4.14.41

Download the installer for your operating system or run

oc adm release extract --tools quay.io/openshift-release-dev/ocp-release:4.14.41-x86_64

Team Approvals:

Tests:

Blocking jobs
- upgrade Succeeded release-openshift-origin-installer-e2e-aws-upgrade
- upgrade-minor Succeeded release-openshift-origin-installer-e2e-aws-upgrade
Informing jobs
- aws-ovn-serial Succeeded periodic-ci-openshift-release-master-nightly-4.14-e2e-aws-ovn-serial
- aws-ovn-upgrade-micro Failed (3 retries) periodic-ci-openshift-release-master-ci-4.14-e2e-aws-ovn-upgrade
- aws-sdn-upgrade-4.14-micro Succeeded periodic-ci-openshift-release-master-nightly-4.14-e2e-aws-sdn-upgrade
- azure-ovn-upgrade-4.14-micro Succeeded (1 retries) periodic-ci-openshift-release-master-ci-4.14-e2e-azure-ovn-upgrade
- fips-scan Succeeded (1 retries) periodic-ci-openshift-release-master-nightly-4.14-fips-payload-scan
- gcp-ovn-rt-upgrade-4.14-minor Succeeded (2 retries) periodic-ci-openshift-release-master-ci-4.14-upgrade-from-stable-4.13-e2e-gcp-ovn-rt-upgrade
- hypershift-ovn-conformance Succeeded periodic-ci-openshift-hypershift-release-4.14-periodics-e2e-aws-ovn-conformance
- metal-ipi-ovn-ipv6 Succeeded periodic-ci-openshift-release-master-nightly-4.14-e2e-metal-ipi-ovn-ipv6
- metal-ipi-sdn-bm Succeeded periodic-ci-openshift-release-master-nightly-4.14-e2e-metal-ipi-sdn-bm

Upgrades from:

Untested upgrades: 4.13.24, 4.13.25, 4.13.26, 4.13.27, 4.13.28, 4.13.29, 4.13.30, 4.13.31, 4.13.32, 4.13.33, 4.13.34, 4.13.36, 4.13.37, 4.13.38, 4.13.39, 4.13.40, 4.13.41, 4.13.42, 4.13.44, 4.13.45, 4.13.46, 4.13.48, 4.13.49, 4.13.50, 4.14.10, 4.14.11, 4.14.12, 4.14.13, 4.14.14, 4.14.16, 4.14.17, 4.14.18, 4.14.19, 4.14.21, 4.14.22, 4.14.23, 4.14.24, 4.14.25, 4.14.26, 4.14.27, 4.14.28, 4.14.29, 4.14.3, 4.14.30, 4.14.31, 4.14.32, 4.14.33, 4.14.35, 4.14.36, 4.14.37, 4.14.4, 4.14.5, 4.14.6, 4.14.7, 4.14.8, 4.14.9

Loading changelog, this may take a while ...

Changes from 4.14.1

Created: 2024-11-14 09:20:29 +0000 UTC

Image Digest: sha256:f4c6252655cea21b790ab6bd8d88da9a657d787a365cedf79bcab8371eb11290

Components

Kubernetes upgraded from 1.27.6 to 1.27.16
Red Hat Enterprise Linux CoreOS upgraded from 414.92.202310270216-0 to 414.92.202411130444-0 (diff)

