Back to index

Download the installer for your operating system or run

oc adm release extract --tools quay.io/openshift-release-dev/ocp-release:4.15.33-x86_64

Team Approvals:

Tests:

• Blocking jobs
  • upgrade Succeeded release-openshift-origin-installer-e2e-aws-upgrade
  • upgrade-minor Succeeded release-openshift-origin-installer-e2e-aws-upgrade
• Informing jobs
  • aws-ovn-serial Succeeded periodic-ci-openshift-release-master-nightly-4.15-e2e-aws-ovn-serial
  • aws-ovn-upgrade-micro Succeeded periodic-ci-openshift-release-master-ci-4.15-e2e-aws-ovn-upgrade
  • aws-sdn-upgrade-4.15-micro Succeeded periodic-ci-openshift-release-master-nightly-4.15-e2e-aws-sdn-upgrade
  • azure-ovn-upgrade-4.15-micro Succeeded periodic-ci-openshift-release-master-ci-4.15-e2e-azure-ovn-upgrade
  • fips-scan Succeeded periodic-ci-openshift-release-master-nightly-4.15-fips-payload-scan
  • gcp-ovn-rt-upgrade-4.15-minor Succeeded (1 retries) periodic-ci-openshift-release-master-ci-4.15-upgrade-from-stable-4.14-e2e-gcp-ovn-rt-upgrade
  • hypershift-ovn-conformance-4.15 Succeeded (1 retries) periodic-ci-openshift-hypershift-release-4.15-periodics-e2e-aws-ovn-conformance
  • metal-ipi-ovn-dualstack Succeeded periodic-ci-openshift-release-master-nightly-4.15-e2e-metal-ipi-ovn-dualstack
  • metal-ipi-ovn-ipv6 Succeeded periodic-ci-openshift-release-master-nightly-4.15-e2e-metal-ipi-ovn-ipv6
  • metal-ipi-sdn-bm Succeeded periodic-ci-openshift-release-master-nightly-4.15-e2e-metal-ipi-sdn-bm

Upgrades from:

Upgrades to:

• 4.15.38 (changes) - Failed

---

Loading changelog, this may take a while ...

Changes from 4.15.0

Created: 2024-09-16 17:17:52 +0000 UTC

Image Digest: sha256:f5bbc3d132a60943b52b4d4c2a34da7f631d5989b27525017c61a45bee61bed2

Components

• Kubernetes upgraded from 1.28.6 to 1.28.13
• Red Hat Enterprise Linux CoreOS upgraded from 415.92.202402201450-0 to 415.92.202409101905-0 (diff)

Rebuilt images without code change

• agent-installer-utils git 33b7d855 sha256:b6fb47d5c1aadfa97fff3df40df4fda3e9eae109ab8b479bbfffecddf1813430
• alibaba-cloud-controller-manager git abf4fa96 sha256:694ff9be5d7494e413eb704f89dcb706917a139b9634a984a1178d2b1cba26ec
• alibaba-cloud-csi-driver git be4888d3 sha256:76dfc275450c764b28245a91372765a517480a2831e3e8be566038250976f18b
• alibaba-disk-csi-driver-operator git 41b367ae sha256:dad271d3724af0bfc58968360528665f4bfc22c939694845c64a0d20206eb50d
• alibaba-machine-controllers git d3ba04c3 sha256:dd22fdea809845e85737cd75c027babbb99c2fc22b51e56f0e90e34e2f565483
• aws-machine-controllers git 0129b1e3 sha256:0486808d2885deed45cb67c789e98f71d40b4173f56c45f7165c588b41343e0d
• azure-disk-csi-driver git dcb7e1c7 sha256:d77f605ac8fa89dd6d9d09a8a8d28bc08216160f356f4c0178658d33c0bdc2c1
• azure-disk-csi-driver-operator git 160cf624 sha256:9642ffd8e8d1454d389327719c3458233a463c298b31d4afb3cc51d59688b1de
• cluster-bootstrap git 0849c462 sha256:6ede0d458d08a31ddffaa54b76233c7dd8aa665ebcd29cd560dac0f19a94da95
• cluster-kube-cluster-api-operator git 128d8e08 sha256:8fff84574dc571b77dcc5d1bcd573492a2482e14e84e32d164ce00def07e3a13
• cluster-machine-approver git 3a6b6ae6 sha256:beb5fe34fed4be46980d5fe3179746678d7d2264b535530e583ef558e760df54
• cluster-olm-operator git a7ba8987 sha256:0dc45026c9b5022c462140cacd062f54af483e5121b3c628be08f699ecef1be3
• cluster-platform-operators-manager git 37a0a919 sha256:14c2fd3282d7e0f0abdf02662bcff4a196c5befa8d1c61f2788dbda7b767a6f8
• cluster-policy-controller git cc48f315 sha256:3e06f7db34d8aace94dd9c3fa5a49b2c00b44518b4b228b7075ee7ca9a09b787
• cluster-update-keys git be6ba5b0 sha256:97963fd4588f7b94b5771295e7ed005d6344e964e6317a1b8cfde16a7bec4ee7
• configmap-reloader git 617398f5 sha256:2ca4a7a575cb6eaec20eb59e7a5ec8d20015137eabfb0bb8379884ef5d408cee
• csi-driver-nfs git d032dc10 sha256:cf4d33694f6601b268f2951107469e0a0ab683f1a532cced6b10254ac942c8f6
• csi-driver-shared-resource git 260a085a sha256:d1a6184db6072b61088b37ddd97c82dca2cce20c5fca12ea94f290e569463c67
• csi-driver-shared-resource-operator git 8d017b7f sha256:8af887897e219f822f6d7fb726c25513ed70141f932d70f00c2fb4602566d8e9
• csi-driver-shared-resource-webhook git 260a085a sha256:3ce4214bedab22cba44c11585971e0e41b8f6c05b50aaf095d3a2f58d7085bf5
• csi-external-attacher git f806f266 sha256:a58bf8ca517b83da93cc35ba5cf68ccddab209c79b4d4900a1fd9e217b442768
• csi-external-provisioner git ce5a1a33 sha256:907e689f140912466b2229d24101775a0cd64665f3fed08649d1d2c20605db9c
• csi-external-resizer git 3b4236d3 sha256:6b0037a0525fb5dba7b536f845dd6e0c3a513c263f54fea33686bdbc2b19b4a1
• csi-livenessprobe git 240bb8c0 sha256:7da1b3798ddcea9b1381a2111ae121c0672be83a340bf6d99e1f635d21914b8f
• csi-node-driver-registrar git 9005584e sha256:e1b4c9b89214e338005ea667a3e50aa98577405f4e3264b173d6275c8160f0ec
• driver-toolkit git 7a448c2e sha256:69a2d259c4e9b5565a9838910c2be5e6192f81f674bc88aec9cf139a27bc7bcd
• gcp-machine-controllers git b15daaf5 sha256:2e325a6470c0119962e3517fbf5a851a242ef6b985d59dbc43c22e472ce2f0de
• gcp-pd-csi-driver git 856ee3e2 sha256:ddde858fce35d6d95792042f96ade4fc748ff470c582c2b1b487396036c8d3af
• gcp-pd-csi-driver-operator git 3b91ee31 sha256:738f4ab2186ca8c03efecfc9ff1e5da3b02bcf8dcd028464ac97fdde19674985
• ibmcloud-cluster-api-controllers git 34fb6252 sha256:3a76ce14679202fc000cdf893f4f39606bbb574188f5da74717bade29be38994
• ibmcloud-machine-controllers git 6b0b8ea7 sha256:fdb318dd7d2f75421ec8f70ebb4cb005f44cb9bc00166a2158a631276637aba4
• ironic-machine-os-downloader git bcbcd95b sha256:4e1f66e5d4cb41561ce14c6cae2f49d737a1f23790607846e386b9f8ec40d7cb
• ironic-static-ip-manager git 47200021 sha256:46f682de6afeee2f2526d986aacf3cf0a11e636bbd56ea61b3a319cf8e1435c4
• kube-metrics-server git bcbf241c sha256:aa6f9daef7994f22493b9faa3ee8d4c0de40addddac1cb836db471a4ad25c5c2
• kube-proxy git 71a6f28d sha256:f5323fb4536c8b30459aad79febcb2f221b4da26ffda2341dad9a08ea5eceb5e
• kube-rbac-proxy git e8e8c84b sha256:e27b70b2882f3f59e1ba1d10a406bc015a5fbc7077c3964801213a93d55eccc3
• kube-state-metrics git 037b59c2 sha256:1440822c25b8bb2c3669366482a3934ea0dde52f207fa5675a3c905ee5c4091e
• kube-storage-version-migrator git e8749689 sha256:1e3f7f770cced7c84544e6e9bcb493a13be7b845e731abb7149c08cd82b8bfdb
• libvirt-machine-controllers git 1e096cdf sha256:528392c2cff53b7f4b3fb4afd763824bf4fd7ca5b9190703ad6a775c96a82844
• machine-image-customization-controller git 97d87657 sha256:7d91740746700a8fe27b21091c9b6330865a20ed33b2f38344ca673b2b6cd295
• machine-os-content sha256:fbc2bf5f3d3e08146b86253df636876f7e8f181ea41557560bfa2b5ed3cf93a9
• machine-os-images git 9e9c920f sha256:4663018aa85bda95594a17e36336b003c8aa3f83cc559b33c22cd3e69292aceb
• multus-admission-controller git 23a7cfe4 sha256:7d4439f40383f073ab41f8a79114b2362857eee4d8fff41e4f1c3165ea33c9c6
• must-gather git 47335065 sha256:3a12c1b21f866eb639791fab50cafd8e58168c0bee1f91e3d4de80cae884dcad
• network-interface-bond-cni git f91decaa sha256:40472c341a2eb192dcd002e75d1411428c1c9b4f99fee7cdc23177853c62540c
• nutanix-cloud-controller-manager git 33fb22c1 sha256:510aa9c544d2bd92aa6ae86b09dd03541f9a3004efb47e219a791e68bf9921d7
• oauth-proxy git 241a88c4 sha256:ed13267e657ff52fa11ad4577ec903f8d2e3b8034762697949cabf49d4061fcb
• openshift-state-metrics git 1915f645 sha256:d377c0052bb6358e26b9a1303038b65adc8ca1854080646ecc9aa033da546c6a
• ovirt-csi-driver git b8d25ad6 sha256:4ca5325c3051a7be079509442d787a66e4534e0eee3d4ffada1af0331351ac07
• ovirt-csi-driver-operator git e9b0fa23 sha256:85b0bfdadfcb315cae783045138241013a60738c4fcf7672b84caa888e81c481
• ovirt-machine-controllers git 5d708631 sha256:31f7e9e482a07fa5e33aad0c7b59604b74ad7a6584e29a9c66a8f5044acb32f3
• powervs-block-csi-driver-operator git a3729dcb sha256:3bc936fa621f161ccda34a9d0aa52799c47b4a8a3d838dc062b3fd6cdebf94ab
• powervs-cloud-controller-manager git 521b80df sha256:707d783ee10409e3c78f86f8b2fdaf14d1a33dbfaecbfb9a6b8479cd10f985c9
• powervs-machine-controllers git 07e8f8b8 sha256:659d76564cf72433a25f8255074454cc0883c63f8ff398e9b7a2b712aeac00f6
• prom-label-proxy git f3f1f5d1 sha256:74880fcff2862a4e1f0f76dcf2e306f5af5ebbf8ce422c3e9878bbf9d2c14d5f
• prometheus git 6828e446 sha256:3d4608aa4b7be0fe2e7118a60c4e2c4ebbde32e7c8a30827f490334709a5e10b
• prometheus-alertmanager git 870ade52 sha256:a15a6d7f676671fdc11d314152a09db50de05caddb87312a973507d13fe22d82
• prometheus-node-exporter git aed837c3 sha256:351107d24c118e1544a6e5377f827a821e178e0a996f1685294550d5b802492d
• rhel-coreos sha256:57e7e2bfc9680ed0b90b966975e8960142ef5c90f07ed7b3e961ca178ded90b8
• rhel-coreos-extensions sha256:1a74fa8881ee04bfd8aa09e15e2712fb91a3d7f13a63e2618a77b2ebf7f9bba5
• route-controller-manager git c5cc7a73 sha256:007fe6387e97af94489caf66eceac88d5a0267d81c243144b0803cf53458cadf
• sdn git 71a6f28d sha256:df2a3ba225a50ccd97ac849e98fd703b4b9e571442a840f81a16de421018a5f1
• thanos git 66161ad4 sha256:c770abb4cba9f0525882b458d18ba9f3a788f8ac80552a7eaf62f952f785f092
• vsphere-csi-driver-operator git e0d46570 sha256:8836d54e149f172a08312911ce328b0c684b9f7ca6eb53173956e635130e8ef5

