Back to index
Download the installer for your operating system or run
oc adm release extract --tools quay.io/openshift-release-dev/ocp-release:4.13.28-x86_64 Team Approvals:
Tests:
Blocking jobs Informing jobs Upgrades from:
Untested upgrades:
4.12.19 ,
4.12.20 ,
4.12.22 ,
4.12.23 ,
4.12.24 ,
4.12.26 ,
4.12.27 ,
4.12.28 ,
4.12.29 ,
4.12.30 ,
4.12.31 ,
4.12.32 ,
4.12.33 ,
4.12.34 ,
4.12.36 ,
4.12.37 ,
4.12.38 ,
4.12.39 ,
4.12.40 ,
4.12.41 ,
4.12.42 ,
4.12.43 ,
4.13.10 ,
4.13.11 ,
4.13.12 ,
4.13.13 ,
4.13.14 ,
4.13.16 ,
4.13.19 ,
4.13.21 ,
4.13.22 ,
4.13.23 ,
4.13.24 ,
4.13.3 ,
4.13.4 ,
4.13.5 ,
4.13.6 ,
4.13.7 ,
4.13.8 ,
4.13.9 Upgrades to:
Loading changelog, this may take a while ...
Changes from 4.13.0
Created: 2024-01-04 09:15:56 +0000 UTC
Image Digest: sha256:1c834045db967d579aa2f1ef6f836dcb21db13d804bdffb972e8f4a7a4d59fc2
Release 4.13.28 was created from registry.ci.openshift.org/ocp/release:4.13.0-0.nightly-2024-01-01-160741
Components
Rebuilt images without code change
OCPBUGS-25369 : Discover AWS dns suffix from partition and region. #640
OCPBUGS-21367 : Upgrade golang/x/net for CVE-2023-39325 #623
snyk: exclude vendor/ #616
OCPBUGS-12565 : CVE-2022-41723 ose-cloud-credential-operator-container: net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [openshift-4] #543
OCPBUGS-13692 : Determine AWS partition based on region for readOnlyAnonUserPolicyTemplate bucket ARN. #538
Full changelog
Disable HTTP/2 for webhook and metrics servers (#846) #846
Remove obsolete protocols and weak ciphers (#843) #843
OCPBUGS-18493 : e2e: deflake IRQ load-balancing (#782) #782
Use RHEL9 as a base (#829) #829
OCPBUGS-17943 : Add rtentsk plugin to pp tuned profile Signed-off-by: Brent Rowsell <browsell@redhat.com> (#796) #796
nto: avoid timeout when there are too many CSV (#818) #818
OCPBUGS-19459 : check for object being nil (#820) #820
Add kubeconfig path for IBM Managed OpenShift (#814) #814
OCPBUGS-14137 : e2e: perfprof: add SNO device recovery test (#653) (#806) #653
OCPBUGS-18868 : [release-4.14] e2e: add expected max latancy to hwlatdetec test & rename constant (#788) (#808) #788
Sync DaemonSet if operand image changes (#786) #786
Revert “Revert “Release leader election on manager exit (#773)” (#797)” (#802) #773
OCPBUGS-19351 : Keep Profile status.bootcmdline around (#803) #803
Revert “Release leader election on manager exit (#773)” (#797) #773
Release leader election on manager exit (#773) #773
Tighten the rules for modifying Tuned Profiles (#766) #766
OCPBUGS-18063 : cgroup: Match the name of the cgroup to what is expected by kubelet (#774) #774
update tsc karg to tsc=reliable (#757) #757
OCPBUGS-17845 : deflake ht aware test (#763) #763
OCPBUGS-17794 : rps: use default rps mask kernel API (#760) #760
Improve render error handling (#755) #755
nto:tuned: remove sched_min_granularity_ns settings (#726) #726
Fix a race in e2e test rollback.go code (#740) #740
E2E: Add memory manager sanity test case (#573) (#695) #573
e2e: latency testing: increase the expected threshold (#709) #709
Do not rollback settings on TuneD exit (#704) #704
Switch to rslave/HostToContainer volume mount propagation (#705) #705
e2e: perf-prof: disable truncating gomega output (#707) #707
OCPBUGS-14895 : Do not fail creating cgroups if they exist already (#684) #684
OCPBUGS-14331 : Fix updating numa core siblings map in GetCpuSiblings function (#669) #669