Rebuilt images without code change

alibaba-cloud-csi-driver git 3dc363d3 sha256:efb2a0e608a252c7da85abf9e53736f768c3c79d023f9a906523f184b3bc2467
alibaba-machine-controllers git 27f105d3 sha256:6093d04e05f8a6b124eb3eefe80f4dc4b1ac1909d2cad5a3729cb63334b50bc8
cluster-bootstrap git 93fba13f sha256:20baf9be6fd8b74285fc34db638c12f23071d6b983204a8eb5164efcf0d8149f
cluster-platform-operators-manager git 08fb27e7 sha256:ad896df6e890726c3dbf2b10c013d7fd90c2aecdff40074c2e5f7425e4cc32e3
configmap-reloader git 716a0c33 sha256:cb95770247728da6599d0c3ff402c6588f15ddf3f6b9019b44889c97970a3869
csi-driver-nfs git e1dd4537 sha256:56bb996278fc9b88fb820bd9c32cd9ef59796cd5bfe9434cb61d03e9c271e4e3
csi-external-attacher git 06e8ce0d sha256:8f3dc0862841c18494429ca007007848dd3d355888e5a2a8bb26f4ca82dc0050
csi-external-resizer git 59a701a4 sha256:88cd526f7a652bea534db5c1d35ddd79143f25948dc14422942afc874187f94d
csi-livenessprobe git a9bcbde1 sha256:30bb9221bdadd791d3fcb9d5825ed45a69ea838a561c587b9d01f9c26c7e4c9e
csi-node-driver-registrar git 9dcaa7f5 sha256:6ca1970c443bf191bdee968f3246d81cde954243ba2a6f7cbb5f24618c28e24b
driver-toolkit git cafed17b sha256:3ea4f547d09661792698c845408d1f6facfa35bbb202cffa5c63b6f62a912b19
gcp-machine-controllers git a676e6b6 sha256:aa6d48f8bdfaadc89b4d25396196512471492157756d396042b06f878d528acf
gcp-pd-csi-driver git 8a626fe5 sha256:e50fed2cc73479bf9646e0496d861150a619dd68645741d5a471c8c542a3cc7a
ibmcloud-machine-controllers git c28b2232 sha256:d353842c14bf7d47562c6745a5199520cc777f0e5436409a4c92d0a539cb0c3b
ironic-machine-os-downloader git 7b56c306 sha256:4f929b3567293b19dd76a33ee0e8e50bc84fd02fe029c632af16891d83f7e507
ironic-static-ip-manager git c038d5a4 sha256:ad0a2870a20f2b0413fc83b1aeccb3e2c173ea1afc37a71ecc1294f5f68c8364
kube-state-metrics git db0c5499 sha256:c3ffe7327e0d08fd63b1358d2e56c904d7adcbec409f6612f4eea77030721f59
kube-storage-version-migrator git 8558e14a sha256:94e1b273ec34428a37b6bbd1092a4e93d8284a0479ab962505c834e44109a8ac
kuryr-cni git 8926a294 sha256:da2e60779d78fa6a27270afc3f0f35260653c3e795cf08cefcedf6017110ddf0
kuryr-controller git 8926a294 sha256:b2162325f6e0e670e03ebc2864e6883aea0669894962f28342cc7e12c92524ba
libvirt-machine-controllers git 34dfccba sha256:63efea49b643963d24bbe1e39bcf5f6409daaaa745b75c4f5d21b1698ec140b2
machine-os-content sha256:821c62c099268d5a5d1996e6df400856a0ecbb4eeb283ca4b3f92c18441548a7
machine-os-images git d3a4a6c3 sha256:b07631c3c2265e715b6d94c34b4862fff826e1a57869c00ee8e31b13ff99d903
network-interface-bond-cni git 29f61f6b sha256:886a54bd85a50c00c60a33bc840b81c062d4cf4d891b55890958f275c2e22f52
nutanix-cloud-controller-manager git bc568865 sha256:ba862db7ba67e1831e796ab7d80cc6b92ff5105a4af71dc138d489556da9747d
openshift-state-metrics git dff4b0f4 sha256:dc81802888fd16d74607c3451facca3d5a5a624590345b75d347ae34dcc5a201
ovirt-csi-driver git f21b470f sha256:b4894474ff236c6f2c78400635636fdf8a47a17e3235916b5358bd8de3d43483
ovirt-csi-driver-operator git 2fa33aa7 sha256:e31d3a379c5cc8b0bdd3018658277a7cb1653cb1bab31675f14db6fd37616610
ovirt-machine-controllers git 5d708631 sha256:06fb6077377f6cd874d36ffc046b24b88ecf017a441e0f8f5df9831ee1578861
prom-label-proxy git af40ed09 sha256:ce83aae5294a27b7dca34eae4bc6f21a080c860d8296c161956f26cc2766302e
prometheus-alertmanager git e3725166 sha256:9c186ff796e94b4ab39425d651e999d7ffa6f00c83b2d136f183f1d0ff35333b
prometheus-node-exporter git 5ee0a9d9 sha256:bb66d3a9b9e5423b2b50522a8ffa27f44c2b0d75ffd9959bd87e43382d963b26
rhel-coreos sha256:16d3032bb836cb9275af8ec63277217eefed9826381c57cd8ed1e2d65d3f2631
rhel-coreos-extensions sha256:49e9ca5a91a2acd5acb8c9a1aba5e6ac01658356754aacb2217b6baab156b0e2

agent-installer-api-server

OCPBUGS-15346, OCPBUGS-15347: Update version go-http-metrics and gin-gonic/gin (#6899) #6899
OCPBUGS-34641: Invalid Pull-Secret when using password which contains a colon character (#6416) #6416
OCPBUGS-31631: Deploy dual stack with IPv6 on top of bond/vlan fails (#6322) #6322
MGMT-17594: Bump x/net to v0.24.0 to mitigate CVE-2023-45288 (#6216) #6216
MGMT-17549: Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#6203) #6203
MGMT-17541: Replace broken golangci reference (#6197) #6197
NO-ISSUE: replace postgres images as current one disappeared from quay (#6134) #6134
MGMT-16950: changing dnsmasq configuration for sno in order to meet single ip installation flow for ibu (#5973) #5973
MGMT-16494: Move ip hint file creation to ignition in order to change it in IBI process (#5974) #5974
MGMT-16517: Add Env Var Deployment Type & Set ABI (#5987) #5987
MGMT-15796: set CloudControllerManager to External for OCI (#5877) #5877
OCPBUGS-23069: Ignore hostPrefix validation for plugins other than OVN/SDN (#5676) #5676
Full changelog

agent-installer-csr-approver, agent-installer-orchestrator

OCPBUGS-15347: Update version go-http-metrics/gin (#933) #933
MGMT-17594: Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#834) #834
MGMT-17591: Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#830) #830
MGMT-16843: Ensure valid hostname during install (#794) #794
OCPBUGS-20049: Remove uninitialized taint for agent-based installs (#753) #753
Full changelog

agent-installer-node-agent

OCPBUGS-16483: Update apimachinery dependency to remove goproxy dep (#709) #709
OCPBUGS-33404: Make removable disks eligible (#725) #725
MGMT-17594: Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#705) #705
MGMT-17591: Bump runc to v1.1.12 to mitigate CVE-2024-21626 (#703) #703
MGMT-17541: Replace broken golangci reference (#698) #698
Full changelog

agent-installer-utils

OCPBUGS-25727: Updating ose-agent-installer-utils-container image to be consistent with ART for 4.14 #34
Full changelog

alibaba-cloud-controller-manager

OCPBUGS-21255: Bump golang.org/x/net to v0.18.0 #38
Full changelog

alibaba-disk-csi-driver-operator

OCPBUGS-25657: Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #81
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #71
Full changelog

apiserver-network-proxy

OCPBUGS-38066: Revert “Agent: Respect HTTPS_PROXY env vars for proxied connections” #61
OCPBUGS-31984: Bump golang.org/x/net to v0.23.0 #52
HOSTEDCP-1323: Merge latest code into 4.14 branch #45
Full changelog