agent-installer-api-server

• OCPBUGS-34641: Invalid Pull-Secret when using password which contains a colon character (#6381) #6381
• OCPBUGS-31631: Deploy dual stack with IPv6 on top of bond/vlan fails (#6245) #6245
• MGMT-17593: Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#6217) #6217
• 17549: Bump runc version to 1.1.12 to Mitigate CVE-2024-21626 (#6211) #6211
• Revert “MGMT-17549: Bump runc version to 1.1.12 to Mitigate CVE-2024-21626 (#6194)” (#6208) #6194
• MGMT-17549: Bump runc version to 1.1.12 to Mitigate CVE-2024-21626 (#6194) #6194
• MGMT-17541: Replace broken golangci reference (#6191) #6191
• OCPBUGS-30232: Handle skipping hostPrefix validation for IPv6 For non-OVN/SDN networkTypes, the hostPrefix validation is not required and it is skipped. This fixes a regression introduced in the fix for https://issues.redhat.com/browse/OCPBUGS-23069 in which IPv6 CIDRs were not using the correct default hostPrefix. In addition, all cases where the validation is used are now covered. (#6137) #6137
• NO-ISSUE: replace postgres images as current one disappeared from quay (#6135) #6135
• MGMT-16517: Add Env Var Deployment Type & Set ABI (#6016) #6016
• MGMT-16980: Change the default value of ENABLE_SKIP_MCO_REBOOT to false (#6005) #6005
• Full changelog

agent-installer-csr-approver, agent-installer-orchestrator

• OCPBUGS-35894: Fix race to mark node Joined (#859) #859
• MGMT-16843: Use hostnamectl to replace illegal hostname (#851) #851
• MGMT-17593: Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#833) #833
• MGMT-17549: Bump runc version to 1.1.12 to Mitigate CVE-2024-21626 (#827) #827
• MGMT-17541: Replace broken golangci reference (#824) #824
• MGMT-16843: Ensure valid hostname during install (#791) #791
• Full changelog

agent-installer-node-agent

• OCPBUGS-33404: Make removable disks eligible (#718) #718
• MGMT-17593: Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#704) #704
• MGMT-17549: Bump runc version to 1.1.12 to Mitigate CVE-2024-21626 (#699) #699
• MGMT-17541: Replace broken golangci reference (#695) #695
• Full changelog

apiserver-network-proxy

• Update golang Docker tag to v1.23.1 #58
• OCPBUGS-31953: Bump golang.org/x/net to v0.23.0 #51
• Full changelog

aws-cloud-controller-manager

• OCPBUGS-38577: Ensure that addresses are added in network device index order #92
• OCPBUGS-31954: update for CVE-2023-45288 [release-4.15] #81
• OCPBUGS-29079: Updates build-rpm.sh to set release to build time #76
• OCPBUGS-29079: spec: add Provides: ose-aws-ecr-image-credential-provider #77
• Full changelog

aws-cluster-api-controllers

• OCPBUGS-30117: manifests: Add in CustomNoUpgrade #511
• OCPBUGS-32114: UPSTREAM: <carry>: Fix instance PrivateDNSName when domain-name is set in dhcpOpts #508
• OCPBUGS-31036: UPSTREAM: 4670:Update awsmachine providerID and instanceID immediately after ec2:RunInstances is called #501
• OCPBUGS-30595: fix e2e tests on release branches #504
• Full changelog

aws-ebs-csi-driver

• OCPBUGS-33043: UPSTREAM: 1919: Add reserved-volume-attachments #263
• Full changelog

aws-ebs-csi-driver-operator

• OCPBUGS-33043: Explicitly reserve 1 attachment for the root disk #222
• OCPBUGS-30621: remove legacy directory and duplicate Dockerfile.*.test files #201
• OCPBUGS-30621: move test manifest to top-level directory #195
• Full changelog

aws-pod-identity-webhook

• OCPBUGS-32886: Upgrade go-jose module to 2.6.3 #188
• Full changelog

azure-cloud-controller-manager, azure-cloud-node-manager

• OCPBUGS-33127: Improvements to client timeouts to prevent hangs #118
• OCPBUGS-33092: Bump otelgrpc #117
• OCPBUGS-30970: Update acr-credential-provider.spec #115
• OCPBUGS-30970: Adds acr-credential-provider spec file and build script #114
• Full changelog

azure-cluster-api-controllers

• OCPBUGS-36024: Update go-retryablehttp to v0.7.7 #311
• OCPBUGS-29502: Bump helm to v3.14.4 #303
• Full changelog

azure-file-csi-driver

• OCPBUGS-39444: bump mount-utils to treat ENODEV error as corrupted mount #78
• OCPBUGS-33038: Rebase v1.29.5 for OCP 4.15 #65
• Full changelog

azure-file-csi-driver-operator

• OCPBUGS-33038: add token audience for Azure File #103
• Full changelog

azure-machine-controllers

• CFE-1050: Added support of capacity reservation group #110
• OCPBUGS-30215: Remove startupScript vmextension lookup #103
• OCPBUGS-25510: bump x/crypto #100
• Full changelog

azure-workload-identity-webhook

• OCPBUGS-32895: Upgrade go-jose module to 2.6.3 #17
• Full changelog

baremetal-installer, installer, installer-altinfra, installer-artifacts

• OCPBUGS-38198: Remove timed context for gcp client #8824
• OCPBUGS-29591: vsphere-fix convert if only provided name #8034
• OCPBUGS-32179: Fix task for attaching IPv6 subnet to router. #8262
• OCPBUGS-34721: fix usage of host and user CA bundle in the agent ignition #8512
• OCPBUGS-36090: [release-4.15]: bump go-retryablehttp for CVE fix #8655
• OCPBUGS-37064: Changed vsphere CPMS to not include fields controlled by failure domains. #8735
• OCPBUGS-37182: ic: fix typo in warning message #8770
• OCPBUGS-37067: update RHCOS 4.15 bootimage metadata to 415.92.202407091355-0 #8746
• OCPBUGS-33354, OCPBUGS-33402: Use assisted-image-service for ignition editing #8635
• : OCPBUGS-36400: PowerVS: add ibmcloud plugins #8687
• OCPBUGS-36225: Make vSphere default ResourcePool formatting not contain double slash. #8664
• OCPBUGS-35131, OCPBUGS-35141, OCPBUGS-35144: [CVE-2023-48795] Bump golang.org/x/crypto to v0.21.0 #8646
• OCPBUGS-35359: GCP: Prevent cluster installation with mismatched worker assets and worker replicas #8581
• OCPBUGS-35502: [release-4.15] azure: bump profile used for network #8607
• OCPBUGS-35586: [release-4.15] bump github.com/containers/image for CVE fix #8621
• OCPBUGS-31387: If host is offline or disconnected don’t check ver #8208
• OCPBUGS-35355: baremetal: Don’t always enable provisioning-interface.service #8580
• OCPBUGS-35032: [release-4.15] aws: terraform: add spot instance support for masters #8540
• OCPBUGS-35059: images: change libvirt-installer base #8550
• OCPBUGS-33672: add quota support to ca-west-1 #8412
• OCPBUGS-33454: go.mod: bump aws-sdk-go for ca-west-1 support #8381
• OCPBUGS-33205: Gcp bootstraping release 4.15 #8339
• OCPBUGS-33542: images: do not force terraform-providers to be statically linked #8392
• OCPBUGS-29929: GCP Destroy cleanup correct zones/records #8062
• OCPBUGS-32383: sdk/aws: add ssh security group rule for compute #8282
• OCPBUGS-32690: AWS: bump CCO for permission fix #8302
• OCPBUGS-32264: always save serial logs if they were gathered #8274
• OCPBUGS-30944: Don’t run libvirt validations in agent installer #8167
• NO-ISSUE: test fix to support slightly different nmstate error messages #8285
• OCPBUGS-32259: escape ‘%’ in proxy settings #8272
• OCPBUGS-32355: Updated libvirt installer to include multi-arch yq and symlink for backwards compatibility #8277
• OCPBUGS-31335: openstack: Honour worker server group policy #8202
• : OCPBUGS-31590: GCP: Skip populating Private/Public Zones within DNS manifest #8220
• OCPBUGS-30922: coreos-installer iso kargs show broken on Agent ISO #8163
• OCPBUGS-30822: Validate control plane replicas #8143
• OCPBUGS-31274: IBMCloud: Restrict CIS and DNS Service lookup #8197
• OCPBUGS-30605: upi: aws: fix typo in worker templates #8125
• Bug OCPBUGS-31284: OpenStack: enable 30000:32767 nodePort IPv6 traffic #8199
• OCPBUGS-31087: Fix vsi image missing #8186
• OCPBUGS-30098: feat: add check for SNO bootstrap condition #8089
• OCPBUGS-30601: update RHCOS 4.15 bootimage metadata to 415.92.202402201450-0 #8122
• OCPBUGS-30854: Power VS: Fix wait_for_workspace #8159
• OCPBUGS-29964: fix Azure API SKU calls timing out #8086
• OCPBUGS-30792: Enable deploy by Service ID on PowerVS #8138
• OCPBUGS-30577: Authn with platform-services-go-sdk for PowerVS #8118
• OCPBUGS-30148: fix “OpenShiftSDN deprecated” error message #8094
• OCPBUGS-30011: PowerVS: remove IBM-Cloud/bluemix-go/api/account/accountv2 in 4.15 #8076
• OCPBUGS-29768: Power VS: Add sleep to allow workspace to configure PER #8052
• Bug OCPBUGS-29726: OpenStack: Fix dualstack with external load-balancer #8050
• OCPBUGS-29495: gcp: better error msg when service accnt missing #8024
• Bug OCPBUGS-29458: OpenStack: fix controlPlanePort validation #8019
• OCPBUGS-29236: Fixed control plane machine set handling of static IPs when AddressesFromPools is not in use. #7996
• OCPBUGS-28841: PowerVS: Add dal12 region #7977
• OCPBUGS-29955: PowerVS: Add debugging to ServiceInstanceNameToGUID #8065
• Full changelog

baremetal-machine-controllers

• OCPBUGS-30876: Bump golang-protobuf version #214
• Full changelog

baremetal-operator

• OCPBUGS-38939: [OCP] Ability to disable agent power off after deployment #373
• OCPBUGS-34682: PreprovisioningImage should not be created on poweroff #358
• Full changelog

baremetal-runtimecfg

• OCPBUGS-37704: Change mechanism of debug flag #325
• OCPBUGS-36278: Fix handling of ELB Node IP detection #322
• OCPBUGS-35543: Add support for OVN HostCidrs annotation #319
• OCPBUGS-32024: Decrease log level when detecting node IP #304
• OCPBUGS-29338: Ignore egress IP when selecting Node IP #299
• Full changelog

