Back to index

Download the installer for your operating system or run

oc adm release extract --tools quay.io/openshift-release-dev/ocp-release:4.12.47-x86_64

Team Approvals:

Tests:

• Blocking jobs
  • upgrade Succeeded release-openshift-origin-installer-e2e-aws-upgrade
  • upgrade-minor Failed release-openshift-origin-installer-e2e-aws-upgrade
• Informing jobs
  • aws-sdn-serial Succeeded periodic-ci-openshift-release-master-nightly-4.12-e2e-aws-sdn-serial
  • azure-ovn-upgrade-4.12-micro Succeeded periodic-ci-openshift-release-master-ci-4.12-e2e-azure-ovn-upgrade
  • metal-ipi-ovn-ipv6 Succeeded periodic-ci-openshift-release-master-nightly-4.12-e2e-metal-ipi-ovn-ipv6
  • metal-ipi-sdn Succeeded periodic-ci-openshift-release-master-nightly-4.12-e2e-metal-ipi-sdn-bm

Upgrades from:

• 4.12.46 (changes) - S F F S S S
• 4.12.45 (changes) - Success
• 4.12.44 (changes) - Success
• 4.12.32 (changes) - Failed
• 4.12.27 (changes) - Success
• 4.12.7 (changes) - Success
• 4.12.2 - Failed
• 4.12.1 (changes) - Success
• 4.12.0 (changes) - Success
• 4.11.56 (changes) - S F S
• 4.11.55 (changes) - Failed
• 4.11.54 (changes) - Success
• 4.11.41 (changes) - Failed
• 4.11.32 (changes) - Success
• 4.11.28 (changes) - Failed
• 4.11.13 (changes) - Success
• 4.11.12 (changes) - Success
• 4.11.11 (changes) - Failed

Upgrades to:

• 4.13.59 (changes) - Success
• 4.13.57 (changes) - Failed
• 4.13.42 (changes) - Failed
• 4.13.39 (changes) - Failed
• 4.13.33 (changes) - Success
• 4.13.32 (changes) - Success
• 4.13.31 (changes) - S S F
• 4.13.30 (changes) - S F F
• 4.13.29 (changes) - Failed
• 4.12.77 (changes) - Failed
• 4.12.58 (changes) - Success
• 4.12.50 (changes) - Success
• 4.12.49 (changes) - Success
• 4.12.48 (changes) - F F F F F S S F

---

Loading changelog, this may take a while ...

Changes from 4.12.2

Created: 2024-01-11 19:16:08 +0000 UTC

Image Digest: sha256:fcc9920ba10ebb02c69bdd9cd597273260eeec1b22e9ef9986a47f4874a21253

Release 4.12.47 was created from registry.ci.openshift.org/ocp/release:4.12.0-0.nightly-2024-01-11-070858

Components

• Kubernetes upgraded from 1.25.4 to 1.25.16
• Red Hat Enterprise Linux CoreOS upgraded from 412.86.202301311551-0 to 412.86.202401101314-0 (diff)

Rebuilt images without code change

• alibaba-cloud-controller-manager git 1959de0e sha256:691c71ad215dd31956d27fbccd9e7c6947db9b2ada63f159baefbe5290226def
• alibaba-machine-controllers git b9287c05 sha256:8f3a35c48a4d7b24d1a379999170fe247d8e4722b5c70cf2fcadfd8dbd522191
• cluster-update-keys git 2796e173 sha256:34045cdb1aeef8b16c21ba7263e3d94fd348da47fd7cf046c62e144cb08d1a18
• configmap-reloader git e4d9170e sha256:45e35c7a7b5d5a0cede98f254bfbce86b6ef08027bf2280fb0d34c96dc05f08a
• driver-toolkit git 6e5c04c0 sha256:5e4c83a34f34bbb8d07891afa5090539aed9c0a6511c3be5655e18f1a32f90ab
• egress-router-cni git a92e4157 sha256:458dba4247ee5309441d477ce3e6e27ea64b4c991982c225930442a42b5f2f2a
• ibmcloud-machine-controllers git 31a67dac sha256:dd491b8b83b0220abf649377892c205d673410a3c68fca8dd8450db74b1abb14
• keepalived-ipfailover git 7e8a0105 sha256:0e6cf1d88c5e50ab70a497a18f051876ec40e0cb743e3d455244b064446c99f5
• kube-storage-version-migrator git 596745ce sha256:fd84d249a5df7418a3f805e1555cc28dca5d5ee03f3fdba6b2596ac5cb59c50c
• kubevirt-cloud-controller-manager git a19615cd sha256:c5254085c2bae37ad5e7ab62e6407c4533820f1f281510c9552a73549e2938b1
• kubevirt-csi-driver git f407c8a7 sha256:ee8d24153b994e2c66e0119b363fc2e9935d55f49b3e0ba4aa2a5445b2be8b86
• libvirt-machine-controllers git a2882f7a sha256:9b4026eef2a37434c065c71698a63096c6320a148d272e0cf1e6813f3df5529b
• machine-os-content sha256:5609880c3bf5575057d3ee884604029045ddbc23ecd1253f80c11c62688df2cf
• machine-os-images git 566bf595 sha256:7b19d16c7ca19b74563bd78bfacb31ab4b7e6bf6eedf23948c52c85a37d5591f
• must-gather git 5fd21761 sha256:d7d29a457cb7d48e1ee6d138c77163a43708c03f6afe9bcc4971b53fca88b789
• network-tools git c76613c7 sha256:7ca7a11a9dbf7abf64db9112f0e33c74044dbfe90c07c54d674e80c80e71981c
• nutanix-machine-controllers git 25aea2d4 sha256:e311c887f71ccdbf9caeaed50dbc8d0f7cfa5b301e034b926f5e353a68099ff6
• oauth-proxy git 03e5b13b sha256:7d22fb5d9ddf97e3e9eb443c73638e90f276efd80d581bb207ac38f8dba9e225
• openshift-controller-manager git b6528f9e sha256:a24f2653e01b5431a375f5c2fb35466416431d3b04fef5650d2dab036c3eae60
• ovirt-machine-controllers git 03e8cb50 sha256:8f1d75b18e4d10923d0611ba6b003fe2e52a8abd5cb0eb45f11ece99ad5a4a6c
• prom-label-proxy git b1907888 sha256:563fecd3f2332b28d910f818c5a7756188e90b628ee4dbbde3f5e24f440a42eb
• rhel-coreos-8 sha256:6995049a0293a6747a0ea28d107dcd118b893494d9eecbf98f1cfef8afcd9b94
• rhel-coreos-8-extensions sha256:587ec4752bcf9a933c204fe3e95ff0f7bfd575f33de651f2248b7dfc818298c4
• service-ca-operator git 299b7097 sha256:84177f11290a4fa04adf3df50b45b00aad0c18d0b8ae6b60da21866ebc09beb0

agent-installer-api-server

• MGMT-15150: Use same installer binary for all platform types (#5347) #5347
• OCPBUGS-13356: Fix ‘vendor’ root device hint evaluation (#5206) #5206
• OCPBUGS-13529: Support by-path root device hints (#5214) #5214
• Full changelog

agent-installer-csr-approver, agent-installer-orchestrator

• MGMT-13586: Wait for ETCD Bootstrap to complete (#670) (#726) #670
• OCPBUGS-7149: IPv6 multinode spoke no moving from rebooting/configuring stage Update the mcs log regex (#631) #631
• Full changelog

agent-installer-node-agent

• OCPBUGS-23537: backport of agent retries (#627) #627
• MGMT-13946: Ignore Proliant Gen 11 serial (#524) #524
• Add sg3_utils package (#497) (#500) #497
• Full changelog

alibaba-cloud-csi-driver

• OCPBUGS-21313: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #38
• Full changelog

alibaba-disk-csi-driver-operator

• OCPBUGS-21404: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #66
• OCPBUGS-18417: set TLS cipher suites in Kube RBAC sidecars #58
• Full changelog

apiserver-network-proxy

• HOSTEDCP-1323: Merge latest code into 4.14 branch #45
• OCPBUGS-10187: Updating ose-apiserver-network-proxy images to be consistent with ART #30
• Full changelog

aws-cloud-controller-manager

• OCPBUGS-20722: Update golang.org/x/net to v0.17.0 #55
• Full changelog

aws-cluster-api-controllers

• OCPBUGS-20810: bump golang.org/x/net to v0.17.0 #483
• OCPBUGS-15548: Pass right SGs for IsExternallyManaged on creation #469
• Full changelog

aws-ebs-csi-driver

• OCPBUGS-20919: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #241
• OCPBUGS-14281: Volume unmount repeats after successful unmount, preventing pod delete #226
• Full changelog

aws-ebs-csi-driver-operator

• OCPBUGS-21018: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #282
• OCPBUGS-18417: set TLS cipher suites in Kube RBAC sidecars #265
• OCPBUGS-13721: assets/hypershift/controller_sa: Set controller ServiceAccount imagePullSecrets #230
• 4.12: OCPBUGS-10646: 4.12 hypershift set control plane #208
• OCPBUGS-7892: do not inject-proxy when deploying in hypershift control plane #187
• Full changelog

aws-machine-controllers

• OCPBUGS-21562: Update golang.org/x/net to v0.17.0 #90
• Full changelog

aws-pod-identity-webhook

• OCPBUGS-21312: Upgrade golang/x/net for CVE-2023-39325 (4.12) #185
• NO-ISSUE: Sync OWNERS with team members #178
• NO-ISSUE: snyk: exclude vendor/ #174
• Full changelog

azure-cloud-controller-manager, azure-cloud-node-manager

• OCPBUGS-21401: Bump golang.org/x/net to v0.18.0 #95
• OCPBUGS-22832: UPSTREAM: 2805: add disk lun check in AttachDisk to avoid race condition #91
• OCPBUGS-17159: Increase service idle max timeout to 100 minutes #82
• Full changelog

azure-cluster-api-controllers

• OCPBUGS-21489: bump golang.org/x/net to v0.17.0 #289
• Full changelog

azure-disk-csi-driver

• OCPBUGS-22941: UPSTREAM: 1755: fix: detach disk failure when there is throttling #62
• OCPBUGS-22832: UPSTREAM: 2805: add disk lun check in AttachDisk to avoid race condition #60
• OCPBUGS-20675: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #56
• Full changelog

azure-disk-csi-driver-operator

• OCPBUGS-20749: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #103
• OCPBUGS-18417: set TLS cipher suites in Kube RBAC sidecars #95
• OCPBUGS-7885: Adjust client-side QPS, burst and worker threads in provisioner and attacher sidecars #70
• Full changelog

azure-file-csi-driver

• OCPBUGS-20842: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #39
• Full changelog

azure-file-csi-driver-operator

• OCPBUGS-20946: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #78
• OCPBUGS-18417: set TLS cipher suites in Kube RBAC sidecars #71
• Full changelog

azure-machine-controllers

• OCPBUGS-20741: Bump x/net package to v0.18.0 #84
• OCPBUGS-19549, OCPBUGS-22247: Fix empty clusterName references for GenerateMachinePublicIPName #82
• OCPBUGS-17960: Machine Actuator should not set metadata.name #71
• OCPBUGS-17221: Add user defined Tags to NIC Azure resources #69
• Full changelog