aws-cloud-controller-manager

OCPBUGS-38786: Ensure that addresses are added in network device index order #93
OCPBUGS-32066: update for CVE-2023-45288 [release-4.14] #83
OCPBUGS-23826: bump go.opentelemetry.io #67
OCPBUGS-27759: Adds ecr-credential-plugin .spec #71
OCPBUGS-20755: Upgrade x/net to v0.17.0 #50
Full changelog

aws-cluster-api-controllers

OCPBUGS-44295: [release-4.14] OSD-25934: Only tag NetworkInterfaces in RunInstances if IAM Allows It #533
OCPBUGS-34856: UPSTREAM: <carry>: Fix instance PrivateDNSName when domain-name is set in dhcpOpts #516
OCPBUGS-31332: UPSTREAM: 4670:Update awsmachine providerID and instanceID immediately after ec2:RunInstances is called #506
OCPBUGS-31251: fix e2e tests on release branches #505
OCPBUGS-20857: bump golang.org/x/net to v0.17.0 #481
Full changelog

aws-ebs-csi-driver

OCPBUGS-35123: CVE-2023-48795: bump golang.org/x/crypto to v0.17.0 #271
OCPBUGS-33078: UPSTREAM: 1919: Add reserved-volume-attachments #264
Full changelog

aws-ebs-csi-driver-operator

OCPBUGS-33078: Explicitly reserve 1 attachment for the root disk #306
OCPBUGS-25657: Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #302
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #296
Full changelog

aws-machine-controllers

OCPBUGS-17298, OCPBUGS-21571: Update golang.org/x/net to v0.17.0 #88
Full changelog

aws-pod-identity-webhook

OCPBUGS-32884: Upgrade go-jose module to 2.6.3 #189
OCPBUGS-21761: Backport the recent rebase to 4.14 #168
NO-ISSUE: Sync OWNERS with team members #176
snyk: exclude vendor/ #171
Full changelog

azure-cloud-controller-manager, azure-cloud-node-manager

OCPBUGS-23829: Bump otelgrpc to v0.49.0 #124
OCPBUGS-21439: Bump golang.org/x/net to v0.18.0 #93
Full changelog

azure-cluster-api-controllers

OCPBUGS-36023: Update go-retryablehttp to v0.7.7 #313
OCPBUGS-35125: Bump x/crypto to v0.24.0 #307
OCPBUGS-17283, OCPBUGS-21516: [release-4.14] Bump golang.org/x/net to v0.17.0 #286
Full changelog

azure-disk-csi-driver

OCPBUGS-35126: CVE-2023-48795: bump golang.org/x/crypto to v0.17.0 #82
Full changelog

azure-disk-csi-driver-operator

OCPBUGS-25657: Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #120
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #109
OCPBUGS-20784: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #101
Full changelog

azure-file-csi-driver

OCPBUGS-41164: bump mount-utils to treat ENODEV error as corrupted mount #79
OCPBUGS-33039: Rebase v1.29.5 for OCP 4.14 #66
Full changelog

azure-file-csi-driver-operator

OCPBUGS-33039: add token audience for Azure File #104
OCPBUGS-25657: Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #94
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #83
Full changelog

azure-machine-controllers

CFE-1050: Added support of capacity reservation group #109
OCPBUGS-35133: Bump x/crypto to v0.24.0 #112
OCPBUGS-30898: Remove startupScript vmextension lookup #106
OCPBUGS-29152: Don’t create availability set when using spot instances #98
OCPBUGS-28745: Improving performance of VMs created in Azure #96
OCPBUGS-17299, OCPBUGS-20773: Bump x/net package to v0.17.0 #80
Full changelog

azure-workload-identity-webhook

OCPBUGS-32894: Upgrade go-jose module to 2.6.3 #19
OCPBUGS-21093: Upgrade golang/x/net for CVE-2023-39325 (4.14) #14
Full changelog

