# 4.16.51 Created: 2025-10-23 12:47:16 +0000 UTC Image Digest: `sha256:49d83378f39afe7f13c1db8f46cbf757ddcc84f16737a2e6d8eacb1f2004afd0` ## Changes from 4.16.0 ### Components * Kubectl upgraded from 1.29.1 to 1.29.7 * Kubernetes upgraded from 1.29.5 to 1.29.14 * Kubernetes Tests 1.29.0 * Red Hat Enterprise Linux CoreOS upgraded from 416.94.202406172220-0 to 416.94.202510221349-0 ### FeatureGate Changes | FeatureGate | Default
Hypershift | Default
SelfManagedHA | DevPreviewNoUpgrade
Hypershift | DevPreviewNoUpgrade
SelfManagedHA | TechPreviewNoUpgrade
Hypershift | TechPreviewNoUpgrade
SelfManagedHA | | :------ | :---: | :---: | :---: | :---: | :---: | :---: | | ExternalRouteCertificate
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) | ### New images * [operator-framework-tools](https://github.com/openshift/operator-framework-olm) git [e48ec38c](https://github.com/openshift/operator-framework-olm/commit/e48ec38c748a5cb90cdaf2fe017fb161301886ae) `sha256:f8eaff8253c472b159062a4dc6f544e44240e03989970265b4ccf93cf6766962` ### Removed images * ovirt-machine-controllers ### Rebuilt images without code change * [agent-installer-utils](https://github.com/openshift/agent-installer-utils) git [6e6bb40d](https://github.com/openshift/agent-installer-utils/commit/6e6bb40d95bd966eb6b152e66c5b91794806c4bc) `sha256:c467b3517e04ca9e8c47f76954f49e6782ea918e4c8bda6998c36594fc6e0b87` * [alibaba-cloud-controller-manager](https://github.com/openshift/cloud-provider-alibaba-cloud) git [97e8335e](https://github.com/openshift/cloud-provider-alibaba-cloud/commit/97e8335e2f0bc9ee48fe04f2c19820b557035d37) `sha256:cba08409f55dd2a0ce4a3042fd39cd3a7973dc807e3c6a6dbc71d3cf4e70f8d9` * [aws-cloud-controller-manager](https://github.com/openshift/cloud-provider-aws) git [a53e9def](https://github.com/openshift/cloud-provider-aws/commit/a53e9def2e60eecd390575b59c85d54c5412ecd3) `sha256:d90bebe578f372b19a2b57dbebf00d95625d2d7fd61f90650a64405fffbdb2d7` * [aws-ebs-csi-driver](https://github.com/openshift/aws-ebs-csi-driver) git [1d29a74a](https://github.com/openshift/aws-ebs-csi-driver/commit/1d29a74ab7cde7424cac99261b90f23dc7a2fc21) `sha256:b0b3b29b3af61d4ae241c29c4914c90bac534e5a7ffbcd78efe8bf50d3d39ef7` * [azure-disk-csi-driver](https://github.com/openshift/azure-disk-csi-driver) git [6b55f6fb](https://github.com/openshift/azure-disk-csi-driver/commit/6b55f6fb004454f743aa0f2e1d96010396be4c45) `sha256:9dfba57ef2f3ab3a6892ee627d4d7ea0cd44569da7984afb27e28baebd506aaa` * [cluster-bootstrap](https://github.com/openshift/cluster-bootstrap) git [27bfb59f](https://github.com/openshift/cluster-bootstrap/commit/27bfb59fd0ff399224ee673869b8875ef10f1962) `sha256:724a144ecd508f976c63fe00a50cbcccf1a3b135f64a6e6fc05acdc6cc2000a0` * [cluster-capi-controllers](https://github.com/openshift/cluster-api) git [5830a10a](https://github.com/openshift/cluster-api/commit/5830a10a2f545dc25ff4ca4c4efd9005088676aa) `sha256:d30dbadc294f08970327c5f969b0b945b98e993e86db9f314de195d5823b915a` * [cluster-config-operator](https://github.com/openshift/cluster-config-operator) git [441d29c9](https://github.com/openshift/cluster-config-operator/commit/441d29c92b1759d1780a525112e764280b78b0d6) `sha256:2040a96d4577431c645fcae447dc4910f89cc319babeaac484eba0c130912cc7` * [cluster-csi-snapshot-controller-operator](https://github.com/openshift/cluster-csi-snapshot-controller-operator) git [439826e1](https://github.com/openshift/cluster-csi-snapshot-controller-operator/commit/439826e1a723c094717877db0f2ca1848d0fb10a) `sha256:a33834b2d0c853d36e324af99f0b479280a4c7cbe71ef38214a8aba992f8fac2` * [cluster-kube-cluster-api-operator](https://github.com/openshift/cluster-api-operator) git [95ceaa9e](https://github.com/openshift/cluster-api-operator/commit/95ceaa9e2e1fea94e82e078a77633c8cd105a3c7) `sha256:24367b3ff0e03713106c35afb42c67cc120f8186a9cf00c3974fac1100dff3ca` * [cluster-kube-scheduler-operator](https://github.com/openshift/cluster-kube-scheduler-operator) git [630f63bc](https://github.com/openshift/cluster-kube-scheduler-operator/commit/630f63bc7a30d2662bbb5115233144079de6eef6) `sha256:daf0ea1119b322b935921fc72c894782c7eb60376c85cc18179ea6d03a5e59ea` * [cluster-olm-operator](https://github.com/openshift/cluster-olm-operator) git [27bf70dd](https://github.com/openshift/cluster-olm-operator/commit/27bf70ddf9421637e1da18b249785b2cca177272) `sha256:4f3e6846140d759ec36de95c6cde66fc68b7eeedf4fb689ef841192170c494ce` * [cluster-openshift-apiserver-operator](https://github.com/openshift/cluster-openshift-apiserver-operator) git [d26f3002](https://github.com/openshift/cluster-openshift-apiserver-operator/commit/d26f3002e10be6f206f69a829d1511130e8188d9) `sha256:0962bf4eaf7c4103cbe56fbafe09cdf003a3295ca47551ecdc2a9a00e22d7c73` * [cluster-policy-controller](https://github.com/openshift/cluster-policy-controller) git [eaea543f](https://github.com/openshift/cluster-policy-controller/commit/eaea543f4c845a7b65705f12e162cc121bb12f88) `sha256:8b38bedb4b4892b5a357b1fe7aaae04bf53c28faf7a11ec5499b97a1f0ceabbd` * [configmap-reloader](https://github.com/openshift/configmap-reload) git [dc91ddc4](https://github.com/openshift/configmap-reload/commit/dc91ddc4ad8139c9c0bccaba22b65b0bf364d81e) `sha256:90667601b38a10f1c6453a32a76e66d1417fafe93a74fac94178f3ba1dc95fad` * [csi-driver-nfs](https://github.com/openshift/csi-driver-nfs) git [406cec72](https://github.com/openshift/csi-driver-nfs/commit/406cec72a10684a7545a976a8c31e60712bcc5b2) `sha256:18de8e910c61f9ea5cd968344bda9bdd0c469030333106cf0813e5bbf8b65d0d` * [csi-driver-shared-resource](https://github.com/openshift/csi-driver-shared-resource) git [bc125def](https://github.com/openshift/csi-driver-shared-resource/commit/bc125def6a15a71b2ef8c59e9c1284e471e7d905) `sha256:76662754a26a01bae4f5d12747bab9bc592ee168bd138917d3c597fa053c8e92` * [csi-driver-shared-resource-operator](https://github.com/openshift/csi-driver-shared-resource-operator) git [1e1194bc](https://github.com/openshift/csi-driver-shared-resource-operator/commit/1e1194bc659a5c8cfbbfeedd9d9c15540ecda0d7) `sha256:de5978cf0b22b802876bd81a4b776f14dfed291602af5e714ded9b0a5a4d8c20` * [csi-driver-shared-resource-webhook](https://github.com/openshift/csi-driver-shared-resource) git [bc125def](https://github.com/openshift/csi-driver-shared-resource/commit/bc125def6a15a71b2ef8c59e9c1284e471e7d905) `sha256:fd379c21cd7d1940a0e2e169287f9e9d0398d28ad19a25d9048303ec9ebfeac3` * [csi-external-attacher](https://github.com/openshift/csi-external-attacher) git [7da80aab](https://github.com/openshift/csi-external-attacher/commit/7da80aab15cabd182ee35742443c0b836de4e180) `sha256:0b098e307b17480b0acd6d723566391b06950acbe26e0e2fefe285301d745e84` * [csi-external-provisioner](https://github.com/openshift/csi-external-provisioner) git [9e8af011](https://github.com/openshift/csi-external-provisioner/commit/9e8af011e0a0aea96066821b57c42bdaccf24a42) `sha256:4e6a88d16299625c79dc7abb88826bfdc8dcbec19ee4c0dd60fe91d306f9d572` * [csi-livenessprobe](https://github.com/openshift/csi-livenessprobe) git [f5e3ff55](https://github.com/openshift/csi-livenessprobe/commit/f5e3ff5532d58af34b5b407be2cac6934c1ff223) `sha256:eb4d68c97ef11a9982bbc0a5eb9465805a6fc5035119d779c5aacc5ab870ebed` * [csi-node-driver-registrar](https://github.com/openshift/csi-node-driver-registrar) git [8930c368](https://github.com/openshift/csi-node-driver-registrar/commit/8930c368500a5d1f15c3e1a5906397e206879de0) `sha256:32ab70ebd0c8b5bae71a77d55df9cfeba484b2023a6f7aa2b50501c4e6660f82` * [driver-toolkit](https://github.com/openshift/driver-toolkit) git [1d5732f0](https://github.com/openshift/driver-toolkit/commit/1d5732f0209bb7d98661a53c66c5ac265272dce6) `sha256:10e974000cf7c0bc219789099723404677307a34142e3c539fa2a0ce07fa61ff` * [gcp-cloud-controller-manager](https://github.com/openshift/cloud-provider-gcp) git [26b43dfc](https://github.com/openshift/cloud-provider-gcp/commit/26b43dfc7ddce718014b8991db10cbff30b7b117) `sha256:258faa68ddf6718ad295ef9f8b16970c51b8dcab5f891a5f0642362f758432d3` * [gcp-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-gcp) git [02432df8](https://github.com/openshift/cluster-api-provider-gcp/commit/02432df87df9a731c8d630311854fbd515602e91) `sha256:53a904f847b3bf742b9585722285af05f7ec6478198096af7d5b5fa40cb7a209` * [gcp-pd-csi-driver](https://github.com/openshift/gcp-pd-csi-driver) git [5ed71c64](https://github.com/openshift/gcp-pd-csi-driver/commit/5ed71c64ce9c1879f0d2a17976387f1b0292796d) `sha256:b0f1bc9c1a4824d97ff3946f530174dffe95f5f864c4a8cd2d94e979f3b61de6` * [gcp-pd-csi-driver-operator](https://github.com/openshift/gcp-pd-csi-driver-operator) git [799327f7](https://github.com/openshift/gcp-pd-csi-driver-operator/commit/799327f7c45b362beadc39e85b9e773cab3654c5) `sha256:b42a50965919c10a9dde275c92ceed7700e1c4ea5e10eacb6e8ce3c8f0593a3a` * [ibm-cloud-controller-manager](https://github.com/openshift/cloud-provider-ibm) git [f961f16d](https://github.com/openshift/cloud-provider-ibm/commit/f961f16d17dcd6f7e43fd7fed967ce3b06ec9494) `sha256:b92e36d6128eb3cce0a5dc6ee431ad2b5535a0aa33b508b2509462352d5326a2` * [ironic-machine-os-downloader](https://github.com/openshift/ironic-rhcos-downloader) git [93b8b5fa](https://github.com/openshift/ironic-rhcos-downloader/commit/93b8b5fa33950cadd2310278b7c762ebe0057418) `sha256:a41e7a1eff7f99c94f1c299d6d356848a4a0487b7682ca8c7b91ef12db71e7bc` * [k8s-prometheus-adapter](https://github.com/openshift/k8s-prometheus-adapter) git [e4f859be](https://github.com/openshift/k8s-prometheus-adapter/commit/e4f859be4f56d1fc65138f99f5331baf17c15885) `sha256:dca8a910036db62229cc8b45d6f27373ae06e8ed0293949abf65f0d961091209` * [kube-state-metrics](https://github.com/openshift/kube-state-metrics) git [9b67b8d1](https://github.com/openshift/kube-state-metrics/commit/9b67b8d1adbd63e27b622b3d050e0673766a6f2d) `sha256:df00ef645ff0d9a2505328f21d38eaaea97b5a3f5b468c0923a899706c38da57` * [kubevirt-cloud-controller-manager](https://github.com/openshift/cloud-provider-kubevirt) git [3db76104](https://github.com/openshift/cloud-provider-kubevirt/commit/3db76104a38bd9160ca24e2ed4a33649843f210a) `sha256:4063dc2bab033ee16000ae9cfa813410d1606f111699f92a40da329d8dea71be` * [machine-image-customization-controller](https://github.com/openshift/image-customization-controller) git [39480963](https://github.com/openshift/image-customization-controller/commit/394809633b6b2e33ea1af444f7237f066bf0abb1) `sha256:1f4900732eeb043905c884af5856f0a66b25f399b5beb0e668cf31ea2b4dac33` * [oauth-server](https://github.com/openshift/oauth-server) git [3739138c](https://github.com/openshift/oauth-server/commit/3739138c8ebbeb73f6e89f61591dd16a3ece32e3) `sha256:a2c7bbe0027377d63253dd9bd825beaa33d6df5e11054bc9bca7dc85ddbaa44e` * [olm-catalogd](https://github.com/openshift/operator-framework-catalogd) git [79975a51](https://github.com/openshift/operator-framework-catalogd/commit/79975a511e1d31a09ef9b3b9e01262c8c69ff633) `sha256:4976fc4c8585f40fc82a449de0173498cfb8fc201c745d2a9ef714bd2e214686` * [olm-operator-controller](https://github.com/openshift/operator-framework-operator-controller) git [80b8649c](https://github.com/openshift/operator-framework-operator-controller/commit/80b8649cf7a57098d03eff0d155531cf63728f41) `sha256:a321b03292f84183b1563fd72398f85b330e22bcdba8f81078b3afa5ff4ff17b` * [olm-rukpak](https://github.com/openshift/operator-framework-rukpak) git [282cc84c](https://github.com/openshift/operator-framework-rukpak/commit/282cc84cf92dc963f5fd719e103c91b6cc0e6dc6) `sha256:cb2842c2fa44358ef607a67ce3dbba5cbc619826bd5ea5e02a9539070f8f0653` * [openshift-state-metrics](https://github.com/openshift/openshift-state-metrics) git [59b8a0ff](https://github.com/openshift/openshift-state-metrics/commit/59b8a0ffc0a472e819e0c30911201c34c85a4684) `sha256:2cf4b7e006e63b6be16a69a78caab8eaea88a6bc21c9c477b20d6ecfbce2a527` * [ovirt-csi-driver](https://github.com/openshift/ovirt-csi-driver) git [1db726a9](https://github.com/openshift/ovirt-csi-driver/commit/1db726a940d5ec150fd185a215f1368990653082) `sha256:a6d6d29719ff1b65004961860305d1c9f5f1f115781bff1cdc2608bf99687fc1` * [ovirt-csi-driver-operator](https://github.com/openshift/ovirt-csi-driver-operator) git [ac852f3e](https://github.com/openshift/ovirt-csi-driver-operator/commit/ac852f3eb077c877e998fee0359534349d07c604) `sha256:fca809986bd4fbd3876c041d1e85a1eb45aaf263786062265ad846232939bc6e` * [powervs-block-csi-driver-operator](https://github.com/openshift/ibm-powervs-block-csi-driver-operator) git [9c5dd8d1](https://github.com/openshift/ibm-powervs-block-csi-driver-operator/commit/9c5dd8d17f57b1c7ffd5464a191c6ee5a7646525) `sha256:f11b2a7cd84e97c420fb8e48a4fa68474424fbd3160f788c2c8c2fec00bcccbd` * [prom-label-proxy](https://github.com/openshift/prom-label-proxy) git [5e14722e](https://github.com/openshift/prom-label-proxy/commit/5e14722ecfb3323ce2eb9c75a6bd9c5274b06040) `sha256:a6c96e511d35de64e7b5c3c04679ea4c08d8ddafd92b51a65f5197d0c248eb28` * [prometheus-alertmanager](https://github.com/openshift/prometheus-alertmanager) git [e9aea929](https://github.com/openshift/prometheus-alertmanager/commit/e9aea929f309f412678fdf1064e1f74db3ba08b4) `sha256:bcf59ca3bfc1aa480847966222bb24535b24821afd2271999ae3c4ea0fca8caa` * [prometheus-node-exporter](https://github.com/openshift/node_exporter) git [29ba26d1](https://github.com/openshift/node_exporter/commit/29ba26d1bc31e5ff6b398f20dbdd72b4ca3ba897) `sha256:4d4780234a8e94ae1f82809215512c51b0eb1be13b5cad2639c8837ef476a185` * rhel-coreos `sha256:96fbd91c64ca34395e2778638a41e9372ef6e3cb6ef9809db2f9fd7dfbf1febc` * rhel-coreos-extensions `sha256:c10c46272515f1b2a6d08c0f0f7dfbed4554790387de991e894d32d12c2c6a82` * [service-ca-operator](https://github.com/openshift/service-ca-operator) git [538c7b98](https://github.com/openshift/service-ca-operator/commit/538c7b98a689e573b61e1abb1cb649da470c5fac) `sha256:ccfaff316580394551cfe736f26393633b6cb2a72924297bca4123d10776e795` * [thanos](https://github.com/openshift/thanos) git [85eee25c](https://github.com/openshift/thanos/commit/85eee25c36702ec14b86dc3157856d2aa2634642) `sha256:149bf976bf8d8ed213a46b20efbc88b04d8f028af5da565be7f3a61231b333ba` ### [agent-installer-api-server](https://github.com/openshift/assisted-service/tree/5c16119aeedc4c30e960a59ca91bbfe704879ad8) * [OCPBUGS-58631](https://issues.redhat.com/browse/OCPBUGS-58631), [OCPBUGS-58636](https://issues.redhat.com/browse/OCPBUGS-58636): Bump glog to v1.2.5 in release-4.16 (#7901) [#7901](https://github.com/openshift/assisted-service/pull/7901) * [OCPBUGS-47627](https://issues.redhat.com/browse/OCPBUGS-47627): dnsmasq service on OCP SNO fails to read /etc/resolv.conf file during system startup (#7857) [#7857](https://github.com/openshift/assisted-service/pull/7857) * [OCPBUGS-54402](https://issues.redhat.com/browse/OCPBUGS-54402): Bump go-jwt to 4.5.2 to fix CVE-30204 (#7486) [#7486](https://github.com/openshift/assisted-service/pull/7486) * [OCPBUGS-45244](https://issues.redhat.com/browse/OCPBUGS-45244): Bump moby from v26.0.0 to v27.2.1 (#7189) [#7189](https://github.com/openshift/assisted-service/pull/7189) * [MGMT-19537](https://issues.redhat.com/browse/MGMT-19537): Bump golang.org/x/net to 0.33.0 (#7130) [#7130](https://github.com/openshift/assisted-service/pull/7130) * [OCPBUGS-43021](https://issues.redhat.com/browse/OCPBUGS-43021): Update go-jose to v2.6.3 to mitigate CVE-2024-28180 (#6893) [#6893](https://github.com/openshift/assisted-service/pull/6893) * [OCPBUGS-42570](https://issues.redhat.com/browse/OCPBUGS-42570): Libraries bump to mitigate CVE-2024-27289 (#6833) [#6833](https://github.com/openshift/assisted-service/pull/6833) * [OCPBUGS-36577](https://issues.redhat.com/browse/OCPBUGS-36577): Switch to github.com/docker/distribution/reference to Mitigate CVE-2024-3727 (#6752) [#6752](https://github.com/openshift/assisted-service/pull/6752) * [Full changelog](https://github.com/openshift/assisted-service/compare/6b26a25e2ae7c4eae4a0f3ee0cedbd16c29bab8a...5c16119aeedc4c30e960a59ca91bbfe704879ad8) ### [agent-installer-csr-approver, agent-installer-orchestrator](https://github.com/openshift/assisted-installer/tree/302f47ff8d1bf6f69159453722346f850515bcab) * [OCPBUGS-53718](https://issues.redhat.com/browse/OCPBUGS-53718): Bump jwt to 4.5.2 in release-4.16 (#1091) [#1091](https://github.com/openshift/assisted-installer/pull/1091) * abi: let the bootstrap waiting for workers before rebooting (#1047) [#1047](https://github.com/openshift/assisted-installer/pull/1047) * [OCPBUGS-47494](https://issues.redhat.com/browse/OCPBUGS-47494): MGMT-19537: Bump golang.org/x/net to 0.33.0 (#990) [#990](https://github.com/openshift/assisted-installer/pull/990) * [OCPBUGS-38466](https://issues.redhat.com/browse/OCPBUGS-38466): Allow controller to continue when assisted-service (#914) [#914](https://github.com/openshift/assisted-installer/pull/914) * [OCPBUGS-43025](https://issues.redhat.com/browse/OCPBUGS-43025): Pick up latest CVE changes by bumping service (#920) [#920](https://github.com/openshift/assisted-installer/pull/920) * [OCPBUGS-36577](https://issues.redhat.com/browse/OCPBUGS-36577): Switch to github.com/docker/distribution/reference to Mitigate CVE-2024-3727 (#906) [#906](https://github.com/openshift/assisted-installer/pull/906) * [OCPBUGS-36779](https://issues.redhat.com/browse/OCPBUGS-36779): Reload host inventory on conflict (#881) [#881](https://github.com/openshift/assisted-installer/pull/881) * [Full changelog](https://github.com/openshift/assisted-installer/compare/373c87ad8f0d88816031b5c39764c80d900228d9...302f47ff8d1bf6f69159453722346f850515bcab) ### [agent-installer-node-agent](https://github.com/openshift/assisted-installer-agent/tree/720b5023664bf91db7bccfed476545bdd21ae94d) * run go mod tidy / vendor [#1019](https://github.com/openshift/assisted-installer-agent/pull/1019) * And 7 elided commits (e.g. from squash or rebase merges) * [Full changelog](https://github.com/openshift/assisted-installer-agent/compare/9ca7b58d937c413f670a26c02435829b1fb3a196...720b5023664bf91db7bccfed476545bdd21ae94d) ### [alibaba-machine-controllers](https://github.com/openshift/cluster-api-provider-alibaba/tree/248372a4f668111a7bf134527911cb656c44d47a) * [OCPBUGS-44242](https://issues.redhat.com/browse/OCPBUGS-44242): change the VERSION makefile variable to use OS_GIT_VERSION [#58](https://github.com/openshift/cluster-api-provider-alibaba/pull/58) * [Full changelog](https://github.com/openshift/cluster-api-provider-alibaba/compare/064d4624c74d417dd31cf1c173c00c3fa98ffade...248372a4f668111a7bf134527911cb656c44d47a) ### [apiserver-network-proxy](https://github.com/openshift/apiserver-network-proxy/tree/ca81b6a32aff6ccb327f6889ec89c01afedd8efd) * [OCPBUGS-38062](https://issues.redhat.com/browse/OCPBUGS-38062): Revert "Agent: Respect HTTPS_PROXY env vars for proxied connections" [#59](https://github.com/openshift/apiserver-network-proxy/pull/59) * [Full changelog](https://github.com/openshift/apiserver-network-proxy/compare/9a6028c48ae73bd8227f014635ce744452e70348...ca81b6a32aff6ccb327f6889ec89c01afedd8efd) ### [aws-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-aws/tree/b7868f0f14f7bd45bd697bd21c0528f9ff718195) * [OCPBUGS-61942](https://issues.redhat.com/browse/OCPBUGS-61942): UPSTREAM <carry>: revert: Only tag NetworkInterfaces in RunInstances if IAM Allows It [#572](https://github.com/openshift/cluster-api-provider-aws/pull/572) * [OCPBUGS-58666](https://issues.redhat.com/browse/OCPBUGS-58666), [OCPBUGS-58671](https://issues.redhat.com/browse/OCPBUGS-58671): bump github.com/golang/glog to v1.2.5 [#560](https://github.com/openshift/cluster-api-provider-aws/pull/560) * [OCPBUGS-53726](https://issues.redhat.com/browse/OCPBUGS-53726): Update golang-jwt to v4.5.2 [#547](https://github.com/openshift/cluster-api-provider-aws/pull/547) * [OCPBUGS-44234](https://issues.redhat.com/browse/OCPBUGS-44234): [release-4.16] OSD-25934: Only tag NetworkInterfaces in RunInstances if IAM Allows It [#531](https://github.com/openshift/cluster-api-provider-aws/pull/531) * [Full changelog](https://github.com/openshift/cluster-api-provider-aws/compare/aaaf00b18daf45c9eea93bc2924a6a7e22d27766...b7868f0f14f7bd45bd697bd21c0528f9ff718195) ### [aws-ebs-csi-driver-operator, azure-disk-csi-driver-operator, azure-file-csi-driver-operator](https://github.com/openshift/csi-operator/tree/27609c07dd4465b2b11a65eb8dad219e814b19e6) * [OCPBUGS-61253](https://issues.redhat.com/browse/OCPBUGS-61253): add ability to control kube rbac proxy container image… [#426](https://github.com/openshift/csi-operator/pull/426) * [OCPBUGS-60598](https://issues.redhat.com/browse/OCPBUGS-60598): Bump library-go [#423](https://github.com/openshift/csi-operator/pull/423) * [OCPBUGS-59606](https://issues.redhat.com/browse/OCPBUGS-59606): Backport stale conditions fix [#407](https://github.com/openshift/csi-operator/pull/407) * [OCPBUGS-60248](https://issues.redhat.com/browse/OCPBUGS-60248): add tag matching to Azure File storage class [#414](https://github.com/openshift/csi-operator/pull/414) * [Full changelog](https://github.com/openshift/csi-operator/compare/ff69cd0336ab92035d3d57af0ec71ff7b52f0f17...27609c07dd4465b2b11a65eb8dad219e814b19e6) ### [aws-kms-encryption-provider](https://github.com/openshift/aws-encryption-provider/tree/c66065de639016b770f512e7cfcfcee9519fb89f) * [OCPBUGS-33693](https://issues.redhat.com/browse/OCPBUGS-33693): Updating aws-kms-encryption-provider-container image to be consistent with ART for 4.16 [#18](https://github.com/openshift/aws-encryption-provider/pull/18) * hack: display diff on verify-mod-tidy failure [#26](https://github.com/openshift/aws-encryption-provider/pull/26) * [Full changelog](https://github.com/openshift/aws-encryption-provider/compare/da90fb7cb0d9108fb1f365e98f31ce6ab16fd7e0...c66065de639016b770f512e7cfcfcee9519fb89f) ### [aws-machine-controllers](https://github.com/openshift/machine-api-provider-aws/tree/0c8198618609197cc6cbcfd4016ba8400d8c13d5) * [OCPBUGS-46508](https://issues.redhat.com/browse/OCPBUGS-46508): fix Associate*IpAddress flag on launch EC2 [#121](https://github.com/openshift/machine-api-provider-aws/pull/121) * [Full changelog](https://github.com/openshift/machine-api-provider-aws/compare/61d60f6ca20443df434456c2f3eeba859634e6a2...0c8198618609197cc6cbcfd4016ba8400d8c13d5) ### [aws-pod-identity-webhook](https://github.com/openshift/aws-pod-identity-webhook/tree/459c531487ae4dd94301e2996bf817d47124854c) * [OCPBUGS-52513](https://issues.redhat.com/browse/OCPBUGS-52513): github.com/go-jose/go-jose/v4 v4.0.5 [#203](https://github.com/openshift/aws-pod-identity-webhook/pull/203) * [Full changelog](https://github.com/openshift/aws-pod-identity-webhook/compare/746491a64a4efc04132ceb641cee52c2ead3facd...459c531487ae4dd94301e2996bf817d47124854c) ### [azure-cloud-controller-manager, azure-cloud-node-manager](https://github.com/openshift/cloud-provider-azure/tree/e5bac3341fce67c12047caaafcf188c3f3049dc3) * [OCPBUGS-47645](https://issues.redhat.com/browse/OCPBUGS-47645): Prevent panic when informer receives cache.DeletedFinalStateUnknown [#133](https://github.com/openshift/cloud-provider-azure/pull/133) * [Full changelog](https://github.com/openshift/cloud-provider-azure/compare/0e9553295ecd02d6ef0aff19dfc1dfe680993112...e5bac3341fce67c12047caaafcf188c3f3049dc3) ### [azure-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-azure/tree/a81e3b31948468d76ac744bbbb74b0c423fc969e) * [OCPBUGS-36025](https://issues.redhat.com/browse/OCPBUGS-36025): Update go-retryablehttp to v0.7.7 [#310](https://github.com/openshift/cluster-api-provider-azure/pull/310) * [Full changelog](https://github.com/openshift/cluster-api-provider-azure/compare/face7da9972351de9a8d230b2a72af9dfe7facf7...a81e3b31948468d76ac744bbbb74b0c423fc969e) ### [azure-file-csi-driver](https://github.com/openshift/azure-file-csi-driver/tree/7a36778add73d12eb08ff6be357d8d351af651a7) * [OCPBUGS-39145](https://issues.redhat.com/browse/OCPBUGS-39145): bump mount-utils to treat ENODEV error as corrupted mount [#76](https://github.com/openshift/azure-file-csi-driver/pull/76) * [Full changelog](https://github.com/openshift/azure-file-csi-driver/compare/5ceb190a24730e4a3f951fa3e186e3cde9d86889...7a36778add73d12eb08ff6be357d8d351af651a7) ### [azure-kms-encryption-provider](https://github.com/openshift/azure-kubernetes-kms/tree/af633e05305c7adf67419ded3671903060ea4c66) * [OCPBUGS-53494](https://issues.redhat.com/browse/OCPBUGS-53494): bump golang-jwt v4 [#13](https://github.com/openshift/azure-kubernetes-kms/pull/13) * [OCPBUGS-33692](https://issues.redhat.com/browse/OCPBUGS-33692): Updating azure-kms-encryption-provider-container image to be consistent with ART for 4.16 [#4](https://github.com/openshift/azure-kubernetes-kms/pull/4) * [Full changelog](https://github.com/openshift/azure-kubernetes-kms/compare/bc92347bcd3863db05ce6c79f0b71145a3185e12...af633e05305c7adf67419ded3671903060ea4c66) ### [azure-machine-controllers](https://github.com/openshift/machine-api-provider-azure/tree/f164f9753a3876133aa8c0bf6cee21098c48709b) * [OCPBUGS-52476](https://issues.redhat.com/browse/OCPBUGS-52476): Remove unused vnet package [#131](https://github.com/openshift/machine-api-provider-azure/pull/131) * [OCPBUGS-56169](https://issues.redhat.com/browse/OCPBUGS-56169): [release-4.16] Update virtualmachines service to armcompute/v5 SDK [#147](https://github.com/openshift/machine-api-provider-azure/pull/147) * [OCPBUGS-56656](https://issues.redhat.com/browse/OCPBUGS-56656): Fix failure when attempting to modify immutable availabilitySet [#151](https://github.com/openshift/machine-api-provider-azure/pull/151) * [OCPBUGS-56092](https://issues.redhat.com/browse/OCPBUGS-56092): Update eviction policy for Spot VMs from Deallocate to Delete [#142](https://github.com/openshift/machine-api-provider-azure/pull/142) * [OCPBUGS-54990](https://issues.redhat.com/browse/OCPBUGS-54990): Re-reconcile machine on NIC provisioning failure [#137](https://github.com/openshift/machine-api-provider-azure/pull/137) * [OCPBUGS-50966](https://issues.redhat.com/browse/OCPBUGS-50966): dynamically setting the amount of fault domains [#129](https://github.com/openshift/machine-api-provider-azure/pull/129) * [CFE-1050](https://issues.redhat.com/browse/CFE-1050): Added support of capacity reservation group [#111](https://github.com/openshift/machine-api-provider-azure/pull/111) * [Full changelog](https://github.com/openshift/machine-api-provider-azure/compare/d6be293a11bf0dfdc6b80912fcdc3e90e8071ffe...f164f9753a3876133aa8c0bf6cee21098c48709b) ### [azure-workload-identity-webhook](https://github.com/openshift/azure-workload-identity/tree/5b8d171e853d10ba151bfac4ac1e76109524ca4b) * [OCPBUGS-53798](https://issues.redhat.com/browse/OCPBUGS-53798): github.com/golang-jwt/jwt/v4 v4.5.2 [#33](https://github.com/openshift/azure-workload-identity/pull/33) * [OCPBUGS-52510](https://issues.redhat.com/browse/OCPBUGS-52510): github.com/go-jose/go-jose/v4 v4.0.5 [#29](https://github.com/openshift/azure-workload-identity/pull/29) * [Full changelog](https://github.com/openshift/azure-workload-identity/compare/4aca092a13f62e48c700a910e8f3f0f228a7d822...5b8d171e853d10ba151bfac4ac1e76109524ca4b) ### [baremetal-installer, installer, installer-altinfra, installer-artifacts](https://github.com/openshift/installer/tree/8dfa1e05e2b6735efdc68968ba122b08db99ba70) * [OCPBUGS-62952](https://issues.redhat.com/browse/OCPBUGS-62952): Update the RHCOS 4.16 bootimage metadata [#10022](https://github.com/openshift/installer/pull/10022) * [OCPBUGS-62653](https://issues.redhat.com/browse/OCPBUGS-62653): Release 4.16 bump terraform provider azurerm [#9993](https://github.com/openshift/installer/pull/9993) * [OCPBUGS-59162](https://issues.redhat.com/browse/OCPBUGS-59162): vSphere - remove unit tests using nip.io [#9835](https://github.com/openshift/installer/pull/9835) * [OCPBUGS-62235](https://issues.redhat.com/browse/OCPBUGS-62235): Make swift containers removal not fatal for UPI. [#9961](https://github.com/openshift/installer/pull/9961) * [OCPBUGS-58290](https://issues.redhat.com/browse/OCPBUGS-58290): sort zone slices extracted from map of byo subnets [#9819](https://github.com/openshift/installer/pull/9819) * [OCPBUGS-55807](https://issues.redhat.com/browse/OCPBUGS-55807): update resolv.conf every time on bootstrap node [#9694](https://github.com/openshift/installer/pull/9694) * [OCPBUGS-57460](https://issues.redhat.com/browse/OCPBUGS-57460): vsphere - check if host is powered down or on standby before uploading template [#9786](https://github.com/openshift/installer/pull/9786) * [OCPBUGS-36677](https://issues.redhat.com/browse/OCPBUGS-36677): Power VS: Enable incoming traffic on port 5000 during installation in a restricted network [#8711](https://github.com/openshift/installer/pull/8711) * [OCPBUGS-57498](https://issues.redhat.com/browse/OCPBUGS-57498): ensure ctrplane nodes can access bootstrap MCS [#9788](https://github.com/openshift/installer/pull/9788) * [OCPBUGS-54240](https://issues.redhat.com/browse/OCPBUGS-54240): Update timeout for GCP WaitFor operation [#9715](https://github.com/openshift/installer/pull/9715) * [OCPBUGS-35040](https://issues.redhat.com/browse/OCPBUGS-35040): Power