Back to index

Download the installer for your operating system or run

oc adm release extract --tools quay.io/openshift-release-dev/ocp-release:4.17.28-x86_64

Team Approvals:

• Accepted
  • QE

Tests:

• Blocking jobs
  • upgrade Succeeded release-openshift-origin-installer-e2e-aws-upgrade
  • upgrade-minor Failed release-openshift-origin-installer-e2e-aws-upgrade
• Informing jobs
  • aws-ovn-serial Succeeded periodic-ci-openshift-release-master-nightly-4.17-e2e-aws-ovn-serial
  • aws-ovn-upgrade-4.17-micro Succeeded periodic-ci-openshift-release-master-ci-4.17-e2e-aws-ovn-upgrade
  • aws-ovn-upgrade-micro Succeeded (1 retries) periodic-ci-openshift-release-master-ci-4.17-e2e-aws-ovn-upgrade
  • azure-ovn-upgrade-4.17-micro Succeeded (1 retries) periodic-ci-openshift-release-master-ci-4.17-e2e-azure-ovn-upgrade
  • fips-scan Succeeded periodic-ci-openshift-release-master-nightly-4.17-fips-payload-scan
  • gcp-ovn-rt-upgrade-4.17-minor Succeeded periodic-ci-openshift-release-master-ci-4.17-upgrade-from-stable-4.16-e2e-gcp-ovn-rt-upgrade
  • hypershift-ovn-conformance-4.17 Succeeded periodic-ci-openshift-hypershift-release-4.17-periodics-e2e-aws-ovn-conformance
  • metal-ipi-ovn-bm Failed (3 retries) periodic-ci-openshift-release-master-nightly-4.17-e2e-metal-ipi-ovn-bm
  • metal-ipi-ovn-ipv6 Succeeded periodic-ci-openshift-release-master-nightly-4.17-e2e-metal-ipi-ovn-ipv6

Upgrades from:

• 4.17.27 (changes) - S F S F S F S
• 4.17.26 (changes) - Success
• 4.17.25 (changes) - Failed
• 4.17.19 (changes) - Success
• 4.17.12 (changes) - Failed
• 4.17.7 (changes) - Success
• 4.17.2 (changes) - Success
• 4.17.1 (changes) - Success
• 4.17.0 - Failed
• 4.16.39 (changes) - F F F F S
• 4.16.38 (changes) - Success
• 4.16.37 (changes) - Failed
• 4.16.33 (changes) - Success
• 4.16.29 (changes) - Failed
• 4.16.25 (changes) - Success
• 4.16.10 (changes) - Success
• 4.16.9 (changes) - Success
• 4.16.8 (changes) - Failed
• 4.16.0-0.nightly-2025-05-01-084351 (changes) - Success

Upgrades to:

• 4.18.12 (changes) - Success
• 4.18.0-0.nightly-2025-05-02-234313 (changes) - Pending
• 4.18.0-0.ci-2025-05-02-222247 (changes) - Pending Pending

---

Changes from 4.17.0

Created: 2025-05-01 16:46:01 +0000 UTC

Image Digest: sha256:035baf97e4c715fc1afb681a9f789d99ebaf568b2656584d59f72962e0d14bcd

Components

• Kubectl upgraded from 1.30.2 to 1.30.5
• Kubernetes upgraded from 1.30.4 to 1.30.11
• Kubernetes Tests 1.30.0
• Red Hat Enterprise Linux CoreOS upgraded from 417.94.202409121747-0 to 417.94.202504291434-0 (diff)

New images

• gcp-workload-identity-federation-webhook git 08579e9f sha256:3d72794fcd40b847e3fbaf3529231fe9149a6dede2a45dfe31fbd306df9b50b9

Removed images

• ovirt-machine-controllers

Rebuilt images without code change

• agent-installer-utils git 3b99303b sha256:2e3c12f80ae0f3a058a76083a166f0f52d2c488757bff1ba8e3c3dcb78d151e5
• apiserver-network-proxy git cd426416 sha256:1462a7d9268b1f123b16e52e0916f99762235a593f1a370bd9747278f0bef42e
• aws-cloud-controller-manager git 8c77f418 sha256:57c421ec589d5bde9a9ae09a14dd401e6f4f7502383d9cc1d592c4cce6998920
• aws-ebs-csi-driver git 2bb5b316 sha256:2d10b0d8215610e706014b0d201ed462caee0d4d5d530c5c3727b9d6ea026a9d
• azure-cluster-api-controllers git d359bfe5 sha256:dc21bf04fe634e62e83a5df806c81b014fd77f71ee574892334b84a66095b5f9
• azure-disk-csi-driver git a544f30b sha256:88411c5fea9d080379418df9f140189954d82eba1d11390f5ae357e399262582
• azure-file-csi-driver git 9f4c38c2 sha256:3959dc623d65e2352382307e411589e9d01ce3d9f7a7a2659f02413d9256de05
• cloud-network-config-controller git 779b346c sha256:698211795dbabe068f87d21f624e09d28742483015be770b1cdb5c6138283b69
• cluster-capi-controllers git 77ef4fc5 sha256:34f8869cd85d3c50ffb737883786ddaea37f7c3f222241ea6a34e429fde1a01b
• cluster-config-operator git 0dc084f4 sha256:d8048fd42ae41e8eb61f9fb2f484ecd84212b858b419447e70d95b90f1562c42
• cluster-csi-snapshot-controller-operator git ffba005b sha256:38bbe69d4b7db72c4fa3715e9a76395d4666b02eea19a4a983d71e599f0638db
• cluster-ingress-operator git cb5306d7 sha256:c987ba71f8168f0a523f2be6507e00fff6c262d4bfad59f4c87841330fa96dd9
• cluster-kube-controller-manager-operator git 0a9ed573 sha256:a2184bde2de353cf90eddabb81dd1c85ee5ceec3f6914af58db453ee2c13197f
• cluster-kube-scheduler-operator git 98ca953b sha256:7ca513675dbe0e79573c841589f823a39d7eada90e0a41a39ee94fa7348242bc
• cluster-olm-operator git e31b7775 sha256:0ca3d57b8877810f82784753ba1bc8b67a764245e0530addc811cad61843f039
• cluster-policy-controller git 7209e90d sha256:0d24d9508157347f020c6b99eefef619585dc37542b36f45ca62e10330e4deef
• cluster-update-keys git 2ce31fc5 sha256:772397f5e6cf6068df029ec793486d9ae08d0af8098cae011a4ce986be675425
• configmap-reloader git b877222b sha256:9c9c5a3e7e9909130823093870ac570b67be9bb5dd35906af266ef6391cd1354
• container-networking-plugins git 24a65329 sha256:19647286f9c75dd092be4de0edb723882af3961300a18c4aed6881bf259e6c70
• containernetworking-plugins-microshift git 24a65329 sha256:44ab8531897438f9b25f0b6d90e5b224e3928a3f12f8b24dd18113d7bbb40ece
• coredns git d3b441c1 sha256:8be1b918af3a97bea0f8aaddd1920fabdd64d23621ae73fb61a403c611515c3a
• csi-driver-nfs git 6a72c254 sha256:470652ca1988e7b75fe22f5b211175ffeb91c8fd4a602c40f92f3b22e8567655
• csi-driver-shared-resource-operator git c095a1f2 sha256:cdcd032de3bccab45d6c7cbb5d2ac3107eaff5b4b279d67f081a39ddc1320b49
• csi-external-attacher git c3fe8e2e sha256:9a65583194250712313a1e893bd5e03a9345a16c4f5174e9c9e6e7d18413bc9a
• csi-external-provisioner git fe460e56 sha256:3ae17709e7c44b06b85543548ddfec54c8c1c04167ca10b8ab82e3cc4cf8a29b
• csi-external-resizer git ab87a938 sha256:deaf59f4cfc7254ab8b35634ac18281cf88ff0ddc151d0498a21d6e91c30a4e3
• csi-external-snapshotter git aa558ca4 sha256:cf848a2e0ca5bdcb850bef50193c8db40c18521c2e5d7f1b5658329a485f8d42
• csi-livenessprobe git 075ebcdc sha256:150cf47c016ea3a318be89b0fb80b5f81a3ddc38aaaae9f4f9ab08478b054a85
• csi-node-driver-registrar git 436a1f33 sha256:6bf2240cfccf984fdc0a6f33318c681704a495d62527d2f7242934f098378221
• csi-snapshot-controller git aa558ca4 sha256:5d1dd18616427bc717e49b781e6434ca616c31fc7daeb5596d1703f2d3379ef2
• csi-snapshot-validation-webhook git aa558ca4 sha256:4ca3355941315a1db451ba8c6ce329c2f7d0286b3585196a30e1ed35ba1ee228
• driver-toolkit git 859518f6 sha256:8edadcbdbe43b80cea7a3076897e893c8e3d974c6cea165cd8ecb00e03d1ce78
• egress-router-cni git 3193a756 sha256:9d5ce7ba2746d808b7bda9c491ecbaa158917b2659546eb9be7752d14a79f845
• gcp-cloud-controller-manager git 8ce997d7 sha256:35098fdc72303c21755abaad4cc05553d6c969dc601d6a2ab91d7aabcadf923e
• gcp-cluster-api-controllers git 9c561f2d sha256:6433c81cd98c85abe6b1bbd8e74a776462ad78575cc6bde0664458ed685611ac
• gcp-pd-csi-driver git c770b412 sha256:ba5d03691cb09bc208c30c6c9ce746911468a4fb772dbef5520f723063bf2a94
• gcp-pd-csi-driver-operator git c23b064f sha256:3bf929bf48fec827cf4f54ff5fec04de0740b1f14a4e1da63ad580bb9245a103
• haproxy-router git a33f2b6a sha256:1c122143be877d7d89163a4c9f3780eef8b8686057ad1889aa3102321e54a98c
• ibm-cloud-controller-manager git ad8f7eb0 sha256:1384411d0b3794e280491e0b0e14252c5e4f9e43e58e6602b0442ab9a3fb2b0c
• ironic-machine-os-downloader git b698ea3e sha256:1726d045b526bd930e04ceaa125da6477f7a44b18c9b01f723ff3cc1320da9ba
• keepalived-ipfailover git e3879e9e sha256:dcb142b3a5afe0e7b7a51a1c94661855bd54776ca51575630bc43f02ba12c554
• kube-state-metrics git 462e63f6 sha256:bfd60907c9836d089067b19a287d3267fa9ab98e09420e6a4f0e1ffb51506d04
• kube-storage-version-migrator git 34fafc04 sha256:63059adfd5fb0042f492f3fdf938beb0de950f3c86fcef51fd595099e3638e51
• kubevirt-cloud-controller-manager git 3f4542ec sha256:352ba91a72d19fa2b0006740b6e0e22b9824f73d3fad3ccf3cfdee0735525aab
• libvirt-machine-controllers git a336f0b5 sha256:fa4bd7d988c14418df8c332de4fea3b5ea57dc0727a461f68472925aa6eb9696
• machine-image-customization-controller git 74bee374 sha256:8bd8caf2fac84354a4407c48651d11d055c90e09f06ea57c1825d2be59ca18fc
• multus-admission-controller git 076f0caa sha256:878826b56658eac597d692338bc3e7d469568776c9d6f71c11b63bcd0932e01a
• multus-networkpolicy git 7d01ea1c sha256:93e501b312ea23b290e46c14787acecdb02636333f5388429b5400bc4599be9b
• multus-route-override-cni git 391c1b03 sha256:5784e4d821cc26ffffad6e6e3ed101fc2842ebc3d89b16eac041dde506c1ce01
• network-interface-bond-cni git 8630f336 sha256:66eb46a96bd308c39af00caad02b3dd77cc7d1dedfba70ead48c9390dc9ca9f9
• network-tools git 8e170b4f sha256:4b75b7fd029742eb75968481f181fd1f219b6b9fa0da0b48987cf988ca48d5f1
• nutanix-cloud-controller-manager git c9f6cd1f sha256:065ce9ed541af2ee48a9c7d803865180f3c0431c2e96edfa1b09bab0bbbf40bf
• nutanix-machine-controllers git 68aa2bbf sha256:d8add7c0ed65ac5c6a053c21fe96fe8955b6541f9b05a47863974d18a7021ad4
• openshift-state-metrics git 1e963eb5 sha256:62724925ca3ab5c18ebd7692e89e41ecf7e0d33176850f67eeae9692a6927cb5
• openstack-cinder-csi-driver-operator git f89b6dbc sha256:213222f7adf001b898109567c42c82d6d9325ee707615caa1ac0fc15fae574f0
• openstack-machine-api-provider git 68971874 sha256:1396e057385c7d8da1dc40c52033b1bbbedab984703de3e484cfea750652b224
• ovirt-csi-driver git 1db726a9 sha256:0c5c2dc265383ca172155921b1984557dc71532d880ee3f105d86b736d46f48d
• ovirt-csi-driver-operator git 0feae256 sha256:1d55ee07b1be3dbd3b9a2e46aa5b8eeceb055c531c49362ace9423327fbf57bc
• powervs-block-csi-driver git aaa6afa9 sha256:d08894b4f991791b4f1a1603c215538b1b6ebed430e07533287abf86baa2c3cd
• powervs-block-csi-driver-operator git f6f037c5 sha256:9fdf5e3812eef56895b938f68f8d148c2888158d01fcd817ef8292deff66fc34
• powervs-cloud-controller-manager git bd3d72e5 sha256:5ce97b705cd6ea00a6d5517f13e468c0b2bbe902d425ec3048d90d7dbdc7bedf
• prom-label-proxy git d80e9044 sha256:db3b3649eec224de4af5c5223bf4928f8e302c5f54ec9d501ce8bb71c3c627a3
• prometheus-alertmanager git d7c1a7c6 sha256:693a75146dc6f1436bc4998d59185e379a695b57c7e9d20945e84589fb142d6d
• prometheus-node-exporter git d88fd69b sha256:ba960fd338ec7abcc2a936137587076f80ec113a081be8d1df91fec8d3ce09df
• rhel-coreos sha256:2ff359d354396fbb2e16c7daf5333f3e46293bc372f21faf4805b21abfcd6ac4
• rhel-coreos-extensions sha256:ad7d7f59ce4297d875e78cbfbf77c28f90126288981f1e4e050f9631abc63835
• telemeter git e2b25245 sha256:93a0c6f59c4f920371c1210668bc5c0a9d6fca17dfe978d8427f772464e16af4
• thanos git 5b567365 sha256:171a666373eefa0b34cc77d1c1e1361020055746c641f81bdf55581304ef1a45
• vsphere-cluster-api-controllers git 1661cc3f sha256:8f5f4a8c8d9b31039b46e2297ba597600522fefd00eb2472c4f7a64739136723
• vsphere-problem-detector git cd0df71f sha256:8f0fc81d0fa8ab13f02d4aa1827cf2e48b4de3d7b8f46b612fe1483f8e34f559

