# 4.12.69 Created: 2024-11-07 15:41:53 +0000 UTC Image Digest: `sha256:fb83e9b3a600fc810f8b78544a3622bb6d1f5c8de007e64f5bda581626cfb31e` Promoted from registry.ci.openshift.org/ocp/release:4.12.0-0.nightly-2024-11-06-192309 ## Changes from 4.12.0 ### Components * Kubernetes upgraded from 1.25.4 to 1.25.16 * Red Hat Enterprise Linux CoreOS upgraded from 412.86.202301061548-0 to 412.86.202411061519-0 ### Rebuilt images without code change * [alibaba-machine-controllers](https://github.com/openshift/cluster-api-provider-alibaba) git [b9287c05](https://github.com/openshift/cluster-api-provider-alibaba/commit/b9287c05091424c4d21fd95454020ccc225f5bcb) `sha256:f353324e38fe04aabe6b3821ea2652e82331718b3b2b4144f11ae51f4267b2e8` * [cluster-update-keys](https://github.com/openshift/cluster-update-keys) git [2796e173](https://github.com/openshift/cluster-update-keys/commit/2796e1732615521e818be82663058e0a3f1b3941) `sha256:4831402cb1d84b638ea69c132b7095d78e87b6d46e89972871ab3c02b01d28ad` * [configmap-reloader](https://github.com/openshift/configmap-reload) git [e4d9170e](https://github.com/openshift/configmap-reload/commit/e4d9170e71bdf8a79e9cde94dac53575a30f46f3) `sha256:f478221ad596bbc0735d6edd4f6bb6b507635da19743321d6c91330d547995b0` * [egress-router-cni](https://github.com/openshift/egress-router-cni) git [a92e4157](https://github.com/openshift/egress-router-cni/commit/a92e415791b531ca15ec84953550b71bd3534566) `sha256:335782a1cf945e240d86c0a14717d7dfd5f22cd038a9338b1e700b71a6c956cb` * [ibmcloud-machine-controllers](https://github.com/openshift/machine-api-provider-ibmcloud) git [31a67dac](https://github.com/openshift/machine-api-provider-ibmcloud/commit/31a67daca92c374cb4d9a87928ec8c28528a0c0e) `sha256:0dbac0a740a312789e5c4f53472a455c3209ea2ad3db81899459eceb202022bf` * [keepalived-ipfailover](https://github.com/openshift/images) git [7e8a0105](https://github.com/openshift/images/commit/7e8a0105eb7369f3f92ad7b2581a2efffab5b28e) `sha256:ae43b02ad4e2b588545696edab6dd8ad21b21d785ed6048b59d16b859d8c1e9a` * [kube-storage-version-migrator](https://github.com/openshift/kubernetes-kube-storage-version-migrator) git [596745ce](https://github.com/openshift/kubernetes-kube-storage-version-migrator/commit/596745cec38b8401d1d906bfb9d3d78fdaeabcde) `sha256:a50a289c603360ac9d7295ad13bf5ffc39f20048d0d51219243e5c63f3221f83` * [kubevirt-cloud-controller-manager](https://github.com/openshift/cloud-provider-kubevirt) git [a19615cd](https://github.com/openshift/cloud-provider-kubevirt/commit/a19615cda3daf69008253d75cc848ac0ad397179) `sha256:493ade6bf4c6159b80730ae5ad86c6f3e3fd02f4cba282978923b9e50e651783` * [kubevirt-csi-driver](https://github.com/openshift/kubevirt-csi-driver) git [f407c8a7](https://github.com/openshift/kubevirt-csi-driver/commit/f407c8a71c831a8f7911bf0b4a99bb6b16e0e0b6) `sha256:ba0a38ac771951e317a94c306ae5377a2e432f13413f46aabfea6dbfaa26d5b6` * [libvirt-machine-controllers](https://github.com/openshift/cluster-api-provider-libvirt) git [a2882f7a](https://github.com/openshift/cluster-api-provider-libvirt/commit/a2882f7aa56d4059a20bdc02486da905b5764062) `sha256:7b6268e26268dd994dc47706dde8e827d5171cbd2d099947c4ce0da92b3b0639` * machine-os-content `sha256:0c7b89aeb4644a1c68e79da701a95e8042fdbde63f8ce9ce3f71631ea147147d` * [machine-os-images](https://github.com/openshift/machine-os-images) git [566bf595](https://github.com/openshift/machine-os-images/commit/566bf59501f178bd80e410fda66cc424de6a4891) `sha256:d32fda73702a069ba75339c9a020e74936f13429ed9d37e5f3d0c4e7d308b8f6` * [network-tools](https://github.com/openshift/network-tools) git [c76613c7](https://github.com/openshift/network-tools/commit/c76613c77c8785b91611bb3c4245bc34f3b14f76) `sha256:afa9475751874d6f32529eed4d2b84504d6a796f0a3cd0fb9204f9913cb8d034` * [oauth-proxy](https://github.com/openshift/oauth-proxy) git [03e5b13b](https://github.com/openshift/oauth-proxy/commit/03e5b13b8b7087dd70abfd70efb4c5b92f800a4f) `sha256:3077ad96d0a0b2c8262bd02e12fb633e4cff5f13f63b101b004e211d2b37115e` * [prom-label-proxy](https://github.com/openshift/prom-label-proxy) git [b1907888](https://github.com/openshift/prom-label-proxy/commit/b1907888004888b977918cf911b189de736642b2) `sha256:f65adf94b6a86318ecae00021b974b248998a6f7d39516329e658f05c14ad90c` * rhel-coreos-8 `sha256:f4adfe6021dead523d0eb5ebb0a902a834b8433eeebcca3725da36d032e9c7fc` * rhel-coreos-8-extensions `sha256:1261bf5be9d93bd601f6584cf53e59e8bde9d0d5ebf68b46d3dd6532160210d5` ### [agent-installer-api-server](https://github.com/openshift/assisted-service/tree/844e6efd0d1c9d583afdefc6bc5ae744471ef9c1) * [MGMT-17596](https://issues.redhat.com/browse/MGMT-17596): Bump x/net to v0.24.0 to mitigate CVE-2023-45288 (#6214) [#6214](https://github.com/openshift/assisted-service/pull/6214) * [MGMT-17590](https://issues.redhat.com/browse/MGMT-17590): Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#6207) [#6207](https://github.com/openshift/assisted-service/pull/6207) * [MGMT-17541](https://issues.redhat.com/browse/MGMT-17541): Replace broken golangci reference (#6195) [#6195](https://github.com/openshift/assisted-service/pull/6195) * NO-ISSUE: replace postgres images as current one disappeared from quay (#6132) [#6132](https://github.com/openshift/assisted-service/pull/6132) * [MGMT-15150](https://issues.redhat.com/browse/MGMT-15150): Use same installer binary for all platform types (#5347) [#5347](https://github.com/openshift/assisted-service/pull/5347) * [OCPBUGS-13356](https://issues.redhat.com/browse/OCPBUGS-13356): Fix 'vendor' root device hint evaluation (#5206) [#5206](https://github.com/openshift/assisted-service/pull/5206) * [OCPBUGS-13529](https://issues.redhat.com/browse/OCPBUGS-13529): Support by-path root device hints (#5214) [#5214](https://github.com/openshift/assisted-service/pull/5214) * [MGMT-13192](https://issues.redhat.com/browse/MGMT-13192): dualstack SNO cluster fails to complete - getting error In dual stack installation we should set dhcp,dhcp6 kargs in order to wait for ipv6 address when node comes after reboot (#4914) [#4914](https://github.com/openshift/assisted-service/pull/4914) * [Full changelog](https://github.com/openshift/assisted-service/compare/40936e7a9159189889c637fa1631f8cbdd5c3c4f...844e6efd0d1c9d583afdefc6bc5ae744471ef9c1) ### [agent-installer-csr-approver, agent-installer-orchestrator](https://github.com/openshift/assisted-installer/tree/bc8fd423f1f7b47c46a9d97ede546f989785015d) * [MGMT-17596](https://issues.redhat.com/browse/MGMT-17596): Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#836) [#836](https://github.com/openshift/assisted-installer/pull/836) * [MGMT-17590](https://issues.redhat.com/browse/MGMT-17590): Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#828) [#828](https://github.com/openshift/assisted-installer/pull/828) * [MGMT-17541](https://issues.redhat.com/browse/MGMT-17541): Replace broken golangci reference (#825) [#825](https://github.com/openshift/assisted-installer/pull/825) * [MGMT-13586](https://issues.redhat.com/browse/MGMT-13586): Wait for ETCD Bootstrap to complete (#670) (#726) [#670](https://github.com/openshift/assisted-installer/pull/670) * [OCPBUGS-7149](https://issues.redhat.com/browse/OCPBUGS-7149): IPv6 multinode spoke no moving from rebooting/configuring stage Update the mcs log regex (#631) [#631](https://github.com/openshift/assisted-installer/pull/631) * [Full changelog](https://github.com/openshift/assisted-installer/compare/0f14c3d16cb089b55ca3658038e83bc0bcd01f47...bc8fd423f1f7b47c46a9d97ede546f989785015d) ### [agent-installer-node-agent](https://github.com/openshift/assisted-installer-agent/tree/ce915b7d0a3d3b225b6a190d2babf20cc864d22e) * [MGMT-17596](https://issues.redhat.com/browse/MGMT-17596): Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#707) [#707](https://github.com/openshift/assisted-installer-agent/pull/707) * [MGMT-17590](https://issues.redhat.com/browse/MGMT-17590): Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#701) [#701](https://github.com/openshift/assisted-installer-agent/pull/701) * [MGMT-17541](https://issues.redhat.com/browse/MGMT-17541): Replace broken golangci reference (#696) [#696](https://github.com/openshift/assisted-installer-agent/pull/696) * [OCPBUGS-23537](https://issues.redhat.com/browse/OCPBUGS-23537): backport of agent retries (#627) [#627](https://github.com/openshift/assisted-installer-agent/pull/627) * [MGMT-13946](https://issues.redhat.com/browse/MGMT-13946): Ignore Proliant Gen 11 serial (#524) [#524](https://github.com/openshift/assisted-installer-agent/pull/524) * Add sg3_utils package (#497) (#500) [#497](https://github.com/openshift/assisted-installer-agent/pull/497) * [Full changelog](https://github.com/openshift/assisted-installer-agent/compare/271a6f48486db5702d3ebc4b644b74722319d49d...ce915b7d0a3d3b225b6a190d2babf20cc864d22e) ### [alibaba-cloud-controller-manager](https://github.com/openshift/cloud-provider-alibaba-cloud/tree/191c9e34c1e70cf585d78f6293f95a2b89061a48) * [OCPBUGS-21218](https://issues.redhat.com/browse/OCPBUGS-21218): Bump golang.org/x/net to v0.19.0 [#45](https://github.com/openshift/cloud-provider-alibaba-cloud/pull/45) * [Full changelog](https://github.com/openshift/cloud-provider-alibaba-cloud/compare/1959de0e3f2c3457c32fd2f545fe5ca65f12cd6c...191c9e34c1e70cf585d78f6293f95a2b89061a48) ### [alibaba-cloud-csi-driver](https://github.com/openshift/alibaba-cloud-csi-driver/tree/4d3b1125cfd3acfe3fbafa4c83543bbb89de97a2) * [OCPBUGS-21313](https://issues.redhat.com/browse/OCPBUGS-21313): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#38](https://github.com/openshift/alibaba-cloud-csi-driver/pull/38) * Updating ose-alibaba-cloud-csi-driver images to be consistent with ART [#17](https://github.com/openshift/alibaba-cloud-csi-driver/pull/17) * [OCPBUGS-6493](https://issues.redhat.com/browse/OCPBUGS-6493): UPSTREAM: 682: fix gofmt [#22](https://github.com/openshift/alibaba-cloud-csi-driver/pull/22) * [Full changelog](https://github.com/openshift/alibaba-cloud-csi-driver/compare/2317a6ca07c8b4d5391e2b00326ff3f802c331d5...4d3b1125cfd3acfe3fbafa4c83543bbb89de97a2) ### [alibaba-disk-csi-driver-operator](https://github.com/openshift/alibaba-disk-csi-driver-operator/tree/99bcda8da7c9c2e4415f30b82371f0b79d527d3d) * [OCPBUGS-21404](https://issues.redhat.com/browse/OCPBUGS-21404): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#66](https://github.com/openshift/alibaba-disk-csi-driver-operator/pull/66) * [OCPBUGS-18417](https://issues.redhat.com/browse/OCPBUGS-18417): set TLS cipher suites in Kube RBAC sidecars [#58](https://github.com/openshift/alibaba-disk-csi-driver-operator/pull/58) * [Full changelog](https://github.com/openshift/alibaba-disk-csi-driver-operator/compare/e324a71cb6c48ce4944cdc8dcc96bbf5fa55ba32...99bcda8da7c9c2e4415f30b82371f0b79d527d3d) ### [apiserver-network-proxy](https://github.com/openshift/apiserver-network-proxy/tree/f56c606ae15041b0c981e654ab577d2b0a3a0a8f) * [OCPBUGS-38066](https://issues.redhat.com/browse/OCPBUGS-38066): Revert "Agent: Respect HTTPS_PROXY env vars for proxied connections" [#61](https://github.com/openshift/apiserver-network-proxy/pull/61) * [OCPBUGS-31984](https://issues.redhat.com/browse/OCPBUGS-31984): Bump golang.org/x/net to v0.23.0 [#52](https://github.com/openshift/apiserver-network-proxy/pull/52) * [HOSTEDCP-1323](https://issues.redhat.com/browse/HOSTEDCP-1323): Merge latest code into 4.14 branch [#45](https://github.com/openshift/apiserver-network-proxy/pull/45) * [OCPBUGS-10187](https://issues.redhat.com/browse/OCPBUGS-10187): Updating ose-apiserver-network-proxy images to be consistent with ART [#30](https://github.com/openshift/apiserver-network-proxy/pull/30) * [Full changelog](https://github.com/openshift/apiserver-network-proxy/compare/61e198ca00b9426e2f7309cf2818ac74426486ff...f56c606ae15041b0c981e654ab577d2b0a3a0a8f) ### [aws-cloud-controller-manager](https://github.com/openshift/cloud-provider-aws/tree/f90fb443bc71b2319d8cce276b280c26d0f18fb7) * [OCPBUGS-32079](https://issues.redhat.com/browse/OCPBUGS-32079): update for CVE-2023-45288 [release-4.12] [#85](https://github.com/openshift/cloud-provider-aws/pull/85) * [OCPBUGS-20722](https://issues.redhat.com/browse/OCPBUGS-20722): Update golang.org/x/net to v0.17.0 [#55](https://github.com/openshift/cloud-provider-aws/pull/55) * [Full changelog](https://github.com/openshift/cloud-provider-aws/compare/7fb891f4a534ff4f0a12a50ca3e13db8833560be...f90fb443bc71b2319d8cce276b280c26d0f18fb7) ### [aws-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-aws/tree/16156accbe3b9bcedbe39ef988170e1f644fcd75) * [OCPBUGS-20810](https://issues.redhat.com/browse/OCPBUGS-20810): bump golang.org/x/net to v0.17.0 [#483](https://github.com/openshift/cluster-api-provider-aws/pull/483) * [OCPBUGS-15548](https://issues.redhat.com/browse/OCPBUGS-15548): Pass right SGs for IsExternallyManaged on creation [#469](https://github.com/openshift/cluster-api-provider-aws/pull/469) * [Full changelog](https://github.com/openshift/cluster-api-provider-aws/compare/15ff2acd6c2fa8b6220448669e5d27013abda669...16156accbe3b9bcedbe39ef988170e1f644fcd75) ### [aws-ebs-csi-driver](https://github.com/openshift/aws-ebs-csi-driver/tree/bbab20f9559a1be6f39fed8e604712d41f507b49) * [OCPBUGS-33457](https://issues.redhat.com/browse/OCPBUGS-33457): UPSTREAM: 1919: Add reserved-volume-attachments [#267](https://github.com/openshift/aws-ebs-csi-driver/pull/267) * [OCPBUGS-20919](https://issues.redhat.com/browse/OCPBUGS-20919): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#241](https://github.com/openshift/aws-ebs-csi-driver/pull/241) * [OCPBUGS-14281](https://issues.redhat.com/browse/OCPBUGS-14281): Volume unmount repeats after successful unmount, preventing pod delete [#226](https://github.com/openshift/aws-ebs-csi-driver/pull/226) * [Full changelog](https://github.com/openshift/aws-ebs-csi-driver/compare/15841171ef177fa651384e1dad16b53bcaf6e0ef...bbab20f9559a1be6f39fed8e604712d41f507b49) ### [aws-ebs-csi-driver-operator](https://github.com/openshift/aws-ebs-csi-driver-operator/tree/71bb7838f93bc88e679b0a967fbf1660cdf8aff1) * [OCPBUGS-33457](https://issues.redhat.com/browse/OCPBUGS-33457): Explicitly reserve 1 attachment for the root disk [#308](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/308) * [OCPBUGS-21018](https://issues.redhat.com/browse/OCPBUGS-21018): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#282](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/282) * [OCPBUGS-18417](https://issues.redhat.com/browse/OCPBUGS-18417): set TLS cipher suites in Kube RBAC sidecars [#265](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/265) * [OCPBUGS-13721](https://issues.redhat.com/browse/OCPBUGS-13721): assets/hypershift/controller_sa: Set controller ServiceAccount imagePullSecrets [#230](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/230) * 4.12: OCPBUGS-10646: 4.12 hypershift set control plane [#208](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/208) * [OCPBUGS-7892](https://issues.redhat.com/browse/OCPBUGS-7892): do not inject-proxy when deploying in hypershift control plane [#187](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/187) * [Full changelog](https://github.com/openshift/aws-ebs-csi-driver-operator/compare/6bd7afa3fae087853c0210050bdc981c899426c4...71bb7838f93bc88e679b0a967fbf1660cdf8aff1) ### [aws-machine-controllers](https://github.com/openshift/machine-api-provider-aws/tree/440886d004a6ecbc45d5bc04c2f703fb0efaa632) * [OCPBUGS-24564](https://issues.redhat.com/browse/OCPBUGS-24564): Reduce metrics cardinality [#97](https://github.com/openshift/machine-api-provider-aws/pull/97) * [OCPBUGS-21562](https://issues.redhat.com/browse/OCPBUGS-21562): Update golang.org/x/net to v0.17.0 [#90](https://github.com/openshift/machine-api-provider-aws/pull/90) * [Full changelog](https://github.com/openshift/machine-api-provider-aws/compare/b82e889d6eb39f72b0246175315ec0a7e5ac4126...440886d004a6ecbc45d5bc04c2f703fb0efaa632) ### [aws-pod-identity-webhook](https://github.com/openshift/aws-pod-identity-webhook/tree/31917a5f3e7557916b8e92a0a9ae529ab176f738) * [OCPBUGS-32880](https://issues.redhat.com/browse/OCPBUGS-32880): Upgrade go-jose module to 2.6.3 [#191](https://github.com/openshift/aws-pod-identity-webhook/pull/191) * [OCPBUGS-21312](https://issues.redhat.com/browse/OCPBUGS-21312): Upgrade golang/x/net for CVE-2023-39325 (4.12) [#185](https://github.com/openshift/aws-pod-identity-webhook/pull/185) * NO-ISSUE: Sync OWNERS with team members [#178](https://github.com/openshift/aws-pod-identity-webhook/pull/178) * NO-ISSUE: snyk: exclude vendor/ [#174](https://github.com/openshift/aws-pod-identity-webhook/pull/174) * [Full changelog](https://github.com/openshift/aws-pod-identity-webhook/compare/6197630be12b6a6df32f647e368e5664307fd04b...31917a5f3e7557916b8e92a0a9ae529ab176f738) ### [azure-cloud-controller-manager, azure-cloud-node-manager](https://github.com/openshift/cloud-provider-azure/tree/2193ccfa8575aeb0520a25b77ec963097a66cd6e) * [OCPBUGS-21401](https://issues.redhat.com/browse/OCPBUGS-21401): Bump golang.org/x/net to v0.18.0 [#95](https://github.com/openshift/cloud-provider-azure/pull/95) * [OCPBUGS-22832](https://issues.redhat.com/browse/OCPBUGS-22832): UPSTREAM: 2805: add disk lun check in AttachDisk to avoid race condition [#91](https://github.com/openshift/cloud-provider-azure/pull/91) * [OCPBUGS-17159](https://issues.redhat.com/browse/OCPBUGS-17159): Increase service idle max timeout to 100 minutes [#82](https://github.com/openshift/cloud-provider-azure/pull/82) * [Full changelog](https://github.com/openshift/cloud-provider-azure/compare/6ff1c8e52ad75cb72682b022952c174a41c1e471...2193ccfa8575aeb0520a25b77ec963097a66cd6e) ### [azure-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-azure/tree/a1b2a37b7d31951708a8f6e1db201fe0c1ff687a) * [OCPBUGS-36021](https://issues.redhat.com/browse/OCPBUGS-36021): Update go-retryablehttp to v0.7.7 [#315](https://github.com/openshift/cluster-api-provider-azure/pull/315) * [OCPBUGS-21489](https://issues.redhat.com/browse/OCPBUGS-21489): bump golang.org/x/net to v0.17.0 [#289](https://github.com/openshift/cluster-api-provider-azure/pull/289) * [Full changelog](https://github.com/openshift/cluster-api-provider-azure/compare/d1d4f7700ca6c2d576fe43c988222c62545cdb00...a1b2a37b7d31951708a8f6e1db201fe0c1ff687a) ### [azure-disk-csi-driver](https://github.com/openshift/azure-disk-csi-driver/tree/a930c89beac514d4d98f6055bf6cfe78eeec25a5) * [OCPBUGS-22941](https://issues.redhat.com/browse/OCPBUGS-22941): UPSTREAM: 1755: fix: detach disk failure when there is throttling [#62](https://github.com/openshift/azure-disk-csi-driver/pull/62) * [OCPBUGS-22832](https://issues.redhat.com/browse/OCPBUGS-22832): UPSTREAM: 2805: add disk lun check in AttachDisk to avoid race condition [#60](https://github.com/openshift/azure-disk-csi-driver/pull/60) * [OCPBUGS-20675](https://issues.redhat.com/browse/OCPBUGS-20675): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#56](https://github.com/openshift/azure-disk-csi-driver/pull/56) * [Full changelog](https://github.com/openshift/azure-disk-csi-driver/compare/ba10578832b8389cd81373ef72bcc3749094ed27...a930c89beac514d4d98f6055bf6cfe78eeec25a5) ### [azure-disk-csi-driver-operator](https://github.com/openshift/azure-disk-csi-driver-operator/tree/988b8cc8ead51c2904c6cb75446529bfe3674ee3) * [OCPBUGS-20749](https://issues.redhat.com/browse/OCPBUGS-20749): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#103](https://github.com/openshift/azure-disk-csi-driver-operator/pull/103) * [OCPBUGS-18417](https://issues.redhat.com/browse/OCPBUGS-18417): set TLS cipher suites in Kube RBAC sidecars [#95](https://github.com/openshift/azure-disk-csi-driver-operator/pull/95) * [OCPBUGS-7885](https://issues.redhat.com/browse/OCPBUGS-7885): Adjust client-side QPS, burst and worker threads in provisioner and attacher sidecars [#70](https://github.com/openshift/azure-disk-csi-driver-operator/pull/70) * [Full changelog](https://github.com/openshift/azure-disk-csi-driver-operator/compare/e4ed4ee1123d34a1183e4ccb8a31a57ea3237c4f...988b8cc8ead51c2904c6cb75446529bfe3674ee3) ### [azure-file-csi-driver](https://github.com/openshift/azure-file-csi-driver/tree/15aade4d58785b54ac732a660f1359132d27f9b9) * [OCPBUGS-20842](https://issues.redhat.com/browse/OCPBUGS-20842): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#39](https://github.com/openshift/azure-file-csi-driver/pull/39) * [Full changelog](https://github.com/openshift/azure-file-csi-driver/compare/746fab2b699a791064088a3544b8db06fbd50628...15aade4d58785b54ac732a660f1359132d27f9b9) ### [azure-file-csi-driver-operator](https://github.com/openshift/azure-file-csi-driver-operator/tree/060ba825fead5953bef544017ef4b3d0cbabe3e5) * [OCPBUGS-20946](https://issues.redhat.com/browse/OCPBUGS-20946): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#78](https://github.com/openshift/azure-file-csi-driver-operator/pull/78) * [OCPBUGS-18417](https://issues.redhat.com/browse/OCPBUGS-18417): set TLS cipher suites in Kube RBAC sidecars [#71](https://github.com/openshift/azure-file-csi-driver-operator/pull/71) * [Full changelog](https://github.com/openshift/azure-file-csi-driver-operator/compare/0a02fa02dd5623413d07c226987ac1d3181774fa...060ba825fead5953bef544017ef4b3d0cbabe3e5) ### [azure-machine-controllers](https://github.com/openshift/machine-api-provider-azure/tree/6b5bfffdcf6315871d6c296025db7d0812132868) * [OCPBUGS-36148](https://issues.redhat.com/browse/OCPBUGS-36148): Fix mapi_instance_create_failed metric with accelerated networking [#115](https://github.com/openshift/machine-api-provider-azure/pull/115) * [OCPBUGS-30809](https://issues.redhat.com/browse/OCPBUGS-30809): Don't create availability set when using spot instances [#105](https://github.com/openshift/machine-api-provider-azure/pull/105) * [OCPBUGS-24564](https://issues.redhat.com/browse/OCPBUGS-24564): Reduce cardinality [#97](https://github.com/openshift/machine-api-provider-azure/pull/97) * [OCPBUGS-20741](https://issues.redhat.com/browse/OCPBUGS-20741): Bump x/net package to v0.18.0 [#84](https://github.com/openshift/machine-api-provider-azure/pull/84) * [OCPBUGS-19549](https://issues.redhat.com/browse/OCPBUGS-19549), [OCPBUGS-22247](https://issues.redhat.com/browse/OCPBUGS-22247): Fix empty clusterName references for GenerateMachinePublicIPName [#82](https://github.com/openshift/machine-api-provider-azure/pull/82) * [OCPBUGS-17960](https://issues.redhat.com/browse/OCPBUGS-17960): Machine Actuator should not set metadata.name [#71](https://github.com/openshift/machine-api-provider-azure/pull/71) * [OCPBUGS-17221](https://issues.redhat.com/browse/OCPBUGS-17221): Add user defined Tags to NIC Azure resources [#69](https://github.com/openshift/machine-api-provider-azure/pull/69) * [Full changelog](https://github.com/openshift/machine-api-provider-azure/compare/cfb76acd1429fa8be4925cf15789f1dc62252d7f...6b5bfffdcf6315871d6c296025db7d0812132868) ### [baremetal-installer, installer, installer-artifacts](https://github.com/openshift/installer/tree/798aeaaf61fbc22669b6bad2edc058ea6949d733) * [OCPBUGS-36087](https://issues.redhat.com/browse/OCPBUGS-36087): [release-4.12]: bump go-retryablehttp for CVE fix [#8660](https://github.com/openshift/installer/pull/8660) * [OCPBUGS-39290](https://issues.redhat.com/browse/OCPBUGS-39290): Add yq v4 to ci image [#8929](https://github.com/openshift/installer/pull/8929) * [OCPBUGS-36179](https://issues.redhat.com/browse/OCPBUGS-36179): [release-4.12]: bump github.com/container/images for CVE fix [#8663](https://github.com/openshift/installer/pull/8663) * [OCPBUGS-22981](https://issues.redhat.com/browse/OCPBUGS-22981): IBMCloud: Add eu-es region [#7686](https://github.com/openshift/installer/pull/7686) * [OCPBUGS-30630](https://issues.redhat.com/browse/OCPBUGS-30630): baremetal: populate customDeploy in advance [#8144](https://github.com/openshift/installer/pull/8144) * [OCPBUGS-32449](https://issues.redhat.com/browse/OCPBUGS-32449): Updated libvirt installer to include multi-arch yq and symlink for backwards compatibility [#8290](https://github.com/openshift/installer/pull/8290) * [OCPBUGS-30768](https://issues.redhat.com/browse/OCPBUGS-30768): update RHCOS 4.12 bootimage metadata to 412.86.202402272018-0 [#8140](https://github.com/openshift/installer/pull/8140) * [OCPBUGS-30134](https://issues.redhat.com/browse/OCPBUGS-30134): [release-4.12] bump containerd for vulnerability fix [#8091](https://github.com/openshift/installer/pull/8091) * [OCPBUGS-27454](https://issues.redhat.com/browse/OCPBUGS-27454): baremetal: correct external_http_url for v6-only BMCs [#7900](https://github.com/openshift/installer/pull/7900) * [OCPBUGS-25593](https://issues.redhat.com/browse/OCPBUGS-25593): [release-4.12] OCPBUGS-16640: Update azure cli version to 2.49.0 [#7849](https://github.com/openshift/installer/pull/7849) * [OCPBUGS-23184](https://issues.redhat.com/browse/OCPBUGS-23184): azure: validation: validate defaultMachinePlatform [#7709](https://github.com/openshift/installer/pull/7709) * [OCPBUGS-25476](https://issues.redhat.com/browse/OCPBUGS-25476): destroy: gcp: fix destroying regional disks [#7845](https://github.com/openshift/installer/pull/7845) * [OCPBUGS-23302](https://issues.redhat.com/browse/OCPBUGS-23302): images: installer: add xz to the container [#7726](https://github.com/openshift/installer/pull/7726) * [OCPBUGS-23379](https://issues.redhat.com/browse/OCPBUGS-23379): images: update govc image in upi-installer [#7739](https://github.com/openshift/installer/pull/7739) * [OCPBUGS-22116](https://issues.redhat.com/browse/OCPBUGS-22116): Add KMS encryption keys if provided [#7769](https://github.com/openshift/installer/pull/7769) * [OCPBUGS-23329](https://issues.redhat.com/browse/OCPBUGS-23329): Specify google cloud CLI to version 447.0.0 [#7731](https://github.com/openshift/installer/pull/7731) * [OCPBUGS-22933](https://issues.redhat.com/browse/OCPBUGS-22933): [release-4.12]: vsphere: fix validation of CPUS and CoresPerSocket [#7677](https://github.com/openshift/installer/pull/7677) * [OCPBUGS-13288](https://issues.redhat.com/browse/OCPBUGS-13288): use python3 for cloud sdk [#7170](https://github.com/openshift/installer/pull/7170) * [OCPBUGS-18645](https://issues.redhat.com/browse/OCPBUGS-18645): new Aws secret regions support [#7473](https://github.com/openshift/installer/pull/7473) * [OCPBUGS-22288](https://issues.redhat.com/browse/OCPBUGS-22288): Don't log password values [#7627](https://github.com/openshift/installer/pull/7627) * [OCPBUGS-18644](https://issues.redhat.com/browse/OCPBUGS-18644): terraform: aws: secret regions now support ALIAS record [#7472](https://github.com/openshift/installer/pull/7472) * [OCPBUGS-17651](https://issues.redhat.com/browse/OCPBUGS-17651): Validate that the rendevousIP is assigned to a master [#7416](https://github.com/openshift/installer/pull/7416) * [OCPBUGS-20145](https://issues.redhat.com/browse/OCPBUGS-20145): [release-4.12] Use updated ansible-core for Openstack image [#7560](https://github.com/openshift/installer/pull/7560) * [OCPBUGS-18646](https://issues.redhat.com/browse/OCPBUGS-18646): Allow destroy for C2S isolated (us-iso and us-isob) partitions [#7474](https://github.com/openshift/installer/pull/7474) * [OCPBUGS-10992](https://issues.redhat.com/browse/OCPBUGS-10992): bootstrap-pivot: skip pivot in SCOS Live ISO [#7035](https://github.com/openshift/installer/pull/7035) * [CORS-2792](https://issues.redhat.com/browse/CORS-2792): AWS Shared VPC Backport [release-4.12] [#7435](https://github.com/openshift/installer/pull/7435) * [OCPBUGS-18320](https://issues.redhat.com/browse/OCPBUGS-18320): CORS-2445: GCP: Add osImage to the install config [#7454](https://github.com/openshift/installer/pull/7454) * [OCPBUGS-17404](https://issues.redhat.com/browse/OCPBUGS-17404): backport openstack UPI for ansible 2.10 [#7399](https://github.com/openshift/installer/pull/7399) * [OCPBUGS-16778](https://issues.redhat.com/browse/OCPBUGS-16778): bump RHCOS 4.12 bootimage metadata to 412.86.202308081039-0 [#7420](https://github.com/openshift/installer/pull/7420) * [OCPBUGS-17467](https://issues.redhat.com/browse/OCPBUGS-17467): Allow override of networkType [#7406](https://github.com/openshift/installer/pull/7406) * [OCPBUGS-17174](https://issues.redhat.com/browse/OCPBUGS-17174): Set AdditionalTrustBundle in override when mirroring not enabled [#7386](https://github.com/openshift/installer/pull/7386) * [OCPBUGS-16382](https://issues.redhat.com/browse/OCPBUGS-16382): azure: skip LB creation when not needed [#7342](https://github.com/openshift/installer/pull/7342) * [OCPBUGS-14868](https://issues.redhat.com/browse/OCPBUGS-14868): Shorten SNO installation duration by releasing CPC lease [#7242](https://github.com/openshift/installer/pull/7242) * [OCPBUGS-14495](https://issues.redhat.com/browse/OCPBUGS-14495): Support /dev/disk/by-path root device hints [#7227](https://github.com/openshift/installer/pull/7227) * [OCPBUGS-16151](https://issues.redhat.com/browse/OCPBUGS-16151): ic: azure: validate diskTypes in AzureStack [#7331](https://github.com/openshift/installer/pull/7331) * [OCPBUGS-11199](https://issues.redhat.com/browse/OCPBUGS-11199): azure: upi: use Image Gallery in ARM templates [#7054](https://github.com/openshift/installer/pull/7054) * [OCPBUGS-13940](https://issues.redhat.com/browse/OCPBUGS-13940): bump RHCOS 4.12 bootimage metadata to 412.86.202306132230-0 [#7249](https://github.com/openshift/installer/pull/7249) * [OCPBUGS-14664](https://issues.redhat.com/browse/OCPBUGS-14664): Shorten SNO installation duration by releasing CVO lease [#7235](https://github.com/openshift/installer/pull/7235) * [OCPBUGS-7400](https://issues.redhat.com/browse/OCPBUGS-7400): Check for AWS STS installation before trying to get all IAM Roles [#7175](https://github.com/openshift/installer/pull/7175) * [OCPBUGS-13819](https://issues.redhat.com/browse/OCPBUGS-13819): Bootstrap on aws should have same metadata service type as on other nodes [#7196](https://github.com/openshift/installer/pull/7196) * [OCPBUGS-12202](https://issues.redhat.com/browse/OCPBUGS-12202): Relax vsphere, nutanix VIP validation [#7116](https://github.com/openshift/installer/pull/7116) * [OCPBUGS-7551](https://issues.redhat.com/browse/OCPBUGS-7551): vSphere - ignore all bootstrap disk changes [#6860](https://github.com/openshift/installer/pull/6860) * [OCPBUGS-14014](https://issues.redhat.com/browse/OCPBUGS-14014): Do not always output warning msg when releaseImage is digest [#7202](https://github.com/openshift/installer/pull/7202) * [OCPBUGS-13052](https://issues.redhat.com/browse/OCPBUGS-13052): bump RHCOS 4.12 bootimage metadata [#7164](https://github.com/openshift/installer/pull/7164) * [OCPBUGS-12956](https://issues.redhat.com/browse/OCPBUGS-12956): openstack: Add netcat to the Installer image [#7148](https://github.com/openshift/installer/pull/7148) * [OCPBUGS-12749](https://issues.redhat.com/browse/OCPBUGS-12749): [Alibaba] update the bandwidth value of EIP [#7131](https://github.com/openshift/installer/pull/7131) * [OCPBUGS-7400](https://issues.redhat.com/browse/OCPBUGS-7400): Check for AWS STS installation before trying to get all IAM Roles [#7141](https://github.com/openshift/installer/pull/7141) * [OCPBUGS-11360](https://issues.redhat.com/browse/OCPBUGS-11360): Use 100 GB as minimum disk size in validations [#7065](https://github.com/openshift/installer/pull/7065) * [OCPBUGS-11662](https://issues.redhat.com/browse/OCPBUGS-11662): AWS - Remove ACLs from s3 ign [#7084](https://github.com/openshift/installer/pull/7084) * [OCPBUGS-11208](https://issues.redhat.com/browse/OCPBUGS-11208): GCP: add europe-west12 region to the survey as supported region [#7055](https://github.com/openshift/installer/pull/7055) * [OCPBUGS-11108](https://issues.redhat.com/browse/OCPBUGS-11108): Kubelet Client Cert should include system:serviceaccounts group [#7050](https://github.com/openshift/installer/pull/7050) * [OCPBUGS-8384](https://issues.redhat.com/browse/OCPBUGS-8384): Specify filename for default registries.conf [#6941](https://github.com/openshift/installer/pull/6941) * [OCPBUGS-10904](https://issues.redhat.com/browse/OCPBUGS-10904): IBMCloud: Fix SSH Private bootstrap [#7028](https://github.com/openshift/installer/pull/7028) * [OCPBUGS-10905](https://issues.redhat.com/browse/OCPBUGS-10905): IBMCloud set dnsrecords offset [#7029](https://github.com/openshift/installer/pull/7029) * [OCPBUGS-10740](https://issues.redhat.com/browse/OCPBUGS-10740): bump RHCOS 4.12 bootimage metadata [#7019](https://github.com/openshift/installer/pull/7019) * [OCPBUGS-7481](https://issues.redhat.com/browse/OCPBUGS-7481): Fix file check for loading openshift manifests [#6907](https://github.com/openshift/installer/pull/6907) * [OCPBUGS-10497](https://issues.redhat.com/browse/OCPBUGS-10497): [release-4.12] aws: bump aws-sdk-go version [#6985](https://github.com/openshift/installer/pull/6985) * [OCPBUGS-10439](https://issues.redhat.com/browse/OCPBUGS-10439): Sort userTags in Machine and Machineset manifests [#6984](https://github.com/openshift/installer/pull/6984) * [OCPBUGS-7469](https://issues.redhat.com/browse/OCPBUGS-7469): [release-4.12] GCP XPN Featuregates [#6851](https://github.com/openshift/installer/pull/6851) * [OCPBUGS-7063](https://issues.redhat.com/browse/OCPBUGS-7063): vSphere - Remove regexs in terraform ova import [#6868](https://github.com/openshift/installer/pull/6868) * [OCPBUGS-8658](https://issues.redhat.com/browse/OCPBUGS-8658): Pass Capabilites from install-config to cluster [#6947](https://github.com/openshift/installer/pull/6947) * [OCPBUGS-7594](https://issues.redhat.com/browse/OCPBUGS-7594): fully qualified username must be provided [#6864](https://github.com/openshift/installer/pull/6864) * [OCPBUGS-7746](https://issues.redhat.com/browse/OCPBUGS-7746): Convert platform type for AgentClusterInstall [#6878](https://github.com/openshift/installer/pull/6878) * [OCPBUGS-8015](https://issues.redhat.com/browse/OCPBUGS-8015): make VIP 168.63.129.16 noProxy in all clouds except Public [#6909](https://github.com/openshift/installer/pull/6909) * [OCPBUGS-6087](https://issues.redhat.com/browse/OCPBUGS-6087): Warn if agent assets detected when using non-agent waitfor [#6788](https://github.com/openshift/installer/pull/6788) * [OCPBUGS-7607](https://issues.redhat.com/browse/OCPBUGS-7607): IBMCloud: Handle COS reclamations [#6867](https://github.com/openshift/installer/pull/6867) * [OCPBUGS-7529](https://issues.redhat.com/browse/OCPBUGS-7529): bump RHCOS 4.12 bootimage metadata [#6873](https://github.com/openshift/installer/pull/6873) * [OCPBUGS-7521](https://issues.redhat.com/browse/OCPBUGS-7521): Update AgentConfig template [#6857](https://github.com/openshift/installer/pull/6857) * [OCPBUGS-5992](https://issues.redhat.com/browse/OCPBUGS-5992): azure: validate Windows-only VM types [#6780](https://github.com/openshift/installer/pull/6780) * [OCPBUGS-6991](https://issues.redhat.com/browse/OCPBUGS-6991): Don't require vSphere details for agent installer [#6826](https://github.com/openshift/installer/pull/6826) * [OCPBUGS-6807](https://issues.redhat.com/browse/OCPBUGS-6807): Check platform baremetal settings against default values [#6815](https://github.com/openshift/installer/pull/6815) * [OCPBUGS-7103](https://issues.redhat.com/browse/OCPBUGS-7103): Set the configured proxy settings for agent installer [#6830](https://github.com/openshift/installer/pull/6830) * [OCPBUGS-7131](https://issues.redhat.com/browse/OCPBUGS-7131): bootstrap: set 0644 mode for registries.conf [#6804](https://github.com/openshift/installer/pull/6804) * [OCPBUGS-5960](https://issues.redhat.com/browse/OCPBUGS-5960): bump RHCOS 4.12 bootimage metadata [#6791](https://github.com/openshift/installer/pull/6791) * [OCPBUGS-5996](https://issues.redhat.com/browse/OCPBUGS-5996): vsphere: set default resource pool when missing failure domain topology [#6781](https://github.com/openshift/installer/pull/6781) * [OCPBUGS-5667](https://issues.redhat.com/browse/OCPBUGS-5667): CVE-2021-4238: goutils: update for randomness fix [#6764](https://github.com/openshift/installer/pull/6764) * [OCPBUGS-5782](https://issues.redhat.com/browse/OCPBUGS-5782): CVE-2021-4235: Denial of Service in go-yaml [#6769](https://github.com/openshift/installer/pull/6769) * [OCPBUGS-6052](https://issues.redhat.com/browse/OCPBUGS-6052): validate additional confidential VM types [#6785](https://github.com/openshift/installer/pull/6785) * [OCPBUGS-4895](https://issues.redhat.com/browse/OCPBUGS-4895): Set ip=dhcp,dhcp6 for master nodes on dualstack [#6706](https://github.com/openshift/installer/pull/6706) * [OCPBUGS-6015](https://issues.redhat.com/browse/OCPBUGS-6015): fail to create install-config.yaml as apiVIP and ingress VIP are not in machine networks [#6783](https://github.com/openshift/installer/pull/6783) * [OCPBUGS-5844](https://issues.redhat.com/browse/OCPBUGS-5844): Update FCOS to latest 37.20221127.3.0 stable [#6773](https://github.com/openshift/installer/pull/6773) * [OCPBUGS-5764](https://issues.redhat.com/browse/OCPBUGS-5764): Expose Azure useImageGallery parameter in the MachineSets() call [#6753](https://github.com/openshift/installer/pull/6753) * [OCPBUGS-4460](https://issues.redhat.com/browse/OCPBUGS-4460): hold bootkube service until bootstrap has pivoted [#6661](https://github.com/openshift/installer/pull/6661) * [OCPBUGS-5513](https://issues.redhat.com/browse/OCPBUGS-5513): Update Azure SDK to v63.1.0+incompatible [release-4.12] [#6751](https://github.com/openshift/installer/pull/6751) * [OCPBUGS-4649](https://issues.redhat.com/browse/OCPBUGS-4649): Report agent installation problems on the console [#6680](https://github.com/openshift/installer/pull/6680) * [Full changelog](https://github.com/openshift/installer/compare/ba940311c8cb2a07173725e5c2f668df7c61924c...798aeaaf61fbc22669b6bad2edc058ea6949d733) ### [baremetal-machine-controllers](https://github.com/openshift/cluster-api-provider-baremetal/tree/24a47014aa42d649008687c5bd81771d6477c33c) * [OCPBUGS-21700](https://issues.redhat.com/browse/OCPBUGS-21700): Uplift x/net to v0.17.0 [#200](https://github.com/openshift/cluster-api-provider-baremetal/pull/200) * [Full changelog](https://github.com/openshift/cluster-api-provider-baremetal/compare/63dcaf1e98d673ac1c00bcb0119397c7fb1d3ef4...24a47014aa42d649008687c5bd81771d6477c33c) ### [baremetal-operator](https://github.com/openshift/baremetal-operator/tree/9152e200990c26194a70c25033a71583e2775066) * [OCPBUGS-30630](https://issues.redhat.com/browse/OCPBUGS-30630): Do not update instance_info and deploy_interface for active nodes [#338](https://github.com/openshift/baremetal-operator/pull/338) * [OCPBUGS-24490](https://issues.redhat.com/browse/OCPBUGS-24490): backport: Delay delete of detached hosts [#326](https://github.com/openshift/baremetal-operator/pull/326) * [OCPBUGS-23291](https://issues.redhat.com/browse/OCPBUGS-23291): hack for deploying V6-only clusters from dualstack hubs [#320](https://github.com/openshift/baremetal-operator/pull/320) * [OCPBUGS-21154](https://issues.redhat.com/browse/OCPBUGS-21154): Uplift x/net to v0.17.0 [#310](https://github.com/openshift/baremetal-operator/pull/310) * [OCPBUGS-17703](https://issues.redhat.com/browse/OCPBUGS-17703): Trigger reconcile on Secret change [#298](https://github.com/openshift/baremetal-operator/pull/298) * [OCPBUGS-17459](https://issues.redhat.com/browse/OCPBUGS-17459): Set minimum TLS version for webhook to 1.2 [#297](https://github.com/openshift/baremetal-operator/pull/297) * [OCPBUGS-14188](https://issues.redhat.com/browse/OCPBUGS-14188): Deleting unmanaged BMH get stuck fix [#283](https://github.com/openshift/baremetal-operator/pull/283) * [OCPBUGS-13530](https://issues.redhat.com/browse/OCPBUGS-13530): Support /dev/disk/by-path root device hints [#278](https://github.com/openshift/baremetal-operator/pull/278) * [OCPBUGS-12175](https://issues.redhat.com/browse/OCPBUGS-12175): Revert live-iso validation [#269](https://github.com/openshift/baremetal-operator/pull/269) * [OCPBUGS-9955](https://issues.redhat.com/browse/OCPBUGS-9955): allow namespace to continue with terminating when deprovisioning a bmh [#258](https://github.com/openshift/baremetal-operator/pull/258) * [Full changelog](https://github.com/openshift/baremetal-operator/compare/a5af4fc968cbfb7702c1422950c00168bd8d2564...9152e200990c26194a70c25033a71583e2775066) ### [baremetal-runtimecfg](https://github.com/openshift/baremetal-runtimecfg/tree/474ed48e840fdb7bf859d769cd673b29705a7b91) * [OCPBUGS-26930](https://issues.redhat.com/browse/OCPBUGS-26930): Add .snyk file to ignore vendor and test files [#296](https://github.com/openshift/baremetal-runtimecfg/pull/296) * [OCPBUGS-20127](https://issues.redhat.com/browse/OCPBUGS-20127): Increase timeout for bootstrap kubeapi [#279](https://github.com/openshift/baremetal-runtimecfg/pull/279) * [OCPBUGS-18606](https://issues.redhat.com/browse/OCPBUGS-18606): Move haproxy firewall rule check earlier in loop [#272](https://github.com/openshift/baremetal-runtimecfg/pull/272) * [OCPBUGS-17715](https://issues.redhat.com/browse/OCPBUGS-17715): Don't render config with incomplete unicast peer list [#268](https://github.com/openshift/baremetal-runtimecfg/pull/268) * [OCPBUGS-15315](https://issues.redhat.com/browse/OCPBUGS-15315): Use machine-config state instead of comparing roles [#262](https://github.com/openshift/baremetal-runtimecfg/pull/262) * [OCPBUGS-12805](https://issues.redhat.com/browse/OCPBUGS-12805): Make nested dual stack VIP configs respect EnableUnicast [#240](https://github.com/openshift/baremetal-runtimecfg/pull/240) * [OCPBUGS-13405](https://issues.redhat.com/browse/OCPBUGS-13405): Verify kubelet version in upgrade check [#249](https://github.com/openshift/baremetal-runtimecfg/pull/249) * [OCPBUGS-11145](https://issues.redhat.com/browse/OCPBUGS-11145): fix isUpgradeStillRunning() [#232](https://github.com/openshift/baremetal-runtimecfg/pull/232) * [OCPBUGS-5743](https://issues.redhat.com/browse/OCPBUGS-5743): If primary ip address was already created no need to choose new ip [#214](https://github.com/openshift/baremetal-runtimecfg/pull/214) * [Full changelog](https://github.com/openshift/baremetal-runtimecfg/compare/4d2e37f2e59877c1bdf94279fe18622a439821c5...474ed48e840fdb7bf859d769cd673b29705a7b91) ### [cli, cli-artifacts, deployer, tools](https://github.com/openshift/oc/tree/d691257345aeeec951c763e11658a944037f9b39) * [OCPBUGS-30289](https://issues.redhat.com/browse/OCPBUGS-30289): oc adm catalog mirror: use ToSlash and FromSlash to unify the path separators [#1701](https://github.com/openshift/oc/pull/1701) * [OCPBUGS-25642](https://issues.redhat.com/browse/OCPBUGS-25642): Add client version in must-gather summary [#1639](https://github.com/openshift/oc/pull/1639) * [OCPBUGS-24462](https://issues.redhat.com/browse/OCPBUGS-24462): Overwrite template's namespace with the explicit one [#1618](https://github.com/openshift/oc/pull/1618) * [OCPBUGS-23222](https://issues.redhat.com/browse/OCPBUGS-23222): regeneratemco: explicitly check for PlatformStatus field [#1598](https://github.com/openshift/oc/pull/1598) * [OCPBUGS-20248](https://issues.redhat.com/browse/OCPBUGS-20248): oc process: Set original namespace if it differs [#1560](https://github.com/openshift/oc/pull/1560) * [OCPBUGS-20291](https://issues.redhat.com/browse/OCPBUGS-20291): Truncate existing files when writing from inspect [#1563](https://github.com/openshift/oc/pull/1563) * [OCPBUGS-20299](https://issues.redhat.com/browse/OCPBUGS-20299): Use quay redis image instead docker mysql [#1567](https://github.com/openshift/oc/pull/1567) * [OCPBUGS-16173](https://issues.redhat.com/browse/OCPBUGS-16173): Add tls-server-name when property exists in kubeconfig [#1507](https://github.com/openshift/oc/pull/1507) * [OCPBUGS-1283](https://issues.redhat.com/browse/OCPBUGS-1283): Bump golang.org/x dependencies [#1421](https://github.com/openshift/oc/pull/1421) * [OCPBUGS-16056](https://issues.redhat.com/browse/OCPBUGS-16056): mcs cert: account for environments that use IP directly [#1501](https://github.com/openshift/oc/pull/1501) * [OCPBUGS-16194](https://issues.redhat.com/browse/OCPBUGS-16194): reboot: set ignition version to 3.1 [#1509](https://github.com/openshift/oc/pull/1509) * handle the error case of node retrieval while waiting for reboot [#1485](https://github.com/openshift/oc/pull/1485) * bring some cert rotation helpers back into 4.12 [fix unit-tests] [#1478](https://github.com/openshift/oc/pull/1478) * [OCPBUGS-14647](https://issues.redhat.com/browse/OCPBUGS-14647): [release-4.12] Do not set master node selector if there's no masters [#1366](https://github.com/openshift/oc/pull/1366) * [OCPBUGS-14236](https://issues.redhat.com/browse/OCPBUGS-14236): Remove closed centos7 registry from newapp unit tests [#1434](https://github.com/openshift/oc/pull/1434) * [OCPBUGS-10774](https://issues.redhat.com/browse/OCPBUGS-10774): bump repo sclorg/s2i-ruby-container location for newapp test [#1382](https://github.com/openshift/oc/pull/1382) * [OCPBUGS-7960](https://issues.redhat.com/browse/OCPBUGS-7960): pkg/cli/admin/upgrade/channel: Use PATCH instead of POST for spec updates [#1354](https://github.com/openshift/oc/pull/1354) * [OCPBUGS-6600](https://issues.redhat.com/browse/OCPBUGS-6600): Fix kube version from 1.24.1 to 1.25.2 [#1327](https://github.com/openshift/oc/pull/1327) * [Full changelog](https://github.com/openshift/oc/compare/854f807d8a84dde710c062a5281bca5bc07cb562...d691257345aeeec951c763e11658a944037f9b39) ### [cloud-credential-operator](https://github.com/openshift/cloud-credential-operator/tree/7a0370568a558c37e63cebc095c9e5b913dfedf6) * [OCPBUGS-37322](https://issues.redhat.com/browse/OCPBUGS-37322): update modules: grpc, protobuf, logrus [#764](https://github.com/openshift/cloud-credential-operator/pull/764) * [OCPBUGS-42166](https://issues.redhat.com/browse/OCPBUGS-42166): Resolve SNYK errors in security job. [#760](https://github.com/openshift/cloud-credential-operator/pull/760) * [OCPBUGS-37422](https://issues.redhat.com/browse/OCPBUGS-37422): SNYK ignore go-client misreporting [#744](https://github.com/openshift/cloud-credential-operator/pull/744) * NO-JIRA: Add jstuever to OWNERS [#733](https://github.com/openshift/cloud-credential-operator/pull/733) * [OCPBUGS-36027](https://issues.redhat.com/browse/OCPBUGS-36027): IBM/go-sdk-core update to v5.17.4 [#723](https://github.com/openshift/cloud-credential-operator/pull/723) * [OCPBUGS-32897](https://issues.redhat.com/browse/OCPBUGS-32897): Upgrade go-jose module to 2.6.3 [#699](https://github.com/openshift/cloud-credential-operator/pull/699) * [OCPBUGS-21348](https://issues.redhat.com/browse/OCPBUGS-21348): Upgrade golang/x/net for CVE-2023-39325 [#624](https://github.com/openshift/cloud-credential-operator/pull/624) * NO-ISSUE: snyk: exclude vendor/ [#619](https://github.com/openshift/cloud-credential-operator/pull/619) * NO-ISSUE: Removing andrew from OWNERS [#618](https://github.com/openshift/cloud-credential-operator/pull/618) * [OCPBUGS-13739](https://issues.redhat.com/browse/OCPBUGS-13739): Determine AWS partition based on region for readOnlyAnonUserPolicyTemplate bucket ARN. [#539](https://github.com/openshift/cloud-credential-operator/pull/539) * [OCPBUGS-11707](https://issues.redhat.com/browse/OCPBUGS-11707): ccoctl: Enable public anon read access to default OIDC S3 bucket [#529](https://github.com/openshift/cloud-credential-operator/pull/529) * [Full changelog](https://github.com/openshift/cloud-credential-operator/compare/3eb4889e9720647e6d3cd4653a3bca0d5a085afd...7a0370568a558c37e63cebc095c9e5b913dfedf6) ### [cloud-network-config-controller](https://github.com/openshift/cloud-network-config-controller/tree/c086bed76ee3d3b3fe9f516f873414e7b4348acd) * [OCPBUGS-33198](https://issues.redhat.com/browse/OCPBUGS-33198): Avoid nil pointer panic while assigning private IP on Azure [#141](https://github.com/openshift/cloud-network-config-controller/pull/141) * [OCPBUGS-22949](https://issues.redhat.com/browse/OCPBUGS-22949): Azure: skip backend pool if attached to an outbound rule [#128](https://github.com/openshift/cloud-network-config-controller/pull/128) * [OCPBUGS-16325](https://issues.redhat.com/browse/OCPBUGS-16325): Azure: Handle already existing IP configurations [#117](https://github.com/openshift/cloud-network-config-controller/pull/117) * [OCPBUGS-14717](https://issues.redhat.com/browse/OCPBUGS-14717): increase GCP egress ip capacity to 100 from 10 [#114](https://github.com/openshift/cloud-network-config-controller/pull/114) * [OCPBUGS-13802](https://issues.redhat.com/browse/OCPBUGS-13802): sync CloudPrivateIpConfig when node is missing [#112](https://github.com/openshift/cloud-network-config-controller/pull/112) * [OCPBUGS-13183](https://issues.redhat.com/browse/OCPBUGS-13183): pull project name from subnet uri [#108](https://github.com/openshift/cloud-network-config-controller/pull/108) * [Full changelog](https://github.com/openshift/cloud-network-config-controller/compare/e613bcbce51f15e41f9b77becd5598877a7cfa1d...c086bed76ee3d3b3fe9f516f873414e7b4348acd) ### [cluster-authentication-operator](https://github.com/openshift/cluster-authentication-operator/tree/4f7f6b1af4b674b24270e65c40728b19071ab3e3) * [OCPBUGS-20683](https://issues.redhat.com/browse/OCPBUGS-20683): CVE 2023 39325 [4.12] [#653](https://github.com/openshift/cluster-authentication-operator/pull/653) * [OCPBUGS-22689](https://issues.redhat.com/browse/OCPBUGS-22689): increase timeout for probes [#639](https://github.com/openshift/cluster-authentication-operator/pull/639) * [OCPBUGS-13346](https://issues.redhat.com/browse/OCPBUGS-13346): dont log jwt tokens [#622](https://github.com/openshift/cluster-authentication-operator/pull/622) * [Full changelog](https://github.com/openshift/cluster-authentication-operator/compare/bb764848318a3f33275b75229a734e8bda5f471c...4f7f6b1af4b674b24270e65c40728b19071ab3e3) ### [cluster-autoscaler](https://github.com/openshift/kubernetes-autoscaler/tree/f4975eeb107b16df2d7138c85348388daba97a74) * [OCPBUGS-40928](https://issues.redhat.com/browse/OCPBUGS-40928): update VPA golang.org/x/net for http rapid reset for CVE-2024-8421 [#318](https://github.com/openshift/kubernetes-autoscaler/pull/318) * [OCPBUGS-30911](https://issues.redhat.com/browse/OCPBUGS-30911): Fix unstructured taint parsing in Cluster API provider [#291](https://github.com/openshift/kubernetes-autoscaler/pull/291) * [OCPBUGS-23274](https://issues.redhat.com/browse/OCPBUGS-23274): Rebase 4.12 branch onto cluster autoscaler 1.25.3 [#267](https://github.com/openshift/kubernetes-autoscaler/pull/267) * [Full changelog](https://github.com/openshift/kubernetes-autoscaler/compare/6ab8e62b7089dabaded0de89be3a9621f92b7653...f4975eeb107b16df2d7138c85348388daba97a74) ### [cluster-autoscaler-operator](https://github.com/openshift/cluster-autoscaler-operator/tree/29a6e57c10cf027f5f04e9bcb2e8842497f63bf6) * [OCPBUGS-32005](https://issues.redhat.com/browse/OCPBUGS-32005): Update x/net to v0.25.0 [#325](https://github.com/openshift/cluster-autoscaler-operator/pull/325) * [OCPBUGS-20754](https://issues.redhat.com/browse/OCPBUGS-20754): Bump x/net package to v0.18.0 [#300](https://github.com/openshift/cluster-autoscaler-operator/pull/300) * [Full changelog](https://github.com/openshift/cluster-autoscaler-operator/compare/8b2322559f794ffcb4580a9c11c3b5e16fc8e306...29a6e57c10cf027f5f04e9bcb2e8842497f63bf6) ### [cluster-baremetal-operator](https://github.com/openshift/cluster-baremetal-operator/tree/537a74cd0b0cc48189684a273013c32d1269ddd9) * [OCPBUGS-32006](https://issues.redhat.com/browse/OCPBUGS-32006): bump x/net to 0.23.0 [#440](https://github.com/openshift/cluster-baremetal-operator/pull/440) * [OCPBUGS-23291](https://issues.redhat.com/browse/OCPBUGS-23291): hack for deploying V6-only clusters from dualstack hubs [#389](https://github.com/openshift/cluster-baremetal-operator/pull/389) * [OCPBUGS-20845](https://issues.redhat.com/browse/OCPBUGS-20845): Uplift x/net to v0.17.0 [#371](https://github.com/openshift/cluster-baremetal-operator/pull/371) * [OCPBUGS-19557](https://issues.redhat.com/browse/OCPBUGS-19557): Guard against nil PlatformStatus [#367](https://github.com/openshift/cluster-baremetal-operator/pull/367) * [OCPBUGS-16169](https://issues.redhat.com/browse/OCPBUGS-16169): use proxying for inspector in addition to ironic [#349](https://github.com/openshift/cluster-baremetal-operator/pull/349) * [OCPBUGS-15715](https://issues.redhat.com/browse/OCPBUGS-15715): Limit role binding to openshift-machine-api namespace [#347](https://github.com/openshift/cluster-baremetal-operator/pull/347) * [OCPBUGS-7585](https://issues.redhat.com/browse/OCPBUGS-7585): also use BMH.ConsumerRef for linking to master Machines [#326](https://github.com/openshift/cluster-baremetal-operator/pull/326) * [Full changelog](https://github.com/openshift/cluster-baremetal-operator/compare/047391f09c68b3bb259262012693913af50c13a6...537a74cd0b0cc48189684a273013c32d1269ddd9) ### [cluster-bootstrap](https://github.com/openshift/cluster-bootstrap/tree/138a1cf2b98578acb4ccf098736bdf08614d2d6a) * [OCPBUGS-14386](https://issues.redhat.com/browse/OCPBUGS-14386): Update dependencies and image [#91](https://github.com/openshift/cluster-bootstrap/pull/91) * Add API team to the OWNERS [#97](https://github.com/openshift/cluster-bootstrap/pull/97) * [Full changelog](https://github.com/openshift/cluster-bootstrap/compare/f22d1c60c188a4b5ce1731a8b1db7c20067dc7e9...138a1cf2b98578acb4ccf098736bdf08614d2d6a) ### [cluster-capi-controllers](https://github.com/openshift/cluster-api/tree/03d89f216e0f2c3e1b2a647b0e37d52bbfdaefee) * [OCPBUGS-21521](https://issues.redhat.com/browse/OCPBUGS-21521): bump golang.org/x/net to v0.17.0 [#186](https://github.com/openshift/cluster-api/pull/186) * [Full changelog](https://github.com/openshift/cluster-api/compare/f9c215c4f298710ccf76676395465685b5d15268...03d89f216e0f2c3e1b2a647b0e37d52bbfdaefee) ### [cluster-capi-operator](https://github.com/openshift/cluster-capi-operator/tree/60a36d8320ddfd196840a1597e61c065603778ee) * [OCPBUGS-21055](https://issues.redhat.com/browse/OCPBUGS-21055): Bump golang.org/x/net to v0.17.0 [#138](https://github.com/openshift/cluster-capi-operator/pull/138) * [Bug 2116686](https://bugzilla.redhat.com/show_bug.cgi?id=2116686): OCPBUGS-5155: Add provider webhook [#96](https://github.com/openshift/cluster-capi-operator/pull/96) * [Full changelog](https://github.com/openshift/cluster-capi-operator/compare/8496c5085daaf9ce8ea47ac885e56310898a5c54...60a36d8320ddfd196840a1597e61c065603778ee) ### [cluster-cloud-controller-manager-operator](https://github.com/openshift/cluster-cloud-controller-manager-operator/tree/3b1f0843e2bd25fb4e39659ef47424f67ccaa727) * [OCPBUGS-21148](https://issues.redhat.com/browse/OCPBUGS-21148): Bump golang.org/x/net to v0.18.0 [#297](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/297) * [OCPBUGS-13862](https://issues.redhat.com/browse/OCPBUGS-13862): add separate upgradeable condition for the sync controller [#254](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/254) * [OCPBUGS-13188](https://issues.redhat.com/browse/OCPBUGS-13188): update config sync controller to add upgrade status [#251](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/251) * [OCPBUGS-7898](https://issues.redhat.com/browse/OCPBUGS-7898): add a check for nutanix cloud conf map [#239](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/239) * [OCPBUGS-7884](https://issues.redhat.com/browse/OCPBUGS-7884): Restart pods if related configuration was changed [#228](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/228) * [Full changelog](https://github.com/openshift/cluster-cloud-controller-manager-operator/compare/83768c8057de19a6da8f58edf6430884e3081050...3b1f0843e2bd25fb4e39659ef47424f67ccaa727) ### [cluster-config-operator](https://github.com/openshift/cluster-config-operator/tree/92c3b10237c1ebf7ab7a0c744db3949377614e52) * [OCPBUGS-16243](https://issues.redhat.com/browse/OCPBUGS-16243): retire LatencySensitive featureset [#336](https://github.com/openshift/cluster-config-operator/pull/336) * : OCPBUGS-21245: bump library-go to include switch to HTTP/1.1 [#373](https://github.com/openshift/cluster-config-operator/pull/373) * [CORS-2794](https://issues.redhat.com/browse/CORS-2794): AWS Shared VPC API Bump [release-4.12] [#344](https://github.com/openshift/cluster-config-operator/pull/344) * [Full changelog](https://github.com/openshift/cluster-config-operator/compare/4c6e171d26cc3c302c6d6193060344456bc381a1...92c3b10237c1ebf7ab7a0c744db3949377614e52) ### [cluster-control-plane-machine-set-operator](https://github.com/openshift/cluster-control-plane-machine-set-operator/tree/8df44eaee8f4a31754d77f3f3a18ff59878efc72) * [OCPBUGS-35421](https://issues.redhat.com/browse/OCPBUGS-35421): Improved debugging of API listing errors [#306](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/306) * [OCPBUGS-21342](https://issues.redhat.com/browse/OCPBUGS-21342): Bump golang.org/x/net to v0.17.0 [#260](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/260) * [OCPBUGS-14960](https://issues.redhat.com/browse/OCPBUGS-14960): Check ProviderSpec before generating MachineInfo [#216](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/216) * [OCPBUGS-15198](https://issues.redhat.com/browse/OCPBUGS-15198): Surface cpms vs machines diff [#219](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/219) * [OCPBUGS-13943](https://issues.redhat.com/browse/OCPBUGS-13943): fix double machine creation on stale cache [#210](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/210) * [OCPBUGS-12440](https://issues.redhat.com/browse/OCPBUGS-12440): Prioritise machine mapping over alphabetical mapping [#204](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/204) * [OCPBUGS-11692](https://issues.redhat.com/browse/OCPBUGS-11692): E2E periodics test timeout failures improvement [#190](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/190) * [OCPBUGS-8503](https://issues.redhat.com/browse/OCPBUGS-8503): machine's node must be ready for CPMS machine to be ready + fixes [#193](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/193) * [OCPBUGS-11521](https://issues.redhat.com/browse/OCPBUGS-11521): Use PlatformStatus instead of PlatformSpec to determine platform [#188](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/188) * [OCPBUGS-5820](https://issues.redhat.com/browse/OCPBUGS-5820): Deduplicate Failure Domains for the CPMS [#160](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/160) * Backport e2e/integration testing [#161](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/161) * golangci-lint: fix header year linting [#163](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/163) * [Full changelog](https://github.com/openshift/cluster-control-plane-machine-set-operator/compare/5f0e975c2696a3cee2e1c45f04f63e460ec46738...8df44eaee8f4a31754d77f3f3a18ff59878efc72) ### [cluster-csi-snapshot-controller-operator](https://github.com/openshift/cluster-csi-snapshot-controller-operator/tree/f573eded61847fc153874615b29704d93ddcad8d) * [OCPBUGS-32429](https://issues.redhat.com/browse/OCPBUGS-32429): create suitable role and roleBinding for csi-snapshot-webhook [#207](https://github.com/openshift/cluster-csi-snapshot-controller-operator/pull/207) * [OCPBUGS-21442](https://issues.redhat.com/browse/OCPBUGS-21442): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#169](https://github.com/openshift/cluster-csi-snapshot-controller-operator/pull/169) * [OCPBUGS-10646](https://issues.redhat.com/browse/OCPBUGS-10646): Hypershift: set Deployment properties [#148](https://github.com/openshift/cluster-csi-snapshot-controller-operator/pull/148) * [OCPBUGS-8374](https://issues.redhat.com/browse/OCPBUGS-8374): [4.12] remove cluster-admin role. [#143](https://github.com/openshift/cluster-csi-snapshot-controller-operator/pull/143) * [Full changelog](https://github.com/openshift/cluster-csi-snapshot-controller-operator/compare/05d89ec796cf693cf80a2926f067683befea4b30...f573eded61847fc153874615b29704d93ddcad8d) ### [cluster-dns-operator](https://github.com/openshift/cluster-dns-operator/tree/e955534113ef9a65ad055198eab63ba7d60fbd21) * [OCPBUGS-21525](https://issues.redhat.com/browse/OCPBUGS-21525): Bump golang.org/x/net/http2 to v0.17.0 for CVE-2023-39325 in cluster-dns-operator [#391](https://github.com/openshift/cluster-dns-operator/pull/391) * [OCPBUGS-19933](https://issues.redhat.com/browse/OCPBUGS-19933): update-node-resolver.sh: Check for errors from >> [#385](https://github.com/openshift/cluster-dns-operator/pull/385) * [OCPBUGS-19933](https://issues.redhat.com/browse/OCPBUGS-19933): ensure original hosts file contents are preserved [#383](https://github.com/openshift/cluster-dns-operator/pull/383) * [OCPBUGS-15251](https://issues.redhat.com/browse/OCPBUGS-15251): Add support for protocolStrategy API field to enable force_tcp configuration [#378](https://github.com/openshift/cluster-dns-operator/pull/378) * [Full changelog](https://github.com/openshift/cluster-dns-operator/compare/1c136fe38b8cd5c0de99577d23157f884728d20b...e955534113ef9a65ad055198eab63ba7d60fbd21) ### [cluster-etcd-operator](https://github.com/openshift/cluster-etcd-operator/tree/4bf4f66a77b9149d92496b439f14bb9306d1f19c) * [OCPBUGS-35501](https://issues.redhat.com/browse/OCPBUGS-35501): return errors in wait-for-ceo [#1277](https://github.com/openshift/cluster-etcd-operator/pull/1277) * [OCPBUGS-32001](https://issues.redhat.com/browse/OCPBUGS-32001): update golang x net [#1256](https://github.com/openshift/cluster-etcd-operator/pull/1256) * [OCPBUGS-30914](https://issues.redhat.com/browse/OCPBUGS-30914): Replace nodelister with master nodelister everywhere [#1224](https://github.com/openshift/cluster-etcd-operator/pull/1224) * [OCPBUGS-30938](https://issues.redhat.com/browse/OCPBUGS-30938): fix panic in health check timeouts [#1228](https://github.com/openshift/cluster-etcd-operator/pull/1228) * [OCPBUGS-27776](https://issues.redhat.com/browse/OCPBUGS-27776): [4.13] Remove z-upgrades from UpgradeBackupController [#1185](https://github.com/openshift/cluster-etcd-operator/pull/1185) * [OCPBUGS-23151](https://issues.redhat.com/browse/OCPBUGS-23151): relax readiness to local serializable requests [#1156](https://github.com/openshift/cluster-etcd-operator/pull/1156) * [OCPBUGS-21127](https://issues.redhat.com/browse/OCPBUGS-21127): fixing CVE-2023-39325 by updating dependencies [#1148](https://github.com/openshift/cluster-etcd-operator/pull/1148) * [OCPBUGS-20100](https://issues.redhat.com/browse/OCPBUGS-20100): [4.12] Backports of backup/restore fixes [#1137](https://github.com/openshift/cluster-etcd-operator/pull/1137) * [OCPBUGS-19837](https://issues.redhat.com/browse/OCPBUGS-19837): Update staticpod file permissions to conform with CIS benchmarks [#1128](https://github.com/openshift/cluster-etcd-operator/pull/1128) * [OCPBUGS-17808](https://issues.redhat.com/browse/OCPBUGS-17808): reset snapshot default counts to avoid file already lo… [#1100](https://github.com/openshift/cluster-etcd-operator/pull/1100) * [OCPBUGS-12473](https://issues.redhat.com/browse/OCPBUGS-12473): Fix Flake TestAttemptToScaleDown/scale_down_only_by_one_machine_at_a_time [#1046](https://github.com/openshift/cluster-etcd-operator/pull/1046) * [OCPBUGS-7830](https://issues.redhat.com/browse/OCPBUGS-7830): increase live/ready timeout and failure thresholds [#1011](https://github.com/openshift/cluster-etcd-operator/pull/1011) * Update reviewers and approvers [#987](https://github.com/openshift/cluster-etcd-operator/pull/987) * [OCPBUGS-7409](https://issues.redhat.com/browse/OCPBUGS-7409): set default timeouts in etcdcli [#1005](https://github.com/openshift/cluster-etcd-operator/pull/1005) * [OCPBUGS-6935](https://issues.redhat.com/browse/OCPBUGS-6935): add dedicated success status for bootstrap removal [#999](https://github.com/openshift/cluster-etcd-operator/pull/999) * [OCPBUGS-7373](https://issues.redhat.com/browse/OCPBUGS-7373): [release-4.12] fail early on missing node status envs [#1004](https://github.com/openshift/cluster-etcd-operator/pull/1004) * [OCPBUGS-6898](https://issues.redhat.com/browse/OCPBUGS-6898): updating library-go for CVE-2022-41717 [#998](https://github.com/openshift/cluster-etcd-operator/pull/998) * [OCPBUGS-5762](https://issues.redhat.com/browse/OCPBUGS-5762): should not scale-down when all members are healthy [#984](https://github.com/openshift/cluster-etcd-operator/pull/984) * [Full changelog](https://github.com/openshift/cluster-etcd-operator/compare/f24e5abcc646116cadf72a08b3387bb1b9540a4b...4bf4f66a77b9149d92496b439f14bb9306d1f19c) ### [cluster-image-registry-operator](https://github.com/openshift/cluster-image-registry-operator/tree/77fd1a927087cd73330897a63016c23614ac3201) * [OCPBUGS-36033](https://issues.redhat.com/browse/OCPBUGS-36033): go.