# 4.14.28 Created: 2024-05-30 20:42:53 +0000 UTC Image Digest: `sha256:c5bcd0298deee99caaf3ec88de246f3af84f80225202df46527b6f2b4d0eb3c3` Promoted from registry.ci.openshift.org/ocp/release:4.14.0-0.nightly-2024-05-30-083125 ## Changes from 4.14.1 ### Components * Kubernetes upgraded from 1.27.6 to 1.27.14 * Red Hat Enterprise Linux CoreOS upgraded from 414.92.202310270216-0 to 414.92.202405282322-0 ### Rebuilt images without code change * [agent-installer-utils](https://github.com/openshift/agent-installer-utils) git [ad853769](https://github.com/openshift/agent-installer-utils/commit/ad8537697818870b53b6262041f0dfa78a3b41c2) `sha256:226b3a95a661a6c6efacbf9b1c57890865d958be8bb00cc30708491311f146dc` * [alibaba-cloud-csi-driver](https://github.com/openshift/alibaba-cloud-csi-driver) git [3dc363d3](https://github.com/openshift/alibaba-cloud-csi-driver/commit/3dc363d364c43c1fb03e223147e25d9057273428) `sha256:a96440d6e2516159b5f6185007de7ed3a1d20c0e9b65de3a15c07c37baf0d9c1` * [alibaba-machine-controllers](https://github.com/openshift/cluster-api-provider-alibaba) git [27f105d3](https://github.com/openshift/cluster-api-provider-alibaba/commit/27f105d3b722e19f76b72588d36eeae9dac0a444) `sha256:abc051460f77b13111188046f01f5538bb3a1aaa1c8f9deb8acb613e6244654d` * [azure-disk-csi-driver](https://github.com/openshift/azure-disk-csi-driver) git [b19eec11](https://github.com/openshift/azure-disk-csi-driver/commit/b19eec11854e89a3e45f27455ce54d19c25f375b) `sha256:011e2008928e6b6468f253f78aa6868f96cb7dc8e032833d26b438c4668e7b89` * [cluster-bootstrap](https://github.com/openshift/cluster-bootstrap) git [93fba13f](https://github.com/openshift/cluster-bootstrap/commit/93fba13f576831ba0953190663ab26aaf5766984) `sha256:408d4d504689a3cd0bb4ed47d23ead5700a38a5801c7da8cb8bb9f28ff40b191` * [cluster-dns-operator](https://github.com/openshift/cluster-dns-operator) git [5553a226](https://github.com/openshift/cluster-dns-operator/commit/5553a22698ac7fce2cc401ed5884eb1bdb36a02d) `sha256:384466063529e62eea08d8ee4aaa1e16e9cd7f50fb6c71087f093e7f65c1cacb` * [cluster-platform-operators-manager](https://github.com/openshift/platform-operators) git [08fb27e7](https://github.com/openshift/platform-operators/commit/08fb27e72e32ea0a06ab02b3b746114148d96c25) `sha256:e9c03f33a687cf7491129fa53c0e3f750e924e9189048e140b54b21746440d95` * [configmap-reloader](https://github.com/openshift/configmap-reload) git [716a0c33](https://github.com/openshift/configmap-reload/commit/716a0c33bb693127fba3b3512622710785a59e8e) `sha256:09b5278d2585c10d1f8b5e9328458f16a680f84560f46d1d53c894eabe2ea655` * [csi-driver-nfs](https://github.com/openshift/csi-driver-nfs) git [e1dd4537](https://github.com/openshift/csi-driver-nfs/commit/e1dd45373456cf8e47a58d6764212317fb2f8a97) `sha256:db3fe94aeb846cbb6687d2e202b773a1aa04c11a6cf5fba8b9c6777cf494fd06` * [csi-external-attacher](https://github.com/openshift/csi-external-attacher) git [06e8ce0d](https://github.com/openshift/csi-external-attacher/commit/06e8ce0d36f7c23f0906327cd66ec6bd15165366) `sha256:973711a3f73169824183f73d5c4d57f5cc492be823be4381dd1a12f0a83f054c` * [csi-external-provisioner](https://github.com/openshift/csi-external-provisioner) git [78a710fd](https://github.com/openshift/csi-external-provisioner/commit/78a710fd2ccd6f87f7789c314349192d063f9f37) `sha256:5f6c3b4917882e38802543f7c0332c1645879d982bc309570c9229b422a75478` * [csi-external-resizer](https://github.com/openshift/csi-external-resizer) git [59a701a4](https://github.com/openshift/csi-external-resizer/commit/59a701a4c8cd3105e272b12afdb1e62e411b2772) `sha256:df3d04b31625d3ed3cd74bbda493a37e10b9716d94a9d921966f9f63e77b8e34` * [csi-livenessprobe](https://github.com/openshift/csi-livenessprobe) git [a9bcbde1](https://github.com/openshift/csi-livenessprobe/commit/a9bcbde134a17d3335f68a49aaad4befa8d7cc08) `sha256:2a655edc9b6b87db6eb0294bc5746b33b758a96110e550a7244711e45023f8e9` * [csi-node-driver-registrar](https://github.com/openshift/csi-node-driver-registrar) git [9dcaa7f5](https://github.com/openshift/csi-node-driver-registrar/commit/9dcaa7f5b7573e7ef9dbec1439abc32171003799) `sha256:60f833064195ea66c4776885d20c2e6f2215ad03f11e4ad2fd106da7eaa2e627` * [driver-toolkit](https://github.com/openshift/driver-toolkit) git [cafed17b](https://github.com/openshift/driver-toolkit/commit/cafed17b0c2b4cf8d8310304888787ed7adf7474) `sha256:a8fb995dffc8a5e711cde1c61fc4b638a19789b92422dc09b41134fb3f901478` * [egress-router-cni](https://github.com/openshift/egress-router-cni) git [afffdd45](https://github.com/openshift/egress-router-cni/commit/afffdd455b65a944751f9155852781f9ddce0f5d) `sha256:0f7265ac1d38fc747c17ee0b8b24215d1066a78d30293f41b9f12883e99910df` * [gcp-machine-controllers](https://github.com/openshift/machine-api-provider-gcp) git [a676e6b6](https://github.com/openshift/machine-api-provider-gcp/commit/a676e6b6a8eefee8b921b47674c6fb9c0b1b5125) `sha256:c088da5f694412d8eb9d55fcf0fb67d9ad6e9aae0f0217851001b73830541dfc` * [gcp-pd-csi-driver](https://github.com/openshift/gcp-pd-csi-driver) git [8a626fe5](https://github.com/openshift/gcp-pd-csi-driver/commit/8a626fe5354a7cb28e31034dc8afe9c00d4b5a03) `sha256:e7b40fa247e26aad78509e6547dc5c9eca49d6e6f3fb1dbfec84c7355c6017f9` * [ibm-vpc-block-csi-driver](https://github.com/openshift/ibm-vpc-block-csi-driver) git [02471d96](https://github.com/openshift/ibm-vpc-block-csi-driver/commit/02471d9625339b1cd6d638e358a10c88b223d30e) `sha256:3592f17e63e21960c1a9cd2e1e1d133a9736b9a143daa117a012c6a06e26975e` * [ibm-vpc-node-label-updater](https://github.com/openshift/ibm-vpc-node-label-updater) git [44a2b943](https://github.com/openshift/ibm-vpc-node-label-updater/commit/44a2b9430e38e4dc0fe6ef0c08cd759ed97fd43f) `sha256:59cd4a1652e166eb45f2658ff70aae410da932bdc6bf5e50c839b8219ad56dfc` * [ibmcloud-machine-controllers](https://github.com/openshift/machine-api-provider-ibmcloud) git [c28b2232](https://github.com/openshift/machine-api-provider-ibmcloud/commit/c28b2232ab1c0dcd951a23b324506eaab510389c) `sha256:5fa93b393ba2ec1c8ba1b5e06c368c93ee531223f3f05b7f82d1adcf2d388a5e` * [ironic-machine-os-downloader](https://github.com/openshift/ironic-rhcos-downloader) git [7b56c306](https://github.com/openshift/ironic-rhcos-downloader/commit/7b56c30661e39b212fc632e8e184c70b14dcf3a2) `sha256:4a448fafc16a9559a2f2173f777d575f2709611ee5702f94304eced6580df744` * [ironic-static-ip-manager](https://github.com/openshift/ironic-static-ip-manager) git [c038d5a4](https://github.com/openshift/ironic-static-ip-manager/commit/c038d5a43e7355099d8f9845a8b14052437b787e) `sha256:27577bfddd7765515309d21dc91e4c207f27ffce416d861c89e93130d3aef713` * [keepalived-ipfailover](https://github.com/openshift/images) git [f08cee33](https://github.com/openshift/images/commit/f08cee3389569256aa288c33bad701a2704ce9db) `sha256:28be47974cb4e51c649ab0522793e68832651691ee2f79b2b98483a459523056` * [kube-state-metrics](https://github.com/openshift/kube-state-metrics) git [db0c5499](https://github.com/openshift/kube-state-metrics/commit/db0c54994a6aad9155a94513eaa3480c1812f45e) `sha256:562dfd380ab022e5c4c8c67e1324edca2e80fc66be96473c6fd41a6e36ced33b` * [kube-storage-version-migrator](https://github.com/openshift/kubernetes-kube-storage-version-migrator) git [8558e14a](https://github.com/openshift/kubernetes-kube-storage-version-migrator/commit/8558e14a116804168506d06e96eac5a79913a6eb) `sha256:70fb2952e84b91b76ba0778d68b2b7811ae3774cffde9210cf0ce36ccf4cd665` * [kuryr-cni](https://github.com/openshift/kuryr-kubernetes) git [8926a294](https://github.com/openshift/kuryr-kubernetes/commit/8926a294348d3791040748774b0ac0892b968494) `sha256:7738650465d10a305f2c3f1e7b0e8b78751f3a9373f15b359d91ee1eef0deea0` * [kuryr-controller](https://github.com/openshift/kuryr-kubernetes) git [8926a294](https://github.com/openshift/kuryr-kubernetes/commit/8926a294348d3791040748774b0ac0892b968494) `sha256:bd48682ef2493382fa62d478aef8c000ff93cdba641fc9f7f5bf792bb1a255b1` * [libvirt-machine-controllers](https://github.com/openshift/cluster-api-provider-libvirt) git [34dfccba](https://github.com/openshift/cluster-api-provider-libvirt/commit/34dfccba84a23b871d4f29dcec55929c11696e91) `sha256:0d4d44808dd6a1a6dc207b13ad38f5e182f4bb1ba2b4a0fa9620645897be21a8` * machine-os-content `sha256:1e2b5c23aecbc611fda10dfce39d26717463150f65b26e867be3480eb10ad809` * [machine-os-images](https://github.com/openshift/machine-os-images) git [d3a4a6c3](https://github.com/openshift/machine-os-images/commit/d3a4a6c3b46e26fa260de80465b45879311e23c4) `sha256:8693978a41e98e048e47a700297800bc712e6a3cc902578324f60ce28eeba1b4` * [multus-route-override-cni](https://github.com/openshift/route-override-cni) git [078aee5c](https://github.com/openshift/route-override-cni/commit/078aee5c466ffc79126a34b85953534c6674f28c) `sha256:3be5a2947f827c5e108caa60f4d2ae180abba17db7e1a998ee2e4fb41406769d` * [must-gather](https://github.com/openshift/must-gather) git [833e1de9](https://github.com/openshift/must-gather/commit/833e1de991e2319439fb48550c86d2d44d412501) `sha256:bee448ca05fe1a428ffe2d230bbf9acece086dcfe552227f970b570d2e7d56bc` * [network-interface-bond-cni](https://github.com/openshift/bond-cni) git [29f61f6b](https://github.com/openshift/bond-cni/commit/29f61f6b05d958c40e7213937064f26a63a8e6d9) `sha256:401f3bd21a0645d97912e80bf6fed5dff84cc4e96a367eb79ed8f37dbba44ece` * [nutanix-cloud-controller-manager](https://github.com/openshift/cloud-provider-nutanix) git [bc568865](https://github.com/openshift/cloud-provider-nutanix/commit/bc568865fe7d5cd598c89e7f189de9e07150f29a) `sha256:e380bb05422a0dc676530d6068627fc0c10a71f1ccc09c260be45e38d5c6caa0` * [nutanix-machine-controllers](https://github.com/openshift/machine-api-provider-nutanix) git [6f50b1ac](https://github.com/openshift/machine-api-provider-nutanix/commit/6f50b1ac83fa493cdaa38fb0a05804882333172b) `sha256:080cff23a84878fd8ca725ad65b15cff71436d33674b7f292aef552b4e17afc9` * [openshift-state-metrics](https://github.com/openshift/openshift-state-metrics) git [dff4b0f4](https://github.com/openshift/openshift-state-metrics/commit/dff4b0f47e639fe2382e8c4c17208fccaacfcbdf) `sha256:f9c65fd4483ca43d94d1b6d64b9f94bc7ec5a77234d60817377d1eaacaa57cf3` * [operator-marketplace](https://github.com/operator-framework/operator-marketplace) git [a367cea6](https://github.com/operator-framework/operator-marketplace/commit/a367cea6e2371a0db2957403de40958852f817b3) `sha256:50cf6e7489a9dcadc16ce95fc4df2eb846fb70145b9416c03b7de25d3d88f2d3` * [ovirt-csi-driver](https://github.com/openshift/ovirt-csi-driver) git [f21b470f](https://github.com/openshift/ovirt-csi-driver/commit/f21b470f4927f97eca93a0a390cffccd7d724043) `sha256:dcdb2ed72df1e5f775cbc8a59391513ce7ad80734c640fe5bb9ac0a37d3aa1c3` * [ovirt-csi-driver-operator](https://github.com/openshift/ovirt-csi-driver-operator) git [2fa33aa7](https://github.com/openshift/ovirt-csi-driver-operator/commit/2fa33aa7f05da8640a8695372364f2367febd12a) `sha256:048e6f04c30b455aef7ea400b1ec641fee69c90016d122588853f8d95c77c5bb` * [ovirt-machine-controllers](https://github.com/openshift/cluster-api-provider-ovirt) git [5d708631](https://github.com/openshift/cluster-api-provider-ovirt/commit/5d708631fca37aff0ede7d7f8fc9ba76c7fcee47) `sha256:51c942b1bab152451f449fb67c3e241a5d0f24355e852532cb6468a5762940ef` * [prom-label-proxy](https://github.com/openshift/prom-label-proxy) git [af40ed09](https://github.com/openshift/prom-label-proxy/commit/af40ed09f69fab6c4bf054436f537a3e569d5f02) `sha256:650bc04cb5e8f30c1e208fe38d40cd1948ae4191e6a5dc976202e328e5d9413a` * [prometheus-alertmanager](https://github.com/openshift/prometheus-alertmanager) git [e3725166](https://github.com/openshift/prometheus-alertmanager/commit/e3725166cf8ef228f1672b00d063c488b69687aa) `sha256:ddc7bd8fdebe6d2cd3edb9e4604641f4eb0a6f0c031c0ceafb632b7b63cb1f57` * [prometheus-node-exporter](https://github.com/openshift/node_exporter) git [5ee0a9d9](https://github.com/openshift/node_exporter/commit/5ee0a9d957a04756ba76623a8bbc12be9949109f) `sha256:3c8887163254e42456c8c680fbedf4a13166184ad28260425169fa5e5d9682e2` * rhel-coreos `sha256:a20014c3469c0d5179b3062e655296c0af37ea10d5e2abe2984e07342f07aa64` * rhel-coreos-extensions `sha256:de9b49ff3e9d233a910391593b3031d6e85703bf927f1b407cd31603a7e1e22b` ### [agent-installer-api-server](https://github.com/openshift/assisted-service/tree/5861f066a15f89356d7cf6b3c340f56ae6119d19) * [OCPBUGS-31631](https://issues.redhat.com/browse/OCPBUGS-31631): Deploy dual stack with IPv6 on top of bond/vlan fails (#6322) [#6322](https://github.com/openshift/assisted-service/pull/6322) * [MGMT-17594](https://issues.redhat.com/browse/MGMT-17594): Bump x/net to v0.24.0 to mitigate CVE-2023-45288 (#6216) [#6216](https://github.com/openshift/assisted-service/pull/6216) * [MGMT-17549](https://issues.redhat.com/browse/MGMT-17549): Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#6203) [#6203](https://github.com/openshift/assisted-service/pull/6203) * [MGMT-17541](https://issues.redhat.com/browse/MGMT-17541): Replace broken golangci reference (#6197) [#6197](https://github.com/openshift/assisted-service/pull/6197) * NO-ISSUE: replace postgres images as current one disappeared from quay (#6134) [#6134](https://github.com/openshift/assisted-service/pull/6134) * [MGMT-16950](https://issues.redhat.com/browse/MGMT-16950): changing dnsmasq configuration for sno in order to meet single ip installation flow for ibu (#5973) [#5973](https://github.com/openshift/assisted-service/pull/5973) * [MGMT-16494](https://issues.redhat.com/browse/MGMT-16494): Move ip hint file creation to ignition in order to change it in IBI process (#5974) [#5974](https://github.com/openshift/assisted-service/pull/5974) * [MGMT-16517](https://issues.redhat.com/browse/MGMT-16517): Add Env Var Deployment Type & Set ABI (#5987) [#5987](https://github.com/openshift/assisted-service/pull/5987) * [MGMT-15796](https://issues.redhat.com/browse/MGMT-15796): set CloudControllerManager to External for OCI (#5877) [#5877](https://github.com/openshift/assisted-service/pull/5877) * [OCPBUGS-23069](https://issues.redhat.com/browse/OCPBUGS-23069): Ignore hostPrefix validation for plugins other than OVN/SDN (#5676) [#5676](https://github.com/openshift/assisted-service/pull/5676) * [Full changelog](https://github.com/openshift/assisted-service/compare/4e1a1e59cef06c75a9a09f6251ecbd19eecb8be5...5861f066a15f89356d7cf6b3c340f56ae6119d19) ### [agent-installer-csr-approver, agent-installer-orchestrator](https://github.com/openshift/assisted-installer/tree/5d64ad00cc9a2f045895dfccc43fe8d81027e745) * [MGMT-17594](https://issues.redhat.com/browse/MGMT-17594): Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#834) [#834](https://github.com/openshift/assisted-installer/pull/834) * [MGMT-17591](https://issues.redhat.com/browse/MGMT-17591): Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#830) [#830](https://github.com/openshift/assisted-installer/pull/830) * [MGMT-16843](https://issues.redhat.com/browse/MGMT-16843): Ensure valid hostname during install (#794) [#794](https://github.com/openshift/assisted-installer/pull/794) * [OCPBUGS-20049](https://issues.redhat.com/browse/OCPBUGS-20049): Remove uninitialized taint for agent-based installs (#753) [#753](https://github.com/openshift/assisted-installer/pull/753) * [Full changelog](https://github.com/openshift/assisted-installer/compare/9fd99e3861fc32b8a608bb0c81344435e32ad004...5d64ad00cc9a2f045895dfccc43fe8d81027e745) ### [agent-installer-node-agent](https://github.com/openshift/assisted-installer-agent/tree/1ef82f3a3397c0f5b3864c37bf8dcba4235e84fc) * [MGMT-17594](https://issues.redhat.com/browse/MGMT-17594): Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#705) [#705](https://github.com/openshift/assisted-installer-agent/pull/705) * [MGMT-17591](https://issues.redhat.com/browse/MGMT-17591): Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#703) [#703](https://github.com/openshift/assisted-installer-agent/pull/703) * [MGMT-17541](https://issues.redhat.com/browse/MGMT-17541): Replace broken golangci reference (#698) [#698](https://github.com/openshift/assisted-installer-agent/pull/698) * [Full changelog](https://github.com/openshift/assisted-installer-agent/compare/e438a5e93d2b08ba670acf742c0f1c6ad44ab92b...1ef82f3a3397c0f5b3864c37bf8dcba4235e84fc) ### [alibaba-cloud-controller-manager](https://github.com/openshift/cloud-provider-alibaba-cloud/tree/8ba0b37a45510404a842d6dbd84d40a18008e81d) * [OCPBUGS-21255](https://issues.redhat.com/browse/OCPBUGS-21255): Bump golang.org/x/net to v0.18.0 [#38](https://github.com/openshift/cloud-provider-alibaba-cloud/pull/38) * [Full changelog](https://github.com/openshift/cloud-provider-alibaba-cloud/compare/8c532d2e64aa0f2fc30e49d658a47426fab38cb3...8ba0b37a45510404a842d6dbd84d40a18008e81d) ### [alibaba-disk-csi-driver-operator](https://github.com/openshift/alibaba-disk-csi-driver-operator/tree/8853e6ef4966018b96f9d8bfbf99df3a984bb454) * [OCPBUGS-25657](https://issues.redhat.com/browse/OCPBUGS-25657): Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler [#81](https://github.com/openshift/alibaba-disk-csi-driver-operator/pull/81) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#71](https://github.com/openshift/alibaba-disk-csi-driver-operator/pull/71) * [Full changelog](https://github.com/openshift/alibaba-disk-csi-driver-operator/compare/7e0204aeee1770a98afb7ace4f3ccb5568c906e8...8853e6ef4966018b96f9d8bfbf99df3a984bb454) ### [apiserver-network-proxy](https://github.com/openshift/apiserver-network-proxy/tree/a3c0e6b7016017e26603f9990bce2891374f3ca1) * [OCPBUGS-31984](https://issues.redhat.com/browse/OCPBUGS-31984): Bump golang.org/x/net to v0.23.0 [#52](https://github.com/openshift/apiserver-network-proxy/pull/52) * [HOSTEDCP-1323](https://issues.redhat.com/browse/HOSTEDCP-1323): Merge latest code into 4.14 branch [#45](https://github.com/openshift/apiserver-network-proxy/pull/45) * [Full changelog](https://github.com/openshift/apiserver-network-proxy/compare/15cd4347b9384fac3d93029c6426dc15b964f557...a3c0e6b7016017e26603f9990bce2891374f3ca1) ### [aws-cloud-controller-manager](https://github.com/openshift/cloud-provider-aws/tree/607e2dde6cde137b5c14d5f7687847f6df4cae94) * [OCPBUGS-23826](https://issues.redhat.com/browse/OCPBUGS-23826): bump go.opentelemetry.io [#67](https://github.com/openshift/cloud-provider-aws/pull/67) * [OCPBUGS-27759](https://issues.redhat.com/browse/OCPBUGS-27759): Adds ecr-credential-plugin .spec [#71](https://github.com/openshift/cloud-provider-aws/pull/71) * [OCPBUGS-20755](https://issues.redhat.com/browse/OCPBUGS-20755): Upgrade x/net to v0.17.0 [#50](https://github.com/openshift/cloud-provider-aws/pull/50) * [Full changelog](https://github.com/openshift/cloud-provider-aws/compare/1763ea56c30ec1a0589ee900911a853ae375ff0d...607e2dde6cde137b5c14d5f7687847f6df4cae94) ### [aws-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-aws/tree/54a95bd18a84153e23430476fc218035255e3a0e) * [OCPBUGS-31332](https://issues.redhat.com/browse/OCPBUGS-31332): UPSTREAM: 4670:Update awsmachine providerID and instanceID immediately after ec2:RunInstances is called [#506](https://github.com/openshift/cluster-api-provider-aws/pull/506) * [OCPBUGS-31251](https://issues.redhat.com/browse/OCPBUGS-31251): fix e2e tests on release branches [#505](https://github.com/openshift/cluster-api-provider-aws/pull/505) * [OCPBUGS-20857](https://issues.redhat.com/browse/OCPBUGS-20857): bump golang.org/x/net to v0.17.0 [#481](https://github.com/openshift/cluster-api-provider-aws/pull/481) * [Full changelog](https://github.com/openshift/cluster-api-provider-aws/compare/fb2b2e6126061513b2441091a1523f3214305431...54a95bd18a84153e23430476fc218035255e3a0e) ### [aws-ebs-csi-driver](https://github.com/openshift/aws-ebs-csi-driver/tree/918bb4e9106bbd7498d0d5b3b44ec6df392789b5) * [OCPBUGS-33078](https://issues.redhat.com/browse/OCPBUGS-33078): UPSTREAM: 1919: Add reserved-volume-attachments [#264](https://github.com/openshift/aws-ebs-csi-driver/pull/264) * [Full changelog](https://github.com/openshift/aws-ebs-csi-driver/compare/2e2e2774b971d215c3ded5eef925980bac047253...918bb4e9106bbd7498d0d5b3b44ec6df392789b5) ### [aws-ebs-csi-driver-operator](https://github.com/openshift/aws-ebs-csi-driver-operator/tree/609879c3f1b9a65936e385f798398a2d1673aacd) * [OCPBUGS-33078](https://issues.redhat.com/browse/OCPBUGS-33078): Explicitly reserve 1 attachment for the root disk [#306](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/306) * [OCPBUGS-25657](https://issues.redhat.com/browse/OCPBUGS-25657): Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler [#302](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/302) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#296](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/296) * [Full changelog](https://github.com/openshift/aws-ebs-csi-driver-operator/compare/024bec5b1d318b874fd93d6e57018467d26333d1...609879c3f1b9a65936e385f798398a2d1673aacd) ### [aws-machine-controllers](https://github.com/openshift/machine-api-provider-aws/tree/e292817c27d83d6cba27def4461a9795bd3a68a7) * [OCPBUGS-17298](https://issues.redhat.com/browse/OCPBUGS-17298), [OCPBUGS-21571](https://issues.redhat.com/browse/OCPBUGS-21571): Update golang.org/x/net to v0.17.0 [#88](https://github.com/openshift/machine-api-provider-aws/pull/88) * [Full changelog](https://github.com/openshift/machine-api-provider-aws/compare/8925f3b1fc95f933b029bf13946dcafea646a74b...e292817c27d83d6cba27def4461a9795bd3a68a7) ### [aws-pod-identity-webhook](https://github.com/openshift/aws-pod-identity-webhook/tree/2c864ca0f09e038c4b0c82215ef1a6f60fb54e63) * [OCPBUGS-32884](https://issues.redhat.com/browse/OCPBUGS-32884): Upgrade go-jose module to 2.6.3 [#189](https://github.com/openshift/aws-pod-identity-webhook/pull/189) * [OCPBUGS-21761](https://issues.redhat.com/browse/OCPBUGS-21761): Backport the recent rebase to 4.14 [#168](https://github.com/openshift/aws-pod-identity-webhook/pull/168) * NO-ISSUE: Sync OWNERS with team members [#176](https://github.com/openshift/aws-pod-identity-webhook/pull/176) * snyk: exclude vendor/ [#171](https://github.com/openshift/aws-pod-identity-webhook/pull/171) * [Full changelog](https://github.com/openshift/aws-pod-identity-webhook/compare/ed5ae281ece6092735140617c486e5822ce5b7b6...2c864ca0f09e038c4b0c82215ef1a6f60fb54e63) ### [azure-cloud-controller-manager, azure-cloud-node-manager](https://github.com/openshift/cloud-provider-azure/tree/f0e7cbbcf37fb44c34a192ecffaf40a6639c8bea) * [OCPBUGS-21439](https://issues.redhat.com/browse/OCPBUGS-21439): Bump