baremetal-installer, installer, installer-artifacts

OCPBUGS-43505: Stop rendering networks.config CRD #9105
OCPBUGS-42285: Add AWS r8g to arm tested instance types #9050
OCPBUGS-42848: add tested instance type for IBMCloud #9082
OCPBUGS-25508: Update Golang SSH package version update to 0.17.0 #8992
OCPBUGS-39411: Added yq to ci image #8943
OCPBUGS-36180: baremetal IPI without provisioning network failing on provisioning-interface.service #8712
OCPBUGS-36089: [release-4.14] bump go-retryablehttp for CVE fix #8658
OCPBUGS-37183: ic: fix typo in warning message #8771
OCPBUGS-37068: update RHCOS 4.14 bootimage metadata to 414.92.202407091253-0 #8748
OCPBUGS-36748: Add yq-v4 to the upi-installer image for CI #8684
OCPBUGS-35827: If host is offline or disconnected don’t check ver #8634
OCPBUGS-35826: [release-4.14] bump github.com/containers/image for CVE fix #8633
OCPBUGS-35485: [release-4.14] aws: terraform: add spot instance support for masters #8605
OCPBUGS-34024: go.mod: bump aws-sdk-go for ca-west-1 support #8440
OCPBUGS-33401: PowerVS: Add composite_instance to listServiceInstances #8479
CORS-2951: Add deprecation notice for OpenShiftSDN for 4.14 users #8518
OCPBUGS-28611: remove retired serial NCv2 from azure tested instance type list on x86 #7960
OCPBUGS-27394: preserve category name when trying to find tag category #7926
OCPBUGS-33010: escape ‘%’ in proxy settings #8318
OCPBUGS-31756: openstack: Honour worker server group policy #8231
NO-ISSUE: test fix to support slightly different nmstate error messages #8286
OCPBUGS-32358: Updated libvirt installer to include multi-arch yq and symlink for backwards compatibility #8281
OCPBUGS-31885: Validate control plane replicas #8241
OCPBUGS-31677: coreos-installer iso kargs show broken on Agent ISO #8228
OCPBUGS-31338: upi: aws: fix typo in worker templates #8203
Bug OCPBUGS-30187: OpenStack: fix controlPlanePort validation #8095
OCPBUGS-30027: gcp: better error msg when service accnt missing #8078
OCPBUGS-30259: PowerVS remove ibm cloud/bluemix go 4.14 #8103
OCPBUGS-29123: IBMCloud: Handle disk delete errors #7988
OCPBUGS-29626: update RHCOS 4.14 bootimage metadata to 414.92.202402130420-0 #8037
OCPBUGS-28929: [release-4.14] Bump containerd for vulnerability fix #7981
OCPBUGS-27419: Fix depreciated typo #7929
OCPBUGS-24521: set vmType in azure cloud config [release-4.14] #7804
OCPBUGS-23738: vSphere - when using RP network path is incorrect #7759
OCPBUGS-27241: baremetal: correct external_http_url for v6-only BMCs #7914
OCPBUGS-22315: bootstrap: Enable gatewayd units only on RHCOS #7628
OCPBUGS-23498: update RHCOS 4.14 bootimage metadata to 414.92.202401110948-0 #7919
OCPBUGS-20860: Bump versions for golang modules to accommodate fixes for CVE-2023-39325 & CVE-2023-44487 #7887
OCPBUGS-22895: Do not generate azure-cloud-provider in manual mode for aro builds #7670
OCPBUGS-22771: aws: use security groups from defaultMachinePlatform #7658
OCPBUGS-24489: baremetal: populate customDeploy in advance #7802
OCPBUGS-22770: destroy: gcp: fix destroying regional disks #7657
Bug OCPBUGS-22776: OpenStack: Fix IPv6 address configuration for bootstrap #7660
OCPBUGS-22978: IBMCloud: Add eu-es region #7684
OCPBUGS-23399: Check if PER is enabled in the target PowerVS workspace #7736
OCPBUGS-22688: Bump Fedora CoreOS to latest stable #7647
OCPBUGS-22774: Add KMS encryption keys if provided #7659
OCPBUGS-21868: vSphere,segfault on version check #7605
OCPBUGS-22945: Update gcloud version to 447.0.0 #7681
OCPBUGS-22187: azure: validation: validate defaultMachinePlatform #7615
OCPBUGS-22758: update RHCOS 4.14 bootimage metadata to 414.92.202310210434-0 #7655
OCPBUGS-19922: Release 4.14 skip agent tui on external oci platform #7599
OCPBUGS-21653: Rectify GCP label key validation check #7606
Full changelog

baremetal-machine-controllers

OCPBUGS-31435: Bump golang-protobuf version #215
OCPBUGS-29177: Extend metal3remediation aggregation role #211
Full changelog

baremetal-operator

OCPBUGS-38940: [OCP] Ability to disable agent power off after deployment #374
OCPBUGS-34814: PreprovisioningImage should not be created on poweroff #359
OCPBUGS-23324: Backport node poweroff fixes #318
OCPBUGS-24409: Don’t munge timestamp in structured logs, again #324
OCPBUGS-24489: Do not update instance_info and deploy_interface for active nodes #325
Full changelog

baremetal-runtimecfg

OCPBUGS-37502: Fix handling of ELB Node IP detection #324
OCPBUGS-35846: Add support for OVN HostCidrs annotation #321
OCPBUGS-32524: Decrease log level when detecting node IP #306
OCPBUGS-26928: Add .snyk file to ignore vendor and test files #294
OCPBUGS-23474: Use shorter IP label for keepalived VIP #288
OCPBUGS-22206: deps: upgrade x/sys #281
Full changelog

cli, cli-artifacts, deployer, tools

OCPBUGS-35475: Remove some of newapp unit tests relying on external deprecated images #1802
OCPBUGS-35447: bump go-git to 5.11.0 #1799
OCPBUGS-30287: oc adm catalog mirror: use ToSlash and FromSlash to unify the path separators #1699
OCPBUGS-25983: Remove deprecated password defaulting in default config flag #1646
OCPBUGS-24197: Add client version in must-gather summary #1607
OCPBUGS-24460: Overwrite template’s namespace with the explicit one #1616
OCPBUGS-22702: Reflect container’s exit code for long running tasks not attached to terminal #1592
OCPBUGS-20508: regeneratemco: explicitly check for PlatformStatus field #1573
Full changelog