baremetal-installer, installer, installer-artifacts

• OCPBUGS-23184: azure: validation: validate defaultMachinePlatform #7709
• OCPBUGS-25476: destroy: gcp: fix destroying regional disks #7845
• OCPBUGS-23302: images: installer: add xz to the container #7726
• OCPBUGS-23379: images: update govc image in upi-installer #7739
• OCPBUGS-22116: Add KMS encryption keys if provided #7769
• OCPBUGS-23329: Specify google cloud CLI to version 447.0.0 #7731
• OCPBUGS-22933: [release-4.12]: vsphere: fix validation of CPUS and CoresPerSocket #7677
• OCPBUGS-13288: use python3 for cloud sdk #7170
• OCPBUGS-18645: new Aws secret regions support #7473
• OCPBUGS-22288: Don’t log password values #7627
• OCPBUGS-18644: terraform: aws: secret regions now support ALIAS record #7472
• OCPBUGS-17651: Validate that the rendevousIP is assigned to a master #7416
• OCPBUGS-20145: [release-4.12] Use updated ansible-core for Openstack image #7560
• OCPBUGS-18646: Allow destroy for C2S isolated (us-iso and us-isob) partitions #7474
• OCPBUGS-10992: bootstrap-pivot: skip pivot in SCOS Live ISO #7035
• CORS-2792: AWS Shared VPC Backport [release-4.12] #7435
• OCPBUGS-18320: CORS-2445: GCP: Add osImage to the install config #7454
• OCPBUGS-17404: backport openstack UPI for ansible 2.10 #7399
• OCPBUGS-16778: bump RHCOS 4.12 bootimage metadata to 412.86.202308081039-0 #7420
• OCPBUGS-17467: Allow override of networkType #7406
• OCPBUGS-17174: Set AdditionalTrustBundle in override when mirroring not enabled #7386
• OCPBUGS-16382: azure: skip LB creation when not needed #7342
• OCPBUGS-14868: Shorten SNO installation duration by releasing CPC lease #7242
• OCPBUGS-14495: Support /dev/disk/by-path root device hints #7227
• OCPBUGS-16151: ic: azure: validate diskTypes in AzureStack #7331
• OCPBUGS-11199: azure: upi: use Image Gallery in ARM templates #7054
• OCPBUGS-13940: bump RHCOS 4.12 bootimage metadata to 412.86.202306132230-0 #7249
• OCPBUGS-14664: Shorten SNO installation duration by releasing CVO lease #7235
• OCPBUGS-7400: Check for AWS STS installation before trying to get all IAM Roles #7175
• OCPBUGS-13819: Bootstrap on aws should have same metadata service type as on other nodes #7196
• OCPBUGS-12202: Relax vsphere, nutanix VIP validation #7116
• OCPBUGS-7551: vSphere - ignore all bootstrap disk changes #6860
• OCPBUGS-14014: Do not always output warning msg when releaseImage is digest #7202
• OCPBUGS-13052: bump RHCOS 4.12 bootimage metadata #7164
• OCPBUGS-12956: openstack: Add netcat to the Installer image #7148
• OCPBUGS-12749: [Alibaba] update the bandwidth value of EIP #7131
• OCPBUGS-7400: Check for AWS STS installation before trying to get all IAM Roles #7141
• OCPBUGS-11360: Use 100 GB as minimum disk size in validations #7065
• OCPBUGS-11662: AWS - Remove ACLs from s3 ign #7084
• OCPBUGS-11208: GCP: add europe-west12 region to the survey as supported region #7055
• OCPBUGS-11108: Kubelet Client Cert should include system:serviceaccounts group #7050
• OCPBUGS-8384: Specify filename for default registries.conf #6941
• OCPBUGS-10904: IBMCloud: Fix SSH Private bootstrap #7028
• OCPBUGS-10905: IBMCloud set dnsrecords offset #7029
• OCPBUGS-10740: bump RHCOS 4.12 bootimage metadata #7019
• OCPBUGS-7481: Fix file check for loading openshift manifests #6907
• OCPBUGS-10497: [release-4.12] aws: bump aws-sdk-go version #6985
• OCPBUGS-10439: Sort userTags in Machine and Machineset manifests #6984
• OCPBUGS-7469: [release-4.12] GCP XPN Featuregates #6851
• OCPBUGS-7063: vSphere - Remove regexs in terraform ova import #6868
• OCPBUGS-8658: Pass Capabilites from install-config to cluster #6947
• OCPBUGS-7594: fully qualified username must be provided #6864
• OCPBUGS-7746: Convert platform type for AgentClusterInstall #6878
• OCPBUGS-8015: make VIP 168.63.129.16 noProxy in all clouds except Public #6909
• OCPBUGS-6087: Warn if agent assets detected when using non-agent waitfor #6788
• OCPBUGS-7607: IBMCloud: Handle COS reclamations #6867
• OCPBUGS-7529: bump RHCOS 4.12 bootimage metadata #6873
• OCPBUGS-7521: Update AgentConfig template #6857
• OCPBUGS-5992: azure: validate Windows-only VM types #6780
• OCPBUGS-6991: Don’t require vSphere details for agent installer #6826
• OCPBUGS-6807: Check platform baremetal settings against default values #6815
• OCPBUGS-7103: Set the configured proxy settings for agent installer #6830
• OCPBUGS-7131: bootstrap: set 0644 mode for registries.conf #6804
• OCPBUGS-5960: bump RHCOS 4.12 bootimage metadata #6791
• OCPBUGS-5996: vsphere: set default resource pool when missing failure domain topology #6781
• OCPBUGS-5667: CVE-2021-4238: goutils: update for randomness fix #6764
• And 1 elided commits (e.g. from squash or rebase merges)
• Full changelog

baremetal-machine-controllers

• OCPBUGS-21700: Uplift x/net to v0.17.0 #200
• Full changelog

baremetal-operator

• OCPBUGS-24490: backport: Delay delete of detached hosts #326
• OCPBUGS-23291: hack for deploying V6-only clusters from dualstack hubs #320
• OCPBUGS-21154: Uplift x/net to v0.17.0 #310
• OCPBUGS-17703: Trigger reconcile on Secret change #298
• OCPBUGS-17459: Set minimum TLS version for webhook to 1.2 #297
• OCPBUGS-14188: Deleting unmanaged BMH get stuck fix #283
• OCPBUGS-13530: Support /dev/disk/by-path root device hints #278
• OCPBUGS-12175: Revert live-iso validation #269
• OCPBUGS-9955: allow namespace to continue with terminating when deprovisioning a bmh #258
• Full changelog

baremetal-runtimecfg

• OCPBUGS-20127: Increase timeout for bootstrap kubeapi #279
• OCPBUGS-18606: Move haproxy firewall rule check earlier in loop #272
• OCPBUGS-17715: Don’t render config with incomplete unicast peer list #268
• OCPBUGS-15315: Use machine-config state instead of comparing roles #262
• OCPBUGS-12805: Make nested dual stack VIP configs respect EnableUnicast #240
• OCPBUGS-13405: Verify kubelet version in upgrade check #249
• OCPBUGS-11145: fix isUpgradeStillRunning() #232
• Full changelog

cli, cli-artifacts, deployer, tools

• OCPBUGS-25642: Add client version in must-gather summary #1639
• OCPBUGS-24462: Overwrite template’s namespace with the explicit one #1618
• OCPBUGS-23222: regeneratemco: explicitly check for PlatformStatus field #1598
• OCPBUGS-20248: oc process: Set original namespace if it differs #1560
• OCPBUGS-20291: Truncate existing files when writing from inspect #1563
• OCPBUGS-20299: Use quay redis image instead docker mysql #1567
• OCPBUGS-16173: Add tls-server-name when property exists in kubeconfig #1507
• OCPBUGS-1283: Bump golang.org/x dependencies #1421
• OCPBUGS-16056: mcs cert: account for environments that use IP directly #1501
• OCPBUGS-16194: reboot: set ignition version to 3.1 #1509
• handle the error case of node retrieval while waiting for reboot #1485
• bring some cert rotation helpers back into 4.12 [fix unit-tests] #1478
• OCPBUGS-14647: [release-4.12] Do not set master node selector if there’s no masters #1366
• OCPBUGS-14236: Remove closed centos7 registry from newapp unit tests #1434
• OCPBUGS-10774: bump repo sclorg/s2i-ruby-container location for newapp test #1382
• OCPBUGS-7960: pkg/cli/admin/upgrade/channel: Use PATCH instead of POST for spec updates #1354
• Full changelog

cloud-credential-operator

• OCPBUGS-21348: Upgrade golang/x/net for CVE-2023-39325 #624
• NO-ISSUE: snyk: exclude vendor/ #619
• NO-ISSUE: Removing andrew from OWNERS #618
• OCPBUGS-13739: Determine AWS partition based on region for readOnlyAnonUserPolicyTemplate bucket ARN. #539
• OCPBUGS-11707: ccoctl: Enable public anon read access to default OIDC S3 bucket #529
• Full changelog

cloud-network-config-controller

• OCPBUGS-22949: Azure: skip backend pool if attached to an outbound rule #128
• OCPBUGS-16325: Azure: Handle already existing IP configurations #117
• OCPBUGS-14717: increase GCP egress ip capacity to 100 from 10 #114
• OCPBUGS-13802: sync CloudPrivateIpConfig when node is missing #112
• OCPBUGS-13183: pull project name from subnet uri #108
• Full changelog

cluster-authentication-operator

• OCPBUGS-22689: increase timeout for probes #639
• OCPBUGS-13346: dont log jwt tokens #622
• Full changelog

cluster-autoscaler

• OCPBUGS-23274: Rebase 4.12 branch onto cluster autoscaler 1.25.3 #267
• Full changelog

cluster-autoscaler-operator

• OCPBUGS-20754: Bump x/net package to v0.18.0 #300
• Full changelog

cluster-baremetal-operator

• OCPBUGS-23291: hack for deploying V6-only clusters from dualstack hubs #389
• OCPBUGS-20845: Uplift x/net to v0.17.0 #371
• OCPBUGS-19557: Guard against nil PlatformStatus #367
• OCPBUGS-16169: use proxying for inspector in addition to ironic #349
• OCPBUGS-15715: Limit role binding to openshift-machine-api namespace #347
• OCPBUGS-7585: also use BMH.ConsumerRef for linking to master Machines #326
• Full changelog

cluster-bootstrap

• OCPBUGS-14386: Update dependencies and image #91
• Add API team to the OWNERS #97
• Full changelog

cluster-capi-controllers

• OCPBUGS-21521: bump golang.org/x/net to v0.17.0 #186
• Full changelog

cluster-capi-operator

• OCPBUGS-21055: Bump golang.org/x/net to v0.17.0 #138
• Full changelog

cluster-cloud-controller-manager-operator

• OCPBUGS-21148: Bump golang.org/x/net to v0.18.0 #297
• OCPBUGS-13862: add separate upgradeable condition for the sync controller #254
• OCPBUGS-13188: update config sync controller to add upgrade status #251
• OCPBUGS-7898: add a check for nutanix cloud conf map #239
• OCPBUGS-7884: Restart pods if related configuration was changed #228
• Full changelog

cluster-config-operator

• : OCPBUGS-21245: bump library-go to include switch to HTTP/1.1 #373
• CORS-2794: AWS Shared VPC API Bump [release-4.12] #344
• Full changelog

cluster-control-plane-machine-set-operator

• OCPBUGS-21342: Bump golang.org/x/net to v0.17.0 #260
• OCPBUGS-14960: Check ProviderSpec before generating MachineInfo #216
• OCPBUGS-15198: Surface cpms vs machines diff #219
• OCPBUGS-13943: fix double machine creation on stale cache #210
• OCPBUGS-12440: Prioritise machine mapping over alphabetical mapping #204
• OCPBUGS-11692: E2E periodics test timeout failures improvement #190
• OCPBUGS-8503: machine’s node must be ready for CPMS machine to be ready + fixes #193
• OCPBUGS-11521: Use PlatformStatus instead of PlatformSpec to determine platform #188
• Full changelog

cluster-csi-snapshot-controller-operator

• OCPBUGS-21442: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #169
• OCPBUGS-10646: Hypershift: set Deployment properties #148
• OCPBUGS-8374: [4.12] remove cluster-admin role. #143
• Full changelog

cluster-dns-operator

• OCPBUGS-21525: Bump golang.org/x/net/http2 to v0.17.0 for CVE-2023-39325 in cluster-dns-operator #391
• OCPBUGS-19933: update-node-resolver.sh: Check for errors from >> #385
• OCPBUGS-19933: ensure original hosts file contents are preserved #383
• OCPBUGS-15251: Add support for protocolStrategy API field to enable force_tcp configuration #378
• Full changelog

cluster-etcd-operator

• OCPBUGS-21127: fixing CVE-2023-39325 by updating dependencies #1148
• OCPBUGS-20100: [4.12] Backports of backup/restore fixes #1137
• OCPBUGS-19837: Update staticpod file permissions to conform with CIS benchmarks #1128
• OCPBUGS-17808: reset snapshot default counts to avoid file already lo… #1100
• OCPBUGS-12473: Fix Flake TestAttemptToScaleDown/scale_down_only_by_one_machine_at_a_time #1046
• OCPBUGS-7830: increase live/ready timeout and failure thresholds #1011
• Update reviewers and approvers #987
• OCPBUGS-7409: set default timeouts in etcdcli #1005
• OCPBUGS-6935: add dedicated success status for bootstrap removal #999
• OCPBUGS-7373: [release-4.12] fail early on missing node status envs #1004
• OCPBUGS-6898: updating library-go for CVE-2022-41717 #998
• And 2 elided commits (e.g. from squash or rebase merges)
• Full changelog

cluster-image-registry-operator

• OCPBUGS-22125: increase storage account key cache expiration #939
• OCPBUGS-20684: mitigate effects of rapid reset #947
• OCPBUGS-8491: bump aws-sdk-go #846
• Full changelog