*,vendor: bump go-retryablehttp [#1071](https://github.com/openshift/cluster-image-registry-operator/pull/1071) * [OCPBUGS-22125](https://issues.redhat.com/browse/OCPBUGS-22125): increase storage account key cache expiration [#939](https://github.com/openshift/cluster-image-registry-operator/pull/939) * [OCPBUGS-20684](https://issues.redhat.com/browse/OCPBUGS-20684): mitigate effects of rapid reset [#947](https://github.com/openshift/cluster-image-registry-operator/pull/947) * [OCPBUGS-8491](https://issues.redhat.com/browse/OCPBUGS-8491): bump aws-sdk-go [#846](https://github.com/openshift/cluster-image-registry-operator/pull/846) * [OCPBUGS-6517](https://issues.redhat.com/browse/OCPBUGS-6517): OpenStack: Add support for Proxy [#834](https://github.com/openshift/cluster-image-registry-operator/pull/834) * [OCPBUGS-4678](https://issues.redhat.com/browse/OCPBUGS-4678): Bump aws-sdk-go to v1.44.145 [#822](https://github.com/openshift/cluster-image-registry-operator/pull/822) * [OCPBUGS-5154](https://issues.redhat.com/browse/OCPBUGS-5154): swift: Retry connecting to OpenStack [#826](https://github.com/openshift/cluster-image-registry-operator/pull/826) * [Full changelog](https://github.com/openshift/cluster-image-registry-operator/compare/c0e5dec7ab5030d924f7fb96e1733792aa3a3097...77fd1a927087cd73330897a63016c23614ac3201) ### [cluster-ingress-operator](https://github.com/openshift/cluster-ingress-operator/tree/85e2d05159b7b4b2f16c8a95815c7d9927b68597) * [OCPBUGS-43703](https://issues.redhat.com/browse/OCPBUGS-43703): Add e2e test for duplicate Transfer-Encoding headers [#1158](https://github.com/openshift/cluster-ingress-operator/pull/1158) * [OCPBUGS-43703](https://issues.redhat.com/browse/OCPBUGS-43703): Add alert for RFC 7230 violation in Transfer-Encoding headers [#1162](https://github.com/openshift/cluster-ingress-operator/pull/1162) * [OCPBUGS-35454](https://issues.redhat.com/browse/OCPBUGS-35454): internal service changed fix target port logic [#1092](https://github.com/openshift/cluster-ingress-operator/pull/1092) * [OCPBUGS-35304](https://issues.redhat.com/browse/OCPBUGS-35304): TestHostNetworkPortBinding: Delete t.Parallel() [#1083](https://github.com/openshift/cluster-ingress-operator/pull/1083) * [OCPBUGS-35027](https://issues.redhat.com/browse/OCPBUGS-35027): Don't add clientca-configmap finalizer if deleting [#1080](https://github.com/openshift/cluster-ingress-operator/pull/1080) * [OCPBUGS-34888](https://issues.redhat.com/browse/OCPBUGS-34888): desiredRouterDeployment: Set HostPort if needed [#1076](https://github.com/openshift/cluster-ingress-operator/pull/1076) * [OCPBUGS-34757](https://issues.redhat.com/browse/OCPBUGS-34757): Avoid spurious updates for internalTrafficPolicy [#1070](https://github.com/openshift/cluster-ingress-operator/pull/1070) * [OCPBUGS-34110](https://issues.redhat.com/browse/OCPBUGS-34110): Avoid spurious updates for scope in IngressClass [#1056](https://github.com/openshift/cluster-ingress-operator/pull/1056) * [OCPBUGS-34548](https://issues.redhat.com/browse/OCPBUGS-34548): Use centos7 tag for quay.io/centos7/httpd-24-centos7 image [#1068](https://github.com/openshift/cluster-ingress-operator/pull/1068) * [OCPBUGS-20765](https://issues.redhat.com/browse/OCPBUGS-20765): Bump golang.org/x/net for CVE-2023-44487 [#988](https://github.com/openshift/cluster-ingress-operator/pull/988) * [OCPBUGS-22432](https://issues.redhat.com/browse/OCPBUGS-22432): test/e2e: Don't use openshift/origin-node [#992](https://github.com/openshift/cluster-ingress-operator/pull/992) * [NE-1372](https://issues.redhat.com/browse/NE-1372): Add support for AWS shared VPC in another account #966 [#971](https://github.com/openshift/cluster-ingress-operator/pull/971) * [OCPBUGS-13049](https://issues.redhat.com/browse/OCPBUGS-13049): bump controller-runtime to fix the multi namespace cache indexing [#922](https://github.com/openshift/cluster-ingress-operator/pull/922) * [OCPBUGS-15467](https://issues.redhat.com/browse/OCPBUGS-15467): Add missing AWS permission for ListTagsForResources [#954](https://github.com/openshift/cluster-ingress-operator/pull/954) * [OCPBUGS-16620](https://issues.redhat.com/browse/OCPBUGS-16620): Deflake TestRouterCompressionOperation [#963](https://github.com/openshift/cluster-ingress-operator/pull/963) * [OCPBUGS-16621](https://issues.redhat.com/browse/OCPBUGS-16621): Fix TestClientTLS flakes [#964](https://github.com/openshift/cluster-ingress-operator/pull/964) * [OCPBUGS-15644](https://issues.redhat.com/browse/OCPBUGS-15644): Update TestAWSELBConnectionIdleTimeout to not use wildcard DNS record [#959](https://github.com/openshift/cluster-ingress-operator/pull/959) * [OCPBUGS-14454](https://issues.redhat.com/browse/OCPBUGS-14454), [OCPBUGS-14455](https://issues.redhat.com/browse/OCPBUGS-14455): Handle mTLS CRLs, and fix accidental CRL duplication [#941](https://github.com/openshift/cluster-ingress-operator/pull/941) * [OCPBUGS-12464](https://issues.redhat.com/browse/OCPBUGS-12464): Target metrics port by name in internal service [#910](https://github.com/openshift/cluster-ingress-operator/pull/910) * [OCPBUGS-3517](https://issues.redhat.com/browse/OCPBUGS-3517): Ingress controller should not have affinity policy in single-replica clusters [#857](https://github.com/openshift/cluster-ingress-operator/pull/857) * [Full changelog](https://github.com/openshift/cluster-ingress-operator/compare/992b43b3cf3e1784bfe8d3083229c7ecb410e7e3...85e2d05159b7b4b2f16c8a95815c7d9927b68597) ### [cluster-kube-apiserver-operator](https://github.com/openshift/cluster-kube-apiserver-operator/tree/09d7ddbaba9eb5715313e716476e6a33848d045c) * [OCPBUGS-22736](https://issues.redhat.com/browse/OCPBUGS-22736): pkg/operator/configobserver: check that the serving certificate refer… [#1571](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1571) * : OCPBUGS-20855: bump library-go to include switch to HTTP/1.1 [#1574](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1574) * [OCPBUGS-19837](https://issues.redhat.com/browse/OCPBUGS-19837): Update staticpod file permissions to conform with CIS benchmarks [#1559](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1559) * [OCPBUGS-17139](https://issues.redhat.com/browse/OCPBUGS-17139): make webhook connection failure a warning in log [#1533](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1533) * [OCPBUGS-13346](https://issues.redhat.com/browse/OCPBUGS-13346): dont log jwt tokens [#1524](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1524) * [OCPBUGS-6789](https://issues.redhat.com/browse/OCPBUGS-6789): enable pod security admission for techpreview [#1440](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1440) * [OCPBUGS-6789](https://issues.redhat.com/browse/OCPBUGS-6789): make the bootstrap kube-apiserver honor cluster-wide featuregates [#1439](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1439) * [OCPBUGS-7369](https://issues.redhat.com/browse/OCPBUGS-7369): Guard pod set readiness probe endpoint explicitly [#1445](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1445) * [Full changelog](https://github.com/openshift/cluster-kube-apiserver-operator/compare/336ffd5e7491f565faccf843571303377b1d4825...09d7ddbaba9eb5715313e716476e6a33848d045c) ### [cluster-kube-cluster-api-operator](https://github.com/openshift/cluster-api-operator/tree/d50f7322addd997cc73a0ba8294eadb977974c3f) * [OCPBUGS-20962](https://issues.redhat.com/browse/OCPBUGS-20962): bump golang.org/x/net to v0.17.0 [#29](https://github.com/openshift/cluster-api-operator/pull/29) * [Full changelog](https://github.com/openshift/cluster-api-operator/compare/7bb05468cc7d1c0752c81ca3f9e5d8e19c966f24...d50f7322addd997cc73a0ba8294eadb977974c3f) ### [cluster-kube-controller-manager-operator](https://github.com/openshift/cluster-kube-controller-manager-operator/tree/c3c07bebb7a644fe75bccd590fa088bcccd3749a) * [OCPBUGS-27068](https://issues.redhat.com/browse/OCPBUGS-27068): bump(library-go)=release-4.12 [#789](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/789) * [OCPBUGS-21048](https://issues.redhat.com/browse/OCPBUGS-21048): Bump deps to address CVE-2023-44487 [4.12] [#759](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/759) * [OCPBUGS-19837](https://issues.redhat.com/browse/OCPBUGS-19837): Update staticpod file permissions to conform with CIS benchmarks [#754](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/754) * [OCPBUGS-6789](https://issues.redhat.com/browse/OCPBUGS-6789): Enforce PSA when techpreview is enabled [#694](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/694) * [OCPBUGS-6789](https://issues.redhat.com/browse/OCPBUGS-6789): honor feature gates during bootstrapping [#695](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/695) * [OCPBUGS-7369](https://issues.redhat.com/browse/OCPBUGS-7369): Guard pod set readiness probe endpoint explicitly [#699](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/699) * [Full changelog](https://github.com/openshift/cluster-kube-controller-manager-operator/compare/9243e022c42c6d55e1d97a15ed51831f6080984a...c3c07bebb7a644fe75bccd590fa088bcccd3749a) ### [cluster-kube-scheduler-operator](https://github.com/openshift/cluster-kube-scheduler-operator/tree/48cd96c9dc27c801beff17fa5ea8c3dac374f10d) * [OCPBUGS-27067](https://issues.redhat.com/browse/OCPBUGS-27067): bump(library-go)=release-4.12 [#529](https://github.com/openshift/cluster-kube-scheduler-operator/pull/529) * [OCPBUGS-21239](https://issues.redhat.com/browse/OCPBUGS-21239): Sync deps CVE 2023 39325 4.12 [#505](https://github.com/openshift/cluster-kube-scheduler-operator/pull/505) * [OCPBUGS-19837](https://issues.redhat.com/browse/OCPBUGS-19837): Update staticpod file permissions to conform with CIS benchmarks [#499](https://github.com/openshift/cluster-kube-scheduler-operator/pull/499) * [OCPBUGS-14652](https://issues.redhat.com/browse/OCPBUGS-14652): disable debug pporf with unauthenticated port for 4.12 [#481](https://github.com/openshift/cluster-kube-scheduler-operator/pull/481) * [OCPBUGS-7369](https://issues.redhat.com/browse/OCPBUGS-7369): Guard controller: set the readiness probe endpoint explicitly [#462](https://github.com/openshift/cluster-kube-scheduler-operator/pull/462) * [Full changelog](https://github.com/openshift/cluster-kube-scheduler-operator/compare/e0b6bf9c4ddb0da9268d504d23ca2ca11880d970...48cd96c9dc27c801beff17fa5ea8c3dac374f10d) ### [cluster-kube-storage-version-migrator-operator](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/tree/1a251f4d00c050404dc313c698279da435d08c07) * : OCPBUGS-21336: bump library-go to include switch to HTTP/1.1 [#98](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/98) * [Full changelog](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/compare/12d050abd0cf37dae8973d453930bcf494a2499b...1a251f4d00c050404dc313c698279da435d08c07) ### [cluster-machine-approver](https://github.com/openshift/cluster-machine-approver/tree/7b08a4de4a08da8cdb341948e0902395eb0da961) * [OCPBUGS-23486](https://issues.redhat.com/browse/OCPBUGS-23486): Filter non node CSRs in metrics [#220](https://github.com/openshift/cluster-machine-approver/pull/220) * [OCPBUGS-21430](https://issues.redhat.com/browse/OCPBUGS-21430): Bump x/net package to v0.18.0 [#214](https://github.com/openshift/cluster-machine-approver/pull/214) * [Full changelog](https://github.com/openshift/cluster-machine-approver/compare/60081982654993534de29d224d6a42c251762420...7b08a4de4a08da8cdb341948e0902395eb0da961) ### [cluster-monitoring-operator](https://github.com/openshift/cluster-monitoring-operator/tree/ee4a20d4d0214c9c8fdacaede3482683436d36e0) * [OCPBUGS-35558](https://issues.redhat.com/browse/OCPBUGS-35558): label for infra nodes for metric cluster:capacity_cpu_cores:sum [#2383](https://github.com/openshift/cluster-monitoring-operator/pull/2383) * [OCPBUGS-28766](https://issues.redhat.com/browse/OCPBUGS-28766): fix generation of telemeter token hash [#2306](https://github.com/openshift/cluster-monitoring-operator/pull/2306) * [OCPBUGS-25389](https://issues.redhat.com/browse/OCPBUGS-25389): Add RHACM telemetry metric for 4.12 [#2204](https://github.com/openshift/cluster-monitoring-operator/pull/2204) * [OCPBUGS-21441](https://issues.redhat.com/browse/OCPBUGS-21441): Set the new --disable-http2 flag for prometheus-adapter to disable HTTP2 [#2148](https://github.com/openshift/cluster-monitoring-operator/pull/2148) * [OCPBUGS-22843](https://issues.redhat.com/browse/OCPBUGS-22843): [release-4.12] add RHACS telemetry metrics [#2140](https://github.com/openshift/cluster-monitoring-operator/pull/2140) * [OCPBUGS-21234](https://issues.redhat.com/browse/OCPBUGS-21234): upgrade golang.org/x/net to v0.17.0 [#2123](https://github.com/openshift/cluster-monitoring-operator/pull/2123) * [OCPBUGS-17125](https://issues.redhat.com/browse/OCPBUGS-17125): backport metrics collection profiles selector logic to prevent users from double scraping when they upgrade from 4.12 to 4.13 [#2047](https://github.com/openshift/cluster-monitoring-operator/pull/2047) * [OCPBUGS-16028](https://issues.redhat.com/browse/OCPBUGS-16028): Add the trusted CA bundle in UWM Prometheus pods [#2042](https://github.com/openshift/cluster-monitoring-operator/pull/2042) * [OCPBUGS-15473](https://issues.redhat.com/browse/OCPBUGS-15473): Limit the value of GOMAXPROCS on node-exporter to 4 [#2023](https://github.com/openshift/cluster-monitoring-operator/pull/2023) * [OCPBUGS-13008](https://issues.redhat.com/browse/OCPBUGS-13008): Add build number to vcenter version information [#1965](https://github.com/openshift/cluster-monitoring-operator/pull/1965) * [OCPBUGS-12727](https://issues.redhat.com/browse/OCPBUGS-12727): backport OCPBUGS-5353 to 4.12 [#1955](https://github.com/openshift/cluster-monitoring-operator/pull/1955) * [OCPBUGS-11508](https://issues.redhat.com/browse/OCPBUGS-11508): add startup probe for prometheus-adapter [#1940](https://github.com/openshift/cluster-monitoring-operator/pull/1940) * [OCPBUGS-11623](https://issues.redhat.com/browse/OCPBUGS-11623): node-exporter: disable btrfs collector [#1944](https://github.com/openshift/cluster-monitoring-operator/pull/1944) * [OCPBUGS-11404](https://issues.redhat.com/browse/OCPBUGS-11404): jsonnet: Add prometheus container in UWM [#1935](https://github.com/openshift/cluster-monitoring-operator/pull/1935) * [OCPBUGS-2439](https://issues.redhat.com/browse/OCPBUGS-2439): set the argument path.udev.data in node exporter [#1800](https://github.com/openshift/cluster-monitoring-operator/pull/1800) * [OCPBUGS-4363](https://issues.redhat.com/browse/OCPBUGS-4363): Fixed TargetDown expression to join on the proper label [#1833](https://github.com/openshift/cluster-monitoring-operator/pull/1833) * [Full changelog](https://github.com/openshift/cluster-monitoring-operator/compare/ee31d1d27131aa218f0c1b22118a06468d20b0ea...ee4a20d4d0214c9c8fdacaede3482683436d36e0) ### [cluster-network-operator](https://github.com/openshift/cluster-network-operator/tree/28db40f169f64f881b0628c19bf7c64a7a9a2467) * [OCPBUGS-43872](https://issues.redhat.com/browse/OCPBUGS-43872): manifests/02-cncc-credentials: Set skipServiceCheck for GCP [#2548](https://github.com/openshift/cluster-network-operator/pull/2548) * [OCPBUGS-38905](https://issues.redhat.com/browse/OCPBUGS-38905): Add missing runbook for OVNKubernetesNorthdInactive [#2479](https://github.com/openshift/cluster-network-operator/pull/2479) * [OCPBUGS-37942](https://issues.redhat.com/browse/OCPBUGS-37942): [release-4.12] update whereabouts crd [#2461](https://github.com/openshift/cluster-network-operator/pull/2461) * [OCPBUGS-29167](https://issues.redhat.com/browse/OCPBUGS-29167): fix whereabouts conformance test failures [#2256](https://github.com/openshift/cluster-network-operator/pull/2256) * [OCPBUGS-29884](https://issues.redhat.com/browse/OCPBUGS-29884): add env var in whereabouts-reconciler daemonset [#2284](https://github.com/openshift/cluster-network-operator/pull/2284) * [OCPBUGS-29302](https://issues.redhat.com/browse/OCPBUGS-29302): Update ingressconfig_controller to use field Manager [#2268](https://github.com/openshift/cluster-network-operator/pull/2268) * [OCPBUGS-28801](https://issues.redhat.com/browse/OCPBUGS-28801): [release-4.12] Add ConfigMap mount to the whereabouts-reconciler DaemonSet [#2244](https://github.com/openshift/cluster-network-operator/pull/2244) * NO-JIRA: add kyrtapz as reviewer and approver for release 4.12 [#2230](https://github.com/openshift/cluster-network-operator/pull/2230) * [release 4.12] OCPBUGS-23025: Add maxLogFiles config for OVN-K Audit Logging [#2188](https://github.com/openshift/cluster-network-operator/pull/2188) * [OCPBUGS-24039](https://issues.redhat.com/browse/OCPBUGS-24039): remove all managed fields used by old manager [#2099](https://github.com/openshift/cluster-network-operator/pull/2099) * [OCPBUGS-21715](https://issues.redhat.com/browse/OCPBUGS-21715): Bump golang.org/x/net and github.com/openshift/library-go [#2124](https://github.com/openshift/cluster-network-operator/pull/2124) * [OCPBUGS-24571](https://issues.redhat.com/browse/OCPBUGS-24571): Disable weak SSH cipher suites [#2164](https://github.com/openshift/cluster-network-operator/pull/2164) * [OCPBUGS-25128](https://issues.redhat.com/browse/OCPBUGS-25128): Update to go 1.19 and x/net 0.8.0 [#2157](https://github.com/openshift/cluster-network-operator/pull/2157) * [OCPBUGS-23293](https://issues.redhat.com/browse/OCPBUGS-23293): IBMCloud specific: patch out management workload for dataplane component thats needed for bootstrapping [#2108](https://github.com/openshift/cluster-network-operator/pull/2108) * [OCPBUGS-20277](https://issues.redhat.com/browse/OCPBUGS-20277): Edited multus-admission-controller deployment config to not add autoount a service account token [#1884](https://github.com/openshift/cluster-network-operator/pull/1884) * [OCPBUGS-20197](https://issues.redhat.com/browse/OCPBUGS-20197): remove prestop hooks for northd, sbdbd and nbdb [#2055](https://github.com/openshift/cluster-network-operator/pull/2055) * [OCPBUGS-17656](https://issues.redhat.com/browse/OCPBUGS-17656): prevent creation of multiple cni-sysctl-allowlist-ds pods [#1948](https://github.com/openshift/cluster-network-operator/pull/1948) * [OCPBUGS-11547](https://issues.redhat.com/browse/OCPBUGS-11547): Hypershift: Add RollingUpdate parameters to multus-admission-controller [#1775](https://github.com/openshift/cluster-network-operator/pull/1775) * [OCPBUGS-16142](https://issues.redhat.com/browse/OCPBUGS-16142): fix reconciliation process of the allowlist controller [#1891](https://github.com/openshift/cluster-network-operator/pull/1891) * [release-4.12 ] OCPBUGS-11217:use annotation daemonset to update hybrid overlay [#1764](https://github.com/openshift/cluster-network-operator/pull/1764) * [OCPBUGS-15588](https://issues.redhat.com/browse/OCPBUGS-15588): Add release version annotation to whereabouts-reconciler [#1856](https://github.com/openshift/cluster-network-operator/pull/1856) * [OCPBUGS-13891](https://issues.redhat.com/browse/OCPBUGS-13891): [release-4.12] HyperShift: Support HostedControlPlane node selector [#1816](https://github.com/openshift/cluster-network-operator/pull/1816) * [OCPBUGS-13067](https://issues.redhat.com/browse/OCPBUGS-13067): Fix tier label, privileged, HOSTNAME/NODENAME in whereabouts reconciler [backport 4.12] [#1829](https://github.com/openshift/cluster-network-operator/pull/1829) * [OCPBUGS-6061](https://issues.redhat.com/browse/OCPBUGS-6061): Update github.com/Masterminds/sprig to v3 [#1689](https://github.com/openshift/cluster-network-operator/pull/1689) * [OCPBUGS-13013](https://issues.redhat.com/browse/OCPBUGS-13013): AUTH: update cluster-reader to include k8s.ovn.org [#1799](https://github.com/openshift/cluster-network-operator/pull/1799) * [OCPBUGS-13067](https://issues.redhat.com/browse/OCPBUGS-13067): Whereabouts should implement the reconciliation controller [backport 4.12] [#1801](https://github.com/openshift/cluster-network-operator/pull/1801) * [OCPBUGS-11559](https://issues.redhat.com/browse/OCPBUGS-11559): multus-admission-controller should not run as root under Hypershift [#1777](https://github.com/openshift/cluster-network-operator/pull/1777) * Bug OCPBUGS-4896: Kuryr: If set use MTU from Config for svc net [#1671](https://github.com/openshift/cluster-network-operator/pull/1671) * [OCPBUGS-10977](https://issues.redhat.com/browse/OCPBUGS-10977): HyperShift: Add POD_NAME env to ovnkube-node [#1753](https://github.com/openshift/cluster-network-operator/pull/1753) * [OCPBUGS-11461](https://issues.redhat.com/browse/OCPBUGS-11461): Split out konnectivity certs [#1771](https://github.com/openshift/cluster-network-operator/pull/1771) * [OCPBUGS-11178](https://issues.redhat.com/browse/OCPBUGS-11178): remove TLS_RSA_WITH_AES_128_CBC_SHA256 cipher [#1759](https://github.com/openshift/cluster-network-operator/pull/1759) * [OCPBUGS-11059](https://issues.redhat.com/browse/OCPBUGS-11059): Fix info log formatting [#1659](https://github.com/openshift/cluster-network-operator/pull/1659) * [OCPBUGS-10319](https://issues.redhat.com/browse/OCPBUGS-10319): HyperShift: Set affinity, tolerations and co-location for all hcp resources created by CNO [#1738](https://github.com/openshift/cluster-network-operator/pull/1738) * [OCPBUGS-8014](https://issues.redhat.com/browse/OCPBUGS-8014): add default noProxy config for Azure [#1722](https://github.com/openshift/cluster-network-operator/pull/1722) * [OCPBUGS-9927](https://issues.redhat.com/browse/OCPBUGS-9927): Enable configuration of node healthz server on ovnkube [#1731](https://github.com/openshift/cluster-network-operator/pull/1731) * [OCPBUGS-5953](https://issues.redhat.com/browse/OCPBUGS-5953): Backport Added missing API field podref to OverlappingRangeIPReservation CRD [Backport 4.12] [#1685](https://github.com/openshift/cluster-network-operator/pull/1685) * [OCPBUGS-7044](https://issues.redhat.com/browse/OCPBUGS-7044): HyperShift: Add .hypershift.local to no proxy list [#1706](https://github.com/openshift/cluster-network-operator/pull/1706) * [OCPBUGS-7044](https://issues.redhat.com/browse/OCPBUGS-7044): HyperShift: Do not use proxy for internal routes [#1704](https://github.com/openshift/cluster-network-operator/pull/1704) * [OCPBUGS-4778](https://issues.redhat.com/browse/OCPBUGS-4778): Fix handling of deployment and statefulset updates [#1663](https://github.com/openshift/cluster-network-operator/pull/1663) * [OCPBUGS-4238](https://issues.redhat.com/browse/OCPBUGS-4238): HyperShift: Co-locate OVN-Kubernetes master with other hcp pods [#1645](https://github.com/openshift/cluster-network-operator/pull/1645) * [OCPBUGS-6494](https://issues.redhat.com/browse/OCPBUGS-6494): OVN-Kubernetes: Stop sorting master node addresses, ignore readiness checks for redundant NB/SB [#1691](https://github.com/openshift/cluster-network-operator/pull/1691) * [OCPBUGS-3461](https://issues.redhat.com/browse/OCPBUGS-3461): CNI binary copy should account for the possibility of symlinks [backport 4.12] [#1615](https://github.com/openshift/cluster-network-operator/pull/1615) * [OCPBUGS-4856](https://issues.redhat.com/browse/OCPBUGS-4856): Disable the drop-icmp container 'oc' pprof webserver on Azure [#1666](https://github.com/openshift/cluster-network-operator/pull/1666) * [Full changelog](https://github.com/openshift/cluster-network-operator/compare/9eafe2304273ee8447ca155f12e676096c0e5507...28db40f169f64f881b0628c19bf7c64a7a9a2467) ### [cluster-node-tuning-operator](https://github.com/openshift/cluster-node-tuning-operator/tree/20966da941ab8773261b5b4c133f3a1716699243) * irqbalance: set banned cpus list to 0 (#1006) [#1006](https://github.com/openshift/cluster-node-tuning-operator/pull/1006) * Refactor IRQ load balancing enable/disable test (#1038) [#1038](https://github.com/openshift/cluster-node-tuning-operator/pull/1038) * Scheduler plugin: ignore IRQs (#1034) [#1034](https://github.com/openshift/cluster-node-tuning-operator/pull/1034) * Disable HTTP/2 for webhook and metrics servers (#849) [#849](https://github.com/openshift/cluster-node-tuning-operator/pull/849) * Remove obsolete protocols and weak ciphers (#847) [#847](https://github.com/openshift/cluster-node-tuning-operator/pull/847) * [OCPBUGS-21837](https://issues.redhat.com/browse/OCPBUGS-21837): nto: pao avoid timeout when there are too many CSV (#838) [#838](https://github.com/openshift/cluster-node-tuning-operator/pull/838) * Tighten the rules for modifying Tuned Profiles (#790) [#790](https://github.com/openshift/cluster-node-tuning-operator/pull/790) * [OCPBUGS-19459](https://issues.redhat.com/browse/OCPBUGS-19459): check for object being nil (#821) [#821](https://github.com/openshift/cluster-node-tuning-operator/pull/821) * [OCPBUGS-18868](https://issues.redhat.com/browse/OCPBUGS-18868): [release-4.14] e2e: add expected max latancy to hwlatdetec test & rename constant (#788) (#808) (#809) [#788](https://github.com/openshift/cluster-node-tuning-operator/pull/788) * Release leader election on manager exit (#789) [#789](https://github.com/openshift/cluster-node-tuning-operator/pull/789) * Fix a race in e2e test rollback.go code (#742) [#742](https://github.com/openshift/cluster-node-tuning-operator/pull/742) * pao: e2e: Make script executable (#734) [#734](https://github.com/openshift/cluster-node-tuning-operator/pull/734) * pao e2e: Split gcp-pao lane (#728) [#728](https://github.com/openshift/cluster-node-tuning-operator/pull/728) * Do not rollback settings on TuneD exit (#711) [#711](https://github.com/openshift/cluster-node-tuning-operator/pull/711) * [OCPBUGS-15800](https://issues.redhat.com/browse/OCPBUGS-15800): e2e: latency testing: increase the expected threshold and fix gomega truncating output (#710) [#710](https://github.com/openshift/cluster-node-tuning-operator/pull/710) * Revert "Remove optimization to allow full resync (#569)" (#688) [#569](https://github.com/openshift/cluster-node-tuning-operator/pull/569) * update owners 20230109 (#549) [#549](https://github.com/openshift/cluster-node-tuning-operator/pull/549) * Add PerformanceProfiles to 'oc adm must-gather' (#667) [#667](https://github.com/openshift/cluster-node-tuning-operator/pull/667) * [OCPBUGS-14472](https://issues.redhat.com/browse/OCPBUGS-14472): Fix updating numa core siblings map in GetCpuSiblings function (#675) [#675](https://github.com/openshift/cluster-node-tuning-operator/pull/675) * Remove trailing spaces from test names (#572) [#572](https://github.com/openshift/cluster-node-tuning-operator/pull/572) * Remove optimization to allow full resync (#569) [#569](https://github.com/openshift/cluster-node-tuning-operator/pull/569) * e2e:latency: count LATENCY_TEST_DELAY in timeout (#539) [#539](https://github.com/openshift/cluster-node-tuning-operator/pull/539) * e2e: add missing test id (#630) [#630](https://github.com/openshift/cluster-node-tuning-operator/pull/630) * Remove subPaths, they are broken (#627) [#627](https://github.com/openshift/cluster-node-tuning-operator/pull/627) * Remove the preStop hook for openshift-tuned (#621) [#621](https://github.com/openshift/cluster-node-tuning-operator/pull/621) * E2E: Per Core Runtime Tuning Test automation (#509) (#568) [#509](https://github.com/openshift/cluster-node-tuning-operator/pull/509) * E2E: Network stack Pinning tests (#533) [#533](https://github.com/openshift/cluster-node-tuning-operator/pull/533) * Run node selector tests only if we 2 non Performanceworker nodes (#554) [#554](https://github.com/openshift/cluster-node-tuning-operator/pull/554) * skip multiple ranges test if cores < 20 and use core as key to delete cpu siblings (#543) [#543](https://github.com/openshift/cluster-node-tuning-operator/pull/543) * pao: latency-tests: read test log directly from pod (#547) [#547](https://github.com/openshift/cluster-node-tuning-operator/pull/547) * Add authentication to the /metrics endpoint (#553) [#553](https://github.com/openshift/cluster-node-tuning-operator/pull/553) * Update NTO images to be consistent with ART (#557) [#557](https://github.com/openshift/cluster-node-tuning-operator/pull/557) * [OCPBUGS-5021](https://issues.redhat.com/browse/OCPBUGS-5021): [release-4.12] Fix two irqbalance tests - smp affinity vs online (#530) [#530](https://github.com/openshift/cluster-node-tuning-operator/pull/530) * Remove trailing space from test name (#546) [#546](https://github.com/openshift/cluster-node-tuning-operator/pull/546) * [Full changelog](https://github.com/openshift/cluster-node-tuning-operator/compare/2488b986c0a052a111b17206ee70f7dcf3fbf72c...20966da941ab8773261b5b4c133f3a1716699243) ### [cluster-openshift-apiserver-operator](https://github.com/openshift/cluster-openshift-apiserver-operator/tree/b870fc67ef5a0e92df5e5bed1ba0cb1cf197d8c6) * [OCPBUGS-22689](https://issues.redhat.com/browse/OCPBUGS-22689): increase timeout for probes [#558](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/558) * : OCPBUGS-20694: bump library-go to include switch to HTTP/1.1 [#556](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/556) * [OCPBUGS-13346](https://issues.redhat.com/browse/OCPBUGS-13346): dont log jwt tokens [#543](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/543) * [Full changelog](https://github.com/openshift/cluster-openshift-apiserver-operator/compare/4c5b4882e20944d9c44272551053fccbe16d6451...b870fc67ef5a0e92df5e5bed1ba0cb1cf197d8c6) ### [cluster-openshift-controller-manager-operator](https://github.com/openshift/cluster-openshift-controller-manager-operator/tree/ab963d8ad0387788c947b884a96eb9b2fed470b6) * [OCPBUGS-20777](https://issues.redhat.com/browse/OCPBUGS-20777): bump(k8s,openshift) to address CVE-2023-44487 [#311](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/311) * [Full changelog](https://github.com/openshift/cluster-openshift-controller-manager-operator/compare/d1915d130481541b8bacb5b98eddbc1541809d0a...ab963d8ad0387788c947b884a96eb9b2fed470b6) ### [cluster-platform-operators-manager](https://github.com/openshift/platform-operators/tree/c930dc745f23ee5bde8b48d13557976186c21c7c) * [OCPBUGS-20979](https://issues.redhat.com/browse/OCPBUGS-20979): [release-4.12] Bump golang.org/x/net to v0.17.0 [#99](https://github.com/openshift/platform-operators/pull/99) * [Full changelog](https://github.com/openshift/platform-operators/compare/d40fae81256939670a8fd96b3822fbf1edf21d98...c930dc745f23ee5bde8b48d13557976186c21c7c) ### [cluster-policy-controller](https://github.com/openshift/cluster-policy-controller/tree/cb8862b0042ac2e7130a7c018e3e083ebc46705e) * [OCPBUGS-21080](https://issues.redhat.com/browse/OCPBUGS-21080): Bump deps to address CVE-2023-44487 [4.12] [#136](https://github.com/openshift/cluster-policy-controller/pull/136) * [OCPBUGS-12442](https://issues.redhat.com/browse/OCPBUGS-12442): psalabelsyncer: handle empty namespace of a rolebinding subject [#111](https://github.com/openshift/cluster-policy-controller/pull/111) * [OCPBUGS-14092](https://issues.redhat.com/browse/OCPBUGS-14092): [4.12] fix ClusterResourceQuotas to work for all api resources including custom resources [#117](https://github.com/openshift/cluster-policy-controller/pull/117) * [OCPBUGS-13889](https://issues.redhat.com/browse/OCPBUGS-13889): external template and route Informer [#114](https://github.com/openshift/cluster-policy-controller/pull/114) * [OCPBUGS-6789](https://issues.redhat.com/browse/OCPBUGS-6789): backport feature gate honoring for PSa label syncer [#98](https://github.com/openshift/cluster-policy-controller/pull/98) * [OCPBUGS-7705](https://issues.redhat.com/browse/OCPBUGS-7705): [release-4.12] update dependencies to point to v0.25.0 [#102](https://github.com/openshift/cluster-policy-controller/pull/102) * [OCPBUGS-5786](https://issues.redhat.com/browse/OCPBUGS-5786): clusterquotareconciliation: do not sync quota monitor cache with no monitors registered [#95](https://github.com/openshift/cluster-policy-controller/pull/95) * [Full changelog](https://github.com/openshift/cluster-policy-controller/compare/c7a633416a8ee702fa653649488a13f578f3f857...cb8862b0042ac2e7130a7c018e3e083ebc46705e) ### [cluster-samples-operator](https://github.com/openshift/cluster-samples-operator/tree/f1b49e34512d38bf908183318edd1f9f9aeef883) * [OCPBUGS-15757](https://issues.redhat.com/browse/OCPBUGS-15757): Update Jenkins and Jenkins Agent Base image versions [#506](https://github.com/openshift/cluster-samples-operator/pull/506) * [OCPBUGS-10918](https://issues.redhat.com/browse/OCPBUGS-10918): update Jenkins to v4.12 [#492](https://github.com/openshift/cluster-samples-operator/pull/492) * [OCPBUGS-7208](https://issues.redhat.com/browse/OCPBUGS-7208): When setting allowedRegistries urls the openshift-samples operator is degraded [#489](https://github.com/openshift/cluster-samples-operator/pull/489) * [Full changelog](https://github.com/openshift/cluster-samples-operator/compare/212a4553b3bf87d56f2f360b562187a685099c3e...f1b49e34512d38bf908183318edd1f9f9aeef883) ### [cluster-storage-operator](https://github.com/openshift/cluster-storage-operator/tree/21ebf328f53182111eb7dce344487ba633d09b1a) * [OCPBUGS-21266](https://issues.redhat.com/browse/OCPBUGS-21266): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#407](https://github.com/openshift/cluster-storage-operator/pull/407) * [OCPBUGS-18131](https://issues.redhat.com/browse/OCPBUGS-18131): Add patch for allowing configmap updates via clusterrole [#402](https://github.com/openshift/cluster-storage-operator/pull/402) * [OCPBUGS-14307](https://issues.redhat.com/browse/OCPBUGS-14307): User real node name in failing mount alerts [#377](https://github.com/openshift/cluster-storage-operator/pull/377) * [OCPBUGS-13719](https://issues.redhat.com/browse/OCPBUGS-13719): assets: csi: hypershift: add pull-secret to aws-ebs-csi-driver-operator ServiceAccount [#370](https://github.com/openshift/cluster-storage-operator/pull/370) * [OCPBUGS-10646](https://issues.redhat.com/browse/OCPBUGS-10646): Hypershift: set control plane operand properties [#355](https://github.com/openshift/cluster-storage-operator/pull/355) * [OCPBUGS-8374](https://issues.redhat.com/browse/OCPBUGS-8374): Add UID to CSO Pod to be able to run with custom SCCs [#347](https://github.com/openshift/cluster-storage-operator/pull/347) * [OCPBUGS-7331](https://issues.redhat.com/browse/OCPBUGS-7331): hypershift: remove inject-proxy annotation from aws-ebs-csi-driver-operator deployment [#337](https://github.com/openshift/cluster-storage-operator/pull/337) * [Full changelog](https://github.com/openshift/cluster-storage-operator/compare/220a777e094ff6b198007518d0734f9b54a7f9af...21ebf328f53182111eb7dce344487ba633d09b1a) ### [cluster-version-operator](https://github.com/openshift/cluster-version-operator/tree/8e2c472a67964065c8aa271f85ef7f7e57726ac4) * [OCPBUGS-27443](https://issues.redhat.com/browse/OCPBUGS-27443): pkg/cvo/availableupdates: Only bump LastAttempt on Cincinnati pulls [#1024](https://github.com/openshift/cluster-version-operator/pull/1024) * [OCPBUGS-20729](https://issues.redhat.com/browse/OCPBUGS-20729): [4.12] Bump http-related deps [#990](https://github.com/openshift/cluster-version-operator/pull/990) * [OCPBUGS-22408](https://issues.redhat.com/browse/OCPBUGS-22408): pkg/clusterconditions/promql: Warm cache with 1s delay [#988](https://github.com/openshift/cluster-version-operator/pull/988) * [OCPBUGS-22198](https://issues.redhat.com/browse/OCPBUGS-22198): Reconcile Volumes in SCCs [#985](https://github.com/openshift/cluster-version-operator/pull/985) * [OCPBUGS-14096](https://issues.redhat.com/browse/OCPBUGS-14096): Trigger new sync round on ClusterOperator Available changes [#938](https://github.com/openshift/cluster-version-operator/pull/938) * [OCPBUGS-12182](https://issues.redhat.com/browse/OCPBUGS-12182): Update dnsPolicy to allow consistent resolution of the internal LB [#931](https://github.com/openshift/cluster-version-operator/pull/931) * [OCPBUGS-10565](https://issues.redhat.com/browse/OCPBUGS-10565): RetrievePayload: Improve timeouts and cover behavior with tests [#914](https://github.com/openshift/cluster-version-operator/pull/914) * [OCPBUGS-10514](https://issues.redhat.com/browse/OCPBUGS-10514): pkg/cvo/availableupdates: Prioritize conditional risks for largest target version [#913](https://github.com/openshift/cluster-version-operator/pull/913) * [OCPBUGS-8304](https://issues.redhat.com/browse/OCPBUGS-8304): Adding admin-gate ack-4.12-kube-1.26-api-removals-in-4.13 [#908](https://github.com/openshift/cluster-version-operator/pull/908) * [OCPBUGS-5879](https://issues.redhat.com/browse/OCPBUGS-5879): Set upgradeability check throttling period to 2m [#884](https://github.com/openshift/cluster-version-operator/pull/884) * [OCPBUGS-5083](https://issues.redhat.com/browse/OCPBUGS-5083): pkg/payload/precondition: Do not claim warnings would have blocked [#878](https://github.com/openshift/cluster-version-operator/pull/878) * [Full changelog](https://github.com/openshift/cluster-version-operator/compare/f1dc3b6a6b7c5f5a85f94201ab90f9e03547a8a3...8e2c472a67964065c8aa271f85ef7f7e57726ac4) ### [console](https://github.com/openshift/console/tree/7e1a504f744ead2eb7142645276229b8e5e87b02) * [OCPBUGS-43639](https://issues.redhat.com/browse/OCPBUGS-43639): Copy response code from proxied plugin requests [#14423](https://github.com/openshift/console/pull/14423) * [OCPBUGS-33519](https://issues.redhat.com/browse/OCPBUGS-33519): Observe > Metrics targets, Alert user if they do not have access to information on this page (e.g. 403). [#14334](https://github.com/openshift/console/pull/14334) * [OCPBUGS-41600](https://issues.redhat.com/browse/OCPBUGS-41600): Fix plugin proxy handler [#14266](https://github.com/openshift/console/pull/14266) * [OCPBUGS-41854](https://issues.redhat.com/browse/OCPBUGS-41854): Redirects to new PipelineRun logs URL from old PipelineRun logs URL [#14283](https://github.com/openshift/console/pull/14283) * [OCPBUGS-34564](https://issues.redhat.com/browse/OCPBUGS-34564): Routes created by devfiles do not always use HTTPS [#13907](https://github.com/openshift/console/pull/13907) * [OCPBUGS-34933](https://issues.redhat.com/browse/OCPBUGS-34933): Helm Plugin's Catalog incorrectly renders a single index entry into multiple tiles [#13930](https://github.com/openshift/console/pull/13930) * [OCPBUGS-32146](https://issues.redhat.com/browse/OCPBUGS-32146): Bump graphql-go to v1.3.0 [#13923](https://github.com/openshift/console/pull/13923) * [OCPBUGS-34845](https://issues.redhat.com/browse/OCPBUGS-34845): Fix PipelineRun Logs tab navigation [#13920](https://github.com/openshift/console/pull/13920) * [OCPBUGS-33778](https://issues.redhat.com/browse/OCPBUGS-33778): fix issues with Edit Route form [#13859](https://github.com/openshift/console/pull/13859) * [OCPBUGS-27479](https://issues.redhat.com/browse/OCPBUGS-27479): Bump helm pkg [#13528](https://github.com/openshift/console/pull/13528) * [OCPBUGS-29746](https://issues.redhat.com/browse/OCPBUGS-29746): Add Pipeline metrics tab using plugin [#13621](https://github.com/openshift/console/pull/13621) * [OCPBUGS-29348](https://issues.redhat.com/browse/OCPBUGS-29348): Added Proxy to non k8s endpoints [#13600](https://github.com/openshift/console/pull/13600) * [OCPBUGS-22431](https://issues.redhat.com/browse/OCPBUGS-22431): Check if filtered object contains name property [#13285](https://github.com/openshift/console/pull/13285) * [OCPBUGS-25213](https://issues.redhat.com/browse/OCPBUGS-25213): add access review for impersonate [#13440](https://github.com/openshift/console/pull/13440) * [OCPBUGS-18116](https://issues.redhat.com/browse/OCPBUGS-18116): Bump helm version [#13104](https://github.com/openshift/console/pull/13104) * [OCPBUGS-24236](https://issues.redhat.com/browse/OCPBUGS-24236): Remove tech preview badge from Pipeline repository pages [#13384](https://github.com/openshift/console/pull/13384) * [OCPBUGS-23413](https://issues.redhat.com/browse/OCPBUGS-23413): Correct logout process [#13342](https://github.com/openshift/console/pull/13342) * [OCPBUGS-24364](https://issues.redhat.com/browse/OCPBUGS-24364): Subsequent PipelineRuns take initial PipelineRun name into account [#13401](https://github.com/openshift/console/pull/13401) * [OCPBUGS-13357](https://issues.redhat.com/browse/OCPBUGS-13357): add multipath device type to LocalVolumeSet [#12805](https://github.com/openshift/console/pull/12805) * [OCPBUGS-23346](https://issues.redhat.com/browse/OCPBUGS-23346): update the KnativeServing API version to v1beta1 for global-config extension [#13334](https://github.com/openshift/console/pull/13334) * [OCPBUGS-23154](https://issues.redhat.com/browse/OCPBUGS-23154): remove expandable toggle for conditional update risk d… [#13322](https://github.com/openshift/console/pull/13322) * [OCPBUGS-22964](https://issues.redhat.com/browse/OCPBUGS-22964): add support for new features annotations while preservi… [#13305](https://github.com/openshift/console/pull/13305) * [OCPBUGS-19382](https://issues.redhat.com/browse/OCPBUGS-19382): Could not import multiple resources via JSON (while YAML supports this) [#13168](https://github.com/openshift/console/pull/13168) * [OCPBUGS-20071](https://issues.redhat.com/browse/OCPBUGS-20071): Fix that "Delete application" doesn't work in topology when Pipelines operator is not installed [#13212](https://github.com/openshift/console/pull/13212) * [OCPBUGS-21727](https://issues.redhat.com/browse/OCPBUGS-21727): fetch TaskRuns without selector and reduces the get TaskRuns requests [#13251](https://github.com/openshift/console/pull/13251) * [OCPBUGS-21731](https://issues.redhat.com/browse/OCPBUGS-21731): show all the legends for Pipeline metrics in PipelineRun TaskRun Duration chart [#13252](https://github.com/openshift/console/pull/13252) * [OCPBUGS-13580](https://issues.redhat.com/browse/OCPBUGS-13580): Regression: OpenShift Console no-longer filters SecretList when displaying ServiceAccount [#12747](https://github.com/openshift/console/pull/12747) * [OCPBUGS-19907](https://issues.redhat.com/browse/OCPBUGS-19907): Fixed Edit Application form for Knative Services [#13205](https://github.com/openshift/console/pull/13205) * [OCPBUGS-19045](https://issues.redhat.com/browse/OCPBUGS-19045): Web console slowness on Project>Project access page [#13155](https://github.com/openshift/console/pull/13155) * [OCPBUGS-18273](https://issues.redhat.com/browse/OCPBUGS-18273): Fix topology crash when a console.topology/data/factory extension tries to resolve a resource with version from the CRDs which doesn't exists [#13113](https://github.com/openshift/console/pull/13113) * [OCPBUGS-18563](https://issues.redhat.com/browse/OCPBUGS-18563): OLM Pages work when copied CSVs are disabled [#13055](https://github.com/openshift/console/pull/13055) * [OCPBUGS-17530](https://issues.redhat.com/browse/OCPBUGS-17530): fix bug where binary secret values are corrupted on edit and add test coverage [#13087](https://github.com/openshift/console/pull/13087) * [OCPBUGS-18366](https://issues.redhat.com/browse/OCPBUGS-18366): Fix DeploymentConfig list performance issues by lazy loading their ReplicationControllers [#13122](https://github.com/openshift/console/pull/13122) * [OCPBUGS-16660](https://issues.redhat.com/browse/OCPBUGS-16660): Manual cherry-pick of #12978 [#13039](https://github.com/openshift/console/pull/13039) * [OCPBUGS-17192](https://issues.redhat.com/browse/OCPBUGS-17192): "Duplicate RoleBinding" leads to "Unsupported value" error [#13063](https://github.com/openshift/console/pull/13063) * [OCPBUGS-16846](https://issues.redhat.com/browse/OCPBUGS-16846): Fix stop PLR option [#13051](https://github.com/openshift/console/pull/13051) * [OCPBUGS-2182](https://issues.redhat.com/browse/OCPBUGS-2182): re-enable operator-install-single-namespace.spec.ts test [#13013](https://github.com/openshift/console/pull/13013) * [OCPBUGS-16732](https://issues.redhat.com/browse/OCPBUGS-16732): When removing the project owner from the project in GUI, instead of that user, the group (the default group added as project admin through the project template) will be removed. [#13047](https://github.com/openshift/console/pull/13047) * [OCPBUGS-16046](https://issues.redhat.com/browse/OCPBUGS-16046), [OCPBUGS-16047](https://issues.redhat.com/browse/OCPBUGS-16047), [OCPBUGS-16048](https://issues.redhat.com/browse/OCPBUGS-16048): Helm Chart installation form hangs on create if JSON-schema is using 2019-09 or 2020-20 standard revisions [#12997](https://github.com/openshift/console/pull/12997) * [OCPBUGS-15898](https://issues.redhat.com/browse/OCPBUGS-15898): account for single object in status.conditions instead… [#12982](https://github.com/openshift/console/pull/12982) * [OCPBUGS-16139](https://issues.redhat.com/browse/OCPBUGS-16139): The upgrade Helm Release tab in OpenShift GUI Developer console is not refreshing with updated values. [#13004](https://github.com/openshift/console/pull/13004) * [OCPBUGS-15710](https://issues.redhat.com/browse/OCPBUGS-15710): Create helm release page doesn't show a YAML editor when schema isn't available (httpd-imagestreams chart) [#12962](https://github.com/openshift/console/pull/12962) * [OCPBUGS-15849](https://issues.redhat.com/browse/OCPBUGS-15849): Add Pipeline metrics unsupported empty page [#12977](https://github.com/openshift/console/pull/12977) * [OCPBUGS-9405](https://issues.redhat.com/browse/OCPBUGS-9405): [OSD] There is no error message shown on node label edi… [#12965](https://github.com/openshift/console/pull/12965) * [OCPBUGS-15798](https://issues.redhat.com/browse/OCPBUGS-15798): Remove access review check for PipelineResource from Pipeline section [#12969](https://github.com/openshift/console/pull/12969) * [OCPBUGS-13643](https://issues.redhat.com/browse/OCPBUGS-13643): Fix OLM k8sResourcePrefix descriptor dropdown behavior [#12813](https://github.com/openshift/console/pull/12813) * [OCPBUGS-15569](https://issues.redhat.com/browse/OCPBUGS-15569): use service port name instead targetPort in the Pipeline Event listener route [#12958](https://github.com/openshift/console/pull/12958) * [OCPBUGS-15535](https://issues.redhat.com/browse/OCPBUGS-15535): Delete annotation 'tekton.dev/v1beta1TaskRuns' when rerun the PLR [#12955](https://github.com/openshift/console/pull/12955) * [OCPBUGS-15404](https://issues.redhat.com/browse/OCPBUGS-15404): Importing a kn Service shows a non-working Open URL decorator also when the Add Route checkbox was unselected [#12935](https://github.com/openshift/console/pull/12935) * [OCPBUGS-15057](https://issues.redhat.com/browse/OCPBUGS-15057): only copy workload annotations to debug pod [#12903](https://github.com/openshift/console/pull/12903) * [OCPBUGS-15099](https://issues.redhat.com/browse/OCPBUGS-15099): visiting Configurations page returns error Cannot read… [#12906](https://github.com/openshift/console/pull/12906) * [OCPBUGS-15482](https://issues.redhat.com/browse/OCPBUGS-15482): Remove PipelineResource CRD check because it's not installed with PO 1.11 anymore [#12948](https://github.com/openshift/console/pull/12948) * [OCPBUGS-14190](https://issues.redhat.com/browse/OCPBUGS-14190): When Creating Sample Devfile from the Samples Page, Topology Icon is not set [#12859](https://github.com/openshift/console/pull/12859) * [OCPBUGS-11989](https://issues.redhat.com/browse/OCPBUGS-11989): Modified git import flow module to handle create button enable-disable issue [#12775](https://github.com/openshift/console/pull/12775) * [OCPBUGS-6848](https://issues.redhat.com/browse/OCPBUGS-6848): Service name search ability while creating the Route from console [#12505](https://github.com/openshift/console/pull/12505) * [OCPBUGS-7619](https://issues.redhat.com/browse/OCPBUGS-7619): Search page: LazyActionMenus are shown below Add/Remove from navigation button [#12575](https://github.com/openshift/console/pull/12575) * [OCPBUGS-7924](https://issues.redhat.com/browse/OCPBUGS-7924): Developer - Topology : 'Filter by resource' drop-down i18n misses [#12598](https://github.com/openshift/console/pull/12598) * [OCPBUGS-13803](https://issues.redhat.com/browse/OCPBUGS-13803): add support for minimal status of tekton [#12831](https://github.com/openshift/console/pull/12831) * [OCPBUGS-13750](https://issues.redhat.com/browse/OCPBUGS-13750): use PipelineRun template from 'pipelines-as-code-pipelinerun-go' configMap for Go runtime [#12829](https://github.com/openshift/console/pull/12829) * [OCPBUGS-12839](https://issues.redhat.com/browse/OCPBUGS-12839): Show type of sample on the samples view [#12783](https://github.com/openshift/console/pull/12783) * [OCPBUGS-12992](https://issues.redhat.com/browse/OCPBUGS-12992): Pipeline doesn't render correctly when displayed but looks fine in edit mode [#12791](https://github.com/openshift/console/pull/12791) * [OCPBUGS-9336](https://issues.redhat.com/browse/OCPBUGS-9336): use buildconfig form also for create [#12770](https://github.com/openshift/console/pull/12770) * [OCPBUGS-11601](https://issues.redhat.com/browse/OCPBUGS-11601): Move operator install status to it's own … [#12715](https://github.com/openshift/console/pull/12715) * [OCPBUGS-12232](https://issues.redhat.com/browse/OCPBUGS-12232): Fix for broken Create key/value secrets e2e tests [#12750](https://github.com/openshift/console/pull/12750) * [OCPBUGS-11844](https://issues.redhat.com/browse/OCPBUGS-11844): delete associated pipeline, triggertemplate and eventlistener when deleting app [#12727](https://github.com/openshift/console/pull/12727) * [OCPBUGS-11972](https://issues.redhat.com/browse/OCPBUGS-11972): update the default pipelineRun template name [#12687](https://github.com/openshift/console/pull/12687) * [OCPBUGS-6888](https://issues.redhat.com/browse/OCPBUGS-6888): Show Git icon and repo link as per the Git provider [#12511](https://github.com/openshift/console/pull/12511) * [OCPBUGS-12476](https://issues.redhat.com/browse/OCPBUGS-12476): Pipelines repository list and creation form doesn't show Tech Preview status [#12763](https://github.com/openshift/console/pull/12763) * [OCPBUGS-1753](https://issues.redhat.com/browse/OCPBUGS-1753): Fix OLM descriptor components deletes operand e2e test failing [#12573](https://github.com/openshift/console/pull/12573) * [OCPBUGS-12477](https://issues.redhat.com/browse/OCPBUGS-12477): Users don't know what type of resource is being created by Import from Git or Deploy Image flows [#12765](https://github.com/openshift/console/pull/12765) * [OCPBUGS-11998](https://issues.redhat.com/browse/OCPBUGS-11998): Do not show builder ImageStreams without `sampleRepo` as samples [#12740](https://github.com/openshift/console/pull/12740) * [OCPBUGS-5009](https://issues.redhat.com/browse/OCPBUGS-5009): Helm Charts and Samples are not disabled in topology actions if actions are disabled in customization [#12382](https://github.com/openshift/console/pull/12382) * [OCPBUGS-7953](https://issues.redhat.com/browse/OCPBUGS-7953): fix devfile error [#12605](https://github.com/openshift/console/pull/12605) * [OCPBUGS-6672](https://issues.redhat.com/browse/OCPBUGS-6672): In DeploymentConfig both the Form view and Yaml view are not in sync [#12475](https://github.com/openshift/console/pull/12475) * [OCPBUGS-8016](https://issues.redhat.com/browse/OCPBUGS-8016): PipelineRun templates must be fetched from OpenShift namespace [#12614](https://github.com/openshift/console/pull/12614) * [OCPBUGS-10225](https://issues.redhat.com/browse/OCPBUGS-10225): Get the Event type value from the latest PLR of the Repository [#12643](https://github.com/openshift/console/pull/12643) * [OCPBUGS-7333](https://issues.redhat.com/browse/OCPBUGS-7333): Add missing SDK extensions descriptions [#12556](https://github.com/openshift/console/pull/12556) * [OCPBUGS-7951](https://issues.redhat.com/browse/OCPBUGS-7951): delete application should delete all part-of resources [#12604](https://github.com/openshift/console/pull/12604) * [OCPBUGS-6036](https://issues.redhat.com/browse/OCPBUGS-6036): Project dropdown order is not as smart as project list page order [#12447](https://github.com/openshift/console/pull/12447) * [OCPBUGS-7800](https://issues.redhat.com/browse/OCPBUGS-7800): add subject kind dropdown in the project access form [#12586](https://github.com/openshift/console/pull/12586) * [OCPBUGS-8339](https://issues.redhat.com/browse/OCPBUGS-8339): disable operator-install-single-namespace.spec.ts until… [#12624](https://github.com/openshift/console/pull/12624) * [OCPBUGS-3892](https://issues.redhat.com/browse/OCPBUGS-3892): Add cluster to query params of websocket requests [#12282](https://github.com/openshift/console/pull/12282) * [OCPBUGS-5092](https://issues.redhat.com/browse/OCPBUGS-5092): Fix to use and set correct secretReference for build-config triggers [#12388](https://github.com/openshift/console/pull/12388) * [OCPBUGS-7895](https://issues.redhat.com/browse/OCPBUGS-7895): Bump helm version to 3.10.1 [#12579](https://github.com/openshift/console/pull/12579) * [OCPBUGS-6873](https://issues.redhat.com/browse/OCPBUGS-6873): The dropdown list component will be covered by deployment details page on Topology page [#12507](https://github.com/openshift/console/pull/12507) * [OCPBUGS-6831](https://issues.redhat.com/browse/OCPBUGS-6831): Fix crash when pinnedResources is null [#12503](https://github.com/openshift/console/pull/12503) * [OCPBUGS-7471](https://issues.redhat.com/browse/OCPBUGS-7471): Right border radius is 0 for the pipeline visualization wrapper in dark mode [#12565](https://github.com/openshift/console/pull/12565) * [OCPBUGS-7506](https://issues.redhat.com/browse/OCPBUGS-7506): Fix different CI issues [#12555](https://github.com/openshift/console/pull/12555) * [OCPBUGS-6966](https://issues.redhat.com/browse/OCPBUGS-6966): Remove description field from the PLR parameters page [#12519](https://github.com/openshift/console/pull/12519) * [OCPBUGS-7437](https://issues.redhat.com/browse/OCPBUGS-7437): Webhook Secret (1 of 2) is not removed when Knative Service is deleted [#12560](https://github.com/openshift/console/pull/12560) * [OCPBUGS-6887](https://issues.redhat.com/browse/OCPBUGS-6887): Show Tag label and tag name if tag is detected in repository PipelineRun list and details page [#12510](https://github.com/openshift/console/pull/12510) * [OCPBUGS-6816](https://issues.redhat.com/browse/OCPBUGS-6816): Repositories list does not show the running pipelinerun as last pipelinerun [#12500](https://github.com/openshift/console/pull/12500) * [OCPBUGS-4072](https://issues.redhat.com/browse/OCPBUGS-4072): Fix rerender loop/crash when bindable-kinds is found but has no status [#12304](https://github.com/openshift/console/pull/12304) * [OCPBUGS-6671](https://issues.redhat.com/browse/OCPBUGS-6671): fix broken pipeline secret [#12474](https://github.com/openshift/console/pull/12474) * [OCPBUGS-6913](https://issues.redhat.com/browse/OCPBUGS-6913): PipelineRun task status overlaps status text [#12516](https://github.com/openshift/console/pull/12516) * [OCPBUGS-6766](https://issues.redhat.com/browse/OCPBUGS-6766): Fix to provide an option to delete all app resources on delete-resource modal for D/DC/KSVC [#12491](https://github.com/openshift/console/pull/12491) * [OCPBUGS-6969](https://issues.redhat.com/browse/OCPBUGS-6969): Added translation to Last used in resource type dropdown [#12521](https://github.com/openshift/console/pull/12521) * [OCPBUGS-6764](https://issues.redhat.com/browse/OCPBUGS-6764): Add Git Repository (PAC) showed empty permission content and non-working help link until a git url is entered [#12490](https://github.com/openshift/console/pull/12490) * [OCPBUGS-4281](https://issues.redhat.com/browse/OCPBUGS-4281): Do not disable metrics when auth is disabled [#12323](https://github.com/openshift/console/pull/12323) * [OCPBUGS-6669](https://issues.redhat.com/browse/OCPBUGS-6669): Do not show UpdateInProgress when status is Failing [#12473](https://github.com/openshift/console/pull/12473) * [OCPBUGS-5093](https://issues.redhat.com/browse/OCPBUGS-5093): Fix to show correct help texts for each git repo status error code [#12389](https://github.com/openshift/console/pull/12389) * [OCPBUGS-6085](https://issues.redhat.com/browse/OCPBUGS-6085): Editing