agent-installer-api-server

• OCPBUGS-51230: Revert go-jose from v4.0.5 to v0.3.04 (#7605) #7605
• OCPBUGS-51230: Bump github.com/go-jose/go-jose/v4 to v4.0.5 in release-4.17 (#7574) #7574
• OCPBUGS-54402: Bump go-jwt to 4.5.2 to fix CVE-30204 (#7484) #7484
• OCPBUGS-48390: Bump moby from v26.0.0 to v27.2.1 (#7188) #7188
• MGMT-19537: Bump golang.org/x/net to 0.33.0 (#7129) #7129
• OCPBUGS-42525: Disable pprof for agent-based installer (#6897) #6897
• OCPBUGS-43020: Update go-jose to v2.6.3 to mitigate CVE-2024-28180 (#6892) #6892
• Updating ose-agent-installer-api-server-container image to be consistent with ART for 4.17 (#6709) #6709
• OCPBUGS-42569: Libraries bump to mitigate CVE-2024-27289 (#6832) #6832
• MGMT-17805: Fix MCO reboot error for s390x (#6727) #6727
• OCPBUGS-36577: Switch to github.com/docker/distribution/reference to mitigate CVE-2024-3727 (#6750) #6750
• Full changelog

agent-installer-csr-approver, agent-installer-orchestrator

• OCPBUGS-53719: Bump jwt to 4.5.2 in release-4.17 (#1086) #1086
• abi: let the bootstrap waiting for workers before rebooting (#1028) #1028
• OCPBUGS-47493: MGMT-19537: Bump golang.org/x/net to 0.33.0 (#989) #989
• OCPBUGS-44904: Rhcos fails to reboot for skip mco reboot on s390x (#942) #942
• OCPBUGS-38466: Allow controller to continue when assisted-service (#918) #918
• OCPBUGS-43023: Pick up latest CVE changes by bumping service (#919) #919
• OCPBUGS-42156: Switch to github.com/docker/distribution/reference to Mitigate CVE-2024-3727 (#904) #904
• Full changelog

agent-installer-node-agent

• OCPBUGS-52994: Update to latest ghw version (#986) #986
• Updating ose-agent-installer-node-agent-container image to be consistent with ART for 4.17 (#798) #798
• OCPBUGS-53711: Bump jwt to 4.5.2 in release-4.17 (#964) #964
• NO-ISSUE: Increase image pull timeout during install (#922) #922
• MGMT-19537: Bump golang.org/x/net to 0.33.0 (#873) #873
• OCPBUGS-43024: Pick up latest CVE changes by bumping service (#805) #805
• OCPBUGS-42157: Switch to github.com/docker/distribution/reference to Mitigate CVE-2024-3727 (#783) #783
• Full changelog

aws-cluster-api-controllers

• OCPBUGS-53727: bump to github.com/golang-jwt/jwt/v4@v4.5.2 #546
• OCPBUGS-51309: UPSTREAM: 5339: Bump glog for recent fixes #539
• OCPBUGS-43921: OSD-25934: Only tag NetworkInterfaces in RunInstances if IAM Allows It #528
• Full changelog

aws-ebs-csi-driver-operator, azure-disk-csi-driver-operator, azure-file-csi-driver-operator

• OCPBUGS-46512: remove EFS driver metrics #350
• OCPBUGS-44974: Set separate secrets for file and disk config on HyperShift #331
• OCPBUGS-42949: add tag matching to Azure File storage class #291
• OCPBUGS-43789: add ability to control kube rbac proxy container image… #310
• OCPBUGS-42997: Correct aws efs csi driver config as removable #296
• Full changelog

aws-kms-encryption-provider

• OCPBUGS-34314: Updating aws-kms-encryption-provider-container image to be consistent with ART for 4.17 #19
• hack: display diff on verify-mod-tidy failure #25
• Full changelog

aws-machine-controllers

• OCPBUGS-45186: fix Associate*IpAddress flag when launch EC2 #118
• Full changelog

aws-pod-identity-webhook

• OCPBUGS-51232: github.com/go-jose/go-jose/v4 v4.0.5 #202
• Full changelog

azure-cloud-controller-manager, azure-cloud-node-manager

• OCPBUGS-46039: Prevent panic when informer receives cache.DeletedFinalStateUnknown #132
• Full changelog

azure-kms-encryption-provider

• OCPBUGS-53495: bump golang-jwt v4 #12
• OCPBUGS-34277: Updating azure-kms-encryption-provider-container image to be consistent with ART for 4.17 #7
• Full changelog

azure-machine-controllers

• OCPBUGS-54393: Re-reconcile machine on NIC provisioning failure #136
• OCPBUGS-52359: Remove unused vnet package #130
• OCPBUGS-50017: dynamically setting the amount of fault domains #127
• Full changelog

azure-workload-identity-webhook

• OCPBUGS-53799: github.com/golang-jwt/jwt/v4 v4.5.2 #32
• OCPBUGS-51234: github.com/go-jose/go-jose/v4 v4.0.5 #28
• Full changelog

baremetal-cluster-api-controllers

• OCPBUGS-47049: Bump x/net to 0.33.0 #32
• Full changelog

baremetal-installer, installer, installer-altinfra, installer-artifacts

• OCPBUGS-55224: Fix Load balancer IP setup #9675
• OCPBUGS-51116: update resolv.conf every time on bootstrap node #9504
• OCPBUGS-51210: Fixes panic during GCP tags fetch due to unstable network #9512
• OCPBUGS-46375: Allow spaces in the aws tags [release-4.17] #9315
• OCPBUGS-54357: IBMCloud: Move to IBM TF openshift fork #9613
• OCPBUGS-53378: Remove error logging when determining image arch #9581
• OCPBUGS-53459: aws: fix NLB creation in secret regions #9071
• OCPBUGS-52961: Remove tmp directory used for agent pxe files #9552
• OCPBUGS-43528: Prevent race with provisioning-interface service #9110
• OCPBUGS-44058: Log correct hostname for validation status #9162
• OCPBUGS-50967: PowerVS: destroy dhcp hack #9494
• OCPBUGS-50846: OCPBUGS-50702: [release-4.17] MGMT-19771: Convert IDS to proper IDMS manifest #9470
• OCPBUGS-50876: correct typo #9484
• OCPBUGS-49975: aws/edge/byovpc: subnets tag kube cluster tag to shared #9445
• OCPBUGS-48761: Update RHCOS 4.17 bootimage metadata to 417.94.202501301529-0 #9448
• OCPBUGS-49993: Disable IP Forwarding for CAPG Machines #9446
• OCPBUGS-41300: Azure: Update SecurityType passed in at Image creation #9409
• OCPBUGS-49362: [Nutanix] Installation failed with timeout when uploading images to PC #9406
• OCPBUGS-48645: azure: use separate /var to avoid growfs timeouts #9381
• OCPBUGS-45340: move GCP zone filtering client-side #9264
• OCPBUGS-48257: remove the types which failed by RHEL-59521 and add the new gpu vm type #9354
• OCPBUGS-45813: Remove unused variable from ASH arm template 06_workers.json #9285
• OCPBUGS-48359: Allow more time for Service Account Creation #9362
• OCPBUGS-45344: support additionalNTPSources in node-joiner tool #9265
• OCPBUGS-48119: Always set AllowCrossTenantReplication parameter to false #9346
• OCPBUGS-46432: Power VS: Create region-zone-sysType hierarchy #9319
• OCPBUGS-46360: aws: add ec2:AllocateAddress perm requirement. #9313
• no-jira: Collect bootstrap logs when control plane provisioning fails #9308
• OCPBUGS-45726: IBMCloud: Add service overrides #9267
• OCPBUGS-42117: Remove destroy search for regional target tcp proxies #9025
• OCPBUGS-45484: PowerVS: Listen to machineNetwork #9271
• OCPBUGS-44848: aws: user right perm for untagging BYO IAM profiles #9228
• OCPBUGS-45276: Bump Azure Machine Timeout #9257
• ARO-12457: Include bootstrap docker config file in go module #9258
• OCPBUGS-43047: fix slice init length #9089
• OCPBUGS-43800: pkg/asset/installconfig/azure: send full certifcate chain #9140
• CORS-3753: Allow mocking of the Azure client everywhere #9219
• OCPBUGS-44611: [release-4.17] capi/aws: set Node Port Service CIDR override #9209
• OCPBUGS-44230: Add C4A instance types #9181
• OCPBUGS-44231: [release-4.17] capi/aws: bump provider for LB DNS lookup fix #9179
• OCPBUGS-44261: Ensure rendezvousIP is checked against host IP #9184
• OCPBUGS-43972: Cherrypick oci ccm fix to 4.17 #9152
• OCPBUGS-44247: PowerVS: Update 4.17 CAPI ibmcloud to 9b077049 #9182
• OCPBUGS-41642: vendor: Update openshift/api to pick up v4.17 capability sets #9013
• OCPBUGS-44226: PowerVS: Fix MissingSecurityGroupRules #9175
• OCPBUGS-44227: PowerVS: Fix destroy persistent TG #9176
• OCPBUGS-44228: PowerVS: Change CAPI verbosity level #9177
• OCPBUGS-43846: add chrony.conf file when additional NTP sources are configured #9142
• OCPBUGS-43735: Add C4 instance validation #9130
• OCPBUGS-43897: Revendor assisted service external platform oci #9147
• OCPBUGS-43786: Limit GCP API firewall rule for internal clusters #9138
• OCPBUGS-43547: Power VS: Fix incorrect error handling for AddSecurityGroupRule #9112
• OCPBUGS-43088: GCP Validate Disk and Instance Type #9091
• OCPBUGS-43329: IBMCloud: Handle pagination for subnets #9096
• OCPBUGS-42716: Update RHCOS 4.17 bootimage metadata to 417.94.202410090854-0 #9092
• OCPBUGS-42806: gather: simplify service regex for analyze #9079
• OCPBUGS-42996: Power VS Ensure Metadata populated for CAPI/private cluster case on PowerVS #9086
• OCPBUGS-42115: Add validation for gcp disk and instance types #9023
• OCPBUGS-42842: add new tested azure instance types detected during QE 4.17 full function test #9080
• OCPBUGS-41812: Validate MTU for custom network #9084
• OCPBUGS-42794: PowerVS: Add support for persistent Transit Gateways #9078
• OCPBUGS-42699: machines: don’t sort mpool zones #9065
• OCPBUGS-42483: PowerVS: update capi ibmcloud c6bcd313 for 4.17 #9054
• OCPBUGS-39414: OpenStack: Install CI dependencies from rpm #8994
• OCPBUGS-42142: Skip private managed zone creation for xpn installs #9033
• OCPBUGS-42183: Add GCP N4 Machine Series to tested instances for OCP #9041
• OCPBUGS-42126: add tested IBMCloud instance types in 4.17 test #9030
• OCPBUGS-42118: Set default release image to 4.17 #9026
• OCPBUGS-42116: Remove bindings for XPN installs #9024
• OCPBUGS-39409: Fix IPv6 security group rule for schedulable master #8970
• OCPBUGS-41622: update RHCOS 4.17 bootimage metadata to 417.94.202409120353-0 #9019
• OCPBUGS-42051: Fix integration tests #9018
• OCPBUGS-41300: Azure CAPI: Improve handling of security features configured on the MachinePools and OSDisk #9007
• OCPBUGS-39286: Fix var_files syntax to work on older version of ansible #8933
• OCPBUGS-41896: Add AWS c7g,m7g,r8g to tested instance types #9005
• OCPBUGS-41542: Azure CAPI: Update publicAccess for Blob Containers #9006
• OCPBUGS-41702: aws: bump capa to fix EIP leak on bootstrap when BYOIP #8991
• Full changelog