cluster-ingress-operator

• OCPBUGS-20765: Bump golang.org/x/net for CVE-2023-44487 #988
• OCPBUGS-22432: test/e2e: Don’t use openshift/origin-node #992
• NE-1372: Add support for AWS shared VPC in another account #966 #971
• OCPBUGS-13049: bump controller-runtime to fix the multi namespace cache indexing #922
• OCPBUGS-15467: Add missing AWS permission for ListTagsForResources #954
• OCPBUGS-16620: Deflake TestRouterCompressionOperation #963
• OCPBUGS-16621: Fix TestClientTLS flakes #964
• OCPBUGS-15644: Update TestAWSELBConnectionIdleTimeout to not use wildcard DNS record #959
• OCPBUGS-14454, OCPBUGS-14455: Handle mTLS CRLs, and fix accidental CRL duplication #941
• OCPBUGS-12464: Target metrics port by name in internal service #910
• OCPBUGS-3517: Ingress controller should not have affinity policy in single-replica clusters #857
• Full changelog

cluster-kube-apiserver-operator

• : OCPBUGS-20855: bump library-go to include switch to HTTP/1.1 #1574
• OCPBUGS-19837: Update staticpod file permissions to conform with CIS benchmarks #1559
• OCPBUGS-17139: make webhook connection failure a warning in log #1533
• OCPBUGS-13346: dont log jwt tokens #1524
• OCPBUGS-6789: enable pod security admission for techpreview #1440
• OCPBUGS-6789: make the bootstrap kube-apiserver honor cluster-wide featuregates #1439
• OCPBUGS-7369: Guard pod set readiness probe endpoint explicitly #1445
• Full changelog

cluster-kube-cluster-api-operator

• OCPBUGS-20962: bump golang.org/x/net to v0.17.0 #29
• Full changelog

cluster-kube-controller-manager-operator

• OCPBUGS-21048: Bump deps to address CVE-2023-44487 [4.12] #759
• OCPBUGS-19837: Update staticpod file permissions to conform with CIS benchmarks #754
• OCPBUGS-6789: Enforce PSA when techpreview is enabled #694
• OCPBUGS-6789: honor feature gates during bootstrapping #695
• OCPBUGS-7369: Guard pod set readiness probe endpoint explicitly #699
• Full changelog

cluster-kube-scheduler-operator

• OCPBUGS-21239: Sync deps CVE 2023 39325 4.12 #505
• OCPBUGS-19837: Update staticpod file permissions to conform with CIS benchmarks #499
• OCPBUGS-14652: disable debug pporf with unauthenticated port for 4.12 #481
• OCPBUGS-7369: Guard controller: set the readiness probe endpoint explicitly #462
• Full changelog

cluster-kube-storage-version-migrator-operator

• : OCPBUGS-21336: bump library-go to include switch to HTTP/1.1 #98
• Full changelog

cluster-machine-approver

• OCPBUGS-23486: Filter non node CSRs in metrics #220
• OCPBUGS-21430: Bump x/net package to v0.18.0 #214
• Full changelog

cluster-monitoring-operator

• OCPBUGS-21441: Set the new –disable-http2 flag for prometheus-adapter to disable HTTP2 #2148
• OCPBUGS-22843: [release-4.12] add RHACS telemetry metrics #2140
• OCPBUGS-21234: upgrade golang.org/x/net to v0.17.0 #2123
• OCPBUGS-17125: backport metrics collection profiles selector logic to prevent users from double scraping when they upgrade from 4.12 to 4.13 #2047
• OCPBUGS-16028: Add the trusted CA bundle in UWM Prometheus pods #2042
• OCPBUGS-15473: Limit the value of GOMAXPROCS on node-exporter to 4 #2023
• OCPBUGS-13008: Add build number to vcenter version information #1965
• OCPBUGS-12727: backport OCPBUGS-5353 to 4.12 #1955
• OCPBUGS-11508: add startup probe for prometheus-adapter #1940
• OCPBUGS-11623: node-exporter: disable btrfs collector #1944
• OCPBUGS-11404: jsonnet: Add prometheus container in UWM #1935
• OCPBUGS-2439: set the argument path.udev.data in node exporter #1800
• Full changelog

cluster-network-operator

• OCPBUGS-24571: Disable weak SSH cipher suites #2164
• OCPBUGS-25128: Update to go 1.19 and x/net 0.8.0 #2157
• OCPBUGS-23293: IBMCloud specific: patch out management workload for dataplane component thats needed for bootstrapping #2108
• OCPBUGS-20277: Edited multus-admission-controller deployment config to not add autoount a service account token #1884
• OCPBUGS-20197: remove prestop hooks for northd, sbdbd and nbdb #2055
• OCPBUGS-17656: prevent creation of multiple cni-sysctl-allowlist-ds pods #1948
• OCPBUGS-11547: Hypershift: Add RollingUpdate parameters to multus-admission-controller #1775
• OCPBUGS-16142: fix reconciliation process of the allowlist controller #1891
• [release-4.12 ] OCPBUGS-11217:use annotation daemonset to update hybrid overlay #1764
• OCPBUGS-15588: Add release version annotation to whereabouts-reconciler #1856
• OCPBUGS-13891: [release-4.12] HyperShift: Support HostedControlPlane node selector #1816
• OCPBUGS-13067: Fix tier label, privileged, HOSTNAME/NODENAME in whereabouts reconciler [backport 4.12] #1829
• OCPBUGS-6061: Update github.com/Masterminds/sprig to v3 #1689
• OCPBUGS-13013: AUTH: update cluster-reader to include k8s.ovn.org #1799
• OCPBUGS-13067: Whereabouts should implement the reconciliation controller [backport 4.12] #1801
• OCPBUGS-11559: multus-admission-controller should not run as root under Hypershift #1777
• Bug OCPBUGS-4896: Kuryr: If set use MTU from Config for svc net #1671
• OCPBUGS-10977: HyperShift: Add POD_NAME env to ovnkube-node #1753
• OCPBUGS-11461: Split out konnectivity certs #1771
• OCPBUGS-11178: remove TLS_RSA_WITH_AES_128_CBC_SHA256 cipher #1759
• OCPBUGS-11059: Fix info log formatting #1659
• OCPBUGS-10319: HyperShift: Set affinity, tolerations and co-location for all hcp resources created by CNO #1738
• OCPBUGS-8014: add default noProxy config for Azure #1722
• OCPBUGS-9927: Enable configuration of node healthz server on ovnkube #1731
• OCPBUGS-5953: Backport Added missing API field podref to OverlappingRangeIPReservation CRD [Backport 4.12] #1685
• OCPBUGS-7044: HyperShift: Add .hypershift.local to no proxy list #1706
• OCPBUGS-7044: HyperShift: Do not use proxy for internal routes #1704
• OCPBUGS-4778: Fix handling of deployment and statefulset updates #1663
• OCPBUGS-4238: HyperShift: Co-locate OVN-Kubernetes master with other hcp pods #1645
• OCPBUGS-6494: OVN-Kubernetes: Stop sorting master node addresses, ignore readiness checks for redundant NB/SB #1691
• Full changelog

cluster-node-tuning-operator

• Disable HTTP/2 for webhook and metrics servers (#849) #849
• Remove obsolete protocols and weak ciphers (#847) #847
• OCPBUGS-21837: nto: pao avoid timeout when there are too many CSV (#838) #838
• Tighten the rules for modifying Tuned Profiles (#790) #790
• OCPBUGS-19459: check for object being nil (#821) #821
• OCPBUGS-18868: [release-4.14] e2e: add expected max latancy to hwlatdetec test & rename constant (#788) (#808) (#809) #788
• Release leader election on manager exit (#789) #789
• Fix a race in e2e test rollback.go code (#742) #742
• pao: e2e: Make script executable (#734) #734
• pao e2e: Split gcp-pao lane (#728) #728
• Do not rollback settings on TuneD exit (#711) #711
• OCPBUGS-15800: e2e: latency testing: increase the expected threshold and fix gomega truncating output (#710) #710
• Revert “Remove optimization to allow full resync (#569)” (#688) #569
• update owners 20230109 (#549) #549
• Add PerformanceProfiles to ‘oc adm must-gather’ (#667) #667
• OCPBUGS-14472: Fix updating numa core siblings map in GetCpuSiblings function (#675) #675
• Remove trailing spaces from test names (#572) #572
• Remove optimization to allow full resync (#569) #569
• e2e:latency: count LATENCY_TEST_DELAY in timeout (#539) #539
• e2e: add missing test id (#630) #630
• Remove subPaths, they are broken (#627) #627
• Remove the preStop hook for openshift-tuned (#621) #621
• E2E: Per Core Runtime Tuning Test automation (#509) (#568) #509
• E2E: Network stack Pinning tests (#533) #533
• Run node selector tests only if we 2 non Performanceworker nodes (#554) #554
• skip multiple ranges test if cores < 20 and use core as key to delete cpu siblings (#543) #543
• pao: latency-tests: read test log directly from pod (#547) #547
• Add authentication to the /metrics endpoint (#553) #553
• Full changelog

cluster-openshift-apiserver-operator

• OCPBUGS-22689: increase timeout for probes #558
• : OCPBUGS-20694: bump library-go to include switch to HTTP/1.1 #556
• OCPBUGS-13346: dont log jwt tokens #543
• Full changelog

cluster-openshift-controller-manager-operator

• OCPBUGS-20777: bump(k8s,openshift) to address CVE-2023-44487 #311
• Full changelog

cluster-platform-operators-manager

• OCPBUGS-20979: [release-4.12] Bump golang.org/x/net to v0.17.0 #99
• Full changelog

cluster-policy-controller

• OCPBUGS-21080: Bump deps to address CVE-2023-44487 [4.12] #136
• OCPBUGS-12442: psalabelsyncer: handle empty namespace of a rolebinding subject #111
• OCPBUGS-14092: [4.12] fix ClusterResourceQuotas to work for all api resources including custom resources #117
• OCPBUGS-13889: external template and route Informer #114
• OCPBUGS-6789: backport feature gate honoring for PSa label syncer #98
• OCPBUGS-7705: [release-4.12] update dependencies to point to v0.25.0 #102
• Full changelog

cluster-samples-operator

• OCPBUGS-15757: Update Jenkins and Jenkins Agent Base image versions #506
• OCPBUGS-10918: update Jenkins to v4.12 #492
• OCPBUGS-7208: When setting allowedRegistries urls the openshift-samples operator is degraded #489
• Full changelog

cluster-storage-operator

• OCPBUGS-21266: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #407
• OCPBUGS-18131: Add patch for allowing configmap updates via clusterrole #402
• OCPBUGS-14307: User real node name in failing mount alerts #377
• OCPBUGS-13719: assets: csi: hypershift: add pull-secret to aws-ebs-csi-driver-operator ServiceAccount #370
• OCPBUGS-10646: Hypershift: set control plane operand properties #355
• OCPBUGS-8374: Add UID to CSO Pod to be able to run with custom SCCs #347
• OCPBUGS-7331: hypershift: remove inject-proxy annotation from aws-ebs-csi-driver-operator deployment #337
• Full changelog

cluster-version-operator

• OCPBUGS-20729: [4.12] Bump http-related deps #990
• OCPBUGS-22408: pkg/clusterconditions/promql: Warm cache with 1s delay #988
• OCPBUGS-22198: Reconcile Volumes in SCCs #985
• OCPBUGS-14096: Trigger new sync round on ClusterOperator Available changes #938
• OCPBUGS-12182: Update dnsPolicy to allow consistent resolution of the internal LB #931
• OCPBUGS-10565: RetrievePayload: Improve timeouts and cover behavior with tests #914
• OCPBUGS-10514: pkg/cvo/availableupdates: Prioritize conditional risks for largest target version #913
• OCPBUGS-8304: Adding admin-gate ack-4.12-kube-1.26-api-removals-in-4.13 #908
• Full changelog