render: remove uid from render-sync target (#594) (#609) #594
Remove cpu-quota.crio.io: disable annotation (#670) #670
Add PerformanceProfiles to ‘oc adm must-gather’ (#657) #657
OCPBUGS-11709 : pao e2e: skip hugepages and numa tests properly (#643) #643
e2e: Fix RPS test for multi-worker cluster (#648) #648
OCPBUGS-12978 use WatchNamespace() when deleting Profiles (#645) #645
OCPBUGS-11336 : pao e2e: fix update test suit timeouts (#642) #642
Address CVE-2022-41723 (#633) #633
OCPBUGS-13148 : Configure cpu balancing cpu sets for all clusters (#647) #647
Full changelog
HOSTEDCP-1146 : cpo: use CPO spec container image if it is a sha256 reference #3296
OCPBUGS-22971 : Add konnectivity-proxy container to CNO #3167
OCPBUGS-23455 : Use the same etcd snapshot for all replicas during etcd restore #3205
NO-JIRA: Red Hat Trusted App Pipeline purge hypershift-operator-release-413 #3217
chore(deps): update rhtap references (release-4.13) #3043
Update RHTAP references (release-4.13) #2996
OCPBUGS-17182 : add need-management-kas-access label to olm-collect-profiles pods #2871
OCPBUGS-16225 : Add missing probes to two services #2821
fix(olm): Use 4.13 catalog source images #2978
Updated secret permissions for openshift-route-controller-manager #2923
HOSTEDCP-1121 : Ensure SG reconciliation for aws endpoint #2885
chore(deps): update rhtap references (release-4.13) #2921
Revert “HOSTEDCP-1110: [backport-4.13] Allow HCP Specification to Support ICSP & IDMS” #2931
chore(deps): update rhtap references (release-4.13) #2904
Update RHTAP references (release-4.13) #2866
HOSTEDCP-1046 : Add ImageDigestMirrorSet to Config API comment #2870
HOSTEDCP-1046 : Add IDMS to the list of valid config manifests #2863
Update RHTAP references (release-4.13) #2833
HOSTEDCP-1110 : [backport-4.13] Allow HCP Specification to Support ICSP & IDMS #2839
OCPBUGS-15743 : Let getMachinesForNodePool return machines ordered by creation Timestamp #2767
4.13: Add management cluster KAS network policy #2786
Leader election config update. #2801
OCPBUGS-16160 : fix deletion bug when hostedzone is already deleted #2813
HOSTEDCP-1061 : [release-4.13] Implement dedicated request serving nodes for HostedClusters #2809
Update RHTAP references (release-4.13) #2816
OCPBUGS-16057 : use ignition-proxy Service to populate ignitionEndpoint with strategy NodePort #2798
OCPBUGS-14862 Improve clarity around hypershift operator permissions #2810
HOSTEDCP-1101 : Add snyk-secret HO RHTAP scripts #2799
OCPBUGS-16125 : [release-4.13] Update vendored dependencies #2797
OCPBUGS-15774 : autoscaling balance similar groups #2805
OCPBUGS-15965 : Reject VPCE Connections during VPCE Service cleanup #2789
Update RHTAP references (release-4.13) #2751
OCPBUGS-15171 : Skip AWS resource deletion for ‘Unknown’ OIDC state #2701
HOSTEDCP-1008 : Add NodePoolTransitionSeconds metric #2758
OCPBUGS-15281 : Check OwningIngressController also in Labels #2715
HOSTEDCP-1060 : refactor ignition-server reconcilation and add ignition-server proxy #2748
HOSTEDCP-1073 : enforce blocked rollout of HCP #2735
HOSTEDCP-1003 : Set AWS conditions only for AWS platform #2670
OCPBUGS-15268 properly handle user CA bundle not existing #2710
OCPBUGS-15301 : [release-4.13] fix(oauth): Do not proxy IBM Cloud IAM endpoints #2696