cloud-credential-operator

OCPBUGS-43647: Only attempt timed token credentials on supported platforms. #775
OCPBUGS-43339: Update github.com/sirupsen/logrus v1.9.3 #769
OCPBUGS-41236: List secrets in batches to avoid api timeout #755
OCPBUGS-38378: Update google.golang.org/grpc v1.65.0 #750
OCPBUGS-37823: GCP passthrough permissions check to ignore problematic permissions. #741
OCPBUGS-37062: Update cloud.google.com/go/storage v1.43.0 #742
OCPBUGS-37420: SNYK ignore go-client misreporting #739
OCPBUGS-37276: Update to azidentity v1.7.0 #732
OCPBUGS-36029: IBM/go-sdk-core update to v5.17.4 #721
OCPBUGS-36716: AWS STS should not error when a credentailsRequest does not have awsSTSIAMRoleARN #713
OCPBUGS-32899: Upgrade go-jose module to 2.6.3 #697
OCPBUGS-29156: Fix the ClusterOperator watch of the status controller #676
OCPBUGS-28231: Guard upgrading GCP from 4.14 to 4.15 without RoleAdmin permissions #670
OCPBUGS-29199: ccoctl - use proxy when validating CloudFront URL #678
OCPBUGS-27911: Resolve all outstanding snyk vulnerabilities #650
OCPBUGS-28382: Use cached clients to avoid client side throttling #666
OCPBUGS-27515: Write manifests when AWS IAM roles already exist. #659
OCPBUGS-26512: Use live client for metrics #647
OCPBUGS-25275: Azure Workload Identity info in CredsRequests creates a Secret #643
OCPBUGS-24346: Discover AWS dns suffix from partition and region. #635
OCPBUGS-23986: Use per-project custom roles instead of per-cluster custom roles #631
OCPBUGS-23426: Explicitly set the vsphere secret credential data on sync. #629
OCPBUGS-21388: Upgrade golang/x/net for CVE-2023-39325 #622
NO-ISSUE: Removing andrew from OWNERS #617
snyk: exclude vendor/ #615
OCPBUGS-22651: explicitly set azure oidc bucket to allow public blob access #612
OCPBUGS-21926: azure create-managed-identites to add cloud controller manager to network resource group #608
Full changelog

cloud-network-config-controller

OCPBUGS-34197: Avoid panic when looking up attachedOutboundRule.ID in azure #147
OCPBUGS-32112: Avoid nil pointer panic while assigning private IP on Azure #138
OCPBUGS-21785: Azure: skip backend pool if attached to an outbound rule #125
Full changelog

cluster-authentication-operator

OCPBUGS-28247: Remove “include.release.openshift.io/ibm-cloud-managed:” annotation #649
OCPBUGS-20705: go.mod: bump golang.org/x/net to v0.17.0 #637
Full changelog

cluster-autoscaler

OCPBUGS-40925: update VPA golang.org/x/net for http rapid reset for CVE-2024-8421 #316
OCPBUGS-31621: add check for taint.value == nil #294
OCPBUGS-30628: Fix unstructured taint parsing in Cluster API provider #288
Full changelog

cluster-autoscaler-operator

OCPBUGS-31976: Update x/net to v0.25.0 #322
OCPBUGS-25749: Add Snyk file to exclude vendor directory on scan #308
OCPBUGS-20789: Bump x/net package to v0.17.0 #298
Full changelog

cluster-baremetal-operator

OCPBUGS-31977: bump x/net to 0.23.0 #438
OCPBUGS-22943: Add tls-cipher-suites to baremetal-kube-rbac-proxy #379
OCPBUGS-23392, OCPBUGS-23393: fix IRONIC_EXTERNAL_URL_V6 #384
Jira OCPBUGS-22208: Trigger reconcile if Secret openshift-config/pull-secret changes #376
Full changelog

cluster-capi-controllers

OCPBUGS-21544: Bump golang.org/x/net to v0.17.0 #184
Full changelog

cluster-capi-operator

OCPBUGS-37974: fix: sort CredentialsRequest manifests after namespace #194
OCPBUGS-36369: Revert cluster-api-operator go.sum hash #184
OCPBUGS-35128: Bump x/crypto to v0.24.0 #177
OCPBUGS-35957: Fix gcp providers-list.yaml branch #178
OCPBUGS-22314: fix: add missing azure identity diff #136
OCPBUGS-21092: Bump golang.org/x/net to v0.17.0 #134
Full changelog

cluster-cloud-controller-manager-operator

OCPBUGS-34556: update azure and ash tolerations on node manager #347
OCPBUGS-26548: Adds CloudConfigTransformer for Azure #321
OCPBUGS-21189: Bump golang.org/x/net to v0.18.0 #295
OCPBUGS-20552: apply necessary RBAC for the alibaba cloud controller manager #289
Full changelog

cluster-config-operator

OCPBUGS-44095: Backport SDN live migration #425
OCPBUGS-28649: Add required PSa labels #403
NO-JIRA: add inert featuregate files to allow diff against later releases #398
OCPBUGS-21653: Update openshift/api package to latest version #371
: OCPBUGS-21286: bump library-go to include switch to HTTP/1.1 #369
Full changelog

cluster-control-plane-machine-set-operator

CFE-1087: API Bump for capacity Reservation #319
OCPBUGS-35520: Wait for ControlPlaneMachineSet to be created when waiting for it to be updated #309
OCPBUGS-35338: Improved debugging of API listing errors #303
OCPBUGS-30014: Never delete a Machine when there’s a single Machine in an index #283
OCPBUGS-20566: webhooks: set min version TLS 1.2 + exclude weak ciphersuites #254
OCPBUGS-21384: Bump golang.org/x/net to v0.17.0 #256
Full changelog

cluster-csi-snapshot-controller-operator

OCPBUGS-31886: create suitable role and roleBinding for csi-snapshot-webhook #205
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #174
Full changelog

cluster-dns-operator

OCPBUGS-5943: Enable topology-aware hints iff nodes in >=2 zones #416
OCPBUGS-5943: Ignore max unavailable for status #400
Full changelog