golang.org/x/net to v0.18.0 [#93](https://github.com/openshift/cloud-provider-azure/pull/93) * [Full changelog](https://github.com/openshift/cloud-provider-azure/compare/cca9a841e807dd87708b82562fc5f376ed2f274c...f0e7cbbcf37fb44c34a192ecffaf40a6639c8bea) ### [azure-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-azure/tree/7ad2773c64f0757ea92a18594f0aad59c6a55cde) * [OCPBUGS-17283](https://issues.redhat.com/browse/OCPBUGS-17283), [OCPBUGS-21516](https://issues.redhat.com/browse/OCPBUGS-21516): [release-4.14] Bump golang.org/x/net to v0.17.0 [#286](https://github.com/openshift/cluster-api-provider-azure/pull/286) * [Full changelog](https://github.com/openshift/cluster-api-provider-azure/compare/c015df41ed16a1eccd1ec60b77c96b4334a5bcb2...7ad2773c64f0757ea92a18594f0aad59c6a55cde) ### [azure-disk-csi-driver-operator](https://github.com/openshift/azure-disk-csi-driver-operator/tree/918935767350f9f330b9d6a9c3ee03e9869e7828) * [OCPBUGS-25657](https://issues.redhat.com/browse/OCPBUGS-25657): Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler [#120](https://github.com/openshift/azure-disk-csi-driver-operator/pull/120) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#109](https://github.com/openshift/azure-disk-csi-driver-operator/pull/109) * [OCPBUGS-20784](https://issues.redhat.com/browse/OCPBUGS-20784): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#101](https://github.com/openshift/azure-disk-csi-driver-operator/pull/101) * [Full changelog](https://github.com/openshift/azure-disk-csi-driver-operator/compare/4db2f8aac33abbc600b72a82ebe205581a998a7b...918935767350f9f330b9d6a9c3ee03e9869e7828) ### [azure-file-csi-driver](https://github.com/openshift/azure-file-csi-driver/tree/f28a507244d4629404365c89b422f04b9d8d7943) * [OCPBUGS-33039](https://issues.redhat.com/browse/OCPBUGS-33039): Rebase v1.29.5 for OCP 4.14 [#66](https://github.com/openshift/azure-file-csi-driver/pull/66) * [Full changelog](https://github.com/openshift/azure-file-csi-driver/compare/f401f53684e5aa1e94036612770ca7ee10f55b24...f28a507244d4629404365c89b422f04b9d8d7943) ### [azure-file-csi-driver-operator](https://github.com/openshift/azure-file-csi-driver-operator/tree/4469d80589595dd5d05f0f0f296505800e3ad527) * [OCPBUGS-33039](https://issues.redhat.com/browse/OCPBUGS-33039): add token audience for Azure File [#104](https://github.com/openshift/azure-file-csi-driver-operator/pull/104) * [OCPBUGS-25657](https://issues.redhat.com/browse/OCPBUGS-25657): Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler [#94](https://github.com/openshift/azure-file-csi-driver-operator/pull/94) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#83](https://github.com/openshift/azure-file-csi-driver-operator/pull/83) * [Full changelog](https://github.com/openshift/azure-file-csi-driver-operator/compare/43838ae6c329e7d818c19ec59dfba5abde7535f6...4469d80589595dd5d05f0f0f296505800e3ad527) ### [azure-machine-controllers](https://github.com/openshift/machine-api-provider-azure/tree/8666a367160c23175f97c5df9db7c1844405865e) * [OCPBUGS-30898](https://issues.redhat.com/browse/OCPBUGS-30898): Remove startupScript vmextension lookup [#106](https://github.com/openshift/machine-api-provider-azure/pull/106) * [OCPBUGS-29152](https://issues.redhat.com/browse/OCPBUGS-29152): Don't create availability set when using spot instances [#98](https://github.com/openshift/machine-api-provider-azure/pull/98) * [OCPBUGS-28745](https://issues.redhat.com/browse/OCPBUGS-28745): Improving performance of VMs created in Azure [#96](https://github.com/openshift/machine-api-provider-azure/pull/96) * [OCPBUGS-17299](https://issues.redhat.com/browse/OCPBUGS-17299), [OCPBUGS-20773](https://issues.redhat.com/browse/OCPBUGS-20773): Bump x/net package to v0.17.0 [#80](https://github.com/openshift/machine-api-provider-azure/pull/80) * [Full changelog](https://github.com/openshift/machine-api-provider-azure/compare/bb6ee0623b4b83146588b9f6fd40d7f4c3284522...8666a367160c23175f97c5df9db7c1844405865e) ### [azure-workload-identity-webhook](https://github.com/openshift/azure-workload-identity/tree/bcb88d949151223362ecefc12f4e90566599e0e7) * [OCPBUGS-32894](https://issues.redhat.com/browse/OCPBUGS-32894): Upgrade go-jose module to 2.6.3 [#19](https://github.com/openshift/azure-workload-identity/pull/19) * [OCPBUGS-21093](https://issues.redhat.com/browse/OCPBUGS-21093): Upgrade golang/x/net for CVE-2023-39325 (4.14) [#14](https://github.com/openshift/azure-workload-identity/pull/14) * [Full changelog](https://github.com/openshift/azure-workload-identity/compare/a474b2b0bc88d30cb4661b49bc3f9adac620b773...bcb88d949151223362ecefc12f4e90566599e0e7) ### [baremetal-installer, installer, installer-artifacts](https://github.com/openshift/installer/tree/3343d79fafcc7582e02d08dcba17744f15106afe) * [OCPBUGS-28611](https://issues.redhat.com/browse/OCPBUGS-28611): remove retired serial NCv2 from azure tested instance type list on x86 [#7960](https://github.com/openshift/installer/pull/7960) * [OCPBUGS-27394](https://issues.redhat.com/browse/OCPBUGS-27394): preserve category name when trying to find tag category [#7926](https://github.com/openshift/installer/pull/7926) * [OCPBUGS-33010](https://issues.redhat.com/browse/OCPBUGS-33010): escape '%' in proxy settings [#8318](https://github.com/openshift/installer/pull/8318) * [OCPBUGS-31756](https://issues.redhat.com/browse/OCPBUGS-31756): openstack: Honour worker server group policy [#8231](https://github.com/openshift/installer/pull/8231) * NO-ISSUE: test fix to support slightly different nmstate error messages [#8286](https://github.com/openshift/installer/pull/8286) * [OCPBUGS-32358](https://issues.redhat.com/browse/OCPBUGS-32358): Updated libvirt installer to include multi-arch yq and symlink for backwards compatibility [#8281](https://github.com/openshift/installer/pull/8281) * [OCPBUGS-31885](https://issues.redhat.com/browse/OCPBUGS-31885): Validate control plane replicas [#8241](https://github.com/openshift/installer/pull/8241) * [OCPBUGS-31677](https://issues.redhat.com/browse/OCPBUGS-31677): coreos-installer iso kargs show broken on Agent ISO [#8228](https://github.com/openshift/installer/pull/8228) * [OCPBUGS-31338](https://issues.redhat.com/browse/OCPBUGS-31338): upi: aws: fix typo in worker templates [#8203](https://github.com/openshift/installer/pull/8203) * Bug OCPBUGS-30187: OpenStack: fix controlPlanePort validation [#8095](https://github.com/openshift/installer/pull/8095) * [OCPBUGS-30027](https://issues.redhat.com/browse/OCPBUGS-30027): gcp: better error msg when service accnt missing [#8078](https://github.com/openshift/installer/pull/8078) * [OCPBUGS-30259](https://issues.redhat.com/browse/OCPBUGS-30259): PowerVS remove ibm cloud/bluemix go 4.14 [#8103](https://github.com/openshift/installer/pull/8103) * [OCPBUGS-29123](https://issues.redhat.com/browse/OCPBUGS-29123): IBMCloud: Handle disk delete errors [#7988](https://github.com/openshift/installer/pull/7988) * [OCPBUGS-29626](https://issues.redhat.com/browse/OCPBUGS-29626): update RHCOS 4.14 bootimage metadata to 414.92.202402130420-0 [#8037](https://github.com/openshift/installer/pull/8037) * [OCPBUGS-28929](https://issues.redhat.com/browse/OCPBUGS-28929): [release-4.14] Bump containerd for vulnerability fix [#7981](https://github.com/openshift/installer/pull/7981) * [OCPBUGS-27419](https://issues.redhat.com/browse/OCPBUGS-27419): Fix depreciated typo [#7929](https://github.com/openshift/installer/pull/7929) * [OCPBUGS-24521](https://issues.redhat.com/browse/OCPBUGS-24521): set vmType in azure cloud config [release-4.14] [#7804](https://github.com/openshift/installer/pull/7804) * [OCPBUGS-23738](https://issues.redhat.com/browse/OCPBUGS-23738): vSphere - when using RP network path is incorrect [#7759](https://github.com/openshift/installer/pull/7759) * [OCPBUGS-27241](https://issues.redhat.com/browse/OCPBUGS-27241): baremetal: correct external_http_url for v6-only BMCs [#7914](https://github.com/openshift/installer/pull/7914) * [OCPBUGS-22315](https://issues.redhat.com/browse/OCPBUGS-22315): bootstrap: Enable gatewayd units only on RHCOS [#7628](https://github.com/openshift/installer/pull/7628) * [OCPBUGS-23498](https://issues.redhat.com/browse/OCPBUGS-23498): update RHCOS 4.14 bootimage metadata to 414.92.202401110948-0 [#7919](https://github.com/openshift/installer/pull/7919) * [OCPBUGS-20860](https://issues.redhat.com/browse/OCPBUGS-20860): Bump versions for golang modules to accommodate fixes for CVE-2023-39325 & CVE-2023-44487 [#7887](https://github.com/openshift/installer/pull/7887) * [OCPBUGS-22895](https://issues.redhat.com/browse/OCPBUGS-22895): Do not generate azure-cloud-provider in manual mode for aro builds [#7670](https://github.com/openshift/installer/pull/7670) * [OCPBUGS-22771](https://issues.redhat.com/browse/OCPBUGS-22771): aws: use security groups from defaultMachinePlatform [#7658](https://github.com/openshift/installer/pull/7658) * [OCPBUGS-24489](https://issues.redhat.com/browse/OCPBUGS-24489): baremetal: populate customDeploy in advance [#7802](https://github.com/openshift/installer/pull/7802) * [OCPBUGS-22770](https://issues.redhat.com/browse/OCPBUGS-22770): destroy: gcp: fix destroying regional disks [#7657](https://github.com/openshift/installer/pull/7657) * Bug OCPBUGS-22776: OpenStack: Fix IPv6 address configuration for bootstrap [#7660](https://github.com/openshift/installer/pull/7660) * [OCPBUGS-22978](https://issues.redhat.com/browse/OCPBUGS-22978): IBMCloud: Add eu-es region [#7684](https://github.com/openshift/installer/pull/7684) * [OCPBUGS-23399](https://issues.redhat.com/browse/OCPBUGS-23399): Check if PER is enabled in the target PowerVS workspace [#7736](https://github.com/openshift/installer/pull/7736) * [OCPBUGS-22688](https://issues.redhat.com/browse/OCPBUGS-22688): Bump Fedora CoreOS to latest stable [#7647](https://github.com/openshift/installer/pull/7647) * [OCPBUGS-22774](https://issues.redhat.com/browse/OCPBUGS-22774): Add KMS encryption keys if provided [#7659](https://github.com/openshift/installer/pull/7659) * [OCPBUGS-21868](https://issues.redhat.com/browse/OCPBUGS-21868): vSphere,segfault on version check [#7605](https://github.com/openshift/installer/pull/7605) * [OCPBUGS-22945](https://issues.redhat.com/browse/OCPBUGS-22945): Update gcloud version to 447.0.0 [#7681](https://github.com/openshift/installer/pull/7681) * [OCPBUGS-22187](https://issues.redhat.com/browse/OCPBUGS-22187): azure: validation: validate defaultMachinePlatform [#7615](https://github.com/openshift/installer/pull/7615) * [OCPBUGS-22758](https://issues.redhat.com/browse/OCPBUGS-22758): update RHCOS 4.14 bootimage metadata to 414.92.202310210434-0 [#7655](https://github.com/openshift/installer/pull/7655) * [OCPBUGS-19922](https://issues.redhat.com/browse/OCPBUGS-19922): Release 4.14 skip agent tui on external oci platform [#7599](https://github.com/openshift/installer/pull/7599) * [OCPBUGS-21653](https://issues.redhat.com/browse/OCPBUGS-21653): Rectify GCP label key validation check [#7606](https://github.com/openshift/installer/pull/7606) * [Full changelog](https://github.com/openshift/installer/compare/03546e550ae68f6b36d78d78b539450e66b5f6c2...3343d79fafcc7582e02d08dcba17744f15106afe) ### [baremetal-machine-controllers](https://github.com/openshift/cluster-api-provider-baremetal/tree/fb20cdac93ab9647e9c9cabafb45c7811789b477) * [OCPBUGS-31435](https://issues.redhat.com/browse/OCPBUGS-31435): Bump golang-protobuf version [#215](https://github.com/openshift/cluster-api-provider-baremetal/pull/215) * [OCPBUGS-29177](https://issues.redhat.com/browse/OCPBUGS-29177): Extend metal3remediation aggregation role [#211](https://github.com/openshift/cluster-api-provider-baremetal/pull/211) * [Full changelog](https://github.com/openshift/cluster-api-provider-baremetal/compare/412acb3ce356dc18fe79e95920a97c34950b4d42...fb20cdac93ab9647e9c9cabafb45c7811789b477) ### [baremetal-operator](https://github.com/openshift/baremetal-operator/tree/937b5fd7a151920c48f2d9588911e66b903a6e38) * [OCPBUGS-23324](https://issues.redhat.com/browse/OCPBUGS-23324): Backport node poweroff fixes [#318](https://github.com/openshift/baremetal-operator/pull/318) * [OCPBUGS-24409](https://issues.redhat.com/browse/OCPBUGS-24409): Don't munge timestamp in structured logs, again [#324](https://github.com/openshift/baremetal-operator/pull/324) * [OCPBUGS-24489](https://issues.redhat.com/browse/OCPBUGS-24489): Do not update instance_info and deploy_interface for active nodes [#325](https://github.com/openshift/baremetal-operator/pull/325) * [Full changelog](https://github.com/openshift/baremetal-operator/compare/8643f32fea3e50b81b70a4bd5367a7487a73e7c6...937b5fd7a151920c48f2d9588911e66b903a6e38) ### [baremetal-runtimecfg](https://github.com/openshift/baremetal-runtimecfg/tree/393a268d0ae6e8cacc75d0b60b91bf6105fb9360) * [OCPBUGS-32524](https://issues.redhat.com/browse/OCPBUGS-32524): Decrease log level when detecting node IP [#306](https://github.com/openshift/baremetal-runtimecfg/pull/306) * [OCPBUGS-26928](https://issues.redhat.com/browse/OCPBUGS-26928): Add .snyk file to ignore vendor and test files [#294](https://github.com/openshift/baremetal-runtimecfg/pull/294) * [OCPBUGS-23474](https://issues.redhat.com/browse/OCPBUGS-23474): Use shorter IP label for keepalived VIP [#288](https://github.com/openshift/baremetal-runtimecfg/pull/288) * [OCPBUGS-22206](https://issues.redhat.com/browse/OCPBUGS-22206): deps: upgrade x/sys [#281](https://github.com/openshift/baremetal-runtimecfg/pull/281) * [Full changelog](https://github.com/openshift/baremetal-runtimecfg/compare/887b94a7453321f3f492a2de7b69c891aaceeacf...393a268d0ae6e8cacc75d0b60b91bf6105fb9360) ### [cli, cli-artifacts, deployer, tools](https://github.com/openshift/oc/tree/f7b14a92857ad1f28be2e2eaec3ae8229d4c2761) * [OCPBUGS-30287](https://issues.redhat.com/browse/OCPBUGS-30287): oc adm catalog mirror: use ToSlash and FromSlash to unify the path separators [#1699](https://github.com/openshift/oc/pull/1699) * [OCPBUGS-25983](https://issues.redhat.com/browse/OCPBUGS-25983): Remove deprecated password defaulting in default config flag [#1646](https://github.com/openshift/oc/pull/1646) * [OCPBUGS-24197](https://issues.redhat.com/browse/OCPBUGS-24197): Add client version in must-gather summary [#1607](https://github.com/openshift/oc/pull/1607) * [OCPBUGS-24460](https://issues.redhat.com/browse/OCPBUGS-24460): Overwrite template's namespace with the explicit one [#1616](https://github.com/openshift/oc/pull/1616) * [OCPBUGS-22702](https://issues.redhat.com/browse/OCPBUGS-22702): Reflect container's exit code for long running tasks not attached to terminal [#1592](https://github.com/openshift/oc/pull/1592) * [OCPBUGS-20508](https://issues.redhat.com/browse/OCPBUGS-20508): regeneratemco: explicitly check for PlatformStatus field [#1573](https://github.com/openshift/oc/pull/1573) * [Full changelog](https://github.com/openshift/oc/compare/0c63f9da2694c080257111616c60005f32a5bf47...f7b14a92857ad1f28be2e2eaec3ae8229d4c2761) ### [cloud-credential-operator](https://github.com/openshift/cloud-credential-operator/tree/67fe51ea7cc53e73aba861d75696fc051b404d4d) * [OCPBUGS-32899](https://issues.redhat.com/browse/OCPBUGS-32899): Upgrade go-jose module to 2.6.3 [#697](https://github.com/openshift/cloud-credential-operator/pull/697) * [OCPBUGS-29156](https://issues.redhat.com/browse/OCPBUGS-29156): Fix the ClusterOperator watch of the status controller [#676](https://github.com/openshift/cloud-credential-operator/pull/676) * [OCPBUGS-28231](https://issues.redhat.com/browse/OCPBUGS-28231): Guard upgrading GCP from 4.14 to 4.15 without RoleAdmin permissions [#670](https://github.com/openshift/cloud-credential-operator/pull/670) * [OCPBUGS-29199](https://issues.redhat.com/browse/OCPBUGS-29199): ccoctl - use proxy when validating CloudFront URL [#678](https://github.com/openshift/cloud-credential-operator/pull/678) * [OCPBUGS-27911](https://issues.redhat.com/browse/OCPBUGS-27911): Resolve all outstanding snyk vulnerabilities [#650](https://github.com/openshift/cloud-credential-operator/pull/650) * [OCPBUGS-28382](https://issues.redhat.com/browse/OCPBUGS-28382): Use cached clients to avoid client side throttling [#666](https://github.com/openshift/cloud-credential-operator/pull/666) * [OCPBUGS-27515](https://issues.redhat.com/browse/OCPBUGS-27515): Write manifests when AWS IAM roles already exist. [#659](https://github.com/openshift/cloud-credential-operator/pull/659) * [OCPBUGS-26512](https://issues.redhat.com/browse/OCPBUGS-26512): Use live client for metrics [#647](https://github.com/openshift/cloud-credential-operator/pull/647) * [OCPBUGS-25275](https://issues.redhat.com/browse/OCPBUGS-25275): Azure Workload Identity info in CredsRequests creates a Secret [#643](https://github.com/openshift/cloud-credential-operator/pull/643) * [OCPBUGS-24346](https://issues.redhat.com/browse/OCPBUGS-24346): Discover AWS dns suffix from partition and region. [#635](https://github.com/openshift/cloud-credential-operator/pull/635) * [OCPBUGS-23986](https://issues.redhat.com/browse/OCPBUGS-23986): Use per-project custom roles instead of per-cluster custom roles [#631](https://github.com/openshift/cloud-credential-operator/pull/631) * [OCPBUGS-23426](https://issues.redhat.com/browse/OCPBUGS-23426): Explicitly set the vsphere secret credential data on sync. [#629](https://github.com/openshift/cloud-credential-operator/pull/629) * [OCPBUGS-21388](https://issues.redhat.com/browse/OCPBUGS-21388): Upgrade golang/x/net for CVE-2023-39325 [#622](https://github.com/openshift/cloud-credential-operator/pull/622) * NO-ISSUE: Removing andrew from OWNERS [#617](https://github.com/openshift/cloud-credential-operator/pull/617) * snyk: exclude vendor/ [#615](https://github.com/openshift/cloud-credential-operator/pull/615) * [OCPBUGS-22651](https://issues.redhat.com/browse/OCPBUGS-22651): explicitly set azure oidc bucket to allow public blob access [#612](https://github.com/openshift/cloud-credential-operator/pull/612) * [OCPBUGS-21926](https://issues.redhat.com/browse/OCPBUGS-21926): azure create-managed-identites to add cloud controller manager to network resource group [#608](https://github.com/openshift/cloud-credential-operator/pull/608) * [Full changelog](https://github.com/openshift/cloud-credential-operator/compare/6956fe53f3a25c6e521ace789eb01d35d0548d1c...67fe51ea7cc53e73aba861d75696fc051b404d4d) ### [cloud-network-config-controller](https://github.com/openshift/cloud-network-config-controller/tree/1bd04641f210d19370f782086949f827bfb7a264) * [OCPBUGS-34197](https://issues.redhat.com/browse/OCPBUGS-34197): Avoid panic when looking up attachedOutboundRule.ID in azure [#147](https://github.com/openshift/cloud-network-config-controller/pull/147) * [OCPBUGS-32112](https://issues.redhat.com/browse/OCPBUGS-32112): Avoid nil pointer panic while assigning private IP on Azure [#138](https://github.com/openshift/cloud-network-config-controller/pull/138) * [OCPBUGS-21785](https://issues.redhat.com/browse/OCPBUGS-21785): Azure: skip backend pool if attached to an outbound rule [#125](https://github.com/openshift/cloud-network-config-controller/pull/125) * [Full changelog](https://github.com/openshift/cloud-network-config-controller/compare/159e2bd406a82efed33b32204b7692cc50dee64c...1bd04641f210d19370f782086949f827bfb7a264) ### [cluster-authentication-operator](https://github.com/openshift/cluster-authentication-operator/tree/9203d4d5a83c86d4c51050a2c58e5ffe6e8d137e) * [OCPBUGS-28247](https://issues.redhat.com/browse/OCPBUGS-28247): Remove "include.release.openshift.io/ibm-cloud-managed:" annotation [#649](https://github.com/openshift/cluster-authentication-operator/pull/649) * [OCPBUGS-20705](https://issues.redhat.com/browse/OCPBUGS-20705): go.mod: bump golang.org/x/net to v0.17.0 [#637](https://github.com/openshift/cluster-authentication-operator/pull/637) * [Full changelog](https://github.com/openshift/cluster-authentication-operator/compare/bebf0fd3932be12594227b415fecd5d664611bc0...9203d4d5a83c86d4c51050a2c58e5ffe6e8d137e) ### [cluster-autoscaler](https://github.com/openshift/kubernetes-autoscaler/tree/9d87281f73fc26a5fac17c50dcf63c2de17f619a) * [OCPBUGS-31621](https://issues.redhat.com/browse/OCPBUGS-31621): add check for taint.value == nil [#294](https://github.com/openshift/kubernetes-autoscaler/pull/294) * [OCPBUGS-30628](https://issues.redhat.com/browse/OCPBUGS-30628): Fix unstructured taint parsing in Cluster API provider [#288](https://github.com/openshift/kubernetes-autoscaler/pull/288) * [Full changelog](https://github.com/openshift/kubernetes-autoscaler/compare/0822c7b7429a6fbea65e9d472594689429501491...9d87281f73fc26a5fac17c50dcf63c2de17f619a) ### [cluster-autoscaler-operator](https://github.com/openshift/cluster-autoscaler-operator/tree/32854baae386c4d6854d7fd8658fdff75588e919) * [OCPBUGS-31976](https://issues.redhat.com/browse/OCPBUGS-31976): Update x/net to v0.25.0 [#322](https://github.com/openshift/cluster-autoscaler-operator/pull/322) * [OCPBUGS-25749](https://issues.redhat.com/browse/OCPBUGS-25749): Add Snyk file to exclude vendor directory on scan [#308](https://github.com/openshift/cluster-autoscaler-operator/pull/308) * [OCPBUGS-20789](https://issues.redhat.com/browse/OCPBUGS-20789): Bump x/net package to v0.17.0 [#298](https://github.com/openshift/cluster-autoscaler-operator/pull/298) * [Full changelog](https://github.com/openshift/cluster-autoscaler-operator/compare/63b23fcfd58295f24a9bc5bf524560a8f6e7b31f...32854baae386c4d6854d7fd8658fdff75588e919) ### [cluster-baremetal-operator](https://github.com/openshift/cluster-baremetal-operator/tree/270579c644f97dd9f2e8e771c939833ffee1dd3e) * [OCPBUGS-23392](https://issues.redhat.com/browse/OCPBUGS-23392), [OCPBUGS-23393](https://issues.redhat.com/browse/OCPBUGS-23393): fix IRONIC_EXTERNAL_URL_V6 [#384](https://github.com/openshift/cluster-baremetal-operator/pull/384) * Jira OCPBUGS-22208: Trigger reconcile if Secret openshift-config/pull-secret changes [#376](https://github.com/openshift/cluster-baremetal-operator/pull/376) * [Full changelog](https://github.com/openshift/cluster-baremetal-operator/compare/6d5d5187f1b469eee613cebc1be14c5fb985e2a8...270579c644f97dd9f2e8e771c939833ffee1dd3e) ### [cluster-capi-controllers](https://github.com/openshift/cluster-api/tree/ae83c5533706d539dc492229eebd67533468e48b) * [OCPBUGS-21544](https://issues.redhat.com/browse/OCPBUGS-21544): Bump