# 4.14.56 Created: 2025-08-28 21:00:48 +0000 UTC Image Digest: `sha256:5f0204b0de50a408dc8b52f568e90aef6b3266ee8d22a77c1b34ceefb2b00f14` ## Changes from 4.15.0-0.nightly-2025-08-20-015949 ### Components * Kubernetes upgraded from 1.28.15 to 1.27.16 * Red Hat Enterprise Linux CoreOS upgraded from 415.92.202508192014-0 to 414.92.202508270040-0 ### New images * [kuryr-cni](https://github.com/openshift/kuryr-kubernetes) git [8926a294](https://github.com/openshift/kuryr-kubernetes/commit/8926a294348d3791040748774b0ac0892b968494) `sha256:efa6dc87055200447f11a6a18aecac930d2f159a1dcd6600d5935490d8f40d26` * [kuryr-controller](https://github.com/openshift/kuryr-kubernetes) git [8926a294](https://github.com/openshift/kuryr-kubernetes/commit/8926a294348d3791040748774b0ac0892b968494) `sha256:2e6980eeff217a38185ccdb43c0b3074b3df8437b72ddb89919a78e25a615f4f` * [ovirt-machine-controllers](https://github.com/openshift/cluster-api-provider-ovirt) git [5d708631](https://github.com/openshift/cluster-api-provider-ovirt/commit/5d708631fca37aff0ede7d7f8fc9ba76c7fcee47) `sha256:81b012fc3f45012d9846b0158d3659a8081892742811499a3720b472e0d1ef86` ### Removed images * cluster-config-api * installer-altinfra * kube-metrics-server * openstack-cluster-api-controllers ### Rebuilt images without code change * machine-os-content `sha256:19be24e930e1c279e2d93dc0fee60236a49f75ff647bdb971d283569e148d654` * rhel-coreos `sha256:9a7d7fd877f4ca65cce28c3fe8d1a0108d843c8718541ca1976f9b6707f9d8c0` * rhel-coreos-extensions `sha256:40354318e09914a15cf32c05a779ad3df1cefb35cf0114b30d418eb5aeff11b0` ### [agent-installer-api-server](https://github.com/openshift/assisted-service/tree/6df4bf1f0f2b26e32346ae81f1291ce151780b58) * [OCPBUGS-58632](https://issues.redhat.com/browse/OCPBUGS-58632), [OCPBUGS-58637](https://issues.redhat.com/browse/OCPBUGS-58637): Bump glog to v1.2.5 in release-4.14 (#7906) [#7906](https://github.com/openshift/assisted-service/pull/7906) * [OCPBUGS-53691](https://issues.redhat.com/browse/OCPBUGS-53691): Bump jwt to 4.5.2 in release-4.14 (#7499) [#7499](https://github.com/openshift/assisted-service/pull/7499) * [OCPBUGS-46941](https://issues.redhat.com/browse/OCPBUGS-46941): OCPBUGS-46184: Bump golang.org/x/net to 0.33.0 (#7200) [#7200](https://github.com/openshift/assisted-service/pull/7200) * [OCPBUGS-15346](https://issues.redhat.com/browse/OCPBUGS-15346), [OCPBUGS-15347](https://issues.redhat.com/browse/OCPBUGS-15347): Update version go-http-metrics and gin-gonic/gin (#6899) [#6899](https://github.com/openshift/assisted-service/pull/6899) * [OCPBUGS-34641](https://issues.redhat.com/browse/OCPBUGS-34641): Invalid Pull-Secret when using password which contains a colon character (#6416) [#6416](https://github.com/openshift/assisted-service/pull/6416) * [OCPBUGS-31631](https://issues.redhat.com/browse/OCPBUGS-31631): Deploy dual stack with IPv6 on top of bond/vlan fails (#6322) [#6322](https://github.com/openshift/assisted-service/pull/6322) * [MGMT-17594](https://issues.redhat.com/browse/MGMT-17594): Bump x/net to v0.24.0 to mitigate CVE-2023-45288 (#6216) [#6216](https://github.com/openshift/assisted-service/pull/6216) * [MGMT-17549](https://issues.redhat.com/browse/MGMT-17549): Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#6203) [#6203](https://github.com/openshift/assisted-service/pull/6203) * [MGMT-17541](https://issues.redhat.com/browse/MGMT-17541): Replace broken golangci reference (#6197) [#6197](https://github.com/openshift/assisted-service/pull/6197) * NO-ISSUE: replace postgres images as current one disappeared from quay (#6134) [#6134](https://github.com/openshift/assisted-service/pull/6134) * [MGMT-16950](https://issues.redhat.com/browse/MGMT-16950): changing dnsmasq configuration for sno in order to meet single ip installation flow for ibu (#5973) [#5973](https://github.com/openshift/assisted-service/pull/5973) * [MGMT-16494](https://issues.redhat.com/browse/MGMT-16494): Move ip hint file creation to ignition in order to change it in IBI process (#5974) [#5974](https://github.com/openshift/assisted-service/pull/5974) * [MGMT-16517](https://issues.redhat.com/browse/MGMT-16517): Add Env Var Deployment Type & Set ABI (#5987) [#5987](https://github.com/openshift/assisted-service/pull/5987) * [MGMT-15796](https://issues.redhat.com/browse/MGMT-15796): set CloudControllerManager to External for OCI (#5877) [#5877](https://github.com/openshift/assisted-service/pull/5877) * [OCPBUGS-23069](https://issues.redhat.com/browse/OCPBUGS-23069): Ignore hostPrefix validation for plugins other than OVN/SDN (#5676) [#5676](https://github.com/openshift/assisted-service/pull/5676) * [Full changelog](https://github.com/openshift/assisted-service/compare/b7cfbf8fa8d25329ab1e4e46571e4c4bbdfdc1b2...6df4bf1f0f2b26e32346ae81f1291ce151780b58) ### [agent-installer-csr-approver, agent-installer-orchestrator](https://github.com/openshift/assisted-installer/tree/54aa57eb81d052a36ae8b78f2905d870ee0718ad) * [OCPBUGS-58642](https://issues.redhat.com/browse/OCPBUGS-58642): CVE-2024-45339: Bump glog pkg version to 1.2.4 (#1194) [#1194](https://github.com/openshift/assisted-installer/pull/1194) * [OCPBUGS-53715](https://issues.redhat.com/browse/OCPBUGS-53715): Bump jwt to 4.5.2 in release-4.14 (#1093) [#1093](https://github.com/openshift/assisted-installer/pull/1093) * Bump golang.org/x/net to v0.33.0 (#1012) [#1012](https://github.com/openshift/assisted-installer/pull/1012) * [OCPBUGS-15347](https://issues.redhat.com/browse/OCPBUGS-15347): Update version go-http-metrics/gin (#933) [#933](https://github.com/openshift/assisted-installer/pull/933) * [MGMT-17594](https://issues.redhat.com/browse/MGMT-17594): Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#834) [#834](https://github.com/openshift/assisted-installer/pull/834) * [MGMT-17591](https://issues.redhat.com/browse/MGMT-17591): Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#830) [#830](https://github.com/openshift/assisted-installer/pull/830) * [MGMT-16843](https://issues.redhat.com/browse/MGMT-16843): Ensure valid hostname during install (#794) [#794](https://github.com/openshift/assisted-installer/pull/794) * [OCPBUGS-20049](https://issues.redhat.com/browse/OCPBUGS-20049): Remove uninitialized taint for agent-based installs (#753) [#753](https://github.com/openshift/assisted-installer/pull/753) * [Full changelog](https://github.com/openshift/assisted-installer/compare/f0b1275e58633382222af71a6cac527e6f8cec24...54aa57eb81d052a36ae8b78f2905d870ee0718ad) ### [agent-installer-node-agent](https://github.com/openshift/assisted-installer-agent/tree/91a728121bc65eae12af93ae003695d879a8f019) * [OCPBUGS-58652](https://issues.redhat.com/browse/OCPBUGS-58652), [OCPBUGS-58657](https://issues.redhat.com/browse/OCPBUGS-58657): Bump glog to v1.2.5 in release-4.14 (#1073) [#1073](https://github.com/openshift/assisted-installer-agent/pull/1073) * [OCPBUGS-53707](https://issues.redhat.com/browse/OCPBUGS-53707): Bump golang-jwt/jwt/v4 to 4.5.2 in release-4.14 (#973) [#973](https://github.com/openshift/assisted-installer-agent/pull/973) * [OCPBUGS-46955](https://issues.redhat.com/browse/OCPBUGS-46955): Bump golang.org/x/net to 0.33.0 (#885) [#885](https://github.com/openshift/assisted-installer-agent/pull/885) * [OCPBUGS-16483](https://issues.redhat.com/browse/OCPBUGS-16483): Update apimachinery dependency to remove goproxy dep (#709) [#709](https://github.com/openshift/assisted-installer-agent/pull/709) * [OCPBUGS-33404](https://issues.redhat.com/browse/OCPBUGS-33404): Make removable disks eligible (#725) [#725](https://github.com/openshift/assisted-installer-agent/pull/725) * [MGMT-17594](https://issues.redhat.com/browse/MGMT-17594): Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#705) [#705](https://github.com/openshift/assisted-installer-agent/pull/705) * [MGMT-17591](https://issues.redhat.com/browse/MGMT-17591): Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#703) [#703](https://github.com/openshift/assisted-installer-agent/pull/703) * [MGMT-17541](https://issues.redhat.com/browse/MGMT-17541): Replace broken golangci reference (#698) [#698](https://github.com/openshift/assisted-installer-agent/pull/698) * [Full changelog](https://github.com/openshift/assisted-installer-agent/compare/051696d004b70c305a2feb80fe6ea4f35f7a1b09...91a728121bc65eae12af93ae003695d879a8f019) ### [agent-installer-utils](https://github.com/openshift/agent-installer-utils/tree/b3fa10c2f6a890f982a983510e8315b084867782) * [OCPBUGS-25727](https://issues.redhat.com/browse/OCPBUGS-25727): Updating ose-agent-installer-utils-container image to be consistent with ART for 4.14 [#34](https://github.com/openshift/agent-installer-utils/pull/34) * [Full changelog](https://github.com/openshift/agent-installer-utils/compare/33b7d855fdebd24a972f32dafafd29e40b117e46...b3fa10c2f6a890f982a983510e8315b084867782) ### [alibaba-cloud-controller-manager](https://github.com/openshift/cloud-provider-alibaba-cloud/tree/8ba0b37a45510404a842d6dbd84d40a18008e81d) * [OCPBUGS-21255](https://issues.redhat.com/browse/OCPBUGS-21255): Bump golang.org/x/net to v0.18.0 [#38](https://github.com/openshift/cloud-provider-alibaba-cloud/pull/38) * [Full changelog](https://github.com/openshift/cloud-provider-alibaba-cloud/compare/abf4fa96550caf09e788b66fc06f1df802768397...8ba0b37a45510404a842d6dbd84d40a18008e81d) ### [alibaba-cloud-csi-driver](https://github.com/openshift/alibaba-cloud-csi-driver/tree/3dc363d364c43c1fb03e223147e25d9057273428) * [OCPBUGS-21350](https://issues.redhat.com/browse/OCPBUGS-21350): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#36](https://github.com/openshift/alibaba-cloud-csi-driver/pull/36) * [Full changelog](https://github.com/openshift/alibaba-cloud-csi-driver/compare/be4888d3dc176b9801364981fbb34d831f6d6ffe...3dc363d364c43c1fb03e223147e25d9057273428) ### [alibaba-disk-csi-driver-operator](https://github.com/openshift/alibaba-disk-csi-driver-operator/tree/8853e6ef4966018b96f9d8bfbf99df3a984bb454) * [OCPBUGS-25657](https://issues.redhat.com/browse/OCPBUGS-25657): Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler [#81](https://github.com/openshift/alibaba-disk-csi-driver-operator/pull/81) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#71](https://github.com/openshift/alibaba-disk-csi-driver-operator/pull/71) * [OCPBUGS-21443](https://issues.redhat.com/browse/OCPBUGS-21443): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#64](https://github.com/openshift/alibaba-disk-csi-driver-operator/pull/64) * [Full changelog](https://github.com/openshift/alibaba-disk-csi-driver-operator/compare/41b367ae3bb6de9292539c0ecd98c81c5edc8294...8853e6ef4966018b96f9d8bfbf99df3a984bb454) ### [apiserver-network-proxy](https://github.com/openshift/apiserver-network-proxy/tree/f56c606ae15041b0c981e654ab577d2b0a3a0a8f) * [OCPBUGS-38066](https://issues.redhat.com/browse/OCPBUGS-38066): Revert "Agent: Respect HTTPS_PROXY env vars for proxied connections" [#61](https://github.com/openshift/apiserver-network-proxy/pull/61) * [OCPBUGS-31984](https://issues.redhat.com/browse/OCPBUGS-31984): Bump golang.org/x/net to v0.23.0 [#52](https://github.com/openshift/apiserver-network-proxy/pull/52) * [HOSTEDCP-1323](https://issues.redhat.com/browse/HOSTEDCP-1323): Merge latest code into 4.14 branch [#45](https://github.com/openshift/apiserver-network-proxy/pull/45) * [Full changelog](https://github.com/openshift/apiserver-network-proxy/compare/adccbd5c16daecfe861fa530acdcbba5ec682a3a...f56c606ae15041b0c981e654ab577d2b0a3a0a8f) ### [aws-cloud-controller-manager](https://github.com/openshift/cloud-provider-aws/tree/9a7820e81baa6ba8885b47a71416026036d53d79) * [OCPBUGS-38786](https://issues.redhat.com/browse/OCPBUGS-38786): Ensure that addresses are added in network device index order [#93](https://github.com/openshift/cloud-provider-aws/pull/93) * [OCPBUGS-32066](https://issues.redhat.com/browse/OCPBUGS-32066): update for CVE-2023-45288 [release-4.14] [#83](https://github.com/openshift/cloud-provider-aws/pull/83) * [OCPBUGS-23826](https://issues.redhat.com/browse/OCPBUGS-23826): bump go.opentelemetry.io [#67](https://github.com/openshift/cloud-provider-aws/pull/67) * [OCPBUGS-27759](https://issues.redhat.com/browse/OCPBUGS-27759): Adds ecr-credential-plugin .spec [#71](https://github.com/openshift/cloud-provider-aws/pull/71) * [OCPBUGS-20755](https://issues.redhat.com/browse/OCPBUGS-20755): Upgrade x/net to v0.17.0 [#50](https://github.com/openshift/cloud-provider-aws/pull/50) * [Full changelog](https://github.com/openshift/cloud-provider-aws/compare/fd77d92ced47559dadf53fb8c97d1cbeb64dde8c...9a7820e81baa6ba8885b47a71416026036d53d79) ### [aws-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-aws/tree/dc084f242bc90912229a207b6d0d35ec1810cff0) * [OCPBUGS-58667](https://issues.redhat.com/browse/OCPBUGS-58667), [OCPBUGS-58672](https://issues.redhat.com/browse/OCPBUGS-58672): bump github.com/golang/glog to v1.2.5 [#563](https://github.com/openshift/cluster-api-provider-aws/pull/563) * [OCPBUGS-44295](https://issues.redhat.com/browse/OCPBUGS-44295): [release-4.14] OSD-25934: Only tag NetworkInterfaces in RunInstances if IAM Allows It [#533](https://github.com/openshift/cluster-api-provider-aws/pull/533) * [OCPBUGS-34856](https://issues.redhat.com/browse/OCPBUGS-34856): UPSTREAM: <carry>: Fix instance PrivateDNSName when domain-name is set in dhcpOpts [#516](https://github.com/openshift/cluster-api-provider-aws/pull/516) * [OCPBUGS-31332](https://issues.redhat.com/browse/OCPBUGS-31332): UPSTREAM: 4670:Update awsmachine providerID and instanceID immediately after ec2:RunInstances is called [#506](https://github.com/openshift/cluster-api-provider-aws/pull/506) * [OCPBUGS-31251](https://issues.redhat.com/browse/OCPBUGS-31251): fix e2e tests on release branches [#505](https://github.com/openshift/cluster-api-provider-aws/pull/505) * [OCPBUGS-20857](https://issues.redhat.com/browse/OCPBUGS-20857): bump golang.org/x/net to v0.17.0 [#481](https://github.com/openshift/cluster-api-provider-aws/pull/481) * [Full changelog](https://github.com/openshift/cluster-api-provider-aws/compare/6354e83ee6cff0351d079e93c790b62f8d72e96e...dc084f242bc90912229a207b6d0d35ec1810cff0) ### [aws-ebs-csi-driver](https://github.com/openshift/aws-ebs-csi-driver/tree/4622deecace538b375edc782a19cb5da977ae458) * [OCPBUGS-35123](https://issues.redhat.com/browse/OCPBUGS-35123): CVE-2023-48795: bump golang.org/x/crypto to v0.17.0 [#271](https://github.com/openshift/aws-ebs-csi-driver/pull/271) * [OCPBUGS-33078](https://issues.redhat.com/browse/OCPBUGS-33078): UPSTREAM: 1919: Add reserved-volume-attachments [#264](https://github.com/openshift/aws-ebs-csi-driver/pull/264) * [OCPBUGS-20957](https://issues.redhat.com/browse/OCPBUGS-20957): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#239](https://github.com/openshift/aws-ebs-csi-driver/pull/239) * [Full changelog](https://github.com/openshift/aws-ebs-csi-driver/compare/7043c1cca6e17dd3c90006140f6361cf0e776d69...4622deecace538b375edc782a19cb5da977ae458) ### [aws-ebs-csi-driver-operator](https://github.com/openshift/aws-ebs-csi-driver-operator/tree/609879c3f1b9a65936e385f798398a2d1673aacd) * [OCPBUGS-33078](https://issues.redhat.com/browse/OCPBUGS-33078): Explicitly reserve 1 attachment for the root disk [#306](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/306) * [OCPBUGS-25657](https://issues.redhat.com/browse/OCPBUGS-25657): Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler [#302](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/302) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#296](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/296) * [OCPBUGS-21057](https://issues.redhat.com/browse/OCPBUGS-21057): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#280](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/280) * [STOR-1432](https://issues.redhat.com/browse/STOR-1432): hypershift: deploy controller with control plane release images [#252](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/252) * [OCPBUGS-16783](https://issues.redhat.com/browse/OCPBUGS-16783): Chore: Update OWNERS [#251](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/251) * Bump k8s.io/apiextensions-apiserver from 0.27.1 to 0.27.4 [#250](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/250) * Bump k8s.io/component-base from 0.26.3 to 0.27.3 [#240](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/240) * [OCPBUGS-15823](https://issues.redhat.com/browse/OCPBUGS-15823): Change CSI RPC call timeouts [#248](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/248) * [STOR-1065](https://issues.redhat.com/browse/STOR-1065): Rework sidecar bindings to bind common ClusterRoles [#244](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/244) * [OCPBUGS-14824](https://issues.redhat.com/browse/OCPBUGS-14824): Bump efs-ebs-driver-operator library-go [#247](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/247) * [STOR-1168](https://issues.redhat.com/browse/STOR-1168): Bump common libraries [#222](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/222) * Bump Kubernetes libs to v0.27.1 [#243](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/243) * [STOR-1167](https://issues.redhat.com/browse/STOR-1167): Enable extra-create-metadata to tag snapshots [#223](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/223) * [STOR-1300](https://issues.redhat.com/browse/STOR-1300): Restart controller Pods if metrics-serving-cert changed [#216](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/216) * [OCPBUGS-11882](https://issues.redhat.com/browse/OCPBUGS-11882): Added safe-to-evict-local-volume annotation from bound-sa-token to ebs-controller [#232](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/232) * [OCPBUGS-11882](https://issues.redhat.com/browse/OCPBUGS-11882): Added safe-to-evict annotation to aws-ebs-csi-driver-controller pods [#231](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/231) * [OCPBUGS-13017](https://issues.redhat.com/browse/OCPBUGS-13017): assets/hypershift/controller_sa: Set controller ServiceAccount imagePullSecrets [#219](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/219) * Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART [#217](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/217) * Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART [#215](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/215) * Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART [#214](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/214) * Bump github.com/spf13/cobra from 1.6.1 to 1.7.0 [#207](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/207) * [OCPBUGS-8691](https://issues.redhat.com/browse/OCPBUGS-8691): Hypershift: set control plane operand properties [#205](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/205) * Bump k8s.io/apiextensions-apiserver from 0.26.2 to 0.26.3 [#203](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/203) * [OCPBUGS-8752](https://issues.redhat.com/browse/OCPBUGS-8752): fix: typo [#198](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/198) * [OCPBUGS-8752](https://issues.redhat.com/browse/OCPBUGS-8752): feat: add workload annotation to deployment and daemonset [#194](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/194) * Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART [#195](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/195) * Bump k8s.io/apiextensions-apiserver from 0.26.1 to 0.26.2 [#189](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/189) * Bump k8s.io/klog/v2 from 2.90.0 to 2.90.1 [#190](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/190) * [STOR-875](https://issues.redhat.com/browse/STOR-875): Implement custom keys in AWS EBS CSI driver operator [#185](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/185) * [OCPBUGS-7837](https://issues.redhat.com/browse/OCPBUGS-7837): do not inject-proxy when deploying in hypershift control plane [#186](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/186) * Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 [#182](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/182) * Add ok-to-test label to dependabot PRs [#184](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/184) * Bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 [#183](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/183) * add dependabot config for gomod updates [#181](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/181) * [STOR-1019](https://issues.redhat.com/browse/STOR-1019): Bump to k8s 1.26 libs for OCP 4.13 [#179](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/179) * [STOR-947](https://issues.redhat.com/browse/STOR-947): support disabling default StorageClass via ClusterCSIDriver [#173](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/173) * [#177] fix 404 in readme [#178](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/178) * [Bug 2106736](https://bugzilla.redhat.com/show_bug.cgi?id=2106736): Add multiplePVsSameID capability [#175](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/175) * [STOR-1078](https://issues.redhat.com/browse/STOR-1078): Add hostPaths necessary for SELinux mounts [#174](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/174) * Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART [#172](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/172) * [OCPBUGS-4491](https://issues.redhat.com/browse/OCPBUGS-4491): hypershift: use correct kubeconfig secret [#169](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/169) * [OCPBUGS-4347](https://issues.redhat.com/browse/OCPBUGS-4347): set TLS cipher suites in Kube RBAC sidecars [#168](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/168) * [OCPBUGS-3990](https://issues.redhat.com/browse/OCPBUGS-3990): Add HyperShift specific priorityClass [#167](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/167) * [OCPBUGS-3978](https://issues.redhat.com/browse/OCPBUGS-3978): Don't deploy VolumeSnapshotClass in static controller [#165](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/165) * [STOR-1040](https://issues.redhat.com/browse/STOR-1040): port to hypershift [#159](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/159) * [OCPBUGS-1904](https://issues.redhat.com/browse/OCPBUGS-1904): Only deploy VolumeSnapshotClass when CRD exists [#164](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/164) * Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART [#162](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/162) * Reformat for go 1.19 [#163](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/163) * [STOR-858](https://issues.redhat.com/browse/STOR-858): Bump github.com/openshift/* and k8s.io/* [#161](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/161) * [STOR-764](https://issues.redhat.com/browse/STOR-764): Change the default StorageClass to the CSI one (AWS) [#160](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/160) * Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART [#158](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/158) * [Bug 2089973](https://bugzilla.redhat.com/show_bug.cgi?id=2089973): bump libs to k8s 1.24 for OCP 4.11 [#156](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/156) * Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART [#157](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/157) * [Bug 2074706](https://bugzilla.redhat.com/show_bug.cgi?id=2074706): Set custom endpoint environment variable if available [#153](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/153) * [Bug 2049671](https://bugzilla.redhat.com/show_bug.cgi?id=2049671): avoid excessive GET and DELETE in ResourcesSync controller [#151](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/151) * Set CSIDriver fsGroupPolicy [#150](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/150) * Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART [#148](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/148) * [Bug 2043130](https://bugzilla.redhat.com/show_bug.cgi?id=2043130): aws-ebs: Add external-snapshotter permissions to patch snapshots [#147](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/147) * [Bug 2038934](https://bugzilla.redhat.com/show_bug.cgi?id=2038934): Add custom CA bundle support [#146](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/146) * [Bug 2028484](https://bugzilla.redhat.com/show_bug.cgi?id=2028484): AWS EBS CSI driver's livenessprobe does not respect operator's loglevel [#144](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/144) * Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART [#143](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/143) * Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART [#141](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/141) * Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART [#139](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/139) * [Bug 1998174](https://bugzilla.redhat.com/show_bug.cgi?id=1998174): Add StorageClass for gp3 [#140](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/140) * [Bug 1993931](https://bugzilla.redhat.com/show_bug.cgi?id=1993931): Storage operators use older kubernetes client [#138](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/138) * [Bug 1990146](https://bugzilla.redhat.com/show_bug.cgi?id=1990146): some controllers missing livenessProbe [#134](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/134) * Use generic deployment controller with additional manifest hooks [#128](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/128) * Start using "embed" module for static assets [#131](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/131) * Updating ose-aws-ebs-csi-driver-operator images to be consistent with ART [#132](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/132) * Updating .ci-operator.yaml `build_root_image` from openshift/release [#130](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/130) * [Bug 1969538](https://bugzilla.redhat.com/show_bug.cgi?id=1969538): Include default VolumeSnapshotClass [#129](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/129) * [Bug 1960732](https://bugzilla.redhat.com/show_bug.cgi?id=1960732): update manifest and readme [#127](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/127) * [Bug 1947402](https://bugzilla.redhat.com/show_bug.cgi?id=1947402): Deploy multiple replicas of CSI Controller Service [#122](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/122) * [Bug 1948311](https://bugzilla.redhat.com/show_bug.cgi?id=1948311): DelegatingAuthenticationOptions TokenReview request timeout [#126](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/126) * [Bug 1951952](https://bugzilla.redhat.com/show_bug.cgi?id=1951952): Metrics for cloudprovider error requests are lost [#125](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/125) * [Bug 1956411](https://bugzilla.redhat.com/show_bug.cgi?id=1956411): Add custom tags from Infrastructure [#116](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/116) * [Bug 1947774](https://bugzilla.redhat.com/show_bug.cgi?id=1947774): fix imagePullPolicy to ifNotPresent [#120](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/120) * [Bug 1948311](https://bugzilla.redhat.com/show_bug.cgi?id=1948311): DelegatingAuthenticationOptions TokenReview request timeout [#121](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/121) * [Bug 1924470](https://bugzilla.redhat.com/show_bug.cgi?id=1924470): Bump Kubernetes to 1.21 [#119](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/119) * Fix kube-rbac-proxy image reference [#118](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/118) * Add metrics scraping [#117](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/117) * Updating ose-aws-ebs-csi-driver-operator builder & base images to be consistent with ART [#115](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/115) * [Bug 1933184](https://bugzilla.redhat.com/show_bug.cgi?id=1933184): Add maxUnavailable to DaemonSets [#114](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/114) * Updating ose-aws-ebs-csi-driver-operator builder & base images to be consistent with ART [#112](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/112) * Cleanup: Remove serviceName from controller manifest [#113](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/113) * [Bug 1905119](https://bugzilla.redhat.com/show_bug.cgi?id=1905119): dynamically update controller asset for custom CA bundle [#111](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/111) * Updating ose-aws-ebs-csi-driver-operator builder & base images to be consistent with ART [#109](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/109) * [Bug 1912945](https://bugzilla.redhat.com/show_bug.cgi?id=1912945): Set proxy config in Deployment containers [#106](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/106) * [Bug 1898045](https://bugzilla.redhat.com/show_bug.cgi?id=1898045): redeploy CSI Controller Deployment when secret changes [#107](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/107) * [Bug 1898045](https://bugzilla.redhat.com/show_bug.cgi?id=1898045): redeploy CSI Controller Deployment when secret changes [#104](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/104) * support custom CA bundle for AWS API [#102](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/102) * assets/controller.yaml: support using aws config for credentials [#99](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/99) * [Bug 1898851](https://bugzilla.redhat.com/show_bug.cgi?id=1898851): Add multipods tests [#100](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/100) * [Bug 1898851](https://bugzilla.redhat.com/show_bug.cgi?id=1898851): Enable topology tests for the driver [#98](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/98) * Updating ose-aws-ebs-csi-driver-operator builder & base images to be consistent with ART [#96](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/96) * [Bug 1840759](https://bugzilla.redhat.com/show_bug.cgi?id=1840759): Pass cluster ID to CSI driver [#83](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/83) * [Bug 1879475](https://bugzilla.redhat.com/show_bug.cgi?id=1879475): Update library-go to include explicit reasons [#95](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/95) * [Bug 1879406](https://bugzilla.redhat.com/show_bug.cgi?id=1879406): Use port 10300-10301 for liveness probes [#94](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/94) * [Bug 1881298](https://bugzilla.redhat.com/show_bug.cgi?id=1881298): Run the node DaemonSet only on Linux nodes [#93](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/93) * [Bug 1878163](https://bugzilla.redhat.com/show_bug.cgi?id=1878163): Updating Dockerfile.rhel7 baseimages to mach ocp-build-data config [#92](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/92) * [Bug 1866791](https://bugzilla.redhat.com/show_bug.cgi?id=1866791): Bump library-go to get better operatorLogLevel validation [#90](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/90) * [Bug 1876791](https://bugzilla.redhat.com/show_bug.cgi?id=1876791): Add default fsType to provisioned PVs [#89](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/89) * [Bug 1876791](https://bugzilla.redhat.com/show_bug.cgi?id=1876791): Update provisioner container to v2.0.0 [#87](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/87) * [Bug 1877084](https://bugzilla.redhat.com/show_bug.cgi?id=1877084): Increase resizer timeout to 300s [#88](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/88) * [Bug 1868339](https://bugzilla.redhat.com/show_bug.cgi?id=1868339): Don't create CredentialsRequest in aws-ebs-csi-driver-operator [#86](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/86) * [Bug 1873168](https://bugzilla.redhat.com/show_bug.cgi?id=1873168): set resizer context timeout to 120s [#84](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/84) * [Bug 1871998](https://bugzilla.redhat.com/show_bug.cgi?id=1871998): Schedule CSI Controller on master nodes [#82](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/82) * [Bug 1872080](https://bugzilla.redhat.com/show_bug.cgi?id=1872080): Updating Dockerfile.rhel7 baseimages to mach ocp-build-data config [#80](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/80) * [Bug 1872500](https://bugzilla.redhat.com/show_bug.cgi?id=1872500): csiTimeout has been removed in favour of timeout parameter [#81](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/81) * [Bug 1871051](https://bugzilla.redhat.com/show_bug.cgi?id=1871051): Add external-attacher permissions to patch status [#79](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/79) * Use installed StorageClass for tests [#78](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/78) * Add pod-listing permissions [#77](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/77) * Newer resizer needs ability to list/watch all pods [#73](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/73) * [Bug 1863055](https://bugzilla.redhat.com/show_bug.cgi?id=1863055): CSI drivers should tolerate any taints [#71](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/71) * Update to new version of library-go [#76](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/76) * [Bug 1866339](https://bugzilla.redhat.com/show_bug.cgi?id=1866339): Update to go 1.14 and OCP 4.6 [#67](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/67) * Change order in which rbacs is applied [#74](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/74) * Don't use Always pull policy [#69](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/69) * Increase CSI resizer context timeout [#72](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/72) * Use the driver provided by installer for e2e tests [#70](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/70) * Fix the operator images and assets [#68](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/68) * Migrate to CSI operator library from library-go [#65](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/65) * [Bug 1843579](https://bugzilla.redhat.com/show_bug.cgi?id=1843579): Set progressing condition when removing operand [#63](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/63) * [Bug 1842402](https://bugzilla.redhat.com/show_bug.cgi?id=1842402): Add word "Driver" to displayName [#61](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/61) * [Bug 1834662](https://bugzilla.redhat.com/show_bug.cgi?id=1834662): Set proper conditions when running in wrong platform [#59](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/59) * [Bug 1839720](https://bugzilla.redhat.com/show_bug.cgi?id=1839720): Revert "Add defaulting to driver.Spec fields" [#60](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/60) * [Bug 1835726](https://bugzilla.redhat.com/show_bug.cgi?id=1835726): Actually use error message from the credentials operator [#58](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/58) * [Bug 1835778](https://bugzilla.redhat.com/show_bug.cgi?id=1835778): Detect CSI driver installed by cluster admin [#56](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/56) * [Bug 1836834](https://bugzilla.redhat.com/show_bug.cgi?id=1836834): Rename env. variables [#57](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/57) * [Bug 1835726](https://bugzilla.redhat.com/show_bug.cgi?id=1835726): Report error conditions on CredentialsRequest on the driver CR [#54](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/54) * [Bug 1836834](https://bugzilla.redhat.com/show_bug.cgi?id=1836834): Remove VERSION env. variables [#55](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/55) * [Bug 1835716](https://bugzilla.redhat.com/show_bug.cgi?id=1835716): Allow the operator to be installed only once [#53](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/53) * [Bug 1835604](https://bugzilla.redhat.com/show_bug.cgi?id=1835604): Add defaulting to driver.Spec fields [#52](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/52) * [Bug 1828963](https://bugzilla.redhat.com/show_bug.cgi?id=1828963): Fix the operator CSV and CRD [#51](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/51) * [Bug 1827130](https://bugzilla.redhat.com/show_bug.cgi?id=1827130): Rebase to new library-go [#49](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/49) * [Bug 1827638](https://bugzilla.redhat.com/show_bug.cgi?id=1827638): Rename CRD to AWSEBSDriver [#50](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/50) * [Bug 1827099](https://bugzilla.redhat.com/show_bug.cgi?id=1827099): Add suggested namespace for driver install [#46](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/46) * [Bug 1826285](https://bugzilla.redhat.com/show_bug.cgi?id=1826285): Don't delete driver if CR doesn't exist [#43](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/43) * Document how to install OPM tool [#40](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/40) * Update the operand when image changes [#32](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/32) * Fix Dockerfile typo [#39](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/39) * Use quay.io for the operator and driver images [#38](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/38) * Add index image [#35](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/35) * Wait for pods before starting e2e tests [#34](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/34) * Remove hostmount-anyuid SCC from the operator [#33](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/33) * Add BZ component to OWNERS [#31](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/31) * Make credentials secret required [#25](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/25) * Finish e2e test preparation [#30](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/30) * Validate CR name [#29](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/29) * Parse CSV to install the operator for e2e tests [#28](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/28) * Add CSV for OLM [#13](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/13) * Add image with e2e test scripts & manifests [#27](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/27) * Update group of CRD [#17](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/17) * Add CredentialsRequest creation [#19](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/19) * Use /bin/oc when available in e2e tests [#24](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/24) * TODO list has been migrated to GH issues [#23](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/23) * Bump openshift/library-go [#14](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/14) * Rework e2e tests from Makefile to a script [#16](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/16) * Add test-e2e Makefile target [#15](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/15) * Prepare for e2e test [#9](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/9) * Fix log level [#10](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/10) * Bump OCP version in image name [#8](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/8) * Add missing deps [#6](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/6) * Fix unit tests after API bump [#5](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/5) * Bump openshift/library-go [#4](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/4) * Use better resource names and defaults [#3](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/3) * Add OWNERS [#2](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/2) * Import code [#1](https://github.com/openshift/aws-ebs-csi-driver-operator/pull/1) * And 1 elided commits (e.g. from squash or rebase merges) * [Full changelog](https://github.com/openshift/aws-ebs-csi-driver-operator/compare/2a2b9dd109ba9d4abce11411c96787b21887f929...609879c3f1b9a65936e385f798398a2d1673aacd) ### [aws-machine-controllers](https://github.com/openshift/machine-api-provider-aws/tree/e292817c27d83d6cba27def4461a9795bd3a68a7) * [OCPBUGS-17298](https://issues.redhat.com/browse/OCPBUGS-17298), [OCPBUGS-21571](https://issues.redhat.com/browse/OCPBUGS-21571): Update golang.org/x/net to v0.17.0 [#88](https://github.com/openshift/machine-api-provider-aws/pull/88) * [Full changelog](https://github.com/openshift/machine-api-provider-aws/compare/2a29507984be7dc56553fdcb7cbd80d3f102117e...e292817c27d83d6cba27def4461a9795bd3a68a7) ### [aws-pod-identity-webhook](https://github.com/openshift/aws-pod-identity-webhook/tree/2c864ca0f09e038c4b0c82215ef1a6f60fb54e63) * [OCPBUGS-32884](https://issues.redhat.com/browse/OCPBUGS-32884): Upgrade go-jose module to 2.6.3 [#189](https://github.com/openshift/aws-pod-identity-webhook/pull/189) * [OCPBUGS-21761](https://issues.redhat.com/browse/OCPBUGS-21761): Backport the recent rebase to 4.14 [#168](https://github.com/openshift/aws-pod-identity-webhook/pull/168) * NO-ISSUE: Sync OWNERS with team members [#176](https://github.com/openshift/aws-pod-identity-webhook/pull/176) * snyk: exclude vendor/ [#171](https://github.com/openshift/aws-pod-identity-webhook/pull/171) * [Full changelog](https://github.com/openshift/aws-pod-identity-webhook/compare/13385034ec9a843a6b40f8b3aec9966ada785115...2c864ca0f09e038c4b0c82215ef1a6f60fb54e63) ### [azure-cloud-controller-manager, azure-cloud-node-manager](https://github.com/openshift/cloud-provider-azure/tree/9ee3b74412f076928e05388af38b0372f484f3a9) * [OCPBUGS-57111](https://issues.redhat.com/browse/OCPBUGS-57111): Adds acr-credential-provider spec file and build script [#144](https://github.com/openshift/cloud-provider-azure/pull/144) * [OCPBUGS-23829](https://issues.redhat.com/browse/OCPBUGS-23829): Bump otelgrpc to v0.49.0 [#124](https://github.com/openshift/cloud-provider-azure/pull/124) * [OCPBUGS-21439](https://issues.redhat.com/browse/OCPBUGS-21439): Bump golang.org/x/net to v0.18.0 [#93](https://github.com/openshift/cloud-provider-azure/pull/93) * [Full