baremetal-machine-controllers

• OCPBUGS-46646: Bump x/net to 0.33.0 #225
• Full changelog

baremetal-operator

• OCPBUGS-53325: BMO can expose any secret via BMCEventSubscription CRD #406
• OCPBUGS-42387: Remove dataImage finalizer if BMH is missing #390
• OCPBUGS-49701: Handle HFC for non-redfish HW #395
• Full changelog

baremetal-runtimecfg

• OCPBUGS-48766: Extend haproxy-monitor fall time #340
• Full changelog

cli, cli-artifacts, deployer, tools

• OCPBUGS-49607: Address golang.org/x/* CVEs #1962
• OCPBUGS-50984: Add HOST env var in oc debug for sos report collects more #1976
• OCPBUGS-49605: Address github.com/docker/docker CVE #1968
• OCPBUGS-45344: additional rbac policy rules #1937
• OCPBUGS-45517: add retry in case of image pull error #1940
• OCPBUGS-44508: Show node-joiner container logs when error occurs #1912
• OCPBUGS-44830: Fix newapp unit test failure by using different image #1913
• OCPBUGS-43696: Bump k8s dependencies to 1.30.5 #1902
• OCPBUGS-41642: vendor: Update openshift/api to pick up the v4.17 capability set #1876
• OCPBUGS-42176: Fix copy artifacts for all CPU architectures #1880
• OCPBUGS-42721: Update push targets of digest with new appended tags #1892
• OCPBUGS-42580: fix outputname flag for node-image create command #1888
• OCPBUGS-42164: Check cast result in adm prune deployments to prevent panic #1879
• Full changelog

cloud-credential-operator

• OCPBUGS-53415: github.com/golang/glog v1.2.4 #842
• OCPBUGS-53823: update github.com/golang-jwt/jwt #838
• OCPBUGS-51548: Ignore SNYK-GOLANG-GOLANGORGXOAUTH2JWS-8749594 due to not being affected #828
• OCPBUGS-51238: github.com/go-jose/go-jose/v4 v4.0.5 #825
• OCPBUGS-47071: golang.org/x/net v0.33.0 #804
• OCPBUGS-45938: Add AWS region to aws-pod-identity-webhook #799
• OCPBUGS-45006: Add retry to ccoctl gcp create functions #793
• OCPBUGS-45001: github.com/golang-jwt/jwt/v4 v4.5.1 #787
• OCPBUGS-44123: Add GCP pod identity webhook #776
• OCPBUGS-43644: Only attempt timed token credentials on supported platforms. #773
• OCPBUGS-43335: Update github.com/sirupsen/logrus v1.9.3 #766
• Full changelog

cluster-authentication-operator

• OCPBUGS-54580: Avoid duplicate OAuth client creation #765
• OCPBUGS-43657: audit: do not log requests to /livez #724
• OCPBUGS-42784: manifests should not use APIs that are removed in upcoming releases #712
• OCPBUGS-42545: when no type is specified, don’t make illegal condition #703
• Full changelog

cluster-autoscaler

• OCPBUGS-54325: improve replica counting and decrease target size behavior #352
• OCPBUGS-48606: UPSTREAM: <carry>: 🐛(metrics) Initialize metrics for autoscaler errors, scale events, and pod evictions #337
• OCPBUGS-45147: [release-4.17] VPA: Update OWNERS file #324
• Full changelog

cluster-autoscaler-operator

• OCPBUGS-45929: set max soft bulk taint count to zero #337
• Full changelog

cluster-baremetal-operator

• OCPBUGS-54542: Add missing relatedObjects #469
• OCPBUGS-41926: SCC-pinning for metal3-baremetal-operator #444
• Full changelog

cluster-bootstrap

• OCPBUGS-34034: Updating ose-cluster-bootstrap-container image to be consistent with ART for 4.17 #108
• Full changelog

cluster-capi-operator

• OCPBUGS-48493: fix: always update clusteroperator status versions when differing #250
• OCPBUGS-41576: Use CAPO v0.10 and API v1beta1 #205
• Full changelog

cluster-cloud-controller-manager-operator

• OCPBUGS-43389: update goimports targets #371
• OCPBUGS-41941: IBMCloud: Modify liveness probe for IBM Cloud CCM to use loopback address #365
• Full changelog

cluster-config-api

• OCPBUGS-49702: Add IdleConnectionTerminationPolicy field to IngressControllerSpec #2186
• OCPBUGS-39130: Added checks to prevent vCenters from changing after install past 1 vCenter #2014
• Full changelog

cluster-control-plane-machine-set-operator

• OCPBUGS-44047: relax validation on delete and if failureDomains not configured #330
• Full changelog

cluster-dns-operator

• OCPBUGS-52497: [release-4.17] Add runbook_url for CoreDNSErrorsHigh #430
• Full changelog

cluster-etcd-operator

• OCPBUGS-53511: fix CVE-2025-30204 #1414
• OCPBUGS-38574: use pooled client for etcd single member health checks #1327
• Full changelog

cluster-image-registry-operator

• OCPBUGS-51103: ensure that storage names don’t end in dashes #1180
• OCPBUGS-43564: fix proxy config and leader election test flakes #1144
• OCPBUGS-43350: pkg/storage/azure: also check for auth failure error code on deletion #1139
• OCPBUGS-42812: azureclient: stop validating credentials when creating the client #1130
• OCPBUGS-42394: pkg/storage/azure: use cluster-api tag key to discover vnet #1125
• OCPBUGS-42362: Continuous pull-secret updates / slow initialization on build01 (test platform infrastructure) #1124
• Full changelog

cluster-kube-apiserver-operator

• OCPBUGS-50516: Increase waitForFallbackDegradedConditionTimeout #1803
• OCPBUGS-43657: audit: do not log requests to /livez #1758
• OCPBUGS-34310: Updating ose-cluster-kube-apiserver-operator-container image to be consistent with ART for 4.17 #1738
• Full changelog

cluster-kube-cluster-api-operator

• OCPBUGS-42612: Sync Release 4.17 with UPSTREAM #48
• Full changelog

cluster-kube-storage-version-migrator-operator

• OCPBUGS-46593: “gracefully” shutdown KSVM pod. #123
• Full changelog

cluster-machine-approver

• OCPBUGS-48155: Fix race condition in CO status controller test #266
• OCPBUGS-46429: Filter CSRs by signerName #261
• OCPBUGS-45918: Ensure trailing dots on DNS names do not block serving cert auth #256
• OCPBUGS-45918: Client internal DNS checks should ignore trailing dot #250
• OCPBUGS-43312: Client internal DNS checks should be case insensitive #242
• Full changelog

cluster-monitoring-operator

• OCPBUGS-44971: Add new metrics for OpenShift logging telemetry #2526
• OCPBUGS-44003: fix(monitoring-plugin): disable emitting nginx version on error pages #2511
• OCPBUGS-43690: chore: introduce a config parsing check via a strict unmarshaller for… #2494
• OCPBUGS-43788: Add runbook url for TelemeterClientFailures #2507
• OCPBUGS-43545: Fix api doc on Thanos Ruler default retention #2501
• OCPBUGS-41341: disable user-defined monitoring per object #2458
• OCPBUGS-41908: filter alerts sent to Telemeter #2470
• Full changelog

cluster-network-operator

• OCPBUGS-55033: Add IPv6 NGINX configuration #2689
• OCPBUGS-52951: Unexpected Behavior During Cluster Upgrade for the ovn-ipsec-host pods #2654
• OCPBUGS-49816: ovn-k, rbac: Enable users read & modify UserDefinedNetwork CRs #2655
• OCPBUGS-49961: Update egressfirewall CRD to be consistent with ovn-kubernetes repo #2642
• : OCPBUGS-44863: Add nodeslicepool #2574
• OCPBUGS-44807: ovn-k, cudn: Add missing permissions to ovnkube-node #2575
• OCPBUGS-43714: Skip including default crypto policies to avoid authby issue #2597
• OCPBUGS-46146: Remove ip xfrm state when IPsec is disabled #2594
• OCPBUGS-44415: Pass transit_switch_subnet options in ovnkube-node pod #2561
• OCPBUGS-44807, SDN-4930, SDN-5297: OVN-Kubernetes node RBAC tightening #2568
• OCPBUGS-44807, SDN-5297, SDN-5472: bindata, ovn-k: Add ClusterUserDefinedNetwork CRD and RBAC #2566
• OCPBUGS-44807, SDN-4930, SDN-5297: ovn-k, udn: Update UserDefinedNetwork CRD #2551
• OCPBUGS-44807, SDN-4930, SDN-5297: Adds UDN list/watch to ovnknode rbac #2540
• OCPBUGS-44779, SDN-5436: Provide support for user owned IPsec machine configs #2564
• OCPBUGS-44330: Add controlplane cli image envar for use with hypershift #2542
• OCPBUGS-43343: OCPBUGS-42244: Exporting environment varialbe NODE_CNI for live migration #2536
• OCPBUGS-43317: Use CNIConfDir for mounting directory to ovn-ipsec-host pod #2533
• OCPBUGS-39300: rebase openshift/api for openshift-sdn removal [4.17] #2477
• OCPBUGS-39121: Live migration: report network overlap via live_migration_blocked metric #2483
• OCPBUGS-42260: Configure narrowing=yes for IPsec connections #2510
• Full changelog

