhat.com/browse/OCPBUGS-20152): Don't error if the certs.d dir doesn't exist yet [#4358](https://github.com/openshift/machine-config-operator/pull/4358) * [OCPBUGS-32922](https://issues.redhat.com/browse/OCPBUGS-32922): [release-4.15] add cluster fleet evaluation support to mco [#4334](https://github.com/openshift/machine-config-operator/pull/4334) * [OCPBUGS-28926](https://issues.redhat.com/browse/OCPBUGS-28926): [4.15] crio: update pids limit to be -1 [#4163](https://github.com/openshift/machine-config-operator/pull/4163) * [OCPBUGS-28545](https://issues.redhat.com/browse/OCPBUGS-28545): Delete state files on reboot only [#4311](https://github.com/openshift/machine-config-operator/pull/4311) * [OCPBUGS-31820](https://issues.redhat.com/browse/OCPBUGS-31820): Remove the condition for checking the multiple ovs-if-br-ex profiles [#4309](https://github.com/openshift/machine-config-operator/pull/4309) * [OCPBUGS-27029](https://issues.redhat.com/browse/OCPBUGS-27029): Log network service output to console [#4113](https://github.com/openshift/machine-config-operator/pull/4113) * [OCPBUGS-31646](https://issues.redhat.com/browse/OCPBUGS-31646): fix: resources were in the wrong indentation level [#4301](https://github.com/openshift/machine-config-operator/pull/4301) * : OCPBUGS-31576: kubelet: restorecon necessary files on kubelet's prestart [#4297](https://github.com/openshift/machine-config-operator/pull/4297) * [OCPBUGS-30884](https://issues.redhat.com/browse/OCPBUGS-30884): Prevent OVS-configuration to run before kdump [#4259](https://github.com/openshift/machine-config-operator/pull/4259) * [OCPBUGS-31383](https://issues.redhat.com/browse/OCPBUGS-31383): make verify should use MCO's kube version [#4282](https://github.com/openshift/machine-config-operator/pull/4282) * [OCPBUGS-30971](https://issues.redhat.com/browse/OCPBUGS-30971): add preferredduringscheduling annotation to kube-rbac-proxy-crio [#4264](https://github.com/openshift/machine-config-operator/pull/4264) * [OCPBUGS-29731](https://issues.redhat.com/browse/OCPBUGS-29731): Delete image openshift/openshift-proxy-pull-test [#4199](https://github.com/openshift/machine-config-operator/pull/4199) * [OCPBUGS-30093](https://issues.redhat.com/browse/OCPBUGS-30093): Mount /run/nodeip-configuration into coredns containers [#4229](https://github.com/openshift/machine-config-operator/pull/4229) * [Full changelog](https://github.com/openshift/machine-config-operator/compare/b693d2ffbac7ddab712901662fabffe2fda81562...657ab58b76a99f2e566714bead33674c08ff9301) ### [monitoring-plugin](https://github.com/openshift/monitoring-plugin/tree/e40b085a258b5762532875bbd9ce34d1f75a90b4) * [OCPBUGS-43242](https://issues.redhat.com/browse/OCPBUGS-43242): upgrade dynamic plugin sdk to remove vulnerable dependencies 4.15 [#218](https://github.com/openshift/monitoring-plugin/pull/218) * [OU-417](https://issues.redhat.com/browse/OU-417): throw an error when a custom datasource is not found [#118](https://github.com/openshift/monitoring-plugin/pull/118) * [OU-415](https://issues.redhat.com/browse/OU-415): Add datasource parameter to handle metrics from custom datasources [#116](https://github.com/openshift/monitoring-plugin/pull/116) * [OCPBUGS-32097](https://issues.redhat.com/browse/OCPBUGS-32097): make createdBy mandatory and auto fill with the current user [#115](https://github.com/openshift/monitoring-plugin/pull/115) * [OCPBUGS-31310](https://issues.redhat.com/browse/OCPBUGS-31310): upgrade sanitize-html vulnerable dependency [#107](https://github.com/openshift/monitoring-plugin/pull/107) * [Full changelog](https://github.com/openshift/monitoring-plugin/compare/c3d2272954610dc99a80e51f5b888af09973903f...e40b085a258b5762532875bbd9ce34d1f75a90b4) ### [multus-admission-controller](https://github.com/openshift/multus-admission-controller/tree/9ea52de962dd644573c99b2f9554a6c4dfaacf62) * [OCPBUGS-37727](https://issues.redhat.com/browse/OCPBUGS-37727): Update owners [#88](https://github.com/openshift/multus-admission-controller/pull/88) * [Full changelog](https://github.com/openshift/multus-admission-controller/compare/23a7cfe44cacd1e8c1049ee3e0a858ec01e03d44...9ea52de962dd644573c99b2f9554a6c4dfaacf62) ### [multus-cni](https://github.com/openshift/multus-cni/tree/05497ad135c629de9b4ffb0a13fb91d58a335d25) * [OCPBUGS-35047](https://issues.redhat.com/browse/OCPBUGS-35047): Update owners file [#240](https://github.com/openshift/multus-cni/pull/240) * [OCPBUGS-35258](https://issues.redhat.com/browse/OCPBUGS-35258): Thick plugin should not wait for API readiness on CNI DEL [#242](https://github.com/openshift/multus-cni/pull/242) * [OCPBUGS-33477](https://issues.redhat.com/browse/OCPBUGS-33477): Fix CNI cache update function to prevent nil access [#234](https://github.com/openshift/multus-cni/pull/234) * [OCPBUGS-30237](https://issues.redhat.com/browse/OCPBUGS-30237): Reload bootstrap kubeconfig if cert mgr failed to load valid certs [#223](https://github.com/openshift/multus-cni/pull/223) * [Full changelog](https://github.com/openshift/multus-cni/compare/84b2a27392c12a0b346f5d33e6f38b8043b7db78...05497ad135c629de9b4ffb0a13fb91d58a335d25) ### [multus-networkpolicy](https://github.com/openshift/multus-networkpolicy/tree/b377b4b5fd3029cd5cabc773ca6223cabd6b2af7) * Update owners (#58) [#58](https://github.com/openshift/multus-networkpolicy/pull/58) * [Full changelog](https://github.com/openshift/multus-networkpolicy/compare/6212406b49cbcc75a01da85a67469b4872754e1d...b377b4b5fd3029cd5cabc773ca6223cabd6b2af7) ### [multus-route-override-cni](https://github.com/openshift/route-override-cni/tree/1ccafc340ca1147abb42c7ad8dda1f23ba4eb1ee) * [OCPBUGS-41804](https://issues.redhat.com/browse/OCPBUGS-41804): [release-4.15]Update owners [#59](https://github.com/openshift/route-override-cni/pull/59) * [Full changelog](https://github.com/openshift/route-override-cni/compare/a5b755b513f39e6e06ae3eca8daa6f965e96e6c5...1ccafc340ca1147abb42c7ad8dda1f23ba4eb1ee) ### [multus-whereabouts-ipam-cni](https://github.com/openshift/whereabouts-cni/tree/d80fe46e1895698f3d1073ab965c859a89be2a47) * [OCPBUGS-37729](https://issues.redhat.com/browse/OCPBUGS-37729): Update owners [#305](https://github.com/openshift/whereabouts-cni/pull/305) * [OCPBUGS-37813](https://issues.redhat.com/browse/OCPBUGS-37813), [OCPBUGS-37816](https://issues.redhat.com/browse/OCPBUGS-37816): [release-4.15] align api calls timeout and skip pods marked for deletion [#308](https://github.com/openshift/whereabouts-cni/pull/308) * [OCPBUGS-36367](https://issues.redhat.com/browse/OCPBUGS-36367): [release-4.15] Return previous IP allocation for add cmd [#295](https://github.com/openshift/whereabouts-cni/pull/295) * [OCPBUGS-35081](https://issues.redhat.com/browse/OCPBUGS-35081): [release-4.15] Use IP to identify orphaned allocation to be deleted [#288](https://github.com/openshift/whereabouts-cni/pull/288) * [Full changelog](https://github.com/openshift/whereabouts-cni/compare/2edc45fe57cc6c861f8014fdc514ca03442fde17...d80fe46e1895698f3d1073ab965c859a89be2a47) ### [must-gather](https://github.com/openshift/must-gather/tree/48de487eb38d1434440e4fb8164022b2b708332a) * [OCPBUGS-43057](https://issues.redhat.com/browse/OCPBUGS-43057): [Relase-4.15] Multus is now a Pod and will be captured by normal [#450](https://github.com/openshift/must-gather/pull/450) * [Full changelog](https://github.com/openshift/must-gather/compare/47335065cc7137ec098567b06d21f742669b4200...48de487eb38d1434440e4fb8164022b2b708332a) ### [network-metrics-daemon](https://github.com/openshift/network-metrics-daemon/tree/9e21740225af47318a9ed6d03c2eb9ee2aaea883) * Correct 4.16 owners file (#99) [#99](https://github.com/openshift/network-metrics-daemon/pull/99) * [Full changelog](https://github.com/openshift/network-metrics-daemon/compare/0288f3620532f481ce258f5169b42a67b7f9a0cb...9e21740225af47318a9ed6d03c2eb9ee2aaea883) ### [network-tools](https://github.com/openshift/network-tools/tree/17536c8dff76d50efb604187ba763020bd084771) * [OCPBUGS-31764](https://issues.redhat.com/browse/OCPBUGS-31764): replace wireshark with wireshark-cli [#118](https://github.com/openshift/network-tools/pull/118) * [Full changelog](https://github.com/openshift/network-tools/compare/be5b7d060d18980e4f54204e5023615d3cd52dae...17536c8dff76d50efb604187ba763020bd084771) ### [nutanix-cloud-controller-manager](https://github.com/openshift/cloud-provider-nutanix/tree/040d4e016058c188d2ba0a7575054ee44b94af9e) * [OCPBUGS-22078](https://issues.redhat.com/browse/OCPBUGS-22078): bump golang.org/x/net to v0.17.0 [#40](https://github.com/openshift/cloud-provider-nutanix/pull/40) * [Full changelog](https://github.com/openshift/cloud-provider-nutanix/compare/33fb22c182fa86d5de5bdc5c1b08a39b1278be3d...040d4e016058c188d2ba0a7575054ee44b94af9e) ### [nutanix-machine-controllers](https://github.com/openshift/machine-api-provider-nutanix/tree/8de6f944d35b2fefaf926006aecf8445be4e6149) * [[release-4.15] OCPBUGS-41800: set required-scc for openshift workloads [#81](https://github.com/openshift/machine-api-provider-nutanix/pull/81) * [Full changelog](https://github.com/openshift/machine-api-provider-nutanix/compare/f02b1a28d89ea69c614995163874ca1eff4f4aaf...8de6f944d35b2fefaf926006aecf8445be4e6149) ### [oauth-apiserver](https://github.com/openshift/oauth-apiserver/tree/0e158441dbfdf232d7fea50b7c4eae3023d2cdbb) * [OCPBUGS-33210](https://issues.redhat.com/browse/OCPBUGS-33210): bump lib-go to fix SAs acting as OAuth2 clients [#114](https://github.com/openshift/oauth-apiserver/pull/114) * [OCPBUGS-31951](https://issues.redhat.com/browse/OCPBUGS-31951): bump x/net to 0.24.0 [#109](https://github.com/openshift/oauth-apiserver/pull/109) * [Full changelog](https://github.com/openshift/oauth-apiserver/compare/34756b67ae1ce1307d07bd1834579de1e4b47f17...0e158441dbfdf232d7fea50b7c4eae3023d2cdbb) ### [oauth-server](https://github.com/openshift/oauth-server/tree/c055dbb9a84e04575ade106e9a43cc638a8aeaef) * [OCPBUGS-33210](https://issues.redhat.com/browse/OCPBUGS-33210): bump lib-go to fix SAs acting as OAuth2 clients [#148](https://github.com/openshift/oauth-server/pull/148) * [Full changelog](https://github.com/openshift/oauth-server/compare/8296c0542bbc90e96d7b5cee5aa6f5cacc3489b5...c055dbb9a84e04575ade106e9a43cc638a8aeaef) ### [oc-mirror](https://github.com/openshift/oc-mirror/tree/e91f573c771182f7fd4a2d3513ed49562dee6b38) * [OCPBUGS-34521](https://issues.redhat.com/browse/OCPBUGS-34521): Fix DiskToMirror without internet connection without rebuild catalog (#866) [#866](https://github.com/openshift/oc-mirror/pull/866) * [OCPBUGS-33575](https://issues.redhat.com/browse/OCPBUGS-33575): Change default behavior to not rebuild catalogs for V1 (#849) [#849](https://github.com/openshift/oc-mirror/pull/849) * [OCPBUGS-31466](https://issues.redhat.com/browse/OCPBUGS-31466): Fix for oc-mirror new defaultChannel override (#846) [#846](https://github.com/openshift/oc-mirror/pull/846) * Bump version to include v5.11.0 of go-git (#819) [#819](https://github.com/openshift/oc-mirror/pull/819) * [Full changelog](https://github.com/openshift/oc-mirror/compare/9621d8f72ecc7a0a13e40b9709b5e19cc621117b...e91f573c771182f7fd4a2d3513ed49562dee6b38) ### [openshift-apiserver](https://github.com/openshift/openshift-apiserver/tree/08f4c422eed5d9584799244c0d9755708686c0c8) * [OCPBUGS-32444](https://issues.redhat.com/browse/OCPBUGS-32444): Bump golang/x/net to v0.23.0 [#428](https://github.com/openshift/openshift-apiserver/pull/428) * [OCPBUGS-28928](https://issues.redhat.com/browse/OCPBUGS-28928): Bump openshift/api to get updated docs for UnservableInFutureVersions [#436](https://github.com/openshift/openshift-apiserver/pull/436) * [OCPBUGS-31469](https://issues.redhat.com/browse/OCPBUGS-31469): vendor upgrade runtime-utils [#422](https://github.com/openshift/openshift-apiserver/pull/422) * [Full changelog](https://github.com/openshift/openshift-apiserver/compare/ae99b858c04476b7a98c6b3dc40283586ef98380...08f4c422eed5d9584799244c0d9755708686c0c8) ### [openshift-controller-manager](https://github.com/openshift/openshift-controller-manager/tree/f2afd434358966ccc09f55d4915d2689ed2cb1b6) * NO-JIRA: cleanup root and app OWNERS [#348](https://github.com/openshift/openshift-controller-manager/pull/348) * [OCPBUGS-32871](https://issues.redhat.com/browse/OCPBUGS-32871): replaces deprecated square/go-jose wtih go-jose/go-jose [#333](https://github.com/openshift/openshift-controller-manager/pull/333) * [OCPBUGS-41949](https://issues.redhat.com/browse/OCPBUGS-41949): Add adambkaplan as approver [#291](https://github.com/openshift/openshift-controller-manager/pull/291) * [OCPBUGS-32807](https://issues.redhat.com/browse/OCPBUGS-32807), [OCPBUGS-33371](https://issues.redhat.com/browse/OCPBUGS-33371): Rollback state of managed image pull secrets after downgrade [#303](https://github.com/openshift/openshift-controller-manager/pull/303) * [OCPBUGS-31490](https://issues.redhat.com/browse/OCPBUGS-31490): Bumps opentelemetry dependencies [#294](https://github.com/openshift/openshift-controller-manager/pull/294) * [Full changelog](https://github.com/openshift/openshift-controller-manager/compare/edbf7353e21a286cac85867ec13d6cf937dd9c33...f2afd434358966ccc09f55d4915d2689ed2cb1b6) ### [openstack-cinder-csi-driver-operator](https://github.com/openshift/openstack-cinder-csi-driver-operator/tree/d0c24077b4e4ac1e00a6a529a814066cd9b5521c) * [OCPBUGS-36586](https://issues.redhat.com/browse/OCPBUGS-36586): Add