console

• OCPBUGS-22431: Check if filtered object contains name property #13285
• OCPBUGS-25213: add access review for impersonate #13440
• OCPBUGS-18116: Bump helm version #13104
• OCPBUGS-24236: Remove tech preview badge from Pipeline repository pages #13384
• OCPBUGS-23413: Correct logout process #13342
• OCPBUGS-24364: Subsequent PipelineRuns take initial PipelineRun name into account #13401
• OCPBUGS-13357: add multipath device type to LocalVolumeSet #12805
• OCPBUGS-23346: update the KnativeServing API version to v1beta1 for global-config extension #13334
• OCPBUGS-23154: remove expandable toggle for conditional update risk d… #13322
• OCPBUGS-22964: add support for new features annotations while preservi… #13305
• OCPBUGS-19382: Could not import multiple resources via JSON (while YAML supports this) #13168
• OCPBUGS-20071: Fix that “Delete application” doesn’t work in topology when Pipelines operator is not installed #13212
• OCPBUGS-21727: fetch TaskRuns without selector and reduces the get TaskRuns requests #13251
• OCPBUGS-21731: show all the legends for Pipeline metrics in PipelineRun TaskRun Duration chart #13252
• OCPBUGS-13580: Regression: OpenShift Console no-longer filters SecretList when displaying ServiceAccount #12747
• OCPBUGS-19907: Fixed Edit Application form for Knative Services #13205
• OCPBUGS-19045: Web console slowness on Project>Project access page #13155
• OCPBUGS-18273: Fix topology crash when a console.topology/data/factory extension tries to resolve a resource with version from the CRDs which doesn’t exists #13113
• OCPBUGS-18563: OLM Pages work when copied CSVs are disabled #13055
• OCPBUGS-17530: fix bug where binary secret values are corrupted on edit and add test coverage #13087
• OCPBUGS-18366: Fix DeploymentConfig list performance issues by lazy loading their ReplicationControllers #13122
• OCPBUGS-16660: Manual cherry-pick of #12978 #13039
• OCPBUGS-17192: “Duplicate RoleBinding” leads to “Unsupported value” error #13063
• OCPBUGS-16846: Fix stop PLR option #13051
• OCPBUGS-2182: re-enable operator-install-single-namespace.spec.ts test #13013
• OCPBUGS-16732: When removing the project owner from the project in GUI, instead of that user, the group (the default group added as project admin through the project template) will be removed. #13047
• OCPBUGS-16046, OCPBUGS-16047, OCPBUGS-16048: Helm Chart installation form hangs on create if JSON-schema is using 2019-09 or 2020-20 standard revisions #12997
• OCPBUGS-15898: account for single object in status.conditions instead… #12982
• OCPBUGS-16139: The upgrade Helm Release tab in OpenShift GUI Developer console is not refreshing with updated values. #13004
• OCPBUGS-15710: Create helm release page doesn’t show a YAML editor when schema isn’t available (httpd-imagestreams chart) #12962
• OCPBUGS-15849: Add Pipeline metrics unsupported empty page #12977
• OCPBUGS-9405: [OSD] There is no error message shown on node label edi… #12965
• OCPBUGS-15798: Remove access review check for PipelineResource from Pipeline section #12969
• OCPBUGS-13643: Fix OLM k8sResourcePrefix descriptor dropdown behavior #12813
• OCPBUGS-15569: use service port name instead targetPort in the Pipeline Event listener route #12958
• OCPBUGS-15535: Delete annotation ‘tekton.dev/v1beta1TaskRuns’ when rerun the PLR #12955
• OCPBUGS-15404: Importing a kn Service shows a non-working Open URL decorator also when the Add Route checkbox was unselected #12935
• OCPBUGS-15057: only copy workload annotations to debug pod #12903
• OCPBUGS-15099: visiting Configurations page returns error Cannot read… #12906
• OCPBUGS-15482: Remove PipelineResource CRD check because it’s not installed with PO 1.11 anymore #12948
• OCPBUGS-14190: When Creating Sample Devfile from the Samples Page, Topology Icon is not set #12859
• OCPBUGS-11989: Modified git import flow module to handle create button enable-disable issue #12775
• OCPBUGS-6848: Service name search ability while creating the Route from console #12505
• OCPBUGS-7619: Search page: LazyActionMenus are shown below Add/Remove from navigation button #12575
• OCPBUGS-7924: Developer - Topology : ‘Filter by resource’ drop-down i18n misses #12598
• OCPBUGS-13803: add support for minimal status of tekton #12831
• OCPBUGS-13750: use PipelineRun template from ‘pipelines-as-code-pipelinerun-go’ configMap for Go runtime #12829
• OCPBUGS-12839: Show type of sample on the samples view #12783
• OCPBUGS-12992: Pipeline doesn’t render correctly when displayed but looks fine in edit mode #12791
• OCPBUGS-9336: use buildconfig form also for create #12770
• OCPBUGS-11601: Move operator install status to it’s own … #12715
• OCPBUGS-12232: Fix for broken Create key/value secrets e2e tests #12750
• OCPBUGS-11844: delete associated pipeline, triggertemplate and eventlistener when deleting app #12727
• OCPBUGS-11972: update the default pipelineRun template name #12687
• OCPBUGS-6888: Show Git icon and repo link as per the Git provider #12511
• OCPBUGS-12476: Pipelines repository list and creation form doesn’t show Tech Preview status #12763
• OCPBUGS-1753: Fix OLM descriptor components deletes operand e2e test failing #12573
• OCPBUGS-12477: Users don’t know what type of resource is being created by Import from Git or Deploy Image flows #12765
• OCPBUGS-11998: Do not show builder ImageStreams without sampleRepo as samples #12740
• OCPBUGS-5009: Helm Charts and Samples are not disabled in topology actions if actions are disabled in customization #12382
• OCPBUGS-7953: fix devfile error #12605
• OCPBUGS-6672: In DeploymentConfig both the Form view and Yaml view are not in sync #12475
• OCPBUGS-8016: PipelineRun templates must be fetched from OpenShift namespace #12614
• OCPBUGS-10225: Get the Event type value from the latest PLR of the Repository #12643
• OCPBUGS-7333: Add missing SDK extensions descriptions #12556
• OCPBUGS-7951: delete application should delete all part-of resources #12604
• OCPBUGS-6036: Project dropdown order is not as smart as project list page order #12447
• OCPBUGS-7800: add subject kind dropdown in the project access form #12586
• OCPBUGS-8339: disable operator-install-single-namespace.spec.ts until… #12624
• OCPBUGS-3892: Add cluster to query params of websocket requests #12282
• OCPBUGS-5092: Fix to use and set correct secretReference for build-config triggers #12388
• OCPBUGS-7895: Bump helm version to 3.10.1 #12579
• OCPBUGS-6873: The dropdown list component will be covered by deployment details page on Topology page #12507
• OCPBUGS-6831: Fix crash when pinnedResources is null #12503
• OCPBUGS-7471: Right border radius is 0 for the pipeline visualization wrapper in dark mode #12565
• OCPBUGS-7506: Fix different CI issues #12555
• OCPBUGS-6966: Remove description field from the PLR parameters page #12519
• OCPBUGS-7437: Webhook Secret (1 of 2) is not removed when Knative Service is deleted #12560
• OCPBUGS-6887: Show Tag label and tag name if tag is detected in repository PipelineRun list and details page #12510
• OCPBUGS-6816: Repositories list does not show the running pipelinerun as last pipelinerun #12500
• OCPBUGS-4072: Fix rerender loop/crash when bindable-kinds is found but has no status #12304
• OCPBUGS-6671: fix broken pipeline secret #12474
• OCPBUGS-6913: PipelineRun task status overlaps status text #12516
• OCPBUGS-6766: Fix to provide an option to delete all app resources on delete-resource modal for D/DC/KSVC #12491
• OCPBUGS-6969: Added translation to Last used in resource type dropdown #12521
• OCPBUGS-6764: Add Git Repository (PAC) showed empty permission content and non-working help link until a git url is entered #12490
• OCPBUGS-4281: Do not disable metrics when auth is disabled #12323
• OCPBUGS-6669: Do not show UpdateInProgress when status is Failing #12473
• OCPBUGS-5093: Fix to show correct help texts for each git repo status error code #12389
• OCPBUGS-6085: Editing Pipeline in the ocp console should show correct information #12452
• OCPBUGS-6758: Add RBAC check on Create a Project link in all-namespaces pages #12489
• OCPBUGS-6755: Remove refs-heads from the branch name for Repository pipelineRun row #12487
• And 3 elided commits (e.g. from squash or rebase merges)
• Full changelog

console-operator

• OCPBUGS-18951: Add haproxy timeout annotation to console routes #792
• OCPBUGS-18309: Add missing watch permission for helm-chartrepos-viewers #789
• OCPBUGS-15834: Dockerfile: Shift ConsolePlugin CRD after the operator Deployment #791
• OCPBUGS-18563: OLM Pages work when copied CSVs are disabled #780
• OCPBUGS-13647: Proper cleanup of route sync conditions #762
• OCPBUGS-7999: Distinguish between route conditions and remove the old ones #735
• OCPBUGS-6921: Recover ConsoleNotificationSync after being degraded #728
• And 2 elided commits (e.g. from squash or rebase merges)
• Full changelog

container-networking-plugins

• OCPBUGS-20593: build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 [backport 4.12] #131
• Full changelog

coredns

• OCPBUGS-21023: UPSTREAM: <carry>: openshift: Address CVE-2023-39325 #103
• OCPBUGS-20144: UPSTREAM: <carry>: openshift: Fix OCPBUGS-20144 #98
• Full changelog

csi-driver-manila, openstack-cinder-csi-driver, openstack-cloud-controller-manager

• OCPBUGS-21236: Upgrade dependencies #242
• OCPBUGS-20573: [release-4.12] CARRY: Add DOWNSTREAM_OWNERS #229
• OCPBUGS-20124: FastFix: Merge https://github.com/kubernetes/cloud-provider-openstack:release-1.25 into release-4.12 #220
• OCPBUGS-15971: Merge https://github.com/kubernetes/cloud-provider-openstack:release-1.25 into release-4.12 #198
• OCPBUGS-11906: Merge https://github.com/kubernetes/cloud-provider-openstack:release-1.25 into release-4.12 #193
• OCPBUGS-6591: Merge https://github.com/kubernetes/cloud-provider-openstack:release-1.25 into release-4.12 #174
• Full changelog

csi-driver-manila-operator

• OCPBUGS-18475: Don’t cache OpenStack client #202
• OCPBUGS-18417: set TLS cipher suites in Kube RBAC sidecars #199
• OCPBUGS-10556: Bump go.mongodb.org/mongo-driver to v1.5.1 #176
• OCPBUGS-6599: Address CVE-2022-41717 #166
• Full changelog

csi-driver-nfs

• OCPBUGS-6590: Address CVE-2022-41717 #105
• Full changelog

csi-driver-shared-resource, csi-driver-shared-resource-webhook

• OCPBUGS-23118: Should reference configmaps instead of secrets #154
• OCPBUGS-20703: bump golang.org/x/net to v0.17.0 #148
• Full changelog

csi-driver-shared-resource-operator

• OCPBUGS-20787: bump golang.org/x/net to v0.17.0 #88
• Full changelog

csi-external-attacher

• OCPBUGS-21139: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #62
• Full changelog

csi-external-provisioner

• OCPBUGS-20743: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #74
• Full changelog

csi-external-resizer

• OCPBUGS-20885: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #149
• Full changelog

csi-external-snapshotter, csi-snapshot-controller, csi-snapshot-validation-webhook

• OCPBUGS-20991: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #111
• Full changelog

csi-livenessprobe

• OCPBUGS-20629: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #52
• OCPBUGS-13821: Bump gRPC from 1.38.0 to 1.49.0 #43
• Full changelog

csi-node-driver-registrar

• OCPBUGS-20674: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #54
• Full changelog

docker-builder

• OCPBUGS-23037: Add -p flag to cp command to preserve timestamps #372
• OCPBUGS-20695: [release-4.12]Bump golang.org/x/net #364
• OCPBUGS-17228: bump github.com/containers/buildah to v1.26.6 #325
• OCPBUGS-15643: Add the git-lfs package #353
• OCPBUGS-6753: manage-dockerfile: use the original form of HEALTHCHECK #324
• Full changelog

docker-registry

• OCPBUGS-19306: bump docker-distribution #382
• OCPBUGS-10496: bump docker-distribution #365
• OCPBUGS-8491: bump aws-sdk-go #362
• Full changelog

etcd

• OCPBUGS-21187: [4.12] Carrying fixes for CVE-2023-44487 #228
• OCPBUGS-15860: [4.12] Rebase openshift/etcd to 3.5.9 #207
• Update owners #185
• Updating ose-etcd images to be consistent with ART #153
• Full changelog

gcp-cloud-controller-manager

• OCPBUGS-21282: Bump golang.org/x/net to v0.18.0 #44
• Full changelog

gcp-cluster-api-controllers

• OCPBUGS-21380: Bump golang.org/x/net to v0.17.0 #205
• Full changelog

gcp-machine-controllers

• OCPBUGS-20833: Bump x/net package to v0.18.0 #69
• OCPBUGS-14120: Register control plane machines to instance group #52
• Full changelog

gcp-pd-csi-driver

• OCPBUGS-20718: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #47
• Full changelog

gcp-pd-csi-driver-operator

• OCPBUGS-20807: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #89
• OCPBUGS-18417: set TLS cipher suites in Kube RBAC sidecars #82
• Full changelog

haproxy-router

• OCPBUGS-21098: Bump golang.org/x/net to v0.17.0 to address CVE-2023-39325 #532
• OCPBUGS-17766: haproxy/template: mitigate CVE-2023-40225 #507
• OCPBUGS-18639: properly handle weight=0 #511
• OCPBUGS-14454, OCPBUGS-14455: Handle mTLS CRLs, and fix accidental CRL duplication #491
• Full changelog