cluster-etcd-operator

OCPBUGS-34495: return errors in wait-for-ceo #1266
OCPBUGS-31392: remove etcd-health-probe log #1258
OCPBUGS-31972: update golang x net #1254
OCPBUGS-31428: CEO aliveness check should only detect deadlocks #1231
OCPBUGS-30067: fix panic in health check timeouts #1213
OCPBUGS-30012: Replace nodelister with master nodelister everywhere #1211
OCPBUGS-23571: Add annotation in the etcd-guard static pod for worklo… #1162
OCPBUGS-26214: fix device busy errors #1176
Revert “[release-4.14] OCPBUGS-21802: remove revision stability check from bootstrap complet…” #1168
OCPBUGS-22477: Remove z-upgrades from UpgradeBackupController #1140
OCPBUGS-21802: remove revision stability check from bootstrap complet… #1138
OCPBUGS-21175: fixing CVE-2023-39325 by updating dependencies #1142
Full changelog

cluster-image-registry-operator

OCPBUGS-44048: fix proxy config and leader election test flakes #1153
OCPBUGS-44002: Continuous pull-secret updates / slow initialization on build01 (test platform infrastructure) #1152
OCPBUGS-42935: azureclient: stop validating credentials when creating the client #1137
OCPBUGS-39100: Avoid Shared Access Key usage for Azure Storage Account when using Managed Identity based auth #1114
OCPBUGS-36035: go.*,vendor: bump go-retryablehttp #1069
OCPBUGS-33147: azure-path-fix: get client secret from k8s secret #1058
OCPBUGS-34668: pkg/storage/s3: use force path style in favour of virtual hosted style config #1051
OCPBUGS-33409: azurepathfix: check if platform status is nil before accessing it #1033
OCPBUGS-32450: azure-path-fix: support auth via account key (without clientID) #1023
OCPBUGS-31857: bump aws-sdk-go from v1.44 to v1.50 #1018
OCPBUGS-28989: pkg/storage/s3: enable bucket key on encryption settings #995
OCPBUGS-29755: azurepathfix: fix stack hub, government and workload identity setup #1005
OCPBUGS-29604: move azure storage blobs from docker back into /docker #1001
OCPBUGS-22127: increase storage account key cache expiration #941
OCPBUGS-20710: mitigate effects of rapid reset #942
Full changelog

cluster-ingress-operator

OCPBUGS-36467: Allow operator to update Route spec.subdomain #1101
OCPBUGS-36555: Implement connect timeout tuning option #1105
OCPBUGS-36461: Add Regexp Anchor to TestAll #1098
OCPBUGS-35399: Internal service changed: fix target port logic #1086
OCPBUGS-34973: TestHostNetworkPortBinding: Delete t.Parallel() #1077
OCPBUGS-34410: Don’t add clientca-configmap finalizer if deleting #1063
OCPBUGS-34407: Use centos7 tag for quay.io/centos7/httpd-24-centos7 image #1061
OCPBUGS-20800: Bump golang.org/x/net for CVE-2023-44487 #986
Full changelog

cluster-kube-apiserver-operator

OCPBUGS-31354: add SNO control plane high cpu usage alert #1707
OCPBUGS-33930: add a controller that reconciles SCCs’ volumes #1681
OCPBUGS-31506: Add sno section to alert description #1658
OCPBUGS-31316: add provider name to cluster_infrastructure_provider when external platform #1657
OCPBUGS-29722: webhookcontroller: report when a webhook resource is missing a caBundle provided by the service-ca-operator #1650
OCPBUGS-29722: webhookcontroller: report when a webhook resource is missing a caBundle provided by the service-ca-operator #1646
OCPBUGS-25384: psa cluster fleet evaluation #1600
: OCPBUGS-24022: Add workload partitioning annotation #1590
: OCPBUGS-20898: bump library-go to include switch to HTTP/1.1 #1569
OCPBUGS-22718: [release-4.14] OCPBUGS-20331: manifests: rename API performance dashboard #1570
Full changelog

cluster-kube-cluster-api-operator

[release 4.14] OCPBUGS-20999: Bump golang.org/x/net to v0.17.0 #27
Full changelog

cluster-kube-controller-manager-operator

OCPBUGS-28247: Remove “include.release.openshift.io/ibm-cloud-managed:” annotation #791
OCPBUGS-27063: bump(library-go)=release-4.14 #787
OCPBUGS-21088: Bump deps to address CVE-2023-44487 [4.14] #764
Full changelog

cluster-kube-scheduler-operator

OCPBUGS-27022: bump(library-go)=release-4.14 #527
OCPBUGS-21737: bump(k8s,openshift) to address CVE-2023-44487 #504
Full changelog

cluster-kube-storage-version-migrator-operator

: OCPBUGS-21371: bump library-go to include switch to HTTP/1.1 #96
Full changelog

cluster-machine-approver

OCPBUGS-28745: Increase concurrent reconciles to 10 #228
OCPBUGS-23150: Filter non node CSRs in metrics #209
OCPBUGS-21468: Bump x/net package to v0.17.0 #206
Full changelog

cluster-monitoring-operator

OCPBUGS-43916: Add runbook url for TelemeterClientFail… #2510
OCPBUGS-43678: Remove temporary no more needed code #2496
OCPBUGS-42603: Exclude windows nodes from kubelet servicemonitor #2489
OCPBUGS-41916: filter alerts sent to Telemeter #2473
OCPBUGS-39176: Backport #2441 for 4.14 #2449
OCPBUGS-37468: Backport of PR #2384 #2433
OCPBUGS-36565: add runbook_url annotations #2407
OCPBUGS-37296: Making sure proxy settings are correctly forwarded in the generated remote write configs #2415
OCPBUGS-36416: inject trusted CA bundle into UWM Alertmanager #2402
OCPBUGS-34023: fix KRP permissions for Thanos Querier #2374
OCPBUGS-33585: fix Thanos ruler alert generator url #2345
OCPBUGS-28768: fix generation of telemeter token hash #2304
OCPBUGS-27471: prevent plugin entry assets from caching #2241
OCPBUGS-25800: Wait for 3 (instead of 2) consecutive failing reconcil… #2216
OCPBUGS-27418: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to 0.44.0 #2239
OCPBUGS-25799: Detect ipv4/ipv6 socket in pod ip for nginx conf #2215
OCPBUGS-25387: Add RHACM telemetry metric for 4.14 #2202
OCPBUGS-21473: Set the new –disable-http2 flag for prometheus-adapter to disable HTTP2 #2147
OCPBUGS-22917: jsonnet: pin commits #2143
OCPBUGS-22734: [release-4.14] add RHACS telemetry metrics #2137
OCPBUGS-21264: [release-4.14] fix: force HTTP/1.1 connections #2130
Full changelog