config map hooks [#175](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/175) * [OCPBUGS-34927](https://issues.redhat.com/browse/OCPBUGS-34927): Correct out-of-bounds check [#172](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/172) * [OCPBUGS-32744](https://issues.redhat.com/browse/OCPBUGS-32744): Relax requirement to enable topology [#165](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/165) * [Full changelog](https://github.com/openshift/openstack-cinder-csi-driver-operator/compare/2367f2c22bc3edf8e5ebbb9fd20b0a9690d05c80...d0c24077b4e4ac1e00a6a529a814066cd9b5521c) ### [openstack-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-openstack/tree/232472ea527aa86764d93e77dc67b0c7db9cc050) * [OCPBUGS-25859](https://issues.redhat.com/browse/OCPBUGS-25859): CARRY: Add Snyk security scan config [#299](https://github.com/openshift/cluster-api-provider-openstack/pull/299) * [OCPBUGS-26208](https://issues.redhat.com/browse/OCPBUGS-26208): openshift/manifests: CloudCredential capability for CredentialsRequest [#297](https://github.com/openshift/cluster-api-provider-openstack/pull/297) * [Full changelog](https://github.com/openshift/cluster-api-provider-openstack/compare/d1de8c63ee931be0038b55dd4813b2089fd6107e...232472ea527aa86764d93e77dc67b0c7db9cc050) ### [openstack-machine-api-provider](https://github.com/openshift/machine-api-provider-openstack/tree/396a09fffe401679f18e8a7db56c77bbf2dee246) * [OCPBUGS-34665](https://issues.redhat.com/browse/OCPBUGS-34665): Failure to get bootstrap is non-fatal [#120](https://github.com/openshift/machine-api-provider-openstack/pull/120) * [OCPBUGS-30857](https://issues.redhat.com/browse/OCPBUGS-30857): Ensure portSecurity is correctly set in the Port [#108](https://github.com/openshift/machine-api-provider-openstack/pull/108) * [OCPBUGS-28326](https://issues.redhat.com/browse/OCPBUGS-28326): Add snyk configuration file [#105](https://github.com/openshift/machine-api-provider-openstack/pull/105) * [Full changelog](https://github.com/openshift/machine-api-provider-openstack/compare/316f6cb6bdf83da9fd065a3989f5734dc43854cf...396a09fffe401679f18e8a7db56c77bbf2dee246) ### [operator-lifecycle-manager, operator-registry](https://github.com/openshift/operator-framework-olm/tree/2a0924f9655371f636d16b60e9ae7e49934c5640) * [OCPBUGS-42114](https://issues.redhat.com/browse/OCPBUGS-42114): add optional schema migrations; default to olm.bundle.object instead of olm.csv.metadata [#874](https://github.com/openshift/operator-framework-olm/pull/874) * [OCPBUGS-41981](https://issues.redhat.com/browse/OCPBUGS-41981): (fix) registry pods do not come up again after node failure (#3366) [#868](https://github.com/openshift/operator-framework-olm/pull/868) * [OCPBUGS-41819](https://issues.redhat.com/browse/OCPBUGS-41819): [4.17] adds paginating lister for evaluating CRs' upgrade fitness versus new CRDs. [#864](https://github.com/openshift/operator-framework-olm/pull/864) * [OCPBUGS-41598](https://issues.redhat.com/browse/OCPBUGS-41598): Fix e2e flake: upgrade CRD with deprecated version [#862](https://github.com/openshift/operator-framework-olm/pull/862) * [OCPBUGS-38383](https://issues.redhat.com/browse/OCPBUGS-38383): (fix) Resolver: list CatSrc using client, instead of referring to registry-server cache [#840](https://github.com/openshift/operator-framework-olm/pull/840) * [OCPBUGS-38323](https://issues.redhat.com/browse/OCPBUGS-38323): Update junit report file name to show spec results on Test Grid [#839](https://github.com/openshift/operator-framework-olm/pull/839) * [OCPBUGS-37677](https://issues.redhat.com/browse/OCPBUGS-37677): [release-4.15] Update e2e config and backport list of flakes [#829](https://github.com/openshift/operator-framework-olm/pull/829) * [OCPBUGS-37554](https://issues.redhat.com/browse/OCPBUGS-37554): Set required-scc for openshift workloads [#828](https://github.com/openshift/operator-framework-olm/pull/828) * [OCPBUGS-37017](https://issues.redhat.com/browse/OCPBUGS-37017): Bump github.com/containers/image/v5 [#823](https://github.com/openshift/operator-framework-olm/pull/823) * [OCPBUGS-36812](https://issues.redhat.com/browse/OCPBUGS-36812): fix sorting unpack jobs [#817](https://github.com/openshift/operator-framework-olm/pull/817) * [OCPBUGS-36451](https://issues.redhat.com/browse/OCPBUGS-36451): Can't