VS: Add ports needed for private clusters to security group [#8546](https://github.com/openshift/installer/pull/8546) * [OCPBUGS-54327](https://issues.redhat.com/browse/OCPBUGS-54327): Remove error logging when determining image arch [#9610](https://github.com/openshift/installer/pull/9610) * [OCPBUGS-54345](https://issues.redhat.com/browse/OCPBUGS-54345): Remove tmp directory used for agent pxe files [#9611](https://github.com/openshift/installer/pull/9611) * [OCPBUGS-54263](https://issues.redhat.com/browse/OCPBUGS-54263): IBMCloud: Move to IBM TF openshift fork [#9604](https://github.com/openshift/installer/pull/9604) * [OCPBUGS-50547](https://issues.redhat.com/browse/OCPBUGS-50547): aws/edge/byovpc: tag edge subnets with shared value [#9482](https://github.com/openshift/installer/pull/9482) * [OCPBUGS-52191](https://issues.redhat.com/browse/OCPBUGS-52191): [release-4.16] capi/aws: bump provider for LB DNS lookup fix [#9547](https://github.com/openshift/installer/pull/9547) * [OCPBUGS-51207](https://issues.redhat.com/browse/OCPBUGS-51207): Log correct hostname for validation status [#9511](https://github.com/openshift/installer/pull/9511) * [OCPBUGS-51111](https://issues.redhat.com/browse/OCPBUGS-51111): PowerVS: destroy dhcp hack [#9502](https://github.com/openshift/installer/pull/9502) * [OCPBUGS-48762](https://issues.redhat.com/browse/OCPBUGS-48762): Update RHCOS-release-4.16 bootimage metadata to 416.94.202501270445-0 [#9478](https://github.com/openshift/installer/pull/9478) * [OCPBUGS-43469](https://issues.redhat.com/browse/OCPBUGS-43469): pkg/asset/installconfig/azure: send full certifcate chain [#9467](https://github.com/openshift/installer/pull/9467) * [OCPBUGS-49416](https://issues.redhat.com/browse/OCPBUGS-49416): [Nutanix] Installation failed with timeout when uploading images to PC [#9412](https://github.com/openshift/installer/pull/9412) * [OCPBUGS-47663](https://issues.redhat.com/browse/OCPBUGS-47663): [release-4.16] Power VS: Create region-zone-sysType hierarchy [#9338](https://github.com/openshift/installer/pull/9338) * [OCPBUGS-48442](https://issues.redhat.com/browse/OCPBUGS-48442): Ensure rendezvousIP is checked against host IP [#9369](https://github.com/openshift/installer/pull/9369) * [OCPBUGS-45999](https://issues.redhat.com/browse/OCPBUGS-45999): Always set cross_tenant_replication_enabled parameter to false [#9321](https://github.com/openshift/installer/pull/9321) * [OCPBUGS-45669](https://issues.redhat.com/browse/OCPBUGS-45669): aws: fix Node Port Service rule removal [#9312](https://github.com/openshift/installer/pull/9312) * [OCPBUGS-45669](https://issues.redhat.com/browse/OCPBUGS-45669): [release-4.16] capi/aws: remove allow-all Node Port Service [#9281](https://github.com/openshift/installer/pull/9281) * [OCPBUGS-39434](https://issues.redhat.com/browse/OCPBUGS-39434): dropping this warning as the move from terraform is transparent to the end user [#8951](https://github.com/openshift/installer/pull/8951) * [OCPBUGS-45852](https://issues.redhat.com/browse/OCPBUGS-45852): Update upi references to api-internal [#9290](https://github.com/openshift/installer/pull/9290) * [OCPBUGS-41813](https://issues.redhat.com/browse/OCPBUGS-41813): Validate MTU for custom network [#9104](https://github.com/openshift/installer/pull/9104) * [ARO-12457](https://issues.redhat.com/browse/ARO-12457): Include bootstrap docker config file in go module [#9259](https://github.com/openshift/installer/pull/9259) * [OCPBUGS-45181](https://issues.redhat.com/browse/OCPBUGS-45181): add chrony.conf file when additional NTP sources are configured [#9247](https://github.com/openshift/installer/pull/9247) * [CORS-3753](https://issues.redhat.com/browse/CORS-3753): Allow mocking of the Azure client everywhere [#9220](https://github.com/openshift/installer/pull/9220) * [OCPBUGS-44348](https://issues.redhat.com/browse/OCPBUGS-44348): Cherrypick oci ccm fix to 4.16 [#9188](https://github.com/openshift/installer/pull/9188) * [OCPBUGS-43967](https://issues.redhat.com/browse/OCPBUGS-43967): Revendor assisted service external platform oci [#9150](https://github.com/openshift/installer/pull/9150) * [OCPBUGS-38930](https://issues.redhat.com/browse/OCPBUGS-38930): import failure when esxi config is not the same in the cluster [#8898](https://github.com/openshift/installer/pull/8898) * [OCPBUGS-36290](https://issues.redhat.com/browse/OCPBUGS-36290): IBMCloud: Ignore failed VPC regions [#8674](https://github.com/openshift/installer/pull/8674) * [OCPBUGS-41885](https://issues.redhat.com/browse/OCPBUGS-41885): vSphere - If template is defined skip downloading [#8999](https://github.com/openshift/installer/pull/8999) * [OCPBUGS-41490](https://issues.redhat.com/browse/OCPBUGS-41490): Update RHCOS 4.16 bootimage metadata to 416.94.202410211619-0 [#9158](https://github.com/openshift/installer/pull/9158) * [OCPBUGS-43476](https://issues.redhat.com/browse/OCPBUGS-43476): IBMCloud: Handle pagination for subnets [#9102](https://github.com/openshift/installer/pull/9102) * [OCPBUGS-41490](https://issues.redhat.com/browse/OCPBUGS-41490): Update RHCOS 4.16 bootimage metadata to 416.94.202410172137-0 [#9132](https://github.com/openshift/installer/pull/9132) * [OCPBUGS-42014](https://issues.redhat.com/browse/OCPBUGS-42014): Update terraform provider for google [#9077](https://github.com/openshift/installer/pull/9077) * [OCPBUGS-38732](https://issues.redhat.com/browse/OCPBUGS-38732): vsphere, if secureboot is enabled, disable it in the template [#8904](https://github.com/openshift/installer/pull/8904) * [OCPBUGS-39415](https://issues.redhat.com/browse/OCPBUGS-39415): OpenStack: Install CI dependencies from rpm [#8995](https://github.com/openshift/installer/pull/8995) * [OCPBUGS-41334](https://issues.redhat.com/browse/OCPBUGS-41334): Fix IPv6 security group rule for schedulable master [#8971](https://github.com/openshift/installer/pull/8971) * [OCPBUGS-38687](https://issues.redhat.com/browse/OCPBUGS-38687): only allow a single network in failure domain topology [#8875](https://github.com/openshift/installer/pull/8875) * [OCPBUGS-42062](https://issues.redhat.com/browse/OCPBUGS-42062): OCPBUGS-41865: [release-4.16] vault version updated to 1.13.10 [#9036](https://github.com/openshift/installer/pull/9036) * [OCPBUGS-42012](https://issues.redhat.com/browse/OCPBUGS-42012): Systemd Fails to Parse Multiline EC Keys [#9037](https://github.com/openshift/installer/pull/9037) * [OCPBUGS-41845](https://issues.redhat.com/browse/OCPBUGS-41845): Bump extract-machine-os timout to 20m [#8997](https://github.com/openshift/installer/pull/8997) * [OCPBUGS-38964](https://issues.redhat.com/browse/OCPBUGS-38964): IngressController subnet selection in AWS [#8910](https://github.com/openshift/installer/pull/8910) * [OCPBUGS-42138](https://issues.redhat.com/browse/OCPBUGS-42138): add tested instance type for IBMCloud [#9031](https://github.com/openshift/installer/pull/9031) * [OCPBUGS-39287](https://issues.redhat.com/browse/OCPBUGS-39287): Fix var_files syntax to work on older version of ansible [#8936](https://github.com/openshift/installer/pull/8936) * [OCPBUGS-41929](https://issues.redhat.com/browse/OCPBUGS-41929): Add AWS c7g,m7g,r8g to tested instance types [#9009](https://github.com/openshift/installer/pull/9009) * [OCPBUGS-36855](https://issues.redhat.com/browse/OCPBUGS-36855): Openstack UPI - Reintroduce unique resource names. [#8724](https://github.com/openshift/installer/pull/8724) * [OCPBUGS-39082](https://issues.redhat.com/browse/OCPBUGS-39082): incorrect folder gen, workaround govmomi vm folder path bug [#8912](https://github.com/openshift/installer/pull/8912) * [OCPBUGS-39496](https://issues.redhat.com/browse/OCPBUGS-39496): capi/aws/byo-vpc/multi-cidr: fix group rules [#8953](https://github.com/openshift/installer/pull/8953) * [OCPBUGS-36861](https://issues.redhat.com/browse/OCPBUGS-36861): Updates GCP terraform worker role [#8939](https://github.com/openshift/installer/pull/8939) * [OCPBUGS-38956](https://issues.redhat.com/browse/OCPBUGS-38956): failed to install Nutanix OCP 4.16 cluster with DHCP [#8905](https://github.com/openshift/installer/pull/8905) * [OCPBUGS-38822](https://issues.redhat.com/browse/OCPBUGS-38822): upstream capv bug causes session timeout [#8891](https://github.com/openshift/installer/pull/8891) * [OCPBUGS-39468](https://issues.redhat.com/browse/OCPBUGS-39468): Enable TLS for virtual media in initial ironic deployment [#8955](https://github.com/openshift/installer/pull/8955) * [OCPBUGS-37606](https://issues.redhat.com/browse/OCPBUGS-37606): vSphere validation fails if dc is in a folder [#8777](https://github.com/openshift/installer/pull/8777) * [OCPBUGS-39206](https://issues.redhat.com/browse/OCPBUGS-39206): Update GCP Disk Types 4.16 [#8920](https://github.com/openshift/installer/pull/8920) * [OCPBUGS-39087](https://issues.redhat.com/browse/OCPBUGS-39087): aws: validate public-only subnets configs [#8913](https://github.com/openshift/installer/pull/8913) * [OCPBUGS-38821](https://issues.redhat.com/browse/OCPBUGS-38821): [release-4.16] Azure: Disable shared key access when using a managed identity [#8855](https://github.com/openshift/installer/pull/8855) * [OCPBUGS-38302](https://issues.redhat.com/browse/OCPBUGS-38302): upi/aws: update lambda runtime python version [#8897](https://github.com/openshift/installer/pull/8897) * [OCPBUGS-38826](https://issues.redhat.com/browse/OCPBUGS-38826): aws: add support for clusters with public-only subnets [#8892](https://github.com/openshift/installer/pull/8892) * [OCPBUGS-38517](https://issues.redhat.com/browse/OCPBUGS-38517): [release-4.16] capi/aws: bump provider for instance register fix [#8848](https://github.com/openshift/installer/pull/8848) * [OCPBUGS-38196](https://issues.redhat.com/browse/OCPBUGS-38196): Remove timed context for gcp client [#8818](https://github.com/openshift/installer/pull/8818) * [OCPBUGS-38502](https://issues.redhat.com/browse/OCPBUGS-38502): PowerVS: Fix mad system pool [#8846](https://github.com/openshift/installer/pull/8846) * [OCPBUGS-37838](https://issues.redhat.com/browse/OCPBUGS-37838): fix bogus analyze message when gather fails [#8794](https://github.com/openshift/installer/pull/8794) * [OCPBUGS-37492](https://issues.redhat.com/browse/OCPBUGS-37492): openstack: Fix security group tagging [#8767](https://github.com/openshift/installer/pull/8767) * [OCPBUGS-37607](https://issues.redhat.com/browse/OCPBUGS-37607): bootstrap gather fails in vsphere, only ipv6 address used [#8778](https://github.com/openshift/installer/pull/8778) * [OCPBUGS-37494](https://issues.redhat.com/browse/OCPBUGS-37494): aws: do not require create permissions when BYO IAM role [#8768](https://github.com/openshift/installer/pull/8768) * [OCPBUGS-37510](https://issues.redhat.com/browse/OCPBUGS-37510): [release-4.16] aws: bump CAPA for subnet tagging fix [#8772](https://github.com/openshift/installer/pull/8772) * [OCPBUGS-37180](https://issues.redhat.com/browse/OCPBUGS-37180): ic: fix typo in warning message [#8769](https://github.com/openshift/installer/pull/8769) * [OCPBUGS-36968](https://issues.redhat.com/browse/OCPBUGS-36968): [release-4.16]: capi/aws: bump provider for ingress rules fix [#8734](https://github.com/openshift/installer/pull/8734) * [OCPBUGS-36965](https://issues.redhat.com/browse/OCPBUGS-36965): destroy/gcp: set value for DiscardLocalSsd [#8733](https://github.com/openshift/installer/pull/8733) * [OCPBUGS-36720](https://issues.redhat.com/browse/OCPBUGS-36720): CORS-3582: capi: remove unused feature gates [#8716](https://github.com/openshift/installer/pull/8716) * [OCPBUGS-36890](https://issues.redhat.com/browse/OCPBUGS-36890): [release-4.16] capi: start controllers after WaitGroup is created [#8726](https://github.com/openshift/installer/pull/8726) * [OCPBUGS-36091](https://issues.redhat.com/browse/OCPBUGS-36091): [release-4.16] bump go-retryablehttp for CVE fix [#8654](https://github.com/openshift/installer/pull/8654) * [OCPBUGS-36777](https://issues.redhat.com/browse/OCPBUGS-36777): Cleanup capi artifacts [#8719](https://github.com/openshift/installer/pull/8719) * [OCPBUGS-36607](https://issues.redhat.com/browse/OCPBUGS-36607): aws: remove terraform configs [#8705](https://github.com/openshift/installer/pull/8705) * [OCPBUGS-36324](https://issues.redhat.com/browse/OCPBUGS-36324): update RHCOS 4.16 bootimage metadata to 416.94.202406282145-0 [#8692](https://github.com/openshift/installer/pull/8692) * [OCPBUGS-36447](https://issues.redhat.com/browse/OCPBUGS-36447): capi/aws: disable EKS controller in CAPA [#8694](https://github.com/openshift/installer/pull/8694) * [OCPBUGS-36351](https://issues.redhat.com/browse/OCPBUGS-36351): vSphere - If the folder pre-exists do not tag [#8683](https://github.com/openshift/installer/pull/8683) * [OCPBUGS-36286](https://issues.redhat.com/browse/OCPBUGS-36286): PowerVS: Add ibmcloud plugins [#8672](https://github.com/openshift/installer/pull/8672) * [OCPBUGS-35818](https://issues.redhat.com/browse/OCPBUGS-35818): baremetal: bootstrap: bind icc to localhost [#8632](https://github.com/openshift/installer/pull/8632) * [OCPBUGS-34457](https://issues.redhat.com/browse/OCPBUGS-34457): [release-4.16] bump envtest binaries version [#8470](https://github.com/openshift/installer/pull/8470) * [OCPBUGS-35718](https://issues.redhat.com/browse/OCPBUGS-35718): Fix ethertype for masters service router SG creation [#8623](https://github.com/openshift/installer/pull/8623) * [OCPBUGS-36156](https://issues.redhat.com/browse/OCPBUGS-36156): Configured logger for controller-runtime [#8657](https://github.com/openshift/installer/pull/8657) * [OCPBUGS-36249](https://issues.redhat.com/browse/OCPBUGS-36249): capi: shutdown local controlplane as the last step [#8670](https://github.com/openshift/installer/pull/8670) * [OCPBUGS-35470](https://issues.redhat.com/browse/OCPBUGS-35470): add machine series 'A3' and 'C3D' to 'Tested instance types for GCP' [#8614](https://github.com/openshift/installer/pull/8614) * [OCPBUGS-35722](https://issues.redhat.com/browse/OCPBUGS-35722): Support CAPI provider custom timeouts [#8624](https://github.com/openshift/installer/pull/8624) * [OCPBUGS-35733](https://issues.redhat.com/browse/OCPBUGS-35733): [release-4.16] remove terraform libvirt from the installer [#8626](https://github.com/openshift/installer/pull/8626) * [OCPBUGS-35531](https://issues.redhat.com/browse/OCPBUGS-35531): For GCP, only configure kmsKeyServiceAccount if set [#8613](https://github.com/openshift/installer/pull/8613) * [OCPBUGS-35529](https://issues.redhat.com/browse/OCPBUGS-35529): capi aws: append random string in caller ref [#8612](https://github.com/openshift/installer/pull/8612) * And 1 elided commits (e.g. from squash or rebase merges) * [Full changelog](https://github.com/openshift/installer/compare/0dc3033888f4cae22e5e5897921422f7180c4033...8dfa1e05e2b6735efdc68968ba122b08db99ba70) ### [baremetal-machine-controllers](https://github.com/openshift/cluster-api-provider-baremetal/tree/2b396e06c0a92acbfa688cd782ec4bf319ff3608) * [OCPBUGS-46645](https://issues.redhat.com/browse/OCPBUGS-46645): Bump x/net to 0.33.0 [#226](https://github.com/openshift/cluster-api-provider-baremetal/pull/226) * [Full changelog](https://github.com/openshift/cluster-api-provider-baremetal/compare/11ba601fbca58557176fcc67ffe8d7d64b697a4a...2b396e06c0a92acbfa688cd782ec4bf319ff3608) ### [baremetal-operator](https://github.com/openshift/baremetal-operator/tree/84aeac37bd09c663278bf60faedd15241412f2fb) * [OCPBUGS-53322](https://issues.redhat.com/browse/OCPBUGS-53322): BMO can expose any secret via BMCEventSubscription CRD [#407](https://github.com/openshift/baremetal-operator/pull/407) * [OCPBUGS-49703](https://issues.redhat.com/browse/OCPBUGS-49703): Handle HFC for non-redfish HW [#396](https://github.com/openshift/baremetal-operator/pull/396) * [OCPBUGS-39490](https://issues.redhat.com/browse/OCPBUGS-39490): Disallow fetching secrets from namespaces different from the host's one [#378](https://github.com/openshift/baremetal-operator/pull/378) * [OCPBUGS-38938](https://issues.redhat.com/browse/OCPBUGS-38938): [OCP] Ability to disable agent power off after deployment [#372](https://github.com/openshift/baremetal-operator/pull/372) * [OCPBUGS-37765](https://issues.redhat.com/browse/OCPBUGS-37765): HostFirmwareComponents doesn't show the new firmware information in Status Components [#355](https://github.com/openshift/baremetal-operator/pull/355) * [OCPBUGS-37262](https://issues.redhat.com/browse/OCPBUGS-37262): fix(redfish): set correct idrac-redfish management interface [#366](https://github.com/openshift/baremetal-operator/pull/366) * [OCPBUGS-36673](https://issues.redhat.com/browse/OCPBUGS-36673): [4.16] Firmware Update causes BMH to get stuck in Preparing [#363](https://github.com/openshift/baremetal-operator/pull/363) * [Full changelog](https://github.com/openshift/baremetal-operator/compare/7673d14fc567c3621e8d5fdca69ff03bd99504ef...84aeac37bd09c663278bf60faedd15241412f2fb) ### [baremetal-runtimecfg](https://github.com/openshift/baremetal-runtimecfg/tree/f55a330f8139ef660b3f60b735ef77538f7b9cbe) * [OCPBUGS-35891](https://issues.redhat.com/browse/OCPBUGS-35891): Change mechanism of debug flag [#323](https://github.com/openshift/baremetal-runtimecfg/pull/323) * [OCPBUGS-35743](https://issues.redhat.com/browse/OCPBUGS-35743): Fix handling of ELB Node IP detection [#320](https://github.com/openshift/baremetal-runtimecfg/pull/320) * [OCPBUGS-35486](https://issues.redhat.com/browse/OCPBUGS-35486): Add support for OVN HostCidrs annotation [#318](https://github.com/openshift/baremetal-runtimecfg/pull/318) * [Full changelog](https://github.com/openshift/baremetal-runtimecfg/compare/91e3cb724f9d14cf40f66d059cdac1578193cac0...f55a330f8139ef660b3f60b735ef77538f7b9cbe) ### [cli, cli-artifacts, deployer, tools](https://github.com/openshift/oc/tree/4c7883ffc539da930d1334421b170322864375d8) * [OCPBUGS-59938](https://issues.redhat.com/browse/OCPBUGS-59938): Adding sos.conf file for default sos config into the tools image [#2064](https://github.com/openshift/oc/pull/2064) * [OCPBUGS-60675](https://issues.redhat.com/browse/OCPBUGS-60675): Use fedora image in unit tests instead of centos [#2079](https://github.com/openshift/oc/pull/2079) * [OCPBUGS-51043](https://issues.redhat.com/browse/OCPBUGS-51043): Add HOST env var in oc debug for sos report collects more [#1977](https://github.com/openshift/oc/pull/1977) * [OCPBUGS-42720](https://issues.redhat.com/browse/OCPBUGS-42720): Check cast result in adm prune deployments to prevent panic [#1891](https://github.com/openshift/oc/pull/1891) * [OCPBUGS-39341](https://issues.redhat.com/browse/OCPBUGS-39341): Ignore pruning when deployment points to replicationcontroller [#1862](https://github.com/openshift/oc/pull/1862) * [OCPBUGS-37853](https://issues.redhat.com/browse/OCPBUGS-37853): Revert "OCPBUGS-35994: pkg/cli/admin/upgrade/rollback: Drop this command" [#1839](https://github.com/openshift/oc/pull/1839) * [OCPBUGS-31639](https://issues.redhat.com/browse/OCPBUGS-31639): Bump k8s dependencies to 1.29.7 [#1824](https://github.com/openshift/oc/pull/1824) * [OCPBUGS-36764](https://issues.redhat.com/browse/OCPBUGS-36764): pkg/cli/admin/upgrade/rollback: Drop this command [#1820](https://github.com/openshift/oc/pull/1820) * [OCPBUGS-36328](https://issues.redhat.com/browse/OCPBUGS-36328): Set required-scc annotation to privileged for node debug pods [#1816](https://github.com/openshift/oc/pull/1816) * [OCPBUGS-36379](https://issues.redhat.com/browse/OCPBUGS-36379): bump(k8s)=1.29.6 [#1810](https://github.com/openshift/oc/pull/1810) * [OCPBUGS-35924](https://issues.redhat.com/browse/OCPBUGS-35924): `upgrade status`: control plane completion estimate [#1804](https://github.com/openshift/oc/pull/1804) * [Full changelog](https://github.com/openshift/oc/compare/a2450418f7b12a71e8f3562a4e9aa8a976bbf85b...4c7883ffc539da930d1334421b170322864375d8) ### [cloud-credential-operator](https://github.com/openshift/cloud-credential-operator/tree/3f303a3694cf23f48bd89f4303cad44942e333ec) * [OCPBUGS-55129](https://issues.redhat.com/browse/OCPBUGS-55129): snyk to ignore SNYK-GOLANG-GOLANGORGXNETHTML-9572088 [#918](https://github.com/openshift/cloud-credential-operator/pull/918) * [OCPBUGS-60973](https://issues.redhat.com/browse/OCPBUGS-60973): ccoctl: aws to use proper issuer url on subsequent runs [#909](https://github.com/openshift/cloud-credential-operator/pull/909) * [OCPBUGS-60861](https://issues.redhat.com/browse/OCPBUGS-60861): ccoctl: only add owned tag to azure resources on create [#902](https://github.com/openshift/cloud-credential-operator/pull/902) * [OCPBUGS-58676](https://issues.redhat.com/browse/OCPBUGS-58676): github.com/golang/glog v1.2.5 [#893](https://github.com/openshift/cloud-credential-operator/pull/893) * [OCPBUGS-56981](https://issues.redhat.com/browse/OCPBUGS-56981): Azure: resolve nil pointer exception when role assignment exists [#867](https://github.com/openshift/cloud-credential-operator/pull/867) * [OCPBUGS-53416](https://issues.redhat.com/browse/OCPBUGS-53416): github.com/golang/glog v1.2.4 [#843](https://github.com/openshift/cloud-credential-operator/pull/843) * [OCPBUGS-53822](https://issues.redhat.com/browse/OCPBUGS-53822): update github.com/golang-jwt/jwt [#839](https://github.com/openshift/cloud-credential-operator/pull/839) * [OCPBUGS-51544](https://issues.redhat.com/browse/OCPBUGS-51544): Ignore SNYK-GOLANG-GOLANGORGXOAUTH2JWS-8749594 due to not being affected [#829](https://github.com/openshift/cloud-credential-operator/pull/829) * [OCPBUGS-52512](https://issues.redhat.com/browse/OCPBUGS-52512): github.com/go-jose/go-jose/v4 v4.0.5 [#826](https://github.com/openshift/cloud-credential-operator/pull/826) * [OCPBUGS-47070](https://issues.redhat.com/browse/OCPBUGS-47070): golang.org/x/net v0.33.0 [#805](https://github.com/openshift/cloud-credential-operator/pull/805) * [OCPBUGS-45939](https://issues.redhat.com/browse/OCPBUGS-45939): Add AWS region to aws-pod-identity-webhook [#800](https://github.com/openshift/cloud-credential-operator/pull/800) * [OCPBUGS-45007](https://issues.redhat.com/browse/OCPBUGS-45007): Add retry to ccoctl gcp create functions [#794](https://github.com/openshift/cloud-credential-operator/pull/794) * [OCPBUGS-45002](https://issues.redhat.com/browse/OCPBUGS-45002): github.com/golang-jwt/jwt/v4 v4.5.1 [#788](https://github.com/openshift/cloud-credential-operator/pull/788) * [OCPBUGS-43645](https://issues.redhat.com/browse/OCPBUGS-43645): Only attempt timed token credentials on supported platforms. [#772](https://github.com/openshift/cloud-credential-operator/pull/772) * [OCPBUGS-43337](https://issues.redhat.com/browse/OCPBUGS-43337): Update github.com/sirupsen/logrus v1.9.3 [#767](https://github.com/openshift/cloud-credential-operator/pull/767) * [OCPBUGS-41234](https://issues.redhat.com/browse/OCPBUGS-41234): List secrets in batches to avoid api timeout [#757](https://github.com/openshift/cloud-credential-operator/pull/757) * [OCPBUGS-38376](https://issues.redhat.com/browse/OCPBUGS-38376): Update google.golang.org/grpc v1.65.0 [#748](https://github.com/openshift/cloud-credential-operator/pull/748) * [OCPBUGS-37418](https://issues.redhat.com/browse/OCPBUGS-37418): SNYK ignore go-client misreporting [#735](https://github.com/openshift/cloud-credential-operator/pull/735) * [OCPBUGS-36834](https://issues.redhat.com/browse/OCPBUGS-36834): GCP passthrough permissions check to ignore problematic permissions. [#714](https://github.com/openshift/cloud-credential-operator/pull/714) * [OCPBUGS-36954](https://issues.redhat.com/browse/OCPBUGS-36954): Update to azidentity v1.7.0 [#727](https://github.com/openshift/cloud-credential-operator/pull/727) * [OCPBUGS-36031](https://issues.redhat.com/browse/OCPBUGS-36031): IBM/go-sdk-core update to v5.6.3 [#718](https://github.com/openshift/cloud-credential-operator/pull/718) * [OCPBUGS-34117](https://issues.redhat.com/browse/OCPBUGS-34117): AWS STS should not error when a credentailsRequest does not have awsSTSIAMRoleARN [#704](https://github.com/openshift/cloud-credential-operator/pull/704) * [Full changelog](https://github.com/openshift/cloud-credential-operator/compare/48b287d41e71b23c55b00cbcbfb38ac1eedfb9f4...3f303a3694cf23f48bd89f4303cad44942e333ec) ### [cloud-network-config-controller](https://github.com/openshift/cloud-network-config-controller/tree/66931aae890394ae9f91b273160e2788e548b969) * [OCPBUGS-56359](https://issues.redhat.com/browse/OCPBUGS-56359): Increase API call timeout to 30 second [#172](https://github.com/openshift/cloud-network-config-controller/pull/172) * [Full changelog](https://github.com/openshift/cloud-network-config-controller/compare/8ceee78810756afaa2efb75f60bef0358502834f...66931aae890394ae9f91b273160e2788e548b969) ### [cluster-authentication-operator](https://github.com/openshift/cluster-authentication-operator/tree/0e39ace55e81b082a50f67402e7776adb8c6c8a7) * [OCPBUGS-54655](https://issues.redhat.com/browse/OCPBUGS-54655): Avoid duplicate OAuth client creation [#766](https://github.com/openshift/cluster-authentication-operator/pull/766) * [OCPBUGS-43367](https://issues.redhat.com/browse/OCPBUGS-43367): manifests should not use APIs that are removed in upcoming releases [#717](https://github.com/openshift/cluster-authentication-operator/pull/717) * [OCPBUGS-34790](https://issues.redhat.com/browse/OCPBUGS-34790): update OpenShift favicon to new brand standard [#676](https://github.com/openshift/cluster-authentication-operator/pull/676) * NO-JIRA: Fixes for Keycloack IDP test and unit tests [#683](https://github.com/openshift/cluster-authentication-operator/pull/683) * [Full changelog](https://github.com/openshift/cluster-authentication-operator/compare/b415439ebab2829c8da1ea17c05f2ac75fe5dbe8...0e39ace55e81b082a50f67402e7776adb8c6c8a7) ### [cluster-autoscaler](https://github.com/openshift/kubernetes-autoscaler/tree/8e627d3d74cc34c9789645070b4937d2c0bb52d9) * [OCPBUGS-60915](https://issues.redhat.com/browse/OCPBUGS-60915): revert openshift replica fix [#377](https://github.com/openshift/kubernetes-autoscaler/pull/377) * [OCPBUGS-59267](https://issues.redhat.com/browse/OCPBUGS-59267): Fix cool down status condition to trigger scale down [#363](https://github.com/openshift/kubernetes-autoscaler/pull/363) * [OCPBUGS-60609](https://issues.redhat.com/browse/OCPBUGS-60609): fix checkpoint gc of unknown recommenders [#372](https://github.com/openshift/kubernetes-autoscaler/pull/372) * [OCPBUGS-54326](https://issues.redhat.com/browse/OCPBUGS-54326): improve replica counting and decrease target size behavior [#353](https://github.com/openshift/kubernetes-autoscaler/pull/353) * [OCPBUGS-48732](https://issues.redhat.com/browse/OCPBUGS-48732): UPSTREAM: <carry>: 🐛(metrics) Initialize metrics for autoscaler errors, scale events, and pod evictions [#339](https://github.com/openshift/kubernetes-autoscaler/pull/339) * [OCPBUGS-45148](https://issues.redhat.com/browse/OCPBUGS-45148): [release-4.16] VPA: Update OWNERS file [#325](https://github.com/openshift/kubernetes-autoscaler/pull/325) * [Full changelog](https://github.com/openshift/kubernetes-autoscaler/compare/eecb123a3b02358046a2c2ce52adfc548a5caa17...8e627d3d74cc34c9789645070b4937d2c0bb52d9) ### [cluster-autoscaler-operator](https://github.com/openshift/cluster-autoscaler-operator/tree/70164fc606a7b05352d92a8d07bd6ac42421c0ae) * [OCPBUGS-52329](https://issues.redhat.com/browse/OCPBUGS-52329): set max soft bulk taint count to zero [#341](https://github.com/openshift/cluster-autoscaler-operator/pull/341) * [Full changelog](https://github.com/openshift/cluster-autoscaler-operator/compare/40cadf8a4729ca808a3413e9b8593ab7aab0bed7...70164fc606a7b05352d92a8d07bd6ac42421c0ae) ### [cluster-baremetal-operator](https://github.com/openshift/cluster-baremetal-operator/tree/a04bd1a4310455e31670707a3cd70b2e3f048e5a) * [OCPBUGS-61504](https://issues.redhat.com/browse/OCPBUGS-61504): Remove webhookport (9447) as HostPort [#506](https://github.com/openshift/cluster-baremetal-operator/pull/506) * [OCPBUGS-54546](https://issues.redhat.com/browse/OCPBUGS-54546): Add missing relatedObjects [#470](https://github.com/openshift/cluster-baremetal-operator/pull/470) * [OCPBUGS-43556](https://issues.redhat.com/browse/OCPBUGS-43556): SCC-pinning for metal3-baremetal-operator [#453](https://github.com/openshift/cluster-baremetal-operator/pull/453) * [OCPBUGS-31961](https://issues.redhat.com/browse/OCPBUGS-31961): bump x/net to 0.23.0 [#431](https://github.com/openshift/cluster-baremetal-operator/pull/431) * [OCPBUGS-36415](https://issues.redhat.com/browse/OCPBUGS-36415): set required-scc for openshift workloads [#433](https://github.com/openshift/cluster-baremetal-operator/pull/433) * [OCPBUGS-36285](https://issues.redhat.com/browse/OCPBUGS-36285): Move pull secret from env var to VolumeMount in metal3-image-customization container [#436](https://github.com/openshift/cluster-baremetal-operator/pull/436) * [OCPBUGS-36285](https://issues.redhat.com/browse/OCPBUGS-36285): Mount