cli, cli-artifacts, deployer, tools

• OCPBUGS-39426: Ignore pruning when deployment points to replicationcontroller #1865
• OCPBUGS-36329: Set required-scc annotation to privileged for node debug pods #1818
• OCPBUGS-35201: Bump joelanford/ignore to bump go-git to 5.11.0 #1798
• OCPBUGS-32840: Bump go-jose indirect reference to 2.6.3 #1749
• OCPBUGS-31879: Add OIDC specific certificate authority bundle flag #1730
• OCPBUGS-31726: Remove some of newapp unit tests relying on external deprecated images #1726
• OCPBUGS-30286: oc adm catalog mirror: use ToSlash and FromSlash to unify the path separators #1698
• OCPBUGS-30270: Introduce –issuer-url flag in oc login #1696
• Full changelog

cloud-credential-operator

• OCPBUGS-41235: List secrets in batches to avoid api timeout #754
• OCPBUGS-38377: Update google.golang.org/grpc v1.65.0 #749
• OCPBUGS-37461: Set required-scc for openshift workloads #736
• OCPBUGS-37277: Update to cloud.google.com/go/storage v1.43.0 #729
• OCPBUGS-37288: GCP passthrough permissions check to ignore problematic permissions. #730
• OCPBUGS-37419: SNYK ignore go-client misreporting #738
• OCPBUGS-37061: Update to azidentity v1.7.0 #728
• OCPBUGS-36030: IBM/go-sdk-core update to v5.17.4 #720
• OCPBUGS-36291: AWS STS should not error when a credentailsRequest does not have awsSTSIAMRoleARN #709
• OCPBUGS-32900: Upgrade go-jose module to 2.6.3 #696
• OCPBUGS-31924: aws: remove non-existent permission #691
• OCPBUGS-30412: gcp actuator update check to consider custom roles #686
• OCPBUGS-29155: Fix the ClusterOperator watch of the status controller #675
• Full changelog

cloud-network-config-controller

• OCPBUGS-33780: Avoid panic when looking up attachedOutboundRule.ID in azure #145
• OCPBUGS-31754: Avoid nil pointer panic while assigning private IP on Azure #137
• Full changelog

cluster-authentication-operator

• OCPBUGS-34795: set required-scc for openshift workloads #675
• Full changelog

cluster-autoscaler

• OCPBUGS-40930: update VPA golang.org/x/net for http rapid reset for CVE-2024-8421 #315
• OCPBUGS-33885: fix: scale up broken for providers not implementing NodeGroup.GetOptions() #301
• OCPBUGS-31464: add check for taint.value == nil #293
• Full changelog

cluster-autoscaler-operator

• OCPBUGS-31947: Update x/net to v0.24.0 #319
• Full changelog

cluster-baremetal-operator

• OCPBUGS-31948: bump x/net to 0.23.0 #437
• OCPBUGS-29787: Update the leader election durations to be tolerant #405
• Full changelog

cluster-capi-controllers

• OCPBUGS-30117: manifests: Add in CustomNoUpgrade #206
• OCPBUGS-33200: Bump protobuf to v1.33.0 #204
• OCPBUGS-30595: fix e2e tests on release branches #201
• OCPBUGS-29515: openshift: generate separate manifest for core CAPI CRDs #198
• Full changelog

cluster-capi-operator

• OCPBUGS-37849: fix: sort CredentialsRequest manifests after namespace #193
• OCPBUGS-30117: manifests-gen: also add CustomNoUpgrade annotation value #166
• OCPBUGS-30118: create openshift-cluster-api namespace in CustomNoUpgrade #167
• OCPBUGS-25505: UPSTREAM: <carry>: bump x/crypto #165
• OCPBUGS-29515: manifests-gen: store core capi crds also in their own manifest #160
• Full changelog

cluster-cloud-controller-manager-operator

• OCPBUGS-36821: Increase GCP Concurrent Service Syncs to 10 #359
• OCPBUGS-33547: update azure and ash tolerations on node manager #343
• Bug OCPBUGS-32246: Allow to patch events in OpenStack RBAC #339
• Full changelog

cluster-config-api

• CFE-1047: Added new field for capacityReservationGroupID in AzureMachineProviderSpec #1925
• OCPBUGS-36208: Ingress - add connect timeout to tuning options #1937
• OCPBUGS-35214: [Release 4-15] Add transit switch config to 4.15 #1872
• OCPBUGS-28928: Add UnservableInFutureVersions route status condition type #1751
• OCPBUGS-29370: Update AWSCSIDriverConfigSpec fields validation to accept all current AWS partitions #1767
• Full changelog

cluster-config-operator

• OCPBUGS-36151: Set required-scc for openshift workloads #420
• OCPBUGS-26542: remove duplicate manifests in image #395
• Full changelog

cluster-control-plane-machine-set-operator

• OCPBUGS-24632: Prevent rollout due to irrelevant path artifacts #317
• CFE-1087: API Bump for capacity Reservation #318
• OCPBUGS-34971: Add unreadyNodeGracePeriod for allowing brief node hiccups #299
• OCPBUGS-35496: Wait for ControlPlaneMachineSet to be created when waiting for it to be updated #308
• OCPBUGS-35255: Improved debugging of API listing errors #301
• [Release 4.15] OCPBUGS-32414: Fix ExportFailureDomain to handle empty platform spec #290
• [Release 4.15] OCPBUGS-32357: Modified webhook to allow templates by name instead of just by path. #289
• OCPBUGS-29419: Never delete a Machine when there’s a single Machine in an index #280
• OCPBUGS-29236: Fixed control plane machine set handling of static IPs when AddressesFromPools is not in use. #279
• Full changelog

cluster-csi-snapshot-controller-operator

• OCPBUGS-36377: Set required-scc for openshift workloads #211
• OCPBUGS-31599: create suitable role and roleBinding for csi-snapshot-webhook #203
• Full changelog

cluster-dns-operator

• OCPBUGS-32093: Add RBAC related to featuregates to fix hypershift upgrade #407
• Full changelog

cluster-etcd-operator

• OCPBUGS-33564: return errors in wait-for-ceo #1261
• OCPBUGS-32952: remove etcd-health-probe log #1257
• OCPBUGS-31942: update golang x net #1253
• OCPBUGS-31865: bump(library-go)=release-4.15 #1220
• OCPBUGS-30915: CEO aliveness check should only detect deadlocks #1225
• OCPBUGS-30042: fix condition name type #1212
• OCPBUGS-28628: fix panic in health check timeouts #1191
• OCPBUGS-29717: [4.15] Replace nodelister with master nodelister everywhere #1206
• Full changelog

cluster-image-registry-operator

• OCPBUGS-39099: Avoid Shared Access Key usage for Azure Storage Account when using Managed Identity based auth #1111
• OCPBUGS-38895: pkg/resource: invoke update-ca-trust extract with –output #1105
• OCPBUGS-36325: Set required-scc for openshift workloads #1067
• OCPBUGS-36036: go.*,vendor: bump go-retryablehttp #1068
• OCPBUGS-34571: azure-path-fix: get client secret from k8s secret #1049
• OCPBUGS-34539: pkg/storage/s3: use force path style in favour of virtual hosted style config #1048
• OCPBUGS-33208: azurepathfix: check if platform status is nil before accessing it #1031
• OCPBUGS-32396: azure-path-fix: support auth via account key (without clientID) #1022
• OCPBUGS-31641: bump aws-sdk-go from v1.44 to v1.50 #1014
• OCPBUGS-29983: cmd/move-blobs: log and exit 1 on error instead of panic #1009
• Full changelog

cluster-ingress-operator

• OCPBUGS-36466: Allow operator to update Route spec.subdomain #1100
• OCPBUGS-36208: Implement connect timeout tuning option #1097
• OCPBUGS-36279: Add Regexp Anchor to TestAll #1096
• OCPBUGS-28928: Prevent upgrades for SHA1 default cert and SHA1 route certs #1014
• OCPBUGS-35028: internalServiceChanged: Fix target port logic #1081
• OCPBUGS-34887: TestHostNetworkPortBinding: Delete t.Parallel() #1075
• OCPBUGS-34252: Use centos7 tag for quay.io/centos7/httpd-24-centos7 image #1058
• Full changelog

cluster-kube-apiserver-operator

• OCPBUGS-37566: add disabled syncer as reason to CFE for PSA #1716
• OCPBUGS-35832: add SNO control plane high cpu usage alert #1706
• OCPBUGS-29361: operator: stop removing kube-apiserver-slos asset #1643
• OCPBUGS-34492: Create one-shot migrations for the flowcontrol group. #1692
• OCPBUGS-33697: add a controller that reconciles SCCs’ volumes #1679
• OCPBUGS-33277: Fix incorrect name for hostmount-anyuid SCC ClusterRole #1672
• OCPBUGS-31807: Use RotatedSigningCASecret in update only mode #1662
• OCPBUGS-30304: cert rotation: Bump library-go to latest master #1653
• OCPBUGS-29775: webhookcontroller: report when a webhook resource is missing a caBundle provided by the service-ca-operator #1647
• OCPBUGS-30180: add provider name to cluster_infrastructure_provider when external platform #1639
• Full changelog

cluster-kube-controller-manager-operator

• OCPBUGS-31807: use RotatedSigningCASecret and RotatedSelfSignedCertKeySecret only in update mode #801
• OCPBUGS-31865: bump(library-go)=release-4.15 #797
• Full changelog

cluster-kube-scheduler-operator

• OCPBUGS-31865: bump(library-go)=release-4.15 #537
• Full changelog

cluster-kube-storage-version-migrator-operator

• OCPBUGS-36322: Set required-scc for openshift workloads #112
• Full changelog

cluster-monitoring-operator

• OCPBUGS-39172: Backport #2441 for 4.15 #2448
• OCPBUGS-37608: set required-scc for openshift workloads #2420
• OCPBUGS-36563: add runbook_url annotations #2406
• OCPBUGS-37194: Making sure proxy settings are correctly forwarded in the generated remote write configs #2413
• OCPBUGS-36312: inject trusted CA bundle into UWM Alertmanager #2400
• OCPBUGS-34596: Ipsec state backport #2384
• OCPBUGS-33512: fix Thanos ruler alert generator url #2343
• OCPBUGS-32055: backport ols metric allowlist to 4.15 #2313
• OCPBUGS-28769: fix generation of telemeter token hash #2303
• Full changelog

cluster-network-operator

• OCPBUGS-31447: Tighten the permissions on whereabouts.conf #2324
• NP-1064, OCPBUGS-39336: Remove managed cluster checking for live migration #2485
• OCPBUGS-34613, OCPBUGS-34726, OCPBUGS-34727: Live migration backports #2393
• OCPBUGS-37962: Fix IC distributed control plane alerts #2459
• OCPBUGS-35837: Propogate hypershift control plane priority class override to multus and preserve container resource requests #2420
• OCPBUGS-37205: Check every MachineConfigPool for IPsec plugin existence #2439
• OCPBUGS-34809: Ensure that the node-identity webhook address contains colons for IPv6 #2396
• OCPBUGS-36347: Create the configmap mtu if not found #2426
• OCPBUGS-36499: [release-4.15] Bump Openshift API and backport configurable subnet knobs (transit / join / masquerade) #2375
• OCPBUGS-36367: update whereabouts crd #2427
• OCPBUGS-32989: Add conditions for ignored-namespaces #2379
• OCPBUGS-29739: Run dhcp-daemon pods as system-node-critical priority #2283
• OCPBUGS-34596: Add ipsec state metric #2389
• OCPBUGS-32515: Fix wait logic for IPsec certificate signing request #2348
• OCPBUGS-29092: Add probes to node-network-identity #2253
• OCPBUGS-29654: Fully disable network-node-identity on ROKS #2314
• OCPBUGS-30927: ensure local networking deployments within hypershift use the client side load balancer to be resilient to control plane node failures #2310
• OCPBUGS-30615: Fix managed cluster detection on ARO #2304
• OCPBUGS-29090: network-node-identity mounts secrets with mode 0640 #2251
• OCPBUGS-29390: ipsec: fix openssl typo #2272
• OCPBUGS-29522: Not set CNO to degraded if API server returns conflict error #2275
• OCPBUGS-29654: [release-4.15] Disable network-node-identity on ROKS #2278
• Full changelog