OCPBUGS-14030 : Include default ingress CA in root CA bundle #2599
OCPBUGS-14490 : Enable HCCO to reconcile over the OperatorHub’s disableAllDefaultSources object #2645
OCPBUGS-14801 : Set DisableStrictZoneCheck = true
in the AWS Cloud Provider config #2666
HOSTEDCP-1048 : Add impersonate feature to the CLI and document HC dump procedure #2681
OCPBUGS-14872 : Honor global ingress configuration LoadBalancer type on AWS #2677
OCPBUGS-14436 : Add ClusterUpgradeDuration metric #2637
HOSTEDCP-1009 : Allow external-dns image to be set in install cli #2652
Red Hat Trusted App Pipeline update hypershift-operator-release-413 #2641
Red Hat Trusted App Pipeline purge hypershift #2640
OCPBUGS-13735 : Cluster-api SA can’t create events and fix permissions wrongly included #2610
OCPBUGS-14242 : Remove external-dns –events flag #2621
OCPBUGS-14155 : Reconcile oauthDeployment annotations even if kubeadmin secret is not found #2613
OCPBUGS-13399 : Fix errors from HCP controller removeServiceCAAnnotationAndSecret() #2552
HOSTEDCP-1010 : Set ETCD Storage Size as immutable field and equalised the default size among both api versions #2611
HOSTEDCP-947 : Increases default etcd PV size to 8Gi #2569
HOSTEDCP-926 : Send metric when HO/CPO decide to skip cloud resource deletion #2594
HOSTEDCP-975 : Backport nodepools metrics #2601
Red Hat Trusted App Pipeline update hypershift #2603
OCPBUGS-13594 : Sync proxy TrustedCA to guest cluster #2556
fix nil deref in DefaultWorkerSecurityGroupID check #2574
OCPBUGS-13215 : Let the aws endpoint to use the hypershift owned SG #2529
OCPBUGS-13497 : Add internal/external elb tags to subnets #2553
OCPBUGS-13531 : Clean up existing VPC endpoint connections #2554
Stop triggering rollout on labels/taint change #2548
Fixes HCCO reconcile error for kubevirt csi driver #2538
Fix kubevirt csi daemonset reconcile loop #2542
HOSTEDCP-980 : Include HostedClusterDegraded in hypershift_hostedclusters_failure_conditions metric #2525
Full changelog
OCPBUGS-19006 : backport hostname fixes #89
Switch to udevadm command install instead of package [OKD] #83
“Bug OCPBUGS-15777: Switch to udevadm command install instead of package” #81
Full changelog
Added METRIC_TEST_IMAGE var (#90) #90
Update the k8s dependencies to 1.26.10 (#83) #83
Full changelog
Updating ose-nutanix-cloud-controller-manager images to be consistent with ART #15
Full changelog
OCPBUGS-21460 : Fix CVE-2023-44487 and CVE-2023-39325 (#714) #714
Fix OCPBUGS-17546: pod catalogsource generated by oc-mirror will crashloopBackOff randomly (#700) #700
Fix OCPBUGS-14402 (#675) #675
OCPBUGS-18556 : operator catalogs from oc-mirror fail to deploy because of invalid caches (#691) #691
OCPBUGS-18106 : manual cherrypick (#684) #684
OCPBUGS-17998 : fix: ICSP with incorrect mirror path (#685) #685
OCPBUGS-17453 : Fix “ OCI index found, but accept header does not support OCI indexes (#677) #677
OCPBUGS-16372 : A variety of changes needed for correct operation with multi… (#661) #661
OCPBUGS-13871 : fix: changes on help info content (#654) #654
Fix OCPBUGS-11840: ParseImageReference supports cases where both tag and digest are present in a ref (#637) #637
Removes Ross and adds Jeremy in the OWNER file (#645) #645
OCPBUGS-13591 , OCPBUGS-13592 : Limit the nested repository path while mirroring the images (#635) #635
Full changelog
Source code for this page located on github