install operator on 4.15 after uninstalling it on a prior version [#810](https://github.com/openshift/operator-framework-olm/pull/810) * [OCPBUGS-36813](https://issues.redhat.com/browse/OCPBUGS-36813): [CARRY] perform operator apiService certificate validity checks directly [#819](https://github.com/openshift/operator-framework-olm/pull/819) * [OCPBUGS-35305](https://issues.redhat.com/browse/OCPBUGS-35305): [release-4.15] catalog-operator: delete catalog pods stuck in Terminating state due to unreachable node [#779](https://github.com/openshift/operator-framework-olm/pull/779) * [OCPBUGS-35720](https://issues.redhat.com/browse/OCPBUGS-35720): Warn and allow CRD upgrade if validation fails but webhook is specified [#789](https://github.com/openshift/operator-framework-olm/pull/789) * [OCPBUGS-31939](https://issues.redhat.com/browse/OCPBUGS-31939), [OCPBUGS-31940](https://issues.redhat.com/browse/OCPBUGS-31940): UPSTREAM: <carry>: update golang.org/x/net for CVE-2023-45288 [#747](https://github.com/openshift/operator-framework-olm/pull/747) * [OCPBUGS-35229](https://issues.redhat.com/browse/OCPBUGS-35229): Unblock CI [#768](https://github.com/openshift/operator-framework-olm/pull/768) * [OCPBUGS-32860](https://issues.redhat.com/browse/OCPBUGS-32860): UPSTREAM: <carry>: bump go-jose [#740](https://github.com/openshift/operator-framework-olm/pull/740) * [OCPBUGS-32311](https://issues.redhat.com/browse/OCPBUGS-32311): [release-4.15]: Update if AlreadyExists [#736](https://github.com/openshift/operator-framework-olm/pull/736) * [OCPBUGS-31842](https://issues.redhat.com/browse/OCPBUGS-31842): copy-content: delete destination dirs before copying (#3197) [#728](https://github.com/openshift/operator-framework-olm/pull/728) * [OCPBUGS-31651](https://issues.redhat.com/browse/OCPBUGS-31651): [release-4.15] Correctly detect catalog image ID for extractContent catalog pods [#726](https://github.com/openshift/operator-framework-olm/pull/726) * [OCPBUGS-30219](https://issues.redhat.com/browse/OCPBUGS-30219): bump otelgrpc to 0.46.0 [#712](https://github.com/openshift/operator-framework-olm/pull/712) * [Full changelog](https://github.com/openshift/operator-framework-olm/compare/cb0c5f2728e412f595cceeb11104af206421daec...2a0924f9655371f636d16b60e9ae7e49934c5640) ### [operator-marketplace](https://github.com/operator-framework/operator-marketplace/tree/1f1bc1988527f01b7326f63953aacbd400fd8426) * [OCPBUGS-24144](https://issues.redhat.com/browse/OCPBUGS-24144): Updating marketplace-operator-container image to be consistent with ART [4.15] [#553](https://github.com/operator-framework/operator-marketplace/pull/553) * [OCPBUGS-37524](https://issues.redhat.com/browse/OCPBUGS-37524): Set required-scc for openshift workloads [#570](https://github.com/operator-framework/operator-marketplace/pull/570) * [OCPBUGS-32060](https://issues.redhat.com/browse/OCPBUGS-32060): update golang.org/x/net for CVE-2023-45288 [#564](https://github.com/operator-framework/operator-marketplace/pull/564) * [Full changelog](https://github.com/operator-framework/operator-marketplace/compare/53c124a3f0edfd151652e1f23c87dd39ed7646bb...1f1bc1988527f01b7326f63953aacbd400fd8426) ### [ovn-kubernetes, ovn-kubernetes-microshift](https://github.com/openshift/ovn-kubernetes/tree/0d35785ab8c4fccea85a0d2e6dc49fe1da2d11cd) * [OCPBUGS-42943](https://issues.redhat.com/browse/OCPBUGS-42943): Fix egress gateway pod cleanup for remote zone pods. [#2342](https://github.com/openshift/ovn-kubernetes/pull/2342) * [OCPBUGS-41838](https://issues.redhat.com/browse/OCPBUGS-41838): Use more exact name match when deleting static routes to HO nodes. [#2298](https://github.com/openshift/ovn-kubernetes/pull/2298) * [OCPBUGS-42780](https://issues.redhat.com/browse/OCPBUGS-42780): Add subnet overlap check for transit switch subnet [#2313](https://github.com/openshift/ovn-kubernetes/pull/2313) * [OCPBUGS-41340](https://issues.redhat.com/browse/OCPBUGS-41340): Delete EgressIP LRP stale nexthops when node is not found [#2288](https://github.com/openshift/ovn-kubernetes/pull/2288) * [OCPBUGS-38262](https://issues.redhat.com/browse/OCPBUGS-38262): [release-4.15] Bump OVSDBTimeout and make it configurable. [#2252](https://github.com/openshift/ovn-kubernetes/pull/2252) * [OCPBUGS-37962](https://issues.redhat.com/browse/OCPBUGS-37962): Fix registering northd metrics on appropriate