Pipeline in the ocp console should show correct information [#12452](https://github.com/openshift/console/pull/12452) * [OCPBUGS-6758](https://issues.redhat.com/browse/OCPBUGS-6758): Add RBAC check on Create a Project link in all-namespaces pages [#12489](https://github.com/openshift/console/pull/12489) * [OCPBUGS-6755](https://issues.redhat.com/browse/OCPBUGS-6755): Remove `refs-heads` from the branch name for Repository pipelineRun row [#12487](https://github.com/openshift/console/pull/12487) * [OCPBUGS-6743](https://issues.redhat.com/browse/OCPBUGS-6743): Fix react warning when open console, add missing keys in navigation [#12484](https://github.com/openshift/console/pull/12484) * [OCPBUGS-5875](https://issues.redhat.com/browse/OCPBUGS-5875): Don't proxy CORS response headers [#12276](https://github.com/openshift/console/pull/12276) * [OCPBUGS-6678](https://issues.redhat.com/browse/OCPBUGS-6678): fix run-time error on Cluster Settings when availableUp… [#12476](https://github.com/openshift/console/pull/12476) * [OCPBUGS-4633](https://issues.redhat.com/browse/OCPBUGS-4633): Monitoring: Fix alert descriptions with duplicate resources [#12352](https://github.com/openshift/console/pull/12352) * [OCPBUGS-5303](https://issues.redhat.com/browse/OCPBUGS-5303): display 'Control plane is hosted' alert only when isCl… [#12409](https://github.com/openshift/console/pull/12409) * [OCPBUGS-5263](https://issues.redhat.com/browse/OCPBUGS-5263): only show upgrade details if cluster not externally man… [#12404](https://github.com/openshift/console/pull/12404) * [Full changelog](https://github.com/openshift/console/compare/b237c34499db6e417e9b67b4590e73450bbc931c...7e1a504f744ead2eb7142645276229b8e5e87b02) ### [console-operator](https://github.com/openshift/console-operator/tree/32e6d25c4ac9fe71bb64fa7b30073a72547f4974) * [OCPBUGS-33386](https://issues.redhat.com/browse/OCPBUGS-33386): Reset console operator's conditions [#898](https://github.com/openshift/console-operator/pull/898) * [OCPBUGS-20988](https://issues.redhat.com/browse/OCPBUGS-20988): Disable HTTP/2 for webhook [#876](https://github.com/openshift/console-operator/pull/876) * [OCPBUGS-30990](https://issues.redhat.com/browse/OCPBUGS-30990): [release-4.12] Bump library-go and golang.org/x/net [#867](https://github.com/openshift/console-operator/pull/867) * [OCPBUGS-18951](https://issues.redhat.com/browse/OCPBUGS-18951): Add haproxy timeout annotation to console routes [#792](https://github.com/openshift/console-operator/pull/792) * [OCPBUGS-18309](https://issues.redhat.com/browse/OCPBUGS-18309): Add missing watch permission for helm-chartrepos-viewers [#789](https://github.com/openshift/console-operator/pull/789) * [OCPBUGS-15834](https://issues.redhat.com/browse/OCPBUGS-15834): Dockerfile: Shift ConsolePlugin CRD after the operator Deployment [#791](https://github.com/openshift/console-operator/pull/791) * [OCPBUGS-18563](https://issues.redhat.com/browse/OCPBUGS-18563): OLM Pages work when copied CSVs are disabled [#780](https://github.com/openshift/console-operator/pull/780) * [OCPBUGS-13647](https://issues.redhat.com/browse/OCPBUGS-13647): Proper cleanup of route sync conditions [#762](https://github.com/openshift/console-operator/pull/762) * [OCPBUGS-7999](https://issues.redhat.com/browse/OCPBUGS-7999): Distinguish between route conditions and remove the old ones [#735](https://github.com/openshift/console-operator/pull/735) * [OCPBUGS-6921](https://issues.redhat.com/browse/OCPBUGS-6921): Recover ConsoleNotificationSync after being degraded [#728](https://github.com/openshift/console-operator/pull/728) * [Full changelog](https://github.com/openshift/console-operator/compare/a34f2e4da55277b8ae63f90247dfa406aa6f6189...32e6d25c4ac9fe71bb64fa7b30073a72547f4974) ### [container-networking-plugins](https://github.com/openshift/containernetworking-plugins/tree/1b33971993ca1013be9f24690c44560d2c58c70a) * [OCPBUGS-20593](https://issues.redhat.com/browse/OCPBUGS-20593): build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 [backport 4.12] [#131](https://github.com/openshift/containernetworking-plugins/pull/131) * [Full changelog](https://github.com/openshift/containernetworking-plugins/compare/6d237727d7af8981b373cb62509dce1fe19d35b8...1b33971993ca1013be9f24690c44560d2c58c70a) ### [coredns](https://github.com/openshift/coredns/tree/cc1194ea004f6b4bcb132fd1c6cebee68666d38f) * [OCPBUGS-21023](https://issues.redhat.com/browse/OCPBUGS-21023): UPSTREAM: <carry>: openshift: Address CVE-2023-39325 [#103](https://github.com/openshift/coredns/pull/103) * [OCPBUGS-20144](https://issues.redhat.com/browse/OCPBUGS-20144): UPSTREAM: <carry>: openshift: Fix OCPBUGS-20144 [#98](https://github.com/openshift/coredns/pull/98) * [Full changelog](https://github.com/openshift/coredns/compare/9aaa7e0a86b69bafb9f544a0e5cb1873535a8f6b...cc1194ea004f6b4bcb132fd1c6cebee68666d38f) ### [csi-driver-manila, openstack-cinder-csi-driver, openstack-cloud-controller-manager](https://github.com/openshift/cloud-provider-openstack/tree/2f1d9f8ac6af4364d8118c874b0071d9e9f3ee65) * update tags to v1.25.4 [#2118](https://github.com/openshift/cloud-provider-openstack/pull/2118) * [Full changelog](https://github.com/openshift/cloud-provider-openstack/compare/615dc6062013a7d872fd3f0978cda8ac7eda6ac8...2f1d9f8ac6af4364d8118c874b0071d9e9f3ee65) ### [csi-driver-manila-operator](https://github.com/openshift/csi-driver-manila-operator/tree/8dab53208f3a161af85eedd6835c2701d337d5f9) * [OCPBUGS-30295](https://issues.redhat.com/browse/OCPBUGS-30295): Fix selector for manila-csi-driver-controller-metrics service [#228](https://github.com/openshift/csi-driver-manila-operator/pull/228) * [OCPBUGS-18475](https://issues.redhat.com/browse/OCPBUGS-18475): Don't cache OpenStack client [#202](https://github.com/openshift/csi-driver-manila-operator/pull/202) * [OCPBUGS-18417](https://issues.redhat.com/browse/OCPBUGS-18417): set TLS cipher suites in Kube RBAC sidecars [#199](https://github.com/openshift/csi-driver-manila-operator/pull/199) * [OCPBUGS-10556](https://issues.redhat.com/browse/OCPBUGS-10556): Bump go.mongodb.org/mongo-driver to v1.5.1 [#176](https://github.com/openshift/csi-driver-manila-operator/pull/176) * [OCPBUGS-6599](https://issues.redhat.com/browse/OCPBUGS-6599): Address CVE-2022-41717 [#166](https://github.com/openshift/csi-driver-manila-operator/pull/166) * [Full changelog](https://github.com/openshift/csi-driver-manila-operator/compare/6cad8759f4456659c9397a61d20a7f084bd90304...8dab53208f3a161af85eedd6835c2701d337d5f9) ### [csi-driver-nfs](https://github.com/openshift/csi-driver-nfs/tree/d90992573acb3df6c7fbb6dbe1b215125d26fc34) * [OCPBUGS-6590](https://issues.redhat.com/browse/OCPBUGS-6590): Address CVE-2022-41717 [#105](https://github.com/openshift/csi-driver-nfs/pull/105) * [Full changelog](https://github.com/openshift/csi-driver-nfs/compare/b7393faceb18e18eae133a6de89e4b4339295fa8...d90992573acb3df6c7fbb6dbe1b215125d26fc34) ### [csi-driver-shared-resource, csi-driver-shared-resource-webhook](https://github.com/openshift/csi-driver-shared-resource/tree/d054948fbc78ef04c7a55ac2a4b3ac0ed5648585) * [OCPBUGS-28953](https://issues.redhat.com/browse/OCPBUGS-28953): Replace 'coreydaley' with 'sayan-biswas' in OWNERS file [#169](https://github.com/openshift/csi-driver-shared-resource/pull/169) * [OCPBUGS-23118](https://issues.redhat.com/browse/OCPBUGS-23118): Should reference configmaps instead of secrets [#154](https://github.com/openshift/csi-driver-shared-resource/pull/154) * [OCPBUGS-20703](https://issues.redhat.com/browse/OCPBUGS-20703): bump golang.org/x/net to v0.17.0 [#148](https://github.com/openshift/csi-driver-shared-resource/pull/148) * [Full changelog](https://github.com/openshift/csi-driver-shared-resource/compare/20cffc04d37e0ac2ea5014c08513c8408715179c...d054948fbc78ef04c7a55ac2a4b3ac0ed5648585) ### [csi-driver-shared-resource-operator](https://github.com/openshift/csi-driver-shared-resource-operator/tree/cc297702e6d2d4fb5a2b57a734c26d0d0a7bec1c) * [OCPBUGS-28959](https://issues.redhat.com/browse/OCPBUGS-28959): Replace 'coreydaley' with 'sayan-biswas' in OWNERS file [#105](https://github.com/openshift/csi-driver-shared-resource-operator/pull/105) * [OCPBUGS-20787](https://issues.redhat.com/browse/OCPBUGS-20787): bump golang.org/x/net to v0.17.0 [#88](https://github.com/openshift/csi-driver-shared-resource-operator/pull/88) * [Full changelog](https://github.com/openshift/csi-driver-shared-resource-operator/compare/3201431c8f52827d599556fd041049ec121cc067...cc297702e6d2d4fb5a2b57a734c26d0d0a7bec1c) ### [csi-external-attacher](https://github.com/openshift/csi-external-attacher/tree/fac7b8fd905b4c68beadc2c968e6f981385463e8) * [OCPBUGS-21139](https://issues.redhat.com/browse/OCPBUGS-21139): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#62](https://github.com/openshift/csi-external-attacher/pull/62) * [Full changelog](https://github.com/openshift/csi-external-attacher/compare/6945eef88ccf4e57545fea636113afe4103058bc...fac7b8fd905b4c68beadc2c968e6f981385463e8) ### [csi-external-provisioner](https://github.com/openshift/csi-external-provisioner/tree/3aa7c527732e288c71119ea3e78fac739dfbd438) * [OCPBUGS-20743](https://issues.redhat.com/browse/OCPBUGS-20743): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#74](https://github.com/openshift/csi-external-provisioner/pull/74) * [Full changelog](https://github.com/openshift/csi-external-provisioner/compare/140851f6c0e70cf917b3361808b31628c68ea8a5...3aa7c527732e288c71119ea3e78fac739dfbd438) ### [csi-external-resizer](https://github.com/openshift/csi-external-resizer/tree/5b066ba420bd74ec5327978d2731da989d57d4f2) * [OCPBUGS-20885](https://issues.redhat.com/browse/OCPBUGS-20885): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#149](https://github.com/openshift/csi-external-resizer/pull/149) * [Full changelog](https://github.com/openshift/csi-external-resizer/compare/239d751f51743214417dd5058645c2c1d390d1b5...5b066ba420bd74ec5327978d2731da989d57d4f2) ### [csi-external-snapshotter, csi-snapshot-controller, csi-snapshot-validation-webhook](https://github.com/openshift/csi-external-snapshotter/tree/6fdb648f67640dbb8b5eed10a1eab9830e6f8cdf) * [OCPBUGS-29244](https://issues.redhat.com/browse/OCPBUGS-29244): cherry-pick:release-4.12: OCPBUGS-29244 Update VolumeSnapshot and VolumeSnapshotContent using JSON patch [#140](https://github.com/openshift/csi-external-snapshotter/pull/140) * [OCPBUGS-20991](https://issues.redhat.com/browse/OCPBUGS-20991): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#111](https://github.com/openshift/csi-external-snapshotter/pull/111) * [Full changelog](https://github.com/openshift/csi-external-snapshotter/compare/7e2325666da25db833027acee53344fd0a6cd9e3...6fdb648f67640dbb8b5eed10a1eab9830e6f8cdf) ### [csi-livenessprobe](https://github.com/openshift/csi-livenessprobe/tree/e6545e71597df1da4635c266eb8f499fc376d970) * [OCPBUGS-20629](https://issues.redhat.com/browse/OCPBUGS-20629): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#52](https://github.com/openshift/csi-livenessprobe/pull/52) * [OCPBUGS-13821](https://issues.redhat.com/browse/OCPBUGS-13821): Bump gRPC from 1.38.0 to 1.49.0 [#43](https://github.com/openshift/csi-livenessprobe/pull/43) * [Full changelog](https://github.com/openshift/csi-livenessprobe/compare/720e1d6e3e828dec9908091da9f5d80a31d75585...e6545e71597df1da4635c266eb8f499fc376d970) ### [csi-node-driver-registrar](https://github.com/openshift/csi-node-driver-registrar/tree/c316b8963a0b0ff8d45f2b32c56de972d55bfd37) * [OCPBUGS-20674](https://issues.redhat.com/browse/OCPBUGS-20674): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#54](https://github.com/openshift/csi-node-driver-registrar/pull/54) * [Full changelog](https://github.com/openshift/csi-node-driver-registrar/compare/805d5ac247137b02e6081e3eb7aa1fb9f4c7b4b2...c316b8963a0b0ff8d45f2b32c56de972d55bfd37) ### [docker-builder](https://github.com/openshift/builder/tree/3f240815de70301cbce65bf6b2f85e67eaa3573c) * Replace 'coreydaley' with 'sayan-biswas' [#408](https://github.com/openshift/builder/pull/408) * [BUILD-854](https://issues.redhat.com/browse/BUILD-854): Add adambkaplan as approver [#406](https://github.com/openshift/builder/pull/406) * [OCPBUGS-23037](https://issues.redhat.com/browse/OCPBUGS-23037): Add -p flag to cp command to preserve timestamps [#372](https://github.com/openshift/builder/pull/372) * [OCPBUGS-20695](https://issues.redhat.com/browse/OCPBUGS-20695): [release-4.12]Bump golang.org/x/net [#364](https://github.com/openshift/builder/pull/364) * [OCPBUGS-17228](https://issues.redhat.com/browse/OCPBUGS-17228): bump github.com/containers/buildah to v1.26.6 [#325](https://github.com/openshift/builder/pull/325) * [OCPBUGS-15643](https://issues.redhat.com/browse/OCPBUGS-15643): Add the git-lfs package [#353](https://github.com/openshift/builder/pull/353) * [OCPBUGS-6753](https://issues.redhat.com/browse/OCPBUGS-6753): manage-dockerfile: use the original form of HEALTHCHECK [#324](https://github.com/openshift/builder/pull/324) * [Full changelog](https://github.com/openshift/builder/compare/e76828eb29e8afefc639706a7ead4e4584d4eb0a...3f240815de70301cbce65bf6b2f85e67eaa3573c) ### [docker-registry](https://github.com/openshift/image-registry/tree/9e75355ca282cf5abac5595585a4b089e6a95e6f) * [OCPBUGS-19306](https://issues.redhat.com/browse/OCPBUGS-19306): bump docker-distribution [#382](https://github.com/openshift/image-registry/pull/382) * [OCPBUGS-10496](https://issues.redhat.com/browse/OCPBUGS-10496): bump docker-distribution [#365](https://github.com/openshift/image-registry/pull/365) * [OCPBUGS-8491](https://issues.redhat.com/browse/OCPBUGS-8491): bump aws-sdk-go [#362](https://github.com/openshift/image-registry/pull/362) * [OCPBUGS-4678](https://issues.redhat.com/browse/OCPBUGS-4678): Bump aws-sdk-go to v1.44.145 [#357](https://github.com/openshift/image-registry/pull/357) * [Full changelog](https://github.com/openshift/image-registry/compare/fab1920c871a2c38daafaddfa31aafa5d9d1d53d...9e75355ca282cf5abac5595585a4b089e6a95e6f) ### [driver-toolkit](https://github.com/openshift/driver-toolkit/tree/6e5c04c066a428047d1755478cf88b290d32ad8f) * Adding rpm-build to the Dockerfile (#117) [#117](https://github.com/openshift/driver-toolkit/pull/117) * [Full changelog](https://github.com/openshift/driver-toolkit/compare/e31abf2cf547f172da7d51b998ff5b58c05a7a6a...6e5c04c066a428047d1755478cf88b290d32ad8f) ### [etcd](https://github.com/openshift/etcd/tree/bb82e891abeaddd57e1a07775874d71f2ddd9e85) * [OCPBUGS-28736](https://issues.redhat.com/browse/OCPBUGS-28736): Rebase etcd 3.5.12 openshift 4.12 [#246](https://github.com/openshift/etcd/pull/246) * [OCPBUGS-27102](https://issues.redhat.com/browse/OCPBUGS-27102): Rebase etcd 3.5.11 openshift 4.12 [#240](https://github.com/openshift/etcd/pull/240) * [OCPBUGS-21187](https://issues.redhat.com/browse/OCPBUGS-21187): [4.12] Carrying fixes for CVE-2023-44487 [#228](https://github.com/openshift/etcd/pull/228) * [OCPBUGS-15860](https://issues.redhat.com/browse/OCPBUGS-15860): [4.12] Rebase openshift/etcd to 3.5.9 [#207](https://github.com/openshift/etcd/pull/207) * Update owners [#185](https://github.com/openshift/etcd/pull/185) * Updating ose-etcd images to be consistent with ART [#153](https://github.com/openshift/etcd/pull/153) * [OCPBUGS-5761](https://issues.redhat.com/browse/OCPBUGS-5761): UPSTREAM:<carry>: etcdserver: process the scenaro of the last WAL rec… [#176](https://github.com/openshift/etcd/pull/176) * [Full changelog](https://github.com/openshift/etcd/compare/89a451c499e06b3e9f8072c7cd70b86d78f597bf...bb82e891abeaddd57e1a07775874d71f2ddd9e85) ### [gcp-cloud-controller-manager](https://github.com/openshift/cloud-provider-gcp/tree/8a84952ec7ff1aa001f885b10ec583540f298c73) * [OCPBUGS-21282](https://issues.redhat.com/browse/OCPBUGS-21282): Bump golang.org/x/net to v0.18.0 [#44](https://github.com/openshift/cloud-provider-gcp/pull/44) * [Full changelog](https://github.com/openshift/cloud-provider-gcp/compare/8d208a7f549b0c039420f67ca7aeff43fc1dcdfc...8a84952ec7ff1aa001f885b10ec583540f298c73) ### [gcp-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-gcp/tree/e00019faa4bd74f70826344a8cc085ba13768422) * [OCPBUGS-21380](https://issues.redhat.com/browse/OCPBUGS-21380): Bump golang.org/x/net to v0.17.0 [#205](https://github.com/openshift/cluster-api-provider-gcp/pull/205) * [Full changelog](https://github.com/openshift/cluster-api-provider-gcp/compare/eea0586cdf2bc859533fa874e1b6df536a6df40d...e00019faa4bd74f70826344a8cc085ba13768422) ### [gcp-machine-controllers](https://github.com/openshift/machine-api-provider-gcp/tree/d6d8c1cc5b58ff7cf311bcb72dbeb00eb704511a) * [OCPBUGS-24564](https://issues.redhat.com/browse/OCPBUGS-24564): Reduce metrics cardinality. [#76](https://github.com/openshift/machine-api-provider-gcp/pull/76) * [OCPBUGS-20833](https://issues.redhat.com/browse/OCPBUGS-20833): Bump x/net package to v0.18.0 [#69](https://github.com/openshift/machine-api-provider-gcp/pull/69) * [OCPBUGS-14120](https://issues.redhat.com/browse/OCPBUGS-14120): Register control plane machines to instance group [#52](https://github.com/openshift/machine-api-provider-gcp/pull/52) * [Full changelog](https://github.com/openshift/machine-api-provider-gcp/compare/ada83dc67fc2efad2cc73f89ca3b33fd289e50ba...d6d8c1cc5b58ff7cf311bcb72dbeb00eb704511a) ### [gcp-pd-csi-driver](https://github.com/openshift/gcp-pd-csi-driver/tree/5dcfd6755ea1eff7dcf1c0c831b048eda1b41736) * [OCPBUGS-20718](https://issues.redhat.com/browse/OCPBUGS-20718): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#47](https://github.com/openshift/gcp-pd-csi-driver/pull/47) * [Full changelog](https://github.com/openshift/gcp-pd-csi-driver/compare/223d84646af2611d801ad5633e9ce4088772cab4...5dcfd6755ea1eff7dcf1c0c831b048eda1b41736) ### [gcp-pd-csi-driver-operator](https://github.com/openshift/gcp-pd-csi-driver-operator/tree/30e97ba511547edb057071b63498e1ca4c68ec16) * [OCPBUGS-20807](https://issues.redhat.com/browse/OCPBUGS-20807): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#89](https://github.com/openshift/gcp-pd-csi-driver-operator/pull/89) * [OCPBUGS-18417](https://issues.redhat.com/browse/OCPBUGS-18417): set TLS cipher suites in Kube RBAC sidecars [#82](https://github.com/openshift/gcp-pd-csi-driver-operator/pull/82) * [Full changelog](https://github.com/openshift/gcp-pd-csi-driver-operator/compare/020aeb670fa7897ae3e564d052577042c26b1921...30e97ba511547edb057071b63498e1ca4c68ec16) ### [haproxy-router](https://github.com/openshift/router/tree/6a092687d2ed1b709403e3bdebc2f069c0ce4a01) * [OCPBUGS-43703](https://issues.redhat.com/browse/OCPBUGS-43703): add duplicate_te_header_total metric [#632](https://github.com/openshift/router/pull/632) * [OCPBUGS-35875](https://issues.redhat.com/browse/OCPBUGS-35875): Properly handle rewrite-target annotation [#610](https://github.com/openshift/router/pull/610) * [OCPBUGS-33432](https://issues.redhat.com/browse/OCPBUGS-33432): Route 'haproxy.router.openshift.io/timeout' value is not validated [#593](https://github.com/openshift/router/pull/593) * [OCPBUGS-34212](https://issues.redhat.com/browse/OCPBUGS-34212): Reject routes with MD5 certs [#601](https://github.com/openshift/router/pull/601) * [OCPBUGS-33517](https://issues.redhat.com/browse/OCPBUGS-33517): Count active services before setting weight to 1 [#581](https://github.com/openshift/router/pull/581) * [OCPBUGS-21098](https://issues.redhat.com/browse/OCPBUGS-21098): Bump golang.org/x/net to v0.17.0 to address CVE-2023-39325 [#532](https://github.com/openshift/router/pull/532) * [OCPBUGS-17766](https://issues.redhat.com/browse/OCPBUGS-17766): haproxy/template: mitigate CVE-2023-40225 [#507](https://github.com/openshift/router/pull/507) * [OCPBUGS-18639](https://issues.redhat.com/browse/OCPBUGS-18639): properly handle weight=0 [#511](https://github.com/openshift/router/pull/511) * [OCPBUGS-14454](https://issues.redhat.com/browse/OCPBUGS-14454), [OCPBUGS-14455](https://issues.redhat.com/browse/OCPBUGS-14455): Handle mTLS CRLs, and fix accidental CRL duplication [#491](https://github.com/openshift/router/pull/491) * [Full changelog](https://github.com/openshift/router/compare/3065f6583f3925328fbdbfe95e3bc7bb7a084d33...6a092687d2ed1b709403e3bdebc2f069c0ce4a01) ### [hyperkube, pod](https://github.com/openshift/kubernetes/tree/1eb868227a9b8ed70f88be1681321405094d7adf) * [OCPBUGS-37282](https://issues.redhat.com/browse/OCPBUGS-37282): UPSTREAM: 126104: Add funcs in pkg/filesystem/util that can actually … [#2046](https://github.com/openshift/kubernetes/pull/2046) * [OCPBUGS-30454](https://issues.redhat.com/browse/OCPBUGS-30454): CVE 2024-24786 [#1974](https://github.com/openshift/kubernetes/pull/1974) * UPSTREAM: <drop>: Bump golang.org/x/net to v0.23.0 [#1940](https://github.com/openshift/kubernetes/pull/1940) * Address CVE [#13](https://github.com/openshift/kubernetes/pull/13) * [OCPBUGS-15527](https://issues.redhat.com/browse/OCPBUGS-15527): Prevent partially filled HPA behaviors from crashing kube-controller-manager [#1887](https://github.com/openshift/kubernetes/pull/1887) * [OCPBUGS-25815](https://issues.redhat.com/browse/OCPBUGS-25815): Fix device uncertain errors on reboot 4.12 [#1833](https://github.com/openshift/kubernetes/pull/1833) * [OCPBUGS-25214](https://issues.redhat.com/browse/OCPBUGS-25214): legacy-cloud-providers: prevent index out-of-range in getNextUnitNumber [#1835](https://github.com/openshift/kubernetes/pull/1835) * [OCPBUGS-23568](https://issues.redhat.com/browse/OCPBUGS-23568): Update to kubernetes 1.25.16 [#1807](https://github.com/openshift/kubernetes/pull/1807) * [OCPBUGS-23288](https://issues.redhat.com/browse/OCPBUGS-23288): UPSTREAM: 121881: Use golang library instead of mklink [#1803](https://github.com/openshift/kubernetes/pull/1803) * [OCPBUGS-20113](https://issues.redhat.com/browse/OCPBUGS-20113): UPSTREAM: <carry>: Do not allow nodes to set forbidden openshift labels [#1747](https://github.com/openshift/kubernetes/pull/1747) * openshift-hack: Fix sporadic 141 errors in build-rpms [#1774](https://github.com/openshift/kubernetes/pull/1774) * [OCPBUGS-21435](https://issues.redhat.com/browse/OCPBUGS-21435): [release-4.12] UPSTREAM: 121125: [1.25][CVE-2023-39325] .: bump golang.org/x/net to v0.17.0 [#1760](https://github.com/openshift/kubernetes/pull/1760) * [OCPBUGS-18288](https://issues.redhat.com/browse/OCPBUGS-18288), [OCPBUGS-19483](https://issues.redhat.com/browse/OCPBUGS-19483): Update to kubernetes 1.25.14 [#1719](https://github.com/openshift/kubernetes/pull/1719) * [OCPBUGS-18768](https://issues.redhat.com/browse/OCPBUGS-18768): UPSTREAM: <carry>: Force using host go always and use host libriaries [#1694](https://github.com/openshift/kubernetes/pull/1694) * [OCPBUGS-17188](https://issues.redhat.com/browse/OCPBUGS-17188): Update to Kubernetes 1.25.12 [#1669](https://github.com/openshift/kubernetes/pull/1669) * [OCPBUGS-17159](https://issues.redhat.com/browse/OCPBUGS-17159): Increase service idle max timeout to 100 minutes [#1662](https://github.com/openshift/kubernetes/pull/1662) * [OCPBUGS-8737](https://issues.redhat.com/browse/OCPBUGS-8737): UPSTREAM: <drop>: bump apiserver-library-go for scc fix [#1619](https://github.com/openshift/kubernetes/pull/1619) * [OCPBUGS-15309](https://issues.redhat.com/browse/OCPBUGS-15309): Bump to k8s 1.25.11 [#1615](https://github.com/openshift/kubernetes/pull/1615) * [OCPBUGS-14745](https://issues.redhat.com/browse/OCPBUGS-14745): [release-4.12] UPSTREAM: 118383: bump cadvisor for upstream patch 3301 [#1600](https://github.com/openshift/kubernetes/pull/1600) * [OCPBUGS-13173](https://issues.redhat.com/browse/OCPBUGS-13173): Bump to k8s 1.25.10 [#1582](https://github.com/openshift/kubernetes/pull/1582) * [OCPBUGS-7589](https://issues.redhat.com/browse/OCPBUGS-7589): UPSTREAM: <carry>: add default kubelet sysctls within rpm [#1478](https://github.com/openshift/kubernetes/pull/1478) * [OCPBUGS-11166](https://issues.redhat.com/browse/OCPBUGS-11166): UPSTREAM: <carry>: Force using the go tooling from the system [#1531](https://github.com/openshift/kubernetes/pull/1531) * [OCPBUGS-11166](https://issues.redhat.com/browse/OCPBUGS-11166): Bump to k8s 1.25.8 [#1527](https://github.com/openshift/kubernetes/pull/1527) * [OCPBUGS-8705](https://issues.redhat.com/browse/OCPBUGS-8705): Fix mounted volume expansion tests [#1503](https://github.com/openshift/kubernetes/pull/1503) * [OCPBUGS-7078](https://issues.redhat.com/browse/OCPBUGS-7078): Bump to k8s 1.25.7 [#1496](https://github.com/openshift/kubernetes/pull/1496) * [OCPBUGS-5769](https://issues.redhat.com/browse/OCPBUGS-5769): scc admission - seccomp profiles fix [#1471](https://github.com/openshift/kubernetes/pull/1471) * [OCPBUGS-5490](https://issues.redhat.com/browse/OCPBUGS-5490): remove in-tree volume limits test now that CSIMigration is GA [#1449](https://github.com/openshift/kubernetes/pull/1449) * [Full changelog](https://github.com/openshift/kubernetes/compare/77bec7ab3573494f228fbaa4967c76e3d2df0fb3...1eb868227a9b8ed70f88be1681321405094d7adf) ### [hypershift](https://github.com/openshift/hypershift/tree/da93f69c5c56fe938e65115dd08428604ed42bed) * [OCPBUGS-41516](https://issues.redhat.com/browse/OCPBUGS-41516): set Konnectivity cipher suites [#4283](https://github.com/openshift/hypershift/pull/4283) * [MULTIARCH-3709](https://issues.redhat.com/browse/MULTIARCH-3709): PowerVS - Add reuse resource flags to e2e test [#2994](https://github.com/openshift/hypershift/pull/2994) * [MULTIARCH-3732](https://issues.redhat.com/browse/MULTIARCH-3732): PowerVS - Fix cluster deletion when existing resources passed [#2993](https://github.com/openshift/hypershift/pull/2993) * [MULTIARCH-3733](https://issues.redhat.com/browse/MULTIARCH-3733): Add dev flags in destroy cluster powervs command [#2998](https://github.com/openshift/hypershift/pull/2998) * Updated secret permissions for openshift-route-controller-manager [#2924](https://github.com/openshift/hypershift/pull/2924) * fix(hcco): Add HCP label to HCCO by default [#2972](https://github.com/openshift/hypershift/pull/2972) * fix(ignition): Add HCP label to ignition-server by default [#2949](https://github.com/openshift/hypershift/pull/2949) * [OCPBUGS-16847](https://issues.redhat.com/browse/OCPBUGS-16847): use ignition-proxy Service to populate ignitionEndpoint with strategy NodePort [#2855](https://github.com/openshift/hypershift/pull/2855) * [release 4.12] OCPBUGS-11555: OAuth OpenShift deployment requires ConfigMap mount patch2 [#2803](https://github.com/openshift/hypershift/pull/2803) * [OCPBUGS-16411](https://issues.redhat.com/browse/OCPBUGS-16411): fix deletion bug when hostedzone is already deleted [#2835](https://github.com/openshift/hypershift/pull/2835) * Kas policy 4.12 [#2826](https://github.com/openshift/hypershift/pull/2826) * Leader election config update. [#2800](https://github.com/openshift/hypershift/pull/2800) * [OCPBUGS-15614](https://issues.redhat.com/browse/OCPBUGS-15614): Check OwningIngressController also in Labels [#2759](https://github.com/openshift/hypershift/pull/2759) * [OCPBUGS-16086](https://issues.redhat.com/browse/OCPBUGS-16086): autoscaling balance similar groups [#2806](https://github.com/openshift/hypershift/pull/2806) * [HOSTEDCP-1060](https://issues.redhat.com/browse/HOSTEDCP-1060): refactor ignition-server reconcilation and add ignition-server proxy [#2749](https://github.com/openshift/hypershift/pull/2749) * [OCPBUGS-14873](https://issues.redhat.com/browse/OCPBUGS-14873): Update vendored openshift API for 4.12 [#2734](https://github.com/openshift/hypershift/pull/2734) * [HOSTEDCP-1073](https://issues.redhat.com/browse/HOSTEDCP-1073): enforce blocked rollout of HCP [#2745](https://github.com/openshift/hypershift/pull/2745) * properly handle user CA bundle not existing [#2711](https://github.com/openshift/hypershift/pull/2711) * [OCPBUGS-15304](https://issues.redhat.com/browse/OCPBUGS-15304): [release-4.12] fix(oauth): Do not proxy IBM Cloud IAM endpoints [#2695](https://github.com/openshift/hypershift/pull/2695) * [OCPBUGS-14873](https://issues.redhat.com/browse/OCPBUGS-14873): Honor global ingress configuration LoadBalancer type on AWS [#2678](https://github.com/openshift/hypershift/pull/2678) * [OCPBUGS-14803](https://issues.redhat.com/browse/OCPBUGS-14803): Set `DisableStrictZoneCheck = true` in the AWS Cloud Provider config [#2667](https://github.com/openshift/hypershift/pull/2667) * [release 4.12] OCPBUGS-11555: OAuth OpenShift deployment requires ConfigMap mount [#2512](https://github.com/openshift/hypershift/pull/2512) * [OCPBUGS-14156](https://issues.redhat.com/browse/OCPBUGS-14156): Reconcile oauthDeployment annotations even if kubeadmin secret is not found [#2614](https://github.com/openshift/hypershift/pull/2614) * [OCPBUGS-14031](https://issues.redhat.com/browse/OCPBUGS-14031): Include default ingress CA in root CA bundle [#2600](https://github.com/openshift/hypershift/pull/2600) * [OCPBUGS-13626](https://issues.redhat.com/browse/OCPBUGS-13626): Sync proxy TrustedCA to guest cluster [#2557](https://github.com/openshift/hypershift/pull/2557) * [OCPBUGS-13639](https://issues.redhat.com/browse/OCPBUGS-13639): Cherry pick aws endpoint sg [#2579](https://github.com/openshift/hypershift/pull/2579) * [OCPBUGS-12787](https://issues.redhat.com/browse/OCPBUGS-12787): fix(hcco): Get OLM CatalogSource images from defined map [#2485](https://github.com/openshift/hypershift/pull/2485) * ACM-5173 [backport 4.12] get pull secret instead of dockerconfigjson from mce credentials [#2486](https://github.com/openshift/hypershift/pull/2486) * Configurable SRE MetricsSet [#2545](https://github.com/openshift/hypershift/pull/2545) * [OCPBUGS-13077](https://issues.redhat.com/browse/OCPBUGS-13077): Ensure ingress controllers are removed before load balancers [#2515](https://github.com/openshift/hypershift/pull/2515) * [OCPBUGS-11544](https://issues.redhat.com/browse/OCPBUGS-11544): Pass runAsUser to CNO so it can run its managed services with proper security context [#2391](https://github.com/openshift/hypershift/pull/2391) * [OCPBUGS-12845](https://issues.redhat.com/browse/OCPBUGS-12845): Delete kubeadmin secret when an idp is defined [#2492](https://github.com/openshift/hypershift/pull/2492) * [OCPBUGS-12738](https://issues.redhat.com/browse/OCPBUGS-12738): Pass OPENSHIFT_RELEASE_IMAGE env variable to CNO [#2473](https://github.com/openshift/hypershift/pull/2473) * [OCPBUGS-12199](https://issues.redhat.com/browse/OCPBUGS-12199): remove ACL for aws bucket [#2458](https://github.com/openshift/hypershift/pull/2458) * [OCPBUGS-11607](https://issues.redhat.com/browse/OCPBUGS-11607): properly reconcile with user specified changes for in proxy configuration [#2395](https://github.com/openshift/hypershift/pull/2395) * [OCPBUGS-11726](https://issues.redhat.com/browse/OCPBUGS-11726): Update HostedCluster oauthCallbackURLTemplate [#2410](https://github.com/openshift/hypershift/pull/2410) * e2e: Cleanup shared OIDC provider on SIGTERM [#2449](https://github.com/openshift/hypershift/pull/2449) * [HOSTEDCP-568](https://issues.redhat.com/browse/HOSTEDCP-568): Update Konnectiviy socks5 proxy for IBM exception [#2406](https://github.com/openshift/hypershift/pull/2406) * [OCPBUGS-10584](https://issues.redhat.com/browse/OCPBUGS-10584): Switch NTO metrics auth to certs generated by HCP controller [#2293](https://github.com/openshift/hypershift/pull/2293) * [OCPBUGS-11014](https://issues.redhat.com/browse/OCPBUGS-11014): Do not proxy when guest cluster resolution fails [#2340](https://github.com/openshift/hypershift/pull/2340) * [OCPBUGS-11654](https://issues.redhat.com/browse/OCPBUGS-11654): [release-4.12] Create new EC2 client for AWS identity provider health check [#2403](https://github.com/openshift/hypershift/pull/2403) * [OCPBUGS-10646](https://issues.redhat.com/browse/OCPBUGS-10646): Add storage operators perms. to watch HostedControlPlane [#2306](https://github.com/openshift/hypershift/pull/2306) * [HOSTEDCP-939](https://issues.redhat.com/browse/HOSTEDCP-939): [release-4.12] Setup shared OIDC provider for e2e clusters [#2365](https://github.com/openshift/hypershift/pull/2365) * [HOSTEDCP-806](https://issues.redhat.com/browse/HOSTEDCP-806): Fix ValidAWSKMSConfig condition [#2362](https://github.com/openshift/hypershift/pull/2362) * [OCPBUGS-11056](https://issues.redhat.com/browse/OCPBUGS-11056): fix external APIServer address selection based on endpointAccess [#2350](https://github.com/openshift/hypershift/pull/2350) * OCPBUGS-10823 ensure well known public domains do not get proxied on image imports [#2351](https://github.com/openshift/hypershift/pull/2351) * [SDA-8707](https://issues.redhat.com/browse/SDA-8707): No more specifying the scrape interval at servicemonitors & podmonitors level [#2356](https://github.com/openshift/hypershift/pull/2356) * [HOSTEDCP-900](https://issues.redhat.com/browse/HOSTEDCP-900): Modified AWSPrivateLinkController and AWSEndpointServiceController to respect PausedUntil spec field [#2285](https://github.com/openshift/hypershift/pull/2285) * [OCPBUGS-10504](https://issues.redhat.com/browse/OCPBUGS-10504): Deletion of the VPCEnpoint on conflicting service names [#2310](https://github.com/openshift/hypershift/pull/2310) * [HOSTEDCP-806](https://issues.redhat.com/browse/HOSTEDCP-806): [release-4.12] Validate etcd KMS config [#2273](https://github.com/openshift/hypershift/pull/2273) * [HOSTEDCP-801](https://issues.redhat.com/browse/HOSTEDCP-801): [release-4.12] Expose external DNS for private cluster endpoints [#2314](https://github.com/openshift/hypershift/pull/2314) * [HOSTEDCP-839](https://issues.redhat.com/browse/HOSTEDCP-839): Audit log sidecars for openshift-apiserver and openshift-oauth-apiserver [#2297](https://github.com/openshift/hypershift/pull/2297) * [OCPBUGS-10587](https://issues.redhat.com/browse/OCPBUGS-10587): Use appropriate serving certificate for OAuth [#2295](https://github.com/openshift/hypershift/pull/2295) * [OSD-15099](https://issues.redhat.com/browse/OSD-15099): Delaying the creation of servicemonitor and podmonitor resources till the hostedcluster is Completed [#2274](https://github.com/openshift/hypershift/pull/2274) * Add PodMonitor for ingress-operator pods in HCP namespaces [#2275](https://github.com/openshift/hypershift/pull/2275) * [OCPBUGS-8334](https://issues.redhat.com/browse/OCPBUGS-8334): [release-4.12] Update the pull secret source for ignition payload [#2268](https://github.com/openshift/hypershift/pull/2268) * Force controleplane upgrade always [#2289](https://github.com/openshift/hypershift/pull/2289) * [OCPBUGS-8370](https://issues.redhat.com/browse/OCPBUGS-8370): Fix cleanup of volumes on cluster deletion [#2253](https://github.com/openshift/hypershift/pull/2253) * [OCPBUGS-8241](https://issues.redhat.com/browse/OCPBUGS-8241): Add external DNS health condition / release-4.12 [#2206](https://github.com/openshift/hypershift/pull/2206) * [HOSTEDCP-809](https://issues.redhat.com/browse/HOSTEDCP-809): Clone CA key/cert to TLS key/cert [#2263](https://github.com/openshift/hypershift/pull/2263) * Add configuration for automatic labeling and label commands [#2255](https://github.com/openshift/hypershift/pull/2255) * fix(cpo): Delete multus validatingwebhookconfiguration on CNO init [#2251](https://github.com/openshift/hypershift/pull/2251) * feat(HCCO): Block DNS operator delete until Cluster Version updated [#2242](https://github.com/openshift/hypershift/pull/2242) * kms addition for pod identity workflow [#2247](https://github.com/openshift/hypershift/pull/2247) * Add e2e test for hosted cluster behind a proxy [#2199](https://github.com/openshift/hypershift/pull/2199) * Add e2e test for cluster creation with AWS KMS [#2201](https://github.com/openshift/hypershift/pull/2201) * [HOSTEDCP-826](https://issues.redhat.com/browse/HOSTEDCP-826): Customize DNS base domain prefix [#2235](https://github.com/openshift/hypershift/pull/2235) * feat: Add pod gone check to prober + DNS operator leader elect [#2209](https://github.com/openshift/hypershift/pull/2209) * fix(ibmcloud): Explicitly set HCCO controllers [#2208](https://github.com/openshift/hypershift/pull/2208) * ensure reconcilation of apiserver port is in 4.12 [#2195](https://github.com/openshift/hypershift/pull/2195) * Cleanup default security group only if authorized [#2212](https://github.com/openshift/hypershift/pull/2212) * fix(cpo): Set restart annotation on multus-admission-controller [#2190](https://github.com/openshift/hypershift/pull/2190) * fix(cpo): Remove OLM collect for IBM Cloud to reduce artifacts and rbac [#2189](https://github.com/openshift/hypershift/pull/2189) * fix(cpo): Reduce CNO access if Calico used as network provider [#2184](https://github.com/openshift/hypershift/pull/2184) * Skip destroyAWSDefaultSecurityGroup if not AWS [#2168](https://github.com/openshift/hypershift/pull/2168) * Create default security group for AWS clusters [#2162](https://github.com/openshift/hypershift/pull/2162) * [AUTH-323](https://issues.redhat.com/browse/AUTH-323): pki: split out konnectivity certs from the rootCA [#2156](https://github.com/openshift/hypershift/pull/2156) * fix(ibmcloud): Initialize image registry config on creates and bad config [#2104](https://github.com/openshift/hypershift/pull/2104) * fix(cpo): Allow KAS profiling disablement [#2122](https://github.com/openshift/hypershift/pull/2122) * reduce ignition server scope [#2140](https://github.com/openshift/hypershift/pull/2140) * OpenID add support for groups claim in the config [#2129](https://github.com/openshift/hypershift/pull/2129) * fix(cpo): Restart registry operator on annotation [#2121](https://github.com/openshift/hypershift/pull/2121) * Fix CAPA crd generation [#2120](https://github.com/openshift/hypershift/pull/2120) * Set k8s.io/kubernetes dependency to v0.23.3 [#2118](https://github.com/openshift/hypershift/pull/2118) * fix(cpo): Separate RBAC for NTO + CNO [#2112](https://github.com/openshift/hypershift/pull/2112) * Merge main up to db7c22ae into 'release-4.12' [#2101](https://github.com/openshift/hypershift/pull/2101) * Merge main into release-4.12 branch [#2053](https://github.com/openshift/hypershift/pull/2053) * Release 4.12 rebase latest [#2047](https://github.com/openshift/hypershift/pull/2047) * Fix OpenID OAuth config parsing [#2029](https://github.com/openshift/hypershift/pull/2029) * [Full changelog](https://github.com/openshift/hypershift/compare/e88743672989705fa1bfb29143a13fc4c547263f...da93f69c5c56fe938e65115dd08428604ed42bed) ### [ibm-cloud-controller-manager](https://github.com/openshift/cloud-provider-ibm/tree/8bd0ea8fadbbb09ed912984d3dc6903a0aad0562) * [OCPBUGS-24644](https://issues.redhat.com/browse/OCPBUGS-24644): Add Snyk file to exclude vendor directory on scan [#67](https://github.com/openshift/cloud-provider-ibm/pull/67) * [OCPBUGS-21113](https://issues.redhat.com/browse/OCPBUGS-21113): Bump golang.org/x/net to v0.18.0 [#57](https://github.com/openshift/cloud-provider-ibm/pull/57) * [Full changelog](https://github.com/openshift/cloud-provider-ibm/compare/e5f25fc64911215a3a78cab186cba49cbd51dec6...8bd0ea8fadbbb09ed912984d3dc6903a0aad0562) ### [ibm-vpc-block-csi-driver](https://github.com/openshift/ibm-vpc-block-csi-driver/tree/921509f3833b7b69a08d63fddd13890125e974fa) * [OCPBUGS-36063](https://issues.redhat.com/browse/OCPBUGS-36063): CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 [#75](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/75) * [OCPBUGS-20583](https://issues.redhat.com/browse/OCPBUGS-20583): [IBM VPC] failed provisioning volume in proxy cluster [#56](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/56) * [OCPBUGS-21206](https://issues.redhat.com/browse/OCPBUGS-21206): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#52](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/52) * [OCPBUGS-8451](https://issues.redhat.com/browse/OCPBUGS-8451): Rebase to v5.1.2 for OCP 4.12 [#32](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/32) * [Full changelog](https://github.com/openshift/ibm-vpc-block-csi-driver/compare/2364e6a3835070cdcec29375aa0a3bf296720f64...921509f3833b7b69a08d63fddd13890125e974fa) ### [ibm-vpc-block-csi-driver-operator](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/tree/f2b726d578e020d369902c14173307a6e13853b4) * [OCPBUGS-36069](https://issues.redhat.com/browse/OCPBUGS-36069): CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 [#124](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/124) * [OCPBUGS-20583](https://issues.redhat.com/browse/OCPBUGS-20583): [IBM VPC] failed provisioning volume in proxy cluster [#79](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/79) * [OCPBUGS-21302](https://issues.redhat.com/browse/OCPBUGS-21302): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#83](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/83) * [Full changelog](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/compare/f70fcceadbe82a58c92157df3e4d5a047e87fba0...f2b726d578e020d369902c14173307a6e13853b4) ### [ibm-vpc-node-label-updater](https://github.com/openshift/ibm-vpc-node-label-updater/tree/f9da23ac8abe04dc1615763e120cd174bde6e617) * [OCPBUGS-21415](https://issues.redhat.com/browse/OCPBUGS-21415): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#29](https://github.com/openshift/ibm-vpc-node-label-updater/pull/29) * [Full changelog](https://github.com/openshift/ibm-vpc-node-label-updater/compare/737d00c9dd2aa49dbe421e7bbc0df4f94239f78a...f9da23ac8abe04dc1615763e120cd174bde6e617) ### [ibmcloud-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-ibmcloud/tree/0fe74f674bf5a1e464a5e2f872def13e1a9bb2a9) * [OCPBUGS-21397](https://issues.redhat.com/browse/OCPBUGS-21397): UPSTREAM: <carry>: bump golang.org/x/net to v0.18.0 [#67](https://github.com/openshift/cluster-api-provider-ibmcloud/pull/67) * [Full changelog](https://github.com/openshift/cluster-api-provider-ibmcloud/compare/c1304c80d736559ced3049c076535d53020d5d9d...0fe74f674bf5a1e464a5e2f872def13e1a9bb2a9) ### [insights-operator](https://github.com/openshift/insights-operator/tree/6b543885144d6eb40c7c8342dac15f80e77bb4fa) * [OCPBUGS-32004](https://issues.redhat.com/browse/OCPBUGS-32004): bump golang.org/x/net version (#932) [#932](https://github.com/openshift/insights-operator/pull/932) * [OCPBUGS-28519](https://issues.redhat.com/browse/OCPBUGS-28519): Add extra check in ids to bypass validations (#906) [#906](https://github.com/openshift/insights-operator/pull/906) * adds helm information gather (#890) [#890](https://github.com/openshift/insights-operator/pull/890) * [OCPBUGS-23439](https://issues.redhat.com/browse/OCPBUGS-23439): remove username & password config options (#869) [#869](https://github.com/openshift/insights-operator/pull/869) * [OCPBUGS-22922](https://issues.redhat.com/browse/OCPBUGS-22922): create Prometheus rules programmatically according the… (#860) (#862) [#860](https://github.com/openshift/insights-operator/pull/860) * [OCPBUGS-20731](https://issues.redhat.com/browse/OCPBUGS-20731): update dependencies (#841) [#841](https://github.com/openshift/insights-operator/pull/841) * Add cherry-pick from 4.13 (#853) [#853](https://github.com/openshift/insights-operator/pull/853) * [OCPBUGS-19476](https://issues.redhat.com/browse/OCPBUGS-19476): update Insights report config logging (#831) [#831](https://github.com/openshift/insights-operator/pull/831) * [OCPBUGS-19405](https://issues.redhat.com/browse/OCPBUGS-19405): workload info gatherer, add external image repo (#823) [#823](https://github.com/openshift/insights-operator/pull/823) * [OCPBUGS-15031](https://issues.redhat.com/browse/OCPBUGS-15031): fix the config serialization & add test (#794) (#800) [#794](https://github.com/openshift/insights-operator/pull/794) * [OCPBUGS-15459](https://issues.redhat.com/browse/OCPBUGS-15459): gather PDBs only from openshift namespaces (#804) [#804](https://github.com/openshift/insights-operator/pull/804) * [OCPBUGS-15414](https://issues.redhat.com/browse/OCPBUGS-15414): extend configmap gatherer to get gateway-mode-config (#788) (#791) (#801) [#788](https://github.com/openshift/insights-operator/pull/788) * [OCPBUGS-7871](https://issues.redhat.com/browse/OCPBUGS-7871): Collect info about monitoring pods pv (#769) [#769](https://github.com/openshift/insights-operator/pull/769) * [OCPBUGS-11008](https://issues.redhat.com/browse/OCPBUGS-11008): update the cluster transfer interval to 12h (#765) [#765](https://github.com/openshift/insights-operator/pull/765) * [OCPBUGS-10531](https://issues.redhat.com/browse/OCPBUGS-10531): service_accounts.go Marshal fix (#754) [#754](https://github.com/openshift/insights-operator/pull/754) * [OCPBUGS-6732](https://issues.redhat.com/browse/OCPBUGS-6732): Anonymize env vars from containers: HTTP_PROXY, HTTPS_PROXY (#727) [#727](https://github.com/openshift/insights-operator/pull/727) * [OCPBUGS-6833](https://issues.redhat.com/browse/OCPBUGS-6833): feat(recent_metrics) adds openshift_apps_deploymentconfigs_strategy_total (#736) [#736](https://github.com/openshift/insights-operator/pull/736) * [OCPBUGS-6782](https://issues.redhat.com/browse/OCPBUGS-6782): Create gatherer for gathering machines. (#734) [#734](https://github.com/openshift/insights-operator/pull/734) * [OCPBUGS-5976](https://issues.redhat.com/browse/OCPBUGS-5976): operators gatherer - handle ingresscontroller relatedObject & simplify (#714) (#719) [#714](https://github.com/openshift/insights-operator/pull/714) * [OCPBUGS-5348](https://issues.redhat.com/browse/OCPBUGS-5348): do not periodically update Available clusteroperator co… (#710) [#710](https://github.com/openshift/insights-operator/pull/710) * do not get disabled rules (#706) (#713) [#706](https://github.com/openshift/insights-operator/pull/706) * [Full changelog](https://github.com/openshift/insights-operator/compare/cd1142ec7f324dc15b723ae175f3bab797ffc2ea...6b543885144d6eb40c7c8342dac15f80e77bb4fa) ### [ironic](https://github.com/openshift/ironic-image/tree/4530d5eae40623a8d342dccbdd2755984c222318) * [OCPBUGS-37766](https://issues.redhat.com/browse/OCPBUGS-37766), [OCPBUGS-39385](https://issues.redhat.com/browse/OCPBUGS-39385): Include fixes for CVE-2024-44082 [#586](https://github.com/openshift/ironic-image/pull/586) * [OCPBUGS-38513](https://issues.redhat.com/browse/OCPBUGS-38513): set min version for python3-webob [#558](https://github.com/openshift/ironic-image/pull/558) * [OCPBUGS-33373](https://issues.redhat.com/browse/OCPBUGS-33373): bump werkzeug [#547](https://github.com/openshift/ironic-image/pull/547) * [OCPBUGS-34897](https://issues.redhat.com/browse/OCPBUGS-34897): bump jinja2 [#541](https://github.com/openshift/ironic-image/pull/541) * [OCPBUGS-32362](https://issues.redhat.com/browse/OCPBUGS-32362): [4.12] remove unused prometheus-exporter [#489](https://github.com/openshift/ironic-image/pull/489) * [OCPBUGS-32386](https://issues.redhat.com/browse/OCPBUGS-32386): Use unix sockets by default for reverse proxy communication [#477](https://github.com/openshift/ironic-image/pull/477) * [OCPBUGS-29229](https://issues.redhat.com/browse/OCPBUGS-29229): Fix Inspector iPXE config for IPv6 addresses [#454](https://github.com/openshift/ironic-image/pull/454) * [OCPBUGS-23979](https://issues.redhat.com/browse/OCPBUGS-23979): Ironic side of external_http_url (METAL-163) is not wired in correctly [#431](https://github.com/openshift/ironic-image/pull/431) * [OCPBUGS-23357](https://issues.redhat.com/browse/OCPBUGS-23357): Upgrade werkzeug dependency [#423](https://github.com/openshift/ironic-image/pull/423) * [OCPBUGS-23182](https://issues.redhat.com/browse/OCPBUGS-23182): Use bash process substitution instead of pipe [#419](https://github.com/openshift/ironic-image/pull/419) * [OCPBUGS-19064](https://issues.redhat.com/browse/OCPBUGS-19064): Handle Eject DVD in 4.12 [#417](https://github.com/openshift/ironic-image/pull/417) * [OCPBUGS-21849](https://issues.redhat.com/browse/OCPBUGS-21849): bump eventlet version [#409](https://github.com/openshift/ironic-image/pull/409) * [OCPBUGS-17642](https://issues.redhat.com/browse/OCPBUGS-17642): Expand regex for fcos/okd packages list [#392](https://github.com/openshift/ironic-image/pull/392) * [OCPBUGS-16169](https://issues.redhat.com/browse/OCPBUGS-16169): allow inspector to also be proxied [#385](https://github.com/openshift/ironic-image/pull/385) * [OCPBUGS-13586](https://issues.redhat.com/browse/OCPBUGS-13586): Add python-flask dependency [#373](https://github.com/openshift/ironic-image/pull/373) * Bug OCPBUGS-13335: Bump ironic version to include fix to OCPBUGS-13335. [#367](https://github.com/openshift/ironic-image/pull/367) * [OCPBUGS-13041](https://issues.redhat.com/browse/OCPBUGS-13041): Bump python-sushy [#363](https://github.com/openshift/ironic-image/pull/363) * [OCPBUGS-7566](https://issues.redhat.com/browse/OCPBUGS-7566): Bump werkzeug 4.12 [#352](https://github.com/openshift/ironic-image/pull/352) * [Full changelog](https://github.com/openshift/ironic-image/compare/27695b69851b0687e17b4325e364792026282d9f...4530d5eae40623a8d342dccbdd2755984c222318) ### [ironic-agent](https://github.com/openshift/ironic-agent-image/tree/fc37dec83ae7cbd6878a5ddcc25126f424586095) * [OCPBUGS-39385](https://issues.redhat.com/browse/OCPBUGS-39385): Include fixes for CVE-2024-44082 [#165](https://github.com/openshift/ironic-agent-image/pull/165) * [OCPBUGS-38513](https://issues.redhat.com/browse/OCPBUGS-38513): set webob and bump werkzeug [#153](https://github.com/openshift/ironic-agent-image/pull/153) * [OCPBUGS-29769](https://issues.redhat.com/browse/OCPBUGS-29769): Always add ignition to set hostname on /etc/hostname [#112](https://github.com/openshift/ironic-agent-image/pull/112) * [OCPBUGS-19008](https://issues.redhat.com/browse/OCPBUGS-19008): better compatibility with old hostnamectl [#92](https://github.com/openshift/ironic-agent-image/pull/92) * [OCPBUGS-19008](https://issues.redhat.com/browse/OCPBUGS-19008): backport hostname fixes [#90](https://github.com/openshift/ironic-agent-image/pull/90) * "Bug OCPBUGS-15831: Switch to udevadm command install instead of package" [#82](https://github.com/openshift/ironic-agent-image/pull/82) * [OCPBUGS-9934](https://issues.redhat.com/browse/OCPBUGS-9934): Adding dep on python3-werkzeug >= 2.0.3-4 [#72](https://github.com/openshift/ironic-agent-image/pull/72) * [Full changelog](https://github.com/openshift/ironic-agent-image/compare/fb675baa5849e2decd90e9e19e36b7031dc70a55...fc37dec83ae7cbd6878a5ddcc25126f424586095) ### [ironic-machine-os-downloader](https://github.com/openshift/ironic-rhcos-downloader/tree/c65c1f1c19a9b62ef5f4a857e5ce86ad6fca3d29) * [OCPBUGS-15735](https://issues.redhat.com/browse/OCPBUGS-15735): Binary should be compiled on rhel9 [#92](https://github.com/openshift/ironic-rhcos-downloader/pull/92) * [Full changelog](https://github.com/openshift/ironic-rhcos-downloader/compare/a580a4479cb6988f3065ef3d4c5fcfcfc3609d12...c65c1f1c19a9b62ef5f4a857e5ce86ad6fca3d29) ### [ironic-static-ip-manager](https://github.com/openshift/ironic-static-ip-manager/tree/a8ade8fe60ad5fb1ab225a514ec331123b256cff) * [OCPBUGS-14415](https://issues.redhat.com/browse/OCPBUGS-14415): Flush addresses on provisioning interface with global scope only [#37](https://github.com/openshift/ironic-static-ip-manager/pull/37) * [Full changelog](https://github.com/openshift/ironic-static-ip-manager/compare/0c7fbba926e18978d7c0d6a5948d7722a07bbc12...a8ade8fe60ad5fb1ab225a514ec331123b256cff) ### [k8s-prometheus-adapter](https://github.com/openshift/k8s-prometheus-adapter/tree/36c06694097a1a09a8c4e1f70a9025187814cb1a) * [OCPBUGS-21441](https://issues.redhat.com/browse/OCPBUGS-21441): upgrade golang.org/x/net to 0.17.0 to address CVE [#91](https://github.com/openshift/k8s-prometheus-adapter/pull/91) * [OCPBUGS-20580](https://issues.redhat.com/browse/OCPBUGS-20580): limit number of simultaneous client requests [#79](https://github.com/openshift/k8s-prometheus-adapter/pull/79) * [Full changelog](https://github.com/openshift/k8s-prometheus-adapter/compare/987e5da8ebf294300e16500b201fb72d03af8ed3...36c06694097a1a09a8c4e1f70a9025187814cb1a) ### [kube-proxy, sdn](https://github.com/openshift/sdn/tree/9706f967ca7bb1ade1a789123c71fe6cb55a025e) * [OCPBUGS-20753](https://issues.redhat.com/browse/OCPBUGS-20753): update x/net to v0.17.0 [#615](https://github.com/openshift/sdn/pull/615) * [OCPBUGS-22972](https://issues.redhat.com/browse/OCPBUGS-22972): Change the permission of 80-openshift-network.conf to 600 [#583](https://github.com/openshift/sdn/pull/583) * [OCPBUGS-18325](https://issues.redhat.com/browse/OCPBUGS-18325): Vendor o/k to consume update to prefer local TCP eps for DNS [#573](https://github.com/openshift/sdn/pull/573) * [OCPBUGS-13785](https://issues.redhat.com/browse/OCPBUGS-13785): EgressNetworkPolicy DNS resolution does not fall back to TCP [#542](https://github.com/openshift/sdn/pull/542) * [OCPBUGS-14304](https://issues.redhat.com/browse/OCPBUGS-14304): fix possible concurrent map read/write [#551](https://github.com/openshift/sdn/pull/551) * [OCPBUGS-13058](https://issues.redhat.com/browse/OCPBUGS-13058): save and delete the old egress network policy [#539](https://github.com/openshift/sdn/pull/539) * [OCPBUGS-13761](https://issues.redhat.com/browse/OCPBUGS-13761): CVE-2018-17419 ose-node-container: dns: Denial of Service (DoS) [#541](https://github.com/openshift/sdn/pull/541) * [OCPBUGS-10805](https://issues.redhat.com/browse/OCPBUGS-10805): Fix race in Egress IP Tracker start [#521](https://github.com/openshift/sdn/pull/521) * [OCPBUGS-7474](https://issues.redhat.com/browse/OCPBUGS-7474): Initialize egress node monitoring struct with previous reachability status [#505](https://github.com/openshift/sdn/pull/505) * [OCPBUGS-6842](https://issues.redhat.com/browse/OCPBUGS-6842): Handle race condition to setup default vnid flows [#497](https://github.com/openshift/sdn/pull/497) * [OCPBUGS-7227](https://issues.redhat.com/browse/OCPBUGS-7227): Update for 4.12 / go 1.19, including gofmt updates [#482](https://github.com/openshift/sdn/pull/482) * [OCPBUGS-4486](https://issues.redhat.com/browse/OCPBUGS-4486): Add node egress IP assignment resync [#487](https://github.com/openshift/sdn/pull/487) * [Full changelog](https://github.com/openshift/sdn/compare/aae8264284144301b4a6ebcc5c9271b8f2a33ff9...9706f967ca7bb1ade1a789123c71fe6cb55a025e) ### [kube-rbac-proxy](https://github.com/openshift/kube-rbac-proxy/tree/c69fae7877557d64dce64f36e0a78751952571c4) * [OCPBUGS-32000](https://issues.redhat.com/browse/OCPBUGS-32000): CVE-2023-45288 [4.12] [#106](https://github.com/openshift/kube-rbac-proxy/pull/106) * [OCPBUGS-20687](https://issues.redhat.com/browse/OCPBUGS-20687): trim down http2, make it configurable 4.12 [#85](https://github.com/openshift/kube-rbac-proxy/pull/85) * [OCPBUGS-11645](https://issues.redhat.com/browse/OCPBUGS-11645): Updating kube-rbac-proxy images to be consistent with ART [#56](https://github.com/openshift/kube-rbac-proxy/pull/56) * [Full changelog](https://github.com/openshift/kube-rbac-proxy/compare/513fd32175af4bb03f2e8a31030477e63380b5bc...c69fae7877557d64dce64f36e0a78751952571c4) ### [kube-state-metrics](https://github.com/openshift/kube-state-metrics/tree/748f71317b9d3e3e5a96b14131294e2695f26434) * [OCPBUGS-20764](https://issues.redhat.com/browse/OCPBUGS-20764): bump x/net to v0.17.0 [#103](https://github.com/openshift/kube-state-metrics/pull/103) * [Full changelog](https://github.com/openshift/kube-state-metrics/compare/9a1bf9b8c6b2da07214eb934e4d1f86d1700a2ce...748f71317b9d3e3e5a96b14131294e2695f26434) ### [kuryr-cni, kuryr-controller](https://github.com/openshift/kuryr-kubernetes/tree/8fd2f8b0f7e2849b1a7db252beba0c8250552e36) * Bug OCPBUGS-16376: Fix np retry [#740](https://github.com/openshift/kuryr-kubernetes/pull/740) * [OCPBUGS-15493](https://issues.redhat.com/browse/OCPBUGS-15493): Remove unneeded grpcio dependencies from RPM [#737](https://github.com/openshift/kuryr-kubernetes/pull/737) * [OCPBUGS-13778](https://issues.redhat.com/browse/OCPBUGS-13778): KuryrPort cleanup: Fix issue of subport not found [#731](https://github.com/openshift/kuryr-kubernetes/pull/731) * Bug OCPBUGS-12164: Fix ValueError when Pod has no IP address [#722](https://github.com/openshift/kuryr-kubernetes/pull/722) * [OCPBUGS-11993](https://issues.redhat.com/browse/OCPBUGS-11993): Fix VIF revert on KuryrPort status update error [#721](https://github.com/openshift/kuryr-kubernetes/pull/721) * [Full changelog](https://github.com/openshift/kuryr-kubernetes/compare/92b9be25999aee9c3b225606510c56fd14378bdf...8fd2f8b0f7e2849b1a7db252beba0c8250552e36) ### [machine-api-operator](https://github.com/openshift/machine-api-operator/tree/b6c243d139f4345a88d5678eb6ba6041a2abb405) * [OCPBUGS-43872](https://issues.redhat.com/browse/OCPBUGS-43872): install/0000_30_machine-api-operator_00_credentials-request: Set skipServiceCheck again for GCP [#1305](https://github.com/openshift/machine-api-operator/pull/1305) * [OCPBUGS-32007](https://issues.redhat.com/browse/OCPBUGS-32007): Update x/net to v0.25.0 [#1257](https://github.com/openshift/machine-api-operator/pull/1257) * [OCPBUGS-25303](https://issues.redhat.com/browse/OCPBUGS-25303): Update reference URL [#1189](https://github.com/openshift/machine-api-operator/pull/1189) * [OCPBUGS-21501](https://issues.redhat.com/browse/OCPBUGS-21501): Bump golang.org/x/net to v0.18.0 [#1176](https://github.com/openshift/machine-api-operator/pull/1176) * [OCPBUGS-10943](https://issues.redhat.com/browse/OCPBUGS-10943): Fix empty component version [#1132](https://github.com/openshift/machine-api-operator/pull/1132) * [OCPBUGS-7882](https://issues.redhat.com/browse/OCPBUGS-7882): Block machine deletion if extra disks are attached [#1120](https://github.com/openshift/machine-api-operator/pull/1120) * [OCPBUGS-8286](https://issues.redhat.com/browse/OCPBUGS-8286): Short circuit misfiring [#1109](https://github.com/openshift/machine-api-operator/pull/1109) * [OCPBUGS-5413](https://issues.redhat.com/browse/OCPBUGS-5413): Append annotations from machine template spec to the node [#1104](https://github.com/openshift/machine-api-operator/pull/1104) * [OCPBUGS-5117](https://issues.redhat.com/browse/OCPBUGS-5117): [release-4.12] Allow to use machine.openshift.io API in provider specs [#1086](https://github.com/openshift/machine-api-operator/pull/1086) * [Full changelog](https://github.com/openshift/machine-api-operator/compare/4c2a08bb4ca1b421045e11edff897255b42b2a25...b6c243d139f4345a88d5678eb6ba6041a2abb405) ### [machine-config-operator](https://github.com/openshift/machine-config-operator/tree/952b12c5365dcd6334849007d71c83c9613be7ed) * [OCPBUGS-38382](https://issues.redhat.com/browse/OCPBUGS-38382): [release-4.12] daemon/update: disable systemd unit before overwriting [#4530](https://github.com/openshift/machine-config-operator/pull/4530) * [OCPBUGS-33665](https://issues.redhat.com/browse/OCPBUGS-33665): Run resolv-prepender entirely async [#4364](https://github.com/openshift/machine-config-operator/pull/4364) * [OCPBUGS-30829](https://issues.redhat.com/browse/OCPBUGS-30829): Add existing kubeletconfig/ctrcfg mc-name-suffix annotation [#4257](https://github.com/openshift/machine-config-operator/pull/4257) * [OCPBUGS-30823](https://issues.redhat.com/browse/OCPBUGS-30823): Introduce kubelet-dependencies.target and firstboot-osupdate.target [#4268](https://github.com/openshift/machine-config-operator/pull/4268) * [OCPBUGS-30329](https://issues.redhat.com/browse/OCPBUGS-30329): set nodeStatusReportFrequency [#4246](https://github.com/openshift/machine-config-operator/pull/4246) * [OCPBUGS-19659](https://issues.redhat.com/browse/OCPBUGS-19659): After dual-stack conversion reconcile IPFamilies [#3936](https://github.com/openshift/machine-config-operator/pull/3936) * [OCPBUGS-29366](https://issues.redhat.com/browse/OCPBUGS-29366): release-4.12: fix nodeStatusUpdateFrequency [#4180](https://github.com/openshift/machine-config-operator/pull/4180) * [OCPBUGS-29278](https://issues.redhat.com/browse/OCPBUGS-29278): crio: drop automatic image cleanup on upgrades [#4178](https://github.com/openshift/machine-config-operator/pull/4178) * [OCPBUGS-14071](https://issues.redhat.com/browse/OCPBUGS-14071): Imageinspect takes type of error into account, drop podman inspect fallback [#3717](https://github.com/openshift/machine-config-operator/pull/3717) * [OCPBUGS-21038](https://issues.redhat.com/browse/OCPBUGS-21038): update library-go and kube deps to latest version [#4013](https://github.com/openshift/machine-config-operator/pull/4013) * [OCPBUGS-22719](https://issues.redhat.com/browse/OCPBUGS-22719): Backport logspam PRs [#4008](https://github.com/openshift/machine-config-operator/pull/4008) * [OCPBUGS-21723](https://issues.redhat.com/browse/OCPBUGS-21723): keepalived/ingress: change healthcheck script [#3985](https://github.com/openshift/machine-config-operator/pull/3985) * [OCPBUGS-18433](https://issues.redhat.com/browse/OCPBUGS-18433): Prevent NM from unsetting the hostname [#3900](https://github.com/openshift/machine-config-operator/pull/3900) * [OCPBUGS-20509](https://issues.redhat.com/browse/OCPBUGS-20509): resolv-prepender: avoid pulling baremetalRuntimeCfgImage again if it … [#3969](https://github.com/openshift/machine-config-operator/pull/3969) * [OCPBUGS-19779](https://issues.redhat.com/browse/OCPBUGS-19779): daemon: always use `podman cp` to copy extensions container content [#3944](https://github.com/openshift/machine-config-operator/pull/3944) * [OCPBUGS-19515](https://issues.redhat.com/browse/OCPBUGS-19515): The kubeconfig copied on to each node has 644 permissions [#3931](https://github.com/openshift/machine-config-operator/pull/3931) * [OCPBUGS-17862](https://issues.redhat.com/browse/OCPBUGS-17862): Agent-based install process the container machine-config-controller will be oom [#3875](https://github.com/openshift/machine-config-operator/pull/3875) * [OCPBUGS-17461](https://issues.redhat.com/browse/OCPBUGS-17461): The machine-config-controller pod restart in SNO+1 causing daemonsets to restart [#3844](https://github.com/openshift/machine-config-operator/pull/3844) * [OCPBUGS-15570](https://issues.redhat.com/browse/OCPBUGS-15570): configure-ovs: support UUID in vlan.parent [#3768](https://github.com/openshift/machine-config-operator/pull/3768) * [OCPBUGS-16754](https://issues.redhat.com/browse/OCPBUGS-16754): daemon: Don't traverse `/run/ostree/auth.json` symlink [#3818](https://github.com/openshift/machine-config-operator/pull/3818) * [OCPBUGS-11303](https://issues.redhat.com/browse/OCPBUGS-11303): Fix regex dot in coredns config file [#3660](https://github.com/openshift/machine-config-operator/pull/3660) * [OCPBUGS-13757](https://issues.redhat.com/browse/OCPBUGS-13757): The MCD has a non-functional pivot command that should be removed [#3710](https://github.com/openshift/machine-config-operator/pull/3710) * [OCPBUGS-7718](https://issues.redhat.com/browse/OCPBUGS-7718): Prevent possible split-brain scenario with keepalived unicast [#3562](https://github.com/openshift/machine-config-operator/pull/3562) * [OCPBUGS-7945](https://issues.redhat.com/browse/OCPBUGS-7945): [release-4.12] Forklift most of resolv-prepender dispatcher script to systemd [#3573](https://github.com/openshift/machine-config-operator/pull/3573) * [OCPBUGS-5935](https://issues.redhat.com/browse/OCPBUGS-5935): Wrap podman commands in a while loop [#3495](https://github.com/openshift/machine-config-operator/pull/3495) * [OCPBUGS-7167](https://issues.redhat.com/browse/OCPBUGS-7167): Avoid 'too restrictive' SCC problems by being more explicit [#3542](https://github.com/openshift/machine-config-operator/pull/3542) * [OCPBUGS-10505](https://issues.redhat.com/browse/OCPBUGS-10505): daemon: Drop duplicate `--authfile` used in `run` [#3617](https://github.com/openshift/machine-config-operator/pull/3617) * [OCPBUGS-10372](https://issues.redhat.com/browse/OCPBUGS-10372): Remove hard requirement for the afterburn from early-running aws-related services [#3613](https://github.com/openshift/machine-config-operator/pull/3613) * [OCPBUGS-9993](https://issues.redhat.com/browse/OCPBUGS-9993): Revert "daemon: Temporarily copy auth file with more open perms on FCOS" [#3608](https://github.com/openshift/machine-config-operator/pull/3608) * [OCPBUGS-7445](https://issues.redhat.com/browse/OCPBUGS-7445): configure-ovs: fix mtu-migration cleanup [#3555](https://github.com/openshift/machine-config-operator/pull/3555) * [OCPBUGS-8261](https://issues.redhat.com/browse/OCPBUGS-8261): [release-4.12] backport cleanupDuplicateMC [#3578](https://github.com/openshift/machine-config-operator/pull/3578) * [OCPBUGS-6943](https://issues.redhat.com/browse/OCPBUGS-6943): Improvements for `configure-ovs.sh` [#3528](https://github.com/openshift/machine-config-operator/pull/3528) * [OCPBUGS-6045](https://issues.redhat.com/browse/OCPBUGS-6045): There are not enough logs in case "oc extract" is stuck in mco first boot [#3503](https://github.com/openshift/machine-config-operator/pull/3503) * [OCPBUGS-6973](https://issues.redhat.com/browse/OCPBUGS-6973): configure-ovs: optionally generate configuration in /run [#3532](https://github.com/openshift/machine-config-operator/pull/3532) * [OCPBUGS-6779](https://issues.redhat.com/browse/OCPBUGS-6779): baremetal: clean state generated by NM when run by dracut [#3521](https://github.com/openshift/machine-config-operator/pull/3521) * [OCPBUGS-7241](https://issues.redhat.com/browse/OCPBUGS-7241): controller: default overwrite to true for files [#3546](https://github.com/openshift/machine-config-operator/pull/3546) * [OCPBUGS-6997](https://issues.redhat.com/browse/OCPBUGS-6997): Fix 4.12 art images [#3535](https://github.com/openshift/machine-config-operator/pull/3535) * [OCPBUGS-6805](https://issues.redhat.com/browse/OCPBUGS-6805): Only check image type if we are sure there is work that needs to be done [#3526](https://github.com/openshift/machine-config-operator/pull/3526) * [OCPBUGS-5999](https://issues.redhat.com/browse/OCPBUGS-5999): 4.12 - remove goutils from dependency tree [#3496](https://github.com/openshift/machine-config-operator/pull/3496) * [OCPBUGS-6179](https://issues.redhat.com/browse/OCPBUGS-6179): controller: don't render new MC until base MCs update [#3506](https://github.com/openshift/machine-config-operator/pull/3506) * [OCPBUGS-5743](https://issues.redhat.com/browse/OCPBUGS-5743): Mount /run/nodeip-configuration into keepalived containers [#3479](https://github.com/openshift/machine-config-operator/pull/3479) * [Full changelog](https://github.com/openshift/machine-config-operator/compare/2b3eba74dd9e4371f35ab41dbda02642f60707ec...952b12c5365dcd6334849007d71c83c9613be7ed) ### [machine-image-customization-controller](https://github.com/openshift/image-customization-controller/tree/e456249dbf0c5456bd0671d41a4445bd266b3660) * [OCPBUGS-27090](https://issues.redhat.com/browse/OCPBUGS-27090): configurable ironic agent vlan creation [#119](https://github.com/openshift/image-customization-controller/pull/119) * [OCPBUGS-21543](https://issues.redhat.com/browse/OCPBUGS-21543): Uplift x/net to v0.17.0 [#106](https://github.com/openshift/image-customization-controller/pull/106) * [OCPBUGS-19008](https://issues.redhat.com/browse/OCPBUGS-19008): Pass BareMetalHost name to IPA (take 2) [#101](https://github.com/openshift/image-customization-controller/pull/101) * [OCPBUGS-18687](https://issues.redhat.com/browse/OCPBUGS-18687): Watch networkData Secrets for changes [#96](https://github.com/openshift/image-customization-controller/pull/96) * [OCPBUGS-5655](https://issues.redhat.com/browse/OCPBUGS-5655): Update dependencies [#76](https://github.com/openshift/image-customization-controller/pull/76) * [Full changelog](https://github.com/openshift/image-customization-controller/compare/5f83bd7c20574e5620e7cc92dd424835ef8a0b28...e456249dbf0c5456bd0671d41a4445bd266b3660) ### [multus-admission-controller](https://github.com/openshift/multus-admission-controller/tree/e27952fc813ac994e64f715a8690f3d36a9ec778) * [OCPBUGS-21330](https://issues.redhat.com/browse/OCPBUGS-21330): Update go.mod for CVE-2023-39325 [Release-4.12] [#73](https://github.com/openshift/multus-admission-controller/pull/73) * Updating ose-multus-admission-controller images to be consistent with ART [#61](https://github.com/openshift/multus-admission-controller/pull/61) * [OCPBUGS-10506](https://issues.redhat.com/browse/OCPBUGS-10506): Client golang [backport 4.12] [#59](https://github.com/openshift/multus-admission-controller/pull/59) * [Full changelog](https://github.com/openshift/multus-admission-controller/compare/d9b6b11b817058b84056c93d5089f55ff815f271...e27952fc813ac994e64f715a8690f3d36a9ec778) ### [multus-cni](https://github.com/openshift/multus-cni/tree/07d8af54f06652b283dc0aa8db68d438c4bfe741) * [OCPBUGS-28520](https://issues.redhat.com/browse/OCPBUGS-28520): Fix SAST scan issues for multus-cni-container [4.12] [#225](https://github.com/openshift/multus-cni/pull/225) * [OCPBUGS-21061](https://issues.redhat.com/browse/OCPBUGS-21061): Update go.mod for CVE-2023-39325 [Release-4.12] [#196](https://github.com/openshift/multus-cni/pull/196) * [OCPBUGS-22461](https://issues.redhat.com/browse/OCPBUGS-22461): fix multiple default gw [#200](https://github.com/openshift/multus-cni/pull/200) * [OCPBUGS-7844](https://issues.redhat.com/browse/OCPBUGS-7844): Fix multus to support CNI plugin which does not create interface [backport 4.12] [#164](https://github.com/openshift/multus-cni/pull/164) * [OCPBUGS-10535](https://issues.redhat.com/browse/OCPBUGS-10535): Multus sync Mar-20-2023 to OCP 4.12 [#149](https://github.com/openshift/multus-cni/pull/149) * [OCPBUGS-7792](https://issues.redhat.com/browse/OCPBUGS-7792): Multus sync v3.9.3 to OCP 4.12 [#145](https://github.com/openshift/multus-cni/pull/145) * [Full changelog](https://github.com/openshift/multus-cni/compare/b34bd0f5ddaf6563b824e849c3819c684e74e567...07d8af54f06652b283dc0aa8db68d438c4bfe741) ### [multus-networkpolicy](https://github.com/openshift/multus-networkpolicy/tree/644461f25fb6b45054d1a8be7a996670959a5a9d) * [OCPBUGS-21420](https://issues.redhat.com/browse/OCPBUGS-21420): Update go.mod for CVE-2023-39325 (#36) [#36](https://github.com/openshift/multus-networkpolicy/pull/36) * [Full changelog](https://github.com/openshift/multus-networkpolicy/compare/421718ab8efebb735fd8e0ec5a3c94d78d1d7ac1...644461f25fb6b45054d1a8be7a996670959a5a9d) ### [multus-route-override-cni](https://github.com/openshift/route-override-cni/tree/efd6ffbb275a133196e30edfe9f241e2a3b4f0c0) * Updating ose-multus-route-override-cni images to be consistent with ART [#27](https://github.com/openshift/route-override-cni/pull/27) * [Full changelog](https://github.com/openshift/route-override-cni/compare/523b79044306b7590ad449d7eab06a233d687d86...efd6ffbb275a133196e30edfe9f241e2a3b4f0c0) ### [multus-whereabouts-ipam-cni](https://github.com/openshift/whereabouts-cni/tree/5993d022e7fad3a1bede89235502f1a90f618bf2) * [OCPBUGS-37942](https://issues.redhat.com/browse/OCPBUGS-37942), [OCPBUGS-38019](https://issues.redhat.com/browse/OCPBUGS-38019): [release-4.12] Stateful fixes [#310](https://github.com/openshift/whereabouts-cni/pull/310) * [OCPBUGS-28801](https://issues.redhat.com/browse/OCPBUGS-28801): [release-4.12] Enable whereabouts config [#244](https://github.com/openshift/whereabouts-cni/pull/244) * [OCPBUGS-16008](https://issues.redhat.com/browse/OCPBUGS-16008): Cherry pick fix assignment 4.12 [#238](https://github.com/openshift/whereabouts-cni/pull/238) * [OCPBUGS-21499](https://issues.redhat.com/browse/OCPBUGS-21499): update golang.org/x/net to v0.17.0 [#209](https://github.com/openshift/whereabouts-cni/pull/209) * [OCPBUGS-5953](https://issues.redhat.com/browse/OCPBUGS-5953): Denormalize IP name before checking if pod is alive [Backport 4.12] [#178](https://github.com/openshift/whereabouts-cni/pull/178) * Updating ose-multus-whereabouts-ipam-cni images to be consistent with ART [#134](https://github.com/openshift/whereabouts-cni/pull/134) * [OCPBUGS-8673](https://issues.redhat.com/browse/OCPBUGS-8673): Dual stack support [#131](https://github.com/openshift/whereabouts-cni/pull/131) * [OCPBUGS-7429](https://issues.redhat.com/browse/OCPBUGS-7429): Invalid ipv6 backport 4.12 [#109](https://github.com/openshift/whereabouts-cni/pull/109) * [OCPBUGS-11321](https://issues.redhat.com/browse/OCPBUGS-11321): respect requested allocation range when exluding ranges [Backport 4.12] [#123](https://github.com/openshift/whereabouts-cni/pull/123) * Updating ose-multus-whereabouts-ipam-cni images to be consistent with ART [#93](https://github.com/openshift/whereabouts-cni/pull/93) * [OCPBUGS-3941](https://issues.redhat.com/browse/OCPBUGS-3941): Backport Excluded ranges bug (#282) [#103](https://github.com/openshift/whereabouts-cni/pull/103) * [Full changelog](https://github.com/openshift/whereabouts-cni/compare/057715ebdd38f6cfbeda9bf5fa6ac20e21947a60...5993d022e7fad3a1bede89235502f1a90f618bf2) ### [must-gather](https://github.com/openshift/must-gather/tree/dc23fd8103fdf54262f101c16b11102242d9d002) * [OCPBUGS-24523](https://issues.redhat.com/browse/OCPBUGS-24523): [release-4.12] Add csi-proxy logs collection in must-gather for Windows nodes [#394](https://github.com/openshift/must-gather/pull/394) * [Full changelog](https://github.com/openshift/must-gather/compare/5fd2176182e7aec687da553fe185b9f6f739bbb2...dc23fd8103fdf54262f101c16b11102242d9d002) ### [network-interface-bond-cni](https://github.com/openshift/bond-cni/tree/30386d6b8d4f3b05931842b6a9b85f15c241b09a) * [OCPBUGS-13836](https://issues.redhat.com/browse/OCPBUGS-13836): Ignore missing links during delete command [#53](https://github.com/openshift/bond-cni/pull/53) * Updating ose-network-interface-bond-cni images to be consistent with ART [#37](https://github.com/openshift/bond-cni/pull/37) * [Full changelog](https://github.com/openshift/bond-cni/compare/a88d72fc5df78d3a43ec17cf313ac57678423b87...30386d6b8d4f3b05931842b6a9b85f15c241b09a) ### [network-metrics-daemon](https://github.com/openshift/network-metrics-daemon/tree/fad45782360032bdde3a10b9a28ba30ecc14684f) * Added METRIC_TEST_IMAGE var (#92) [#92](https://github.com/openshift/network-metrics-daemon/pull/92) * Update the k8s dependencies to 1.25.15 (#84) [#84](https://github.com/openshift/network-metrics-daemon/pull/84) * Revert "Remove e2e tests that consistently fail in 4.12 (#74)" (#77) [#74](https://github.com/openshift/network-metrics-daemon/pull/74) * Remove e2e tests that consistently fail in 4.12 (#74) [#74](https://github.com/openshift/network-metrics-daemon/pull/74) * Updating ose-network-metrics-daemon images to be consistent with ART (#60) [#60](https://github.com/openshift/network-metrics-daemon/pull/60) * Fix gofmt check issue (#68) [#68](https://github.com/openshift/network-metrics-daemon/pull/68) * Update golang.org/x/text to 0.7.0 (#66) [#66](https://github.com/openshift/network-metrics-daemon/pull/66) * [Full changelog](https://github.com/openshift/network-metrics-daemon/compare/2dfa218ea9feb2b80f22f16c27bddd16fbcbfb87...fad45782360032bdde3a10b9a28ba30ecc14684f) ### [nutanix-machine-controllers](https://github.com/openshift/machine-api-provider-nutanix/tree/708c6daea2aba7d0de0b8c55590e1c777639829f) * [OCPBUGS-25675](https://issues.redhat.com/browse/OCPBUGS-25675): Fix CI by running tests natively by default [#62](https://github.com/openshift/machine-api-provider-nutanix/pull/62) * [Full changelog](https://github.com/openshift/machine-api-provider-nutanix/compare/25aea2d4b370e42e67edab85c15c9ed56b98e134...708c6daea2aba7d0de0b8c55590e1c777639829f) ### [oauth-apiserver](https://github.com/openshift/oauth-apiserver/tree/1053f14213faf18c67162760598a8fc47a5ad4b5) * [OCPBUGS-32010](https://issues.redhat.com/browse/OCPBUGS-32010): bump x/net to 0.24.0 [#113](https://github.com/openshift/oauth-apiserver/pull/113) * [OCPBUGS-21049](https://issues.redhat.com/browse/OCPBUGS-21049): Bump K8s to v1.25 [#104](https://github.com/openshift/oauth-apiserver/pull/104) * Updating ose-oauth-apiserver images to be consistent with ART [#80](https://github.com/openshift/oauth-apiserver/pull/80) * [Full changelog](https://github.com/openshift/oauth-apiserver/compare/94026d8cfe0ae214aec62a5f14ae5934676b4355...1053f14213faf18c67162760598a8fc47a5ad4b5) ### [oauth-server](https://github.com/openshift/oauth-server/tree/0c434f420b178093a2e940dfb2c445ff638d1914) * [OCPBUGS-27478](https://issues.redhat.com/browse/OCPBUGS-27478): bump osin deps [#144](https://github.com/openshift/oauth-server/pull/144) * [OCPBUGS-13906](https://issues.redhat.com/browse/OCPBUGS-13906): don't log request query and fragment on failed authn request [#129](https://github.com/openshift/oauth-server/pull/129) * [OCPBUGS-12757](https://issues.redhat.com/browse/OCPBUGS-12757): bump lib-go for group cache fix, kube 1.24->1.25 [#127](https://github.com/openshift/oauth-server/pull/127) * [Full changelog](https://github.com/openshift/oauth-server/compare/a803bf49503ed73a3eb1487b0a8798e5a3f6b241...0c434f420b178093a2e940dfb2c445ff638d1914) ### [oc-mirror](https://github.com/openshift/oc-mirror/tree/3f39dc6e5a01bae1c66fa8bc7c24553d032e2e4d) * Bump version to include v5.11.0 of go-git (#825) [#825](https://github.com/openshift/oc-mirror/pull/825) * [OCPBUGS-385](https://issues.redhat.com/browse/OCPBUGS-385): Capability to override default channel (#749) (#796) [#749](https://github.com/openshift/oc-mirror/pull/749) * [OCPBUGS-19429](https://issues.redhat.com/browse/OCPBUGS-19429): Fix cross EUS channel upgrade path calculation (#779) [#779](https://github.com/openshift/oc-mirror/pull/779) * [OCPBUGS-21440](https://issues.redhat.com/browse/OCPBUGS-21440): fix: CVE-2023-39325 and CVE-2023-44487 (#713) [#713](https://github.com/openshift/oc-mirror/pull/713) * [OCPBUGS-14065](https://issues.redhat.com/browse/OCPBUGS-14065): Fix destination image reference (#650) [#650](https://github.com/openshift/oc-mirror/pull/650) * [OCPBUGS-11908](https://issues.redhat.com/browse/OCPBUGS-11908): Fix (#607) (#641) [#607](https://github.com/openshift/oc-mirror/pull/607) * [OCPBUGS-14065](https://issues.redhat.com/browse/OCPBUGS-14065): fix: Limit the nested repository path while mirroring the images (#642) [#642](https://github.com/openshift/oc-mirror/pull/642) * updates the OWNERS file (#646) [#646](https://github.com/openshift/oc-mirror/pull/646) * [OCPBUGS-12261](https://issues.redhat.com/browse/OCPBUGS-12261): fix: skips bundles with 'skips' field on head bundle (#618) [#618](https://github.com/openshift/oc-mirror/pull/618) * [OCPBUGS-863](https://issues.redhat.com/browse/OCPBUGS-863): Add skip pruning flag and logic (#591) [#591](https://github.com/openshift/oc-mirror/pull/591) * Bugfix for destination registry nested paths length (#590) [#590](https://github.com/openshift/oc-mirror/pull/590) * [OCPBUGS-6703](https://issues.redhat.com/browse/OCPBUGS-6703): fix: adds logic that searches for the correct name when using a heads… (#554) [#554](https://github.com/openshift/oc-mirror/pull/554) * Updating oc-mirror-plugin images to be consistent with ART (#515) [#515](https://github.com/openshift/oc-mirror/pull/515) * [Full changelog](https://github.com/openshift/oc-mirror/compare/db7bea29a4c5fe85fcd2400cfcb7c57a99bcb7fa...3f39dc6e5a01bae1c66fa8bc7c24553d032e2e4d) ### [olm-rukpak](https://github.com/openshift/operator-framework-rukpak/tree/bb06dd0133acc2d10fa5425d90557edc068f48a7) * : OCPBUGS-27593,OCPBUGS-27678: Update go-git to v5.11.0 [#76](https://github.com/openshift/operator-framework-rukpak/pull/76) * [OCPBUGS-23449](https://issues.redhat.com/browse/OCPBUGS-23449): [release-4.12] Address http2 Vulnerability [#64](https://github.com/openshift/operator-framework-rukpak/pull/64) * [OCPBUGS-21343](https://issues.redhat.com/browse/OCPBUGS-21343): [release-4.12] Bump golang.org/x/net to v0.17.0 [#41](https://github.com/openshift/operator-framework-rukpak/pull/41) * UPSTREAM: <carry>: add downstream owners [#43](https://github.com/openshift/operator-framework-rukpak/pull/43) * [Full changelog](https://github.com/openshift/operator-framework-rukpak/compare/1b52bfeb6823c07702bd3b3fb63972ef8e5e718a...bb06dd0133acc2d10fa5425d90557edc068f48a7) ### [openshift-apiserver](https://github.com/openshift/openshift-apiserver/tree/e9ad64992e81a10230e1759db6577db078f18b38) * : OCPBUGS-21429: Enable HTTP/2 CVE mitigation [#399](https://github.com/openshift/openshift-apiserver/pull/399) * [OCPBUGS-8717](https://issues.redhat.com/browse/OCPBUGS-8717): Clear metadata.namespace on projects before write. [#358](https://github.com/openshift/openshift-apiserver/pull/358) * [Full changelog](https://github.com/openshift/openshift-apiserver/compare/30c5f26d173c7576d396b8d74707de03da266ce2...e9ad64992e81a10230e1759db6577db078f18b38) ### [openshift-controller-manager](https://github.com/openshift/openshift-controller-manager/tree/bde7e3af208ac9079de5646a3b47120dc762606f) * [OCPBUGS-41953](https://issues.redhat.com/browse/OCPBUGS-41953): Add adambkaplan as approver [#336](https://github.com/openshift/openshift-controller-manager/pull/336) * [Full changelog](https://github.com/openshift/openshift-controller-manager/compare/b6528f9ea28164af9f1ceea0e50f18116fe3c90e...bde7e3af208ac9079de5646a3b47120dc762606f) ### [openshift-state-metrics](https://github.com/openshift/openshift-state-metrics/tree/3d5dc18d2bee5ba7132560bf40790af997952d33) * [OCPBUGS-20706](https://issues.redhat.com/browse/OCPBUGS-20706): bump `x/net` to v0.17.0 [#106](https://github.com/openshift/openshift-state-metrics/pull/106) * [Full changelog](https://github.com/openshift/openshift-state-metrics/compare/4c711c74a0857e55604d11bd975b32b9956db6a0...3d5dc18d2bee5ba7132560bf40790af997952d33) ### [openstack-cinder-csi-driver-operator](https://github.com/openshift/openstack-cinder-csi-driver-operator/tree/d09e51ae44b3ac6d27236b515c1f7c6da847689d) * [OCPBUGS-21557](https://issues.redhat.com/browse/OCPBUGS-21557): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#137](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/137) * [OCPBUGS-18417](https://issues.redhat.com/browse/OCPBUGS-18417): set TLS cipher suites in Kube RBAC sidecars [#130](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/130) * [Full changelog](https://github.com/openshift/openstack-cinder-csi-driver-operator/compare/308a62d84a29b0d45c504fbe43a85fcb8e3199da...d09e51ae44b3ac6d27236b515c1f7c6da847689d) ### [openstack-machine-api-provider](https://github.com/openshift/machine-api-provider-openstack/tree/05657663c02be6d03d074d0f39a2b247cef9286a) * Bug OCPBUGS-19770: Set controller's SyncPeriod to 1 hour [#86](https://github.com/openshift/machine-api-provider-openstack/pull/86) * [OCPBUGS-10607](https://issues.redhat.com/browse/OCPBUGS-10607): Use TenantID if ProjectID is empty [#66](https://github.com/openshift/machine-api-provider-openstack/pull/66) * [OCPBUGS-10603](https://issues.redhat.com/browse/OCPBUGS-10603): machineset_controller: Stop caching clouds credentials [#65](https://github.com/openshift/machine-api-provider-openstack/pull/65) * [OCPBUGS-7155](https://issues.redhat.com/browse/OCPBUGS-7155): Address CVE-2022-41717 [#55](https://github.com/openshift/machine-api-provider-openstack/pull/55) * [Full changelog](https://github.com/openshift/machine-api-provider-openstack/compare/5f1ea9f0dbdadb30f67e7539ff357170f9401773...05657663c02be6d03d074d0f39a2b247cef9286a) ### [openstack-machine-controllers](https://github.com/openshift/cluster-api-provider-openstack/tree/f13e381e962777d48fadcaa3570a583e72aa80c7) * [OCPBUGS-20780](https://issues.redhat.com/browse/OCPBUGS-20780): deps: Upgrade golang.org/x/net to v0.17.0 [#277](https://github.com/openshift/cluster-api-provider-openstack/pull/277) * [Full changelog](https://github.com/openshift/cluster-api-provider-openstack/compare/8bd9c35fa7dfa81697f9e62b9ea598cba699ca02...f13e381e962777d48fadcaa3570a583e72aa80c7) ### [operator-lifecycle-manager, operator-registry](https://github.com/openshift/operator-framework-olm/tree/b7e63d634cc7b2813d331d4a7e3e65209c669526) * NO-ISSUE: [release-4.12] Backport e2e fixes [#880](https://github.com/openshift/operator-framework-olm/pull/880) * [OCPBUGS-38610](https://issues.redhat.com/browse/OCPBUGS-38610): (fix) Resolver: list CatSrc using client, instead of referring to registry-server cache (#3349) [#875](https://github.com/openshift/operator-framework-olm/pull/875) * [OCPBUGS-42161](https://issues.redhat.com/browse/OCPBUGS-42161): adds paginating lister for evaluating CRs' upgrade fitness versus new CRDs [#873](https://github.com/openshift/operator-framework-olm/pull/873) * [OCPBUGS-41881](https://issues.redhat.com/browse/OCPBUGS-41881): [CARRY] perform operator apiService certificate validity checks directly [#866](https://github.com/openshift/operator-framework-olm/pull/866) * [OCPBUGS-32854](https://issues.redhat.com/browse/OCPBUGS-32854): bump go-jose to v2.6.3 [#782](https://github.com/openshift/operator-framework-olm/pull/782) * [OCPBUGS-35242](https://issues.redhat.com/browse/OCPBUGS-35242): Unblock CI [#773](https://github.com/openshift/operator-framework-olm/pull/773) * [OCPBUGS-27563](https://issues.redhat.com/browse/OCPBUGS-27563), [OCPBUGS-27568](https://issues.redhat.com/browse/OCPBUGS-27568), [OCPBUGS-27648](https://issues.redhat.com/browse/OCPBUGS-27648), [OCPBUGS-27653](https://issues.redhat.com/browse/OCPBUGS-27653): bump go-git/v5 to 5.11.0 [#688](https://github.com/openshift/operator-framework-olm/pull/688) * [OCPBUGS-27962](https://issues.redhat.com/browse/OCPBUGS-27962): [CARRY] SSC RBAC [#671](https://github.com/openshift/operator-framework-olm/pull/671) * [OCPBUGS-28229](https://issues.redhat.com/browse/OCPBUGS-28229): Registry Pod Controller Flag [#673](https://github.com/openshift/operator-framework-olm/pull/673) * [OCPBUGS-24619](https://issues.redhat.com/browse/OCPBUGS-24619): Update to latest k8s v0.25.15 API server and enable HTTP/2 DoS mitigations [#660](https://github.com/openshift/operator-framework-olm/pull/660) * [OCPBUGS-22132](https://issues.redhat.com/browse/OCPBUGS-22132): [release-4.12] Bump golang.org/x/net to v0.17.0 [#590](https://github.com/openshift/operator-framework-olm/pull/590) * [OCPBUGS-18512](https://issues.redhat.com/browse/OCPBUGS-18512), [RHIBMCS-168](https://issues.redhat.com/browse/RHIBMCS-168): Copied csv listing backport [#559](https://github.com/openshift/operator-framework-olm/pull/559) * Introduce DOWNSTREAM_OWNERS file [#541](https://github.com/openshift/operator-framework-olm/pull/541) * Allow cpb to be statically compiled / exempt from FIPS compliance [#512](https://github.com/openshift/operator-framework-olm/pull/512) * [OCPBUGS-15858](https://issues.redhat.com/browse/OCPBUGS-15858): fix dynamic conversion webhook [#503](https://github.com/openshift/operator-framework-olm/pull/503) * [OCPBUGS-15737](https://issues.redhat.com/browse/OCPBUGS-15737): Re-enable psa plugin [#500](https://github.com/openshift/operator-framework-olm/pull/500) * [OCPBUGS-7650](https://issues.redhat.com/browse/OCPBUGS-7650): Catalog Pod Startup Probe Timeout [#450](https://github.com/openshift/operator-framework-olm/pull/450) * Updating operator-registry images to be consistent with ART [#397](https://github.com/openshift/operator-framework-olm/pull/397) * [OCPBUGS-7825](https://issues.redhat.com/browse/OCPBUGS-7825): Set openshift.io/scc label to empty [#456](https://github.com/openshift/operator-framework-olm/pull/456) * [OCPBUGS-7769](https://issues.redhat.com/browse/OCPBUGS-7769): [release-4.12] update cluster policy operator dependency [#454](https://github.com/openshift/operator-framework-olm/pull/454) * [OCPBUGS-7556](https://issues.redhat.com/browse/OCPBUGS-7556): Defuse E2e timebomb [#449](https://github.com/openshift/operator-framework-olm/pull/449) * [OCPBUGS-7086](https://issues.redhat.com/browse/OCPBUGS-7086): cherry-pick pull request refactor FBC caching (#1051) f… [#441](https://github.com/openshift/operator-framework-olm/pull/441) * [OCPBUGS-6260](https://issues.redhat.com/browse/OCPBUGS-6260): Catalog, fatal error: concurrent map read and map write [#440](https://github.com/openshift/operator-framework-olm/pull/440) * [OCPBUGS-7025](https://issues.redhat.com/browse/OCPBUGS-7025): Set ImagePullPolicy of bundle unpacker to "IfNotPresent" for image digests [#439](https://github.com/openshift/operator-framework-olm/pull/439) * [Full changelog](https://github.com/openshift/operator-framework-olm/compare/d6d213925d54c360f4d2f93ef729ff983322375a...b7e63d634cc7b2813d331d4a7e3e65209c669526) ### [operator-marketplace](https://github.com/operator-framework/operator-marketplace/tree/38b9ed80140123508ab5012e8fa0b067e7aafc12) * NO-ISSUE: Updating marketplace-operator images to be consistent with ART [4.12] [#510](https://github.com/operator-framework/operator-marketplace/pull/510) * [OCPBUGS-32081](https://issues.redhat.com/browse/OCPBUGS-32081): update golang.org/x/net for CVE-2023-45288 [#567](https://github.com/operator-framework/operator-marketplace/pull/567) * [OCPBUGS-20955](https://issues.redhat.com/browse/OCPBUGS-20955): [release-4.12] bump golang.org/x/net to 0.17.0 [#550](https://github.com/operator-framework/operator-marketplace/pull/550) * [OCPBUGS-18503](https://issues.redhat.com/browse/OCPBUGS-18503): remove a race condition [#533](https://github.com/operator-framework/operator-marketplace/pull/533) * [OCPBUGS-14109](https://issues.redhat.com/browse/OCPBUGS-14109): Revert default catsrc diff changes [#519](https://github.com/operator-framework/operator-marketplace/pull/519) * [OCPBUGS-7108](https://issues.redhat.com/browse/OCPBUGS-7108): Default CatalogSource aren't always reverted to default settings [#506](https://github.com/operator-framework/operator-marketplace/pull/506) * [OCPBUGS-5468](https://issues.redhat.com/browse/OCPBUGS-5468): Remove PSA audit and warnings [#503](https://github.com/operator-framework/operator-marketplace/pull/503) * [Full changelog](https://github.com/operator-framework/operator-marketplace/compare/4e3eca672ea923f98b10bfa84985b2470da9ac96...38b9ed80140123508ab5012e8fa0b067e7aafc12) ### [ovirt-csi-driver](https://github.com/openshift/ovirt-csi-driver/tree/87ab37895e56ea3c80be0163571fa593ce96d86b) * [OCPBUGS-23162](https://issues.redhat.com/browse/OCPBUGS-23162): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#131](https://github.com/openshift/ovirt-csi-driver/pull/131) * [Full changelog](https://github.com/openshift/ovirt-csi-driver/compare/64d58fb5438d5f22550ab20951cad32a886952ef...87ab37895e56ea3c80be0163571fa593ce96d86b) ### [ovirt-csi-driver-operator](https://github.com/openshift/ovirt-csi-driver-operator/tree/e5e02335951010745a42f472a0656b5948ffdade) * [OCPBUGS-23266](https://issues.redhat.com/browse/OCPBUGS-23266): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#128](https://github.com/openshift/ovirt-csi-driver-operator/pull/128) * [OCPBUGS-18417](https://issues.redhat.com/browse/OCPBUGS-18417): set