cluster-node-tuning-operator

• TuneD prior to kubelet in one-shot mode (#1125) #1125
• set required-scc for openshift workloads (#1117) #1117
• OCPBUGS-36870: Remove tuned/rendered object (#1110) #1110
• OCPBUGS-36355: Backport fix for OCPBUGS-30647 (#1095) #1095
• OCPBUGS-33929: Negative net interface name does not reduce queues (#1066) #1066
• Add a ‘.snyk’ to silence static code analysis warnings (#1001) #1001
• fix extra-reboot on upgrade with paused mcp worker (#1049) #1049
• fix rendering extra ctrcfgs (#975) #975
• OCPBUGS-31694: E2E: Workload hints test cases fixes (#1012) (#1043) #1012
• Reduce number of reboots in offline tests (#1014) #1014
• Systemd processes not being moved to cpuset/systemd.slice fix (#1016) #1016
• Scheduler plugin: ignore IRQs (#983) #983
• e2e: when crun is enabled by default skip checking runc config (#1013) #1013
• OCPBUGS-30507: Add performance real time tuned template (#984) #984
• Report duplicate priority only for multiple matching profiles (#965) #965
• hack: fix backport of render-sync.sh (#996) #996
• OCPBUGS-29752: [release-4.15][manual] backport performance profile owner reference ehnancements (#963) #963
• Render: Add MCSelector to missing default MCPs (#959) #959
• Add support to inject owner-ref argument to render command (#966) #966
• Full changelog

cluster-openshift-apiserver-operator

• OCPBUGS-36150: Set required-scc for openshift workloads #581
• Full changelog

cluster-openshift-controller-manager-operator

• OCPBUGS-35922: lots of churn during image registry managed/removed transition #358
• OCPBUGS-35869: nil pointer reference in ocm-operator #357
• OCPBUGS-36152: Set required-scc for openshift workloads #361
• OCPBUGS-31708: Update opentelemetry dependency 415 #342
• OCPBUGS-25985: Disable deployer-controller when deploymentconfig is disabled #322
• OCPBUGS-24086: Updating ose-cluster-openshift-controller-manager-operator-container image to be consistent with ART #319
• Full changelog

cluster-samples-operator

• OCPBUGS-37464: Set required-scc for openshift workloads #548
• OCPBUGS-38157: add mfrancisc and metlos as owners add owners 4.15 #550
• OCPBUGS-22034: bump K8s version to 29.2 #538
• Full changelog

cluster-storage-operator

• OCPBUGS-36374: Set required-scc for openshift workloads #484
• OCPBUGS-33466: Fix problem-detector proxy setting #471
• OCPBUGS-29370: Update AWSCSIDriverConfigSpec fields validation to accept all curren #461
• Full changelog

cluster-version-operator

• OCPBUGS-36817: Set required-scc for openshift workloads #1068
• OCPBUGS-33984: Add admin-gate for OCP 4.16 #1049
• Full changelog

console

• OCPBUGS-38970: DeploymentConfigs deprecation info alert should not present on the Edit deployment page #14195
• OCPBUGS-38969: Tooltip on Pipeline when expression is not shows #14194
• OCPBUGS-39085: Fix utilization card limits/total display #14209
• OCPBUGS-33938: Add validation for vSphere fields Handle submit errors correctly #14210
• OCPBUGS-39112: Disable Knative e2e tests #14197
• OCPBUGS-33076: Remove deprecated resources from spec of the Pipeline #13801
• OCPBUGS-35495: fix crash if helm chart metadata is nil #13977
• OCPBUGS-37452: Redirects to new PipelineRun logs URL from old PipelineRun logs URL #14083
• OCPBUGS-38496: Fix password set to Secret created through Start Pipeline form #14152
• OCPBUGS-37399: Add default sorting column for VirtualizedTable component of dynamic plugin sdk #14079
• OCPBUGS-37099: fix BMH restart annotation #14071
• OCPBUGS-37458: one OAuth.config.openshift.io item on Global Configuration page links to non-existing resource #14085
• OCPBUGS-34477: Import from Git allow users to import an app with Build option Pipeline also when no Pipeline is available #13897
• OCPBUGS-36971: ensure correct API version for OperandDetails #14058
• OCPBUGS-34912: Improve Pipeline list page performance #13929
• OCPBUGS-33642: Patch PF dynamic module parser to exclude ‘next’ modules #13849
• OCPBUGS-32501: Pipeline details page Metrics tab crashed due to no custom data #13781
• OCPBUGS-34478: UI inconsistency in topology when application grouping is collapsed #13898
• OCPBUGS-34350: Create Serverless form does not create BuildConfig #13891
• OCPBUGS-32029: Use UserInfo username field when logging out as kubeadmin #13748
• OCPBUGS-30208: Fix asynccache bugs #13807
• OCPBUGS-33838: TaskRuns should not be fetched for Failed PLR’s #13863
• OCPBUGS-34703: fix bug where textarea is not resizable #13913
• Revert “OCPBUGS-34550: Dont render ARN mode role field and warning for HyperShift clusters” #13905
• OCPBUGS-33263: Pipeline list page is crashed when navigating from Search page #13819
• OCPBUGS-33166: Fix NAD always on default namespace #13865
• OCPBUGS-31863: make sure folder is encapsulated with quotas #13737
• OCPBUGS-33506: Fix Pipeline details page with when expression using CEL expression #13835
• OCPBUGS-32505: Add visual connector between VMs and non VMs workloads #13782
• OCPBUGS-33548: restrict Masthead logo to max-height #13839
• OCPBUGS-32497: Improve Create serverless function error message #13778
• OCPBUGS-33191: Hide dev perspective Pipelines nav option if dynamic plugin nav option is enable #13810
• OCPBUGS-33058: fix issues with Edit Route form #13800
• OCPBUGS-32187: Add flag to hide Output tab contributed by pipelines-plugin #13756
• OCPBUGS-32716: Helm Plugin’s Catalog incorrectly renders a single index entry into multiple tiles #13788
• OCPBUGS-32506: setting correct image trigger annotation #13783
• OCPBUGS-32933: change OperatorHub filter FIPS Mode to Designed for FIPS #13796
• OCPBUGS-31799: Improve PipelineRun list view performance #13731
• OCPBUGS-32796: auth: fix OIDC logging out #13793
• OCPBUGS-31445: Upgrade Pipeline trigger resources to v1beta1 #13704
• OCPBUGS-31045: fix for execute inline markdown syntax issue #13681
• OCPBUGS-32518: Add warning about service binding operator will not be supported from 4.15 #13784
• OCPBUGS-32391: Routes created by devfiles do not always use HTTPS #13771
• OCPBUGS-32340: Increased max nodes limit to 200 in topology page #13767
• OCPBUGS-32399: Update devfile library to v2.2.2 #13762
• OCPBUGS-32156: TaskRun status is not displayed near the name #13752
• OCPBUGS-31806: Use bearer-token for local dev with auth #13732
• OCPBUGS-31839: fix bug where paused MCPs were incorrectly unpausing w… #13735
• OCPBUGS-31105: Update to pf5.2 to fix quick starts #13686
• OCPBUGS-31476: Requesting for country codes in localization of openshift - webconsole #13707
• OCPBUGS-31046: Application creation fail when manually entering input scaling value in local setup #13682
• OCPBUGS-30916, OCPBUGS-30917: PipelineRuns in Console show wrong status or load indefinitely #13672
• OCPBUGS-30869: TaskRun with same name in different project don’t show 2 entries when listing in all namespace #13668
• OCPBUGS-31107: Upload Jar form’s Clear button is not functioning #13688
• OCPBUGS-30759: Fix bugs in Console dynamic plugin SDK webpack code #13678
• OCPBUGS-30871: fix Configure link in AlertmanagerReceiversNotConfigur… #13669
• OCPBUGS-29963: i18n upload/download routine task - chore(i18n): update translations #13670
• OCPBUGS-30801: Switch to service to get the PLR and TR logs from the Tekton results summary API #13663
• OCPBUGS-30275: adjusting documentation links for 4.15 #13648
• OCPBUGS-30870: chore(i18n): update translations: Completed OCP-4.15/Master Branch/Sprint 245 #13641
• OCPBUGS-25831: Date&Time values are not showing as per browser default language #13467
• OCPBUGS-29080: make getGroupVersionKindForResource null safe #13582
• OCPBUGS-29781: Fix operands list endpoint. #13633
• OCPBUGS-29812: Changes to prevent yaml editor crash in version 4.15 #13638
• OCPBUGS-29842: Switch to service from external result route endpoint #13627
• OCPBUGS-28889: VolumeSnapshots data not displayed in PVC > VolumeSnapshots tab #13570
• OCPBUGS-27431: Add source maps to production builds #13526
• OCPBUGS-26481: Tab VolumeSnapshots crashed on PVC page #13490
• OCPBUGS-25984: Fix config ini format #13475
• OCPBUGS-29844: Enable catalog source badge to truncate for long names #13629
• OCPBUGS-29846: Prevent complete page reload when changing perspective #13631
• OCPBUGS-29845: Page fails to return to the Secrets list after clicking ‘Cancel’ on any Secret creation page #13630
• OCPBUGS-29843: improve empty state message for Machines and MachineSets page #13628
• OCPBUGS-29679: TaskRuns list page is loading constantly for all projects #13618
• OCPBUGS-29640: Output image url link leads to 404 for Shipwright Builds #13615
• OCPBUGS-28232: do not deduplicate ImageManifestVulns in Overview popover #13545
• chore(i18n) OCPBUGS-28623: update translations: : Completed OCP-4.15/Master Branch/Sprint 244 #13594
• OCPBUGS-26567: Fixed some problems in topology Chinese translation text #13498
• OCPBUGS-29914: [release-4.15] Use selfsubjectreview API from frontend #13636
• Full changelog

console-operator

• OCPBUGS-37408: set required-scc for openshift workloads #924
• OCPBUGS-31520: oidc: synchronize the CM with a CA to trust the issuer, if configured #881
• OCPBUGS-33720: Add missing return statement to fix crash in healthcheck controller #903
• OCPBUGS-31499: Update RHDH QuickStarts and add CR examples #880
• OCPBUGS-31619: use InfrastructureTopology for clusters using external CP as the console deploys on the worker nodes #882
• OCPBUGS-29332: Remove Janus IDP and update RHDH quickstarts #863
• OCPBUGS-27113: Prevent healthcheck controller from Available=False blipping #835
• Full changelog

container-networking-plugins

• OCPBUGS-30045: [4.15] cherry-pick containernetworking/plugins#997 #155
• Full changelog

coredns

• OCPBUGS-37158: UPSTREAM: 6354: openshift: key cache on Checking Disabled (CD) bit #125
• Full changelog

csi-driver-manila, openstack-cinder-csi-driver, openstack-cloud-controller-manager

• OCPBUGS-38170: rebase CPO on 4.15 #274
• OCPBUGS-32246: Remove enforcement of IPv6 LB as internal #277
• Full changelog

csi-driver-manila-operator

• OCPBUGS-38023: Set required-scc for openshift workloads #236
• Full changelog

csi-external-snapshotter, csi-snapshot-controller, csi-snapshot-validation-webhook