nodes [#2246](https://github.com/openshift/ovn-kubernetes/pull/2246) * [OCPBUGS-37196](https://issues.redhat.com/browse/OCPBUGS-37196): [release-4.15] ovspinning: Set affinity of each thread [#2235](https://github.com/openshift/ovn-kubernetes/pull/2235) * [OCPBUGS-35902](https://issues.redhat.com/browse/OCPBUGS-35902): Bump ovn to 23.09.4-16 [#2216](https://github.com/openshift/ovn-kubernetes/pull/2216) * [OCPBUGS-36382](https://issues.redhat.com/browse/OCPBUGS-36382): Handle IP fragments in SGW mode [#2215](https://github.com/openshift/ovn-kubernetes/pull/2215) * [OCPBUGS-33619](https://issues.redhat.com/browse/OCPBUGS-33619): EgressIP: Reload certificates for the grpc heatlhcheck server [#2167](https://github.com/openshift/ovn-kubernetes/pull/2167) * [OCPBUGS-33623](https://issues.redhat.com/browse/OCPBUGS-33623), [OCPBUGS-33624](https://issues.redhat.com/browse/OCPBUGS-33624): Improve CI signal by removing/suppressing signals [#2168](https://github.com/openshift/ovn-kubernetes/pull/2168) * [OCPBUGS-31814](https://issues.redhat.com/browse/OCPBUGS-31814): ipv6+all protocols conntrack flush [#2131](https://github.com/openshift/ovn-kubernetes/pull/2131) * [OCPBUGS-34404](https://issues.redhat.com/browse/OCPBUGS-34404): [release-4.15] dns: fix deadlock in case of error [#2182](https://github.com/openshift/ovn-kubernetes/pull/2182) * [OCPBUGS-33294](https://issues.redhat.com/browse/OCPBUGS-33294): Reuse node-subnet from cache if exists [#2163](https://github.com/openshift/ovn-kubernetes/pull/2163) * [OCPBUGS-33960](https://issues.redhat.com/browse/OCPBUGS-33960): Egressip garp fix 4.15 [#2175](https://github.com/openshift/ovn-kubernetes/pull/2175) * [OCPBUGS-30899](https://issues.redhat.com/browse/OCPBUGS-30899): use a forked version of j-keck/arping that fixes a threading issue [#2105](https://github.com/openshift/ovn-kubernetes/pull/2105) * [OCPBUGS-32426](https://issues.redhat.com/browse/OCPBUGS-32426): [release-4.15] Improves service iptables efficiency on start up [#2156](https://github.com/openshift/ovn-kubernetes/pull/2156) * [Release 4.15] OCPBUGS-32986: Bump OVS [#2147](https://github.com/openshift/ovn-kubernetes/pull/2147) * [OCPBUGS-27852](https://issues.redhat.com/browse/OCPBUGS-27852): [release-4.15] Full implementation of KEP-1669 ProxyTerminatingEndpoints + ETP=local fix [#2025](https://github.com/openshift/ovn-kubernetes/pull/2025) * [OCPBUGS-29316](https://issues.redhat.com/browse/OCPBUGS-29316): [release-4.15] Ignore missing live migratable pod annotation on AddNode [#2065](https://github.com/openshift/ovn-kubernetes/pull/2065) * [OCPBUGS-32202](https://issues.redhat.com/browse/OCPBUGS-32202): [release-4.15] Bump OVN to 23.09.0-139 [#2121](https://github.com/openshift/ovn-kubernetes/pull/2121) * [OCPBUGS-33020](https://issues.redhat.com/browse/OCPBUGS-33020): drop-forwarding: Add ClusterSubnets to allowed forwarding CIDRs [#2141](https://github.com/openshift/ovn-kubernetes/pull/2141) * [OCPBUGS-32154](https://issues.redhat.com/browse/OCPBUGS-32154): Custom v4 and v6 transit switch subnets while creating kind cluster [#2094](https://github.com/openshift/ovn-kubernetes/pull/2094) * [OCPBUGS-31081](https://issues.redhat.com/browse/OCPBUGS-31081): Periodically check the ovnkube-node certificate is not expired [#2099](https://github.com/openshift/ovn-kubernetes/pull/2099) * [OCPBUGS-31033](https://issues.redhat.com/browse/OCPBUGS-31033): Remove OVN topology version reporting/detection [#2098](https://github.com/openshift/ovn-kubernetes/pull/2098) * [OCPBUGS-31500](https://issues.redhat.com/browse/OCPBUGS-31500), [OCPBUGS-31501](https://issues.redhat.com/browse/OCPBUGS-31501): EIP multi NIC IPv6 support and default route with next hop [#2103](https://github.com/openshift/ovn-kubernetes/pull/2103) * [Full changelog](https://github.com/openshift/ovn-kubernetes/compare/42b1cc427538a736f8c056171b4de7e6c6a366fb...0d35785ab8c4fccea85a0d2e6dc49fe1da2d11cd) ### [powervs-block-csi-driver](https://github.com/openshift/ibm-powervs-block-csi-driver/tree/38bee567a703d3d5ab2ca6e1e047eea8e799c3c5) * [OCPBUGS-36096](https://issues.redhat.com/browse/OCPBUGS-36096): Fix CVE-2024-6104 by updating http-retryable to 0.7.7 [#89](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/89) * [OCPBUGS-33622](https://issues.redhat.com/browse/OCPBUGS-33622): Fix CVE2023-45288 by bumping x/net to v0.24.0 -4.15 [#80](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/80) * [Full