Back to index
Download the installer for your operating system or run
oc adm release extract --tools quay.io/openshift-release-dev/ocp-release:4.14.31-x86_64 Team Approvals:
Tests:
Blocking jobs Informing jobs Upgrades from:
Untested upgrades:
4.13.23 ,
4.13.24 ,
4.13.25 ,
4.13.27 ,
4.13.28 ,
4.13.30 ,
4.13.31 ,
4.13.32 ,
4.13.33 ,
4.13.35 ,
4.13.36 ,
4.13.37 ,
4.13.38 ,
4.13.39 ,
4.13.40 ,
4.13.41 ,
4.14.10 ,
4.14.11 ,
4.14.12 ,
4.14.14 ,
4.14.15 ,
4.14.16 ,
4.14.17 ,
4.14.18 ,
4.14.19 ,
4.14.20 ,
4.14.21 ,
4.14.22 ,
4.14.23 ,
4.14.24 ,
4.14.25 ,
4.14.27 ,
4.14.4 ,
4.14.5 ,
4.14.6 ,
4.14.7 ,
4.14.8 ,
4.14.9 Upgrades to:
Loading changelog, this may take a while ...
Changes from 4.14.0
Created: 2024-06-20 08:24:05 +0000 UTC
Image Digest: sha256:e4424eeec8a386241a5348d556bdd6dd82ea68f4f19f30f71d18963fb5924e9e
Release 4.14.31 was created from registry.ci.openshift.org/ocp/release:4.14.0-0.nightly-2024-06-19-070718
Components
Rebuilt images without code change
OCPBUGS-34641 : Invalid Pull-Secret when using password which contains a colon character (#6416) #6416
OCPBUGS-31631 : Deploy dual stack with IPv6 on top of bond/vlan fails (#6322) #6322
MGMT-17594 : Bump x/net to v0.24.0 to mitigate CVE-2023-45288 (#6216) #6216
MGMT-17549 : Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#6203) #6203
MGMT-17541 : Replace broken golangci reference (#6197) #6197
NO-ISSUE: replace postgres images as current one disappeared from quay (#6134) #6134
MGMT-16950 : changing dnsmasq configuration for sno in order to meet single ip installation flow for ibu (#5973) #5973
MGMT-16494 : Move ip hint file creation to ignition in order to change it in IBI process (#5974) #5974
MGMT-16517 : Add Env Var Deployment Type & Set ABI (#5987) #5987
MGMT-15796 : set CloudControllerManager to External for OCI (#5877) #5877
OCPBUGS-23069 : Ignore hostPrefix validation for plugins other than OVN/SDN (#5676) #5676
Full changelog
OCPBUGS-33930 : add a controller that reconciles SCCs’ volumes #1681
OCPBUGS-31506 : Add sno section to alert description #1658
OCPBUGS-31316 : add provider name to cluster_infrastructure_provider when external platform #1657
OCPBUGS-29722 : webhookcontroller: report when a webhook resource is missing a caBundle provided by the service-ca-operator #1650
OCPBUGS-29722 : webhookcontroller: report when a webhook resource is missing a caBundle provided by the service-ca-operator #1646
OCPBUGS-25384 : psa cluster fleet evaluation #1600
: OCPBUGS-24022: Add workload partitioning annotation #1590
: OCPBUGS-20898: bump library-go to include switch to HTTP/1.1 #1569
OCPBUGS-22718 : [release-4.14] OCPBUGS-20331: manifests: rename API performance dashboard #1570
Full changelog
Add a ‘.snyk’ to silence static code analysis warnings (#1002) #1002
OCPBUGS-30153 : fix rendering extra ctrcfgs (#978) #978
fix extra-reboot on upgrade with paused mcp worker (#1053) #1053
OCPBUGS-31694 : E2E: Workload hints test cases fixes (#1012) (#1052) #1012
Systemd processes not being moved to cpuset/systemd.slice fix (#1040) #1040
Reduce number of reboots in offline tests (#1035) #1035
OCPBUGS-30507 : Add performance real time tuned template (#984) (#1025) #984
Report duplicate priority only for multiple matching profiles (#1018) #1018
Scheduler plugin: ignore IRQs (#1023) #1023
irqbalance: set banned cpus list to 0 (#994) #994
OCPBUGS-18640 : [release-4.14][manual] backport performance profile owner reference ehnancements (#989) #989
rps: fail silently when rps application failed (#901) #901
OCPBUGS-25982 : E2E: Add tests for Dynamic ovs pinning (#904) (#913) #904
OCPBUGS-26003 : E2E: PPC Test cases (#905) #905
Make MC names deterministic (#903) #903
