4.14.56

Download the installer for your operating system or run

oc adm release extract --tools quay.io/openshift-release-dev/ocp-release:4.14.56-x86_64

Team Approvals:

Accepted
- QE

Tests:

Blocking jobs
- upgrade Succeeded release-openshift-origin-installer-e2e-aws-upgrade
- upgrade-minor Succeeded release-openshift-origin-installer-e2e-aws-upgrade
Informing jobs
- aws-ovn-serial Failed (3 retries) periodic-ci-openshift-release-master-nightly-4.14-e2e-aws-ovn-serial
- aws-ovn-upgrade-micro Failed (3 retries) periodic-ci-openshift-release-master-ci-4.14-e2e-aws-ovn-upgrade
- aws-sdn-upgrade-4.14-micro Succeeded periodic-ci-openshift-release-master-nightly-4.14-e2e-aws-sdn-upgrade
- azure-ovn-upgrade-4.14-micro Failed (3 retries) periodic-ci-openshift-release-master-ci-4.14-e2e-azure-ovn-upgrade
- fips-scan Succeeded periodic-ci-openshift-release-master-nightly-4.14-fips-payload-scan
- gcp-ovn-rt-upgrade-4.14-minor Failed (3 retries) periodic-ci-openshift-release-master-ci-4.14-upgrade-from-stable-4.13-e2e-gcp-ovn-rt-upgrade
- hypershift-ovn-conformance Succeeded periodic-ci-openshift-hypershift-release-4.14-periodics-e2e-aws-ovn-conformance
- metal-ipi-ovn-ipv6 Failed (3 retries) periodic-ci-openshift-release-master-nightly-4.14-e2e-metal-ipi-ovn-ipv6
- metal-ipi-sdn-bm Failed (3 retries) periodic-ci-openshift-release-master-nightly-4.14-e2e-metal-ipi-sdn-bm

Upgrades from:

Untested upgrades: 4.13.23, 4.13.24, 4.13.25, 4.13.26, 4.13.27, 4.13.29, 4.13.30, 4.13.31, 4.13.32, 4.13.33, 4.13.34, 4.13.35, 4.13.36, 4.13.37, 4.13.38, 4.13.39, 4.13.40, 4.13.42, 4.13.43, 4.13.44, 4.13.45, 4.13.46, 4.13.49, 4.13.50, 4.13.51, 4.13.52, 4.13.53, 4.13.54, 4.13.55, 4.13.56, 4.14.10, 4.14.11, 4.14.13, 4.14.14, 4.14.15, 4.14.16, 4.14.17, 4.14.18, 4.14.19, 4.14.20, 4.14.21, 4.14.22, 4.14.23, 4.14.25, 4.14.26, 4.14.27, 4.14.28, 4.14.29, 4.14.3, 4.14.30, 4.14.31, 4.14.32, 4.14.33, 4.14.34, 4.14.35, 4.14.36, 4.14.37, 4.14.38, 4.14.39, 4.14.4, 4.14.40, 4.14.41, 4.14.42, 4.14.44, 4.14.45, 4.14.46, 4.14.48, 4.14.49, 4.14.5, 4.14.50, 4.14.51, 4.14.52, 4.14.6, 4.14.7, 4.14.8, 4.14.9

4.15.0-0.nightly-2025-08-20-015949 - F F F F F F
4.14.55 (changes) - F F F F F F F F S F S F
4.14.54 (changes) - Failed
4.14.53 (changes) - Success
4.14.43 (changes) - Success
4.14.24 (changes) - Failed
4.14.12 (changes) - Failed
4.14.2 (changes) - Success
4.14.1 (changes) - Failed
4.14.0 (changes) - Failed
4.13.59 (changes) - F F F F S S S S
4.13.58 (changes) - Success
4.13.57 (changes) - Failed
4.13.48 (changes) - Success
4.13.41 (changes) - Failed
4.13.28 (changes) - Failed
4.13.22 (changes) - Failed
4.13.21 (changes) - Success
4.13.19 (changes) - Failed
4.12.79 (changes) - Failed

Loading changelog, this may take a while ...

Changes from 4.15.0-0.nightly-2025-08-20-015949

Created: 2025-08-28 21:00:48 +0000 UTC

Image Digest: sha256:5f0204b0de50a408dc8b52f568e90aef6b3266ee8d22a77c1b34ceefb2b00f14

Components

Kubernetes upgraded from 1.28.15 to 1.27.16
Red Hat Enterprise Linux CoreOS upgraded from 415.92.202508192014-0 to 414.92.202508270040-0 (diff)

New images

kuryr-cni git 8926a294 sha256:efa6dc87055200447f11a6a18aecac930d2f159a1dcd6600d5935490d8f40d26
kuryr-controller git 8926a294 sha256:2e6980eeff217a38185ccdb43c0b3074b3df8437b72ddb89919a78e25a615f4f
ovirt-machine-controllers git 5d708631 sha256:81b012fc3f45012d9846b0158d3659a8081892742811499a3720b472e0d1ef86

Removed images

cluster-config-api
installer-altinfra
kube-metrics-server
openstack-cluster-api-controllers

Rebuilt images without code change

machine-os-content sha256:19be24e930e1c279e2d93dc0fee60236a49f75ff647bdb971d283569e148d654
rhel-coreos sha256:9a7d7fd877f4ca65cce28c3fe8d1a0108d843c8718541ca1976f9b6707f9d8c0
rhel-coreos-extensions sha256:40354318e09914a15cf32c05a779ad3df1cefb35cf0114b30d418eb5aeff11b0

agent-installer-api-server

OCPBUGS-58632, OCPBUGS-58637: Bump glog to v1.2.5 in release-4.14 (#7906) #7906
OCPBUGS-53691: Bump jwt to 4.5.2 in release-4.14 (#7499) #7499
OCPBUGS-46941: OCPBUGS-46184: Bump golang.org/x/net to 0.33.0 (#7200) #7200
OCPBUGS-15346, OCPBUGS-15347: Update version go-http-metrics and gin-gonic/gin (#6899) #6899
OCPBUGS-34641: Invalid Pull-Secret when using password which contains a colon character (#6416) #6416
OCPBUGS-31631: Deploy dual stack with IPv6 on top of bond/vlan fails (#6322) #6322
MGMT-17594: Bump x/net to v0.24.0 to mitigate CVE-2023-45288 (#6216) #6216
MGMT-17549: Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#6203) #6203
MGMT-17541: Replace broken golangci reference (#6197) #6197
NO-ISSUE: replace postgres images as current one disappeared from quay (#6134) #6134
MGMT-16950: changing dnsmasq configuration for sno in order to meet single ip installation flow for ibu (#5973) #5973
MGMT-16494: Move ip hint file creation to ignition in order to change it in IBI process (#5974) #5974
MGMT-16517: Add Env Var Deployment Type & Set ABI (#5987) #5987
MGMT-15796: set CloudControllerManager to External for OCI (#5877) #5877
OCPBUGS-23069: Ignore hostPrefix validation for plugins other than OVN/SDN (#5676) #5676
Full changelog

agent-installer-csr-approver, agent-installer-orchestrator

OCPBUGS-58642: CVE-2024-45339: Bump glog pkg version to 1.2.4 (#1194) #1194
OCPBUGS-53715: Bump jwt to 4.5.2 in release-4.14 (#1093) #1093
Bump golang.org/x/net to v0.33.0 (#1012) #1012
OCPBUGS-15347: Update version go-http-metrics/gin (#933) #933
MGMT-17594: Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#834) #834
MGMT-17591: Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#830) #830
MGMT-16843: Ensure valid hostname during install (#794) #794
OCPBUGS-20049: Remove uninitialized taint for agent-based installs (#753) #753
Full changelog

agent-installer-node-agent

OCPBUGS-58652, OCPBUGS-58657: Bump glog to v1.2.5 in release-4.14 (#1073) #1073
OCPBUGS-53707: Bump golang-jwt/jwt/v4 to 4.5.2 in release-4.14 (#973) #973
OCPBUGS-46955: Bump golang.org/x/net to 0.33.0 (#885) #885
OCPBUGS-16483: Update apimachinery dependency to remove goproxy dep (#709) #709
OCPBUGS-33404: Make removable disks eligible (#725) #725
MGMT-17594: Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#705) #705
MGMT-17591: Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#703) #703
MGMT-17541: Replace broken golangci reference (#698) #698
Full changelog

agent-installer-utils

OCPBUGS-25727: Updating ose-agent-installer-utils-container image to be consistent with ART for 4.14 #34
Full changelog

alibaba-cloud-controller-manager

OCPBUGS-21255: Bump golang.org/x/net to v0.18.0 #38
Full changelog

alibaba-cloud-csi-driver

OCPBUGS-21350: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #36
Full changelog

alibaba-disk-csi-driver-operator

OCPBUGS-25657: Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #81
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #71
OCPBUGS-21443: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #64
Full changelog

apiserver-network-proxy

OCPBUGS-38066: Revert “Agent: Respect HTTPS_PROXY env vars for proxied connections” #61
OCPBUGS-31984: Bump golang.org/x/net to v0.23.0 #52
HOSTEDCP-1323: Merge latest code into 4.14 branch #45
Full changelog

aws-cloud-controller-manager

OCPBUGS-38786: Ensure that addresses are added in network device index order #93
OCPBUGS-32066: update for CVE-2023-45288 [release-4.14] #83
OCPBUGS-23826: bump go.opentelemetry.io #67
OCPBUGS-27759: Adds ecr-credential-plugin .spec #71
OCPBUGS-20755: Upgrade x/net to v0.17.0 #50
Full changelog

aws-cluster-api-controllers

OCPBUGS-58667, OCPBUGS-58672: bump github.com/golang/glog to v1.2.5 #563
OCPBUGS-44295: [release-4.14] OSD-25934: Only tag NetworkInterfaces in RunInstances if IAM Allows It #533
OCPBUGS-34856: UPSTREAM: <carry>: Fix instance PrivateDNSName when domain-name is set in dhcpOpts #516
OCPBUGS-31332: UPSTREAM: 4670:Update awsmachine providerID and instanceID immediately after ec2:RunInstances is called #506
OCPBUGS-31251: fix e2e tests on release branches #505
OCPBUGS-20857: bump golang.org/x/net to v0.17.0 #481
Full changelog

aws-ebs-csi-driver

OCPBUGS-35123: CVE-2023-48795: bump golang.org/x/crypto to v0.17.0 #271
OCPBUGS-33078: UPSTREAM: 1919: Add reserved-volume-attachments #264
OCPBUGS-20957: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #239
Full changelog

aws-ebs-csi-driver-operator

OCPBUGS-33078: Explicitly reserve 1 attachment for the root disk #306
OCPBUGS-25657: Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #302
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #296
OCPBUGS-21057: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #280
STOR-1432: hypershift: deploy controller with control plane release images #252
OCPBUGS-16783: Chore: Update OWNERS #251
Bump k8s.io/apiextensions-apiserver from 0.27.1 to 0.27.4 #250
Bump k8s.io/component-base from 0.26.3 to 0.27.3 #240
OCPBUGS-15823: Change CSI RPC call timeouts #248
STOR-1065: Rework sidecar bindings to bind common ClusterRoles #244
OCPBUGS-14824: Bump efs-ebs-driver-operator library-go #247
STOR-1168: Bump common libraries #222
Bump Kubernetes libs to v0.27.1 #243
STOR-1167: Enable extra-create-metadata to tag snapshots #223
STOR-1300: Restart controller Pods if metrics-serving-cert changed #216
OCPBUGS-11882: Added safe-to-evict-local-volume annotation from bound-sa-token to ebs-controller #232
OCPBUGS-11882: Added safe-to-evict annotation to aws-ebs-csi-driver-controller pods #231
OCPBUGS-13017: assets/hypershift/controller_sa: Set controller ServiceAccount imagePullSecrets #219
Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART #217
Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART #215
Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART #214
Bump github.com/spf13/cobra from 1.6.1 to 1.7.0 #207
OCPBUGS-8691: Hypershift: set control plane operand properties #205
Bump k8s.io/apiextensions-apiserver from 0.26.2 to 0.26.3 #203
OCPBUGS-8752: fix: typo #198
OCPBUGS-8752: feat: add workload annotation to deployment and daemonset #194
Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART #195
Bump k8s.io/apiextensions-apiserver from 0.26.1 to 0.26.2 #189
Bump k8s.io/klog/v2 from 2.90.0 to 2.90.1 #190
STOR-875: Implement custom keys in AWS EBS CSI driver operator #185
OCPBUGS-7837: do not inject-proxy when deploying in hypershift control plane #186
Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 #182
Add ok-to-test label to dependabot PRs #184
Bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 #183
add dependabot config for gomod updates #181
STOR-1019: Bump to k8s 1.26 libs for OCP 4.13 #179
STOR-947: support disabling default StorageClass via ClusterCSIDriver #173
[#177] fix 404 in readme #178
Bug 2106736: Add multiplePVsSameID capability #175
STOR-1078: Add hostPaths necessary for SELinux mounts #174
Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART #172
OCPBUGS-4491: hypershift: use correct kubeconfig secret #169
OCPBUGS-4347: set TLS cipher suites in Kube RBAC sidecars #168
OCPBUGS-3990: Add HyperShift specific priorityClass #167
OCPBUGS-3978: Don’t deploy VolumeSnapshotClass in static controller #165
STOR-1040: port to hypershift #159
OCPBUGS-1904: Only deploy VolumeSnapshotClass when CRD exists #164
Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART #162
Reformat for go 1.19 #163
STOR-858: Bump github.com/openshift/* and k8s.io/* #161
STOR-764: Change the default StorageClass to the CSI one (AWS) #160
Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART #158
Bug 2089973: bump libs to k8s 1.24 for OCP 4.11 #156
Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART #157
Bug 2074706: Set custom endpoint environment variable if available #153
Bug 2049671: avoid excessive GET and DELETE in ResourcesSync controller #151
Set CSIDriver fsGroupPolicy #150
Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART #148
Bug 2043130: aws-ebs: Add external-snapshotter permissions to patch snapshots #147
Bug 2038934: Add custom CA bundle support #146
Bug 2028484: AWS EBS CSI driver’s livenessprobe does not respect operator’s loglevel #144
Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART #143
Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART #141
Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART #139
Bug 1998174: Add StorageClass for gp3 #140
Bug 1993931: Storage operators use older kubernetes client #138
Bug 1990146: some controllers missing livenessProbe #134
Use generic deployment controller with additional manifest hooks #128
Start using “embed” module for static assets #131
Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART #132
Updating .ci-operator.yaml build_root_image from openshift/release #130
Bug 1969538: Include default VolumeSnapshotClass #129
Bug 1960732: update manifest and readme #127
Bug 1947402: Deploy multiple replicas of CSI Controller Service #122
Bug 1948311: DelegatingAuthenticationOptions TokenReview request timeout #126
Bug 1951952: Metrics for cloudprovider error requests are lost #125
Bug 1956411: Add custom tags from Infrastructure #116
Bug 1947774: fix imagePullPolicy to ifNotPresent #120
Bug 1948311: DelegatingAuthenticationOptions TokenReview request timeout #121
Bug 1924470: Bump Kubernetes to 1.21 #119
Fix kube-rbac-proxy image reference #118
Add metrics scraping #117
Updating ose-aws-ebs-csi-driver-operator builder & base images to be consistent with ART #115
Bug 1933184: Add maxUnavailable to DaemonSets #114
Updating ose-aws-ebs-csi-driver-operator builder & base images to be consistent with ART #112
Cleanup: Remove serviceName from controller manifest #113
Bug 1905119: dynamically update controller asset for custom CA bundle #111
Updating ose-aws-ebs-csi-driver-operator builder & base images to be consistent with ART #109
Bug 1912945: Set proxy config in Deployment containers #106
Bug 1898045: redeploy CSI Controller Deployment when secret changes #107
Bug 1898045: redeploy CSI Controller Deployment when secret changes #104
support custom CA bundle for AWS API #102
assets/controller.yaml: support using aws config for credentials #99
Bug 1898851: Add multipods tests #100
Bug 1898851: Enable topology tests for the driver #98
Updating ose-aws-ebs-csi-driver-operator builder & base images to be consistent with ART #96
Bug 1840759: Pass cluster ID to CSI driver #83
Bug 1879475: Update library-go to include explicit reasons #95
Bug 1879406: Use port 10300-10301 for liveness probes #94
Bug 1881298: Run the node DaemonSet only on Linux nodes #93
Bug 1878163: Updating Dockerfile.rhel7 baseimages to mach ocp-build-data config #92
Bug 1866791: Bump library-go to get better operatorLogLevel validation #90
Bug 1876791: Add default fsType to provisioned PVs #89
Bug 1876791: Update provisioner container to v2.0.0 #87
Bug 1877084: Increase resizer timeout to 300s #88
Bug 1868339: Don’t create CredentialsRequest in aws-ebs-csi-driver-operator #86
Bug 1873168: set resizer context timeout to 120s #84
Bug 1871998: Schedule CSI Controller on master nodes #82
Bug 1872080: Updating Dockerfile.rhel7 baseimages to mach ocp-build-data config #80
Bug 1872500: csiTimeout has been removed in favour of timeout parameter #81
Bug 1871051: Add external-attacher permissions to patch status #79
Use installed StorageClass for tests #78
Add pod-listing permissions #77
Newer resizer needs ability to list/watch all pods #73
Bug 1863055: CSI drivers should tolerate any taints #71
Update to new version of library-go #76
Bug 1866339: Update to go 1.14 and OCP 4.6 #67
Change order in which rbacs is applied #74
Don’t use Always pull policy #69
Increase CSI resizer context timeout #72
Use the driver provided by installer for e2e tests #70
Fix the operator images and assets #68
Migrate to CSI operator library from library-go #65
Bug 1843579: Set progressing condition when removing operand #63
Bug 1842402: Add word “Driver” to displayName #61
Bug 1834662: Set proper conditions when running in wrong platform #59
Bug 1839720: Revert “Add defaulting to driver.Spec fields” #60
Bug 1835726: Actually use error message from the credentials operator #58
Bug 1835778: Detect CSI driver installed by cluster admin #56
Bug 1836834: Rename env. variables #57
Bug 1835726: Report error conditions on CredentialsRequest on the driver CR #54
Bug 1836834: Remove VERSION env. variables #55
Bug 1835716: Allow the operator to be installed only once #53
Bug 1835604: Add defaulting to driver.Spec fields #52
Bug 1828963: Fix the operator CSV and CRD #51
Bug 1827130: Rebase to new library-go #49
Bug 1827638: Rename CRD to AWSEBSDriver #50
Bug 1827099: Add suggested namespace for driver install #46
Bug 1826285: Don’t delete driver if CR doesn’t exist #43
Document how to install OPM tool #40
Update the operand when image changes #32
Fix Dockerfile typo #39
Use quay.io for the operator and driver images #38
Add index image #35
Wait for pods before starting e2e tests #34
Remove hostmount-anyuid SCC from the operator #33
Add BZ component to OWNERS #31
Make credentials secret required #25
Finish e2e test preparation #30
Validate CR name #29
Parse CSV to install the operator for e2e tests #28
Add CSV for OLM #13
Add image with e2e test scripts & manifests #27
Update group of CRD #17
Add CredentialsRequest creation #19
Use /bin/oc when available in e2e tests #24
TODO list has been migrated to GH issues #23
Bump openshift/library-go #14
Rework e2e tests from Makefile to a script #16
Add test-e2e Makefile target #15
Prepare for e2e test #9
Fix log level #10
Bump OCP version in image name #8
Add missing deps #6
Fix unit tests after API bump #5
Bump openshift/library-go #4
Use better resource names and defaults #3
Add OWNERS #2
Import code #1
And 1 elided commits (e.g. from squash or rebase merges)
Full changelog