cluster-node-tuning-operator

• use ROLE_WORKER_CNF environment variable to determine mcp name (#1290) #1290
• Add missing Polarion test case id (#1288) #1288
• e2e: tuned degraded test fix (#1259) #1259
• OCPBUGS-48213: [release-4.17][manual] Adjust Workload Hints test cases based on Intel or AMD (#1277) #1277
• PPC: correct EnableHardwareTuning flag value (#1271) #1271
• e2e: add irdma to module_blacklist kernel args (#1266) #1266
• OCPBUGS-45964: performanceprofile cpuset input validation (#1247) #1247
• OCPBUGS-43664: Add vendor and architecture specific tuning options (#1191) #1191
• OCPBUGS-44644: cmd: PPC: support tolerating heterogeneous core IDs (#1252) #1252
• OCPBUGS-45264: Normalize cpu sets when rendering to Tuned profiles (#1238) (#1248) #1238
• e2e: wait for node inspector deletion (#1205) #1205
• Fixing empty tuned submodule when using Dockerfile (#1211) #1211
• E2E: fix modify node selector to use lowercase (#1186) #1186
• OCPBUGS-38900: Drop sched_migration_cost_ns setting (#1201) #1201
• Make ocp-tuned-one-shot.service restart on-failure (#1187) #1187
• Fix context deadlines in ExecCommandOnPod() (#1189) #1189
• OCPBUGS-43566: CI: unblock (#1188) #1188
• E2E: wait for ovs services affinity to reset after deployment deletion (#1160) #1160
• OCPBUGS-38721: tuned: distinguish deferred updates (#1149) #1149
• OCPBUGS-39005: Add cluster-wide proxy env file (#1145) #1145
• Full changelog

cluster-openshift-apiserver-operator

• OCPBUGS-43657: audit: do not log requests to /livez #599
• Full changelog

cluster-openshift-controller-manager-operator

• OCPBUGS-47770: Add team members to the OWNERS file #375
• Full changelog

cluster-samples-operator

• OCPBUGS-55042: Adding mutex to func createSamples on handler.go #632
• OCPBUGS-54362: add rhdmalone to owners #619
• OCPBUGS-48786: add shannon and aroyoredhat as owners #595
• OCPBUGS-39120: Sync the non-OKD assets from master to release-4.17 #577
• OKD-225: remove only the EOL CentOS 7 images #575
• Full changelog

cluster-storage-operator

• OCPBUGS-52222: fix Vsphere cluster Storage operator in Unavailable state #560
• OCPBUGS-44997: Fix PodStartupStorageOperationsFailing alert #543
• OCPBUGS-43794: add ability to control kube rbac proxy container image on controlplane #529
• OCPBUGS-43112: assets: shared-resource: hypershift: add pull-secret to operator SA #520
• Full changelog

cluster-version-operator

• OCPBUGS-50589: Set openshift.io/required-scc: privileged annotation in version pods #1154
• OCPBUGS-39558: Filter out shallowly UpdateEffectNone errors from a MultipleErrors message in the Failing condition #1114
• OCPBUGS-45328: deps: bump golang.org/x/net to 0.31.0 #1117
• OCPBUGS-43586: Upgradeable=False should not block a 4.(y+1).z to 4.(y+1).z’ retarget #1095
• OCPBUGS-41642: vendor: Update openshift/api to pick up the v4.17 capability sets #1087
• Full changelog

console

• OCPBUGS-55202: Do not load CSRs if user does not have permissions #14985
• OCPBUGS-52999: Pipeline visualisation shows all tasks as Failed and after that goes to Running state #14862
• OCPBUGS-53168: Remove logoutOpenShift method call #14883
• OCPBUGS-51277: Fix JSON annotation parsing issue and harden related code #14795
• OCPBUGS-53086: Update the monitoring topic used by the console team #14871
• OCPBUGS-52205: Show Observe section without PROMETHEUS and MONITORING flags #14811
• OCPBUGS-51292: fix run time error when no completed version exists #14796
• OCPBUGS-51126: Fix alert rule link to alert in dev perspective #14785
• OCPBUGS-49795: ‘create a Project’ button on Getting started page doesn’t work #14714
• OCPBUGS-39602: Set default build option as BUILDS for Builder Image sample #14241
• OCPBUGS-45740: Fix Function Import: An error occurred Cannot read properties of undefined (reading ‘filter’) #14595
• OCPBUGS-45625: use default StorageClass for ServerlessFunction pipelineVolumeClaimTemplate #14589
• OCPBUGS-41596: No need to supply ‘User workload notifications’ option on ‘User Preference’ page for normal user #14265
• OCPBUGS-44220: disable flaking and change pre-condition test for knative e2e #14467
• OCPBUGS-43751: Added token to proxy header #14430
• OCPBUGS-48161: ERROR in search tool: Cannot read properties of undefined (reading ‘state’) #14667
• OCPBUGS-48227: fix navigation from non-General User Preference tab to… #14674
• OCPBUGS-41672: Update vendor imports to include all PatternFly components #14272
• OCPBUGS-46344: OCP web console show pod status as Init:0/1 after using Native sidecars #14616
• OCPBUGS-47497: Getting Oh no, something went wrong error when trying to install operator. #14645
• OCPBUGS-43673: Disable GQL introspection #14640
• OCPBUGS-45949: ReRun of Resolver based PipelineRuns fails from UI #14605
• OCPBUGS-45954: Fixed capitalization in OpenShift Lightspeed #14607
• OCPBUGS-45948: ImagePullSecret getting duplicated when editing DeploymentConfig in Form View #14604
• OCPBUGS-45667: Do not pass CSV name to operand list page when an exen… #14591
• OCPBUGS-46000: The description and name for GCP Pool ID is not consist #14611
• OCPBUGS-42558: Plugins that use very old PF4 dropdown or menu components with grouped items have bullets and padding that needs to be removed. #14344
• OCPBUGS-44656: update ConditionalUpdates release type #14505
• OCPBUGS-43888: While accessing the node terminal from UI observed ‘Warning alert:Admission Webhook Warning` #14444
• OCPBUGS-43441: fix table combination #14546
• OCPBUGS-44169: use TaskRuns results.tekton.dev/record annotation to get the logs #14538
• OCPBUGS-44873: Unable to remove finally tasks in pipeline builder mode #14527
• OCPBUGS-42791: Add missing pipelines plugin name to known plugins #14377
• OCPBUGS-44699: Add multiline support to template instantiation #14508
• OCPBUGS-44183: Remove ClusterTask dependency in console from Pipelines 1.17 #14512
• OCPBUGS-44764: Add IBM Block Storage CSI driver support for RWX #14517
• OCPBUGS-43795: While upgrading the cluster from UI observed Warning alert:Admission Webhook Warning #14433
• OCPBUGS-44722: include external labels so silenced alerts not displayed in notifications #14511
• OCPBUGS-44358: BuildConfig form breaks on manually enter the Git URL #14478
• OCPBUGS-43073: Telemetry userPreference results in empty nodes output to the DOM #14392
• OCPBUGS-44587: Start last run do not work in buildConfig details page #14499
• OCPBUGS-44586: Collapse/Expand Feature Added, Removal Option Removed in Version 4.16 #14498
• OCPBUGS-44450: Don’t request user settings configmap if no user has been loaded. #14482
• OCPBUGS-44479: conditionally display MachineConfig details page Confi… #14488
• OCPBUGS-43878: Add flag to hide the pipelines-plugin pipeline builder extensions #14457
• OCPBUGS-42824: remove axios as it is no longer in use #14381
• OCPBUGS-42955: Enabling topology e2e tests on CI #14402
• OCPBUGS-43009: Project is “Undefined” on “VolumeSnapshot” create page #14389
• OCPBUGS-42607: add role exclusion to avoid unexpected triggering the namespace menu #14351
• OCPBUGS-42606: make createdBy mandatory and auto fill with the current user #14352
• OCPBUGS-42585: Red Hat Camel K Operator installation via cli #14346
• OCPBUGS-42299: Increase login flow state paramater length/entropy #14318
• OCPBUGS-42391: change “Partial cluster update” to “Control plane onl… #14323
• OCPBUGS-42380: Allow operators to enable monitoring by default #14316
• OCPBUGS-42060: Console crashes when ssh is selected in add secret for starting a pipeline run #14301
• OCPBUGS-42223: restore Spotlight removal on next click #14314
• OCPBUGS-39181: add Create button to Console plugins tab #14220
• OCPBUGS-39091: update Events ChipGroup to use integrated close #14211
• OCPBUGS-38563: do not directly mutate links in useMemo #14159
• OCPBUGS-41685: Topology screen crashes when completed pod is selected #14276
• OCPBUGS-41482: Unit Tests for the new Ask Lightspeed Button #14249
• OCPBUGS-39601: Console user settings resources misses ownerRef, removing a user results in remaining data #14240
• Full changelog

console-operator

• OCPBUGS-45302: console/status: set initial value of Message field #943
• OCPBUGS-46390: Dont disable console when authConfig type is set to None #951
• Full changelog

csi-driver-manila, openstack-cinder-csi-driver, openstack-cloud-controller-manager

• OCPBUGS-52416: Merge https://github.com/kubernetes/cloud-provider-openstack:release-1.30 into release-4.17 #319
• OCPBUGS-43427: Merge https://github.com/kubernetes/cloud-provider-openstack:release-1.30 into release-4.17 #314
• OCPBUGS-43427: Merge https://github.com/kubernetes/cloud-provider-openstack:release-1.30 into release-4.17 #302
• Full changelog

csi-driver-manila-operator

• OCPBUGS-38457: Add missing healthchecks #240
• Full changelog

csi-driver-shared-resource, csi-driver-shared-resource-webhook

• OCPBUGS-34217: Updating ose-csi-driver-shared-resource-container image to be consistent with ART for 4.17 #188
• OCPBUGS-44510: Updating ose-csi-driver-shared-resource-webhook-container image to be consistent with ART for 4.17 #233
• Full changelog

docker-builder

• OCPBUGS-53075: Upgraded Kubernetes dependency from 1.28.2 to 1.30.2 #465
• OCPBUGS-42894: buildah dependency bump to 1.37.6 #452
• OCPBUGS-33889: Updating openshift-enterprise-builder-container image to be consistent with ART for 4.17 #393
• OCPBUGS-47768: Add team members to the OWNERS file #423
• OCPBUGS-47712: skipping some unit tests to avoid failures as they are duplicate #421
• Full changelog

docker-registry

• OCPBUGS-49695: bump docker distribution #422
• Full changelog

etcd

• DOWNSTREAM: <carry>: OCPBUGS-53447: fix a compaction induce latency issue #321
• ETCD-714: Rebase etcd 3.5.18 openshift 4.17 #310
• NO-ISSUE: Add support for cachi2 based deps #297
• OCPBUGS-42680: Rebase etcd 3.5.16 openshift 4.17 #291
• NO-JIRA: use golang 1.22 image #286
• Full changelog

gcp-machine-controllers

• OCPBUGS-53037: Disable shielded VMs for non-UEFI disks #115
• OCPBUGS-48064: Refactor exists() to handle gcp API change #105
• OCPBUGS-46082: update a2 gpu detection logic to be dynamic #100
• OCPBUGS-43738: Add c4a instance as arm type #95
• Full changelog