hyperkube, pod

• OCPBUGS-25214: legacy-cloud-providers: prevent index out-of-range in getNextUnitNumber #1835
• OCPBUGS-23568: Update to kubernetes 1.25.16 #1807
• OCPBUGS-23288: UPSTREAM: 121881: Use golang library instead of mklink #1803
• OCPBUGS-20113: UPSTREAM: <carry>: Do not allow nodes to set forbidden openshift labels #1747
• openshift-hack: Fix sporadic 141 errors in build-rpms #1774
• OCPBUGS-21435: [release-4.12] UPSTREAM: 121125: [1.25][CVE-2023-39325] .: bump golang.org/x/net to v0.17.0 #1760
• OCPBUGS-18288, OCPBUGS-19483: Update to kubernetes 1.25.14 #1719
• OCPBUGS-18768: UPSTREAM: <carry>: Force using host go always and use host libriaries #1694
• OCPBUGS-17188: Update to Kubernetes 1.25.12 #1669
• OCPBUGS-17159: Increase service idle max timeout to 100 minutes #1662
• OCPBUGS-8737: UPSTREAM: <drop>: bump apiserver-library-go for scc fix #1619
• OCPBUGS-15309: Bump to k8s 1.25.11 #1615
• OCPBUGS-14745: [release-4.12] UPSTREAM: 118383: bump cadvisor for upstream patch 3301 #1600
• OCPBUGS-13173: Bump to k8s 1.25.10 #1582
• OCPBUGS-7589: UPSTREAM: <carry>: add default kubelet sysctls within rpm #1478
• OCPBUGS-11166: UPSTREAM: <carry>: Force using the go tooling from the system #1531
• OCPBUGS-11166: Bump to k8s 1.25.8 #1527
• OCPBUGS-8705: Fix mounted volume expansion tests #1503
• OCPBUGS-7078: Bump to k8s 1.25.7 #1496
• OCPBUGS-5769: scc admission - seccomp profiles fix #1471
• Full changelog

hypershift

• MULTIARCH-3709: PowerVS - Add reuse resource flags to e2e test #2994
• MULTIARCH-3732: PowerVS - Fix cluster deletion when existing resources passed #2993
• MULTIARCH-3733: Add dev flags in destroy cluster powervs command #2998
• Updated secret permissions for openshift-route-controller-manager #2924
• fix(hcco): Add HCP label to HCCO by default #2972
• fix(ignition): Add HCP label to ignition-server by default #2949
• OCPBUGS-16847: use ignition-proxy Service to populate ignitionEndpoint with strategy NodePort #2855
• [release 4.12] OCPBUGS-11555: OAuth OpenShift deployment requires ConfigMap mount patch2 #2803
• OCPBUGS-16411: fix deletion bug when hostedzone is already deleted #2835
• Kas policy 4.12 #2826
• Leader election config update. #2800
• OCPBUGS-15614: Check OwningIngressController also in Labels #2759
• OCPBUGS-16086: autoscaling balance similar groups #2806
• HOSTEDCP-1060: refactor ignition-server reconcilation and add ignition-server proxy #2749
• OCPBUGS-14873: Update vendored openshift API for 4.12 #2734
• HOSTEDCP-1073: enforce blocked rollout of HCP #2745
• properly handle user CA bundle not existing #2711
• OCPBUGS-15304: [release-4.12] fix(oauth): Do not proxy IBM Cloud IAM endpoints #2695
• OCPBUGS-14873: Honor global ingress configuration LoadBalancer type on AWS #2678
• OCPBUGS-14803: Set DisableStrictZoneCheck = true in the AWS Cloud Provider config #2667
• [release 4.12] OCPBUGS-11555: OAuth OpenShift deployment requires ConfigMap mount #2512
• OCPBUGS-14156: Reconcile oauthDeployment annotations even if kubeadmin secret is not found #2614
• OCPBUGS-14031: Include default ingress CA in root CA bundle #2600
• OCPBUGS-13626: Sync proxy TrustedCA to guest cluster #2557
• OCPBUGS-13639: Cherry pick aws endpoint sg #2579
• OCPBUGS-12787: fix(hcco): Get OLM CatalogSource images from defined map #2485
• ACM-5173 [backport 4.12] get pull secret instead of dockerconfigjson from mce credentials #2486
• Configurable SRE MetricsSet #2545
• OCPBUGS-13077: Ensure ingress controllers are removed before load balancers #2515
• OCPBUGS-11544: Pass runAsUser to CNO so it can run its managed services with proper security context #2391
• OCPBUGS-12845: Delete kubeadmin secret when an idp is defined #2492
• OCPBUGS-12738: Pass OPENSHIFT_RELEASE_IMAGE env variable to CNO #2473
• OCPBUGS-12199: remove ACL for aws bucket #2458
• OCPBUGS-11607: properly reconcile with user specified changes for in proxy configuration #2395
• OCPBUGS-11726: Update HostedCluster oauthCallbackURLTemplate #2410
• e2e: Cleanup shared OIDC provider on SIGTERM #2449
• HOSTEDCP-568: Update Konnectiviy socks5 proxy for IBM exception #2406
• OCPBUGS-10584: Switch NTO metrics auth to certs generated by HCP controller #2293
• OCPBUGS-11014: Do not proxy when guest cluster resolution fails #2340
• OCPBUGS-11654: [release-4.12] Create new EC2 client for AWS identity provider health check #2403
• OCPBUGS-10646: Add storage operators perms. to watch HostedControlPlane #2306
• HOSTEDCP-939: [release-4.12] Setup shared OIDC provider for e2e clusters #2365
• HOSTEDCP-806: Fix ValidAWSKMSConfig condition #2362
• OCPBUGS-11056: fix external APIServer address selection based on endpointAccess #2350
• OCPBUGS-10823 ensure well known public domains do not get proxied on image imports #2351
• SDA-8707: No more specifying the scrape interval at servicemonitors & podmonitors level #2356
• HOSTEDCP-900: Modified AWSPrivateLinkController and AWSEndpointServiceController to respect PausedUntil spec field #2285
• OCPBUGS-10504: Deletion of the VPCEnpoint on conflicting service names #2310
• HOSTEDCP-806: [release-4.12] Validate etcd KMS config #2273
• HOSTEDCP-801: [release-4.12] Expose external DNS for private cluster endpoints #2314
• HOSTEDCP-839: Audit log sidecars for openshift-apiserver and openshift-oauth-apiserver #2297
• OCPBUGS-10587: Use appropriate serving certificate for OAuth #2295
• OSD-15099: Delaying the creation of servicemonitor and podmonitor resources till the hostedcluster is Completed #2274
• Add PodMonitor for ingress-operator pods in HCP namespaces #2275
• OCPBUGS-8334: [release-4.12] Update the pull secret source for ignition payload #2268
• Force controleplane upgrade always #2289
• OCPBUGS-8370: Fix cleanup of volumes on cluster deletion #2253
• OCPBUGS-8241: Add external DNS health condition / release-4.12 #2206
• HOSTEDCP-809: Clone CA key/cert to TLS key/cert #2263
• Add configuration for automatic labeling and label commands #2255
• fix(cpo): Delete multus validatingwebhookconfiguration on CNO init #2251
• feat(HCCO): Block DNS operator delete until Cluster Version updated #2242
• kms addition for pod identity workflow #2247
• Add e2e test for hosted cluster behind a proxy #2199
• Add e2e test for cluster creation with AWS KMS #2201
• HOSTEDCP-826: Customize DNS base domain prefix #2235
• feat: Add pod gone check to prober + DNS operator leader elect #2209
• fix(ibmcloud): Explicitly set HCCO controllers #2208
• ensure reconcilation of apiserver port is in 4.12 #2195
• Cleanup default security group only if authorized #2212
• fix(cpo): Set restart annotation on multus-admission-controller #2190
• fix(cpo): Remove OLM collect for IBM Cloud to reduce artifacts and rbac #2189
• fix(cpo): Reduce CNO access if Calico used as network provider #2184
• Skip destroyAWSDefaultSecurityGroup if not AWS #2168
• Create default security group for AWS clusters #2162
• AUTH-323: pki: split out konnectivity certs from the rootCA #2156
• fix(ibmcloud): Initialize image registry config on creates and bad config #2104
• fix(cpo): Allow KAS profiling disablement #2122
• reduce ignition server scope #2140
• OpenID add support for groups claim in the config #2129
• fix(cpo): Restart registry operator on annotation #2121
• Fix CAPA crd generation #2120
• Set k8s.io/kubernetes dependency to v0.23.3 #2118
• fix(cpo): Separate RBAC for NTO + CNO #2112
• Merge main up to db7c22ae into ‘release-4.12’ #2101
• Full changelog

ibm-cloud-controller-manager

• OCPBUGS-21113: Bump golang.org/x/net to v0.18.0 #57
• Full changelog

ibm-vpc-block-csi-driver

• OCPBUGS-20583: [IBM VPC] failed provisioning volume in proxy cluster #56
• OCPBUGS-21206: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #52
• OCPBUGS-8451: Rebase to v5.1.2 for OCP 4.12 #32
• Full changelog

ibm-vpc-block-csi-driver-operator

• OCPBUGS-20583: [IBM VPC] failed provisioning volume in proxy cluster #79
• OCPBUGS-21302: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #83
• Full changelog

ibm-vpc-node-label-updater

• OCPBUGS-21415: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #29
• Full changelog

ibmcloud-cluster-api-controllers

• OCPBUGS-21397: UPSTREAM: <carry>: bump golang.org/x/net to v0.18.0 #67
• Full changelog

insights-operator

• adds helm information gather (#890) #890
• OCPBUGS-23439: remove username & password config options (#869) #869
• OCPBUGS-22922: create Prometheus rules programmatically according the… (#860) (#862) #860
• OCPBUGS-20731: update dependencies (#841) #841
• Add cherry-pick from 4.13 (#853) #853
• OCPBUGS-19476: update Insights report config logging (#831) #831
• OCPBUGS-19405: workload info gatherer, add external image repo (#823) #823
• OCPBUGS-15031: fix the config serialization & add test (#794) (#800) #794
• OCPBUGS-15459: gather PDBs only from openshift namespaces (#804) #804
• OCPBUGS-15414: extend configmap gatherer to get gateway-mode-config (#788) (#791) (#801) #788
• OCPBUGS-7871: Collect info about monitoring pods pv (#769) #769
• OCPBUGS-11008: update the cluster transfer interval to 12h (#765) #765
• OCPBUGS-10531: service_accounts.go Marshal fix (#754) #754
• OCPBUGS-6732: Anonymize env vars from containers: HTTP_PROXY, HTTPS_PROXY (#727) #727
• OCPBUGS-6833: feat(recent_metrics) adds openshift_apps_deploymentconfigs_strategy_total (#736) #736
• OCPBUGS-6782: Create gatherer for gathering machines. (#734) #734
• Full changelog

ironic

• OCPBUGS-23979: Ironic side of external_http_url (METAL-163) is not wired in correctly #431
• OCPBUGS-23357: Upgrade werkzeug dependency #423
• OCPBUGS-23182: Use bash process substitution instead of pipe #419
• OCPBUGS-19064: Handle Eject DVD in 4.12 #417
• OCPBUGS-21849: bump eventlet version #409
• OCPBUGS-17642: Expand regex for fcos/okd packages list #392
• OCPBUGS-16169: allow inspector to also be proxied #385
• OCPBUGS-13586: Add python-flask dependency #373
• Bug OCPBUGS-13335: Bump ironic version to include fix to OCPBUGS-13335. #367
• OCPBUGS-13041: Bump python-sushy #363
• OCPBUGS-7566: Bump werkzeug 4.12 #352
• Full changelog

ironic-agent

• OCPBUGS-19008: better compatibility with old hostnamectl #92
• OCPBUGS-19008: backport hostname fixes #90
• “Bug OCPBUGS-15831: Switch to udevadm command install instead of package” #82
• OCPBUGS-9934: Adding dep on python3-werkzeug >= 2.0.3-4 #72
• Full changelog

ironic-machine-os-downloader

• OCPBUGS-15735: Binary should be compiled on rhel9 #92
• Full changelog

ironic-static-ip-manager

• OCPBUGS-14415: Flush addresses on provisioning interface with global scope only #37
• Full changelog

k8s-prometheus-adapter

• OCPBUGS-21441: upgrade golang.org/x/net to 0.17.0 to address CVE #91
• OCPBUGS-20580: limit number of simultaneous client requests #79
• Full changelog