cluster-network-operator

OCPBUGS-43821: manifests/02-cncc-credentials: Set skipServiceCheck for GCP #2546
OCPBUGS-39086: Fix wait logic for IPsec certificate signing request #2481
OCPBUGS-41508: Tighten the permissions on whereabouts.conf #2493
OCPBUGS-42021: Add proxy env vars to onvkube-node #2505
OCPBUGS-38440: [release-4.14] 4.14 subnet config #2473
OCPBUGS-37221: Ensure that the node-identity webhook address contains colons for IPv6 #2440
OCPBUGS-38073: Fix IC distributed control plane alerts #2463
OCPBUGS-37468: Backport ipsec state metric #2444
OCPBUGS-32706: Add conditions for ignored-namespaces #2380
OCPBUGS-36722: update whereabouts crd #2434
OCPBUGS-34885: [release-4.14] Fix 4.13->4.14 upgrade with ipsec enabled #2390
OCPBUGS-27925, OCPBUGS-30579: [release-4.14] tighten conditions for the state transitions in IC upgrade #2207
OCPBUGS-30021: Fully disable network-node-identity on ROKS #2315
OCPBUGS-31669: [release-4.14] ensure local networking deployments within hypershift use the client side load balancer to be resilient to control plane node failures #2311
OCPBUGS-31360: Remove egressip write permissions from ovn-kubernetes-node #2320
OCPBUGS-30021: [release-4.14] Disable network-node-identity on ROKS #2286
OCPBUGS-30100: ipsec: fix openssl typo #2287
OCPBUGS-29168: add env var in whereabouts-reconciler daemonset #2257
OCPBUGS-26573: Improve troubleshooting IC upgrades #2076
OCPBUGS-29033: network node identity: tolarate all taints #2248
OCPBUGS-18281: only 2 master nodes are required for ovn-kubernetes #2154
OCPBUGS-29300: Update ingressconfig_controller to use field Manager #2266
OCPBUGS-28608: fix whereabouts conformance test failures #2235
NO-JIRA: add kyrtapz as reviewer and approver for release 4.14 #2228
OCPBUGS-27858: [release-4.14] Add ConfigMap mount to the whereabouts-reconciler DaemonSet #2219
OCPBUGS-27013: HyperShift, network-node-identity: Check the deployment in the management cluster #2195
OCPBUGS-24326: adminpolicybasedexternalroutes CR accepts an invalid IP address #2196
OCPBUGS-24037: remove all managed fields used by old manager #2112
OCPBUGS-24320: Add apbroute/status patch rights for ovnkube-node to update status #2143
OCPBUGS-22787, OCPBUGS-22788, OCPBUGS-22789: ovnkube: container scripts cleanup #2090
OCPBUGS-23371: hypershift, hosted clusters: enable multi-homing and multi-net features #2117
OCPBUGS-21717: Bump golang.org/x/net and github.com/openshift/library-go #2122
OCPBUGS-24633: ipsec add pluto restart #2152
OCPBUGS-22363: Added HCP label to CNO pods #2081
OCPBUGS-22286: hypershift: adjust backoff on infrastructure name retry #2078
OCPBUGS-23011: Block upgrades to 4.15 with Kuryr #2096
OCPBUGS-23315: set automountServiceAccountToken to false for hypershift managed network-node-identity deploy #2107
OCPBUGS-19897: HyperShift: Use the local konnectivity proxy when checking proxy readiness #2043
Full changelog

cluster-node-tuning-operator

OCPBUGS-44283: right-hand-side profile_dirs take precedence (#1210) #1210
OCPBUGS-42567: Add cluster-wide proxy env file (#1176) #1176
TuneD prior to kubelet in one-shot mode (#1137) #1137
OCPBUGS-37754: Remove tuned/rendered object (#1133) #1133
OCPBUGS-37734: Backport fix for OCPBUGS-36355 (#1126) #1126
OCPBUGS-33929: Negative net interface name does not reduce queues (#1074) #1074
Add a ‘.snyk’ to silence static code analysis warnings (#1002) #1002
OCPBUGS-30153: fix rendering extra ctrcfgs (#978) #978
fix extra-reboot on upgrade with paused mcp worker (#1053) #1053
OCPBUGS-31694: E2E: Workload hints test cases fixes (#1012) (#1052) #1012
Systemd processes not being moved to cpuset/systemd.slice fix (#1040) #1040
Reduce number of reboots in offline tests (#1035) #1035
OCPBUGS-30507: Add performance real time tuned template (#984) (#1025) #984
Report duplicate priority only for multiple matching profiles (#1018) #1018
Scheduler plugin: ignore IRQs (#1023) #1023
irqbalance: set banned cpus list to 0 (#994) #994
OCPBUGS-18640: [release-4.14][manual] backport performance profile owner reference ehnancements (#989) #989
rps: fail silently when rps application failed (#901) #901
OCPBUGS-25982: E2E: Add tests for Dynamic ovs pinning (#904) (#913) #904
OCPBUGS-26003: E2E: PPC Test cases (#905) #905
Make MC names deterministic (#903) #903
OCPBUGS-25671: rps: fix mask update for SR-IOV devices (#891) #891
OCPBUGS-18640: Fix Racing Machine Configs and add Day 0 Support (#854) (#871) #854
OCPBUGS-24638: Do not set default RPS sysctl twice (#880) #880
OCPBUGS-21845: rps: trigger udev event per queue #832 (#832) #832
OCPBUGS-21845: e2e:rps: improve logging (#831) #831
render: change dir path (#826) #826
Disable HTTP/2 for webhook and metrics servers (#841) #841
Remove obsolete protocols and weak ciphers (#835) #835
Full changelog