TLS cipher suites in Kube RBAC sidecars [#121](https://github.com/openshift/ovirt-csi-driver-operator/pull/121) * [Full changelog](https://github.com/openshift/ovirt-csi-driver-operator/compare/feb14fbb7c7e91fd721a23b5c7307469da5c1aec...e5e02335951010745a42f472a0656b5948ffdade) ### [ovirt-machine-controllers](https://github.com/openshift/cluster-api-provider-ovirt/tree/03e8cb50f9ffa28b48d8aeaeb8410ab1598750d1) * [OCPBUGS-6309](https://issues.redhat.com/browse/OCPBUGS-6309): Fix swapped CPU socket and thread mapping [#173](https://github.com/openshift/cluster-api-provider-ovirt/pull/173) * [Full changelog](https://github.com/openshift/cluster-api-provider-ovirt/compare/645b6d4db6af1f8ba4be95dd9e8d6d0aa7c632f7...03e8cb50f9ffa28b48d8aeaeb8410ab1598750d1) ### [ovn-kubernetes, ovn-kubernetes-microshift](https://github.com/openshift/ovn-kubernetes/tree/2996be215b6dc887d9c439ad4256e47568eb7a0e) * [OCPBUGS-35876](https://issues.redhat.com/browse/OCPBUGS-35876): [release-4.12] ipv6+all protocols conntrack flush [#2214](https://github.com/openshift/ovn-kubernetes/pull/2214) * [OCPBUGS-29864](https://issues.redhat.com/browse/OCPBUGS-29864): CVE-2022-41723: avoid quadratic complexity in HPACK decoding [#2204](https://github.com/openshift/ovn-kubernetes/pull/2204) * [OCPBUGS-34273](https://issues.redhat.com/browse/OCPBUGS-34273), [OCPBUGS-34414](https://issues.redhat.com/browse/OCPBUGS-34414): Improves service iptables efficiency on start up + ICMP error messages to pass through [#2184](https://github.com/openshift/ovn-kubernetes/pull/2184) * [OCPBUGS-32990](https://issues.redhat.com/browse/OCPBUGS-32990): Bump OVS [#2144](https://github.com/openshift/ovn-kubernetes/pull/2144) * [OCPBUGS-33422](https://issues.redhat.com/browse/OCPBUGS-33422): [release-4.12] Full implementation of KEP-1669 ProxyTerminatingEndpoints + ETP=local fix [#2135](https://github.com/openshift/ovn-kubernetes/pull/2135) * [OCPBUGS-25889](https://issues.redhat.com/browse/OCPBUGS-25889): [release-4.12] OVN bump to 23.06.1-112 [#2154](https://github.com/openshift/ovn-kubernetes/pull/2154) * [OCPBUGS-23259](https://issues.redhat.com/browse/OCPBUGS-23259): [release-4.12] Update leaderelection config to allow retries [#2017](https://github.com/openshift/ovn-kubernetes/pull/2017) * [OCPBUGS-28598](https://issues.redhat.com/browse/OCPBUGS-28598): CARRY: Updates owners and adds Surya [#2034](https://github.com/openshift/ovn-kubernetes/pull/2034) * [OCPBUGS-26700](https://issues.redhat.com/browse/OCPBUGS-26700): [release-4.12] fixes MTU configuration on gateway router [#2015](https://github.com/openshift/ovn-kubernetes/pull/2015) * [OCPBUGS-24420](https://issues.redhat.com/browse/OCPBUGS-24420): OVNK/GW: Ignore headless services in syncServices [#1972](https://github.com/openshift/ovn-kubernetes/pull/1972) * [OCPBUGS-23981](https://issues.redhat.com/browse/OCPBUGS-23981): Netpol retryFramework cleanup [#1977](https://github.com/openshift/ovn-kubernetes/pull/1977) * [OCPBUGS-26243](https://issues.redhat.com/browse/OCPBUGS-26243): Fix Egress IP Deletion Handler to Prevent OVN Policy Leaks [#2006](https://github.com/openshift/ovn-kubernetes/pull/2006) * [OCPBUGS-25096](https://issues.redhat.com/browse/OCPBUGS-25096): Fragment oversized reply packets in LGW mode [#1984](https://github.com/openshift/ovn-kubernetes/pull/1984) * [OCPBUGS-22091](https://issues.redhat.com/browse/OCPBUGS-22091): Bump OVN to 23.06.1-39.el8fdp [#1943](https://github.com/openshift/ovn-kubernetes/pull/1943) * [OCPBUGS-18681](https://issues.redhat.com/browse/OCPBUGS-18681): Check libovsdbclient.ErrNotFound on wrapped errors [#1862](https://github.com/openshift/ovn-kubernetes/pull/1862) * [OCPBUGS-20241](https://issues.redhat.com/browse/OCPBUGS-20241): fix race condition in hybrid overlay DRIP alloc [#1932](https://github.com/openshift/ovn-kubernetes/pull/1932) * [OCPBUGS-18353](https://issues.redhat.com/browse/OCPBUGS-18353): Update bridge flow cache when the host address changes [#1872](https://github.com/openshift/ovn-kubernetes/pull/1872) * [OCPBUGS-14708](https://issues.redhat.com/browse/OCPBUGS-14708), [OCPBUGS-19089](https://issues.redhat.com/browse/OCPBUGS-19089), [OCPBUGS-19904](https://issues.redhat.com/browse/OCPBUGS-19904), [OCPBUGS-19906](https://issues.redhat.com/browse/OCPBUGS-19906): Dockerfile: bump OVN to ovn22.12-22.12.1-18.el8fdp [#1881](https://github.com/openshift/ovn-kubernetes/pull/1881) * [OCPBUGS-18054](https://issues.redhat.com/browse/OCPBUGS-18054): Emit node events only when retry failure [#1837](https://github.com/openshift/ovn-kubernetes/pull/1837) * [OCPBUGS-18652](https://issues.redhat.com/browse/OCPBUGS-18652): Do not return error if pod IP cannot be retrieved for `deletePeerPod` and perf improvements [#1903](https://github.com/openshift/ovn-kubernetes/pull/1903) * [OCPBUGS-19432](https://issues.redhat.com/browse/OCPBUGS-19432): Remove stale egressip status entry [#1892](https://github.com/openshift/ovn-kubernetes/pull/1892) * [OCPBUGS-18586](https://issues.redhat.com/browse/OCPBUGS-18586): Fix OVN SNATing on GR by enabling gateway_mtu on rtoe port of GR [#1856](https://github.com/openshift/ovn-kubernetes/pull/1856) * [OCPBUGS-18058](https://issues.redhat.com/browse/OCPBUGS-18058): [release-4.12] Create egress firewall with one db transaction [#1835](https://github.com/openshift/ovn-kubernetes/pull/1835) * [OCPBUGS-17675](https://issues.redhat.com/browse/OCPBUGS-17675): Don't return error on delete event that doesn't ave a chance to succeed. [#1814](https://github.com/openshift/ovn-kubernetes/pull/1814) * [OCPBUGS-17522](https://issues.redhat.com/browse/OCPBUGS-17522): [release-4.12] libovsdb: give monitor setup time to process than normal transactions [#1808](https://github.com/openshift/ovn-kubernetes/pull/1808) * [OCPBUGS-16336](https://issues.redhat.com/browse/OCPBUGS-16336): Backport support AllocateLoadBalancerNodePortsFalse [#1766](https://github.com/openshift/ovn-kubernetes/pull/1766) * [OCPBUGS-15593](https://issues.redhat.com/browse/OCPBUGS-15593): ovnkube-master pod failed to reconnect to ovn db due to ssl expire [#1730](https://github.com/openshift/ovn-kubernetes/pull/1730) * [OCPBUGS-15719](https://issues.redhat.com/browse/OCPBUGS-15719): [relase-4.12] Fix egressFirewall create error handling [#1746](https://github.com/openshift/ovn-kubernetes/pull/1746) * [OCPBUGS-13744](https://issues.redhat.com/browse/OCPBUGS-13744): Improve syncNodes to remove stale data [#1732](https://github.com/openshift/ovn-kubernetes/pull/1732) * [OCPBUGS-13885](https://issues.redhat.com/browse/OCPBUGS-13885): [release-4.12] Drop packets that were not properly SNATed [#1679](https://github.com/openshift/ovn-kubernetes/pull/1679) * [OCPBUGS-15388](https://issues.redhat.com/browse/OCPBUGS-15388): Fix stale SNAT entries for completed pods [#1723](https://github.com/openshift/ovn-kubernetes/pull/1723) * [OCPBUGS-15709](https://issues.redhat.com/browse/OCPBUGS-15709): [release-4.12] Remove non-existing functions test. [#1739](https://github.com/openshift/ovn-kubernetes/pull/1739) * [OCPBUGS-15424](https://issues.redhat.com/browse/OCPBUGS-15424): [release-4.12] Fix network policy to work with long namespace names [#1725](https://github.com/openshift/ovn-kubernetes/pull/1725) * [OCPBUGS-14982](https://issues.redhat.com/browse/OCPBUGS-14982): Validate port before deleting conntrack flow [#1713](https://github.com/openshift/ovn-kubernetes/pull/1713) * [OCPBUGS-14041](https://issues.redhat.com/browse/OCPBUGS-14041): Fix bug that resulted in routes not be restored to a new vnic [#1681](https://github.com/openshift/ovn-kubernetes/pull/1681) * [OCPBUGS-13953](https://issues.redhat.com/browse/OCPBUGS-13953): [release-4.12] Use loadbalancer.Name as client index [#1680](https://github.com/openshift/ovn-kubernetes/pull/1680) * [OCPBUGS-13599](https://issues.redhat.com/browse/OCPBUGS-13599): Call SyncEndpoints from AddService [#1673](https://github.com/openshift/ovn-kubernetes/pull/1673) * [OCPBUGS-7439](https://issues.redhat.com/browse/OCPBUGS-7439): [release-4.12]: Egress Service: Fix nodeSelector parsing [#1529](https://github.com/openshift/ovn-kubernetes/pull/1529) * [OCPBUGS-12768](https://issues.redhat.com/browse/OCPBUGS-12768): : [release-4.12] Delete equivalent ACLs when searching by predicate. [#1661](https://github.com/openshift/ovn-kubernetes/pull/1661) * [OCPBUGS-12265](https://issues.redhat.com/browse/OCPBUGS-12265): [release-4.12] Network scale metrics [#1653](https://github.com/openshift/ovn-kubernetes/pull/1653) * [OCPBUGS-8226](https://issues.redhat.com/browse/OCPBUGS-8226): fix hybridOverlay DRIP in ICNIv1 pods [#1633](https://github.com/openshift/ovn-kubernetes/pull/1633) * [OCPBUGS-11701](https://issues.redhat.com/browse/OCPBUGS-11701): [release-4.12] CARRY: use "prefer local" for annotated services [#1638](https://github.com/openshift/ovn-kubernetes/pull/1638) * [OCPBUGS-11109](https://issues.redhat.com/browse/OCPBUGS-11109): [release-4.12] Batch potentially big transaction on egress firewall ACLs migration [#1617](https://github.com/openshift/ovn-kubernetes/pull/1617) * [OCPBUGS-10947](https://issues.redhat.com/browse/OCPBUGS-10947): [release-4.12] Egress firewall fix retry [#1610](https://github.com/openshift/ovn-kubernetes/pull/1610) * [OCPBUGS-10314](https://issues.redhat.com/browse/OCPBUGS-10314): [release-4.12] Handle Completed pods deletion [#1581](https://github.com/openshift/ovn-kubernetes/pull/1581) * Updating ovn-kubernetes-microshift images to be consistent with ART [#1288](https://github.com/openshift/ovn-kubernetes/pull/1288) * [OCPBUGS-10632](https://issues.redhat.com/browse/OCPBUGS-10632): Check the "Serving" field for endpoints [#1569](https://github.com/openshift/ovn-kubernetes/pull/1569) * [OCPBUGS-6034](https://issues.redhat.com/browse/OCPBUGS-6034): Update egress node assignability on every egress node update [#1483](https://github.com/openshift/ovn-kubernetes/pull/1483) * [OCPBUGS-7732](https://issues.redhat.com/browse/OCPBUGS-7732): Fix leak in service controller cache [#1545](https://github.com/openshift/ovn-kubernetes/pull/1545) * [OCPBUGS-10490](https://issues.redhat.com/browse/OCPBUGS-10490): [release-4.12] Move checkForStaleOVSInterfaces and related code to node.go [#1595](https://github.com/openshift/ovn-kubernetes/pull/1595) * [OCPBUGS-10318](https://issues.redhat.com/browse/OCPBUGS-10318): [release-4.12] node: add node healthz server for cloud load balancers [#1570](https://github.com/openshift/ovn-kubernetes/pull/1570) * [OCPBUGS-7346](https://issues.redhat.com/browse/OCPBUGS-7346): [release-4.12] Fully remove dependency on default gateway for services [#1577](https://github.com/openshift/ovn-kubernetes/pull/1577) * [OCPBUGS-6957](https://issues.redhat.com/browse/OCPBUGS-6957): [release-4.12] Ensure routes are not duplicated [#1503](https://github.com/openshift/ovn-kubernetes/pull/1503) * [OCPBUGS-8501](https://issues.redhat.com/browse/OCPBUGS-8501), [OCPBUGS-8506](https://issues.redhat.com/browse/OCPBUGS-8506), [OCPBUGS-8508](https://issues.redhat.com/browse/OCPBUGS-8508): [release-4.12] Fix EFW's name truncation logic & make EFW ACLs unique using extIDs [#1559](https://github.com/openshift/ovn-kubernetes/pull/1559) * [OCPBUGS-7223](https://issues.redhat.com/browse/OCPBUGS-7223): node: don't consider internal masquerade addresses as node IP addresses [#1528](https://github.com/openshift/ovn-kubernetes/pull/1528) * [OCPBUGS-7317](https://issues.redhat.com/browse/OCPBUGS-7317): [release-4.12] Delete stale egress ip snat entries by node [#1520](https://github.com/openshift/ovn-kubernetes/pull/1520) * [OCPBUGS-7026](https://issues.redhat.com/browse/OCPBUGS-7026): Bump OVN to 22.12 and turn off neighbour response in router options. [#1521](https://github.com/openshift/ovn-kubernetes/pull/1521) * [OCPBUGS-6040](https://issues.redhat.com/browse/OCPBUGS-6040): addMasqueradeRoute: fallback to gateway interface IPs [#1484](https://github.com/openshift/ovn-kubernetes/pull/1484) * [OCPBUGS-7230](https://issues.redhat.com/browse/OCPBUGS-7230): Delete IGMP Groups when deleting stale chassis [#1516](https://github.com/openshift/ovn-kubernetes/pull/1516) * [OCPBUGS-3399](https://issues.redhat.com/browse/OCPBUGS-3399): Drop in-cluster traffic towards svcCIDR at wrong port [#1490](https://github.com/openshift/ovn-kubernetes/pull/1490) * [OCPBUGS-6961](https://issues.redhat.com/browse/OCPBUGS-6961): update base image of Dockerfile [#1504](https://github.com/openshift/ovn-kubernetes/pull/1504) * [OCPBUGS-6823](https://issues.redhat.com/browse/OCPBUGS-6823): [release-4.12] Fix Egress FW ACL rules in dualstack mode [#1500](https://github.com/openshift/ovn-kubernetes/pull/1500) * [OCPBUGS-4862](https://issues.redhat.com/browse/OCPBUGS-4862): Correct the deletion of noHostSubnet nodes [#1470](https://github.com/openshift/ovn-kubernetes/pull/1470) * [OCPBUGS-298](https://issues.redhat.com/browse/OCPBUGS-298): ovnkube-trace: run ovn-sbctl and ovn-trace with --no-leader-only [#1489](https://github.com/openshift/ovn-kubernetes/pull/1489) * [OCPBUGS-5841](https://issues.redhat.com/browse/OCPBUGS-5841): ovnkube-node: Existing management port check [#1475](https://github.com/openshift/ovn-kubernetes/pull/1475) * [OCPBUGS-6812](https://issues.redhat.com/browse/OCPBUGS-6812): [release-4.12] Ensure loadbalancer cleanup doesn't fail [#1497](https://github.com/openshift/ovn-kubernetes/pull/1497) * [OCPBUGS-298](https://issues.redhat.com/browse/OCPBUGS-298): Bump OVN to 22.09.0-54 [#1488](https://github.com/openshift/ovn-kubernetes/pull/1488) * [OCPBUGS-5923](https://issues.redhat.com/browse/OCPBUGS-5923): [release-4.12] Fix egress firewall to allow inbound connections in both gw modes [#1477](https://github.com/openshift/ovn-kubernetes/pull/1477) * [OCPBUGS-5046](https://issues.redhat.com/browse/OCPBUGS-5046): [release-4.12] egressip: fix test data race accessing podAssignment cache [#1467](https://github.com/openshift/ovn-kubernetes/pull/1467) * [Full changelog](https://github.com/openshift/ovn-kubernetes/compare/56eba9e2ffe7a7c15ca377513c93bff3d99c457c...2996be215b6dc887d9c439ad4256e47568eb7a0e) ### [powervs-block-csi-driver](https://github.com/openshift/ibm-powervs-block-csi-driver/tree/b78e8e7871bd50ff77a68fdae320775a17856373) * [OCPBUGS-24733](https://issues.redhat.com/browse/OCPBUGS-24733): synk: ignore vendor dir [#62](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/62) * [OCPBUGS-21079](https://issues.redhat.com/browse/OCPBUGS-21079): CVE-2023-39325 - Update net dependencies - 4.12 [#53](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/53) * Update OWNERS add yussufsh [#55](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/55) * Update OWNERS component to Multi-Arch [#24](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/24) * [Full changelog](https://github.com/openshift/ibm-powervs-block-csi-driver/compare/47cdccb57b862ace2d0036fbedbe3821d0e7af6f...b78e8e7871bd50ff77a68fdae320775a17856373) ### [powervs-block-csi-driver-operator](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/tree/7dadc08acb9f515735c6c3fdb417424d0c668d44) * [OCPBUGS-25717](https://issues.redhat.com/browse/OCPBUGS-25717): snyk: ignore vendor dir [#62](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/pull/62) * [OCPBUGS-21168](https://issues.redhat.com/browse/OCPBUGS-21168): CVE-2023-39325 - Update net dependencies - 4.12 [#42](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/pull/42) * Update OWNERS add yussufsh [#46](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/pull/46) * Update OWNERS component to Multi-Arch [#16](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/pull/16) * [Full changelog](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/compare/06ea8d061b0145555a41ae6e2501a3844e83aa86...7dadc08acb9f515735c6c3fdb417424d0c668d44) ### [powervs-cloud-controller-manager](https://github.com/openshift/cloud-provider-powervs/tree/4fb4334ca8aa9eb8290488359dd8d1cc5261da49) * [OCPBUGS-24740](https://issues.redhat.com/browse/OCPBUGS-24740): UPSTREAM: <carry>: snyk code scan exclude vendor directory [#52](https://github.com/openshift/cloud-provider-powervs/pull/52) * [OCPBUGS-21260](https://issues.redhat.com/browse/OCPBUGS-21260): CVE-2023-39325 - Update net dependencies - 4.12 [#47](https://github.com/openshift/cloud-provider-powervs/pull/47) * Updated OWNERS component to Multi-Arch [#29](https://github.com/openshift/cloud-provider-powervs/pull/29) * [Full changelog](https://github.com/openshift/cloud-provider-powervs/compare/6125f1d95855433e3ee55151557da9ca6f36a194...4fb4334ca8aa9eb8290488359dd8d1cc5261da49) ### [powervs-machine-controllers](https://github.com/openshift/machine-api-provider-powervs/tree/8a37e70af86197341dfe33077565cc1f7c919333) * [OCPBUGS-24564](https://issues.redhat.com/browse/OCPBUGS-24564): Reduce metrics cardinality [#75](https://github.com/openshift/machine-api-provider-powervs/pull/75) * [OCPBUGS-24738](https://issues.redhat.com/browse/OCPBUGS-24738): snyk code scan exclude vendor directory [#63](https://github.com/openshift/machine-api-provider-powervs/pull/63) * [OCPBUGS-21882](https://issues.redhat.com/browse/OCPBUGS-21882): CVE-2023-39325 - Bump golang.org/x/net to v0.17.0 - 4.12 [#57](https://github.com/openshift/machine-api-provider-powervs/pull/57) * Update OWNERS [#39](https://github.com/openshift/machine-api-provider-powervs/pull/39) * [Full changelog](https://github.com/openshift/machine-api-provider-powervs/compare/727fe0f3bf1b4638d31b8e336b77edf421519804...8a37e70af86197341dfe33077565cc1f7c919333) ### [prometheus](https://github.com/openshift/prometheus/tree/72ceaef4a59ec0cfb0639563ba9bd28928f4bcc0) * [OCPBUGS-21219](https://issues.redhat.com/browse/OCPBUGS-21219): update golang.org/x/net to v0.17.0 [4.12] [#175](https://github.com/openshift/prometheus/pull/175) * [Full changelog](https://github.com/openshift/prometheus/compare/c749fdb468ee6d0ac586156832ad9b094c76d867...72ceaef4a59ec0cfb0639563ba9bd28928f4bcc0) ### [prometheus-alertmanager](https://github.com/openshift/prometheus-alertmanager/tree/914cad827e9a177b29b23e02eb48b4065da8dca2) * [OCPBUGS-21031](https://issues.redhat.com/browse/OCPBUGS-21031): Bump golang.org/x/net to v0.17.0 [#82](https://github.com/openshift/prometheus-alertmanager/pull/82) * [Full changelog](https://github.com/openshift/prometheus-alertmanager/compare/86b18354a463c04bb8d54b1e686d9fe54ff449e9...914cad827e9a177b29b23e02eb48b4065da8dca2) ### [prometheus-config-reloader, prometheus-operator, prometheus-operator-admission-webhook](https://github.com/openshift/prometheus-operator/tree/d1e399d5cead91c677cee4a80a032f5057cb43e3) * [OCPBUGS-20843](https://issues.redhat.com/browse/OCPBUGS-20843): Bump golang.org/x/net to v0.17.0 [#249](https://github.com/openshift/prometheus-operator/pull/249) * [OCPBUGS-7458](https://issues.redhat.com/browse/OCPBUGS-7458): Fixes ThanoRuler StatefulSet re-creation bug [#217](https://github.com/openshift/prometheus-operator/pull/217) * [Full changelog](https://github.com/openshift/prometheus-operator/compare/9b41d30910b7f36da0dad500fdb0870e86759366...d1e399d5cead91c677cee4a80a032f5057cb43e3) ### [prometheus-node-exporter](https://github.com/openshift/node_exporter/tree/99077a3c8c3b0fce152fe0affce1e31fc2c6efaa) * [OCPBUGS-21123](https://issues.redhat.com/browse/OCPBUGS-21123): upgrade golang.org/x/net to v0.17.0 [#136](https://github.com/openshift/node_exporter/pull/136) * [Full changelog](https://github.com/openshift/node_exporter/compare/af2f49cac92d4ec56fd495c0ecfc0e0a4149eea5...99077a3c8c3b0fce152fe0affce1e31fc2c6efaa) ### [route-controller-manager](https://github.com/openshift/route-controller-manager/tree/0f141ce9d349fb30755e3d0d7f9f196a91782957) * [OCPBUGS-14275](https://issues.redhat.com/browse/OCPBUGS-14275): Bump k8s to 1.25.10 [#27](https://github.com/openshift/route-controller-manager/pull/27) * [Full changelog](https://github.com/openshift/route-controller-manager/compare/9e74d175e81ef6a2beb3718398e3fc99dded037c...0f141ce9d349fb30755e3d0d7f9f196a91782957) ### [service-ca-operator](https://github.com/openshift/service-ca-operator/tree/ef1d057db0bf8d0846d96e09cdd1f55998a1f80b) * [OCPBUGS-21026](https://issues.redhat.com/browse/OCPBUGS-21026): CVE 2023 39325 (4.12) [#231](https://github.com/openshift/service-ca-operator/pull/231) * [Full changelog](https://github.com/openshift/service-ca-operator/compare/299b7097a49385fdd4f86eccedc07f3a192e2504...ef1d057db0bf8d0846d96e09cdd1f55998a1f80b) ### [telemeter](https://github.com/openshift/telemeter/tree/c9592ded3e9a8daa8dfddfb7b8d874a2aaf1972c) * [OCPBUGS-34827](https://issues.redhat.com/browse/OCPBUGS-34827): fix issuer check during JWT authentication 4.12 [#541](https://github.com/openshift/telemeter/pull/541) * [OCPBUGS-21310](https://issues.redhat.com/browse/OCPBUGS-21310): [release-4.12] fix: Bump golang.org/x/net to v0.17.0 [#486](https://github.com/openshift/telemeter/pull/486) * [OCPBUGS-7702](https://issues.redhat.com/browse/OCPBUGS-7702): Add 'agent-installer' value to 'install_type' label [#451](https://github.com/openshift/telemeter/pull/451) * [Full changelog](https://github.com/openshift/telemeter/compare/4d304019274307c21afefa108493c8af89a2429d...c9592ded3e9a8daa8dfddfb7b8d874a2aaf1972c) ### [tests](https://github.com/openshift/origin/tree/daedb2e584a91e7384b765d0599ad096aa2e78df) * [OCPBUGS-41585](https://issues.redhat.com/browse/OCPBUGS-41585): Removes dependency on samples operator images [#29080](https://github.com/openshift/origin/pull/29080) * Bug OCPBUGS-20557: Correct condition for rejecting connection [#28327](https://github.com/openshift/origin/pull/28327) * [OCPBUGS-18490](https://issues.redhat.com/browse/OCPBUGS-18490): bump monitoring SNO bounds [#28239](https://github.com/openshift/origin/pull/28239) * [OCPBUGS-18527](https://issues.redhat.com/browse/OCPBUGS-18527): Ignore timeout and connection refused errors during upgrade tests for 4.12 [#28270](https://github.com/openshift/origin/pull/28270) * [OCPBUGS-18309](https://issues.redhat.com/browse/OCPBUGS-18309): Add missing watch permission for console users [#28234](https://github.com/openshift/origin/pull/28234) * [OCPBUGS-16696](https://issues.redhat.com/browse/OCPBUGS-16696): Wait for DNS DS pods to be ready [#28083](https://github.com/openshift/origin/pull/28083) * [OCPBUGS-16243](https://issues.redhat.com/browse/OCPBUGS-16243): allow cluster-config-operator to manage featuregate upgrade block [#28055](https://github.com/openshift/origin/pull/28055) * [OCPBUGS-15933](https://issues.redhat.com/browse/OCPBUGS-15933): remove references to registry.centos.org [#28033](https://github.com/openshift/origin/pull/28033) * [CCO-367](https://issues.redhat.com/browse/CCO-367): Allow CCO to be Upgradeable=False when credentialsMode=Manual [#27941](https://github.com/openshift/origin/pull/27941) * [OCPBUGS-14152](https://issues.redhat.com/browse/OCPBUGS-14152): Move from registry.centos.org to quay.io [#27949](https://github.com/openshift/origin/pull/27949) * [OCPBUGS-12914](https://issues.redhat.com/browse/OCPBUGS-12914): Add (optional) dual-stack tests to the CNI certification test suite [#27903](https://github.com/openshift/origin/pull/27903) * Updating openshift-enterprise-tests images to be consistent with ART [#27293](https://github.com/openshift/origin/pull/27293) * add specific test for failing cgroups path [#27856](https://github.com/openshift/origin/pull/27856) * [OCPBUGS-8705](https://issues.redhat.com/browse/OCPBUGS-8705): Bump(openshift/kubernetes): to get fix for resizing flake [#27794](https://github.com/openshift/origin/pull/27794) * [OCPBUGS-8024](https://issues.redhat.com/browse/OCPBUGS-8024): Backport fixes to resume gathering CI disruption data for SLB and image registry [#27759](https://github.com/openshift/origin/pull/27759) * [OCPBUGS-7633](https://issues.redhat.com/browse/OCPBUGS-7633): remove reference to old guard pods [#27732](https://github.com/openshift/origin/pull/27732) * [OCPBUGS-7285](https://issues.redhat.com/browse/OCPBUGS-7285): extended: security: do not explicitly set api audience on token request [#27716](https://github.com/openshift/origin/pull/27716) * [OCPBUGS-6850](https://issues.redhat.com/browse/OCPBUGS-6850): [release-4.12] upgrade/adminack: guarantee one admin ack check post-upgrade [#27684](https://github.com/openshift/origin/pull/27684) * [OCPBUGS-5493](https://issues.redhat.com/browse/OCPBUGS-5493): Use cluster network MTU for bond interfaces [#27637](https://github.com/openshift/origin/pull/27637) * [OCPBUGS-5490](https://issues.redhat.com/browse/OCPBUGS-5490): Fix intervalcreation incorrect year unit test bug [#27668](https://github.com/openshift/origin/pull/27668) * [Full changelog](https://github.com/openshift/origin/compare/5e41b223cad6c22c117ebde996923f23f5ffab3e...daedb2e584a91e7384b765d0599ad096aa2e78df) ### [thanos](https://github.com/openshift/thanos/tree/2867a6b552eaddefd73aa979f13e95f6df338070) * [OCPBUGS-27100](https://issues.redhat.com/browse/OCPBUGS-27100): Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to 0.44.0 [#137](https://github.com/openshift/thanos/pull/137) * [OCPBUGS-21135](https://issues.redhat.com/browse/OCPBUGS-21135): Bump golang.org/x/net to v0.17.0 [#126](https://github.com/openshift/thanos/pull/126) * [OCPBUGS-4276](https://issues.redhat.com/browse/OCPBUGS-4276): Update exporter-toolkit to 0.7.3 [#111](https://github.com/openshift/thanos/pull/111) * [Full changelog](https://github.com/openshift/thanos/compare/306214e86722493edd8d940fd41553acae1dd600...2867a6b552eaddefd73aa979f13e95f6df338070) ### [vsphere-cloud-controller-manager](https://github.com/openshift/cloud-provider-vsphere/tree/e170dce5c1fe5d3a025ccd8264e78c4c987b1d7a) * [OCPBUGS-21493](https://issues.redhat.com/browse/OCPBUGS-21493): Bump golang.org/x/net to v0.18.0 [#56](https://github.com/openshift/cloud-provider-vsphere/pull/56) * [Full changelog](https://github.com/openshift/cloud-provider-vsphere/compare/e993e31f6a3b02938b11fb2f18d67681d60d8922...e170dce5c1fe5d3a025ccd8264e78c4c987b1d7a) ### [vsphere-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-vsphere/tree/a61d43b751249c1a74376a48498571da1d665685) * [OCPBUGS-21548](https://issues.redhat.com/browse/OCPBUGS-21548): bump golang.org/x/net to v0.17.0 [#24](https://github.com/openshift/cluster-api-provider-vsphere/pull/24) * [Full changelog](https://github.com/openshift/cluster-api-provider-vsphere/compare/5c261b3bc8acb84fdf8263a67a80dd384fba698e...a61d43b751249c1a74376a48498571da1d665685) ### [vsphere-csi-driver, vsphere-csi-driver-syncer](https://github.com/openshift/vmware-vsphere-csi-driver/tree/e4c0e103ddbf264387d6efb26b612a4b915d362a) * [OCPBUGS-20417](https://issues.redhat.com/browse/OCPBUGS-20417): syncer: fix nil pointer dereference in log message [#98](https://github.com/openshift/vmware-vsphere-csi-driver/pull/98) * [OCPBUGS-21552](https://issues.redhat.com/browse/OCPBUGS-21552): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#92](https://github.com/openshift/vmware-vsphere-csi-driver/pull/92) * [OCPBUGS-14312](https://issues.redhat.com/browse/OCPBUGS-14312): Update 4.12 against v2.7.1 [#81](https://github.com/openshift/vmware-vsphere-csi-driver/pull/81) * [OCPBUGS-7426](https://issues.redhat.com/browse/OCPBUGS-7426): Add migrationDataStore field [#59](https://github.com/openshift/vmware-vsphere-csi-driver/pull/59) * [OCPBUGS-6936](https://issues.redhat.com/browse/OCPBUGS-6936): fix for nil user session (#1859) [#57](https://github.com/openshift/vmware-vsphere-csi-driver/pull/57) * [Full changelog](https://github.com/openshift/vmware-vsphere-csi-driver/compare/df89e303405042aa0c8f8704962910a4ef486ab8...e4c0e103ddbf264387d6efb26b612a4b915d362a) ### [vsphere-csi-driver-operator](https://github.com/openshift/vmware-vsphere-csi-driver-operator/tree/d7cca470e82158e8240a09b3586f99e6a84f121f) * [OCPBUGS-21416](https://issues.redhat.com/browse/OCPBUGS-21416): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#175](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/175) * [OCPBUGS-18131](https://issues.redhat.com/browse/OCPBUGS-18131): Block upgrade to 4.13 via admin ack [#171](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/171) * [OCPBUGS-18333](https://issues.redhat.com/browse/OCPBUGS-18333): disable controller hostNetwork [#167](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/167) * [OCPBUGS-12712](https://issues.redhat.com/browse/OCPBUGS-12712): Add backoff for successful storage policy creations [#152](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/152) * [OCPBUGS-7901](https://issues.redhat.com/browse/OCPBUGS-7901): Bump sidecar timeouts for vsphere [#142](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/142) * [OCPBUGS-7426](https://issues.redhat.com/browse/OCPBUGS-7426): Fix datastore migration bug in 4.12 [#139](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/139) * [OCPBUGS-4609](https://issues.redhat.com/browse/OCPBUGS-4609): Add multiple datacenters support [#123](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/123) * [Full changelog](https://github.com/openshift/vmware-vsphere-csi-driver-operator/compare/7c8ccc7d25d9bfda2f79a9c965a667bed3431e11...d7cca470e82158e8240a09b3586f99e6a84f121f) ### [vsphere-problem-detector](https://github.com/openshift/vsphere-problem-detector/tree/f25ae2add899bbd4b63b476c2e6178cfbaf68ac4) * [OCPBUGS-21574](https://issues.redhat.com/browse/OCPBUGS-21574): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#131](https://github.com/openshift/vsphere-problem-detector/pull/131) * [OCPBUGS-10812](https://issues.redhat.com/browse/OCPBUGS-10812): Add build number to metrics [#104](https://github.com/openshift/vsphere-problem-detector/pull/104) * [OCPBUGS-6788](https://issues.redhat.com/browse/OCPBUGS-6788): Derive the fully qualified vSphere username when checking permissions [#98](https://github.com/openshift/vsphere-problem-detector/pull/98) * [OCPBUGS-5509](https://issues.redhat.com/browse/OCPBUGS-5509): Add a count of zonal volumes [#97](https://github.com/openshift/vsphere-problem-detector/pull/97) * [Full changelog](https://github.com/openshift/vsphere-problem-detector/compare/2b91d5538d004aa689d8351ca26c345865b77e63...f25ae2add899bbd4b63b476c2e6178cfbaf68ac4)