hyperkube, pod

• OCPBUGS-53016: Bump k8s api to 1.30.11 #2250
• OCPBUGS-51006: Bump k8s api to 1.30.10 #2210
• OCPBUGS-49905: Bump k8s api to 1.30.9 #2198
• : OCPBUGS-46364: Fix grace period used for immediate evictions #2164
• OCPBUGS-46002: Bump k8s api to 1.30.7 #2160
• OCPBUGS-39318: UPSTREAM: 126994: Add required FieldManager for validatingadmissionpolicy e2e #2070
• OCPBUGS-43820: UPSTREAM: <carry>: kubelet/cm: fix bug where kubelet restarts from missing cpuset cgroup #2126
• OCPBUGS-44897: Backport format library to enable usage in 4.18 #2140
• OCPBUGS-44512: Bump k8s api to 1.30.6 #2134
• OCPBUGS-42427: UPSTREAM: 125398: Fix issue with scheduler failing on hostname mismatch #2097
• OCPBUGS-42640: Unrevert Bump k8s api to 1.30.5” #2107
• OCPBUGS-42640: Revert #2089 “OCPBUGS-42167: Bump k8s api to 1.30.5” #2100
• OCPBUGS-42167: Bump k8s api to 1.30.5 #2089
• OCPBUGS-42019: UPSTREAM: <drop>: bump(github.com/openshift/apiserver-library-go) #2087
• Full changelog

hypershift

• OCPBUGS-51808: Fix golang crypto dependency go.mod replacement #5993
• OCPBUGS-54841: Add konnectivity-proxy sidecar to openshift-oauth-apiserver #6017
• OCPBUGS-53323: Handle multiple mirror entries for source #5894
• OCPBUGS-54631: Sync RBAC for attaching volumes on VM level #5997
• NO-JIRA: update konflux references #5479
• OCPBUGS-53903: bump golang-jwt v4 and v5 #5906
• NO-JIRA: Red Hat Konflux update control-plane-operator-4-17 #5959
• ART-11792: update go mod dependency for konflux #5920
• OCPBUGS-51737, OCPBUGS-51808: Bump dependencies to OCP fork in backports #5900
• OCPBUGS-48439: kubevirt, Don’t break on hostname NodePort.Address #5394
• OCPBUGS-51240: bump go-jose #5863
• OCPBUGS-52657: Make managed-trust-bundle optional #5794
• OCPBUGS-52425: [release-4.17] refactor aws identity health check into new controller #5772
• OCPBUGS-46340: change plaform to platform #5562
• OCPBUGS-51339: [release-4.17] Fix IsProgressing condition in HostedClusters #5712
• OCPBUGS-50697: add region to AWS creds passed to operators managed by CPO #5671
• OCPBUGS-51098: 4.17 Add HostedCluster additional trustbundles to konnectivity-https-proxy #5675
• NO-JIRA: Update dependency mkdocs-material to v9.6.5 #5682
• OCPBUGS-50596: Honor proxy vars in the util insecure http client #5605
• OCPBUGS-49828: Duplicate hostDevices.name when hostDevices.deviceName has multiple types. #5558
• OCPBUGS-48487, OCPBUGS-48488, OCPBUGS-48490: Fix IPv6 Disconnected HCP deployments #5402
• OCPBUGS-47533: Prevent IgnitionServer from flooding the API server with patch requests #5332
• NO-JIRA: Update dependency mkdocs-material to v9.6.3 #5590
• OCPBUGS-45268: Reconcile proxy CA bundle into hosted cluster #5228
• OCPBUGS-46465: Consistently look up and dial cloud API hostnames #5302
• NO-JIRA: Update dependency mkdocs-material to v9.6.1 #5528
• OCPBUGS-49638: fix overwriting PKI operator HCP conditions #5504
• OCPBUGS-46440: Allow ARM64 arch deployment on Agent platform #5296
• OCPBUGS-48170: fix disconnected via CLI #5465
• OCPBUGS-38810: nodepoolcontroller: List() PerformanceProfile status per NodePool #4585
• NO-JIRA: Update dependency mkdocs-mermaid2-plugin to v1.2.1 (release-4.17) #5428
• NO-JIRA: Update dependency mkdocs-material to v9.5.50 (release-4.17) #5427
• OCPBUGS-44927: Add multi-arch validation for HC/NodePool compatibility #5238
• NO-JIRA: [release-4.17] Bump golang.org/x/crypto and golang.org/x/net #5368
• NO-JIRA: Update Konflux references (release-4.17) #5329
• OCPBUGS-46412: Separate CPO containerfiles #5285
• NO-JIRA: chore(deps): update konflux references (release-4.17) #5289
• NO-JIRA: chore(deps): update dependency mkdocs to v1.6.1 (release-4.17) #5290
• OCPBUGS-44114: Add external kas address to no proxy skip list #5028
• NO-JIRA: Red Hat Konflux update hypershift-release-mce-28 #5174
• NO-JIRA: chore(deps): update konflux references (release-4.17) #5249
• OCPBUGS-44630: Use ingress role in private link controller for DNS operations #5142
• NO-JIRA: chore(deps): update konflux references (release-4.17) #5183
• NO-JIRA: chore(deps): update konflux references (release-4.17) #5154
• NO-JIRA: chore(deps): update konflux references (release-4.17) #5144
• OCPBUGS-44184: dont use registryOverrides on kube rbac proxy image be… #5033
• NO-JIRA: chore(deps): update konflux references (release-4.17) #5113
• OCPBUGS-43929: Return the right tagReference on Catalogs ImageStream #4993
• OCPBUGS-44276: Configure OAuth https proxy to dial cloud endpoints directly #5070
• OCPBUGS-44268: Fix order rendering HCP objects #5064
• NO-JIRA: Update Konflux references (release-4.17) #5098
• chore(deps): update konflux references (release-4.17) #5075
• HOSTEDCP-2046: CPO 4.17 tekton builds #5006
• NO-JIRA: chore(deps): update konflux references (release-4.17) #5053
• NO-JIRA: Update Konflux references to fedcfe0 (release-4.17) #5041
• chore(deps): update konflux references (release-4.17) #5023
• chore(deps): update konflux references to f53fe54 (release-4.17) #5018
• NO-JIRA: Update Konflux references (release-4.17) #5009
• OCPBUGS-42879: Add network policies for konnectivity server and ignition server proxy #4865
• NO-JIRA: bump catalog operators version #4992
• NO-JIRA: chore(deps): update konflux references (release-4.17) #4972
• OCPBUGS-43746: add ValidIDPConfiguration condition to report IDP config issues #4969
• NO-JIRA: chore(deps): update konflux references (release-4.17) #4958
• OCPBUGS-43464: Pass feature flags to clusterpolicy controller #4928
• NO-JIRA: chore(deps): update konflux references (release-4.17) #4931
• OCPBUGS-42704: Run 2 replicas of active/passive HA components #4843
• OCPBUGS-43316: Enforce privileged PSA by default #4834
• NO-JIRA: chore(deps): update konflux references (release-4.17) #4921
• OCPBUGS-43374: release-4.17 openstack/e2e: re-work nodepool tests #4914
• NO-JIRA: chore(deps): update konflux references to 674e70f (release-4.17) #4907
• NO-JIRA: chore(deps): update konflux references (release-4.17) #4895
• OCPBUGS-43051: Use guest DNS resolution in Konnectivity HTTPS proxy by default #4885
• HOSTEDCP-2020: [release-4.17] Add support for SharedVPC #4873
• HOSTEDCP-2023: [release-4.17] Split worker and vpc endpoint security groups #4882
• OCPBUGS-42974: [release-4.17] Do not send traffic to local audit-webhook through konnectivity #4869
• NO-JIRA: Remove EnsurePSANotPrivileged check #4855
• OCPBUGS-42714: label routes only when HCP router used #4845
• NO-JIRA: chore(deps): update konflux references to 37b9187 (release-4.17) #4854
• OCPBUGS-42390: Add Annotation to skip deleting hcp namespace #4792
• NO-JIRA: chore(deps): update konflux references (release-4.17) #4812
• NO-JIRA: e2e: openstack: fix nil deref in route53 teardown #4810
• OCPBUGS-42261: Conditionally manage kubeconfig secrets for DNS and Ingress operators #4764
• OCPBUGS-42098: Use KubeClientCABundle for HostedClusterConfigOperator cluster-signer-ca #4736
• chore(deps): update konflux references to 5ac9b24 (release-4.17) #4780
• OCPBUGS-41552: Let payload generation pick the release for the NodePool #4691
• chore(deps): update konflux references to 2c3426a (release-4.17) #4774
• NO-JIRA: chore(deps): update konflux references (release-4.17) #4761
• NO-JIRA: Security fixes for openshift-ci-security job #4748
• NO-JIRA: chore(deps): update konflux references (release-4.17) #4726
• HOSTEDCP-1953: bump CCO version #4694
• Full changelog

ibm-vpc-block-csi-driver

• OCPBUGS-53911: bump github.com/golang-jwt/jwt/v4 to v4.5.2 #83
• Full changelog

ibm-vpc-block-csi-driver-operator

• OCPBUGS-42277: Reorder static resources to create RBAC first #128
• Full changelog

ibmcloud-cluster-api-controllers

• OCPBUGS-50566: Fix for CVE-2024-45338 in golang.org/x/net/html in release-4.17 #101
• OCPBUGS-44880: Fetch service instance id from spec of IBMPowerVSCluster object while setting provider id #94
• OCPBUGS-37369: UPSTREAM: <carry>: Fix go-retryablehttp CVE - 4.17 #86
• Full changelog

ibmcloud-machine-controllers

• OCPBUGS-52957: IBMCloud: MAPI replacing unhealthy CP nodes #63
• OCPBUGS-37379: Bump dependency for CVE #49
• Full changelog

insights-operator

• AUTH-482: set required-scc for dataGahtering jobs & pods #1049
• Full changelog

ironic

• METAL-1305: Do not use openstack packages #647
• OCPBUGS-52292: Fix runlogwatch script #643
• OCPBUGS-50673: Install python3-inotify pkg explicitly #640
• OCPBUGS-49998: Fix runlogwatch failure if LOG_DIR does not exist #637
• OCPBUGS-49822: Drop quiet option of grep to avoid race condition with pipefail #633
• OCPBUGS-49756: Use pynotify instead of inotify-tools #631
• OCPBUGS-48149: Bump jinja2 to 3.1.5 #622
• OCPBUGS-43955, OCPBUGS-43963: Bump python-waitress [4.17] #603
• OCPBUGS-42692: Include fixes for CVE-2024-5569 #590
• OCPBUGS-42509: Include fix for CVE-2024-47211 #593
• Full changelog

ironic-agent

• METAL-1305: Do not use openstack packages #179
• OCPBUGS-39013: Bump ironic-lib to fix utf8 decoding issue #155
• Full changelog

ironic-static-ip-manager

• OCPBUGS-49350: Fix subnet validation #47
• Full changelog

kube-metrics-server

• : OCPBUGS-46491: Disable HTTP2 #40
• Full changelog

kube-proxy

• OCPBUGS-43807: Revendor to a patched k/k with our prefer-local-DNS hack #640
• Full changelog

kube-rbac-proxy

• OCPBUGS-42697: protobuf bump [4.17] #112
• Full changelog

kubevirt-csi-driver

• OCPBUGS-54631: Ensure volume stays attached through reboots #56
• OCPBUGS-44623: During detach don’t return error if VM is not found #50
• Full changelog

machine-api-operator

• OCPBUGS-53036, OCPBUGS-53037: Updates GCP credentials request #1345
• OCPBUGS-52576: add image/read permissions #1344
• OCPBUGS-52359: Remove unneeded VNet permissions from Azure CredentialsRequest #1337
• OCPBUGS-51370: Drop oVirt support #1334
• OCPBUGS-43851: vSphere klog initialization preventing verbose log messages #1302
• OCPBUGS-42414: Ensure deletion annotation takes priority and oldestPolicy can distinguish longer ages #1293
• Full changelog