changelog](https://github.com/openshift/cloud-provider-azure/compare/0d799a261f70bbdf546d911f5f8b59e2c324bd16...9ee3b74412f076928e05388af38b0372f484f3a9) ### [azure-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-azure/tree/8c2203f9d13e91a3a7e4825067b01a9f7fe0fd4f) * [OCPBUGS-36023](https://issues.redhat.com/browse/OCPBUGS-36023): Update go-retryablehttp to v0.7.7 [#313](https://github.com/openshift/cluster-api-provider-azure/pull/313) * [OCPBUGS-35125](https://issues.redhat.com/browse/OCPBUGS-35125): Bump x/crypto to v0.24.0 [#307](https://github.com/openshift/cluster-api-provider-azure/pull/307) * [OCPBUGS-17283](https://issues.redhat.com/browse/OCPBUGS-17283), [OCPBUGS-21516](https://issues.redhat.com/browse/OCPBUGS-21516): [release-4.14] Bump golang.org/x/net to v0.17.0 [#286](https://github.com/openshift/cluster-api-provider-azure/pull/286) * [Full changelog](https://github.com/openshift/cluster-api-provider-azure/compare/44832d2da09778d7ff4d2413c9e10852f330a55d...8c2203f9d13e91a3a7e4825067b01a9f7fe0fd4f) ### [azure-disk-csi-driver](https://github.com/openshift/azure-disk-csi-driver/tree/6d3558a3b5ae9d383988495cc64dc05b4bba0382) * [OCPBUGS-35126](https://issues.redhat.com/browse/OCPBUGS-35126): CVE-2023-48795: bump golang.org/x/crypto to v0.17.0 [#82](https://github.com/openshift/azure-disk-csi-driver/pull/82) * [OCPBUGS-20701](https://issues.redhat.com/browse/OCPBUGS-20701): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#54](https://github.com/openshift/azure-disk-csi-driver/pull/54) * [Full changelog](https://github.com/openshift/azure-disk-csi-driver/compare/dcb7e1c7d239ab5a26d70d7abcff1eb97b634b8d...6d3558a3b5ae9d383988495cc64dc05b4bba0382) ### [azure-disk-csi-driver-operator](https://github.com/openshift/azure-disk-csi-driver-operator/tree/918935767350f9f330b9d6a9c3ee03e9869e7828) * [OCPBUGS-25657](https://issues.redhat.com/browse/OCPBUGS-25657): Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler [#120](https://github.com/openshift/azure-disk-csi-driver-operator/pull/120) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#109](https://github.com/openshift/azure-disk-csi-driver-operator/pull/109) * [OCPBUGS-20784](https://issues.redhat.com/browse/OCPBUGS-20784): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#101](https://github.com/openshift/azure-disk-csi-driver-operator/pull/101) * [Full changelog](https://github.com/openshift/azure-disk-csi-driver-operator/compare/160cf624a88f500de7a1f79e6dd9384bb7d17842...918935767350f9f330b9d6a9c3ee03e9869e7828) ### [azure-file-csi-driver](https://github.com/openshift/azure-file-csi-driver/tree/71fa09b11075da73a8934127a181ee03abd738f8) * [ART-13080](https://issues.redhat.com/browse/ART-13080): Regenerate go.mod to fix build failures [#95](https://github.com/openshift/azure-file-csi-driver/pull/95) * [OCPBUGS-41164](https://issues.redhat.com/browse/OCPBUGS-41164): bump mount-utils to treat ENODEV error as corrupted mount [#79](https://github.com/openshift/azure-file-csi-driver/pull/79) * [OCPBUGS-33039](https://issues.redhat.com/browse/OCPBUGS-33039): Rebase v1.29.5 for OCP 4.14 [#66](https://github.com/openshift/azure-file-csi-driver/pull/66) * [OCPBUGS-20884](https://issues.redhat.com/browse/OCPBUGS-20884): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#37](https://github.com/openshift/azure-file-csi-driver/pull/37) * [Full changelog](https://github.com/openshift/azure-file-csi-driver/compare/491c4df6880bf450a854b8e003e10d880d7e8550...71fa09b11075da73a8934127a181ee03abd738f8) ### [azure-file-csi-driver-operator](https://github.com/openshift/azure-file-csi-driver-operator/tree/4469d80589595dd5d05f0f0f296505800e3ad527) * [OCPBUGS-33039](https://issues.redhat.com/browse/OCPBUGS-33039): add token audience for Azure File [#104](https://github.com/openshift/azure-file-csi-driver-operator/pull/104) * [OCPBUGS-25657](https://issues.redhat.com/browse/OCPBUGS-25657): Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler [#94](https://github.com/openshift/azure-file-csi-driver-operator/pull/94) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#83](https://github.com/openshift/azure-file-csi-driver-operator/pull/83) * [OCPBUGS-20983](https://issues.redhat.com/browse/OCPBUGS-20983): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#76](https://github.com/openshift/azure-file-csi-driver-operator/pull/76) * [Full changelog](https://github.com/openshift/azure-file-csi-driver-operator/compare/e1a7a2ed694937574cd72a4786ae62cb255aa8ad...4469d80589595dd5d05f0f0f296505800e3ad527) ### [azure-machine-controllers](https://github.com/openshift/machine-api-provider-azure/tree/d526284e26f37f36f9d5297faa801ea117d81f48) * [CFE-1050](https://issues.redhat.com/browse/CFE-1050): Added support of capacity reservation group [#109](https://github.com/openshift/machine-api-provider-azure/pull/109) * [OCPBUGS-35133](https://issues.redhat.com/browse/OCPBUGS-35133): Bump x/crypto to v0.24.0 [#112](https://github.com/openshift/machine-api-provider-azure/pull/112) * [OCPBUGS-30898](https://issues.redhat.com/browse/OCPBUGS-30898): Remove startupScript vmextension lookup [#106](https://github.com/openshift/machine-api-provider-azure/pull/106) * [OCPBUGS-29152](https://issues.redhat.com/browse/OCPBUGS-29152): Don't create availability set when using spot instances [#98](https://github.com/openshift/machine-api-provider-azure/pull/98) * [OCPBUGS-28745](https://issues.redhat.com/browse/OCPBUGS-28745): Improving performance of VMs created in Azure [#96](https://github.com/openshift/machine-api-provider-azure/pull/96) * [OCPBUGS-17299](https://issues.redhat.com/browse/OCPBUGS-17299), [OCPBUGS-20773](https://issues.redhat.com/browse/OCPBUGS-20773): Bump x/net package to v0.17.0 [#80](https://github.com/openshift/machine-api-provider-azure/pull/80) * [Full changelog](https://github.com/openshift/machine-api-provider-azure/compare/9f1015edb8cb141cd6aaff2de7894f32336719c8...d526284e26f37f36f9d5297faa801ea117d81f48) ### [azure-workload-identity-webhook](https://github.com/openshift/azure-workload-identity/tree/2cb82019194364a2f7ba1a9aa318fa6e5b4a7346) * [OCPBUGS-53795](https://issues.redhat.com/browse/OCPBUGS-53795): github.com/golang-jwt/jwt/v4 v4.5.2 [#35](https://github.com/openshift/azure-workload-identity/pull/35) * [OCPBUGS-32894](https://issues.redhat.com/browse/OCPBUGS-32894): Upgrade go-jose module to 2.6.3 [#19](https://github.com/openshift/azure-workload-identity/pull/19) * [OCPBUGS-21093](https://issues.redhat.com/browse/OCPBUGS-21093): Upgrade golang/x/net for CVE-2023-39325 (4.14) [#14](https://github.com/openshift/azure-workload-identity/pull/14) * [Full changelog](https://github.com/openshift/azure-workload-identity/compare/5db478a9876556666b10f135487a2fd9f82e8653...2cb82019194364a2f7ba1a9aa318fa6e5b4a7346) ### [baremetal-installer, installer, installer-artifacts](https://github.com/openshift/installer/tree/d92ca632cbabf87b2439c9b19cacb089d193e697) * [OCPBUGS-55193](https://issues.redhat.com/browse/OCPBUGS-55193): data/manifests/bootkube/cvo-overrides: Default to eus-4.14 [#9643](https://github.com/openshift/installer/pull/9643) * [OCPBUGS-54323](https://issues.redhat.com/browse/OCPBUGS-54323): Update upi references to api-internal [#9609](https://github.com/openshift/installer/pull/9609) * [OCPBUGS-54264](https://issues.redhat.com/browse/OCPBUGS-54264): IBMCloud: Move to IBM TF openshift fork [#9605](https://github.com/openshift/installer/pull/9605) * [OCPBUGS-54260](https://issues.redhat.com/browse/OCPBUGS-54260): vsphere-fix convert if only provided name [#9602](https://github.com/openshift/installer/pull/9602) * [OCPBUGS-52996](https://issues.redhat.com/browse/OCPBUGS-52996): Bump terraform-provider-google version to v5.37.0 to fix consistent issues during cluster creation [#9587](https://github.com/openshift/installer/pull/9587) * [OCPBUGS-53210](https://issues.redhat.com/browse/OCPBUGS-53210): PowerVS: remove system pools [#9572](https://github.com/openshift/installer/pull/9572) * [OCPBUGS-46606](https://issues.redhat.com/browse/OCPBUGS-46606): Power VS: Create region-zone-sysType hierarchy [#9331](https://github.com/openshift/installer/pull/9331) * [OCPBUGS-48196](https://issues.redhat.com/browse/OCPBUGS-48196): IBMCloud: Ignore failed VPC regions [#9350](https://github.com/openshift/installer/pull/9350) * [OCPBUGS-45464](https://issues.redhat.com/browse/OCPBUGS-45464): add chrony.conf file when additional NTP sources are configured [#9269](https://github.com/openshift/installer/pull/9269) * [OCPBUGS-43505](https://issues.redhat.com/browse/OCPBUGS-43505): Stop rendering networks.config CRD [#9105](https://github.com/openshift/installer/pull/9105) * [OCPBUGS-42285](https://issues.redhat.com/browse/OCPBUGS-42285): Add AWS r8g to arm tested instance types [#9050](https://github.com/openshift/installer/pull/9050) * [OCPBUGS-42848](https://issues.redhat.com/browse/OCPBUGS-42848): add tested instance type for IBMCloud [#9082](https://github.com/openshift/installer/pull/9082) * [OCPBUGS-25508](https://issues.redhat.com/browse/OCPBUGS-25508): Update Golang SSH package version update to 0.17.0 [#8992](https://github.com/openshift/installer/pull/8992) * [OCPBUGS-39411](https://issues.redhat.com/browse/OCPBUGS-39411): Added yq to ci image [#8943](https://github.com/openshift/installer/pull/8943) * [OCPBUGS-36180](https://issues.redhat.com/browse/OCPBUGS-36180): baremetal IPI without provisioning network failing on provisioning-interface.service [#8712](https://github.com/openshift/installer/pull/8712) * [OCPBUGS-36089](https://issues.redhat.com/browse/OCPBUGS-36089): [release-4.14] bump go-retryablehttp for CVE fix [#8658](https://github.com/openshift/installer/pull/8658) * [OCPBUGS-37183](https://issues.redhat.com/browse/OCPBUGS-37183): ic: fix typo in warning message [#8771](https://github.com/openshift/installer/pull/8771) * [OCPBUGS-37068](https://issues.redhat.com/browse/OCPBUGS-37068): update RHCOS 4.14 bootimage metadata to 414.92.202407091253-0 [#8748](https://github.com/openshift/installer/pull/8748) * [OCPBUGS-36748](https://issues.redhat.com/browse/OCPBUGS-36748): Add yq-v4 to the upi-installer image for CI [#8684](https://github.com/openshift/installer/pull/8684) * [OCPBUGS-35827](https://issues.redhat.com/browse/OCPBUGS-35827): If host is offline or disconnected don't check ver [#8634](https://github.com/openshift/installer/pull/8634) * [OCPBUGS-35826](https://issues.redhat.com/browse/OCPBUGS-35826): [release-4.14] bump github.com/containers/image for CVE fix [#8633](https://github.com/openshift/installer/pull/8633) * [OCPBUGS-35485](https://issues.redhat.com/browse/OCPBUGS-35485): [release-4.14] aws: terraform: add spot instance support for masters [#8605](https://github.com/openshift/installer/pull/8605) * [OCPBUGS-34024](https://issues.redhat.com/browse/OCPBUGS-34024): go.mod: bump aws-sdk-go for ca-west-1 support [#8440](https://github.com/openshift/installer/pull/8440) * [OCPBUGS-33401](https://issues.redhat.com/browse/OCPBUGS-33401): PowerVS: Add composite_instance to listServiceInstances [#8479](https://github.com/openshift/installer/pull/8479) * [CORS-2951](https://issues.redhat.com/browse/CORS-2951): Add deprecation notice for OpenShiftSDN for 4.14 users [#8518](https://github.com/openshift/installer/pull/8518) * [OCPBUGS-28611](https://issues.redhat.com/browse/OCPBUGS-28611): remove retired serial NCv2 from azure tested instance type list on x86 [#7960](https://github.com/openshift/installer/pull/7960) * [OCPBUGS-27394](https://issues.redhat.com/browse/OCPBUGS-27394): preserve category name when trying to find tag category [#7926](https://github.com/openshift/installer/pull/7926) * [OCPBUGS-33010](https://issues.redhat.com/browse/OCPBUGS-33010): escape '%' in proxy settings [#8318](https://github.com/openshift/installer/pull/8318) * [OCPBUGS-31756](https://issues.redhat.com/browse/OCPBUGS-31756): openstack: Honour worker server group policy [#8231](https://github.com/openshift/installer/pull/8231) * NO-ISSUE: test fix to support slightly different nmstate error messages [#8286](https://github.com/openshift/installer/pull/8286) * [OCPBUGS-32358](https://issues.redhat.com/browse/OCPBUGS-32358): Updated libvirt installer to include multi-arch yq and symlink for backwards compatibility [#8281](https://github.com/openshift/installer/pull/8281) * [OCPBUGS-31885](https://issues.redhat.com/browse/OCPBUGS-31885): Validate control plane replicas [#8241](https://github.com/openshift/installer/pull/8241) * [OCPBUGS-31677](https://issues.redhat.com/browse/OCPBUGS-31677): coreos-installer iso kargs show broken on Agent ISO [#8228](https://github.com/openshift/installer/pull/8228) * [OCPBUGS-31338](https://issues.redhat.com/browse/OCPBUGS-31338): upi: aws: fix typo in worker templates [#8203](https://github.com/openshift/installer/pull/8203) * Bug OCPBUGS-30187: OpenStack: fix controlPlanePort validation [#8095](https://github.com/openshift/installer/pull/8095) * [OCPBUGS-30027](https://issues.redhat.com/browse/OCPBUGS-30027): gcp: better error msg when service accnt missing [#8078](https://github.com/openshift/installer/pull/8078) * [OCPBUGS-30259](https://issues.redhat.com/browse/OCPBUGS-30259): PowerVS remove ibm cloud/bluemix go 4.14 [#8103](https://github.com/openshift/installer/pull/8103) * [OCPBUGS-29123](https://issues.redhat.com/browse/OCPBUGS-29123): IBMCloud: Handle disk delete errors [#7988](https://github.com/openshift/installer/pull/7988) * [OCPBUGS-29626](https://issues.redhat.com/browse/OCPBUGS-29626): update RHCOS 4.14 bootimage metadata to 414.92.202402130420-0 [#8037](https://github.com/openshift/installer/pull/8037) * [OCPBUGS-28929](https://issues.redhat.com/browse/OCPBUGS-28929): [release-4.14] Bump containerd for vulnerability fix [#7981](https://github.com/openshift/installer/pull/7981) * [OCPBUGS-27419](https://issues.redhat.com/browse/OCPBUGS-27419): Fix depreciated typo [#7929](https://github.com/openshift/installer/pull/7929) * [OCPBUGS-24521](https://issues.redhat.com/browse/OCPBUGS-24521): set vmType in azure cloud config [release-4.14] [#7804](https://github.com/openshift/installer/pull/7804) * [OCPBUGS-23738](https://issues.redhat.com/browse/OCPBUGS-23738): vSphere - when using RP network path is incorrect [#7759](https://github.com/openshift/installer/pull/7759) * [OCPBUGS-27241](https://issues.redhat.com/browse/OCPBUGS-27241): baremetal: correct external_http_url for v6-only BMCs [#7914](https://github.com/openshift/installer/pull/7914) * [OCPBUGS-22315](https://issues.redhat.com/browse/OCPBUGS-22315): bootstrap: Enable gatewayd units only on RHCOS [#7628](https://github.com/openshift/installer/pull/7628) * [OCPBUGS-23498](https://issues.redhat.com/browse/OCPBUGS-23498): update RHCOS 4.14 bootimage metadata to 414.92.202401110948-0 [#7919](https://github.com/openshift/installer/pull/7919) * [OCPBUGS-20860](https://issues.redhat.com/browse/OCPBUGS-20860): Bump versions for golang modules to accommodate fixes for CVE-2023-39325 & CVE-2023-44487 [#7887](https://github.com/openshift/installer/pull/7887) * [OCPBUGS-22895](https://issues.redhat.com/browse/OCPBUGS-22895): Do not generate azure-cloud-provider in manual mode for aro builds [#7670](https://github.com/openshift/installer/pull/7670) * [OCPBUGS-22771](https://issues.redhat.com/browse/OCPBUGS-22771): aws: use security groups from defaultMachinePlatform [#7658](https://github.com/openshift/installer/pull/7658) * [OCPBUGS-24489](https://issues.redhat.com/browse/OCPBUGS-24489): baremetal: populate customDeploy in advance [#7802](https://github.com/openshift/installer/pull/7802) * [OCPBUGS-22770](https://issues.redhat.com/browse/OCPBUGS-22770): destroy: gcp: fix destroying regional disks [#7657](https://github.com/openshift/installer/pull/7657) * Bug OCPBUGS-22776: OpenStack: Fix IPv6 address configuration for bootstrap [#7660](https://github.com/openshift/installer/pull/7660) * [OCPBUGS-22978](https://issues.redhat.com/browse/OCPBUGS-22978): IBMCloud: Add eu-es region [#7684](https://github.com/openshift/installer/pull/7684) * [OCPBUGS-23399](https://issues.redhat.com/browse/OCPBUGS-23399): Check if PER is enabled in the target PowerVS workspace [#7736](https://github.com/openshift/installer/pull/7736) * [OCPBUGS-22688](https://issues.redhat.com/browse/OCPBUGS-22688): Bump Fedora CoreOS to latest stable [#7647](https://github.com/openshift/installer/pull/7647) * [OCPBUGS-22774](https://issues.redhat.com/browse/OCPBUGS-22774): Add KMS encryption keys if provided [#7659](https://github.com/openshift/installer/pull/7659) * [OCPBUGS-21868](https://issues.redhat.com/browse/OCPBUGS-21868): vSphere,segfault on version check [#7605](https://github.com/openshift/installer/pull/7605) * [OCPBUGS-22945](https://issues.redhat.com/browse/OCPBUGS-22945): Update gcloud version to 447.0.0 [#7681](https://github.com/openshift/installer/pull/7681) * [OCPBUGS-22187](https://issues.redhat.com/browse/OCPBUGS-22187): azure: validation: validate defaultMachinePlatform [#7615](https://github.com/openshift/installer/pull/7615) * [OCPBUGS-22758](https://issues.redhat.com/browse/OCPBUGS-22758): update RHCOS 4.14 bootimage metadata to 414.92.202310210434-0 [#7655](https://github.com/openshift/installer/pull/7655) * [OCPBUGS-19922](https://issues.redhat.com/browse/OCPBUGS-19922): Release 4.14 skip agent tui on external oci platform [#7599](https://github.com/openshift/installer/pull/7599) * [OCPBUGS-21653](https://issues.redhat.com/browse/OCPBUGS-21653): Rectify GCP label key validation check [#7606](https://github.com/openshift/installer/pull/7606) * [OCPBUGS-20357](https://issues.redhat.com/browse/OCPBUGS-20357): update RHCOS 4.14 bootimage metadata to 414.92.202310170514-0 [#7618](https://github.com/openshift/installer/pull/7618) * [OCPBUGS-20396](https://issues.redhat.com/browse/OCPBUGS-20396): Unable to disable external CCM for platform external [#7594](https://github.com/openshift/installer/pull/7594) * [OCPBUGS-20522](https://issues.redhat.com/browse/OCPBUGS-20522): Use changes to AgentClusterInstall during loading [#7588](https://github.com/openshift/installer/pull/7588) * Enforcing the serial execution of the integration tests [#7598](https://github.com/openshift/installer/pull/7598) * [OCPBUGS-20581](https://issues.redhat.com/browse/OCPBUGS-20581): enable cloud controller manager type to be defined [#7581](https://github.com/openshift/installer/pull/7581) * [OCPBUGS-20441](https://issues.redhat.com/browse/OCPBUGS-20441): Warn about host and target compatibility [#7583](https://github.com/openshift/installer/pull/7583) * [OCPBUGS-20345](https://issues.redhat.com/browse/OCPBUGS-20345): Enable serial console for external OCI platform [#7569](https://github.com/openshift/installer/pull/7569) * [OCPBUGS-20401](https://issues.redhat.com/browse/OCPBUGS-20401): always write AWS cloud.conf [#7578](https://github.com/openshift/installer/pull/7578) * [OCPBUGS-19922](https://issues.redhat.com/browse/OCPBUGS-19922): Do not start agent-tui if no graphical console available [#7539](https://github.com/openshift/installer/pull/7539) * [OCPBUGS-20103](https://issues.redhat.com/browse/OCPBUGS-20103): GCP default value for service account [#7553](https://github.com/openshift/installer/pull/7553) * [OCPBUGS-19953](https://issues.redhat.com/browse/OCPBUGS-19953): AWS terraform bootstrap destroy will not refresh state [#7543](https://github.com/openshift/installer/pull/7543) * [OCPBUGS-20066](https://issues.redhat.com/browse/OCPBUGS-20066): Use updated ansible-core for Openstack image [#7551](https://github.com/openshift/installer/pull/7551) * [OCPBUGS-19835](https://issues.redhat.com/browse/OCPBUGS-19835): Enable FIPS in agent ISO [#7541](https://github.com/openshift/installer/pull/7541) * [OCPBUGS-19846](https://issues.redhat.com/browse/OCPBUGS-19846): Graceful fail for AWS getUser on destroy [#7532](https://github.com/openshift/installer/pull/7532) * [OCPBUGS-19033](https://issues.redhat.com/browse/OCPBUGS-19033): Add Net capabilities to dnsmasq container [#7489](https://github.com/openshift/installer/pull/7489) * [OCPBUGS-19319](https://issues.redhat.com/browse/OCPBUGS-19319): Handle agent tui failure gracefully [#7497](https://github.com/openshift/installer/pull/7497) * [OCPBUGS-19738](https://issues.redhat.com/browse/OCPBUGS-19738): Remove warning about CPUPartitioning [#7529](https://github.com/openshift/installer/pull/7529) * [OCPBUGS-19300](https://issues.redhat.com/browse/OCPBUGS-19300): Implement workaround to allow SNO installations for OKD/FCOS [#7479](https://github.com/openshift/installer/pull/7479) * [OCPBUGS-19702](https://issues.redhat.com/browse/OCPBUGS-19702): Increase bootstrap timeout for vSphere platform by 30 mins [#7528](https://github.com/openshift/installer/pull/7528) * [OCPBUGS-19636](https://issues.redhat.com/browse/OCPBUGS-19636): Pass CPUPartitioning via install-config overrides if set [#7521](https://github.com/openshift/installer/pull/7521) * [OCPBUGS-18181](https://issues.redhat.com/browse/OCPBUGS-18181): update RHCOS 4.14 bootimage metadata to 414.92.202309201615-0 [#7517](https://github.com/openshift/installer/pull/7517) * [OCPBUGS-18719](https://issues.redhat.com/browse/OCPBUGS-18719): for vsphere ipi add cluster domain to the uploaded vm configs so that… [#7477](https://github.com/openshift/installer/pull/7477) * [OCPBUGS-18883](https://issues.redhat.com/browse/OCPBUGS-18883): Do not set FailureDomains on CPMS when in a single zone Azure region [#7483](https://github.com/openshift/installer/pull/7483) * [AGENT-702](https://issues.redhat.com/browse/AGENT-702): Generate minimal ISO for external platform [#7478](https://github.com/openshift/installer/pull/7478) * [Full changelog](https://github.com/openshift/installer/compare/8bd109239e1703518d135e9ae52b0101d3464f5c...d92ca632cbabf87b2439c9b19cacb089d193e697) ### [baremetal-machine-controllers](https://github.com/openshift/cluster-api-provider-baremetal/tree/c7b46efd3d6ab77c094fa6ede36499fb7be5858f) * [OCPBUGS-46643](https://issues.redhat.com/browse/OCPBUGS-46643): Bump x/net to 0.33.0 [#228](https://github.com/openshift/cluster-api-provider-baremetal/pull/228) * [OCPBUGS-31435](https://issues.redhat.com/browse/OCPBUGS-31435): Bump golang-protobuf version [#215](https://github.com/openshift/cluster-api-provider-baremetal/pull/215) * [OCPBUGS-29177](https://issues.redhat.com/browse/OCPBUGS-29177): Extend metal3remediation aggregation role [#211](https://github.com/openshift/cluster-api-provider-baremetal/pull/211) * [OCPBUGS-21702](https://issues.redhat.com/browse/OCPBUGS-21702): Uplift x/net to v0.17.0 [#198](https://github.com/openshift/cluster-api-provider-baremetal/pull/198) * [Full changelog](https://github.com/openshift/cluster-api-provider-baremetal/compare/ec953728a15f32d551ee34233192324c8a276172...c7b46efd3d6ab77c094fa6ede36499fb7be5858f) ### [baremetal-operator](https://github.com/openshift/baremetal-operator/tree/483d019146b8495b9299c08c57461747e727f3f7) * [OCPBUGS-53337](https://issues.redhat.com/browse/OCPBUGS-53337): BMO can expose any secret via BMCEventSubscription CRD [#409](https://github.com/openshift/baremetal-operator/pull/409) * [OCPBUGS-38940](https://issues.redhat.com/browse/OCPBUGS-38940): [OCP] Ability to disable agent power off after deployment [#374](https://github.com/openshift/baremetal-operator/pull/374) * [OCPBUGS-34814](https://issues.redhat.com/browse/OCPBUGS-34814): PreprovisioningImage should not be created on poweroff [#359](https://github.com/openshift/baremetal-operator/pull/359) * [OCPBUGS-23324](https://issues.redhat.com/browse/OCPBUGS-23324): Backport node poweroff fixes [#318](https://github.com/openshift/baremetal-operator/pull/318) * [OCPBUGS-24409](https://issues.redhat.com/browse/OCPBUGS-24409): Don't munge timestamp in structured logs, again [#324](https://github.com/openshift/baremetal-operator/pull/324) * [OCPBUGS-24489](https://issues.redhat.com/browse/OCPBUGS-24489): Do not update instance_info and deploy_interface for active nodes [#325](https://github.com/openshift/baremetal-operator/pull/325) * [OCPBUGS-21190](https://issues.redhat.com/browse/OCPBUGS-21190): Uplift x/net to v0.17.0 [#307](https://github.com/openshift/baremetal-operator/pull/307) * [OCPBUGS-20315](https://issues.redhat.com/browse/OCPBUGS-20315): Add an explicit Architecture field [#304](https://github.com/openshift/baremetal-operator/pull/304) * [Full changelog](https://github.com/openshift/baremetal-operator/compare/880ee0500b561ac9d0dc70d88c3f2fdfa4c7edee...483d019146b8495b9299c08c57461747e727f3f7) ### [baremetal-runtimecfg](https://github.com/openshift/baremetal-runtimecfg/tree/0ba9e555eeb173d42e5adf6f65e982e17acfdb9d) * [OCPBUGS-37502](https://issues.redhat.com/browse/OCPBUGS-37502): Fix handling of ELB Node IP detection [#324](https://github.com/openshift/baremetal-runtimecfg/pull/324) * [OCPBUGS-35846](https://issues.redhat.com/browse/OCPBUGS-35846): Add support for OVN HostCidrs annotation [#321](https://github.com/openshift/baremetal-runtimecfg/pull/321) * [OCPBUGS-32524](https://issues.redhat.com/browse/OCPBUGS-32524): Decrease log level when detecting node IP [#306](https://github.com/openshift/baremetal-runtimecfg/pull/306) * [OCPBUGS-26928](https://issues.redhat.com/browse/OCPBUGS-26928): Add .snyk file to ignore vendor and test files [#294](https://github.com/openshift/baremetal-runtimecfg/pull/294) * [OCPBUGS-23474](https://issues.redhat.com/browse/OCPBUGS-23474): Use shorter IP label for keepalived VIP [#288](https://github.com/openshift/baremetal-runtimecfg/pull/288) * [OCPBUGS-22206](https://issues.redhat.com/browse/OCPBUGS-22206): deps: upgrade x/sys [#281](https://github.com/openshift/baremetal-runtimecfg/pull/281) * [OCPBUGS-20080](https://issues.redhat.com/browse/OCPBUGS-20080): Increase timeout for bootstrap kubeapi [#277](https://github.com/openshift/baremetal-runtimecfg/pull/277) * [Full changelog](https://github.com/openshift/baremetal-runtimecfg/compare/1fbb2c0c1e6af304a673d5ac43803d4bb5dca95c...0ba9e555eeb173d42e5adf6f65e982e17acfdb9d) ### [cli, cli-artifacts, deployer, tools](https://github.com/openshift/oc/tree/44b3ac26e654777e0283759d45a2b3351823fc5e) * [OCPBUGS-35475](https://issues.redhat.com/browse/OCPBUGS-35475): Remove some of newapp unit tests relying on external deprecated images [#1802](https://github.com/openshift/oc/pull/1802) * [OCPBUGS-35447](https://issues.redhat.com/browse/OCPBUGS-35447): bump go-git to 5.11.0 [#1799](https://github.com/openshift/oc/pull/1799) * [OCPBUGS-30287](https://issues.redhat.com/browse/OCPBUGS-30287): oc adm catalog mirror: use ToSlash and FromSlash to unify the path separators [#1699](https://github.com/openshift/oc/pull/1699) * [OCPBUGS-25983](https://issues.redhat.com/browse/OCPBUGS-25983): Remove deprecated password defaulting in default config flag [#1646](https://github.com/openshift/oc/pull/1646) * [OCPBUGS-24197](https://issues.redhat.com/browse/OCPBUGS-24197): Add client version in must-gather summary [#1607](https://github.com/openshift/oc/pull/1607) * [OCPBUGS-24460](https://issues.redhat.com/browse/OCPBUGS-24460): Overwrite template's namespace with the explicit one [#1616](https://github.com/openshift/oc/pull/1616) * [OCPBUGS-22702](https://issues.redhat.com/browse/OCPBUGS-22702): Reflect container's exit code for long running tasks not attached to terminal [#1592](https://github.com/openshift/oc/pull/1592) * [OCPBUGS-20508](https://issues.redhat.com/browse/OCPBUGS-20508): regeneratemco: explicitly check for PlatformStatus field [#1573](https://github.com/openshift/oc/pull/1573) * [OCPBUGS-20527](https://issues.redhat.com/browse/OCPBUGS-20527): Set ImportPolicy to PreserveOriginal to honor --keep-manifest-list when mirroring a payload to an image stream [#1574](https://github.com/openshift/oc/pull/1574) * [OCPBUGS-21611](https://issues.redhat.com/browse/OCPBUGS-21611): Bump golang.org/x/net to v0.17.0 [#1579](https://github.com/openshift/oc/pull/1579) * [OCPBUGS-20258](https://issues.redhat.com/browse/OCPBUGS-20258): Updating excluded list of unsupported oc adm commands in MicroShift [#1561](https://github.com/openshift/oc/pull/1561) * [OCPBUGS-20269](https://issues.redhat.com/browse/OCPBUGS-20269): Use quay redis image instead docker mysql [#1562](https://github.com/openshift/oc/pull/1562) * [Full changelog](https://github.com/openshift/oc/compare/82316376e25f6453b58258df6bf1e11ec4abb670...44b3ac26e654777e0283759d45a2b3351823fc5e) ### [cloud-credential-operator](https://github.com/openshift/cloud-credential-operator/tree/c5e14121427366636459051b3a9a5a980131c42c) * [OCPBUGS-58677](https://issues.redhat.com/browse/OCPBUGS-58677): github.com/golang/glog v1.2.5 [#895](https://github.com/openshift/cloud-credential-operator/pull/895) * [OCPBUGS-53418](https://issues.redhat.com/browse/OCPBUGS-53418): github.com/golang/glog v1.2.4 [#845](https://github.com/openshift/cloud-credential-operator/pull/845) * [OCPBUGS-53819](https://issues.redhat.com/browse/OCPBUGS-53819): update github.com/golang-jwt/jwt [#841](https://github.com/openshift/cloud-credential-operator/pull/841) * [OCPBUGS-51542](https://issues.redhat.com/browse/OCPBUGS-51542): Ignore SNYK-GOLANG-GOLANGORGXOAUTH2JWS-8749594 due to not being affected [#830](https://github.com/openshift/cloud-credential-operator/pull/830) * [OCPBUGS-47069](https://issues.redhat.com/browse/OCPBUGS-47069): golang.org/x/net v0.33.0 [#810](https://github.com/openshift/cloud-credential-operator/pull/810) * [OCPBUGS-46487](https://issues.redhat.com/browse/OCPBUGS-46487): Add AWS region to aws-pod-identity-webhook [#801](https://github.com/openshift/cloud-credential-operator/pull/801) * [OCPBUGS-45009](https://issues.redhat.com/browse/OCPBUGS-45009): Add retry to ccoctl gcp create functions [#791](https://github.com/openshift/cloud-credential-operator/pull/791) * [OCPBUGS-45004](https://issues.redhat.com/browse/OCPBUGS-45004): github.com/golang-jwt/jwt/v4 v4.5.1 [#785](https://github.com/openshift/cloud-credential-operator/pull/785) * [OCPBUGS-43647](https://issues.redhat.com/browse/OCPBUGS-43647): Only attempt timed token credentials on supported platforms. [#775](https://github.com/openshift/cloud-credential-operator/pull/775) * [OCPBUGS-43339](https://issues.redhat.com/browse/OCPBUGS-43339): Update github.com/sirupsen/logrus v1.9.3 [#769](https://github.com/openshift/cloud-credential-operator/pull/769) * [OCPBUGS-41236](https://issues.redhat.com/browse/OCPBUGS-41236): List secrets in batches to avoid api timeout [#755](https://github.com/openshift/cloud-credential-operator/pull/755) * [OCPBUGS-38378](https://issues.redhat.com/browse/OCPBUGS-38378): Update google.golang.org/grpc v1.65.0 [#750](https://github.com/openshift/cloud-credential-operator/pull/750) * [OCPBUGS-37823](https://issues.redhat.com/browse/OCPBUGS-37823): GCP passthrough permissions check to ignore problematic permissions. [#741](https://github.com/openshift/cloud-credential-operator/pull/741) * [OCPBUGS-37062](https://issues.redhat.com/browse/OCPBUGS-37062): Update cloud.google.com/go/storage v1.43.0 [#742](https://github.com/openshift/cloud-credential-operator/pull/742) * [OCPBUGS-37420](https://issues.redhat.com/browse/OCPBUGS-37420): SNYK ignore go-client misreporting [#739](https://github.com/openshift/cloud-credential-operator/pull/739) * [OCPBUGS-37276](https://issues.redhat.com/browse/OCPBUGS-37276): Update to azidentity v1.7.0 [#732](https://github.com/openshift/cloud-credential-operator/pull/732) * [OCPBUGS-36029](https://issues.redhat.com/browse/OCPBUGS-36029): IBM/go-sdk-core update to v5.17.4 [#721](https://github.com/openshift/cloud-credential-operator/pull/721) * [OCPBUGS-36716](https://issues.redhat.com/browse/OCPBUGS-36716): AWS STS should not error when a credentailsRequest does not have awsSTSIAMRoleARN [#713](https://github.com/openshift/cloud-credential-operator/pull/713) * [OCPBUGS-32899](https://issues.redhat.com/browse/OCPBUGS-32899): Upgrade go-jose module to 2.6.3 [#697](https://github.com/openshift/cloud-credential-operator/pull/697) * [OCPBUGS-29156](https://issues.redhat.com/browse/OCPBUGS-29156): Fix the ClusterOperator watch of the status controller [#676](https://github.com/openshift/cloud-credential-operator/pull/676) * [OCPBUGS-28231](https://issues.redhat.com/browse/OCPBUGS-28231): Guard upgrading GCP from 4.14 to 4.15 without RoleAdmin permissions [#670](https://github.com/openshift/cloud-credential-operator/pull/670) * [OCPBUGS-29199](https://issues.redhat.com/browse/OCPBUGS-29199): ccoctl - use proxy when validating CloudFront URL [#678](https://github.com/openshift/cloud-credential-operator/pull/678) * [OCPBUGS-27911](https://issues.redhat.com/browse/OCPBUGS-27911): Resolve all outstanding snyk vulnerabilities [#650](https://github.com/openshift/cloud-credential-operator/pull/650) * [OCPBUGS-28382](https://issues.redhat.com/browse/OCPBUGS-28382): Use cached clients to avoid client side throttling [#666](https://github.com/openshift/cloud-credential-operator/pull/666) * [OCPBUGS-27515](https://issues.redhat.com/browse/OCPBUGS-27515): Write manifests when AWS IAM roles already exist. [#659](https://github.com/openshift/cloud-credential-operator/pull/659) * [OCPBUGS-26512](https://issues.redhat.com/browse/OCPBUGS-26512): Use live client for metrics [#647](https://github.com/openshift/cloud-credential-operator/pull/647) * [OCPBUGS-25275](https://issues.redhat.com/browse/OCPBUGS-25275): Azure Workload Identity info in CredsRequests creates a Secret [#643](https://github.com/openshift/cloud-credential-operator/pull/643) * [OCPBUGS-24346](https://issues.redhat.com/browse/OCPBUGS-24346): Discover AWS dns suffix from partition and region. [#635](https://github.com/openshift/cloud-credential-operator/pull/635) * [OCPBUGS-23986](https://issues.redhat.com/browse/OCPBUGS-23986): Use per-project custom roles instead of per-cluster custom roles [#631](https://github.com/openshift/cloud-credential-operator/pull/631) * [OCPBUGS-23426](https://issues.redhat.com/browse/OCPBUGS-23426): Explicitly set the vsphere secret credential data on sync. [#629](https://github.com/openshift/cloud-credential-operator/pull/629) * [OCPBUGS-21388](https://issues.redhat.com/browse/OCPBUGS-21388): Upgrade golang/x/net for CVE-2023-39325 [#622](https://github.com/openshift/cloud-credential-operator/pull/622) * NO-ISSUE: Removing andrew from OWNERS [#617](https://github.com/openshift/cloud-credential-operator/pull/617) * snyk: exclude vendor/ [#615](https://github.com/openshift/cloud-credential-operator/pull/615) * [OCPBUGS-22651](https://issues.redhat.com/browse/OCPBUGS-22651): explicitly set azure oidc bucket to allow public blob access [#612](https://github.com/openshift/cloud-credential-operator/pull/612) * [OCPBUGS-21926](https://issues.redhat.com/browse/OCPBUGS-21926): azure create-managed-identites to add cloud controller manager to network resource group [#608](https://github.com/openshift/cloud-credential-operator/pull/608) * [OCPBUGS-19865](https://issues.redhat.com/browse/OCPBUGS-19865): Add networkResourceGroupName parameter for Azure [#602](https://github.com/openshift/cloud-credential-operator/pull/602) * [Full changelog](https://github.com/openshift/cloud-credential-operator/compare/73f2968fac3a6b0ddecb7c44e0a64dcb6cd26b11...c5e14121427366636459051b3a9a5a980131c42c) ### [cloud-network-config-controller](https://github.com/openshift/cloud-network-config-controller/tree/1bd04641f210d19370f782086949f827bfb7a264) * [OCPBUGS-34197](https://issues.redhat.com/browse/OCPBUGS-34197): Avoid panic when looking up attachedOutboundRule.ID in azure [#147](https://github.com/openshift/cloud-network-config-controller/pull/147) * [OCPBUGS-32112](https://issues.redhat.com/browse/OCPBUGS-32112): Avoid nil pointer panic while assigning private IP on Azure [#138](https://github.com/openshift/cloud-network-config-controller/pull/138) * [OCPBUGS-21785](https://issues.redhat.com/browse/OCPBUGS-21785): Azure: skip backend pool if attached to an outbound rule [#125](https://github.com/openshift/cloud-network-config-controller/pull/125) * [Full changelog](https://github.com/openshift/cloud-network-config-controller/compare/6864da0642026d6004df171539fa9fd5bcb6c2df...1bd04641f210d19370f782086949f827bfb7a264) ### [cluster-authentication-operator](https://github.com/openshift/cluster-authentication-operator/tree/9203d4d5a83c86d4c51050a2c58e5ffe6e8d137e) * [OCPBUGS-28247](https://issues.redhat.com/browse/OCPBUGS-28247): Remove "include.release.openshift.io/ibm-cloud-managed:" annotation [#649](https://github.com/openshift/cluster-authentication-operator/pull/649) * [OCPBUGS-20705](https://issues.redhat.com/browse/OCPBUGS-20705): go.mod: bump golang.org/x/net to v0.17.0 [#637](https://github.com/openshift/cluster-authentication-operator/pull/637) * [Full changelog](https://github.com/openshift/cluster-authentication-operator/compare/7aaa40eb28afdae8c5994b672b33cd4be31cc7d1...9203d4d5a83c86d4c51050a2c58e5ffe6e8d137e) ### [cluster-autoscaler](https://github.com/openshift/kubernetes-autoscaler/tree/d030dbaade38e116d27d5039a3597f694f73ea2b) * [OCPBUGS-45150](https://issues.redhat.com/browse/OCPBUGS-45150): [release-4.14] VPA: Update OWNERS file [#327](https://github.com/openshift/kubernetes-autoscaler/pull/327) * [OCPBUGS-40925](https://issues.redhat.com/browse/OCPBUGS-40925): update VPA golang.org/x/net for http rapid reset for CVE-2024-8421 [#316](https://github.com/openshift/kubernetes-autoscaler/pull/316) * [OCPBUGS-31621](https://issues.redhat.com/browse/OCPBUGS-31621): add check for taint.value == nil [#294](https://github.com/openshift/kubernetes-autoscaler/pull/294) * [OCPBUGS-30628](https://issues.redhat.com/browse/OCPBUGS-30628): Fix unstructured taint parsing in Cluster API provider [#288](https://github.com/openshift/kubernetes-autoscaler/pull/288) * [OCPBUGS-19697](https://issues.redhat.com/browse/OCPBUGS-19697): UPSTREAM: 6066: Allow overriding the kubernetes.io/arch label set by the scale from zero methods via a new cmdline arg [#263](https://github.com/openshift/kubernetes-autoscaler/pull/263) * [Full changelog](https://github.com/openshift/kubernetes-autoscaler/compare/89149896bc6a3d02ebf117c61d5e9ea50ad73129...d030dbaade38e116d27d5039a3597f694f73ea2b) ### [cluster-autoscaler-operator](https://github.com/openshift/cluster-autoscaler-operator/tree/32854baae386c4d6854d7fd8658fdff75588e919) * [OCPBUGS-31976](https://issues.redhat.com/browse/OCPBUGS-31976): Update x/net to v0.25.0 [#322](https://github.com/openshift/cluster-autoscaler-operator/pull/322) * [OCPBUGS-25749](https://issues.redhat.com/browse/OCPBUGS-25749): Add Snyk file to exclude vendor directory on scan [#308](https://github.com/openshift/cluster-autoscaler-operator/pull/308) * [OCPBUGS-20789](https://issues.redhat.com/browse/OCPBUGS-20789): Bump x/net package to v0.17.0 [#298](https://github.com/openshift/cluster-autoscaler-operator/pull/298) * [OCPBUGS-20038](https://issues.redhat.com/browse/OCPBUGS-20038): Ensure status reporter caches exit if they don't sync [#292](https://github.com/openshift/cluster-autoscaler-operator/pull/292) * [OCPBUGS-19496](https://issues.redhat.com/browse/OCPBUGS-19496): cluster-autoscaler-operator: clusterrole add clusteroperators watch [#288](https://github.com/openshift/cluster-autoscaler-operator/pull/288) * [OCPBUGS-19697](https://issues.redhat.com/browse/OCPBUGS-19697): Provide the architecture of the control plane as argument to --scale-up-from-zero-default-arch [#290](https://github.com/openshift/cluster-autoscaler-operator/pull/290) * [Full changelog](https://github.com/openshift/cluster-autoscaler-operator/compare/8425d88b5bedd5d22acfb0f6c0edf929ec401288...32854baae386c4d6854d7fd8658fdff75588e919) ### [cluster-baremetal-operator](https://github.com/openshift/cluster-baremetal-operator/tree/affcfb54666c47e569d1ba4f2e44aeaf9ef28bf7) * [OCPBUGS-31977](https://issues.redhat.com/browse/OCPBUGS-31977): bump x/net to 0.23.0 [#438](https://github.com/openshift/cluster-baremetal-operator/pull/438) * [OCPBUGS-22943](https://issues.redhat.com/browse/OCPBUGS-22943): Add tls-cipher-suites to baremetal-kube-rbac-proxy [#379](https://github.com/openshift/cluster-baremetal-operator/pull/379) * [OCPBUGS-23392](https://issues.redhat.com/browse/OCPBUGS-23392), [OCPBUGS-23393](https://issues.redhat.com/browse/OCPBUGS-23393): fix IRONIC_EXTERNAL_URL_V6 [#384](https://github.com/openshift/cluster-baremetal-operator/pull/384) * Jira OCPBUGS-22208: Trigger reconcile if Secret openshift-config/pull-secret changes [#376](https://github.com/openshift/cluster-baremetal-operator/pull/376) * [OCPBUGS-20887](https://issues.redhat.com/browse/OCPBUGS-20887): Uplift x/net to v0.17.0 [#369](https://github.com/openshift/cluster-baremetal-operator/pull/369) * [OCPBUGS-19545](https://issues.redhat.com/browse/OCPBUGS-19545): Remove metrics port from baremetal-operator [#366](https://github.com/openshift/cluster-baremetal-operator/pull/366) * [OCPBUGS-18934](https://issues.redhat.com/browse/OCPBUGS-18934): Guard against nil PlatformStatus [#360](https://github.com/openshift/cluster-baremetal-operator/pull/360) * [Full changelog](https://github.com/openshift/cluster-baremetal-operator/compare/6e850eedbb24f90b67a08ed29af62f353a621d9d...affcfb54666c47e569d1ba4f2e44aeaf9ef28bf7) ### [cluster-capi-controllers](https://github.com/openshift/cluster-api/tree/ae83c5533706d539dc492229eebd67533468e48b) * [OCPBUGS-21544](https://issues.redhat.com/browse/OCPBUGS-21544): Bump golang.org/x/net to v0.17.0 [#184](https://github.com/openshift/cluster-api/pull/184) * [Full changelog](https://github.com/openshift/cluster-api/compare/2053e13cb0fda9188e9b685db83c1e1f492e6efa...ae83c5533706d539dc492229eebd67533468e48b) ### [cluster-capi-operator](https://github.com/openshift/cluster-capi-operator/tree/60cc3e65ff4817e43fe3114bccbbdb14374bac2c) * [OCPBUGS-37974](https://issues.redhat.com/browse/OCPBUGS-37974): fix: sort CredentialsRequest manifests after namespace [#194](https://github.com/openshift/cluster-capi-operator/pull/194) * [OCPBUGS-36369](https://issues.redhat.com/browse/OCPBUGS-36369): Revert cluster-api-operator go.sum hash [#184](https://github.com/openshift/cluster-capi-operator/pull/184) * [OCPBUGS-35128](https://issues.redhat.com/browse/OCPBUGS-35128): Bump x/crypto to v0.24.0 [#177](https://github.com/openshift/cluster-capi-operator/pull/177) * [OCPBUGS-35957](https://issues.redhat.com/browse/OCPBUGS-35957): Fix gcp providers-list.yaml branch [#178](https://github.com/openshift/cluster-capi-operator/pull/178) * [OCPBUGS-22314](https://issues.redhat.com/browse/OCPBUGS-22314): fix: add missing azure identity diff [#136](https://github.com/openshift/cluster-capi-operator/pull/136) * [OCPBUGS-21092](https://issues.redhat.com/browse/OCPBUGS-21092): Bump golang.org/x/net to v0.17.0 [#134](https://github.com/openshift/cluster-capi-operator/pull/134) * [Full changelog](https://github.com/openshift/cluster-capi-operator/compare/203435ef87a2bed13fc43db893deb8bee1dff97f...60cc3e65ff4817e43fe3114bccbbdb14374bac2c) ### [cluster-cloud-controller-manager-operator](https://github.com/openshift/cluster-cloud-controller-manager-operator/tree/a0b9c0d70748ff24de5a40874207de3ea5bfa91e) * [OCPBUGS-34556](https://issues.redhat.com/browse/OCPBUGS-34556): update azure and ash tolerations on node manager [#347](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/347) * [OCPBUGS-26548](https://issues.redhat.com/browse/OCPBUGS-26548): Adds CloudConfigTransformer for Azure [#321](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/321) * [OCPBUGS-21189](https://issues.redhat.com/browse/OCPBUGS-21189): Bump golang.org/x/net to v0.18.0 [#295](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/295) * [OCPBUGS-20552](https://issues.redhat.com/browse/OCPBUGS-20552): apply necessary RBAC for the alibaba cloud controller manager [#289](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/289) * [OCPBUGS-19790](https://issues.redhat.com/browse/OCPBUGS-19790): Additional permissions for internal load balancer on STS [#288](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/288) * [OCPBUGS-19849](https://issues.redhat.com/browse/OCPBUGS-19849): Set dual-stack IPFamilyPriority for vSphere [#283](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/283) * [OCPBUGS-19790](https://issues.redhat.com/browse/OCPBUGS-19790): Ensure subnets read permission for granular roles [#282](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/282) * [Full changelog](https://github.com/openshift/cluster-cloud-controller-manager-operator/compare/56181136d91dff7bac4aa5acb2c1461381ac6e34...a0b9c0d70748ff24de5a40874207de3ea5bfa91e) ### [cluster-config-operator](https://github.com/openshift/cluster-config-operator/tree/2378670aee1858db6b1ff425a1d208eb7d73afec) * [OCPBUGS-44095](https://issues.redhat.com/browse/OCPBUGS-44095): Backport SDN live migration [#425](https://github.com/openshift/cluster-config-operator/pull/425) * [OCPBUGS-28649](https://issues.redhat.com/browse/OCPBUGS-28649): Add required PSa labels [#403](https://github.com/openshift/cluster-config-operator/pull/403) * NO-JIRA: add inert featuregate files to allow diff against later releases [#398](https://github.com/openshift/cluster-config-operator/pull/398) * [OCPBUGS-21653](https://issues.redhat.com/browse/OCPBUGS-21653): Update openshift/api package to latest version [#371](https://github.com/openshift/cluster-config-operator/pull/371) * : OCPBUGS-21286: bump library-go to include switch to HTTP/1.1 [#369](https://github.com/openshift/cluster-config-operator/pull/369) * [OCPBUGS-20439](https://issues.redhat.com/browse/OCPBUGS-20439): Remove Build CRD [#363](https://github.com/openshift/cluster-config-operator/pull/363) * [OCPBUGS-16726](https://issues.redhat.com/browse/OCPBUGS-16726): psa - move into tech preview for 4.14 [#354](https://github.com/openshift/cluster-config-operator/pull/354) * [Full changelog](https://github.com/openshift/cluster-config-operator/compare/0b4c69fd7e282b9037cbb2b6e2d09c96bcc29818...2378670aee1858db6b1ff425a1d208eb7d73afec) ### [cluster-control-plane-machine-set-operator](https://github.com/openshift/cluster-control-plane-machine-set-operator/tree/783d9dd134451c12f0c1abf7e53c30b61ddd74bf) * [OCPBUGS-48211](https://issues.redhat.com/browse/OCPBUGS-48211): Add unreadyNodeGracePeriod for allowing brief node hiccups [#340](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/340) * [CFE-1087](https://issues.redhat.com/browse/CFE-1087): API Bump for capacity Reservation [#319](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/319) * [OCPBUGS-35520](https://issues.redhat.com/browse/OCPBUGS-35520): Wait for ControlPlaneMachineSet to be created when waiting for it to be updated [#309](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/309) * [OCPBUGS-35338](https://issues.redhat.com/browse/OCPBUGS-35338): Improved debugging of API listing errors [#303](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/303) * [OCPBUGS-30014](https://issues.redhat.com/browse/OCPBUGS-30014): Never delete a Machine when there's a single Machine in an index [#283](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/283) * [OCPBUGS-20566](https://issues.redhat.com/browse/OCPBUGS-20566): webhooks: set min version TLS 1.2 + exclude weak ciphersuites [#254](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/254) * [OCPBUGS-21384](https://issues.redhat.com/browse/OCPBUGS-21384): Bump golang.org/x/net to v0.17.0 [#256](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/256) * [OCPBUGS-20408](https://issues.redhat.com/browse/OCPBUGS-20408): fix: e2e: add gcp custom type to test framework [#247](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/247) * [Full changelog](https://github.com/openshift/cluster-control-plane-machine-set-operator/compare/e1b692b1e9552db95c17f6a03b41d258237ab480...783d9dd134451c12f0c1abf7e53c30b61ddd74bf) ### [cluster-csi-snapshot-controller-operator](https://github.com/openshift/cluster-csi-snapshot-controller-operator/tree/d4a1162514ecbf248b04e6e8625d17bc2b775ccd) * [OCPBUGS-31886](https://issues.redhat.com/browse/OCPBUGS-31886): create suitable role and roleBinding for csi-snapshot-webhook [#205](https://github.com/openshift/cluster-csi-snapshot-controller-operator/pull/205) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#174](https://github.com/openshift/cluster-csi-snapshot-controller-operator/pull/174) * [OCPBUGS-21477](https://issues.redhat.com/browse/OCPBUGS-21477): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#167](https://github.com/openshift/cluster-csi-snapshot-controller-operator/pull/167) * [OCPBUGS-18801](https://issues.redhat.com/browse/OCPBUGS-18801): Move readonlyRootFilesystem to the right place - 4.14 [#162](https://github.com/openshift/cluster-csi-snapshot-controller-operator/pull/162) * [Full changelog](https://github.com/openshift/cluster-csi-snapshot-controller-operator/compare/65dbb12b710b7126f662f5f7f2d8272f9f6868cc...d4a1162514ecbf248b04e6e8625d17bc2b775ccd) ### [cluster-dns-operator](https://github.com/openshift/cluster-dns-operator/tree/0164e3c4464f03d5ddbbba5d426f4bf02822753d) * [OCPBUGS-52500](https://issues.redhat.com/browse/OCPBUGS-52500): [release-4.14] Add runbook_url for CoreDNSErrorsHigh [#433](https://github.com/openshift/cluster-dns-operator/pull/433) * [OCPBUGS-5943](https://issues.redhat.com/browse/OCPBUGS-5943): Enable topology-aware hints iff nodes in >=2 zones [#416](https://github.com/openshift/cluster-dns-operator/pull/416) * [OCPBUGS-5943](https://issues.redhat.com/browse/OCPBUGS-5943): Ignore max unavailable for status [#400](https://github.com/openshift/cluster-dns-operator/pull/400) * [OCPBUGS-21541](https://issues.redhat.com/browse/OCPBUGS-21541): Bump golang.org/x/net/http2 to v0.17.0 for CVE-2023-39325 in cluster-dns-operator [#389](https://github.com/openshift/cluster-dns-operator/pull/389) * [Full changelog](https://github.com/openshift/cluster-dns-operator/compare/73aa60d1fd4e86aed93d67ddac62586ecbb70644...0164e3c4464f03d5ddbbba5d426f4bf02822753d) ### [cluster-etcd-operator](https://github.com/openshift/cluster-etcd-operator/tree/9abf7d22b5fda0e06fb1f9a2fa90caaa09d5a932) * [OCPBUGS-53507](https://issues.redhat.com/browse/OCPBUGS-53507): fix CVE-2025-30204 [#1405](https://github.com/openshift/cluster-etcd-operator/pull/1405) * [OCPBUGS-34495](https://issues.redhat.com/browse/OCPBUGS-34495): return errors in wait-for-ceo [#1266](https://github.com/openshift/cluster-etcd-operator/pull/1266) * [OCPBUGS-31392](https://issues.redhat.com/browse/OCPBUGS-31392): remove etcd-health-probe log [#1258](https://github.com/openshift/cluster-etcd-operator/pull/1258) * [OCPBUGS-31972](https://issues.redhat.com/browse/OCPBUGS-31972): update golang x net [#1254](https://github.com/openshift/cluster-etcd-operator/pull/1254) * [OCPBUGS-31428](https://issues.redhat.com/browse/OCPBUGS-31428): CEO aliveness check should only detect deadlocks [#1231](https://github.com/openshift/cluster-etcd-operator/pull/1231) * [OCPBUGS-30067](https://issues.redhat.com/browse/OCPBUGS-30067): fix panic in health check timeouts [#1213](https://github.com/openshift/cluster-etcd-operator/pull/1213) * [OCPBUGS-30012](https://issues.redhat.com/browse/OCPBUGS-30012): Replace nodelister with master nodelister everywhere [#1211](https://github.com/openshift/cluster-etcd-operator/pull/1211) * [OCPBUGS-23571](https://issues.redhat.com/browse/OCPBUGS-23571): Add annotation in the etcd-guard static pod for worklo… [#1162](https://github.com/openshift/cluster-etcd-operator/pull/1162) * [OCPBUGS-26214](https://issues.redhat.com/browse/OCPBUGS-26214): fix device busy errors [#1176](https://github.com/openshift/cluster-etcd-operator/pull/1176) * Revert "[release-4.14] OCPBUGS-21802: remove revision stability check from bootstrap complet…" [#1168](https://github.com/openshift/cluster-etcd-operator/pull/1168) * [OCPBUGS-22477](https://issues.redhat.com/browse/OCPBUGS-22477): Remove z-upgrades from UpgradeBackupController [#1140](https://github.com/openshift/cluster-etcd-operator/pull/1140) * [OCPBUGS-21802](https://issues.redhat.com/browse/OCPBUGS-21802): remove revision stability check from bootstrap complet… [#1138](https://github.com/openshift/cluster-etcd-operator/pull/1138) * [OCPBUGS-21175](https://issues.redhat.com/browse/OCPBUGS-21175): fixing CVE-2023-39325 by updating dependencies [#1142](https://github.com/openshift/cluster-etcd-operator/pull/1142) * [OCPBUGS-19499](https://issues.redhat.com/browse/OCPBUGS-19499): prioritize podman pull in etcdctl dl [#1133](https://github.com/openshift/cluster-etcd-operator/pull/1133) * [OCPBUGS-20245](https://issues.redhat.com/browse/OCPBUGS-20245): relax readiness to local serializable requests [#1135](https://github.com/openshift/cluster-etcd-operator/pull/1135) * [OCPBUGS-19499](https://issues.redhat.com/browse/OCPBUGS-19499): Avoid caching etcdctl on cluster-backup.sh [#1120](https://github.com/openshift/cluster-etcd-operator/pull/1120) * [OCPBUGS-19910](https://issues.redhat.com/browse/OCPBUGS-19910): introduce backup removal controller [#1127](https://github.com/openshift/cluster-etcd-operator/pull/1127) * [OCPBUGS-19553](https://issues.redhat.com/browse/OCPBUGS-19553): Update static pod manifests perms [#1122](https://github.com/openshift/cluster-etcd-operator/pull/1122) * [OCPBUGS-19002](https://issues.redhat.com/browse/OCPBUGS-19002): restore the correct static pod list [#1112](https://github.com/openshift/cluster-etcd-operator/pull/1112) * [OCPBUGS-18781](https://issues.redhat.com/browse/OCPBUGS-18781): prepend authfile to podman create [#1106](https://github.com/openshift/cluster-etcd-operator/pull/1106) * And 1 elided commits (e.g. from squash or rebase merges) * [Full changelog](https://github.com/openshift/cluster-etcd-operator/compare/4ed903605714300684acb5baf8d4d84c708a3d8a...9abf7d22b5fda0e06fb1f9a2fa90caaa09d5a932) ### [cluster-image-registry-operator](https://github.com/openshift/cluster-image-registry-operator/tree/e858d0e42c044d0dc43e292219a5713c5b713e25) * [OCPBUGS-53867](https://issues.redhat.com/browse/OCPBUGS-53867): Bump github.com/golang-jwt/jwt [#1229](https://github.com/openshift/cluster-image-registry-operator/pull/1229) * [OCPBUGS-53867](https://issues.redhat.com/browse/OCPBUGS-53867): Bump github.com/golang-jwt/jwt [#1224](https://github.com/openshift/cluster-image-registry-operator/pull/1224) * [OCPBUGS-51598](https://issues.redhat.com/browse/OCPBUGS-51598): bump golang.org/x/oauth2 [#1213](https://github.com/openshift/cluster-image-registry-operator/pull/1213) * [OCPBUGS-51312](https://issues.redhat.com/browse/OCPBUGS-51312): ensure that storage names don't end in dashes [#1185](https://github.com/openshift/cluster-image-registry-operator/pull/1185) * [OCPBUGS-44048](https://issues.redhat.com/browse/OCPBUGS-44048): fix proxy config and leader election test flakes [#1153](https://github.com/openshift/cluster-image-registry-operator/pull/1153) * [OCPBUGS-44002](https://issues.redhat.com/browse/OCPBUGS-44002): Continuous pull-secret updates / slow initialization on build01 (test platform infrastructure) [#1152](https://github.com/openshift/cluster-image-registry-operator/pull/1152) * [OCPBUGS-42935](https://issues.redhat.com/browse/OCPBUGS-42935): azureclient: stop validating credentials when creating the client [#1137](https://github.com/openshift/cluster-image-registry-operator/pull/1137) * [OCPBUGS-39100](https://issues.redhat.com/browse/OCPBUGS-39100): Avoid Shared Access Key usage for Azure Storage Account when using Managed Identity based auth [#1114](https://github.com/openshift/cluster-image-registry-operator/pull/1114) * [OCPBUGS-36035](https://issues.redhat.com/browse/OCPBUGS-36035): go.*,vendor: bump go-retryablehttp [#1069](https://github.com/openshift/cluster-image-registry-operator/pull/1069) * [OCPBUGS-33147](https://issues.redhat.com/browse/OCPBUGS-33147): azure-path-fix: get client secret from k8s secret [#1058](https://github.com/openshift/cluster-image-registry-operator/pull/1058) * [OCPBUGS-34668](https://issues.redhat.com/browse/OCPBUGS-34668): pkg/storage/s3: use force path style in favour of virtual hosted style config [#1051](https://github.com/openshift/cluster-image-registry-operator/pull/1051) * [OCPBUGS-33409](https://issues.redhat.com/browse/OCPBUGS-33409): azurepathfix: check if platform status is nil before accessing it [#1033](https://github.com/openshift/cluster-image-registry-operator/pull/1033) * [OCPBUGS-32450](https://issues.redhat.com/browse/OCPBUGS-32450): azure-path-fix: support auth via account key (without clientID) [#1023](https://github.com/openshift/cluster-image-registry-operator/pull/1023) * [OCPBUGS-31857](https://issues.redhat.com/browse/OCPBUGS-31857): bump aws-sdk-go from v1.44 to v1.50 [#1018](https://github.com/openshift/cluster-image-registry-operator/pull/1018) * [OCPBUGS-28989](https://issues.redhat.com/browse/OCPBUGS-28989): pkg/storage/s3: enable bucket key on encryption settings [#995](https://github.com/openshift/cluster-image-registry-operator/pull/995) * [OCPBUGS-29755](https://issues.redhat.com/browse/OCPBUGS-29755): azurepathfix: fix stack hub, government and workload identity setup [#1005](https://github.com/openshift/cluster-image-registry-operator/pull/1005) * [OCPBUGS-29604](https://issues.redhat.com/browse/OCPBUGS-29604): move azure storage blobs from `docker` back into `/docker` [#1001](https://github.com/openshift/cluster-image-registry-operator/pull/1001) * [OCPBUGS-22127](https://issues.redhat.com/browse/OCPBUGS-22127): increase storage account key cache expiration [#941](https://github.com/openshift/cluster-image-registry-operator/pull/941) * [OCPBUGS-20710](https://issues.redhat.com/browse/OCPBUGS-20710): mitigate effects of rapid reset [#942](https://github.com/openshift/cluster-image-registry-operator/pull/942) * [OCPBUGS-18794](https://issues.redhat.com/browse/OCPBUGS-18794): check if response is nil before using it [#917](https://github.com/openshift/cluster-image-registry-operator/pull/917) * [Full changelog](https://github.com/openshift/cluster-image-registry-operator/compare/3a8a3ceb4c76e9ac894405d69acbc4cf699c4d80...e858d0e42c044d0dc43e292219a5713c5b713e25) ### [cluster-ingress-operator](https://github.com/openshift/cluster-ingress-operator/tree/e302d85665274cb299d873eb624867384e5c37b1) * [OCPBUGS-36467](https://issues.redhat.com/browse/OCPBUGS-36467): Allow operator to update Route spec.subdomain [#1101](https://github.com/openshift/cluster-ingress-operator/pull/1101) * [OCPBUGS-36555](https://issues.redhat.com/browse/OCPBUGS-36555): Implement connect timeout tuning option [#1105](https://github.com/openshift/cluster-ingress-operator/pull/1105) * [OCPBUGS-36461](https://issues.redhat.com/browse/OCPBUGS-36461): Add Regexp Anchor to TestAll [#1098](https://github.com/openshift/cluster-ingress-operator/pull/1098) * [OCPBUGS-35399](https://issues.redhat.com/browse/OCPBUGS-35399): Internal service changed: fix target port logic [#1086](https://github.com/openshift/cluster-ingress-operator/pull/1086) * [OCPBUGS-34973](https://issues.redhat.com/browse/OCPBUGS-34973): TestHostNetworkPortBinding: Delete t.Parallel() [#1077](https://github.com/openshift/cluster-ingress-operator/pull/1077) * [OCPBUGS-34410](https://issues.redhat.com/browse/OCPBUGS-34410): Don't add clientca-configmap finalizer if deleting [#1063](https://github.com/openshift/cluster-ingress-operator/pull/1063) * [OCPBUGS-34407](https://issues.redhat.com/browse/OCPBUGS-34407): Use centos7 tag for quay.io/centos7/httpd-24-centos7 image [#1061](https://github.com/openshift/cluster-ingress-operator/pull/1061) * [OCPBUGS-20800](https://issues.redhat.com/browse/OCPBUGS-20800): Bump golang.org/x/net for CVE-2023-44487 [#986](https://github.com/openshift/cluster-ingress-operator/pull/986) * [OCPBUGS-21898](https://issues.redhat.com/browse/OCPBUGS-21898): test/e2e: Add test case for 2000000 maxConnections [#984](https://github.com/openshift/cluster-ingress-operator/pull/984) * [Full changelog](https://github.com/openshift/cluster-ingress-operator/compare/815632b1ddb29f55ddc7a8fdba63292b4797b3ae...e302d85665274cb299d873eb624867384e5c37b1) ### [cluster-kube-apiserver-operator](https://github.com/openshift/cluster-kube-apiserver-operator/tree/9267f4543589ccb408d3e62fc0e35708d4b783df) * [OCPBUGS-50662](https://issues.redhat.com/browse/OCPBUGS-50662): Increase waitForFallbackDegradedConditionTimeout [#1807](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1807) * [OCPBUGS-31354](https://issues.redhat.com/browse/OCPBUGS-31354): add SNO control plane high cpu usage alert [#1707](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1707) * [OCPBUGS-33930](https://issues.redhat.com/browse/OCPBUGS-33930): add a controller that reconciles SCCs' volumes [#1681](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1681) * [OCPBUGS-31506](https://issues.redhat.com/browse/OCPBUGS-31506): Add sno section to alert description [#1658](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1658) * [OCPBUGS-31316](https://issues.redhat.com/browse/OCPBUGS-31316): add provider name to cluster_infrastructure_provider when external platform [#1657](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1657) * [OCPBUGS-29722](https://issues.redhat.com/browse/OCPBUGS-29722): webhookcontroller: report when a webhook resource is missing a caBundle provided by the service-ca-operator [#1650](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1650) * [OCPBUGS-29722](https://issues.redhat.com/browse/OCPBUGS-29722): webhookcontroller: report when a webhook resource is missing a caBundle provided by the service-ca-operator [#1646](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1646) * [OCPBUGS-25384](https://issues.redhat.com/browse/OCPBUGS-25384): psa cluster fleet evaluation [#1600](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1600) * : OCPBUGS-24022: Add workload partitioning annotation [#1590](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1590) * : OCPBUGS-20898: bump library-go to include switch to HTTP/1.1 [#1569](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1569) * [OCPBUGS-22718](https://issues.redhat.com/browse/OCPBUGS-22718): [release-4.14] OCPBUGS-20331: manifests: rename API performance dashboard [#1570](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1570) * [OCPBUGS-19553](https://issues.redhat.com/browse/OCPBUGS-19553): Update static pod manifests perms [#1556](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1556) * [OCPBUGS-19353](https://issues.redhat.com/browse/OCPBUGS-19353): manifests: don't include recording rules when Console capability is not enabled [#1551](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1551) * [OCPBUGS-10362](https://issues.redhat.com/browse/OCPBUGS-10362): revert dev cert rotation on 4.14 [#1545](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1545) * [Full changelog](https://github.com/openshift/cluster-kube-apiserver-operator/compare/b5b212e5cecf729bb15248d26edbd55dbe7253a9...9267f4543589ccb408d3e62fc0e35708d4b783df) ### [cluster-kube-cluster-api-operator](https://github.com/openshift/cluster-api-operator/tree/b287d08b3dabe6b3b67b87a8a284f19ed12a165e) * [release 4.14] OCPBUGS-20999: Bump golang.org/x/net to v0.17.0 [#27](https://github.com/openshift/cluster-api-operator/pull/27) * [Full changelog](https://github.com/openshift/cluster-api-operator/compare/128d8e08c48e2002c416e84d0dec816bf5999c7e...b287d08b3dabe6b3b67b87a8a284f19ed12a165e) ### [cluster-kube-controller-manager-operator](https://github.com/openshift/cluster-kube-controller-manager-operator/tree/4e059638c2cbf003551ee699106dc024760eece3) * [OCPBUGS-28247](https://issues.redhat.com/browse/OCPBUGS-28247): Remove "include.release.openshift.io/ibm-cloud-managed:" annotation [#791](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/791) * [OCPBUGS-27063](https://issues.redhat.com/browse/OCPBUGS-27063): bump(library-go)=release-4.14 [#787](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/787) * [OCPBUGS-21088](https://issues.redhat.com/browse/OCPBUGS-21088): Bump deps to address CVE-2023-44487 [4.14] [#764](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/764) * [OCPBUGS-21088](https://issues.redhat.com/browse/OCPBUGS-21088): Bump deps to address CVE-2023-44487 [#756](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/756) * [OCPBUGS-19553](https://issues.redhat.com/browse/OCPBUGS-19553): Update static pod manifests perms [#749](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/749) * [Full changelog](https://github.com/openshift/cluster-kube-controller-manager-operator/compare/ee8cf52558df0862f9927dbc7275fbe6cc1a1e5f...4e059638c2cbf003551ee699106dc024760eece3) ### [cluster-kube-scheduler-operator](https://github.com/openshift/cluster-kube-scheduler-operator/tree/33f630dc1f890ca59c5e57fb5b6cc24a3f22a1d4) * [OCPBUGS-27022](https://issues.redhat.com/browse/OCPBUGS-27022): bump(library-go)=release-4.14 [#527](https://github.com/openshift/cluster-kube-scheduler-operator/pull/527) * [OCPBUGS-21737](https://issues.redhat.com/browse/OCPBUGS-21737): bump(k8s,openshift) to address CVE-2023-44487 [#504](https://github.com/openshift/cluster-kube-scheduler-operator/pull/504) * [OCPBUGS-21737](https://issues.redhat.com/browse/OCPBUGS-21737): Bump deps to address CVE-2023-44487 [#501](https://github.com/openshift/cluster-kube-scheduler-operator/pull/501) * [OCPBUGS-19553](https://issues.redhat.com/browse/OCPBUGS-19553): Update static pod manifests perms [#495](https://github.com/openshift/cluster-kube-scheduler-operator/pull/495) * [Full changelog](https://github.com/openshift/cluster-kube-scheduler-operator/compare/f054dfaf189b43b262c11ef7f97038c79592c796...33f630dc1f890ca59c5e57fb5b6cc24a3f22a1d4) ### [cluster-kube-storage-version-migrator-operator](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/tree/9cd9922a42a64fe058718f10e3b4123b943bb55f) * : OCPBUGS-21371: bump library-go to include switch to HTTP/1.1 [#96](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/96) * [Full changelog](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/compare/e76cea5f52bd5a125d051c6a0da4127a4dae6700...9cd9922a42a64fe058718f10e3b4123b943bb55f) ### [cluster-machine-approver](https://github.com/openshift/cluster-machine-approver/tree/38a758d0026346b751774b2459520174b46e39bf) * [OCPBUGS-46057](https://issues.redhat.com/browse/OCPBUGS-46057): Ensure trailing dots on DNS names do not block serving cert auth [#259](https://github.com/openshift/cluster-machine-approver/pull/259) * [OCPBUGS-46057](https://issues.redhat.com/browse/OCPBUGS-46057): Client internal DNS checks should ignore trailing dot [#255](https://github.com/openshift/cluster-machine-approver/pull/255) * [OCPBUGS-44774](https://issues.redhat.com/browse/OCPBUGS-44774): Client internal DNS checks should be case insensitive [#246](https://github.com/openshift/cluster-machine-approver/pull/246) * [OCPBUGS-28745](https://issues.redhat.com/browse/OCPBUGS-28745): Increase concurrent reconciles to 10 [#228](https://github.com/openshift/cluster-machine-approver/pull/228) * [OCPBUGS-23150](https://issues.redhat.com/browse/OCPBUGS-23150): Filter non node CSRs in metrics [#209](https://github.com/openshift/cluster-machine-approver/pull/209) * [OCPBUGS-21468](https://issues.redhat.com/browse/OCPBUGS-21468): Bump x/net package to v0.17.0 [#206](https://github.com/openshift/cluster-machine-approver/pull/206) * [OCPBUGS-19305](https://issues.redhat.com/browse/OCPBUGS-19305): Set logger for controller runtime [#202](https://github.com/openshift/cluster-machine-approver/pull/202) * [Full changelog](https://github.com/openshift/cluster-machine-approver/compare/863813ecd7b4c1416e76120896add365c492a59e...38a758d0026346b751774b2459520174b46e39bf) ### [cluster-monitoring-operator](https://github.com/openshift/cluster-monitoring-operator/tree/e0950380f0281a5da3c2fd51abbdab1155d26b4e) * [OCPBUGS-48368](https://issues.redhat.com/browse/OCPBUGS-48368): Add new metrics for OpenShift logging telemetry [#2556](https://github.com/openshift/cluster-monitoring-operator/pull/2556) * [OCPBUGS-44007](https://issues.redhat.com/browse/OCPBUGS-44007): fix(monitoring-plugin): disable emitting nginx version on error pages [#2520](https://github.com/openshift/cluster-monitoring-operator/pull/2520) * [OCPBUGS-43916](https://issues.redhat.com/browse/OCPBUGS-43916): Add runbook url for TelemeterClientFail… [#2510](https://github.com/openshift/cluster-monitoring-operator/pull/2510) * [OCPBUGS-43678](https://issues.redhat.com/browse/OCPBUGS-43678): Remove temporary no more needed code [#2496](https://github.com/openshift/cluster-monitoring-operator/pull/2496) * [OCPBUGS-42603](https://issues.redhat.com/browse/OCPBUGS-42603): Exclude windows nodes from kubelet servicemonitor [#2489](https://github.com/openshift/cluster-monitoring-operator/pull/2489) * [OCPBUGS-41916](https://issues.redhat.com/browse/OCPBUGS-41916): filter alerts sent to Telemeter [#2473](https://github.com/openshift/cluster-monitoring-operator/pull/2473) * [OCPBUGS-39176](https://issues.redhat.com/browse/OCPBUGS-39176): Backport #2441 for 4.14 [#2449](https://github.com/openshift/cluster-monitoring-operator/pull/2449) * [OCPBUGS-37468](https://issues.redhat.com/browse/OCPBUGS-37468): Backport of PR #2384 [#2433](https://github.com/openshift/cluster-monitoring-operator/pull/2433) * [OCPBUGS-36565](https://issues.redhat.com/browse/OCPBUGS-36565): add runbook_url annotations [#2407](https://github.com/openshift/cluster-monitoring-operator/pull/2407) * [OCPBUGS-37296](https://issues.redhat.com/browse/OCPBUGS-37296): Making sure proxy settings are correctly forwarded in the generated remote write configs [#2415](https://github.com/openshift/cluster-monitoring-operator/pull/2415) * [OCPBUGS-36416](https://issues.redhat.com/browse/OCPBUGS-36416): inject trusted CA bundle into UWM Alertmanager [#2402](https://github.com/openshift/cluster-monitoring-operator/pull/2402) * [OCPBUGS-34023](https://issues.redhat.com/browse/OCPBUGS-34023): fix KRP permissions for Thanos Querier [#2374](https://github.com/openshift/cluster-monitoring-operator/pull/2374) * [OCPBUGS-33585](https://issues.redhat.com/browse/OCPBUGS-33585): fix Thanos ruler alert generator url [#2345](https://github.com/openshift/cluster-monitoring-operator/pull/2345) * [OCPBUGS-28768](https://issues.redhat.com/browse/OCPBUGS-28768): fix generation of telemeter token hash [#2304](https://github.com/openshift/cluster-monitoring-operator/pull/2304) * [OCPBUGS-27471](https://issues.redhat.com/browse/OCPBUGS-27471): prevent plugin entry assets from caching [#2241](https://github.com/openshift/cluster-monitoring-operator/pull/2241) * [OCPBUGS-25800](https://issues.redhat.com/browse/OCPBUGS-25800): Wait for 3 (instead of 2) consecutive failing reconcil… [#2216](https://github.com/openshift/cluster-monitoring-operator/pull/2216) * [OCPBUGS-27418](https://issues.redhat.com/browse/OCPBUGS-27418): go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to 0.44.0 [#2239](https://github.com/openshift/cluster-monitoring-operator/pull/2239) * [OCPBUGS-25799](https://issues.redhat.com/browse/OCPBUGS-25799): Detect ipv4/ipv6 socket in pod ip for nginx conf [#2215](https://github.com/openshift/cluster-monitoring-operator/pull/2215) * [OCPBUGS-25387](https://issues.redhat.com/browse/OCPBUGS-25387): Add RHACM telemetry metric for 4.14 [#2202](https://github.com/openshift/cluster-monitoring-operator/pull/2202) * [OCPBUGS-21473](https://issues.redhat.com/browse/OCPBUGS-21473): Set the new --disable-http2 flag for prometheus-adapter to disable HTTP2 [#2147](https://github.com/openshift/cluster-monitoring-operator/pull/2147) * [OCPBUGS-22917](https://issues.redhat.com/browse/OCPBUGS-22917): jsonnet: pin commits [#2143](https://github.com/openshift/cluster-monitoring-operator/pull/2143) * [OCPBUGS-22734](https://issues.redhat.com/browse/OCPBUGS-22734): [release-4.14] add RHACS telemetry metrics [#2137](https://github.com/openshift/cluster-monitoring-operator/pull/2137) * [OCPBUGS-21264](https://issues.redhat.com/browse/OCPBUGS-21264): [release-4.14] fix: force HTTP/1.1 connections [#2130](https://github.com/openshift/cluster-monitoring-operator/pull/2130) * [OCPBUGS-21264](https://issues.redhat.com/browse/OCPBUGS-21264): upgrade golang.org/x/net to v0.17.0 [#2121](https://github.com/openshift/cluster-monitoring-operator/pull/2121) * [OCPBUGS-19355](https://issues.redhat.com/browse/OCPBUGS-19355): add topologySpreadConstraints to UWM prometheus operator [#2087](https://github.com/openshift/cluster-monitoring-operator/pull/2087) * [OCPBUGS-19397](https://issues.redhat.com/browse/OCPBUGS-19397): Enable ipv6 on monitoring-plugin nginx [#2091](https://github.com/openshift/cluster-monitoring-operator/pull/2091) * [OCPBUGS-19361](https://issues.redhat.com/browse/OCPBUGS-19361): Topology spread constraints admission webhook [#2088](https://github.com/openshift/cluster-monitoring-operator/pull/2088) * [Full changelog](https://github.com/openshift/cluster-monitoring-operator/compare/0496cad17bd374c56395a63fcae5037e4d5ebe8d...e0950380f0281a5da3c2fd51abbdab1155d26b4e) ### [cluster-network-operator](https://github.com/openshift/cluster-network-operator/tree/c7f9fb8f2168ce81250bd588624e58bc2f6f36f8) * [OCPBUGS-51170](https://issues.redhat.com/browse/OCPBUGS-51170): Use applyconfigurations for updating network.oprerator status [#2660](https://github.com/openshift/cluster-network-operator/pull/2660) * [OCPBUGS-48323](https://issues.redhat.com/browse/OCPBUGS-48323): Pass transit_switch_subnet options in ovnkube-node pod for single-zone [#2617](https://github.com/openshift/cluster-network-operator/pull/2617) * [OCPBUGS-42754](https://issues.redhat.com/browse/OCPBUGS-42754): Set mount propagation to HostToContainer for /var/lib/kubelet [#2521](https://github.com/openshift/cluster-network-operator/pull/2521) * [OCPBUGS-47320](https://issues.redhat.com/browse/OCPBUGS-47320): Pass transit_switch_subnet options in ovnkube-node pod [#2607](https://github.com/openshift/cluster-network-operator/pull/2607) * [OCPBUGS-43821](https://issues.redhat.com/browse/OCPBUGS-43821): manifests/02-cncc-credentials: Set skipServiceCheck for GCP [#2546](https://github.com/openshift/cluster-network-operator/pull/2546) * [OCPBUGS-39086](https://issues.redhat.com/browse/OCPBUGS-39086): Fix wait logic for IPsec certificate signing request [#2481](https://github.com/openshift/cluster-network-operator/pull/2481) * [OCPBUGS-41508](https://issues.redhat.com/browse/OCPBUGS-41508): Tighten the permissions on whereabouts.conf [#2493](https://github.com/openshift/cluster-network-operator/pull/2493) * [OCPBUGS-42021](https://issues.redhat.com/browse/OCPBUGS-42021): Add proxy env vars to onvkube-node [#2505](https://github.com/openshift/cluster-network-operator/pull/2505) * [OCPBUGS-38440](https://issues.redhat.com/browse/OCPBUGS-38440): [release-4.14] 4.14 subnet config [#2473](https://github.com/openshift/cluster-network-operator/pull/2473) * [OCPBUGS-37221](https://issues.redhat.com/browse/OCPBUGS-37221): Ensure that the node-identity webhook address contains colons for IPv6 [#2440](https://github.com/openshift/cluster-network-operator/pull/2440) * [OCPBUGS-38073](https://issues.redhat.com/browse/OCPBUGS-38073): Fix IC distributed control plane alerts [#2463](https://github.com/openshift/cluster-network-operator/pull/2463) * [OCPBUGS-37468](https://issues.redhat.com/browse/OCPBUGS-37468): Backport ipsec state metric [#2444](https://github.com/openshift/cluster-network-operator/pull/2444) * [OCPBUGS-32706](https://issues.redhat.com/browse/OCPBUGS-32706): Add conditions for ignored-namespaces [#2380](https://github.com/openshift/cluster-network-operator/pull/2380) * [OCPBUGS-36722](https://issues.redhat.com/browse/OCPBUGS-36722): update whereabouts crd [#2434](https://github.com/openshift/cluster-network-operator/pull/2434) * [OCPBUGS-34885](https://issues.redhat.com/browse/OCPBUGS-34885): [release-4.14] Fix 4.13->4.14 upgrade with ipsec enabled [#2390](https://github.com/openshift/cluster-network-operator/pull/2390) * [OCPBUGS-27925](https://issues.redhat.com/browse/OCPBUGS-27925), [OCPBUGS-30579](https://issues.redhat.com/browse/OCPBUGS-30579): [release-4.14] tighten conditions for the state transitions in IC upgrade [#2207](https://github.com/openshift/cluster-network-operator/pull/2207) * [OCPBUGS-30021](https://issues.redhat.com/browse/OCPBUGS-30021): Fully disable network-node-identity on ROKS [#2315](https://github.com/openshift/cluster-network-operator/pull/2315) * [OCPBUGS-31669](https://issues.redhat.com/browse/OCPBUGS-31669): [release-4.14] ensure local networking deployments within hypershift use the client side load balancer to be resilient to control plane node failures [#2311](https://github.com/openshift/cluster-network-operator/pull/2311) * [OCPBUGS-31360](https://issues.redhat.com/browse/OCPBUGS-31360): Remove egressip write permissions from ovn-kubernetes-node [#2320](https://github.com/openshift/cluster-network-operator/pull/2320) * [OCPBUGS-30021](https://issues.redhat.com/browse/OCPBUGS-30021): [release-4.14] Disable network-node-identity on ROKS [#2286](https://github.com/openshift/cluster-network-operator/pull/2286) * [OCPBUGS-30100](https://issues.redhat.com/browse/OCPBUGS-30100): ipsec: fix openssl typo [#2287](https://github.com/openshift/cluster-network-operator/pull/2287) * [OCPBUGS-29168](https://issues.redhat.com/browse/OCPBUGS-29168): add env var in whereabouts-reconciler daemonset [#2257](https://github.com/openshift/cluster-network-operator/pull/2257) * [OCPBUGS-26573](https://issues.redhat.com/browse/OCPBUGS-26573): Improve troubleshooting IC upgrades [#2076](https://github.com/openshift/cluster-network-operator/pull/2076) * [OCPBUGS-29033](https://issues.redhat.com/browse/OCPBUGS-29033): network node identity: tolarate all taints [#2248](https://github.com/openshift/cluster-network-operator/pull/2248) * [OCPBUGS-18281](https://issues.redhat.com/browse/OCPBUGS-18281): only 2 master nodes are required for ovn-kubernetes [#2154](https://github.com/openshift/cluster-network-operator/pull/2154) * [OCPBUGS-29300](https://issues.redhat.com/browse/OCPBUGS-29300): Update ingressconfig_controller to use field Manager [#2266](https://github.com/openshift/cluster-network-operator/pull/2266) * [OCPBUGS-28608](https://issues.redhat.com/browse/OCPBUGS-28608): fix whereabouts conformance test failures [#2235](https://github.com/openshift/cluster-network-operator/pull/2235) * NO-JIRA: add kyrtapz as reviewer and approver for release 4.14 [#2228](https://github.com/openshift/cluster-network-operator/pull/2228) * [OCPBUGS-27858](https://issues.redhat.com/browse/OCPBUGS-27858): [release-4.14] Add ConfigMap mount to the whereabouts-reconciler DaemonSet [#2219](https://github.com/openshift/cluster-network-operator/pull/2219) * [OCPBUGS-27013](https://issues.redhat.com/browse/OCPBUGS-27013): HyperShift, network-node-identity: Check the deployment in the management cluster [#2195](https://github.com/openshift/cluster-network-operator/pull/2195) * [OCPBUGS-24326](https://issues.redhat.com/browse/OCPBUGS-24326): adminpolicybasedexternalroutes CR accepts an invalid IP address [#2196](https://github.com/openshift/cluster-network-operator/pull/2196) * [OCPBUGS-24037](https://issues.redhat.com/browse/OCPBUGS-24037): remove all managed fields used by old manager [#2112](https://github.com/openshift/cluster-network-operator/pull/2112) * [OCPBUGS-24320](https://issues.redhat.com/browse/OCPBUGS-24320): Add apbroute/status patch rights for ovnkube-node to update status [#2143](https://github.com/openshift/cluster-network-operator/pull/2143) * [OCPBUGS-22787](https://issues.redhat.com/browse/OCPBUGS-22787), [OCPBUGS-22788](https://issues.redhat.com/browse/OCPBUGS-22788), [OCPBUGS-22789](https://issues.redhat.com/browse/OCPBUGS-22789): ovnkube: container scripts cleanup [#2090](https://github.com/openshift/cluster-network-operator/pull/2090) * [OCPBUGS-23371](https://issues.redhat.com/browse/OCPBUGS-23371): hypershift, hosted clusters: enable multi-homing and multi-net features [#2117](https://github.com/openshift/cluster-network-operator/pull/2117) * [OCPBUGS-21717](https://issues.redhat.com/browse/OCPBUGS-21717): Bump golang.org/x/net and github.com/openshift/library-go [#2122](https://github.com/openshift/cluster-network-operator/pull/2122) * [OCPBUGS-24633](https://issues.redhat.com/browse/OCPBUGS-24633): ipsec add pluto restart [#2152](https://github.com/openshift/cluster-network-operator/pull/2152) * [OCPBUGS-22363](https://issues.redhat.com/browse/OCPBUGS-22363): Added HCP label to CNO pods [#2081](https://github.com/openshift/cluster-network-operator/pull/2081) * [OCPBUGS-22286](https://issues.redhat.com/browse/OCPBUGS-22286): hypershift: adjust backoff on infrastructure name retry [#2078](https://github.com/openshift/cluster-network-operator/pull/2078) * [OCPBUGS-23011](https://issues.redhat.com/browse/OCPBUGS-23011): Block upgrades to 4.15 with Kuryr [#2096](https://github.com/openshift/cluster-network-operator/pull/2096) * [OCPBUGS-23315](https://issues.redhat.com/browse/OCPBUGS-23315): set automountServiceAccountToken to false for hypershift managed network-node-identity deploy [#2107](https://github.com/openshift/cluster-network-operator/pull/2107) * [OCPBUGS-19897](https://issues.redhat.com/browse/OCPBUGS-19897): HyperShift: Use the local konnectivity proxy when checking proxy readiness [#2043](https://github.com/openshift/cluster-network-operator/pull/2043) * [OCPBUGS-20472](https://issues.redhat.com/browse/OCPBUGS-20472): hosted cluster upgrade failure from 4.13 stable to 4.14 [#2063](https://github.com/openshift/cluster-network-operator/pull/2063) * [OCPBUGS-20254](https://issues.redhat.com/browse/OCPBUGS-20254): [release-4.14] Revert Kuryr MTU fixes [#2046](https://github.com/openshift/cluster-network-operator/pull/2046) * [OCPBUGS-20184](https://issues.redhat.com/browse/OCPBUGS-20184): [release-4.14]: Don't run network node identity as root [#2054](https://github.com/openshift/cluster-network-operator/pull/2054) * [OCPBUGS-20064](https://issues.redhat.com/browse/OCPBUGS-20064): Multus should determine kubeconfig path [backport 4.14] [#2050](https://github.com/openshift/cluster-network-operator/pull/2050) * [OCPBUGS-19955](https://issues.redhat.com/browse/OCPBUGS-19955): get ipsecStatus from host daemonset [#2045](https://github.com/openshift/cluster-network-operator/pull/2045) * [OCPBUGS-19862](https://issues.redhat.com/browse/OCPBUGS-19862): Multus per-node certificates should have 24h duration [backport 4.14] [#2040](https://github.com/openshift/cluster-network-operator/pull/2040) * [OCPBUGS-19523](https://issues.redhat.com/browse/OCPBUGS-19523): use $CPE_NAME to find the OS major version [#2017](https://github.com/openshift/cluster-network-operator/pull/2017) * [OCPBUGS-19808](https://issues.redhat.com/browse/OCPBUGS-19808): remove prestop hooks for northd, sbdbd and nbdb [#2036](https://github.com/openshift/cluster-network-operator/pull/2036) * [OCPBUGS-19747](https://issues.redhat.com/browse/OCPBUGS-19747): [release-4.14] Use port 9108 for ovnkube-control-plane metrics [#2033](https://github.com/openshift/cluster-network-operator/pull/2033) * [OCPBUGS-19771](https://issues.redhat.com/browse/OCPBUGS-19771): Relax conditions to get IC upgrade started [#2035](https://github.com/openshift/cluster-network-operator/pull/2035) * [OCPBUGS-19748](https://issues.redhat.com/browse/OCPBUGS-19748): Fix config status MTU migration not being updated [#2034](https://github.com/openshift/cluster-network-operator/pull/2034) * [OCPBUGS-19725](https://issues.redhat.com/browse/OCPBUGS-19725): Do not enable node admission webhook if the CNI is not OVN-Kubernetes [#2032](https://github.com/openshift/cluster-network-operator/pull/2032) * [OCPBUGS-19686](https://issues.redhat.com/browse/OCPBUGS-19686): ipsec: remove preStop from host [#2029](https://github.com/openshift/cluster-network-operator/pull/2029) * [OCPBUGS-19627](https://issues.redhat.com/browse/OCPBUGS-19627): Multus per-node certificate request [backport 4.14] [#2023](https://github.com/openshift/cluster-network-operator/pull/2023) * [OCPBUGS-19461](https://issues.redhat.com/browse/OCPBUGS-19461): make ipsec.service required [#2014](https://github.com/openshift/cluster-network-operator/pull/2014) * [OCPBUGS-19649](https://issues.redhat.com/browse/OCPBUGS-19649): Network node identity: node-specific certificate in ovnkube-node, admission webhook [#2011](https://github.com/openshift/cluster-network-operator/pull/2011) * [OCPBUGS-19623](https://issues.redhat.com/browse/OCPBUGS-19623): multus: set MULTUS_NODE_NAME to filter pods to local node [#2022](https://github.com/openshift/cluster-network-operator/pull/2022) * [OCPBUGS-19481](https://issues.redhat.com/browse/OCPBUGS-19481): separate libovsdblogs from main ovnkube-master [#2008](https://github.com/openshift/cluster-network-operator/pull/2008) * [OCPBUGS-18728](https://issues.redhat.com/browse/OCPBUGS-18728): Kuryr: Set MTU on Bootstrap, not Render phase [#1995](https://github.com/openshift/cluster-network-operator/pull/1995) * [OCPBUGS-18871](https://issues.redhat.com/browse/OCPBUGS-18871): ipsec: fix oopsy from 2e3fc8e7a0 [#1997](https://github.com/openshift/cluster-network-operator/pull/1997) * [OCPBUGS-18874](https://issues.redhat.com/browse/OCPBUGS-18874): ovnkube: set northd backoff-interval and use a single thread to save CPU [#1998](https://github.com/openshift/cluster-network-operator/pull/1998) * [Full changelog](https://github.com/openshift/cluster-network-operator/compare/c383bbdb87fc915487811e96ba6f38fa0ac9f2ca...c7f9fb8f2168ce81250bd588624e58bc2f6f36f8) ### [cluster-node-tuning-operator](https://github.com/openshift/cluster-node-tuning-operator/tree/5511c8df81e608a45bf37cb021707f7b9ede9c9a) * e2e:performance: decode to valid kubeletconfig object (#1276) [#1276](https://github.com/openshift/cluster-node-tuning-operator/pull/1276) * Fix context deadlines in ExecCommandOnPod() (#1272) [#1272](https://github.com/openshift/cluster-node-tuning-operator/pull/1272) * [OCPBUGS-44506](https://issues.redhat.com/browse/OCPBUGS-44506): Drop sched_migration_cost_ns setting (#1215) [#1215](https://github.com/openshift/cluster-node-tuning-operator/pull/1215) * [OCPBUGS-44283](https://issues.redhat.com/browse/OCPBUGS-44283): right-hand-side profile_dirs take precedence (#1210) [#1210](https://github.com/openshift/cluster-node-tuning-operator/pull/1210) * [OCPBUGS-42567](https://issues.redhat.com/browse/OCPBUGS-42567): Add cluster-wide proxy env file (#1176) [#1176](https://github.com/openshift/cluster-node-tuning-operator/pull/1176) * TuneD prior to kubelet in one-shot mode (#1137) [#1137](https://github.com/openshift/cluster-node-tuning-operator/pull/1137) * [OCPBUGS-37754](https://issues.redhat.com/browse/OCPBUGS-37754): Remove tuned/rendered object (#1133) [#1133](https://github.com/openshift/cluster-node-tuning-operator/pull/1133) * [OCPBUGS-37734](https://issues.redhat.com/browse/OCPBUGS-37734): Backport fix for OCPBUGS-36355 (#1126) [#1126](https://github.com/openshift/cluster-node-tuning-operator/pull/1126) * [OCPBUGS-33929](https://issues.redhat.com/browse/OCPBUGS-33929): Negative net interface name does not reduce queues (#1074) [#1074](https://github.com/openshift/cluster-node-tuning-operator/pull/1074) * Add a '.snyk' to silence static code analysis warnings (#1002) [#1002](https://github.com/openshift/cluster-node-tuning-operator/pull/1002) * [OCPBUGS-30153](https://issues.redhat.com/browse/OCPBUGS-30153): fix rendering extra ctrcfgs (#978) [#978](https://github.com/openshift/cluster-node-tuning-operator/pull/978) * fix extra-reboot on upgrade with paused mcp worker (#1053) [#1053](https://github.com/openshift/cluster-node-tuning-operator/pull/1053) * [OCPBUGS-31694](https://issues.redhat.com/browse/OCPBUGS-31694): E2E: Workload hints test cases fixes (#1012) (#1052) [#1012](https://github.com/openshift/cluster-node-tuning-operator/pull/1012) * Systemd processes not being moved to cpuset/systemd.slice fix (#1040) [#1040](https://github.com/openshift/cluster-node-tuning-operator/pull/1040) * Reduce number of reboots in offline tests (#1035) [#1035](https://github.com/openshift/cluster-node-tuning-operator/pull/1035) * [OCPBUGS-30507](https://issues.redhat.com/browse/OCPBUGS-30507): Add performance real time tuned template (#984) (#1025) [#984](https://github.com/openshift/cluster-node-tuning-operator/pull/984) * Report duplicate priority only for multiple matching profiles (#1018) [#1018](https://github.com/openshift/cluster-node-tuning-operator/pull/1018) * Scheduler plugin: ignore IRQs (#1023) [#1023](https://github.com/openshift/cluster-node-tuning-operator/pull/1023) * irqbalance: set banned cpus list to 0 (#994) [#994](https://github.com/openshift/cluster-node-tuning-operator/pull/994) * [OCPBUGS-18640](https://issues.redhat.com/browse/OCPBUGS-18640): [release-4.14][manual] backport performance profile owner reference ehnancements (#989) [#989](https://github.com/openshift/cluster-node-tuning-operator/pull/989) * rps: fail silently when rps application failed (#901) [#901](https://github.com/openshift/cluster-node-tuning-operator/pull/901) * [OCPBUGS-25982](https://issues.redhat.com/browse/OCPBUGS-25982): E2E: Add tests for Dynamic ovs pinning (#904) (#913) [#904](https://github.com/openshift/cluster-node-tuning-operator/pull/904) * [OCPBUGS-26003](https://issues.redhat.com/browse/OCPBUGS-26003): E2E: PPC Test cases (#905) [#905](https://github.com/openshift/cluster-node-tuning-operator/pull/905) * Make MC names deterministic (#903) [#903](https://github.com/openshift/cluster-node-tuning-operator/pull/903) * [OCPBUGS-25671](https://issues.redhat.com/browse/OCPBUGS-25671): rps: fix mask update for SR-IOV devices (#891) [#891](https://github.com/openshift/cluster-node-tuning-operator/pull/891) * [OCPBUGS-18640](https://issues.redhat.com/browse/OCPBUGS-18640): Fix Racing Machine Configs and add Day 0 Support (#854) (#871) [#854](https://github.com/openshift/cluster-node-tuning-operator/pull/854) * [OCPBUGS-24638](https://issues.redhat.com/browse/OCPBUGS-24638): Do not set default RPS sysctl twice (#880) [#880](https://github.com/openshift/cluster-node-tuning-operator/pull/880) * [OCPBUGS-21845](https://issues.redhat.com/browse/OCPBUGS-21845): rps: trigger udev event per queue #832 (#832) [#832](https://github.com/openshift/cluster-node-tuning-operator/pull/832) * [OCPBUGS-21845](https://issues.redhat.com/browse/OCPBUGS-21845): e2e:rps: improve logging (#831) [#831](https://github.com/openshift/cluster-node-tuning-operator/pull/831) * render: change dir path (#826) [#826](https://github.com/openshift/cluster-node-tuning-operator/pull/826) * Disable HTTP/2 for webhook and metrics servers (#841) [#841](https://github.com/openshift/cluster-node-tuning-operator/pull/841) * Remove obsolete protocols and weak ciphers (#835) [#835](https://github.com/openshift/cluster-node-tuning-operator/pull/835) * [OCPBUGS-19459](https://issues.redhat.com/browse/OCPBUGS-19459): check for object being nil (#805) [#805](https://github.com/openshift/cluster-node-tuning-operator/pull/805) * [OCPBUGS-19821](https://issues.redhat.com/browse/OCPBUGS-19821): e2e: perfprof: enhance the scheduling domain tests (#813) [#813](https://github.com/openshift/cluster-node-tuning-operator/pull/813) * nto: avoid timeout when there are too many CSV (#817) [#817](https://github.com/openshift/cluster-node-tuning-operator/pull/817) * Add kubeconfig path for IBM Managed OpenShift (#812) [#812](https://github.com/openshift/cluster-node-tuning-operator/pull/812) * [OCPBUGS-18868](https://issues.redhat.com/browse/OCPBUGS-18868): [release-4.14] e2e: add expected max latancy to hwlatdetec test & rename constant (#788) [#788](https://github.com/openshift/cluster-node-tuning-operator/pull/788) * [Full changelog](https://github.com/openshift/cluster-node-tuning-operator/compare/e828bd93defc0cc9c3fcf799d9715b95b2c03f79...5511c8df81e608a45bf37cb021707f7b9ede9c9a) ### [cluster-olm-operator](https://github.com/openshift/cluster-olm-operator/tree/0dbbb6132ced379602040731ff889eebb4202e73) * [OCPBUGS-25481](https://issues.redhat.com/browse/OCPBUGS-25481): NO-ISSUE: Bump k8s.io/apiextensions-apiserver [#41](https://github.com/openshift/cluster-olm-operator/pull/41) * [OCPBUGS-22581](https://issues.redhat.com/browse/OCPBUGS-22581): [release-4.14] OCPBUGS-24652: Bump k8s dependencies [#38](https://github.com/openshift/cluster-olm-operator/pull/38) * [OCPBUGS-21526](https://issues.redhat.com/browse/OCPBUGS-21526): Bump golang.org/x/net to v0.17.0 [#33](https://github.com/openshift/cluster-olm-operator/pull/33) * [Full changelog](https://github.com/openshift/cluster-olm-operator/compare/a7ba89874970cd10765e1d0753405e32fb357d84...0dbbb6132ced379602040731ff889eebb4202e73) ### [cluster-openshift-apiserver-operator](https://github.com/openshift/cluster-openshift-apiserver-operator/tree/700dc111fd98c315648a78371b11be34fa4dbba3) * [OCPBUGS-28247](https://issues.redhat.com/browse/OCPBUGS-28247): Remove "include.release.openshift.io/ibm-cloud-managed:" annotation [#570](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/570) * : OCPBUGS-20724: bump library-go to include switch to HTTP/1.1 [#554](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/554) * [Full changelog](https://github.com/openshift/cluster-openshift-apiserver-operator/compare/078c81f6e3e39675e8b1edd864e1ddf72472bb73...700dc111fd98c315648a78371b11be34fa4dbba3) ### [cluster-openshift-controller-manager-operator](https://github.com/openshift/cluster-openshift-controller-manager-operator/tree/09d62091346f86f54938587acfd680f6bd6b7af6) * [OCPBUGS-48841](https://issues.redhat.com/browse/OCPBUGS-48841): Add new team members to the OWNERS file [#380](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/380) * [OCPBUGS-33295](https://issues.redhat.com/browse/OCPBUGS-33295): Update opentelemetry to mitigate CVE-2023-47108 [#344](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/344) * [OCPBUGS-28951](https://issues.redhat.com/browse/OCPBUGS-28951): Replace 'coreydaley' with 'sayan-biswas' in OWNERS file [#328](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/328) * [OCPBUGS-23490](https://issues.redhat.com/browse/OCPBUGS-23490): Remove blockage of ConfigObserver by build informer has synced flag [#318](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/318) * [OCPBUGS-20818](https://issues.redhat.com/browse/OCPBUGS-20818): bump(k8s,openshift) to address CVE-2023-44487 [4.14] [#309](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/309) * [OCPBUGS-20439](https://issues.redhat.com/browse/OCPBUGS-20439): Include Build CRD in manifests [#307](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/307) * [OCPBUGS-18992](https://issues.redhat.com/browse/OCPBUGS-18992): Always sort disabled controller list [#303](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/303) * [OCPBUGS-18980](https://issues.redhat.com/browse/OCPBUGS-18980): Disable BuildConfigChange controller when Build cap is disabled [#301](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/301) * [Full changelog](https://github.com/openshift/cluster-openshift-controller-manager-operator/compare/1ae0ba75cfdb910990437ab2898690b9e3f8f94a...09d62091346f86f54938587acfd680f6bd6b7af6) ### [cluster-platform-operators-manager](https://github.com/openshift/platform-operators/tree/08fb27e72e32ea0a06ab02b3b746114148d96c25) * [OCPBUGS-21759](https://issues.redhat.com/browse/OCPBUGS-21759): switch to bingo for dependency management (and bump golangci-lint@v1.51.0) [#98](https://github.com/openshift/platform-operators/pull/98) * [OCPBUGS-21019](https://issues.redhat.com/browse/OCPBUGS-21019): Bump golang.org/x/net to v0.17.0 [#96](https://github.com/openshift/platform-operators/pull/96) * [Full changelog](https://github.com/openshift/platform-operators/compare/37a0a919b1032f7affa49b756eda4762d77751d5...08fb27e72e32ea0a06ab02b3b746114148d96c25) ### [cluster-policy-controller](https://github.com/openshift/cluster-policy-controller/tree/219f6f6f072d867201d4923d39fd8bcaecbe7c59) * [OCPBUGS-21122](https://issues.redhat.com/browse/OCPBUGS-21122): bump(k8s,openshift) to address CVE-2023-44487 [4.14] [#139](https://github.com/openshift/cluster-policy-controller/pull/139) * [OCPBUGS-21122](https://issues.redhat.com/browse/OCPBUGS-21122): Bump deps to address CVE-2023-44487 [#134](https://github.com/openshift/cluster-policy-controller/pull/134) * [Full changelog](https://github.com/openshift/cluster-policy-controller/compare/cc48f3152213bfe6e42fdd82f760246e862d208f...219f6f6f072d867201d4923d39fd8bcaecbe7c59) ### [cluster-samples-operator](https://github.com/openshift/cluster-samples-operator/tree/0423e87597f92f5d82e030c3a000224abc247df3) * [OCPBUGS-55655](https://issues.redhat.com/browse/OCPBUGS-55655): Adding mutex to func createSamples on handler.go [#635](https://github.com/openshift/cluster-samples-operator/pull/635) * [OCPBUGS-54537](https://issues.redhat.com/browse/OCPBUGS-54537): add rhdmalone to owners [#624](https://github.com/openshift/cluster-samples-operator/pull/624) * [OCPBUGS-49421](https://issues.redhat.com/browse/OCPBUGS-49421): add shannon and aroyoredhat as owners [#598](https://github.com/openshift/cluster-samples-operator/pull/598) * [OCPBUGS-21217](https://issues.redhat.com/browse/OCPBUGS-21217): CVE-2023-39325 ose-cluster-samples-operator-container:golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) [#539](https://github.com/openshift/cluster-samples-operator/pull/539) * [OCPBUGS-22257](https://issues.redhat.com/browse/OCPBUGS-22257): Sync library to remove invalid dockerhub references for OKD [#520](https://github.com/openshift/cluster-samples-operator/pull/520) * [Full changelog](https://github.com/openshift/cluster-samples-operator/compare/88a3bc55be596b20f0a3d9757265ba95f5b2f801...0423e87597f92f5d82e030c3a000224abc247df3) ### [cluster-storage-operator](https://github.com/openshift/cluster-storage-operator/tree/6c652a5e10dd7e6cbf5ec02a2e1afbc794c26192) * [OCPBUGS-33467](https://issues.redhat.com/browse/OCPBUGS-33467): Fix problem-detector proxy setting [#472](https://github.com/openshift/cluster-storage-operator/pull/472) * [OCPBUGS-30054](https://issues.redhat.com/browse/OCPBUGS-30054): Update AWSCSIDriverConfigSpec fields validation to accept all curren [#462](https://github.com/openshift/cluster-storage-operator/pull/462) * [OCPBUGS-28988](https://issues.redhat.com/browse/OCPBUGS-28988): Allow vSphere CSI driver to be disabled [#449](https://github.com/openshift/cluster-storage-operator/pull/449) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#416](https://github.com/openshift/cluster-storage-operator/pull/416) * [OCPBUGS-23210](https://issues.redhat.com/browse/OCPBUGS-23210): [IBM ROKS] cluster-storage-operator does not set upgradeable=True [#419](https://github.com/openshift/cluster-storage-operator/pull/419) * [OCPBUGS-21300](https://issues.redhat.com/browse/OCPBUGS-21300): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#405](https://github.com/openshift/cluster-storage-operator/pull/405) * [Full changelog](https://github.com/openshift/cluster-storage-operator/compare/4c2b89d6a00e5a0c300b61dbad2a9e289c404e98...6c652a5e10dd7e6cbf5ec02a2e1afbc794c26192) ### [cluster-update-keys](https://github.com/openshift/cluster-update-keys/tree/1a7a6e229dc980540f51b969c4f1d9ef5dbc3ab5) * [OCPBUGS-43628](https://issues.redhat.com/browse/OCPBUGS-43628): keys: Update Red Hat keys to use SHA256 signatures [#66](https://github.com/openshift/cluster-update-keys/pull/66) * [OCPBUGS-10126](https://issues.redhat.com/browse/OCPBUGS-10126): Updating ose-agent-installer-orchestrator images to be consistent with ART [#48](https://github.com/openshift/cluster-update-keys/pull/48) * [Full changelog](https://github.com/openshift/cluster-update-keys/compare/802233d84243d3eeceef50a29579501e94ebbf26...1a7a6e229dc980540f51b969c4f1d9ef5dbc3ab5) ### [cluster-version-operator](https://github.com/openshift/cluster-version-operator/tree/a1bf930103a77b25e99130644504c3fecdcc4c67) * [OCPBUGS-50592](https://issues.redhat.com/browse/OCPBUGS-50592): Set `openshift.io/required-scc`: privileged annotation in `version` pods [#1151](https://github.com/openshift/cluster-version-operator/pull/1151) * [OCPBUGS-45331](https://issues.redhat.com/browse/OCPBUGS-45331): deps: bump golang.org/x/net to 0.31.0 [#1120](https://github.com/openshift/cluster-version-operator/pull/1120) * [OCPBUGS-44704](https://issues.redhat.com/browse/OCPBUGS-44704): Fix desired before sync_worker's work is initialized [#1109](https://github.com/openshift/cluster-version-operator/pull/1109) * [OCPBUGS-30878](https://issues.redhat.com/browse/OCPBUGS-30878): install/0000_90_cluster-version-operator_02_servicemonitor: Drop $ from ${{ [#1040](https://github.com/openshift/cluster-version-operator/pull/1040) * [OCPBUGS-27822](https://issues.redhat.com/browse/OCPBUGS-27822): Revert "[release-4.14] OCPBUGS-27175: clusterOperatorBuilder: Reconcile metadata on COs" [#1028](https://github.com/openshift/cluster-version-operator/pull/1028) * [OCPBUGS-27175](https://issues.redhat.com/browse/OCPBUGS-27175): clusterOperatorBuilder: Reconcile metadata on COs [#1021](https://github.com/openshift/cluster-version-operator/pull/1021) * [OCPBUGS-27048](https://issues.redhat.com/browse/OCPBUGS-27048): pkg/payload/precondition/clusterversion/rollback: Allow previous version within z-stream [#1018](https://github.com/openshift/cluster-version-operator/pull/1018) * [OCPBUGS-26207](https://issues.redhat.com/browse/OCPBUGS-26207): pkg/cvo/availableupdates: Only bump LastAttempt on Cincinnati pulls [#1016](https://github.com/openshift/cluster-version-operator/pull/1016) * [OCPBUGS-20762](https://issues.redhat.com/browse/OCPBUGS-20762): [4.14] Bump http-related deps [#986](https://github.com/openshift/cluster-version-operator/pull/986) * [OCPBUGS-19921](https://issues.redhat.com/browse/OCPBUGS-19921): pkg/clusterconditions/cache: Avoid panic on all-fresh-cache evaluation [#976](https://github.com/openshift/cluster-version-operator/pull/976) * [OCPBUGS-19737](https://issues.redhat.com/browse/OCPBUGS-19737): pkg/clusterconditions/promql: Warm cache with 1s delay [#973](https://github.com/openshift/cluster-version-operator/pull/973) * [OCPBUGS-19465](https://issues.redhat.com/browse/OCPBUGS-19465): Properly reconcile SCC resources [#972](https://github.com/openshift/cluster-version-operator/pull/972) * [Full changelog](https://github.com/openshift/cluster-version-operator/compare/2cb8ce9ef5c3311be9f1ea266356f1ce95bec1d1...a1bf930103a77b25e99130644504c3fecdcc4c67) ### [console](https://github.com/openshift/console/tree/477c65924d5216ec632cd914f317564fc74dc817) * [OCPBUGS-58274](https://issues.redhat.com/browse/OCPBUGS-58274): Fix TypeError Cannot read properties of null (reading 'metadata') [#15228](https://github.com/openshift/console/pull/15228) * [OCPBUGS-57099](https://issues.redhat.com/browse/OCPBUGS-57099): Add all files to `vendor` regardless of gitignore [#15135](https://github.com/openshift/console/pull/15135) * [OCPBUGS-55942](https://issues.redhat.com/browse/OCPBUGS-55942): fix bug where operator appears twice [#15033](https://github.com/openshift/console/pull/15033) * [OCPBUGS-55427](https://issues.redhat.com/browse/OCPBUGS-55427): Add missing pipelines plugin name to known plugins [#15005](https://github.com/openshift/console/pull/15005) * [OCPBUGS-39010](https://issues.redhat.com/browse/OCPBUGS-39010): fix crash if helm chart metadata is nil [#14198](https://github.com/openshift/console/pull/14198) * [OCPBUGS-53437](https://issues.redhat.com/browse/OCPBUGS-53437): Show Observe section without PROMETHEUS and MONITORING flags [#14892](https://github.com/openshift/console/pull/14892) * [OCPBUGS-54404](https://issues.redhat.com/browse/OCPBUGS-54404): Update the monitoring topic used by the console team [#14910](https://github.com/openshift/console/pull/14910) * [OCPBUGS-54167](https://issues.redhat.com/browse/OCPBUGS-54167): fix run time error when no completed version exists [#14899](https://github.com/openshift/console/pull/14899) * [OCPBUGS-51118](https://issues.redhat.com/browse/OCPBUGS-51118): redirect to correct alert [#14823](https://github.com/openshift/console/pull/14823) * [OCPBUGS-49753](https://issues.redhat.com/browse/OCPBUGS-49753): ImagePullSecret getting duplicated when editing DeploymentConfig in Form View [#14711](https://github.com/openshift/console/pull/14711) * [OCPBUGS-46603](https://issues.redhat.com/browse/OCPBUGS-46603): Unable to remove finally tasks in pipeline builder mode [#14642](https://github.com/openshift/console/pull/14642) * [OCPBUGS-33145](https://issues.redhat.com/browse/OCPBUGS-33145): Fix "Auto deploy when new image is available" becomes unchecked when editing a deployment from web console [#14370](https://github.com/openshift/console/pull/14370) * [OCPBUGS-45323](https://issues.redhat.com/browse/OCPBUGS-45323): Use vCenterCluster value from CM as primary resource [#14574](https://github.com/openshift/console/pull/14574) * [OCPBUGS-39368](https://issues.redhat.com/browse/OCPBUGS-39368): Remove deprecated resources from spec of the Pipeline [#14230](https://github.com/openshift/console/pull/14230) * [OCPBUGS-45283](https://issues.redhat.com/browse/OCPBUGS-45283): Add IBM Block Storage CSI driver support for RWX [#14569](https://github.com/openshift/console/pull/14569) * [OCPBUGS-44791](https://issues.redhat.com/browse/OCPBUGS-44791): A value submitted in From view is wrapped with single quotation after switching to Yaml view. [#14518](https://github.com/openshift/console/pull/14518) * [OCPBUGS-42962](https://issues.redhat.com/browse/OCPBUGS-42962): Need to allow blank for Project/namespace when setting SA Subject in 'Project access tab' [#14386](https://github.com/openshift/console/pull/14386) * [OCPBUGS-43000](https://issues.redhat.com/browse/OCPBUGS-43000): List of default Camel K event sources disappears when adding a custom event source [#14388](https://github.com/openshift/console/pull/14388) * [OCPBUGS-36558](https://issues.redhat.com/browse/OCPBUGS-36558): Increase login flow state paramater length/entropy [#14439](https://github.com/openshift/console/pull/14439) * [OCPBUGS-10337](https://issues.redhat.com/browse/OCPBUGS-10337): Updating openshift-enterprise-console images to be consistent with ART [#12760](https://github.com/openshift/console/pull/12760) * [OCPBUGS-42518](https://issues.redhat.com/browse/OCPBUGS-42518): The filepath including leading slash makes error during parsing devfile using Gitlab [#14342](https://github.com/openshift/console/pull/14342) * [OCPBUGS-42517](https://issues.redhat.com/browse/OCPBUGS-42517): Values entered into the Instantiate Template form are automatically cleared [#14341](https://github.com/openshift/console/pull/14341) * [OCPBUGS-42757](https://issues.redhat.com/browse/OCPBUGS-42757): Switch to use annotations as labels from PipelineRuns created through Pipelines as Code is deprecated [#14369](https://github.com/openshift/console/pull/14369) * [OCPBUGS-38883](https://issues.redhat.com/browse/OCPBUGS-38883): Fix password set to Secret created through Start Pipeline form [#14184](https://github.com/openshift/console/pull/14184) * [OCPBUGS-37353](https://issues.redhat.com/browse/OCPBUGS-37353): Import from Git allow users to import an app with Build option Pipeline also when no Pipeline is available [#14108](https://github.com/openshift/console/pull/14108) * [OCPBUGS-41836](https://issues.redhat.com/browse/OCPBUGS-41836): DeploymentConfigs deprecation info alert should not present on the Edit deployment page [#14281](https://github.com/openshift/console/pull/14281) * [OCPBUGS-39389](https://issues.redhat.com/browse/OCPBUGS-39389): Edit the secret and add the Chinese in the web-console, garbled characters will be displayed [#14231](https://github.com/openshift/console/pull/14231) * [OCPBUGS-41581](https://issues.redhat.com/browse/OCPBUGS-41581): Increased max nodes limit to 200 in topology page [#14262](https://github.com/openshift/console/pull/14262) * [OCPBUGS-38972](https://issues.redhat.com/browse/OCPBUGS-38972): Redirects to new PipelineRun logs URL from old PipelineRun logs URL [#14234](https://github.com/openshift/console/pull/14234) * [OCPBUGS-38053](https://issues.redhat.com/browse/OCPBUGS-38053): fix BMH restart annotation [#14109](https://github.com/openshift/console/pull/14109) * [OCPBUGS-33748](https://issues.redhat.com/browse/OCPBUGS-33748): Fix Pipeline details page with when expression using CEL expression [#13856](https://github.com/openshift/console/pull/13856) * [OCPBUGS-32499](https://issues.redhat.com/browse/OCPBUGS-32499): Fixed some problems in topology Chinese translation text [#13779](https://github.com/openshift/console/pull/13779) * [OCPBUGS-33942](https://issues.redhat.com/browse/OCPBUGS-33942): make sure folder is encapsulated with quotas [#13869](https://github.com/openshift/console/pull/13869) * [OCPBUGS-35723](https://issues.redhat.com/browse/OCPBUGS-35723): Upgrade Pipeline trigger resources to v1beta1 [#13985](https://github.com/openshift/console/pull/13985) * [OCPBUGS-33558](https://issues.redhat.com/browse/OCPBUGS-33558): Display "With Data upload form" in Create PVC drop down once [#13840](https://github.com/openshift/console/pull/13840) * [OCPBUGS-33064](https://issues.redhat.com/browse/OCPBUGS-33064): Fix PipelineRun Logs tab navigation [#13673](https://github.com/openshift/console/pull/13673) * [OCPBUGS-33321](https://issues.redhat.com/browse/OCPBUGS-33321): Helm Plugin's Catalog incorrectly renders a single index entry into multiple tiles [#13824](https://github.com/openshift/console/pull/13824) * [OCPBUGS-33635](https://issues.redhat.com/browse/OCPBUGS-33635): restrict Masthead logo to max-height to 60px [#13847](https://github.com/openshift/console/pull/13847) * [OCPBUGS-33640](https://issues.redhat.com/browse/OCPBUGS-33640): Add visual connector between VMs and non VMs workloads [#13848](https://github.com/openshift/console/pull/13848) * [OCPBUGS-33462](https://issues.redhat.com/browse/OCPBUGS-33462): fix issues with Edit Route form [#13831](https://github.com/openshift/console/pull/13831) * [OCPBUGS-33110](https://issues.redhat.com/browse/OCPBUGS-33110): change OperatorHub filter FIPS Mode to Designed for FIPS [#13804](https://github.com/openshift/console/pull/13804) * [OCPBUGS-32697](https://issues.redhat.com/browse/OCPBUGS-32697): Routes created by devfiles do not always use HTTPS [#13787](https://github.com/openshift/console/pull/13787) * [OCPBUGS-21799](https://issues.redhat.com/browse/OCPBUGS-21799): Fix empty editor error [#13256](https://github.com/openshift/console/pull/13256) * [OCPBUGS-32168](https://issues.redhat.com/browse/OCPBUGS-32168): fix bug where paused MCPs were incorrectly unpausing w… [#13753](https://github.com/openshift/console/pull/13753) * [OCPBUGS-20173](https://issues.redhat.com/browse/OCPBUGS-20173): Console should not panic when no response is retrieved for plugin assets [#13217](https://github.com/openshift/console/pull/13217) * [OCPBUGS-31388](https://issues.redhat.com/browse/OCPBUGS-31388): Application creation fail when manually entering input scaling value in local setup [#13697](https://github.com/openshift/console/pull/13697) * [OCPBUGS-31394](https://issues.redhat.com/browse/OCPBUGS-31394): PipelineRuns in Console show wrong status or load indefinitely [#13698](https://github.com/openshift/console/pull/13698) * [OCPBUGS-31864](https://issues.redhat.com/browse/OCPBUGS-31864): Fix config ini format [#13738](https://github.com/openshift/console/pull/13738) * [OCPBUGS-25145](https://issues.redhat.com/browse/OCPBUGS-25145): fix vCenter cluster being empty [#13436](https://github.com/openshift/console/pull/13436) * [OCPBUGS-28746](https://issues.redhat.com/browse/OCPBUGS-28746): fix bug where Expand PVC modal assumes pvc.spec.resou… [#13558](https://github.com/openshift/console/pull/13558) * [OCPBUGS-29783](https://issues.redhat.com/browse/OCPBUGS-29783): Fix operands list endpoint [#13625](https://github.com/openshift/console/pull/13625) * [OCPBUGS-29813](https://issues.redhat.com/browse/OCPBUGS-29813): Release 4.14 backports [#13646](https://github.com/openshift/console/pull/13646) * [OCPBUGS-29813](https://issues.redhat.com/browse/OCPBUGS-29813): Addition of optional chaining to prevent yaml crash [#13541](https://github.com/openshift/console/pull/13541) * [OCPBUGS-25274](https://issues.redhat.com/browse/OCPBUGS-25274): Add support for Azure Workload Identity / Federated Identity based in… [#13642](https://github.com/openshift/console/pull/13642) * [OCPBUGS-28972](https://issues.redhat.com/browse/OCPBUGS-28972): Add flags checks to hide Pipeline static plugin List and details pages [#13572](https://github.com/openshift/console/pull/13572) * [OCPBUGS-27898](https://issues.redhat.com/browse/OCPBUGS-27898): Add support for custom segment domains (to load JS and make API calls) [#13540](https://github.com/openshift/console/pull/13540) * [OCPBUGS-29349](https://issues.redhat.com/browse/OCPBUGS-29349): Error in displaying BuildRun logs in Console [#13601](https://github.com/openshift/console/pull/13601) * [OCPBUGS-29100](https://issues.redhat.com/browse/OCPBUGS-29100): Pipeline Name gets changed to "new-pipeline" on the Edit Pipeline YAML/Builder [#13585](https://github.com/openshift/console/pull/13585) * [OCPBUGS-29239](https://issues.redhat.com/browse/OCPBUGS-29239): Add a new allowInsecure option to the internet proxy [#13592](https://github.com/openshift/console/pull/13592) * [OCPBUGS-28990](https://issues.redhat.com/browse/OCPBUGS-28990): update check for the 'provider' label on the PackageMa… [#13573](https://github.com/openshift/console/pull/13573) * [OCPBUGS-27157](https://issues.redhat.com/browse/OCPBUGS-27157): add additional check to determine if file is binary [#13507](https://github.com/openshift/console/pull/13507) * [OCPBUGS-28635](https://issues.redhat.com/browse/OCPBUGS-28635): Bump graphql-go to v1.3.0 [#13553](https://github.com/openshift/console/pull/13553) * [OCPBUGS-27305](https://issues.redhat.com/browse/OCPBUGS-27305): Copy response code from proxied plugin requests [#13517](https://github.com/openshift/console/pull/13517) * [OCPBUGS-27851](https://issues.redhat.com/browse/OCPBUGS-27851): fix bug where Clone PVC modal assumes pvc.spec.resourc… [#13537](https://github.com/openshift/console/pull/13537) * [OCPBUGS-27350](https://issues.redhat.com/browse/OCPBUGS-27350): Add Pipeline metrics tab using plugin [#13520](https://github.com/openshift/console/pull/13520) * [OCPBUGS-26171](https://issues.redhat.com/browse/OCPBUGS-26171): Set unlimited line width in YAML editor [#13482](https://github.com/openshift/console/pull/13482) * [OCPBUGS-24640](https://issues.redhat.com/browse/OCPBUGS-24640): Strip 'Server' header from proxy response [#13423](https://github.com/openshift/console/pull/13423) * [OCPBUGS-25997](https://issues.redhat.com/browse/OCPBUGS-25997): change Alertmanager form to create using matchers inst… [#13478](https://github.com/openshift/console/pull/13478) * [OCPBUGS-24349](https://issues.redhat.com/browse/OCPBUGS-24349): Fix crash when ArtifactHub Task has no version [#13399](https://github.com/openshift/console/pull/13399) * [OCPBUGS-25397](https://issues.redhat.com/browse/OCPBUGS-25397): fix runtime error on Node details Overview when Machin… [#13446](https://github.com/openshift/console/pull/13446) * [OCPBUGS-23771](https://issues.redhat.com/browse/OCPBUGS-23771): Fix for yaml editor that crashes with MCE and ACM plugins enabled [#13360](https://github.com/openshift/console/pull/13360) * [OCPBUGS-24667](https://issues.redhat.com/browse/OCPBUGS-24667): Fix plugin proxy handler [#13425](https://github.com/openshift/console/pull/13425) * [OCPBUGS-24474](https://issues.redhat.com/browse/OCPBUGS-24474): S2I Build Wizard should check for Containerfile in addition to Dockerfile [#13415](https://github.com/openshift/console/pull/13415) * [OCPBUGS-24432](https://issues.redhat.com/browse/OCPBUGS-24432): fix filtering issues on Events [#13413](https://github.com/openshift/console/pull/13413) * [OCPBUGS-24352](https://issues.redhat.com/browse/OCPBUGS-24352): add access review for impersonate [#13400](https://github.com/openshift/console/pull/13400) * [OCPBUGS-22240](https://issues.redhat.com/browse/OCPBUGS-22240): Save also the location.search and .hash values in localStorage to restore them after login [#13270](https://github.com/openshift/console/pull/13270) * [OCPBUGS-24293](https://issues.redhat.com/browse/OCPBUGS-24293): ConsolePlugin metrics must no longer be grouped by the vendor [#13391](https://github.com/openshift/console/pull/13391) * [OCPBUGS-24423](https://issues.redhat.com/browse/OCPBUGS-24423): Searching for items in quick search is confusing [#13412](https://github.com/openshift/console/pull/13412) * [OCPBUGS-22375](https://issues.redhat.com/browse/OCPBUGS-22375): Delete results.tekton.dev annotations before rerun the pipelineRun [#13278](https://github.com/openshift/console/pull/13278) * [OCPBUGS-22478](https://issues.redhat.com/browse/OCPBUGS-22478): Extra space is in the translation text(Chinese) of 'Create rolebinding' and 'replicate rolebinding' [#13290](https://github.com/openshift/console/pull/13290) * [OCPBUGS-24196](https://issues.redhat.com/browse/OCPBUGS-24196): ApiVersion displayed on console is v1alpha1 whereas we support v1beta1 [#13402](https://github.com/openshift/console/pull/13402) * [OCPBUGS-23423](https://issues.redhat.com/browse/OCPBUGS-23423): Cannot Edit Shipwright Build [#13343](https://github.com/openshift/console/pull/13343) * [OCPBUGS-22980](https://issues.redhat.com/browse/OCPBUGS-22980): remove expandable toggle for conditional update risk d… [#13308](https://github.com/openshift/console/pull/13308) * [OCPBUGS-22374](https://issues.redhat.com/browse/OCPBUGS-22374): Telemetry- Current page was sometimes not tracked when reloading the current page [#13277](https://github.com/openshift/console/pull/13277) * [OCPBUGS-22177](https://issues.redhat.com/browse/OCPBUGS-22177): Channel page shows "Required" message for the default name when navigate to create channel page [#13262](https://github.com/openshift/console/pull/13262) * [OCPBUGS-19371](https://issues.redhat.com/browse/OCPBUGS-19371): Upgrade DomainMapping apiVersion to v1beta1 [#13165](https://github.com/openshift/console/pull/13165) * [OCPBUGS-19416](https://issues.redhat.com/browse/OCPBUGS-19416): Correct logout process [#13173](https://github.com/openshift/console/pull/13173) * [OCPBUGS-22285](https://issues.redhat.com/browse/OCPBUGS-22285): updating doc links for 4.14 GA [#13273](https://github.com/openshift/console/pull/13273) * [OCPBUGS-19845](https://issues.redhat.com/browse/OCPBUGS-19845): mock apis for git repo in test serverless function tests [#13199](https://github.com/openshift/console/pull/13199) * [OCPBUGS-22460](https://issues.redhat.com/browse/OCPBUGS-22460): Fix the forms when BC is not installed in the cluster [#13288](https://github.com/openshift/console/pull/13288) * [OCPBUGS-21877](https://issues.redhat.com/browse/OCPBUGS-21877): add support for new features annotations while preserv… [#13258](https://github.com/openshift/console/pull/13258) * [OCPBUGS-22377](https://issues.redhat.com/browse/OCPBUGS-22377): Fixed Edit Application form for Knative Services [#13279](https://github.com/openshift/console/pull/13279) * [OCPBUGS-21784](https://issues.redhat.com/browse/OCPBUGS-21784): hide page-specific doc links for ROSA and OSD [#13254](https://github.com/openshift/console/pull/13254) * [OCPBUGS-19898](https://issues.redhat.com/browse/OCPBUGS-19898): fix ResourceLog permissions when impersonating [#13203](https://github.com/openshift/console/pull/13203) * [OCPBUGS-19899](https://issues.redhat.com/browse/OCPBUGS-19899): change resource icon for FenceAgentRemediationTemplate… [#13204](https://github.com/openshift/console/pull/13204) * [OCPBUGS-19878](https://issues.redhat.com/browse/OCPBUGS-19878): show all the legends for Pipeline metrics in PipelineRun TaskRun Duration chart [#13202](https://github.com/openshift/console/pull/13202) * [OCPBUGS-19776](https://issues.redhat.com/browse/OCPBUGS-19776): 404 - not found will show on Knative-serving Details page [#13193](https://github.com/openshift/console/pull/13193) * [OCPBUGS-19526](https://issues.redhat.com/browse/OCPBUGS-19526): fetch TaskRuns without selector and reduces the get TaskRuns requests [#13178](https://github.com/openshift/console/pull/13178) * [OCPBUGS-18997](https://issues.redhat.com/browse/OCPBUGS-18997): fix issues with refactored "Create StorageClass" form [#13170](https://github.com/openshift/console/pull/13170) * [OCPBUGS-19664](https://issues.redhat.com/browse/OCPBUGS-19664): Check if filtered object contains name property [#13187](https://github.com/openshift/console/pull/13187) * [OCPBUGS-19380](https://issues.redhat.com/browse/OCPBUGS-19380): Hide the Builds NavItem if BuildConfig is not installed in the cluster [#13167](https://github.com/openshift/console/pull/13167) * [OCPBUGS-19337](https://issues.redhat.com/browse/OCPBUGS-19337): Unhide the Import From Git Tab on the Add page if Pipelines Operator is installed and BuildConfig is not installed in the cluster [#13160](https://github.com/openshift/console/pull/13160) * [OCPBUGS-19336](https://issues.redhat.com/browse/OCPBUGS-19336): Added React Icon [#13159](https://github.com/openshift/console/pull/13159) * [OCPBUGS-18881](https://issues.redhat.com/browse/OCPBUGS-18881): use active namespace in Create cta href of create action for operator backed [#13150](https://github.com/openshift/console/pull/13150) * [OCPBUGS-19362](https://issues.redhat.com/browse/OCPBUGS-19362): Hide the DeploymentConfig option in the User Preferences if that resource type isn't available [#13164](https://github.com/openshift/console/pull/13164) * [OCPBUGS-19338](https://issues.redhat.com/browse/OCPBUGS-19338): Hide DeploymentConfig option from forms when it's not installed in the cluster [#13161](https://github.com/openshift/console/pull/13161) * [OCPBUGS-18987](https://issues.redhat.com/browse/OCPBUGS-18987): Monitoring: Fix display of silenced alerts in dev console [#13152](https://github.com/openshift/console/pull/13152) * [OCPBUGS-18727](https://issues.redhat.com/browse/OCPBUGS-18727): bump @patternfly/react-core to v4.276.11 to pick up Sele… [#13146](https://github.com/openshift/console/pull/13146) * [Full changelog](https://github.com/openshift/console/compare/69615d5f765f6cfb2e5dd121b3a511fcec52705e...477c65924d5216ec632cd914f317564fc74dc817) ### [console-operator](https://github.com/openshift/console-operator/tree/e5d3f29136a89a273ed48023ce3a89c27980cf4f) * [OCPBUGS-31916](https://issues.redhat.com/browse/OCPBUGS-31916): use InfrastructureTopology for clusters using external CP as the console deploys on the worker nodes [#885](https://github.com/openshift/console-operator/pull/885) * [OCPBUGS-21029](https://issues.redhat.com/browse/OCPBUGS-21029): Bump library-go and golang.org/x/net [#850](https://github.com/openshift/console-operator/pull/850) * [OCPBUGS-23968](https://issues.redhat.com/browse/OCPBUGS-23968): Disable route controller health check for NLB setup [#817](https://github.com/openshift/console-operator/pull/817) * [OCPBUGS-24293](https://issues.redhat.com/browse/OCPBUGS-24293): ConsolePlugin metrics must no longer be grouped by the vendor [#820](https://github.com/openshift/console-operator/pull/820) * [OCPBUGS-22274](https://issues.redhat.com/browse/OCPBUGS-22274): Disable HTTP/2 for webhook [#803](https://github.com/openshift/console-operator/pull/803) * [OCPBUGS-20480](https://issues.redhat.com/browse/OCPBUGS-20480): Reset console operator's conditions [#797](https://github.com/openshift/console-operator/pull/797) * [Full changelog](https://github.com/openshift/console-operator/compare/91f5c97029199a96764f9af7b4f0f304b441f7bf...e5d3f29136a89a273ed48023ce3a89c27980cf4f) ### [container-networking-plugins](https://github.com/openshift/containernetworking-plugins/tree/a1b773076bd1a8ac10e622e58a36259a7a6e596a) * [OCPBUGS-56046](https://issues.redhat.com/browse/OCPBUGS-56046): Check error returned by ipv6 SettleAddresses [#193](https://github.com/openshift/containernetworking-plugins/pull/193) * [OCPBUGS-46121](https://issues.redhat.com/browse/OCPBUGS-46121): [4.14] cherry-pick containernetworking/plugins#997 [#168](https://github.com/openshift/containernetworking-plugins/pull/168) * [OCPBUGS-33066](https://issues.redhat.com/browse/OCPBUGS-33066): macvlan enable ipv6 ndisc_notify [#160](https://github.com/openshift/containernetworking-plugins/pull/160) * [OCPBUGS-20374](https://issues.redhat.com/browse/OCPBUGS-20374): build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 [backport 4.14] [#129](https://github.com/openshift/containernetworking-plugins/pull/129) * [Full changelog](https://github.com/openshift/containernetworking-plugins/compare/bf16e4c1c49319efaa94ccb0ac16dfcdb29dcac6...a1b773076bd1a8ac10e622e58a36259a7a6e596a) ### [coredns](https://github.com/openshift/coredns/tree/d10f7ff3322ac6844fc1ff070528664c8931ed24) * [OCPBUGS-58713](https://issues.redhat.com/browse/OCPBUGS-58713): [release-4.14] Bump github.com/golang/glog to v1.2.4 [#139](https://github.com/openshift/coredns/pull/139) * [OCPBUGS-37467](https://issues.redhat.com/browse/OCPBUGS-37467): UPSTREAM: 6354: openshift: key cache on Checking Disabled (CD) bit [#126](https://github.com/openshift/coredns/pull/126) * [OCPBUGS-28200](https://issues.redhat.com/browse/OCPBUGS-28200): UPSTREAM: 6277: openshift: Fix OCPBUGS-28200 [#114](https://github.com/openshift/coredns/pull/114) * [OCPBUGS-21067](https://issues.redhat.com/browse/OCPBUGS-21067): UPSTREAM: <carry>: openshift: address CVE-2023-39325 [#100](https://github.com/openshift/coredns/pull/100) * [OCPBUGS-19805](https://issues.redhat.com/browse/OCPBUGS-19805): UPSTREAM: <carry>: openshift: Fix OCPBUGS-19805 [#96](https://github.com/openshift/coredns/pull/96) * [Full changelog](https://github.com/openshift/coredns/compare/1326282c9e158078634be4261b75ded247d233d7...d10f7ff3322ac6844fc1ff070528664c8931ed24) ### [csi-driver-manila, openstack-cinder-csi-driver, openstack-cloud-controller-manager](https://github.com/openshift/cloud-provider-openstack/tree/6957b24475043718e946ec2e0b5e373c96a1f03e) * [OCPBUGS-58887](https://issues.redhat.com/browse/OCPBUGS-58887): CARRY: don't ignore json files [#343](https://github.com/openshift/cloud-provider-openstack/pull/343) * [OCPBUGS-52413](https://issues.redhat.com/browse/OCPBUGS-52413): Merge https://github.com/kubernetes/cloud-provider-openstack:release-1.27 into release-4.14 [#315](https://github.com/openshift/cloud-provider-openstack/pull/315) * update tags [#2203](https://github.com/openshift/cloud-provider-openstack/pull/2203) * And 60 elided commits (e.g. from squash or rebase merges) * [Full changelog](https://github.com/openshift/cloud-provider-openstack/compare/3d9f6f8ba7dd95dcf43252fa2dbd93128f6973f2...6957b24475043718e946ec2e0b5e373c96a1f03e) ### [csi-driver-manila-operator](https://github.com/openshift/csi-driver-manila-operator/tree/d93a218ff323960eb1dea529f0173f069ccfab42) * [OCPBUGS-25657](https://issues.redhat.com/browse/OCPBUGS-25657): Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler [#219](https://github.com/openshift/csi-driver-manila-operator/pull/219) * [OCPBUGS-23443](https://issues.redhat.com/browse/OCPBUGS-23443): Fix selector for manila-csi-driver-controller-metrics service [#211](https://github.com/openshift/csi-driver-manila-operator/pull/211) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#209](https://github.com/openshift/csi-driver-manila-operator/pull/209) * [Full changelog](https://github.com/openshift/csi-driver-manila-operator/compare/9bcf382eb68d3dd13a553dce41822d24da3870d0...d93a218ff323960eb1dea529f0173f069ccfab42) ### [csi-driver-shared-resource, csi-driver-shared-resource-webhook](https://github.com/openshift/csi-driver-shared-resource/tree/9232c1ff48df333dadc9f7dc275649866e55ced0) * [OCPBUGS-28952](https://issues.redhat.com/browse/OCPBUGS-28952): Replace 'coreydaley' with 'sayan-biswas' in OWNERS file [#167](https://github.com/openshift/csi-driver-shared-resource/pull/167) * [OCPBUGS-25069](https://issues.redhat.com/browse/OCPBUGS-25069), [OCPBUGS-26309](https://issues.redhat.com/browse/OCPBUGS-26309), [OCPBUGS-26323](https://issues.redhat.com/browse/OCPBUGS-26323): add snyk config file for SAST scan [#163](https://github.com/openshift/csi-driver-shared-resource/pull/163) * [OCPBUGS-23111](https://issues.redhat.com/browse/OCPBUGS-23111): Should reference configmaps instead of secrets [#152](https://github.com/openshift/csi-driver-shared-resource/pull/152) * [OCPBUGS-20734](https://issues.redhat.com/browse/OCPBUGS-20734): bump golang.org/x/net to v0.17.0 [#146](https://github.com/openshift/csi-driver-shared-resource/pull/146) * [Full changelog](https://github.com/openshift/csi-driver-shared-resource/compare/260a085ae25606bba7a94cdfed88f67265905ba9...9232c1ff48df333dadc9f7dc275649866e55ced0) ### [csi-driver-shared-resource-operator](https://github.com/openshift/csi-driver-shared-resource-operator/tree/c273cd52b791e69da41ac23fafb6d926c0530276) * [OCPBUGS-28957](https://issues.redhat.com/browse/OCPBUGS-28957): Replace 'coreydaley' with 'sayan-biswas' in OWNERS file [#103](https://github.com/openshift/csi-driver-shared-resource-operator/pull/103) * [OCPBUGS-26312](https://issues.redhat.com/browse/OCPBUGS-26312): add snyk config file for SAST scank [#97](https://github.com/openshift/csi-driver-shared-resource-operator/pull/97) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#91](https://github.com/openshift/csi-driver-shared-resource-operator/pull/91) * [OCPBUGS-20825](https://issues.redhat.com/browse/OCPBUGS-20825): bump golang.org/x/net to v0.17.0 [#86](https://github.com/openshift/csi-driver-shared-resource-operator/pull/86) * [Full changelog](https://github.com/openshift/csi-driver-shared-resource-operator/compare/8d017b7f19f0226dfd4fc7933271939c550d180f...c273cd52b791e69da41ac23fafb6d926c0530276) ### [csi-external-attacher](https://github.com/openshift/csi-external-attacher/tree/06e8ce0d36f7c23f0906327cd66ec6bd15165366) * [OCPBUGS-21177](https://issues.redhat.com/browse/OCPBUGS-21177): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#60](https://github.com/openshift/csi-external-attacher/pull/60) * [Full changelog](https://github.com/openshift/csi-external-attacher/compare/f806f266600fbc0db4d072e4d041fc80e28deee7...06e8ce0d36f7c23f0906327cd66ec6bd15165366) ### [csi-external-provisioner](https://github.com/openshift/csi-external-provisioner/tree/e18ed7f00d8c80564a8dd5827013cd49f33ff0d7) * [OCPBUGS-35112](https://issues.redhat.com/browse/OCPBUGS-35112): CVE-2023-48795: bump golang.org/x/crypto to v0.17.0 [#99](https://github.com/openshift/csi-external-provisioner/pull/99) * [OCPBUGS-20775](https://issues.redhat.com/browse/OCPBUGS-20775): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#72](https://github.com/openshift/csi-external-provisioner/pull/72) * [Full changelog](https://github.com/openshift/csi-external-provisioner/compare/ce5a1a33fadf10bba0c90510c09dfc879dcfec87...e18ed7f00d8c80564a8dd5827013cd49f33ff0d7) ### [csi-external-resizer](https://github.com/openshift/csi-external-resizer/tree/59a701a4c8cd3105e272b12afdb1e62e411b2772) * [OCPBUGS-20929](https://issues.redhat.com/browse/OCPBUGS-20929): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#147](https://github.com/openshift/csi-external-resizer/pull/147) * [Full changelog](https://github.com/openshift/csi-external-resizer/compare/3b4236d382e4593ca41ecc6f394775be467b1a0d...59a701a4c8cd3105e272b12afdb1e62e411b2772) ### [csi-external-snapshotter, csi-snapshot-controller, csi-snapshot-validation-webhook](https://github.com/openshift/csi-external-snapshotter/tree/a6834536936b16dcd9ee81a8753a2ef6dc208541) * [OCPBUGS-29433](https://issues.redhat.com/browse/OCPBUGS-29433): cherry-pick:release-4.14: OCPBUGS-29244 Update VolumeSnapshot and VolumeSnapshotContent using JSON patch [#142](https://github.com/openshift/csi-external-snapshotter/pull/142) * [OCPBUGS-21032](https://issues.redhat.com/browse/OCPBUGS-21032): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#109](https://github.com/openshift/csi-external-snapshotter/pull/109) * [Full changelog](https://github.com/openshift/csi-external-snapshotter/compare/4f2955c7c90cd150f9dfae782148d0fa8eba7342...a6834536936b16dcd9ee81a8753a2ef6dc208541) ### [csi-livenessprobe](https://github.com/openshift/csi-livenessprobe/tree/a9bcbde134a17d3335f68a49aaad4befa8d7cc08) * [OCPBUGS-20640](https://issues.redhat.com/browse/OCPBUGS-20640): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#50](https://github.com/openshift/csi-livenessprobe/pull/50) * [Full changelog](https://github.com/openshift/csi-livenessprobe/compare/240bb8c0c7b24d0b18831be4ace39bcbc8d599e3...a9bcbde134a17d3335f68a49aaad4befa8d7cc08) ### [csi-node-driver-registrar](https://github.com/openshift/csi-node-driver-registrar/tree/9dcaa7f5b7573e7ef9dbec1439abc32171003799) * [OCPBUGS-20697](https://issues.redhat.com/browse/OCPBUGS-20697): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#52](https://github.com/openshift/csi-node-driver-registrar/pull/52) * [Full changelog](https://github.com/openshift/csi-node-driver-registrar/compare/9005584ee45c4d3158e383870aafa5d78a03b141...9dcaa7f5b7573e7ef9dbec1439abc32171003799) ### [docker-builder](https://github.com/openshift/builder/tree/cdeff52978c86241874a807cf88b37bfe80c4cb6) * [OCPBUGS-58140](https://issues.redhat.com/browse/OCPBUGS-58140): S2I build cpu limits observed by assemble are limited to 1 cpu [#476](https://github.com/openshift/builder/pull/476) * [OCPBUGS-42915](https://issues.redhat.com/browse/OCPBUGS-42915), [OCPBUGS-43297](https://issues.redhat.com/browse/OCPBUGS-43297): Bump buildah to 1.33.12 [#447](https://github.com/openshift/builder/pull/447) * [OCPBUGS-43190](https://issues.redhat.com/browse/OCPBUGS-43190): runc library bump to 1.1.12 [#438](https://github.com/openshift/builder/pull/438) * [OCPBUGS-48495](https://issues.redhat.com/browse/OCPBUGS-48495): skipping some unit tests to avoid failures as they are duplicate [#430](https://github.com/openshift/builder/pull/430) * [OCPBUGS-48477](https://issues.redhat.com/browse/OCPBUGS-48477): Add team members to the OWNERS file [#429](https://github.com/openshift/builder/pull/429) * [BUILD-854](https://issues.redhat.com/browse/BUILD-854): Add adambkaplan as approver [#404](https://github.com/openshift/builder/pull/404) * [OCPBUGS-28949](https://issues.redhat.com/browse/OCPBUGS-28949): Replace 'coreydaley' with 'sayan-biswas' [#379](https://github.com/openshift/builder/pull/379) * [OCPBUGS-23006](https://issues.redhat.com/browse/OCPBUGS-23006): Add -p flag to cp command to preserve timestamps [#370](https://github.com/openshift/builder/pull/370) * [OCPBUGS-20726](https://issues.redhat.com/browse/OCPBUGS-20726): [release-4.14] Bumping golang.org/x/net [#362](https://github.com/openshift/builder/pull/362) * [OCPBUGS-20409](https://issues.redhat.com/browse/OCPBUGS-20409): drop the Overlay setting from transient mounts [#360](https://github.com/openshift/builder/pull/360) * [Full changelog](https://github.com/openshift/builder/compare/5df9af7bc7bb0d1245af7a7829ad80e4480c13f6...cdeff52978c86241874a807cf88b37bfe80c4cb6) ### [docker-registry](https://github.com/openshift/image-registry/tree/ce0483f140c5065a1b4aafbbbb94b1b9ca5f29e1) * [OCPBUGS-53651](https://issues.redhat.com/browse/OCPBUGS-53651): bump jwt and oauth dependencies [#434](https://github.com/openshift/image-registry/pull/434) * [OCPBUGS-31857](https://issues.redhat.com/browse/OCPBUGS-31857): vendor: bump aws-sdk-go to support ca-west-1 [#397](https://github.com/openshift/image-registry/pull/397) * [OCPBUGS-29604](https://issues.redhat.com/browse/OCPBUGS-29604): vendor: bump distribution to fix azure storage path bug [#394](https://github.com/openshift/image-registry/pull/394) * [OCPBUGS-22826](https://issues.redhat.com/browse/OCPBUGS-22826): Allow ICSP IDMS coexisting [#385](https://github.com/openshift/image-registry/pull/385) * [OCPBUGS-19379](https://issues.redhat.com/browse/OCPBUGS-19379): increase rest.Config QPS and Burst [#381](https://github.com/openshift/image-registry/pull/381) * [Full changelog](https://github.com/openshift/image-registry/compare/89c03ea33937f22ce59a0b4faff51cff8c237176...ce0483f140c5065a1b4aafbbbb94b1b9ca5f29e1) ### [egress-router-cni](https://github.com/openshift/egress-router-cni/tree/96f2f54fec843fc9e8dec826d7b3fa25cdf38d7f) * [OCPBUGS-35143](https://issues.redhat.com/browse/OCPBUGS-35143): update to go 1.19 and k8s.io mods to v0.27.4 [#87](https://github.com/openshift/egress-router-cni/pull/87) * [OCPBUGS-19850](https://issues.redhat.com/browse/OCPBUGS-19850): Ensure that IP forwarding is enabled [#78](https://github.com/openshift/egress-router-cni/pull/78) * [Full changelog](https://github.com/openshift/egress-router-cni/compare/f8ec690bc12a13ec7c9c45f0e3696ad02e143581...96f2f54fec843fc9e8dec826d7b3fa25cdf38d7f) ### [etcd](https://github.com/openshift/etcd/tree/5ed5044c5661c55d297ab0348056b50969af9627) * [OCPBUGS-32813](https://issues.redhat.com/browse/OCPBUGS-32813): Revert "Merge pull request #261 from Elbehery/rebase-etcd-3.5.13-open… [#265](https://github.com/openshift/etcd/pull/265) * [OCPBUGS-31650](https://issues.redhat.com/browse/OCPBUGS-31650): Rebase etcd 3.5.13 openshift 4.14 [#261](https://github.com/openshift/etcd/pull/261) * [OCPBUGS-28733](https://issues.redhat.com/browse/OCPBUGS-28733): Rebase etcd 3.5.12 openshift 4.14 [#244](https://github.com/openshift/etcd/pull/244) * [OCPBUGS-24939](https://issues.redhat.com/browse/OCPBUGS-24939): Rebase etcd 3.5.11 openshift 4.14 [#235](https://github.com/openshift/etcd/pull/235) * [OCPBUGS-22727](https://issues.redhat.com/browse/OCPBUGS-22727): [4.14] Rebase openshift/etcd to 3.5.10 [#226](https://github.com/openshift/etcd/pull/226) * [OCPBUGS-21221](https://issues.redhat.com/browse/OCPBUGS-21221): Carrying fixes for CVE-2023-44487 [#222](https://github.com/openshift/etcd/pull/222) * [OCPBUGS-18415](https://issues.redhat.com/browse/OCPBUGS-18415): Updating ose-etcd images to be consistent with ART [#208](https://github.com/openshift/etcd/pull/208) * [Full changelog](https://github.com/openshift/etcd/compare/a7005ef1eae85eec6c59411860538169cea182fd...5ed5044c5661c55d297ab0348056b50969af9627) ### [gcp-cloud-controller-manager](https://github.com/openshift/cloud-provider-gcp/tree/09e96a91c4c95e4f8a3d77bae81875c570dd9e3c) * [OCPBUGS-21321](https://issues.redhat.com/browse/OCPBUGS-21321): Bump golang.org/x/net to v0.18.0 [#42](https://github.com/openshift/cloud-provider-gcp/pull/42) * [Full changelog](https://github.com/openshift/cloud-provider-gcp/compare/fc50272ac32348a96455688c470bf256b1042825...09e96a91c4c95e4f8a3d77bae81875c570dd9e3c) ### [gcp-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-gcp/tree/d99fb31aa7280f6b5da00880a64b4774600817a2) * [OCPBUGS-17290](https://issues.redhat.com/browse/OCPBUGS-17290), [OCPBUGS-21417](https://issues.redhat.com/browse/OCPBUGS-21417): Bump golang.org/x/net to v0.17.0 [#203](https://github.com/openshift/cluster-api-provider-gcp/pull/203) * [Full changelog](https://github.com/openshift/cluster-api-provider-gcp/compare/bad54034ed075b24ee8962661e78cfbd84a7dd0a...d99fb31aa7280f6b5da00880a64b4774600817a2) ### [gcp-machine-controllers](https://github.com/openshift/machine-api-provider-gcp/tree/7bf14fb2d7eabbb2e22d39d203b43dc6a5443a21) * [OCPBUGS-56194](https://issues.redhat.com/browse/OCPBUGS-56194): Disable shielded VMs for non-UEFI disks [#118](https://github.com/openshift/machine-api-provider-gcp/pull/118) * [OCPBUGS-20870](https://issues.redhat.com/browse/OCPBUGS-20870): Bump x/net package to v0.17.0 [#65](https://github.com/openshift/machine-api-provider-gcp/pull/65) * [Full changelog](https://github.com/openshift/machine-api-provider-gcp/compare/0af06c047e5f751d77056f4ba288edb17e8d92a1...7bf14fb2d7eabbb2e22d39d203b43dc6a5443a21) ### [gcp-pd-csi-driver](https://github.com/openshift/gcp-pd-csi-driver/tree/8a626fe5354a7cb28e31034dc8afe9c00d4b5a03) * [OCPBUGS-20752](https://issues.redhat.com/browse/OCPBUGS-20752): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#45](https://github.com/openshift/gcp-pd-csi-driver/pull/45) * [Full changelog](https://github.com/openshift/gcp-pd-csi-driver/compare/856ee3e23802cd341619cc4fc3181cf6ebbbd548...8a626fe5354a7cb28e31034dc8afe9c00d4b5a03) ### [gcp-pd-csi-driver-operator](https://github.com/openshift/gcp-pd-csi-driver-operator/tree/95d55a043a60b584a9fe28d37825761282305840) * [OCPBUGS-25657](https://issues.redhat.com/browse/OCPBUGS-25657): Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler [#107](https://github.com/openshift/gcp-pd-csi-driver-operator/pull/107) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#96](https://github.com/openshift/gcp-pd-csi-driver-operator/pull/96) * [OCPBUGS-20847](https://issues.redhat.com/browse/OCPBUGS-20847): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#87](https://github.com/openshift/gcp-pd-csi-driver-operator/pull/87) * [Full changelog](https://github.com/openshift/gcp-pd-csi-driver-operator/compare/3b91ee310c8a7394ceb2d4de6a51dd18a3800312...95d55a043a60b584a9fe28d37825761282305840) ### [haproxy-router](https://github.com/openshift/router/tree/c3a2430c09ccea623bb8a599ce56a6e267009620) * [OCPBUGS-32634](https://issues.redhat.com/browse/OCPBUGS-32634): Properly handle rewrite-target annotation [#583](https://github.com/openshift/router/pull/583) * [OCPBUGS-33797](https://issues.redhat.com/browse/OCPBUGS-33797): Reject routes with MD5 certs [#598](https://github.com/openshift/router/pull/598) * [OCPBUGS-33389](https://issues.redhat.com/browse/OCPBUGS-33389): Count active services before setting weight to 1 [#592](https://github.com/openshift/router/pull/592) * [OCPBUGS-30773](https://issues.redhat.com/browse/OCPBUGS-30773): OCPBUGS 6958 backport to 4.14 [#568](https://github.com/openshift/router/pull/568) * [OCPBUGS-32437](https://issues.redhat.com/browse/OCPBUGS-32437): Introduce 'idle-close-on-response' option for frontends [#580](https://github.com/openshift/router/pull/580) * [OCPBUGS-21134](https://issues.redhat.com/browse/OCPBUGS-21134): Bump golang.org/x/net to v0.17.0 to address CVE-2023-39325 [#530](https://github.com/openshift/router/pull/530) * [OCPBUGS-21898](https://issues.redhat.com/browse/OCPBUGS-21898): haproxy-template: Add 'no strict-limits' to address HAProxy 2.6 issue [#528](https://github.com/openshift/router/pull/528) * [Full changelog](https://github.com/openshift/router/compare/dc38fbd84dfbed3a897f2d36b469d0ccfd1ecda3...c3a2430c09ccea623bb8a599ce56a6e267009620) ### [hyperkube, pod](https://github.com/openshift/kubernetes/tree/03a907c6d182353a0e9b83a224a6f0398406f6d5) * [OCPBUGS-39413](https://issues.redhat.com/browse/OCPBUGS-39413): Return from EnsureHostInPool on all NIC errors [#2073](https://github.com/openshift/kubernetes/pull/2073) * : OCPBUGS-38959: Upstream: 115702 kubelet: output log even file is rotated [#2060](https://github.com/openshift/kubernetes/pull/2060) * NO-JIRA: update downstream owners [#2051](https://github.com/openshift/kubernetes/pull/2051) * [OCPBUGS-37623](https://issues.redhat.com/browse/OCPBUGS-37623): Bump to Kubernetes v1.27.16 [#2043](https://github.com/openshift/kubernetes/pull/2043) * [OCPBUGS-35553](https://issues.redhat.com/browse/OCPBUGS-35553): Disable vulncheck [#2010](https://github.com/openshift/kubernetes/pull/2010) * [OCPBUGS-35553](https://issues.redhat.com/browse/OCPBUGS-35553): Bump k8s 1.27.15 [#1992](https://github.com/openshift/kubernetes/pull/1992) * [OCPBUGS-33964](https://issues.redhat.com/browse/OCPBUGS-33964): UPSTREAM: 123055: Fix race condition between resizer and kubelet [#1973](https://github.com/openshift/kubernetes/pull/1973) * UPSTREAM: <carry>: OCPBUGS-32473: fix cpu manager cpuset check [#1951](https://github.com/openshift/kubernetes/pull/1951) * [OCPBUGS-33712](https://issues.redhat.com/browse/OCPBUGS-33712): Bump to Kubernetes v1.27.14 [#1970](https://github.com/openshift/kubernetes/pull/1970) * [OCPBUGS-33417](https://issues.redhat.com/browse/OCPBUGS-33417): Provide SCC access via RBAC [#1965](https://github.com/openshift/kubernetes/pull/1965) * [OCPBUGS-14373](https://issues.redhat.com/browse/OCPBUGS-14373): Fix flaky HPA e2e tests by not failing on context cancelled (#117669) [#1958](https://github.com/openshift/kubernetes/pull/1958) * [OCPBUGS-32580](https://issues.redhat.com/browse/OCPBUGS-32580): allow override of NewVolumeManagerReconstruction [#1956](https://github.com/openshift/kubernetes/pull/1956) * [OCPBUGS-32309](https://issues.redhat.com/browse/OCPBUGS-32309): Bump K8s api to 1.27.13 [#1950](https://github.com/openshift/kubernetes/pull/1950) * [OCPBUGS-29924](https://issues.redhat.com/browse/OCPBUGS-29924): UPSTREAM: <carry>: openshift-kube-apiserver: add kube-apiserver patches [#1898](https://github.com/openshift/kubernetes/pull/1898) * [OCPBUGS-31504](https://issues.redhat.com/browse/OCPBUGS-31504): Bump to 1.27.12 [#1927](https://github.com/openshift/kubernetes/pull/1927) * [OCPBUGS-31741](https://issues.redhat.com/browse/OCPBUGS-31741): 4.14: UPSTREAM: 124048: Use the right feature gate when updating uncertain volumes [#1936](https://github.com/openshift/kubernetes/pull/1936) * Address CVE [#12](https://github.com/openshift/kubernetes/pull/12) * [OCPBUGS-30964](https://issues.redhat.com/browse/OCPBUGS-30964): Set up CEL IP/CIDR library from 4.14 onwards [#1913](https://github.com/openshift/kubernetes/pull/1913) * [OCPBUGS-29662](https://issues.redhat.com/browse/OCPBUGS-29662): Update to kubernetes 1.27.11 [#1890](https://github.com/openshift/kubernetes/pull/1890) * [OCPBUGS-27347](https://issues.redhat.com/browse/OCPBUGS-27347): UPSTREAM: <carry>: Update management webhook pod admission logic [#1855](https://github.com/openshift/kubernetes/pull/1855) * [OCPBUGS-27369](https://issues.redhat.com/browse/OCPBUGS-27369): Update to kubernetes 1.27.10 [#1860](https://github.com/openshift/kubernetes/pull/1860) * [OCPBUGS-25813](https://issues.redhat.com/browse/OCPBUGS-25813): Fix uncertain device in 4.14 [#1830](https://github.com/openshift/kubernetes/pull/1830) * UPSTREAM: 117349: OCPBUGS-19431: Bump lumberjack.v2 v2.0.0 -> v2.2.1 [#1552](https://github.com/openshift/kubernetes/pull/1552) * [OCPBUGS-26006](https://issues.redhat.com/browse/OCPBUGS-26006): Update to Kubernetes 1.27.9 [#1838](https://github.com/openshift/kubernetes/pull/1838) * [OCPBUGS-23566](https://issues.redhat.com/browse/OCPBUGS-23566): followup to #1808 [#1813](https://github.com/openshift/kubernetes/pull/1813) * [OCPBUGS-23566](https://issues.redhat.com/browse/OCPBUGS-23566): Update to kubernetes 1.27.8 [#1808](https://github.com/openshift/kubernetes/pull/1808) * [OCPBUGS-23286](https://issues.redhat.com/browse/OCPBUGS-23286): UPSTREAM: 121881: Use golang library instead of mklink [#1801](https://github.com/openshift/kubernetes/pull/1801) * [OCPBUGS-22861](https://issues.redhat.com/browse/OCPBUGS-22861): UPSTREAM: <carry>: support for both icsp and idms objects [#1780](https://github.com/openshift/kubernetes/pull/1780) * openshift-hack: Fix sporadic 141 errors in build-rpms [#1772](https://github.com/openshift/kubernetes/pull/1772) * [OCPBUGS-20380](https://issues.redhat.com/browse/OCPBUGS-20380): [release-4.14] UPSTREAM: 121127: [1.27][CVE-2023-39325] .: bump golang.org/x/net to v0.17.0 [#1758](https://github.com/openshift/kubernetes/pull/1758) * [OCPBUGS-18249](https://issues.redhat.com/browse/OCPBUGS-18249): <carry>: Export cpu stats of ovs.slice via prometheus [#1699](https://github.com/openshift/kubernetes/pull/1699) * [OCPBUGS-20115](https://issues.redhat.com/browse/OCPBUGS-20115): Do not allow nodes to set forbidden openshift labels [#1736](https://github.com/openshift/kubernetes/pull/1736) * Update builder & base hyperkube image to RHEL 9 [#1727](https://github.com/openshift/kubernetes/pull/1727) * [OCPBUGS-19401](https://issues.redhat.com/browse/OCPBUGS-19401): UPSTREAM: <carry>: vendor: bump cadvisor and runc to 1.1.9 [#1713](https://github.com/openshift/kubernetes/pull/1713) * [OCPBUGS-19952](https://issues.redhat.com/browse/OCPBUGS-19952): UPSTREAM: <carry>: kubelet/cm: use MkdirAll when creating cpuset to ignore file exists error [#1728](https://github.com/openshift/kubernetes/pull/1728) * [OCPBUGS-15531](https://issues.redhat.com/browse/OCPBUGS-15531): UPSTREAM: 120786: change rolling update logic to exclude sunsetting nodes [#1717](https://github.com/openshift/kubernetes/pull/1717) * [OCPBUGS-18285](https://issues.redhat.com/browse/OCPBUGS-18285), [OCPBUGS-19479](https://issues.redhat.com/browse/OCPBUGS-19479): Update to Kubernetes 1.27.6 [#1709](https://github.com/openshift/kubernetes/pull/1709) * [OCPBUGS-18724](https://issues.redhat.com/browse/OCPBUGS-18724): cm: reorder setting of sched_load_balance for sandbox slice [#1693](https://github.com/openshift/kubernetes/pull/1693) * [Full changelog](https://github.com/openshift/kubernetes/compare/d227d652fda9e7a56895a879ca225be9372d0a88...03a907c6d182353a0e9b83a224a6f0398406f6d5) ### [hypershift](https://github.com/openshift/hypershift/tree/69c645c12d450a0733cac2fab27c1099a89b717e) * [OCPBUGS-57321](https://issues.redhat.com/browse/OCPBUGS-57321): Add validation to avoid conflicts between KubeAPIServer and NamedCertificates SANs #6231 [#6252](https://github.com/openshift/hypershift/pull/6252) * [OCPBUGS-55936](https://issues.redhat.com/browse/OCPBUGS-55936): [release-4.14] Add konnectivity-proxy sidecar to openshift-oauth… [#6129](https://github.com/openshift/hypershift/pull/6129) * [CNTRLPLANE-921](https://issues.redhat.com/browse/CNTRLPLANE-921): Konflux build pipeline service account migration [#6080](https://github.com/openshift/hypershift/pull/6080) * [CNTRLPLANE-921](https://issues.redhat.com/browse/CNTRLPLANE-921): Konflux build pipeline service account migration [#6085](https://github.com/openshift/hypershift/pull/6085) * [OCPBUGS-51802](https://issues.redhat.com/browse/OCPBUGS-51802): Fix golang crypto dependency go.mod replacement [#5996](https://github.com/openshift/hypershift/pull/5996) * [OCPBUGS-53899](https://issues.redhat.com/browse/OCPBUGS-53899): bump golang-jwt v4 [#5909](https://github.com/openshift/hypershift/pull/5909) * [OCPBUGS-53433](https://issues.redhat.com/browse/OCPBUGS-53433): Prevent IgnitionServer from flooding the API server with patch requests [#5878](https://github.com/openshift/hypershift/pull/5878) * [OCPBUGS-51731](https://issues.redhat.com/browse/OCPBUGS-51731), [OCPBUGS-51802](https://issues.redhat.com/browse/OCPBUGS-51802): Bump dependencies to OCP fork in backports [#5899](https://github.com/openshift/hypershift/pull/5899) * Red Hat Konflux update control-plane-operator-4-14 [#5953](https://github.com/openshift/hypershift/pull/5953) * [ART-11792](https://issues.redhat.com/browse/ART-11792): update go mod dependency for konflux [#5921](https://github.com/openshift/hypershift/pull/5921) * [OCPBUGS-53314](https://issues.redhat.com/browse/OCPBUGS-53314): Fix IsIPv4 function identifying also addresses instead of CIDRs [#5867](https://github.com/openshift/hypershift/pull/5867) * [OCPBUGS-45559](https://issues.redhat.com/browse/OCPBUGS-45559): Add Network Policies for Konnectivity server and Ignition server proxy [#5816](https://github.com/openshift/hypershift/pull/5816) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.6.6 [#5730](https://github.com/openshift/hypershift/pull/5730) * NO-JIRA: chore(deps): update dependency mkdocs-material to v9.6.6 [#5725](https://github.com/openshift/hypershift/pull/5725) * chore(deps): update dependency mkdocs-mermaid2-plugin to v0.6.0 [#5687](https://github.com/openshift/hypershift/pull/5687) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.6.5 [#5681](https://github.com/openshift/hypershift/pull/5681) * NO-JIRA: chore(deps): update dependency mkdocs-material to v9 [#5688](https://github.com/openshift/hypershift/pull/5688) * [OCPBUGS-50700](https://issues.redhat.com/browse/OCPBUGS-50700): add region to AWS creds passed to operators managed by CPO [#5668](https://github.com/openshift/hypershift/pull/5668) * NO-JIRA: Red Hat Konflux update control-plane-operator-4-14 [#5339](https://github.com/openshift/hypershift/pull/5339) * [OCPBUGS-47630](https://issues.redhat.com/browse/OCPBUGS-47630): Separate CPO containerfiles [#5619](https://github.com/openshift/hypershift/pull/5619) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.6.4 [#5538](https://github.com/openshift/hypershift/pull/5538) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.6.1 [#5537](https://github.com/openshift/hypershift/pull/5537) * [OCPBUGS-49405](https://issues.redhat.com/browse/OCPBUGS-49405): add ValidIDPConfiguration condition to report IDP config issues [#5520](https://github.com/openshift/hypershift/pull/5520) * NO-JIRA: chore: update konflux references & bump up go version to 1.20 [#5517](https://github.com/openshift/hypershift/pull/5517) * NO-JIRA: Update squidfunk/mkdocs-material Docker tag to v9.5.50 (release-4.14) [#5444](https://github.com/openshift/hypershift/pull/5444) * NO-JIRA: Update dependency mkdocs-material to v8.5.11 (release-4.14) [#5430](https://github.com/openshift/hypershift/pull/5430) * NO-JIRA: [release-4.14] Bump golang.org/x/crypto and golang.org/x/net [#5372](https://github.com/openshift/hypershift/pull/5372) * NO-JIRA: Update dependency mkdocs-glightbox to v0.4.0 (release-4.14) [#5331](https://github.com/openshift/hypershift/pull/5331) * NO-JIRA: Update dependency mkdocs to v1.6.1 (release-4.14) [#5330](https://github.com/openshift/hypershift/pull/5330) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.49 (release-4.14) - abandoned [#5308](https://github.com/openshift/hypershift/pull/5308) * [OCPBUGS-44279](https://issues.redhat.com/browse/OCPBUGS-44279): Configure OAuth https proxy to dial cloud endpoints directly [#5067](https://github.com/openshift/hypershift/pull/5067) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.45 (release-4.14) [#5162](https://github.com/openshift/hypershift/pull/5162) * NO-JIRA: chore(deps): update konflux references (release-4.14) [#5145](https://github.com/openshift/hypershift/pull/5145) * NO-JIRA: chore(deps): update konflux references (release-4.14) [#5121](https://github.com/openshift/hypershift/pull/5121) * NO-JIRA: chore(deps): update registry.access.redhat.com/ubi9-minimal docker tag to v9.5-1731518200 (release-4.14) [#5105](https://github.com/openshift/hypershift/pull/5105) * NO-JIRA: Update Konflux references (release-4.14) [#5100](https://github.com/openshift/hypershift/pull/5100) * chore(deps): update konflux references (release-4.14) [#5076](https://github.com/openshift/hypershift/pull/5076) * NO-JIRA: chore(deps): update konflux references (release-4.14) [#5055](https://github.com/openshift/hypershift/pull/5055) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.44 (release-4.14) [#5056](https://github.com/openshift/hypershift/pull/5056) * NO-JIRA: Update Konflux references to fedcfe0 (release-4.14) [#5043](https://github.com/openshift/hypershift/pull/5043) * chore(deps): update konflux references (release-4.14) [#5026](https://github.com/openshift/hypershift/pull/5026) * chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.43 (release-4.14) [#5021](https://github.com/openshift/hypershift/pull/5021) * chore(deps): update konflux references to f53fe54 (release-4.14) [#5020](https://github.com/openshift/hypershift/pull/5020) * NO-JIRA: Update Konflux references (release-4.14) [#5011](https://github.com/openshift/hypershift/pull/5011) * [OCPBUGS-41701](https://issues.redhat.com/browse/OCPBUGS-41701): cmd: report server version, supported OCP [#4718](https://github.com/openshift/hypershift/pull/4718) * NO-JIRA: chore(deps): update konflux references (release-4.14) [#4975](https://github.com/openshift/hypershift/pull/4975) * [OCPBUGS-43688](https://issues.redhat.com/browse/OCPBUGS-43688): Use guest DNS resolution in Konnectivity HTTPS proxy by default [#4964](https://github.com/openshift/hypershift/pull/4964) * chore(deps): update konflux references (release-4.14) [#4953](https://github.com/openshift/hypershift/pull/4953) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.42 (release-4.14) [#4948](https://github.com/openshift/hypershift/pull/4948) * [OCPBUGS-43368](https://issues.redhat.com/browse/OCPBUGS-43368): Let payload generation pick the release for the NodePool [#4913](https://github.com/openshift/hypershift/pull/4913) * NO-JIRA: chore(deps): update konflux references (release-4.14) [#4934](https://github.com/openshift/hypershift/pull/4934) * NO-JIRA: chore(deps): update konflux references to 66f551f (release-4.14) [#4924](https://github.com/openshift/hypershift/pull/4924) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.41 (release-4.14) [#4917](https://github.com/openshift/hypershift/pull/4917) * NO-JIRA: chore(deps): update konflux references to 674e70f (release-4.14) [#4910](https://github.com/openshift/hypershift/pull/4910) * NO-JIRA: chore(deps): update konflux references (release-4.14) [#4898](https://github.com/openshift/hypershift/pull/4898) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.40 (release-4.14) [#4879](https://github.com/openshift/hypershift/pull/4879) * NO-JIRA: chore(deps): update konflux references to 37b9187 (release-4.14 [#4851](https://github.com/openshift/hypershift/pull/4851) * [OCPBUGS-42533](https://issues.redhat.com/browse/OCPBUGS-42533): enable audit log for oauth-openshift [#4822](https://github.com/openshift/hypershift/pull/4822) * chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v1.21.13 (release-4.14) [#4794](https://github.com/openshift/hypershift/pull/4794) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.39 (release-4.14) [#4828](https://github.com/openshift/hypershift/pull/4828) * NO-JIRA: chore(deps): update konflux references (release-4.14) [#4813](https://github.com/openshift/hypershift/pull/4813) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.38 (release-4.14) [#4805](https://github.com/openshift/hypershift/pull/4805) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9 (release-4.14) [#4788](https://github.com/openshift/hypershift/pull/4788) * chore(deps): update registry.access.redhat.com/ubi9-minimal docker tag to v9.4-1227.1726694542 (release-4.14) [#4758](https://github.com/openshift/hypershift/pull/4758) * chore(deps): update squidfunk/mkdocs-material docker tag to v8.5.11 (release-4.14) [#4784](https://github.com/openshift/hypershift/pull/4784) * [OCPBUGS-41374](https://issues.redhat.com/browse/OCPBUGS-41374): CPO oauth idp converter: resolve names before dialing [#4763](https://github.com/openshift/hypershift/pull/4763) * NO-JIRA: chore(deps): update konflux references to 5ac9b24 (release-4.14) [#4783](https://github.com/openshift/hypershift/pull/4783) * chore(deps): update konflux references to 2c3426a (release-4.14) [#4773](https://github.com/openshift/hypershift/pull/4773) * NO-JIRA: chore(deps): update konflux references (release-4.14) [#4757](https://github.com/openshift/hypershift/pull/4757) * [OCPBUGS-42221](https://issues.redhat.com/browse/OCPBUGS-42221): Make guest cluster components use the correct KAS port [#4753](https://github.com/openshift/hypershift/pull/4753) * [OCPBUGS-38060](https://issues.redhat.com/browse/OCPBUGS-38060): Add HTTP konnectivity proxy to OAuth server [#4498](https://github.com/openshift/hypershift/pull/4498) * [OCPBUGS-38066](https://issues.redhat.com/browse/OCPBUGS-38066): [release-4.14] Use HTTP proxy for ingress controller [#4724](https://github.com/openshift/hypershift/pull/4724) * NO-JIRA: Security fixes for openshift-ci-security job [#4752](https://github.com/openshift/hypershift/pull/4752) * [OCPBUGS-42184](https://issues.redhat.com/browse/OCPBUGS-42184): copy image-registry AdditionalTrustedCA configmap into HC openshift-config [#4747](https://github.com/openshift/hypershift/pull/4747) * [OCPBUGS-41506](https://issues.redhat.com/browse/OCPBUGS-41506): fix: bump google.golang.org/protobuf [#4687](https://github.com/openshift/hypershift/pull/4687) * [HOSTEDCP-1957](https://issues.redhat.com/browse/HOSTEDCP-1957): bump go-jose version [#4698](https://github.com/openshift/hypershift/pull/4698) * [OCPBUGS-39378](https://issues.redhat.com/browse/OCPBUGS-39378): Set KCM node monitor grace period [#4659](https://github.com/openshift/hypershift/pull/4659) * chore(deps): update konflux references (release-4.14) [#4683](https://github.com/openshift/hypershift/pull/4683) * [OCPBUGS-39183](https://issues.redhat.com/browse/OCPBUGS-39183): fix: bump github.com/IBM/go-sdk-core/v5 [#4626](https://github.com/openshift/hypershift/pull/4626) * NO-JIRA: Add PodDisruptionBudget for router deployment [#4692](https://github.com/openshift/hypershift/pull/4692) * NO-JIRA: Revert "Merge pull request #4661 from jparrill/bp-4.14/OCPBUGS-24308" [#4667](https://github.com/openshift/hypershift/pull/4667) * NO-JIRA: PDB backports [#4661](https://github.com/openshift/hypershift/pull/4661) * NO-JIRA: Konflux migration 4.14 [#4648](https://github.com/openshift/hypershift/pull/4648) * [OCPBUGS-39230](https://issues.redhat.com/browse/OCPBUGS-39230): set proxy envvars on aws CCM [#4638](https://github.com/openshift/hypershift/pull/4638) * [OCPBUGS-38791](https://issues.redhat.com/browse/OCPBUGS-38791): Let the CPO oidc check resolve through data plane [#4617](https://github.com/openshift/hypershift/pull/4617) * NO-JIRA: Flaky cert validation test [#4633](https://github.com/openshift/hypershift/pull/4633) * [HOSTEDCP-1897](https://issues.redhat.com/browse/HOSTEDCP-1897): [release-4.14] Allow setting Kube APIServer maximum requests in flight [#4553](https://github.com/openshift/hypershift/pull/4553) * [OCPBUGS-37076](https://issues.redhat.com/browse/OCPBUGS-37076): Fixed audit-logs sigterm failing to terminate gracefully [#4369](https://github.com/openshift/hypershift/pull/4369) * [OCPBUGS-38624](https://issues.redhat.com/browse/OCPBUGS-38624): remove weak ciphers from security profile [#4575](https://github.com/openshift/hypershift/pull/4575) * [OCPBUGS-37173](https://issues.redhat.com/browse/OCPBUGS-37173): Add newline after TLS certs referenced by image.config [#4471](https://github.com/openshift/hypershift/pull/4471) * [OCPBUGS-37172](https://issues.redhat.com/browse/OCPBUGS-37172): OCPBUGS-35899: Doubled machineHealthCheck timeout on Agent and None [#4490](https://github.com/openshift/hypershift/pull/4490) * [OCPBUGS-36944](https://issues.redhat.com/browse/OCPBUGS-36944): [release-4.14] Add HTTP(s) konnectivity proxy and use it with OpenShift APIServer [#4360](https://github.com/openshift/hypershift/pull/4360) * [HOSTEDCP-1795](https://issues.redhat.com/browse/HOSTEDCP-1795), [HOSTEDCP-1796](https://issues.redhat.com/browse/HOSTEDCP-1796): Customize the self-generated cert validity and rotation [#4473](https://github.com/openshift/hypershift/pull/4473) * [OCPBUGS-37175](https://issues.redhat.com/browse/OCPBUGS-37175): Delete IDMS in dataplane once HCP ICS field is removed [#4472](https://github.com/openshift/hypershift/pull/4472) * NO-JIRA: Konflux mce-2.4 pipeline fixes [#4464](https://github.com/openshift/hypershift/pull/4464) * NO-JIRA: [release-4.14] OCPBUGS-36297: kubevirt-csi-driver: Pass infra kubeconfig in case of external infra [#4288](https://github.com/openshift/hypershift/pull/4288) * NO-JIRA: [release-4.14] test/e2e: remove api budget checks [#4438](https://github.com/openshift/hypershift/pull/4438) * NO-JIRA: chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v1.21.11-2 (release-4.14) - abandoned [#4363](https://github.com/openshift/hypershift/pull/4363) * NO-JIRA: Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.21.10-1.1719562237 (release-4.14) - abandoned [#4326](https://github.com/openshift/hypershift/pull/4326) * NO-JIRA: Update registry.access.redhat.com/ubi9-minimal Docker tag to v9.4-1134 (release-4.14) - abandoned [#4325](https://github.com/openshift/hypershift/pull/4325) * [OCPBUGS-36518](https://issues.redhat.com/browse/OCPBUGS-36518): Run haproxy to connect to kas from data plane if noproxy settings contain kas [#4315](https://github.com/openshift/hypershift/pull/4315) * [OCPBUGS-36159](https://issues.redhat.com/browse/OCPBUGS-36159): Generate default worker security group rules based on machineCIDR [#4270](https://github.com/openshift/hypershift/pull/4270) * [OCPBUGS-35549](https://issues.redhat.com/browse/OCPBUGS-35549): Restrict image registry overrides to control plane component [#4223](https://github.com/openshift/hypershift/pull/4223) * [OCPBUGS-35365](https://issues.redhat.com/browse/OCPBUGS-35365): fix router on 4.14 y-stream upgrade [#4205](https://github.com/openshift/hypershift/pull/4205) * NO-JIRA: chore(deps): update konflux references (release-4.14) [#4257](https://github.com/openshift/hypershift/pull/4257) * [OCPBUGS-35401](https://issues.redhat.com/browse/OCPBUGS-35401): Fix disconnected metadata inspection for nodepool [#4208](https://github.com/openshift/hypershift/pull/4208) * [OCPBUGS-35482](https://issues.redhat.com/browse/OCPBUGS-35482): Add TrustedBundles to OAS container [#4216](https://github.com/openshift/hypershift/pull/4216) * [OCPBUGS-35290](https://issues.redhat.com/browse/OCPBUGS-35290): [release-4.14] Backport etcd defrag [#4189](https://github.com/openshift/hypershift/pull/4189) * NO-JIRA: chore(deps): update konflux references (release-4.14) [#4248](https://github.com/openshift/hypershift/pull/4248) * [OCPBUGS-35183](https://issues.redhat.com/browse/OCPBUGS-35183): add AWS STS URL to OIDC provider audiences [#4179](https://github.com/openshift/hypershift/pull/4179) * NO-JIRA: hack: make the e2e script generic [#4201](https://github.com/openshift/hypershift/pull/4201) * chore(deps): update konflux references to 2be7c9c (release-4.14) [#4225](https://github.com/openshift/hypershift/pull/4225) * NO-JIRA: Update Konflux references to 1025001 (release-4.14) [#4181](https://github.com/openshift/hypershift/pull/4181) * NO-JIRA: chore(deps): update konflux references (release-4.14) [#4168](https://github.com/openshift/hypershift/pull/4168) * [OCPBUGS-34856](https://issues.redhat.com/browse/OCPBUGS-34856): [release-4.14] OCPBUGS-34855: Add new permission required in CAPA [#4149](https://github.com/openshift/hypershift/pull/4149) * NO-JIRA: test/e2e: fix prometheus serviceaccount handling against 4.16+ [#4159](https://github.com/openshift/hypershift/pull/4159) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#4112](https://github.com/openshift/hypershift/pull/4112) * NO-JIRA: chore(deps): update rhtap references to 9aec3ae (release-4.14) [#4073](https://github.com/openshift/hypershift/pull/4073) * NO-JIRA: Remove CLI inspection of release image [#4061](https://github.com/openshift/hypershift/pull/4061) * [OCPBUGS-33713](https://issues.redhat.com/browse/OCPBUGS-33713): Reconcile over ICSP/IDMS [#4059](https://github.com/openshift/hypershift/pull/4059) * NO-JIRA: chore(deps): update rhtap references to 7cd8020 (release-4.14) [#4065](https://github.com/openshift/hypershift/pull/4065) * [OCPBUGS-33844](https://issues.redhat.com/browse/OCPBUGS-33844): Fix disconnected metadata inspection [#4049](https://github.com/openshift/hypershift/pull/4049) * [OCPBUGS-33843](https://issues.redhat.com/browse/OCPBUGS-33843): Recycler-pod image now points to the OCP Payload reference [#4048](https://github.com/openshift/hypershift/pull/4048) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#4040](https://github.com/openshift/hypershift/pull/4040) * [HOSTEDCP-1480](https://issues.redhat.com/browse/HOSTEDCP-1480): Update