• OCPBUGS-31599: add cmdline args to enable group snapshot webhooks #147
• Full changelog

docker-builder

• OCPBUGS-41225: Prevent Build Inputs “Zip-Slip” #6
• OCPBUGS-32845: bump go-jose to fix CVE-2024-28180 #396
• BUILD-854: Add adambkaplan as approver #381
• Full changelog

docker-registry

• OCPBUGS-36287: use SelfSubjectReview to obtain user info #406 #406
• OCPBUGS-31641: vendor: bump aws-sdk-go to support ca-west-1 #396
• Full changelog

egress-router-cni

• OCPBUGS-35524: update to go 1.20 and k8s.io mods to v0.28.3 #86
• Full changelog

etcd

• OCPBUGS-32768: Revert “OCPBUGS-31644: Rebase etcd 3.5.13 openshift 4.15” #264
• OCPBUGS-31644: Rebase etcd 3.5.13 openshift 4.15 #260
• OCPBUGS-28731: Rebase etcd 3.5.12 openshift 4.15 #243
• Full changelog

gcp-cloud-controller-manager

• OCPBUGS-30970: Update gcr-credential-provider.spec #60
• OCPBUGS-30970: Adds auth-provider-gcp .spec file and build script #59
• Full changelog

gcp-cluster-api-controllers

• OCPBUGS-30117: manifests: Add in CustomNoUpgrade #225
• OCPBUGS-30595: fix e2e tests on release branches #223
• Full changelog

haproxy-router

• OCPBUGS-28928: Upgrade Validation plugin for SHA1 certs #585
• OCPBUGS-32977: Count active services before setting weight to 1 #586
• OCPBUGS-32693: Reject routes with MD5 certs #584
• OCPBUGS-32435: Introduce ‘idle-close-on-response’ option for frontends #579
• OCPBUGS-31544: Properly handle rewrite-target annotation #569
• Full changelog

hyperkube, pod

• OCPBUGS-39016: Update to Kubernetes v1.28.13 #2063
• OCPBUGS-31467: Return from EnsureHostInPool on all NIC errors #1964
• : OCPBUGS-38861: Upstream: 115702 kubelet: output log even file is rotated #2058
• NO-JIRA: update downstream owners #2050
• OCPBUGS-37622: Bump to Kubernetes v1.28.12 #2037
• OCPBUGS-35552: Bump to Kubernetes v1.28.11 #1994
• OCPBUGS-33711: Bump to Kubernetes v1.28.10 #1969
• OCPBUGS-33347: Provide SCC access via RBAC #1962
• OCPBUGS-29613: UPSTREAM: <carry>: bump structured-merge-diff #1893
• OCPBUGS-32299: Bump to k8s 1.28.9 #1946
• OCPBUGS-29922: UPSTREAM: <carry>: openshift-kube-apiserver: pod .spec.nodeName should not override project node selector in podNodeEnvironment admission plugin #1897
• OCPBUGS-31807: UPSTREAM: <carry>: allow type mutation for specific secrets #1939
• UPSTREAM: <carry>: OCPBUGS-31348: fix cpu manager cpuset check #1915
• OCPBUGS-31740: 4.15: UPSTREAM: 124048: Use the right feature gate when updating uncertain volumes #1935
• OCPBUGS-31503: Bump to 1.28.8 #1926
• Address CVE #11
• OCPBUGS-30963: Set up CEL IP/CIDR library from 4.14 onwards #1912
• OCPBUGS-29661: Bump to 1.28.7 #1891
• Full changelog

hypershift

• HOSTEDCP-1896: [release-4.15] Allow setting Kube APIServer maximum requests in flight #4552
• OCPBUGS-39463: handle version skewed NodePools that do not have rhel9 binaries #4666
• OCPBUGS-39077: Set KCM node monitor grace period #4628
• OCPBUGS-30465: fix: bump google.golang.org/protobuf #4616
• OCPBUGS-39171: fix: bump github.com/IBM/go-sdk-core/v5 #4625
• OCPBUGS-35815: Add hypershift-cluster-version-operator image to release providers #4243
• NO-JIRA: test: relax mgmt KAS egress check #4631
• NO-JIRA: Tolerate restarts for kubevirt external infra #4200
• NO-JIRA: Flaky cert validation test #4630
• OCPBUGS-38943: copy oapi ca-trust recursively when building trust anchor #4613
• OCPBUGS-39041: set proxy envvars on aws and azure CCMs #4624
• OCPBUGS-38613: hcco: reconcile apiserver config into hosted cluster #4567
• OCPBUGS-38561: Let the CPO oidc check resolve through data plane #4564
• OCPBUGS-34904: remove weak ciphers from security profile #4547
• OCPBUGS-37171: OCPBUGS-35899: Doubled machineHealthCheck timeout on Agent and None #4489
• NO-JIRA: Update Konflux 4.15 and perform migration #4487
• NO-JIRA: [release-4.15] Kubevirt on Azure: Change KAS LB Port to 7443 #4469
• OCPBUGS-36938: [release-4.15]: Add HTTP(s) konnectivity proxy and use it with OpenShift APIServer #4358
• OCPBUGS-37174: Delete IDMS in dataplane once HCP ICS field is removed #4457
• NO-JIRA: [release-4.15] kubevirt-csi-driver: Pass infra kubeconfig in case of external infra #4279
• HOSTEDCP-1795, HOSTEDCP-1796: Customize the self-generated cert validity and rotation #4444
• OCPBUGS-36916: Add newline after TLS certs referenced by image.config #4443
• OCPBUGS-37695: Set right endpointSlice port #4441
• NO-JIRA: Red Hat Konflux update hypershift-release-mce-25 #4433
• NO-JIRA: [release-4.15] test/e2e: remove api budget checks #4413
• OCPBUGS-37266: extract rhel9 MCO binaries for rhel8 based MCO images #4385
• OCPBUGS-36606: enable audit log for oauth-openshift #4320
• HOSTEDCP-1714: Kubernetes API Server Log Verbosity Annotation cherry pick to 4.15 #4178
• OCPBUGS-35736: Complete KAS migration to none endpoint reconciler type #4228
• OCPBUGS-35935: check mgmt cluster for route capability before DeleteIfNeeded for ovn sbdb route #4265
• NO-JIRA: chore(deps): update konflux references (release-4.15) #4259
• OCPBUGS-35714: Generate default worker security group rules based on machineCIDR #4266
• NO-JIRA: chore(deps): update konflux references (release-4.15) #4252
• OCPBUGS-32404: Fix failure to create a second hostedcluster in the same namespace #3907
• NO-JIRA: chore(deps): update konflux references to ff44cf3 (release-4.15) #4246
• NO-JIRA: feat(olm): Set packageserver replicas to 2 for IBMCloudPlatform #4231
• chore(deps): update konflux references to 2be7c9c (release-4.15) #4224
• OCPBUGS-34580: Add TrustedBundles to OAS container #4211
• NO-JIRA: hack: make the e2e script generic #4199
• OCPBUGS-33627: Restrict image registry overrides to control plane components #4131
• OCPBUGS-34156: fix router on 4.14 y-stream upgrade #4077
• OCPBUGS-35002: [release-4.15] HOSTEDCP-1122: Backport etcd defrag controller #4162
• NO-JIRA: Update Konflux references to 1025001 (release-4.15) #4180
• NO-JIRA: chore(deps): update konflux references (release-4.15) #4167
• OCPBUGS-34997: add AWS STS URL to OIDC provider audiences #4157
• OCPBUGS-35074: Fix disconnected metadata inspection for nodepool #4175
• HOSTEDCP-1708: remove liveness and readiness probes that use the metrics #4128
• OCPBUGS-34423: Fixed audit-logs sigterm failing to terminate gracefully #4089
• OCPBUGS-33526: Disable DNS resolving for CNO #4148
• OCPBUGS-34904: remove weak cipher #4156
• OCPBUGS-34510: Reconcile KAS endpoints and endpoint slice #4097
• NO-JIRA: test/e2e: fix prometheus serviceaccount handling against 4.16+ #4151
• NO-JIRA: chore(deps): update rhtap references (release-4.15) #4120
• NO-JIRA: chore(deps): update rhtap references (release-4.15) #4072
• OCPBUGS-33510: Run haproxy to connect to kas from data plane if noproxy settings contain kas #4014
• NO-JIRA: chore(deps): update rhtap references to 7cd8020 (release-4.15) #4064
• NO-JIRA: Remove CLI inspection of release image #4056
• HOSTEDCP-1518: Preserve container resource requests and limits #4032
• NO-JIRA: Update RHTAP references (release-4.15) #4041
• OCPBUGS-33118: Recycler-pod image now points to the OCP Payload reference #3963
• OCPBUGS-32220: Fix disconnected metadata inspection #3881
• NO-JIRA: Update RHTAP references to 1f62eaf (release-4.15) #4030
• OCPBUGS-33117: Reconcile over ICSP/IDMS #3962
• NO-JIRA: Update RHTAP references to 2d39df1 (release-4.15) #4022
• HOSTEDCP-1480: Update TLS cert hash creation with sha512 #4017
• HOSTEDCP-1513: Support hypershift-operator scoping for hostedclusters #3998
• Revert “[release-4.15] OCPBUGS-32013: Set OPERATOR_IMAGE environment variable” #3939
• OCPBUGS-33207: Remove kube-scheduler readiness probe #3955
• NO-JIRA: chore(deps): update rhtap references to c6fdbf4 (release-4.15) #3989
• OCPBUGS-25858: Improve description for agent APIServerAddress CLI flag #3977
• OCPBUGS-33224: disable OCM pull secret controller when imageregistry config managementstate is Removed #3976
• NO-JIRA: chore(deps): update rhtap references (release-4.15) #3982
• OCPBUGS-31747: update desired image even when HCP doesn’t exist yet #3839
• NO-JIRA: chore(deps): update rhtap references to e9efe99 (release-4.15) #3974
• OCPBUGS-32229: disable autoscaler when no nodepool require it #3884
• NO-JIRA: chore(deps): update rhtap references (release-4.15) #3967
• HOSTEDCP-1552: Update RHTAP tekton files for 0.3 -> 0.4 migration #3957
• OCPBUGS-31826: use dnsPolicy: Default for konnectivity-agent in data plane #3845
• NO-JIRA: Update RHTAP references (release-4.15) #3935
• OCPBUGS-32715: Fix OLM intilization args #3923
• HOSTEDCP-1519: [release-4.15] feat(api): Add ingress-controller-load-balancer-scope annotation #3908
• NO-JIRA: chore(deps): update rhtap references (release-4.15) #3921
• OCPBUGS-32164: Fix ICSP and IDMS inclusion as registriesOverrides #3870
• NO-JIRA: chore(deps): update rhtap references (release-4.15) #3904
• OCPBUGS-30280: Switch to use service endpoint for Konnectivity #3692
• OCPBUGS-32191: Kas disable audit cherry pick release 4.15 #3875
• OCPBUGS-32114: Add new permission required in CAPA #3861
• NO-JIRA: Update RHTAP references (release-4.15) #3887
• NO-JIRA: [release-4.15] [e2e test framework] Add a flag to add an annotation to HostedCluster #3893
• HOSTEDCP-1524: [release-4.15] Support additional node selectors for request serving nodes #3883
• NO-JIRA: chore(deps): update rhtap references (release-4.15) #3873
• NO-JIRA: chore(deps): update rhtap references (release-4.15) #3868
• OCPBUGS-32013: Set OPERATOR_IMAGE environment variable #3853
• NO-JIRA: chore(deps): update rhtap references (release-4.15) #3857
• NO-JIRA: Update RHTAP references (release-4.15) #3835
• OCPBUGS-31766: include hostnetwork SCC CPO role for 4.13 and earlier #3840
• HOSTEDCP-1438: [release-4.15] Preserve container resources for more hosted control plane components #3828
• OCPBUGS-31324: Add missing PodSecurityViolation alert #3798
• NO-JIRA: Increase stability in autoscaled environments #3777
• OCPBUGS-31471: Reduce log file size for hypershift apiservers #3816
• OCPBUGS-31604: disable http2 for ignition server and proxy #3825
• OCPBUGS-31426: copy issuerCertificateAuthority configmap into HC openshift-config #3808
• OCPBUGS-31265: inject built-in MCP selector for KubeletConfigs and ContainerRuntimeConfigs #3802
• NO-JIRA: Update RHTAP references (release-4.15) #3812
• NO-JIRA: Remove unused ref to hostnetwork in cpo role #3796
• OCPBUGS-31064: ibmcloud KMS: remove breaking image check and enable KMS v2 support #3774
• OCPBUGS-31377: Manually cherry pick #3782 to 4.15 #3803
• OCPBUGS-31326: fix(ignition): Fix priority class override #3800
• OCPBUGS-30804: honor HC image configuration #3730
• ”[release-4.15] OCPBUGS-30164: Ensure cloud resources are destroyed for all platforms when –destroy-cloud-resources is used” #3677
• OCPBUGS-31116: external OIDC: fix certificateAuthority field in structured auth config #3783
• OCPBUGS-30862: Manual cherry pick 3685&3727 to release 4.15 #3740
• NO-JIRA: chore(deps): update rhtap references (release-4.15) #3791
• NO-JIRA: Update RHTAP references (release-4.15) #3785
• OCPBUGS-29881: feat(ho): Add flag for dedicated request serving isolation #3633
• OCPBUGS-30742: [4.15] HCP deletion can get stuck if CPO is unable to delete the default worker security group #3726
• OCPBUGS-30650: Set KAS config pod security Enforce to privileged #3719
• NO-JIRA: Bump CPO API budget to 4000 in EnsureApiBudget #3741
• OCPBUGS-30651: Remove EnsurePSANotPrivileged #3744
• NO-JIRA: Update RHTAP references (release-4.15) #3754
• HOSTEDCP-1488: Use regionalized STS endpoints in AWS #3747
• NO-JIRA: Update RHTAP references (release-4.15) #3738
• OCPBUGS-30581: [release-4.15] OCPBUGS-30220: Align PSA labels on guest cluster namespaces with standalone OCP #3684
• OCPBUGS-30572: [release-4.15] Update OLM Default Catalog Sources to 4.15 #3696
• NO-JIRA: chore(deps): update rhtap references (release-4.15) #3705
• OCPBUGS-30189: set Konnectivity cipher suites #3673
• ”[release-4.15] OCPBUGS-27500: Fix default release image lookup” #3549
• OCPBUGS-30284: do not set KAS OAuthMetadataFile with Authentication type OIDC #3694
• OCPBUGS-30281: [release-4.15] OCPBUGS-30102: Support to disable machine management components #3670
• NO-JIRA: chore(deps): update rhtap references (release-4.15) #3675
• Update RHTAP references (release-4.15) #3645
• HOSTEDCP-1405: Remove files not needed #3669
• CNV-36056: Expose NodeSelector for KubeVirt VMs in NodePool #3648
• OCPBUGS-30088: rollout kas on auth config change #3653
• NO-JIRA: remove PrivateIngressController cleanup #3646
• OCPBUGS-29880: feat(config): Default RevisionHistoryLimit to 2 for deployments #3632
• OCPBUGS-29025: cpo: honor user provided oauthmetadata configmap passed in Authentication config #3522
• OCPBUGS-30029: sync AuthenticationConfiguration type with o/k 1.28 carry #3644
• NO-JIRA: Red Hat Konflux update hypershift-release-mce-25 #3643
• NO-JIRA: Remove specific pull secret watch in HCCO #3606
• OCPBUGS-29850: control-plane-pki-operator: fix CA used for SRE client credentials #3626
• NO-JIRA: PDB backports #3628
• OCPBUGS-29780: use 2040 for apiserver svc in IBM provider #3595
• Full changelog