machine-config-operator

• OCPBUGS-54830: Make mtu-migration run after wait-for-primary-ip #4989
• OCPBUGS-52314: on-prem/resolv-prepender: stop leaking tmp files #4894
• OCPBUGS-45989: Do not run resolv-prepender from NM dispatcher #4785
• OCPBUGS-52188: ignore mc not found error #4957
• OCPBUGS-52951: Add ipsec connect wait service #4930
• OCPBUGS-53441: Fixing typos for MachineConfigNode #4936
• OCPBUGS-53186: Update ObservedGeneration in KubeletConfig #4919
• OCPBUGS-53225: daemon: ensure ostree-finalize-staged is started before rebooting #4920
• OCPBUGS-52160: Enforce VIPs to be collocated at the same host #4884
• OCPBUGS-52303: Enable nmstate-configuration on all platforms #4891
• OCPBUGS-51003: daemon: add nil check for annotation fetching #4862
• OCPBUGS-51353: Update cluster-reader ClusterRole permissions #4882
• OCPBUGS-50955: create /run/nodeip-configuration before use #4858
• OCPBUGS-51334: Update format verbs for alert logs #4880
• OCPBUGS-52257: configure-ovs workaround for ovs-if-br-ex bug #4889
• OCPBUGS-49973: Update the storage.conf configuration file template #4836
• OCPBUGS-49363: Auto-recover from MC with invalid extension #4824
• OCPBUGS-49716: MCO CO degrades are stuck on until master pool updates complete #4826
• OCPBUGS-49639: Add clarification to invalid maxUnavailable alert #4820
• OCPBUGS-47475: Pausing Master MCP results in Alerts #4769
• OCPBUGS-47802: OCPBUGS-47801: trying to wait for sub-controllers #4775
• OCPBUGS-38292: controller: default to runc when upgrading clusters from 4.17 to 4.18 #4715
• OCPBUGS-45918: Remove trailing periods from AWS provided hostnames #4738
• OCPBUGS-39223: Do not enable on-prem-resolv-prepender.path for UPI #4572
• OCPBUGS-38292: Revert “controller: default to runc when upgrading clusters from 4.17 to 4.18” #4716
• OCPBUGS-38292: controller: default to runc when upgrading clusters from 4.17 to 4.18 #4635
• OCPBUGS-44561: Disable tx chksum for driver IDPF on GCP C3/C4 #4701
• MCO-1343: Backport Telemetry to 4.17 #4650
• OCPBUGS-43917: Disable ESP offload for OVS attached interfaces #4667
• OCPBUGS-43719: Soften haproxy timeout for kubeapi probe #4657
• OCPBUGS-42577: openstack: fix non-old systemd compatible unit #4620
• OCPBUGS-42108: Do not use ‘restart’ for ‘oneshot’ service #4615
• OCPBUGS-42979: Regenerate the rendered MC in use when deleted #4634
• OCPBUGS-42677: The MCO does not properly degrade when pools are failing to render a new config #4623
• OCPBUGS-42081: Check for kernel arg diff in updateOnClusterBuild #4595
• OCPBUGS-41255: Set ESP offloads off in bonds if slaves don’t support them #4598
• OCPBUGS-42256: Panic seen in CI job for MCC pod #4603
• OCPBUGS-42200: MCPs report wrong number of nodes when we move nodes from one custom MCP to another custom MCP #4602
• OCPBUGS-41357: Enable the use of Linux Bridge as the ovs default port connection #4567
• OCPBUGS-41686: MCPs with RHEL nodes are degraded when a userCA bundle is added to the cluster #4580
• Full changelog

machine-os-images

• OCPBUGS-54146: Change rhcos release browser url #56
• Full changelog

metallb-frr

• OCPBUGS-55344: OpenShift Only: TEMPORARY: pin FRR version to known working rpm #89
• OCPBUGS-44111: Use metrics for readiness/liveness probes #77
• Full changelog

monitoring-plugin

• OCPBUGS-54211: fix issue preventing dev silences from loading #374
• OU-724: remove deleted image #377
• OCPBUGS-51117: Fix overview links #357
• OCPBUGS-44394: remove unused package and upgrade vulnerable dependency #271
• OCPBUGS-43238: upgrade dynamic plugin sdk to remove vulnerable dependencies 4.17 #216
• OCPBUGS-42408: fix path-to-regexp dependency #196
• Full changelog

multus-cni, multus-cni-microshift

• OCPBUGS-47471: adds getcontext (backport 4.17) #260
• Full changelog

multus-whereabouts-ipam-cni

• OCPBUGS-48745: [Release-4.17]Kubeconfig loop #334
• Full changelog

must-gather

• OCPBUGS-48068: Update owners #452
• OCPBUGS-46281: Support gathering IPsec data #467
• OCPBUGS-42835: Removes reference to gather_multus_logs in 4.17 #459
• OCPBUGS-42964: Collect etcd object count #453
• OCPBUGS-42958: Gather OSUS data #443
• OCPBUGS-42835: [Release-4.17] Network logs collection: skip unready nodes #445
• Full changelog

network-metrics-daemon

• Updating ose-network-metrics-daemon-container image to be consistent with ART for 4.17 (#93) #93
• swtich golint install method (#103) #103
• Full changelog

networking-console-plugin

• Add translations 4.17 #239
• Add translations scripts #235
• OCPBUGS-49758: Fix weight width #208
• OCPBUGS-45791: fix path-to-regex CVE #196
• OCPBUGS-48704: fix service name #188
• OCPBUGS-48267: UI crash accessing a Service in pending state #168
• OCPBUGS-46553: fix ports as number instead of strings #169
• OCPBUGS-45876: Bump nanoid from 3.3.7 to 3.3.8 #172
• OCPBUGS-44140: Bump dompurify from 2.4.9 to 2.5.8 #166
• OCPBUGS-44397: OCPBUGS-44679: upgrade packages for cve #141
• OCPBUGS-44650: Routes list page shows correct status and location #139
• OCPBUGS-44648: Add Route Filter in route list #138
• OCPBUGS-43037: hide routes metrics non-admin users #129
• OCPBUGS-43065: Routes list sort by status #131
• CNV-49305: fix for virt perspective #128
• OCPBUGS-42678: OCPBUGS-42352: add service weight #125
• OCPBUGS-39390: fix sorting on lists #123
• OCPBUGS-42582: fix html in translations #122
• OCPBUGS-42581: Route edit form #121
• CNV-48190: move title networkpolicies above tabs #120
• Fix alert ServiceSelector #111
• CNV-47528: Fix key value in selector #110
• Revert IPAM (subnets input) #115
• OCPBUGS-42248: fix pagination during sorting #109
• OCPBUGS-41868: Add destination ca cert #106
• Full changelog

oauth-apiserver

• OCPBUGS-46044: Update dependencies to address CVE-2024-24786 #127
• Full changelog

oauth-proxy

• OCPBUGS-30443: Update dependencies to address CVE-2024-24786 #298
• OCPBUGS-46659: Fix oauth-proxy e2e-component tests #303
• Full changelog

oauth-server

• OCPBUGS-44118: escape spaces in oauth callback path #167
• OCPBUGS-43587: Fix login path for go1.22 mux pattern matching #162
• Full changelog

oc-mirror

• fixes CVEs upgrading go-git dependency (#1033) #1033
• OCPBUGS-47453: Use one of the newer sha256 keys to verify release signatures (#1000) (#1024) #1000
• changes the owners file (#1017) #1017
• OCPBUGS-48513: e2e: use same version of crane as in go.mod (#1020) #1020
• OCPBUGS-37867: Use tag only when image by tag and digest (#911) (#932) #911
• Full changelog

openshift-apiserver

• OCPBUGS-49399: prevent panic when no image and error are set #488
• OCPBUGS-49399: validate image property isn’t nil before using #489
• OCPBUGS-49399: move on to the next digest/tag during failures #487
• OCPBUGS-42752: Pass expected type to deploymentconfig/scale object validation. #457
• OCPBUGS-42232: fail image import when both image and error are nil #450
• Full changelog

openshift-controller-manager

• OCPBUGS-47769: Add team members to the OWNERS file #357
• OCPBUGS-44093: user system:serviceaccount:openshift-infra:serviceaccount-pull-secrets-controller in ns/openshift-infra must not produce too many applies #350
• NO-JIRA: cleanup root and app OWNERS #346
• OCPBUGS-42362: Continuous pull-secret updates / slow initialization on build01 (test platform infrastructure) #339
• Full changelog

openstack-cluster-api-controllers

• OCPBUGS-44455: Merge https://github.com/kubernetes-sigs/cluster-api-provider-openstack:release-0.10 into release-4.17 #342
• OCPBUGS-44959: Makefile changes for merge-bot #340
• OCPBUGS-44455: Merge https://github.com/kubernetes-sigs/cluster-api-provider-openstack:release-0.10 into release-4.17 #329
• OCPBUGS-43584: Merge https://github.com/kubernetes-sigs/cluster-api-provider-openstack:release-0.10 into release-4.17 #323
• Full changelog

operator-framework-tools, operator-lifecycle-manager, operator-registry

• OCPBUGS-53071: add missing pod disruption reasons to isPodDead #982
• OCPBUGS-53283: Ensure that PSA label is latest instead of pinning versions #985
• OCPBUGS-50829, OCPBUGS-50831, OCPBUGS-50835: CVE-2025-24976 Bump github.com/distribution/distribution/v3 [release-4.17] #968
• OCPBUGS-48695: Fix excessive catalog source snapshots cause severe performance regression #956
• OCPBUGS-45845: Fix concurrent namespace resolution #944
• OCPBUGS-46929, OCPBUGS-46936, OCPBUGS-47316: x/net bump to v0.34.0 [release-4.17] #938
• OCPBUGS-46598: catalog-operator: Delete Pods that were evicted (#3459) #922
• OCPBUGS-46054: CRD upgrade existing CR validation fix #913
• OCPBUGS-44760: fix: call TokenRequest API when service account token secret is missing #898
• OCPBUGS-43965: Return an error when the IP status cannot be updated #885
• Full changelog

operator-marketplace

• OCPBUGS-53179: Ensure that PSA label is latest instead of pinning versions #607
• OCPBUGS-49431: Upgrade golang.org/x/net [release-4.17] #585
• Full changelog

ovn-kubernetes, ovn-kubernetes-microshift

• OCPBUGS-54203: Update OVN to FDP25.A.1 24.03.5-40. #2496
• OCPBUGS-52409: Change dynamic_neigh_routers to false for the Interconnect topology. #2476
• OCPBUGS-50519: kubevirt, localnet: Reduce live migration downtime #2458
• OCPBUGS-48777: Fixes unexpected mp0 route removal during start up #2423
• OCPBUGS-48828: fixes overzealous deletion of SNAT in egressIP #2425
• OCPBUGS-47506: Let OVN-northd bind remote ports #2404
• OCPBUGS-45953: bump OVS version to 3.4.0-18 #2393
• OCPBUGS-45312: pin libreswan to 4.6-3.el9_0.3 #2384
• OCPBUGS-45339: Dockerfile: Update OVN to the 24.03.2-32.el9fdp minor release. #2376
• OCPBUGS-43454: Ignore cluster manager topology not managed errors for localnet with no subnets #2362
• OCPBUGS-44303: Add hybird overlay pod IPs to the namespace address_set #2340
• OCPBUGS-42931: Add static route to the hairpin masquerade IPs to pod #2315
• OCPBUGS-39200: Dockerfile: Bump OVS to 3.4.0-1 #2287
• OCPBUGS-42940: Fix egress gateway pod cleanup for remote zone pods. #2316
• Full changelog

powervs-machine-controllers

• OCPBUGS-54750: Fix for CVE-2024-51744 in github.com/golang-jwt/jwt/v4 in release-4.17 #113
• Full changelog

prometheus

• OCPBUGS-54941: Scraping: Bump cache iteration after error to avoid false duplicate detection. #249
• OCPBUGS-43667: fix(discovery): Handle cache.DeletedFinalStateUnknown in node informers’ DeleteFunc #230
• Full changelog

prometheus-config-reloader, prometheus-operator, prometheus-operator-admission-webhook