htpasswds as volumeMounts in metal3-httpd container [#434](https://github.com/openshift/cluster-baremetal-operator/pull/434) * [OCPBUGS-35381](https://issues.redhat.com/browse/OCPBUGS-35381): provisioning: add ownership for tls secret [#425](https://github.com/openshift/cluster-baremetal-operator/pull/425) * [Full changelog](https://github.com/openshift/cluster-baremetal-operator/compare/9fd641850220391b72a86416867f5d2d902a4769...a04bd1a4310455e31670707a3cd70b2e3f048e5a) ### [cluster-capi-operator](https://github.com/openshift/cluster-capi-operator/tree/c699f6cfedbcd8509a85db2be3e6f90712b728fe) * [OCPBUGS-49603](https://issues.redhat.com/browse/OCPBUGS-49603): fix: always update clusteroperator status versions when differing [#253](https://github.com/openshift/cluster-capi-operator/pull/253) * [OCPBUGS-37441](https://issues.redhat.com/browse/OCPBUGS-37441): fix: sort CredentialsRequest manifests after namespace [#190](https://github.com/openshift/cluster-capi-operator/pull/190) * [OCPBUGS-37795](https://issues.redhat.com/browse/OCPBUGS-37795): fix: align openstack e2e branch [#192](https://github.com/openshift/cluster-capi-operator/pull/192) * [Full changelog](https://github.com/openshift/cluster-capi-operator/compare/a24f1aeb106bd4ad353615dacde6d4e884f5face...c699f6cfedbcd8509a85db2be3e6f90712b728fe) ### [cluster-cloud-controller-manager-operator](https://github.com/openshift/cluster-cloud-controller-manager-operator/tree/e806159b3ace17397eea86c266bfb1c8ffc746a3) * [OCPBUGS-60387](https://issues.redhat.com/browse/OCPBUGS-60387): Add Service using common resource templating [#411](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/411) * [OCPBUGS-60387](https://issues.redhat.com/browse/OCPBUGS-60387): Update service selector to match deployment label [#410](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/410) * [OCPBUGS-42125](https://issues.redhat.com/browse/OCPBUGS-42125): IBMCloud: Modify liveness probe for IBM Cloud CCM to use loopback address [#366](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/366) * [OCPBUGS-43473](https://issues.redhat.com/browse/OCPBUGS-43473): update goimports targets [#372](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/372) * [OCPBUGS-36317](https://issues.redhat.com/browse/OCPBUGS-36317): PowerVS: Remove bind address [#358](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/358) * [Full changelog](https://github.com/openshift/cluster-cloud-controller-manager-operator/compare/bbb13b9ad6e49e7dcd8d0b1a84f59ca8ff073599...e806159b3ace17397eea86c266bfb1c8ffc746a3) ### [cluster-config-api](https://github.com/openshift/api/tree/5f9522bd5e3e1a9cbcb169ce2b7c1716257d8585) * [OCPBUGS-58392](https://issues.redhat.com/browse/OCPBUGS-58392): Add IPsec API for NAT-T UDP encapsulation support [#2393](https://github.com/openshift/api/pull/2393) * [OCPBUGS-56424](https://issues.redhat.com/browse/OCPBUGS-56424): Add IdleConnectionTerminationPolicy field to IngressControllerSpec [#2330](https://github.com/openshift/api/pull/2330) * [OCPBUGS-38773](https://issues.redhat.com/browse/OCPBUGS-38773): remove duplicate featuregate 'ExternalRouteCertificate' [#2007](https://github.com/openshift/api/pull/2007) * [OCPBUGS-37857](https://issues.redhat.com/browse/OCPBUGS-37857): [release-4.16] OCPBUGS-37852: a rule to check if the featureSet is one of the known set of features [#1985](https://github.com/openshift/api/pull/1985) * [OCPBUGS-33788](https://issues.redhat.com/browse/OCPBUGS-33788): add console and download URLs to console operator config [#1915](https://github.com/openshift/api/pull/1915) * [CFE-1047](https://issues.redhat.com/browse/CFE-1047): Add the field "CapacityReservationGroupID" to "AzureMachineProviderSpec" in openshift/api [#1923](https://github.com/openshift/api/pull/1923) * [OCPBUGS-35742](https://issues.redhat.com/browse/OCPBUGS-35742): prevent removing featureSet entirely [#1933](https://github.com/openshift/api/pull/1933) * [Full changelog](https://github.com/openshift/api/compare/636e2c17106f5a0d9c266535f262267384fede1f...5f9522bd5e3e1a9cbcb169ce2b7c1716257d8585) ### [cluster-control-plane-machine-set-operator](https://github.com/openshift/cluster-control-plane-machine-set-operator/tree/14571e8a2c4e9bf52d7cc94da87959a56dc2a44c) * [OCPBUGS-44179](https://issues.redhat.com/browse/OCPBUGS-44179): relax validation on delete and if failureDomains not configured [#331](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/331) * [CFE-1087](https://issues.redhat.com/browse/CFE-1087): API Bump for capacity Reservation [#314](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/314) * [OCPBUGS-35476](https://issues.redhat.com/browse/OCPBUGS-35476): Wait for ControlPlaneMachineSet to be created when waiting for it to be updated [#307](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/307) * [Full changelog](https://github.com/openshift/cluster-control-plane-machine-set-operator/compare/1a0064052f0f83792f9c668d93746dbfb7f7a5d8...14571e8a2c4e9bf52d7cc94da87959a56dc2a44c) ### [cluster-dns-operator](https://github.com/openshift/cluster-dns-operator/tree/a4b1cfb4927052f4e21e919d0af05f78ca4fcace) * [OCPBUGS-52498](https://issues.redhat.com/browse/OCPBUGS-52498): [release-4.16] Add runbook_url for CoreDNSErrorsHigh [#431](https://github.com/openshift/cluster-dns-operator/pull/431) * [OCPBUGS-37078](https://issues.redhat.com/browse/OCPBUGS-37078): Bump version of DNSNameResolver controller [#419](https://github.com/openshift/cluster-dns-operator/pull/419) * [Full changelog](https://github.com/openshift/cluster-dns-operator/compare/a14431f277364605ede8e95530453c5fb7267e33...a4b1cfb4927052f4e21e919d0af05f78ca4fcace) ### [cluster-etcd-operator](https://github.com/openshift/cluster-etcd-operator/tree/ffa6c8229c2cf908fc20c9e5bf5c45cb1c7a6d08) * [OCPBUGS-61505](https://issues.redhat.com/browse/OCPBUGS-61505): Vendor latest mixin, including additional and modified alerts for etcdDatabaseQuotaLowSpace [#1482](https://github.com/openshift/cluster-etcd-operator/pull/1482) * [OCPBUGS-60836](https://issues.redhat.com/browse/OCPBUGS-60836): add missing ports to svc and pod spec [#1473](https://github.com/openshift/cluster-etcd-operator/pull/1473) * [OCPBUGS-53510](https://issues.redhat.com/browse/OCPBUGS-53510): fix CVE-2025-30204 [#1403](https://github.com/openshift/cluster-etcd-operator/pull/1403) * [OCPBUGS-33673](https://issues.redhat.com/browse/OCPBUGS-33673): rename flowschema to avoid log noise in CVO [#1348](https://github.com/openshift/cluster-etcd-operator/pull/1348) * [OCPBUGS-37820](https://issues.redhat.com/browse/OCPBUGS-37820): ensure ordering in member health checks [#1311](https://github.com/openshift/cluster-etcd-operator/pull/1311) * [OCPBUGS-36489](https://issues.redhat.com/browse/OCPBUGS-36489): parallelize member health checks [#1290](https://github.com/openshift/cluster-etcd-operator/pull/1290) * [OCPBUGS-35500](https://issues.redhat.com/browse/OCPBUGS-35500): Update etcd-tls-assets.md [#1276](https://github.com/openshift/cluster-etcd-operator/pull/1276) * [Full changelog](https://github.com/openshift/cluster-etcd-operator/compare/dc4f4e858ba8395dce6883242c7d12009685d145...ffa6c8229c2cf908fc20c9e5bf5c45cb1c7a6d08) ### [cluster-image-registry-operator](https://github.com/openshift/cluster-image-registry-operator/tree/0f1869b1ed6b73023a46072311064ce6de6bcc33) * [OCPBUGS-53870](https://issues.redhat.com/browse/OCPBUGS-53870): bump github.com/golang-jwt/jwt [#1219](https://github.com/openshift/cluster-image-registry-operator/pull/1219) * [OCPBUGS-51600](https://issues.redhat.com/browse/OCPBUGS-51600): bump golang.org/x/oauth2 [#1210](https://github.com/openshift/cluster-image-registry-operator/pull/1210) * [OCPBUGS-51167](https://issues.redhat.com/browse/OCPBUGS-51167): ensure that storage names don't end in dashes [#1181](https://github.com/openshift/cluster-image-registry-operator/pull/1181) * [OCPBUGS-43797](https://issues.redhat.com/browse/OCPBUGS-43797): fix proxy config and leader election test flakes [#1148](https://github.com/openshift/cluster-image-registry-operator/pull/1148) * [OCPBUGS-43555](https://issues.redhat.com/browse/OCPBUGS-43555): pkg/storage/azure: also check for auth failure error code on deletion [#1143](https://github.com/openshift/cluster-image-registry-operator/pull/1143) * [OCPBUGS-42933](https://issues.redhat.com/browse/OCPBUGS-42933): azureclient: stop validating credentials when creating the client [#1134](https://github.com/openshift/cluster-image-registry-operator/pull/1134) * [OCPBUGS-42420](https://issues.redhat.com/browse/OCPBUGS-42420): Continuous pull-secret updates / slow initialization on build01 (test platform infrastructure) [#1126](https://github.com/openshift/cluster-image-registry-operator/pull/1126) * Revert "[release-4.16] OCPBUGS-41903: pkg/operator/azurepathfixcontroller: do not sync on non-azure storage" [#1119](https://github.com/openshift/cluster-image-registry-operator/pull/1119) * [OCPBUGS-41903](https://issues.redhat.com/browse/OCPBUGS-41903): pkg/operator/azurepathfixcontroller: do not sync on non-azure storage [#1115](https://github.com/openshift/cluster-image-registry-operator/pull/1115) * [OCPBUGS-39098](https://issues.redhat.com/browse/OCPBUGS-39098): Avoid Shared Access Key usage for Azure Storage Account when using Managed Identity based auth [#1104](https://github.com/openshift/cluster-image-registry-operator/pull/1104) * [OCPBUGS-38894](https://issues.redhat.com/browse/OCPBUGS-38894): pkg/resource/azurepathfixjob: invoke update-ca-trust extract with --output [#1102](https://github.com/openshift/cluster-image-registry-operator/pull/1102) * [OCPBUGS-38894](https://issues.redhat.com/browse/OCPBUGS-38894): pkg/resource: invoke update-ca-trust extract with --output [#1098](https://github.com/openshift/cluster-image-registry-operator/pull/1098) * [OCPBUGS-36037](https://issues.redhat.com/browse/OCPBUGS-36037): go.*,vendor: bump go-retryablehttp #1064 [#1064](https://github.com/openshift/cluster-image-registry-operator/pull/1064) * [Full changelog](https://github.com/openshift/cluster-image-registry-operator/compare/0fc07edf2cd988e119961d07e67c36c7717ce6f2...0f1869b1ed6b73023a46072311064ce6de6bcc33) ### [cluster-ingress-operator](https://github.com/openshift/cluster-ingress-operator/tree/218159f7b060760c7e910b57429beea2f3eb3146) * [OCPBUGS-56424](https://issues.redhat.com/browse/OCPBUGS-56424): Add e2e tests for IdleConnectionTerminationPolicy [#1235](https://github.com/openshift/cluster-ingress-operator/pull/1235) * [OCPBUGS-56424](https://issues.redhat.com/browse/OCPBUGS-56424): Add support for IdleConnectionTerminationPolicy [#1234](https://github.com/openshift/cluster-ingress-operator/pull/1234) * [OCPBUGS-39324](https://issues.redhat.com/browse/OCPBUGS-39324): Refine logging for accurate infra CR status updates [#1139](https://github.com/openshift/cluster-ingress-operator/pull/1139) * [OCPBUGS-39323](https://issues.redhat.com/browse/OCPBUGS-39323): Ingress operator status not degraded when canary route fails [#1138](https://github.com/openshift/cluster-ingress-operator/pull/1138) * [OCPBUGS-32887](https://issues.redhat.com/browse/OCPBUGS-32887): Delete and recreate canary route to clear spec.host [#1099](https://github.com/openshift/cluster-ingress-operator/pull/1099) * [OCPBUGS-36184](https://issues.redhat.com/browse/OCPBUGS-36184): Add e2e test for connect timeout [#1094](https://github.com/openshift/cluster-ingress-operator/pull/1094) * [OCPBUGS-35883](https://issues.redhat.com/browse/OCPBUGS-35883): Add Regexp Anchor to TestAll [#1093](https://github.com/openshift/cluster-ingress-operator/pull/1093) * [Full changelog](https://github.com/openshift/cluster-ingress-operator/compare/28c943937d7bc6718e10af50da82097ce8fc6877...218159f7b060760c7e910b57429beea2f3eb3146) ### [cluster-kube-apiserver-operator](https://github.com/openshift/cluster-kube-apiserver-operator/tree/511bc434f628cf364966b53a5d350908e51d4b9c) * [OCPBUGS-60467](https://issues.redhat.com/browse/OCPBUGS-60467): Add missing service ports to apiserver service [#1895](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1895) * [OCPBUGS-50575](https://issues.redhat.com/browse/OCPBUGS-50575): Increase waitForFallbackDegradedConditionTimeout [#1805](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1805) * [OCPBUGS-37563](https://issues.redhat.com/browse/OCPBUGS-37563): add disabled syncer as reason to CFE for PSA [#1714](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1714) * [OCPBUGS-35303](https://issues.redhat.com/browse/OCPBUGS-35303): manifests: add ownership annotation for kubelet-bootstrap-kubeconfig [#1701](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1701) * [OCPBUGS-35831](https://issues.redhat.com/browse/OCPBUGS-35831): add SNO control plane high cpu usage alert [#1705](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1705) * [Full changelog](https://github.com/openshift/cluster-kube-apiserver-operator/compare/d790493cfc43fd33450ca27633cbe37aa17427d2...511bc434f628cf364966b53a5d350908e51d4b9c) ### [cluster-kube-controller-manager-operator](https://github.com/openshift/cluster-kube-controller-manager-operator/tree/b3faac1f48914e94fa9af074f387c871dad84a9c) * [OCPBUGS-60834](https://issues.redhat.com/browse/OCPBUGS-60834): Missing endpoint slices for open ports the operator uses [#864](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/864) * [Full changelog](https://github.com/openshift/cluster-kube-controller-manager-operator/compare/0338b3be6912024d03def2c26f0fa10218fc2c25...b3faac1f48914e94fa9af074f387c871dad84a9c) ### [cluster-kube-storage-version-migrator-operator](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/tree/e825811333c05b705c35d2e9a9a62e55e9ab0935) * [OCPBUGS-38269](https://issues.redhat.com/browse/OCPBUGS-38269): bump protobuf [#115](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/115) * [Full changelog](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/compare/bf6afbb820531b4adc3a52f78a90f317c5580bad...e825811333c05b705c35d2e9a9a62e55e9ab0935) ### [cluster-machine-approver](https://github.com/openshift/cluster-machine-approver/tree/7685374f0e84181801b6390876a0d12c61fa9913) * [OCPBUGS-48258](https://issues.redhat.com/browse/OCPBUGS-48258): Fix race condition in CO status controller test [#267](https://github.com/openshift/cluster-machine-approver/pull/267) * [OCPBUGS-47704](https://issues.redhat.com/browse/OCPBUGS-47704): Filter CSRs by signerName [#263](https://github.com/openshift/cluster-machine-approver/pull/263) * [OCPBUGS-45974](https://issues.redhat.com/browse/OCPBUGS-45974): Ensure trailing dots on DNS names do not block serving cert auth [#257](https://github.com/openshift/cluster-machine-approver/pull/257) * [OCPBUGS-45974](https://issues.redhat.com/browse/OCPBUGS-45974): Client internal DNS checks should ignore trailing dot [#251](https://github.com/openshift/cluster-machine-approver/pull/251) * [OCPBUGS-44629](https://issues.redhat.com/browse/OCPBUGS-44629): Client internal DNS checks should be case insensitive [#244](https://github.com/openshift/cluster-machine-approver/pull/244) * [Full changelog](https://github.com/openshift/cluster-machine-approver/compare/3eba7eeda244ea48c520d5384547659e9257cb58...7685374f0e84181801b6390876a0d12c61fa9913) ### [cluster-monitoring-operator](https://github.com/openshift/cluster-monitoring-operator/tree/be0c0024a2b24992e9350f693fbbb0559dbbccea) * [OCPBUGS-61856](https://issues.redhat.com/browse/OCPBUGS-61856): chore(jsonnet): use prometheus_remote_storage_queue_highest_timestamp_seconds in PrometheusRemoteWriteBehind [#2676](https://github.com/openshift/cluster-monitoring-operator/pull/2676) * [OCPBUGS-46066](https://issues.redhat.com/browse/OCPBUGS-46066): Add new metrics for OpenShift logging telemetry [#2537](https://github.com/openshift/cluster-monitoring-operator/pull/2537) * [OCPBUGS-44005](https://issues.redhat.com/browse/OCPBUGS-44005): fix(monitoring-plugin): disable emitting nginx version on error pages [#2521](https://github.com/openshift/cluster-monitoring-operator/pull/2521) * [OCPBUGS-43826](https://issues.redhat.com/browse/OCPBUGS-43826): Add runbook url for TelemeterClientFailures [#2508](https://github.com/openshift/cluster-monitoring-operator/pull/2508) * [OCPBUGS-41967](https://issues.redhat.com/browse/OCPBUGS-41967): disable user-defined monitoring per object [#2474](https://github.com/openshift/cluster-monitoring-operator/pull/2474) * [OCPBUGS-42067](https://issues.redhat.com/browse/OCPBUGS-42067): Reapply "chore: poll immediately in the e2e tests" [#2476](https://github.com/openshift/cluster-monitoring-operator/pull/2476) * [OCPBUGS-41717](https://issues.redhat.com/browse/OCPBUGS-41717): Configure graceful shutdown for metrics-server (4.16 backport) [#2467](https://github.com/openshift/cluster-monitoring-operator/pull/2467) * [OCPBUGS-41910](https://issues.redhat.com/browse/OCPBUGS-41910): filter alerts sent to Telemeter [#2471](https://github.com/openshift/cluster-monitoring-operator/pull/2471) * [OCPBUGS-39170](https://issues.redhat.com/browse/OCPBUGS-39170): Backport #2441 for 4.16 [#2447](https://github.com/openshift/cluster-monitoring-operator/pull/2447) * [OCPBUGS-36907](https://issues.redhat.com/browse/OCPBUGS-36907): Add deprecated config runbook [#2411](https://github.com/openshift/cluster-monitoring-operator/pull/2411) * [OCPBUGS-36717](https://issues.redhat.com/browse/OCPBUGS-36717): Exclude windows nodes from kubelet servicemonitor [#2408](https://github.com/openshift/cluster-monitoring-operator/pull/2408) * [OCPBUGS-36482](https://issues.redhat.com/browse/OCPBUGS-36482): add runbook_url annotations [#2404](https://github.com/openshift/cluster-monitoring-operator/pull/2404) * [OCPBUGS-36206](https://issues.redhat.com/browse/OCPBUGS-36206): Add deprecation for prometheus adapter [#2396](https://github.com/openshift/cluster-monitoring-operator/pull/2396) * [OCPBUGS-34530](https://issues.redhat.com/browse/OCPBUGS-34530): inject trusted CA bundle into UWM Alertmanager [#2373](https://github.com/openshift/cluster-monitoring-operator/pull/2373) * [OCPBUGS-35904](https://issues.redhat.com/browse/OCPBUGS-35904): opt-out of multi-cluster Prometheus dashboard [#2391](https://github.com/openshift/cluster-monitoring-operator/pull/2391) * [OCPBUGS-34383](https://issues.redhat.com/browse/OCPBUGS-34383): remove deprecated logtostderr argument [#2370](https://github.com/openshift/cluster-monitoring-operator/pull/2370) * [OCPBUGS-35884](https://issues.redhat.com/browse/OCPBUGS-35884): attach runbook to the PrometheusDuplicateTimestamps alert [#2389](https://github.com/openshift/cluster-monitoring-operator/pull/2389) * [MON-3795](https://issues.redhat.com/browse/MON-3795), [OCPBUGS-35061](https://issues.redhat.com/browse/OCPBUGS-35061): Backport anp telemetry [#2379](https://github.com/openshift/cluster-monitoring-operator/pull/2379) * [Full changelog](https://github.com/openshift/cluster-monitoring-operator/compare/e0083986a4eb9fceb07c696b4d1cf64c6aabf386...be0c0024a2b24992e9350f693fbbb0559dbbccea) ### [cluster-network-operator](https://github.com/openshift/cluster-network-operator/tree/800b6ad61dfc6655d8ba9b131fca8fbb54773f71) * [OCPBUGS-57354](https://issues.redhat.com/browse/OCPBUGS-57354): block upgrade if a CNI migration is in progress [#2760](https://github.com/openshift/cluster-network-operator/pull/2760) * [OCPBUGS-62055](https://issues.redhat.com/browse/OCPBUGS-62055): Update CNO reviewers/approvers [#2803](https://github.com/openshift/cluster-network-operator/pull/2803) * [OCPBUGS-44443](https://issues.redhat.com/browse/OCPBUGS-44443): Add controlplane cli image envar for use with hypershift [#2791](https://github.com/openshift/cluster-network-operator/pull/2791) * [OCPBUGS-58392](https://issues.redhat.com/browse/OCPBUGS-58392): Add IPsec API for NAT-T UDP encapsulation support [#2736](https://github.com/openshift/cluster-network-operator/pull/2736) * [OCPBUGS-56992](https://issues.redhat.com/browse/OCPBUGS-56992): iptables-alerter streamlining [#2717](https://github.com/openshift/cluster-network-operator/pull/2717) * [OCPBUGS-56195](https://issues.redhat.com/browse/OCPBUGS-56195): Fix live migration with feature migration configured explicitly [#2710](https://github.com/openshift/cluster-network-operator/pull/2710) * [OCPBUGS-53317](https://issues.redhat.com/browse/OCPBUGS-53317): Fix feature migration for EgressIP [#2673](https://github.com/openshift/cluster-network-operator/pull/2673) * [OCPBUGS-52952](https://issues.redhat.com/browse/OCPBUGS-52952): Unexpected Behavior During Cluster Upgrade for the ovn-ipsec-host pods [#2663](https://github.com/openshift/cluster-network-operator/pull/2663) * [Release 4.16] OCPBUGS-50712: Not update status.migration of the network.config CR to empty [#2651](https://github.com/openshift/cluster-network-operator/pull/2651) * [OCPBUGS-51074](https://issues.redhat.com/browse/OCPBUGS-51074): Update egressfirewall CRD to be consistent with ovn-kubernetes repo [#2650](https://github.com/openshift/cluster-network-operator/pull/2650) * [OCPBUGS-43803](https://issues.redhat.com/browse/OCPBUGS-43803): Start feature migration when the cluster CNI is changed to the target type [#2552](https://github.com/openshift/cluster-network-operator/pull/2552) * [OCPBUGS-43715](https://issues.redhat.com/browse/OCPBUGS-43715): Skip including default crypto policies to avoid authby issue [#2598](https://github.com/openshift/cluster-network-operator/pull/2598) * [OCPBUGS-44338](https://issues.redhat.com/browse/OCPBUGS-44338): Prevent live migration process from flapping between step-2 and step-3 [#2565](https://github.com/openshift/cluster-network-operator/pull/2565) * [OCPBUGS-46148](https://issues.redhat.com/browse/OCPBUGS-46148): Remove ip xfrm state when IPsec is disabled [#2595](https://github.com/openshift/cluster-network-operator/pull/2595) * [OCPBUGS-45593](https://issues.redhat.com/browse/OCPBUGS-45593): Pass transit_switch_subnet options in ovnkube-node pod [#2584](https://github.com/openshift/cluster-network-operator/pull/2584) * [OCPBUGS-44846](https://issues.redhat.com/browse/OCPBUGS-44846), [SDN-5436](https://issues.redhat.com/browse/SDN-5436): Provide support for user owned IPsec machine configs [#2571](https://github.com/openshift/cluster-network-operator/pull/2571) * [OCPBUGS-42727](https://issues.redhat.com/browse/OCPBUGS-42727): Live migration: report network overlap via live_migration_blocked metric [#2519](https://github.com/openshift/cluster-network-operator/pull/2519) * [OCPBUGS-43604](https://issues.redhat.com/browse/OCPBUGS-43604): OCPBUGS-42244: Exporting environment varialbe NODE_CNI for live migration [#2538](https://github.com/openshift/cluster-network-operator/pull/2538) * [OCPBUGS-36210](https://issues.redhat.com/browse/OCPBUGS-36210): Set global IP forwarding sysctl parameters while starting ovnkube-node [#2422](https://github.com/openshift/cluster-network-operator/pull/2422) * [OCPBUGS-43544](https://issues.redhat.com/browse/OCPBUGS-43544): Use CNIConfDir for mounting directory to ovn-ipsec-host pod [#2537](https://github.com/openshift/cluster-network-operator/pull/2537) * [OCPBUGS-43035](https://issues.redhat.com/browse/OCPBUGS-43035): Configure narrowing=yes for IPsec connections [#2528](https://github.com/openshift/cluster-network-operator/pull/2528) * [OCPBUGS-36594](https://issues.redhat.com/browse/OCPBUGS-36594): Set mount propagation to HostToContainer for /var/lib/kubelet [#2430](https://github.com/openshift/cluster-network-operator/pull/2430) * [OCPBUGS-41840](https://issues.redhat.com/browse/OCPBUGS-41840): Add configurable subnets while running hybrid-overlay-node binary [#2502](https://github.com/openshift/cluster-network-operator/pull/2502) * [OCPBUGS-37763](https://issues.redhat.com/browse/OCPBUGS-37763): Handle random crictl errors in iptables-alerter [#2452](https://github.com/openshift/cluster-network-operator/pull/2452) * [OCPBUGS-41555](https://issues.redhat.com/browse/OCPBUGS-41555): HyperShift: do not use antiaffinity on single replica control planes [#2494](https://github.com/openshift/cluster-network-operator/pull/2494) * [OCPBUGS-37937](https://issues.redhat.com/browse/OCPBUGS-37937): Add proxy env vars to onvkube-node [#2457](https://github.com/openshift/cluster-network-operator/pull/2457) * [OCPBUGS-41607](https://issues.redhat.com/browse/OCPBUGS-41607): set required-scc for openshift workloads [#2496](https://github.com/openshift/cluster-network-operator/pull/2496) * [OCPBUGS-35407](https://issues.redhat.com/browse/OCPBUGS-35407): Use applyconfigurations for updating network.oprerator status [#2413](https://github.com/openshift/cluster-network-operator/pull/2413) * [OCPBUGS-37362](https://issues.redhat.com/browse/OCPBUGS-37362): Fix IC distributed control plane alerts [#2445](https://github.com/openshift/cluster-network-operator/pull/2445) * [OCPBUGS-35836](https://issues.redhat.com/browse/OCPBUGS-35836): Propogate hypershift control plane priority class override to multus and preserve container resource requests [#2417](https://github.com/openshift/cluster-network-operator/pull/2417) * [OCPBUGS-35829](https://issues.redhat.com/browse/OCPBUGS-35829): Create the configmap mtu if not found [#2416](https://github.com/openshift/cluster-network-operator/pull/2416) * [OCPBUGS-35923](https://issues.redhat.com/browse/OCPBUGS-35923): update whereabouts crd [#2419](https://github.com/openshift/cluster-network-operator/pull/2419) * [Full changelog](https://github.com/openshift/cluster-network-operator/compare/84f9a080d03777c95a1c5a0d13ca16e5aa342d98...800b6ad61dfc6655d8ba9b131fca8fbb54773f71) ### [cluster-node-tuning-operator](https://github.com/openshift/cluster-node-tuning-operator/tree/eacd6ee98ab26722603083768d4f58727a390dbe) * use ROLE_WORKER_CNF environment variable to determine mcp name (#1292) [#1292](https://github.com/openshift/cluster-node-tuning-operator/pull/1292) * e2e: tuned degraded test fix (#1282) [#1282](https://github.com/openshift/cluster-node-tuning-operator/pull/1282) * Adjust Workload Hints test cases based on Intel or AMD (#1277) (#1281) [#1277](https://github.com/openshift/cluster-node-tuning-operator/pull/1277) * e2e:performance: decode to valid kubeletconfig object (#1273) [#1273](https://github.com/openshift/cluster-node-tuning-operator/pull/1273) * cmd: PPC: support tolerating heterogeneous core IDs (#1252) (#1268) [#1252](https://github.com/openshift/cluster-node-tuning-operator/pull/1252) * e2e: add irdma to module_blacklist kernel args (#1267) [#1267](https://github.com/openshift/cluster-node-tuning-operator/pull/1267) * [OCPBUGS-47678](https://issues.redhat.com/browse/OCPBUGS-47678): performanceprofile cpuset input validation (#1264) [#1264](https://github.com/openshift/cluster-node-tuning-operator/pull/1264) * Fix context deadlines in ExecCommandOnPod() (#1263) [#1263](https://github.com/openshift/cluster-node-tuning-operator/pull/1263) * [OCPBUGS-46496](https://issues.redhat.com/browse/OCPBUGS-46496): [release-4.16] Add vendor and architecture specific tuning options (#1254) [#1254](https://github.com/openshift/cluster-node-tuning-operator/pull/1254) * [OCPBUGS-45264](https://issues.redhat.com/browse/OCPBUGS-45264): Normalize cpu sets when rendering to Tuned profiles (#1238) (#1251) [#1238](https://github.com/openshift/cluster-node-tuning-operator/pull/1238) * E2E: fix modify node selector to use lowercase (#1209) [#1209](https://github.com/openshift/cluster-node-tuning-operator/pull/1209) * Fixing empty tuned submodule when using Dockerfile (#1212) [#1212](https://github.com/openshift/cluster-node-tuning-operator/pull/1212) * [OCPBUGS-38900](https://issues.redhat.com/browse/OCPBUGS-38900): Drop sched_migration_cost_ns setting (#1203) [#1203](https://github.com/openshift/cluster-node-tuning-operator/pull/1203) * Make ocp-tuned-one-shot.service restart on-failure (#1202) [#1202](https://github.com/openshift/cluster-node-tuning-operator/pull/1202) * Unblock 4.16 CI (#1204) [#1204](https://github.com/openshift/cluster-node-tuning-operator/pull/1204) * e2e: performance: verify tuned one-shot service vs kubelet (#1192) [#1192](https://github.com/openshift/cluster-node-tuning-operator/pull/1192) * E2E: Add test to verify cpuset.cpus.exclusive is writeable (#1153) [#1153](https://github.com/openshift/cluster-node-tuning-operator/pull/1153) * [OCPBUGS-39005](https://issues.redhat.com/browse/OCPBUGS-39005): Add cluster-wide proxy env file (#1166) [#1166](https://github.com/openshift/cluster-node-tuning-operator/pull/1166) * OCPBUGS-36431 Fix generated cpu mask for 512+ cpus (#1152) [#1152](https://github.com/openshift/cluster-node-tuning-operator/pull/1152) * E2E: Remove checking of reserved cpus in irqbalance file (#1156) [#1156](https://github.com/openshift/cluster-node-tuning-operator/pull/1156) * Fix the destination of asset's copy (#1134) [#1134](https://github.com/openshift/cluster-node-tuning-operator/pull/1134) * [Full