OCPBUGS-25671 : rps: fix mask update for SR-IOV devices (#891) #891
OCPBUGS-18640 : Fix Racing Machine Configs and add Day 0 Support (#854) (#871) #854
OCPBUGS-24638 : Do not set default RPS sysctl twice (#880) #880
OCPBUGS-21845 : rps: trigger udev event per queue #832 (#832) #832
OCPBUGS-21845 : e2e:rps: improve logging (#831) #831
render: change dir path (#826) #826
Disable HTTP/2 for webhook and metrics servers (#841) #841
Remove obsolete protocols and weak ciphers (#835) #835
Full changelog
OCPBUGS-21217 : CVE-2023-39325 ose-cluster-samples-operator-container:golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) #539
OCPBUGS-22257 : Sync library to remove invalid dockerhub references for OKD #520
Full changelog
manage-security-groups: Only add SGs to LB members (#2455) #2455
Fix protocol case mismatch (tcp vs TCP) (#2320) #2320
Get IP addresses of neutron subports (#2306) #2306
Make manage-security-groups work with OVN (#2291) #2291
Delete sgs on reconfiguration (#2305) #2305
Optimize applyNodeSecurityGroupIDForLB()
(#2293) #2293
Remove unused manila code (#2299) #2299
Use instanceIDFromProviderID()
function (#2302) #2302
Remove filtering by device_owner. (#2304) #2304
Allocate array capacity in advance (#2297) #2297
Corrected the grammar (#2301) #2301
Delete unused SG rules with manage-security-groups (#2287) #2287
Improved the grammar in sidecarcompatibility.md (#2292) #2292
Added comments and arranged the variable names (#2290) #2290
occm cinder-csi securityContext (#2286) #2286
fixed Grammatical mistakes in barbican-kms-plugin (#2289) #2289
efactors and enhances the codebase of the cinder csi plugin (#2288) #2288
Wait for LB to be ACTIVE on HM update (#2280) #2280
(barbican-kms-plugin)Refactor and enhance Barbican KMS plugin codebase. (#2278) #2278
Fixed the typo in the load balancing section in the README (#2232) #2232
Fix image tag in manila csi e2e test (#2244) #2244
enable secret injection and common annotations (#2264) #2264
Update to gophercloud 1.4.0 (#2265) #2265
Replace call to Nova os-interfaces with direct Neutron call (#2250) #2250
add secret enabled option (#2239) #2239
Fix CSI spec versions (#2254) #2254
LoadBalancers: Remove dead SG code (#2248) #2248
Make ensureSecurityRule()
safely idempotent (#2249) #2249
shrink image, remove unnecessary utils (#2233) (#2238) #2233
Doc: update statement about neutron lbaas removeal (#2236) #2236
add environment variable for timeout (#2235) #2235
Increase timeout for LB to get to ACTIVE state (#2223) #2223
Ignore proxies when calling Nova Metadata (#2218) #2218
add priorityClassName to openstack-cloud-controller-manager helm chart (#2210) #2210
Do not default Octavia provider to “octavia” (#2208) #2208
retry ubuntu image download on temp error (#2507) #2507
update k8s.io/kubernetes to v1.27.8 in go.mod (#2497) #2497
fix: octavia tlsContainerRef validation for barbican secrets (#2460) #2460
Use standard service account name in OCCM helm chart (#2448) #2448
1.27.3 release (#2427) #2427
Make sure we don’t mask LB tests failures and fix what was failing (#2360) (#2367) #2360
Full changelog
OCPBUGS-35183 : add AWS STS URL to OIDC provider audiences #4179
NO-JIRA: hack: make the e2e script generic #4201
chore(deps): update konflux references to 2be7c9c (release-4.14) #4225
NO-JIRA: Update Konflux references to 1025001 (release-4.14) #4181
NO-JIRA: chore(deps): update konflux references (release-4.14) #4168
OCPBUGS-34856 : [release-4.14] OCPBUGS-34855: Add new permission required in CAPA #4149
NO-JIRA: test/e2e: fix prometheus serviceaccount handling against 4.16+ #4159
NO-JIRA: chore(deps): update rhtap references (release-4.14) #4112