ibm-cloud-controller-manager

• : OCPBUGS-37311: Bump otelgrpc to v0.49.0 #74
• Full changelog

ibm-vpc-block-csi-driver

• OCPBUGS-36066: CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 #72
• Full changelog

ibm-vpc-block-csi-driver-operator

• OCPBUGS-36072: CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 #121
• OCPBUGS-33641: [ibm-vpc] Scheduling issue on IBM Cloud Bare Metal nodes #116
• Full changelog

ibm-vpc-node-label-updater

• OCPBUGS-36012: CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 #41
• Full changelog

insights-operator

• OCPBUGS-37672: Ingress controller related certificates’ validate dates gathering (#972) #972
• fix the configmapobserver notifications (#971) #971
• manifests: set required-scc for openshift workloads (#967) #967
• OCPBUGS-35882: properly encode the URL for the advisor links (#958) #958
• OCPBUGS-35865: Collect aggregated Prometheus Alertmanager instances (#950) #950
• OCPBUGS-32702: anonymization - externalIP can be nil (#931) #931
• OCPBUGS-31946: bump golang.org/x/net version (#925) #925
• Full changelog

ironic

• OCPBUGS-33332: bump werkzeug #536
• OCPBUGS-37407: bump jinja2 #529
• OCPBUGS-37113: Update eventlet version #523
• Bug OCPBUGS-33736: Disable installation of .pyc files through pip #511
• OCPBUGS-32365: [4.15] Remove unused prometheus exporter #485
• OCPBUGS-32351: [4.15] Update to include fixes for ironic servicing feature #479
• OCPBUGS-32389: Use unix sockets by default for reverse proxy communication #474
• OCPBUGS-31686, OCPBUGS-31802, OCPBUGS-31830: [4.15] install ironic projects from source #470
• OCPBUGS-31802: [4.15] Add requirements placeholders for cachito #467
• Full changelog

ironic-agent

• OCPBUGS-33133: update ironic-lib with latest fixes #131
• OCPBUGS-32173: [4.15] Fix name in setup.cfg #123
• OCPBUGS-31811: [4.15] Add makefile #126
• OCPBUGS-31811: [4.15] Install ironic-python-agent from source #125
• OCPBUGS-31811: [4.15] Add requirements placeholders for cachito #121
• OCPBUGS-30078: [release-4.15] OCPBUGS-30078: Fix tripleo url with commit hash for openstack repos config #115
• Full changelog

k8s-prometheus-adapter

• OCPBUGS-32214, OCPBUGS-32215: upgrade deps #102
• Full changelog

keepalived-ipfailover

• OCPBUGS-30413: update unit tests in egress/dns-proxy #168
• Full changelog

kubevirt-cloud-controller-manager

• OCPBUGS-31801: Bump opentelemetry #39
• OCPBUGS-24118: Updating ose-kubevirt-cloud-controller-manager-container image to be consistent with ART #28
• OCPBUGS-22061: Bump golang.org/x/net to v0.18.0 #34
• Full changelog

kubevirt-csi-driver

• OCPBUGS-29793: [release-4.15] Address https://github.com/advisories/GHSA-fg9q-5cw2-p6r9: Restrict access to infrastructure PVCs by requiring matching infraClusterLabels on tenant PVCs #33
• Full changelog

machine-api-operator

• CFE-1051: Adding web-hook validation for capacityReservationGroupID #1261
• OCPBUGS-31949: Update x/net to v0.24.0 #1231
• OCPBUGS-30215: Azure MAO CredentialsRequest Contains Unnecessary virtualMachines/extensions Permissions #1222
• Full changelog

machine-config-operator

• OCPBUGS-37551: On-Prem resolv prepender to watch for NM changes #4499
• OCPBUGS-38712: SCC-pinning for openshift workloads #4540
• OCPBUGS-38370: Revert “MCD-pull: run after network-online.target in Azure” #4525
• OCPBUGS-37768: Move StartLimitIntervalSec to Unit section #4506
• OCPBUGS-37629: Openshift uncordoned compute-node that was intentionally cordoned #4495
• OCPBUGS-36863: Copy RHEL9 binaries used in HCP #4476
• OCPBUGS-35220: Check both ready and health ingress endpoints #4398
• OCPBUGS-30139: [release-4.15] Use NM’s dns-change event for resolv.conf #4220
• OCPBUGS-36769: daemon: Handle correctly OS Version for 4.1 and 4.2 bootimages #4461
• OCPBUGS-36550: MCD-pull: run after network-online.target in Azure #4454
• OCPBUGS-27436: Fix mirrorSourcePolicy error prompt imagecontentsourcepolicies #4431
• OCPBUGS-36258: daemon/update: disable systemd unit before overwriting #4441
• OCPBUGS-32092: Decrease logs of haproxy #4313
• OCPBUGS-35010: set required-scc for openshift workloads #4393
• OCPBUGS-31461: Remove weights from ingress check script #4290
• OCPBUGS-33847: If multiple hostnames are returned, use the first one for the Node name #4373
• OCPBUGS-20152: Don’t error if the certs.d dir doesn’t exist yet #4358
• OCPBUGS-32922: [release-4.15] add cluster fleet evaluation support to mco #4334
• OCPBUGS-28926: [4.15] crio: update pids limit to be -1 #4163
• OCPBUGS-28545: Delete state files on reboot only #4311
• OCPBUGS-31820: Remove the condition for checking the multiple ovs-if-br-ex profiles #4309
• OCPBUGS-27029: Log network service output to console #4113
• OCPBUGS-31646: fix: resources were in the wrong indentation level #4301
• : OCPBUGS-31576: kubelet: restorecon necessary files on kubelet’s prestart #4297
• OCPBUGS-30884: Prevent OVS-configuration to run before kdump #4259
• OCPBUGS-31383: make verify should use MCO’s kube version #4282
• OCPBUGS-30971: add preferredduringscheduling annotation to kube-rbac-proxy-crio #4264
• OCPBUGS-29731: Delete image openshift/openshift-proxy-pull-test #4199
• OCPBUGS-30093: Mount /run/nodeip-configuration into coredns containers #4229
• OCPBUGS-30761: add static pods for rbacproxy #4252
• OCPBUGS-30017: CRI-O: Add missing Devices annotation to CRI-O configuration #4227
• OCPBUGS-29339: annotate on-prem static pods for workload partitioning #4179
• OCPBUGS-29797: set nodeStatusReportFrequency #4211
• OCPBUGS-29166: ovs-configure: fix vlan_parent calculation #4171
• OCPBUGS-29651: nmstate, configure nmstate to keep service yamls #4192
• Full changelog

monitoring-plugin

• OU-417: throw an error when a custom datasource is not found #118
• OU-415: Add datasource parameter to handle metrics from custom datasources #116
• OCPBUGS-32097: make createdBy mandatory and auto fill with the current user #115
• OCPBUGS-31310: upgrade sanitize-html vulnerable dependency #107
• Full changelog

multus-cni

• OCPBUGS-35047: Update owners file #240
• OCPBUGS-35258: Thick plugin should not wait for API readiness on CNI DEL #242
• OCPBUGS-33477: Fix CNI cache update function to prevent nil access #234
• OCPBUGS-30237: Reload bootstrap kubeconfig if cert mgr failed to load valid certs #223
• OCPBUGS-28271: Fix SAST scan issues for multus-cni-container [4.15] #219
• Full changelog

multus-networkpolicy

• Update owners (#58) #58
• Full changelog

multus-route-override-cni

• OCPBUGS-41804: [release-4.15]Update owners #59
• Full changelog

multus-whereabouts-ipam-cni

• OCPBUGS-37813, OCPBUGS-37816: [release-4.15] align api calls timeout and skip pods marked for deletion #308
• OCPBUGS-36367: [release-4.15] Return previous IP allocation for add cmd #295
• OCPBUGS-35081: [release-4.15] Use IP to identify orphaned allocation to be deleted #288
• Full changelog

network-metrics-daemon

• Correct 4.16 owners file (#99) #99
• Full changelog

network-tools

• OCPBUGS-31764: replace wireshark with wireshark-cli #118
• Full changelog

nutanix-machine-controllers

• OCPBUGS-29548: IPI install fails on Nutanix when using DHCP #69
• Full changelog

oauth-apiserver

• OCPBUGS-33210: bump lib-go to fix SAs acting as OAuth2 clients #114
• OCPBUGS-31951: bump x/net to 0.24.0 #109
• Full changelog

oauth-server

• OCPBUGS-33210: bump lib-go to fix SAs acting as OAuth2 clients #148
• Full changelog