changelog](https://github.com/openshift/cluster-node-tuning-operator/compare/2bd8891ead93e161b9a871ac2eaa947bfc17309f...eacd6ee98ab26722603083768d4f58727a390dbe) ### [cluster-openshift-controller-manager-operator](https://github.com/openshift/cluster-openshift-controller-manager-operator/tree/2ed3cf9965f8e6832cffde84f3de2fe210b79b49) * [OCPBUGS-48657](https://issues.redhat.com/browse/OCPBUGS-48657): Add new team members to owners file [#378](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/378) * [OCPBUGS-38269](https://issues.redhat.com/browse/OCPBUGS-38269): CVE-2024-24786 infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON [#363](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/363) * [OCPBUGS-34213](https://issues.redhat.com/browse/OCPBUGS-34213): lots of churn during image registry managed/removed transition [#348](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/348) * [OCPBUGS-35822](https://issues.redhat.com/browse/OCPBUGS-35822): nil pointer reference in ocm-operator [#356](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/356) * [Full changelog](https://github.com/openshift/cluster-openshift-controller-manager-operator/compare/899699681f8bb984d0f249dec171e630440c461b...2ed3cf9965f8e6832cffde84f3de2fe210b79b49) ### [cluster-samples-operator](https://github.com/openshift/cluster-samples-operator/tree/6dde5732618244c79b4481f6a3b7a6e7dd5c28f4) * [OCPBUGS-55457](https://issues.redhat.com/browse/OCPBUGS-55457): Adding mutex to func createSamples on handler.go [#633](https://github.com/openshift/cluster-samples-operator/pull/633) * [OCPBUGS-54420](https://issues.redhat.com/browse/OCPBUGS-54420): add rhdmalone to owners [#620](https://github.com/openshift/cluster-samples-operator/pull/620) * [OCPBUGS-48848](https://issues.redhat.com/browse/OCPBUGS-48848): add shannon and aroyoredhat as owners [#596](https://github.com/openshift/cluster-samples-operator/pull/596) * [OKD-225](https://issues.redhat.com/browse/OKD-225): remove only the EOL CentOS 7 images [#576](https://github.com/openshift/cluster-samples-operator/pull/576) * [OCPBUGS-38159](https://issues.redhat.com/browse/OCPBUGS-38159): add owners [#555](https://github.com/openshift/cluster-samples-operator/pull/555) * [Full changelog](https://github.com/openshift/cluster-samples-operator/compare/d4dd84396472c5e974f0562046a6ad068b6f20f8...6dde5732618244c79b4481f6a3b7a6e7dd5c28f4) ### [cluster-storage-operator](https://github.com/openshift/cluster-storage-operator/tree/a5de0226c9aee515fb937fc7458d5edb0e487a19) * [OCPBUGS-61252](https://issues.redhat.com/browse/OCPBUGS-61252): add ability to control kube rbac proxy container image on controlplane [#614](https://github.com/openshift/cluster-storage-operator/pull/614) * [OCPBUGS-52353](https://issues.redhat.com/browse/OCPBUGS-52353): fix Vsphere cluster Storage operator in Unavailable state [#563](https://github.com/openshift/cluster-storage-operator/pull/563) * [OCPBUGS-46077](https://issues.redhat.com/browse/OCPBUGS-46077): Fix PodStartupStorageOperationsFailing alert [#548](https://github.com/openshift/cluster-storage-operator/pull/548) * [OCPBUGS-43315](https://issues.redhat.com/browse/OCPBUGS-43315): assets: shared-resource: hypershift: add pull-secret to operator SA [#521](https://github.com/openshift/cluster-storage-operator/pull/521) * NO-JIRA: release-4.16: Run make update [#512](https://github.com/openshift/cluster-storage-operator/pull/512) * [OCPBUGS-36969](https://issues.redhat.com/browse/OCPBUGS-36969): STOR-1839: VSphereDriverConfiguration feature Accessible-by-default [#491](https://github.com/openshift/cluster-storage-operator/pull/491) * [OCPBUGS-35298](https://issues.redhat.com/browse/OCPBUGS-35298): revert vsphere problem detector controller name change [#481](https://github.com/openshift/cluster-storage-operator/pull/481) * [Full changelog](https://github.com/openshift/cluster-storage-operator/compare/7cb826784c64b234d9ce1c99b2f8fd6082670c36...a5de0226c9aee515fb937fc7458d5edb0e487a19) ### [cluster-update-keys](https://github.com/openshift/cluster-update-keys/tree/e8478585cca88314094112aa5933e5281f4707ea) * [OCPBUGS-43467](https://issues.redhat.com/browse/OCPBUGS-43467): keys: Update Red Hat keys to use SHA256 signatures [#64](https://github.com/openshift/cluster-update-keys/pull/64) * [Full changelog](https://github.com/openshift/cluster-update-keys/compare/c0641e083d1bbe7d6f78e7e0c98c6d56a8b89d24...e8478585cca88314094112aa5933e5281f4707ea) ### [cluster-version-operator](https://github.com/openshift/cluster-version-operator/tree/be820285dcf7b0ca4a712192ccb47fd0c843ea02) * [OCPBUGS-58452](https://issues.redhat.com/browse/OCPBUGS-58452): Failing=Unknown upon long CO updating [#1213](https://github.com/openshift/cluster-version-operator/pull/1213) * [OCPBUGS-55156](https://issues.redhat.com/browse/OCPBUGS-55156): Fix a panic caused by a data race [#1178](https://github.com/openshift/cluster-version-operator/pull/1178) * [OCPBUGS-50590](https://issues.redhat.com/browse/OCPBUGS-50590): Set `openshift.io/required-scc`: privileged annotation in `version` pods [#1153](https://github.com/openshift/cluster-version-operator/pull/1153) * [OCPBUGS-46408](https://issues.redhat.com/browse/OCPBUGS-46408): Filter out shallowly `UpdateEffectNone` errors from a `MultipleErrors` message in the Failing condition [#1128](https://github.com/openshift/cluster-version-operator/pull/1128) * [OCPBUGS-45329](https://issues.redhat.com/browse/OCPBUGS-45329): deps: bump golang.org/x/net to 0.31.0 [#1118](https://github.com/openshift/cluster-version-operator/pull/1118) * [OCPBUGS-43964](https://issues.redhat.com/browse/OCPBUGS-43964): Fix desired before sync_worker's work is initialized [#1097](https://github.com/openshift/cluster-version-operator/pull/1097) * [OCPBUGS-37853](https://issues.redhat.com/browse/OCPBUGS-37853): Revert "OCPBUGS-35994: Revert "OCPBUGS-24535: pkg/payload/precondition/clusterversion/rollback: Allow previous version within z-stream"" [#1077](https://github.com/openshift/cluster-version-operator/pull/1077) * [OCPBUGS-36898](https://issues.redhat.com/browse/OCPBUGS-36898): vendor: Update openshift/api to pick up zz_generated.crd-manifests [#1069](https://github.com/openshift/cluster-version-operator/pull/1069) * [OCPBUGS-36764](https://issues.redhat.com/browse/OCPBUGS-36764): Revert "OCPBUGS-24535: pkg/payload/precondition/clusterversion/rollback: Allow previous version within z-stream" [#1065](https://github.com/openshift/cluster-version-operator/pull/1065) * [Full changelog](https://github.com/openshift/cluster-version-operator/compare/6f553e98877e87d08a5c5fa9b13758a12cdcef8c...be820285dcf7b0ca4a712192ccb47fd0c843ea02) ### [console](https://github.com/openshift/console/tree/fbca50eedbe66c9c42df8584350d51d791db6f51) * [OCPBUGS-44157](https://issues.redhat.com/browse/OCPBUGS-44157): bump dompurify to latest [#15591](https://github.com/openshift/console/pull/15591) * [OCPBUGS-62123](https://issues.redhat.com/browse/OCPBUGS-62123): Remove ancient `X-XSS-Protection` header [#15528](https://github.com/openshift/console/pull/15528) * [OCPBUGS-61057](https://issues.redhat.com/browse/OCPBUGS-61057): OpenShift console PVC clone cannot use B as the unit [#15450](https://github.com/openshift/console/pull/15450) * [OCPBUGS-60175](https://issues.redhat.com/browse/OCPBUGS-60175): Tolerate unknown fields in Infrastructur… [#15368](https://github.com/openshift/console/pull/15368) * [OCPBUGS-60641](https://issues.redhat.com/browse/OCPBUGS-60641): Secret key with binary file changes when edited via Console [#15417](https://github.com/openshift/console/pull/15417) * [OCPBUGS-59869](https://issues.redhat.com/browse/OCPBUGS-59869): Not able to launch terminal window from OCP web console due to console plugin conflicts [#15334](https://github.com/openshift/console/pull/15334) * [OCPBUGS-57677](https://issues.redhat.com/browse/OCPBUGS-57677): Update the golang.org/x/crypto/ssh to 0.31.0 in the openshift-console image [#15328](https://github.com/openshift/console/pull/15328) * [OCPBUGS-60115](https://issues.redhat.com/browse/OCPBUGS-60115): Cannot read properties of undefined (reading 'node-role.kubernetes.io/master') error while accessing node logs from console [#15358](https://github.com/openshift/console/pull/15358) * [OCPBUGS-59358](https://issues.redhat.com/browse/OCPBUGS-59358): fix bug where / in console.tab/horizontalNav href brea… [#15286](https://github.com/openshift/console/pull/15286) * [OCPBUGS-37603](https://issues.redhat.com/browse/OCPBUGS-37603): Manual backport of several incremental fixes for unauthenticated endpoints [#15312](https://github.com/openshift/console/pull/15312) * [OCPBUGS-59274](https://issues.redhat.com/browse/OCPBUGS-59274): Add the ability to launch multiple modals with useModal hook [#15276](https://github.com/openshift/console/pull/15276) * [OCPBUGS-59445](https://issues.redhat.com/browse/OCPBUGS-59445): Cannot read properties of undefined (reading 'filter') error while accessing nodes from console. [#15291](https://github.com/openshift/console/pull/15291) * [OCPBUGS-58407](https://issues.redhat.com/browse/OCPBUGS-58407): Add flags in console static plugin for all the components of this epic [#15243](https://github.com/openshift/console/pull/15243) * [OCPBUGS-56838](https://issues.redhat.com/browse/OCPBUGS-56838): Fetching taskRuns in PLR details page using PLR UID also [#15099](https://github.com/openshift/console/pull/15099) * [OCPBUGS-58188](https://issues.redhat.com/browse/OCPBUGS-58188): Fix TypeError Cannot read properties of null (reading 'metadata') [#15214](https://github.com/openshift/console/pull/15214) * [OCPBUGS-57326](https://issues.redhat.com/browse/OCPBUGS-57326): Remove logoutOpenShift method call [#15172](https://github.com/openshift/console/pull/15172) * [OCPBUGS-57270](https://issues.redhat.com/browse/OCPBUGS-57270): Debug pod logs are not accessible when debugging a node via OpenShift Console [#15165](https://github.com/openshift/console/pull/15165) * [OCPBUGS-57096](https://issues.redhat.com/browse/OCPBUGS-57096): Add all files to `vendor` regardless of gitignore [#15133](https://github.com/openshift/console/pull/15133) * [OCPBUGS-57089](https://issues.redhat.com/browse/OCPBUGS-57089): Sample segment sessions [#15130](https://github.com/openshift/console/pull/15130) * [OCPBUGS-56858](https://issues.redhat.com/browse/OCPBUGS-56858): remove 60 day alert from cluster update modal [#15102](https://github.com/openshift/console/pull/15102) * [OCPBUGS-56715](https://issues.redhat.com/browse/OCPBUGS-56715): update the Deployment pod on change in imageStream [#15091](https://github.com/openshift/console/pull/15091) * [OCPBUGS-56472](https://issues.redhat.com/browse/OCPBUGS-56472): Remove the devconsole backend common internet proxy and replace it with dedicated ones [#15072](https://github.com/openshift/console/pull/15072) * [OCPBUGS-55378](https://issues.redhat.com/browse/OCPBUGS-55378): Do not load CSRs if user does not have permissions [#15000](https://github.com/openshift/console/pull/15000) * [OCPBUGS-55644](https://issues.redhat.com/browse/OCPBUGS-55644): fix bug where operator appears twice [#15016](https://github.com/openshift/console/pull/15016) * [OCPBUGS-45142](https://issues.redhat.com/browse/OCPBUGS-45142): Add missing pipelines plugin name to known plugins [#14550](https://github.com/openshift/console/pull/14550) * [OCPBUGS-48628](https://issues.redhat.com/browse/OCPBUGS-48628): Added token to proxy header [#14693](https://github.com/openshift/console/pull/14693) * [OCPBUGS-54174](https://issues.redhat.com/browse/OCPBUGS-54174): Update the monitoring topic used by the console team [#14900](https://github.com/openshift/console/pull/14900) * [OCPBUGS-52450](https://issues.redhat.com/browse/OCPBUGS-52450): fix run time error when no completed version exists [#14840](https://github.com/openshift/console/pull/14840) * [OCPBUGS-52851](https://issues.redhat.com/browse/OCPBUGS-52851): Show Observe section without PROMETHEUS and MONITORING flags [#14849](https://github.com/openshift/console/pull/14849) * [OCPBUGS-52288](https://issues.redhat.com/browse/OCPBUGS-52288): While upgrading the cluster from UI observed `Warning alert:Admission Webhook Warning` [#14821](https://github.com/openshift/console/pull/14821) * [OCPBUGS-49409](https://issues.redhat.com/browse/OCPBUGS-49409): ERROR in search tool: Cannot read properties of undefined (reading 'state') [#14703](https://github.com/openshift/console/pull/14703) * [OCPBUGS-52418](https://issues.redhat.com/browse/OCPBUGS-52418): While accessing the node terminal from UI observed 'Warning alert:Admission Webhook Warning` [#14837](https://github.com/openshift/console/pull/14837) * [OCPBUGS-49979](https://issues.redhat.com/browse/OCPBUGS-49979): Set default build option as BUILDS for Builder Image sample [#14730](https://github.com/openshift/console/pull/14730) * [OCPBUGS-49800](https://issues.redhat.com/browse/OCPBUGS-49800): Fix Function Import: An error occurred Cannot read properties of undefined (reading 'filter') [#14715](https://github.com/openshift/console/pull/14715) * [OCPBUGS-49801](https://issues.redhat.com/browse/OCPBUGS-49801): use default StorageClass for ServerlessFunction pipelineVolumeClaimTemplate [#14716](https://github.com/openshift/console/pull/14716) * [OCPBUGS-46388](https://issues.redhat.com/browse/OCPBUGS-46388): fix alert rule link [#14808](https://github.com/openshift/console/pull/14808) * [OCPBUGS-52252](https://issues.redhat.com/browse/OCPBUGS-52252): Fix alert rule link to alert in dev perspective [#14817](https://github.com/openshift/console/pull/14817) * [OCPBUGS-46441](https://issues.redhat.com/browse/OCPBUGS-46441): Do not pass CSV name to operand list page when an exen… [#14627](https://github.com/openshift/console/pull/14627) * [OCPBUGS-36963](https://issues.redhat.com/browse/OCPBUGS-36963): Manually create an API token for a ServiceAccount [#14057](https://github.com/openshift/console/pull/14057) * [OCPBUGS-35394](https://issues.redhat.com/browse/OCPBUGS-35394): sessions: fix sessions pruning [#13969](https://github.com/openshift/console/pull/13969) * [OCPBUGS-46602](https://issues.redhat.com/browse/OCPBUGS-46602): ReRun of Resolver based PipelineRuns fails from UI [#14641](https://github.com/openshift/console/pull/14641) * [OCPBUGS-46567](https://issues.redhat.com/browse/OCPBUGS-46567): ImagePullSecret getting duplicated when editing DeploymentConfig in Form View [#14636](https://github.com/openshift/console/pull/14636) * [OCPBUGS-48162](https://issues.redhat.com/browse/OCPBUGS-48162): OCP web console show pod status as Init:0/1 after using Native sidecars [#14668](https://github.com/openshift/console/pull/14668) * [OCPBUGS-43672](https://issues.redhat.com/browse/OCPBUGS-43672): Disable GQL introspection [#14638](https://github.com/openshift/console/pull/14638) * [OCPBUGS-45334](https://issues.redhat.com/browse/OCPBUGS-45334): fix table combination [#14576](https://github.com/openshift/console/pull/14576) * [OCPBUGS-41342](https://issues.redhat.com/browse/OCPBUGS-41342): fix namespace for networkpolicy [#14244](https://github.com/openshift/console/pull/14244) * [OCPBUGS-46022](https://issues.redhat.com/browse/OCPBUGS-46022): Plugins that use very old PF4 dropdown or menu components with grouped items have bullets and padding that needs to be removed. [#14612](https://github.com/openshift/console/pull/14612) * [OCPBUGS-45229](https://issues.redhat.com/browse/OCPBUGS-45229): Unable to remove finally tasks in pipeline builder mode [#14558](https://github.com/openshift/console/pull/14558) * [OCPBUGS-45245](https://issues.redhat.com/browse/OCPBUGS-45245): use TaskRuns results.tekton.dev/record annotation to get the logs [#14563](https://github.com/openshift/console/pull/14563) * [OCPBUGS-41523](https://issues.redhat.com/browse/OCPBUGS-41523): i18n upload/download routine task - Sprint 254 [#14258](https://github.com/openshift/console/pull/14258) * [OCPBUGS-45015](https://issues.redhat.com/browse/OCPBUGS-45015): Remove ClusterTask dependency in console from Pipelines 1.17 [#14537](https://github.com/openshift/console/pull/14537) * [OCPBUGS-44792](https://issues.redhat.com/browse/OCPBUGS-44792): Collapse/Expand Feature Added, Removal Option Removed in Version 4.16 [#14519](https://github.com/openshift/console/pull/14519) * [OCPBUGS-44875](https://issues.redhat.com/browse/OCPBUGS-44875): Start last run do not work in buildConfig details page [#14529](https://github.com/openshift/console/pull/14529) * [OCPBUGS-44874](https://issues.redhat.com/browse/OCPBUGS-44874): Telemetry userPreference results in empty nodes output to the DOM [#14528](https://github.com/openshift/console/pull/14528) * [OCPBUGS-45124](https://issues.redhat.com/browse/OCPBUGS-45124): Add multiline support to template instantiation [#14545](https://github.com/openshift/console/pull/14545) * [OCPBUGS-44885](https://issues.redhat.com/browse/OCPBUGS-44885): include external labels so silenced alerts not displayed in notifications [#14530](https://github.com/openshift/console/pull/14530) * [OCPBUGS-44932](https://issues.redhat.com/browse/OCPBUGS-44932): Add IBM Block Storage CSI driver support for RWX [#14533](https://github.com/openshift/console/pull/14533) * [OCPBUGS-43447](https://issues.redhat.com/browse/OCPBUGS-43447): Ensure envs are initted upon first load [#14405](https://github.com/openshift/console/pull/14405) * [OCPBUGS-44806](https://issues.redhat.com/browse/OCPBUGS-44806): Don't request user settings configmap if no user has been loaded. [#14522](https://github.com/openshift/console/pull/14522) * [OCPBUGS-44207](https://issues.redhat.com/browse/OCPBUGS-44207): Create RoleBinding will trigger Admission Webhook Warning [#14465](https://github.com/openshift/console/pull/14465) * [OCPBUGS-44219](https://issues.redhat.com/browse/OCPBUGS-44219): Add flag to hide the pipelines-plugin pipeline builder extensions [#14466](https://github.com/openshift/console/pull/14466) * [OCPBUGS-41673](https://issues.redhat.com/browse/OCPBUGS-41673): Update vendor imports to include all PatternFly components [#14273](https://github.com/openshift/console/pull/14273) * [OCPBUGS-43834](https://issues.redhat.com/browse/OCPBUGS-43834): Enabling topology e2e tests on CI [#14438](https://github.com/openshift/console/pull/14438) * [OCPBUGS-35204](https://issues.redhat.com/browse/OCPBUGS-35204): replace global refresh sync lock in OIDC provider with per-refresh-token one [#13950](https://github.com/openshift/console/pull/13950) * [OCPBUGS-36556](https://issues.redhat.com/browse/OCPBUGS-36556): Increase login flow state paramater length/entropy [#14354](https://github.com/openshift/console/pull/14354) * [OCPBUGS-42369](https://issues.redhat.com/browse/OCPBUGS-42369): Console crashes when ssh is selected in add secret for starting a pipeline run [#14320](https://github.com/openshift/console/pull/14320) * [OCPBUGS-41904](https://issues.redhat.com/browse/OCPBUGS-41904): fix annotation for ovn localnet [#14366](https://github.com/openshift/console/pull/14366) * [OCPBUGS-37615](https://issues.redhat.com/browse/OCPBUGS-37615): Include PatternFly-4 chart styles so they are available for dynamic plugins that still use PF4 react-charts [#14091](https://github.com/openshift/console/pull/14091) * [OCPBUGS-37689](https://issues.redhat.com/browse/OCPBUGS-37689): Switch to use annotations as labels from PipelineRuns created through Pipelines as Code is deprecated [#14094](https://github.com/openshift/console/pull/14094) * [OCPBUGS-42015](https://issues.redhat.com/browse/OCPBUGS-42015): Topology screen crashes when completed pod is selected [#14298](https://github.com/openshift/console/pull/14298) * [OCPBUGS-35850](https://issues.redhat.com/browse/OCPBUGS-35850): Fix: Quick Start "next" button requires double click to move to next step [#13989](https://github.com/openshift/console/pull/13989) * [OCPBUGS-42382](https://issues.redhat.com/browse/OCPBUGS-42382): Allow operators to enable monitoring by default [#14317](https://github.com/openshift/console/pull/14317) * [OCPBUGS-41905](https://issues.redhat.com/browse/OCPBUGS-41905): List of default Camel K event sources disappears when adding a custom event source [#14290](https://github.com/openshift/console/pull/14290) * [OCPBUGS-41709](https://issues.redhat.com/browse/OCPBUGS-41709): Need to allow blank for Project/namespace when setting SA Subject in 'Project access tab' [#14278](https://github.com/openshift/console/pull/14278) * [OCPBUGS-42069](https://issues.redhat.com/browse/OCPBUGS-42069): add Create button to Console plugins tab [#14302](https://github.com/openshift/console/pull/14302) * [OCPBUGS-41996](https://issues.redhat.com/browse/OCPBUGS-41996): Fix updating the "Until" field on the Silence > Edit page [#14296](https://github.com/openshift/console/pull/14296) * [OCPBUGS-38112](https://issues.redhat.com/browse/OCPBUGS-38112): do not directly mutate links in useMemo [#14117](https://github.com/openshift/console/pull/14117) * [OCPBUGS-34518](https://issues.redhat.com/browse/OCPBUGS-34518): Restore user toggle when authentification is disabled [#13902](https://github.com/openshift/console/pull/13902) * [OCPBUGS-41619](https://issues.redhat.com/browse/OCPBUGS-41619): Use vCenterCluster value from CM as primary resource [#14268](https://github.com/openshift/console/pull/14268) * [OCPBUGS-37046](https://issues.redhat.com/browse/OCPBUGS-37046): Fix TypeError: Cannot read properties of null (reading 'metadata') in Topology view [#14059](https://github.com/openshift/console/pull/14059) * [OCPBUGS-38911](https://issues.redhat.com/browse/OCPBUGS-38911): Values entered into the Instantiate Template form are automatically cleared [#14187](https://github.com/openshift/console/pull/14187) * [OCPBUGS-38914](https://issues.redhat.com/browse/OCPBUGS-38914): Unrelated readme opened when opening CodeReady workspaces from Quarkus using s2i quickstart [#14188](https://github.com/openshift/console/pull/14188) * [OCPBUGS-38968](https://issues.redhat.com/browse/OCPBUGS-38968): A value submitted in From view is wrapped with single quotation after switching to Yaml view. [#14193](https://github.com/openshift/console/pull/14193) * [OCPBUGS-38424](https://issues.redhat.com/browse/OCPBUGS-38424): fix bug where cluster version text appears black in da… [#14144](https://github.com/openshift/console/pull/14144) * [OCPBUGS-38464](https://issues.redhat.com/browse/OCPBUGS-38464): correct casing in "Lightspeed" [#14148](https://github.com/openshift/console/pull/14148) * [OCPBUGS-37430](https://issues.redhat.com/browse/OCPBUGS-37430): Fix utilization card limits/total display [#14082](https://github.com/openshift/console/pull/14082) * [OCPBUGS-36510](https://issues.redhat.com/browse/OCPBUGS-36510): DeploymentConfigs deprecation info alert should not present on the Edit deployment page [#14031](https://github.com/openshift/console/pull/14031) * [OCPBUGS-37954](https://issues.redhat.com/browse/OCPBUGS-37954): No access to list pipelines.tekton.dev prevents from using Delete application form [#14107](https://github.com/openshift/console/pull/14107) * [OCPBUGS-36601](https://issues.redhat.com/browse/OCPBUGS-36601): Tooltip on Pipeline when expression is not shows [#14033](https://github.com/openshift/console/pull/14033) * [OCPBUGS-38803](https://issues.redhat.com/browse/OCPBUGS-38803): CONSOLE-4108 [4.16 backport] Show deprecated operators in OperatorHub [#14095](https://github.com/openshift/console/pull/14095) * [OCPBUGS-37048](https://issues.redhat.com/browse/OCPBUGS-37048): Fix "Auto deploy when new image is available" becomes unchecked when editing a deployment from web console [#14060](https://github.com/openshift/console/pull/14060) * [OCPBUGS-35839](https://issues.redhat.com/browse/OCPBUGS-35839): Fix placement of icons on WebKit [#13988](https://github.com/openshift/console/pull/13988) * [OCPBUGS-35271](https://issues.redhat.com/browse/OCPBUGS-35271): Fix password set to Secret created through Start Pipeline form [#13954](https://github.com/openshift/console/pull/13954) * [OCPBUGS-38093](https://issues.redhat.com/browse/OCPBUGS-38093): correct link for Lightspeed operator [#14112](https://github.com/openshift/console/pull/14112) * [OCPBUGS-36484](https://issues.redhat.com/browse/OCPBUGS-36484): Revert - terminal: use username if uid is not present [#14027](https://github.com/openshift/console/pull/14027) * [OCPBUGS-37097](https://issues.redhat.com/browse/OCPBUGS-37097): Add useQuickStartContext hook and expose it via dynamic plugin API [#14070](https://github.com/openshift/console/pull/14070) * [OCPBUGS-36864](https://issues.redhat.com/browse/OCPBUGS-36864): maintain session across tabs [#14051](https://github.com/openshift/console/pull/14051) * [OCPBUGS-36620](https://issues.redhat.com/browse/OCPBUGS-36620): Redirects to new PipelineRun logs URL from old PipelineRun logs URL [#14035](https://github.com/openshift/console/pull/14035) * [OCPBUGS-36759](https://issues.redhat.com/browse/OCPBUGS-36759): RWOP accessMode is not available on OpenShift console UI [#14040](https://github.com/openshift/console/pull/14040) * [OCPBUGS-37063](https://issues.redhat.com/browse/OCPBUGS-37063): hide 'View all steps in documentation' for ROSA and OSD [#14069](https://github.com/openshift/console/pull/14069) * [OCPBUGS-36411](https://issues.redhat.com/browse/OCPBUGS-36411): fix BMH restart annotation [#14022](https://github.com/openshift/console/pull/14022) * [OCPBUGS-36841](https://issues.redhat.com/browse/OCPBUGS-36841): ensure correct API version for OperandDetails [#14049](https://github.com/openshift/console/pull/14049) * [OCPBUGS-36186](https://issues.redhat.com/browse/OCPBUGS-36186): Add default sorting column for VirtualizedTable component of dynamic plugin sdk [#14008](https://github.com/openshift/console/pull/14008) * [OCPBUGS-36002](https://issues.redhat.com/browse/OCPBUGS-36002): fix flaking crd-extension tests [#14003](https://github.com/openshift/console/pull/14003) * [OCPBUGS-35565](https://issues.redhat.com/browse/OCPBUGS-35565): remove duplicate OAuth config [#13982](https://github.com/openshift/console/pull/13982) * [OCPBUGS-35571](https://issues.redhat.com/browse/OCPBUGS-35571): Update Go prereq in README.md [#13981](https://github.com/openshift/console/pull/13981) * [OCPBUGS-35465](https://issues.redhat.com/browse/OCPBUGS-35465): ManagedField in YAML editor is not collapsed by default which is incorrect [#13974](https://github.com/openshift/console/pull/13974) * [OCPBUGS-35408](https://issues.redhat.com/browse/OCPBUGS-35408): fix pseudolocalization [#13972](https://github.com/openshift/console/pull/13972) * [OCPBUGS-35280](https://issues.redhat.com/browse/OCPBUGS-35280): Ensure requiredVersion is set for Console provided shared modules [#13956](https://github.com/openshift/console/pull/13956) * [OCPBUGS-34011](https://issues.redhat.com/browse/OCPBUGS-34011): Use bridge instead of cnv-bridge [#13875](https://github.com/openshift/console/pull/13875) * [OCPBUGS-35946](https://issues.redhat.com/browse/OCPBUGS-35946): Fix invalid node filesystem query [#13999](https://github.com/openshift/console/pull/13999) * [OCPBUGS-34717](https://issues.redhat.com/browse/OCPBUGS-34717): The s2i build strategy is not assumed for Serverless Functions [#13915](https://github.com/openshift/console/pull/13915) * [OCPBUGS-34968](https://issues.redhat.com/browse/OCPBUGS-34968): Update plugin docs regarding Console 4.16 shared module changes [#13933](https://github.com/openshift/console/pull/13933) * [OCPBUGS-35281](https://issues.redhat.com/browse/OCPBUGS-35281): Display of "Auth Token GCP" filter in OperatorHub should be conditioned [#13955](https://github.com/openshift/console/pull/13955) * [OCPBUGS-35472](https://issues.redhat.com/browse/OCPBUGS-35472): bump helm to 3.14 [#13971](https://github.com/openshift/console/pull/13971) * [OCPBUGS-35481](https://issues.redhat.com/browse/OCPBUGS-35481): fix crash if helm chart metadata is nil [#13975](https://github.com/openshift/console/pull/13975) * [Full changelog](https://github.com/openshift/console/compare/cb7b0786c142a10610fa50cddc25cd1de8a62653...fbca50eedbe66c9c42df8584350d51d791db6f51) ### [console-operator](https://github.com/openshift/console-operator/tree/04f80faf396b645582e5a19041e7faa5bf203443) * [OCPBUGS-60794](https://issues.redhat.com/browse/OCPBUGS-60794): Update downloads deployment configuration to use master node selector [#1036](https://github.com/openshift/console-operator/pull/1036) * [OCPBUGS-46481](https://issues.redhat.com/browse/OCPBUGS-46481): Dont disable console when authConfig type is set to None [#952](https://github.com/openshift/console-operator/pull/952) * [OCPBUGS-34783](https://issues.redhat.com/browse/OCPBUGS-34783): set required-scc for openshift workloads [#908](https://github.com/openshift/console-operator/pull/908) * [OCPBUGS-34012](https://issues.redhat.com/browse/OCPBUGS-34012): Cache organization ID [#916](https://github.com/openshift/console-operator/pull/916) * [OCPBUGS-33788](https://issues.redhat.com/browse/OCPBUGS-33788): Tolerate the absence of ingress