• OCPBUGS-48069: fix: validate smtp smarthost and smtp from fields #323
• Full changelog

route-controller-manager

• OCPBUGS-53077: ingress: Reset metrics when ingress is deleted #57
• Full changelog

service-ca-operator

• OCPBUGS-34228: Updating ose-service-ca-operator-container image to be consistent with ART for 4.17 #261
• Full changelog

tests

• OCPBUGS-54767: Fix egress firewall tests by updating the URL from docs.openshift.com to redhat.com #29660
• OCPBUGS-52580: Use payload pullspec for image info test #29588
• OCPBUGS-38835: Try also user CA for getting openshift-tests image #29029
• OCPBUGS-49411: Add a monitor test to detect concurrent installer pod or static pod #29487
• OCPBUGS-48634: Revert “[release-4.17] OCPBUGS-48459, SDN-4930: ovn-k, udn crd e2e: Fix status report consumer assertion” #29453
• OCPBUGS-48459, SDN-4930: ovn-k, udn crd e2e: Fix status report consumer assertion #29301
• OCPBUGS-48345: Add team members to the OWNERS file for PR approvals #29430
• OCPBUGS-48188: Fixing build s2i ruby test data inline with latest ruby version(>=3.0) #29409
• : OCPBUGS-48093: fix unit test for compare against string #29405
• OCPBUGS-44190: Fix UnexpectedNodeNotReady and UnexpectedNodeUnreachable #29306
• OCPBUGS-43576, SDN-4930: Don’t modify pod routes in tests #29250
• OCPBUGS-43576, SDN-4930: Set startup probe for UDN tests #29244
• OCPBUGS-43576, SDN-4930: UserDefinedPrimaryNetworks: curl the KAPI IP through eth0 #29241
• OCPBUGS-44795: fix: adding oslat updates and outputting test results to the artifacts #29193
• OCPBUGS-43576, SDN-4930: network_segmentation: allow multiple UDN status conditions #29259
• OCPBUGS-44494: removing rteval from the realtime test suite #29194
• OCPBUGS-44496: fix: adding in a SNO time override for AWS Metal #29192
• OCPBUGS-44062: Adjust createDNSPod() to support hypershift dual-stack test #29254
• OCPBUGS-44045: Ignore infra nodes on tap cni tests #29251
• OCPBUGS-43569: feat: update to use pullspec image #29207
• OCPBUGS-43576: Porting testing for netConfig and UDN and CIDR overlapping tests from upstream #29181
• OCPBUGS-39606: Add image registry capability check #29174
• OCPBUGS-42814: ruby:3.0-ubi8 => ruby:3.1-ubi8 #29162
• OCPBUGS-42336: Fix image ecosystem tests 4.17 #29126
• OCPBUGS-41817: Update the NotFound case for CNI plugin to reflect changes #29091
• Full changelog

vsphere-cloud-controller-manager

• OCPBUGS-43432: update check-fmt goimports command #78
• Full changelog

vsphere-csi-driver, vsphere-csi-driver-syncer

• OCPBUGS-43705: redact sensitive information when logging VCenter config #133
• Full changelog

vsphere-csi-driver-operator

• OCPBUGS-52207: fix panic when vcenter address is incorrect #295
• OCPBUGS-50593: Set reconcile-sync to 10 minute for ListVolume #291
• OCPBUGS-49858: Escape backslash in vCenter username #288
• OCPBUGS-49685: List only linux nodes #285
• OCPBUGS-43778: Fix panic on nil infrastructure Spec.PlatformSpec.VSphere #264
• OCPBUGS-42327: Fix the config loading warning #259
• OCPBUGS-42007: Remove conditions and controllers #254
• OCPBUGS-42006: Add check for vCenter version #253
• OCPBUGS-42008: Implement minor quality of life improvements. #255
• Full changelog