kube-proxy, sdn

• OCPBUGS-22972: Change the permission of 80-openshift-network.conf to 600 #583
• OCPBUGS-18325: Vendor o/k to consume update to prefer local TCP eps for DNS #573
• OCPBUGS-13785: EgressNetworkPolicy DNS resolution does not fall back to TCP #542
• OCPBUGS-14304: fix possible concurrent map read/write #551
• OCPBUGS-13058: save and delete the old egress network policy #539
• OCPBUGS-13761: CVE-2018-17419 ose-node-container: dns: Denial of Service (DoS) #541
• OCPBUGS-10805: Fix race in Egress IP Tracker start #521
• OCPBUGS-7474: Initialize egress node monitoring struct with previous reachability status #505
• OCPBUGS-6842: Handle race condition to setup default vnid flows #497
• OCPBUGS-7227: Update for 4.12 / go 1.19, including gofmt updates #482
• Full changelog

kube-rbac-proxy

• OCPBUGS-20687: trim down http2, make it configurable 4.12 #85
• OCPBUGS-11645: Updating kube-rbac-proxy images to be consistent with ART #56
• Full changelog

kube-state-metrics

• OCPBUGS-20764: bump x/net to v0.17.0 #103
• Full changelog

kuryr-cni, kuryr-controller

• Bug OCPBUGS-16376: Fix np retry #740
• OCPBUGS-15493: Remove unneeded grpcio dependencies from RPM #737
• OCPBUGS-13778: KuryrPort cleanup: Fix issue of subport not found #731
• Bug OCPBUGS-12164: Fix ValueError when Pod has no IP address #722
• OCPBUGS-11993: Fix VIF revert on KuryrPort status update error #721
• Full changelog

machine-api-operator

• OCPBUGS-25303: Update reference URL #1189
• OCPBUGS-21501: Bump golang.org/x/net to v0.18.0 #1176
• OCPBUGS-10943: Fix empty component version #1132
• OCPBUGS-7882: Block machine deletion if extra disks are attached #1120
• OCPBUGS-8286: Short circuit misfiring #1109
• Full changelog

machine-config-operator

• OCPBUGS-21038: update library-go and kube deps to latest version #4013
• OCPBUGS-22719: Backport logspam PRs #4008
• OCPBUGS-21723: keepalived/ingress: change healthcheck script #3985
• OCPBUGS-18433: Prevent NM from unsetting the hostname #3900
• OCPBUGS-20509: resolv-prepender: avoid pulling baremetalRuntimeCfgImage again if it … #3969
• OCPBUGS-19779: daemon: always use podman cp to copy extensions container content #3944
• OCPBUGS-19515: The kubeconfig copied on to each node has 644 permissions #3931
• OCPBUGS-17862: Agent-based install process the container machine-config-controller will be oom #3875
• OCPBUGS-17461: The machine-config-controller pod restart in SNO+1 causing daemonsets to restart #3844
• OCPBUGS-15570: configure-ovs: support UUID in vlan.parent #3768
• OCPBUGS-16754: daemon: Don’t traverse /run/ostree/auth.json symlink #3818
• OCPBUGS-11303: Fix regex dot in coredns config file #3660
• OCPBUGS-13757: The MCD has a non-functional pivot command that should be removed #3710
• OCPBUGS-7718: Prevent possible split-brain scenario with keepalived unicast #3562
• OCPBUGS-7945: [release-4.12] Forklift most of resolv-prepender dispatcher script to systemd #3573
• OCPBUGS-5935: Wrap podman commands in a while loop #3495
• OCPBUGS-7167: Avoid ‘too restrictive’ SCC problems by being more explicit #3542
• OCPBUGS-10505: daemon: Drop duplicate --authfile used in run #3617
• OCPBUGS-10372: Remove hard requirement for the afterburn from early-running aws-related services #3613
• OCPBUGS-9993: Revert “daemon: Temporarily copy auth file with more open perms on FCOS” #3608
• OCPBUGS-7445: configure-ovs: fix mtu-migration cleanup #3555
• OCPBUGS-8261: [release-4.12] backport cleanupDuplicateMC #3578
• OCPBUGS-6943: Improvements for configure-ovs.sh #3528
• OCPBUGS-6045: There are not enough logs in case “oc extract” is stuck in mco first boot #3503
• OCPBUGS-6973: configure-ovs: optionally generate configuration in /run #3532
• OCPBUGS-6779: baremetal: clean state generated by NM when run by dracut #3521
• OCPBUGS-7241: controller: default overwrite to true for files #3546
• OCPBUGS-6997: Fix 4.12 art images #3535
• OCPBUGS-6805: Only check image type if we are sure there is work that needs to be done #3526
• Full changelog

machine-image-customization-controller

• OCPBUGS-21543: Uplift x/net to v0.17.0 #106
• OCPBUGS-19008: Pass BareMetalHost name to IPA (take 2) #101
• OCPBUGS-18687: Watch networkData Secrets for changes #96
• Full changelog

multus-admission-controller

• OCPBUGS-21330: Update go.mod for CVE-2023-39325 [Release-4.12] #73
• Updating ose-multus-admission-controller images to be consistent with ART #61
• OCPBUGS-10506: Client golang [backport 4.12] #59
• Full changelog

multus-cni

• OCPBUGS-21061: Update go.mod for CVE-2023-39325 [Release-4.12] #196
• OCPBUGS-22461: fix multiple default gw #200
• OCPBUGS-7844: Fix multus to support CNI plugin which does not create interface [backport 4.12] #164
• OCPBUGS-10535: Multus sync Mar-20-2023 to OCP 4.12 #149
• OCPBUGS-7792: Multus sync v3.9.3 to OCP 4.12 #145
• Full changelog

multus-networkpolicy

• OCPBUGS-21420: Update go.mod for CVE-2023-39325 (#36) #36
• Full changelog

multus-route-override-cni

• Updating ose-multus-route-override-cni images to be consistent with ART #27
• Full changelog

multus-whereabouts-ipam-cni

• OCPBUGS-21499: update golang.org/x/net to v0.17.0 #209
• OCPBUGS-5953: Denormalize IP name before checking if pod is alive [Backport 4.12] #178
• Updating ose-multus-whereabouts-ipam-cni images to be consistent with ART #134
• OCPBUGS-8673: Dual stack support #131
• OCPBUGS-7429: Invalid ipv6 backport 4.12 #109
• OCPBUGS-11321: respect requested allocation range when exluding ranges [Backport 4.12] #123
• Updating ose-multus-whereabouts-ipam-cni images to be consistent with ART #93
• OCPBUGS-3941: Backport Excluded ranges bug (#282) #103
• Full changelog

network-interface-bond-cni

• OCPBUGS-13836: Ignore missing links during delete command #53
• Updating ose-network-interface-bond-cni images to be consistent with ART #37
• Full changelog

network-metrics-daemon

• Update the k8s dependencies to 1.25.15 (#84) #84
• Revert “Remove e2e tests that consistently fail in 4.12 (#74)” (#77) #74
• Remove e2e tests that consistently fail in 4.12 (#74) #74
• Updating ose-network-metrics-daemon images to be consistent with ART (#60) #60
• Fix gofmt check issue (#68) #68
• Update golang.org/x/text to 0.7.0 (#66) #66
• Full changelog

oauth-apiserver

• Updating ose-oauth-apiserver images to be consistent with ART #80
• Full changelog

oauth-server

• OCPBUGS-13906: don’t log request query and fragment on failed authn request #129
• OCPBUGS-12757: bump lib-go for group cache fix, kube 1.24->1.25 #127
• Full changelog

oc-mirror

• OCPBUGS-21440: fix: CVE-2023-39325 and CVE-2023-44487 (#713) #713
• OCPBUGS-14065: Fix destination image reference (#650) #650
• OCPBUGS-11908: Fix (#607) (#641) #607
• OCPBUGS-14065: fix: Limit the nested repository path while mirroring the images (#642) #642
• updates the OWNERS file (#646) #646
• OCPBUGS-12261: fix: skips bundles with ‘skips’ field on head bundle (#618) #618
• OCPBUGS-863: Add skip pruning flag and logic (#591) #591
• Bugfix for destination registry nested paths length (#590) #590
• OCPBUGS-6703: fix: adds logic that searches for the correct name when using a heads… (#554) #554
• Updating oc-mirror-plugin images to be consistent with ART (#515) #515
• Full changelog

olm-rukpak

• OCPBUGS-23449: [release-4.12] Address http2 Vulnerability #64
• OCPBUGS-21343: [release-4.12] Bump golang.org/x/net to v0.17.0 #41
• UPSTREAM: <carry>: add downstream owners #43
• Full changelog

openshift-apiserver

• OCPBUGS-8717: Clear metadata.namespace on projects before write. #358
• Full changelog

openshift-state-metrics

• OCPBUGS-20706: bump x/net to v0.17.0 #106
• Full changelog

openstack-cinder-csi-driver-operator

• OCPBUGS-21557: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #137
• OCPBUGS-18417: set TLS cipher suites in Kube RBAC sidecars #130
• Full changelog

openstack-machine-api-provider

• Bug OCPBUGS-19770: Set controller’s SyncPeriod to 1 hour #86
• OCPBUGS-10607: Use TenantID if ProjectID is empty #66
• OCPBUGS-10603: machineset_controller: Stop caching clouds credentials #65
• OCPBUGS-7155: Address CVE-2022-41717 #55
• Full changelog

openstack-machine-controllers

• OCPBUGS-20780: deps: Upgrade golang.org/x/net to v0.17.0 #277
• Full changelog

operator-lifecycle-manager, operator-registry

• OCPBUGS-22132: [release-4.12] Bump golang.org/x/net to v0.17.0 #590
• OCPBUGS-18512, RHIBMCS-168: Copied csv listing backport #559
• Introduce DOWNSTREAM_OWNERS file #541
• Allow cpb to be statically compiled / exempt from FIPS compliance #512
• OCPBUGS-15858: fix dynamic conversion webhook #503
• OCPBUGS-15737: Re-enable psa plugin #500
• OCPBUGS-7650: Catalog Pod Startup Probe Timeout #450
• Updating operator-registry images to be consistent with ART #397
• OCPBUGS-7825: Set openshift.io/scc label to empty #456
• OCPBUGS-7769: [release-4.12] update cluster policy operator dependency #454
• OCPBUGS-7556: Defuse E2e timebomb #449
• OCPBUGS-7086: cherry-pick pull request refactor FBC caching (#1051) f… #441
• OCPBUGS-6260: Catalog, fatal error: concurrent map read and map write #440
• OCPBUGS-7025: Set ImagePullPolicy of bundle unpacker to “IfNotPresent” for image digests #439
• Full changelog

operator-marketplace

• OCPBUGS-20955: [release-4.12] bump golang.org/x/net to 0.17.0 #550
• OCPBUGS-18503: remove a race condition #533
• OCPBUGS-14109: Revert default catsrc diff changes #519
• OCPBUGS-7108: Default CatalogSource aren’t always reverted to default settings #506
• Full changelog

ovirt-csi-driver

• OCPBUGS-23162: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #131
• Full changelog

ovirt-csi-driver-operator

• OCPBUGS-23266: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #128
• OCPBUGS-18417: set TLS cipher suites in Kube RBAC sidecars #121
• Full changelog