aws-machine-controllers

OCPBUGS-17298, OCPBUGS-21571: Update golang.org/x/net to v0.17.0 #88
Full changelog

aws-pod-identity-webhook

OCPBUGS-32884: Upgrade go-jose module to 2.6.3 #189
OCPBUGS-21761: Backport the recent rebase to 4.14 #168
NO-ISSUE: Sync OWNERS with team members #176
snyk: exclude vendor/ #171
Full changelog

azure-cloud-controller-manager, azure-cloud-node-manager

OCPBUGS-57111: Adds acr-credential-provider spec file and build script #144
OCPBUGS-23829: Bump otelgrpc to v0.49.0 #124
OCPBUGS-21439: Bump golang.org/x/net to v0.18.0 #93
Full changelog

azure-cluster-api-controllers

OCPBUGS-36023: Update go-retryablehttp to v0.7.7 #313
OCPBUGS-35125: Bump x/crypto to v0.24.0 #307
OCPBUGS-17283, OCPBUGS-21516: [release-4.14] Bump golang.org/x/net to v0.17.0 #286
Full changelog

azure-disk-csi-driver

OCPBUGS-35126: CVE-2023-48795: bump golang.org/x/crypto to v0.17.0 #82
OCPBUGS-20701: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #54
Full changelog

azure-disk-csi-driver-operator

OCPBUGS-25657: Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #120
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #109
OCPBUGS-20784: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #101
Full changelog

azure-file-csi-driver

ART-13080: Regenerate go.mod to fix build failures #95
OCPBUGS-41164: bump mount-utils to treat ENODEV error as corrupted mount #79
OCPBUGS-33039: Rebase v1.29.5 for OCP 4.14 #66
OCPBUGS-20884: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #37
Full changelog

azure-file-csi-driver-operator

OCPBUGS-33039: add token audience for Azure File #104
OCPBUGS-25657: Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #94
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #83
OCPBUGS-20983: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #76
Full changelog

azure-machine-controllers

CFE-1050: Added support of capacity reservation group #109
OCPBUGS-35133: Bump x/crypto to v0.24.0 #112
OCPBUGS-30898: Remove startupScript vmextension lookup #106
OCPBUGS-29152: Don’t create availability set when using spot instances #98
OCPBUGS-28745: Improving performance of VMs created in Azure #96
OCPBUGS-17299, OCPBUGS-20773: Bump x/net package to v0.17.0 #80
Full changelog

azure-workload-identity-webhook

OCPBUGS-53795: github.com/golang-jwt/jwt/v4 v4.5.2 #35
OCPBUGS-32894: Upgrade go-jose module to 2.6.3 #19
OCPBUGS-21093: Upgrade golang/x/net for CVE-2023-39325 (4.14) #14
Full changelog

baremetal-installer, installer, installer-artifacts

OCPBUGS-55193: data/manifests/bootkube/cvo-overrides: Default to eus-4.14 #9643
OCPBUGS-54323: Update upi references to api-internal #9609
OCPBUGS-54264: IBMCloud: Move to IBM TF openshift fork #9605
OCPBUGS-54260: vsphere-fix convert if only provided name #9602
OCPBUGS-52996: Bump terraform-provider-google version to v5.37.0 to fix consistent issues during cluster creation #9587
OCPBUGS-53210: PowerVS: remove system pools #9572
OCPBUGS-46606: Power VS: Create region-zone-sysType hierarchy #9331
OCPBUGS-48196: IBMCloud: Ignore failed VPC regions #9350
OCPBUGS-45464: add chrony.conf file when additional NTP sources are configured #9269
OCPBUGS-43505: Stop rendering networks.config CRD #9105
OCPBUGS-42285: Add AWS r8g to arm tested instance types #9050
OCPBUGS-42848: add tested instance type for IBMCloud #9082
OCPBUGS-25508: Update Golang SSH package version update to 0.17.0 #8992
OCPBUGS-39411: Added yq to ci image #8943
OCPBUGS-36180: baremetal IPI without provisioning network failing on provisioning-interface.service #8712
OCPBUGS-36089: [release-4.14] bump go-retryablehttp for CVE fix #8658
OCPBUGS-37183: ic: fix typo in warning message #8771
OCPBUGS-37068: update RHCOS 4.14 bootimage metadata to 414.92.202407091253-0 #8748
OCPBUGS-36748: Add yq-v4 to the upi-installer image for CI #8684
OCPBUGS-35827: If host is offline or disconnected don’t check ver #8634
OCPBUGS-35826: [release-4.14] bump github.com/containers/image for CVE fix #8633
OCPBUGS-35485: [release-4.14] aws: terraform: add spot instance support for masters #8605
OCPBUGS-34024: go.mod: bump aws-sdk-go for ca-west-1 support #8440
OCPBUGS-33401: PowerVS: Add composite_instance to listServiceInstances #8479
CORS-2951: Add deprecation notice for OpenShiftSDN for 4.14 users #8518
OCPBUGS-28611: remove retired serial NCv2 from azure tested instance type list on x86 #7960
OCPBUGS-27394: preserve category name when trying to find tag category #7926
OCPBUGS-33010: escape ‘%’ in proxy settings #8318
OCPBUGS-31756: openstack: Honour worker server group policy #8231
NO-ISSUE: test fix to support slightly different nmstate error messages #8286
OCPBUGS-32358: Updated libvirt installer to include multi-arch yq and symlink for backwards compatibility #8281
OCPBUGS-31885: Validate control plane replicas #8241
OCPBUGS-31677: coreos-installer iso kargs show broken on Agent ISO #8228
OCPBUGS-31338: upi: aws: fix typo in worker templates #8203
Bug OCPBUGS-30187: OpenStack: fix controlPlanePort validation #8095
OCPBUGS-30027: gcp: better error msg when service accnt missing #8078
OCPBUGS-30259: PowerVS remove ibm cloud/bluemix go 4.14 #8103
OCPBUGS-29123: IBMCloud: Handle disk delete errors #7988
OCPBUGS-29626: update RHCOS 4.14 bootimage metadata to 414.92.202402130420-0 #8037
OCPBUGS-28929: [release-4.14] Bump containerd for vulnerability fix #7981
OCPBUGS-27419: Fix depreciated typo #7929
OCPBUGS-24521: set vmType in azure cloud config [release-4.14] #7804
OCPBUGS-23738: vSphere - when using RP network path is incorrect #7759
OCPBUGS-27241: baremetal: correct external_http_url for v6-only BMCs #7914
OCPBUGS-22315: bootstrap: Enable gatewayd units only on RHCOS #7628
OCPBUGS-23498: update RHCOS 4.14 bootimage metadata to 414.92.202401110948-0 #7919
OCPBUGS-20860: Bump versions for golang modules to accommodate fixes for CVE-2023-39325 & CVE-2023-44487 #7887
OCPBUGS-22895: Do not generate azure-cloud-provider in manual mode for aro builds #7670
OCPBUGS-22771: aws: use security groups from defaultMachinePlatform #7658
OCPBUGS-24489: baremetal: populate customDeploy in advance #7802
OCPBUGS-22770: destroy: gcp: fix destroying regional disks #7657
Bug OCPBUGS-22776: OpenStack: Fix IPv6 address configuration for bootstrap #7660
OCPBUGS-22978: IBMCloud: Add eu-es region #7684
OCPBUGS-23399: Check if PER is enabled in the target PowerVS workspace #7736
OCPBUGS-22688: Bump Fedora CoreOS to latest stable #7647
OCPBUGS-22774: Add KMS encryption keys if provided #7659
OCPBUGS-21868: vSphere,segfault on version check #7605
OCPBUGS-22945: Update gcloud version to 447.0.0 #7681
OCPBUGS-22187: azure: validation: validate defaultMachinePlatform #7615
OCPBUGS-22758: update RHCOS 4.14 bootimage metadata to 414.92.202310210434-0 #7655
OCPBUGS-19922: Release 4.14 skip agent tui on external oci platform #7599
OCPBUGS-21653: Rectify GCP label key validation check #7606
OCPBUGS-20357: update RHCOS 4.14 bootimage metadata to 414.92.202310170514-0 #7618
OCPBUGS-20396: Unable to disable external CCM for platform external #7594
OCPBUGS-20522: Use changes to AgentClusterInstall during loading #7588
Enforcing the serial execution of the integration tests #7598
OCPBUGS-20581: enable cloud controller manager type to be defined #7581
OCPBUGS-20441: Warn about host and target compatibility #7583
OCPBUGS-20345: Enable serial console for external OCI platform #7569
OCPBUGS-20401: always write AWS cloud.conf #7578
OCPBUGS-19922: Do not start agent-tui if no graphical console available #7539
OCPBUGS-20103: GCP default value for service account #7553
OCPBUGS-19953: AWS terraform bootstrap destroy will not refresh state #7543
OCPBUGS-20066: Use updated ansible-core for Openstack image #7551
OCPBUGS-19835: Enable FIPS in agent ISO #7541
OCPBUGS-19846: Graceful fail for AWS getUser on destroy #7532
OCPBUGS-19033: Add Net capabilities to dnsmasq container #7489
OCPBUGS-19319: Handle agent tui failure gracefully #7497
OCPBUGS-19738: Remove warning about CPUPartitioning #7529
OCPBUGS-19300: Implement workaround to allow SNO installations for OKD/FCOS #7479
OCPBUGS-19702: Increase bootstrap timeout for vSphere platform by 30 mins #7528
OCPBUGS-19636: Pass CPUPartitioning via install-config overrides if set #7521
OCPBUGS-18181: update RHCOS 4.14 bootimage metadata to 414.92.202309201615-0 #7517
OCPBUGS-18719: for vsphere ipi add cluster domain to the uploaded vm configs so that… #7477
OCPBUGS-18883: Do not set FailureDomains on CPMS when in a single zone Azure region #7483
AGENT-702: Generate minimal ISO for external platform #7478
Full changelog

baremetal-machine-controllers

OCPBUGS-46643: Bump x/net to 0.33.0 #228
OCPBUGS-31435: Bump golang-protobuf version #215
OCPBUGS-29177: Extend metal3remediation aggregation role #211
OCPBUGS-21702: Uplift x/net to v0.17.0 #198
Full changelog

baremetal-operator

OCPBUGS-53337: BMO can expose any secret via BMCEventSubscription CRD #409
OCPBUGS-38940: [OCP] Ability to disable agent power off after deployment #374
OCPBUGS-34814: PreprovisioningImage should not be created on poweroff #359
OCPBUGS-23324: Backport node poweroff fixes #318
OCPBUGS-24409: Don’t munge timestamp in structured logs, again #324
OCPBUGS-24489: Do not update instance_info and deploy_interface for active nodes #325
OCPBUGS-21190: Uplift x/net to v0.17.0 #307
OCPBUGS-20315: Add an explicit Architecture field #304
Full changelog

baremetal-runtimecfg

OCPBUGS-37502: Fix handling of ELB Node IP detection #324
OCPBUGS-35846: Add support for OVN HostCidrs annotation #321
OCPBUGS-32524: Decrease log level when detecting node IP #306
OCPBUGS-26928: Add .snyk file to ignore vendor and test files #294
OCPBUGS-23474: Use shorter IP label for keepalived VIP #288
OCPBUGS-22206: deps: upgrade x/sys #281
OCPBUGS-20080: Increase timeout for bootstrap kubeapi #277
Full changelog

cli, cli-artifacts, deployer, tools

OCPBUGS-35475: Remove some of newapp unit tests relying on external deprecated images #1802
OCPBUGS-35447: bump go-git to 5.11.0 #1799
OCPBUGS-30287: oc adm catalog mirror: use ToSlash and FromSlash to unify the path separators #1699
OCPBUGS-25983: Remove deprecated password defaulting in default config flag #1646
OCPBUGS-24197: Add client version in must-gather summary #1607
OCPBUGS-24460: Overwrite template’s namespace with the explicit one #1616
OCPBUGS-22702: Reflect container’s exit code for long running tasks not attached to terminal #1592
OCPBUGS-20508: regeneratemco: explicitly check for PlatformStatus field #1573
OCPBUGS-20527: Set ImportPolicy to PreserveOriginal to honor –keep-manifest-list when mirroring a payload to an image stream #1574
OCPBUGS-21611: Bump golang.org/x/net to v0.17.0 #1579
OCPBUGS-20258: Updating excluded list of unsupported oc adm commands in MicroShift #1561
OCPBUGS-20269: Use quay redis image instead docker mysql #1562
Full changelog

cloud-credential-operator

OCPBUGS-58677: github.com/golang/glog v1.2.5 #895
OCPBUGS-53418: github.com/golang/glog v1.2.4 #845
OCPBUGS-53819: update github.com/golang-jwt/jwt #841
OCPBUGS-51542: Ignore SNYK-GOLANG-GOLANGORGXOAUTH2JWS-8749594 due to not being affected #830
OCPBUGS-47069: golang.org/x/net v0.33.0 #810
OCPBUGS-46487: Add AWS region to aws-pod-identity-webhook #801
OCPBUGS-45009: Add retry to ccoctl gcp create functions #791
OCPBUGS-45004: github.com/golang-jwt/jwt/v4 v4.5.1 #785
OCPBUGS-43647: Only attempt timed token credentials on supported platforms. #775
OCPBUGS-43339: Update github.com/sirupsen/logrus v1.9.3 #769
OCPBUGS-41236: List secrets in batches to avoid api timeout #755
OCPBUGS-38378: Update google.golang.org/grpc v1.65.0 #750
OCPBUGS-37823: GCP passthrough permissions check to ignore problematic permissions. #741
OCPBUGS-37062: Update cloud.google.com/go/storage v1.43.0 #742
OCPBUGS-37420: SNYK ignore go-client misreporting #739
OCPBUGS-37276: Update to azidentity v1.7.0 #732
OCPBUGS-36029: IBM/go-sdk-core update to v5.17.4 #721
OCPBUGS-36716: AWS STS should not error when a credentailsRequest does not have awsSTSIAMRoleARN #713
OCPBUGS-32899: Upgrade go-jose module to 2.6.3 #697
OCPBUGS-29156: Fix the ClusterOperator watch of the status controller #676
OCPBUGS-28231: Guard upgrading GCP from 4.14 to 4.15 without RoleAdmin permissions #670
OCPBUGS-29199: ccoctl - use proxy when validating CloudFront URL #678
OCPBUGS-27911: Resolve all outstanding snyk vulnerabilities #650
OCPBUGS-28382: Use cached clients to avoid client side throttling #666
OCPBUGS-27515: Write manifests when AWS IAM roles already exist. #659
OCPBUGS-26512: Use live client for metrics #647
OCPBUGS-25275: Azure Workload Identity info in CredsRequests creates a Secret #643
OCPBUGS-24346: Discover AWS dns suffix from partition and region. #635
OCPBUGS-23986: Use per-project custom roles instead of per-cluster custom roles #631
OCPBUGS-23426: Explicitly set the vsphere secret credential data on sync. #629
OCPBUGS-21388: Upgrade golang/x/net for CVE-2023-39325 #622
NO-ISSUE: Removing andrew from OWNERS #617
snyk: exclude vendor/ #615
OCPBUGS-22651: explicitly set azure oidc bucket to allow public blob access #612
OCPBUGS-21926: azure create-managed-identites to add cloud controller manager to network resource group #608
OCPBUGS-19865: Add networkResourceGroupName parameter for Azure #602
Full changelog

cloud-network-config-controller

OCPBUGS-34197: Avoid panic when looking up attachedOutboundRule.ID in azure #147
OCPBUGS-32112: Avoid nil pointer panic while assigning private IP on Azure #138
OCPBUGS-21785: Azure: skip backend pool if attached to an outbound rule #125
Full changelog

cluster-authentication-operator

OCPBUGS-28247: Remove “include.release.openshift.io/ibm-cloud-managed:” annotation #649
OCPBUGS-20705: go.mod: bump golang.org/x/net to v0.17.0 #637
Full changelog