NO-JIRA: chore(deps): update rhtap references to 9aec3ae (release-4.14) #4073
NO-JIRA: Remove CLI inspection of release image #4061
OCPBUGS-33713 : Reconcile over ICSP/IDMS #4059
NO-JIRA: chore(deps): update rhtap references to 7cd8020 (release-4.14) #4065
OCPBUGS-33844 : Fix disconnected metadata inspection #4049
OCPBUGS-33843 : Recycler-pod image now points to the OCP Payload reference #4048
NO-JIRA: chore(deps): update rhtap references (release-4.14) #4040
HOSTEDCP-1480 : Update TLS cert hash creation with sha512 #4025
NO-JIRA: Update RHTAP references (release-4.14) #3995
HOSTEDCP-1552 : Update RHTAP tekton files for 0.3 -> 0.4 migration #3958
OCPBUGS-33105 : [release-4.14] remove PrivateIngressController cleanup #3960
OCPBUGS-32471 : Fix ICSP and IDMS inclusion as registriesOverrides #3912
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3920
OCPBUGS-32221 : Added support for OLM Disable default sources on HC creation #3882
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3903
NO-JIRA: [4.14] [e2e test framework] Add a flag to add an annotation to Hosted Cluster #3905
HOSTEDCP-1526 : [release-4.14] Support additional node selectors for request serving nodes #3898
chore(deps): update rhtap references (release-4.14) #3888
NO-JIRA: Update RHTAP references (release-4.14) #3874
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3869
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3858
NO-JIRA: Update RHTAP references (release-4.14) #3836
OCPBUGS-31657 : disable http2 for ignition server and proxy #3831
OCPBUGS-31605 : inject built-in MCP selector for KubeletConfigs and ContainerRuntimeConfigs #3826
HOSTEDCP-1322 : NodeUpgradeType defaulted by provider #3822
NO-JIRA: Update RHTAP references (release-4.14) #3813
OCPBUGS-31417 : honor HC image configuration #3806
OCPBUGS-23914 : Added OLMCatalogPlacement option to the CLI #3229
OCPBUGS-30211 : set Konnectivity cipher suites #3679
chore(deps): update rhtap references (release-4.14) #3792
OCPBUGS-31048 : [4.15] HCP deletion can get stuck if CPO is unable to delete the default worker security group #3771
HOSTEDCP-1488 : Use regionalized STS endpoints in AWS #3756
NO-JIRA: Update RHTAP references (release-4.14) #3755
chore(deps): update rhtap references (release-4.14) #3739
OCPBUGS-30596 : Bump golang.org/x/net to version v0.17.0 #3711
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3706
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3676
NO-JIRA: Update RHTAP references (release-4.14) #3672
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3651
OCPBUGS-29782 : use 2040 for apiserver svc in IBM provider #3594
”[release-4.14] OCPBUGS-29259: Fix default release image lookup” #3550
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3620
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3625
OCPBUGS-29094 : Make ControllerAvailabilityPolicy immutable #3534
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3604
NO-JIRA: Update RHTAP references (release-4.14) #3591
NO-JIRA: Update RHTAP references (release-4.14) #3519
NO-JIRA: Approvers update #3580
MULTIARCH-4084 : Reduce the policy access scope to specific instance #3530
OCPBUGS-29206 : Add GC knobs for KAS #3543
OCPBUGS-29187 : node spread anti-affinity for HA HCP #3541
OCPBUGS-19956 , OCPBUGS-28984 , OCPBUGS-28985 , OCPBUGS-28986 , OCPBUGS-29000 : Support Disconnected HCP #3520
OCPBUGS-29030 : Add ValidatingAdmissionPolicy to KAS config #3524
HOSTEDCP-1272 : Added CLI support to create DualStack clusters using default values #3514
OCPBUGS-28238 : consider HCP upgradeable if CVO has no upgradable condition #3468
OCPBUGS-26526 : Documented to disable UWM telemetry writer in disconnected envs #3389