changelog](https://github.com/openshift/ibm-powervs-block-csi-driver/compare/5ca428c8a7be80681a1abc8fcb5bb36aaa09c5bc...38bee567a703d3d5ab2ca6e1e047eea8e799c3c5) ### [powervs-cloud-controller-manager](https://github.com/openshift/cloud-provider-powervs/tree/1d6a7ed991427b1c8048b0b44b706228e5c2a001) * [OCPBUGS-36106](https://issues.redhat.com/browse/OCPBUGS-36106): UPSTREAM: <carry>: Fix go-retryablehttp CVE 4.15 [#74](https://github.com/openshift/cloud-provider-powervs/pull/74) * [Full changelog](https://github.com/openshift/cloud-provider-powervs/compare/521b80dfc284a1ca0c6e112ac7bf7b504c786d88...1d6a7ed991427b1c8048b0b44b706228e5c2a001) ### [powervs-machine-controllers](https://github.com/openshift/machine-api-provider-powervs/tree/4121cfc4304dcbb698993a388368f4025ab9c24a) * [OCPBUGS-41977](https://issues.redhat.com/browse/OCPBUGS-41977): Update go.mod to fix CVE - 4.15 [#85](https://github.com/openshift/machine-api-provider-powervs/pull/85) * [Full changelog](https://github.com/openshift/machine-api-provider-powervs/compare/07e8f8b81748d52cf596082b8102134e954137ba...4121cfc4304dcbb698993a388368f4025ab9c24a) ### [prometheus-config-reloader, prometheus-operator, prometheus-operator-admission-webhook](https://github.com/openshift/prometheus-operator/tree/902436ac6a8eec8f2f3f8b91f519a3d319924833) * [OCPBUGS-38400](https://issues.redhat.com/browse/OCPBUGS-38400): feat: sync proxy settings in Alertmanager configuration [#300](https://github.com/openshift/prometheus-operator/pull/300) * [OCPBUGS-36719](https://issues.redhat.com/browse/OCPBUGS-36719): add proxyURL validation for smon,pmon and probe [#298](https://github.com/openshift/prometheus-operator/pull/298) * [Full changelog](https://github.com/openshift/prometheus-operator/compare/faad27f990b16a0806f92bf0362e45d777cec8e7...902436ac6a8eec8f2f3f8b91f519a3d319924833) ### [service-ca-operator](https://github.com/openshift/service-ca-operator/tree/19f312e96bb4e5b7da9f61ea4cab202b227a60c6) * [OCPBUGS-34797](https://issues.redhat.com/browse/OCPBUGS-34797): set required-scc for openshift workloads [#243](https://github.com/openshift/service-ca-operator/pull/243) * [Full changelog](https://github.com/openshift/service-ca-operator/compare/f5972cc74670c274bdc2b29d0903c4ed0432b9ca...19f312e96bb4e5b7da9f61ea4cab202b227a60c6) ### [telemeter](https://github.com/openshift/telemeter/tree/14489f7dc656175e11a3ef962fcbcd113b3651a9) * [OCPBUGS-34831](https://issues.redhat.com/browse/OCPBUGS-34831): fix issuer check during JWT authentication for 4.15 [#538](https://github.com/openshift/telemeter/pull/538) * : OCPBUGS-35076: Release Fix CVE go-jose [#542](https://github.com/openshift/telemeter/pull/542) * [OCPBUGS-32890](https://issues.redhat.com/browse/OCPBUGS-32890): CVE-2024-28180 bump go-jose to v3.0.3 [#531](https://github.com/openshift/telemeter/pull/531) * [Full changelog](https://github.com/openshift/telemeter/compare/18e1ab8682c78eb25d7aeaf53cfcb11d12abcc3b...14489f7dc656175e11a3ef962fcbcd113b3651a9) ### [tests](https://github.com/openshift/origin/tree/1ec96648894ae137d5d976aed612e203e2eb8184) * [OCPBUGS-44106](https://issues.redhat.com/browse/OCPBUGS-44106): Adjust createDNSPod() to support hypershift dual-stack test [#29257](https://github.com/openshift/origin/pull/29257) * [OCPBUGS-38086](https://issues.redhat.com/browse/OCPBUGS-38086): vertical scaling test should not rely on CPMS replicas [#28985](https://github.com/openshift/origin/pull/28985) * [OCPBUGS-39136](https://issues.redhat.com/browse/OCPBUGS-39136): Bump timeout for the pod-network-service endpoints check [#29053](https://github.com/openshift/origin/pull/29053) * [OCPBUGS-38787](https://issues.redhat.com/browse/OCPBUGS-38787): [4.15] egressfirewall: skip ping tests in case of hypershift kubevirt on Azure infra [#28994](https://github.com/openshift/origin/pull/28994) * [OCPBUGS-36264](https://issues.redhat.com/browse/OCPBUGS-36264): add Proxy config [#28912](https://github.com/openshift/origin/pull/28912) * [OCPBUGS-37630](https://issues.redhat.com/browse/OCPBUGS-37630): remove unused in-cluster monitoring code [#28956](https://github.com/openshift/origin/pull/28956) * #28746 FIX [release-4.15] OCPBUGS-33023: update egressFWTestE2E image which contains ping binary [#28898](https://github.com/openshift/origin/pull/28898) * [OCPBUGS-36724](https://issues.redhat.com/browse/OCPBUGS-36724): Removes dependency on samples operator images [#28927](https://github.com/openshift/origin/pull/28927) * [OCPBUGS-36319](https://issues.redhat.com/browse/OCPBUGS-36319): Only look for thanos connections to platform monitoring stack [#28915](https://github.com/openshift/origin/pull/28915) * [OCPBUGS-34949](https://issues.redhat.com/browse/OCPBUGS-34949): test/extended: skip etcd leader change check on hypershift [#28919](https://github.com/openshift/origin/pull/28919) * [OCPBUGS-28928](https://issues.redhat.com/browse/OCPBUGS-28928): Add test for UpgradeValidation contention [#28820](https://github.com/openshift/origin/pull/28820) * [OCPBUGS-33368](https://issues.redhat.com/browse/OCPBUGS-33368): [release-4.15] monitor test service-type-load-balancer-availability setup fails frequently in 4.14 & 4.15 PowerVS CI jobs [#28821](https://github.com/openshift/origin/pull/28821) * #28776 FIX [release-4.15] OCPBUGS-33368: monitor test fix to wait before connecting to a non-existent dns on PowerVS and IBMCloud platforms [#28791](https://github.com/openshift/origin/pull/28791) * [OCPBUGS-26520](https://issues.redhat.com/browse/OCPBUGS-26520): Kuryr: Ignore Upgradeable=False on operators tests [#28512](https://github.com/openshift/origin/pull/28512) * [OCPBUGS-33347](https://issues.redhat.com/browse/OCPBUGS-33347): Provide SCC access via RBAC [#28780](https://github.com/openshift/origin/pull/28780) * [OCPBUGS-33541](https://issues.redhat.com/browse/OCPBUGS-33541): Adjust the method of get the apiServer (release-4.15) [#28762](https://github.com/openshift/origin/pull/28762) * [OCPBUGS-33473](https://issues.redhat.com/browse/OCPBUGS-33473): [release-4.15] MULTIARCH-4352: Censor private key from pod dump logs [#28666](https://github.com/openshift/origin/pull/28666) * : OCPBUGS-32554: Also rely on oomkilled exit code 137 in build test [#28724](https://github.com/openshift/origin/pull/28724) * [OCPBUGS-31726](https://issues.redhat.com/browse/OCPBUGS-31726): Use centos7 tag instead of latest for cmd images tests [#28688](https://github.com/openshift/origin/pull/28688) * [OCPBUGS-30892](https://issues.redhat.com/browse/OCPBUGS-30892): fix panic on non-standard node-role labels [#28656](https://github.com/openshift/origin/pull/28656) * [Full changelog](https://github.com/openshift/origin/compare/d68c509dc1c13489fdff39e618fccaaa72a84fa3...1ec96648894ae137d5d976aed612e203e2eb8184) ### [vsphere-cloud-controller-manager](https://github.com/openshift/cloud-provider-vsphere/tree/81ad52ad7bcf37b225bc50a6e6150ca0572057b7) * [OCPBUGS-37659](https://issues.redhat.com/browse/OCPBUGS-37659): Bump otelgrpc to v0.49.0 [#71](https://github.com/openshift/cloud-provider-vsphere/pull/71) * [Full changelog](https://github.com/openshift/cloud-provider-vsphere/compare/d2af698277d7dbbd020f8b05b1c319e1bbb1eeae...81ad52ad7bcf37b225bc50a6e6150ca0572057b7) ### [vsphere-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-vsphere/tree/5611168658586d68b5a92c77c07304694fc2cc64) * [OCPBUGS-30117](https://issues.redhat.com/browse/OCPBUGS-30117): manifests: Add in CustomNoUpgrade [#38](https://github.com/openshift/cluster-api-provider-vsphere/pull/38) * [Full changelog](https://github.com/openshift/cluster-api-provider-vsphere/compare/2070c131306654b67ad6c52261818833e3c70316...5611168658586d68b5a92c77c07304694fc2cc64) ### [vsphere-csi-driver, vsphere-csi-driver-syncer](https://github.com/openshift/vmware-vsphere-csi-driver/tree/4b15e93bd578484c4bfb1c124fa655c451bbd1ca) * [OCPBUGS-33604](https://issues.redhat.com/browse/OCPBUGS-33604): FailedPrecondition volume does not appear staged [#118](https://github.com/openshift/vmware-vsphere-csi-driver/pull/118) * [Full changelog](https://github.com/openshift/vmware-vsphere-csi-driver/compare/74481e34aa9c2ef2de0ce0289e2383a179d34b89...4b15e93bd578484c4bfb1c124fa655c451bbd1ca) ### [vsphere-problem-detector](https://github.com/openshift/vsphere-problem-detector/tree/15ed0ae1d7bcfc9fd24e32bf3650e0e960c115be) * [OCPBUGS-37760](https://issues.redhat.com/browse/OCPBUGS-37760): Drop event when CheckDefaultDatastore fails [#170](https://github.com/openshift/vsphere-problem-detector/pull/170) * [OCPBUGS-35732](https://issues.redhat.com/browse/OCPBUGS-35732): Fix missing failure-domains [#161](https://github.com/openshift/vsphere-problem-detector/pull/161) * [Full changelog](https://github.com/openshift/vsphere-problem-detector/compare/de02a75de63c6d8afd8467afd9aff97878d8bea4...15ed0ae1d7bcfc9fd24e32bf3650e0e960c115be)