ovn-kubernetes, ovn-kubernetes-microshift

• OCPBUGS-26243: Fix Egress IP Deletion Handler to Prevent OVN Policy Leaks #2006
• OCPBUGS-25096: Fragment oversized reply packets in LGW mode #1984
• OCPBUGS-22091: Bump OVN to 23.06.1-39.el8fdp #1943
• OCPBUGS-18681: Check libovsdbclient.ErrNotFound on wrapped errors #1862
• OCPBUGS-20241: fix race condition in hybrid overlay DRIP alloc #1932
• OCPBUGS-18353: Update bridge flow cache when the host address changes #1872
• OCPBUGS-14708, OCPBUGS-19089, OCPBUGS-19904, OCPBUGS-19906: Dockerfile: bump OVN to ovn22.12-22.12.1-18.el8fdp #1881
• OCPBUGS-18054: Emit node events only when retry failure #1837
• OCPBUGS-18652: Do not return error if pod IP cannot be retrieved for deletePeerPod and perf improvements #1903
• OCPBUGS-19432: Remove stale egressip status entry #1892
• OCPBUGS-18586: Fix OVN SNATing on GR by enabling gateway_mtu on rtoe port of GR #1856
• OCPBUGS-18058: [release-4.12] Create egress firewall with one db transaction #1835
• OCPBUGS-17675: Don’t return error on delete event that doesn’t ave a chance to succeed. #1814
• OCPBUGS-17522: [release-4.12] libovsdb: give monitor setup time to process than normal transactions #1808
• OCPBUGS-16336: Backport support AllocateLoadBalancerNodePortsFalse #1766
• OCPBUGS-15593: ovnkube-master pod failed to reconnect to ovn db due to ssl expire #1730
• OCPBUGS-15719: [relase-4.12] Fix egressFirewall create error handling #1746
• OCPBUGS-13744: Improve syncNodes to remove stale data #1732
• OCPBUGS-13885: [release-4.12] Drop packets that were not properly SNATed #1679
• OCPBUGS-15388: Fix stale SNAT entries for completed pods #1723
• OCPBUGS-15709: [release-4.12] Remove non-existing functions test. #1739
• OCPBUGS-15424: [release-4.12] Fix network policy to work with long namespace names #1725
• OCPBUGS-14982: Validate port before deleting conntrack flow #1713
• OCPBUGS-14041: Fix bug that resulted in routes not be restored to a new vnic #1681
• OCPBUGS-13953: [release-4.12] Use loadbalancer.Name as client index #1680
• OCPBUGS-13599: Call SyncEndpoints from AddService #1673
• OCPBUGS-7439: [release-4.12]: Egress Service: Fix nodeSelector parsing #1529
• OCPBUGS-12768: : [release-4.12] Delete equivalent ACLs when searching by predicate. #1661
• OCPBUGS-12265: [release-4.12] Network scale metrics #1653
• OCPBUGS-8226: fix hybridOverlay DRIP in ICNIv1 pods #1633
• OCPBUGS-11701: [release-4.12] CARRY: use “prefer local” for annotated services #1638
• OCPBUGS-11109: [release-4.12] Batch potentially big transaction on egress firewall ACLs migration #1617
• OCPBUGS-10947: [release-4.12] Egress firewall fix retry #1610
• OCPBUGS-10314: [release-4.12] Handle Completed pods deletion #1581
• Updating ovn-kubernetes-microshift images to be consistent with ART #1288
• OCPBUGS-10632: Check the “Serving” field for endpoints #1569
• OCPBUGS-6034: Update egress node assignability on every egress node update #1483
• OCPBUGS-7732: Fix leak in service controller cache #1545
• OCPBUGS-10490: [release-4.12] Move checkForStaleOVSInterfaces and related code to node.go #1595
• OCPBUGS-10318: [release-4.12] node: add node healthz server for cloud load balancers #1570
• OCPBUGS-7346: [release-4.12] Fully remove dependency on default gateway for services #1577
• OCPBUGS-6957: [release-4.12] Ensure routes are not duplicated #1503
• OCPBUGS-8501, OCPBUGS-8506, OCPBUGS-8508: [release-4.12] Fix EFW’s name truncation logic & make EFW ACLs unique using extIDs #1559
• OCPBUGS-7223: node: don’t consider internal masquerade addresses as node IP addresses #1528
• OCPBUGS-7317: [release-4.12] Delete stale egress ip snat entries by node #1520
• OCPBUGS-7026: Bump OVN to 22.12 and turn off neighbour response in router options. #1521
• OCPBUGS-6040: addMasqueradeRoute: fallback to gateway interface IPs #1484
• OCPBUGS-7230: Delete IGMP Groups when deleting stale chassis #1516
• OCPBUGS-3399: Drop in-cluster traffic towards svcCIDR at wrong port #1490
• OCPBUGS-6961: update base image of Dockerfile #1504
• OCPBUGS-6823: [release-4.12] Fix Egress FW ACL rules in dualstack mode #1500
• OCPBUGS-4862: Correct the deletion of noHostSubnet nodes #1470
• OCPBUGS-298: ovnkube-trace: run ovn-sbctl and ovn-trace with –no-leader-only #1489
• OCPBUGS-5841: ovnkube-node: Existing management port check #1475
• OCPBUGS-6812: [release-4.12] Ensure loadbalancer cleanup doesn’t fail #1497
• Full changelog

powervs-block-csi-driver

• OCPBUGS-24733: synk: ignore vendor dir #62
• OCPBUGS-21079: CVE-2023-39325 - Update net dependencies - 4.12 #53
• Update OWNERS add yussufsh #55
• Update OWNERS component to Multi-Arch #24
• Full changelog

powervs-block-csi-driver-operator

• OCPBUGS-25717: snyk: ignore vendor dir #62
• OCPBUGS-21168: CVE-2023-39325 - Update net dependencies - 4.12 #42
• Update OWNERS add yussufsh #46
• Update OWNERS component to Multi-Arch #16
• Full changelog

powervs-cloud-controller-manager

• OCPBUGS-24740: UPSTREAM: <carry>: snyk code scan exclude vendor directory #52
• OCPBUGS-21260: CVE-2023-39325 - Update net dependencies - 4.12 #47
• Updated OWNERS component to Multi-Arch #29
• Full changelog

powervs-machine-controllers

• OCPBUGS-24738: snyk code scan exclude vendor directory #63
• OCPBUGS-21882: CVE-2023-39325 - Bump golang.org/x/net to v0.17.0 - 4.12 #57
• Update OWNERS #39
• Full changelog

prometheus

• OCPBUGS-21219: update golang.org/x/net to v0.17.0 [4.12] #175
• Full changelog

prometheus-alertmanager

• OCPBUGS-21031: Bump golang.org/x/net to v0.17.0 #82
• Full changelog

prometheus-config-reloader, prometheus-operator, prometheus-operator-admission-webhook

• OCPBUGS-20843: Bump golang.org/x/net to v0.17.0 #249
• OCPBUGS-7458: Fixes ThanoRuler StatefulSet re-creation bug #217
• Full changelog

prometheus-node-exporter

• OCPBUGS-21123: upgrade golang.org/x/net to v0.17.0 #136
• Full changelog

route-controller-manager

• OCPBUGS-14275: Bump k8s to 1.25.10 #27
• Full changelog

telemeter

• OCPBUGS-21310: [release-4.12] fix: Bump golang.org/x/net to v0.17.0 #486
• OCPBUGS-7702: Add ‘agent-installer’ value to ‘install_type’ label #451
• Full changelog

tests

• Bug OCPBUGS-20557: Correct condition for rejecting connection #28327
• OCPBUGS-18490: bump monitoring SNO bounds #28239
• OCPBUGS-18527: Ignore timeout and connection refused errors during upgrade tests for 4.12 #28270
• OCPBUGS-18309: Add missing watch permission for console users #28234
• OCPBUGS-16696: Wait for DNS DS pods to be ready #28083
• OCPBUGS-16243: allow cluster-config-operator to manage featuregate upgrade block #28055
• OCPBUGS-15933: remove references to registry.centos.org #28033
• CCO-367: Allow CCO to be Upgradeable=False when credentialsMode=Manual #27941
• OCPBUGS-14152: Move from registry.centos.org to quay.io #27949
• OCPBUGS-12914: Add (optional) dual-stack tests to the CNI certification test suite #27903
• Updating openshift-enterprise-tests images to be consistent with ART #27293
• add specific test for failing cgroups path #27856
• OCPBUGS-8705: Bump(openshift/kubernetes): to get fix for resizing flake #27794
• OCPBUGS-8024: Backport fixes to resume gathering CI disruption data for SLB and image registry #27759
• OCPBUGS-7633: remove reference to old guard pods #27732
• OCPBUGS-7285: extended: security: do not explicitly set api audience on token request #27716
• OCPBUGS-6850: [release-4.12] upgrade/adminack: guarantee one admin ack check post-upgrade #27684
• And 1 elided commits (e.g. from squash or rebase merges)
• Full changelog

thanos

• OCPBUGS-21135: Bump golang.org/x/net to v0.17.0 #126
• OCPBUGS-4276: Update exporter-toolkit to 0.7.3 #111
• Full changelog

vsphere-cloud-controller-manager

• OCPBUGS-21493: Bump golang.org/x/net to v0.18.0 #56
• Full changelog

vsphere-cluster-api-controllers

• OCPBUGS-21548: bump golang.org/x/net to v0.17.0 #24
• Full changelog

vsphere-csi-driver, vsphere-csi-driver-syncer

• OCPBUGS-20417: syncer: fix nil pointer dereference in log message #98
• OCPBUGS-21552: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #92
• OCPBUGS-14312: Update 4.12 against v2.7.1 #81
• OCPBUGS-7426: Add migrationDataStore field #59
• OCPBUGS-6936: fix for nil user session (#1859) #57
• Full changelog

vsphere-csi-driver-operator

• OCPBUGS-21416: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #175
• OCPBUGS-18131: Block upgrade to 4.13 via admin ack #171
• OCPBUGS-18333: disable controller hostNetwork #167
• OCPBUGS-12712: Add backoff for successful storage policy creations #152
• OCPBUGS-7901: Bump sidecar timeouts for vsphere #142
• OCPBUGS-7426: Fix datastore migration bug in 4.12 #139
• Full changelog

vsphere-problem-detector

• OCPBUGS-21574: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #131
• OCPBUGS-10812: Add build number to metrics #104
• OCPBUGS-6788: Derive the fully qualified vSphere username when checking permissions #98
• Full changelog