TLS cert hash creation with sha512 [#4025](https://github.com/openshift/hypershift/pull/4025) * NO-JIRA: Update RHTAP references (release-4.14) [#3995](https://github.com/openshift/hypershift/pull/3995) * [HOSTEDCP-1552](https://issues.redhat.com/browse/HOSTEDCP-1552): Update RHTAP tekton files for 0.3 -> 0.4 migration [#3958](https://github.com/openshift/hypershift/pull/3958) * [OCPBUGS-33105](https://issues.redhat.com/browse/OCPBUGS-33105): [release-4.14] remove PrivateIngressController cleanup [#3960](https://github.com/openshift/hypershift/pull/3960) * [OCPBUGS-32471](https://issues.redhat.com/browse/OCPBUGS-32471): Fix ICSP and IDMS inclusion as registriesOverrides [#3912](https://github.com/openshift/hypershift/pull/3912) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3920](https://github.com/openshift/hypershift/pull/3920) * [OCPBUGS-32221](https://issues.redhat.com/browse/OCPBUGS-32221): Added support for OLM Disable default sources on HC creation [#3882](https://github.com/openshift/hypershift/pull/3882) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3903](https://github.com/openshift/hypershift/pull/3903) * NO-JIRA: [4.14] [e2e test framework] Add a flag to add an annotation to Hosted Cluster [#3905](https://github.com/openshift/hypershift/pull/3905) * [HOSTEDCP-1526](https://issues.redhat.com/browse/HOSTEDCP-1526): [release-4.14] Support additional node selectors for request serving nodes [#3898](https://github.com/openshift/hypershift/pull/3898) * chore(deps): update rhtap references (release-4.14) [#3888](https://github.com/openshift/hypershift/pull/3888) * NO-JIRA: Update RHTAP references (release-4.14) [#3874](https://github.com/openshift/hypershift/pull/3874) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3869](https://github.com/openshift/hypershift/pull/3869) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3858](https://github.com/openshift/hypershift/pull/3858) * NO-JIRA: Update RHTAP references (release-4.14) [#3836](https://github.com/openshift/hypershift/pull/3836) * [OCPBUGS-31657](https://issues.redhat.com/browse/OCPBUGS-31657): disable http2 for ignition server and proxy [#3831](https://github.com/openshift/hypershift/pull/3831) * [OCPBUGS-31605](https://issues.redhat.com/browse/OCPBUGS-31605): inject built-in MCP selector for KubeletConfigs and ContainerRuntimeConfigs [#3826](https://github.com/openshift/hypershift/pull/3826) * [HOSTEDCP-1322](https://issues.redhat.com/browse/HOSTEDCP-1322): NodeUpgradeType defaulted by provider [#3822](https://github.com/openshift/hypershift/pull/3822) * NO-JIRA: Update RHTAP references (release-4.14) [#3813](https://github.com/openshift/hypershift/pull/3813) * [OCPBUGS-31417](https://issues.redhat.com/browse/OCPBUGS-31417): honor HC image configuration [#3806](https://github.com/openshift/hypershift/pull/3806) * [OCPBUGS-23914](https://issues.redhat.com/browse/OCPBUGS-23914): Added OLMCatalogPlacement option to the CLI [#3229](https://github.com/openshift/hypershift/pull/3229) * [OCPBUGS-30211](https://issues.redhat.com/browse/OCPBUGS-30211): set Konnectivity cipher suites [#3679](https://github.com/openshift/hypershift/pull/3679) * chore(deps): update rhtap references (release-4.14) [#3792](https://github.com/openshift/hypershift/pull/3792) * [OCPBUGS-31048](https://issues.redhat.com/browse/OCPBUGS-31048): [4.15] HCP deletion can get stuck if CPO is unable to delete the default worker security group [#3771](https://github.com/openshift/hypershift/pull/3771) * [HOSTEDCP-1488](https://issues.redhat.com/browse/HOSTEDCP-1488): Use regionalized STS endpoints in AWS [#3756](https://github.com/openshift/hypershift/pull/3756) * NO-JIRA: Update RHTAP references (release-4.14) [#3755](https://github.com/openshift/hypershift/pull/3755) * chore(deps): update rhtap references (release-4.14) [#3739](https://github.com/openshift/hypershift/pull/3739) * [OCPBUGS-30596](https://issues.redhat.com/browse/OCPBUGS-30596): Bump golang.org/x/net to version v0.17.0 [#3711](https://github.com/openshift/hypershift/pull/3711) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3706](https://github.com/openshift/hypershift/pull/3706) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3676](https://github.com/openshift/hypershift/pull/3676) * NO-JIRA: Update RHTAP references (release-4.14) [#3672](https://github.com/openshift/hypershift/pull/3672) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3651](https://github.com/openshift/hypershift/pull/3651) * [OCPBUGS-29782](https://issues.redhat.com/browse/OCPBUGS-29782): use 2040 for apiserver svc in IBM provider [#3594](https://github.com/openshift/hypershift/pull/3594) * "[release-4.14] OCPBUGS-29259: Fix default release image lookup" [#3550](https://github.com/openshift/hypershift/pull/3550) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3620](https://github.com/openshift/hypershift/pull/3620) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3625](https://github.com/openshift/hypershift/pull/3625) * [OCPBUGS-29094](https://issues.redhat.com/browse/OCPBUGS-29094): Make ControllerAvailabilityPolicy immutable [#3534](https://github.com/openshift/hypershift/pull/3534) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3604](https://github.com/openshift/hypershift/pull/3604) * NO-JIRA: Update RHTAP references (release-4.14) [#3591](https://github.com/openshift/hypershift/pull/3591) * NO-JIRA: Update RHTAP references (release-4.14) [#3519](https://github.com/openshift/hypershift/pull/3519) * NO-JIRA: Approvers update [#3580](https://github.com/openshift/hypershift/pull/3580) * [MULTIARCH-4084](https://issues.redhat.com/browse/MULTIARCH-4084): Reduce the policy access scope to specific instance [#3530](https://github.com/openshift/hypershift/pull/3530) * [OCPBUGS-29206](https://issues.redhat.com/browse/OCPBUGS-29206): Add GC knobs for KAS [#3543](https://github.com/openshift/hypershift/pull/3543) * [OCPBUGS-29187](https://issues.redhat.com/browse/OCPBUGS-29187): node spread anti-affinity for HA HCP [#3541](https://github.com/openshift/hypershift/pull/3541) * [OCPBUGS-19956](https://issues.redhat.com/browse/OCPBUGS-19956), [OCPBUGS-28984](https://issues.redhat.com/browse/OCPBUGS-28984), [OCPBUGS-28985](https://issues.redhat.com/browse/OCPBUGS-28985), [OCPBUGS-28986](https://issues.redhat.com/browse/OCPBUGS-28986), [OCPBUGS-29000](https://issues.redhat.com/browse/OCPBUGS-29000): Support Disconnected HCP [#3520](https://github.com/openshift/hypershift/pull/3520) * [OCPBUGS-29030](https://issues.redhat.com/browse/OCPBUGS-29030): Add ValidatingAdmissionPolicy to KAS config [#3524](https://github.com/openshift/hypershift/pull/3524) * [HOSTEDCP-1272](https://issues.redhat.com/browse/HOSTEDCP-1272): Added CLI support to create DualStack clusters using default values [#3514](https://github.com/openshift/hypershift/pull/3514) * [OCPBUGS-28238](https://issues.redhat.com/browse/OCPBUGS-28238): consider HCP upgradeable if CVO has no upgradable condition [#3468](https://github.com/openshift/hypershift/pull/3468) * [OCPBUGS-26526](https://issues.redhat.com/browse/OCPBUGS-26526): Documented to disable UWM telemetry writer in disconnected envs [#3389](https://github.com/openshift/hypershift/pull/3389) * [OCPBUGS-26526](https://issues.redhat.com/browse/OCPBUGS-26526): Disable UWM Telemetry writer when telemeter-client cm not exists [#3388](https://github.com/openshift/hypershift/pull/3388) * [OCPBUGS-27072](https://issues.redhat.com/browse/OCPBUGS-27072): Apply Scheduling Configuration for kCCM [#3418](https://github.com/openshift/hypershift/pull/3418) * NO-JIRA: Update RHTAP references (release-4.14) [#3509](https://github.com/openshift/hypershift/pull/3509) * [OCPBUGS-20180](https://issues.redhat.com/browse/OCPBUGS-20180), [OCPBUGS-20547](https://issues.redhat.com/browse/OCPBUGS-20547): Added network validations [#3096](https://github.com/openshift/hypershift/pull/3096) * [OCPBUGS-23997](https://issues.redhat.com/browse/OCPBUGS-23997): add watch for HCP pullsecret to HCCO [#3265](https://github.com/openshift/hypershift/pull/3265) * [OCPBUGS-28249](https://issues.redhat.com/browse/OCPBUGS-28249): Required RBAC for network-node-identity is not created when hosted cluster networkType is set to Other. [#3485](https://github.com/openshift/hypershift/pull/3485) * NO-JIRA: Update RHTAP references (release-4.14) [#3447](https://github.com/openshift/hypershift/pull/3447) * [OCPBUGS-24315](https://issues.redhat.com/browse/OCPBUGS-24315): Add prestop to konnectiviy server [#3268](https://github.com/openshift/hypershift/pull/3268) * [OCPBUGS-24307](https://issues.redhat.com/browse/OCPBUGS-24307): Set shutdown-delay-duration to 15s [#3264](https://github.com/openshift/hypershift/pull/3264) * [OCPBUGS-21795](https://issues.redhat.com/browse/OCPBUGS-21795): change trusted bundle volume mount for CPO [#3102](https://github.com/openshift/hypershift/pull/3102) * [OCPBUGS-25217](https://issues.redhat.com/browse/OCPBUGS-25217): Konnectivity agent update strategy [#3308](https://github.com/openshift/hypershift/pull/3308) * [OCPBUGS-26574](https://issues.redhat.com/browse/OCPBUGS-26574): Set new condition on SG deletion. [#3398](https://github.com/openshift/hypershift/pull/3398) * Update RHTAP references (release-4.14) [#3402](https://github.com/openshift/hypershift/pull/3402) * Update RHTAP references (release-4.14) [#3383](https://github.com/openshift/hypershift/pull/3383) * [OCPBUGS-22360](https://issues.redhat.com/browse/OCPBUGS-22360): Validate accessTokenInactivityTimeout >= 300s [#3175](https://github.com/openshift/hypershift/pull/3175) * [OCPBUGS-23936](https://issues.redhat.com/browse/OCPBUGS-23936): Use correct kubeconfig in CCM and remove CCMs access t… [#3232](https://github.com/openshift/hypershift/pull/3232) * [OCPBUGS-12720](https://issues.redhat.com/browse/OCPBUGS-12720): Updating hypershift images to be consistent with ART [#2467](https://github.com/openshift/hypershift/pull/2467) * [OCPBUGS-24627](https://issues.redhat.com/browse/OCPBUGS-24627): unset ServiceAccount on ignition-server-proxy [#3295](https://github.com/openshift/hypershift/pull/3295) * [Release 4.14] OCPBUGS-24556: Fix a bug on deletion of a hostedcluster [#3290](https://github.com/openshift/hypershift/pull/3290) * [OCPBUGS-24269](https://issues.redhat.com/browse/OCPBUGS-24269): add CLI oauthclient [#3272](https://github.com/openshift/hypershift/pull/3272) * [OCPBUGS-23569](https://issues.redhat.com/browse/OCPBUGS-23569): Added IPFamilyPolicy to services exposed at the HCP in DualStack mode [#3224](https://github.com/openshift/hypershift/pull/3224) * [HOSTEDCP-1318](https://issues.redhat.com/browse/HOSTEDCP-1318): external OIDC enablement [#3261](https://github.com/openshift/hypershift/pull/3261) * [OCPBUGS-23747](https://issues.redhat.com/browse/OCPBUGS-23747): Added brackets to IPv6 KAS address on kubeconfig [#3228](https://github.com/openshift/hypershift/pull/3228) * [OCPBUGS-24063](https://issues.redhat.com/browse/OCPBUGS-24063): fix(cpo): Set restart annotation on network-node-identity [#3248](https://github.com/openshift/hypershift/pull/3248) * release-4.14, HOSTEDCP-1315: Improve NodePool CPU arch & platform check [#3236](https://github.com/openshift/hypershift/pull/3236) * [OCPBUGS-22676](https://issues.redhat.com/browse/OCPBUGS-22676): Make the OLMCatalogPlacement field immutable [#3143](https://github.com/openshift/hypershift/pull/3143) * [OCPBUGS-23558](https://issues.redhat.com/browse/OCPBUGS-23558): Let router use svc ips 4.14 [#3221](https://github.com/openshift/hypershift/pull/3221) * [OCPBUGS-19678](https://issues.redhat.com/browse/OCPBUGS-19678): Remove cluster name validation from HCC [#3040](https://github.com/openshift/hypershift/pull/3040) * "[release-4.14] CNV-35326: unsupported escape hatch mechanism custom HS/KV vms" [#3202](https://github.com/openshift/hypershift/pull/3202) * [OCPBUGS-23027](https://issues.redhat.com/browse/OCPBUGS-23027): Configure HSTS for kube-apiserver [#3169](https://github.com/openshift/hypershift/pull/3169) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3085](https://github.com/openshift/hypershift/pull/3085) * [OCPBUGS-23142](https://issues.redhat.com/browse/OCPBUGS-23142): adding permission to CNO RBAC Calico path for network-node-identity deploy [#3182](https://github.com/openshift/hypershift/pull/3182) * [OCPBUGS-22295](https://issues.redhat.com/browse/OCPBUGS-22295): Added brackets to the kubeconfig server address when IPv6 [#3117](https://github.com/openshift/hypershift/pull/3117) * [OCPBUGS-22690](https://issues.redhat.com/browse/OCPBUGS-22690): Use the same etcd snapshot for all replicas during etcd restore [#3146](https://github.com/openshift/hypershift/pull/3146) * [OCPBUGS-22959](https://issues.redhat.com/browse/OCPBUGS-22959): Update regex validation for nodepool.spec.taints.value [#3165](https://github.com/openshift/hypershift/pull/3165) * [HOSTEDCP-1280](https://issues.redhat.com/browse/HOSTEDCP-1280): Adjustment cluster-cidr,service-cidr to support dualstack [#3162](https://github.com/openshift/hypershift/pull/3162) * [OCPBUGS-22898](https://issues.redhat.com/browse/OCPBUGS-22898): Stop exposing kas on 6443 private route service load balancer [#3159](https://github.com/openshift/hypershift/pull/3159) * [OCPBUGS-22898](https://issues.redhat.com/browse/OCPBUGS-22898): Stop defaulting aws private haproxy external port to 6443 [#3160](https://github.com/openshift/hypershift/pull/3160) * [OCPBUGS-19897](https://issues.redhat.com/browse/OCPBUGS-19897): Add konnectivity-proxy container to CNO [#3058](https://github.com/openshift/hypershift/pull/3058) * [OCPBUGS-22379](https://issues.redhat.com/browse/OCPBUGS-22379): Cluster-policy-controller: add missing RBAC for privileged namespaces PSA syncer controller [#3131](https://github.com/openshift/hypershift/pull/3131) * [OCPBUGS-20526](https://issues.redhat.com/browse/OCPBUGS-20526): Align PSA labels on guest cluster namespaces with standalone OCP [#3111](https://github.com/openshift/hypershift/pull/3111) * [OCPBUGS-21869](https://issues.redhat.com/browse/OCPBUGS-21869): Remove EnsurePSANotPrivileged [#3107](https://github.com/openshift/hypershift/pull/3107) * [OCPBUGS-21822](https://issues.redhat.com/browse/OCPBUGS-21822): Add ign proxy label selector for LabelTopologyZone PodAntiAffinity [#3105](https://github.com/openshift/hypershift/pull/3105) * [OCPBUGS-21587](https://issues.redhat.com/browse/OCPBUGS-21587): change required pod anti-affinity rule to preferred rule [#3098](https://github.com/openshift/hypershift/pull/3098) * [OCPBUGS-19794](https://issues.redhat.com/browse/OCPBUGS-19794): Upgrade Agent APIs to v1beta1 [#3059](https://github.com/openshift/hypershift/pull/3059) * [OCPBUGS-19797](https://issues.redhat.com/browse/OCPBUGS-19797): reconcile Authentication global config [#3053](https://github.com/openshift/hypershift/pull/3053) * [OCPBUGS-19794](https://issues.redhat.com/browse/OCPBUGS-19794): Upgrade agent APIs to v1beta1 [#3051](https://github.com/openshift/hypershift/pull/3051) * [OCPBUGS-20249](https://issues.redhat.com/browse/OCPBUGS-20249): Set KAS config pod security Enforce to privileged [#3083](https://github.com/openshift/hypershift/pull/3083) * [OCPBUGS-20163](https://issues.redhat.com/browse/OCPBUGS-20163): Report correct port when API exposed via route [#3078](https://github.com/openshift/hypershift/pull/3078) * [OCPBUGS-19796](https://issues.redhat.com/browse/OCPBUGS-19796): set accesstoken-inactivity-timeout flag to openshift-oauth-apiserver [#3052](https://github.com/openshift/hypershift/pull/3052) * Update RHTAP references (release-4.14) [#3060](https://github.com/openshift/hypershift/pull/3060) * Migrate deprecated-base-image-check pipeline [#3057](https://github.com/openshift/hypershift/pull/3057) * chore(deps): update rhtap references (release-4.14) [#2752](https://github.com/openshift/hypershift/pull/2752) * Update kubevirt csi driver deployment with proper timeouts [#3046](https://github.com/openshift/hypershift/pull/3046) * [OCPBUGS-19463](https://issues.redhat.com/browse/OCPBUGS-19463): set default deploymentconfig params on AWS CCM [#3029](https://github.com/openshift/hypershift/pull/3029) * [ACM-7278](https://issues.redhat.com/browse/ACM-7278): Remove marking pull secret as required in hcp cli [#3023](https://github.com/openshift/hypershift/pull/3023) * [OCPBUGS-18978](https://issues.redhat.com/browse/OCPBUGS-18978): add KAS endpoints to Except in router egress rule [#3010](https://github.com/openshift/hypershift/pull/3010) * [CNV-31919](https://issues.redhat.com/browse/CNV-31919): Validate KubeVirt platform required versioning [#3026](https://github.com/openshift/hypershift/pull/3026) * [OCPBUGS-19063](https://issues.redhat.com/browse/OCPBUGS-19063): amend OLM catalogs ImageStream according to annotation [#3016](https://github.com/openshift/hypershift/pull/3016) * enable CGO_ENABLED for building FIPS compliant images [#3006](https://github.com/openshift/hypershift/pull/3006) * [OCPBUGS-18828](https://issues.redhat.com/browse/OCPBUGS-18828): tuned DS should not use controlPlaneReleaseImage [#3005](https://github.com/openshift/hypershift/pull/3005) * Red Hat Trusted App Pipeline update hypershift-release-414 [#2639](https://github.com/openshift/hypershift/pull/2639) * [Full changelog](https://github.com/openshift/hypershift/compare/4c5aa5e56a13b61197da50f39c147f46868ffe38...69c645c12d450a0733cac2fab27c1099a89b717e) ### [ibm-cloud-controller-manager](https://github.com/openshift/cloud-provider-ibm/tree/f39488c53ab5151cebf11e8f82510a255a8005d3) * [OCPBUGS-23861](https://issues.redhat.com/browse/OCPBUGS-23861): Bump otelgrpc to v0.49.0 [#73](https://github.com/openshift/cloud-provider-ibm/pull/73) * [OCPBUGS-24665](https://issues.redhat.com/browse/OCPBUGS-24665): Add Snyk file to exclude vendor directory on scan [#65](https://github.com/openshift/cloud-provider-ibm/pull/65) * [OCPBUGS-21149](https://issues.redhat.com/browse/OCPBUGS-21149): Bump golang.org/x/net to v0.18.0 [#55](https://github.com/openshift/cloud-provider-ibm/pull/55) * [Full changelog](https://github.com/openshift/cloud-provider-ibm/compare/cc0d54159c5d626aaa91eef94a92a80b3d1a3870...f39488c53ab5151cebf11e8f82510a255a8005d3) ### [ibm-vpc-block-csi-driver](https://github.com/openshift/ibm-vpc-block-csi-driver/tree/4b4154380e9e4f5551a7681b9a440dc22e075b03) * [OCPBUGS-58738](https://issues.redhat.com/browse/OCPBUGS-58738): bump github.com/golang/glog to v1.2.4 [#109](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/109) * [OCPBUGS-56065](https://issues.redhat.com/browse/OCPBUGS-56065): tech debt: rework vendor patches [#93](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/93) * [OCPBUGS-53907](https://issues.redhat.com/browse/OCPBUGS-53907): bump github.com/golang-jwt/jwt/v4 to v4.5.2 [#86](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/86) * [OCPBUGS-36065](https://issues.redhat.com/browse/OCPBUGS-36065): CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 [#73](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/73) * [OCPBUGS-21246](https://issues.redhat.com/browse/OCPBUGS-21246): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#50](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/50) * [OCPBUGS-18142](https://issues.redhat.com/browse/OCPBUGS-18142): [IBM VPC] failed provisioning volume in proxy cluster [#46](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/46) * [Full changelog](https://github.com/openshift/ibm-vpc-block-csi-driver/compare/714ed7d71423e46cdf178b3352729cd47e566cd2...4b4154380e9e4f5551a7681b9a440dc22e075b03) ### [ibm-vpc-block-csi-driver-operator](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/tree/6258347568415eb6187a9fd988806e3212fa4f5e) * [OCPBUGS-59791](https://issues.redhat.com/browse/OCPBUGS-59791): [IBM VPC] set offlineExpansion to false in e2e test manifest [#151](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/151) * [OCPBUGS-36071](https://issues.redhat.com/browse/OCPBUGS-36071): CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 [#122](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/122) * [OCPBUGS-25657](https://issues.redhat.com/browse/OCPBUGS-25657): Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler [#104](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/104) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#91](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/91) * [OCPBUGS-21339](https://issues.redhat.com/browse/OCPBUGS-21339): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#81](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/81) * [Full changelog](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/compare/9c64fe8a910b916c29f9eb32712df001d09ca3bf...6258347568415eb6187a9fd988806e3212fa4f5e) ### [ibm-vpc-node-label-updater](https://github.com/openshift/ibm-vpc-node-label-updater/tree/01349bbdf3c459146c5e58b0a96526a2ba78391c) * [OCPBUGS-56065](https://issues.redhat.com/browse/OCPBUGS-56065): tech debt: rework vendor patches [#50](https://github.com/openshift/ibm-vpc-node-label-updater/pull/50) * [OCPBUGS-53539](https://issues.redhat.com/browse/OCPBUGS-53539): bump github.com/golang-jwt/jwt/v4 to v4.5.2 [#46](https://github.com/openshift/ibm-vpc-node-label-updater/pull/46) * [OCPBUGS-36011](https://issues.redhat.com/browse/OCPBUGS-36011): CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 [#42](https://github.com/openshift/ibm-vpc-node-label-updater/pull/42) * [OCPBUGS-21451](https://issues.redhat.com/browse/OCPBUGS-21451): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#27](https://github.com/openshift/ibm-vpc-node-label-updater/pull/27) * [Full changelog](https://github.com/openshift/ibm-vpc-node-label-updater/compare/9b13bd4c73e7fa58c109dc3e3b9221773cd7e0e3...01349bbdf3c459146c5e58b0a96526a2ba78391c) ### [ibmcloud-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-ibmcloud/tree/027ce1a7979e5735c6825ea811bfd66a702a7935) * [OCPBUGS-36077](https://issues.redhat.com/browse/OCPBUGS-36077): UPSTREAM: <carry>: Fix go-retryablehttp CVE - 4.14 [#88](https://github.com/openshift/cluster-api-provider-ibmcloud/pull/88) * [OCPBUGS-27279](https://issues.redhat.com/browse/OCPBUGS-27279): Add Snyk file to exclude vendor directory on scan [#76](https://github.com/openshift/cluster-api-provider-ibmcloud/pull/76) * [OCPBUGS-21436](https://issues.redhat.com/browse/OCPBUGS-21436): Bump golang.org/x/net to v0.18.0 [#63](https://github.com/openshift/cluster-api-provider-ibmcloud/pull/63) * [Full changelog](https://github.com/openshift/cluster-api-provider-ibmcloud/compare/b934c68cd083ea3abb65faf463cb6ab5383e5d7d...027ce1a7979e5735c6825ea811bfd66a702a7935) ### [ibmcloud-machine-controllers](https://github.com/openshift/machine-api-provider-ibmcloud/tree/a63c6aabeb484cf8d7f976edc80622de959abde4) * [OCPBUGS-36083](https://issues.redhat.com/browse/OCPBUGS-36083): Bump dependency for CVE [#57](https://github.com/openshift/machine-api-provider-ibmcloud/pull/57) * [Full changelog](https://github.com/openshift/machine-api-provider-ibmcloud/compare/6846b9a79e2f2dfc39061fe7625202db30a9a6b4...a63c6aabeb484cf8d7f976edc80622de959abde4) ### [insights-operator](https://github.com/openshift/insights-operator/tree/acc99f557871cbf137f57a540f26989c27bb1301) * Ignore previous status when disabling alerts (#1059) [#1059](https://github.com/openshift/insights-operator/pull/1059) * [OCPBUGS-45044](https://issues.redhat.com/browse/OCPBUGS-45044): insightsoperator.operator.openshift.io resource is create-only (#1058) [#1058](https://github.com/openshift/insights-operator/pull/1058) * Add haproxy metric (#999) [#999](https://github.com/openshift/insights-operator/pull/999) * Add missing permission for GatherClusterIngressCertificates (#984) [#984](https://github.com/openshift/insights-operator/pull/984) * [OCPBUGS-37673](https://issues.redhat.com/browse/OCPBUGS-37673): Ingress controller related certificates' validate dates gathering (#976) [#976](https://github.com/openshift/insights-operator/pull/976) * [OCPBUGS-36475](https://issues.redhat.com/browse/OCPBUGS-36475): properly encode the URL for the advisor links (#962) [#962](https://github.com/openshift/insights-operator/pull/962) * [OCPBUGS-36380](https://issues.redhat.com/browse/OCPBUGS-36380): Collect aggregated Prometheus Alertmanager instances (#960) [#960](https://github.com/openshift/insights-operator/pull/960) * [OCPBUGS-33193](https://issues.redhat.com/browse/OCPBUGS-33193): anonymization - externalIP can be nil (#931) (#933) [#931](https://github.com/openshift/insights-operator/pull/931) * [OCPBUGS-31975](https://issues.redhat.com/browse/OCPBUGS-31975): bump golang.org/x/net version (#926) [#926](https://github.com/openshift/insights-operator/pull/926) * [OCPBUGS-32343](https://issues.redhat.com/browse/OCPBUGS-32343): fix error message when the data processing was not successful (#833) (#928) [#833](https://github.com/openshift/insights-operator/pull/833) * Add linting recommendations (#904) [#904](https://github.com/openshift/insights-operator/pull/904) * gather etcd_server_slow metrics (#902) [#902](https://github.com/openshift/insights-operator/pull/902) * [OCPBUGS-23962](https://issues.redhat.com/browse/OCPBUGS-23962): adds helm information gather (#868) (#877) [#868](https://github.com/openshift/insights-operator/pull/868) * [OCPBUGS-23445](https://issues.redhat.com/browse/OCPBUGS-23445): DVO gatherer - add retry logic (#861) (#870) [#861](https://github.com/openshift/insights-operator/pull/861) * [OCPBUGS-22958](https://issues.redhat.com/browse/OCPBUGS-22958): adds cluster storageclasses gather (#858) (#865) [#858](https://github.com/openshift/insights-operator/pull/858) * [OCPBUGS-21859](https://issues.redhat.com/browse/OCPBUGS-21859): remove username & password config options (#843) [#843](https://github.com/openshift/insights-operator/pull/843) * [OCPBGUS-20767](https://issues.redhat.com/browse/OCPBGUS-20767): update dependencies (#837) [#837](https://github.com/openshift/insights-operator/pull/837) * [OCPBUGS-20590](https://issues.redhat.com/browse/OCPBUGS-20590): gather APIServer.config.openshift.io resource (#839) [#839](https://github.com/openshift/insights-operator/pull/839) * [OCPBUGS-20034](https://issues.redhat.com/browse/OCPBUGS-20034): improve on-demand data gathering timing issues (#835) [#835](https://github.com/openshift/insights-operator/pull/835) * [OCPBUGS-19387](https://issues.redhat.com/browse/OCPBUGS-19387): mark datagather job as failed if the data was not processed (#830) [#830](https://github.com/openshift/insights-operator/pull/830) * [OCPBUGS-19476](https://issues.redhat.com/browse/OCPBUGS-19476): update Insights report config logging (#826) [#826](https://github.com/openshift/insights-operator/pull/826) * [Full changelog](https://github.com/openshift/insights-operator/compare/975bba9802ebd6c0f1e52117584b82c38831eda8...acc99f557871cbf137f57a540f26989c27bb1301) ### [ironic](https://github.com/openshift/ironic-image/tree/87eb83fa35a4b56cf21c280619b945156020590e) * [OCPBUGS-48147](https://issues.redhat.com/browse/OCPBUGS-48147), [OCPBUGS-48594](https://issues.redhat.com/browse/OCPBUGS-48594): Bump jinja2 to 3.0.1-6.el9.2 [#625](https://github.com/openshift/ironic-image/pull/625) * [OCPBUGS-43954](https://issues.redhat.com/browse/OCPBUGS-43954), [OCPBUGS-43962](https://issues.redhat.com/browse/OCPBUGS-43962): Bump python-waitress [4.14] [#607](https://github.com/openshift/ironic-image/pull/607) * [OCPBUGS-39019](https://issues.redhat.com/browse/OCPBUGS-39019): Bump ironic-lib to fix utf8 decoding issue [#571](https://github.com/openshift/ironic-image/pull/571) * [OCPBUGS-32266](https://issues.redhat.com/browse/OCPBUGS-32266): redfish-virtualmedia fails on XFusion nodes [#548](https://github.com/openshift/ironic-image/pull/548) * [OCPBUGS-37762](https://issues.redhat.com/browse/OCPBUGS-37762), [OCPBUGS-39382](https://issues.redhat.com/browse/OCPBUGS-39382): Include fixes for CVE-2024-44082 [#584](https://github.com/openshift/ironic-image/pull/584) * [OCPBUGS-38508](https://issues.redhat.com/browse/OCPBUGS-38508): set min version for python3-webob [#555](https://github.com/openshift/ironic-image/pull/555) * [OCPBUGS-33375](https://issues.redhat.com/browse/OCPBUGS-33375): bump werkzeug [#537](https://github.com/openshift/ironic-image/pull/537) * [OCPBUGS-37410](https://issues.redhat.com/browse/OCPBUGS-37410): bump jinja2 [#530](https://github.com/openshift/ironic-image/pull/530) * [OCPBUGS-37115](https://issues.redhat.com/browse/OCPBUGS-37115): Update eventlet version [#524](https://github.com/openshift/ironic-image/pull/524) * Bug OCPBUGS-34657: Disable installation of .pyc files through pip [#512](https://github.com/openshift/ironic-image/pull/512) * [METAL-1004](https://issues.redhat.com/browse/METAL-1004): Update ironic-lib to latest release-4.14 commit [#492](https://github.com/openshift/ironic-image/pull/492) * [OCPBUGS-32364](https://issues.redhat.com/browse/OCPBUGS-32364): [4.14] remove unused prometheus-exporter [#487](https://github.com/openshift/ironic-image/pull/487) * [OCPBUGS-32169](https://issues.redhat.com/browse/OCPBUGS-32169): [4.14] Add hybrid configuration for cachito [#482](https://github.com/openshift/ironic-image/pull/482) * [OCPBUGS-32388](https://issues.redhat.com/browse/OCPBUGS-32388): Use unix sockets by default for reverse proxy communication [#475](https://github.com/openshift/ironic-image/pull/475) * [OCPBUGS-32169](https://issues.redhat.com/browse/OCPBUGS-32169): [4.14] Add requirements placeholders for cachito [#469](https://github.com/openshift/ironic-image/pull/469) * [OCPBUGS-27773](https://issues.redhat.com/browse/OCPBUGS-27773): Update inspector package to fix LLDP unicode error [#452](https://github.com/openshift/ironic-image/pull/452) * [OCPBUGS-27193](https://issues.redhat.com/browse/OCPBUGS-27193): Fix Inspector iPXE config for IPv6 addresses [#448](https://github.com/openshift/ironic-image/pull/448) * [OCPBUGS-19884](https://issues.redhat.com/browse/OCPBUGS-19884): update Ironic to include secure boot fixes [#445](https://github.com/openshift/ironic-image/pull/445) * [OCPBUGS-23903](https://issues.redhat.com/browse/OCPBUGS-23903): Ironic side of external_http_url (METAL-163) is not wired in correctly [#429](https://github.com/openshift/ironic-image/pull/429) * [OCPBUGS-23505](https://issues.redhat.com/browse/OCPBUGS-23505): Uplift eventlet version [#426](https://github.com/openshift/ironic-image/pull/426) * [OCPBUGS-23354](https://issues.redhat.com/browse/OCPBUGS-23354): Upgrade markupsafe and werkzeug dependencies [#421](https://github.com/openshift/ironic-image/pull/421) * [OCPBUGS-14926](https://issues.redhat.com/browse/OCPBUGS-14926): Handle Eject DVD 4.14 [#415](https://github.com/openshift/ironic-image/pull/415) * [OCPBUGS-22253](https://issues.redhat.com/browse/OCPBUGS-22253): Use bash process substitution instead of pipe [#411](https://github.com/openshift/ironic-image/pull/411) * [OCPBUGS-19884](https://issues.redhat.com/browse/OCPBUGS-19884): update Ironic to include secure boot fixes [#404](https://github.com/openshift/ironic-image/pull/404) * [OCPBUGS-19333](https://issues.redhat.com/browse/OCPBUGS-19333): update ironic to include SQLite fixes [#402](https://github.com/openshift/ironic-image/pull/402) * [OCPBUGS-19083](https://issues.redhat.com/browse/OCPBUGS-19083): Switch from current-tripleo to puppet-passed-ci [#399](https://github.com/openshift/ironic-image/pull/399) * [Full changelog](https://github.com/openshift/ironic-image/compare/3bf0111ba3952bac33403a5adc3533c8f35d674c...87eb83fa35a4b56cf21c280619b945156020590e) ### [ironic-agent](https://github.com/openshift/ironic-agent-image/tree/e839a4e87eb09b78e562a3bab8f23f1c767742a4) * [OCPBUGS-39019](https://issues.redhat.com/browse/OCPBUGS-39019): Bump ironic-lib to fix utf8 decoding issue [#158](https://github.com/openshift/ironic-agent-image/pull/158) * [OCPBUGS-39382](https://issues.redhat.com/browse/OCPBUGS-39382): Include fixes for CVE-2024-44082 [#163](https://github.com/openshift/ironic-agent-image/pull/163) * [OCPBUGS-33375](https://issues.redhat.com/browse/OCPBUGS-33375): set webob and bump werkzeug [#151](https://github.com/openshift/ironic-agent-image/pull/151) * [OCPBUGS-33452](https://issues.redhat.com/browse/OCPBUGS-33452): update ironic-lib with latest fixes [#133](https://github.com/openshift/ironic-agent-image/pull/133) * [METAL-1004](https://issues.redhat.com/browse/METAL-1004): Update ironic-lib to latest release-4.14 commit [#130](https://github.com/openshift/ironic-agent-image/pull/130) * [OCPBUGS-32170](https://issues.redhat.com/browse/OCPBUGS-32170): [4.14] Add hybrid configuration for cachito [#127](https://github.com/openshift/ironic-agent-image/pull/127) * [OCPBUGS-32170](https://issues.redhat.com/browse/OCPBUGS-32170): [4.14] Add placeholders for cachito [#124](https://github.com/openshift/ironic-agent-image/pull/124) * [OCPBUGS-29454](https://issues.redhat.com/browse/OCPBUGS-29454): Always add ignition to set hostname on /etc/hostname [#109](https://github.com/openshift/ironic-agent-image/pull/109) * [OCPBUGS-28554](https://issues.redhat.com/browse/OCPBUGS-28554): Update to latest ironic-python-agent for bugfixes [#107](https://github.com/openshift/ironic-agent-image/pull/107) * [OCPBUGS-25685](https://issues.redhat.com/browse/OCPBUGS-25685): Relax packages requirements [#103](https://github.com/openshift/ironic-agent-image/pull/103) * [OCPBUGS-23751](https://issues.redhat.com/browse/OCPBUGS-23751): Update packages with latest fixes [#96](https://github.com/openshift/ironic-agent-image/pull/96) * [Full changelog](https://github.com/openshift/ironic-agent-image/compare/d339f3ffb3bbf9879037c1f3d88303880dcb3068...e839a4e87eb09b78e562a3bab8f23f1c767742a4) ### [ironic-static-ip-manager](https://github.com/openshift/ironic-static-ip-manager/tree/1b194fd16b59c4a48223a2c9ac1bfb998a55c615) * [OCPBUGS-49890](https://issues.redhat.com/browse/OCPBUGS-49890): Fix subnet validation [#50](https://github.com/openshift/ironic-static-ip-manager/pull/50) * [Full changelog](https://github.com/openshift/ironic-static-ip-manager/compare/989bcb4f50a98c741f3c9c02c2f0fb118be216c8...1b194fd16b59c4a48223a2c9ac1bfb998a55c615) ### [k8s-prometheus-adapter](https://github.com/openshift/k8s-prometheus-adapter/tree/801a912b3a60d7e840fb1ff38b5ca992f47327fd) * [OCPBUGS-21473](https://issues.redhat.com/browse/OCPBUGS-21473): Add a toggle to disable HTTP/2 on the server to mitigate CVE-2023-44487 [#89](https://github.com/openshift/k8s-prometheus-adapter/pull/89) * [OCPBUGS-21473](https://issues.redhat.com/browse/OCPBUGS-21473): upgrade golang.org/x/net to 0.17.0 to address CVE-2023… [#81](https://github.com/openshift/k8s-prometheus-adapter/pull/81) * [OCPBUGS-20250](https://issues.redhat.com/browse/OCPBUGS-20250): limit number of simultaneous client requests [#77](https://github.com/openshift/k8s-prometheus-adapter/pull/77) * [Full changelog](https://github.com/openshift/k8s-prometheus-adapter/compare/34e201936898455995cd60c6699c6329a696f288...801a912b3a60d7e840fb1ff38b5ca992f47327fd) ### [keepalived-ipfailover](https://github.com/openshift/images/tree/03e5f40783e1b573f3d07d7640619ad9592f9a77) * [OCPBUGS-30414](https://issues.redhat.com/browse/OCPBUGS-30414): update unit tests in egress/dns-proxy [#173](https://github.com/openshift/images/pull/173) * [Full changelog](https://github.com/openshift/images/compare/87c23b5aa611556ff5013822c7779e6c7551a0f0...03e5f40783e1b573f3d07d7640619ad9592f9a77) ### [kube-proxy, sdn](https://github.com/openshift/sdn/tree/1f611c53ca22ebcf23d6a34ca07121f4fa2808d6) * [OCPBUGS-54991](https://issues.redhat.com/browse/OCPBUGS-54991): Handle `openshift-host-network` namespace as special when it modifies [#655](https://github.com/openshift/sdn/pull/655) * [OCPBUGS-46536](https://issues.redhat.com/browse/OCPBUGS-46536): Bump openvswitch [#647](https://github.com/openshift/sdn/pull/647) * [Release 4.14] OCPBUGS-43484: NP-1092: backport SDN live migration [#631](https://github.com/openshift/sdn/pull/631) * [OCPBUGS-20790](https://issues.redhat.com/browse/OCPBUGS-20790): update x/net to v0.17.0 [#587](https://github.com/openshift/sdn/pull/587) * [OCPBUGS-19558](https://issues.redhat.com/browse/OCPBUGS-19558): Collect pod operation latency metrics properly [#577](https://github.com/openshift/sdn/pull/577) * [Full changelog](https://github.com/openshift/sdn/compare/53680a50f8ca7bbcfa6c258c557c765fa6f8471a...1f611c53ca22ebcf23d6a34ca07121f4fa2808d6) ### [kube-rbac-proxy](https://github.com/openshift/kube-rbac-proxy/tree/b8b8259584046eabb7565f262c8105c2686107a4) * [OCPBUGS-31971](https://issues.redhat.com/browse/OCPBUGS-31971): bump golang.org/x/net [4.14] [#108](https://github.com/openshift/kube-rbac-proxy/pull/108) * [OCPBUGS-20717](https://issues.redhat.com/browse/OCPBUGS-20717): http2: trim connetions and buffers, v4.14 [#81](https://github.com/openshift/kube-rbac-proxy/pull/81) * [OCPBUGS-20717](https://issues.redhat.com/browse/OCPBUGS-20717): go.mod: bump golang.org/x/net to v0.17.0 [#75](https://github.com/openshift/kube-rbac-proxy/pull/75) * [Full changelog](https://github.com/openshift/kube-rbac-proxy/compare/9308e7f2a6d984fa7b8ddc125524d7b7356f92ce...b8b8259584046eabb7565f262c8105c2686107a4) ### [kube-state-metrics](https://github.com/openshift/kube-state-metrics/tree/db0c54994a6aad9155a94513eaa3480c1812f45e) * [OCPBUGS-20794](https://issues.redhat.com/browse/OCPBUGS-20794): bump x/net to v0.17.0 [#101](https://github.com/openshift/kube-state-metrics/pull/101) * [Full changelog](https://github.com/openshift/kube-state-metrics/compare/037b59c265454c599dfb0829a856e14b1ab07896...db0c54994a6aad9155a94513eaa3480c1812f45e) ### [kube-storage-version-migrator](https://github.com/openshift/kubernetes-kube-storage-version-migrator/tree/b533e08c1ee5ac79d5b9219ec0ac2fefca353d9d) * NO-JIRA: Add DOWNSTREAM_OWNERS (release 4-14). [#229](https://github.com/openshift/kubernetes-kube-storage-version-migrator/pull/229) * [Full changelog](https://github.com/openshift/kubernetes-kube-storage-version-migrator/compare/a6a9ab1a765ea5bf5815e6b15a5a39840a03bb3e...b533e08c1ee5ac79d5b9219ec0ac2fefca353d9d) ### [kubevirt-cloud-controller-manager](https://github.com/openshift/cloud-provider-kubevirt/tree/7d96f56d4bbc8449fdddbdbc630d9337097f0030) * [OCPBUGS-23866](https://issues.redhat.com/browse/OCPBUGS-23866): deps, bump opentelemetry [#38](https://github.com/openshift/cloud-provider-kubevirt/pull/38) * [OCPBUGS-21174](https://issues.redhat.com/browse/OCPBUGS-21174): Bump golang.org/x/net to v0.18.0 [#37](https://github.com/openshift/cloud-provider-kubevirt/pull/37) * [OCPBUGS-30861](https://issues.redhat.com/browse/OCPBUGS-30861): Bump golang.org/x/net to v0.18.0 [#36](https://github.com/openshift/cloud-provider-kubevirt/pull/36) * [OCPBUGS-19020](https://issues.redhat.com/browse/OCPBUGS-19020): Auto sync upstream 2023 09 15 20 36 [#26](https://github.com/openshift/cloud-provider-kubevirt/pull/26) * [Full changelog](https://github.com/openshift/cloud-provider-kubevirt/compare/dbaf9ea1edd5a953606a80cb45f723c934a73ded...7d96f56d4bbc8449fdddbdbc630d9337097f0030) ### [kubevirt-csi-driver](https://github.com/openshift/kubevirt-csi-driver/tree/48fafc4a9edc202c5ff674b5f631568b4d62f7f5) * "OCPBUGS-29792: [release-4.14] Address CVE-2024-1725: Restrict access to infrastructure PVCs by requiring matching infraClusterLabels on tenant PVCs" [#34](https://github.com/openshift/kubevirt-csi-driver/pull/34) * [OCPBUGS-19730](https://issues.redhat.com/browse/OCPBUGS-19730): Ensure volume is removed before returning success (https://github.com/kubevirt/csi-driver/pull/90) [#25](https://github.com/openshift/kubevirt-csi-driver/pull/25) * [Full changelog](https://github.com/openshift/kubevirt-csi-driver/compare/23b66bfa19c2eae23dc9ef715f244e937dee9e64...48fafc4a9edc202c5ff674b5f631568b4d62f7f5) ### [libvirt-machine-controllers](https://github.com/openshift/cluster-api-provider-libvirt/tree/34dfccba84a23b871d4f29dcec55929c11696e91) * [OCPBUGS-19926](https://issues.redhat.com/browse/OCPBUGS-19926): [release-4.14] Don't force use of virtio console [#269](https://github.com/openshift/cluster-api-provider-libvirt/pull/269) * [Full changelog](https://github.com/openshift/cluster-api-provider-libvirt/compare/7dab74442333f91cd952091ab4ebf6aee7250cf2...34dfccba84a23b871d4f29dcec55929c11696e91) ### [machine-api-operator](https://github.com/openshift/machine-api-operator/tree/28aa32fc3084d7e3a91378fd9d70ddd9832404cc) * [OCPBUGS-53296](https://issues.redhat.com/browse/OCPBUGS-53296): add image/read permissions [#1350](https://github.com/openshift/machine-api-operator/pull/1350) * [OCPBUGS-48245](https://issues.redhat.com/browse/OCPBUGS-48245): VSphere: Handle cloned instance with lost taskID [#1322](https://github.com/openshift/machine-api-operator/pull/1322) * [OCPBUGS-47659](https://issues.redhat.com/browse/OCPBUGS-47659): Ensure deletion annotation takes priority and oldestPolicy can distinguish longer ages [#1318](https://github.com/openshift/machine-api-operator/pull/1318) * [OCPBUGS-43821](https://issues.redhat.com/browse/OCPBUGS-43821): install/0000_30_machine-api-operator_00_credentials-request: Set skipServiceCheck again for GCP [#1303](https://github.com/openshift/machine-api-operator/pull/1303) * [CFE-1051](https://issues.redhat.com/browse/CFE-1051): Adding web-hook validation for capacityReservationGroupID [#1260](https://github.com/openshift/machine-api-operator/pull/1260) * [OCPBUGS-31980](https://issues.redhat.com/browse/OCPBUGS-31980): Update x/net to v0.25.0 [#1236](https://github.com/openshift/machine-api-operator/pull/1236) * [OCPBUGS-30898](https://issues.redhat.com/browse/OCPBUGS-30898): Azure MAO CredentialsRequest Contains Unnecessary virtualMachines/extensions Permissions [#1224](https://github.com/openshift/machine-api-operator/pull/1224) * [OCPBUGS-28745](https://issues.redhat.com/browse/OCPBUGS-28745): Set --max-concurrent-reconciles=10 