---

View changelog in Markdown or change previous release: 4.17.274.17.264.17.254.17.244.17.234.17.224.17.214.17.204.17.194.17.184.17.174.17.164.17.154.17.144.17.134.17.124.17.114.17.104.17.94.17.84.17.74.17.64.17.54.17.44.17.34.17.24.17.14.17.04.17.0-rc.64.17.0-rc.54.17.0-rc.44.17.0-rc.34.17.0-rc.24.17.0-rc.14.17.0-rc.04.16.394.16.384.16.374.16.364.16.354.16.344.16.334.16.324.16.314.16.304.16.294.16.284.16.274.16.264.16.254.16.244.16.234.16.224.16.214.16.204.16.194.16.184.16.174.16.164.16.154.16.144.16.134.16.124.16.114.16.104.16.94.16.84.16.74.16.64.16.54.16.44.16.34.16.24.16.14.16.04.16.0-rc.94.16.0-rc.84.16.0-rc.74.16.0-rc.64.16.0-rc.54.16.0-rc.44.16.0-rc.34.16.0-rc.24.16.0-rc.14.16.0-rc.04.15.504.15.494.15.484.15.474.15.464.15.454.15.444.15.434.15.424.15.414.15.404.15.394.15.384.15.374.15.364.15.354.15.344.15.334.15.324.15.314.15.304.15.294.15.284.15.274.15.264.15.254.15.244.15.234.15.224.15.214.15.204.15.194.15.184.15.174.15.164.15.154.15.144.15.134.15.124.15.114.15.104.15.94.15.84.15.74.15.64.15.54.15.44.15.34.15.24.15.14.15.04.15.0-rc.84.15.0-rc.74.15.0-rc.54.15.0-rc.44.15.0-rc.34.15.0-rc.24.15.0-rc.14.15.0-rc.04.14.514.14.504.14.494.14.484.14.474.14.464.14.454.14.444.14.434.14.424.14.414.14.404.14.394.14.384.14.374.14.364.14.354.14.344.14.334.14.324.14.314.14.304.14.294.14.284.14.274.14.264.14.254.14.244.14.234.14.224.14.214.14.204.14.194.14.184.14.174.14.164.14.154.14.144.14.134.14.124.14.114.14.104.14.94.14.84.14.74.14.64.14.54.14.44.14.34.14.24.14.14.14.04.14.0-rc.74.14.0-rc.64.14.0-rc.54.14.0-rc.44.14.0-rc.34.14.0-rc.24.14.0-rc.14.14.0-rc.04.13.574.13.564.13.554.13.544.13.534.13.524.13.514.13.504.13.494.13.484.13.474.13.464.13.454.13.444.13.434.13.424.13.414.13.404.13.394.13.384.13.374.13.364.13.354.13.344.13.334.13.324.13.314.13.304.13.294.13.284.13.274.13.264.13.254.13.244.13.234.13.224.13.214.13.194.13.184.13.174.13.164.13.154.13.144.13.134.13.124.13.114.13.104.13.94.13.84.13.74.13.64.13.54.13.44.13.34.13.24.13.14.13.04.13.0-rc.84.13.0-rc.74.13.0-rc.64.13.0-rc.54.13.0-rc.44.13.0-rc.34.13.0-rc.24.13.0-rc.04.12.764.12.754.12.744.12.734.12.724.12.714.12.704.12.694.12.684.12.674.12.664.12.654.12.644.12.634.12.624.12.614.12.604.12.594.12.584.12.574.12.564.12.554.12.544.12.534.12.524.12.514.12.504.12.494.12.484.12.474.12.464.12.454.12.444.12.434.12.424.12.414.12.404.12.394.12.384.12.374.12.364.12.354.12.344.12.334.12.324.12.314.12.304.12.294.12.284.12.274.12.264.12.254.12.244.12.234.12.224.12.214.12.204.12.194.12.184.12.174.12.164.12.154.12.144.12.134.12.124.12.114.12.104.12.94.12.84.12.74.12.64.12.54.12.44.12.34.12.24.12.14.12.04.12.0-rc.84.12.0-rc.74.12.0-rc.64.12.0-rc.54.12.0-rc.44.12.0-rc.34.12.0-rc.24.12.0-rc.14.12.0-rc.04.11.594.11.584.11.574.11.564.11.554.11.544.11.534.11.524.11.514.11.504.11.494.11.484.11.474.11.464.11.454.11.444.11.434.11.424.11.414.11.404.11.394.11.384.11.374.11.364.11.354.11.344.11.334.11.324.11.314.11.304.11.294.11.284.11.274.11.264.11.254.11.244.11.234.11.224.11.214.11.204.11.194.11.184.11.174.11.164.11.154.11.144.11.134.11.124.11.114.11.104.11.94.11.84.11.74.11.64.11.54.11.44.11.34.11.24.11.14.11.04.11.0-rc.74.11.0-rc.64.11.0-rc.54.11.0-rc.44.11.0-rc.34.11.0-rc.24.11.0-rc.14.11.0-rc.04.11.0-fc.34.11.0-fc.24.11.0-fc.0───4.20.0-0.nightly-2025-05-02-1729414.20.0-0.nightly-2025-05-02-0804314.20.0-0.nightly-2025-05-01-2323234.20.0-0.nightly-2025-05-01-1716354.20.0-0.nightly-2025-05-01-0911404.20.0-0.nightly-2025-04-30-1730484.20.0-0.nightly-2025-04-30-0824424.20.0-0.nightly-2025-04-17-1812034.20.0-0.nightly-2025-04-09-1620084.20.0-0.nightly-2025-04-09-1220084.20.0-0.nightly-2025-04-09-082008───4.20.0-0.konflux-nightly-2025-04-17-181101───4.20.0-0.ci-2025-05-02-1854404.20.0-0.ci-2025-05-02-1254404.20.0-0.ci-2025-05-02-0654394.20.0-0.ci-2025-05-02-0054384.20.0-0.ci-2025-05-01-1854374.20.0-0.ci-2025-05-01-1254364.20.0-0.ci-2025-05-01-0654264.20.0-0.ci-2025-05-01-0054254.20.0-0.ci-2025-04-30-1854254.20.0-0.ci-2025-04-30-1254254.20.0-0.ci-2025-04-30-0654254.20.0-0.ci-2025-04-30-005425───4.19.0-0.nightly-2025-05-02-1912184.19.0-0.nightly-2025-05-02-1147314.19.0-0.nightly-2025-05-01-1652454.19.0-0.nightly-2025-05-01-0940234.19.0-0.nightly-2025-04-30-1005354.19.0-0.nightly-2025-04-30-0325024.19.0-0.nightly-2025-04-29-2016044.19.0-0.nightly-2025-04-29-0957094.19.0-0.nightly-2025-04-24-0058374.19.0-0.nightly-2025-04-17-1545524.19.0-0.nightly-2025-04-08-0355034.19.0-0.nightly-2025-04-04-170728───4.19.0-0.konflux-nightly-2025-04-30-0120234.19.0-0.konflux-nightly-2025-04-29-1734294.19.0-0.konflux-nightly-2025-04-25-1512414.19.0-0.konflux-nightly-2025-04-17-1812464.19.0-0.konflux-nightly-2025-04-16-0850294.19.0-0.konflux-nightly-2025-04-04-1153514.19.0-0.konflux-nightly-2025-04-04-044233───4.19.0-0.ci-2025-05-02-2337484.19.0-0.ci-2025-05-02-1737474.19.0-0.ci-2025-05-02-1137474.19.0-0.ci-2025-05-02-0537454.19.0-0.ci-2025-05-01-2337444.19.0-0.ci-2025-05-01-1737434.19.0-0.ci-2025-05-01-1137424.19.0-0.ci-2025-05-01-0537414.19.0-0.ci-2025-04-30-2337404.19.0-0.ci-2025-04-30-1737404.19.0-0.ci-2025-04-30-1137404.19.0-0.ci-2025-04-30-053740───4.18.0-0.nightly-2025-05-02-2343134.18.0-0.nightly-2025-05-02-0142394.18.0-0.nightly-2025-05-01-1909124.18.0-0.nightly-2025-05-01-0744394.18.0-0.nightly-2025-04-30-0927484.18.0-0.nightly-2025-04-30-0138094.18.0-0.nightly-2025-04-29-1825564.18.0-0.nightly-2025-04-29-1056534.18.0-0.nightly-2025-04-29-0506004.18.0-0.nightly-2025-04-28-2141034.18.0-0.nightly-2025-04-28-0750074.18.0-0.nightly-2025-04-26-080749───4.18.0-0.konflux-nightly-2025-05-02-2223024.18.0-0.konflux-nightly-2025-05-02-1823024.18.0-0.konflux-nightly-2025-05-02-1421434.18.0-0.konflux-nightly-2025-05-02-0611394.18.0-0.konflux-nightly-2025-05-01-2302474.18.0-0.konflux-nightly-2025-05-01-1743204.18.0-0.konflux-nightly-2025-05-01-1343204.18.0-0.konflux-nightly-2025-05-01-0939384.18.0-0.konflux-nightly-2025-05-01-0539384.18.0-0.konflux-nightly-2025-04-30-2223004.18.0-0.konflux-nightly-2025-04-30-1823004.18.0-0.konflux-nightly-2025-04-30-1423004.18.0-0.konflux-nightly-2025-04-30-1023004.18.0-0.konflux-nightly-2025-04-30-0623004.18.0-0.konflux-nightly-2025-04-30-0223004.18.0-0.konflux-nightly-2025-04-29-2223004.18.0-0.konflux-nightly-2025-04-28-1251504.18.0-0.konflux-nightly-2025-04-28-0554514.18.0-0.konflux-nightly-2025-04-28-0154514.18.0-0.konflux-nightly-2025-04-27-2154514.18.0-0.konflux-nightly-2025-04-27-1754514.18.0-0.konflux-nightly-2025-04-27-1354504.18.0-0.konflux-nightly-2025-04-27-0954504.18.0-0.konflux-nightly-2025-04-27-0554504.18.0-0.konflux-nightly-2025-04-27-0154504.18.0-0.konflux-nightly-2025-04-26-1630304.18.0-0.konflux-nightly-2025-04-26-1230304.18.0-0.konflux-nightly-2025-04-26-0504464.18.0-0.konflux-nightly-2025-04-26-0104464.18.0-0.konflux-nightly-2025-04-25-2104464.18.0-0.konflux-nightly-2025-04-25-1704464.18.0-0.konflux-nightly-2025-04-25-1304464.18.0-0.konflux-nightly-2025-04-25-0556214.18.0-0.konflux-nightly-2025-04-24-2256244.18.0-0.konflux-nightly-2025-04-24-1856244.18.0-0.konflux-nightly-2025-04-24-1456244.18.0-0.konflux-nightly-2025-04-24-1056244.18.0-0.konflux-nightly-2025-04-24-065624───4.18.0-0.ci-2025-05-02-2222474.18.0-0.ci-2025-05-02-0013294.18.0-0.ci-2025-05-01-1639434.18.0-0.ci-2025-04-30-2354294.18.0-0.ci-2025-04-30-1529194.18.0-0.ci-2025-04-30-092919───4.17.0-0.nightly-2025-05-02-2247254.17.0-0.nightly-2025-05-02-1418444.17.0-0.nightly-2025-05-02-0017354.17.0-0.nightly-2025-05-01-1845584.17.0-0.nightly-2025-05-01-0829074.17.0-0.nightly-2025-04-30-1122414.17.0-0.nightly-2025-04-30-0053014.17.0-0.nightly-2025-04-29-1508134.17.0-0.nightly-2025-04-29-0455464.17.0-0.nightly-2025-04-28-1945064.17.0-0.nightly-2025-04-26-0333464.17.0-0.nightly-2025-04-25-1819184.17.0-0.nightly-2025-04-24-1940304.17.0-0.nightly-2025-04-24-1126554.17.0-0.nightly-2025-04-22-211401───4.17.0-0.konflux-nightly-2025-05-02-2317444.17.0-0.konflux-nightly-2025-05-02-1917444.17.0-0.konflux-nightly-2025-05-02-1517444.17.0-0.konflux-nightly-2025-05-02-1117444.17.0-0.konflux-nightly-2025-05-02-0717444.17.0-0.konflux-nightly-2025-05-02-0317444.17.0-0.konflux-nightly-2025-05-01-2317444.17.0-0.konflux-nightly-2025-05-01-1917444.17.0-0.konflux-nightly-2025-05-01-1517384.17.0-0.konflux-nightly-2025-05-01-1117384.17.0-0.konflux-nightly-2025-05-01-0717384.17.0-0.konflux-nightly-2025-04-30-1021434.17.0-0.konflux-nightly-2025-04-30-0621384.17.0-0.konflux-nightly-2025-04-30-0221384.17.0-0.konflux-nightly-2025-04-29-2221384.17.0-0.konflux-nightly-2025-04-28-1851244.17.0-0.konflux-nightly-2025-04-28-1358434.17.0-0.konflux-nightly-2025-04-28-0958434.17.0-0.konflux-nightly-2025-04-28-0558434.17.0-0.konflux-nightly-2025-04-28-0158434.17.0-0.konflux-nightly-2025-04-27-2158434.17.0-0.konflux-nightly-2025-04-27-1758434.17.0-0.konflux-nightly-2025-04-27-1358434.17.0-0.konflux-nightly-2025-04-27-0958434.17.0-0.konflux-nightly-2025-04-27-0558434.17.0-0.konflux-nightly-2025-04-27-0158434.17.0-0.konflux-nightly-2025-04-26-2004464.17.0-0.konflux-nightly-2025-04-26-1604464.17.0-0.konflux-nightly-2025-04-26-1204464.17.0-0.konflux-nightly-2025-04-26-0804464.17.0-0.konflux-nightly-2025-04-26-0404464.17.0-0.konflux-nightly-2025-04-26-0004464.17.0-0.konflux-nightly-2025-04-25-1723014.17.0-0.konflux-nightly-2025-04-25-1323014.17.0-0.konflux-nightly-2025-04-25-0923014.17.0-0.konflux-nightly-2025-04-25-0523014.17.0-0.konflux-nightly-2025-04-25-0123014.17.0-0.konflux-nightly-2025-04-24-212301───4.17.0-0.ci-2025-05-02-2312494.17.0-0.ci-2025-05-02-1712494.17.0-0.ci-2025-05-02-0956114.17.0-0.ci-2025-05-02-0356114.17.0-0.ci-2025-05-01-2005514.17.0-0.ci-2025-05-01-1243074.17.0-0.ci-2025-05-01-0643074.17.0-0.ci-2025-05-01-0043074.17.0-0.ci-2025-04-30-165517───4.16.0-0.nightly-2025-05-02-1632044.16.0-0.nightly-2025-05-01-0843514.16.0-0.nightly-2025-04-30-0402084.16.0-0.nightly-2025-04-29-2256234.16.0-0.nightly-2025-04-29-1137164.16.0-0.nightly-2025-04-28-1647454.16.0-0.nightly-2025-04-28-0302354.16.0-0.nightly-2025-04-24-2009094.16.0-0.nightly-2025-04-24-0431424.16.0-0.nightly-2025-04-23-2209364.16.0-0.nightly-2025-04-17-181855───4.16.0-0.konflux-nightly-2025-04-29-225545───4.16.0-0.ci-2025-05-02-1455374.16.0-0.ci-2025-05-02-0157074.16.0-0.ci-2025-05-01-1957074.16.0-0.ci-2025-04-30-1904034.16.0-0.ci-2025-04-30-1046544.16.0-0.ci-2025-04-30-042215───4.15.0-0.nightly-2025-05-02-1843194.15.0-0.nightly-2025-05-02-1044034.15.0-0.nightly-2025-05-01-0945264.15.0-0.nightly-2025-04-30-0339494.15.0-0.nightly-2025-04-29-0302334.15.0-0.nightly-2025-04-28-2020184.15.0-0.nightly-2025-04-27-075916───4.15.0-0.konflux-nightly-2025-04-27-0829384.15.0-0.konflux-nightly-2025-04-11-1932164.15.0-0.konflux-nightly-2025-04-09-132251───4.15.0-0.ci-2025-05-02-1433394.15.0-0.ci-2025-05-02-0833394.15.0-0.ci-2025-05-01-1754404.15.0-0.ci-2025-05-01-0957084.15.0-0.ci-2025-04-30-1647234.15.0-0.ci-2025-04-30-1047234.15.0-0.ci-2025-04-29-1511314.15.0-0.ci-2025-04-29-091131───4.14.0-0.nightly-2025-05-01-0908214.14.0-0.nightly-2025-04-30-0242204.14.0-0.nightly-2025-04-29-0831464.14.0-0.nightly-2025-04-29-0306234.14.0-0.nightly-2025-04-28-1914094.14.0-0.nightly-2025-04-28-1522254.14.0-0.nightly-2025-04-25-194242───4.14.0-0.ci-2025-05-02-0735274.14.0-0.ci-2025-05-01-2309204.14.0-0.ci-2025-05-01-0023244.14.0-0.ci-2025-04-30-1046564.14.0-0.ci-2025-04-29-0824554.14.0-0.ci-2025-04-29-003435───4.13.0-0.nightly-2025-05-03-0008374.13.0-0.nightly-2025-05-02-1541234.13.0-0.nightly-2025-05-01-0816484.13.0-0.nightly-2025-04-28-1859164.13.0-0.nightly-2025-04-24-2353324.13.0-0.nightly-2025-04-23-1507204.13.0-0.nightly-2025-04-22-2323594.13.0-0.nightly-2025-04-22-1221024.13.0-0.nightly-2025-04-22-0444244.13.0-0.nightly-2025-04-21-0245304.13.0-0.nightly-2025-04-17-181550───4.13.0-0.ci-2025-05-02-2245044.13.0-0.ci-2025-05-02-1645044.13.0-0.ci-2025-05-02-0559094.13.0-0.ci-2025-05-01-2315234.13.0-0.ci-2025-05-01-0816474.13.0-0.ci-2025-04-30-1026494.13.0-0.ci-2025-04-28-1859174.13.0-0.ci-2025-04-25-1528464.13.0-0.ci-2025-04-25-043755───4.12.0-0.nightly-2025-05-01-0814594.12.0-0.nightly-2025-04-30-1134334.12.0-0.nightly-2025-04-30-0110414.12.0-0.nightly-2025-04-28-1137464.12.0-0.nightly-2025-04-26-0417034.12.0-0.nightly-2025-04-25-161402───4.12.0-0.ci-2025-05-02-0549164.12.0-0.ci-2025-05-01-1840224.12.0-0.ci-2025-05-01-0505594.12.0-0.ci-2025-04-30-2305594.12.0-0.ci-2025-04-30-1646014.12.0-0.ci-2025-04-30-102651───4.11.0-0.nightly-2024-07-06-0140574.11.0-0.nightly-2024-07-01-0855474.11.0-0.nightly-2024-04-20-1326214.11.0-0.nightly-2024-04-15-1237064.11.0-0.nightly-2024-04-15-0346274.11.0-0.nightly-2024-03-18-1654324.11.0-0.nightly-2024-03-12-2229304.11.0-0.nightly-2024-02-01-0446274.11.0-0.nightly-2024-01-19-1107024.11.0-0.nightly-2024-01-15-0229494.11.0-0.nightly-2024-01-10-203533───4.11.0-0.ci-2025-04-21-2018464.11.0-0.ci-2025-04-21-1418464.11.0-0.ci-2025-04-18-0954224.11.0-0.ci-2025-04-17-2304254.11.0-0.ci-2025-04-17-1704254.11.0-0.ci-2025-04-09-1811074.11.0-0.ci-2025-04-09-1052214.11.0-0.ci-2024-09-17-2036254.11.0-0.ci-2024-07-01-0910384.11.0-0.ci-2024-06-07-194400───4.19.0-ec.54.19.0-ec.44.19.0-ec.34.19.0-ec.24.19.0-ec.14.19.0-ec.0

Source code for this page located on github