cluster-autoscaler

OCPBUGS-45150: [release-4.14] VPA: Update OWNERS file #327
OCPBUGS-40925: update VPA golang.org/x/net for http rapid reset for CVE-2024-8421 #316
OCPBUGS-31621: add check for taint.value == nil #294
OCPBUGS-30628: Fix unstructured taint parsing in Cluster API provider #288
OCPBUGS-19697: UPSTREAM: 6066: Allow overriding the kubernetes.io/arch label set by the scale from zero methods via a new cmdline arg #263
Full changelog

cluster-autoscaler-operator

OCPBUGS-31976: Update x/net to v0.25.0 #322
OCPBUGS-25749: Add Snyk file to exclude vendor directory on scan #308
OCPBUGS-20789: Bump x/net package to v0.17.0 #298
OCPBUGS-20038: Ensure status reporter caches exit if they don’t sync #292
OCPBUGS-19496: cluster-autoscaler-operator: clusterrole add clusteroperators watch #288
OCPBUGS-19697: Provide the architecture of the control plane as argument to –scale-up-from-zero-default-arch #290
Full changelog

cluster-baremetal-operator

OCPBUGS-31977: bump x/net to 0.23.0 #438
OCPBUGS-22943: Add tls-cipher-suites to baremetal-kube-rbac-proxy #379
OCPBUGS-23392, OCPBUGS-23393: fix IRONIC_EXTERNAL_URL_V6 #384
Jira OCPBUGS-22208: Trigger reconcile if Secret openshift-config/pull-secret changes #376
OCPBUGS-20887: Uplift x/net to v0.17.0 #369
OCPBUGS-19545: Remove metrics port from baremetal-operator #366
OCPBUGS-18934: Guard against nil PlatformStatus #360
Full changelog

cluster-capi-controllers

OCPBUGS-21544: Bump golang.org/x/net to v0.17.0 #184
Full changelog

cluster-capi-operator

OCPBUGS-37974: fix: sort CredentialsRequest manifests after namespace #194
OCPBUGS-36369: Revert cluster-api-operator go.sum hash #184
OCPBUGS-35128: Bump x/crypto to v0.24.0 #177
OCPBUGS-35957: Fix gcp providers-list.yaml branch #178
OCPBUGS-22314: fix: add missing azure identity diff #136
OCPBUGS-21092: Bump golang.org/x/net to v0.17.0 #134
Full changelog

cluster-cloud-controller-manager-operator

OCPBUGS-34556: update azure and ash tolerations on node manager #347
OCPBUGS-26548: Adds CloudConfigTransformer for Azure #321
OCPBUGS-21189: Bump golang.org/x/net to v0.18.0 #295
OCPBUGS-20552: apply necessary RBAC for the alibaba cloud controller manager #289
OCPBUGS-19790: Additional permissions for internal load balancer on STS #288
OCPBUGS-19849: Set dual-stack IPFamilyPriority for vSphere #283
OCPBUGS-19790: Ensure subnets read permission for granular roles #282
Full changelog

cluster-config-operator

OCPBUGS-44095: Backport SDN live migration #425
OCPBUGS-28649: Add required PSa labels #403
NO-JIRA: add inert featuregate files to allow diff against later releases #398
OCPBUGS-21653: Update openshift/api package to latest version #371
: OCPBUGS-21286: bump library-go to include switch to HTTP/1.1 #369
OCPBUGS-20439: Remove Build CRD #363
OCPBUGS-16726: psa - move into tech preview for 4.14 #354
Full changelog

cluster-control-plane-machine-set-operator

OCPBUGS-48211: Add unreadyNodeGracePeriod for allowing brief node hiccups #340
CFE-1087: API Bump for capacity Reservation #319
OCPBUGS-35520: Wait for ControlPlaneMachineSet to be created when waiting for it to be updated #309
OCPBUGS-35338: Improved debugging of API listing errors #303
OCPBUGS-30014: Never delete a Machine when there’s a single Machine in an index #283
OCPBUGS-20566: webhooks: set min version TLS 1.2 + exclude weak ciphersuites #254
OCPBUGS-21384: Bump golang.org/x/net to v0.17.0 #256
OCPBUGS-20408: fix: e2e: add gcp custom type to test framework #247
Full changelog

cluster-csi-snapshot-controller-operator

OCPBUGS-31886: create suitable role and roleBinding for csi-snapshot-webhook #205
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #174
OCPBUGS-21477: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #167
OCPBUGS-18801: Move readonlyRootFilesystem to the right place - 4.14 #162
Full changelog

cluster-dns-operator

OCPBUGS-52500: [release-4.14] Add runbook_url for CoreDNSErrorsHigh #433
OCPBUGS-5943: Enable topology-aware hints iff nodes in >=2 zones #416
OCPBUGS-5943: Ignore max unavailable for status #400
OCPBUGS-21541: Bump golang.org/x/net/http2 to v0.17.0 for CVE-2023-39325 in cluster-dns-operator #389
Full changelog

cluster-etcd-operator

OCPBUGS-53507: fix CVE-2025-30204 #1405
OCPBUGS-34495: return errors in wait-for-ceo #1266
OCPBUGS-31392: remove etcd-health-probe log #1258
OCPBUGS-31972: update golang x net #1254
OCPBUGS-31428: CEO aliveness check should only detect deadlocks #1231
OCPBUGS-30067: fix panic in health check timeouts #1213
OCPBUGS-30012: Replace nodelister with master nodelister everywhere #1211
OCPBUGS-23571: Add annotation in the etcd-guard static pod for worklo… #1162
OCPBUGS-26214: fix device busy errors #1176
Revert “[release-4.14] OCPBUGS-21802: remove revision stability check from bootstrap complet…” #1168
OCPBUGS-22477: Remove z-upgrades from UpgradeBackupController #1140
OCPBUGS-21802: remove revision stability check from bootstrap complet… #1138
OCPBUGS-21175: fixing CVE-2023-39325 by updating dependencies #1142
OCPBUGS-19499: prioritize podman pull in etcdctl dl #1133
OCPBUGS-20245: relax readiness to local serializable requests #1135
OCPBUGS-19499: Avoid caching etcdctl on cluster-backup.sh #1120
OCPBUGS-19910: introduce backup removal controller #1127
OCPBUGS-19553: Update static pod manifests perms #1122
OCPBUGS-19002: restore the correct static pod list #1112
OCPBUGS-18781: prepend authfile to podman create #1106
And 1 elided commits (e.g. from squash or rebase merges)
Full changelog

cluster-image-registry-operator

OCPBUGS-53867: Bump github.com/golang-jwt/jwt #1229
OCPBUGS-53867: Bump github.com/golang-jwt/jwt #1224
OCPBUGS-51598: bump golang.org/x/oauth2 #1213
OCPBUGS-51312: ensure that storage names don’t end in dashes #1185
OCPBUGS-44048: fix proxy config and leader election test flakes #1153
OCPBUGS-44002: Continuous pull-secret updates / slow initialization on build01 (test platform infrastructure) #1152
OCPBUGS-42935: azureclient: stop validating credentials when creating the client #1137
OCPBUGS-39100: Avoid Shared Access Key usage for Azure Storage Account when using Managed Identity based auth #1114
OCPBUGS-36035: go.*,vendor: bump go-retryablehttp #1069
OCPBUGS-33147: azure-path-fix: get client secret from k8s secret #1058
OCPBUGS-34668: pkg/storage/s3: use force path style in favour of virtual hosted style config #1051
OCPBUGS-33409: azurepathfix: check if platform status is nil before accessing it #1033
OCPBUGS-32450: azure-path-fix: support auth via account key (without clientID) #1023
OCPBUGS-31857: bump aws-sdk-go from v1.44 to v1.50 #1018
OCPBUGS-28989: pkg/storage/s3: enable bucket key on encryption settings #995
OCPBUGS-29755: azurepathfix: fix stack hub, government and workload identity setup #1005
OCPBUGS-29604: move azure storage blobs from docker back into /docker #1001
OCPBUGS-22127: increase storage account key cache expiration #941
OCPBUGS-20710: mitigate effects of rapid reset #942
OCPBUGS-18794: check if response is nil before using it #917
Full changelog

cluster-ingress-operator

OCPBUGS-36467: Allow operator to update Route spec.subdomain #1101
OCPBUGS-36555: Implement connect timeout tuning option #1105
OCPBUGS-36461: Add Regexp Anchor to TestAll #1098
OCPBUGS-35399: Internal service changed: fix target port logic #1086
OCPBUGS-34973: TestHostNetworkPortBinding: Delete t.Parallel() #1077
OCPBUGS-34410: Don’t add clientca-configmap finalizer if deleting #1063
OCPBUGS-34407: Use centos7 tag for quay.io/centos7/httpd-24-centos7 image #1061
OCPBUGS-20800: Bump golang.org/x/net for CVE-2023-44487 #986
OCPBUGS-21898: test/e2e: Add test case for 2000000 maxConnections #984
Full changelog

cluster-kube-apiserver-operator

OCPBUGS-50662: Increase waitForFallbackDegradedConditionTimeout #1807
OCPBUGS-31354: add SNO control plane high cpu usage alert #1707
OCPBUGS-33930: add a controller that reconciles SCCs’ volumes #1681
OCPBUGS-31506: Add sno section to alert description #1658
OCPBUGS-31316: add provider name to cluster_infrastructure_provider when external platform #1657
OCPBUGS-29722: webhookcontroller: report when a webhook resource is missing a caBundle provided by the service-ca-operator #1650
OCPBUGS-29722: webhookcontroller: report when a webhook resource is missing a caBundle provided by the service-ca-operator #1646
OCPBUGS-25384: psa cluster fleet evaluation #1600
: OCPBUGS-24022: Add workload partitioning annotation #1590
: OCPBUGS-20898: bump library-go to include switch to HTTP/1.1 #1569
OCPBUGS-22718: [release-4.14] OCPBUGS-20331: manifests: rename API performance dashboard #1570
OCPBUGS-19553: Update static pod manifests perms #1556
OCPBUGS-19353: manifests: don’t include recording rules when Console capability is not enabled #1551
OCPBUGS-10362: revert dev cert rotation on 4.14 #1545
Full changelog

cluster-kube-cluster-api-operator

[release 4.14] OCPBUGS-20999: Bump golang.org/x/net to v0.17.0 #27
Full changelog

cluster-kube-controller-manager-operator

OCPBUGS-28247: Remove “include.release.openshift.io/ibm-cloud-managed:” annotation #791
OCPBUGS-27063: bump(library-go)=release-4.14 #787
OCPBUGS-21088: Bump deps to address CVE-2023-44487 [4.14] #764
OCPBUGS-21088: Bump deps to address CVE-2023-44487 #756
OCPBUGS-19553: Update static pod manifests perms #749
Full changelog

cluster-kube-scheduler-operator

OCPBUGS-27022: bump(library-go)=release-4.14 #527
OCPBUGS-21737: bump(k8s,openshift) to address CVE-2023-44487 #504
OCPBUGS-21737: Bump deps to address CVE-2023-44487 #501
OCPBUGS-19553: Update static pod manifests perms #495
Full changelog

cluster-kube-storage-version-migrator-operator

: OCPBUGS-21371: bump library-go to include switch to HTTP/1.1 #96
Full changelog

cluster-machine-approver

OCPBUGS-46057: Ensure trailing dots on DNS names do not block serving cert auth #259
OCPBUGS-46057: Client internal DNS checks should ignore trailing dot #255
OCPBUGS-44774: Client internal DNS checks should be case insensitive #246
OCPBUGS-28745: Increase concurrent reconciles to 10 #228
OCPBUGS-23150: Filter non node CSRs in metrics #209
OCPBUGS-21468: Bump x/net package to v0.17.0 #206
OCPBUGS-19305: Set logger for controller runtime #202
Full changelog

cluster-monitoring-operator

OCPBUGS-48368: Add new metrics for OpenShift logging telemetry #2556
OCPBUGS-44007: fix(monitoring-plugin): disable emitting nginx version on error pages #2520
OCPBUGS-43916: Add runbook url for TelemeterClientFail… #2510
OCPBUGS-43678: Remove temporary no more needed code #2496
OCPBUGS-42603: Exclude windows nodes from kubelet servicemonitor #2489
OCPBUGS-41916: filter alerts sent to Telemeter #2473
OCPBUGS-39176: Backport #2441 for 4.14 #2449
OCPBUGS-37468: Backport of PR #2384 #2433
OCPBUGS-36565: add runbook_url annotations #2407
OCPBUGS-37296: Making sure proxy settings are correctly forwarded in the generated remote write configs #2415
OCPBUGS-36416: inject trusted CA bundle into UWM Alertmanager #2402
OCPBUGS-34023: fix KRP permissions for Thanos Querier #2374
OCPBUGS-33585: fix Thanos ruler alert generator url #2345
OCPBUGS-28768: fix generation of telemeter token hash #2304
OCPBUGS-27471: prevent plugin entry assets from caching #2241
OCPBUGS-25800: Wait for 3 (instead of 2) consecutive failing reconcil… #2216
OCPBUGS-27418: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to 0.44.0 #2239
OCPBUGS-25799: Detect ipv4/ipv6 socket in pod ip for nginx conf #2215
OCPBUGS-25387: Add RHACM telemetry metric for 4.14 #2202
OCPBUGS-21473: Set the new –disable-http2 flag for prometheus-adapter to disable HTTP2 #2147
OCPBUGS-22917: jsonnet: pin commits #2143
OCPBUGS-22734: [release-4.14] add RHACS telemetry metrics #2137
OCPBUGS-21264: [release-4.14] fix: force HTTP/1.1 connections #2130
OCPBUGS-21264: upgrade golang.org/x/net to v0.17.0 #2121
OCPBUGS-19355: add topologySpreadConstraints to UWM prometheus operator #2087
OCPBUGS-19397: Enable ipv6 on monitoring-plugin nginx #2091
OCPBUGS-19361: Topology spread constraints admission webhook #2088
Full changelog

cluster-network-operator

OCPBUGS-51170: Use applyconfigurations for updating network.oprerator status #2660
OCPBUGS-48323: Pass transit_switch_subnet options in ovnkube-node pod for single-zone #2617
OCPBUGS-42754: Set mount propagation to HostToContainer for /var/lib/kubelet #2521
OCPBUGS-47320: Pass transit_switch_subnet options in ovnkube-node pod #2607
OCPBUGS-43821: manifests/02-cncc-credentials: Set skipServiceCheck for GCP #2546
OCPBUGS-39086: Fix wait logic for IPsec certificate signing request #2481
OCPBUGS-41508: Tighten the permissions on whereabouts.conf #2493
OCPBUGS-42021: Add proxy env vars to onvkube-node #2505
OCPBUGS-38440: [release-4.14] 4.14 subnet config #2473
OCPBUGS-37221: Ensure that the node-identity webhook address contains colons for IPv6 #2440
OCPBUGS-38073: Fix IC distributed control plane alerts #2463
OCPBUGS-37468: Backport ipsec state metric #2444
OCPBUGS-32706: Add conditions for ignored-namespaces #2380
OCPBUGS-36722: update whereabouts crd #2434
OCPBUGS-34885: [release-4.14] Fix 4.13->4.14 upgrade with ipsec enabled #2390
OCPBUGS-27925, OCPBUGS-30579: [release-4.14] tighten conditions for the state transitions in IC upgrade #2207
OCPBUGS-30021: Fully disable network-node-identity on ROKS #2315
OCPBUGS-31669: [release-4.14] ensure local networking deployments within hypershift use the client side load balancer to be resilient to control plane node failures #2311
OCPBUGS-31360: Remove egressip write permissions from ovn-kubernetes-node #2320
OCPBUGS-30021: [release-4.14] Disable network-node-identity on ROKS #2286
OCPBUGS-30100: ipsec: fix openssl typo #2287
OCPBUGS-29168: add env var in whereabouts-reconciler daemonset #2257
OCPBUGS-26573: Improve troubleshooting IC upgrades #2076
OCPBUGS-29033: network node identity: tolarate all taints #2248
OCPBUGS-18281: only 2 master nodes are required for ovn-kubernetes #2154
OCPBUGS-29300: Update ingressconfig_controller to use field Manager #2266
OCPBUGS-28608: fix whereabouts conformance test failures #2235
NO-JIRA: add kyrtapz as reviewer and approver for release 4.14 #2228
OCPBUGS-27858: [release-4.14] Add ConfigMap mount to the whereabouts-reconciler DaemonSet #2219
OCPBUGS-27013: HyperShift, network-node-identity: Check the deployment in the management cluster #2195
OCPBUGS-24326: adminpolicybasedexternalroutes CR accepts an invalid IP address #2196
OCPBUGS-24037: remove all managed fields used by old manager #2112
OCPBUGS-24320: Add apbroute/status patch rights for ovnkube-node to update status #2143
OCPBUGS-22787, OCPBUGS-22788, OCPBUGS-22789: ovnkube: container scripts cleanup #2090
OCPBUGS-23371: hypershift, hosted clusters: enable multi-homing and multi-net features #2117
OCPBUGS-21717: Bump golang.org/x/net and github.com/openshift/library-go #2122
OCPBUGS-24633: ipsec add pluto restart #2152
OCPBUGS-22363: Added HCP label to CNO pods #2081
OCPBUGS-22286: hypershift: adjust backoff on infrastructure name retry #2078
OCPBUGS-23011: Block upgrades to 4.15 with Kuryr #2096
OCPBUGS-23315: set automountServiceAccountToken to false for hypershift managed network-node-identity deploy #2107
OCPBUGS-19897: HyperShift: Use the local konnectivity proxy when checking proxy readiness #2043
OCPBUGS-20472: hosted cluster upgrade failure from 4.13 stable to 4.14 #2063
OCPBUGS-20254: [release-4.14] Revert Kuryr MTU fixes #2046
OCPBUGS-20184: [release-4.14]: Don’t run network node identity as root #2054
OCPBUGS-20064: Multus should determine kubeconfig path [backport 4.14] #2050
OCPBUGS-19955: get ipsecStatus from host daemonset #2045
OCPBUGS-19862: Multus per-node certificates should have 24h duration [backport 4.14] #2040
OCPBUGS-19523: use $CPE_NAME to find the OS major version #2017
OCPBUGS-19808: remove prestop hooks for northd, sbdbd and nbdb #2036
OCPBUGS-19747: [release-4.14] Use port 9108 for ovnkube-control-plane metrics #2033
OCPBUGS-19771: Relax conditions to get IC upgrade started #2035
OCPBUGS-19748: Fix config status MTU migration not being updated #2034
OCPBUGS-19725: Do not enable node admission webhook if the CNI is not OVN-Kubernetes #2032
OCPBUGS-19686: ipsec: remove preStop from host #2029
OCPBUGS-19627: Multus per-node certificate request [backport 4.14] #2023
OCPBUGS-19461: make ipsec.service required #2014
OCPBUGS-19649: Network node identity: node-specific certificate in ovnkube-node, admission webhook #2011
OCPBUGS-19623: multus: set MULTUS_NODE_NAME to filter pods to local node #2022
OCPBUGS-19481: separate libovsdblogs from main ovnkube-master #2008
OCPBUGS-18728: Kuryr: Set MTU on Bootstrap, not Render phase #1995
OCPBUGS-18871: ipsec: fix oopsy from 2e3fc8e7a0 #1997
OCPBUGS-18874: ovnkube: set northd backoff-interval and use a single thread to save CPU #1998
Full changelog