golang.org/x/net to v0.17.0 [#184](https://github.com/openshift/cluster-api/pull/184) * [Full changelog](https://github.com/openshift/cluster-api/compare/4efea4967a1de8d60393f1b5b5c89e1145992c8a...ae83c5533706d539dc492229eebd67533468e48b) ### [cluster-capi-operator](https://github.com/openshift/cluster-capi-operator/tree/b4c4fb13a40c2c71b8f21fe379befad95e341a77) * [OCPBUGS-22314](https://issues.redhat.com/browse/OCPBUGS-22314): fix: add missing azure identity diff [#136](https://github.com/openshift/cluster-capi-operator/pull/136) * [OCPBUGS-21092](https://issues.redhat.com/browse/OCPBUGS-21092): Bump golang.org/x/net to v0.17.0 [#134](https://github.com/openshift/cluster-capi-operator/pull/134) * [Full changelog](https://github.com/openshift/cluster-capi-operator/compare/504be5bee927f7c1d0265b82054049283699b988...b4c4fb13a40c2c71b8f21fe379befad95e341a77) ### [cluster-cloud-controller-manager-operator](https://github.com/openshift/cluster-cloud-controller-manager-operator/tree/33a706e8a2430fa67f4472dbd0f61cea8de6bd6f) * [OCPBUGS-26548](https://issues.redhat.com/browse/OCPBUGS-26548): Adds CloudConfigTransformer for Azure [#321](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/321) * [OCPBUGS-21189](https://issues.redhat.com/browse/OCPBUGS-21189): Bump golang.org/x/net to v0.18.0 [#295](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/295) * [OCPBUGS-20552](https://issues.redhat.com/browse/OCPBUGS-20552): apply necessary RBAC for the alibaba cloud controller manager [#289](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/289) * [Full changelog](https://github.com/openshift/cluster-cloud-controller-manager-operator/compare/6036333a63fbc93726ae704f1af359af49ab0987...33a706e8a2430fa67f4472dbd0f61cea8de6bd6f) ### [cluster-config-operator](https://github.com/openshift/cluster-config-operator/tree/91fa980a5be1d3c91786ff41a0a9394adb75671f) * [OCPBUGS-28649](https://issues.redhat.com/browse/OCPBUGS-28649): Add required PSa labels [#403](https://github.com/openshift/cluster-config-operator/pull/403) * NO-JIRA: add inert featuregate files to allow diff against later releases [#398](https://github.com/openshift/cluster-config-operator/pull/398) * [OCPBUGS-21653](https://issues.redhat.com/browse/OCPBUGS-21653): Update openshift/api package to latest version [#371](https://github.com/openshift/cluster-config-operator/pull/371) * : OCPBUGS-21286: bump library-go to include switch to HTTP/1.1 [#369](https://github.com/openshift/cluster-config-operator/pull/369) * [Full changelog](https://github.com/openshift/cluster-config-operator/compare/fa99c083c1e6044855246c18042e6da2476964bb...91fa980a5be1d3c91786ff41a0a9394adb75671f) ### [cluster-control-plane-machine-set-operator](https://github.com/openshift/cluster-control-plane-machine-set-operator/tree/074a22ce411beae063af06423ecf3458c67e9cc3) * [OCPBUGS-30014](https://issues.redhat.com/browse/OCPBUGS-30014): Never delete a Machine when there's a single Machine in an index [#283](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/283) * [OCPBUGS-20566](https://issues.redhat.com/browse/OCPBUGS-20566): webhooks: set min version TLS 1.2 + exclude weak ciphersuites [#254](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/254) * [OCPBUGS-21384](https://issues.redhat.com/browse/OCPBUGS-21384): Bump golang.org/x/net to v0.17.0 [#256](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/256) * [Full changelog](https://github.com/openshift/cluster-control-plane-machine-set-operator/compare/3b946f36550d499537e551f353529e51044b9868...074a22ce411beae063af06423ecf3458c67e9cc3) ### [cluster-csi-snapshot-controller-operator](https://github.com/openshift/cluster-csi-snapshot-controller-operator/tree/d4a1162514ecbf248b04e6e8625d17bc2b775ccd) * [OCPBUGS-31886](https://issues.redhat.com/browse/OCPBUGS-31886): create suitable role and roleBinding for csi-snapshot-webhook [#205](https://github.com/openshift/cluster-csi-snapshot-controller-operator/pull/205) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#174](https://github.com/openshift/cluster-csi-snapshot-controller-operator/pull/174) * [Full changelog](https://github.com/openshift/cluster-csi-snapshot-controller-operator/compare/5d8bae88fdceefd3cc6e9befe3da641839403d9c...d4a1162514ecbf248b04e6e8625d17bc2b775ccd) ### [cluster-etcd-operator](https://github.com/openshift/cluster-etcd-operator/tree/42629b1d6b82c006d01af486e9939fe46756b1ac) * [OCPBUGS-31392](https://issues.redhat.com/browse/OCPBUGS-31392): remove etcd-health-probe log [#1258](https://github.com/openshift/cluster-etcd-operator/pull/1258) * [OCPBUGS-31972](https://issues.redhat.com/browse/OCPBUGS-31972): update golang x net [#1254](https://github.com/openshift/cluster-etcd-operator/pull/1254) * [OCPBUGS-31428](https://issues.redhat.com/browse/OCPBUGS-31428): CEO aliveness check should only detect deadlocks [#1231](https://github.com/openshift/cluster-etcd-operator/pull/1231) * [OCPBUGS-30067](https://issues.redhat.com/browse/OCPBUGS-30067): fix panic in health check timeouts [#1213](https://github.com/openshift/cluster-etcd-operator/pull/1213) * [OCPBUGS-30012](https://issues.redhat.com/browse/OCPBUGS-30012): Replace nodelister with master nodelister everywhere [#1211](https://github.com/openshift/cluster-etcd-operator/pull/1211) * [OCPBUGS-23571](https://issues.redhat.com/browse/OCPBUGS-23571): Add annotation in the etcd-guard static pod for worklo… [#1162](https://github.com/openshift/cluster-etcd-operator/pull/1162) * [OCPBUGS-26214](https://issues.redhat.com/browse/OCPBUGS-26214): fix device busy errors [#1176](https://github.com/openshift/cluster-etcd-operator/pull/1176) * Revert "[release-4.14] OCPBUGS-21802: remove revision stability check from bootstrap complet…" [#1168](https://github.com/openshift/cluster-etcd-operator/pull/1168) * [OCPBUGS-22477](https://issues.redhat.com/browse/OCPBUGS-22477): Remove z-upgrades from UpgradeBackupController [#1140](https://github.com/openshift/cluster-etcd-operator/pull/1140) * [OCPBUGS-21802](https://issues.redhat.com/browse/OCPBUGS-21802): remove revision stability check from bootstrap complet… [#1138](https://github.com/openshift/cluster-etcd-operator/pull/1138) * [OCPBUGS-21175](https://issues.redhat.com/browse/OCPBUGS-21175): fixing CVE-2023-39325 by updating dependencies [#1142](https://github.com/openshift/cluster-etcd-operator/pull/1142) * [Full changelog](https://github.com/openshift/cluster-etcd-operator/compare/a30b074095df7195ed0126bcd212b74114a88ee9...42629b1d6b82c006d01af486e9939fe46756b1ac) ### [cluster-image-registry-operator](https://github.com/openshift/cluster-image-registry-operator/tree/9043a978971211db732ceb78f55f84b8143c6a17) * [OCPBUGS-33409](https://issues.redhat.com/browse/OCPBUGS-33409): azurepathfix: check if platform status is nil before accessing it [#1033](https://github.com/openshift/cluster-image-registry-operator/pull/1033) * [OCPBUGS-32450](https://issues.redhat.com/browse/OCPBUGS-32450): azure-path-fix: support auth via account key (without clientID) [#1023](https://github.com/openshift/cluster-image-registry-operator/pull/1023) * [OCPBUGS-31857](https://issues.redhat.com/browse/OCPBUGS-31857): bump aws-sdk-go from v1.44 to v1.50 [#1018](https://github.com/openshift/cluster-image-registry-operator/pull/1018) * [OCPBUGS-28989](https://issues.redhat.com/browse/OCPBUGS-28989): pkg/storage/s3: enable bucket key on encryption settings [#995](https://github.com/openshift/cluster-image-registry-operator/pull/995) * [OCPBUGS-29755](https://issues.redhat.com/browse/OCPBUGS-29755): azurepathfix: fix stack hub, government and workload identity setup [#1005](https://github.com/openshift/cluster-image-registry-operator/pull/1005) * [OCPBUGS-29604](https://issues.redhat.com/browse/OCPBUGS-29604): move azure storage blobs from `docker` back into `/docker` [#1001](https://github.com/openshift/cluster-image-registry-operator/pull/1001) * [OCPBUGS-22127](https://issues.redhat.com/browse/OCPBUGS-22127): increase storage account key cache expiration [#941](https://github.com/openshift/cluster-image-registry-operator/pull/941) * [OCPBUGS-20710](https://issues.redhat.com/browse/OCPBUGS-20710): mitigate effects of rapid reset [#942](https://github.com/openshift/cluster-image-registry-operator/pull/942) * [Full changelog](https://github.com/openshift/cluster-image-registry-operator/compare/b0ee859b641ff2b1d9896d0cd13743ee3335051a...9043a978971211db732ceb78f55f84b8143c6a17) ### [cluster-ingress-operator](https://github.com/openshift/cluster-ingress-operator/tree/fc4cab0d129151b919ac09b495c33d627ef55915) * [OCPBUGS-34407](https://issues.redhat.com/browse/OCPBUGS-34407): Use centos7 tag for quay.io/centos7/httpd-24-centos7 image [#1061](https://github.com/openshift/cluster-ingress-operator/pull/1061) * [OCPBUGS-20800](https://issues.redhat.com/browse/OCPBUGS-20800): Bump golang.org/x/net for CVE-2023-44487 [#986](https://github.com/openshift/cluster-ingress-operator/pull/986) * [Full changelog](https://github.com/openshift/cluster-ingress-operator/compare/7e10070c45fe55862f323f6ecc0f7166e802fa24...fc4cab0d129151b919ac09b495c33d627ef55915) ### [cluster-kube-apiserver-operator](https://github.com/openshift/cluster-kube-apiserver-operator/tree/4302637f4d521bd9880de93df6bc41d44a4b0756) * [OCPBUGS-33930](https://issues.redhat.com/browse/OCPBUGS-33930): add a controller that reconciles SCCs' volumes [#1681](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1681) * [OCPBUGS-31506](https://issues.redhat.com/browse/OCPBUGS-31506): Add sno section to alert description [#1658](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1658) * [OCPBUGS-31316](https://issues.redhat.com/browse/OCPBUGS-31316): add provider name to cluster_infrastructure_provider when external platform [#1657](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1657) * [OCPBUGS-29722](https://issues.redhat.com/browse/OCPBUGS-29722): webhookcontroller: report when a webhook resource is missing a caBundle provided by the service-ca-operator [#1650](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1650) * [OCPBUGS-29722](https://issues.redhat.com/browse/OCPBUGS-29722): webhookcontroller: report when a webhook resource is missing a caBundle provided by the service-ca-operator [#1646](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1646) * [OCPBUGS-25384](https://issues.redhat.com/browse/OCPBUGS-25384): psa cluster fleet evaluation [#1600](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1600) * : OCPBUGS-24022: Add workload partitioning annotation [#1590](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1590) * : OCPBUGS-20898: bump library-go to include switch to HTTP/1.1 [#1569](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1569) * [OCPBUGS-22718](https://issues.redhat.com/browse/OCPBUGS-22718): [release-4.14] OCPBUGS-20331: manifests: rename API performance dashboard [#1570](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1570) * [Full changelog](https://github.com/openshift/cluster-kube-apiserver-operator/compare/8b38d12efe5f4c4906473acbe53e36961e91490f...4302637f4d521bd9880de93df6bc41d44a4b0756) ### [cluster-kube-cluster-api-operator](https://github.com/openshift/cluster-api-operator/tree/b287d08b3dabe6b3b67b87a8a284f19ed12a165e) * [release 4.14] OCPBUGS-20999: Bump golang.org/x/net to v0.17.0 [#27](https://github.com/openshift/cluster-api-operator/pull/27) * [Full changelog](https://github.com/openshift/cluster-api-operator/compare/466582d5b0ecd28b1d62a3300fbe3770dca6224a...b287d08b3dabe6b3b67b87a8a284f19ed12a165e) ### [cluster-kube-controller-manager-operator](https://github.com/openshift/cluster-kube-controller-manager-operator/tree/4e059638c2cbf003551ee699106dc024760eece3) * [OCPBUGS-28247](https://issues.redhat.com/browse/OCPBUGS-28247): Remove "include.release.openshift.io/ibm-cloud-managed:" annotation [#791](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/791) * [OCPBUGS-27063](https://issues.redhat.com/browse/OCPBUGS-27063): bump(library-go)=release-4.14 [#787](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/787) * [OCPBUGS-21088](https://issues.redhat.com/browse/OCPBUGS-21088): Bump deps to address CVE-2023-44487 [4.14] [#764](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/764) * [Full changelog](https://github.com/openshift/cluster-kube-controller-manager-operator/compare/78354fc395484f25482319281fd48a2de4d5c40b...4e059638c2cbf003551ee699106dc024760eece3) ### [cluster-kube-scheduler-operator](https://github.com/openshift/cluster-kube-scheduler-operator/tree/33f630dc1f890ca59c5e57fb5b6cc24a3f22a1d4) * [OCPBUGS-27022](https://issues.redhat.com/browse/OCPBUGS-27022): bump(library-go)=release-4.14 [#527](https://github.com/openshift/cluster-kube-scheduler-operator/pull/527) * [OCPBUGS-21737](https://issues.redhat.com/browse/OCPBUGS-21737): bump(k8s,openshift) to address CVE-2023-44487 [#504](https://github.com/openshift/cluster-kube-scheduler-operator/pull/504) * [Full changelog](https://github.com/openshift/cluster-kube-scheduler-operator/compare/dd7f55355efb68f3d3566a9405ef70530140e065...33f630dc1f890ca59c5e57fb5b6cc24a3f22a1d4) ### [cluster-kube-storage-version-migrator-operator](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/tree/9cd9922a42a64fe058718f10e3b4123b943bb55f) * : OCPBUGS-21371: bump library-go to include switch to HTTP/1.1 [#96](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/96) * [Full changelog](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/compare/332cb1cd0f9a00c03e3f9d400ae8483abd03036c...9cd9922a42a64fe058718f10e3b4123b943bb55f) ### [cluster-machine-approver](https://github.com/openshift/cluster-machine-approver/tree/711b4f6eeb038f8c7bd88db3ea51ebad350a116d) * [OCPBUGS-28745](https://issues.redhat.com/browse/OCPBUGS-28745): Increase concurrent reconciles to 10 [#228](https://github.com/openshift/cluster-machine-approver/pull/228) * [OCPBUGS-23150](https://issues.redhat.com/browse/OCPBUGS-23150): Filter non node CSRs in metrics [#209](https://github.com/openshift/cluster-machine-approver/pull/209) * [OCPBUGS-21468](https://issues.redhat.com/browse/OCPBUGS-21468): Bump x/net package to v0.17.0 [#206](https://github.com/openshift/cluster-machine-approver/pull/206) * [Full changelog](https://github.com/openshift/cluster-machine-approver/compare/d364966705ccb291cc9e14a614c3a2f638128b81...711b4f6eeb038f8c7bd88db3ea51ebad350a116d) ### [cluster-monitoring-operator](https://github.com/openshift/cluster-monitoring-operator/tree/618dee4f3101ce9468e55c51ad3c436e8367ae41) * [OCPBUGS-34023](https://issues.redhat.com/browse/OCPBUGS-34023): fix KRP permissions for Thanos Querier [#2374](https://github.com/openshift/cluster-monitoring-operator/pull/2374) * [OCPBUGS-33585](https://issues.redhat.com/browse/OCPBUGS-33585): fix Thanos ruler alert generator url [#2345](https://github.com/openshift/cluster-monitoring-operator/pull/2345) * [OCPBUGS-28768](https://issues.redhat.com/browse/OCPBUGS-28768): fix generation of telemeter token hash [#2304](https://github.com/openshift/cluster-monitoring-operator/pull/2304) * [OCPBUGS-27471](https://issues.redhat.com/browse/OCPBUGS-27471): prevent plugin entry assets from caching [#2241](https://github.com/openshift/cluster-monitoring-operator/pull/2241) * [OCPBUGS-25800](https://issues.redhat.com/browse/OCPBUGS-25800): Wait for 3 (instead of 2) consecutive failing reconcil… [#2216](https://github.com/openshift/cluster-monitoring-operator/pull/2216) * [OCPBUGS-27418](https://issues.redhat.com/browse/OCPBUGS-27418): go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to 0.44.0 [#2239](https://github.com/openshift/cluster-monitoring-operator/pull/2239) * [OCPBUGS-25799](https://issues.redhat.com/browse/OCPBUGS-25799): Detect ipv4/ipv6 socket in pod ip for nginx conf [#2215](https://github.com/openshift/cluster-monitoring-operator/pull/2215) * [OCPBUGS-25387](https://issues.redhat.com/browse/OCPBUGS-25387): Add RHACM telemetry metric for 4.14 [#2202](https://github.com/openshift/cluster-monitoring-operator/pull/2202) * [OCPBUGS-21473](https://issues.redhat.com/browse/OCPBUGS-21473): Set the new --disable-http2 flag for prometheus-adapter to disable HTTP2 [#2147](https://github.com/openshift/cluster-monitoring-operator/pull/2147) * [OCPBUGS-22917](https://issues.redhat.com/browse/OCPBUGS-22917): jsonnet: pin commits [#2143](https://github.com/openshift/cluster-monitoring-operator/pull/2143) * [OCPBUGS-22734](https://issues.redhat.com/browse/OCPBUGS-22734): [release-4.14] add RHACS telemetry metrics [#2137](https://github.com/openshift/cluster-monitoring-operator/pull/2137) * [OCPBUGS-21264](https://issues.redhat.com/browse/OCPBUGS-21264): [release-4.14] fix: force HTTP/1.1 connections [#2130](https://github.com/openshift/cluster-monitoring-operator/pull/2130) * [Full changelog](https://github.com/openshift/cluster-monitoring-operator/compare/6a1a0ffab4bfe635ec06c2b800f9eff450aac118...618dee4f3101ce9468e55c51ad3c436e8367ae41) ### [cluster-network-operator](https://github.com/openshift/cluster-network-operator/tree/796bf8f5d5268e1123f033a644b7c7abf3bec823) * [OCPBUGS-27925](https://issues.redhat.com/browse/OCPBUGS-27925), [OCPBUGS-30579](https://issues.redhat.com/browse/OCPBUGS-30579): [release-4.14] tighten conditions for the state transitions in IC upgrade [#2207](https://github.com/openshift/cluster-network-operator/pull/2207) * [OCPBUGS-30021](https://issues.redhat.com/browse/OCPBUGS-30021): Fully disable network-node-identity on ROKS [#2315](https://github.com/openshift/cluster-network-operator/pull/2315) * [OCPBUGS-31669](https://issues.redhat.com/browse/OCPBUGS-31669): [release-4.14] ensure local networking deployments within hypershift use the client side load balancer to be resilient to control plane node failures [#2311](https://github.com/openshift/cluster-network-operator/pull/2311) * [OCPBUGS-31360](https://issues.redhat.com/browse/OCPBUGS-31360): Remove egressip write permissions from ovn-kubernetes-node [#2320](https://github.com/openshift/cluster-network-operator/pull/2320) * [OCPBUGS-30021](https://issues.redhat.com/browse/OCPBUGS-30021): [release-4.14] Disable network-node-identity on ROKS [#2286](https://github.com/openshift/cluster-network-operator/pull/2286) * [OCPBUGS-30100](https://issues.redhat.com/browse/OCPBUGS-30100): ipsec: fix openssl typo [#2287](https://github.com/openshift/cluster-network-operator/pull/2287) * [OCPBUGS-29168](https://issues.redhat.com/browse/OCPBUGS-29168): add env var in whereabouts-reconciler daemonset [#2257](https://github.com/openshift/cluster-network-operator/pull/2257) * [OCPBUGS-26573](https://issues.redhat.com/browse/OCPBUGS-26573): Improve troubleshooting IC upgrades [#2076](https://github.com/openshift/cluster-network-operator/pull/2076) * [OCPBUGS-29033](https://issues.redhat.com/browse/OCPBUGS-29033): network node identity: tolarate all taints [#2248](https://github.com/openshift/cluster-network-operator/pull/2248) * [OCPBUGS-18281](https://issues.redhat.com/browse/OCPBUGS-18281): only 2 master nodes are required for ovn-kubernetes [#2154](https://github.com/openshift/cluster-network-operator/pull/2154) * [OCPBUGS-29300](https://issues.redhat.com/browse/OCPBUGS-29300): Update ingressconfig_controller to use field Manager [#2266](https://github.com/openshift/cluster-network-operator/pull/2266) * [OCPBUGS-28608](https://issues.redhat.com/browse/OCPBUGS-28608): fix whereabouts conformance test failures [#2235](https://github.com/openshift/cluster-network-operator/pull/2235) * NO-JIRA: add kyrtapz as reviewer and approver for release 4.14 [#2228](https://github.com/openshift/cluster-network-operator/pull/2228) * [OCPBUGS-27858](https://issues.redhat.com/browse/OCPBUGS-27858): [release-4.14] Add ConfigMap mount to the whereabouts-reconciler DaemonSet [#2219](https://github.com/openshift/cluster-network-operator/pull/2219) * [OCPBUGS-27013](https://issues.redhat.com/browse/OCPBUGS-27013): HyperShift, network-node-identity: Check the deployment in the management cluster [#2195](https://github.com/openshift/cluster-network-operator/pull/2195) * [OCPBUGS-24326](https://issues.redhat.com/browse/OCPBUGS-24326): adminpolicybasedexternalroutes CR accepts an invalid IP address [#2196](https://github.com/openshift/cluster-network-operator/pull/2196) * [OCPBUGS-24037](https://issues.redhat.com/browse/OCPBUGS-24037): remove all managed fields used by old manager [#2112](https://github.com/openshift/cluster-network-operator/pull/2112) * [OCPBUGS-24320](https://issues.redhat.com/browse/OCPBUGS-24320): Add apbroute/status patch rights for ovnkube-node to update status [#2143](https://github.com/openshift/cluster-network-operator/pull/2143) * [OCPBUGS-22787](https://issues.redhat.com/browse/OCPBUGS-22787), [OCPBUGS-22788](https://issues.redhat.com/browse/OCPBUGS-22788), [OCPBUGS-22789](https://issues.redhat.com/browse/OCPBUGS-22789): ovnkube: container scripts cleanup [#2090](https://github.com/openshift/cluster-network-operator/pull/2090) * [OCPBUGS-23371](https://issues.redhat.com/browse/OCPBUGS-23371): hypershift, hosted clusters: enable multi-homing and multi-net features [#2117](https://github.com/openshift/cluster-network-operator/pull/2117) * [OCPBUGS-21717](https://issues.redhat.com/browse/OCPBUGS-21717): Bump golang.org/x/net and github.com/openshift/library-go [#2122](https://github.com/openshift/cluster-network-operator/pull/2122) * [OCPBUGS-24633](https://issues.redhat.com/browse/OCPBUGS-24633): ipsec add pluto restart [#2152](https://github.com/openshift/cluster-network-operator/pull/2152) * [OCPBUGS-22363](https://issues.redhat.com/browse/OCPBUGS-22363): Added HCP label to CNO pods [#2081](https://github.com/openshift/cluster-network-operator/pull/2081) * [OCPBUGS-22286](https://issues.redhat.com/browse/OCPBUGS-22286): hypershift: adjust backoff on infrastructure name retry [#2078](https://github.com/openshift/cluster-network-operator/pull/2078) * [OCPBUGS-23011](https://issues.redhat.com/browse/OCPBUGS-23011): Block upgrades to 4.15 with Kuryr [#2096](https://github.com/openshift/cluster-network-operator/pull/2096) * [OCPBUGS-23315](https://issues.redhat.com/browse/OCPBUGS-23315): set automountServiceAccountToken to false for hypershift managed network-node-identity deploy [#2107](https://github.com/openshift/cluster-network-operator/pull/2107) * [OCPBUGS-19897](https://issues.redhat.com/browse/OCPBUGS-19897): HyperShift: Use the local konnectivity proxy when checking proxy readiness [#2043](https://github.com/openshift/cluster-network-operator/pull/2043) * [Full changelog](https://github.com/openshift/cluster-network-operator/compare/5572bce9c04feaf970862db03fe4c4fe03b912b4...796bf8f5d5268e1123f033a644b7c7abf3bec823) ### [cluster-node-tuning-operator](https://github.com/openshift/cluster-node-tuning-operator/tree/ce4b975b395cae629f120934326d9b1a9a75d0a3) * [OCPBUGS-30153](https://issues.redhat.com/browse/OCPBUGS-30153): fix rendering extra ctrcfgs (#978) [#978](https://github.com/openshift/cluster-node-tuning-operator/pull/978) * fix extra-reboot on upgrade with paused mcp worker (#1053) [#1053](https://github.com/openshift/cluster-node-tuning-operator/pull/1053) * [OCPBUGS-31694](https://issues.redhat.com/browse/OCPBUGS-31694): E2E: Workload hints test cases fixes (#1012) (#1052) [#1012](https://github.com/openshift/cluster-node-tuning-operator/pull/1012) * Systemd processes not being moved to cpuset/systemd.slice fix (#1040) [#1040](https://github.com/openshift/cluster-node-tuning-operator/pull/1040) * Reduce number of reboots in offline tests (#1035) [#1035](https://github.com/openshift/cluster-node-tuning-operator/pull/1035) * [OCPBUGS-30507](https://issues.redhat.com/browse/OCPBUGS-30507): Add performance real time tuned template (#984) (#1025) [#984](https://github.com/openshift/cluster-node-tuning-operator/pull/984) * Report duplicate priority only for multiple matching profiles (#1018) [#1018](https://github.com/openshift/cluster-node-tuning-operator/pull/1018) * Scheduler plugin: ignore IRQs (#1023) [#1023](https://github.com/openshift/cluster-node-tuning-operator/pull/1023) * irqbalance: set banned cpus list to 0 (#994) [#994](https://github.com/openshift/cluster-node-tuning-operator/pull/994) * [OCPBUGS-18640](https://issues.redhat.com/browse/OCPBUGS-18640): [release-4.14][manual] backport performance profile owner reference ehnancements (#989) [#989](https://github.com/openshift/cluster-node-tuning-operator/pull/989) * rps: fail silently when rps application failed (#901) [#901](https://github.com/openshift/cluster-node-tuning-operator/pull/901) * [OCPBUGS-25982](https://issues.redhat.com/browse/OCPBUGS-25982): E2E: Add tests for Dynamic ovs pinning (#904) (#913) [#904](https://github.com/openshift/cluster-node-tuning-operator/pull/904) * [OCPBUGS-26003](https://issues.redhat.com/browse/OCPBUGS-26003): E2E: PPC Test cases (#905) [#905](https://github.com/openshift/cluster-node-tuning-operator/pull/905) * Make MC names deterministic (#903) [#903](https://github.com/openshift/cluster-node-tuning-operator/pull/903) * [OCPBUGS-25671](https://issues.redhat.com/browse/OCPBUGS-25671): rps: fix mask update for SR-IOV devices (#891) [#891](https://github.com/openshift/cluster-node-tuning-operator/pull/891) * [OCPBUGS-18640](https://issues.redhat.com/browse/OCPBUGS-18640): Fix Racing Machine Configs and add Day 0 Support (#854) (#871) [#854](https://github.com/openshift/cluster-node-tuning-operator/pull/854) * [OCPBUGS-24638](https://issues.redhat.com/browse/OCPBUGS-24638): Do not set default RPS sysctl twice (#880) [#880](https://github.com/openshift/cluster-node-tuning-operator/pull/880) * [OCPBUGS-21845](https://issues.redhat.com/browse/OCPBUGS-21845): rps: trigger udev event per queue #832 (#832) [#832](https://github.com/openshift/cluster-node-tuning-operator/pull/832) * [OCPBUGS-21845](https://issues.redhat.com/browse/OCPBUGS-21845): e2e:rps: improve logging (#831) [#831](https://github.com/openshift/cluster-node-tuning-operator/pull/831) * render: change dir path (#826) [#826](https://github.com/openshift/cluster-node-tuning-operator/pull/826) * Disable HTTP/2 for webhook and metrics servers (#841) [#841](https://github.com/openshift/cluster-node-tuning-operator/pull/841) * Remove obsolete protocols and weak ciphers (#835) [#835](https://github.com/openshift/cluster-node-tuning-operator/pull/835) * [Full changelog](https://github.com/openshift/cluster-node-tuning-operator/compare/a91f9945a89f6c5b68ee15618d20bc89e1c0caa6...ce4b975b395cae629f120934326d9b1a9a75d0a3) ### [cluster-olm-operator](https://github.com/openshift/cluster-olm-operator/tree/0dbbb6132ced379602040731ff889eebb4202e73) * [OCPBUGS-25481](https://issues.redhat.com/browse/OCPBUGS-25481): NO-ISSUE: Bump k8s.io/apiextensions-apiserver [#41](https://github.com/openshift/cluster-olm-operator/pull/41) * [OCPBUGS-22581](https://issues.redhat.com/browse/OCPBUGS-22581): [release-4.14] OCPBUGS-24652: Bump k8s dependencies [#38](https://github.com/openshift/cluster-olm-operator/pull/38) * [Full changelog](https://github.com/openshift/cluster-olm-operator/compare/9e05f328825215a8ad58c9023c0f9d62c843c5aa...0dbbb6132ced379602040731ff889eebb4202e73) ### [cluster-openshift-apiserver-operator](https://github.com/openshift/cluster-openshift-apiserver-operator/tree/700dc111fd98c315648a78371b11be34fa4dbba3) * [OCPBUGS-28247](https://issues.redhat.com/browse/OCPBUGS-28247): Remove "include.release.openshift.io/ibm-cloud-managed:" annotation [#570](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/570) * : OCPBUGS-20724: bump library-go to include switch to HTTP/1.1 [#554](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/554) * [Full changelog](https://github.com/openshift/cluster-openshift-apiserver-operator/compare/00f7e4cc95063ba5aba1992568088d924cfbf516...700dc111fd98c315648a78371b11be34fa4dbba3) ### [cluster-openshift-controller-manager-operator](https://github.com/openshift/cluster-openshift-controller-manager-operator/tree/3985c55f99e1ea013be2db096059c09b2ed98118) * [OCPBUGS-28951](https://issues.redhat.com/browse/OCPBUGS-28951): Replace 'coreydaley' with 'sayan-biswas' in OWNERS file [#328](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/328) * [OCPBUGS-23490](https://issues.redhat.com/browse/OCPBUGS-23490): Remove blockage of ConfigObserver by build informer has synced flag [#318](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/318) * [OCPBUGS-20818](https://issues.redhat.com/browse/OCPBUGS-20818): bump(k8s,openshift) to address CVE-2023-44487 [4.14] [#309](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/309) * [Full changelog](https://github.com/openshift/cluster-openshift-controller-manager-operator/compare/d6ded7f422c87ceea152a22976833f4148d9b954...3985c55f99e1ea013be2db096059c09b2ed98118) ### [cluster-policy-controller](https://github.com/openshift/cluster-policy-controller/tree/219f6f6f072d867201d4923d39fd8bcaecbe7c59) * [OCPBUGS-21122](https://issues.redhat.com/browse/OCPBUGS-21122): bump(k8s,openshift) to address CVE-2023-44487 [4.14] [#139](https://github.com/openshift/cluster-policy-controller/pull/139) * [Full changelog](https://github.com/openshift/cluster-policy-controller/compare/8af8cf302764c912993869db399b22f6c53b52c5...219f6f6f072d867201d4923d39fd8bcaecbe7c59) ### [cluster-samples-operator](https://github.com/openshift/cluster-samples-operator/tree/61a34659e4499188ab6f790e3a07aba8be9e9bdd) * [OCPBUGS-21217](https://issues.redhat.com/browse/OCPBUGS-21217): CVE-2023-39325 ose-cluster-samples-operator-container:golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) [#539](https://github.com/openshift/cluster-samples-operator/pull/539) * [OCPBUGS-22257](https://issues.redhat.com/browse/OCPBUGS-22257): Sync library to remove invalid dockerhub references for OKD [#520](https://github.com/openshift/cluster-samples-operator/pull/520) * [Full changelog](https://github.com/openshift/cluster-samples-operator/compare/5e0d408e382eea606527ac32a750e0117a3214e1...61a34659e4499188ab6f790e3a07aba8be9e9bdd) ### [cluster-storage-operator](https://github.com/openshift/cluster-storage-operator/tree/6c652a5e10dd7e6cbf5ec02a2e1afbc794c26192) * [OCPBUGS-33467](https://issues.redhat.com/browse/OCPBUGS-33467): Fix problem-detector proxy setting [#472](https://github.com/openshift/cluster-storage-operator/pull/472) * [OCPBUGS-30054](https://issues.redhat.com/browse/OCPBUGS-30054): Update AWSCSIDriverConfigSpec fields validation to accept all curren [#462](https://github.com/openshift/cluster-storage-operator/pull/462) * [OCPBUGS-28988](https://issues.redhat.com/browse/OCPBUGS-28988): Allow vSphere CSI driver to be disabled [#449](https://github.com/openshift/cluster-storage-operator/pull/449) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#416](https://github.com/openshift/cluster-storage-operator/pull/416) * [OCPBUGS-23210](https://issues.redhat.com/browse/OCPBUGS-23210): [IBM ROKS] cluster-storage-operator does not set upgradeable=True [#419](https://github.com/openshift/cluster-storage-operator/pull/419) * [Full changelog](https://github.com/openshift/cluster-storage-operator/compare/dbb1514dbf9923c56a4a198374cc59e45f9bc0cc...6c652a5e10dd7e6cbf5ec02a2e1afbc794c26192) ### [cluster-update-keys](https://github.com/openshift/cluster-update-keys/tree/e0c26a084139906e866d9eec89f05d2d3211b334) * [OCPBUGS-10126](https://issues.redhat.com/browse/OCPBUGS-10126): Updating ose-agent-installer-orchestrator images to be consistent with ART [#48](https://github.com/openshift/cluster-update-keys/pull/48) * [Full changelog](https://github.com/openshift/cluster-update-keys/compare/9dd3eedebc62725e806d7b52d640b70e61a96f98...e0c26a084139906e866d9eec89f05d2d3211b334) ### [cluster-version-operator](https://github.com/openshift/cluster-version-operator/tree/af210dc66d38bce5793155aac8bfb6220a7085d9) * [OCPBUGS-30878](https://issues.redhat.com/browse/OCPBUGS-30878): install/0000_90_cluster-version-operator_02_servicemonitor: Drop $ from ${{ [#1040](https://github.com/openshift/cluster-version-operator/pull/1040) * [OCPBUGS-27822](https://issues.redhat.com/browse/OCPBUGS-27822): Revert "[release-4.14] OCPBUGS-27175: clusterOperatorBuilder: Reconcile metadata on COs" [#1028](https://github.com/openshift/cluster-version-operator/pull/1028) * [OCPBUGS-27175](https://issues.redhat.com/browse/OCPBUGS-27175): clusterOperatorBuilder: Reconcile metadata on COs [#1021](https://github.com/openshift/cluster-version-operator/pull/1021) * [OCPBUGS-27048](https://issues.redhat.com/browse/OCPBUGS-27048): pkg/payload/precondition/clusterversion/rollback: Allow previous version within z-stream [#1018](https://github.com/openshift/cluster-version-operator/pull/1018) * [OCPBUGS-26207](https://issues.redhat.com/browse/OCPBUGS-26207): pkg/cvo/availableupdates: Only bump LastAttempt on Cincinnati pulls [#1016](https://github.com/openshift/cluster-version-operator/pull/1016) * [OCPBUGS-20762](https://issues.redhat.com/browse/OCPBUGS-20762): [4.14] Bump http-related deps [#986](https://github.com/openshift/cluster-version-operator/pull/986) * [Full changelog](https://github.com/openshift/cluster-version-operator/compare/a091f80be76fbcb92fe49b2668c81fe6bf685c4e...af210dc66d38bce5793155aac8bfb6220a7085d9) ### [console](https://github.com/openshift/console/tree/c802a329ebd8bc5d153ad39c24ff04f63a0cdc09) * [OCPBUGS-33558](https://issues.redhat.com/browse/OCPBUGS-33558): Display "With Data upload form" in Create PVC drop down once [#13840](https://github.com/openshift/console/pull/13840) * [OCPBUGS-33064](https://issues.redhat.com/browse/OCPBUGS-33064): Fix PipelineRun Logs tab navigation [#13673](https://github.com/openshift/console/pull/13673) * [OCPBUGS-33321](https://issues.redhat.com/browse/OCPBUGS-33321): Helm Plugin's Catalog incorrectly renders a single index entry into multiple tiles [#13824](https://github.com/openshift/console/pull/13824) * [OCPBUGS-33635](https://issues.redhat.com/browse/OCPBUGS-33635): restrict Masthead logo to max-height to 60px [#13847](https://github.com/openshift/console/pull/13847) * [OCPBUGS-33640](https://issues.redhat.com/browse/OCPBUGS-33640): Add visual connector between VMs and non VMs workloads [#13848](https://github.com/openshift/console/pull/13848) * [OCPBUGS-33462](https://issues.redhat.com/browse/OCPBUGS-33462): fix issues with Edit Route form [#13831](https://github.com/openshift/console/pull/13831) * [OCPBUGS-33110](https://issues.redhat.com/browse/OCPBUGS-33110): change OperatorHub filter FIPS Mode to Designed for FIPS [#13804](https://github.com/openshift/console/pull/13804) * [OCPBUGS-32697](https://issues.redhat.com/browse/OCPBUGS-32697): Routes created by devfiles do not always use HTTPS [#13787](https://github.com/openshift/console/pull/13787) * [OCPBUGS-21799](https://issues.redhat.com/browse/OCPBUGS-21799): Fix empty editor error [#13256](https://github.com/openshift/console/pull/13256) * [OCPBUGS-32168](https://issues.redhat.com/browse/OCPBUGS-32168): fix bug where paused MCPs were incorrectly unpausing w… [#13753](https://github.com/openshift/console/pull/13753) * [OCPBUGS-20173](https://issues.redhat.com/browse/OCPBUGS-20173): Console should not panic when no response is retrieved for plugin assets [#13217](https://github.com/openshift/console/pull/13217) * [OCPBUGS-31388](https://issues.redhat.com/browse/OCPBUGS-31388): Application creation fail when manually entering input scaling value in local setup [#13697](https://github.com/openshift/console/pull/13697) * [OCPBUGS-31394](https://issues.redhat.com/browse/OCPBUGS-31394): PipelineRuns in Console show wrong status or load indefinitely [#13698](https://github.com/openshift/console/pull/13698) * [OCPBUGS-31864](https://issues.redhat.com/browse/OCPBUGS-31864): Fix config ini format [#13738](https://github.com/openshift/console/pull/13738) * [OCPBUGS-25145](https://issues.redhat.com/browse/OCPBUGS-25145): fix vCenter cluster being empty [#13436](https://github.com/openshift/console/pull/13436) * [OCPBUGS-28746](https://issues.redhat.com/browse/OCPBUGS-28746): fix bug where Expand PVC modal assumes pvc.spec.resou… [#13558](https://github.com/openshift/console/pull/13558) * [OCPBUGS-29783](https://issues.redhat.com/browse/OCPBUGS-29783): Fix operands list endpoint [#13625](https://github.com/openshift/console/pull/13625) * [OCPBUGS-29813](https://issues.redhat.com/browse/OCPBUGS-29813): Release 4.14 backports [#13646](https://github.com/openshift/console/pull/13646) * [OCPBUGS-29813](https://issues.redhat.com/browse/OCPBUGS-29813): Addition of optional chaining to prevent yaml crash [#13541](https://github.com/openshift/console/pull/13541) * [OCPBUGS-25274](https://issues.redhat.com/browse/OCPBUGS-25274): Add support for Azure Workload Identity / Federated Identity based in… [#13642](https://github.com/openshift/console/pull/13642) * [OCPBUGS-28972](https://issues.redhat.com/browse/OCPBUGS-28972): Add flags checks to hide Pipeline static plugin List and details pages [#13572](https://github.com/openshift/console/pull/13572) * [OCPBUGS-27898](https://issues.redhat.com/browse/OCPBUGS-27898): Add support for custom segment domains (to load JS and make API calls) [#13540](https://github.com/openshift/console/pull/13540) * [OCPBUGS-29349](https://issues.redhat.com/browse/OCPBUGS-29349): Error in displaying BuildRun logs in Console [#13601](https://github.com/openshift/console/pull/13601) * [OCPBUGS-29100](https://issues.redhat.com/browse/OCPBUGS-29100): Pipeline Name gets changed to "new-pipeline" on the Edit Pipeline YAML/Builder [#13585](https://github.com/openshift/console/pull/13585) * [OCPBUGS-29239](https://issues.redhat.com/browse/OCPBUGS-29239): Add a new allowInsecure option to the internet proxy [#13592](https://github.com/openshift/console/pull/13592) * [OCPBUGS-28990](https://issues.redhat.com/browse/OCPBUGS-28990): update check for the 'provider' label on the PackageMa… [#13573](https://github.com/openshift/console/pull/13573) * [OCPBUGS-27157](https://issues.redhat.com/browse/OCPBUGS-27157): add additional check to determine if file is binary [#13507](https://github.com/openshift/console/pull/13507) * [OCPBUGS-28635](https://issues.redhat.com/browse/OCPBUGS-28635): Bump graphql-go to v1.3.0 [#13553](https://github.com/openshift/console/pull/13553) * [OCPBUGS-27305](https://issues.redhat.com/browse/OCPBUGS-27305): Copy response code from proxied plugin requests [#13517](https://github.com/openshift/console/pull/13517) * [OCPBUGS-27851](https://issues.redhat.com/browse/OCPBUGS-27851): fix bug where Clone PVC modal assumes pvc.spec.resourc… [#13537](https://github.com/openshift/console/pull/13537) * [OCPBUGS-27350](https://issues.redhat.com/browse/OCPBUGS-27350): Add Pipeline metrics tab using plugin [#13520](https://github.com/openshift/console/pull/13520) * [OCPBUGS-26171](https://issues.redhat.com/browse/OCPBUGS-26171): Set unlimited line width in YAML editor [#13482](https://github.com/openshift/console/pull/13482) * [OCPBUGS-24640](https://issues.redhat.com/browse/OCPBUGS-24640): Strip 'Server' header from proxy response [#13423](https://github.com/openshift/console/pull/13423) * [OCPBUGS-25997](https://issues.redhat.com/browse/OCPBUGS-25997): change Alertmanager form to create using matchers inst… [#13478](https://github.com/openshift/console/pull/13478) * [OCPBUGS-24349](https://issues.redhat.com/browse/OCPBUGS-24349): Fix crash when ArtifactHub Task has no version [#13399](https://github.com/openshift/console/pull/13399) * [OCPBUGS-25397](https://issues.redhat.com/browse/OCPBUGS-25397): fix runtime error on Node details Overview when Machin… [#13446](https://github.com/openshift/console/pull/13446) * [OCPBUGS-23771](https://issues.redhat.com/browse/OCPBUGS-23771): Fix for yaml editor that crashes with MCE and ACM plugins enabled [#13360](https://github.com/openshift/console/pull/13360) * [OCPBUGS-24667](https://issues.redhat.com/browse/OCPBUGS-24667): Fix plugin proxy handler [#13425](https://github.com/openshift/console/pull/13425) * [OCPBUGS-24474](https://issues.redhat.com/browse/OCPBUGS-24474): S2I Build Wizard should check for Containerfile in addition to Dockerfile [#13415](https://github.com/openshift/console/pull/13415) * [OCPBUGS-24432](https://issues.redhat.com/browse/OCPBUGS-24432): fix filtering issues on Events [#13413](https://github.com/openshift/console/pull/13413) * [OCPBUGS-24352](https://issues.redhat.com/browse/OCPBUGS-24352): add access review for impersonate [#13400](https://github.com/openshift/console/pull/13400) * [OCPBUGS-22240](https://issues.redhat.com/browse/OCPBUGS-22240): Save also the location.search and .hash values in localStorage to restore them after login [#13270](https://github.com/openshift/console/pull/13270) * [OCPBUGS-24293](https://issues.redhat.com/browse/OCPBUGS-24293): ConsolePlugin metrics must no longer be grouped by the vendor [#13391](https://github.com/openshift/console/pull/13391) * [OCPBUGS-24423](https://issues.redhat.com/browse/OCPBUGS-24423): Searching for items in quick search is confusing [#13412](https://github.com/openshift/console/pull/13412) * [OCPBUGS-22375](https://issues.redhat.com/browse/OCPBUGS-22375): Delete results.tekton.dev annotations before rerun the pipelineRun [#13278](https://github.com/openshift/console/pull/13278) * [OCPBUGS-22478](https://issues.redhat.com/browse/OCPBUGS-22478): Extra space is in the translation text(Chinese) of 'Create rolebinding' and 'replicate rolebinding' [#13290](https://github.com/openshift/console/pull/13290) * [OCPBUGS-24196](https://issues.redhat.com/browse/OCPBUGS-24196): ApiVersion displayed on console is v1alpha1 whereas we support v1beta1 [#13402](https://github.com/openshift/console/pull/13402) * [OCPBUGS-23423](https://issues.redhat.com/browse/OCPBUGS-23423): Cannot Edit Shipwright Build [#13343](https://github.com/openshift/console/pull/13343) * [OCPBUGS-22980](https://issues.redhat.com/browse/OCPBUGS-22980): remove expandable toggle for conditional update risk d… [#13308](https://github.com/openshift/console/pull/13308) * [OCPBUGS-22374](https://issues.redhat.com/browse/OCPBUGS-22374): Telemetry- Current page was sometimes not tracked when reloading the current page [#13277](https://github.com/openshift/console/pull/13277) * [OCPBUGS-22177](https://issues.redhat.com/browse/OCPBUGS-22177): Channel page shows "Required" message for the default name when navigate to create channel page [#13262](https://github.com/openshift/console/pull/13262) * [OCPBUGS-19371](https://issues.redhat.com/browse/OCPBUGS-19371): Upgrade DomainMapping apiVersion to v1beta1 [#13165](https://github.com/openshift/console/pull/13165) * [OCPBUGS-19416](https://issues.redhat.com/browse/OCPBUGS-19416): Correct logout process [#13173](https://github.com/openshift/console/pull/13173) * [OCPBUGS-22285](https://issues.redhat.com/browse/OCPBUGS-22285): updating doc links for 4.14 GA [#13273](https://github.com/openshift/console/pull/13273) * [OCPBUGS-19845](https://issues.redhat.com/browse/OCPBUGS-19845): mock apis for git repo in test serverless function tests [#13199](https://github.com/openshift/console/pull/13199) * [OCPBUGS-22460](https://issues.redhat.com/browse/OCPBUGS-22460): Fix the forms when BC is not installed in the cluster [#13288](https://github.com/openshift/console/pull/13288) * [OCPBUGS-21877](https://issues.redhat.com/browse/OCPBUGS-21877): add support for new features annotations while preserv… [#13258](https://github.com/openshift/console/pull/13258) * [OCPBUGS-22377](https://issues.redhat.com/browse/OCPBUGS-22377): Fixed Edit Application form for Knative Services [#13279](https://github.com/openshift/console/pull/13279) * [Full changelog](https://github.com/openshift/console/compare/c16ab01920d47d71a8853f70181ff5bb6cd1f374...c802a329ebd8bc5d153ad39c24ff04f63a0cdc09) ### [console-operator](https://github.com/openshift/console-operator/tree/855f3fcebb968880eca12713f01157aedee98d64) * [OCPBUGS-21029](https://issues.redhat.com/browse/OCPBUGS-21029): Bump library-go and golang.org/x/net [#850](https://github.com/openshift/console-operator/pull/850) * [OCPBUGS-23968](https://issues.redhat.com/browse/OCPBUGS-23968): Disable route controller health check for NLB setup [#817](https://github.com/openshift/console-operator/pull/817) * [OCPBUGS-24293](https://issues.redhat.com/browse/OCPBUGS-24293): ConsolePlugin metrics must no longer be grouped by the vendor [#820](https://github.com/openshift/console-operator/pull/820) * [OCPBUGS-22274](https://issues.redhat.com/browse/OCPBUGS-22274): Disable HTTP/2 for webhook [#803](https://github.com/openshift/console-operator/pull/803) * [OCPBUGS-20480](https://issues.redhat.com/browse/OCPBUGS-20480): Reset console operator's conditions [#797](https://github.com/openshift/console-operator/pull/797) * [Full