---

View changelog in Markdown or change previous release: 4.12.464.12.454.12.444.12.434.12.424.12.414.12.404.12.394.12.384.12.374.12.364.12.354.12.344.12.334.12.324.12.314.12.304.12.294.12.284.12.274.12.264.12.254.12.244.12.234.12.224.12.214.12.204.12.194.12.184.12.174.12.164.12.154.12.144.12.134.12.124.12.114.12.104.12.94.12.84.12.74.12.64.12.54.12.44.12.34.12.24.12.14.12.04.12.0-rc.84.12.0-rc.74.12.0-rc.64.12.0-rc.54.12.0-rc.44.12.0-rc.34.12.0-rc.24.12.0-rc.14.12.0-rc.04.11.594.11.584.11.574.11.564.11.554.11.544.11.534.11.524.11.514.11.504.11.494.11.484.11.474.11.464.11.454.11.444.11.434.11.424.11.414.11.404.11.394.11.384.11.374.11.364.11.354.11.344.11.334.11.324.11.314.11.304.11.294.11.284.11.274.11.264.11.254.11.244.11.234.11.224.11.214.11.204.11.194.11.184.11.174.11.164.11.154.11.144.11.134.11.124.11.114.11.104.11.94.11.84.11.74.11.64.11.54.11.44.11.34.11.24.11.14.11.04.11.0-rc.74.11.0-rc.64.11.0-rc.54.11.0-rc.44.11.0-rc.34.11.0-rc.24.11.0-rc.14.11.0-rc.04.11.0-fc.34.11.0-fc.24.11.0-fc.0───4.21.0-0.nightly-2025-10-30-1258044.21.0-0.nightly-2025-10-30-0605494.21.0-0.nightly-2025-10-29-2250084.21.0-0.nightly-2025-10-29-1623004.21.0-0.nightly-2025-10-29-1036434.21.0-0.nightly-2025-10-29-0350254.21.0-0.nightly-2025-10-28-2201134.21.0-0.nightly-2025-10-28-1237304.21.0-0.nightly-2025-10-28-0837304.21.0-0.nightly-2025-10-28-0437304.21.0-0.nightly-2025-10-28-0001244.21.0-0.nightly-2025-10-27-0852014.21.0-0.nightly-2025-10-26-1453584.21.0-0.nightly-2025-10-25-1836214.21.0-0.nightly-2025-10-23-2257334.21.0-0.nightly-2025-10-23-0902574.21.0-0.nightly-2025-10-23-0206414.21.0-0.nightly-2025-10-22-1237274.21.0-0.nightly-2025-10-20-0802284.21.0-0.nightly-2025-10-19-1811514.21.0-0.nightly-2025-10-19-0551394.21.0-0.nightly-2025-10-18-2259584.21.0-0.nightly-2025-09-27-232055───4.21.0-0.ci-2025-10-31-1519334.21.0-0.ci-2025-10-31-0919314.21.0-0.ci-2025-10-31-0319304.21.0-0.ci-2025-10-30-2119294.21.0-0.ci-2025-10-30-1519284.21.0-0.ci-2025-10-30-0919274.21.0-0.ci-2025-10-30-0319264.21.0-0.ci-2025-10-29-2119254.21.0-0.ci-2025-10-29-1519254.21.0-0.ci-2025-10-29-0919244.21.0-0.ci-2025-10-29-031923───4.20.0-0.nightly-2025-10-30-1149554.20.0-0.nightly-2025-10-30-0308384.20.0-0.nightly-2025-10-29-2014124.20.0-0.nightly-2025-10-29-1409014.20.0-0.nightly-2025-10-29-0516314.20.0-0.nightly-2025-10-28-2037114.20.0-0.nightly-2025-10-28-1527054.20.0-0.nightly-2025-10-28-1127054.20.0-0.nightly-2025-10-28-0727054.20.0-0.nightly-2025-10-28-0327054.20.0-0.nightly-2025-10-27-2327054.20.0-0.nightly-2025-10-27-1214494.20.0-0.nightly-2025-10-27-0502114.20.0-0.nightly-2025-10-26-1908314.20.0-0.nightly-2025-10-26-1153264.20.0-0.nightly-2025-10-26-0540334.20.0-0.nightly-2025-10-26-0020584.20.0-0.nightly-2025-10-25-1537494.20.0-0.nightly-2025-10-25-0702284.20.0-0.nightly-2025-10-25-0031424.20.0-0.nightly-2025-10-24-1809344.20.0-0.nightly-2025-10-24-1040584.20.0-0.nightly-2025-10-24-0338344.20.0-0.nightly-2025-10-23-2205504.20.0-0.nightly-2025-10-23-1250394.20.0-0.nightly-2025-10-23-0412314.20.0-0.nightly-2025-10-22-1944144.20.0-0.nightly-2025-10-22-1415004.20.0-0.nightly-2025-10-21-1733564.20.0-0.nightly-2025-10-21-0034344.20.0-0.nightly-2025-10-19-1539354.20.0-0.nightly-2025-10-19-0858174.20.0-0.nightly-2025-10-19-0347494.20.0-0.nightly-2025-10-18-2201004.20.0-0.nightly-2025-10-18-1609524.20.0-0.nightly-2025-05-26-181128───4.20.0-0.ci-2025-10-31-1331454.20.0-0.ci-2025-10-31-0731454.20.0-0.ci-2025-10-30-2257244.20.0-0.ci-2025-10-30-1408214.20.0-0.ci-2025-10-30-0808214.20.0-0.ci-2025-10-30-0208214.20.0-0.ci-2025-10-29-2008214.20.0-0.ci-2025-10-29-1408214.20.0-0.ci-2025-10-29-0455034.20.0-0.ci-2025-10-28-225503───4.19.0-0.nightly-2025-10-30-1214404.19.0-0.nightly-2025-10-30-0708274.19.0-0.nightly-2025-10-29-2142504.19.0-0.nightly-2025-10-29-1414404.19.0-0.nightly-2025-10-29-0801054.19.0-0.nightly-2025-10-29-0023014.19.0-0.nightly-2025-10-28-1556524.19.0-0.nightly-2025-10-28-0832484.19.0-0.nightly-2025-10-28-0432484.19.0-0.nightly-2025-10-28-0032484.19.0-0.nightly-2025-10-22-1412594.19.0-0.nightly-2025-10-21-0813034.19.0-0.nightly-2025-10-19-1707074.19.0-0.nightly-2025-10-19-1207564.19.0-0.nightly-2025-10-19-0700094.19.0-0.nightly-2025-10-19-0159524.19.0-0.nightly-2025-10-18-0956464.19.0-0.nightly-2025-10-17-235048───4.19.0-0.ci-2025-10-31-1855004.19.0-0.ci-2025-10-31-1156084.19.0-0.ci-2025-10-31-0322394.19.0-0.ci-2025-10-30-2122394.19.0-0.ci-2025-10-30-1345054.19.0-0.ci-2025-10-30-0501234.19.0-0.ci-2025-10-29-2013404.19.0-0.ci-2025-10-29-1413404.19.0-0.ci-2025-10-29-081340───4.18.0-0.nightly-2025-10-30-1230554.18.0-0.nightly-2025-10-30-0637174.18.0-0.nightly-2025-10-30-0044534.18.0-0.nightly-2025-10-29-1824554.18.0-0.nightly-2025-10-29-1249414.18.0-0.nightly-2025-10-29-0313304.18.0-0.nightly-2025-10-28-1712424.18.0-0.nightly-2025-10-28-1312424.18.0-0.nightly-2025-10-28-0255474.18.0-0.nightly-2025-10-27-2116274.18.0-0.nightly-2025-10-27-1216294.18.0-0.nightly-2025-10-27-0523264.18.0-0.nightly-2025-10-27-0123264.18.0-0.nightly-2025-10-26-1729114.18.0-0.nightly-2025-10-26-0950234.18.0-0.nightly-2025-10-26-0220254.18.0-0.nightly-2025-10-25-2033174.18.0-0.nightly-2025-10-25-1501454.18.0-0.nightly-2025-10-25-1101454.18.0-0.nightly-2025-10-25-0305114.18.0-0.nightly-2025-10-24-2111004.18.0-0.nightly-2025-10-24-1711004.18.0-0.nightly-2025-10-24-1102084.18.0-0.nightly-2025-10-24-0702084.18.0-0.nightly-2025-10-24-0034214.18.0-0.nightly-2025-10-23-1831504.18.0-0.nightly-2025-10-23-1056544.18.0-0.nightly-2025-10-23-0656544.18.0-0.nightly-2025-10-23-0054024.18.0-0.nightly-2025-10-22-1023014.18.0-0.nightly-2025-10-22-0235074.18.0-0.nightly-2025-10-21-0213044.18.0-0.nightly-2025-10-19-2350174.18.0-0.nightly-2025-10-19-1419324.18.0-0.nightly-2025-10-17-214633───4.18.0-0.ci-2025-10-31-1547244.18.0-0.ci-2025-10-31-0812024.18.0-0.ci-2025-10-31-0134354.18.0-0.ci-2025-10-30-1934344.18.0-0.ci-2025-10-30-1132584.18.0-0.ci-2025-10-30-0406244.18.0-0.ci-2025-10-29-2104404.18.0-0.ci-2025-10-29-1422224.18.0-0.ci-2025-10-29-0822224.18.0-0.ci-2025-10-29-0222224.18.0-0.ci-2025-10-28-202222───4.17.0-0.nightly-2025-10-30-1222444.17.0-0.nightly-2025-10-30-0618534.17.0-0.nightly-2025-10-30-0218534.17.0-0.nightly-2025-10-29-2122174.17.0-0.nightly-2025-10-29-1610264.17.0-0.nightly-2025-10-29-0829244.17.0-0.nightly-2025-10-29-0209244.17.0-0.nightly-2025-10-28-1721334.17.0-0.nightly-2025-10-28-0343124.17.0-0.nightly-2025-10-27-2137584.17.0-0.nightly-2025-10-27-1355494.17.0-0.nightly-2025-10-27-0843194.17.0-0.nightly-2025-10-27-0246524.17.0-0.nightly-2025-10-26-2036084.17.0-0.nightly-2025-10-26-1320234.17.0-0.nightly-2025-10-26-0920234.17.0-0.nightly-2025-10-26-0520234.17.0-0.nightly-2025-10-26-0109084.17.0-0.nightly-2025-10-25-1754574.17.0-0.nightly-2025-10-25-1354574.17.0-0.nightly-2025-10-25-0734564.17.0-0.nightly-2025-10-25-0040054.17.0-0.nightly-2025-10-24-1901524.17.0-0.nightly-2025-10-24-1146344.17.0-0.nightly-2025-10-24-0639164.17.0-0.nightly-2025-10-24-0239164.17.0-0.nightly-2025-10-23-2239164.17.0-0.nightly-2025-10-23-1839164.17.0-0.nightly-2025-10-23-1325324.17.0-0.nightly-2025-10-23-0753114.17.0-0.nightly-2025-10-23-0034584.17.0-0.nightly-2025-10-21-0928444.17.0-0.nightly-2025-10-21-0034244.17.0-0.nightly-2025-10-20-0050174.17.0-0.nightly-2025-10-19-1341014.17.0-0.nightly-2025-10-19-0940494.17.0-0.nightly-2025-10-18-2221284.17.0-0.nightly-2025-10-18-1716114.17.0-0.nightly-2025-10-18-0953154.17.0-0.nightly-2025-10-17-213314───4.17.0-0.ci-2025-10-31-1322214.17.0-0.ci-2025-10-31-0550594.17.0-0.ci-2025-10-30-2227104.17.0-0.ci-2025-10-30-1627104.17.0-0.ci-2025-10-30-1027104.17.0-0.ci-2025-10-30-0247104.17.0-0.ci-2025-10-29-1848244.17.0-0.ci-2025-10-29-1044134.17.0-0.ci-2025-10-29-021819───4.16.0-0.nightly-2025-10-30-0250254.16.0-0.nightly-2025-10-29-1902564.16.0-0.nightly-2025-10-29-1100144.16.0-0.nightly-2025-10-29-0342314.16.0-0.nightly-2025-10-28-2155514.16.0-0.nightly-2025-10-28-1633384.16.0-0.nightly-2025-10-28-0503144.16.0-0.nightly-2025-10-27-0337284.16.0-0.nightly-2025-10-26-1419004.16.0-0.nightly-2025-10-25-1350484.16.0-0.nightly-2025-10-23-0554254.16.0-0.nightly-2025-10-23-0154254.16.0-0.nightly-2025-10-22-1700034.16.0-0.nightly-2025-10-22-0217394.16.0-0.nightly-2025-10-21-023852───4.16.0-0.ci-2025-10-31-1518474.16.0-0.ci-2025-10-31-0703044.16.0-0.ci-2025-10-31-0103044.16.0-0.ci-2025-10-30-1722324.16.0-0.ci-2025-10-30-1122324.16.0-0.ci-2025-10-30-0522324.16.0-0.ci-2025-10-29-2144364.16.0-0.ci-2025-10-29-1544364.16.0-0.ci-2025-10-29-0841384.16.0-0.ci-2025-10-29-024138───4.15.0-0.nightly-2025-10-29-1439264.15.0-0.nightly-2025-10-29-0329284.15.0-0.nightly-2025-10-28-1352404.15.0-0.nightly-2025-10-22-2228314.15.0-0.nightly-2025-10-22-0521174.15.0-0.nightly-2025-10-21-072859───4.15.0-0.ci-2025-10-31-1504484.15.0-0.ci-2025-10-31-0413184.15.0-0.ci-2025-10-30-2213184.15.0-0.ci-2025-10-30-1321214.15.0-0.ci-2025-10-30-0615034.15.0-0.ci-2025-10-29-1810344.15.0-0.ci-2025-10-29-0356494.15.0-0.ci-2025-10-28-204421───4.14.0-0.nightly-2025-10-30-0303294.14.0-0.nightly-2025-10-29-1458554.14.0-0.nightly-2025-10-29-0452324.14.0-0.nightly-2025-10-28-2120224.14.0-0.nightly-2025-10-28-1354464.14.0-0.nightly-2025-10-27-0301104.14.0-0.nightly-2025-10-26-142656───4.14.0-0.ci-2025-10-31-1748224.14.0-0.ci-2025-10-30-1709254.14.0-0.ci-2025-10-30-0855114.14.0-0.ci-2025-10-29-1447304.14.0-0.ci-2025-10-28-2027584.14.0-0.ci-2025-10-28-142758───4.13.0-0.nightly-2025-10-30-0730554.13.0-0.nightly-2025-10-30-0130554.13.0-0.nightly-2025-10-29-1352464.13.0-0.nightly-2025-10-29-0148294.13.0-0.nightly-2025-10-28-1333374.13.0-0.nightly-2025-10-22-1628044.13.0-0.nightly-2025-10-22-040421───4.13.0-0.ci-2025-10-31-1408534.13.0-0.ci-2025-10-31-0808534.13.0-0.ci-2025-10-31-0208534.13.0-0.ci-2025-10-30-2008534.13.0-0.ci-2025-10-30-1408534.13.0-0.ci-2025-10-17-0726454.13.0-0.ci-2025-10-16-2027544.13.0-0.ci-2025-10-16-1013424.13.0-0.ci-2025-10-15-2235034.13.0-0.ci-2025-10-14-1341514.13.0-0.ci-2025-10-13-1536564.13.0-0.ci-2025-10-13-045803───4.12.0-0.nightly-2025-10-28-1357524.12.0-0.nightly-2025-10-28-0123534.12.0-0.nightly-2025-10-24-0101004.12.0-0.nightly-2025-10-23-1016434.12.0-0.nightly-2025-10-23-0127204.12.0-0.nightly-2025-10-22-1602524.12.0-0.nightly-2025-10-21-1413554.12.0-0.nightly-2025-10-20-0147124.12.0-0.nightly-2025-10-17-0204404.12.0-0.nightly-2025-10-16-014724───4.12.0-0.ci-2025-10-31-1446324.12.0-0.ci-2025-10-30-1101424.12.0-0.ci-2025-10-30-0139074.12.0-0.ci-2025-10-29-1447394.12.0-0.ci-2025-10-28-2103294.12.0-0.ci-2025-10-28-012356───4.11.0-0.nightly-2025-08-30-0110584.11.0-0.nightly-2025-08-27-2007484.11.0-0.nightly-2025-08-26-2039164.11.0-0.nightly-2025-08-21-0105404.11.0-0.nightly-2025-08-14-204255───4.11.0-0.ci-2025-09-22-2122234.11.0-0.ci-2025-09-22-1522234.11.0-0.ci-2025-09-12-1707384.11.0-0.ci-2025-09-05-0328514.11.0-0.ci-2025-09-04-212851───4.21.0-ec.24.21.0-ec.14.21.0-ec.0

Source code for this page located on github