for Azure machine controller [#1217](https://github.com/openshift/machine-api-operator/pull/1217) * [OCPBUGS-28745](https://issues.redhat.com/browse/OCPBUGS-28745): Add AddWithActuatorOpts to allow overriding Machine controller options [#1214](https://github.com/openshift/machine-api-operator/pull/1214) * [OCPBUGS-24998](https://issues.redhat.com/browse/OCPBUGS-24998): Add Snyk file to exclude vendor directory on scan [#1191](https://github.com/openshift/machine-api-operator/pull/1191) * [OCPBUGS-24047](https://issues.redhat.com/browse/OCPBUGS-24047): Update reference URL [#1186](https://github.com/openshift/machine-api-operator/pull/1186) * [OCPBUGS-24047](https://issues.redhat.com/browse/OCPBUGS-24047): Use docs URL instead of KCS article [#1180](https://github.com/openshift/machine-api-operator/pull/1180) * [OCPBUGS-17297](https://issues.redhat.com/browse/OCPBUGS-17297): [release-4.14] Update x/net to fix CVE [#1173](https://github.com/openshift/machine-api-operator/pull/1173) * [Full changelog](https://github.com/openshift/machine-api-operator/compare/166c46a10102f0d5970862c5b22f11c6cc3969fa...28aa32fc3084d7e3a91378fd9d70ddd9832404cc) ### [machine-config-operator](https://github.com/openshift/machine-config-operator/tree/00b2e0b1cc83e119995bbbe2ae06665c3d1655d7) * [OCPBUGS-57341](https://issues.redhat.com/browse/OCPBUGS-57341): Do not enable on-prem-resolv-prepender.path for UPI [#5114](https://github.com/openshift/machine-config-operator/pull/5114) * [OCPBUGS-43743](https://issues.redhat.com/browse/OCPBUGS-43743): Soften haproxy timeout for kubeapi probe [#4664](https://github.com/openshift/machine-config-operator/pull/4664) * [OCPBUGS-54228](https://issues.redhat.com/browse/OCPBUGS-54228): Update ObservedGeneration in KubeletConfig [#4950](https://github.com/openshift/machine-config-operator/pull/4950) * [OCPBUGS-50631](https://issues.redhat.com/browse/OCPBUGS-50631): Add clarification to invalid maxUnavailable alert [#4848](https://github.com/openshift/machine-config-operator/pull/4848) * [OCPBUGS-48801](https://issues.redhat.com/browse/OCPBUGS-48801): Wait for all subcontrollers [#4808](https://github.com/openshift/machine-config-operator/pull/4808) * [OCPBUGS-46057](https://issues.redhat.com/browse/OCPBUGS-46057): Remove trailing periods from AWS provided hostnames [#4747](https://github.com/openshift/machine-config-operator/pull/4747) * [OCPBUGS-45271](https://issues.redhat.com/browse/OCPBUGS-45271): Post upgrading from 4.14 to 4.15.36, the observedGeneration count increased tremendously [#4725](https://github.com/openshift/machine-config-operator/pull/4725) * [OCPBUGS-42111](https://issues.redhat.com/browse/OCPBUGS-42111): Do not use 'restart' for 'oneshot' service [#4622](https://github.com/openshift/machine-config-operator/pull/4622) * [MCO-1278](https://issues.redhat.com/browse/MCO-1278): Backport Telemetry to 4.14 [#4672](https://github.com/openshift/machine-config-operator/pull/4672) * [OCPBUGS-43981](https://issues.redhat.com/browse/OCPBUGS-43981): Panic seen in CI job for MCC pod [#4671](https://github.com/openshift/machine-config-operator/pull/4671) * [OCPBUGS-43980](https://issues.redhat.com/browse/OCPBUGS-43980): MCPs report wrong number of nodes when we move nodes from one custom MCP to another custom MCP [#4673](https://github.com/openshift/machine-config-operator/pull/4673) * [OCPBUGS-37552](https://issues.redhat.com/browse/OCPBUGS-37552): On-Prem resolv prepender to watch for NM changes [#4500](https://github.com/openshift/machine-config-operator/pull/4500) * [OCPBUGS-35322](https://issues.redhat.com/browse/OCPBUGS-35322): Decrease logs of haproxy [#4405](https://github.com/openshift/machine-config-operator/pull/4405) * [OCPBUGS-32258](https://issues.redhat.com/browse/OCPBUGS-32258): Log network service output to console [#4320](https://github.com/openshift/machine-config-operator/pull/4320) * [OCPBUGS-38371](https://issues.redhat.com/browse/OCPBUGS-38371): Revert "MCD-pull: run after network-online.target in Azure" [#4526](https://github.com/openshift/machine-config-operator/pull/4526) * [OCPBUGS-37769](https://issues.redhat.com/browse/OCPBUGS-37769): Move StartLimitIntervalSec to Unit section [#4521](https://github.com/openshift/machine-config-operator/pull/4521) * [OCPBUGS-30794](https://issues.redhat.com/browse/OCPBUGS-30794): Mount /run/nodeip-configuration into coredns containers [#4253](https://github.com/openshift/machine-config-operator/pull/4253) * [OCPBUGS-37483](https://issues.redhat.com/browse/OCPBUGS-37483): Remove weights from ingress check script [#4485](https://github.com/openshift/machine-config-operator/pull/4485) * [OCPBUGS-37738](https://issues.redhat.com/browse/OCPBUGS-37738): Openshift uncordoned compute-node that was intentionally cordoned [#4502](https://github.com/openshift/machine-config-operator/pull/4502) * [OCPBUGS-36915](https://issues.redhat.com/browse/OCPBUGS-36915): Use NM's dns-change event for resolv.conf [#4473](https://github.com/openshift/machine-config-operator/pull/4473) * [OCPBUGS-37223](https://issues.redhat.com/browse/OCPBUGS-37223): Copy RHEL9 binaries used in HCP [#4479](https://github.com/openshift/machine-config-operator/pull/4479) * [OCPBUGS-36776](https://issues.redhat.com/browse/OCPBUGS-36776): daemon: Handle correctly OS Version for 4.1 and 4.2 bootimages [#4463](https://github.com/openshift/machine-config-operator/pull/4463) * [OCPBUGS-36593](https://issues.redhat.com/browse/OCPBUGS-36593): MCD-pull: run after network-online.target in Azure [#4456](https://github.com/openshift/machine-config-operator/pull/4456) * [OCPBUGS-36356](https://issues.redhat.com/browse/OCPBUGS-36356): daemon/update: disable systemd unit before overwriting [#4447](https://github.com/openshift/machine-config-operator/pull/4447) * [OCPBUGS-32472](https://issues.redhat.com/browse/OCPBUGS-32472): Delete state files on reboot only [#4331](https://github.com/openshift/machine-config-operator/pull/4331) * [OCPBUGS-33590](https://issues.redhat.com/browse/OCPBUGS-33590): ovs-configure: fix `vlan_parent` calculation [#4361](https://github.com/openshift/machine-config-operator/pull/4361) * [OCPBUGS-34716](https://issues.redhat.com/browse/OCPBUGS-34716): If multiple hostnames are returned, use the first one for the Node name [#4385](https://github.com/openshift/machine-config-operator/pull/4385) * [OCPBUGS-17658](https://issues.redhat.com/browse/OCPBUGS-17658): Controller pod is spamming unknown field "spec.dns.spec.platform" message [#4383](https://github.com/openshift/machine-config-operator/pull/4383) * [OCPBUGS-33643](https://issues.redhat.com/browse/OCPBUGS-33643): Don't error if the certs.d dir doesn't exist yet [#4362](https://github.com/openshift/machine-config-operator/pull/4362) * [OCPBUGS-32341](https://issues.redhat.com/browse/OCPBUGS-32341): Remove the condition for checking the multiple ovs-if-br-ex profiles [#4325](https://github.com/openshift/machine-config-operator/pull/4325) * [OCPBUGS-27030](https://issues.redhat.com/browse/OCPBUGS-27030): Log network service output to console [#4114](https://github.com/openshift/machine-config-operator/pull/4114) * : OCPBUGS-31731: kubelet: restorecon necessary files on kubelet's prestart [#4307](https://github.com/openshift/machine-config-operator/pull/4307) * [OCPBUGS-32260](https://issues.redhat.com/browse/OCPBUGS-32260): fix: resources were in the wrong indentation level [#4322](https://github.com/openshift/machine-config-operator/pull/4322) * [OCPBUGS-27108](https://issues.redhat.com/browse/OCPBUGS-27108): Add \n in cert_writer for old cert methods and skip cloudCA validation [#4117](https://github.com/openshift/machine-config-operator/pull/4117) * [OCPBUGS-31487](https://issues.redhat.com/browse/OCPBUGS-31487): Prevent OVS-configuration to run before kdump [#4291](https://github.com/openshift/machine-config-operator/pull/4291) * [OCPBUGS-29400](https://issues.redhat.com/browse/OCPBUGS-29400): Run resolv-prepender entirely async [#4182](https://github.com/openshift/machine-config-operator/pull/4182) * [OCPBUGS-31681](https://issues.redhat.com/browse/OCPBUGS-31681): make verify should use MCO's kube version [#4305](https://github.com/openshift/machine-config-operator/pull/4305) * [OCPBUGS-30992](https://issues.redhat.com/browse/OCPBUGS-30992): add preferredduringscheduling annotation to kube-rbac-proxy-crio [#4266](https://github.com/openshift/machine-config-operator/pull/4266) * [OCPBUGS-30872](https://issues.redhat.com/browse/OCPBUGS-30872): add static pods for rbacproxy [#4258](https://github.com/openshift/machine-config-operator/pull/4258) * [OCPBUGS-30107](https://issues.redhat.com/browse/OCPBUGS-30107): annotate on-prem static pods for workload partitioning [#4230](https://github.com/openshift/machine-config-operator/pull/4230) * [OCPBUGS-30225](https://issues.redhat.com/browse/OCPBUGS-30225): set nodeStatusReportFrequency [#4242](https://github.com/openshift/machine-config-operator/pull/4242) * [OCPBUGS-29290](https://issues.redhat.com/browse/OCPBUGS-29290): AWS: Always persist the existing node name on 4.14 [#4215](https://github.com/openshift/machine-config-operator/pull/4215) * [OCPBUGS-20039](https://issues.redhat.com/browse/OCPBUGS-20039): Add v6-primary dual stack support to VSphere UPI [#3956](https://github.com/openshift/machine-config-operator/pull/3956) * [OCPBUGS-29457](https://issues.redhat.com/browse/OCPBUGS-29457): Add existing kubeletconfig/ctrcfg mc-name-suffix annotation [#4187](https://github.com/openshift/machine-config-operator/pull/4187) * [OCPBUGS-26072](https://issues.redhat.com/browse/OCPBUGS-26072): Fix bootstrap with NTO Operator and duplicate MachineConfigs [#4098](https://github.com/openshift/machine-config-operator/pull/4098) * [OCPBUGS-28379](https://issues.redhat.com/browse/OCPBUGS-28379): fix nodeStatusUpdateFrequency [#4149](https://github.com/openshift/machine-config-operator/pull/4149) * [OCPBUGS-28384](https://issues.redhat.com/browse/OCPBUGS-28384): daemon: allow the user to override drains on IR changes [#4150](https://github.com/openshift/machine-config-operator/pull/4150) * [OCPBUGS-27759](https://issues.redhat.com/browse/OCPBUGS-27759): Add Image Credential Provider flags for Kubelet on AWS [#4144](https://github.com/openshift/machine-config-operator/pull/4144) * [OCP 4.14] OCPBUGS-24660: daemon: Add support for new nmstate logic [#4066](https://github.com/openshift/machine-config-operator/pull/4066) * [OCPBUGS-27178](https://issues.redhat.com/browse/OCPBUGS-27178): use *resource.Quantity to not automatically set 0 [#4121](https://github.com/openshift/machine-config-operator/pull/4121) * [OCPBUGS-23089](https://issues.redhat.com/browse/OCPBUGS-23089): Don't retry node-ip show in resolv-prepender [#4022](https://github.com/openshift/machine-config-operator/pull/4022) * [OCPBUGS-27362](https://issues.redhat.com/browse/OCPBUGS-27362): Fix typo in AWS node env unit [#4131](https://github.com/openshift/machine-config-operator/pull/4131) * [OCPBUGS-26500](https://issues.redhat.com/browse/OCPBUGS-26500): crio: drop automatic image cleanup on upgrades [#4105](https://github.com/openshift/machine-config-operator/pull/4105) * [OCPBUGS-26559](https://issues.redhat.com/browse/OCPBUGS-26559): Azure Run ovs-configuration.service before dnsmasq.service [#4109](https://github.com/openshift/machine-config-operator/pull/4109) * [OCPBUGS-26551](https://issues.redhat.com/browse/OCPBUGS-26551): kubelet: fix kubelet labels [#4107](https://github.com/openshift/machine-config-operator/pull/4107) * [OCPBUGS-24596](https://issues.redhat.com/browse/OCPBUGS-24596): [release-4.14] execute cert related processes to ensure proper rotation [#4063](https://github.com/openshift/machine-config-operator/pull/4063) * [OCPBUGS-24397](https://issues.redhat.com/browse/OCPBUGS-24397): gcp-routes: don't exit on crictl failures [#4056](https://github.com/openshift/machine-config-operator/pull/4056) * [OCPBUGS-20554](https://issues.redhat.com/browse/OCPBUGS-20554): Ensure gcp-routes hack for internalLB hairpin traffic works for SGW [#3973](https://github.com/openshift/machine-config-operator/pull/3973) * [OCPBUGS-23474](https://issues.redhat.com/browse/OCPBUGS-23474): Use shorter IP label for keepalived VIP [#4041](https://github.com/openshift/machine-config-operator/pull/4041) * [OCPBUGS-23208](https://issues.redhat.com/browse/OCPBUGS-23208): workaround nmstate bug by configuring ipv{4,6} addresses [#4031](https://github.com/openshift/machine-config-operator/pull/4031) * [OCPBUGS-22275](https://issues.redhat.com/browse/OCPBUGS-22275): support icsp and idms objects [#3995](https://github.com/openshift/machine-config-operator/pull/3995) * [OCPBUGS-22391](https://issues.redhat.com/browse/OCPBUGS-22391): Require a hostname override for AWS [#4001](https://github.com/openshift/machine-config-operator/pull/4001) * [OCPBUGS-20418](https://issues.redhat.com/browse/OCPBUGS-20418): Introduce kubelet-dependencies.target and firstboot-osupdate.target [#3967](https://github.com/openshift/machine-config-operator/pull/3967) * [OCPBUGS-20051](https://issues.redhat.com/browse/OCPBUGS-20051): Support to append the duplicate kernel arguments to the rendered MC [#3957](https://github.com/openshift/machine-config-operator/pull/3957) * [OCPBUGS-21065](https://issues.redhat.com/browse/OCPBUGS-21065): Update library-go and k8s dependencies to latest version [#3994](https://github.com/openshift/machine-config-operator/pull/3994) * [OCPBUGS-20025](https://issues.redhat.com/browse/OCPBUGS-20025): Consider ingress VIPs when selecting node IP [#3951](https://github.com/openshift/machine-config-operator/pull/3951) * [OCPBUGS-21841](https://issues.redhat.com/browse/OCPBUGS-21841): CRI-O: Use 127.0.0.1 for stream server with random port [#3984](https://github.com/openshift/machine-config-operator/pull/3984) * [OCPBUGS-20358](https://issues.redhat.com/browse/OCPBUGS-20358): dashboard should detect unknown and not ready for not ready dashboard [#3966](https://github.com/openshift/machine-config-operator/pull/3966) * [OCPBUGS-19657](https://issues.redhat.com/browse/OCPBUGS-19657): After dual-stack conversion reconcile IPFamilies [#3934](https://github.com/openshift/machine-config-operator/pull/3934) * [OCPBUGS-19430](https://issues.redhat.com/browse/OCPBUGS-19430): [release-4.14] resolv-prepender: avoid pulling baremetalRuntimeCfgImage again if it … [#3925](https://github.com/openshift/machine-config-operator/pull/3925) * [OCPBUGS-19703](https://issues.redhat.com/browse/OCPBUGS-19703): Internal Registry Secrets merge causing excessive API calls [#3941](https://github.com/openshift/machine-config-operator/pull/3941) * [OCPBUGS-19662](https://issues.redhat.com/browse/OCPBUGS-19662): fix merged image registry CA behavior [#3937](https://github.com/openshift/machine-config-operator/pull/3937) * [OCPBUGS-19701](https://issues.redhat.com/browse/OCPBUGS-19701): Remove dependency on k8s.io/kubernetes packages [#3940](https://github.com/openshift/machine-config-operator/pull/3940) * [OCPBUGS-19344](https://issues.redhat.com/browse/OCPBUGS-19344): Ignore invoking nbctl calls if its SDN [#3928](https://github.com/openshift/machine-config-operator/pull/3928) * [OCPBUGS-19535](https://issues.redhat.com/browse/OCPBUGS-19535): daemon: always use `podman cp` to copy extensions container content [#3932](https://github.com/openshift/machine-config-operator/pull/3932) * [OCPBUGS-19357](https://issues.redhat.com/browse/OCPBUGS-19357): install: Recreate and delayed default ServiceAccount deletion [#3920](https://github.com/openshift/machine-config-operator/pull/3920) * [Full changelog](https://github.com/openshift/machine-config-operator/compare/2c9b09413049bf837ad0bab1496a26e44c2f7be8...00b2e0b1cc83e119995bbbe2ae06665c3d1655d7) ### [machine-image-customization-controller](https://github.com/openshift/image-customization-controller/tree/2a6627bafcbb00437ab97308fe1d7df9039104ad) * [OCPBUGS-24576](https://issues.redhat.com/browse/OCPBUGS-24576): configurable ironic agent vlan creation [#111](https://github.com/openshift/image-customization-controller/pull/111) * [OCPBUGS-21555](https://issues.redhat.com/browse/OCPBUGS-21555): Uplift x/net to v0.17.0 [#104](https://github.com/openshift/image-customization-controller/pull/104) * [Full changelog](https://github.com/openshift/image-customization-controller/compare/97d87657caab4323f82f9d0958e6d30fc8fd1846...2a6627bafcbb00437ab97308fe1d7df9039104ad) ### [machine-os-images](https://github.com/openshift/machine-os-images/tree/0d48bf342fdb75481e2746dfa1b1f51434ac3770) * [OCPBUGS-54171](https://issues.redhat.com/browse/OCPBUGS-54171): Change rhcos release browser url [#59](https://github.com/openshift/machine-os-images/pull/59) * Force rebuild of CI image [#31](https://github.com/openshift/machine-os-images/pull/31) * [Full changelog](https://github.com/openshift/machine-os-images/compare/b7f83c7d1c2df17f824f4e427433973b848f44cb...0d48bf342fdb75481e2746dfa1b1f51434ac3770) ### [monitoring-plugin](https://github.com/openshift/monitoring-plugin/tree/4fa70433b2249d44cbe74c6f4ee48625babb2cf1) * [OCPBUGS-44392](https://issues.redhat.com/browse/OCPBUGS-44392): fix cross-spawn vulnerable dependency [#278](https://github.com/openshift/monitoring-plugin/pull/278) * NO-JIRA: [release-4.14] OU-179: Fix the root cause of externalLabels not present on alerts [#244](https://github.com/openshift/monitoring-plugin/pull/244) * [OCPBUGS-44137](https://issues.redhat.com/browse/OCPBUGS-44137): upgrade dompurify dependency [#243](https://github.com/openshift/monitoring-plugin/pull/243) * [OCPBUGS-43243](https://issues.redhat.com/browse/OCPBUGS-43243): upgrade dynamic plugin sdk to remove vulnerable dependencies 4.14 [#219](https://github.com/openshift/monitoring-plugin/pull/219) * [OU-318](https://issues.redhat.com/browse/OU-318): consider all metric keys to display all results on dashboards tables [#99](https://github.com/openshift/monitoring-plugin/pull/99) * [OCPBUGS-24664](https://issues.redhat.com/browse/OCPBUGS-24664): disable query link for non metric-based alerts [#82](https://github.com/openshift/monitoring-plugin/pull/82) * [Full changelog](https://github.com/openshift/monitoring-plugin/compare/1217bc1ead005c2232fa9f21da5b2174a9b25140...4fa70433b2249d44cbe74c6f4ee48625babb2cf1) ### [multus-admission-controller](https://github.com/openshift/multus-admission-controller/tree/75d37a9cae194ebba203a9e6442dc0d90c02aba4) * [OCPBUGS-58763](https://issues.redhat.com/browse/OCPBUGS-58763): Bump github.com/golang/glog to v1.2.4 [#105](https://github.com/openshift/multus-admission-controller/pull/105) * [OCPBUGS-42048](https://issues.redhat.com/browse/OCPBUGS-42048): Update owners [#91](https://github.com/openshift/multus-admission-controller/pull/91) * [OCPBUGS-21372](https://issues.redhat.com/browse/OCPBUGS-21372): Update go.mod for CVE-2023-39325 [Release-4.14] [#71](https://github.com/openshift/multus-admission-controller/pull/71) * [Full changelog](https://github.com/openshift/multus-admission-controller/compare/a2e3c6e5d5dcb6dd059f87a2f5a519482d955c45...75d37a9cae194ebba203a9e6442dc0d90c02aba4) ### [multus-cni](https://github.com/openshift/multus-cni/tree/8e48cb09759aadd3ca21d2dcbfbdc6470440cbc2) * [OCPBUGS-48160](https://issues.redhat.com/browse/OCPBUGS-48160): [backport 4.14] Adds a wait to account for the possiblity of a not ready unix socket [#262](https://github.com/openshift/multus-cni/pull/262) * [OCPBUGS-35578](https://issues.redhat.com/browse/OCPBUGS-35578): Update owners file [#243](https://github.com/openshift/multus-cni/pull/243) * [OCPBUGS-33478](https://issues.redhat.com/browse/OCPBUGS-33478): Fix CNI cache update function to prevent nil access [#232](https://github.com/openshift/multus-cni/pull/232) * [OCPBUGS-26331](https://issues.redhat.com/browse/OCPBUGS-26331): Fix SAST scan issues for multus-cni-container [4.14] [#220](https://github.com/openshift/multus-cni/pull/220) * [OCPBUGS-21099](https://issues.redhat.com/browse/OCPBUGS-21099): Update go.mod for CVE-2023-39325 [Release-4.14] [#194](https://github.com/openshift/multus-cni/pull/194) * [OCPBUGS-19860](https://issues.redhat.com/browse/OCPBUGS-19860): Multus annotation permissions: Certificate duration should be configurable [backport 4.14] [#192](https://github.com/openshift/multus-cni/pull/192) * [OCPBUGS-19679](https://issues.redhat.com/browse/OCPBUGS-19679): Move chroot from multus main process to its child processes [#189](https://github.com/openshift/multus-cni/pull/189) * [OCPBUGS-19375](https://issues.redhat.com/browse/OCPBUGS-19375): Per node certification cherry-pick [#185](https://github.com/openshift/multus-cni/pull/185) * [OCPBUGS-19074](https://issues.redhat.com/browse/OCPBUGS-19074): Performance and efficiency improvements in daemon/server mode [#181](https://github.com/openshift/multus-cni/pull/181) * [Full changelog](https://github.com/openshift/multus-cni/compare/05497ad135c629de9b4ffb0a13fb91d58a335d25...8e48cb09759aadd3ca21d2dcbfbdc6470440cbc2) ### [multus-networkpolicy](https://github.com/openshift/multus-networkpolicy/tree/f670647c0cb7b6f870f8176b26f83ce6614e209e) * Update owners (#62) [#62](https://github.com/openshift/multus-networkpolicy/pull/62) * Update vendor package (#40) [#40](https://github.com/openshift/multus-networkpolicy/pull/40) * [OCPBUGS-21454](https://issues.redhat.com/browse/OCPBUGS-21454): Update go.mod for CVE-2023-39325 (#33) [#33](https://github.com/openshift/multus-networkpolicy/pull/33) * [Full changelog](https://github.com/openshift/multus-networkpolicy/compare/b377b4b5fd3029cd5cabc773ca6223cabd6b2af7...f670647c0cb7b6f870f8176b26f83ce6614e209e) ### [multus-route-override-cni](https://github.com/openshift/route-override-cni/tree/5965fed661f71112104ca6cef22aa883f542226d) * [OCPBUGS-42049](https://issues.redhat.com/browse/OCPBUGS-42049): [release-4.15]Update owners [#60](https://github.com/openshift/route-override-cni/pull/60) * [Full changelog](https://github.com/openshift/route-override-cni/compare/1ccafc340ca1147abb42c7ad8dda1f23ba4eb1ee...5965fed661f71112104ca6cef22aa883f542226d) ### [multus-whereabouts-ipam-cni](https://github.com/openshift/whereabouts-cni/tree/f95487b0831b560de7b8d7c5d1c986338224800b) * [OCPBUGS-55620](https://issues.redhat.com/browse/OCPBUGS-55620): Fixes leftover podref issue [#367](https://github.com/openshift/whereabouts-cni/pull/367) * [OCPBUGS-42047](https://issues.redhat.com/browse/OCPBUGS-42047): Update owners [#311](https://github.com/openshift/whereabouts-cni/pull/311) * [OCPBUGS-37815](https://issues.redhat.com/browse/OCPBUGS-37815), [OCPBUGS-37817](https://issues.redhat.com/browse/OCPBUGS-37817): [release-4.14] align api calls timeout and skip pods marked for deletion [#309](https://github.com/openshift/whereabouts-cni/pull/309) * [OCPBUGS-36722](https://issues.redhat.com/browse/OCPBUGS-36722): Return previous IP allocation for add cmd [#296](https://github.com/openshift/whereabouts-cni/pull/296) * [OCPBUGS-35263](https://issues.redhat.com/browse/OCPBUGS-35263): Use IP to identify orphaned allocation to be deleted [#289](https://github.com/openshift/whereabouts-cni/pull/289) * [OCPBUGS-27858](https://issues.redhat.com/browse/OCPBUGS-27858): Enable reconciler configuration 4.14 [#240](https://github.com/openshift/whereabouts-cni/pull/240) * [OCPBUGS-26553](https://issues.redhat.com/browse/OCPBUGS-26553): Cherry pick fix assignment 4.14 [#230](https://github.com/openshift/whereabouts-cni/pull/230) * [OCPBUGS-21518](https://issues.redhat.com/browse/OCPBUGS-21518): update golang.org/x/net to v0.17.0 [#207](https://github.com/openshift/whereabouts-cni/pull/207) * [Full changelog](https://github.com/openshift/whereabouts-cni/compare/cfa4f975508177d8daee9652ca75fe16f9e5dc27...f95487b0831b560de7b8d7c5d1c986338224800b) ### [must-gather](https://github.com/openshift/must-gather/tree/b8585ca862a3fbe77134e5cbe6155d7c04efc269) * [OCPBUGS-42971](https://issues.redhat.com/browse/OCPBUGS-42971): Collect etcd object count [#457](https://github.com/openshift/must-gather/pull/457) * [OCPBUGS-48084](https://issues.redhat.com/browse/OCPBUGS-48084): Update owners [#475](https://github.com/openshift/must-gather/pull/475) * [OCPBUGS-48058](https://issues.redhat.com/browse/OCPBUGS-48058): Support gathering IPsec data [#472](https://github.com/openshift/must-gather/pull/472) * [OCPBUGS-43058](https://issues.redhat.com/browse/OCPBUGS-43058): [Backport 4.14] Multus is now a Pod and will be captured by normal [#451](https://github.com/openshift/must-gather/pull/451) * [OCPBUGS-20429](https://issues.redhat.com/browse/OCPBUGS-20429): Revert "Add must gather script for network observability" [#391](https://github.com/openshift/must-gather/pull/391) * [OCPBUGS-20354](https://issues.redhat.com/browse/OCPBUGS-20354): Removed workload partitioning annotation from ppc script [#388](https://github.com/openshift/must-gather/pull/388) * [Full changelog](https://github.com/openshift/must-gather/compare/0f70f31cc6a01d849fef5262e20f934bf87a91ee...b8585ca862a3fbe77134e5cbe6155d7c04efc269) ### [network-metrics-daemon](https://github.com/openshift/network-metrics-daemon/tree/84d7ac4e326e55fea98629d3851e98730c8d44a9) * [OCPBUGS-58778](https://issues.redhat.com/browse/OCPBUGS-58778): Bump github.com/golang/glog to v1.2.4 (#115) [#115](https://github.com/openshift/network-metrics-daemon/pull/115) * [OCPBUGS-60394](https://issues.redhat.com/browse/OCPBUGS-60394): Replace e2e test image (#128) [#128](https://github.com/openshift/network-metrics-daemon/pull/128) * swtich golint install method (#127) [#127](https://github.com/openshift/network-metrics-daemon/pull/127) * Correct 4.16 owners file (#100) [#100](https://github.com/openshift/network-metrics-daemon/pull/100) * Added METRIC_TEST_IMAGE var (#88) [#88](https://github.com/openshift/network-metrics-daemon/pull/88) * Update the k8s dependencies to 1.27.7 (#82) [#82](https://github.com/openshift/network-metrics-daemon/pull/82) * [Full changelog](https://github.com/openshift/network-metrics-daemon/compare/5886a53c1f2b93542da6de8c0933000cb5c6417f...84d7ac4e326e55fea98629d3851e98730c8d44a9) ### [network-tools](https://github.com/openshift/network-tools/tree/e79d8173c5628065da85425bc7e4cb1d94f3c919) * [OCPBUGS-31862](https://issues.redhat.com/browse/OCPBUGS-31862): replace wireshark with wireshark-cli [#122](https://github.com/openshift/network-tools/pull/122) * [OCPBUGS-22172](https://issues.redhat.com/browse/OCPBUGS-22172): Move commands to the function to avoid them being executed on -h. [#94](https://github.com/openshift/network-tools/pull/94) * [OCPBUGS-20520](https://issues.redhat.com/browse/OCPBUGS-20520): Update scripts in network-tools to reflect the changes in IC model [#92](https://github.com/openshift/network-tools/pull/92) * [Full changelog](https://github.com/openshift/network-tools/compare/17536c8dff76d50efb604187ba763020bd084771...e79d8173c5628065da85425bc7e4cb1d94f3c919) ### [nutanix-cloud-controller-manager](https://github.com/openshift/cloud-provider-nutanix/tree/8930f295dfa97cc63321c63192c93a78306fe23b) * [OCPBUGS-23873](https://issues.redhat.com/browse/OCPBUGS-23873): fix for CVE-2023-47108 [#43](https://github.com/openshift/cloud-provider-nutanix/pull/43) * [OCPBUGS-17304](https://issues.redhat.com/browse/OCPBUGS-17304), [OCPBUGS-20899](https://issues.redhat.com/browse/OCPBUGS-20899): bump golang.org/x/net to v0.17.0 [#39](https://github.com/openshift/cloud-provider-nutanix/pull/39) * [Full changelog](https://github.com/openshift/cloud-provider-nutanix/compare/040d4e016058c188d2ba0a7575054ee44b94af9e...8930f295dfa97cc63321c63192c93a78306fe23b) ### [nutanix-machine-controllers](https://github.com/openshift/machine-api-provider-nutanix/tree/c06616804f2de1635fb34fd45fdb625fd0b1b506) * [OCPBUGS-47265](https://issues.redhat.com/browse/OCPBUGS-47265): fixing CVE-2024-45338 [#116](https://github.com/openshift/machine-api-provider-nutanix/pull/116) * [OCPBUGS-51852](https://issues.redhat.com/browse/OCPBUGS-51852): Fixing CVE-2025-22868 [#108](https://github.com/openshift/machine-api-provider-nutanix/pull/108) * [OCPBUGS-17305](https://issues.redhat.com/browse/OCPBUGS-17305): bump golang.org/x/net to 0.17.0 [#85](https://github.com/openshift/machine-api-provider-nutanix/pull/85) * [OCPBUGS-29549](https://issues.redhat.com/browse/OCPBUGS-29549): IPI install fails on Nutanix when using DHCP [#70](https://github.com/openshift/machine-api-provider-nutanix/pull/70) * [OCPBUGS-19731](https://issues.redhat.com/browse/OCPBUGS-19731): machine stuck in Provisioning and machineset scale/delete not work [#53](https://github.com/openshift/machine-api-provider-nutanix/pull/53) * [Full changelog](https://github.com/openshift/machine-api-provider-nutanix/compare/ec58a6114b305b91d9a476e5f29c98b1a059c2ad...c06616804f2de1635fb34fd45fdb625fd0b1b506) ### [oauth-apiserver](https://github.com/openshift/oauth-apiserver/tree/e1cd9d05b032fbe83df7f68c813309ad7df5d59e) * [OCPBUGS-31982](https://issues.redhat.com/browse/OCPBUGS-31982): bump x/net to 0.24.0 [#110](https://github.com/openshift/oauth-apiserver/pull/110) * [OCPBUGS-21100](https://issues.redhat.com/browse/OCPBUGS-21100): bump k8s.io (release-4.14) [#100](https://github.com/openshift/oauth-apiserver/pull/100) * [OCPBUGS-27116](https://issues.redhat.com/browse/OCPBUGS-27116): UPSTREAM: <carry>: retry etcd Unavailable errors [#97](https://github.com/openshift/oauth-apiserver/pull/97) * [Full changelog](https://github.com/openshift/oauth-apiserver/compare/0e158441dbfdf232d7fea50b7c4eae3023d2cdbb...e1cd9d05b032fbe83df7f68c813309ad7df5d59e) ### [oauth-proxy](https://github.com/openshift/oauth-proxy/tree/a4a2f270a57af830508e8cef52d4c8d4f4dfba76) * [OCPBUGS-20980](https://issues.redhat.com/browse/OCPBUGS-20980): go.mod: bump golang.org/x/net to v0.17.0 [#267](https://github.com/openshift/oauth-proxy/pull/267) * [Full changelog](https://github.com/openshift/oauth-proxy/compare/241a88c47cb01d0e61ff105ceff81ad14fd9ea6e...a4a2f270a57af830508e8cef52d4c8d4f4dfba76) ### [oauth-server](https://github.com/openshift/oauth-server/tree/35f4739f342a5838fe6ceaf7a459c78f3777166d) * [OCPBUGS-21393](https://issues.redhat.com/browse/OCPBUGS-21393): go.mod: bump golang.org/x/net to v0.17.0 [#138](https://github.com/openshift/oauth-server/pull/138) * [OCPBUGS-10173](https://issues.redhat.com/browse/OCPBUGS-10173): Updating oauth-server images to be consistent with ART [#134](https://github.com/openshift/oauth-server/pull/134) * [Full changelog](https://github.com/openshift/oauth-server/compare/c055dbb9a84e04575ade106e9a43cc638a8aeaef...35f4739f342a5838fe6ceaf7a459c78f3777166d) ### [oc-mirror](https://github.com/openshift/oc-mirror/tree/056043d10e0713432e541d58a285f41829c0be6e) * changes the owners file (#1013) [#1013](https://github.com/openshift/oc-mirror/pull/1013) * [OCPBUGS-48513](https://issues.redhat.com/browse/OCPBUGS-48513): e2e: use same version of crane as in go.mod (#1023) [#1023](https://github.com/openshift/oc-mirror/pull/1023) * Bump version to include v5.11.0 of go-git (#822) [#822](https://github.com/openshift/oc-mirror/pull/822) * Fix to ensure operator not found error exits with correct status (#797) [#797](https://github.com/openshift/oc-mirror/pull/797) * [OCPBUGS-28871](https://issues.redhat.com/browse/OCPBUGS-28871): Capability to override default channel (#749) (#790) [#749](https://github.com/openshift/oc-mirror/pull/749) * [OCPBUGS-19429](https://issues.redhat.com/browse/OCPBUGS-19429): Fix cross EUS channel upgrade path calculation (#769) [#769](https://github.com/openshift/oc-mirror/pull/769) * [OCPBUGS-23327](https://issues.redhat.com/browse/OCPBUGS-23327): Fix MirrorToDisk of oci catalogs in hidden folders (#766) [#766](https://github.com/openshift/oc-mirror/pull/766) * skipping prune failure if manifest not found (#735) [#735](https://github.com/openshift/oc-mirror/pull/735) * [OCPBUGS-21472](https://issues.redhat.com/browse/OCPBUGS-21472): fix: CVE-2023-39325 (#711) [#711](https://github.com/openshift/oc-mirror/pull/711) * Fixes HTTP 401 issues when several catalogs are being mirrored and need to be rendered using operator-registry (#704) (#706) [#704](https://github.com/openshift/oc-mirror/pull/704) * Fix OCPBUGS-17546: pod catalogsource generated by oc-mirror will crashloopBackOff randomly (#699) [#699](https://github.com/openshift/oc-mirror/pull/699) * [Full changelog](https://github.com/openshift/oc-mirror/compare/553681632fb168ccf003b47b67e0f15350b1beaf...056043d10e0713432e541d58a285f41829c0be6e) ### [olm-catalogd](https://github.com/openshift/operator-framework-catalogd/tree/a333cb0b558abf8d9f8da0eccd5618d767629050) * [OCPBUGS-27585](https://issues.redhat.com/browse/OCPBUGS-27585), [OCPBUGS-27670](https://issues.redhat.com/browse/OCPBUGS-27670): [release-4.14] bump github.com/go-git/go-git/v5 to v5.11.0 [#40](https://github.com/openshift/operator-framework-catalogd/pull/40) * [OCPBUGS-21197](https://issues.redhat.com/browse/OCPBUGS-21197): Bump golang.org/x/net from 0.10.0 to 0.17.0 (#197) [#30](https://github.com/openshift/operator-framework-catalogd/pull/30) * [Full changelog](https://github.com/openshift/operator-framework-catalogd/compare/035d3835e581bee8ba59ec8919b43c8d7ce4ecfd...a333cb0b558abf8d9f8da0eccd5618d767629050) ### [olm-operator-controller](https://github.com/openshift/operator-framework-operator-controller/tree/fb6fb278d987faacb4da17b96a109da261fbb962) * [OCPBUGS-27590](https://issues.redhat.com/browse/OCPBUGS-27590), [OCPBUGS-27675](https://issues.redhat.com/browse/OCPBUGS-27675): [release-4.14] bump github.com/go-git/go-git/v5 to v5.11.0 [#69](https://github.com/openshift/operator-framework-operator-controller/pull/69) * [OCPBUGS-22616](https://issues.redhat.com/browse/OCPBUGS-22616): [release-4.14] Bump go.opentelemetry.io dependencies [#58](https://github.com/openshift/operator-framework-operator-controller/pull/58) * [OCPBUGS-21287](https://issues.redhat.com/browse/OCPBUGS-21287): Bump golang.org/x/net to v0.17.0 [#29](https://github.com/openshift/operator-framework-operator-controller/pull/29) * [Full changelog](https://github.com/openshift/operator-framework-operator-controller/compare/303b954fa5a92e810aebbe55ab8fafe8dbc06c58...fb6fb278d987faacb4da17b96a109da261fbb962) ### [olm-rukpak](https://github.com/openshift/operator-framework-rukpak/tree/c9409c62cb6bc57cde167452f1da7f3eab8cff79) * : OCPBUGS-27680,OCPBUGS-27595: UPSTREAM: <carry>: Update go-git to v5.11.0 [#73](https://github.com/openshift/operator-framework-rukpak/pull/73) * [OCPBUGS-23358](https://issues.redhat.com/browse/OCPBUGS-23358): [release-4.14] Address http2 vulnerability [#53](https://github.com/openshift/operator-framework-rukpak/pull/53) * [OCPBUGS-21379](https://issues.redhat.com/browse/OCPBUGS-21379): Bump golang.org/x/net from 0.15.0 to 0.17.0 [#39](https://github.com/openshift/operator-framework-rukpak/pull/39) * And 1 elided commits (e.g. from squash or rebase merges) * [Full changelog](https://github.com/openshift/operator-framework-rukpak/compare/5b09cd44e9ca7b2ec91fd6f906ac4612636277e3...c9409c62cb6bc57cde167452f1da7f3eab8cff79) ### [openshift-apiserver](https://github.com/openshift/openshift-apiserver/tree/3edba5c406e173a39767c5cb316b5302d57c0433) * [OCPBUGS-50477](https://issues.redhat.com/browse/OCPBUGS-50477): Pass expected type to deploymentconfig/scale object validation. [#497](https://github.com/openshift/openshift-apiserver/pull/497) * [OCPBUGS-32445](https://issues.redhat.com/browse/OCPBUGS-32445): bump(x/net) to v0.23.0 [#429](https://github.com/openshift/openshift-apiserver/pull/429) * [OCPBUGS-31509](https://issues.redhat.com/browse/OCPBUGS-31509): vendor upgrade runtime-utils [#426](https://github.com/openshift/openshift-apiserver/pull/426) * [OCPBUGS-27104](https://issues.redhat.com/browse/OCPBUGS-27104): UPSTREAM: <carry>: retry etcd Unavailable errors [#412](https://github.com/openshift/openshift-apiserver/pull/412) * : OCPBUGS-21464: Enable HTTP/2 CVE mitigation [#397](https://github.com/openshift/openshift-apiserver/pull/397) * [OCPBUGS-20150](https://issues.redhat.com/browse/OCPBUGS-20150): pkg/image: avoid unnecessary service lookups when registry is removed [#393](https://github.com/openshift/openshift-apiserver/pull/393) * [Full changelog](https://github.com/openshift/openshift-apiserver/compare/43039a77d22a3e4af8c69214ebc6e001abe9d71f...3edba5c406e173a39767c5cb316b5302d57c0433) ### [openshift-controller-manager](https://github.com/openshift/openshift-controller-manager/tree/1c76570bb6ca3b55faa0461f085e43097cc06c50) * [OCPBUGS-57940](https://issues.redhat.com/browse/OCPBUGS-57940): Set node-pullsecrets volume to read-only to protect image pull credentials [#398](https://github.com/openshift/openshift-controller-manager/pull/398) * [OCPBUGS-56951](https://issues.redhat.com/browse/OCPBUGS-56951): Empty proxy variables are causing issues during the build [#386](https://github.com/openshift/openshift-controller-manager/pull/386) * [OCPBUGS-48480](https://issues.redhat.com/browse/OCPBUGS-48480): Add team members to the OWNERS file [#360](https://github.com/openshift/openshift-controller-manager/pull/360) * NO-JIRA: cleanup root and app OWNERS [#349](https://github.com/openshift/openshift-controller-manager/pull/349) * [OCPBUGS-32869](https://issues.redhat.com/browse/OCPBUGS-32869): replaces deprecated square/go-jose wtih go-jose/go-jose [#342](https://github.com/openshift/openshift-controller-manager/pull/342) * [OCPBUGS-41951](https://issues.redhat.com/browse/OCPBUGS-41951): Add adambkaplan as approver [#334](https://github.com/openshift/openshift-controller-manager/pull/334) * [release 4.14] OCPBUGS-33288: Update opentelemetry dependency [#295](https://github.com/openshift/openshift-controller-manager/pull/295) * [OCPBUGS-28950](https://issues.redhat.com/browse/OCPBUGS-28950): Replace 'coreydaley' with 'sayan-biswas' in OWNERS file [#286](https://github.com/openshift/openshift-controller-manager/pull/286) * [OCPBUGS-18980](https://issues.redhat.com/browse/OCPBUGS-18980): Disable Build and DeploymentConfig Informers if their caps are disabled [#271](https://github.com/openshift/openshift-controller-manager/pull/271) * [Full changelog](https://github.com/openshift/openshift-controller-manager/compare/110a10ad9c720400f87e3428354ccff051b70af3...1c76570bb6ca3b55faa0461f085e43097cc06c50) ### [openshift-state-metrics](https://github.com/openshift/openshift-state-metrics/tree/dff4b0f47e639fe2382e8c4c17208fccaacfcbdf) * [OCPBUGS-20740](https://issues.redhat.com/browse/OCPBUGS-20740): bump `x/net` to v0.17.0 [#107](https://github.com/openshift/openshift-state-metrics/pull/107) * [Full changelog](https://github.com/openshift/openshift-state-metrics/compare/1915f64591a18c11138d10c00c50b3f5cff632ce...dff4b0f47e639fe2382e8c4c17208fccaacfcbdf) ### [openstack-cinder-csi-driver-operator](https://github.com/openshift/openstack-cinder-csi-driver-operator/tree/1713e9716ce9efe64bc87c3203e0f991e72132d2) * [OCPBUGS-35337](https://issues.redhat.com/browse/OCPBUGS-35337): Correct out-of-bounds check [#173](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/173) * [OCPBUGS-34792](https://issues.redhat.com/browse/OCPBUGS-34792): Make Cinder CSI Driver Topology feature configurable [#162](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/162) * [OCPBUGS-25657](https://issues.redhat.com/browse/OCPBUGS-25657): Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler [#153](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/153) * [OCPBUGS-26460](https://issues.redhat.com/browse/OCPBUGS-26460), [OCPBUGS-26461](https://issues.redhat.com/browse/OCPBUGS-26461): [release-4.14] CVE-2023-45142,CVE-2023-47108: bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to v0.46.1 [#156](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/156) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#142](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/142) * [OCPBUGS-21573](https://issues.redhat.com/browse/OCPBUGS-21573): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#135](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/135) * [Full changelog](https://github.com/openshift/openstack-cinder-csi-driver-operator/compare/d0c24077b4e4ac1e00a6a529a814066cd9b5521c...1713e9716ce9efe64bc87c3203e0f991e72132d2) ### [openstack-machine-api-provider](https://github.com/openshift/machine-api-provider-openstack/tree/51f8e4d69014bfa7a8815662ab0117b6505a6e29) * [OCPBUGS-32428](https://issues.redhat.com/browse/OCPBUGS-32428): Ensure portSecurity is correctly set in the Instance Ports [#109](https://github.com/openshift/machine-api-provider-openstack/pull/109) * [OCPBUGS-23202](https://issues.redhat.com/browse/OCPBUGS-23202): Don't build InstanceSpec during delete operations [#95](https://github.com/openshift/machine-api-provider-openstack/pull/95) * Bug OCPBUGS-18806: Set controller's SyncPeriod to 1 hour [#81](https://github.com/openshift/machine-api-provider-openstack/pull/81) * [Full changelog](https://github.com/openshift/machine-api-provider-openstack/compare/396a09fffe401679f18e8a7db56c77bbf2dee246...51f8e4d69014bfa7a8815662ab0117b6505a6e29) ### [operator-lifecycle-manager, operator-registry](https://github.com/openshift/operator-framework-olm/tree/15d5584a44e3a01bd93c5d833ecb7781d7f0ec79) * [OCPBUGS-46927](https://issues.redhat.com/browse/OCPBUGS-46927), [OCPBUGS-46934](https://issues.redhat.com/browse/OCPBUGS-46934), [OCPBUGS-47314](https://issues.redhat.com/browse/OCPBUGS-47314): x/net bump to v0.34.0 [release-4.14] [#941](https://github.com/openshift/operator-framework-olm/pull/941) * [OCPBUGS-46595](https://issues.redhat.com/browse/OCPBUGS-46595): CRD upgrade existing CR validation fix (#3442) [#921](https://github.com/openshift/operator-framework-olm/pull/921) * [OCPBUGS-45080](https://issues.redhat.com/browse/OCPBUGS-45080): SSA for Services and ClusterRoleBindings [#905](https://github.com/openshift/operator-framework-olm/pull/905) * [OCPBUGS-42828](https://issues.redhat.com/browse/OCPBUGS-42828): add optional schema migrations; default