changelog](https://github.com/openshift/console-operator/compare/483bbcfcf019a58afb70ae1b021ba01e074b09e0...855f3fcebb968880eca12713f01157aedee98d64) ### [container-networking-plugins](https://github.com/openshift/containernetworking-plugins/tree/bab8a4f7a868f47f87171c2ef5c1e0b9ae388407) * [OCPBUGS-33066](https://issues.redhat.com/browse/OCPBUGS-33066): macvlan enable ipv6 ndisc_notify [#160](https://github.com/openshift/containernetworking-plugins/pull/160) * [OCPBUGS-20374](https://issues.redhat.com/browse/OCPBUGS-20374): build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 [backport 4.14] [#129](https://github.com/openshift/containernetworking-plugins/pull/129) * [Full changelog](https://github.com/openshift/containernetworking-plugins/compare/463386589579bd9e74578b3c0fb278840570cd0f...bab8a4f7a868f47f87171c2ef5c1e0b9ae388407) ### [coredns](https://github.com/openshift/coredns/tree/7d3fa777871ed2e5a70715e7f3e71d3f01785330) * [OCPBUGS-28200](https://issues.redhat.com/browse/OCPBUGS-28200): UPSTREAM: 6277: openshift: Fix OCPBUGS-28200 [#114](https://github.com/openshift/coredns/pull/114) * [OCPBUGS-21067](https://issues.redhat.com/browse/OCPBUGS-21067): UPSTREAM: <carry>: openshift: address CVE-2023-39325 [#100](https://github.com/openshift/coredns/pull/100) * [Full changelog](https://github.com/openshift/coredns/compare/fd70cf1b81d3d3a907663f61b651201de5f8e4e7...7d3fa777871ed2e5a70715e7f3e71d3f01785330) ### [csi-driver-manila, openstack-cinder-csi-driver, openstack-cloud-controller-manager](https://github.com/openshift/cloud-provider-openstack/tree/697083a8e5e1f68978458a0a00c426e094665271) * manage-security-groups: Only add SGs to LB members (#2455) [#2455](https://github.com/openshift/cloud-provider-openstack/pull/2455) * Fix protocol case mismatch (tcp vs TCP) (#2320) [#2320](https://github.com/openshift/cloud-provider-openstack/pull/2320) * Get IP addresses of neutron subports (#2306) [#2306](https://github.com/openshift/cloud-provider-openstack/pull/2306) * Make manage-security-groups work with OVN (#2291) [#2291](https://github.com/openshift/cloud-provider-openstack/pull/2291) * Delete sgs on reconfiguration (#2305) [#2305](https://github.com/openshift/cloud-provider-openstack/pull/2305) * Optimize `applyNodeSecurityGroupIDForLB()` (#2293) [#2293](https://github.com/openshift/cloud-provider-openstack/pull/2293) * Remove unused manila code (#2299) [#2299](https://github.com/openshift/cloud-provider-openstack/pull/2299) * Use `instanceIDFromProviderID()` function (#2302) [#2302](https://github.com/openshift/cloud-provider-openstack/pull/2302) * Remove filtering by device_owner. (#2304) [#2304](https://github.com/openshift/cloud-provider-openstack/pull/2304) * Allocate array capacity in advance (#2297) [#2297](https://github.com/openshift/cloud-provider-openstack/pull/2297) * Corrected the grammar (#2301) [#2301](https://github.com/openshift/cloud-provider-openstack/pull/2301) * Delete unused SG rules with manage-security-groups (#2287) [#2287](https://github.com/openshift/cloud-provider-openstack/pull/2287) * Improved the grammar in sidecarcompatibility.md (#2292) [#2292](https://github.com/openshift/cloud-provider-openstack/pull/2292) * Added comments and arranged the variable names (#2290) [#2290](https://github.com/openshift/cloud-provider-openstack/pull/2290) * occm cinder-csi securityContext (#2286) [#2286](https://github.com/openshift/cloud-provider-openstack/pull/2286) * fixed Grammatical mistakes in barbican-kms-plugin (#2289) [#2289](https://github.com/openshift/cloud-provider-openstack/pull/2289) * efactors and enhances the codebase of the cinder csi plugin (#2288) [#2288](https://github.com/openshift/cloud-provider-openstack/pull/2288) * Wait for LB to be ACTIVE on HM update (#2280) [#2280](https://github.com/openshift/cloud-provider-openstack/pull/2280) * (barbican-kms-plugin)Refactor and enhance Barbican KMS plugin codebase. (#2278) [#2278](https://github.com/openshift/cloud-provider-openstack/pull/2278) * Fixed the typo in the load balancing section in the README (#2232) [#2232](https://github.com/openshift/cloud-provider-openstack/pull/2232) * Fix image tag in manila csi e2e test (#2244) [#2244](https://github.com/openshift/cloud-provider-openstack/pull/2244) * enable secret injection and common annotations (#2264) [#2264](https://github.com/openshift/cloud-provider-openstack/pull/2264) * Update to gophercloud 1.4.0 (#2265) [#2265](https://github.com/openshift/cloud-provider-openstack/pull/2265) * Replace call to Nova os-interfaces with direct Neutron call (#2250) [#2250](https://github.com/openshift/cloud-provider-openstack/pull/2250) * add secret enabled option (#2239) [#2239](https://github.com/openshift/cloud-provider-openstack/pull/2239) * Fix CSI spec versions (#2254) [#2254](https://github.com/openshift/cloud-provider-openstack/pull/2254) * LoadBalancers: Remove dead SG code (#2248) [#2248](https://github.com/openshift/cloud-provider-openstack/pull/2248) * Make `ensureSecurityRule()` safely idempotent (#2249) [#2249](https://github.com/openshift/cloud-provider-openstack/pull/2249) * shrink image, remove unnecessary utils (#2233) (#2238) [#2233](https://github.com/openshift/cloud-provider-openstack/pull/2233) * Doc: update statement about neutron lbaas removeal (#2236) [#2236](https://github.com/openshift/cloud-provider-openstack/pull/2236) * add environment variable for timeout (#2235) [#2235](https://github.com/openshift/cloud-provider-openstack/pull/2235) * Increase timeout for LB to get to ACTIVE state (#2223) [#2223](https://github.com/openshift/cloud-provider-openstack/pull/2223) * Ignore proxies when calling Nova Metadata (#2218) [#2218](https://github.com/openshift/cloud-provider-openstack/pull/2218) * add priorityClassName to openstack-cloud-controller-manager helm chart (#2210) [#2210](https://github.com/openshift/cloud-provider-openstack/pull/2210) * Do not default Octavia provider to "octavia" (#2208) [#2208](https://github.com/openshift/cloud-provider-openstack/pull/2208) * retry ubuntu image download on temp error (#2507) [#2507](https://github.com/openshift/cloud-provider-openstack/pull/2507) * update k8s.io/kubernetes to v1.27.8 in go.mod (#2497) [#2497](https://github.com/openshift/cloud-provider-openstack/pull/2497) * fix: octavia tlsContainerRef validation for barbican secrets (#2460) [#2460](https://github.com/openshift/cloud-provider-openstack/pull/2460) * Use standard service account name in OCCM helm chart (#2448) [#2448](https://github.com/openshift/cloud-provider-openstack/pull/2448) * 1.27.3 release (#2427) [#2427](https://github.com/openshift/cloud-provider-openstack/pull/2427) * Make sure we don't mask LB tests failures and fix what was failing (#2360) (#2367) [#2360](https://github.com/openshift/cloud-provider-openstack/pull/2360) * [Full changelog](https://github.com/openshift/cloud-provider-openstack/compare/6b8f88a9c34a541ffaf4b0abf1d8cd1acb55ff9b...697083a8e5e1f68978458a0a00c426e094665271) ### [csi-driver-manila-operator](https://github.com/openshift/csi-driver-manila-operator/tree/d93a218ff323960eb1dea529f0173f069ccfab42) * [OCPBUGS-25657](https://issues.redhat.com/browse/OCPBUGS-25657): Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler [#219](https://github.com/openshift/csi-driver-manila-operator/pull/219) * [OCPBUGS-23443](https://issues.redhat.com/browse/OCPBUGS-23443): Fix selector for manila-csi-driver-controller-metrics service [#211](https://github.com/openshift/csi-driver-manila-operator/pull/211) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#209](https://github.com/openshift/csi-driver-manila-operator/pull/209) * [Full changelog](https://github.com/openshift/csi-driver-manila-operator/compare/ea34192d229b15ef335be349005df184b4814be8...d93a218ff323960eb1dea529f0173f069ccfab42) ### [csi-driver-shared-resource, csi-driver-shared-resource-webhook](https://github.com/openshift/csi-driver-shared-resource/tree/9232c1ff48df333dadc9f7dc275649866e55ced0) * [OCPBUGS-28952](https://issues.redhat.com/browse/OCPBUGS-28952): Replace 'coreydaley' with 'sayan-biswas' in OWNERS file [#167](https://github.com/openshift/csi-driver-shared-resource/pull/167) * [OCPBUGS-25069](https://issues.redhat.com/browse/OCPBUGS-25069), [OCPBUGS-26309](https://issues.redhat.com/browse/OCPBUGS-26309), [OCPBUGS-26323](https://issues.redhat.com/browse/OCPBUGS-26323): add snyk config file for SAST scan [#163](https://github.com/openshift/csi-driver-shared-resource/pull/163) * [OCPBUGS-23111](https://issues.redhat.com/browse/OCPBUGS-23111): Should reference configmaps instead of secrets [#152](https://github.com/openshift/csi-driver-shared-resource/pull/152) * [Full changelog](https://github.com/openshift/csi-driver-shared-resource/compare/740b4427f2c3d72f47c0cd7b9af6b9c51c009c31...9232c1ff48df333dadc9f7dc275649866e55ced0) ### [csi-driver-shared-resource-operator](https://github.com/openshift/csi-driver-shared-resource-operator/tree/c273cd52b791e69da41ac23fafb6d926c0530276) * [OCPBUGS-28957](https://issues.redhat.com/browse/OCPBUGS-28957): Replace 'coreydaley' with 'sayan-biswas' in OWNERS file [#103](https://github.com/openshift/csi-driver-shared-resource-operator/pull/103) * [OCPBUGS-26312](https://issues.redhat.com/browse/OCPBUGS-26312): add snyk config file for SAST scank [#97](https://github.com/openshift/csi-driver-shared-resource-operator/pull/97) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#91](https://github.com/openshift/csi-driver-shared-resource-operator/pull/91) * [Full changelog](https://github.com/openshift/csi-driver-shared-resource-operator/compare/73ddf3e313dbcec4238657af9b4237b405b16c4a...c273cd52b791e69da41ac23fafb6d926c0530276) ### [csi-external-snapshotter, csi-snapshot-controller, csi-snapshot-validation-webhook](https://github.com/openshift/csi-external-snapshotter/tree/a6834536936b16dcd9ee81a8753a2ef6dc208541) * [OCPBUGS-29433](https://issues.redhat.com/browse/OCPBUGS-29433): cherry-pick:release-4.14: OCPBUGS-29244 Update VolumeSnapshot and VolumeSnapshotContent using JSON patch [#142](https://github.com/openshift/csi-external-snapshotter/pull/142) * [Full changelog](https://github.com/openshift/csi-external-snapshotter/compare/0bf9276611e57cb87a05576c974fea1c38e3eb96...a6834536936b16dcd9ee81a8753a2ef6dc208541) ### [docker-builder](https://github.com/openshift/builder/tree/9c104de024e5c52e224ffedfbab0e9053fb1efd6) * [OCPBUGS-28949](https://issues.redhat.com/browse/OCPBUGS-28949): Replace 'coreydaley' with 'sayan-biswas' [#379](https://github.com/openshift/builder/pull/379) * [OCPBUGS-23006](https://issues.redhat.com/browse/OCPBUGS-23006): Add -p flag to cp command to preserve timestamps [#370](https://github.com/openshift/builder/pull/370) * [OCPBUGS-20726](https://issues.redhat.com/browse/OCPBUGS-20726): [release-4.14] Bumping golang.org/x/net [#362](https://github.com/openshift/builder/pull/362) * [Full changelog](https://github.com/openshift/builder/compare/5cedc85c41e43cfe88a86e669ba1beb8b357fd3e...9c104de024e5c52e224ffedfbab0e9053fb1efd6) ### [docker-registry](https://github.com/openshift/image-registry/tree/f03c24040cea924f846aca8b4e02bf802159a238) * [OCPBUGS-31857](https://issues.redhat.com/browse/OCPBUGS-31857): vendor: bump aws-sdk-go to support ca-west-1 [#397](https://github.com/openshift/image-registry/pull/397) * [OCPBUGS-29604](https://issues.redhat.com/browse/OCPBUGS-29604): vendor: bump distribution to fix azure storage path bug [#394](https://github.com/openshift/image-registry/pull/394) * [OCPBUGS-22826](https://issues.redhat.com/browse/OCPBUGS-22826): Allow ICSP IDMS coexisting [#385](https://github.com/openshift/image-registry/pull/385) * [Full changelog](https://github.com/openshift/image-registry/compare/5e7788a16fbbf051c16f28d590905a8f69cd29ac...f03c24040cea924f846aca8b4e02bf802159a238) ### [etcd](https://github.com/openshift/etcd/tree/5ed5044c5661c55d297ab0348056b50969af9627) * [OCPBUGS-32813](https://issues.redhat.com/browse/OCPBUGS-32813): Revert "Merge pull request #261 from Elbehery/rebase-etcd-3.5.13-open… [#265](https://github.com/openshift/etcd/pull/265) * [OCPBUGS-31650](https://issues.redhat.com/browse/OCPBUGS-31650): Rebase etcd 3.5.13 openshift 4.14 [#261](https://github.com/openshift/etcd/pull/261) * [OCPBUGS-28733](https://issues.redhat.com/browse/OCPBUGS-28733): Rebase etcd 3.5.12 openshift 4.14 [#244](https://github.com/openshift/etcd/pull/244) * [OCPBUGS-24939](https://issues.redhat.com/browse/OCPBUGS-24939): Rebase etcd 3.5.11 openshift 4.14 [#235](https://github.com/openshift/etcd/pull/235) * [OCPBUGS-22727](https://issues.redhat.com/browse/OCPBUGS-22727): [4.14] Rebase openshift/etcd to 3.5.10 [#226](https://github.com/openshift/etcd/pull/226) * [OCPBUGS-21221](https://issues.redhat.com/browse/OCPBUGS-21221): Carrying fixes for CVE-2023-44487 [#222](https://github.com/openshift/etcd/pull/222) * [Full changelog](https://github.com/openshift/etcd/compare/ce96982907bdf2568473debfcff662793f366028...5ed5044c5661c55d297ab0348056b50969af9627) ### [gcp-cloud-controller-manager](https://github.com/openshift/cloud-provider-gcp/tree/09e96a91c4c95e4f8a3d77bae81875c570dd9e3c) * [OCPBUGS-21321](https://issues.redhat.com/browse/OCPBUGS-21321): Bump golang.org/x/net to v0.18.0 [#42](https://github.com/openshift/cloud-provider-gcp/pull/42) * [Full changelog](https://github.com/openshift/cloud-provider-gcp/compare/37deba9d5cc01f1d0cfe741b3996b0474d5ef84e...09e96a91c4c95e4f8a3d77bae81875c570dd9e3c) ### [gcp-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-gcp/tree/d99fb31aa7280f6b5da00880a64b4774600817a2) * [OCPBUGS-17290](https://issues.redhat.com/browse/OCPBUGS-17290), [OCPBUGS-21417](https://issues.redhat.com/browse/OCPBUGS-21417): Bump golang.org/x/net to v0.17.0 [#203](https://github.com/openshift/cluster-api-provider-gcp/pull/203) * [Full changelog](https://github.com/openshift/cluster-api-provider-gcp/compare/38e337585cf606957429f7043db1a57cda34fcec...d99fb31aa7280f6b5da00880a64b4774600817a2) ### [gcp-pd-csi-driver-operator](https://github.com/openshift/gcp-pd-csi-driver-operator/tree/95d55a043a60b584a9fe28d37825761282305840) * [OCPBUGS-25657](https://issues.redhat.com/browse/OCPBUGS-25657): Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler [#107](https://github.com/openshift/gcp-pd-csi-driver-operator/pull/107) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#96](https://github.com/openshift/gcp-pd-csi-driver-operator/pull/96) * [Full changelog](https://github.com/openshift/gcp-pd-csi-driver-operator/compare/92376a4b846366ae3c7a61e5af895e3221d09703...95d55a043a60b584a9fe28d37825761282305840) ### [haproxy-router](https://github.com/openshift/router/tree/c3a2430c09ccea623bb8a599ce56a6e267009620) * [OCPBUGS-32634](https://issues.redhat.com/browse/OCPBUGS-32634): Properly handle rewrite-target annotation [#583](https://github.com/openshift/router/pull/583) * [OCPBUGS-33797](https://issues.redhat.com/browse/OCPBUGS-33797): Reject routes with MD5 certs [#598](https://github.com/openshift/router/pull/598) * [OCPBUGS-33389](https://issues.redhat.com/browse/OCPBUGS-33389): Count active services before setting weight to 1 [#592](https://github.com/openshift/router/pull/592) * [OCPBUGS-30773](https://issues.redhat.com/browse/OCPBUGS-30773): OCPBUGS 6958 backport to 4.14 [#568](https://github.com/openshift/router/pull/568) * [OCPBUGS-32437](https://issues.redhat.com/browse/OCPBUGS-32437): Introduce 'idle-close-on-response' option for frontends [#580](https://github.com/openshift/router/pull/580) * [OCPBUGS-21134](https://issues.redhat.com/browse/OCPBUGS-21134): Bump golang.org/x/net to v0.17.0 to address CVE-2023-39325 [#530](https://github.com/openshift/router/pull/530) * [Full changelog](https://github.com/openshift/router/compare/7cbd1526a359392ead30aa050dc9e2e81ffcc753...c3a2430c09ccea623bb8a599ce56a6e267009620) ### [hyperkube, pod](https://github.com/openshift/kubernetes/tree/95b99eeaeda05f23b12c0f50276b84a3f4d7176f) * [OCPBUGS-33712](https://issues.redhat.com/browse/OCPBUGS-33712): Bump to Kubernetes v1.27.14 [#1970](https://github.com/openshift/kubernetes/pull/1970) * [OCPBUGS-33417](https://issues.redhat.com/browse/OCPBUGS-33417): Provide SCC access via RBAC [#1965](https://github.com/openshift/kubernetes/pull/1965) * [OCPBUGS-14373](https://issues.redhat.com/browse/OCPBUGS-14373): Fix flaky HPA e2e tests by not failing on context cancelled (#117669) [#1958](https://github.com/openshift/kubernetes/pull/1958) * [OCPBUGS-32580](https://issues.redhat.com/browse/OCPBUGS-32580): allow override of NewVolumeManagerReconstruction [#1956](https://github.com/openshift/kubernetes/pull/1956) * [OCPBUGS-32309](https://issues.redhat.com/browse/OCPBUGS-32309): Bump K8s api to 1.27.13 [#1950](https://github.com/openshift/kubernetes/pull/1950) * [OCPBUGS-29924](https://issues.redhat.com/browse/OCPBUGS-29924): UPSTREAM: <carry>: openshift-kube-apiserver: add kube-apiserver patches [#1898](https://github.com/openshift/kubernetes/pull/1898) * [OCPBUGS-31504](https://issues.redhat.com/browse/OCPBUGS-31504): Bump to 1.27.12 [#1927](https://github.com/openshift/kubernetes/pull/1927) * [OCPBUGS-31741](https://issues.redhat.com/browse/OCPBUGS-31741): 4.14: UPSTREAM: 124048: Use the right feature gate when updating uncertain volumes [#1936](https://github.com/openshift/kubernetes/pull/1936) * Address CVE [#12](https://github.com/openshift/kubernetes/pull/12) * [OCPBUGS-30964](https://issues.redhat.com/browse/OCPBUGS-30964): Set up CEL IP/CIDR library from 4.14 onwards [#1913](https://github.com/openshift/kubernetes/pull/1913) * [OCPBUGS-29662](https://issues.redhat.com/browse/OCPBUGS-29662): Update to kubernetes 1.27.11 [#1890](https://github.com/openshift/kubernetes/pull/1890) * [OCPBUGS-27347](https://issues.redhat.com/browse/OCPBUGS-27347): UPSTREAM: <carry>: Update management webhook pod admission logic [#1855](https://github.com/openshift/kubernetes/pull/1855) * [OCPBUGS-27369](https://issues.redhat.com/browse/OCPBUGS-27369): Update to kubernetes 1.27.10 [#1860](https://github.com/openshift/kubernetes/pull/1860) * [OCPBUGS-25813](https://issues.redhat.com/browse/OCPBUGS-25813): Fix uncertain device in 4.14 [#1830](https://github.com/openshift/kubernetes/pull/1830) * UPSTREAM: 117349: OCPBUGS-19431: Bump lumberjack.v2 v2.0.0 -> v2.2.1 [#1552](https://github.com/openshift/kubernetes/pull/1552) * [OCPBUGS-26006](https://issues.redhat.com/browse/OCPBUGS-26006): Update to Kubernetes 1.27.9 [#1838](https://github.com/openshift/kubernetes/pull/1838) * [OCPBUGS-23566](https://issues.redhat.com/browse/OCPBUGS-23566): followup to #1808 [#1813](https://github.com/openshift/kubernetes/pull/1813) * [OCPBUGS-23566](https://issues.redhat.com/browse/OCPBUGS-23566): Update to kubernetes 1.27.8 [#1808](https://github.com/openshift/kubernetes/pull/1808) * [OCPBUGS-23286](https://issues.redhat.com/browse/OCPBUGS-23286): UPSTREAM: 121881: Use golang library instead of mklink [#1801](https://github.com/openshift/kubernetes/pull/1801) * [OCPBUGS-22861](https://issues.redhat.com/browse/OCPBUGS-22861): UPSTREAM: <carry>: support for both icsp and idms objects [#1780](https://github.com/openshift/kubernetes/pull/1780) * [Full changelog](https://github.com/openshift/kubernetes/compare/f67aeb31c9b95fd8998de8b895ac91bfdf733b2e...95b99eeaeda05f23b12c0f50276b84a3f4d7176f) ### [hypershift](https://github.com/openshift/hypershift/tree/bcdc4a0f9662eb890c7cbe49a818b0764142930a) * NO-JIRA: chore(deps): update rhtap references to 9aec3ae (release-4.14) [#4073](https://github.com/openshift/hypershift/pull/4073) * NO-JIRA: Remove CLI inspection of release image [#4061](https://github.com/openshift/hypershift/pull/4061) * [OCPBUGS-33713](https://issues.redhat.com/browse/OCPBUGS-33713): Reconcile over ICSP/IDMS [#4059](https://github.com/openshift/hypershift/pull/4059) * NO-JIRA: chore(deps): update rhtap references to 7cd8020 (release-4.14) [#4065](https://github.com/openshift/hypershift/pull/4065) * [OCPBUGS-33844](https://issues.redhat.com/browse/OCPBUGS-33844): Fix disconnected metadata inspection [#4049](https://github.com/openshift/hypershift/pull/4049) * [OCPBUGS-33843](https://issues.redhat.com/browse/OCPBUGS-33843): Recycler-pod image now points to the OCP Payload reference [#4048](https://github.com/openshift/hypershift/pull/4048) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#4040](https://github.com/openshift/hypershift/pull/4040) * [HOSTEDCP-1480](https://issues.redhat.com/browse/HOSTEDCP-1480): Update TLS cert hash creation with sha512 [#4025](https://github.com/openshift/hypershift/pull/4025) * NO-JIRA: Update RHTAP references (release-4.14) [#3995](https://github.com/openshift/hypershift/pull/3995) * [HOSTEDCP-1552](https://issues.redhat.com/browse/HOSTEDCP-1552): Update RHTAP tekton files for 0.3 -> 0.4 migration [#3958](https://github.com/openshift/hypershift/pull/3958) * [OCPBUGS-33105](https://issues.redhat.com/browse/OCPBUGS-33105): [release-4.14] remove PrivateIngressController cleanup [#3960](https://github.com/openshift/hypershift/pull/3960) * [OCPBUGS-32471](https://issues.redhat.com/browse/OCPBUGS-32471): Fix ICSP and IDMS inclusion as registriesOverrides [#3912](https://github.com/openshift/hypershift/pull/3912) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3920](https://github.com/openshift/hypershift/pull/3920) * [OCPBUGS-32221](https://issues.redhat.com/browse/OCPBUGS-32221): Added support for OLM Disable default sources on HC creation [#3882](https://github.com/openshift/hypershift/pull/3882) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3903](https://github.com/openshift/hypershift/pull/3903) * NO-JIRA: [4.14] [e2e test framework] Add a flag to add an annotation to Hosted Cluster [#3905](https://github.com/openshift/hypershift/pull/3905) * [HOSTEDCP-1526](https://issues.redhat.com/browse/HOSTEDCP-1526): [release-4.14] Support additional node selectors for request serving nodes [#3898](https://github.com/openshift/hypershift/pull/3898) * chore(deps): update rhtap references (release-4.14) [#3888](https://github.com/openshift/hypershift/pull/3888) * NO-JIRA: Update RHTAP references (release-4.14) [#3874](https://github.com/openshift/hypershift/pull/3874) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3869](https://github.com/openshift/hypershift/pull/3869) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3858](https://github.com/openshift/hypershift/pull/3858) * NO-JIRA: Update RHTAP references (release-4.14) [#3836](https://github.com/openshift/hypershift/pull/3836) * [OCPBUGS-31657](https://issues.redhat.com/browse/OCPBUGS-31657): disable http2 for ignition server and proxy [#3831](https://github.com/openshift/hypershift/pull/3831) * [OCPBUGS-31605](https://issues.redhat.com/browse/OCPBUGS-31605): inject built-in MCP selector for KubeletConfigs and ContainerRuntimeConfigs [#3826](https://github.com/openshift/hypershift/pull/3826) * [HOSTEDCP-1322](https://issues.redhat.com/browse/HOSTEDCP-1322): NodeUpgradeType defaulted by provider [#3822](https://github.com/openshift/hypershift/pull/3822) * NO-JIRA: Update RHTAP references (release-4.14) [#3813](https://github.com/openshift/hypershift/pull/3813) * [OCPBUGS-31417](https://issues.redhat.com/browse/OCPBUGS-31417): honor HC image configuration [#3806](https://github.com/openshift/hypershift/pull/3806) * [OCPBUGS-23914](https://issues.redhat.com/browse/OCPBUGS-23914): Added OLMCatalogPlacement option to the CLI [#3229](https://github.com/openshift/hypershift/pull/3229) * [OCPBUGS-30211](https://issues.redhat.com/browse/OCPBUGS-30211): set Konnectivity cipher suites [#3679](https://github.com/openshift/hypershift/pull/3679) * chore(deps): update rhtap references (release-4.14) [#3792](https://github.com/openshift/hypershift/pull/3792) * [OCPBUGS-31048](https://issues.redhat.com/browse/OCPBUGS-31048): [4.15] HCP deletion can get stuck if CPO is unable to delete the default worker security group [#3771](https://github.com/openshift/hypershift/pull/3771) * [HOSTEDCP-1488](https://issues.redhat.com/browse/HOSTEDCP-1488): Use regionalized STS endpoints in AWS [#3756](https://github.com/openshift/hypershift/pull/3756) * NO-JIRA: Update RHTAP references (release-4.14) [#3755](https://github.com/openshift/hypershift/pull/3755) * chore(deps): update rhtap references (release-4.14) [#3739](https://github.com/openshift/hypershift/pull/3739) * [OCPBUGS-30596](https://issues.redhat.com/browse/OCPBUGS-30596): Bump golang.org/x/net to version v0.17.0 [#3711](https://github.com/openshift/hypershift/pull/3711) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3706](https://github.com/openshift/hypershift/pull/3706) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3676](https://github.com/openshift/hypershift/pull/3676) * NO-JIRA: Update RHTAP references (release-4.14) [#3672](https://github.com/openshift/hypershift/pull/3672) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3651](https://github.com/openshift/hypershift/pull/3651) * [OCPBUGS-29782](https://issues.redhat.com/browse/OCPBUGS-29782): use 2040 for apiserver svc in IBM provider [#3594](https://github.com/openshift/hypershift/pull/3594) * "[release-4.14] OCPBUGS-29259: Fix default release image lookup" [#3550](https://github.com/openshift/hypershift/pull/3550) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3620](https://github.com/openshift/hypershift/pull/3620) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3625](https://github.com/openshift/hypershift/pull/3625) * [OCPBUGS-29094](https://issues.redhat.com/browse/OCPBUGS-29094): Make ControllerAvailabilityPolicy immutable [#3534](https://github.com/openshift/hypershift/pull/3534) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3604](https://github.com/openshift/hypershift/pull/3604) * NO-JIRA: Update RHTAP references (release-4.14) [#3591](https://github.com/openshift/hypershift/pull/3591) * NO-JIRA: Update RHTAP references (release-4.14) [#3519](https://github.com/openshift/hypershift/pull/3519) * NO-JIRA: Approvers update [#3580](https://github.com/openshift/hypershift/pull/3580) * [MULTIARCH-4084](https://issues.redhat.com/browse/MULTIARCH-4084): Reduce the policy access scope to specific instance [#3530](https://github.com/openshift/hypershift/pull/3530) * [OCPBUGS-29206](https://issues.redhat.com/browse/OCPBUGS-29206): Add GC knobs for KAS [#3543](https://github.com/openshift/hypershift/pull/3543) * [OCPBUGS-29187](https://issues.redhat.com/browse/OCPBUGS-29187): node spread anti-affinity for HA HCP [#3541](https://github.com/openshift/hypershift/pull/3541) * [OCPBUGS-19956](https://issues.redhat.com/browse/OCPBUGS-19956), [OCPBUGS-28984](https://issues.redhat.com/browse/OCPBUGS-28984), [OCPBUGS-28985](https://issues.redhat.com/browse/OCPBUGS-28985), [OCPBUGS-28986](https://issues.redhat.com/browse/OCPBUGS-28986), [OCPBUGS-29000](https://issues.redhat.com/browse/OCPBUGS-29000): Support Disconnected HCP [#3520](https://github.com/openshift/hypershift/pull/3520) * [OCPBUGS-29030](https://issues.redhat.com/browse/OCPBUGS-29030): Add ValidatingAdmissionPolicy to KAS config [#3524](https://github.com/openshift/hypershift/pull/3524) * [HOSTEDCP-1272](https://issues.redhat.com/browse/HOSTEDCP-1272): Added CLI support to create DualStack clusters using default values [#3514](https://github.com/openshift/hypershift/pull/3514) * [OCPBUGS-28238](https://issues.redhat.com/browse/OCPBUGS-28238): consider HCP upgradeable if CVO has no upgradable condition [#3468](https://github.com/openshift/hypershift/pull/3468) * [OCPBUGS-26526](https://issues.redhat.com/browse/OCPBUGS-26526): Documented to disable UWM telemetry writer in disconnected envs [#3389](https://github.com/openshift/hypershift/pull/3389) * [OCPBUGS-26526](https://issues.redhat.com/browse/OCPBUGS-26526): Disable UWM Telemetry writer when telemeter-client cm not exists [#3388](https://github.com/openshift/hypershift/pull/3388) * [OCPBUGS-27072](https://issues.redhat.com/browse/OCPBUGS-27072): Apply Scheduling Configuration for kCCM [#3418](https://github.com/openshift/hypershift/pull/3418) * NO-JIRA: Update RHTAP references (release-4.14) [#3509](https://github.com/openshift/hypershift/pull/3509) * [OCPBUGS-20180](https://issues.redhat.com/browse/OCPBUGS-20180), [OCPBUGS-20547](https://issues.redhat.com/browse/OCPBUGS-20547): Added network validations [#3096](https://github.com/openshift/hypershift/pull/3096) * [OCPBUGS-23997](https://issues.redhat.com/browse/OCPBUGS-23997): add watch for HCP pullsecret to HCCO [#3265](https://github.com/openshift/hypershift/pull/3265) * [OCPBUGS-28249](https://issues.redhat.com/browse/OCPBUGS-28249): Required RBAC for network-node-identity is not created when hosted cluster networkType is set to Other. [#3485](https://github.com/openshift/hypershift/pull/3485) * NO-JIRA: Update RHTAP references (release-4.14) [#3447](https://github.com/openshift/hypershift/pull/3447) * [OCPBUGS-24315](https://issues.redhat.com/browse/OCPBUGS-24315): Add prestop to konnectiviy server [#3268](https://github.com/openshift/hypershift/pull/3268) * [OCPBUGS-24307](https://issues.redhat.com/browse/OCPBUGS-24307): Set shutdown-delay-duration to 15s [#3264](https://github.com/openshift/hypershift/pull/3264) * [OCPBUGS-21795](https://issues.redhat.com/browse/OCPBUGS-21795): change trusted bundle volume mount for CPO [#3102](https://github.com/openshift/hypershift/pull/3102) * [OCPBUGS-25217](https://issues.redhat.com/browse/OCPBUGS-25217): Konnectivity agent update strategy [#3308](https://github.com/openshift/hypershift/pull/3308) * [OCPBUGS-26574](https://issues.redhat.com/browse/OCPBUGS-26574): Set new condition on SG deletion. [#3398](https://github.com/openshift/hypershift/pull/3398) * Update RHTAP references (release-4.14) [#3402](https://github.com/openshift/hypershift/pull/3402) * Update RHTAP references (release-4.14) [#3383](https://github.com/openshift/hypershift/pull/3383) * [OCPBUGS-22360](https://issues.redhat.com/browse/OCPBUGS-22360): Validate accessTokenInactivityTimeout >= 300s [#3175](https://github.com/openshift/hypershift/pull/3175) * [OCPBUGS-23936](https://issues.redhat.com/browse/OCPBUGS-23936): Use correct kubeconfig in CCM and remove CCMs access t… [#3232](https://github.com/openshift/hypershift/pull/3232) * [OCPBUGS-12720](https://issues.redhat.com/browse/OCPBUGS-12720): Updating hypershift images to be consistent with ART [#2467](https://github.com/openshift/hypershift/pull/2467) * [OCPBUGS-24627](https://issues.redhat.com/browse/OCPBUGS-24627): unset ServiceAccount on ignition-server-proxy [#3295](https://github.com/openshift/hypershift/pull/3295) * [Release 4.14] OCPBUGS-24556: Fix a bug on deletion of a hostedcluster [#3290](https://github.com/openshift/hypershift/pull/3290) * [OCPBUGS-24269](https://issues.redhat.com/browse/OCPBUGS-24269): add CLI oauthclient [#3272](https://github.com/openshift/hypershift/pull/3272) * [OCPBUGS-23569](https://issues.redhat.com/browse/OCPBUGS-23569): Added IPFamilyPolicy to services exposed at the HCP in DualStack mode [#3224](https://github.com/openshift/hypershift/pull/3224) * [HOSTEDCP-1318](https://issues.redhat.com/browse/HOSTEDCP-1318): external OIDC enablement [#3261](https://github.com/openshift/hypershift/pull/3261) * [OCPBUGS-23747](https://issues.redhat.com/browse/OCPBUGS-23747): Added brackets to IPv6 KAS address on kubeconfig [#3228](https://github.com/openshift/hypershift/pull/3228) * [OCPBUGS-24063](https://issues.redhat.com/browse/OCPBUGS-24063): fix(cpo): Set restart annotation on network-node-identity [#3248](https://github.com/openshift/hypershift/pull/3248) * release-4.14, HOSTEDCP-1315: Improve NodePool CPU arch & platform check [#3236](https://github.com/openshift/hypershift/pull/3236) * [OCPBUGS-22676](https://issues.redhat.com/browse/OCPBUGS-22676): Make the OLMCatalogPlacement field immutable [#3143](https://github.com/openshift/hypershift/pull/3143) * [OCPBUGS-23558](https://issues.redhat.com/browse/OCPBUGS-23558): Let router use svc ips 4.14 [#3221](https://github.com/openshift/hypershift/pull/3221) * [OCPBUGS-19678](https://issues.redhat.com/browse/OCPBUGS-19678): Remove cluster name validation from HCC [#3040](https://github.com/openshift/hypershift/pull/3040) * "[release-4.14] CNV-35326: unsupported escape hatch mechanism custom HS/KV vms" [#3202](https://github.com/openshift/hypershift/pull/3202) * [OCPBUGS-23027](https://issues.redhat.com/browse/OCPBUGS-23027): Configure HSTS for kube-apiserver [#3169](https://github.com/openshift/hypershift/pull/3169) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3085](https://github.com/openshift/hypershift/pull/3085) * [OCPBUGS-23142](https://issues.redhat.com/browse/OCPBUGS-23142): adding permission to CNO RBAC Calico path for network-node-identity deploy [#3182](https://github.com/openshift/hypershift/pull/3182) * [OCPBUGS-22295](https://issues.redhat.com/browse/OCPBUGS-22295): Added brackets to the kubeconfig server address when IPv6 [#3117](https://github.com/openshift/hypershift/pull/3117) * [OCPBUGS-22690](https://issues.redhat.com/browse/OCPBUGS-22690): Use the same etcd snapshot for all replicas during etcd restore [#3146](https://github.com/openshift/hypershift/pull/3146) * [OCPBUGS-22959](https://issues.redhat.com/browse/OCPBUGS-22959): Update regex validation for nodepool.spec.taints.value [#3165](https://github.com/openshift/hypershift/pull/3165) * [HOSTEDCP-1280](https://issues.redhat.com/browse/HOSTEDCP-1280): Adjustment cluster-cidr,service-cidr to support dualstack [#3162](https://github.com/openshift/hypershift/pull/3162) * [OCPBUGS-22898](https://issues.redhat.com/browse/OCPBUGS-22898): Stop exposing kas on 6443 private route service load balancer [#3159](https://github.com/openshift/hypershift/pull/3159) * [OCPBUGS-22898](https://issues.redhat.com/browse/OCPBUGS-22898): Stop defaulting aws private haproxy external port to 6443 [#3160](https://github.com/openshift/hypershift/pull/3160) * [OCPBUGS-19897](https://issues.redhat.com/browse/OCPBUGS-19897): Add konnectivity-proxy container to CNO [#3058](https://github.com/openshift/hypershift/pull/3058) * [OCPBUGS-22379](https://issues.redhat.com/browse/OCPBUGS-22379): Cluster-policy-controller: add missing RBAC for privileged namespaces PSA syncer controller [#3131](https://github.com/openshift/hypershift/pull/3131) * [OCPBUGS-20526](https://issues.redhat.com/browse/OCPBUGS-20526): Align PSA labels on guest cluster namespaces with standalone OCP [#3111](https://github.com/openshift/hypershift/pull/3111) * [Full changelog](https://github.com/openshift/hypershift/compare/e25848241d107e7f7f9b8fee08647cca012a324d...bcdc4a0f9662eb890c7cbe49a818b0764142930a) ### [ibm-cloud-controller-manager](https://github.com/openshift/cloud-provider-ibm/tree/446871ff7626c4199836929f5bc777aba2a5f001) * [OCPBUGS-24665](https://issues.redhat.com/browse/OCPBUGS-24665): Add Snyk file to exclude vendor directory on scan [#65](https://github.com/openshift/cloud-provider-ibm/pull/65) * [OCPBUGS-21149](https://issues.redhat.com/browse/OCPBUGS-21149): Bump golang.org/x/net to v0.18.0 [#55](https://github.com/openshift/cloud-provider-ibm/pull/55) * [Full changelog](https://github.com/openshift/cloud-provider-ibm/compare/ea5a37bbb6bf9e340ccd85ce730c6a8545eae4cd...446871ff7626c4199836929f5bc777aba2a5f001) ### [ibm-vpc-block-csi-driver-operator](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/tree/7fd94aa73f7e61cba93657cc2411e04e1b40e87b) * [OCPBUGS-25657](https://issues.redhat.com/browse/OCPBUGS-25657): Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler [#104](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/104) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#91](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/91) * [Full changelog](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/compare/faf68eda7983c9e4c6cab158b067fe73ea594173...7fd94aa73f7e61cba93657cc2411e04e1b40e87b) ### [ibmcloud-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-ibmcloud/tree/004ecde5e7e5394abdb9fe62b3063fd20300bb9c) * [OCPBUGS-27279](https://issues.redhat.com/browse/OCPBUGS-27279): Add Snyk file to exclude vendor directory on scan [#76](https://github.com/openshift/cluster-api-provider-ibmcloud/pull/76) * [OCPBUGS-21436](https://issues.redhat.com/browse/OCPBUGS-21436): Bump golang.org/x/net to v0.18.0 [#63](https://github.com/openshift/cluster-api-provider-ibmcloud/pull/63) * [Full changelog](https://github.com/openshift/cluster-api-provider-ibmcloud/compare/a7e5c6a5b96a3851d1807d4c3f80113a47a4e54d...004ecde5e7e5394abdb9fe62b3063fd20300bb9c) ### [insights-operator](https://github.com/openshift/insights-operator/tree/50e132e0a016272f32f950fdb7fe45fc30526590) * [OCPBUGS-33193](https://issues.redhat.com/browse/OCPBUGS-33193): anonymization - externalIP can be nil (#931) (#933) [#931](https://github.com/openshift/insights-operator/pull/931) * [OCPBUGS-31975](https://issues.redhat.com/browse/OCPBUGS-31975): bump golang.org/x/net version (#926) [#926](https://github.com/openshift/insights-operator/pull/926) * [OCPBUGS-32343](https://issues.redhat.com/browse/OCPBUGS-32343): fix error message when the data processing was not successful (#833) (#928) [#833](https://github.com/openshift/insights-operator/pull/833) * Add linting recommendations (#904) [#904](https://github.com/openshift/insights-operator/pull/904) * gather etcd_server_slow metrics (#902) [#902](https://github.com/openshift/insights-operator/pull/902) * [OCPBUGS-23962](https://issues.redhat.com/browse/OCPBUGS-23962): adds helm information gather (#868) (#877) [#868](https://github.com/openshift/insights-operator/pull/868) * [OCPBUGS-23445](https://issues.redhat.com/browse/OCPBUGS-23445): DVO gatherer - add retry logic (#861) (#870) [#861](https://github.com/openshift/insights-operator/pull/861) * [OCPBUGS-22958](https://issues.redhat.com/browse/OCPBUGS-22958): adds cluster storageclasses gather (#858) (#865) [#858](https://github.com/openshift/insights-operator/pull/858) * [OCPBUGS-21859](https://issues.redhat.com/browse/OCPBUGS-21859): remove username & password config options (#843) [#843](https://github.com/openshift/insights-operator/pull/843) * [OCPBGUS-20767](https://issues.redhat.com/browse/OCPBGUS-20767): update dependencies (#837) [#837](https://github.com/openshift/insights-operator/pull/837) * [Full changelog](https://github.com/openshift/insights-operator/compare/303ad017385789bf7f02812ac86e2246e2aea4a9...50e132e0a016272f32f950fdb7fe45fc30526590) ### [ironic](https://github.com/openshift/ironic-image/tree/62ee6d02ad9c35861fec43a5d635ca3df7a98976) * [METAL-1004](https://issues.redhat.com/browse/METAL-1004): Update ironic-lib to latest release-4.14 commit [#492](https://github.com/openshift/ironic-image/pull/492) * [OCPBUGS-32364](https://issues.redhat.com/browse/OCPBUGS-32364): [4.14] remove unused prometheus-exporter [#487](https://github.com/openshift/ironic-image/pull/487) * [OCPBUGS-32169](https://issues.redhat.com/browse/OCPBUGS-32169): [4.14] Add hybrid configuration for cachito [#482](https://github.com/openshift/ironic-image/pull/482) * [OCPBUGS-32388](https://issues.redhat.com/browse/OCPBUGS-32388): Use unix sockets by default for reverse proxy communication [#475](https://github.com/openshift/ironic-image/pull/475) * [OCPBUGS-32169](https://issues.redhat.com/browse/OCPBUGS-32169): [4.14] Add requirements placeholders for cachito [#469](https://github.com/openshift/ironic-image/pull/469) * [OCPBUGS-27773](https://issues.redhat.com/browse/OCPBUGS-27773): Update inspector package to fix LLDP unicode error [#452](https://github.com/openshift/ironic-image/pull/452) * [OCPBUGS-27193](https://issues.redhat.com/browse/OCPBUGS-27193): Fix Inspector iPXE config for IPv6 addresses [#448](https://github.com/openshift/ironic-image/pull/448) * [OCPBUGS-19884](https://issues.redhat.com/browse/OCPBUGS-19884): update Ironic to include secure boot fixes [#445](https://github.com/openshift/ironic-image/pull/445) * [OCPBUGS-23903](https://issues.redhat.com/browse/OCPBUGS-23903): Ironic side of external_http_url (METAL-163) is not wired in correctly [#429](https://github.com/openshift/ironic-image/pull/429) * [OCPBUGS-23505](https://issues.redhat.com/browse/OCPBUGS-23505): Uplift eventlet version [#426](https://github.com/openshift/ironic-image/pull/426) * [OCPBUGS-23354](https://issues.redhat.com/browse/OCPBUGS-23354): Upgrade markupsafe and werkzeug dependencies [#421](https://github.com/openshift/ironic-image/pull/421) * [OCPBUGS-14926](https://issues.redhat.com/browse/OCPBUGS-14926): Handle Eject DVD 4.14 [#415](https://github.com/openshift/ironic-image/pull/415) * [OCPBUGS-22253](https://issues.redhat.com/browse/OCPBUGS-22253): Use bash process substitution instead of pipe [#411](https://github.com/openshift/ironic-image/pull/411) * [Full changelog](https://github.com/openshift/ironic-image/compare/5c6d6ee69ac7c37989ab891332ed2612217e753d...62ee6d02ad9c35861fec43a5d635ca3df7a98976) ### [ironic-agent](https://github.com/openshift/ironic-agent-image/tree/7e82a52f0406df18362d4bdc7c5cc95a376be587) * [OCPBUGS-33452](https://issues.redhat.com/browse/OCPBUGS-33452): update ironic-lib with latest fixes [#133](https://github.com/openshift/ironic-agent-image/pull/133) * [METAL-1004](https://issues.redhat.com/browse/METAL-1004): Update ironic-lib to latest release-4.14 commit [#130](https://github.com/openshift/ironic-agent-image/pull/130) * [OCPBUGS-32170](https://issues.redhat.com/browse/OCPBUGS-32170): [4.14] Add hybrid configuration for cachito [#127](https://github.com/openshift/ironic-agent-image/pull/127) * [OCPBUGS-32170](https://issues.redhat.com/browse/OCPBUGS-32170): [4.14] Add placeholders for cachito [#124](https://github.com/openshift/ironic-agent-image/pull/124) * [OCPBUGS-29454](https://issues.redhat.com/browse/OCPBUGS-29454): Always add ignition to set hostname on /etc/hostname [#109](https://github.com/openshift/ironic-agent-image/pull/109) * [OCPBUGS-28554](https://issues.redhat.com/browse/OCPBUGS-28554): Update to latest ironic-python-agent for bugfixes [#107](https://github.com/openshift/ironic-agent-image/pull/107) * [OCPBUGS-25685](https://issues.redhat.com/browse/OCPBUGS-25685): Relax packages requirements [#103](https://github.com/openshift/ironic-agent-image/pull/103) * [OCPBUGS-23751](https://issues.redhat.com/browse/OCPBUGS-23751): Update packages with latest fixes [#96](https://github.com/openshift/ironic-agent-image/pull/96) * [Full changelog](https://github.com/openshift/ironic-agent-image/compare/ed6e12a62fc40fc450ad394034769cc734acb5e5...7e82a52f0406df18362d4bdc7c5cc95a376be587) ### [k8s-prometheus-adapter](https://github.com/openshift/k8s-prometheus-adapter/tree/801a912b3a60d7e840fb1ff38b5ca992f47327fd) * [OCPBUGS-21473](https://issues.redhat.com/browse/OCPBUGS-21473): Add a toggle to disable HTTP/2 on the server to mitigate CVE-2023-44487 [#89](https://github.com/openshift/k8s-prometheus-adapter/pull/89) * [Full changelog](https://github.com/openshift/k8s-prometheus-adapter/compare/428bb46ca455d22477df7fb62e7a63d2a48fcfbc...801a912b3a60d7e840fb1ff38b5ca992f47327fd) ### [kube-proxy, sdn](https://github.com/openshift/sdn/tree/1a9befcb519d0b6c6a0907d514493f1d88aacf45) * [OCPBUGS-20790](https://issues.redhat.com/browse/OCPBUGS-20790): update x/net to v0.17.0 [#587](https://github.com/openshift/sdn/pull/587) * [Full changelog](https://github.com/openshift/sdn/compare/128c28c6f6d1078627c452afc867b492894e0ac4...1a9befcb519d0b6c6a0907d514493f1d88aacf45) ### [kube-rbac-proxy](https://github.com/openshift/kube-rbac-proxy/tree/1a646b98d8864e53accb726531d86f084ab13977) * [OCPBUGS-20717](https://issues.redhat.com/browse/OCPBUGS-20717): http2: trim connetions and buffers, v4.14 [#81](https://github.com/openshift/kube-rbac-proxy/pull/81) * [Full changelog](https://github.com/openshift/kube-rbac-proxy/compare/76810397fa1b6177178f925c3d7326a5b84cbeb4...1a646b98d8864e53accb726531d86f084ab13977) ### [kubevirt-cloud-controller-manager](https://github.com/openshift/cloud-provider-kubevirt/tree/7d96f56d4bbc8449fdddbdbc630d9337097f0030) * [OCPBUGS-23866](https://issues.redhat.com/browse/OCPBUGS-23866): deps, bump opentelemetry [#38](https://github.com/openshift/cloud-provider-kubevirt/pull/38) * [OCPBUGS-21174](https://issues.redhat.com/browse/OCPBUGS-21174): Bump golang.org/x/net to v0.18.0 [#37](https://github.com/openshift/cloud-provider-kubevirt/pull/37) * [OCPBUGS-30861](https://issues.redhat.com/browse/OCPBUGS-30861): Bump golang.org/x/net to v0.18.0 [#36](https://github.com/openshift/cloud-provider-kubevirt/pull/36) * [Full changelog](https://github.com/openshift/cloud-provider-kubevirt/compare/62ca8ad354f49028ce80cb9ec5c48aab3d0f1ecd...7d96f56d4bbc8449fdddbdbc630d9337097f0030) ### [kubevirt-csi-driver](https://github.com/openshift/kubevirt-csi-driver/tree/48fafc4a9edc202c5ff674b5f631568b4d62f7f5) * "OCPBUGS-29792: [release-4.14] Address CVE-2024-1725: Restrict access to infrastructure PVCs by requiring matching infraClusterLabels on tenant PVCs" [#34](https://github.com/openshift/kubevirt-csi-driver/pull/34) * [Full changelog](https://github.com/openshift/kubevirt-csi-driver/compare/831ff3eb2247295c45742fea89df666ed6600d71...48fafc4a9edc202c5ff674b5f631568b4d62f7f5) ### [machine-api-operator](https://github.com/openshift/machine-api-operator/tree/73f2a1f3f772b86bff3755bb444cfa7e182775f9) * [OCPBUGS-31980](https://issues.redhat.com/browse/OCPBUGS-31980): Update x/net to v0.25.0 [#1236](https://github.com/openshift/machine-api-operator/pull/1236) * [OCPBUGS-30898](https://issues.redhat.com/browse/OCPBUGS-30898): Azure MAO CredentialsRequest Contains Unnecessary virtualMachines/extensions Permissions [#1224](https://github.com/openshift/machine-api-operator/pull/1224) * [OCPBUGS-28745](https://issues.redhat.com/browse/OCPBUGS-28745): Set --max-concurrent-reconciles=10 for Azure machine controller [#1217](https://github.com/openshift/machine-api-operator/pull/1217) * [OCPBUGS-28745](https://issues.redhat.com/browse/OCPBUGS-28745): Add AddWithActuatorOpts to allow overriding Machine controller options [#1214](https://github.com/openshift/machine-api-operator/pull/1214) * [OCPBUGS-24998](https://issues.redhat.com/browse/OCPBUGS-24998): Add Snyk file to exclude vendor directory on scan [#1191](https://github.com/openshift/machine-api-operator/pull/1191) * [OCPBUGS-24047](https://issues.redhat.com/browse/OCPBUGS-24047): Update reference URL [#1186](https://github.com/openshift/machine-api-operator/pull/1186) * [OCPBUGS-24047](https://issues.redhat.com/browse/OCPBUGS-24047): Use docs URL instead of KCS article [#1180](https://github.com/openshift/machine-api-operator/pull/1180) * [OCPBUGS-17297](https://issues.redhat.com/browse/OCPBUGS-17297): [release-4.14] Update x/net to fix CVE [#1173](https://github.com/openshift/machine-api-operator/pull/1173) * [Full changelog](https://github.com/openshift/machine-api-operator/compare/525f8e5b89947b38ce07a6a6a3d194bf780d5075...73f2a1f3f772b86bff3755bb444cfa7e182775f9) ### [machine-config-operator](https://github.com/openshift/machine-config-operator/tree/0eac83ac1e841b60677c1ae3f7f3ce07abff8d3a) * [OCPBUGS-33643](https://issues.redhat.com/browse/OCPBUGS-33643): Don't error if the certs.d dir doesn't exist yet [#4362](https://github.com/openshift/machine-config-operator/pull/4362) * [OCPBUGS-32341](https://issues.redhat.com/browse/OCPBUGS-32341): Remove the condition for checking the multiple ovs-if-br-ex profiles [#4325](https://github.com/openshift/machine-config-operator/pull/4325) * [OCPBUGS-27030](https://issues.redhat.com/browse/OCPBUGS-27030): Log network service output to console [#4114](https://github.com/openshift/machine-config-operator/pull/4114) * : OCPBUGS-31731: kubelet: restorecon necessary files on kubelet's prestart [#4307](https://github.com/openshift/machine-config-operator/pull/4307) * [OCPBUGS-32260](https://issues.redhat.com/browse/OCPBUGS-32260): fix: resources were in the wrong indentation level [#4322](https://github.com/openshift/machine-config-operator/pull/4322) * [OCPBUGS-27108](https://issues.redhat.com/browse/OCPBUGS-27108): Add \n in cert_writer for old cert methods and skip cloudCA validation [#4117](https://github.com/openshift/machine-config-operator/pull/4117) * [OCPBUGS-31487](https://issues.redhat.com/browse/OCPBUGS-31487): Prevent OVS-configuration to run before kdump [#4291](https://github.com/openshift/machine-config-operator/pull/4291) * [OCPBUGS-29400](https://issues.redhat.com/browse/OCPBUGS-29400): Run resolv-prepender entirely async [#4182](https://github.com/openshift/machine-config-operator/pull/4182) * [OCPBUGS-31681](https://issues.redhat.com/browse/OCPBUGS-31681): make verify should use MCO's kube version [#4305](https://github.com/openshift/machine-config-operator/pull/4305) * [OCPBUGS-30992](https://issues.redhat.com/browse/OCPBUGS-30992): add preferredduringscheduling annotation to kube-rbac-proxy-crio [#4266](https://github.com/openshift/machine-config-operator/pull/4266) * [OCPBUGS-30872](https://issues.redhat.com/browse/OCPBUGS-30872): add static pods for rbacproxy [#4258](https://github.com/openshift/machine-config-operator/pull/4258) * [OCPBUGS-30107](https://issues.redhat.com/browse/OCPBUGS-30107): annotate on-prem static pods for workload partitioning [#4230](https://github.com/openshift/machine-config-operator/pull/4230) * [OCPBUGS-30225](https://issues.redhat.com/browse/OCPBUGS-30225): set nodeStatusReportFrequency [#4242](https://github.com/openshift/machine-config-operator/pull/4242) * [OCPBUGS-29290](https://issues.redhat.com/browse/OCPBUGS-29290): AWS: Always persist the existing node name on 4.14 [#4215](https://github.com/openshift/machine-config-operator/pull/4215) * [OCPBUGS-20039](https://issues.redhat.com/browse/OCPBUGS-20039): Add v6-primary dual stack support to VSphere UPI [#3956](https://github.com/openshift/machine-config-operator/pull/3956) * [OCPBUGS-29457](https://issues.redhat.com/browse/OCPBUGS-29457): Add existing kubeletconfig/ctrcfg mc-name-suffix annotation [#4187](https://github.com/openshift/machine-config-operator/pull/4187) * [OCPBUGS-26072](https://issues.redhat.com/browse/OCPBUGS-26072): Fix bootstrap with NTO Operator and duplicate MachineConfigs [#4098](https://github.com/openshift/machine-config-operator/pull/4098) * [OCPBUGS-28379](https://issues.redhat.com/browse/OCPBUGS-28379): fix nodeStatusUpdateFrequency [#4149](https://github.com/openshift/machine-config-operator/pull/4149) * [OCPBUGS-28384](https://issues.redhat.com/browse/OCPBUGS-28384): daemon: allow the user to override drains on IR changes [#4150](https://github.com/openshift/machine-config-operator/pull/4150) * [OCPBUGS-27759](https://issues.redhat.com/browse/OCPBUGS-27759): Add Image Credential Provider flags for Kubelet on AWS [#4144](https://github.com/openshift/machine-config-operator/pull/4144) * [OCP 4.14] OCPBUGS-24660: daemon: Add support for new nmstate logic [#4066](https://github.com/openshift/machine-config-operator/pull/4066) * [OCPBUGS-27178](https://issues.redhat.com/browse/OCPBUGS-27178): use *resource.Quantity to not automatically set 0 [#4121](https://github.com/openshift/machine-config-operator/pull/4121) * [OCPBUGS-23089](https://issues.redhat.com/browse/OCPBUGS-23089): Don't retry node-ip show in resolv-prepender [#4022](https://github.com/openshift/machine-config-operator/pull/4022) * [OCPBUGS-27362](https://issues.redhat.com/browse/OCPBUGS-27362): Fix typo in AWS node env unit [#4131](https://github.com/openshift/machine-config-operator/pull/4131) * [OCPBUGS-26500](https://issues.redhat.com/browse/OCPBUGS-26500): crio: drop automatic image cleanup on upgrades [#4105](https://github.com/openshift/machine-config-operator/pull/4105) * [OCPBUGS-26559](https://issues.redhat.com/browse/OCPBUGS-26559): Azure Run ovs-configuration.service before dnsmasq.service [#4109](https://github.com/openshift/machine-config-operator/pull/4109) * [OCPBUGS-26551](https://issues.redhat.com/browse/OCPBUGS-26551): kubelet: fix kubelet labels [#4107](https://github.com/openshift/machine-config-operator/pull/4107) * [OCPBUGS-24596](https://issues.redhat.com/browse/OCPBUGS-24596): [release-4.14] execute cert related processes to ensure proper rotation [#4063](https://github.com/openshift/machine-config-operator/pull/4063) * [OCPBUGS-24397](https://issues.redhat.com/browse/OCPBUGS-24397): gcp-routes: don't exit on crictl failures [#4056](https://github.com/openshift/machine-config-operator/pull/4056) * [OCPBUGS-20554](https://issues.redhat.com/browse/OCPBUGS-20554): Ensure gcp-routes hack for internalLB hairpin traffic works for SGW [#3973](https://github.com/openshift/machine-config-operator/pull/3973) * [OCPBUGS-23474](https://issues.redhat.com/browse/OCPBUGS-23474): Use shorter IP label for keepalived VIP [#4041](https://github.com/openshift/machine-config-operator/pull/4041) * [OCPBUGS-23208](https://issues.redhat.com/browse/OCPBUGS-23208): workaround nmstate bug by configuring ipv{4,6} addresses [#4031](https://github.com/openshift/machine-config-operator/pull/4031) * [OCPBUGS-22275](https://issues.redhat.com/browse/OCPBUGS-22275): support icsp and idms objects [#3995](https://github.com/openshift/machine-config-operator/pull/3995) * [OCPBUGS-22391](https://issues.redhat.com/browse/OCPBUGS-22391): Require a hostname override for AWS [#4001](https://github.com/openshift/machine-config-operator/pull/4001) * [OCPBUGS-20418](https://issues.redhat.com/browse/OCPBUGS-20418): Introduce kubelet-dependencies.target and firstboot-osupdate.target [#3967](https://github.com/openshift/machine-config-operator/pull/3967) * [OCPBUGS-20051](https://issues.redhat.com/browse/OCPBUGS-20051): Support to append the duplicate kernel arguments to the rendered MC [#3957](https://github.com/openshift/machine-config-operator/pull/3957) * [OCPBUGS-21065](https://issues.redhat.com/browse/OCPBUGS-21065): Update library-go and k8s dependencies to latest version [#3994](https://github.com/openshift/machine-config-operator/pull/3994) * [Full changelog](https://github.com/openshift/machine-config-operator/compare/5ac7b4ae0bca76358e4d40f546306775a8e0ea2c...0eac83ac1e841b60677c1ae3f7f3ce07abff8d3a) ### [machine-image-customization-controller](https://github.com/openshift/image-customization-controller/tree/2a6627bafcbb00437ab97308fe1d7df9039104ad) * [OCPBUGS-24576](https://issues.redhat.com/browse/OCPBUGS-24576): configurable ironic agent vlan creation [#111](https://github.com/openshift/image-customization-controller/pull/111) * [Full changelog](https://github.com/openshift/image-customization-controller/compare/2dda87a2c51f00d65836ca12d3639f03e7531f7d...2a6627bafcbb00437ab97308fe1d7df9039104ad) ### [monitoring-plugin](https://github.com/openshift/monitoring-plugin/tree/6fb208108720b9a35782f7d4f6738010ec97ba85) * [OU-318](https://issues.redhat.com/browse/OU-318): consider all metric keys to display all results on dashboards tables [#99](https://github.com/openshift/monitoring-plugin/pull/99) * [OCPBUGS-24664](https://issues.redhat.com/browse/OCPBUGS-24664): disable query link for non metric-based alerts [#82](https://github.com/openshift/monitoring-plugin/pull/82) * [Full changelog](https://github.com/openshift/monitoring-plugin/compare/87571978825e63392a56f6920e068af3a71cda6e...6fb208108720b9a35782f7d4f6738010ec97ba85) ### [multus-admission-controller](https://github.com/openshift/multus-admission-controller/tree/5e74b0fa273076f4a73db00dd0081032f0325405) * [OCPBUGS-21372](https://issues.redhat.com/browse/OCPBUGS-21372): Update go.mod for CVE-2023-39325 [Release-4.14] [#71](https://github.com/openshift/multus-admission-controller/pull/71) * [Full changelog](https://github.com/openshift/multus-admission-controller/compare/1a9985bd714c8a8be934082945ec76f083feeba4...5e74b0fa273076f4a73db00dd0081032f0325405) ### [multus-cni](https://github.com/openshift/multus-cni/tree/4ed99c3a8b0aff168f50d166e82bce2a371c2dbb) * [OCPBUGS-33478](https://issues.redhat.com/browse/OCPBUGS-33478): Fix CNI cache update function to prevent nil access [#232](https://github.com/openshift/multus-cni/pull/232) * [OCPBUGS-26331](https://issues.redhat.com/browse/OCPBUGS-26331): Fix SAST scan issues for multus-cni-container [4.14] [#220](https://github.com/openshift/multus-cni/pull/220) * [OCPBUGS-21099](https://issues.redhat.com/browse/OCPBUGS-21099): Update go.mod for CVE-2023-39325 [Release-4.14] [#194](https://github.com/openshift/multus-cni/pull/194) * [Full changelog](https://github.com/openshift/multus-cni/compare/cc707f694e99a1a82890612e29a1679d6907bdd6...4ed99c3a8b0aff168f50d166e82bce2a371c2dbb) ### [multus-networkpolicy](https://github.com/openshift/multus-networkpolicy/tree/cd6eae10a368d23b94530cdc2a2c2f2356d8cc02) * Update vendor package (#40) [#40](https://github.com/openshift/multus-networkpolicy/pull/40) * [OCPBUGS-21454](https://issues.redhat.com/browse/OCPBUGS-21454): Update go.mod for CVE-2023-39325 (#33) [#33](https://github.com/openshift/multus-networkpolicy/pull/33) * [Full changelog](https://github.com/openshift/multus-networkpolicy/compare/0d76ba791dc3432c51c9a9fa6b95e41034af7988...cd6eae10a368d23b94530cdc2a2c2f2356d8cc02) ### [multus-whereabouts-ipam-cni](https://github.com/openshift/whereabouts-cni/tree/13aebf7480b626f199cb5dbce3f37405dfd486e1) * [OCPBUGS-27858](https://issues.redhat.com/browse/OCPBUGS-27858): Enable reconciler configuration 4.14 [#240](https://github.com/openshift/whereabouts-cni/pull/240) * [OCPBUGS-26553](https://issues.redhat.com/browse/OCPBUGS-26553): Cherry pick fix assignment 4.14 [#230](https://github.com/openshift/whereabouts-cni/pull/230) * [OCPBUGS-21518](https://issues.redhat.com/browse/OCPBUGS-21518): update golang.org/x/net to v0.17.0 [#207](https://github.com/openshift/whereabouts-cni/pull/207) * [Full changelog](https://github.com/openshift/whereabouts-cni/compare/7e454367b5994241feb5dc713065508c5534f8f3...13aebf7480b626f199cb5dbce3f37405dfd486e1) ### [network-metrics-daemon](https://github.com/openshift/network-metrics-daemon/tree/69d0021a4b60db315f47d83bde1c455362a03808) * Added METRIC_TEST_IMAGE var (#88) [#88](https://github.com/openshift/network-metrics-daemon/pull/88) * Update the k8s dependencies to 1.27.7 (#82) [#82](https://github.com/openshift/network-metrics-daemon/pull/82) * [Full changelog](https://github.com/openshift/network-metrics-daemon/compare/5fd1f2dd60022b33fcd989ba80b8a23d19b890b0...69d0021a4b60db315f47d83bde1c455362a03808) ### [network-tools](https://github.com/openshift/network-tools/tree/e79d8173c5628065da85425bc7e4cb1d94f3c919) * [OCPBUGS-31862](https://issues.redhat.com/browse/OCPBUGS-31862): replace wireshark with wireshark-cli [#122](https://github.com/openshift/network-tools/pull/122) * [OCPBUGS-22172](https://issues.redhat.com/browse/OCPBUGS-22172): Move commands to the function to avoid them being executed on -h. [#94](https://github.com/openshift/network-tools/pull/94) * [Full changelog](https://github.com/openshift/network-tools/compare/5ef9f0ea3e403af7702c5b17e15f75940fa22ac4...e79d8173c5628065da85425bc7e4cb1d94f3c919) ### [oauth-apiserver](https://github.com/openshift/oauth-apiserver/tree/8f5c90c74205a45787960a3bec1f12929a391471) * [OCPBUGS-21100](https://issues.redhat.com/browse/OCPBUGS-21100): bump k8s.io (release-4.14) [#100](https://github.com/openshift/oauth-apiserver/pull/100) * [OCPBUGS-27116](https://issues.redhat.com/browse/OCPBUGS-27116): UPSTREAM: <carry>: retry etcd Unavailable errors [#97](https://github.com/openshift/oauth-apiserver/pull/97) * [Full changelog](https://github.com/openshift/oauth-apiserver/compare/a18cb3e10639b5789f7c291707064743feb105e2...8f5c90c74205a45787960a3bec1f12929a391471) ### [oauth-proxy](https://github.com/openshift/oauth-proxy/tree/a4a2f270a57af830508e8cef52d4c8d4f4dfba76) * [OCPBUGS-20980](https://issues.redhat.com/browse/OCPBUGS-20980): go.mod: bump golang.org/x/net to v0.17.0 [#267](https://github.com/openshift/oauth-proxy/pull/267) * [Full changelog](https://github.com/openshift/oauth-proxy/compare/55e0cd172625b3419c698014fa233e54021af9a3...a4a2f270a57af830508e8cef52d4c8d4f4dfba76) ### [oauth-server](https://github.com/openshift/oauth-server/tree/35f4739f342a5838fe6ceaf7a459c78f3777166d) * [OCPBUGS-21393](https://issues.redhat.com/browse/OCPBUGS-21393): go.mod: bump golang.org/x/net to v0.17.0 [#138](https://github.com/openshift/oauth-server/pull/138) * [Full changelog](https://github.com/openshift/oauth-server/compare/37df9ffc9d961eb5e2eaae5ca45cc7cadce34e75...35f4739f342a5838fe6ceaf7a459c78f3777166d) ### [oc-mirror](https://github.com/openshift/oc-mirror/tree/a0733c17322f96d14f9158604fe74f1bfecc4a53) * Bump version to include v5.11.0 of go-git (#822) [#822](https://github.com/openshift/oc-mirror/pull/822) * Fix to ensure operator not found error exits with correct status (#797) [#797](https://github.com/openshift/oc-mirror/pull/797) * [OCPBUGS-28871](https://issues.redhat.com/browse/OCPBUGS-28871): Capability to override default channel (#749) (#790) [#749](https://github.com/openshift/oc-mirror/pull/749) * [OCPBUGS-19429](https://issues.redhat.com/browse/OCPBUGS-19429): Fix cross EUS channel upgrade path calculation (#769) [#769](https://github.com/openshift/oc-mirror/pull/769) * [OCPBUGS-23327](https://issues.redhat.com/browse/OCPBUGS-23327): Fix MirrorToDisk of oci catalogs in hidden folders (#766) [#766](https://github.com/openshift/oc-mirror/pull/766) * skipping prune failure if manifest not found (#735) [#735](https://github.com/openshift/oc-mirror/pull/735) * [OCPBUGS-21472](https://issues.redhat.com/browse/OCPBUGS-21472): fix: CVE-2023-39325 (#711) [#711](https://github.com/openshift/oc-mirror/pull/711) * [Full changelog](https://github.com/openshift/oc-mirror/compare/68cf97ec715ad2d78fb2bac411a118709c191719...a0733c17322f96d14f9158604fe74f1bfecc4a53) ### [olm-catalogd](https://github.com/openshift/operator-framework-catalogd/tree/a333cb0b558abf8d9f8da0eccd5618d767629050) * [OCPBUGS-27585](https://issues.redhat.com/browse/OCPBUGS-27585), [OCPBUGS-27670](https://issues.redhat.com/browse/OCPBUGS-27670): [release-4.14] bump github.com/go-git/go-git/v5 to v5.11.0 [#40](https://github.com/openshift/operator-framework-catalogd/pull/40) * [Full changelog](https://github.com/openshift/operator-framework-catalogd/compare/aa44c0262f1de5d888dc11abe6d730b0c84a8df3...a333cb0b558abf8d9f8da0eccd5618d767629050) ### [olm-operator-controller](https://github.com/openshift/operator-framework-operator-controller/tree/fb6fb278d987faacb4da17b96a109da261fbb962) * [OCPBUGS-27590](https://issues.redhat.com/browse/OCPBUGS-27590), [OCPBUGS-27675](https://issues.redhat.com/browse/OCPBUGS-27675): [release-4.14] bump github.com/go-git/go-git/v5 to v5.11.0 [#69](https://github.com/openshift/operator-framework-operator-controller/pull/69) * [OCPBUGS-22616](https://issues.redhat.com/browse/OCPBUGS-22616): [release-4.14] Bump go.opentelemetry.io dependencies [#58](https://github.com/openshift/operator-framework-operator-controller/pull/58) * [Full changelog](https://github.com/openshift/operator-framework-operator-controller/compare/17343293267cad10f074fbe155c7fa31ed6b9336...fb6fb278d987faacb4da17b96a109da261fbb962) ### [olm-rukpak](https://github.com/openshift/operator-framework-rukpak/tree/2287fb27f4e930e84e83f3c915fa605e8e653c4b) * : OCPBUGS-27680,OCPBUGS-27595: UPSTREAM: <carry>: Update go-git to v5.11.0 [#73](https://github.com/openshift/operator-framework-rukpak/pull/73) * [OCPBUGS-23358](https://issues.redhat.com/browse/OCPBUGS-23358): [release-4.14] Address http2 vulnerability [#53](https://github.com/openshift/operator-framework-rukpak/pull/53) * [Full changelog](https://github.com/openshift/operator-framework-rukpak/compare/daa50736076ed6c207c57ef29d94cde6c7cdbdbd...2287fb27f4e930e84e83f3c915fa605e8e653c4b) ### [openshift-apiserver](https://github.com/openshift/openshift-apiserver/tree/f41d636587a25e25f397c3af8322dd3babf2dd9a) * [OCPBUGS-31509](https://issues.redhat.com/browse/OCPBUGS-31509): vendor upgrade runtime-utils [#426](https://github.com/openshift/openshift-apiserver/pull/426) * [OCPBUGS-27104](https://issues.redhat.com/browse/OCPBUGS-27104): UPSTREAM: <carry>: retry etcd Unavailable errors [#412](https://github.com/openshift/openshift-apiserver/pull/412) * : OCPBUGS-21464: Enable HTTP/2 CVE mitigation [#397](https://github.com/openshift/openshift-apiserver/pull/397) * [OCPBUGS-20150](https://issues.redhat.com/browse/OCPBUGS-20150): pkg/image: avoid unnecessary service lookups when registry is removed [#393](https://github.com/openshift/openshift-apiserver/pull/393) * [Full changelog](https://github.com/openshift/openshift-apiserver/compare/064c2d0ef0ecaeda2bcc4387eaaa7258cee5adcf...f41d636587a25e25f397c3af8322dd3babf2dd9a) ### [openshift-controller-manager](https://github.com/openshift/openshift-controller-manager/tree/27209ef14fcfca236ddba24ac7289bb3d01be8e6) * [OCPBUGS-28950](https://issues.redhat.com/browse/OCPBUGS-28950): Replace 'coreydaley' with 'sayan-biswas' in OWNERS file [#286](https://github.com/openshift/openshift-controller-manager/pull/286) * [Full changelog](https://github.com/openshift/openshift-controller-manager/compare/69bd018865f9a729001244d0ae2ad0a444f59eb0...27209ef14fcfca236ddba24ac7289bb3d01be8e6) ### [openstack-cinder-csi-driver-operator](https://github.com/openshift/openstack-cinder-csi-driver-operator/tree/3a74316128f526245959b33958aac5bcb68bce99) * [OCPBUGS-25657](https://issues.redhat.com/browse/OCPBUGS-25657): Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler [#153](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/153) * [OCPBUGS-26460](https://issues.redhat.com/browse/OCPBUGS-26460), [OCPBUGS-26461](https://issues.redhat.com/browse/OCPBUGS-26461): [release-4.14] CVE-2023-45142,CVE-2023-47108: bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to v0.46.1 [#156](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/156) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#142](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/142) * [OCPBUGS-21573](https://issues.redhat.com/browse/OCPBUGS-21573): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#135](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/135) * [Full changelog](https://github.com/openshift/openstack-cinder-csi-driver-operator/compare/5e20bfccc6b33ec84b9733ceeb22f932dbeac8d2...3a74316128f526245959b33958aac5bcb68bce99) ### [openstack-machine-api-provider](https://github.com/openshift/machine-api-provider-openstack/tree/51f8e4d69014bfa7a8815662ab0117b6505a6e29) * [OCPBUGS-32428](https://issues.redhat.com/browse/OCPBUGS-32428): Ensure portSecurity is correctly set in the Instance Ports [#109](https://github.com/openshift/machine-api-provider-openstack/pull/109) * [OCPBUGS-23202](https://issues.redhat.com/browse/OCPBUGS-23202): Don't build InstanceSpec during delete operations [#95](https://github.com/openshift/machine-api-provider-openstack/pull/95) * [Full changelog](https://github.com/openshift/machine-api-provider-openstack/compare/47ad2845b2477e1bce01eca4ffc016c2a2af9bf8...51f8e4d69014bfa7a8815662ab0117b6505a6e29) ### [operator-lifecycle-manager, operator-registry](https://github.com/openshift/operator-framework-olm/tree/5e8dd9210f931530eda2651a49ad15ceb97c9f21) * [OCPBUGS-33356](https://issues.redhat.com/browse/OCPBUGS-33356): UPSTREAM: <carry>: bump go-jose [#743](https://github.com/openshift/operator-framework-olm/pull/743) * [OCPBUGS-30775](https://issues.redhat.com/browse/OCPBUGS-30775): [4.14] bump grpc to 1.60.1, reconnect idle connections (#3147) [#715](https://github.com/openshift/operator-framework-olm/pull/715) * [OCPBUGS-29192](https://issues.redhat.com/browse/OCPBUGS-29192): [release-4.14]: Clear (existing) error cond from Subscription, once error resolved [#686](https://github.com/openshift/operator-framework-olm/pull/686) * [OCPBUGS-29194](https://issues.redhat.com/browse/OCPBUGS-29194): Retry failing unpack jobs [#689](https://github.com/openshift/operator-framework-olm/pull/689) * NO-ISSUE: [release-4.14] Backport e2e fixes to 4.14 [#674](https://github.com/openshift/operator-framework-olm/pull/674) * [OCPBUGS-27314](https://issues.redhat.com/browse/OCPBUGS-27314): Don't sync namespaces that have no subscriptions [#675](https://github.com/openshift/operator-framework-olm/pull/675) * [OCPBUGS-27565](https://issues.redhat.com/browse/OCPBUGS-27565), [OCPBUGS-27570](https://issues.redhat.com/browse/OCPBUGS-27570), [OCPBUGS-27650](https://issues.redhat.com/browse/OCPBUGS-27650), [OCPBUGS-27655](https://issues.redhat.com/browse/OCPBUGS-27655): bump go-git/v5 to 5.11.0 [#677](https://github.com/openshift/operator-framework-olm/pull/677) * [OCPBUGS-27485](https://issues.redhat.com/browse/OCPBUGS-27485): [CARRY] SSC RBAC [#665](https://github.com/openshift/operator-framework-olm/pull/665) * [OCPBUGS-22538](https://issues.redhat.com/browse/OCPBUGS-22538): bump otelhttp to 44.0 for api [#647](https://github.com/openshift/operator-framework-olm/pull/647) * [OCPBUGS-22538](https://issues.redhat.com/browse/OCPBUGS-22538): otelhttp bump [release-4.14] [#632](https://github.com/openshift/operator-framework-olm/pull/632) * [OCPBUGS-20829](https://issues.redhat.com/browse/OCPBUGS-20829): [releaser-4.14] Fix apiserver vulnerability [#608](https://github.com/openshift/operator-framework-olm/pull/608) * [OCPBUGS-23212](https://issues.redhat.com/browse/OCPBUGS-23212): Do not derive installplan.spec.clusterServiceNames from bundle IDs [#607](https://github.com/openshift/operator-framework-olm/pull/607) * [OCPBUGS-18904](https://issues.redhat.com/browse/OCPBUGS-18904): [release-4.14] Improve Leader Election Hand Off [#605](https://github.com/openshift/operator-framework-olm/pull/605) * [OCPBUGS-23508](https://issues.redhat.com/browse/OCPBUGS-23508): [release-4.14] Use generated namespaces in e2e tests [#614](https://github.com/openshift/operator-framework-olm/pull/614) * [OCPBUGS-20400](https://issues.redhat.com/browse/OCPBUGS-20400): Add OLMConfig API to control package server sync interval [release-4.14] [#582](https://github.com/openshift/operator-framework-olm/pull/582) * [OCPBUGS-19789](https://issues.redhat.com/browse/OCPBUGS-19789): Backport OCPBUGS-14698: Rename ClusterRoles created by OperatorGroups [release-4.14] [#566](https://github.com/openshift/operator-framework-olm/pull/566) * [Full changelog](https://github.com/openshift/operator-framework-olm/compare/f515d1ce7c78cb9838bc065e66a229e0b4879d4b...5e8dd9210f931530eda2651a49ad15ceb97c9f21) ### [ovn-kubernetes, ovn-kubernetes-microshift](https://github.com/openshift/ovn-kubernetes/tree/fcb4f2505821b0eddf003a226606045d79b37f21) * [OCPBUGS-34076](https://issues.redhat.com/browse/OCPBUGS-34076): Reuse node-subnet from cache if exists [#2177](https://github.com/openshift/ovn-kubernetes/pull/2177) * [OCPBUGS-34405](https://issues.redhat.com/browse/OCPBUGS-34405): [release-4.14] dns: fix deadlock in case of error [#2183](https://github.com/openshift/ovn-kubernetes/pull/2183) * [OCPBUGS-33469](https://issues.redhat.com/browse/OCPBUGS-33469): drop-forwarding: Add ClusterSubnets to allowed forwarding CIDRs [#2160](https://github.com/openshift/ovn-kubernetes/pull/2160) * [OCPBUGS-33537](https://issues.redhat.com/browse/OCPBUGS-33537): Improves service iptables efficiency on start up [#2164](https://github.com/openshift/ovn-kubernetes/pull/2164) * [OCPBUGS-32104](https://issues.redhat.com/browse/OCPBUGS-32104): Periodically check the ovnkube-node certificate is not expired [#2117](https://github.com/openshift/ovn-kubernetes/pull/2117) * [OCPBUGS-32319](https://issues.redhat.com/browse/OCPBUGS-32319): [release-4.14] Full implementation of KEP-1669 ProxyTerminatingEndpoints + ETP=local fix [#2128](https://github.com/openshift/ovn-kubernetes/pull/2128) * [Release 4.14] OCPBUGS-32987: Bump OVS [#2148](https://github.com/openshift/ovn-kubernetes/pull/2148) * [OCPBUGS-32247](https://issues.redhat.com/browse/OCPBUGS-32247): [release-4.14] OVN bump to 23.09.0-139 [#2123](https://github.com/openshift/ovn-kubernetes/pull/2123) * [OCPBUGS-29397](https://issues.redhat.com/browse/OCPBUGS-29397): 4.14 High CPU usage with APB CRD [#2118](https://github.com/openshift/ovn-kubernetes/pull/2118) * [OCPBUGS-32353](https://issues.redhat.com/browse/OCPBUGS-32353): Custom v4 and v6 transit switch subnets while creating kind cluster [#2122](https://github.com/openshift/ovn-kubernetes/pull/2122) * [OCPBUGS-31853](https://issues.redhat.com/browse/OCPBUGS-31853), [OCPBUGS-31854](https://issues.redhat.com/browse/OCPBUGS-31854): EIP multi NIC IPv6 support and default route with next hop [#2114](https://github.com/openshift/ovn-kubernetes/pull/2114) * [OCPBUGS-31648](https://issues.redhat.com/browse/OCPBUGS-31648): Set mac binding age threshold in gateway routers [#2115](https://github.com/openshift/ovn-kubernetes/pull/2115) * [OCPBUGS-29342](https://issues.redhat.com/browse/OCPBUGS-29342): AdminPolicyBasedExternalRoute CRD failing to watch and reconcile routes for later pods [#2076](https://github.com/openshift/ovn-kubernetes/pull/2076) * [OCPBUGS-29606](https://issues.redhat.com/browse/OCPBUGS-29606): Update HostNetworkNamespace address_set for remote zone nodes [#2091](https://github.com/openshift/ovn-kubernetes/pull/2091) * [OCPBUGS-28726](https://issues.redhat.com/browse/OCPBUGS-28726): Update netpol namespace address sets usage to the old ways [#2068](https://github.com/openshift/ovn-kubernetes/pull/2068) * [OCPBUGS-28819](https://issues.redhat.com/browse/OCPBUGS-28819): Support Permanent Session Affinity [#2046](https://github.com/openshift/ovn-kubernetes/pull/2046) * [OCPBUGS-29231](https://issues.redhat.com/browse/OCPBUGS-29231): [release-4.14] Separate timeout for handler sync from informer sync & do not resync services during node tracker startup [#2061](https://github.com/openshift/ovn-kubernetes/pull/2061) * [OCPBUGS-29186](https://issues.redhat.com/browse/OCPBUGS-29186): Wait for ovnkube controller to start before checking result error. [#2067](https://github.com/openshift/ovn-kubernetes/pull/2067) * [OCPBUGS-29207](https://issues.redhat.com/browse/OCPBUGS-29207): Ignore hybrid-overlay nodes from EgressIP controller [#2062](https://github.com/openshift/ovn-kubernetes/pull/2062) * [OCPBUGS-25999](https://issues.redhat.com/browse/OCPBUGS-25999): Prevent multiple encap-ips per single chassis [#2037](https://github.com/openshift/ovn-kubernetes/pull/2037) * [OCPBUGS-28789](https://issues.redhat.com/browse/OCPBUGS-28789): Fix LGW ETP=Local on IPv6 [#2042](https://github.com/openshift/ovn-kubernetes/pull/2042) * [OCPBUGS-27925](https://issues.redhat.com/browse/OCPBUGS-27925): dont quit if node does not have subnet annotation [#2026](https://github.com/openshift/ovn-kubernetes/pull/2026) * [OCPBUGS-27256](https://issues.redhat.com/browse/OCPBUGS-27256): Ensure session affinity cleanup on backend removal [#2021](https://github.com/openshift/ovn-kubernetes/pull/2021) * [OCPBUGS-23395](https://issues.redhat.com/browse/OCPBUGS-23395): Egressfirewall use port groups [#1956](https://github.com/openshift/ovn-kubernetes/pull/1956) * [OCPBUGS-27243](https://issues.redhat.com/browse/OCPBUGS-27243): CARRY: Updates owners and adds Surya [#2019](https://github.com/openshift/ovn-kubernetes/pull/2019) * [OCPBUGS-25081](https://issues.redhat.com/browse/OCPBUGS-25081): Update ACL syncer: make default deny acls filter more strict, [#1981](https://github.com/openshift/ovn-kubernetes/pull/1981) * [OCPBUGS-26568](https://issues.redhat.com/browse/OCPBUGS-26568): Synchronize node primary address update [#2012](https://github.com/openshift/ovn-kubernetes/pull/2012) * [OCPBUGS-24326](https://issues.redhat.com/browse/OCPBUGS-24326): APB External Route: Add IPv4 and IPv6 validation in CRD schema for static hop IP field [#1967](https://github.com/openshift/ovn-kubernetes/pull/1967) * [OCPBUGS-25903](https://issues.redhat.com/browse/OCPBUGS-25903): Fix Egress IP Deletion Handler to Prevent OVN Policy Leaks [#2003](https://github.com/openshift/ovn-kubernetes/pull/2003) * [OCPBUGS-25746](https://issues.redhat.com/browse/OCPBUGS-25746), [OCPBUGS-25747](https://issues.redhat.com/browse/OCPBUGS-25747): Dockerfile: Bump OVN to ovn-23.09.0-91.el9fdp [#1996](https://github.com/openshift/ovn-kubernetes/pull/1996) * [OCPBUGS-24320](https://issues.redhat.com/browse/OCPBUGS-24320): APB status not updated when fails to process during the first reconciliations [#1968](https://github.com/openshift/ovn-kubernetes/pull/1968) * [OCPBUGS-23257](https://issues.redhat.com/browse/OCPBUGS-23257): Update leaderelection config to allow retries [#1955](https://github.com/openshift/ovn-kubernetes/pull/1955) * [OCPBUGS-23387](https://issues.redhat.com/browse/OCPBUGS-23387): Ignore completed virt-launcher pods [#1954](https://github.com/openshift/ovn-kubernetes/pull/1954) * [OCPBUGS-25087](https://issues.redhat.com/browse/OCPBUGS-25087): Fragment oversized reply packets in LGW mode [#1982](https://github.com/openshift/ovn-kubernetes/pull/1982) * [OCPBUGS-22735](https://issues.redhat.com/browse/OCPBUGS-22735): OVNK/GW: Ignore headless services in syncServices [#1970](https://github.com/openshift/ovn-kubernetes/pull/1970) * [OCPBUGS-24350](https://issues.redhat.com/browse/OCPBUGS-24350): [release-4.14] fixes MTU configuration on gateway router [#1969](https://github.com/openshift/ovn-kubernetes/pull/1969) * [OCPBUGS-24209](https://issues.redhat.com/browse/OCPBUGS-24209): Significantly reduce shared informer memory usage [#1964](https://github.com/openshift/ovn-kubernetes/pull/1964) * [Full changelog](https://github.com/openshift/ovn-kubernetes/compare/7a232386623498f099ccdedfc58bc1c134c61ddd...fcb4f2505821b0eddf003a226606045d79b37f21) ### [powervs-block-csi-driver](https://github.com/openshift/ibm-powervs-block-csi-driver/tree/ceacf8b4308cf0c00c18952f7dbcdc112efdbb46) * [OCPBUGS-33637](https://issues.redhat.com/browse/OCPBUGS-33637): Fix CVE2023-45288 by bumping x/net to v0.24.0 - 4.14 [#81](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/81) * [OCPBUGS-25980](https://issues.redhat.com/browse/OCPBUGS-25980): Rebase with upstream: Fix snyk code issue: Path Traversal [#72](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/72) * [OCPBUGS-24713](https://issues.redhat.com/browse/OCPBUGS-24713): synk: ignore vendor dir [#60](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/60) * [Full changelog](https://github.com/openshift/ibm-powervs-block-csi-driver/compare/e9694cefd775cd6313acdd8d6382fe60cec8559c...ceacf8b4308cf0c00c18952f7dbcdc112efdbb46) ### [powervs-block-csi-driver-operator](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/tree/7436369afce33811e543b13fcbea8d1e1ff65502) * [OCPBUGS-25657](https://issues.redhat.com/browse/OCPBUGS-25657): Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler [#58](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/pull/58) * [OCPBUGS-25715](https://issues.redhat.com/browse/OCPBUGS-25715): snyk: ignore vendor dir [#60](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/pull/60) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#48](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/pull/48) * [Full changelog](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/compare/48b56bbfa3557eb528b20d7d34a99bbd0d542355...7436369afce33811e543b13fcbea8d1e1ff65502) ### [powervs-cloud-controller-manager](https://github.com/openshift/cloud-provider-powervs/tree/32c1028ecf58851eb1270f47351a4423ba081c3b) * [OCPBUGS-24727](https://issues.redhat.com/browse/OCPBUGS-24727): UPSTREAM: <carry>: snyk code scan exclude vendor directory [#54](https://github.com/openshift/cloud-provider-powervs/pull/54) * [Full changelog](https://github.com/openshift/cloud-provider-powervs/compare/0a89a6ef29a15f2fa51a0735c200e54f5af122c6...32c1028ecf58851eb1270f47351a4423ba081c3b) ### [powervs-machine-controllers](https://github.com/openshift/machine-api-provider-powervs/tree/1a957dae3a7c9c36752b4869854a90e6b88eaf7e) * [OCPBUGS-24730](https://issues.redhat.com/browse/OCPBUGS-24730): snyk code scan exclude vendor directory [#65](https://github.com/openshift/machine-api-provider-powervs/pull/65) * [Full changelog](https://github.com/openshift/machine-api-provider-powervs/compare/02379e59576940766549f8d5c0ccec245a2682e3...1a957dae3a7c9c36752b4869854a90e6b88eaf7e) ### [prometheus](https://github.com/openshift/prometheus/tree/b7c61bcba6ff69bbb91d1a4b86ba7191653776cd) * [OCPBUGS-22531](https://issues.redhat.com/browse/OCPBUGS-22531): bump otel dependencies [#183](https://github.com/openshift/prometheus/pull/183) * [Full changelog](https://github.com/openshift/prometheus/compare/bcb475d970214c3f48308426014b1ffb05758e34...b7c61bcba6ff69bbb91d1a4b86ba7191653776cd) ### [prometheus-config-reloader, prometheus-operator, prometheus-operator-admission-webhook](https://github.com/openshift/prometheus-operator/tree/a4b845a7ae4e1ffb62eae963406481f1c3456bfe) * [OCPBUGS-30015](https://issues.redhat.com/browse/OCPBUGS-30015): fix: convert `continue` field between v1beta1 and v1alpha1 [#279](https://github.com/openshift/prometheus-operator/pull/279) * [OCPBUGS-20881](https://issues.redhat.com/browse/OCPBUGS-20881): fix: disable HTTP2 connections by default [#253](https://github.com/openshift/prometheus-operator/pull/253) * [Full changelog](https://github.com/openshift/prometheus-operator/compare/3de5e6d28b10142179eda77d218fb5c3e9f04667...a4b845a7ae4e1ffb62eae963406481f1c3456bfe) ### [route-controller-manager](https://github.com/openshift/route-controller-manager/tree/1a5e72f41b21f5ebcd6f9dd8227d92ad1fffbb1e) * [OCPBUGS-21576](https://issues.redhat.com/browse/OCPBUGS-21576): bump(k8s,openshift) to address CVE-2023-44487 [4.14] [#34](https://github.com/openshift/route-controller-manager/pull/34) * [Full changelog](https://github.com/openshift/route-controller-manager/compare/0a976ea8bb9f7bf1d0b22730dc0825f976b27ccc...1a5e72f41b21f5ebcd6f9dd8227d92ad1fffbb1e) ### [service-ca-operator](https://github.com/openshift/service-ca-operator/tree/3c3f82f7112ee4b5656e5c554f9887acdf881175) * [OCPBUGS-21066](https://issues.redhat.com/browse/OCPBUGS-21066): go.mod: bump golang.org/x/net to v0.17.0 [#224](https://github.com/openshift/service-ca-operator/pull/224) * [Full changelog](https://github.com/openshift/service-ca-operator/compare/030a429b314d772b7cc7a1dd9af2073988a5b0a5...3c3f82f7112ee4b5656e5c554f9887acdf881175) ### [telemeter](https://github.com/openshift/telemeter/tree/c683f6571479cdb0e7577a22e9cf0f64d9ed77f9) * [OCPBUGS-22647](https://issues.redhat.com/browse/OCPBUGS-22647): go.mod: bump go.opentelemetry.io/contrib/instrumentation/net/http/ote… [#494](https://github.com/openshift/telemeter/pull/494) * [Full changelog](https://github.com/openshift/telemeter/compare/c8b876a2ba2965c90a57ca543d4f55d7bf9a8702...c683f6571479cdb0e7577a22e9cf0f64d9ed77f9) ### [tests](https://github.com/openshift/origin/tree/d44a62a72c314a3711a4389c9b989bb707ae2161) * [OCPBUGS-33417](https://issues.redhat.com/browse/OCPBUGS-33417): Provide SCC access via RBAC [#28806](https://github.com/openshift/origin/pull/28806) * [OCPBUGS-33563](https://issues.redhat.com/browse/OCPBUGS-33563): Adjust the method of get the apiServer (release-4.14) [#28763](https://github.com/openshift/origin/pull/28763) * [OCPBUGS-29970](https://issues.redhat.com/browse/OCPBUGS-29970): Do not assume there is just a single kubelet systemd service [#28620](https://github.com/openshift/origin/pull/28620) * [OCPNODE-2101](https://issues.redhat.com/browse/OCPNODE-2101): add kube-rbac-proxy-crio toleration change [#28647](https://github.com/openshift/origin/pull/28647) * [OCPBUGS-29928](https://issues.redhat.com/browse/OCPBUGS-29928): Only extract node role from properly formatted node-role label [#28616](https://github.com/openshift/origin/pull/28616) * [OCPBUGS-29182](https://issues.redhat.com/browse/OCPBUGS-29182): updated timeout to 3 seconds to account for network timing issues [#28578](https://github.com/openshift/origin/pull/28578) * [OCPBUGS-29034](https://issues.redhat.com/browse/OCPBUGS-29034): Replace 'coreydaley' with 'sayan-biswas' [#28574](https://github.com/openshift/origin/pull/28574) * [OCPBUGS-26044](https://issues.redhat.com/browse/OCPBUGS-26044): Adding test case for when exceed openshift.io/image-tags will ban to … [#28493](https://github.com/openshift/origin/pull/28493) * [OCPBUGS-21774](https://issues.redhat.com/browse/OCPBUGS-21774): backport #28316 to 4.14 release [#28335](https://github.com/openshift/origin/pull/28335) * Revert "[release-4.14] OCPBUGS-22720: Use Centos 8 Stream mysql image in tests" [#28368](https://github.com/openshift/origin/pull/28368) * [OCPBUGS-23042](https://issues.redhat.com/browse/OCPBUGS-23042): tolerate AWS edge nodes on monitor tests [#28387](https://github.com/openshift/origin/pull/28387) * [OCPBUGS-23145](https://issues.redhat.com/browse/OCPBUGS-23145): Bump watch requests for cluster-baremetal-operator [#28385](https://github.com/openshift/origin/pull/28385) * trt-1340: backport exact and disable monitor tests options to 4.14 [#28391](https://github.com/openshift/origin/pull/28391) * [OCPBUGS-19923](https://issues.redhat.com/browse/OCPBUGS-19923): Updating parameters for build timing PushImage test [#28291](https://github.com/openshift/origin/pull/28291) * [OCPBUGS-22411](https://issues.redhat.com/browse/OCPBUGS-22411): fix: increase upper bounds for samples operator [#28356](https://github.com/openshift/origin/pull/28356) * [OCPBUGS-22720](https://issues.redhat.com/browse/OCPBUGS-22720): Use Centos 8 Stream mysql image in tests [#28365](https://github.com/openshift/origin/pull/28365) * [OCPBUGS-22389](https://issues.redhat.com/browse/OCPBUGS-22389): Remove all docker.io images due to access denied [#28355](https://github.com/openshift/origin/pull/28355) * [Full changelog](https://github.com/openshift/origin/compare/948001ae03043076394d48fc3f7ad6ca374a7231...d44a62a72c314a3711a4389c9b989bb707ae2161) ### [thanos](https://github.com/openshift/thanos/tree/a26712509e3f9c511926ca9d8bba3e3ea8e95ada) * [OCPBUGS-22636](https://issues.redhat.com/browse/OCPBUGS-22636): Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.42.0 to 0.44.0 [#130](https://github.com/openshift/thanos/pull/130) * [Full changelog](https://github.com/openshift/thanos/compare/175a63002855e7a3f4f5cd49c90680c41be181d8...a26712509e3f9c511926ca9d8bba3e3ea8e95ada) ### [vsphere-cloud-controller-manager](https://github.com/openshift/cloud-provider-vsphere/tree/b04567f77273f6c338ece9fda29c0a65297130d5) * [OCPBUGS-21520](https://issues.redhat.com/browse/OCPBUGS-21520): Bump golang.org/x/net to v0.18.0 [#54](https://github.com/openshift/cloud-provider-vsphere/pull/54) * [Full changelog](https://github.com/openshift/cloud-provider-vsphere/compare/a24e1713cb61b7a56482fb0a23eb94b642fbeb78...b04567f77273f6c338ece9fda29c0a65297130d5) ### [vsphere-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-vsphere/tree/72e998c300e17a7ba81d4a5a7624d69b0a104603) * [OCPBUGS-17312](https://issues.redhat.com/browse/OCPBUGS-17312), [OCPBUGS-21558](https://issues.redhat.com/browse/OCPBUGS-21558): [release-4.14] bump golang.org/x/net to v0.17.0 [#20](https://github.com/openshift/cluster-api-provider-vsphere/pull/20) * [Full changelog](https://github.com/openshift/cluster-api-provider-vsphere/compare/9f1d564131eae50d9d490a4518a699b8786ad346...72e998c300e17a7ba81d4a5a7624d69b0a104603) ### [vsphere-csi-driver, vsphere-csi-driver-syncer](https://github.com/openshift/vmware-vsphere-csi-driver/tree/4598e1709f3e28f2fcd5c890df33e16ff81b7c8f) * [OCPBUGS-33798](https://issues.redhat.com/browse/OCPBUGS-33798): FailedPrecondition volume does not appear staged [#119](https://github.com/openshift/vmware-vsphere-csi-driver/pull/119) * [Full changelog](https://github.com/openshift/vmware-vsphere-csi-driver/compare/a5ed57f5120136bf08e134bf478186c82bfb81da...4598e1709f3e28f2fcd5c890df33e16ff81b7c8f) ### [vsphere-csi-driver-operator](https://github.com/openshift/vmware-vsphere-csi-driver-operator/tree/5d5105f93e02ba0c4c07890b3db630b11d839abf) * [OCPBUGS-25657](https://issues.redhat.com/browse/OCPBUGS-25657): Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler [#203](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/203) * [OCPBUGS-24224](https://issues.redhat.com/browse/OCPBUGS-24224): Explicitly degrade the cluster when conditions are not met [#194](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/194) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#186](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/186) * [OCPBUGS-23169](https://issues.redhat.com/browse/OCPBUGS-23169): Fix vsphere csi controller pods from getting constantly restarted [#193](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/193) * [OCPBUGS-22430](https://issues.redhat.com/browse/OCPBUGS-22430): disable http/2 server support in webhook [#182](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/182) * [Full changelog](https://github.com/openshift/vmware-vsphere-csi-driver-operator/compare/f7afb6462c79317cc53c621084640860a4351788...5d5105f93e02ba0c4c07890b3db630b11d839abf) ### [vsphere-problem-detector](https://github.com/openshift/vsphere-problem-detector/tree/ece171d2d5b5fa417d1aece9aa80714841c35cec) * [OCPBUGS-24401](https://issues.redhat.com/browse/OCPBUGS-24401): Use failure-domains and other changes from master [#142](https://github.com/openshift/vsphere-problem-detector/pull/142) * [OCPBUGS-21812](https://issues.redhat.com/browse/OCPBUGS-21812): Warn usernames without domain name [#134](https://github.com/openshift/vsphere-problem-detector/pull/134) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#138](https://github.com/openshift/vsphere-problem-detector/pull/138) * [Full changelog](https://github.com/openshift/vsphere-problem-detector/compare/6b359ea5b69636a00cfd5c4f81f0279cfd41401a...ece171d2d5b5fa417d1aece9aa80714841c35cec)