cluster-node-tuning-operator

e2e:performance: decode to valid kubeletconfig object (#1276) #1276
Fix context deadlines in ExecCommandOnPod() (#1272) #1272
OCPBUGS-44506: Drop sched_migration_cost_ns setting (#1215) #1215
OCPBUGS-44283: right-hand-side profile_dirs take precedence (#1210) #1210
OCPBUGS-42567: Add cluster-wide proxy env file (#1176) #1176
TuneD prior to kubelet in one-shot mode (#1137) #1137
OCPBUGS-37754: Remove tuned/rendered object (#1133) #1133
OCPBUGS-37734: Backport fix for OCPBUGS-36355 (#1126) #1126
OCPBUGS-33929: Negative net interface name does not reduce queues (#1074) #1074
Add a ‘.snyk’ to silence static code analysis warnings (#1002) #1002
OCPBUGS-30153: fix rendering extra ctrcfgs (#978) #978
fix extra-reboot on upgrade with paused mcp worker (#1053) #1053
OCPBUGS-31694: E2E: Workload hints test cases fixes (#1012) (#1052) #1012
Systemd processes not being moved to cpuset/systemd.slice fix (#1040) #1040
Reduce number of reboots in offline tests (#1035) #1035
OCPBUGS-30507: Add performance real time tuned template (#984) (#1025) #984
Report duplicate priority only for multiple matching profiles (#1018) #1018
Scheduler plugin: ignore IRQs (#1023) #1023
irqbalance: set banned cpus list to 0 (#994) #994
OCPBUGS-18640: [release-4.14][manual] backport performance profile owner reference ehnancements (#989) #989
rps: fail silently when rps application failed (#901) #901
OCPBUGS-25982: E2E: Add tests for Dynamic ovs pinning (#904) (#913) #904
OCPBUGS-26003: E2E: PPC Test cases (#905) #905
Make MC names deterministic (#903) #903
OCPBUGS-25671: rps: fix mask update for SR-IOV devices (#891) #891
OCPBUGS-18640: Fix Racing Machine Configs and add Day 0 Support (#854) (#871) #854
OCPBUGS-24638: Do not set default RPS sysctl twice (#880) #880
OCPBUGS-21845: rps: trigger udev event per queue #832 (#832) #832
OCPBUGS-21845: e2e:rps: improve logging (#831) #831
render: change dir path (#826) #826
Disable HTTP/2 for webhook and metrics servers (#841) #841
Remove obsolete protocols and weak ciphers (#835) #835
OCPBUGS-19459: check for object being nil (#805) #805
OCPBUGS-19821: e2e: perfprof: enhance the scheduling domain tests (#813) #813
nto: avoid timeout when there are too many CSV (#817) #817
Add kubeconfig path for IBM Managed OpenShift (#812) #812
OCPBUGS-18868: [release-4.14] e2e: add expected max latancy to hwlatdetec test & rename constant (#788) #788
Full changelog

cluster-olm-operator

OCPBUGS-25481: NO-ISSUE: Bump k8s.io/apiextensions-apiserver #41
OCPBUGS-22581: [release-4.14] OCPBUGS-24652: Bump k8s dependencies #38
OCPBUGS-21526: Bump golang.org/x/net to v0.17.0 #33
Full changelog

cluster-openshift-apiserver-operator

OCPBUGS-28247: Remove “include.release.openshift.io/ibm-cloud-managed:” annotation #570
: OCPBUGS-20724: bump library-go to include switch to HTTP/1.1 #554
Full changelog

cluster-openshift-controller-manager-operator

OCPBUGS-48841: Add new team members to the OWNERS file #380
OCPBUGS-33295: Update opentelemetry to mitigate CVE-2023-47108 #344
OCPBUGS-28951: Replace ‘coreydaley’ with ‘sayan-biswas’ in OWNERS file #328
OCPBUGS-23490: Remove blockage of ConfigObserver by build informer has synced flag #318
OCPBUGS-20818: bump(k8s,openshift) to address CVE-2023-44487 [4.14] #309
OCPBUGS-20439: Include Build CRD in manifests #307
OCPBUGS-18992: Always sort disabled controller list #303
OCPBUGS-18980: Disable BuildConfigChange controller when Build cap is disabled #301
Full changelog

cluster-platform-operators-manager

OCPBUGS-21759: switch to bingo for dependency management (and bump golangci-lint@v1.51.0) #98
OCPBUGS-21019: Bump golang.org/x/net to v0.17.0 #96
Full changelog

cluster-policy-controller

OCPBUGS-21122: bump(k8s,openshift) to address CVE-2023-44487 [4.14] #139
OCPBUGS-21122: Bump deps to address CVE-2023-44487 #134
Full changelog

cluster-samples-operator

OCPBUGS-55655: Adding mutex to func createSamples on handler.go #635
OCPBUGS-54537: add rhdmalone to owners #624
OCPBUGS-49421: add shannon and aroyoredhat as owners #598
OCPBUGS-21217: CVE-2023-39325 ose-cluster-samples-operator-container:golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) #539
OCPBUGS-22257: Sync library to remove invalid dockerhub references for OKD #520
Full changelog

cluster-storage-operator

OCPBUGS-33467: Fix problem-detector proxy setting #472
OCPBUGS-30054: Update AWSCSIDriverConfigSpec fields validation to accept all curren #462
OCPBUGS-28988: Allow vSphere CSI driver to be disabled #449
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #416
OCPBUGS-23210: [IBM ROKS] cluster-storage-operator does not set upgradeable=True #419
OCPBUGS-21300: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #405
Full changelog

cluster-update-keys

OCPBUGS-43628: keys: Update Red Hat keys to use SHA256 signatures #66
OCPBUGS-10126: Updating ose-agent-installer-orchestrator images to be consistent with ART #48
Full changelog

cluster-version-operator

OCPBUGS-50592: Set openshift.io/required-scc: privileged annotation in version pods #1151
OCPBUGS-45331: deps: bump golang.org/x/net to 0.31.0 #1120
OCPBUGS-44704: Fix desired before sync_worker’s work is initialized #1109
OCPBUGS-30878: install/0000_90_cluster-version-operator_02_servicemonitor: Drop $ from ${{ #1040
OCPBUGS-27822: Revert “[release-4.14] OCPBUGS-27175: clusterOperatorBuilder: Reconcile metadata on COs” #1028
OCPBUGS-27175: clusterOperatorBuilder: Reconcile metadata on COs #1021
OCPBUGS-27048: pkg/payload/precondition/clusterversion/rollback: Allow previous version within z-stream #1018
OCPBUGS-26207: pkg/cvo/availableupdates: Only bump LastAttempt on Cincinnati pulls #1016
OCPBUGS-20762: [4.14] Bump http-related deps #986
OCPBUGS-19921: pkg/clusterconditions/cache: Avoid panic on all-fresh-cache evaluation #976
OCPBUGS-19737: pkg/clusterconditions/promql: Warm cache with 1s delay #973
OCPBUGS-19465: Properly reconcile SCC resources #972
Full changelog

console

OCPBUGS-58274: Fix TypeError Cannot read properties of null (reading ‘metadata’) #15228
OCPBUGS-57099: Add all files to vendor regardless of gitignore #15135
OCPBUGS-55942: fix bug where operator appears twice #15033
OCPBUGS-55427: Add missing pipelines plugin name to known plugins #15005
OCPBUGS-39010: fix crash if helm chart metadata is nil #14198
OCPBUGS-53437: Show Observe section without PROMETHEUS and MONITORING flags #14892
OCPBUGS-54404: Update the monitoring topic used by the console team #14910
OCPBUGS-54167: fix run time error when no completed version exists #14899
OCPBUGS-51118: redirect to correct alert #14823
OCPBUGS-49753: ImagePullSecret getting duplicated when editing DeploymentConfig in Form View #14711
OCPBUGS-46603: Unable to remove finally tasks in pipeline builder mode #14642
OCPBUGS-33145: Fix “Auto deploy when new image is available” becomes unchecked when editing a deployment from web console #14370
OCPBUGS-45323: Use vCenterCluster value from CM as primary resource #14574
OCPBUGS-39368: Remove deprecated resources from spec of the Pipeline #14230
OCPBUGS-45283: Add IBM Block Storage CSI driver support for RWX #14569
OCPBUGS-44791: A value submitted in From view is wrapped with single quotation after switching to Yaml view. #14518
OCPBUGS-42962: Need to allow blank for Project/namespace when setting SA Subject in ‘Project access tab’ #14386
OCPBUGS-43000: List of default Camel K event sources disappears when adding a custom event source #14388
OCPBUGS-36558: Increase login flow state paramater length/entropy #14439
OCPBUGS-10337: Updating openshift-enterprise-console images to be consistent with ART #12760
OCPBUGS-42518: The filepath including leading slash makes error during parsing devfile using Gitlab #14342
OCPBUGS-42517: Values entered into the Instantiate Template form are automatically cleared #14341
OCPBUGS-42757: Switch to use annotations as labels from PipelineRuns created through Pipelines as Code is deprecated #14369
OCPBUGS-38883: Fix password set to Secret created through Start Pipeline form #14184
OCPBUGS-37353: Import from Git allow users to import an app with Build option Pipeline also when no Pipeline is available #14108
OCPBUGS-41836: DeploymentConfigs deprecation info alert should not present on the Edit deployment page #14281
OCPBUGS-39389: Edit the secret and add the Chinese in the web-console, garbled characters will be displayed #14231
OCPBUGS-41581: Increased max nodes limit to 200 in topology page #14262
OCPBUGS-38972: Redirects to new PipelineRun logs URL from old PipelineRun logs URL #14234
OCPBUGS-38053: fix BMH restart annotation #14109
OCPBUGS-33748: Fix Pipeline details page with when expression using CEL expression #13856
OCPBUGS-32499: Fixed some problems in topology Chinese translation text #13779
OCPBUGS-33942: make sure folder is encapsulated with quotas #13869
OCPBUGS-35723: Upgrade Pipeline trigger resources to v1beta1 #13985
OCPBUGS-33558: Display “With Data upload form” in Create PVC drop down once #13840
OCPBUGS-33064: Fix PipelineRun Logs tab navigation #13673
OCPBUGS-33321: Helm Plugin’s Catalog incorrectly renders a single index entry into multiple tiles #13824
OCPBUGS-33635: restrict Masthead logo to max-height to 60px #13847
OCPBUGS-33640: Add visual connector between VMs and non VMs workloads #13848
OCPBUGS-33462: fix issues with Edit Route form #13831
OCPBUGS-33110: change OperatorHub filter FIPS Mode to Designed for FIPS #13804
OCPBUGS-32697: Routes created by devfiles do not always use HTTPS #13787
OCPBUGS-21799: Fix empty editor error #13256
OCPBUGS-32168: fix bug where paused MCPs were incorrectly unpausing w… #13753
OCPBUGS-20173: Console should not panic when no response is retrieved for plugin assets #13217
OCPBUGS-31388: Application creation fail when manually entering input scaling value in local setup #13697
OCPBUGS-31394: PipelineRuns in Console show wrong status or load indefinitely #13698
OCPBUGS-31864: Fix config ini format #13738
OCPBUGS-25145: fix vCenter cluster being empty #13436
OCPBUGS-28746: fix bug where Expand PVC modal assumes pvc.spec.resou… #13558
OCPBUGS-29783: Fix operands list endpoint #13625
OCPBUGS-29813: Release 4.14 backports #13646
OCPBUGS-29813: Addition of optional chaining to prevent yaml crash #13541
OCPBUGS-25274: Add support for Azure Workload Identity / Federated Identity based in… #13642
OCPBUGS-28972: Add flags checks to hide Pipeline static plugin List and details pages #13572
OCPBUGS-27898: Add support for custom segment domains (to load JS and make API calls) #13540
OCPBUGS-29349: Error in displaying BuildRun logs in Console #13601
OCPBUGS-29100: Pipeline Name gets changed to “new-pipeline” on the Edit Pipeline YAML/Builder #13585
OCPBUGS-29239: Add a new allowInsecure option to the internet proxy #13592
OCPBUGS-28990: update check for the ‘provider’ label on the PackageMa… #13573
OCPBUGS-27157: add additional check to determine if file is binary #13507
OCPBUGS-28635: Bump graphql-go to v1.3.0 #13553
OCPBUGS-27305: Copy response code from proxied plugin requests #13517
OCPBUGS-27851: fix bug where Clone PVC modal assumes pvc.spec.resourc… #13537
OCPBUGS-27350: Add Pipeline metrics tab using plugin #13520
OCPBUGS-26171: Set unlimited line width in YAML editor #13482
OCPBUGS-24640: Strip ‘Server’ header from proxy response #13423
OCPBUGS-25997: change Alertmanager form to create using matchers inst… #13478
OCPBUGS-24349: Fix crash when ArtifactHub Task has no version #13399
OCPBUGS-25397: fix runtime error on Node details Overview when Machin… #13446
OCPBUGS-23771: Fix for yaml editor that crashes with MCE and ACM plugins enabled #13360
OCPBUGS-24667: Fix plugin proxy handler #13425
OCPBUGS-24474: S2I Build Wizard should check for Containerfile in addition to Dockerfile #13415
OCPBUGS-24432: fix filtering issues on Events #13413
OCPBUGS-24352: add access review for impersonate #13400
OCPBUGS-22240: Save also the location.search and .hash values in localStorage to restore them after login #13270
OCPBUGS-24293: ConsolePlugin metrics must no longer be grouped by the vendor #13391
OCPBUGS-24423: Searching for items in quick search is confusing #13412
OCPBUGS-22375: Delete results.tekton.dev annotations before rerun the pipelineRun #13278
OCPBUGS-22478: Extra space is in the translation text(Chinese) of ‘Create rolebinding’ and ‘replicate rolebinding’ #13290
OCPBUGS-24196: ApiVersion displayed on console is v1alpha1 whereas we support v1beta1 #13402
OCPBUGS-23423: Cannot Edit Shipwright Build #13343
OCPBUGS-22980: remove expandable toggle for conditional update risk d… #13308
OCPBUGS-22374: Telemetry- Current page was sometimes not tracked when reloading the current page #13277
OCPBUGS-22177: Channel page shows “Required” message for the default name when navigate to create channel page #13262
OCPBUGS-19371: Upgrade DomainMapping apiVersion to v1beta1 #13165
OCPBUGS-19416: Correct logout process #13173
OCPBUGS-22285: updating doc links for 4.14 GA #13273
OCPBUGS-19845: mock apis for git repo in test serverless function tests #13199
OCPBUGS-22460: Fix the forms when BC is not installed in the cluster #13288
OCPBUGS-21877: add support for new features annotations while preserv… #13258
OCPBUGS-22377: Fixed Edit Application form for Knative Services #13279
OCPBUGS-21784: hide page-specific doc links for ROSA and OSD #13254
OCPBUGS-19898: fix ResourceLog permissions when impersonating #13203
OCPBUGS-19899: change resource icon for FenceAgentRemediationTemplate… #13204
OCPBUGS-19878: show all the legends for Pipeline metrics in PipelineRun TaskRun Duration chart #13202
OCPBUGS-19776: 404 - not found will show on Knative-serving Details page #13193
OCPBUGS-19526: fetch TaskRuns without selector and reduces the get TaskRuns requests #13178
OCPBUGS-18997: fix issues with refactored “Create StorageClass” form #13170
OCPBUGS-19664: Check if filtered object contains name property #13187
OCPBUGS-19380: Hide the Builds NavItem if BuildConfig is not installed in the cluster #13167
OCPBUGS-19337: Unhide the Import From Git Tab on the Add page if Pipelines Operator is installed and BuildConfig is not installed in the cluster #13160
OCPBUGS-19336: Added React Icon #13159
OCPBUGS-18881: use active namespace in Create cta href of create action for operator backed #13150
OCPBUGS-19362: Hide the DeploymentConfig option in the User Preferences if that resource type isn’t available #13164
OCPBUGS-19338: Hide DeploymentConfig option from forms when it’s not installed in the cluster #13161
OCPBUGS-18987: Monitoring: Fix display of silenced alerts in dev console #13152
OCPBUGS-18727: bump @patternfly/react-core to v4.276.11 to pick up Sele… #13146
Full changelog

console-operator

OCPBUGS-31916: use InfrastructureTopology for clusters using external CP as the console deploys on the worker nodes #885
OCPBUGS-21029: Bump library-go and golang.org/x/net #850
OCPBUGS-23968: Disable route controller health check for NLB setup #817
OCPBUGS-24293: ConsolePlugin metrics must no longer be grouped by the vendor #820
OCPBUGS-22274: Disable HTTP/2 for webhook #803
OCPBUGS-20480: Reset console operator’s conditions #797
Full changelog

container-networking-plugins

OCPBUGS-56046: Check error returned by ipv6 SettleAddresses #193
OCPBUGS-46121: [4.14] cherry-pick containernetworking/plugins#997 #168
OCPBUGS-33066: macvlan enable ipv6 ndisc_notify #160
OCPBUGS-20374: build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 [backport 4.14] #129
Full changelog

coredns

OCPBUGS-58713: [release-4.14] Bump github.com/golang/glog to v1.2.4 #139
OCPBUGS-37467: UPSTREAM: 6354: openshift: key cache on Checking Disabled (CD) bit #126
OCPBUGS-28200: UPSTREAM: 6277: openshift: Fix OCPBUGS-28200 #114
OCPBUGS-21067: UPSTREAM: <carry>: openshift: address CVE-2023-39325 #100
OCPBUGS-19805: UPSTREAM: <carry>: openshift: Fix OCPBUGS-19805 #96
Full changelog

csi-driver-manila, openstack-cinder-csi-driver, openstack-cloud-controller-manager