to olm.bundle.object instead of olm.csv.metadata [#878](https://github.com/openshift/operator-framework-olm/pull/878) * [OCPBUGS-41872](https://issues.redhat.com/browse/OCPBUGS-41872): Fix e2e flake: upgrade CRD with deprecated version [#865](https://github.com/openshift/operator-framework-olm/pull/865) * [OCPBUGS-42150](https://issues.redhat.com/browse/OCPBUGS-42150): (fix) registry pods do not come up again after node failure (#3366) [#872](https://github.com/openshift/operator-framework-olm/pull/872) * [OCPBUGS-42017](https://issues.redhat.com/browse/OCPBUGS-42017): adds paginating lister for evaluating CRs' upgrade fitness versus new CRDs. [#869](https://github.com/openshift/operator-framework-olm/pull/869) * [OCPBUGS-38544](https://issues.redhat.com/browse/OCPBUGS-38544): (fix) Resolver: list CatSrc using client, instead of referring to registry-server cache (#3349) [#842](https://github.com/openshift/operator-framework-olm/pull/842) * [OCPBUGS-36949](https://issues.redhat.com/browse/OCPBUGS-36949): [CARRY] perform operator apiService certificate validity checks directly [#821](https://github.com/openshift/operator-framework-olm/pull/821) * [OCPBUGS-37016](https://issues.redhat.com/browse/OCPBUGS-37016): Bump github.com/containers/image/v5 [#824](https://github.com/openshift/operator-framework-olm/pull/824) * [OCPBUGS-36452](https://issues.redhat.com/browse/OCPBUGS-36452): Can't install operator on 4.15 after uninstalling it on a prior version [#811](https://github.com/openshift/operator-framework-olm/pull/811) * [OCPBUGS-31969](https://issues.redhat.com/browse/OCPBUGS-31969), [OCPBUGS-31970](https://issues.redhat.com/browse/OCPBUGS-31970): UPSTREAM: <carry>: update golang.org/x/net for CVE-2023-45288 [#787](https://github.com/openshift/operator-framework-olm/pull/787) * [OCPBUGS-35230](https://issues.redhat.com/browse/OCPBUGS-35230): Unblock CI [#771](https://github.com/openshift/operator-framework-olm/pull/771) * [OCPBUGS-33356](https://issues.redhat.com/browse/OCPBUGS-33356): UPSTREAM: <carry>: bump go-jose [#743](https://github.com/openshift/operator-framework-olm/pull/743) * [OCPBUGS-30775](https://issues.redhat.com/browse/OCPBUGS-30775): [4.14] bump grpc to 1.60.1, reconnect idle connections (#3147) [#715](https://github.com/openshift/operator-framework-olm/pull/715) * [OCPBUGS-29192](https://issues.redhat.com/browse/OCPBUGS-29192): [release-4.14]: Clear (existing) error cond from Subscription, once error resolved [#686](https://github.com/openshift/operator-framework-olm/pull/686) * [OCPBUGS-29194](https://issues.redhat.com/browse/OCPBUGS-29194): Retry failing unpack jobs [#689](https://github.com/openshift/operator-framework-olm/pull/689) * NO-ISSUE: [release-4.14] Backport e2e fixes to 4.14 [#674](https://github.com/openshift/operator-framework-olm/pull/674) * [OCPBUGS-27314](https://issues.redhat.com/browse/OCPBUGS-27314): Don't sync namespaces that have no subscriptions [#675](https://github.com/openshift/operator-framework-olm/pull/675) * [OCPBUGS-27565](https://issues.redhat.com/browse/OCPBUGS-27565), [OCPBUGS-27570](https://issues.redhat.com/browse/OCPBUGS-27570), [OCPBUGS-27650](https://issues.redhat.com/browse/OCPBUGS-27650), [OCPBUGS-27655](https://issues.redhat.com/browse/OCPBUGS-27655): bump go-git/v5 to 5.11.0 [#677](https://github.com/openshift/operator-framework-olm/pull/677) * [OCPBUGS-27485](https://issues.redhat.com/browse/OCPBUGS-27485): [CARRY] SSC RBAC [#665](https://github.com/openshift/operator-framework-olm/pull/665) * [OCPBUGS-22538](https://issues.redhat.com/browse/OCPBUGS-22538): bump otelhttp to 44.0 for api [#647](https://github.com/openshift/operator-framework-olm/pull/647) * [OCPBUGS-22538](https://issues.redhat.com/browse/OCPBUGS-22538): otelhttp bump [release-4.14] [#632](https://github.com/openshift/operator-framework-olm/pull/632) * [OCPBUGS-20829](https://issues.redhat.com/browse/OCPBUGS-20829): [releaser-4.14] Fix apiserver vulnerability [#608](https://github.com/openshift/operator-framework-olm/pull/608) * [OCPBUGS-23212](https://issues.redhat.com/browse/OCPBUGS-23212): Do not derive installplan.spec.clusterServiceNames from bundle IDs [#607](https://github.com/openshift/operator-framework-olm/pull/607) * [OCPBUGS-18904](https://issues.redhat.com/browse/OCPBUGS-18904): [release-4.14] Improve Leader Election Hand Off [#605](https://github.com/openshift/operator-framework-olm/pull/605) * [OCPBUGS-23508](https://issues.redhat.com/browse/OCPBUGS-23508): [release-4.14] Use generated namespaces in e2e tests [#614](https://github.com/openshift/operator-framework-olm/pull/614) * [OCPBUGS-20400](https://issues.redhat.com/browse/OCPBUGS-20400): Add OLMConfig API to control package server sync interval [release-4.14] [#582](https://github.com/openshift/operator-framework-olm/pull/582) * [OCPBUGS-19789](https://issues.redhat.com/browse/OCPBUGS-19789): Backport OCPBUGS-14698: Rename ClusterRoles created by OperatorGroups [release-4.14] [#566](https://github.com/openshift/operator-framework-olm/pull/566) * [OCPBUGS-22134](https://issues.redhat.com/browse/OCPBUGS-22134): [release-4.14] Bump golang.org/x/net to v0.17.0 [#587](https://github.com/openshift/operator-framework-olm/pull/587) * [Full changelog](https://github.com/openshift/operator-framework-olm/compare/d793adddeb546f561c99955a5f133b343d929419...15d5584a44e3a01bd93c5d833ecb7781d7f0ec79) ### [operator-marketplace](https://github.com/operator-framework/operator-marketplace/tree/363eb42e30f62fc05b77659ecadcd85021470a94) * [OCPBUGS-49427](https://issues.redhat.com/browse/OCPBUGS-49427): Upgrade golang.org/x/net [release-4.14] [#589](https://github.com/operator-framework/operator-marketplace/pull/589) * [OCPBUGS-32067](https://issues.redhat.com/browse/OCPBUGS-32067): update golang.org/x/net for CVE-2023-45288 [#565](https://github.com/operator-framework/operator-marketplace/pull/565) * [OCPBUGS-21001](https://issues.redhat.com/browse/OCPBUGS-21001): [release-4.14] bump golang.org/x/net to 0.17.0 [#548](https://github.com/operator-framework/operator-marketplace/pull/548) * [OCPBUGS-19075](https://issues.redhat.com/browse/OCPBUGS-19075): Updating marketplace-operator images to be consistent with ART [#535](https://github.com/operator-framework/operator-marketplace/pull/535) * [Full changelog](https://github.com/operator-framework/operator-marketplace/compare/2bd27554ebe70ffde29d8b6f1957125db1ecbe6b...363eb42e30f62fc05b77659ecadcd85021470a94) ### [ovn-kubernetes, ovn-kubernetes-microshift](https://github.com/openshift/ovn-kubernetes/tree/beb3430c5fc2b3c37eeb90b816dd925ed4065fe6) * [OCPBUGS-59872](https://issues.redhat.com/browse/OCPBUGS-59872): Dockerfile: Remove ovs version pinning [#2695](https://github.com/openshift/ovn-kubernetes/pull/2695) * [OCPBUGS-57102](https://issues.redhat.com/browse/OCPBUGS-57102): Updating ose-ovn-kubernetes-container image to be consistent with ART for 4.14 [#2590](https://github.com/openshift/ovn-kubernetes/pull/2590) * [OCPBUGS-56420](https://issues.redhat.com/browse/OCPBUGS-56420): Update to FDP25.A.1 24.03.5-40. [#2574](https://github.com/openshift/ovn-kubernetes/pull/2574) * [OCPBUGS-48522](https://issues.redhat.com/browse/OCPBUGS-48522): Let OVN-northd bind remote ports [#2418](https://github.com/openshift/ovn-kubernetes/pull/2418) * [OCPBUGS-54732](https://issues.redhat.com/browse/OCPBUGS-54732): Dockerfile.base: bump OVS version to 3.3 [#2511](https://github.com/openshift/ovn-kubernetes/pull/2511) * [OCPBUGS-50584](https://issues.redhat.com/browse/OCPBUGS-50584): Bump OVN to 23.09.6-12 to consume fix for FDP-905 [#2455](https://github.com/openshift/ovn-kubernetes/pull/2455) * [OCPBUGS-45096](https://issues.redhat.com/browse/OCPBUGS-45096): pin libreswan to 4.6-3.el9_0.3 [#2368](https://github.com/openshift/ovn-kubernetes/pull/2368) * [OCPBUGS-44784](https://issues.redhat.com/browse/OCPBUGS-44784): Bump ovs to 3.1.0-137 [#2360](https://github.com/openshift/ovn-kubernetes/pull/2360) * [OCPBUGS-44793](https://issues.redhat.com/browse/OCPBUGS-44793): Delete EgressIP LRP stale nexthops when node is not found [#2361](https://github.com/openshift/ovn-kubernetes/pull/2361) * [OCPBUGS-42944](https://issues.redhat.com/browse/OCPBUGS-42944): Fix egress gateway pod cleanup for remote zone pods. [#2356](https://github.com/openshift/ovn-kubernetes/pull/2356) * [OCPBUGS-44379](https://issues.redhat.com/browse/OCPBUGS-44379): Revert "Pin libreswan to the known working version 4.5" [#2344](https://github.com/openshift/ovn-kubernetes/pull/2344) * [OCPBUGS-42952](https://issues.redhat.com/browse/OCPBUGS-42952): pin libreswan to the known working version 4.5 [#2323](https://github.com/openshift/ovn-kubernetes/pull/2323) * [OCPBUGS-42986](https://issues.redhat.com/browse/OCPBUGS-42986): Add subnet overlap check for transit switch subnet [#2317](https://github.com/openshift/ovn-kubernetes/pull/2317) * [OCPBUGS-38263](https://issues.redhat.com/browse/OCPBUGS-38263): [release-4.14] Bump OVSDBTimeout and make it configurable [#2275](https://github.com/openshift/ovn-kubernetes/pull/2275) * [OCPBUGS-38073](https://issues.redhat.com/browse/OCPBUGS-38073): Fix registering northd metrics on appropriate nodes [#2249](https://github.com/openshift/ovn-kubernetes/pull/2249) * [OCPBUGS-37197](https://issues.redhat.com/browse/OCPBUGS-37197): [release-4.14] ovspinning: Set affinity of each thread [#2236](https://github.com/openshift/ovn-kubernetes/pull/2236) * [OCPBUGS-36253](https://issues.redhat.com/browse/OCPBUGS-36253): EgressIP: Reload certificates for the grpc heatlhcheck server [#2213](https://github.com/openshift/ovn-kubernetes/pull/2213) * [OCPBUGS-36554](https://issues.redhat.com/browse/OCPBUGS-36554): Handle IP fragments in SGW mode [#2219](https://github.com/openshift/ovn-kubernetes/pull/2219) * [OCPBUGS-36703](https://issues.redhat.com/browse/OCPBUGS-36703): Bump ovn to 23.09.4-16 [#2222](https://github.com/openshift/ovn-kubernetes/pull/2222) * [OCPBUGS-35009](https://issues.redhat.com/browse/OCPBUGS-35009): ipv6+all protocols conntrack flush [#2199](https://github.com/openshift/ovn-kubernetes/pull/2199) * [OCPBUGS-34570](https://issues.redhat.com/browse/OCPBUGS-34570): Fix EIP GARP config overwritten by gateway update [#2188](https://github.com/openshift/ovn-kubernetes/pull/2188) * [OCPBUGS-33721](https://issues.redhat.com/browse/OCPBUGS-33721): use a forked version of j-keck/arping that fixes a threading issue [#2170](https://github.com/openshift/ovn-kubernetes/pull/2170) * [OCPBUGS-34076](https://issues.redhat.com/browse/OCPBUGS-34076): Reuse node-subnet from cache if exists [#2177](https://github.com/openshift/ovn-kubernetes/pull/2177) * [OCPBUGS-34405](https://issues.redhat.com/browse/OCPBUGS-34405): [release-4.14] dns: fix deadlock in case of error [#2183](https://github.com/openshift/ovn-kubernetes/pull/2183) * [OCPBUGS-33469](https://issues.redhat.com/browse/OCPBUGS-33469): drop-forwarding: Add ClusterSubnets to allowed forwarding CIDRs [#2160](https://github.com/openshift/ovn-kubernetes/pull/2160) * [OCPBUGS-33537](https://issues.redhat.com/browse/OCPBUGS-33537): Improves service iptables efficiency on start up [#2164](https://github.com/openshift/ovn-kubernetes/pull/2164) * [OCPBUGS-32104](https://issues.redhat.com/browse/OCPBUGS-32104): Periodically check the ovnkube-node certificate is not expired [#2117](https://github.com/openshift/ovn-kubernetes/pull/2117) * [OCPBUGS-32319](https://issues.redhat.com/browse/OCPBUGS-32319): [release-4.14] Full implementation of KEP-1669 ProxyTerminatingEndpoints + ETP=local fix [#2128](https://github.com/openshift/ovn-kubernetes/pull/2128) * [Release 4.14] OCPBUGS-32987: Bump OVS [#2148](https://github.com/openshift/ovn-kubernetes/pull/2148) * [OCPBUGS-32247](https://issues.redhat.com/browse/OCPBUGS-32247): [release-4.14] OVN bump to 23.09.0-139 [#2123](https://github.com/openshift/ovn-kubernetes/pull/2123) * [OCPBUGS-29397](https://issues.redhat.com/browse/OCPBUGS-29397): 4.14 High CPU usage with APB CRD [#2118](https://github.com/openshift/ovn-kubernetes/pull/2118) * [OCPBUGS-32353](https://issues.redhat.com/browse/OCPBUGS-32353): Custom v4 and v6 transit switch subnets while creating kind cluster [#2122](https://github.com/openshift/ovn-kubernetes/pull/2122) * [OCPBUGS-31853](https://issues.redhat.com/browse/OCPBUGS-31853), [OCPBUGS-31854](https://issues.redhat.com/browse/OCPBUGS-31854): EIP multi NIC IPv6 support and default route with next hop [#2114](https://github.com/openshift/ovn-kubernetes/pull/2114) * [OCPBUGS-31648](https://issues.redhat.com/browse/OCPBUGS-31648): Set mac binding age threshold in gateway routers [#2115](https://github.com/openshift/ovn-kubernetes/pull/2115) * [OCPBUGS-29342](https://issues.redhat.com/browse/OCPBUGS-29342): AdminPolicyBasedExternalRoute CRD failing to watch and reconcile routes for later pods [#2076](https://github.com/openshift/ovn-kubernetes/pull/2076) * [OCPBUGS-29606](https://issues.redhat.com/browse/OCPBUGS-29606): Update HostNetworkNamespace address_set for remote zone nodes [#2091](https://github.com/openshift/ovn-kubernetes/pull/2091) * [OCPBUGS-28726](https://issues.redhat.com/browse/OCPBUGS-28726): Update netpol namespace address sets usage to the old ways [#2068](https://github.com/openshift/ovn-kubernetes/pull/2068) * [OCPBUGS-28819](https://issues.redhat.com/browse/OCPBUGS-28819): Support Permanent Session Affinity [#2046](https://github.com/openshift/ovn-kubernetes/pull/2046) * [OCPBUGS-29231](https://issues.redhat.com/browse/OCPBUGS-29231): [release-4.14] Separate timeout for handler sync from informer sync & do not resync services during node tracker startup [#2061](https://github.com/openshift/ovn-kubernetes/pull/2061) * [OCPBUGS-29186](https://issues.redhat.com/browse/OCPBUGS-29186): Wait for ovnkube controller to start before checking result error. [#2067](https://github.com/openshift/ovn-kubernetes/pull/2067) * [OCPBUGS-29207](https://issues.redhat.com/browse/OCPBUGS-29207): Ignore hybrid-overlay nodes from EgressIP controller [#2062](https://github.com/openshift/ovn-kubernetes/pull/2062) * [OCPBUGS-25999](https://issues.redhat.com/browse/OCPBUGS-25999): Prevent multiple encap-ips per single chassis [#2037](https://github.com/openshift/ovn-kubernetes/pull/2037) * [OCPBUGS-28789](https://issues.redhat.com/browse/OCPBUGS-28789): Fix LGW ETP=Local on IPv6 [#2042](https://github.com/openshift/ovn-kubernetes/pull/2042) * [OCPBUGS-27925](https://issues.redhat.com/browse/OCPBUGS-27925): dont quit if node does not have subnet annotation [#2026](https://github.com/openshift/ovn-kubernetes/pull/2026) * [OCPBUGS-27256](https://issues.redhat.com/browse/OCPBUGS-27256): Ensure session affinity cleanup on backend removal [#2021](https://github.com/openshift/ovn-kubernetes/pull/2021) * [OCPBUGS-23395](https://issues.redhat.com/browse/OCPBUGS-23395): Egressfirewall use port groups [#1956](https://github.com/openshift/ovn-kubernetes/pull/1956) * [OCPBUGS-27243](https://issues.redhat.com/browse/OCPBUGS-27243): CARRY: Updates owners and adds Surya [#2019](https://github.com/openshift/ovn-kubernetes/pull/2019) * [OCPBUGS-25081](https://issues.redhat.com/browse/OCPBUGS-25081): Update ACL syncer: make default deny acls filter more strict, [#1981](https://github.com/openshift/ovn-kubernetes/pull/1981) * [OCPBUGS-26568](https://issues.redhat.com/browse/OCPBUGS-26568): Synchronize node primary address update [#2012](https://github.com/openshift/ovn-kubernetes/pull/2012) * [OCPBUGS-24326](https://issues.redhat.com/browse/OCPBUGS-24326): APB External Route: Add IPv4 and IPv6 validation in CRD schema for static hop IP field [#1967](https://github.com/openshift/ovn-kubernetes/pull/1967) * [OCPBUGS-25903](https://issues.redhat.com/browse/OCPBUGS-25903): Fix Egress IP Deletion Handler to Prevent OVN Policy Leaks [#2003](https://github.com/openshift/ovn-kubernetes/pull/2003) * [OCPBUGS-25746](https://issues.redhat.com/browse/OCPBUGS-25746), [OCPBUGS-25747](https://issues.redhat.com/browse/OCPBUGS-25747): Dockerfile: Bump OVN to ovn-23.09.0-91.el9fdp [#1996](https://github.com/openshift/ovn-kubernetes/pull/1996) * [OCPBUGS-24320](https://issues.redhat.com/browse/OCPBUGS-24320): APB status not updated when fails to process during the first reconciliations [#1968](https://github.com/openshift/ovn-kubernetes/pull/1968) * [OCPBUGS-23257](https://issues.redhat.com/browse/OCPBUGS-23257): Update leaderelection config to allow retries [#1955](https://github.com/openshift/ovn-kubernetes/pull/1955) * [OCPBUGS-23387](https://issues.redhat.com/browse/OCPBUGS-23387): Ignore completed virt-launcher pods [#1954](https://github.com/openshift/ovn-kubernetes/pull/1954) * [OCPBUGS-25087](https://issues.redhat.com/browse/OCPBUGS-25087): Fragment oversized reply packets in LGW mode [#1982](https://github.com/openshift/ovn-kubernetes/pull/1982) * [OCPBUGS-22735](https://issues.redhat.com/browse/OCPBUGS-22735): OVNK/GW: Ignore headless services in syncServices [#1970](https://github.com/openshift/ovn-kubernetes/pull/1970) * [OCPBUGS-24350](https://issues.redhat.com/browse/OCPBUGS-24350): [release-4.14] fixes MTU configuration on gateway router [#1969](https://github.com/openshift/ovn-kubernetes/pull/1969) * [OCPBUGS-24209](https://issues.redhat.com/browse/OCPBUGS-24209): Significantly reduce shared informer memory usage [#1964](https://github.com/openshift/ovn-kubernetes/pull/1964) * [OCPBUGS-19781](https://issues.redhat.com/browse/OCPBUGS-19781): Dockerfile: Copy ovnkube-trace file for RHEL8 platform [#1908](https://github.com/openshift/ovn-kubernetes/pull/1908) * [OCPBUGS-20260](https://issues.redhat.com/browse/OCPBUGS-20260), [OCPBUGS-20261](https://issues.redhat.com/browse/OCPBUGS-20261): [release-4.14] Use private IPv4 address range for transit switch subnet & Incorrect webhook error and exit handling [#1933](https://github.com/openshift/ovn-kubernetes/pull/1933) * [OCPBUGS-19932](https://issues.redhat.com/browse/OCPBUGS-19932): OCPBUGS-19931: DownStream Batch Merge Blocker Bug 29th september 2023 [#1920](https://github.com/openshift/ovn-kubernetes/pull/1920) * [OCPBUGS-19886](https://issues.redhat.com/browse/OCPBUGS-19886), [OCPBUGS-19887](https://issues.redhat.com/browse/OCPBUGS-19887), [OCPBUGS-19888](https://issues.redhat.com/browse/OCPBUGS-19888), [OCPBUGS-19889](https://issues.redhat.com/browse/OCPBUGS-19889): EIP fixes, remove ippool dupe call, allow gw mtu in webhook and ovnkube node can set mgt port for dpu [#1915](https://github.com/openshift/ovn-kubernetes/pull/1915) * [OCPBUGS-19812](https://issues.redhat.com/browse/OCPBUGS-19812), [OCPBUGS-19813](https://issues.redhat.com/browse/OCPBUGS-19813), [OCPBUGS-19814](https://issues.redhat.com/browse/OCPBUGS-19814), [OCPBUGS-19815](https://issues.redhat.com/browse/OCPBUGS-19815): release 4.14 blocker fixes [#1909](https://github.com/openshift/ovn-kubernetes/pull/1909) * [OCPBUGS-18427](https://issues.redhat.com/browse/OCPBUGS-18427), [OCPBUGS-19507](https://issues.redhat.com/browse/OCPBUGS-19507), [OCPBUGS-19538](https://issues.redhat.com/browse/OCPBUGS-19538), [OCPBUGS-19568](https://issues.redhat.com/browse/OCPBUGS-19568): merging from master to release-4.14 [#1889](https://github.com/openshift/ovn-kubernetes/pull/1889) * [OCPBUGS-18977](https://issues.redhat.com/browse/OCPBUGS-18977): Update bridge flow cache when the host address changes [#1874](https://github.com/openshift/ovn-kubernetes/pull/1874) * [OCPBUGS-19503](https://issues.redhat.com/browse/OCPBUGS-19503), [OCPBUGS-19649](https://issues.redhat.com/browse/OCPBUGS-19649): Use status subresource, Introduce per-node certs with webhook [#1898](https://github.com/openshift/ovn-kubernetes/pull/1898) * [OCPBUGS-18584](https://issues.redhat.com/browse/OCPBUGS-18584): Check libovsdbclient.ErrNotFound on wrapped errors [#1863](https://github.com/openshift/ovn-kubernetes/pull/1863) * [OCPBUGS-19087](https://issues.redhat.com/browse/OCPBUGS-19087): Dockerfile: bump OVN to ovn23.09-23.09.0-beta.31.el9fdp [#1879](https://github.com/openshift/ovn-kubernetes/pull/1879) * [OCPBUGS-12146](https://issues.redhat.com/browse/OCPBUGS-12146): Updating ovn-kubernetes-microshift images to be consistent with ART [#1656](https://github.com/openshift/ovn-kubernetes/pull/1656) * [Full changelog](https://github.com/openshift/ovn-kubernetes/compare/8fbb5635f96ed60cf0df5aabedfc6ee9698dbceb...beb3430c5fc2b3c37eeb90b816dd925ed4065fe6) ### [powervs-block-csi-driver](https://github.com/openshift/ibm-powervs-block-csi-driver/tree/988f7109b4493f62cb13187bc190eae60c77d1e7) * [OCPBUGS-36095](https://issues.redhat.com/browse/OCPBUGS-36095): Fix CVE-2024-6104 by updating http-retryable to 0.7.7 [#90](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/90) * [OCPBUGS-33637](https://issues.redhat.com/browse/OCPBUGS-33637): Fix CVE2023-45288 by bumping x/net to v0.24.0 - 4.14 [#81](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/81) * [OCPBUGS-25980](https://issues.redhat.com/browse/OCPBUGS-25980): Rebase with upstream: Fix snyk code issue: Path Traversal [#72](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/72) * [OCPBUGS-24713](https://issues.redhat.com/browse/OCPBUGS-24713): synk: ignore vendor dir [#60](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/60) * [OCPBUGS-21112](https://issues.redhat.com/browse/OCPBUGS-21112): CVE-2023-39325 - Update net dependencies - 4.14 [#51](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/51) * cherry-pick: Improve delete device failure logs in driver node [#48](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/48) * [Full changelog](https://github.com/openshift/ibm-powervs-block-csi-driver/compare/38bee567a703d3d5ab2ca6e1e047eea8e799c3c5...988f7109b4493f62cb13187bc190eae60c77d1e7) ### [powervs-block-csi-driver-operator](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/tree/7436369afce33811e543b13fcbea8d1e1ff65502) * [OCPBUGS-25657](https://issues.redhat.com/browse/OCPBUGS-25657): Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler [#58](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/pull/58) * [OCPBUGS-25715](https://issues.redhat.com/browse/OCPBUGS-25715): snyk: ignore vendor dir [#60](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/pull/60) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#48](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/pull/48) * [OCPBUGS-21203](https://issues.redhat.com/browse/OCPBUGS-21203): CVE-2023-39325 - Update net dependencies - 4.14 [#40](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/pull/40) * Update OWNERS add yussufsh [#44](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/pull/44) * [Full changelog](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/compare/a3729dcb75a7da8c9ee7466da5de07e2f1fe5951...7436369afce33811e543b13fcbea8d1e1ff65502) ### [powervs-cloud-controller-manager](https://github.com/openshift/cloud-provider-powervs/tree/19cf1d3f4985a22e9777aad16531a382c4feed45) * [OCPBUGS-36105](https://issues.redhat.com/browse/OCPBUGS-36105): UPSTREAM: <carry>: Fix go-retryablehttp CVE 4.14 [#75](https://github.com/openshift/cloud-provider-powervs/pull/75) * [OCPBUGS-24727](https://issues.redhat.com/browse/OCPBUGS-24727): UPSTREAM: <carry>: snyk code scan exclude vendor directory [#54](https://github.com/openshift/cloud-provider-powervs/pull/54) * [OCPBUGS-21299](https://issues.redhat.com/browse/OCPBUGS-21299): CVE-2023-39325 - Update net dependencies - 4.14 [#45](https://github.com/openshift/cloud-provider-powervs/pull/45) * [Full changelog](https://github.com/openshift/cloud-provider-powervs/compare/1d6a7ed991427b1c8048b0b44b706228e5c2a001...19cf1d3f4985a22e9777aad16531a382c4feed45) ### [powervs-machine-controllers](https://github.com/openshift/machine-api-provider-powervs/tree/ea93a47d3af967bfe0a738f29336de51f457a143) * [OCPBUGS-54754](https://issues.redhat.com/browse/OCPBUGS-54754): Fix for CVE-2024-51744 in github.com/golang-jwt/jwt/v4 in release-4.14 [#116](https://github.com/openshift/machine-api-provider-powervs/pull/116) * [OCPBUGS-41978](https://issues.redhat.com/browse/OCPBUGS-41978): Update go.mod to fix CVE - 4.14 [#86](https://github.com/openshift/machine-api-provider-powervs/pull/86) * [OCPBUGS-24730](https://issues.redhat.com/browse/OCPBUGS-24730): snyk code scan exclude vendor directory [#65](https://github.com/openshift/machine-api-provider-powervs/pull/65) * [OCPBUGS-21879](https://issues.redhat.com/browse/OCPBUGS-21879): CVE-2023-39325 - Bump golang.org/x/net to v0.17.0 - 4.14 [#54](https://github.com/openshift/machine-api-provider-powervs/pull/54) * [Full changelog](https://github.com/openshift/machine-api-provider-powervs/compare/088808b02a8cf18d140fb80a022fed51b8a9530f...ea93a47d3af967bfe0a738f29336de51f457a143) ### [prometheus](https://github.com/openshift/prometheus/tree/3aff0d1e4f08b135b958494c14f7c3d914dfe005) * [OCPBUGS-43670](https://issues.redhat.com/browse/OCPBUGS-43670): fix(discovery): Handle cache.DeletedFinalStateUnknown … [#239](https://github.com/openshift/prometheus/pull/239) * [OCPBUGS-22531](https://issues.redhat.com/browse/OCPBUGS-22531): bump otel dependencies [#183](https://github.com/openshift/prometheus/pull/183) * [OCPBUGS-21262](https://issues.redhat.com/browse/OCPBUGS-21262): update golang.org/x/net to v0.17.0 [4.14] [#176](https://github.com/openshift/prometheus/pull/176) * [Full changelog](https://github.com/openshift/prometheus/compare/79fa623a51580ca0cfc30609b27da0a56a4f2282...3aff0d1e4f08b135b958494c14f7c3d914dfe005) ### [prometheus-alertmanager](https://github.com/openshift/prometheus-alertmanager/tree/e3725166cf8ef228f1672b00d063c488b69687aa) * [OCPBUGS-21064](https://issues.redhat.com/browse/OCPBUGS-21064): Bump golang.org/x/net to v0.17.0 [#80](https://github.com/openshift/prometheus-alertmanager/pull/80) * [Full changelog](https://github.com/openshift/prometheus-alertmanager/compare/870ade52a6097bc55cec29c1a9cc028967c5d23c...e3725166cf8ef228f1672b00d063c488b69687aa) ### [prometheus-config-reloader, prometheus-operator, prometheus-operator-admission-webhook](https://github.com/openshift/prometheus-operator/tree/a4b845a7ae4e1ffb62eae963406481f1c3456bfe) * [OCPBUGS-30015](https://issues.redhat.com/browse/OCPBUGS-30015): fix: convert `continue` field between v1beta1 and v1alpha1 [#279](https://github.com/openshift/prometheus-operator/pull/279) * [OCPBUGS-20881](https://issues.redhat.com/browse/OCPBUGS-20881): fix: disable HTTP2 connections by default [#253](https://github.com/openshift/prometheus-operator/pull/253) * [OCPBUGS-20881](https://issues.redhat.com/browse/OCPBUGS-20881): Bump golang.org/x/net to v0.17.0 [#247](https://github.com/openshift/prometheus-operator/pull/247) * [Full changelog](https://github.com/openshift/prometheus-operator/compare/902436ac6a8eec8f2f3f8b91f519a3d319924833...a4b845a7ae4e1ffb62eae963406481f1c3456bfe) ### [prometheus-node-exporter](https://github.com/openshift/node_exporter/tree/5ee0a9d957a04756ba76623a8bbc12be9949109f) * [OCPBUGS-21162](https://issues.redhat.com/browse/OCPBUGS-21162): (4.14) upgrade golang.org/x/net to v0.17.0 [#134](https://github.com/openshift/node_exporter/pull/134) * [Full changelog](https://github.com/openshift/node_exporter/compare/aed837c322b6eb54d88956acada07b5b390b5c25...5ee0a9d957a04756ba76623a8bbc12be9949109f) ### [route-controller-manager](https://github.com/openshift/route-controller-manager/tree/1a5e72f41b21f5ebcd6f9dd8227d92ad1fffbb1e) * [OCPBUGS-21576](https://issues.redhat.com/browse/OCPBUGS-21576): bump(k8s,openshift) to address CVE-2023-44487 [4.14] [#34](https://github.com/openshift/route-controller-manager/pull/34) * [Full changelog](https://github.com/openshift/route-controller-manager/compare/c5cc7a73705e4086759e2a36811b055b7716def4...1a5e72f41b21f5ebcd6f9dd8227d92ad1fffbb1e) ### [service-ca-operator](https://github.com/openshift/service-ca-operator/tree/3c3f82f7112ee4b5656e5c554f9887acdf881175) * [OCPBUGS-21066](https://issues.redhat.com/browse/OCPBUGS-21066): go.mod: bump golang.org/x/net to v0.17.0 [#224](https://github.com/openshift/service-ca-operator/pull/224) * [OCPBUGS-19318](https://issues.redhat.com/browse/OCPBUGS-19318): fix admission webhook CA injection [#222](https://github.com/openshift/service-ca-operator/pull/222) * [Full changelog](https://github.com/openshift/service-ca-operator/compare/19f312e96bb4e5b7da9f61ea4cab202b227a60c6...3c3f82f7112ee4b5656e5c554f9887acdf881175) ### [telemeter](https://github.com/openshift/telemeter/tree/1f7268163afc74f9f3c1ff89d8c0149760694e6c) * [OCPBUGS-34830](https://issues.redhat.com/browse/OCPBUGS-34830): fix issuer check during JWT authentication 4.14 [#539](https://github.com/openshift/telemeter/pull/539) * [OCPBUGS-32888](https://issues.redhat.com/browse/OCPBUGS-32888): update gopkg.in/square/go-jose.v2 to fix CVE-2024-28180 [#535](https://github.com/openshift/telemeter/pull/535) * [OCPBUGS-22647](https://issues.redhat.com/browse/OCPBUGS-22647): go.mod: bump go.opentelemetry.io/contrib/instrumentation/net/http/ote… [#494](https://github.com/openshift/telemeter/pull/494) * [OCPBUGS-21349](https://issues.redhat.com/browse/OCPBUGS-21349): [release-4.14]: Bump golang.org/x/net to v0.17.0 [#484](https://github.com/openshift/telemeter/pull/484) * [Full changelog](https://github.com/openshift/telemeter/compare/14489f7dc656175e11a3ef962fcbcd113b3651a9...1f7268163afc74f9f3c1ff89d8c0149760694e6c) ### [tests](https://github.com/openshift/origin/tree/61448faf003ff6999aa5cc5d3c9cf7651992ab38) * [OCPBUGS-55747](https://issues.redhat.com/browse/OCPBUGS-55747): [build] Ensure Git Clone Does Not Run Privileged [#29758](https://github.com/openshift/origin/pull/29758) * [OCPBUGS-54770](https://issues.redhat.com/browse/OCPBUGS-54770): Fix egress firewall tests by updating the URL from docs.openshift.com to redhat.com [#29665](https://github.com/openshift/origin/pull/29665) * [OCPBUGS-52583](https://issues.redhat.com/browse/OCPBUGS-52583): Use payload pullspec for image info test [#29591](https://github.com/openshift/origin/pull/29591) * [OCPBUGS-51363](https://issues.redhat.com/browse/OCPBUGS-51363): Disable:Broken for [sig-builds][Feature:Builds][Slow] can use private repositories as build input build using an HTTP token should be able to clone source code via an HTTP token [#29567](https://github.com/openshift/origin/pull/29567) * [OCPBUGS-51044](https://issues.redhat.com/browse/OCPBUGS-51044): Add/remove team members to the OWNERS file for Builds [#29554](https://github.com/openshift/origin/pull/29554) * [OCPBUGS-44107](https://issues.redhat.com/browse/OCPBUGS-44107): Adjust createDNSPod() to support hypershift dual-stack test [#29256](https://github.com/openshift/origin/pull/29256) * [OCPBUGS-39137](https://issues.redhat.com/browse/OCPBUGS-39137): Bump timeout for the pod-network-service endpoints check [#29062](https://github.com/openshift/origin/pull/29062) * [OCPBUGS-38365](https://issues.redhat.com/browse/OCPBUGS-38365): add Proxy config [#28998](https://github.com/openshift/origin/pull/28998) * [OCPBUGS-36800](https://issues.redhat.com/browse/OCPBUGS-36800): Removes dependency on samples operator images [#28952](https://github.com/openshift/origin/pull/28952) * #28775 FIX [release-4.14] OCPBUGS-33367: monitor test fix to wait before connecting to a non-existent dns on PowerVS and IBMCloud platforms [#28792](https://github.com/openshift/origin/pull/28792) * #28745 FIX [release-4.14] OCPBUGS-33022: update egressFWTestE2E image which contains ping binary [#28899](https://github.com/openshift/origin/pull/28899) * [OCPBUGS-36464](https://issues.redhat.com/browse/OCPBUGS-36464): test/extended: skip etcd leader change check on hypershift [#28921](https://github.com/openshift/origin/pull/28921) * [OCPBUGS-35475](https://issues.redhat.com/browse/OCPBUGS-35475): Use centos7 tag instead of latest for cmd images tests [#28881](https://github.com/openshift/origin/pull/28881) * [OCPBUGS-33417](https://issues.redhat.com/browse/OCPBUGS-33417): Provide SCC access via RBAC [#28806](https://github.com/openshift/origin/pull/28806) * [OCPBUGS-33563](https://issues.redhat.com/browse/OCPBUGS-33563): Adjust the method of get the apiServer (release-4.14) [#28763](https://github.com/openshift/origin/pull/28763) * [OCPBUGS-29970](https://issues.redhat.com/browse/OCPBUGS-29970): Do not assume there is just a single kubelet systemd service [#28620](https://github.com/openshift/origin/pull/28620) * [OCPNODE-2101](https://issues.redhat.com/browse/OCPNODE-2101): add kube-rbac-proxy-crio toleration change [#28647](https://github.com/openshift/origin/pull/28647) * [OCPBUGS-29928](https://issues.redhat.com/browse/OCPBUGS-29928): Only extract node role from properly formatted node-role label [#28616](https://github.com/openshift/origin/pull/28616) * [OCPBUGS-29182](https://issues.redhat.com/browse/OCPBUGS-29182): updated timeout to 3 seconds to account for network timing issues [#28578](https://github.com/openshift/origin/pull/28578) * [OCPBUGS-29034](https://issues.redhat.com/browse/OCPBUGS-29034): Replace 'coreydaley' with 'sayan-biswas' [#28574](https://github.com/openshift/origin/pull/28574) * [OCPBUGS-26044](https://issues.redhat.com/browse/OCPBUGS-26044): Adding test case for when exceed openshift.io/image-tags will ban to … [#28493](https://github.com/openshift/origin/pull/28493) * [OCPBUGS-21774](https://issues.redhat.com/browse/OCPBUGS-21774): backport #28316 to 4.14 release [#28335](https://github.com/openshift/origin/pull/28335) * Revert "[release-4.14] OCPBUGS-22720: Use Centos 8 Stream mysql image in tests" [#28368](https://github.com/openshift/origin/pull/28368) * [OCPBUGS-23042](https://issues.redhat.com/browse/OCPBUGS-23042): tolerate AWS edge nodes on monitor tests [#28387](https://github.com/openshift/origin/pull/28387) * [OCPBUGS-23145](https://issues.redhat.com/browse/OCPBUGS-23145): Bump watch requests for cluster-baremetal-operator [#28385](https://github.com/openshift/origin/pull/28385) * trt-1340: backport exact and disable monitor tests options to 4.14 [#28391](https://github.com/openshift/origin/pull/28391) * [OCPBUGS-19923](https://issues.redhat.com/browse/OCPBUGS-19923): Updating parameters for build timing PushImage test [#28291](https://github.com/openshift/origin/pull/28291) * [OCPBUGS-22411](https://issues.redhat.com/browse/OCPBUGS-22411): fix: increase upper bounds for samples operator [#28356](https://github.com/openshift/origin/pull/28356) * [OCPBUGS-22720](https://issues.redhat.com/browse/OCPBUGS-22720): Use Centos 8 Stream mysql image in tests [#28365](https://github.com/openshift/origin/pull/28365) * [OCPBUGS-22389](https://issues.redhat.com/browse/OCPBUGS-22389): Remove all docker.io images due to access denied [#28355](https://github.com/openshift/origin/pull/28355) * [OCPBUGS-21774](https://issues.redhat.com/browse/OCPBUGS-21774): backport https://github.com/openshift/origin/pull/28238 to 4.14 release [#28333](https://github.com/openshift/origin/pull/28333) * Revert #28304 "OCPBUGS-20308: Backport PR 28295 and 28238" [#28314](https://github.com/openshift/origin/pull/28314) * [OCPBUGS-20308](https://issues.redhat.com/browse/OCPBUGS-20308): Backport PR 28295 and 28238 [#28304](https://github.com/openshift/origin/pull/28304) * [OCPBUGS-19903](https://issues.redhat.com/browse/OCPBUGS-19903): kubevirt: add live migration tests [#28281](https://github.com/openshift/origin/pull/28281) * wait for the service to have endpoints before starting pollers [#28279](https://github.com/openshift/origin/pull/28279) * some monitor tests only function on disruptive tests [#28287](https://github.com/openshift/origin/pull/28287) * [OCPBUGS-19718](https://issues.redhat.com/browse/OCPBUGS-19718): rteval [#28276](https://github.com/openshift/origin/pull/28276) * [OCPBUGS-19547](https://issues.redhat.com/browse/OCPBUGS-19547): fix: add rteval to the test image [#28269](https://github.com/openshift/origin/pull/28269) * [TRT-1244](https://issues.redhat.com/browse/TRT-1244): Bump aws-ovn upgradeDurationLimits to 130 [#28265](https://github.com/openshift/origin/pull/28265) * [OCPBUGS-19061](https://issues.redhat.com/browse/OCPBUGS-19061): Remove duplicate connection type from disruption name [#28260](https://github.com/openshift/origin/pull/28260) * [Full changelog](https://github.com/openshift/origin/compare/4a51fe9d78effc921c5cb1884b507e8e83feb0c8...61448faf003ff6999aa5cc5d3c9cf7651992ab38) ### [thanos](https://github.com/openshift/thanos/tree/a26712509e3f9c511926ca9d8bba3e3ea8e95ada) * [OCPBUGS-22636](https://issues.redhat.com/browse/OCPBUGS-22636): Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.42.0 to 0.44.0 [#130](https://github.com/openshift/thanos/pull/130) * [OCPBUGS-21176](https://issues.redhat.com/browse/OCPBUGS-21176): Bump golang.org/x/net to v0.17.0 [#124](https://github.com/openshift/thanos/pull/124) * [Full changelog](https://github.com/openshift/thanos/compare/66161ad4e03e5593f5a3a33aaaffbcd41555d62a...a26712509e3f9c511926ca9d8bba3e3ea8e95ada) ### [vsphere-cloud-controller-manager](https://github.com/openshift/cloud-provider-vsphere/tree/efaed5cdb8c7d4b0b7fe38e203c545278ccfab4d) * [OCPBUGS-23889](https://issues.redhat.com/browse/OCPBUGS-23889): Bump otelgrpc to v0.49.0 [#70](https://github.com/openshift/cloud-provider-vsphere/pull/70) * [OCPBUGS-21520](https://issues.redhat.com/browse/OCPBUGS-21520): Bump golang.org/x/net to v0.18.0 [#54](https://github.com/openshift/cloud-provider-vsphere/pull/54) * [Full changelog](https://github.com/openshift/cloud-provider-vsphere/compare/81ad52ad7bcf37b225bc50a6e6150ca0572057b7...efaed5cdb8c7d4b0b7fe38e203c545278ccfab4d) ### [vsphere-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-vsphere/tree/b5346ad9d07fc212c58ad52cd757fa31da3c5f77) * [OCPBUGS-35136](https://issues.redhat.com/browse/OCPBUGS-35136): Bump x/crypto to v0.24.0 [#46](https://github.com/openshift/cluster-api-provider-vsphere/pull/46) * [OCPBUGS-17312](https://issues.redhat.com/browse/OCPBUGS-17312), [OCPBUGS-21558](https://issues.redhat.com/browse/OCPBUGS-21558): [release-4.14] bump golang.org/x/net to v0.17.0 [#20](https://github.com/openshift/cluster-api-provider-vsphere/pull/20) * [Full changelog](https://github.com/openshift/cluster-api-provider-vsphere/compare/5611168658586d68b5a92c77c07304694fc2cc64...b5346ad9d07fc212c58ad52cd757fa31da3c5f77) ### [vsphere-csi-driver, vsphere-csi-driver-syncer](https://github.com/openshift/vmware-vsphere-csi-driver/tree/b5d0e7ddd2262c616147e5ce16220dae2a4de59d) * [OCPBUGS-51045](https://issues.redhat.com/browse/OCPBUGS-51045): Prevent node cache update during attach & detach [#139](https://github.com/openshift/vmware-vsphere-csi-driver/pull/139) * [OCPBUGS-35138](https://issues.redhat.com/browse/OCPBUGS-35138): CVE-2023-48795: bump golang.org/x/crypto to v0.17.0 [#123](https://github.com/openshift/vmware-vsphere-csi-driver/pull/123) * [OCPBUGS-33798](https://issues.redhat.com/browse/OCPBUGS-33798): FailedPrecondition volume does not appear staged [#119](https://github.com/openshift/vmware-vsphere-csi-driver/pull/119) * [OCPBUGS-21564](https://issues.redhat.com/browse/OCPBUGS-21564): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#90](https://github.com/openshift/vmware-vsphere-csi-driver/pull/90) * [Full changelog](https://github.com/openshift/vmware-vsphere-csi-driver/compare/4b15e93bd578484c4bfb1c124fa655c451bbd1ca...b5d0e7ddd2262c616147e5ce16220dae2a4de59d) ### [vsphere-csi-driver-operator](https://github.com/openshift/vmware-vsphere-csi-driver-operator/tree/5d5105f93e02ba0c4c07890b3db630b11d839abf) * [OCPBUGS-25657](https://issues.redhat.com/browse/OCPBUGS-25657): Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler [#203](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/203) * [OCPBUGS-24224](https://issues.redhat.com/browse/OCPBUGS-24224): Explicitly degrade the cluster when conditions are not met [#194](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/194) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#186](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/186) * [OCPBUGS-23169](https://issues.redhat.com/browse/OCPBUGS-23169): Fix vsphere csi controller pods from getting constantly restarted [#193](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/193) * [OCPBUGS-22430](https://issues.redhat.com/browse/OCPBUGS-22430): disable http/2 server support in webhook [#182](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/182) * [OCPBUGS-21450](https://issues.redhat.com/browse/OCPBUGS-21450): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#173](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/173) * [Full changelog](https://github.com/openshift/vmware-vsphere-csi-driver-operator/compare/e0d46570a06caff3439b410b9c9f75cb383a3d2d...5d5105f93e02ba0c4c07890b3db630b11d839abf) ### [vsphere-problem-detector](https://github.com/openshift/vsphere-problem-detector/tree/a9c08425f59d37495d655ee16d4fc7fa200a5ea8) * [OCPBUGS-38347](https://issues.redhat.com/browse/OCPBUGS-38347): Drop event when CheckDefaultDatastore fails [#171](https://github.com/openshift/vsphere-problem-detector/pull/171) * [OCPBUGS-35913](https://issues.redhat.com/browse/OCPBUGS-35913): Fix missing failure-domains [#162](https://github.com/openshift/vsphere-problem-detector/pull/162) * [OCPBUGS-24401](https://issues.redhat.com/browse/OCPBUGS-24401): Use failure-domains and other changes from master [#142](https://github.com/openshift/vsphere-problem-detector/pull/142) * [OCPBUGS-21812](https://issues.redhat.com/browse/OCPBUGS-21812): Warn usernames without domain name [#134](https://github.com/openshift/vsphere-problem-detector/pull/134) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#138](https://github.com/openshift/vsphere-problem-detector/pull/138) * [OCPBUGS-21581](https://issues.redhat.com/browse/OCPBUGS-21581): CVE-2023-44487: bump golang.org/x/net to v0.17.0 [#129](https://github.com/openshift/vsphere-problem-detector/pull/129) * [Full changelog](https://github.com/openshift/vsphere-problem-detector/compare/15ed0ae1d7bcfc9fd24e32bf3650e0e960c115be...a9c08425f59d37495d655ee16d4fc7fa200a5ea8)