oc-mirror

• OCPBUGS-34521: Fix DiskToMirror without internet connection without rebuild catalog (#866) #866
• OCPBUGS-33575: Change default behavior to not rebuild catalogs for V1 (#849) #849
• OCPBUGS-31466: Fix for oc-mirror new defaultChannel override (#846) #846
• Bump version to include v5.11.0 of go-git (#819) #819
• OCPBUGS-23550: Generate both oc-mirror binaries for rhel9 and rhel8 (#804) #804
• Fix to ensure operator not found error exits with correct status (#794) #794
• Full changelog

olm-catalogd

• OCPBUGS-29796: UPSTREAM: 231: make garbage collection a runnable #44
• Full changelog

olm-rukpak

• : OCPBUGS-30264: Bump Helm & K8s dependencies #79
• Full changelog

openshift-apiserver

• OCPBUGS-32444: Bump golang/x/net to v0.23.0 #428
• OCPBUGS-28928: Bump openshift/api to get updated docs for UnservableInFutureVersions #436
• OCPBUGS-31469: vendor upgrade runtime-utils #422
• Full changelog

openshift-controller-manager

• CVE-2024: 45496: Reduce Capabilities for Non-Build Containers #6
• OCPBUGS-32807, OCPBUGS-33371: Rollback state of managed image pull secrets after downgrade #303
• OCPBUGS-31490: Bumps opentelemetry dependencies #294
• OCPBUGS-24086: Updating ose-openshift-controller-manager-container image to be consistent with ART #281
• Full changelog

openstack-cinder-csi-driver-operator

• OCPBUGS-36586: Add config map hooks #175
• OCPBUGS-34927: Correct out-of-bounds check #172
• OCPBUGS-32744: Relax requirement to enable topology #165
• Full changelog

openstack-cluster-api-controllers

• OCPBUGS-25859: CARRY: Add Snyk security scan config #299
• OCPBUGS-26208: openshift/manifests: CloudCredential capability for CredentialsRequest #297
• Full changelog

openstack-machine-api-provider

• OCPBUGS-34665: Failure to get bootstrap is non-fatal #120
• OCPBUGS-30857: Ensure portSecurity is correctly set in the Port #108
• OCPBUGS-28326: Add snyk configuration file #105
• Full changelog

operator-lifecycle-manager, operator-registry

• OCPBUGS-38383: (fix) Resolver: list CatSrc using client, instead of referring to registry-server cache #840
• OCPBUGS-38323: Update junit report file name to show spec results on Test Grid #839
• OCPBUGS-37677: [release-4.15] Update e2e config and backport list of flakes #829
• OCPBUGS-37554: Set required-scc for openshift workloads #828
• OCPBUGS-37017: Bump github.com/containers/image/v5 #823
• OCPBUGS-36812: fix sorting unpack jobs #817
• OCPBUGS-36451: Can’t install operator on 4.15 after uninstalling it on a prior version #810
• OCPBUGS-36813: [CARRY] perform operator apiService certificate validity checks directly #819
• OCPBUGS-35305: [release-4.15] catalog-operator: delete catalog pods stuck in Terminating state due to unreachable node #779
• OCPBUGS-35720: Warn and allow CRD upgrade if validation fails but webhook is specified #789
• OCPBUGS-31939, OCPBUGS-31940: UPSTREAM: <carry>: update golang.org/x/net for CVE-2023-45288 #747
• OCPBUGS-35229: Unblock CI #768
• OCPBUGS-32860: UPSTREAM: <carry>: bump go-jose #740
• OCPBUGS-32311: [release-4.15]: Update if AlreadyExists #736
• OCPBUGS-31842: copy-content: delete destination dirs before copying (#3197) #728
• OCPBUGS-31651: [release-4.15] Correctly detect catalog image ID for extractContent catalog pods #726
• OCPBUGS-30219: bump otelgrpc to 0.46.0 #712
• OCPBUGS-30193: Synchronize From Upstream Repositories #711
• OCPBUGS-30141: ClusterRoleBinding + Service SSA cherry-pick #707
• OCPBUGS-30147: Wait for required RBAC before creating packageserver CSV #710
• Full changelog

operator-marketplace

• OCPBUGS-24144: Updating marketplace-operator-container image to be consistent with ART [4.15] #553
• OCPBUGS-37524: Set required-scc for openshift workloads #570
• OCPBUGS-32060: update golang.org/x/net for CVE-2023-45288 #564
• Full changelog

ovn-kubernetes, ovn-kubernetes-microshift

• OCPBUGS-38262: [release-4.15] Bump OVSDBTimeout and make it configurable. #2252
• OCPBUGS-37962: Fix registering northd metrics on appropriate nodes #2246
• OCPBUGS-37196: [release-4.15] ovspinning: Set affinity of each thread #2235
• OCPBUGS-35902: Bump ovn to 23.09.4-16 #2216
• OCPBUGS-36382: Handle IP fragments in SGW mode #2215
• OCPBUGS-33619: EgressIP: Reload certificates for the grpc heatlhcheck server #2167
• OCPBUGS-33623, OCPBUGS-33624: Improve CI signal by removing/suppressing signals #2168
• OCPBUGS-31814: ipv6+all protocols conntrack flush #2131
• OCPBUGS-34404: [release-4.15] dns: fix deadlock in case of error #2182
• OCPBUGS-33294: Reuse node-subnet from cache if exists #2163
• OCPBUGS-33960: Egressip garp fix 4.15 #2175
• OCPBUGS-30899: use a forked version of j-keck/arping that fixes a threading issue #2105
• OCPBUGS-32426: [release-4.15] Improves service iptables efficiency on start up #2156
• [Release 4.15] OCPBUGS-32986: Bump OVS #2147
• OCPBUGS-27852: [release-4.15] Full implementation of KEP-1669 ProxyTerminatingEndpoints + ETP=local fix #2025
• OCPBUGS-29316: [release-4.15] Ignore missing live migratable pod annotation on AddNode #2065
• OCPBUGS-32202: [release-4.15] Bump OVN to 23.09.0-139 #2121
• OCPBUGS-33020: drop-forwarding: Add ClusterSubnets to allowed forwarding CIDRs #2141
• OCPBUGS-32154: Custom v4 and v6 transit switch subnets while creating kind cluster #2094
• OCPBUGS-31081: Periodically check the ovnkube-node certificate is not expired #2099
• OCPBUGS-31033: Remove OVN topology version reporting/detection #2098
• OCPBUGS-31500, OCPBUGS-31501: EIP multi NIC IPv6 support and default route with next hop #2103
• OCPBUGS-29599: Update HostNetworkNamespace address_set for remote zone nodes #2074
• Full changelog

powervs-block-csi-driver

• OCPBUGS-36096: Fix CVE-2024-6104 by updating http-retryable to 0.7.7 #89
• OCPBUGS-33622: Fix CVE2023-45288 by bumping x/net to v0.24.0 -4.15 #80
• Full changelog

prometheus-config-reloader, prometheus-operator, prometheus-operator-admission-webhook

• OCPBUGS-38400: feat: sync proxy settings in Alertmanager configuration #300
• OCPBUGS-36719: add proxyURL validation for smon,pmon and probe #298
• OCPBUGS-29180: fix: convert continue field between v1beta1 and v1alpha1 #276
• OCPBUGS-29509: fix: don’t fail metadata transform on unknown types (#6298) #278
• Full changelog

service-ca-operator

• OCPBUGS-34797: set required-scc for openshift workloads #243
• Full changelog

telemeter

• OCPBUGS-34831: fix issuer check during JWT authentication for 4.15 #538
• : OCPBUGS-35076: Release Fix CVE go-jose #542
• OCPBUGS-32890: CVE-2024-28180 bump go-jose to v3.0.3 #531
• OCPBUGS-24153: Updating telemeter-container image to be consistent with ART #496
• Full changelog

tests

• OCPBUGS-38787: [4.15] egressfirewall: skip ping tests in case of hypershift kubevirt on Azure infra #28994
• OCPBUGS-36264: add Proxy config #28912
• OCPBUGS-37630: remove unused in-cluster monitoring code #28956
• #28746 FIX [release-4.15] OCPBUGS-33023: update egressFWTestE2E image which contains ping binary #28898
• OCPBUGS-36724: Removes dependency on samples operator images #28927
• OCPBUGS-36319: Only look for thanos connections to platform monitoring stack #28915
• OCPBUGS-34949: test/extended: skip etcd leader change check on hypershift #28919
• OCPBUGS-28928: Add test for UpgradeValidation contention #28820
• OCPBUGS-33368: [release-4.15] monitor test service-type-load-balancer-availability setup fails frequently in 4.14 & 4.15 PowerVS CI jobs #28821
• #28776 FIX [release-4.15] OCPBUGS-33368: monitor test fix to wait before connecting to a non-existent dns on PowerVS and IBMCloud platforms #28791
• OCPBUGS-26520: Kuryr: Ignore Upgradeable=False on operators tests #28512
• OCPBUGS-33347: Provide SCC access via RBAC #28780
• OCPBUGS-33541: Adjust the method of get the apiServer (release-4.15) #28762
• OCPBUGS-33473: [release-4.15] MULTIARCH-4352: Censor private key from pod dump logs #28666
• : OCPBUGS-32554: Also rely on oomkilled exit code 137 in build test #28724
• OCPBUGS-31726: Use centos7 tag instead of latest for cmd images tests #28688
• OCPBUGS-30892: fix panic on non-standard node-role labels #28656
• OCPNODE-2101: add kube-rbac-proxy-crio toleration change #28637
• OCPBUGS-30161: Skip tests for image-registry operator with single replica #28633
• OCPBUGS-29927: Only extract node role from properly formatted node-role label #28615
• TRT-1512: Add debug messages to debug openshift-tests hang #28610
• Full changelog

vsphere-cloud-controller-manager

• OCPBUGS-37659: Bump otelgrpc to v0.49.0 #71
• Full changelog

vsphere-cluster-api-controllers

• OCPBUGS-30117: manifests: Add in CustomNoUpgrade #38
• OCPBUGS-26476: UPSTREAM: <carry>: bump x/crypto #35
• Full changelog

vsphere-csi-driver, vsphere-csi-driver-syncer

• OCPBUGS-33604: FailedPrecondition volume does not appear staged #118
• Full changelog

vsphere-problem-detector

• OCPBUGS-37760: Drop event when CheckDefaultDatastore fails #170
• OCPBUGS-35732: Fix missing failure-domains #161
• Full changelog