OCPBUGS-58887: CARRY: don’t ignore json files #343
OCPBUGS-52413: Merge https://github.com/kubernetes/cloud-provider-openstack:release-1.27 into release-4.14 #315
update tags #2203
And 60 elided commits (e.g. from squash or rebase merges)
Full changelog

csi-driver-manila-operator

OCPBUGS-25657: Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #219
OCPBUGS-23443: Fix selector for manila-csi-driver-controller-metrics service #211
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #209
Full changelog

csi-driver-shared-resource, csi-driver-shared-resource-webhook

OCPBUGS-28952: Replace ‘coreydaley’ with ‘sayan-biswas’ in OWNERS file #167
OCPBUGS-25069, OCPBUGS-26309, OCPBUGS-26323: add snyk config file for SAST scan #163
OCPBUGS-23111: Should reference configmaps instead of secrets #152
OCPBUGS-20734: bump golang.org/x/net to v0.17.0 #146
Full changelog

csi-driver-shared-resource-operator

OCPBUGS-28957: Replace ‘coreydaley’ with ‘sayan-biswas’ in OWNERS file #103
OCPBUGS-26312: add snyk config file for SAST scank #97
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #91
OCPBUGS-20825: bump golang.org/x/net to v0.17.0 #86
Full changelog

csi-external-attacher

OCPBUGS-21177: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #60
Full changelog

csi-external-provisioner

OCPBUGS-35112: CVE-2023-48795: bump golang.org/x/crypto to v0.17.0 #99
OCPBUGS-20775: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #72
Full changelog

csi-external-resizer

OCPBUGS-20929: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #147
Full changelog

csi-external-snapshotter, csi-snapshot-controller, csi-snapshot-validation-webhook

OCPBUGS-29433: cherry-pick:release-4.14: OCPBUGS-29244 Update VolumeSnapshot and VolumeSnapshotContent using JSON patch #142
OCPBUGS-21032: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #109
Full changelog

csi-livenessprobe

OCPBUGS-20640: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #50
Full changelog

csi-node-driver-registrar

OCPBUGS-20697: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #52
Full changelog

docker-builder

OCPBUGS-58140: S2I build cpu limits observed by assemble are limited to 1 cpu #476
OCPBUGS-42915, OCPBUGS-43297: Bump buildah to 1.33.12 #447
OCPBUGS-43190: runc library bump to 1.1.12 #438
OCPBUGS-48495: skipping some unit tests to avoid failures as they are duplicate #430
OCPBUGS-48477: Add team members to the OWNERS file #429
BUILD-854: Add adambkaplan as approver #404
OCPBUGS-28949: Replace ‘coreydaley’ with ‘sayan-biswas’ #379
OCPBUGS-23006: Add -p flag to cp command to preserve timestamps #370
OCPBUGS-20726: [release-4.14] Bumping golang.org/x/net #362
OCPBUGS-20409: drop the Overlay setting from transient mounts #360
Full changelog

docker-registry

OCPBUGS-53651: bump jwt and oauth dependencies #434
OCPBUGS-31857: vendor: bump aws-sdk-go to support ca-west-1 #397
OCPBUGS-29604: vendor: bump distribution to fix azure storage path bug #394
OCPBUGS-22826: Allow ICSP IDMS coexisting #385
OCPBUGS-19379: increase rest.Config QPS and Burst #381
Full changelog

egress-router-cni

OCPBUGS-35143: update to go 1.19 and k8s.io mods to v0.27.4 #87
OCPBUGS-19850: Ensure that IP forwarding is enabled #78
Full changelog

etcd

OCPBUGS-32813: Revert “Merge pull request #261 from Elbehery/rebase-etcd-3.5.13-open… #265
OCPBUGS-31650: Rebase etcd 3.5.13 openshift 4.14 #261
OCPBUGS-28733: Rebase etcd 3.5.12 openshift 4.14 #244
OCPBUGS-24939: Rebase etcd 3.5.11 openshift 4.14 #235
OCPBUGS-22727: [4.14] Rebase openshift/etcd to 3.5.10 #226
OCPBUGS-21221: Carrying fixes for CVE-2023-44487 #222
OCPBUGS-18415: Updating ose-etcd images to be consistent with ART #208
Full changelog

gcp-cloud-controller-manager

OCPBUGS-21321: Bump golang.org/x/net to v0.18.0 #42
Full changelog

gcp-cluster-api-controllers

OCPBUGS-17290, OCPBUGS-21417: Bump golang.org/x/net to v0.17.0 #203
Full changelog

gcp-machine-controllers

OCPBUGS-56194: Disable shielded VMs for non-UEFI disks #118
OCPBUGS-20870: Bump x/net package to v0.17.0 #65
Full changelog

gcp-pd-csi-driver

OCPBUGS-20752: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #45
Full changelog

gcp-pd-csi-driver-operator

OCPBUGS-25657: Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #107
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #96
OCPBUGS-20847: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #87
Full changelog

haproxy-router

OCPBUGS-32634: Properly handle rewrite-target annotation #583
OCPBUGS-33797: Reject routes with MD5 certs #598
OCPBUGS-33389: Count active services before setting weight to 1 #592
OCPBUGS-30773: OCPBUGS 6958 backport to 4.14 #568
OCPBUGS-32437: Introduce ‘idle-close-on-response’ option for frontends #580
OCPBUGS-21134: Bump golang.org/x/net to v0.17.0 to address CVE-2023-39325 #530
OCPBUGS-21898: haproxy-template: Add ‘no strict-limits’ to address HAProxy 2.6 issue #528
Full changelog

hyperkube, pod

OCPBUGS-39413: Return from EnsureHostInPool on all NIC errors #2073
: OCPBUGS-38959: Upstream: 115702 kubelet: output log even file is rotated #2060
NO-JIRA: update downstream owners #2051
OCPBUGS-37623: Bump to Kubernetes v1.27.16 #2043
OCPBUGS-35553: Disable vulncheck #2010
OCPBUGS-35553: Bump k8s 1.27.15 #1992
OCPBUGS-33964: UPSTREAM: 123055: Fix race condition between resizer and kubelet #1973
UPSTREAM: <carry>: OCPBUGS-32473: fix cpu manager cpuset check #1951
OCPBUGS-33712: Bump to Kubernetes v1.27.14 #1970
OCPBUGS-33417: Provide SCC access via RBAC #1965
OCPBUGS-14373: Fix flaky HPA e2e tests by not failing on context cancelled (#117669) #1958
OCPBUGS-32580: allow override of NewVolumeManagerReconstruction #1956
OCPBUGS-32309: Bump K8s api to 1.27.13 #1950
OCPBUGS-29924: UPSTREAM: <carry>: openshift-kube-apiserver: add kube-apiserver patches #1898
OCPBUGS-31504: Bump to 1.27.12 #1927
OCPBUGS-31741: 4.14: UPSTREAM: 124048: Use the right feature gate when updating uncertain volumes #1936
Address CVE #12
OCPBUGS-30964: Set up CEL IP/CIDR library from 4.14 onwards #1913
OCPBUGS-29662: Update to kubernetes 1.27.11 #1890
OCPBUGS-27347: UPSTREAM: <carry>: Update management webhook pod admission logic #1855
OCPBUGS-27369: Update to kubernetes 1.27.10 #1860
OCPBUGS-25813: Fix uncertain device in 4.14 #1830
UPSTREAM: 117349: OCPBUGS-19431: Bump lumberjack.v2 v2.0.0 -> v2.2.1 #1552
OCPBUGS-26006: Update to Kubernetes 1.27.9 #1838
OCPBUGS-23566: followup to #1808 #1813
OCPBUGS-23566: Update to kubernetes 1.27.8 #1808
OCPBUGS-23286: UPSTREAM: 121881: Use golang library instead of mklink #1801
OCPBUGS-22861: UPSTREAM: <carry>: support for both icsp and idms objects #1780
openshift-hack: Fix sporadic 141 errors in build-rpms #1772
OCPBUGS-20380: [release-4.14] UPSTREAM: 121127: [1.27][CVE-2023-39325] .: bump golang.org/x/net to v0.17.0 #1758
OCPBUGS-18249: <carry>: Export cpu stats of ovs.slice via prometheus #1699
OCPBUGS-20115: Do not allow nodes to set forbidden openshift labels #1736
Update builder & base hyperkube image to RHEL 9 #1727
OCPBUGS-19401: UPSTREAM: <carry>: vendor: bump cadvisor and runc to 1.1.9 #1713
OCPBUGS-19952: UPSTREAM: <carry>: kubelet/cm: use MkdirAll when creating cpuset to ignore file exists error #1728
OCPBUGS-15531: UPSTREAM: 120786: change rolling update logic to exclude sunsetting nodes #1717
OCPBUGS-18285, OCPBUGS-19479: Update to Kubernetes 1.27.6 #1709
OCPBUGS-18724: cm: reorder setting of sched_load_balance for sandbox slice #1693
Full changelog