capability on HyperShift clusters [#910](https://github.com/openshift/console-operator/pull/910) * [Full changelog](https://github.com/openshift/console-operator/compare/efe782291fe88877add25db7d575934d926963c4...04f80faf396b645582e5a19041e7faa5bf203443) ### [container-networking-plugins, containernetworking-plugins-microshift](https://github.com/openshift/containernetworking-plugins/tree/5f9ee066b2b7768606ffae81b52e8bd0f25cb471) * [OCPBUGS-55648](https://issues.redhat.com/browse/OCPBUGS-55648): Check error returned by ipv6 SettleAddresses [#188](https://github.com/openshift/containernetworking-plugins/pull/188) * [OCPBUGS-37725](https://issues.redhat.com/browse/OCPBUGS-37725): Update owners [#166](https://github.com/openshift/containernetworking-plugins/pull/166) * [Full changelog](https://github.com/openshift/containernetworking-plugins/compare/f503997690a236f322ae062ab2ebcf720b0457bf...5f9ee066b2b7768606ffae81b52e8bd0f25cb471) ### [coredns](https://github.com/openshift/coredns/tree/1e417656c1c72d3410b31ee08caf25bcdf8836e3) * [OCPBUGS-37078](https://issues.redhat.com/browse/OCPBUGS-37078): UPSTREAM: <carry>: openshift: Bump the version of ocp_dnsnameresolver external plugin [#127](https://github.com/openshift/coredns/pull/127) * [Full changelog](https://github.com/openshift/coredns/compare/04d84f7f2e17ff464fad3f2841e7b29a43c8382f...1e417656c1c72d3410b31ee08caf25bcdf8836e3) ### [csi-driver-manila, openstack-cinder-csi-driver, openstack-cloud-controller-manager](https://github.com/openshift/cloud-provider-openstack/tree/83d0aa3221daba495868a8b186c893cf12e44251) * [OCPBUGS-58884](https://issues.redhat.com/browse/OCPBUGS-58884): CARRY: don't ignore json files [#341](https://github.com/openshift/cloud-provider-openstack/pull/341) * [OCPBUGS-43426](https://issues.redhat.com/browse/OCPBUGS-43426): Merge https://github.com/kubernetes/cloud-provider-openstack:release-1.29 into release-4.16 [#303](https://github.com/openshift/cloud-provider-openstack/pull/303) * [OCPBUGS-38167](https://issues.redhat.com/browse/OCPBUGS-38167): rebase CPO on 4.16 [#291](https://github.com/openshift/cloud-provider-openstack/pull/291) * [Full changelog](https://github.com/openshift/cloud-provider-openstack/compare/5340eaab09d8057a705b7a7124e05231cfd37978...83d0aa3221daba495868a8b186c893cf12e44251) ### [csi-driver-manila-operator](https://github.com/openshift/csi-driver-manila-operator/tree/c25d1ff2677a882504b18220dcbbe153781f3883) * [OCPBUGS-38458](https://issues.redhat.com/browse/OCPBUGS-38458): Add missing healthchecks [#241](https://github.com/openshift/csi-driver-manila-operator/pull/241) * [OCPBUGS-30438](https://issues.redhat.com/browse/OCPBUGS-30438): Bump protobuf dependency [#237](https://github.com/openshift/csi-driver-manila-operator/pull/237) * [OCPBUGS-38013](https://issues.redhat.com/browse/OCPBUGS-38013): Set required-scc for openshift workloads [#235](https://github.com/openshift/csi-driver-manila-operator/pull/235) * [Full changelog](https://github.com/openshift/csi-driver-manila-operator/compare/6de0dc79d67fdf817ac0bed7a6d7b1d1131a5751...c25d1ff2677a882504b18220dcbbe153781f3883) ### [csi-external-resizer](https://github.com/openshift/csi-external-resizer/tree/06e08fd2e3c63e218e2973e4c711e9ae302948a4) * [OCPBUGS-62465](https://issues.redhat.com/browse/OCPBUGS-62465): Requeue PVC over PV creation [#174](https://github.com/openshift/csi-external-resizer/pull/174) * [Full changelog](https://github.com/openshift/csi-external-resizer/compare/bdf5bfb4da07be6a85ae5253218f29fb8af51adf...06e08fd2e3c63e218e2973e4c711e9ae302948a4) ### [csi-external-snapshotter, csi-snapshot-controller, csi-snapshot-validation-webhook](https://github.com/openshift/csi-external-snapshotter/tree/ee32ba01e1f89bac057611ad4580589652f250a3) * [OCPBUGS-60450](https://issues.redhat.com/browse/OCPBUGS-60450): UPSTREAM: 1238: Snapshot Controller startup should not LIST all volumesnapshots [#186](https://github.com/openshift/csi-external-snapshotter/pull/186) * [Full changelog](https://github.com/openshift/csi-external-snapshotter/compare/5315d37a1e5415e8b6870f23e50238681979cc28...ee32ba01e1f89bac057611ad4580589652f250a3) ### [docker-builder](https://github.com/openshift/builder/tree/e77895c27d8d39398c585064b8a87b5531b2574d) * [OCPBUGS-58074](https://issues.redhat.com/browse/OCPBUGS-58074): S2I build cpu limits observed by assemble are limited to 1 cpu [#475](https://github.com/openshift/builder/pull/475) * [OCPBUGS-53076](https://issues.redhat.com/browse/OCPBUGS-53076): Upgraded Kubernetes dependency from 1.28.2 to 1.29.0 [#468](https://github.com/openshift/builder/pull/468) * [OCPBUGS-42893](https://issues.redhat.com/browse/OCPBUGS-42893), [OCPBUGS-42914](https://issues.redhat.com/browse/OCPBUGS-42914): buildah dependency bump to fix - Buildah allows arbitrary directory mount and symlink traversal vulnerability in the containers/storage library [#450](https://github.com/openshift/builder/pull/450) * [OCPBUGS-43186](https://issues.redhat.com/browse/OCPBUGS-43186): runc library bump to 1.1.12 [#420](https://github.com/openshift/builder/pull/420) * [OCPBUGS-47775](https://issues.redhat.com/browse/OCPBUGS-47775): skipping some unit tests to avoid failures as they are duplicate [#424](https://github.com/openshift/builder/pull/424) * [OCPBUGS-48159](https://issues.redhat.com/browse/OCPBUGS-48159): Add team members to the OWNERS file [#426](https://github.com/openshift/builder/pull/426) * [OCPBUGS-30455](https://issues.redhat.com/browse/OCPBUGS-30455): bump google.golang.org/protobuf to 1.33.0 [#402](https://github.com/openshift/builder/pull/402) * [OCPBUGS-35283](https://issues.redhat.com/browse/OCPBUGS-35283): Bumps openshift/api & related dependencies [#397](https://github.com/openshift/builder/pull/397) * [Full changelog](https://github.com/openshift/builder/compare/ca2b36ac7f38efc76bedc87cc81f9464f52bf332...e77895c27d8d39398c585064b8a87b5531b2574d) ### [docker-registry](https://github.com/openshift/image-registry/tree/072c544c1eaab6d0e43fc63ab6c12c18bf524afb) * [OCPBUGS-60183](https://issues.redhat.com/browse/OCPBUGS-60183): bump openshift/docker-distribution [#441](https://github.com/openshift/image-registry/pull/441) * [OCPBUGS-53654](https://issues.redhat.com/browse/OCPBUGS-53654): bump jwt and oauth dependencies [#432](https://github.com/openshift/image-registry/pull/432) * [OCPBUGS-49696](https://issues.redhat.com/browse/OCPBUGS-49696): bump docker distribution [#423](https://github.com/openshift/image-registry/pull/423) * [OCPBUGS-39412](https://issues.redhat.com/browse/OCPBUGS-39412): pull upstream distribution changes to use a consistent multipart chunk size [#410](https://github.com/openshift/image-registry/pull/410) * [OCPBUGS-35567](https://issues.redhat.com/browse/OCPBUGS-35567): use SelfSubjectReview to obtain user info [#405](https://github.com/openshift/image-registry/pull/405) * [Full changelog](https://github.com/openshift/image-registry/compare/58a613b36ac03c264f06e429d6260f34396668db...072c544c1eaab6d0e43fc63ab6c12c18bf524afb) ### [egress-router-cni](https://github.com/openshift/egress-router-cni/tree/7089efe6100c1f52f28adccf1dccc722b8dcacdc) * [OCPBUGS-35525](https://issues.redhat.com/browse/OCPBUGS-35525): update to go 1.21 and k8s.io mods to v0.29.2 [#85](https://github.com/openshift/egress-router-cni/pull/85) * [Full changelog](https://github.com/openshift/egress-router-cni/compare/7534ab906e5f9d38defbbbc6b169e5d829463bb5...7089efe6100c1f52f28adccf1dccc722b8dcacdc) ### [etcd](https://github.com/openshift/etcd/tree/e7911c0d19925c0a67328052a8580a80fb40cb5b) * NO-ISSUE: Add support for cachi2 based deps [#298](https://github.com/openshift/etcd/pull/298) * [OCPBUGS-34690](https://issues.redhat.com/browse/OCPBUGS-34690): Rebase etcd 3.5.14 openshift 4.16 [#274](https://github.com/openshift/etcd/pull/274) * [Full changelog](https://github.com/openshift/etcd/compare/bc2fec27ff5b086436d438157c24396f280e0305...e7911c0d19925c0a67328052a8580a80fb40cb5b) ### [gcp-machine-controllers](https://github.com/openshift/machine-api-provider-gcp/tree/8851888abd5f7f47edd12a56f515b8f333c09372) * [OCPBUGS-55249](https://issues.redhat.com/browse/OCPBUGS-55249): Disable shielded VMs for non-UEFI disks [#116](https://github.com/openshift/machine-api-provider-gcp/pull/116) * [OCPBUGS-48484](https://issues.redhat.com/browse/OCPBUGS-48484): Refactor exists() to handle gcp API change [#106](https://github.com/openshift/machine-api-provider-gcp/pull/106) * [Full changelog](https://github.com/openshift/machine-api-provider-gcp/compare/e72657c0d2713842f701f1d43c777d6ec6880cb9...8851888abd5f7f47edd12a56f515b8f333c09372) ### [haproxy-router](https://github.com/openshift/router/tree/7c4b47201b75421631739feb42e7ae86ae047739) * [OCPBUGS-56424](https://issues.redhat.com/browse/OCPBUGS-56424): Add support for IdleCloseTerminationPolicy [#655](https://github.com/openshift/router/pull/655) * [OCPBUGS-49391](https://issues.redhat.com/browse/OCPBUGS-49391): Reject All CA-Signed Certs Using SHA1 [#651](https://github.com/openshift/router/pull/651) * [Full changelog](https://github.com/openshift/router/compare/4d9b8c4afa6cd89b41f4bd5e7c09ccddd8679bc6...7c4b47201b75421631739feb42e7ae86ae047739) ### [hyperkube, pod](https://github.com/openshift/kubernetes/tree/d1618535bbc641daee580987e2ccb5fa09f59def) * [OCPBUGS-61908](https://issues.redhat.com/browse/OCPBUGS-61908): UPSTREAM: <carry>: Don't retry storage calls with side effects. [#2470](https://github.com/openshift/kubernetes/pull/2470) * [OCPBUGS-60553](https://issues.redhat.com/browse/OCPBUGS-60553): [4.16]: podresources: list: use active pods [#2454](https://github.com/openshift/kubernetes/pull/2454) * 4.16: OCPBUGS-60872: UPSTREAM: 127757: scheduler: Improve CSILimits plugin accuracy by using VolumeAttachments [#2435](https://github.com/openshift/kubernetes/pull/2435) * [OCPBUGS-60272](https://issues.redhat.com/browse/OCPBUGS-60272): Bump nfs server provisioner [#2402](https://github.com/openshift/kubernetes/pull/2402) * [OCPBUGS-58054](https://issues.redhat.com/browse/OCPBUGS-58054): UPSTREAM: 130047: adjusting loopback certificate validity in kube-apiserver [#2342](https://github.com/openshift/kubernetes/pull/2342) * [OCPBUGS-58054](https://issues.redhat.com/browse/OCPBUGS-58054): UPSTREAM: <carry>: disable some legacy cloud provider Azure tests [#2352](https://github.com/openshift/kubernetes/pull/2352) * [OCPBUGS-57290](https://issues.redhat.com/browse/OCPBUGS-57290): UPSTREAM: <carry>: Bump cadvisor version to fix kubelet [#2325](https://github.com/openshift/kubernetes/pull/2325) * [OCPBUGS-49906](https://issues.redhat.com/browse/OCPBUGS-49906): Bump k8s api to 1.29.14 [#2211](https://github.com/openshift/kubernetes/pull/2211) * [OCPBUGS-45931](https://issues.redhat.com/browse/OCPBUGS-45931): UPSTREAM: <carry>: kubelet/cm: fix bug where kubelet restarts from missing cpuset cgroup #2158 [#2200](https://github.com/openshift/kubernetes/pull/2200) * [OCPBUGS-46003](https://issues.redhat.com/browse/OCPBUGS-46003): Bump k8s api to 1.29.11 [#2161](https://github.com/openshift/kubernetes/pull/2161) * [OCPBUGS-44513](https://issues.redhat.com/browse/OCPBUGS-44513): Bump k8s api to 1.29.10 [#2133](https://github.com/openshift/kubernetes/pull/2133) * [OCPBUGS-42555](https://issues.redhat.com/browse/OCPBUGS-42555): Allow pod to be scheduled if node's name and hostname mismatch [#2099](https://github.com/openshift/kubernetes/pull/2099) * [OCPBUGS-42168](https://issues.redhat.com/browse/OCPBUGS-42168): Bump k8s api to 1.29.9 [#2090](https://github.com/openshift/kubernetes/pull/2090) * release-4.16] OCPBUGS-42057: UPSTREAM: <drop>: bump(github.com/openshift/apiserver-library-go) [#2096](https://github.com/openshift/kubernetes/pull/2096) * [OCPBUGS-39015](https://issues.redhat.com/browse/OCPBUGS-39015): Bump k8s api to 1.29.8 [#2066](https://github.com/openshift/kubernetes/pull/2066) * [OCPBUGS-36773](https://issues.redhat.com/browse/OCPBUGS-36773): UPSTREAM: <carry>: Disable vSphere tests with pre-provisioned volumes [#2021](https://github.com/openshift/kubernetes/pull/2021) * NO-JIRA: update downstream owners [#2049](https://github.com/openshift/kubernetes/pull/2049) * [OCPBUGS-37621](https://issues.redhat.com/browse/OCPBUGS-37621): Bump k8s api to 1.29.7 [#2039](https://github.com/openshift/kubernetes/pull/2039) * [OCPBUGS-19802](https://issues.redhat.com/browse/OCPBUGS-19802): Bump 4.16 runc [#2032](https://github.com/openshift/kubernetes/pull/2032) * [OCPBUGS-35551](https://issues.redhat.com/browse/OCPBUGS-35551): Bump k8s 1.29.6 [#1990](https://github.com/openshift/kubernetes/pull/1990) * [OCPBUGS-34545](https://issues.redhat.com/browse/OCPBUGS-34545): UPSTREAM: <carry>: Disable PersistentVolumeLabel by default [#1993](https://github.com/openshift/kubernetes/pull/1993) * [Full changelog](https://github.com/openshift/kubernetes/compare/29c95f359e591fae386ce64516812d8b65d285be...d1618535bbc641daee580987e2ccb5fa09f59def) ### [hypershift](https://github.com/openshift/hypershift/tree/7e33d8351a4e924e5b39f15cde7736bb193782ee) * [CNTRLPLANE-1426](https://issues.redhat.com/browse/CNTRLPLANE-1426): feat(konflux): tag MCE HO images with latest [#6839](https://github.com/openshift/hypershift/pull/6839) * [OCPBUGS-61252](https://issues.redhat.com/browse/OCPBUGS-61252): dont use registryOverrides on kube rbac proxy image be… [#6756](https://github.com/openshift/hypershift/pull/6756) * [OCPBUGS-61582](https://issues.redhat.com/browse/OCPBUGS-61582): Update KCM node monitor grace period [#6797](https://github.com/openshift/hypershift/pull/6797) * [OCPBUGS-61860](https://issues.redhat.com/browse/OCPBUGS-61860): Use the common MCE konflux pipeline [#6844](https://github.com/openshift/hypershift/pull/6844) * [OCPBUGS-60150](https://issues.redhat.com/browse/OCPBUGS-60150): Always compress and encode payload in token secret for inplace upgrades [#6750](https://github.com/openshift/hypershift/pull/6750) * [OCPBUGS-60951](https://issues.redhat.com/browse/OCPBUGS-60951): MCE 2.6 konflux hcp cli [#6701](https://github.com/openshift/hypershift/pull/6701) * [CNTRLPLANE-1203](https://issues.redhat.com/browse/CNTRLPLANE-1203): HO MCE change to hermetic ta build [#6654](https://github.com/openshift/hypershift/pull/6654) * [CNTRLPLANE-1231](https://issues.redhat.com/browse/CNTRLPLANE-1231): Move CPO pipeline to hermetic builds [#6599](https://github.com/openshift/hypershift/pull/6599) * [OCPBUGS-58505](https://issues.redhat.com/browse/OCPBUGS-58505): [release-4.16] Add missing service network DNS entries to KAS cert [#6393](https://github.com/openshift/hypershift/pull/6393) * [OCPBUGS-57494](https://issues.redhat.com/browse/OCPBUGS-57494): Add proxy variables for the MCD Pod [#6286](https://github.com/openshift/hypershift/pull/6286) * [OCPBUGS-55697](https://issues.redhat.com/browse/OCPBUGS-55697): Add validation to avoid conflicts between KubeAPIServer and NamedCertificates SANs [#6114](https://github.com/openshift/hypershift/pull/6114) * [CNTRLPLANE-919](https://issues.redhat.com/browse/CNTRLPLANE-919): Konflux build pipeline service account migration [#6087](https://github.com/openshift/hypershift/pull/6087) * [CNTRLPLANE-919](https://issues.redhat.com/browse/CNTRLPLANE-919): Konflux build pipeline service account migration [#6082](https://github.com/openshift/hypershift/pull/6082) * [OCPBUGS-51804](https://issues.redhat.com/browse/OCPBUGS-51804): Fix golang crypto dependency go.mod replacement [#5994](https://github.com/openshift/hypershift/pull/5994) * [OCPBUGS-54914](https://issues.redhat.com/browse/OCPBUGS-54914): Add konnectivity-proxy sidecar to openshift-oauth-apiserver [#6026](https://github.com/openshift/hypershift/pull/6026) * [OCPBUGS-54632](https://issues.redhat.com/browse/OCPBUGS-54632): Sync RBAC for attaching volumes on VM level [#5998](https://github.com/openshift/hypershift/pull/5998) * [OCPBUGS-49914](https://issues.redhat.com/browse/OCPBUGS-49914): Reconcile proxy CA bundle into hosted cluster [#5983](https://github.com/openshift/hypershift/pull/5983) * [OCPBUGS-53902](https://issues.redhat.com/browse/OCPBUGS-53902): bump golang-jwt v4 and v5 [#5907](https://github.com/openshift/hypershift/pull/5907) * Red Hat Konflux update control-plane-operator-4-16 [#5957](https://github.com/openshift/hypershift/pull/5957) * [ART-11792](https://issues.redhat.com/browse/ART-11792): update go mod dependency for konflux [#5922](https://github.com/openshift/hypershift/pull/5922) * [OCPBUGS-51733](https://issues.redhat.com/browse/OCPBUGS-51733), [OCPBUGS-51804](https://issues.redhat.com/browse/OCPBUGS-51804): Bump dependencies to OCP fork in backports [#5901](https://github.com/openshift/hypershift/pull/5901) * [OCPBUGS-53308](https://issues.redhat.com/browse/OCPBUGS-53308): fix(deps): bump go-jose [#5866](https://github.com/openshift/hypershift/pull/5866) * [OCPBUGS-52506](https://issues.redhat.com/browse/OCPBUGS-52506): refactor aws identity health check into new controller [#5781](https://github.com/openshift/hypershift/pull/5781) * [OCPBUGS-52857](https://issues.redhat.com/browse/OCPBUGS-52857): Make managed-trust-bundle optional [#5809](https://github.com/openshift/hypershift/pull/5809) * [OCPBUGS-52426](https://issues.redhat.com/browse/OCPBUGS-52426): change plaform to platform [#5773](https://github.com/openshift/hypershift/pull/5773) * [OCPBUGS-50993](https://issues.redhat.com/browse/OCPBUGS-50993): Honor proxy vars in the util insecure http client [#5662](https://github.com/openshift/hypershift/pull/5662) * [OCPBUGS-46466](https://issues.redhat.com/browse/OCPBUGS-46466): Consistently look up and dial cloud API hostnames [#5301](https://github.com/openshift/hypershift/pull/5301) * [OCPBUGS-50698](https://issues.redhat.com/browse/OCPBUGS-50698): add region to AWS creds passed to operators managed by CPO [#5670](https://github.com/openshift/hypershift/pull/5670) * [OCPBUGS-51296](https://issues.redhat.com/browse/OCPBUGS-51296): 4.17 Add HostedCluster additional trustbundles to konnectivity-https-proxy [#5707](https://github.com/openshift/hypershift/pull/5707) * NO-JIRA: chore(deps): update dependency mkdocs-material to v9.6.5 [#5686](https://github.com/openshift/hypershift/pull/5686) * [OCPBUGS-50694](https://issues.redhat.com/browse/OCPBUGS-50694): OCPBUGS-50692: Fix IsIPv4 function identifying also addresses instead of CIDRs [#5620](https://github.com/openshift/hypershift/pull/5620) * NO-JIRA: chore(deps): update dependency mkdocs-material to v9 [#5635](https://github.com/openshift/hypershift/pull/5635) * [OCPBUGS-50557](https://issues.redhat.com/browse/OCPBUGS-50557): Prevent IgnitionServer from flooding the API server with patch requests [#5599](https://github.com/openshift/hypershift/pull/5599) * NO-JIRA: chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v9.5-1739267472 [#5597](https://github.com/openshift/hypershift/pull/5597) * NO-JIRA: chore(deps): update dependency mkdocs-material to v8.5.11 [#5591](https://github.com/openshift/hypershift/pull/5591) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.6.3 [#5587](https://github.com/openshift/hypershift/pull/5587) * NO-JIRA: chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v9.5-1738746453 [#5574](https://github.com/openshift/hypershift/pull/5574) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.6.2 [#5575](https://github.com/openshift/hypershift/pull/5575) * NO-JIRA: chore(deps): update dependency mkdocs to v1.6.1 [#5531](https://github.com/openshift/hypershift/pull/5531) * NO-JIRA: chore(deps): update dependency mkdocs-glightbox to v0.4.0 [#5532](https://github.com/openshift/hypershift/pull/5532) * [OCPBUGS-49640](https://issues.redhat.com/browse/OCPBUGS-49640): fix overwriting PKI operator HCP conditions [#5506](https://github.com/openshift/hypershift/pull/5506) * NO-JIRA: chore(deps): chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v9.5-1737480393 - abandoned [#5484](https://github.com/openshift/hypershift/pull/5484) * NO-JIRA: chore(deps): update konflux references (release-4.16) [#5477](https://github.com/openshift/hypershift/pull/5477) * NO-JIRA: Update squidfunk/mkdocs-material Docker tag to v9.5.50 (release-4.16) [#5437](https://github.com/openshift/hypershift/pull/5437) * NO-JIRA: Update Konflux references (release-4.16) [#5431](https://github.com/openshift/hypershift/pull/5431) * NO-JIRA: chore(deps): update konflux references (release-4.16) [#5384](https://github.com/openshift/hypershift/pull/5384) * NO-JIRA: Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v9 (release-4.16) [#5298](https://github.com/openshift/hypershift/pull/5298) * NO-JIRA: [release-4.16] Bump golang.org/x/crypto and golang.org/x/net [#5370](https://github.com/openshift/hypershift/pull/5370) * NO-JIRA: Update Konflux references (release-4.16) [#5328](https://github.com/openshift/hypershift/pull/5328) * NO-JIRA: Red Hat Konflux update control-plane-operator-4-16 [#5337](https://github.com/openshift/hypershift/pull/5337) * [OCPBUGS-47539](https://issues.redhat.com/browse/OCPBUGS-47539): Separate CPO containerfiles [#5333](https://github.com/openshift/hypershift/pull/5333) * chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v1.22.7-1733160835 (release-4.16) [#5295](https://github.com/openshift/hypershift/pull/5295) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.49 (release-4.16) [#5297](https://github.com/openshift/hypershift/pull/5297) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.48 (release-4.16) [#5294](https://github.com/openshift/hypershift/pull/5294) * NO-JIRA: Update Konflux References and Perform Migration for Release-4.16 [#5261](https://github.com/openshift/hypershift/pull/5261) * [OCPBUGS-39372](https://issues.redhat.com/browse/OCPBUGS-39372): Fixed NodePool version validation [#5219](https://github.com/openshift/hypershift/pull/5219) * NO-JIRA: Update squidfunk/mkdocs-material Docker tag to v9.5.47 (release-4.16) [#5209](https://github.com/openshift/hypershift/pull/5209) * NO-JIRA: chore(deps): update konflux references (release-4.16) [#5207](https://github.com/openshift/hypershift/pull/5207) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.46 (release-4.16) [#5189](https://github.com/openshift/hypershift/pull/5189) * [OCPBUGS-43930](https://issues.redhat.com/browse/OCPBUGS-43930): Return the right tagReference on Catalogs ImageStream [#5133](https://github.com/openshift/hypershift/pull/5133) * NO-JIRA: chore(deps): update konflux references (release-4.16) [#5161](https://github.com/openshift/hypershift/pull/5161) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.45 (release-4.16) [#5163](https://github.com/openshift/hypershift/pull/5163) * chore(deps): update konflux references (release-4.16) [#5135](https://github.com/openshift/hypershift/pull/5135) * [OCPBUGS-44277](https://issues.redhat.com/browse/OCPBUGS-44277): Configure OAuth https proxy to dial cloud endpoints directly [#5069](https://github.com/openshift/hypershift/pull/5069) * chore(deps): update konflux references (release-4.16) [#5119](https://github.com/openshift/hypershift/pull/5119) * [OCPBUGS-43973](https://issues.redhat.com/browse/OCPBUGS-43973): Add network policies for konnectivity server and ignition server proxy [#4998](https://github.com/openshift/hypershift/pull/4998) * NO-JIRA: Update Konflux references (release-4.16) [#5112](https://github.com/openshift/hypershift/pull/5112) * NO-JIRA: Update Konflux references (release-4.16) [#5099](https://github.com/openshift/hypershift/pull/5099) * chore(deps): update konflux references (release-4.16) [#5078](https://github.com/openshift/hypershift/pull/5078) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.44 (release-4.16) [#5059](https://github.com/openshift/hypershift/pull/5059) * NO-JIRA: chore(deps): update konflux references (release-4.16) [#5058](https://github.com/openshift/hypershift/pull/5058) * NO-JIRA: Update Konflux references (release-4.16) [#5042](https://github.com/openshift/hypershift/pull/5042) * chore(deps): update konflux references (release-4.16) [#5024](https://github.com/openshift/hypershift/pull/5024) * chore(deps): update konflux references (release-4.16) [#5019](https://github.com/openshift/hypershift/pull/5019) * NO-JIRA: Update squidfunk/mkdocs-material Docker tag to v9.5.43 (release-4.16) [#5017](https://github.com/openshift/hypershift/pull/5017) * NO-JIRA: Update Konflux references (release-4.16) [#5012](https://github.com/openshift/hypershift/pull/5012) * [OCPBUGS-43840](https://issues.redhat.com/browse/OCPBUGS-43840): add ValidIDPConfiguration condition to report IDP config issues [#4985](https://github.com/openshift/hypershift/pull/4985) * NO-JIRA: chore(deps): update konflux references (release-4.16) [#4971](https://github.com/openshift/hypershift/pull/4971) * [OCPBUGS-43046](https://issues.redhat.com/browse/OCPBUGS-43046): Do not send traffic to local audit-webhook through konnectivity [#4883](https://github.com/openshift/hypershift/pull/4883) * NO-JIRA: chore(deps): update konflux references (release-4.16) [#4954](https://github.com/openshift/hypershift/pull/4954) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.42 (release-4.16) [#4947](https://github.com/openshift/hypershift/pull/4947) * NO-JIRA: chore(deps): update konflux references (release-4.16) [#4933](https://github.com/openshift/hypershift/pull/4933) * [OCPBUGS-43104](https://issues.redhat.com/browse/OCPBUGS-43104): label routes only when HCP router used [#4899](https://github.com/openshift/hypershift/pull/4899) * [OCPBUGS-43308](https://issues.redhat.com/browse/OCPBUGS-43308): Use guest DNS resolution in Konnectivity HTTPS proxy by default [#4905](https://github.com/openshift/hypershift/pull/4905) * NO-JIRA: chore(deps): update konflux references (release-4.16) [#4923](https://github.com/openshift/hypershift/pull/4923) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.41 (release-4.16) [#4919](https://github.com/openshift/hypershift/pull/4919) * NO-JIRA: chore(deps): update konflux references to 674e70f (release-4.16) [#4908](https://github.com/openshift/hypershift/pull/4908) * NO-JIRA: chore(deps): update konflux references (release-4.16) [#4896](https://github.com/openshift/hypershift/pull/4896) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.40 (release-4.16) [#4880](https://github.com/openshift/hypershift/pull/4880) * [OCPBUGS-42432](https://issues.redhat.com/browse/OCPBUGS-42432): Use KubeClientCABundle for HostedClusterConfigOperator cluster-signer-ca [#4799](https://github.com/openshift/hypershift/pull/4799) * [OCPBUGS-42342](https://issues.redhat.com/browse/OCPBUGS-42342): Let payload generation pick the release for the NodePool [#4787](https://github.com/openshift/hypershift/pull/4787) * [OCPBUGS-42431](https://issues.redhat.com/browse/OCPBUGS-42431): Conditionally manage kubeconfig secrets for DNS and Ingress operators [#4798](https://github.com/openshift/hypershift/pull/4798) * NO-JIRA: [chore(deps): update konflux references (release-4.16)](https://github.com/openshift/hypershift/pull/4853#top) [#4853](https://github.com/openshift/hypershift/pull/4853) * [OCPBUGS-42608](https://issues.redhat.com/browse/OCPBUGS-42608): Add Annotation to skip deleting hcp namespace [#4830](https://github.com/openshift/hypershift/pull/4830) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.39 (release-4.16) [#4827](https://github.com/openshift/hypershift/pull/4827) * chore(deps): update konflux references (release-4.16) [#4816](https://github.com/openshift/hypershift/pull/4816) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.38 (release-4.16) [#4806](https://github.com/openshift/hypershift/pull/4806) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.37 (release-4.16) [#4796](https://github.com/openshift/hypershift/pull/4796) * chore(deps): update konflux references (release-4.16) [#4781](https://github.com/openshift/hypershift/pull/4781) * NO-JIRA: chore(deps): update konflux references (release-4.16) [#4760](https://github.com/openshift/hypershift/pull/4760) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.36 (release-4.16) [#4759](https://github.com/openshift/hypershift/pull/4759) * NO-JIRA: Security fixes for openshift-ci-security job [#4750](https://github.com/openshift/hypershift/pull/4750) * [OCPBUGS-41372](https://issues.redhat.com/browse/OCPBUGS-41372): CPO oauth idp converter: resolve names before dialing [#4689](https://github.com/openshift/hypershift/pull/4689) * NO-JIRA: chore(deps): update golang docker tag to v1.23 (release-4.16) [#4729](https://github.com/openshift/hypershift/pull/4729) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.34 (release-4.16) [#4728](https://github.com/openshift/hypershift/pull/4728) * NO-JIRA: chore(deps): update konflux references (release-4.16) [#4727](https://github.com/openshift/hypershift/pull/4727) * [OCPBUGS-38058](https://issues.redhat.com/browse/OCPBUGS-38058): Add HTTP konnectivity proxy to OAuth server [#4496](https://github.com/openshift/hypershift/pull/4496) * [HOSTEDCP-1955](https://issues.redhat.com/browse/HOSTEDCP-1955): bump CCO version [#4696](https://github.com/openshift/hypershift/pull/4696) * [OCPBUGS-34803](https://issues.redhat.com/browse/OCPBUGS-34803): cmd: report server version, supported OCP [#4141](https://github.com/openshift/hypershift/pull/4141) * [OCPBUGS-39293](https://issues.redhat.com/browse/OCPBUGS-39293): copy image-registry AdditionalTrustedCA configmap into HC openshift-config [#4647](https://github.com/openshift/hypershift/pull/4647) * chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v1.21.11-9 (release-4.16) [#4685](https://github.com/openshift/hypershift/pull/4685) * [OCPBUGS-38062](https://issues.redhat.com/browse/OCPBUGS-38062): [release-4.16] Use HTTP proxy for ingress controller [#4688](https://github.com/openshift/hypershift/pull/4688) * NO-JIRA: chore(deps): update konflux references (release-4.16) [#4684](https://github.com/openshift/hypershift/pull/4684) * [OCPBUGS-39447](https://issues.redhat.com/browse/OCPBUGS-39447): handle version skewed NodePools that do not have rhel9 binaries [#4664](https://github.com/openshift/hypershift/pull/4664) * [HOSTEDCP-1895](https://issues.redhat.com/browse/HOSTEDCP-1895): [release-4.16] Allow setting Kube APIServer maximum requests in flight [#4551](https://github.com/openshift/hypershift/pull/4551) * chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v1.21.11-7.1724661022 (release-4.16) [#4600](https://github.com/openshift/hypershift/pull/4600) * chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.33 (release-4.16) [#4602](https://github.com/openshift/hypershift/pull/4602) * chore(deps): update konflux references (release-4.16) [#4599](https://github.com/openshift/hypershift/pull/4599) * [OCPBUGS-38942](https://issues.redhat.com/browse/OCPBUGS-38942): copy oapi ca-trust recursively when building trust anchor [#4615](https://github.com/openshift/hypershift/pull/4615) * NO-JIRA: Flaky cert validation test [#4622](https://github.com/openshift/hypershift/pull/4622) * [OCPBUGS-38259](https://issues.redhat.com/browse/OCPBUGS-38259): Set KCM node monitor grace period [#4520](https://github.com/openshift/hypershift/pull/4520) * [OCPBUGS-38726](https://issues.redhat.com/browse/OCPBUGS-38726): fix: bump github.com/IBM/go-sdk-core/v5 [#4611](https://github.com/openshift/hypershift/pull/4611) * [HOSTEDCP-1764](https://issues.redhat.com/browse/HOSTEDCP-1764): retrieve registryOverrides when ImageStream is not ava… [#4541](https://github.com/openshift/hypershift/pull/4541) * chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v1.21.11-7 (release-4.16) [#4525](https://github.com/openshift/hypershift/pull/4525) * [OCPBUGS-36781](https://issues.redhat.com/browse/OCPBUGS-36781): Set Azure VM identity if user assigned identity set [#4341](https://github.com/openshift/hypershift/pull/4341) * [OCPBUGS-37936](https://issues.redhat.com/browse/OCPBUGS-37936): set proxy envvars on aws and azure CCMs [#4476](https://github.com/openshift/hypershift/pull/4476) * [OCPBUGS-38486](https://issues.redhat.com/browse/OCPBUGS-38486): hcco: reconcile apiserver config into hosted cluster [#4559](https://github.com/openshift/hypershift/pull/4559) * NO-JIRA: fix(KONFLUX-3663): format PipelineRun files and upload SAST results [#4534](https://github.com/openshift/hypershift/pull/4534) * [OCPBUGS-38131](https://issues.redhat.com/browse/OCPBUGS-38131): Let the CPO oidc check resolve through data plane [#4505](https://github.com/openshift/hypershift/pull/4505) * NO-JIRA: test: relax mgmt KAS egress check [#4561](https://github.com/openshift/hypershift/pull/4561) * chore(deps): update quay.io/openshift/origin-base docker tag to v4.16 (release-4.16) [#4528](https://github.com/openshift/hypershift/pull/4528) * chore(deps): update golang docker tag to v1.22 (release-4.16) [#4527](https://github.com/openshift/hypershift/pull/4527) * NO-JIRA: Update Konflux references (release-4.16) [#4524](https://github.com/openshift/hypershift/pull/4524) * [OCPBUGS-34801](https://issues.redhat.com/browse/OCPBUGS-34801): remove weak ciphers from security profile [#4518](https://github.com/openshift/hypershift/pull/4518) * [OCPBUGS-37060](https://issues.redhat.com/browse/OCPBUGS-37060): OCPBUGS-35905: E2E test to verify openshift-apiserver TLS certificates [#4366](https://github.com/openshift/hypershift/pull/4366) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9 (release-4.16) [#4482](https://github.com/openshift/hypershift/pull/4482) * NO-JIRA: chore(deps): update konflux references (release-4.16) [#4481](https://github.com/openshift/hypershift/pull/4481) * [OCPBUGS-37065](https://issues.redhat.com/browse/OCPBUGS-37065): OCPBUGS-35899: Doubled machineHealthCheck timeout on Agent and None [#4367](https://github.com/openshift/hypershift/pull/4367) * [OCPBUGS-30282](https://issues.redhat.com/browse/OCPBUGS-30282): Multiple MachineConfigs in one CM [#4398](https://github.com/openshift/hypershift/pull/4398) * [OCPBUGS-36937](https://issues.redhat.com/browse/OCPBUGS-36937): [release-4.16] Add HTTP(s) konnectivity proxy and use it with OpenShift APIServer [#4357](https://github.com/openshift/hypershift/pull/4357) * [OCPBUGS-36766](https://issues.redhat.com/browse/OCPBUGS-36766): Delete IDMS in dataplane once HCP ICS field is removed [#4434](https://github.com/openshift/hypershift/pull/4434) * NO-JIRA: Konflux migration for release-4.16 [#4436](https://github.com/openshift/hypershift/pull/4436) * NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v8.5.11 (release-4.16) [#4430](https://github.com/openshift/hypershift/pull/4430) * [HOSTEDCP-1569](https://issues.redhat.com/browse/HOSTEDCP-1569): test: e2e: skip unknown conditions instead of erroring [#4440](https://github.com/openshift/hypershift/pull/4440) * [OCPBUGS-37645](https://issues.redhat.com/browse/OCPBUGS-37645): Set right endpointSlice port [#4431](https://github.com/openshift/hypershift/pull/4431) * [OCPBUGS-37214](https://issues.redhat.com/browse/OCPBUGS-37214): Separate ibmcloud kms encryption configuration types [#4380](https://github.com/openshift/hypershift/pull/4380) * [OCPBUGS-37302](https://issues.redhat.com/browse/OCPBUGS-37302): fix(api): Nodepool CEL validation fix [#4395](https://github.com/openshift/hypershift/pull/4395) * NO-JIRA: Red Hat Konflux update hypershift-release-mce-26 [#4392](https://github.com/openshift/hypershift/pull/4392) * [OCPBUGS-37241](https://issues.redhat.com/browse/OCPBUGS-37241): extract rhel9 MCO binaries for rhel8 based MCO images [#4383](https://github.com/openshift/hypershift/pull/4383) * NO-JIRA: [release-4.16] test/e2e: remove api budget checks [#4368](https://github.com/openshift/hypershift/pull/4368) * [HOSTEDCP-1795](https://issues.redhat.com/browse/HOSTEDCP-1795), [HOSTEDCP-1796](https://issues.redhat.com/browse/HOSTEDCP-1796): Customize the self-generated cert validity and rotation [#4371](https://github.com/openshift/hypershift/pull/4371) * NO-JIRA: chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v1.21.11-2 (release-4.16) - abandoned [#4364](https://github.com/openshift/hypershift/pull/4364) * NO-JIRA: trivial typo fixes to configuring-storage.md [#4353](https://github.com/openshift/hypershift/pull/4353) * [OCPBUGS-36849](https://issues.redhat.com/browse/OCPBUGS-36849): Add newline after TLS certs referenced by image.config [#4352](https://github.com/openshift/hypershift/pull/4352) * [OCPBUGS-36589](https://issues.redhat.com/browse/OCPBUGS-36589): Fix Hypershift dump for non-OpenShift Management Clusters [#4317](https://github.com/openshift/hypershift/pull/4317) * NO-JIRA: chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v1.21.10-1.1719562237 (release-4.16) - abandoned [#4328](https://github.com/openshift/hypershift/pull/4328) * [OCPBUGS-36358](https://issues.redhat.com/browse/OCPBUGS-36358): enable audit log for oauth-openshift [#4302](https://github.com/openshift/hypershift/pull/4302) * [OCPBUGS-35522](https://issues.redhat.com/browse/OCPBUGS-35522): Copy infra-volumesnapshot-class-mapping to core binding [#4291](https://github.com/openshift/hypershift/pull/4291) * NO-JIRA: chore(deps): update konflux references (release-4.16) [#4299](https://github.com/openshift/hypershift/pull/4299) * [OCPBUGS-36227](https://issues.redhat.com/browse/OCPBUGS-36227): kubevirt-csi-driver: Pass infra kubeconfig in case of external infra [#4276](https://github.com/openshift/hypershift/pull/4276) * [OCPBUGS-35341](https://issues.redhat.com/browse/OCPBUGS-35341): [release-4.16] Fixed ValidReleaseInfo condition [#4204](https://github.com/openshift/hypershift/pull/4204) * [OCPBUGS-36220](https://issues.redhat.com/browse/OCPBUGS-36220): Make guest cluster components use the correct KAS port [#4275](https://github.com/openshift/hypershift/pull/4275) * [OCPBUGS-35934](https://issues.redhat.com/browse/OCPBUGS-35934): check mgmt cluster for route capability before DeleteIfNeeded for ovn sbdb route [#4264](https://github.com/openshift/hypershift/pull/4264) * NO-JIRA: chore(deps): update konflux references (release-4.16) [#4260](https://github.com/openshift/hypershift/pull/4260) * [OCPBUGS-34545](https://issues.redhat.com/browse/OCPBUGS-34545): Disable PersistentVolumeLabel admission plugin [#4241](https://github.com/openshift/hypershift/pull/4241) * [OCPBUGS-35838](https://issues.redhat.com/browse/OCPBUGS-35838): Remove KMS V1 provider support for IBM Cloud [#4250](https://github.com/openshift/hypershift/pull/4250) * NO-JIRA: chore(deps): update konflux references (release-4.16) [#4251](https://github.com/openshift/hypershift/pull/4251) * [OCPBUGS-35369](https://issues.redhat.com/browse/OCPBUGS-35369): OCPBUGS-35252: Enforce Privileged Instead of Restricted PSA in 4.16 [#4193](https://github.com/openshift/hypershift/pull/4193) * NO-JIRA: chore(deps): update konflux references (release-4.16) [#4245](https://github.com/openshift/hypershift/pull/4245) * [OCPBUGS-35557](https://issues.redhat.com/browse/OCPBUGS-35557): Complete KAS migration to none endpoint reconciler type [#4227](https://github.com/openshift/hypershift/pull/4227) * NO-JIRA: chore(deps): update konflux references (release-4.16) [#4238](https://github.com/openshift/hypershift/pull/4238) * NO-JIRA: feat(olm): Set packageserver replicas to 2 for IBMCloudPlatform [#4230](https://github.com/openshift/hypershift/pull/4230) * [OCPBUGS-35268](https://issues.redhat.com/browse/OCPBUGS-35268): Add hypershift-cluster-version-operator image to release providers [#4185](https://github.com/openshift/hypershift/pull/4185) * NO-JIRA: chore(deps): update konflux references (release-4.16) [#4235](https://github.com/openshift/hypershift/pull/4235) * NO-JIRA: Red Hat Konflux update hypershift-release-mce-26 [#4233](https://github.com/openshift/hypershift/pull/4233) * [OCPBUGS-35056](https://issues.redhat.com/browse/OCPBUGS-35056): Generate default worker security group rules based on machineCIDR [#4174](https://github.com/openshift/hypershift/pull/4174) * [Full changelog](https://github.com/openshift/hypershift/compare/6946c3cc4654833ffc3db6299d5859b58b2f20a7...7e33d8351a4e924e5b39f15cde7736bb193782ee) ### [ibm-vpc-block-csi-driver](https://github.com/openshift/ibm-vpc-block-csi-driver/tree/668c884b139f2ed0ea89ebcbe1a6b915f8de66a9) * [OCPBUGS-58737](https://issues.redhat.com/browse/OCPBUGS-58737): bump github.com/golang/glog to version v1.2.4 [#106](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/106) * [OCPBUGS-56063](https://issues.redhat.com/browse/OCPBUGS-56063): tech debt: rework vendor patches [#91](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/91) * [OCPBUGS-53910](https://issues.redhat.com/browse/OCPBUGS-53910): bump github.com/golang-jwt/jwt/v4 to v4.5.2 [#84](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/84) * [OCPBUGS-36067](https://issues.redhat.com/browse/OCPBUGS-36067): CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 [#71](https://github.com/openshift/ibm-vpc-block-csi-driver/pull/71) * [Full changelog](https://github.com/openshift/ibm-vpc-block-csi-driver/compare/32b4c00517de0f54bf738380064a12d58b031eec...668c884b139f2ed0ea89ebcbe1a6b915f8de66a9) ### [ibm-vpc-block-csi-driver-operator](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/tree/9ca537683fc2ae2e7847032441fde42ff3171a48) * [OCPBUGS-59727](https://issues.redhat.com/browse/OCPBUGS-59727): [IBM VPC] set offlineExpansion to false in e2e test manifest [#149](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/149) * [OCPBUGS-42286](https://issues.redhat.com/browse/OCPBUGS-42286): Reorder static resources to create RBAC first [#129](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/129) * [OCPBUGS-36073](https://issues.redhat.com/browse/OCPBUGS-36073): CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 [#120](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/120) * [Full changelog](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/compare/34fc9a4d3a4ae00d75bbfc01ac4c6385f9e94130...9ca537683fc2ae2e7847032441fde42ff3171a48) ### [ibmcloud-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-ibmcloud/tree/f19534d79cdf99790c46da6721f29f3ed9027027) * [OCPBUGS-51818](https://issues.redhat.com/browse/OCPBUGS-51818): CVE-2025-22869 Update golang.org/x/crypto to patched OpenShift fork [#109](https://github.com/openshift/cluster-api-provider-ibmcloud/pull/109) * [OCPBUGS-43686](https://issues.redhat.com/browse/OCPBUGS-43686): UPSTREAM: <carry>: Fix go-retryablehttp CVE - 4.16 [#89](https://github.com/openshift/cluster-api-provider-ibmcloud/pull/89) * [Full changelog](https://github.com/openshift/cluster-api-provider-ibmcloud/compare/60b7ca98f5121f7e772437823b258a9fd0aa1d99...f19534d79cdf99790c46da6721f29f3ed9027027) ### [ibmcloud-machine-controllers](https://github.com/openshift/machine-api-provider-ibmcloud/tree/d29506e7fea609bc8f004256c9c057e5429f72a1) * [OCPBUGS-44870](https://issues.redhat.com/browse/OCPBUGS-44870): Bump dependency for CVE [#53](https://github.com/openshift/machine-api-provider-ibmcloud/pull/53) * [OCPBUGS-36698](https://issues.redhat.com/browse/OCPBUGS-36698): IBMCloud: Handle pagination for subnets [#42](https://github.com/openshift/machine-api-provider-ibmcloud/pull/42) * [Full changelog](https://github.com/openshift/machine-api-provider-ibmcloud/compare/1a3a3030afcbbc0a26e794050d300b818069ba16...d29506e7fea609bc8f004256c9c057e5429f72a1) ### [insights-operator](https://github.com/openshift/insights-operator/tree/0bb63f81c90506b58ba05f4823de648f187e4db0) * [OCPBUGS-61656](https://issues.redhat.com/browse/OCPBUGS-61656): virt launcher logs gatherer (#1135) (#1138) (#1147) [#1135](https://github.com/openshift/insights-operator/pull/1135) * avoid possible Go panic when searching existing conditions (#1142) [#1142](https://github.com/openshift/insights-operator/pull/1142) * fix: incorrect anonymization of domains (#1119) [#1119](https://github.com/openshift/insights-operator/pull/1119) * feat: copy proxy envs from IO pod to gathering pods (#1108) [#1108](https://github.com/openshift/insights-operator/pull/1108) * [OCPBUGS-60448](https://issues.redhat.com/browse/OCPBUGS-60448): [release-4.16] Adding missing back-port changes from OCPBUGS issue (#1117) [#1117](https://github.com/openshift/insights-operator/pull/1117) * Ignore previous status when disabling alerts (#1061) [#1061](https://github.com/openshift/insights-operator/pull/1061) * [OCPBUGS-45203](https://issues.redhat.com/browse/OCPBUGS-45203): LokiStack gatherer (#1051) [#1051](https://github.com/openshift/insights-operator/pull/1051) * [OCPBUGS-45044](https://issues.redhat.com/browse/OCPBUGS-45044): insightsoperator.operator.openshift.io resource is create-only (#1054) [#1054](https://github.com/openshift/insights-operator/pull/1054) * gather selected clusterroles (#1023) [#1023](https://github.com/openshift/insights-operator/pull/1023) * [OCPBUGS-39564](https://issues.redhat.com/browse/OCPBUGS-39564): Not able to enable repositories during entitled build in OCP Cluster on IBM-Z (#1013) [#1013](https://github.com/openshift/insights-operator/pull/1013) * [OCPBUGS-39394](https://issues.redhat.com/browse/OCPBUGS-39394): collect some nmstate customresources (#986) (#989) (#995) [#986](https://github.com/openshift/insights-operator/pull/986) * [OCPBUGS-38021](https://issues.redhat.com/browse/OCPBUGS-38021): Integration of the OpenStack CRs into the insights-operator (#974) [#974](https://github.com/openshift/insights-operator/pull/974) * Add haproxy metric (#977) [#977](https://github.com/openshift/insights-operator/pull/977) * [OCPBUGS-37671](https://issues.redhat.com/browse/OCPBUGS-37671): Ingress controller related certificates' validate dates gathering (#970) [#970](https://github.com/openshift/insights-operator/pull/970) * fix the configmapobserver notifications (#969) [#969](https://github.com/openshift/insights-operator/pull/969) * [OCPBUGS-35882](https://issues.redhat.com/browse/OCPBUGS-35882): properly encode the URL for the advisor links (#957) [#957](https://github.com/openshift/insights-operator/pull/957) * [Full changelog](https://github.com/openshift/insights-operator/compare/3c7446c68efe41e66efa1edca41aac89ba38f7fc...0bb63f81c90506b58ba05f4823de648f187e4db0) ### [ironic](https://github.com/openshift/ironic-image/tree/d08ca1e28ec84a3b34e87aea3dcb67a475b342e5) * [METAL-1306](https://issues.redhat.com/browse/METAL-1306): Do not use openstack packages [#648](https://github.com/openshift/ironic-image/pull/648) * [OCPBUGS-49895](https://issues.redhat.com/browse/OCPBUGS-49895): Drop quiet option of grep to avoid race condition with pipefail [#634](https://github.com/openshift/ironic-image/pull/634) * [OCPBUGS-48151](https://issues.redhat.com/browse/OCPBUGS-48151), [OCPBUGS-48598](https://issues.redhat.com/browse/OCPBUGS-48598): Bump jinja2 to 3.0.1-6.el9.2 [#623](https://github.com/openshift/ironic-image/pull/623) * [OCPBUGS-44895](https://issues.redhat.com/browse/OCPBUGS-44895): Bump Ironic [#610](https://github.com/openshift/ironic-image/pull/610) * [OCPBUGS-43950](https://issues.redhat.com/browse/OCPBUGS-43950), [OCPBUGS-43958](https://issues.redhat.com/browse/OCPBUGS-43958): Bump python-waitress [4.16] [#604](https://github.com/openshift/ironic-image/pull/604) * [OCPBUGS-43438](https://issues.redhat.com/browse/OCPBUGS-43438): Include fixes for CVE-2024-5569 [#599](https://github.com/openshift/ironic-image/pull/599) * [OCPBUGS-42511](https://issues.redhat.com/browse/OCPBUGS-42511): Include fix for CVE-2024-47211 [#594](https://github.com/openshift/ironic-image/pull/594) * [OCPBUGS-39017](https://issues.redhat.com/browse/OCPBUGS-39017): Bump ironic-lib to fix utf8 decoding issue [#569](https://github.com/openshift/ironic-image/pull/569) * [OCPBUGS-38797](https://issues.redhat.com/browse/OCPBUGS-38797): redfish-virtualmedia fails on XFusion nodes [#564](https://github.com/openshift/ironic-image/pull/564) * [OCPBUGS-42113](https://issues.redhat.com/browse/OCPBUGS-42113): Update ironic-inspector to fix the memory leak [#587](https://github.com/openshift/ironic-image/pull/587) * [OCPBUGS-37758](https://issues.redhat.com/browse/OCPBUGS-37758), [OCPBUGS-39383](https://issues.redhat.com/browse/OCPBUGS-39383): Include fixes for CVE-2024-44082 [#579](https://github.com/openshift/ironic-image/pull/579) * [OCPBUGS-38510](https://issues.redhat.com/browse/OCPBUGS-38510): set min version for python3-webob [#553](https://github.com/openshift/ironic-image/pull/553) * [OCPBUGS-33376](https://issues.redhat.com/browse/OCPBUGS-33376): bump werkzeug [#534](https://github.com/openshift/ironic-image/pull/534) * [OCPBUGS-36838](https://issues.redhat.com/browse/OCPBUGS-36838): Update Jinja2 [#521](https://github.com/openshift/ironic-image/pull/521) * [OCPBUGS-36285](https://issues.redhat.com/browse/OCPBUGS-36285): Read ironic and inspector htpasswds from files [#517](https://github.com/openshift/ironic-image/pull/517) * [Full changelog](https://github.com/openshift/ironic-image/compare/9d49fd688bcd13f28ed89f4641429f0b0797b339...d08ca1e28ec84a3b34e87aea3dcb67a475b342e5) ### [ironic-agent](https://github.com/openshift/ironic-agent-image/tree/aea138cd4ac822092199c141bb925b37527389cd) * [METAL-1306](https://issues.redhat.com/browse/METAL-1306): Do not use openstack packages [#180](https://github.com/openshift/ironic-agent-image/pull/180) * [OCPBUGS-39017](https://issues.redhat.com/browse/OCPBUGS-39017): Bump ironic-lib to fix utf8 decoding issue [#156](https://github.com/openshift/ironic-agent-image/pull/156) * [OCPBUGS-39383](https://issues.redhat.com/browse/OCPBUGS-39383): Include fixes for CVE-2024-44082 [#161](https://github.com/openshift/ironic-agent-image/pull/161) * [OCPBUGS-38510](https://issues.redhat.com/browse/OCPBUGS-38510): set webob and bump werkzeug [#149](https://github.com/openshift/ironic-agent-image/pull/149) * [Full changelog](https://github.com/openshift/ironic-agent-image/compare/63681a469fdba2f223373ff36350bf2462b997a3...aea138cd4ac822092199c141bb925b37527389cd) ### [ironic-static-ip-manager](https://github.com/openshift/ironic-static-ip-manager/tree/f44e8a08c3d82378c8404ed7e3e8ab1f1fb3f28f) * [OCPBUGS-49595](https://issues.redhat.com/browse/OCPBUGS-49595): Fix subnet validation [#48](https://github.com/openshift/ironic-static-ip-manager/pull/48) * [Full changelog](https://github.com/openshift/ironic-static-ip-manager/compare/e78e4c3e6db1805816308197eb9002dfbca27560...f44e8a08c3d82378c8404ed7e3e8ab1f1fb3f28f) ### [keepalived-ipfailover](https://github.com/openshift/images/tree/b58673a314f0e8253fabadada2ee1a9e5b11c5cf) * [OKD-219](https://issues.redhat.com/browse/OKD-219): add util-linux to base image [#188](https://github.com/openshift/images/pull/188) * [Full changelog](https://github.com/openshift/images/compare/661d4f2ac6466565889ad11acb19d49d6e11333a...b58673a314f0e8253fabadada2ee1a9e5b11c5cf) ### [kube-metrics-server](https://github.com/openshift/kubernetes-metrics-server/tree/9116b918b6b9c2336fcbbf6c7c78c2e28fa2714a) * : OCPBUGS-46663: Disable HTTP2 [#41](https://github.com/openshift/kubernetes-metrics-server/pull/41) * [OCPBUGS-41717](https://issues.redhat.com/browse/OCPBUGS-41717): Wire server run options to flags. ([release-4.16] backport) [#37](https://github.com/openshift/kubernetes-metrics-server/pull/37) * [Full changelog](https://github.com/openshift/kubernetes-metrics-server/compare/7938f253e74f2259951cc882f2879a9860a38481...9116b918b6b9c2336fcbbf6c7c78c2e28fa2714a) ### [kube-proxy, sdn](https://github.com/openshift/sdn/tree/53fea06bf50bdeff168cdf1ca3f5e19375c56f02) * [OCPBUGS-54457](https://issues.redhat.com/browse/OCPBUGS-54457): Drop SYNACK as well in MCS side [#658](https://github.com/openshift/sdn/pull/658) * [OCPBUGS-44674](https://issues.redhat.com/browse/OCPBUGS-44674): Handle `openshift-host-network` namespace as special when it modifies [#648](https://github.com/openshift/sdn/pull/648) * [OCPBUGS-46493](https://issues.redhat.com/browse/OCPBUGS-46493): Raise the minSyncPeriod for NetworkPolicies to 10s during migration [#649](https://github.com/openshift/sdn/pull/649) * [OCPBUGS-46048](https://issues.redhat.com/browse/OCPBUGS-46048): clean up containernetworking/plugins vendoring in sdn [#645](https://github.com/openshift/sdn/pull/645) * [OCPBUGS-45806](https://issues.redhat.com/browse/OCPBUGS-45806): Stop checking ruleVersion [4.16] [#643](https://github.com/openshift/sdn/pull/643) * [OCPBUGS-44301](https://issues.redhat.com/browse/OCPBUGS-44301): Use copy() to duplicate a net.IP [#641](https://github.com/openshift/sdn/pull/641) * [OCPBUGS-43344](https://issues.redhat.com/browse/OCPBUGS-43344): OCPBUGS-42244: Implement namespaceSelectors on ingress with all pods IPs [#635](https://github.com/openshift/sdn/pull/635) * [OCPBUGS-42203](https://issues.redhat.com/browse/OCPBUGS-42203): fix UDP conntrack cleanup [#636](https://github.com/openshift/sdn/pull/636) * [OCPBUGS-42159](https://issues.redhat.com/browse/OCPBUGS-42159): fix redundant router-default iptables rule [#633](https://github.com/openshift/sdn/pull/633) * [Full changelog](https://github.com/openshift/sdn/compare/5b658c433786797d0ac1b870db08346584794514...53fea06bf50bdeff168cdf1ca3f5e19375c56f02) ### [kube-rbac-proxy](https://github.com/openshift/kube-rbac-proxy/tree/c38f4734c6b6931c75d46674122fb4b838b6e64b) * [OCPBUGS-30447](https://issues.redhat.com/browse/OCPBUGS-30447): protobuf bump [4.16] [#111](https://github.com/openshift/kube-rbac-proxy/pull/111) * [Full changelog](https://github.com/openshift/kube-rbac-proxy/compare/8ea2c994df4296ec161023d8ff85f9ea0e383216...c38f4734c6b6931c75d46674122fb4b838b6e64b) ### [kube-storage-version-migrator](https://github.com/openshift/kubernetes-kube-storage-version-migrator/tree/6f2133209d90d822e79d679ed483eeb755ceaaf8) * NO-JIRA: Add DOWNSTREAM_OWNERS (release 4-16). [#227](https://github.com/openshift/kubernetes-kube-storage-version-migrator/pull/227) * [Full changelog](https://github.com/openshift/kubernetes-kube-storage-version-migrator/compare/969a60e9e2466c44f5b3ffd43fe3ecab11bf1e51...6f2133209d90d822e79d679ed483eeb755ceaaf8) ### [kubevirt-csi-driver](https://github.com/openshift/kubevirt-csi-driver/tree/d474c42ed4486f36cbcc8bfecac6b184483e92ee) * [OCPBUGS-54632](https://issues.redhat.com/browse/OCPBUGS-54632): Ensure volume stays attached through reboots [#57](https://github.com/openshift/kubevirt-csi-driver/pull/57) * [OCPBUGS-44622](https://issues.redhat.com/browse/OCPBUGS-44622): During detach don't return error if VM is not found [#49](https://github.com/openshift/kubevirt-csi-driver/pull/49) * [Full changelog](https://github.com/openshift/kubevirt-csi-driver/compare/0693093f773c5046e231f174e7930315feabd996...d474c42ed4486f36cbcc8bfecac6b184483e92ee) ### [libvirt-machine-controllers](https://github.com/openshift/cluster-api-provider-libvirt/tree/4bd420eb2a0c79d0ec1b7f81a70e6c367f513914) * [OCPBUGS-26525](https://issues.redhat.com/browse/OCPBUGS-26525): Updating ose-libvirt-machine-controllers-container image to be consistent with ART for 4.16 [#283](https://github.com/openshift/cluster-api-provider-libvirt/pull/283) * [Full changelog](https://github.com/openshift/cluster-api-provider-libvirt/compare/a336f0b5f7ee99c418aaab3d511707bd0064bd56...4bd420eb2a0c79d0ec1b7f81a70e6c367f513914) ### [machine-api-operator](https://github.com/openshift/machine-api-operator/tree/0f08bd6aceaca6fd83d047faac51186d90d9c946) * [OCPBUGS-57210](https://issues.redhat.com/browse/OCPBUGS-57210): Updates GCP CredentialsRequest [#1378](https://github.com/openshift/machine-api-operator/pull/1378) * [OCPBUGS-55248](https://issues.redhat.com/browse/OCPBUGS-55248), [OCPBUGS-55249](https://issues.redhat.com/browse/OCPBUGS-55249): Updates GCP credentials request [#1355](https://github.com/openshift/machine-api-operator/pull/1355) * [OCPBUGS-53045](https://issues.redhat.com/browse/OCPBUGS-53045): add image/read permissions [#1348](https://github.com/openshift/machine-api-operator/pull/1348) * [OCPBUGS-52342](https://issues.redhat.com/browse/OCPBUGS-52342): Drop oVirt support [#1336](https://github.com/openshift/machine-api-operator/pull/1336) * [OCPBUGS-45947](https://issues.redhat.com/browse/OCPBUGS-45947): vSphere klog initialization preventing verbose log messages [#1312](https://github.com/openshift/machine-api-operator/pull/1312) * [OCPBUGS-45998](https://issues.redhat.com/browse/OCPBUGS-45998): Ensure deletion annotation takes priority and oldestPolicy can distinguish longer ages [#1313](https://github.com/openshift/machine-api-operator/pull/1313) * [OCPBUGS-39028](https://issues.redhat.com/browse/OCPBUGS-39028): Updates message verbs to use %q where appropriate [#1282](https://github.com/openshift/machine-api-operator/pull/1282) * [OCPBUGS-43433](https://issues.redhat.com/browse/OCPBUGS-43433): Vsphere: Handle cloned instance with lost taskID [#1298](https://github.com/openshift/machine-api-operator/pull/1298) * [CORS-3648](https://issues.redhat.com/browse/CORS-3648): Add the hyperdisk-balanced disk type [#1279](https://github.com/openshift/machine-api-operator/pull/1279) * [CFE-1051](https://issues.redhat.com/browse/CFE-1051): Adding web-hook validation for capacityReservationGroupID [#1263](https://github.com/openshift/machine-api-operator/pull/1263) * [Full changelog](https://github.com/openshift/machine-api-operator/compare/49a82ff09217fcef6c3c51d0a0e34582b5355c98...0f08bd6aceaca6fd83d047faac51186d90d9c946) ### [machine-config-operator](https://github.com/openshift/machine-config-operator/tree/830537df7183adf4bfdfed82c868c9df226f6f3f) * [OCPBUGS-63332](https://issues.redhat.com/browse/OCPBUGS-63332): Recheck generatedByControllerVersion annotation prior to deleting a degraded MC [#5364](https://github.com/openshift/machine-config-operator/pull/5364) * [OCPBUGS-56753](https://issues.redhat.com/browse/OCPBUGS-56753): Support NODEIP_HINT in IPI deployments too [#5079](https://github.com/openshift/machine-config-operator/pull/5079) * [OCPBUGS-62689](https://issues.redhat.com/browse/OCPBUGS-62689): Add mcd_local_unsupported_packages recording rule [#5328](https://github.com/openshift/machine-config-operator/pull/5328) * [OCPBUGS-59931](https://issues.redhat.com/browse/OCPBUGS-59931), [OPNET-681](https://issues.redhat.com/browse/OPNET-681): Support migration to NMState [#5205](https://github.com/openshift/machine-config-operator/pull/5205) * [OCPBUGS-61869](https://issues.redhat.com/browse/OCPBUGS-61869): Override NMState service definition [#5290](https://github.com/openshift/machine-config-operator/pull/5290) * [OCPBUGS-60621](https://issues.redhat.com/browse/OCPBUGS-60621): Add workaround fix for static pod race [#5252](https://github.com/openshift/machine-config-operator/pull/5252) * [OCPBUGS-56558](https://issues.redhat.com/browse/OCPBUGS-56558): Log CRC MC deletion [#5178](https://github.com/openshift/machine-config-operator/pull/5178) * [OCPBUGS-58270](https://issues.redhat.com/browse/OCPBUGS-58270): Do not set cpu system reserve below the default value [#5163](https://github.com/openshift/machine-config-operator/pull/5163) * add missing vendors [#4952](https://github.com/openshift/machine-config-operator/pull/4952) * [OCPBUGS-48283](https://issues.redhat.com/browse/OCPBUGS-48283): Do not run resolv-prepender from NM dispatcher [#4784](https://github.com/openshift/machine-config-operator/pull/4784) * [OCPBUGS-56868](https://issues.redhat.com/browse/OCPBUGS-56868): daemon: fix ostree-finalize-staged race workaround for package mode RHEL workers [#5090](https://github.com/openshift/machine-config-operator/pull/5090) * [OCPBUGS-56626](https://issues.redhat.com/browse/OCPBUGS-56626): error from generateAndValidateRenderedMachineConfig function can be misleading [#5075](https://github.com/openshift/machine-config-operator/pull/5075) * [OCPBUGS-54831](https://issues.redhat.com/browse/OCPBUGS-54831): Make mtu-migration run after wait-for-primary-ip [#4990](https://github.com/openshift/machine-config-operator/pull/4990) * [OCPBUGS-55684](https://issues.redhat.com/browse/OCPBUGS-55684): MSBIC should not update windows machinesets [#5028](https://github.com/openshift/machine-config-operator/pull/5028) * [OCPBUGS-35921](https://issues.redhat.com/browse/OCPBUGS-35921): userCA and cloudCA certfiicates are not removed from nodes and ignition config [#4419](https://github.com/openshift/machine-config-operator/pull/4419) * [OCPBUGS-53248](https://issues.redhat.com/browse/OCPBUGS-53248): Enforce VIPs to be collocated at the same host [#4923](https://github.com/openshift/machine-config-operator/pull/4923) * [OCPBUGS-53043](https://issues.redhat.com/browse/OCPBUGS-53043): Enable nmstate-configuration on all platforms [#4910](https://github.com/openshift/machine-config-operator/pull/4910) * [OCPBUGS-52952](https://issues.redhat.com/browse/OCPBUGS-52952): Add ipsec connect wait service [#4931](https://github.com/openshift/machine-config-operator/pull/4931) * [OCPBUGS-54163](https://issues.redhat.com/browse/OCPBUGS-54163): Fixing typos for MachineConfigNode [#4942](https://github.com/openshift/machine-config-operator/pull/4942) * [OCPBUGS-53434](https://issues.redhat.com/browse/OCPBUGS-53434): Update ObservedGeneration in KubeletConfig [#4935](https://github.com/openshift/machine-config-operator/pull/4935) * [OCPBUGS-53313](https://issues.redhat.com/browse/OCPBUGS-53313): daemon: ensure ostree-finalize-staged is started before rebooting [#4928](https://github.com/openshift/machine-config-operator/pull/4928) * [OCPBUGS-52421](https://issues.redhat.com/browse/OCPBUGS-52421): Update format verbs for alert logs [#4901](https://github.com/openshift/machine-config-operator/pull/4901) * [OCPBUGS-51347](https://issues.redhat.com/browse/OCPBUGS-51347): Update the storage.conf configuration file template [#4881](https://github.com/openshift/machine-config-operator/pull/4881) * [OCPBUGS-52593](https://issues.redhat.com/browse/OCPBUGS-52593): Update cluster-reader ClusterRole permissions [#4905](https://github.com/openshift/machine-config-operator/pull/4905) * [OCPBUGS-52404](https://issues.redhat.com/browse/OCPBUGS-52404): create /run/nodeip-configuration before use [#4897](https://github.com/openshift/machine-config-operator/pull/4897) * [OCPBUGS-52310](https://issues.redhat.com/browse/OCPBUGS-52310): configure-ovs workaround for ovs-if-br-ex bug [#4892](https://github.com/openshift/machine-config-operator/pull/4892) * [OCPBUGS-50862](https://issues.redhat.com/browse/OCPBUGS-50862): Auto-recover from MC with invalid extension [#4853](https://github.com/openshift/machine-config-operator/pull/4853) * [OCPBUGS-43680](https://issues.redhat.com/browse/OCPBUGS-43680): Regenerate the rendered MC in use when deleted [#4655](https://github.com/openshift/machine-config-operator/pull/4655) * [OCPBUGS-49976](https://issues.redhat.com/browse/OCPBUGS-49976): Add clarification to invalid maxUnavailable alert [#4837](https://github.com/openshift/machine-config-operator/pull/4837) * [OCPBUGS-39224](https://issues.redhat.com/browse/OCPBUGS-39224): Do not enable on-prem-resolv-prepender.path for UPI [#4573](https://github.com/openshift/machine-config-operator/pull/4573) * [OCPBUGS-48290](https://issues.redhat.com/browse/OCPBUGS-48290): Pausing Master MCP results in Alerts [#4786](https://github.com/openshift/machine-config-operator/pull/4786) * [OCPBUGS-43765](https://issues.redhat.com/browse/OCPBUGS-43765): openstack: fix non-old systemd compatible unit [#4660](https://github.com/openshift/machine-config-operator/pull/4660) * [OCPBUGS-43741](https://issues.redhat.com/browse/OCPBUGS-43741): Soften haproxy timeout for kubeapi probe [#4662](https://github.com/openshift/machine-config-operator/pull/4662) * [OCPBUGS-48116](https://issues.redhat.com/browse/OCPBUGS-48116): OCPBUGS-47801: trying to wait for sub-controllers [#4777](https://github.com/openshift/machine-config-operator/pull/4777) * [OCPBUGS-45974](https://issues.redhat.com/browse/OCPBUGS-45974): Remove trailing periods from AWS provided hostnames [#4744](https://github.com/openshift/machine-config-operator/pull/4744) * [OCPBUGS-44337](https://issues.redhat.com/browse/OCPBUGS-44337): Removal of additionalTrustBundle CA does not remove certificate from node backport [#4688](https://github.com/openshift/machine-config-operator/pull/4688) * [MCO-1342](https://issues.redhat.com/browse/MCO-1342): Backport Telemetry to 4.16 [#4649](https://github.com/openshift/machine-config-operator/pull/4649) * [OCPBUGS-44043](https://issues.redhat.com/browse/OCPBUGS-44043): Disable ESP offload for OVS attached interfaces [#4676](https://github.com/openshift/machine-config-operator/pull/4676) * [OCPBUGS-42109](https://issues.redhat.com/browse/OCPBUGS-42109): Do not use 'restart' for 'oneshot' service [#4616](https://github.com/openshift/machine-config-operator/pull/4616) * [OCPBUGS-42744](https://issues.redhat.com/browse/OCPBUGS-42744): Check for kernel arg diff in updateOnClusterBuild [#4628](https://github.com/openshift/machine-config-operator/pull/4628) * [OCPBUGS-42722](https://issues.redhat.com/browse/OCPBUGS-42722): Panic seen in CI job for MCC pod [#4626](https://github.com/openshift/machine-config-operator/pull/4626) * [OCPBUGS-42719](https://issues.redhat.com/browse/OCPBUGS-42719): MCPs report wrong number of nodes when we move nodes from one custom MCP to another custom MCP [#4625](https://github.com/openshift/machine-config-operator/pull/4625) * [OCPBUGS-41293](https://issues.redhat.com/browse/OCPBUGS-41293): Enable the use of Linux Bridge as the ovs default port connection [#4563](https://github.com/openshift/machine-config-operator/pull/4563) * [OCPBUGS-41256](https://issues.redhat.com/browse/OCPBUGS-41256): Set ESP offloads off in bonds if slaves don't support them [#4627](https://github.com/openshift/machine-config-operator/pull/4627) * [OCPBUGS-41806](https://issues.redhat.com/browse/OCPBUGS-41806): When newly built images rolled out, the update progress is not displaying correctly (went 0 --> 3) [#4584](https://github.com/openshift/machine-config-operator/pull/4584) * [OCPBUGS-41518](https://issues.redhat.com/browse/OCPBUGS-41518): CVE-2024-3727 ose-machine-config-operator-container: containers/image: digest type does not guarantee valid type [#4569](https://github.com/openshift/machine-config-operator/pull/4569) * [OCPBUGS-38997](https://issues.redhat.com/browse/OCPBUGS-38997): Machine-config daemon ListPools panic during tech-preview CI runs [#4550](https://github.com/openshift/machine-config-operator/pull/4550) * [OCPBUGS-38711](https://issues.redhat.com/browse/OCPBUGS-38711): SCC-pinning for openshift workloads [#4539](https://github.com/openshift/machine-config-operator/pull/4539) * [OCPBUGS-36850](https://issues.redhat.com/browse/OCPBUGS-36850): Port number 22623 exposing weak ciphers to external client from master node IP [#4556](https://github.com/openshift/machine-config-operator/pull/4556) * [OCPBUGS-38373](https://issues.redhat.com/browse/OCPBUGS-38373): Revert "MCD-pull: run after network-online.target in Azure" [#4528](https://github.com/openshift/machine-config-operator/pull/4528) * [OCPBUGS-36171](https://issues.redhat.com/browse/OCPBUGS-36171), [OCPBUGS-36172](https://issues.redhat.com/browse/OCPBUGS-36172): fix secret canonicalization [#4432](https://github.com/openshift/machine-config-operator/pull/4432) * [OCPBUGS-37759](https://issues.redhat.com/browse/OCPBUGS-37759): Guard MachineOSBuild & MachineOSConfig informers with feature gates [#4505](https://github.com/openshift/machine-config-operator/pull/4505) * [OCPBUGS-37550](https://issues.redhat.com/browse/OCPBUGS-37550): On-Prem resolv prepender to watch for NM changes [#4498](https://github.com/openshift/machine-config-operator/pull/4498) * [OCPBUGS-37485](https://issues.redhat.com/browse/OCPBUGS-37485): kubelet: boot without PSI for performance concerns [#4486](https://github.com/openshift/machine-config-operator/pull/4486) * [OCPBUGS-37840](https://issues.redhat.com/browse/OCPBUGS-37840): [release-4.16] Introduce versioning for Auto Node Sizing feature [#4382](https://github.com/openshift/machine-config-operator/pull/4382) * [OCPBUGS-35891](https://issues.redhat.com/browse/OCPBUGS-35891): Make logging configurable for on-prem components [#4418](https://github.com/openshift/machine-config-operator/pull/4418) * [OCPBUGS-37470](https://issues.redhat.com/browse/OCPBUGS-37470): Nodes are drained twice when an OCB image is applied [#4484](https://github.com/openshift/machine-config-operator/pull/4484) * [OCPBUGS-37460](https://issues.redhat.com/browse/OCPBUGS-37460): Openshift uncordoned compute-node that was intentionally cordoned [#4483](https://github.com/openshift/machine-config-operator/pull/4483) * [OCPBUGS-37428](https://issues.redhat.com/browse/OCPBUGS-37428): Machine-config operator should not hot loop generating ValidatingAdmissionPolicyUpdated events [#4482](https://github.com/openshift/machine-config-operator/pull/4482) * [OCPBUGS-36775](https://issues.redhat.com/browse/OCPBUGS-36775): templates: run disable-mglru conditionally [#4462](https://github.com/openshift/machine-config-operator/pull/4462) * [OCPBUGS-36330](https://issues.redhat.com/browse/OCPBUGS-36330): daemon: Handle correctly OS Version for 4.1 and 4.2 bootimages [#4445](https://github.com/openshift/machine-config-operator/pull/4445) * [OCPBUGS-36536](https://issues.redhat.com/browse/OCPBUGS-36536): MCD-pull: run after network-online.target in Azure [#4453](https://github.com/openshift/machine-config-operator/pull/4453) * [OCPBUGS-35929](https://issues.redhat.com/browse/OCPBUGS-35929): The MCD can override a restart crio action with a reload crio action [#4420](https://github.com/openshift/machine-config-operator/pull/4420) * [OCPBUGS-36165](https://issues.redhat.com/browse/OCPBUGS-36165), [OCPBUGS-36166](https://issues.redhat.com/browse/OCPBUGS-36166): CurrentImagePullSecret should be consumed by the MCD [#4430](https://github.com/openshift/machine-config-operator/pull/4430) * [OCPBUGS-35753](https://issues.redhat.com/browse/OCPBUGS-35753): Fix reference to $host_file [#4413](https://github.com/openshift/machine-config-operator/pull/4413) * [OCPBUGS-36198](https://issues.redhat.com/browse/OCPBUGS-36198): daemon/update: disable systemd unit before overwriting [#4436](https://github.com/openshift/machine-config-operator/pull/4436) * [OCPBUGS-35806](https://issues.redhat.com/browse/OCPBUGS-35806): Revert "Azure: add Azure specific dnsmasq ordering" [#4414](https://github.com/openshift/machine-config-operator/pull/4414) * [Full changelog](https://github.com/openshift/machine-config-operator/compare/9e4a1f5f4c7ef58082021ca40556c67f99062d0a...830537df7183adf4bfdfed82c868c9df226f6f3f) ### [machine-os-images](https://github.com/openshift/machine-os-images/tree/a99847b4450d58dbd0e487dd7e834586cd3e9289) * [OCPBUGS-54169](https://issues.redhat.com/browse/OCPBUGS-54169): Change rhcos release browser url [#57](https://github.com/openshift/machine-os-images/pull/57) * [Full changelog](https://github.com/openshift/machine-os-images/compare/3cc97098ecb9870dcb571f1ed1e26e2f70ce9f8c...a99847b4450d58dbd0e487dd7e834586cd3e9289) ### [monitoring-plugin](https://github.com/openshift/monitoring-plugin/tree/b3e669b974bff4240a547bfebcb443cf5d16a841) * [OCPBUGS-54316](https://issues.redhat.com/browse/OCPBUGS-54316): Fix "Export as CSV" [#469](https://github.com/openshift/monitoring-plugin/pull/469) * [OU-559](https://issues.redhat.com/browse/OU-559): fix log based alerts namespace for dev console [#320](https://github.com/openshift/monitoring-plugin/pull/320) * [OCPBUGS-44395](https://issues.redhat.com/browse/OCPBUGS-44395): remove unused package and upgrade vulnerable dependency [#272](https://github.com/openshift/monitoring-plugin/pull/272) * [OCPBUGS-43239](https://issues.redhat.com/browse/OCPBUGS-43239): upgrade dynamic plugin sdk to remove vulnerable dependencies 4.16 [#217](https://github.com/openshift/monitoring-plugin/pull/217) * [OCPBUGS-42424](https://issues.redhat.com/browse/OCPBUGS-42424): fix path-to-regexp dependency [#197](https://github.com/openshift/monitoring-plugin/pull/197) * NO-JIRA: Use rhel9 base image in Dockerfile [#122](https://github.com/openshift/monitoring-plugin/pull/122) * [Full changelog](https://github.com/openshift/monitoring-plugin/compare/f1fc4315bffa538d0a18e581866093a004db460b...b3e669b974bff4240a547bfebcb443cf5d16a841) ### [multus-admission-controller](https://github.com/openshift/multus-admission-controller/tree/a15bf454ad4446cefdb708ea3f121d08a0df83ee) * [OCPBUGS-58767](https://issues.redhat.com/browse/OCPBUGS-58767): Update the github.com/golang/glog module to v1.2.4 [#103](https://github.com/openshift/multus-admission-controller/pull/103) * [OCPBUGS-36341](https://issues.redhat.com/browse/OCPBUGS-36341): Update owners [#87](https://github.com/openshift/multus-admission-controller/pull/87) * [Full changelog](https://github.com/openshift/multus-admission-controller/compare/2591682f2d409eea29cced23bf355ca8f27fcec8...a15bf454ad4446cefdb708ea3f121d08a0df83ee) ### [multus-cni, multus-cni-microshift](https://github.com/openshift/multus-cni/tree/e88ad2bbc482feb728c61783cfed85509b2a2db6) * [OCPBUGS-47472](https://issues.redhat.com/browse/OCPBUGS-47472): adds getcontext (backport 4.16) [#261](https://github.com/openshift/multus-cni/pull/261) * [Full changelog](https://github.com/openshift/multus-cni/compare/c4aa21b9bfed4ebafc2e67ca1474e245b67b5f9f...e88ad2bbc482feb728c61783cfed85509b2a2db6) ### [multus-networkpolicy](https://github.com/openshift/multus-networkpolicy/tree/f988f894ded7e6645a1b3cc0d6090601809d4e7c) * Update owners (#57) [#57](https://github.com/openshift/multus-networkpolicy/pull/57) * [Full changelog](https://github.com/openshift/multus-networkpolicy/compare/c9a6ba24e92dad55e00fc17815a3e9988ee14d2d...f988f894ded7e6645a1b3cc0d6090601809d4e7c) ### [multus-route-override-cni](https://github.com/openshift/route-override-cni/tree/73594f7759e76600c95601138ab5be4969978f63) * [OCPBUGS-37726](https://issues.redhat.com/browse/OCPBUGS-37726): Update owners [#58](https://github.com/openshift/route-override-cni/pull/58) * [Full changelog](https://github.com/openshift/route-override-cni/compare/6a04feea1b1ab85914d9793a3bb8502c54bef172...73594f7759e76600c95601138ab5be4969978f63) ### [multus-whereabouts-ipam-cni](https://github.com/openshift/whereabouts-cni/tree/467d84ad05ef97ab2a36d27258185942e21d1636) * [OCPBUGS-55618](https://issues.redhat.com/browse/OCPBUGS-55618): Fixes leftover podref issue [#365](https://github.com/openshift/whereabouts-cni/pull/365) * [OCPBUGS-50005](https://issues.redhat.com/browse/OCPBUGS-50005): [Release-4.17]Kubeconfig loop [#340](https://github.com/openshift/whereabouts-cni/pull/340) * [OCPBUGS-37707](https://issues.redhat.com/browse/OCPBUGS-37707), [OCPBUGS-37708](https://issues.redhat.com/browse/OCPBUGS-37708): [release-4.16] align api calls timeout and skip pods marked for deletion [#304](https://github.com/openshift/whereabouts-cni/pull/304) * [OCPBUGS-37723](https://issues.redhat.com/browse/OCPBUGS-37723): Update owners [#294](https://github.com/openshift/whereabouts-cni/pull/294) * [OCPBUGS-35923](https://issues.redhat.com/browse/OCPBUGS-35923): [release-4.16] Return previous IP allocation for add cmd [#293](https://github.com/openshift/whereabouts-cni/pull/293) * [Full changelog](https://github.com/openshift/whereabouts-cni/compare/c2d65d1fc7b414bf8c823b2b9f90d6cb3371d975...467d84ad05ef97ab2a36d27258185942e21d1636) ### [must-gather](https://github.com/openshift/must-gather/tree/774a4e024925cc6034969eb84c9030a338a187e5) * [OCPBUGS-42960](https://issues.redhat.com/browse/OCPBUGS-42960): Gather OSUS data [#455](https://github.com/openshift/must-gather/pull/455) * [OCPBUGS-48082](https://issues.redhat.com/browse/OCPBUGS-48082): Update owners [#473](https://github.com/openshift/must-gather/pull/473) * [OCPBUGS-46407](https://issues.redhat.com/browse/OCPBUGS-46407): Support gathering IPsec data [#469](https://github.com/openshift/must-gather/pull/469) * [OCPBUGS-42969](https://issues.redhat.com/browse/OCPBUGS-42969): Collect etcd object count [#454](https://github.com/openshift/must-gather/pull/454) * [OCPBUGS-43056](https://issues.redhat.com/browse/OCPBUGS-43056): Open [Release-4.16] Multus is now a Pod and will be captured by normal [#449](https://github.com/openshift/must-gather/pull/449) * [OCPBUGS-35357](https://issues.redhat.com/browse/OCPBUGS-35357): Run ppc node collection in parallel [#426](https://github.com/openshift/must-gather/pull/426) * [Full changelog](https://github.com/openshift/must-gather/compare/7d5f789407c53600f6bd4013ab35727ae09e719e...774a4e024925cc6034969eb84c9030a338a187e5) ### [network-interface-bond-cni](https://github.com/openshift/bond-cni/tree/e6880659ea1327c5b48dcf64a426eadfbafc0f1b) * [OCPBUGS-61348](https://issues.redhat.com/browse/OCPBUGS-61348): Bump github.com/containernetworking/plugins from to 1.7.1 [#95](https://github.com/openshift/bond-cni/pull/95) * NO-JIRA: Updating ose-network-interface-bond-cni-container image to be consistent with ART for 4.16 [#91](https://github.com/openshift/bond-cni/pull/91) * NO-JIRA: Add ci-operator.yaml file on release-4.16 [#84](https://github.com/openshift/bond-cni/pull/84) * [Full changelog](https://github.com/openshift/bond-cni/compare/bb911451158fc06f193917863778434944e88ae1...e6880659ea1327c5b48dcf64a426eadfbafc0f1b) ### [network-metrics-daemon](https://github.com/openshift/network-metrics-daemon/tree/1210db38beff72968f1227f10312a9086b1b914e) * [OCPBUGS-58777](https://issues.redhat.com/browse/OCPBUGS-58777): Bump github.com/golang/glog to v1.2.4 (#113) [#113](https://github.com/openshift/network-metrics-daemon/pull/113) * [OCPBUGS-60186](https://issues.redhat.com/browse/OCPBUGS-60186): Replace e2e test image (#122) [#122](https://github.com/openshift/network-metrics-daemon/pull/122) * swtich golint install method (#123) [#123](https://github.com/openshift/network-metrics-daemon/pull/123) * Correct 4.16 owners file (#98) [#98](https://github.com/openshift/network-metrics-daemon/pull/98) * [Full changelog](https://github.com/openshift/network-metrics-daemon/compare/710bd872934572584eff4987eb638764afd04cdb...1210db38beff72968f1227f10312a9086b1b914e) ### [network-tools](https://github.com/openshift/network-tools/tree/234ed43e3e7b2cfcb76a19c80fcdb573a625309f) * add missing go vendors [#140](https://github.com/openshift/network-tools/pull/140) * [Full changelog](https://github.com/openshift/network-tools/compare/39eca100c0978fb59234e21bf549b130914616ac...234ed43e3e7b2cfcb76a19c80fcdb573a625309f) ### [nutanix-cloud-controller-manager](https://github.com/openshift/cloud-provider-nutanix/tree/28bf5963c7f82ae8d966a69562a19f038d819950) * [OCPBUGS-30524](https://issues.redhat.com/browse/OCPBUGS-30524): bump google.golang.org/protobuf to v1.33.0 [#38](https://github.com/openshift/cloud-provider-nutanix/pull/38) * [Full changelog](https://github.com/openshift/cloud-provider-nutanix/compare/c9bbc44c0200c8061506c465d0eb3c97fe94e197...28bf5963c7f82ae8d966a69562a19f038d819950) ### [nutanix-machine-controllers](https://github.com/openshift/machine-api-provider-nutanix/tree/2f2e121b6caea7073a5b7d64312f08f9d91233bb) * [OCPBUGS-51854](https://issues.redhat.com/browse/OCPBUGS-51854): CVE-2025-22868 [#110](https://github.com/openshift/machine-api-provider-nutanix/pull/110) * [OCPBUGS-47266](https://issues.redhat.com/browse/OCPBUGS-47266): fixing CVE-2024-45338 [#93](https://github.com/openshift/machine-api-provider-nutanix/pull/93) * [Full changelog](https://github.com/openshift/machine-api-provider-nutanix/compare/f053e5a0ee58d20066efff8db01578785ea83dad...2f2e121b6caea7073a5b7d64312f08f9d91233bb) ### [oauth-apiserver](https://github.com/openshift/oauth-apiserver/tree/f09a9be33b6455664a6842980fca4bd8008e9e6e) * [OCPBUGS-30525](https://issues.redhat.com/browse/OCPBUGS-30525): Update dependencies to address CVE-2024-24786 [#124](https://github.com/openshift/oauth-apiserver/pull/124) * [Full changelog](https://github.com/openshift/oauth-apiserver/compare/fa1f097c2800b06b3b56537651294d023762a4eb...f09a9be33b6455664a6842980fca4bd8008e9e6e) ### [oauth-proxy](https://github.com/openshift/oauth-proxy/tree/565f7ed40b9ae8b3a0c146e0495334bd58b40d36) * [OCPBUGS-61446](https://issues.redhat.com/browse/OCPBUGS-61446): Update x/crypto to v0.31.0 [#335](https://github.com/openshift/oauth-proxy/pull/335) * [OCPBUGS-62707](https://issues.redhat.com/browse/OCPBUGS-62707): Fix oauth-proxy e2e-component tests [#338](https://github.com/openshift/oauth-proxy/pull/338) * [Full changelog](https://github.com/openshift/oauth-proxy/compare/30f8012482023689655252dc2af2f17fe6a09253...565f7ed40b9ae8b3a0c146e0495334bd58b40d36) ### [oc-mirror](https://github.com/openshift/oc-mirror/tree/b137a53a5360a41a70432ea2bfc98a6cee6f7a4a) * changes the owners file (#1015) [#1015](https://github.com/openshift/oc-mirror/pull/1015) * [OCPBUGS-48513](https://issues.redhat.com/browse/OCPBUGS-48513): e2e: use same version of crane as in go.mod (#1021) [#1021](https://github.com/openshift/oc-mirror/pull/1021) * [OCPBUGS-38035](https://issues.redhat.com/browse/OCPBUGS-38035): Rebuild catalogs -- without cache generation (#905) [#905](https://github.com/openshift/oc-mirror/pull/905) * [OCPBUGS-36410](https://issues.redhat.com/browse/OCPBUGS-36410): fix: creates tags for release images (#901) [#901](https://github.com/openshift/oc-mirror/pull/901) * [OCPBUGS-37055](https://issues.redhat.com/browse/OCPBUGS-37055): Use proxy for HTTP request release signatures (#893) [#893](https://github.com/openshift/oc-mirror/pull/893) * [OCPBUGS-37040](https://issues.redhat.com/browse/OCPBUGS-37040): use current working-dir for fetching release content for disk to mirror (#892) [#892](https://github.com/openshift/oc-mirror/pull/892) * [OCPBUGS-36498](https://issues.redhat.com/browse/OCPBUGS-36498): Fix to ensure invalid catalogs are skipped (#889) [#889](https://github.com/openshift/oc-mirror/pull/889) * [OCPBUGS-362214](https://issues.redhat.com/browse/OCPBUGS-362214): Fix V2 DiskToMirror should not require internet access (#884) [#884](https://github.com/openshift/oc-mirror/pull/884) * [OCPBUGS-35279](https://issues.redhat.com/browse/OCPBUGS-35279): Fix spelling error in delete console message (#881) [#881](https://github.com/openshift/oc-mirror/pull/881) * [OCPBUGS-35409](https://issues.redhat.com/browse/OCPBUGS-35409): Implement fail safe / fail fast in workers (#879) [#879](https://github.com/openshift/oc-mirror/pull/879) * [Full changelog](https://github.com/openshift/oc-mirror/compare/7c0889f4bd343ccaaba5f33b7b861db29b1e5e49...b137a53a5360a41a70432ea2bfc98a6cee6f7a4a) ### [openshift-apiserver](https://github.com/openshift/openshift-apiserver/tree/d249d94d6aa116622463e84dec68f26a03f39a11) * [OCPBUGS-61474](https://issues.redhat.com/browse/OCPBUGS-61474): Skip blocked registry check for registries with mirrors [#552](https://github.com/openshift/openshift-apiserver/pull/552) * [OCPBUGS-56612](https://issues.redhat.com/browse/OCPBUGS-56612): Fix image reference in TestImageStreamImportQuayIO [#516](https://github.com/openshift/openshift-apiserver/pull/516) * [OCPBUGS-49656](https://issues.redhat.com/browse/OCPBUGS-49656): prevent panic when no image and error are set [#494](https://github.com/openshift/openshift-apiserver/pull/494) * [OCPBUGS-49656](https://issues.redhat.com/browse/OCPBUGS-49656): validate image property isn't nil before using [#493](https://github.com/openshift/openshift-apiserver/pull/493) * [OCPBUGS-49656](https://issues.redhat.com/browse/OCPBUGS-49656): move on to the next digest/tag during failures [#492](https://github.com/openshift/openshift-apiserver/pull/492) * [OCPBUGS-45010](https://issues.redhat.com/browse/OCPBUGS-45010): Pass expected type to deploymentconfig/scale object validation. [#461](https://github.com/openshift/openshift-apiserver/pull/461) * [OCPBUGS-42724](https://issues.redhat.com/browse/OCPBUGS-42724): fail image import when both image and error are nil [#455](https://github.com/openshift/openshift-apiserver/pull/455) * [Full changelog](https://github.com/openshift/openshift-apiserver/compare/6b5184128103eaad64d7b00f0d1de9b7c3597112...d249d94d6aa116622463e84dec68f26a03f39a11) ### [openshift-controller-manager](https://github.com/openshift/openshift-controller-manager/tree/90f73f7ea939b221b79684ebe6d2feb843fc1f83) * [OCPBUGS-61707](https://issues.redhat.com/browse/OCPBUGS-61707): legacy image pull secret rollback controller [#416](https://github.com/openshift/openshift-controller-manager/pull/416) * [OCPBUGS-60233](https://issues.redhat.com/browse/OCPBUGS-60233): ignore error failing to find pull/push secrets [#409](https://github.com/openshift/openshift-controller-manager/pull/409) * [OCPBUGS-57513](https://issues.redhat.com/browse/OCPBUGS-57513): Set node-pullsecrets volume to read-only to protect image pull credentials [#394](https://github.com/openshift/openshift-controller-manager/pull/394) * [OCPBUGS-56354](https://issues.redhat.com/browse/OCPBUGS-56354): Empty proxy variables are causing issues during the build [#382](https://github.com/openshift/openshift-controller-manager/pull/382) * [OCPBUGS-44186](https://issues.redhat.com/browse/OCPBUGS-44186): user system:serviceaccount:openshift-infra:serviceaccount-pull-secrets-controller in ns/openshift-infra must not produce too many applies [#351](https://github.com/openshift/openshift-controller-manager/pull/351) * [OCPBUGS-48202](https://issues.redhat.com/browse/OCPBUGS-48202): Add team members to the OWNERS file [#358](https://github.com/openshift/openshift-controller-manager/pull/358) * NO-JIRA: cleanup root and app OWNERS [#347](https://github.com/openshift/openshift-controller-manager/pull/347) * [OCPBUGS-42420](https://issues.redhat.com/browse/OCPBUGS-42420): Continuous pull-secret updates / slow initialization on build01 (test platform infrastructure) [#343](https://github.com/openshift/openshift-controller-manager/pull/343) * [OCPBUGS-39191](https://issues.redhat.com/browse/OCPBUGS-39191): replaces deprecated square/go-jose wtih go-jose/go-jose [#329](https://github.com/openshift/openshift-controller-manager/pull/329) * [OCPBUGS-37526](https://issues.redhat.com/browse/OCPBUGS-37526): Race condition when deleting ServiceAccount [#324](https://github.com/openshift/openshift-controller-manager/pull/324) * [OCPBUGS-36862](https://issues.redhat.com/browse/OCPBUGS-36862): 4.16 "Bad" reconciliation loops can cause unbounded dockercfg secret creation [#323](https://github.com/openshift/openshift-controller-manager/pull/323) * [Full changelog](https://github.com/openshift/openshift-controller-manager/compare/1432fe0aa630ce83c0c3fd18c86e1fb9a47ae4cc...90f73f7ea939b221b79684ebe6d2feb843fc1f83) ### [openstack-cinder-csi-driver-operator](https://github.com/openshift/openstack-cinder-csi-driver-operator/tree/85b52097dda6b8a5f64ceb662d477a9ae28c4ca7) * [OCPBUGS-35730](https://issues.redhat.com/browse/OCPBUGS-35730): Add config map hooks [#174](https://github.com/openshift/openstack-cinder-csi-driver-operator/pull/174) * [Full changelog](https://github.com/openshift/openstack-cinder-csi-driver-operator/compare/6eb4b8220a63a6f9fef9b3779aaf015247697713...85b52097dda6b8a5f64ceb662d477a9ae28c4ca7) ### [openstack-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-openstack/tree/3b972b2bcb5c5d779ea4335faf71abab4d9e5a1c) * [OCPBUGS-58028](https://issues.redhat.com/browse/OCPBUGS-58028): Merge