---

View changelog in Markdown or change previous release: 4.15.324.15.314.15.304.15.294.15.284.15.274.15.264.15.254.15.244.15.234.15.224.15.214.15.204.15.194.15.184.15.174.15.164.15.154.15.144.15.134.15.124.15.114.15.104.15.94.15.84.15.74.15.64.15.54.15.44.15.34.15.24.15.14.15.04.15.0-rc.84.15.0-rc.74.15.0-rc.54.15.0-rc.44.15.0-rc.34.15.0-rc.24.15.0-rc.14.15.0-rc.04.14.404.14.394.14.384.14.374.14.364.14.354.14.344.14.334.14.324.14.314.14.304.14.294.14.284.14.274.14.264.14.254.14.244.14.234.14.224.14.214.14.204.14.194.14.184.14.174.14.164.14.154.14.144.14.134.14.124.14.114.14.104.14.94.14.84.14.74.14.64.14.54.14.44.14.34.14.24.14.14.14.04.14.0-rc.74.14.0-rc.64.14.0-rc.54.14.0-rc.44.14.0-rc.34.14.0-rc.24.14.0-rc.14.14.0-rc.04.13.534.13.524.13.514.13.504.13.494.13.484.13.474.13.464.13.454.13.444.13.434.13.424.13.414.13.404.13.394.13.384.13.374.13.364.13.354.13.344.13.334.13.324.13.314.13.304.13.294.13.284.13.274.13.264.13.254.13.244.13.234.13.224.13.214.13.194.13.184.13.174.13.164.13.154.13.144.13.134.13.124.13.114.13.104.13.94.13.84.13.74.13.64.13.54.13.44.13.34.13.24.13.14.13.04.13.0-rc.84.13.0-rc.74.13.0-rc.64.13.0-rc.54.13.0-rc.44.13.0-rc.34.13.0-rc.24.13.0-rc.04.12.694.12.684.12.674.12.664.12.654.12.644.12.634.12.624.12.614.12.604.12.594.12.584.12.574.12.564.12.554.12.544.12.534.12.524.12.514.12.504.12.494.12.484.12.474.12.464.12.454.12.444.12.434.12.424.12.414.12.404.12.394.12.384.12.374.12.364.12.354.12.344.12.334.12.324.12.314.12.304.12.294.12.284.12.274.12.264.12.254.12.244.12.234.12.224.12.214.12.204.12.194.12.184.12.174.12.164.12.154.12.144.12.134.12.124.12.114.12.104.12.94.12.84.12.74.12.64.12.54.12.44.12.34.12.24.12.14.12.04.12.0-rc.84.12.0-rc.74.12.0-rc.64.12.0-rc.54.12.0-rc.44.12.0-rc.34.12.0-rc.24.12.0-rc.14.12.0-rc.04.11.594.11.584.11.574.11.564.11.554.11.544.11.534.11.524.11.514.11.504.11.494.11.484.11.474.11.464.11.454.11.444.11.434.11.424.11.414.11.404.11.394.11.384.11.374.11.364.11.354.11.344.11.334.11.324.11.314.11.304.11.294.11.284.11.274.11.264.11.254.11.244.11.234.11.224.11.214.11.204.11.194.11.184.11.174.11.164.11.154.11.144.11.134.11.124.11.114.11.104.11.94.11.84.11.74.11.64.11.54.11.44.11.34.11.24.11.14.11.04.11.0-rc.74.11.0-rc.64.11.0-rc.54.11.0-rc.44.11.0-rc.34.11.0-rc.24.11.0-rc.14.11.0-rc.04.11.0-fc.34.11.0-fc.24.11.0-fc.0───4.18.0-0.nightly-2024-11-09-0842414.18.0-0.nightly-2024-11-09-0031354.18.0-0.nightly-2024-11-08-1355434.18.0-0.nightly-2024-11-08-0557324.18.0-0.nightly-2024-11-07-2150084.18.0-0.nightly-2024-11-07-1439194.18.0-0.nightly-2024-11-07-0727534.18.0-0.nightly-2024-11-07-0018304.18.0-0.nightly-2024-11-06-1550304.18.0-0.nightly-2024-11-06-0518144.18.0-0.nightly-2024-11-05-1635164.18.0-0.nightly-2024-11-04-1827184.18.0-0.nightly-2024-11-04-1100344.18.0-0.nightly-2024-11-01-0539254.18.0-0.nightly-2024-10-31-2338064.18.0-0.nightly-2024-10-31-1901194.18.0-0.nightly-2024-10-31-1127014.18.0-0.nightly-2024-10-30-2039474.18.0-0.nightly-2024-10-30-1222204.18.0-0.nightly-2024-10-30-0622284.18.0-0.nightly-2024-10-29-2305244.18.0-0.nightly-2024-10-29-1123374.18.0-0.nightly-2024-10-29-0637504.18.0-0.nightly-2024-10-29-0011204.18.0-0.nightly-2024-10-28-1416544.18.0-0.nightly-2024-10-28-0524344.18.0-0.nightly-2024-10-27-1851044.18.0-0.nightly-2024-10-26-185236───4.18.0-0.ci-2024-11-09-1521084.18.0-0.ci-2024-11-09-0921084.18.0-0.ci-2024-11-09-0321084.18.0-0.ci-2024-11-08-2121064.18.0-0.ci-2024-11-08-1521054.18.0-0.ci-2024-11-08-0921054.18.0-0.ci-2024-11-08-0321054.18.0-0.ci-2024-11-07-2121054.18.0-0.ci-2024-11-07-152105───4.17.0-0.nightly-2024-11-09-0113064.17.0-0.nightly-2024-11-08-1611304.17.0-0.nightly-2024-11-08-0722114.17.0-0.nightly-2024-11-08-0051184.17.0-0.nightly-2024-11-07-0442484.17.0-0.nightly-2024-11-07-0002334.17.0-0.nightly-2024-11-06-1813454.17.0-0.nightly-2024-11-06-1314264.17.0-0.nightly-2024-11-06-0608504.17.0-0.nightly-2024-11-05-2238064.17.0-0.nightly-2024-11-05-1520014.17.0-0.nightly-2024-11-05-0829414.17.0-0.nightly-2024-11-04-2349074.17.0-0.nightly-2024-11-04-1424404.17.0-0.nightly-2024-11-04-0358544.17.0-0.nightly-2024-11-01-2112074.17.0-0.nightly-2024-11-01-1456554.17.0-0.nightly-2024-11-01-0713204.17.0-0.nightly-2024-11-01-0252534.17.0-0.nightly-2024-10-31-2001354.17.0-0.nightly-2024-10-31-1440424.17.0-0.nightly-2024-10-31-0717154.17.0-0.nightly-2024-10-31-0035394.17.0-0.nightly-2024-10-30-1542534.17.0-0.nightly-2024-10-30-0709344.17.0-0.nightly-2024-10-30-0210054.17.0-0.nightly-2024-10-29-1927514.17.0-0.nightly-2024-10-29-1010324.17.0-0.nightly-2024-10-28-2337064.17.0-0.nightly-2024-10-28-1303154.17.0-0.nightly-2024-10-28-045239───4.17.0-0.ci-2024-11-09-1230004.17.0-0.ci-2024-11-09-0408394.17.0-0.ci-2024-11-08-2208394.17.0-0.ci-2024-11-08-1608394.17.0-0.ci-2024-11-08-0914354.17.0-0.ci-2024-11-08-0314354.17.0-0.ci-2024-11-07-2000444.17.0-0.ci-2024-11-07-1301284.17.0-0.ci-2024-11-07-0701284.17.0-0.ci-2024-11-07-0101284.17.0-0.ci-2024-11-06-174516───4.16.0-0.nightly-2024-11-08-1002164.16.0-0.nightly-2024-11-08-0432164.16.0-0.nightly-2024-11-07-1750284.16.0-0.nightly-2024-11-07-1126014.16.0-0.nightly-2024-11-06-2153544.16.0-0.nightly-2024-11-06-1706484.16.0-0.nightly-2024-11-06-0912534.16.0-0.nightly-2024-11-05-2345124.16.0-0.nightly-2024-11-05-1553284.16.0-0.nightly-2024-11-05-0705384.16.0-0.nightly-2024-11-05-0037354.16.0-0.nightly-2024-11-04-1311024.16.0-0.nightly-2024-11-04-0402534.16.0-0.nightly-2024-11-01-0900594.16.0-0.nightly-2024-11-01-0416544.16.0-0.nightly-2024-10-31-1933014.16.0-0.nightly-2024-10-30-0238204.16.0-0.nightly-2024-10-29-2108244.16.0-0.nightly-2024-10-29-1146464.16.0-0.nightly-2024-10-29-0702204.16.0-0.nightly-2024-10-29-0137584.16.0-0.nightly-2024-10-28-1951274.16.0-0.nightly-2024-10-28-035511───4.16.0-0.ci-2024-11-09-0229404.16.0-0.ci-2024-11-08-1617004.16.0-0.ci-2024-11-08-0743344.16.0-0.ci-2024-11-08-0129164.16.0-0.ci-2024-11-07-1806374.16.0-0.ci-2024-11-07-1017544.16.0-0.ci-2024-11-07-0259244.16.0-0.ci-2024-11-06-205924───4.15.0-0.nightly-2024-11-09-0311594.15.0-0.nightly-2024-11-08-1831304.15.0-0.nightly-2024-11-08-0745514.15.0-0.nightly-2024-11-08-0040594.15.0-0.nightly-2024-11-07-1408574.15.0-0.nightly-2024-11-07-0716564.15.0-0.nightly-2024-11-06-1929264.15.0-0.nightly-2024-11-06-1232014.15.0-0.nightly-2024-11-06-0420244.15.0-0.nightly-2024-11-05-2132534.15.0-0.nightly-2024-11-05-1113134.15.0-0.nightly-2024-11-04-211539───4.15.0-0.ci-2024-11-08-2359584.15.0-0.ci-2024-11-08-1336314.15.0-0.ci-2024-11-08-0709574.15.0-0.ci-2024-11-08-0109574.15.0-0.ci-2024-11-07-1909574.15.0-0.ci-2024-11-07-0857304.15.0-0.ci-2024-11-07-0257304.15.0-0.ci-2024-11-06-203401───4.14.0-0.nightly-2024-11-08-2118154.14.0-0.nightly-2024-11-08-0431344.14.0-0.nightly-2024-11-08-0022284.14.0-0.nightly-2024-11-06-1538224.14.0-0.nightly-2024-11-06-1153114.14.0-0.nightly-2024-11-06-0806224.14.0-0.nightly-2024-11-06-0008534.14.0-0.nightly-2024-11-04-211041───4.14.0-0.ci-2024-11-09-0739544.14.0-0.ci-2024-11-08-1939374.14.0-0.ci-2024-11-08-0416204.14.0-0.ci-2024-11-07-2216204.14.0-0.ci-2024-11-07-1503124.14.0-0.ci-2024-11-07-064037───4.13.0-0.nightly-2024-11-07-1600184.13.0-0.nightly-2024-11-07-0751154.13.0-0.nightly-2024-11-06-2118464.13.0-0.nightly-2024-11-06-1356474.13.0-0.nightly-2024-11-05-1845014.13.0-0.nightly-2024-11-05-1245014.13.0-0.nightly-2024-10-30-1350544.13.0-0.nightly-2024-10-30-075054───4.13.0-0.ci-2024-11-07-1355324.13.0-0.ci-2024-11-06-2040324.13.0-0.ci-2024-11-05-1748364.13.0-0.ci-2024-11-05-0417514.13.0-0.ci-2024-10-31-124528───4.12.0-0.nightly-2024-11-08-1613044.12.0-0.nightly-2024-11-07-0529244.12.0-0.nightly-2024-11-06-1923094.12.0-0.nightly-2024-11-05-0900004.12.0-0.nightly-2024-11-05-0115384.12.0-0.nightly-2024-11-04-0517084.12.0-0.nightly-2024-10-31-141700───4.12.0-0.ci-2024-11-08-1522394.12.0-0.ci-2024-11-07-1230014.12.0-0.ci-2024-11-07-0025474.12.0-0.ci-2024-11-06-1802454.12.0-0.ci-2024-11-05-0714104.12.0-0.ci-2024-11-04-1058394.12.0-0.ci-2024-11-04-045839───4.11.0-0.nightly-2024-07-06-0140574.11.0-0.nightly-2024-07-01-0855474.11.0-0.nightly-2024-04-20-1326214.11.0-0.nightly-2024-04-15-1237064.11.0-0.nightly-2024-04-15-0346274.11.0-0.nightly-2024-03-18-1654324.11.0-0.nightly-2024-03-12-2229304.11.0-0.nightly-2024-02-01-0446274.11.0-0.nightly-2024-01-19-1107024.11.0-0.nightly-2024-01-15-0229494.11.0-0.nightly-2024-01-10-203533───4.11.0-0.ci-2024-09-18-0735584.11.0-0.ci-2024-09-17-2036254.11.0-0.ci-2024-07-30-2032534.11.0-0.ci-2024-07-23-1708064.11.0-0.ci-2024-07-01-0910384.11.0-0.ci-2024-06-28-2035454.11.0-0.ci-2024-06-18-0336354.11.0-0.ci-2024-06-07-1944004.11.0-0.ci-2024-06-05-1627184.11.0-0.ci-2024-06-01-042714───4.18.0-ec.34.18.0-ec.24.18.0-ec.14.18.0-ec.0

Source code for this page located on github