hypershift

OCPBUGS-57321: Add validation to avoid conflicts between KubeAPIServer and NamedCertificates SANs #6231 #6252
OCPBUGS-55936: [release-4.14] Add konnectivity-proxy sidecar to openshift-oauth… #6129
CNTRLPLANE-921: Konflux build pipeline service account migration #6080
CNTRLPLANE-921: Konflux build pipeline service account migration #6085
OCPBUGS-51802: Fix golang crypto dependency go.mod replacement #5996
OCPBUGS-53899: bump golang-jwt v4 #5909
OCPBUGS-53433: Prevent IgnitionServer from flooding the API server with patch requests #5878
OCPBUGS-51731, OCPBUGS-51802: Bump dependencies to OCP fork in backports #5899
Red Hat Konflux update control-plane-operator-4-14 #5953
ART-11792: update go mod dependency for konflux #5921
OCPBUGS-53314: Fix IsIPv4 function identifying also addresses instead of CIDRs #5867
OCPBUGS-45559: Add Network Policies for Konnectivity server and Ignition server proxy #5816
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.6.6 #5730
NO-JIRA: chore(deps): update dependency mkdocs-material to v9.6.6 #5725
chore(deps): update dependency mkdocs-mermaid2-plugin to v0.6.0 #5687
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.6.5 #5681
NO-JIRA: chore(deps): update dependency mkdocs-material to v9 #5688
OCPBUGS-50700: add region to AWS creds passed to operators managed by CPO #5668
NO-JIRA: Red Hat Konflux update control-plane-operator-4-14 #5339
OCPBUGS-47630: Separate CPO containerfiles #5619
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.6.4 #5538
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.6.1 #5537
OCPBUGS-49405: add ValidIDPConfiguration condition to report IDP config issues #5520
NO-JIRA: chore: update konflux references & bump up go version to 1.20 #5517
NO-JIRA: Update squidfunk/mkdocs-material Docker tag to v9.5.50 (release-4.14) #5444
NO-JIRA: Update dependency mkdocs-material to v8.5.11 (release-4.14) #5430
NO-JIRA: [release-4.14] Bump golang.org/x/crypto and golang.org/x/net #5372
NO-JIRA: Update dependency mkdocs-glightbox to v0.4.0 (release-4.14) #5331
NO-JIRA: Update dependency mkdocs to v1.6.1 (release-4.14) #5330
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.49 (release-4.14) - abandoned #5308
OCPBUGS-44279: Configure OAuth https proxy to dial cloud endpoints directly #5067
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.45 (release-4.14) #5162
NO-JIRA: chore(deps): update konflux references (release-4.14) #5145
NO-JIRA: chore(deps): update konflux references (release-4.14) #5121
NO-JIRA: chore(deps): update registry.access.redhat.com/ubi9-minimal docker tag to v9.5-1731518200 (release-4.14) #5105
NO-JIRA: Update Konflux references (release-4.14) #5100
chore(deps): update konflux references (release-4.14) #5076
NO-JIRA: chore(deps): update konflux references (release-4.14) #5055
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.44 (release-4.14) #5056
NO-JIRA: Update Konflux references to fedcfe0 (release-4.14) #5043
chore(deps): update konflux references (release-4.14) #5026
chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.43 (release-4.14) #5021
chore(deps): update konflux references to f53fe54 (release-4.14) #5020
NO-JIRA: Update Konflux references (release-4.14) #5011
OCPBUGS-41701: cmd: report server version, supported OCP #4718
NO-JIRA: chore(deps): update konflux references (release-4.14) #4975
OCPBUGS-43688: Use guest DNS resolution in Konnectivity HTTPS proxy by default #4964
chore(deps): update konflux references (release-4.14) #4953
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.42 (release-4.14) #4948
OCPBUGS-43368: Let payload generation pick the release for the NodePool #4913
NO-JIRA: chore(deps): update konflux references (release-4.14) #4934
NO-JIRA: chore(deps): update konflux references to 66f551f (release-4.14) #4924
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.41 (release-4.14) #4917
NO-JIRA: chore(deps): update konflux references to 674e70f (release-4.14) #4910
NO-JIRA: chore(deps): update konflux references (release-4.14) #4898
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.40 (release-4.14) #4879
NO-JIRA: chore(deps): update konflux references to 37b9187 (release-4.14 #4851
OCPBUGS-42533: enable audit log for oauth-openshift #4822
chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v1.21.13 (release-4.14) #4794
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.39 (release-4.14) #4828
NO-JIRA: chore(deps): update konflux references (release-4.14) #4813
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.38 (release-4.14) #4805
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9 (release-4.14) #4788
chore(deps): update registry.access.redhat.com/ubi9-minimal docker tag to v9.4-1227.1726694542 (release-4.14) #4758
chore(deps): update squidfunk/mkdocs-material docker tag to v8.5.11 (release-4.14) #4784
OCPBUGS-41374: CPO oauth idp converter: resolve names before dialing #4763
NO-JIRA: chore(deps): update konflux references to 5ac9b24 (release-4.14) #4783
chore(deps): update konflux references to 2c3426a (release-4.14) #4773
NO-JIRA: chore(deps): update konflux references (release-4.14) #4757
OCPBUGS-42221: Make guest cluster components use the correct KAS port #4753
OCPBUGS-38060: Add HTTP konnectivity proxy to OAuth server #4498
OCPBUGS-38066: [release-4.14] Use HTTP proxy for ingress controller #4724
NO-JIRA: Security fixes for openshift-ci-security job #4752
OCPBUGS-42184: copy image-registry AdditionalTrustedCA configmap into HC openshift-config #4747
OCPBUGS-41506: fix: bump google.golang.org/protobuf #4687
HOSTEDCP-1957: bump go-jose version #4698
OCPBUGS-39378: Set KCM node monitor grace period #4659
chore(deps): update konflux references (release-4.14) #4683
OCPBUGS-39183: fix: bump github.com/IBM/go-sdk-core/v5 #4626
NO-JIRA: Add PodDisruptionBudget for router deployment #4692
NO-JIRA: Revert “Merge pull request #4661 from jparrill/bp-4.14/OCPBUGS-24308” #4667
NO-JIRA: PDB backports #4661
NO-JIRA: Konflux migration 4.14 #4648
OCPBUGS-39230: set proxy envvars on aws CCM #4638
OCPBUGS-38791: Let the CPO oidc check resolve through data plane #4617
NO-JIRA: Flaky cert validation test #4633
HOSTEDCP-1897: [release-4.14] Allow setting Kube APIServer maximum requests in flight #4553
OCPBUGS-37076: Fixed audit-logs sigterm failing to terminate gracefully #4369
OCPBUGS-38624: remove weak ciphers from security profile #4575
OCPBUGS-37173: Add newline after TLS certs referenced by image.config #4471
OCPBUGS-37172: OCPBUGS-35899: Doubled machineHealthCheck timeout on Agent and None #4490
OCPBUGS-36944: [release-4.14] Add HTTP(s) konnectivity proxy and use it with OpenShift APIServer #4360
HOSTEDCP-1795, HOSTEDCP-1796: Customize the self-generated cert validity and rotation #4473
OCPBUGS-37175: Delete IDMS in dataplane once HCP ICS field is removed #4472
NO-JIRA: Konflux mce-2.4 pipeline fixes #4464
NO-JIRA: [release-4.14] OCPBUGS-36297: kubevirt-csi-driver: Pass infra kubeconfig in case of external infra #4288
NO-JIRA: [release-4.14] test/e2e: remove api budget checks #4438
NO-JIRA: chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v1.21.11-2 (release-4.14) - abandoned #4363
NO-JIRA: Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.21.10-1.1719562237 (release-4.14) - abandoned #4326
NO-JIRA: Update registry.access.redhat.com/ubi9-minimal Docker tag to v9.4-1134 (release-4.14) - abandoned #4325
OCPBUGS-36518: Run haproxy to connect to kas from data plane if noproxy settings contain kas #4315
OCPBUGS-36159: Generate default worker security group rules based on machineCIDR #4270
OCPBUGS-35549: Restrict image registry overrides to control plane component #4223
OCPBUGS-35365: fix router on 4.14 y-stream upgrade #4205
NO-JIRA: chore(deps): update konflux references (release-4.14) #4257
OCPBUGS-35401: Fix disconnected metadata inspection for nodepool #4208
OCPBUGS-35482: Add TrustedBundles to OAS container #4216
OCPBUGS-35290: [release-4.14] Backport etcd defrag #4189
NO-JIRA: chore(deps): update konflux references (release-4.14) #4248
OCPBUGS-35183: add AWS STS URL to OIDC provider audiences #4179
NO-JIRA: hack: make the e2e script generic #4201
chore(deps): update konflux references to 2be7c9c (release-4.14) #4225
NO-JIRA: Update Konflux references to 1025001 (release-4.14) #4181
NO-JIRA: chore(deps): update konflux references (release-4.14) #4168
OCPBUGS-34856: [release-4.14] OCPBUGS-34855: Add new permission required in CAPA #4149
NO-JIRA: test/e2e: fix prometheus serviceaccount handling against 4.16+ #4159
NO-JIRA: chore(deps): update rhtap references (release-4.14) #4112
NO-JIRA: chore(deps): update rhtap references to 9aec3ae (release-4.14) #4073
NO-JIRA: Remove CLI inspection of release image #4061
OCPBUGS-33713: Reconcile over ICSP/IDMS #4059
NO-JIRA: chore(deps): update rhtap references to 7cd8020 (release-4.14) #4065
OCPBUGS-33844: Fix disconnected metadata inspection #4049
OCPBUGS-33843: Recycler-pod image now points to the OCP Payload reference #4048
NO-JIRA: chore(deps): update rhtap references (release-4.14) #4040
HOSTEDCP-1480: Update TLS cert hash creation with sha512 #4025
NO-JIRA: Update RHTAP references (release-4.14) #3995
HOSTEDCP-1552: Update RHTAP tekton files for 0.3 -> 0.4 migration #3958
OCPBUGS-33105: [release-4.14] remove PrivateIngressController cleanup #3960
OCPBUGS-32471: Fix ICSP and IDMS inclusion as registriesOverrides #3912
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3920
OCPBUGS-32221: Added support for OLM Disable default sources on HC creation #3882
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3903
NO-JIRA: [4.14] [e2e test framework] Add a flag to add an annotation to Hosted Cluster #3905
HOSTEDCP-1526: [release-4.14] Support additional node selectors for request serving nodes #3898
chore(deps): update rhtap references (release-4.14) #3888
NO-JIRA: Update RHTAP references (release-4.14) #3874
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3869
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3858
NO-JIRA: Update RHTAP references (release-4.14) #3836
OCPBUGS-31657: disable http2 for ignition server and proxy #3831
OCPBUGS-31605: inject built-in MCP selector for KubeletConfigs and ContainerRuntimeConfigs #3826
HOSTEDCP-1322: NodeUpgradeType defaulted by provider #3822
NO-JIRA: Update RHTAP references (release-4.14) #3813
OCPBUGS-31417: honor HC image configuration #3806
OCPBUGS-23914: Added OLMCatalogPlacement option to the CLI #3229
OCPBUGS-30211: set Konnectivity cipher suites #3679
chore(deps): update rhtap references (release-4.14) #3792
OCPBUGS-31048: [4.15] HCP deletion can get stuck if CPO is unable to delete the default worker security group #3771
HOSTEDCP-1488: Use regionalized STS endpoints in AWS #3756
NO-JIRA: Update RHTAP references (release-4.14) #3755
chore(deps): update rhtap references (release-4.14) #3739
OCPBUGS-30596: Bump golang.org/x/net to version v0.17.0 #3711
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3706
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3676
NO-JIRA: Update RHTAP references (release-4.14) #3672
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3651
OCPBUGS-29782: use 2040 for apiserver svc in IBM provider #3594
”[release-4.14] OCPBUGS-29259: Fix default release image lookup” #3550
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3620
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3625
OCPBUGS-29094: Make ControllerAvailabilityPolicy immutable #3534
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3604
NO-JIRA: Update RHTAP references (release-4.14) #3591
NO-JIRA: Update RHTAP references (release-4.14) #3519
NO-JIRA: Approvers update #3580
MULTIARCH-4084: Reduce the policy access scope to specific instance #3530
OCPBUGS-29206: Add GC knobs for KAS #3543
OCPBUGS-29187: node spread anti-affinity for HA HCP #3541
OCPBUGS-19956, OCPBUGS-28984, OCPBUGS-28985, OCPBUGS-28986, OCPBUGS-29000: Support Disconnected HCP #3520
OCPBUGS-29030: Add ValidatingAdmissionPolicy to KAS config #3524
HOSTEDCP-1272: Added CLI support to create DualStack clusters using default values #3514
OCPBUGS-28238: consider HCP upgradeable if CVO has no upgradable condition #3468
OCPBUGS-26526: Documented to disable UWM telemetry writer in disconnected envs #3389
OCPBUGS-26526: Disable UWM Telemetry writer when telemeter-client cm not exists #3388
OCPBUGS-27072: Apply Scheduling Configuration for kCCM #3418
NO-JIRA: Update RHTAP references (release-4.14) #3509
OCPBUGS-20180, OCPBUGS-20547: Added network validations #3096
OCPBUGS-23997: add watch for HCP pullsecret to HCCO #3265
OCPBUGS-28249: Required RBAC for network-node-identity is not created when hosted cluster networkType is set to Other. #3485
NO-JIRA: Update RHTAP references (release-4.14) #3447
OCPBUGS-24315: Add prestop to konnectiviy server #3268
OCPBUGS-24307: Set shutdown-delay-duration to 15s #3264
OCPBUGS-21795: change trusted bundle volume mount for CPO #3102
OCPBUGS-25217: Konnectivity agent update strategy #3308
OCPBUGS-26574: Set new condition on SG deletion. #3398
Update RHTAP references (release-4.14) #3402
Update RHTAP references (release-4.14) #3383
OCPBUGS-22360: Validate accessTokenInactivityTimeout >= 300s #3175
OCPBUGS-23936: Use correct kubeconfig in CCM and remove CCMs access t… #3232
OCPBUGS-12720: Updating hypershift images to be consistent with ART #2467
OCPBUGS-24627: unset ServiceAccount on ignition-server-proxy #3295
[Release 4.14] OCPBUGS-24556: Fix a bug on deletion of a hostedcluster #3290
OCPBUGS-24269: add CLI oauthclient #3272
OCPBUGS-23569: Added IPFamilyPolicy to services exposed at the HCP in DualStack mode #3224
HOSTEDCP-1318: external OIDC enablement #3261
OCPBUGS-23747: Added brackets to IPv6 KAS address on kubeconfig #3228
OCPBUGS-24063: fix(cpo): Set restart annotation on network-node-identity #3248
release-4.14, HOSTEDCP-1315: Improve NodePool CPU arch & platform check #3236
OCPBUGS-22676: Make the OLMCatalogPlacement field immutable #3143
OCPBUGS-23558: Let router use svc ips 4.14 #3221
OCPBUGS-19678: Remove cluster name validation from HCC #3040
”[release-4.14] CNV-35326: unsupported escape hatch mechanism custom HS/KV vms” #3202
OCPBUGS-23027: Configure HSTS for kube-apiserver #3169
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3085
OCPBUGS-23142: adding permission to CNO RBAC Calico path for network-node-identity deploy #3182
OCPBUGS-22295: Added brackets to the kubeconfig server address when IPv6 #3117
OCPBUGS-22690: Use the same etcd snapshot for all replicas during etcd restore #3146
OCPBUGS-22959: Update regex validation for nodepool.spec.taints.value #3165
HOSTEDCP-1280: Adjustment cluster-cidr,service-cidr to support dualstack #3162
OCPBUGS-22898: Stop exposing kas on 6443 private route service load balancer #3159
OCPBUGS-22898: Stop defaulting aws private haproxy external port to 6443 #3160
OCPBUGS-19897: Add konnectivity-proxy container to CNO #3058
OCPBUGS-22379: Cluster-policy-controller: add missing RBAC for privileged namespaces PSA syncer controller #3131
OCPBUGS-20526: Align PSA labels on guest cluster namespaces with standalone OCP #3111
OCPBUGS-21869: Remove EnsurePSANotPrivileged #3107
OCPBUGS-21822: Add ign proxy label selector for LabelTopologyZone PodAntiAffinity #3105
OCPBUGS-21587: change required pod anti-affinity rule to preferred rule #3098
OCPBUGS-19794: Upgrade Agent APIs to v1beta1 #3059
OCPBUGS-19797: reconcile Authentication global config #3053
OCPBUGS-19794: Upgrade agent APIs to v1beta1 #3051
OCPBUGS-20249: Set KAS config pod security Enforce to privileged #3083
OCPBUGS-20163: Report correct port when API exposed via route #3078
OCPBUGS-19796: set accesstoken-inactivity-timeout flag to openshift-oauth-apiserver #3052
Update RHTAP references (release-4.14) #3060
Migrate deprecated-base-image-check pipeline #3057
chore(deps): update rhtap references (release-4.14) #2752
Update kubevirt csi driver deployment with proper timeouts #3046
OCPBUGS-19463: set default deploymentconfig params on AWS CCM #3029
ACM-7278: Remove marking pull secret as required in hcp cli #3023
OCPBUGS-18978: add KAS endpoints to Except in router egress rule #3010
CNV-31919: Validate KubeVirt platform required versioning #3026
OCPBUGS-19063: amend OLM catalogs ImageStream according to annotation #3016
enable CGO_ENABLED for building FIPS compliant images #3006
OCPBUGS-18828: tuned DS should not use controlPlaneReleaseImage #3005
Red Hat Trusted App Pipeline update hypershift-release-414 #2639
Full changelog

ibm-cloud-controller-manager

OCPBUGS-23861: Bump otelgrpc to v0.49.0 #73
OCPBUGS-24665: Add Snyk file to exclude vendor directory on scan #65
OCPBUGS-21149: Bump golang.org/x/net to v0.18.0 #55
Full changelog

ibm-vpc-block-csi-driver

OCPBUGS-58738: bump github.com/golang/glog to v1.2.4 #109
OCPBUGS-56065: tech debt: rework vendor patches #93
OCPBUGS-53907: bump github.com/golang-jwt/jwt/v4 to v4.5.2 #86
OCPBUGS-36065: CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 #73
OCPBUGS-21246: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #50
OCPBUGS-18142: [IBM VPC] failed provisioning volume in proxy cluster #46
Full changelog

ibm-vpc-block-csi-driver-operator

OCPBUGS-59791: [IBM VPC] set offlineExpansion to false in e2e test manifest #151
OCPBUGS-36071: CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 #122
OCPBUGS-25657: Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #104
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #91
OCPBUGS-21339: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #81
Full changelog

ibm-vpc-node-label-updater

OCPBUGS-56065: tech debt: rework vendor patches #50
OCPBUGS-53539: bump github.com/golang-jwt/jwt/v4 to v4.5.2 #46
OCPBUGS-36011: CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 #42
OCPBUGS-21451: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #27
Full changelog

ibmcloud-cluster-api-controllers

OCPBUGS-36077: UPSTREAM: <carry>: Fix go-retryablehttp CVE - 4.14 #88
OCPBUGS-27279: Add Snyk file to exclude vendor directory on scan #76
OCPBUGS-21436: Bump golang.org/x/net to v0.18.0 #63
Full changelog

ibmcloud-machine-controllers

OCPBUGS-36083: Bump dependency for CVE #57
Full changelog

insights-operator

Ignore previous status when disabling alerts (#1059) #1059
OCPBUGS-45044: insightsoperator.operator.openshift.io resource is create-only (#1058) #1058
Add haproxy metric (#999) #999
Add missing permission for GatherClusterIngressCertificates (#984) #984
OCPBUGS-37673: Ingress controller related certificates’ validate dates gathering (#976) #976
OCPBUGS-36475: properly encode the URL for the advisor links (#962) #962
OCPBUGS-36380: Collect aggregated Prometheus Alertmanager instances (#960) #960
OCPBUGS-33193: anonymization - externalIP can be nil (#931) (#933) #931
OCPBUGS-31975: bump golang.org/x/net version (#926) #926
OCPBUGS-32343: fix error message when the data processing was not successful (#833) (#928) #833
Add linting recommendations (#904) #904
gather etcd_server_slow metrics (#902) #902
OCPBUGS-23962: adds helm information gather (#868) (#877) #868
OCPBUGS-23445: DVO gatherer - add retry logic (#861) (#870) #861
OCPBUGS-22958: adds cluster storageclasses gather (#858) (#865) #858
OCPBUGS-21859: remove username & password config options (#843) #843
OCPBGUS-20767: update dependencies (#837) #837
OCPBUGS-20590: gather APIServer.config.openshift.io resource (#839) #839
OCPBUGS-20034: improve on-demand data gathering timing issues (#835) #835
OCPBUGS-19387: mark datagather job as failed if the data was not processed (#830) #830
OCPBUGS-19476: update Insights report config logging (#826) #826
Full changelog

ironic

OCPBUGS-48147, OCPBUGS-48594: Bump jinja2 to 3.0.1-6.el9.2 #625
OCPBUGS-43954, OCPBUGS-43962: Bump python-waitress [4.14] #607
OCPBUGS-39019: Bump ironic-lib to fix utf8 decoding issue #571
OCPBUGS-32266: redfish-virtualmedia fails on XFusion nodes #548
OCPBUGS-37762, OCPBUGS-39382: Include fixes for CVE-2024-44082 #584
OCPBUGS-38508: set min version for python3-webob #555
OCPBUGS-33375: bump werkzeug #537
OCPBUGS-37410: bump jinja2 #530
OCPBUGS-37115: Update eventlet version #524
Bug OCPBUGS-34657: Disable installation of .pyc files through pip #512
METAL-1004: Update ironic-lib to latest release-4.14 commit #492
OCPBUGS-32364: [4.14] remove unused prometheus-exporter #487
OCPBUGS-32169: [4.14] Add hybrid configuration for cachito #482
OCPBUGS-32388: Use unix sockets by default for reverse proxy communication #475
OCPBUGS-32169: [4.14] Add requirements placeholders for cachito #469
OCPBUGS-27773: Update inspector package to fix LLDP unicode error #452
OCPBUGS-27193: Fix Inspector iPXE config for IPv6 addresses #448
OCPBUGS-19884: update Ironic to include secure boot fixes #445
OCPBUGS-23903: Ironic side of external_http_url (METAL-163) is not wired in correctly #429
OCPBUGS-23505: Uplift eventlet version #426
OCPBUGS-23354: Upgrade markupsafe and werkzeug dependencies #421
OCPBUGS-14926: Handle Eject DVD 4.14 #415
OCPBUGS-22253: Use bash process substitution instead of pipe #411
OCPBUGS-19884: update Ironic to include secure boot fixes #404
OCPBUGS-19333: update ironic to include SQLite fixes #402
OCPBUGS-19083: Switch from current-tripleo to puppet-passed-ci #399
Full changelog

ironic-agent

OCPBUGS-39019: Bump ironic-lib to fix utf8 decoding issue #158
OCPBUGS-39382: Include fixes for CVE-2024-44082 #163
OCPBUGS-33375: set webob and bump werkzeug #151
OCPBUGS-33452: update ironic-lib with latest fixes #133
METAL-1004: Update ironic-lib to latest release-4.14 commit #130
OCPBUGS-32170: [4.14] Add hybrid configuration for cachito #127
OCPBUGS-32170: [4.14] Add placeholders for cachito #124
OCPBUGS-29454: Always add ignition to set hostname on /etc/hostname #109
OCPBUGS-28554: Update to latest ironic-python-agent for bugfixes #107
OCPBUGS-25685: Relax packages requirements #103
OCPBUGS-23751: Update packages with latest fixes #96
Full changelog

ironic-static-ip-manager

OCPBUGS-49890: Fix subnet validation #50
Full changelog

k8s-prometheus-adapter

OCPBUGS-21473: Add a toggle to disable HTTP/2 on the server to mitigate CVE-2023-44487 #89
OCPBUGS-21473: upgrade golang.org/x/net to 0.17.0 to address CVE-2023… #81
OCPBUGS-20250: limit number of simultaneous client requests #77
Full changelog

keepalived-ipfailover

OCPBUGS-30414: update unit tests in egress/dns-proxy #173
Full changelog

kube-proxy, sdn

OCPBUGS-54991: Handle openshift-host-network namespace as special when it modifies #655
OCPBUGS-46536: Bump openvswitch #647
[Release 4.14] OCPBUGS-43484: NP-1092: backport SDN live migration #631
OCPBUGS-20790: update x/net to v0.17.0 #587
OCPBUGS-19558: Collect pod operation latency metrics properly #577
Full changelog

kube-rbac-proxy

OCPBUGS-31971: bump golang.org/x/net [4.14] #108
OCPBUGS-20717: http2: trim connetions and buffers, v4.14 #81
OCPBUGS-20717: go.mod: bump golang.org/x/net to v0.17.0 #75
Full changelog

kube-state-metrics

OCPBUGS-20794: bump x/net to v0.17.0 #101
Full changelog

kube-storage-version-migrator

NO-JIRA: Add DOWNSTREAM_OWNERS (release 4-14). #229
Full changelog

kubevirt-cloud-controller-manager

OCPBUGS-23866: deps, bump opentelemetry #38
OCPBUGS-21174: Bump golang.org/x/net to v0.18.0 #37
OCPBUGS-30861: Bump golang.org/x/net to v0.18.0 #36
OCPBUGS-19020: Auto sync upstream 2023 09 15 20 36 #26
Full changelog