OCPBUGS-26526 : Disable UWM Telemetry writer when telemeter-client cm not exists #3388
OCPBUGS-27072 : Apply Scheduling Configuration for kCCM #3418
NO-JIRA: Update RHTAP references (release-4.14) #3509
OCPBUGS-20180 , OCPBUGS-20547 : Added network validations #3096
OCPBUGS-23997 : add watch for HCP pullsecret to HCCO #3265
OCPBUGS-28249 : Required RBAC for network-node-identity is not created when hosted cluster networkType is set to Other. #3485
NO-JIRA: Update RHTAP references (release-4.14) #3447
OCPBUGS-24315 : Add prestop to konnectiviy server #3268
OCPBUGS-24307 : Set shutdown-delay-duration to 15s #3264
OCPBUGS-21795 : change trusted bundle volume mount for CPO #3102
OCPBUGS-25217 : Konnectivity agent update strategy #3308
OCPBUGS-26574 : Set new condition on SG deletion. #3398
Update RHTAP references (release-4.14) #3402
Update RHTAP references (release-4.14) #3383
OCPBUGS-22360 : Validate accessTokenInactivityTimeout >= 300s #3175
OCPBUGS-23936 : Use correct kubeconfig in CCM and remove CCMs access t… #3232
OCPBUGS-12720 : Updating hypershift images to be consistent with ART #2467
OCPBUGS-24627 : unset ServiceAccount on ignition-server-proxy #3295
[Release 4.14] OCPBUGS-24556: Fix a bug on deletion of a hostedcluster #3290
OCPBUGS-24269 : add CLI oauthclient #3272
OCPBUGS-23569 : Added IPFamilyPolicy to services exposed at the HCP in DualStack mode #3224
HOSTEDCP-1318 : external OIDC enablement #3261
OCPBUGS-23747 : Added brackets to IPv6 KAS address on kubeconfig #3228
OCPBUGS-24063 : fix(cpo): Set restart annotation on network-node-identity #3248
release-4.14, HOSTEDCP-1315: Improve NodePool CPU arch & platform check #3236
OCPBUGS-22676 : Make the OLMCatalogPlacement field immutable #3143
OCPBUGS-23558 : Let router use svc ips 4.14 #3221
OCPBUGS-19678 : Remove cluster name validation from HCC #3040
”[release-4.14] CNV-35326: unsupported escape hatch mechanism custom HS/KV vms” #3202
OCPBUGS-23027 : Configure HSTS for kube-apiserver #3169
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3085
OCPBUGS-23142 : adding permission to CNO RBAC Calico path for network-node-identity deploy #3182
OCPBUGS-22295 : Added brackets to the kubeconfig server address when IPv6 #3117
OCPBUGS-22690 : Use the same etcd snapshot for all replicas during etcd restore #3146
OCPBUGS-22959 : Update regex validation for nodepool.spec.taints.value #3165
HOSTEDCP-1280 : Adjustment cluster-cidr,service-cidr to support dualstack #3162
OCPBUGS-22898 : Stop exposing kas on 6443 private route service load balancer #3159
OCPBUGS-22898 : Stop defaulting aws private haproxy external port to 6443 #3160
OCPBUGS-19897 : Add konnectivity-proxy container to CNO #3058
OCPBUGS-22379 : Cluster-policy-controller: add missing RBAC for privileged namespaces PSA syncer controller #3131
OCPBUGS-20526 : Align PSA labels on guest cluster namespaces with standalone OCP #3111
Full changelog
“OCPBUGS-29792: [release-4.14] Address CVE-2024-1725: Restrict access to infrastructure PVCs by requiring matching infraClusterLabels on tenant PVCs” #34
Full changelog
Added METRIC_TEST_IMAGE var (#88) #88
Update the k8s dependencies to 1.27.7 (#82) #82
Full changelog
Bump version to include v5.11.0 of go-git (#822) #822
Fix to ensure operator not found error exits with correct status (#797) #797
OCPBUGS-28871 : Capability to override default channel (#749) (#790) #749
OCPBUGS-19429 : Fix cross EUS channel upgrade path calculation (#769) #769
OCPBUGS-23327 : Fix MirrorToDisk of oci catalogs in hidden folders (#766) #766
skipping prune failure if manifest not found (#735) #735
OCPBUGS-21472 : fix: CVE-2023-39325 (#711) #711
Full changelog
Source code for this page located on github