https://github.com/kubernetes-sigs/cluster-api-provider-openstack:release-0.10 into release-4.16 [#346](https://github.com/openshift/cluster-api-provider-openstack/pull/346) * [OCPBUGS-44456](https://issues.redhat.com/browse/OCPBUGS-44456): Merge https://github.com/kubernetes-sigs/cluster-api-provider-openstack:release-0.10 into release-4.16 [#328](https://github.com/openshift/cluster-api-provider-openstack/pull/328) * [OCPBUGS-44990](https://issues.redhat.com/browse/OCPBUGS-44990): Makefile changes for merge-bot [#341](https://github.com/openshift/cluster-api-provider-openstack/pull/341) * [OCPBUGS-34931](https://issues.redhat.com/browse/OCPBUGS-34931): rebase on release-0.10 (to fix trunks deletion) [#321](https://github.com/openshift/cluster-api-provider-openstack/pull/321) * [OCPBUGS-37967](https://issues.redhat.com/browse/OCPBUGS-37967): rebase CAPO for 4.16 [#319](https://github.com/openshift/cluster-api-provider-openstack/pull/319) * [Full changelog](https://github.com/openshift/cluster-api-provider-openstack/compare/be72b7545228d631178c49677b01905e92846441...3b972b2bcb5c5d779ea4335faf71abab4d9e5a1c) ### [openstack-machine-api-provider](https://github.com/openshift/machine-api-provider-openstack/tree/5ada1cbab3a9354488b1e74e85c36285302c3382) * [OCPBUGS-34931](https://issues.redhat.com/browse/OCPBUGS-34931): bump CAPO to v0.9.2 [#124](https://github.com/openshift/machine-api-provider-openstack/pull/124) * [Full changelog](https://github.com/openshift/machine-api-provider-openstack/compare/fb930638853b159a2e428e6200bd67a64a37295b...5ada1cbab3a9354488b1e74e85c36285302c3382) ### [operator-lifecycle-manager, operator-registry](https://github.com/openshift/operator-framework-olm/tree/e48ec38c748a5cb90cdaf2fe017fb161301886ae) * [OCPBUGS-58881](https://issues.redhat.com/browse/OCPBUGS-58881): operatorgroup: ensure clusterroleselectors in clusterrole aggregation rules are sorted [#1102](https://github.com/openshift/operator-framework-olm/pull/1102) * [OCPBUGS-59647](https://issues.redhat.com/browse/OCPBUGS-59647): Reduce Frequency of Update Requests for Copied CSVs (#3597) [#1042](https://github.com/openshift/operator-framework-olm/pull/1042) * [OCPBUGS-60847](https://issues.redhat.com/browse/OCPBUGS-60847): Add NetworkPolicy as a supported kind [#1050](https://github.com/openshift/operator-framework-olm/pull/1050) * [OCPBUGS-61388](https://issues.redhat.com/browse/OCPBUGS-61388): [4.16] e2e stability fixes [#1083](https://github.com/openshift/operator-framework-olm/pull/1083) * [OCPBUGS-57429](https://issues.redhat.com/browse/OCPBUGS-57429): reduce cache expiry frequency [release-4.19] [#1022](https://github.com/openshift/operator-framework-olm/pull/1022) * [OCPBUGS-56358](https://issues.redhat.com/browse/OCPBUGS-56358): fix(olm): improve error logging for missing olm.managed label (#3558) [#1006](https://github.com/openshift/operator-framework-olm/pull/1006) * [OCPBUGS-53395](https://issues.redhat.com/browse/OCPBUGS-53395): Ensure that PSA label is latest instead of pinning versions [#987](https://github.com/openshift/operator-framework-olm/pull/987) * [OCPBUGS-48696](https://issues.redhat.com/browse/OCPBUGS-48696): Fix excessive catalog source snapshots cause severe performance regression [#957](https://github.com/openshift/operator-framework-olm/pull/957) * [OCPBUGS-48661](https://issues.redhat.com/browse/OCPBUGS-48661): Fix concurrent namespace resolution [#947](https://github.com/openshift/operator-framework-olm/pull/947) * [OCPBUGS-46928](https://issues.redhat.com/browse/OCPBUGS-46928), [OCPBUGS-46935](https://issues.redhat.com/browse/OCPBUGS-46935), [OCPBUGS-47315](https://issues.redhat.com/browse/OCPBUGS-47315): x/net bump to v0.34.0 [release-4.16] [#939](https://github.com/openshift/operator-framework-olm/pull/939) * [OCPBUGS-47738](https://issues.redhat.com/browse/OCPBUGS-47738): catalog-operator: Delete Pods that were evicted (#3459) [#925](https://github.com/openshift/operator-framework-olm/pull/925) * [OCPBUGS-46434](https://issues.redhat.com/browse/OCPBUGS-46434): CRD upgrade existing CR validation fix [#916](https://github.com/openshift/operator-framework-olm/pull/916) * [OCPBUGS-44802](https://issues.redhat.com/browse/OCPBUGS-44802): fix: call TokenRequest API when service account token secret is missing [#900](https://github.com/openshift/operator-framework-olm/pull/900) * [OCPBUGS-41540](https://issues.redhat.com/browse/OCPBUGS-41540): [4.16] add optional schema migrations; default to olm.bundle.object instead of olm.csv.metadata (#1384) [#859](https://github.com/openshift/operator-framework-olm/pull/859) * [OCPBUGS-41677](https://issues.redhat.com/browse/OCPBUGS-41677): [4.17] adds paginating lister for evaluating CRs' upgrade fitness versus new CRDs. [#863](https://github.com/openshift/operator-framework-olm/pull/863) * [OCPBUGS-41557](https://issues.redhat.com/browse/OCPBUGS-41557): Fix e2e flake: upgrade CRD with deprecated version [#861](https://github.com/openshift/operator-framework-olm/pull/861) * [OCPBUGS-41217](https://issues.redhat.com/browse/OCPBUGS-41217): (fix) registry pods do not come up again after node failure (#3366) [#854](https://github.com/openshift/operator-framework-olm/pull/854) * [OCPBUGS-38290](https://issues.redhat.com/browse/OCPBUGS-38290): [release-4.16] (fix) Resolver: list CatSrc using client, instead of referring to registry-server cache [#838](https://github.com/openshift/operator-framework-olm/pull/838) * [OCPBUGS-38129](https://issues.redhat.com/browse/OCPBUGS-38129): [release-4.16] Update junit report file name to show spec results on Test Grid [#833](https://github.com/openshift/operator-framework-olm/pull/833) * [OCPBUGS-37456](https://issues.redhat.com/browse/OCPBUGS-37456): Updating ose-operator-framework-tools-container image to be consistent with ART for 4.16 [#826](https://github.com/openshift/operator-framework-olm/pull/826) * [OCPBUGS-37559](https://issues.redhat.com/browse/OCPBUGS-37559): [release-4.16] Update e2e config and backport list of flakes [#814](https://github.com/openshift/operator-framework-olm/pull/814) * [OCPBUGS-37018](https://issues.redhat.com/browse/OCPBUGS-37018): Bump github.com/containers/image/v5 [#822](https://github.com/openshift/operator-framework-olm/pull/822) * [OCPBUGS-36450](https://issues.redhat.com/browse/OCPBUGS-36450): Can't install operator on 4.15 after uninstalling it on a prior version [#809](https://github.com/openshift/operator-framework-olm/pull/809) * [OCPBUGS-25019](https://issues.redhat.com/browse/OCPBUGS-25019): fix xplat compile for of-tools image; hide utest files from git; use rhel8 art builder image [#793](https://github.com/openshift/operator-framework-olm/pull/793) * [OCPBUGS-36137](https://issues.redhat.com/browse/OCPBUGS-36137): fix sorting unpack jobs [#799](https://github.com/openshift/operator-framework-olm/pull/799) * [OCPBUGS-34979](https://issues.redhat.com/browse/OCPBUGS-34979): Updates default security context behavior for catalog source pods [#788](https://github.com/openshift/operator-framework-olm/pull/788) * [OCPBUGS-36138](https://issues.redhat.com/browse/OCPBUGS-36138): perform operator apiService certificate validity checks directly [#798](https://github.com/openshift/operator-framework-olm/pull/798) * [OCPBUGS-35373](https://issues.redhat.com/browse/OCPBUGS-35373): [release-4.16] Warn and allow CRD upgrade if validation fails but webhook is specified [#781](https://github.com/openshift/operator-framework-olm/pull/781) * [Full changelog](https://github.com/openshift/operator-framework-olm/compare/1aacee6a78ceac7acd5aa03647933e550d66a12c...e48ec38c748a5cb90cdaf2fe017fb161301886ae) ### [operator-marketplace](https://github.com/operator-framework/operator-marketplace/tree/f6d328d06a7546579c8456a3822f9c1596aec9cc) * [OCPBUGS-62220](https://issues.redhat.com/browse/OCPBUGS-62220): Remove Expect func so that the test case can use the retry logic [#671](https://github.com/operator-framework/operator-marketplace/pull/671) * [OCPBUGS-61920](https://issues.redhat.com/browse/OCPBUGS-61920): Update memoryTarget on catalog source pods [#664](https://github.com/operator-framework/operator-marketplace/pull/664) * [OCPBUGS-49429](https://issues.redhat.com/browse/OCPBUGS-49429): Upgrade golang.org/x/net [release-4.16] [#587](https://github.com/operator-framework/operator-marketplace/pull/587) * [Full changelog](https://github.com/operator-framework/operator-marketplace/compare/7db179fb05ea5bd33c9ea0a55e13adeeaf0529a2...f6d328d06a7546579c8456a3822f9c1596aec9cc) ### [ovn-kubernetes, ovn-kubernetes-microshift](https://github.com/openshift/ovn-kubernetes/tree/698c76385e3eed0cbeeee5207bc5023d34b82e1b) * [OCPBUGS-60079](https://issues.redhat.com/browse/OCPBUGS-60079): Always enable global IPv6 forwarding [#2743](https://github.com/openshift/ovn-kubernetes/pull/2743) * [OCPBUGS-60494](https://issues.redhat.com/browse/OCPBUGS-60494): Update OWNERS file: Add Patryk/Martin as approvers [#2718](https://github.com/openshift/ovn-kubernetes/pull/2718) * [OCPBUGS-58161](https://issues.redhat.com/browse/OCPBUGS-58161): Unpin OVS patch versions [#2648](https://github.com/openshift/ovn-kubernetes/pull/2648) * [OCPBUGS-57396](https://issues.redhat.com/browse/OCPBUGS-57396): Fix predicate for cluster subnet route to gateway router [#2645](https://github.com/openshift/ovn-kubernetes/pull/2645) * [OCPBUGS-55282](https://issues.redhat.com/browse/OCPBUGS-55282): Fix hybrid overlay node subnets collision with cluster subnets [#2621](https://github.com/openshift/ovn-kubernetes/pull/2621) * [OCPBUGS-48121](https://issues.redhat.com/browse/OCPBUGS-48121): Increase InformerSyncTimeout to 60s [#2624](https://github.com/openshift/ovn-kubernetes/pull/2624) * [OCPBUGS-56242](https://issues.redhat.com/browse/OCPBUGS-56242): Handles unspecified protocol in network policy port [#2571](https://github.com/openshift/ovn-kubernetes/pull/2571) * [OCPBUGS-56812](https://issues.redhat.com/browse/OCPBUGS-56812): egressfirewall: avoid nil dereference on node delete [#2591](https://github.com/openshift/ovn-kubernetes/pull/2591) * [OCPBUGS-52503](https://issues.redhat.com/browse/OCPBUGS-52503): Fixes unexpected mp0 route removal during start up [#2479](https://github.com/openshift/ovn-kubernetes/pull/2479) * [OCPBUGS-54204](https://issues.redhat.com/browse/OCPBUGS-54204): Update OVN to FDP25.A.1 24.03.5-40. [#2497](https://github.com/openshift/ovn-kubernetes/pull/2497) * [OCPBUGS-50595](https://issues.redhat.com/browse/OCPBUGS-50595): kubevirt, localnet: Reduce live migration downtime [#2469](https://github.com/openshift/ovn-kubernetes/pull/2469) * [OCPBUGS-50594](https://issues.redhat.com/browse/OCPBUGS-50594): fixes overzealous deletion of SNAT in egressIP [#2456](https://github.com/openshift/ovn-kubernetes/pull/2456) * [OCPBUGS-47634](https://issues.redhat.com/browse/OCPBUGS-47634): Let OVN-northd bind remote ports [#2406](https://github.com/openshift/ovn-kubernetes/pull/2406) * [OCPBUGS-45958](https://issues.redhat.com/browse/OCPBUGS-45958): bump OVS to 3.3.0-62.el9fdp for OCP 4.16 [#2388](https://github.com/openshift/ovn-kubernetes/pull/2388) * [OCPBUGS-44457](https://issues.redhat.com/browse/OCPBUGS-44457): Add static route to the hairpin masquerade IPs to pod [#2346](https://github.com/openshift/ovn-kubernetes/pull/2346) * [OCPBUGS-45942](https://issues.redhat.com/browse/OCPBUGS-45942): pin libreswan to 4.6-3.el9_0.3 [#2386](https://github.com/openshift/ovn-kubernetes/pull/2386) * [OCPBUGS-45343](https://issues.redhat.com/browse/OCPBUGS-45343): Dockerfile: Update OVN to the 24.03.2-32.el9fdp minor release. [#2377](https://github.com/openshift/ovn-kubernetes/pull/2377) * [OCPBUGS-42244](https://issues.redhat.com/browse/OCPBUGS-42244): Add hybird overlay pod IPs to the namespace address_set [#2352](https://github.com/openshift/ovn-kubernetes/pull/2352) * [OCPBUGS-43344](https://issues.redhat.com/browse/OCPBUGS-43344): Add SDN node subnet gateway IP to host-network address_set [#2328](https://github.com/openshift/ovn-kubernetes/pull/2328) * [OCPBUGS-42942](https://issues.redhat.com/browse/OCPBUGS-42942): Fix egress gateway pod cleanup for remote zone pods. [#2341](https://github.com/openshift/ovn-kubernetes/pull/2341) * [OCPBUGS-36210](https://issues.redhat.com/browse/OCPBUGS-36210): Implementation required to enable Forwarding if it is already disabled [#2212](https://github.com/openshift/ovn-kubernetes/pull/2212) * [OCPBUGS-41551](https://issues.redhat.com/browse/OCPBUGS-41551): Add subnet overlap check for transit switch subnet [#2306](https://github.com/openshift/ovn-kubernetes/pull/2306) * [OCPBUGS-38697](https://issues.redhat.com/browse/OCPBUGS-38697): Use more exact name match when deleting static routes to HO nodes. [#2282](https://github.com/openshift/ovn-kubernetes/pull/2282) * [OCPBUGS-24386](https://issues.redhat.com/browse/OCPBUGS-24386): [release-4.16] EgressService: Fix ETP=Local ingress reply for LGW [#2278](https://github.com/openshift/ovn-kubernetes/pull/2278) * [OCPBUGS-38705](https://issues.redhat.com/browse/OCPBUGS-38705): Delete EgressIP LRP stale nexthops when node is not found [#2271](https://github.com/openshift/ovn-kubernetes/pull/2271) * [OCPBUGS-38054](https://issues.redhat.com/browse/OCPBUGS-38054): Fix per-pod MCS/metadata blocking [#2248](https://github.com/openshift/ovn-kubernetes/pull/2248) * [OCPBUGS-38699](https://issues.redhat.com/browse/OCPBUGS-38699), [OCPBUGS-38704](https://issues.redhat.com/browse/OCPBUGS-38704): EgressIP VRF support & ignore localnet patch ports when bootstrapping [#2267](https://github.com/openshift/ovn-kubernetes/pull/2267) * [OCPBUGS-37939](https://issues.redhat.com/browse/OCPBUGS-37939): [release-4.16] Bump OVSDBTimeout and make it configurable. [#2244](https://github.com/openshift/ovn-kubernetes/pull/2244) * [OCPBUGS-37362](https://issues.redhat.com/browse/OCPBUGS-37362): Fix registering northd metrics on appropriate nodes [#2232](https://github.com/openshift/ovn-kubernetes/pull/2232) * [OCPBUGS-36608](https://issues.redhat.com/browse/OCPBUGS-36608): [release-4.16] ovspinning: Set affinity of each thread [#2220](https://github.com/openshift/ovn-kubernetes/pull/2220) * [OCPBUGS-36486](https://issues.redhat.com/browse/OCPBUGS-36486): Fix race condition when creating/deleting namespace address set [#2218](https://github.com/openshift/ovn-kubernetes/pull/2218) * [OCPBUGS-35061](https://issues.redhat.com/browse/OCPBUGS-35061): Allow ANPs at same priority [#2205](https://github.com/openshift/ovn-kubernetes/pull/2205) * [Full changelog](https://github.com/openshift/ovn-kubernetes/compare/8a9743708ae117595226a52b4856f8c032fed2ab...698c76385e3eed0cbeeee5207bc5023d34b82e1b) ### [powervs-block-csi-driver](https://github.com/openshift/ibm-powervs-block-csi-driver/tree/26162badb8422f36d9b52fac8467d48bf6078f5a) * [OCPBUGS-36097](https://issues.redhat.com/browse/OCPBUGS-36097): Fix CVE-2024-6104 by updating http-retryable to 0.7.7 [#88](https://github.com/openshift/ibm-powervs-block-csi-driver/pull/88) * [Full changelog](https://github.com/openshift/ibm-powervs-block-csi-driver/compare/730a473cf60d5de4d4543ea71ff5f3c6c1010980...26162badb8422f36d9b52fac8467d48bf6078f5a) ### [powervs-cloud-controller-manager](https://github.com/openshift/cloud-provider-powervs/tree/20e6dc70d665e5d085df17d757a07e17c0e18fe0) * [OCPBUGS-36107](https://issues.redhat.com/browse/OCPBUGS-36107): UPSTREAM: <carry>: Fix go-retryablehttp CVE 4.16 [#73](https://github.com/openshift/cloud-provider-powervs/pull/73) * [Full changelog](https://github.com/openshift/cloud-provider-powervs/compare/87386cd444b4b9fe745d0198ab959ccedb5e318a...20e6dc70d665e5d085df17d757a07e17c0e18fe0) ### [powervs-machine-controllers](https://github.com/openshift/machine-api-provider-powervs/tree/2bfcc0f832d5237690ea900996e7679a5b5f0cd7) * [OCPBUGS-61511](https://issues.redhat.com/browse/OCPBUGS-61511): Use OS_GIT_VERSION in Makefile when found (for Konflux builds) [#127](https://github.com/openshift/machine-api-provider-powervs/pull/127) * [OCPBUGS-54752](https://issues.redhat.com/browse/OCPBUGS-54752): Fix for CVE-2024-51744 in github.com/golang-jwt/jwt/v4 in release-4.16 [#114](https://github.com/openshift/machine-api-provider-powervs/pull/114) * [OCPBUGS-41976](https://issues.redhat.com/browse/OCPBUGS-41976): Update go.mod to fix CVE - 4.16 [#84](https://github.com/openshift/machine-api-provider-powervs/pull/84) * [Full changelog](https://github.com/openshift/machine-api-provider-powervs/compare/6b57e6c1bf0ee22bd0d51fde1249209c53da07d1...2bfcc0f832d5237690ea900996e7679a5b5f0cd7) ### [prometheus](https://github.com/openshift/prometheus/tree/e9fa80af084868b1e0f69e35b69e8ebca5ae1ddc) * [OCPBUGS-61856](https://issues.redhat.com/browse/OCPBUGS-61856): chore: compute highestTimestamp at queryManager level [#270](https://github.com/openshift/prometheus/pull/270) * [OCPBUGS-56739](https://issues.redhat.com/browse/OCPBUGS-56739): BACKPORT: fix promtool analyze block shows metric name with 0 cardinality [#255](https://github.com/openshift/prometheus/pull/255) * [OCPBUGS-54942](https://issues.redhat.com/browse/OCPBUGS-54942): Scraping: Bump cache iteration after error to avoid false duplicate detection. [#250](https://github.com/openshift/prometheus/pull/250) * [OCPBUGS-43668](https://issues.redhat.com/browse/OCPBUGS-43668): fix(discovery): Handle cache.DeletedFinalStateUnknown in node informers' DeleteFunc [#231](https://github.com/openshift/prometheus/pull/231) * [OCPBUGS-39179](https://issues.redhat.com/browse/OCPBUGS-39179): Restore Prometheus functionality to accept samples with different timestamps from the same series in a single scrape. [#224](https://github.com/openshift/prometheus/pull/224) * [OCPBUGS-36918](https://issues.redhat.com/browse/OCPBUGS-36918): cherry-pick upstream fix to make PrometheusRemoteWriteBehind fire when remote endpoint is never reached. [#214](https://github.com/openshift/prometheus/pull/214) * [OCPBUGS-37446](https://issues.redhat.com/browse/OCPBUGS-37446): backport of upstream fix [#217](https://github.com/openshift/prometheus/pull/217) * [OCPBUGS-36854](https://issues.redhat.com/browse/OCPBUGS-36854): cherry-pick upstream remote-write fix [#212](https://github.com/openshift/prometheus/pull/212) * [Full changelog](https://github.com/openshift/prometheus/compare/69e2ed89ac1e73cfa36ce792d8b045b2e7f3c649...e9fa80af084868b1e0f69e35b69e8ebca5ae1ddc) ### [prometheus-config-reloader, prometheus-operator, prometheus-operator-admission-webhook](https://github.com/openshift/prometheus-operator/tree/c7262a43c0ddf2adc6be3863ac9a5056cb89c177) * [OCPBUGS-38399](https://issues.redhat.com/browse/OCPBUGS-38399): feat: sync proxy settings in Alertmanager configuration [#299](https://github.com/openshift/prometheus-operator/pull/299) * [Full changelog](https://github.com/openshift/prometheus-operator/compare/8bf4750af765730dc423213516245c7b0679e352...c7262a43c0ddf2adc6be3863ac9a5056cb89c177) ### [route-controller-manager](https://github.com/openshift/route-controller-manager/tree/5da234dd58c092cba019807979f9c29664ddb860) * [OCPBUGS-56152](https://issues.redhat.com/browse/OCPBUGS-56152): Added error event for failed ingress to route conversion [#61](https://github.com/openshift/route-controller-manager/pull/61) * [OCPBUGS-55201](https://issues.redhat.com/browse/OCPBUGS-55201): ingress: Reset metrics when ingress is deleted [#58](https://github.com/openshift/route-controller-manager/pull/58) * [Full changelog](https://github.com/openshift/route-controller-manager/compare/3112b458983c6fca6f77d5a945fb0026186dace6...5da234dd58c092cba019807979f9c29664ddb860) ### [telemeter](https://github.com/openshift/telemeter/tree/c1ecd1050c8f4ddb3380cf1bfb7230ae2e35052a) * [OCPBUGS-31552](https://issues.redhat.com/browse/OCPBUGS-31552): fix issuer check during JWT authentication 4.16 [#537](https://github.com/openshift/telemeter/pull/537) * [Full changelog](https://github.com/openshift/telemeter/compare/6ab43e488013b2383d594b3a8837e3800ce01c04...c1ecd1050c8f4ddb3380cf1bfb7230ae2e35052a) ### [tests](https://github.com/openshift/origin/tree/21ac3ffef1eefd1565a619e4d37e10132dfc4a1c) * [OCPBUGS-62934](https://issues.redhat.com/browse/OCPBUGS-62934): Fix bearer token exposure in exit condition as well [#30365](https://github.com/openshift/origin/pull/30365) * [OCPBUGS-61170](https://issues.redhat.com/browse/OCPBUGS-61170): images/tests: Remove rteval [#30203](https://github.com/openshift/origin/pull/30203) * NO-JIRA: Update extended/networking OWNERS [#30091](https://github.com/openshift/origin/pull/30091) * [OCPBUGS-60272](https://issues.redhat.com/browse/OCPBUGS-60272): Bump kubernetes version to fix NFS ganesha version [#30086](https://github.com/openshift/origin/pull/30086) * [OCPBUGS-57311](https://issues.redhat.com/browse/OCPBUGS-57311): Replace RunHostCmd with Exec function to censor bearer token being exposed [#29908](https://github.com/openshift/origin/pull/29908) * [OCPBUGS-57203](https://issues.redhat.com/browse/OCPBUGS-57203): fix: remove un-needed test [#29849](https://github.com/openshift/origin/pull/29849) * [OCPBUGS-34163](https://issues.redhat.com/browse/OCPBUGS-34163): Fix regex parser for censoring private key [#29805](https://github.com/openshift/origin/pull/29805) * [OCPBUGS-56704](https://issues.redhat.com/browse/OCPBUGS-56704): aws/edge: prevent test using unschedulable nodes [#29847](https://github.com/openshift/origin/pull/29847) * [OCPBUGS-55476](https://issues.redhat.com/browse/OCPBUGS-55476): support provider type external [#29738](https://github.com/openshift/origin/pull/29738) * [OCPBUGS-55636](https://issues.redhat.com/browse/OCPBUGS-55636): [build] Ensure Git Clone Does Not Run Privileged [#29746](https://github.com/openshift/origin/pull/29746) * [OCPBUGS-54768](https://issues.redhat.com/browse/OCPBUGS-54768): Fix egress firewall tests by updating the URL from docs.openshift.com to redhat.com [#29663](https://github.com/openshift/origin/pull/29663) * [OCPBUGS-52581](https://issues.redhat.com/browse/OCPBUGS-52581): Use payload pullspec for image info test [#29589](https://github.com/openshift/origin/pull/29589) * [OCPBUGS-52343](https://issues.redhat.com/browse/OCPBUGS-52343): Try also user CA for getting openshift-tests image [#29578](https://github.com/openshift/origin/pull/29578) * [OCPBUGS-44119](https://issues.redhat.com/browse/OCPBUGS-44119): Ignore infra nodes on tap cni tests [#29261](https://github.com/openshift/origin/pull/29261) * [OCPBUGS-48448](https://issues.redhat.com/browse/OCPBUGS-48448): Add team members to the OWNERS file for PR approvals [#29443](https://github.com/openshift/origin/pull/29443) * [OCPBUGS-48348](https://issues.redhat.com/browse/OCPBUGS-48348): Fixing build s2i ruby test data inline with latest ruby version(>=3.0) [#29431](https://github.com/openshift/origin/pull/29431) * [OCPBUGS-44105](https://issues.redhat.com/browse/OCPBUGS-44105): Adjust createDNSPod() to support hypershift dual-stack test [#29258](https://github.com/openshift/origin/pull/29258) * [OCPBUGS-39135](https://issues.redhat.com/browse/OCPBUGS-39135): Bump timeout for the pod-network-service endpoints check [#29052](https://github.com/openshift/origin/pull/29052) * [OCPBUGS-41611](https://issues.redhat.com/browse/OCPBUGS-41611): Disable:Broken for [sig-builds][Feature:Builds][Slow] can use private repositories as build input build using an HTTP token should be able to clone source code via an HTTP token [apigroup:build.openshift.io] [#29079](https://github.com/openshift/origin/pull/29079) * [OCPBUGS-38707](https://issues.redhat.com/browse/OCPBUGS-38707): run vsphere driver config test on non techpreview clusters [#28992](https://github.com/openshift/origin/pull/28992) * [OCPBUGS-38788](https://issues.redhat.com/browse/OCPBUGS-38788): [4.16] egressfirewall: skip ping tests in case of hypershift kubevirt on Azure infra [#28938](https://github.com/openshift/origin/pull/28938) * [OCPBUGS-38015](https://issues.redhat.com/browse/OCPBUGS-38015): vertical scaling test should not rely on CPMS replicas [#28981](https://github.com/openshift/origin/pull/28981) * [OCPBUGS-37771](https://issues.redhat.com/browse/OCPBUGS-37771): fix pod not returning success on 'Managed cluster should verify that nodes have no unexpected reboots [#28959](https://github.com/openshift/origin/pull/28959) * [OCPBUGS-36744](https://issues.redhat.com/browse/OCPBUGS-36744): Expand allowance for kubelet metrics api endpoint outages during node upgrades [#28928](https://github.com/openshift/origin/pull/28928) * [OCPBUGS-36182](https://issues.redhat.com/browse/OCPBUGS-36182): Removes dependency on samples operator images [#28904](https://github.com/openshift/origin/pull/28904) * [OCPBUGS-36241](https://issues.redhat.com/browse/OCPBUGS-36241): remove unused in-cluster monitoring code [#28909](https://github.com/openshift/origin/pull/28909) * [OCPBUGS-35842](https://issues.redhat.com/browse/OCPBUGS-35842): add Proxy config [#28894](https://github.com/openshift/origin/pull/28894) * [TRT-1721](https://issues.redhat.com/browse/TRT-1721): Add new intervals for kubelet metrics endpoints down [#28901](https://github.com/openshift/origin/pull/28901) * [TRT-1720](https://issues.redhat.com/browse/TRT-1720): Filter must-gather and truncate system node users [#28883](https://github.com/openshift/origin/pull/28883) * [ETCD-578](https://issues.redhat.com/browse/ETCD-578): remove Tech Preview check from etcd profiles e2e test [#28819](https://github.com/openshift/origin/pull/28819) * [OCPBUGS-35755](https://issues.redhat.com/browse/OCPBUGS-35755): Fix etcd profiles e2e test to check returned status for updated values [#28885](https://github.com/openshift/origin/pull/28885) * bump 4.16 to latest o/k 4.16 release branch [#28888](https://github.com/openshift/origin/pull/28888) * [Full changelog](https://github.com/openshift/origin/compare/3bb691e0fe54cd503f884a80e9211e318a7d8090...21ac3ffef1eefd1565a619e4d37e10132dfc4a1c) ### [vsphere-cloud-controller-manager](https://github.com/openshift/cloud-provider-vsphere/tree/023a3655c181512a870fe1c865dbdbd31690f439) * [OCPBUGS-46341](https://issues.redhat.com/browse/OCPBUGS-46341): update check-fmt goimports command [#83](https://github.com/openshift/cloud-provider-vsphere/pull/83) * [OCPBUGS-37660](https://issues.redhat.com/browse/OCPBUGS-37660): Bump otelgrpc to v0.53.0 [#72](https://github.com/openshift/cloud-provider-vsphere/pull/72) * [Full changelog](https://github.com/openshift/cloud-provider-vsphere/compare/8777b9a5ec4b34cefab7708987731a1fd224a739...023a3655c181512a870fe1c865dbdbd31690f439) ### [vsphere-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-vsphere/tree/f489582e5e92f2a8fffb7a39e70dadff54351af4) * [OCPBUGS-61653](https://issues.redhat.com/browse/OCPBUGS-61653): Fix unit tests [#72](https://github.com/openshift/cluster-api-provider-vsphere/pull/72) * [Full changelog](https://github.com/openshift/cluster-api-provider-vsphere/compare/be22f10a56a18cd94406eea442e0113d866618ea...f489582e5e92f2a8fffb7a39e70dadff54351af4) ### [vsphere-csi-driver, vsphere-csi-driver-syncer](https://github.com/openshift/vmware-vsphere-csi-driver/tree/03b7e8ebf2c6347b40a340d892e1a66d47806300) * [OCPBUGS-43881](https://issues.redhat.com/browse/OCPBUGS-43881): redact sensitive information when logging VCenter config [#134](https://github.com/openshift/vmware-vsphere-csi-driver/pull/134) * [OCPBUGS-42878](https://issues.redhat.com/browse/OCPBUGS-42878): Add compute resource entity to consider a standalone cluster for volu… [#131](https://github.com/openshift/vmware-vsphere-csi-driver/pull/131) * [Full changelog](https://github.com/openshift/vmware-vsphere-csi-driver/compare/3cd689f3f1ff59467885ee8ef42997eef5f81972...03b7e8ebf2c6347b40a340d892e1a66d47806300) ### [vsphere-csi-driver-operator](https://github.com/openshift/vmware-vsphere-csi-driver-operator/tree/7940ea1685dee6d3f29a6360dac9a82dd1b09230) * [OCPBUGS-51206](https://issues.redhat.com/browse/OCPBUGS-51206): Set reconcile-sync to 10 minute for ListVolume [#294](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/294) * [OCPBUGS-49862](https://issues.redhat.com/browse/OCPBUGS-49862): List only linux nodes [#289](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/289) * [Full changelog](https://github.com/openshift/vmware-vsphere-csi-driver-operator/compare/483de9c59f1646f239c7039bcc0fa5fa0e44e7b4...7940ea1685dee6d3f29a6360dac9a82dd1b09230) ### [vsphere-problem-detector](https://github.com/openshift/vsphere-problem-detector/tree/3683c120278fb79a30340f66d22948aaddf3c16a) * [OCPBUGS-37735](https://issues.redhat.com/browse/OCPBUGS-37735): Drop event when CheckDefaultDatastore fails [#168](https://github.com/openshift/vsphere-problem-detector/pull/168) * [OCPBUGS-35446](https://issues.redhat.com/browse/OCPBUGS-35446): Fix missing failure-domains [#160](https://github.com/openshift/vsphere-problem-detector/pull/160) * [Full changelog](https://github.com/openshift/vsphere-problem-detector/compare/d674e6d8b4b814b1544e7d2fc9177e5e0f90484b...3683c120278fb79a30340f66d22948aaddf3c16a)