kubevirt-csi-driver

“OCPBUGS-29792: [release-4.14] Address CVE-2024-1725: Restrict access to infrastructure PVCs by requiring matching infraClusterLabels on tenant PVCs” #34
OCPBUGS-19730: Ensure volume is removed before returning success (https://github.com/kubevirt/csi-driver/pull/90) #25
Full changelog

libvirt-machine-controllers

OCPBUGS-19926: [release-4.14] Don’t force use of virtio console #269
Full changelog

machine-api-operator

OCPBUGS-53296: add image/read permissions #1350
OCPBUGS-48245: VSphere: Handle cloned instance with lost taskID #1322
OCPBUGS-47659: Ensure deletion annotation takes priority and oldestPolicy can distinguish longer ages #1318
OCPBUGS-43821: install/0000_30_machine-api-operator_00_credentials-request: Set skipServiceCheck again for GCP #1303
CFE-1051: Adding web-hook validation for capacityReservationGroupID #1260
OCPBUGS-31980: Update x/net to v0.25.0 #1236
OCPBUGS-30898: Azure MAO CredentialsRequest Contains Unnecessary virtualMachines/extensions Permissions #1224
OCPBUGS-28745: Set –max-concurrent-reconciles=10 for Azure machine controller #1217
OCPBUGS-28745: Add AddWithActuatorOpts to allow overriding Machine controller options #1214
OCPBUGS-24998: Add Snyk file to exclude vendor directory on scan #1191
OCPBUGS-24047: Update reference URL #1186
OCPBUGS-24047: Use docs URL instead of KCS article #1180
OCPBUGS-17297: [release-4.14] Update x/net to fix CVE #1173
Full changelog

machine-config-operator

OCPBUGS-57341: Do not enable on-prem-resolv-prepender.path for UPI #5114
OCPBUGS-43743: Soften haproxy timeout for kubeapi probe #4664
OCPBUGS-54228: Update ObservedGeneration in KubeletConfig #4950
OCPBUGS-50631: Add clarification to invalid maxUnavailable alert #4848
OCPBUGS-48801: Wait for all subcontrollers #4808
OCPBUGS-46057: Remove trailing periods from AWS provided hostnames #4747
OCPBUGS-45271: Post upgrading from 4.14 to 4.15.36, the observedGeneration count increased tremendously #4725
OCPBUGS-42111: Do not use ‘restart’ for ‘oneshot’ service #4622
MCO-1278: Backport Telemetry to 4.14 #4672
OCPBUGS-43981: Panic seen in CI job for MCC pod #4671
OCPBUGS-43980: MCPs report wrong number of nodes when we move nodes from one custom MCP to another custom MCP #4673
OCPBUGS-37552: On-Prem resolv prepender to watch for NM changes #4500
OCPBUGS-35322: Decrease logs of haproxy #4405
OCPBUGS-32258: Log network service output to console #4320
OCPBUGS-38371: Revert “MCD-pull: run after network-online.target in Azure” #4526
OCPBUGS-37769: Move StartLimitIntervalSec to Unit section #4521
OCPBUGS-30794: Mount /run/nodeip-configuration into coredns containers #4253
OCPBUGS-37483: Remove weights from ingress check script #4485
OCPBUGS-37738: Openshift uncordoned compute-node that was intentionally cordoned #4502
OCPBUGS-36915: Use NM’s dns-change event for resolv.conf #4473
OCPBUGS-37223: Copy RHEL9 binaries used in HCP #4479
OCPBUGS-36776: daemon: Handle correctly OS Version for 4.1 and 4.2 bootimages #4463
OCPBUGS-36593: MCD-pull: run after network-online.target in Azure #4456
OCPBUGS-36356: daemon/update: disable systemd unit before overwriting #4447
OCPBUGS-32472: Delete state files on reboot only #4331
OCPBUGS-33590: ovs-configure: fix vlan_parent calculation #4361
OCPBUGS-34716: If multiple hostnames are returned, use the first one for the Node name #4385
OCPBUGS-17658: Controller pod is spamming unknown field “spec.dns.spec.platform” message #4383
OCPBUGS-33643: Don’t error if the certs.d dir doesn’t exist yet #4362
OCPBUGS-32341: Remove the condition for checking the multiple ovs-if-br-ex profiles #4325
OCPBUGS-27030: Log network service output to console #4114
: OCPBUGS-31731: kubelet: restorecon necessary files on kubelet’s prestart #4307
OCPBUGS-32260: fix: resources were in the wrong indentation level #4322
OCPBUGS-27108: Add \n in cert_writer for old cert methods and skip cloudCA validation #4117
OCPBUGS-31487: Prevent OVS-configuration to run before kdump #4291
OCPBUGS-29400: Run resolv-prepender entirely async #4182
OCPBUGS-31681: make verify should use MCO’s kube version #4305
OCPBUGS-30992: add preferredduringscheduling annotation to kube-rbac-proxy-crio #4266
OCPBUGS-30872: add static pods for rbacproxy #4258
OCPBUGS-30107: annotate on-prem static pods for workload partitioning #4230
OCPBUGS-30225: set nodeStatusReportFrequency #4242
OCPBUGS-29290: AWS: Always persist the existing node name on 4.14 #4215
OCPBUGS-20039: Add v6-primary dual stack support to VSphere UPI #3956
OCPBUGS-29457: Add existing kubeletconfig/ctrcfg mc-name-suffix annotation #4187
OCPBUGS-26072: Fix bootstrap with NTO Operator and duplicate MachineConfigs #4098
OCPBUGS-28379: fix nodeStatusUpdateFrequency #4149
OCPBUGS-28384: daemon: allow the user to override drains on IR changes #4150
OCPBUGS-27759: Add Image Credential Provider flags for Kubelet on AWS #4144
[OCP 4.14] OCPBUGS-24660: daemon: Add support for new nmstate logic #4066
OCPBUGS-27178: use *resource.Quantity to not automatically set 0 #4121
OCPBUGS-23089: Don’t retry node-ip show in resolv-prepender #4022
OCPBUGS-27362: Fix typo in AWS node env unit #4131
OCPBUGS-26500: crio: drop automatic image cleanup on upgrades #4105
OCPBUGS-26559: Azure Run ovs-configuration.service before dnsmasq.service #4109
OCPBUGS-26551: kubelet: fix kubelet labels #4107
OCPBUGS-24596: [release-4.14] execute cert related processes to ensure proper rotation #4063
OCPBUGS-24397: gcp-routes: don’t exit on crictl failures #4056
OCPBUGS-20554: Ensure gcp-routes hack for internalLB hairpin traffic works for SGW #3973
OCPBUGS-23474: Use shorter IP label for keepalived VIP #4041
OCPBUGS-23208: workaround nmstate bug by configuring ipv{4,6} addresses #4031
OCPBUGS-22275: support icsp and idms objects #3995
OCPBUGS-22391: Require a hostname override for AWS #4001
OCPBUGS-20418: Introduce kubelet-dependencies.target and firstboot-osupdate.target #3967
OCPBUGS-20051: Support to append the duplicate kernel arguments to the rendered MC #3957
OCPBUGS-21065: Update library-go and k8s dependencies to latest version #3994
OCPBUGS-20025: Consider ingress VIPs when selecting node IP #3951
OCPBUGS-21841: CRI-O: Use 127.0.0.1 for stream server with random port #3984
OCPBUGS-20358: dashboard should detect unknown and not ready for not ready dashboard #3966
OCPBUGS-19657: After dual-stack conversion reconcile IPFamilies #3934
OCPBUGS-19430: [release-4.14] resolv-prepender: avoid pulling baremetalRuntimeCfgImage again if it … #3925
OCPBUGS-19703: Internal Registry Secrets merge causing excessive API calls #3941
OCPBUGS-19662: fix merged image registry CA behavior #3937
OCPBUGS-19701: Remove dependency on k8s.io/kubernetes packages #3940
OCPBUGS-19344: Ignore invoking nbctl calls if its SDN #3928
OCPBUGS-19535: daemon: always use podman cp to copy extensions container content #3932
OCPBUGS-19357: install: Recreate and delayed default ServiceAccount deletion #3920
Full changelog

machine-image-customization-controller

OCPBUGS-24576: configurable ironic agent vlan creation #111
OCPBUGS-21555: Uplift x/net to v0.17.0 #104
Full changelog

machine-os-images

OCPBUGS-54171: Change rhcos release browser url #59
Force rebuild of CI image #31
Full changelog

monitoring-plugin

OCPBUGS-44392: fix cross-spawn vulnerable dependency #278
NO-JIRA: [release-4.14] OU-179: Fix the root cause of externalLabels not present on alerts #244
OCPBUGS-44137: upgrade dompurify dependency #243
OCPBUGS-43243: upgrade dynamic plugin sdk to remove vulnerable dependencies 4.14 #219
OU-318: consider all metric keys to display all results on dashboards tables #99
OCPBUGS-24664: disable query link for non metric-based alerts #82
Full changelog

multus-admission-controller

OCPBUGS-58763: Bump github.com/golang/glog to v1.2.4 #105
OCPBUGS-42048: Update owners #91
OCPBUGS-21372: Update go.mod for CVE-2023-39325 [Release-4.14] #71
Full changelog

multus-cni

OCPBUGS-48160: [backport 4.14] Adds a wait to account for the possiblity of a not ready unix socket #262
OCPBUGS-35578: Update owners file #243
OCPBUGS-33478: Fix CNI cache update function to prevent nil access #232
OCPBUGS-26331: Fix SAST scan issues for multus-cni-container [4.14] #220
OCPBUGS-21099: Update go.mod for CVE-2023-39325 [Release-4.14] #194
OCPBUGS-19860: Multus annotation permissions: Certificate duration should be configurable [backport 4.14] #192
OCPBUGS-19679: Move chroot from multus main process to its child processes #189
OCPBUGS-19375: Per node certification cherry-pick #185
OCPBUGS-19074: Performance and efficiency improvements in daemon/server mode #181
Full changelog

multus-networkpolicy

Update owners (#62) #62
Update vendor package (#40) #40
OCPBUGS-21454: Update go.mod for CVE-2023-39325 (#33) #33
Full changelog

multus-route-override-cni

OCPBUGS-42049: [release-4.15]Update owners #60
Full changelog

multus-whereabouts-ipam-cni

OCPBUGS-55620: Fixes leftover podref issue #367
OCPBUGS-42047: Update owners #311
OCPBUGS-37815, OCPBUGS-37817: [release-4.14] align api calls timeout and skip pods marked for deletion #309
OCPBUGS-36722: Return previous IP allocation for add cmd #296
OCPBUGS-35263: Use IP to identify orphaned allocation to be deleted #289
OCPBUGS-27858: Enable reconciler configuration 4.14 #240
OCPBUGS-26553: Cherry pick fix assignment 4.14 #230
OCPBUGS-21518: update golang.org/x/net to v0.17.0 #207
Full changelog

must-gather

OCPBUGS-42971: Collect etcd object count #457
OCPBUGS-48084: Update owners #475
OCPBUGS-48058: Support gathering IPsec data #472
OCPBUGS-43058: [Backport 4.14] Multus is now a Pod and will be captured by normal #451
OCPBUGS-20429: Revert “Add must gather script for network observability” #391
OCPBUGS-20354: Removed workload partitioning annotation from ppc script #388
Full changelog

network-metrics-daemon

OCPBUGS-58778: Bump github.com/golang/glog to v1.2.4 (#115) #115
OCPBUGS-60394: Replace e2e test image (#128) #128
swtich golint install method (#127) #127
Correct 4.16 owners file (#100) #100
Added METRIC_TEST_IMAGE var (#88) #88
Update the k8s dependencies to 1.27.7 (#82) #82
Full changelog

network-tools

OCPBUGS-31862: replace wireshark with wireshark-cli #122
OCPBUGS-22172: Move commands to the function to avoid them being executed on -h. #94
OCPBUGS-20520: Update scripts in network-tools to reflect the changes in IC model #92
Full changelog

nutanix-cloud-controller-manager

OCPBUGS-23873: fix for CVE-2023-47108 #43
OCPBUGS-17304, OCPBUGS-20899: bump golang.org/x/net to v0.17.0 #39
Full changelog

nutanix-machine-controllers

OCPBUGS-47265: fixing CVE-2024-45338 #116
OCPBUGS-51852: Fixing CVE-2025-22868 #108
OCPBUGS-17305: bump golang.org/x/net to 0.17.0 #85
OCPBUGS-29549: IPI install fails on Nutanix when using DHCP #70
OCPBUGS-19731: machine stuck in Provisioning and machineset scale/delete not work #53
Full changelog

oauth-apiserver

OCPBUGS-31982: bump x/net to 0.24.0 #110
OCPBUGS-21100: bump k8s.io (release-4.14) #100
OCPBUGS-27116: UPSTREAM: <carry>: retry etcd Unavailable errors #97
Full changelog

oauth-proxy

OCPBUGS-20980: go.mod: bump golang.org/x/net to v0.17.0 #267
Full changelog

oauth-server

OCPBUGS-21393: go.mod: bump golang.org/x/net to v0.17.0 #138
OCPBUGS-10173: Updating oauth-server images to be consistent with ART #134
Full changelog

oc-mirror

changes the owners file (#1013) #1013
OCPBUGS-48513: e2e: use same version of crane as in go.mod (#1023) #1023
Bump version to include v5.11.0 of go-git (#822) #822
Fix to ensure operator not found error exits with correct status (#797) #797
OCPBUGS-28871: Capability to override default channel (#749) (#790) #749
OCPBUGS-19429: Fix cross EUS channel upgrade path calculation (#769) #769
OCPBUGS-23327: Fix MirrorToDisk of oci catalogs in hidden folders (#766) #766
skipping prune failure if manifest not found (#735) #735
OCPBUGS-21472: fix: CVE-2023-39325 (#711) #711
Fixes HTTP 401 issues when several catalogs are being mirrored and need to be rendered using operator-registry (#704) (#706) #704
Fix OCPBUGS-17546: pod catalogsource generated by oc-mirror will crashloopBackOff randomly (#699) #699
Full changelog

olm-catalogd

OCPBUGS-27585, OCPBUGS-27670: [release-4.14] bump github.com/go-git/go-git/v5 to v5.11.0 #40
OCPBUGS-21197: Bump golang.org/x/net from 0.10.0 to 0.17.0 (#197) #30
Full changelog

olm-operator-controller

OCPBUGS-27590, OCPBUGS-27675: [release-4.14] bump github.com/go-git/go-git/v5 to v5.11.0 #69
OCPBUGS-22616: [release-4.14] Bump go.opentelemetry.io dependencies #58
OCPBUGS-21287: Bump golang.org/x/net to v0.17.0 #29
Full changelog

olm-rukpak

: OCPBUGS-27680,OCPBUGS-27595: UPSTREAM: <carry>: Update go-git to v5.11.0 #73
OCPBUGS-23358: [release-4.14] Address http2 vulnerability #53
OCPBUGS-21379: Bump golang.org/x/net from 0.15.0 to 0.17.0 #39
And 1 elided commits (e.g. from squash or rebase merges)
Full changelog

openshift-apiserver

OCPBUGS-50477: Pass expected type to deploymentconfig/scale object validation. #497
OCPBUGS-32445: bump(x/net) to v0.23.0 #429
OCPBUGS-31509: vendor upgrade runtime-utils #426
OCPBUGS-27104: UPSTREAM: <carry>: retry etcd Unavailable errors #412
: OCPBUGS-21464: Enable HTTP/2 CVE mitigation #397
OCPBUGS-20150: pkg/image: avoid unnecessary service lookups when registry is removed #393
Full changelog

openshift-controller-manager

OCPBUGS-57940: Set node-pullsecrets volume to read-only to protect image pull credentials #398
OCPBUGS-56951: Empty proxy variables are causing issues during the build #386
OCPBUGS-48480: Add team members to the OWNERS file #360
NO-JIRA: cleanup root and app OWNERS #349
OCPBUGS-32869: replaces deprecated square/go-jose wtih go-jose/go-jose #342
OCPBUGS-41951: Add adambkaplan as approver #334
[release 4.14] OCPBUGS-33288: Update opentelemetry dependency #295
OCPBUGS-28950: Replace ‘coreydaley’ with ‘sayan-biswas’ in OWNERS file #286
OCPBUGS-18980: Disable Build and DeploymentConfig Informers if their caps are disabled #271
Full changelog

openshift-state-metrics

OCPBUGS-20740: bump x/net to v0.17.0 #107
Full changelog

openstack-cinder-csi-driver-operator

OCPBUGS-35337: Correct out-of-bounds check #173
OCPBUGS-34792: Make Cinder CSI Driver Topology feature configurable #162
OCPBUGS-25657: Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #153
OCPBUGS-26460, OCPBUGS-26461: [release-4.14] CVE-2023-45142,CVE-2023-47108: bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to v0.46.1 #156
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #142
OCPBUGS-21573: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #135
Full changelog

openstack-machine-api-provider

OCPBUGS-32428: Ensure portSecurity is correctly set in the Instance Ports #109
OCPBUGS-23202: Don’t build InstanceSpec during delete operations #95
Bug OCPBUGS-18806: Set controller’s SyncPeriod to 1 hour #81
Full changelog

operator-lifecycle-manager, operator-registry

OCPBUGS-46927, OCPBUGS-46934, OCPBUGS-47314: x/net bump to v0.34.0 [release-4.14] #941
OCPBUGS-46595: CRD upgrade existing CR validation fix (#3442) #921
OCPBUGS-45080: SSA for Services and ClusterRoleBindings #905
OCPBUGS-42828: add optional schema migrations; default to olm.bundle.object instead of olm.csv.metadata #878
OCPBUGS-41872: Fix e2e flake: upgrade CRD with deprecated version #865
OCPBUGS-42150: (fix) registry pods do not come up again after node failure (#3366) #872
OCPBUGS-42017: adds paginating lister for evaluating CRs’ upgrade fitness versus new CRDs. #869
OCPBUGS-38544: (fix) Resolver: list CatSrc using client, instead of referring to registry-server cache (#3349) #842
OCPBUGS-36949: [CARRY] perform operator apiService certificate validity checks directly #821
OCPBUGS-37016: Bump github.com/containers/image/v5 #824
OCPBUGS-36452: Can’t install operator on 4.15 after uninstalling it on a prior version #811
OCPBUGS-31969, OCPBUGS-31970: UPSTREAM: <carry>: update golang.org/x/net for CVE-2023-45288 #787
OCPBUGS-35230: Unblock CI #771
OCPBUGS-33356: UPSTREAM: <carry>: bump go-jose #743
OCPBUGS-30775: [4.14] bump grpc to 1.60.1, reconnect idle connections (#3147) #715
OCPBUGS-29192: [release-4.14]: Clear (existing) error cond from Subscription, once error resolved #686
OCPBUGS-29194: Retry failing unpack jobs #689
NO-ISSUE: [release-4.14] Backport e2e fixes to 4.14 #674
OCPBUGS-27314: Don’t sync namespaces that have no subscriptions #675
OCPBUGS-27565, OCPBUGS-27570, OCPBUGS-27650, OCPBUGS-27655: bump go-git/v5 to 5.11.0 #677
OCPBUGS-27485: [CARRY] SSC RBAC #665
OCPBUGS-22538: bump otelhttp to 44.0 for api #647
OCPBUGS-22538: otelhttp bump [release-4.14] #632
OCPBUGS-20829: [releaser-4.14] Fix apiserver vulnerability #608
OCPBUGS-23212: Do not derive installplan.spec.clusterServiceNames from bundle IDs #607
OCPBUGS-18904: [release-4.14] Improve Leader Election Hand Off #605
OCPBUGS-23508: [release-4.14] Use generated namespaces in e2e tests #614
OCPBUGS-20400: Add OLMConfig API to control package server sync interval [release-4.14] #582
OCPBUGS-19789: Backport OCPBUGS-14698: Rename ClusterRoles created by OperatorGroups [release-4.14] #566
OCPBUGS-22134: [release-4.14] Bump golang.org/x/net to v0.17.0 #587
Full changelog

operator-marketplace

OCPBUGS-49427: Upgrade golang.org/x/net [release-4.14] #589
OCPBUGS-32067: update golang.org/x/net for CVE-2023-45288 #565
OCPBUGS-21001: [release-4.14] bump golang.org/x/net to 0.17.0 #548
OCPBUGS-19075: Updating marketplace-operator images to be consistent with ART #535
Full changelog

ovn-kubernetes, ovn-kubernetes-microshift

OCPBUGS-59872: Dockerfile: Remove ovs version pinning #2695
OCPBUGS-57102: Updating ose-ovn-kubernetes-container image to be consistent with ART for 4.14 #2590
OCPBUGS-56420: Update to FDP25.A.1 24.03.5-40. #2574
OCPBUGS-48522: Let OVN-northd bind remote ports #2418
OCPBUGS-54732: Dockerfile.base: bump OVS version to 3.3 #2511
OCPBUGS-50584: Bump OVN to 23.09.6-12 to consume fix for FDP-905 #2455
OCPBUGS-45096: pin libreswan to 4.6-3.el9_0.3 #2368
OCPBUGS-44784: Bump ovs to 3.1.0-137 #2360
OCPBUGS-44793: Delete EgressIP LRP stale nexthops when node is not found #2361
OCPBUGS-42944: Fix egress gateway pod cleanup for remote zone pods. #2356
OCPBUGS-44379: Revert “Pin libreswan to the known working version 4.5” #2344
OCPBUGS-42952: pin libreswan to the known working version 4.5 #2323
OCPBUGS-42986: Add subnet overlap check for transit switch subnet #2317
OCPBUGS-38263: [release-4.14] Bump OVSDBTimeout and make it configurable #2275
OCPBUGS-38073: Fix registering northd metrics on appropriate nodes #2249
OCPBUGS-37197: [release-4.14] ovspinning: Set affinity of each thread #2236
OCPBUGS-36253: EgressIP: Reload certificates for the grpc heatlhcheck server #2213
OCPBUGS-36554: Handle IP fragments in SGW mode #2219
OCPBUGS-36703: Bump ovn to 23.09.4-16 #2222
OCPBUGS-35009: ipv6+all protocols conntrack flush #2199
OCPBUGS-34570: Fix EIP GARP config overwritten by gateway update #2188
OCPBUGS-33721: use a forked version of j-keck/arping that fixes a threading issue #2170
OCPBUGS-34076: Reuse node-subnet from cache if exists #2177
OCPBUGS-34405: [release-4.14] dns: fix deadlock in case of error #2183
OCPBUGS-33469: drop-forwarding: Add ClusterSubnets to allowed forwarding CIDRs #2160
OCPBUGS-33537: Improves service iptables efficiency on start up #2164
OCPBUGS-32104: Periodically check the ovnkube-node certificate is not expired #2117
OCPBUGS-32319: [release-4.14] Full implementation of KEP-1669 ProxyTerminatingEndpoints + ETP=local fix #2128
[Release 4.14] OCPBUGS-32987: Bump OVS #2148
OCPBUGS-32247: [release-4.14] OVN bump to 23.09.0-139 #2123
OCPBUGS-29397: 4.14 High CPU usage with APB CRD #2118
OCPBUGS-32353: Custom v4 and v6 transit switch subnets while creating kind cluster #2122
OCPBUGS-31853, OCPBUGS-31854: EIP multi NIC IPv6 support and default route with next hop #2114
OCPBUGS-31648: Set mac binding age threshold in gateway routers #2115
OCPBUGS-29342: AdminPolicyBasedExternalRoute CRD failing to watch and reconcile routes for later pods #2076
OCPBUGS-29606: Update HostNetworkNamespace address_set for remote zone nodes #2091
OCPBUGS-28726: Update netpol namespace address sets usage to the old ways #2068
OCPBUGS-28819: Support Permanent Session Affinity #2046
OCPBUGS-29231: [release-4.14] Separate timeout for handler sync from informer sync & do not resync services during node tracker startup #2061
OCPBUGS-29186: Wait for ovnkube controller to start before checking result error. #2067
OCPBUGS-29207: Ignore hybrid-overlay nodes from EgressIP controller #2062
OCPBUGS-25999: Prevent multiple encap-ips per single chassis #2037
OCPBUGS-28789: Fix LGW ETP=Local on IPv6 #2042
OCPBUGS-27925: dont quit if node does not have subnet annotation #2026
OCPBUGS-27256: Ensure session affinity cleanup on backend removal #2021
OCPBUGS-23395: Egressfirewall use port groups #1956
OCPBUGS-27243: CARRY: Updates owners and adds Surya #2019
OCPBUGS-25081: Update ACL syncer: make default deny acls filter more strict, #1981
OCPBUGS-26568: Synchronize node primary address update #2012
OCPBUGS-24326: APB External Route: Add IPv4 and IPv6 validation in CRD schema for static hop IP field #1967
OCPBUGS-25903: Fix Egress IP Deletion Handler to Prevent OVN Policy Leaks #2003
OCPBUGS-25746, OCPBUGS-25747: Dockerfile: Bump OVN to ovn-23.09.0-91.el9fdp #1996
OCPBUGS-24320: APB status not updated when fails to process during the first reconciliations #1968
OCPBUGS-23257: Update leaderelection config to allow retries #1955
OCPBUGS-23387: Ignore completed virt-launcher pods #1954
OCPBUGS-25087: Fragment oversized reply packets in LGW mode #1982
OCPBUGS-22735: OVNK/GW: Ignore headless services in syncServices #1970
OCPBUGS-24350: [release-4.14] fixes MTU configuration on gateway router #1969
OCPBUGS-24209: Significantly reduce shared informer memory usage #1964
OCPBUGS-19781: Dockerfile: Copy ovnkube-trace file for RHEL8 platform #1908
OCPBUGS-20260, OCPBUGS-20261: [release-4.14] Use private IPv4 address range for transit switch subnet & Incorrect webhook error and exit handling #1933
OCPBUGS-19932: OCPBUGS-19931: DownStream Batch Merge Blocker Bug 29th september 2023 #1920
OCPBUGS-19886, OCPBUGS-19887, OCPBUGS-19888, OCPBUGS-19889: EIP fixes, remove ippool dupe call, allow gw mtu in webhook and ovnkube node can set mgt port for dpu #1915
OCPBUGS-19812, OCPBUGS-19813, OCPBUGS-19814, OCPBUGS-19815: release 4.14 blocker fixes #1909
OCPBUGS-18427, OCPBUGS-19507, OCPBUGS-19538, OCPBUGS-19568: merging from master to release-4.14 #1889
OCPBUGS-18977: Update bridge flow cache when the host address changes #1874
OCPBUGS-19503, OCPBUGS-19649: Use status subresource, Introduce per-node certs with webhook #1898
OCPBUGS-18584: Check libovsdbclient.ErrNotFound on wrapped errors #1863
OCPBUGS-19087: Dockerfile: bump OVN to ovn23.09-23.09.0-beta.31.el9fdp #1879
OCPBUGS-12146: Updating ovn-kubernetes-microshift images to be consistent with ART #1656
Full changelog

powervs-block-csi-driver

OCPBUGS-36095: Fix CVE-2024-6104 by updating http-retryable to 0.7.7 #90
OCPBUGS-33637: Fix CVE2023-45288 by bumping x/net to v0.24.0 - 4.14 #81
OCPBUGS-25980: Rebase with upstream: Fix snyk code issue: Path Traversal #72
OCPBUGS-24713: synk: ignore vendor dir #60
OCPBUGS-21112: CVE-2023-39325 - Update net dependencies - 4.14 #51
cherry-pick: Improve delete device failure logs in driver node #48
Full changelog

powervs-block-csi-driver-operator

OCPBUGS-25657: Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #58
OCPBUGS-25715: snyk: ignore vendor dir #60
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #48
OCPBUGS-21203: CVE-2023-39325 - Update net dependencies - 4.14 #40
Update OWNERS add yussufsh #44
Full changelog

powervs-cloud-controller-manager

OCPBUGS-36105: UPSTREAM: <carry>: Fix go-retryablehttp CVE 4.14 #75
OCPBUGS-24727: UPSTREAM: <carry>: snyk code scan exclude vendor directory #54
OCPBUGS-21299: CVE-2023-39325 - Update net dependencies - 4.14 #45
Full changelog

powervs-machine-controllers

OCPBUGS-54754: Fix for CVE-2024-51744 in github.com/golang-jwt/jwt/v4 in release-4.14 #116
OCPBUGS-41978: Update go.mod to fix CVE - 4.14 #86
OCPBUGS-24730: snyk code scan exclude vendor directory #65
OCPBUGS-21879: CVE-2023-39325 - Bump golang.org/x/net to v0.17.0 - 4.14 #54
Full changelog

prometheus

OCPBUGS-43670: fix(discovery): Handle cache.DeletedFinalStateUnknown … #239
OCPBUGS-22531: bump otel dependencies #183
OCPBUGS-21262: update golang.org/x/net to v0.17.0 [4.14] #176
Full changelog

prometheus-alertmanager

OCPBUGS-21064: Bump golang.org/x/net to v0.17.0 #80
Full changelog

prometheus-config-reloader, prometheus-operator, prometheus-operator-admission-webhook

OCPBUGS-30015: fix: convert continue field between v1beta1 and v1alpha1 #279
OCPBUGS-20881: fix: disable HTTP2 connections by default #253
OCPBUGS-20881: Bump golang.org/x/net to v0.17.0 #247
Full changelog

prometheus-node-exporter

OCPBUGS-21162: (4.14) upgrade golang.org/x/net to v0.17.0 #134
Full changelog

route-controller-manager

OCPBUGS-21576: bump(k8s,openshift) to address CVE-2023-44487 [4.14] #34
Full changelog

service-ca-operator

OCPBUGS-21066: go.mod: bump golang.org/x/net to v0.17.0 #224
OCPBUGS-19318: fix admission webhook CA injection #222
Full changelog

telemeter

OCPBUGS-34830: fix issuer check during JWT authentication 4.14 #539
OCPBUGS-32888: update gopkg.in/square/go-jose.v2 to fix CVE-2024-28180 #535
OCPBUGS-22647: go.mod: bump go.opentelemetry.io/contrib/instrumentation/net/http/ote… #494
OCPBUGS-21349: [release-4.14]: Bump golang.org/x/net to v0.17.0 #484
Full changelog

tests

OCPBUGS-55747: [build] Ensure Git Clone Does Not Run Privileged #29758
OCPBUGS-54770: Fix egress firewall tests by updating the URL from docs.openshift.com to redhat.com #29665
OCPBUGS-52583: Use payload pullspec for image info test #29591
OCPBUGS-51363: Disable:Broken for [sig-builds][Feature:Builds][Slow] can use private repositories as build input build using an HTTP token should be able to clone source code via an HTTP token #29567
OCPBUGS-51044: Add/remove team members to the OWNERS file for Builds #29554
OCPBUGS-44107: Adjust createDNSPod() to support hypershift dual-stack test #29256
OCPBUGS-39137: Bump timeout for the pod-network-service endpoints check #29062
OCPBUGS-38365: add Proxy config #28998
OCPBUGS-36800: Removes dependency on samples operator images #28952
#28775 FIX [release-4.14] OCPBUGS-33367: monitor test fix to wait before connecting to a non-existent dns on PowerVS and IBMCloud platforms #28792
#28745 FIX [release-4.14] OCPBUGS-33022: update egressFWTestE2E image which contains ping binary #28899
OCPBUGS-36464: test/extended: skip etcd leader change check on hypershift #28921
OCPBUGS-35475: Use centos7 tag instead of latest for cmd images tests #28881
OCPBUGS-33417: Provide SCC access via RBAC #28806
OCPBUGS-33563: Adjust the method of get the apiServer (release-4.14) #28763
OCPBUGS-29970: Do not assume there is just a single kubelet systemd service #28620
OCPNODE-2101: add kube-rbac-proxy-crio toleration change #28647
OCPBUGS-29928: Only extract node role from properly formatted node-role label #28616
OCPBUGS-29182: updated timeout to 3 seconds to account for network timing issues #28578
OCPBUGS-29034: Replace ‘coreydaley’ with ‘sayan-biswas’ #28574
OCPBUGS-26044: Adding test case for when exceed openshift.io/image-tags will ban to … #28493
OCPBUGS-21774: backport #28316 to 4.14 release #28335
Revert “[release-4.14] OCPBUGS-22720: Use Centos 8 Stream mysql image in tests” #28368
OCPBUGS-23042: tolerate AWS edge nodes on monitor tests #28387
OCPBUGS-23145: Bump watch requests for cluster-baremetal-operator #28385
trt-1340: backport exact and disable monitor tests options to 4.14 #28391
OCPBUGS-19923: Updating parameters for build timing PushImage test #28291
OCPBUGS-22411: fix: increase upper bounds for samples operator #28356
OCPBUGS-22720: Use Centos 8 Stream mysql image in tests #28365
OCPBUGS-22389: Remove all docker.io images due to access denied #28355
OCPBUGS-21774: backport https://github.com/openshift/origin/pull/28238 to 4.14 release #28333
Revert #28304 “OCPBUGS-20308: Backport PR 28295 and 28238” #28314
OCPBUGS-20308: Backport PR 28295 and 28238 #28304
OCPBUGS-19903: kubevirt: add live migration tests #28281
wait for the service to have endpoints before starting pollers #28279
some monitor tests only function on disruptive tests #28287
OCPBUGS-19718: rteval #28276
OCPBUGS-19547: fix: add rteval to the test image #28269
TRT-1244: Bump aws-ovn upgradeDurationLimits to 130 #28265
OCPBUGS-19061: Remove duplicate connection type from disruption name #28260
Full changelog

thanos

OCPBUGS-22636: Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.42.0 to 0.44.0 #130
OCPBUGS-21176: Bump golang.org/x/net to v0.17.0 #124
Full changelog

vsphere-cloud-controller-manager

OCPBUGS-23889: Bump otelgrpc to v0.49.0 #70
OCPBUGS-21520: Bump golang.org/x/net to v0.18.0 #54
Full changelog

vsphere-cluster-api-controllers

OCPBUGS-35136: Bump x/crypto to v0.24.0 #46
OCPBUGS-17312, OCPBUGS-21558: [release-4.14] bump golang.org/x/net to v0.17.0 #20
Full changelog

vsphere-csi-driver, vsphere-csi-driver-syncer

OCPBUGS-51045: Prevent node cache update during attach & detach #139
OCPBUGS-35138: CVE-2023-48795: bump golang.org/x/crypto to v0.17.0 #123
OCPBUGS-33798: FailedPrecondition volume does not appear staged #119
OCPBUGS-21564: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #90
Full changelog

vsphere-csi-driver-operator

OCPBUGS-25657: Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #203
OCPBUGS-24224: Explicitly degrade the cluster when conditions are not met #194
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #186
OCPBUGS-23169: Fix vsphere csi controller pods from getting constantly restarted #193
OCPBUGS-22430: disable http/2 server support in webhook #182
OCPBUGS-21450: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #173
Full changelog

vsphere-problem-detector

OCPBUGS-38347: Drop event when CheckDefaultDatastore fails #171
OCPBUGS-35913: Fix missing failure-domains #162
OCPBUGS-24401: Use failure-domains and other changes from master #142
OCPBUGS-21812: Warn usernames without domain name #134
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #138
OCPBUGS-21581: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #129
Full changelog

View changelog in Markdown or change previous release:

Source code for this page located on github