cluster-olm-operator

OCPBUGS-25481: NO-ISSUE: Bump k8s.io/apiextensions-apiserver #41
OCPBUGS-22581: [release-4.14] OCPBUGS-24652: Bump k8s dependencies #38
Full changelog

cluster-openshift-apiserver-operator

OCPBUGS-28247: Remove “include.release.openshift.io/ibm-cloud-managed:” annotation #570
: OCPBUGS-20724: bump library-go to include switch to HTTP/1.1 #554
Full changelog

cluster-openshift-controller-manager-operator

OCPBUGS-33295: Update opentelemetry to mitigate CVE-2023-47108 #344
OCPBUGS-28951: Replace ‘coreydaley’ with ‘sayan-biswas’ in OWNERS file #328
OCPBUGS-23490: Remove blockage of ConfigObserver by build informer has synced flag #318
OCPBUGS-20818: bump(k8s,openshift) to address CVE-2023-44487 [4.14] #309
Full changelog

cluster-policy-controller

OCPBUGS-21122: bump(k8s,openshift) to address CVE-2023-44487 [4.14] #139
Full changelog

cluster-samples-operator

OCPBUGS-21217: CVE-2023-39325 ose-cluster-samples-operator-container:golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) #539
OCPBUGS-22257: Sync library to remove invalid dockerhub references for OKD #520
Full changelog

cluster-storage-operator

OCPBUGS-33467: Fix problem-detector proxy setting #472
OCPBUGS-30054: Update AWSCSIDriverConfigSpec fields validation to accept all curren #462
OCPBUGS-28988: Allow vSphere CSI driver to be disabled #449
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #416
OCPBUGS-23210: [IBM ROKS] cluster-storage-operator does not set upgradeable=True #419
Full changelog

cluster-update-keys

OCPBUGS-43628: keys: Update Red Hat keys to use SHA256 signatures #66
OCPBUGS-10126: Updating ose-agent-installer-orchestrator images to be consistent with ART #48
Full changelog

cluster-version-operator

OCPBUGS-30878: install/0000_90_cluster-version-operator_02_servicemonitor: Drop $ from ${{ #1040
OCPBUGS-27822: Revert “[release-4.14] OCPBUGS-27175: clusterOperatorBuilder: Reconcile metadata on COs” #1028
OCPBUGS-27175: clusterOperatorBuilder: Reconcile metadata on COs #1021
OCPBUGS-27048: pkg/payload/precondition/clusterversion/rollback: Allow previous version within z-stream #1018
OCPBUGS-26207: pkg/cvo/availableupdates: Only bump LastAttempt on Cincinnati pulls #1016
OCPBUGS-20762: [4.14] Bump http-related deps #986
Full changelog

console

OCPBUGS-42962: Need to allow blank for Project/namespace when setting SA Subject in ‘Project access tab’ #14386
OCPBUGS-43000: List of default Camel K event sources disappears when adding a custom event source #14388
OCPBUGS-36558: Increase login flow state paramater length/entropy #14439
OCPBUGS-10337: Updating openshift-enterprise-console images to be consistent with ART #12760
OCPBUGS-42518: The filepath including leading slash makes error during parsing devfile using Gitlab #14342
OCPBUGS-42517: Values entered into the Instantiate Template form are automatically cleared #14341
OCPBUGS-42757: Switch to use annotations as labels from PipelineRuns created through Pipelines as Code is deprecated #14369
OCPBUGS-38883: Fix password set to Secret created through Start Pipeline form #14184
OCPBUGS-37353: Import from Git allow users to import an app with Build option Pipeline also when no Pipeline is available #14108
OCPBUGS-41836: DeploymentConfigs deprecation info alert should not present on the Edit deployment page #14281
OCPBUGS-39389: Edit the secret and add the Chinese in the web-console, garbled characters will be displayed #14231
OCPBUGS-41581: Increased max nodes limit to 200 in topology page #14262
OCPBUGS-38972: Redirects to new PipelineRun logs URL from old PipelineRun logs URL #14234
OCPBUGS-38053: fix BMH restart annotation #14109
OCPBUGS-33748: Fix Pipeline details page with when expression using CEL expression #13856
OCPBUGS-32499: Fixed some problems in topology Chinese translation text #13779
OCPBUGS-33942: make sure folder is encapsulated with quotas #13869
OCPBUGS-35723: Upgrade Pipeline trigger resources to v1beta1 #13985
OCPBUGS-33558: Display “With Data upload form” in Create PVC drop down once #13840
OCPBUGS-33064: Fix PipelineRun Logs tab navigation #13673
OCPBUGS-33321: Helm Plugin’s Catalog incorrectly renders a single index entry into multiple tiles #13824
OCPBUGS-33635: restrict Masthead logo to max-height to 60px #13847
OCPBUGS-33640: Add visual connector between VMs and non VMs workloads #13848
OCPBUGS-33462: fix issues with Edit Route form #13831
OCPBUGS-33110: change OperatorHub filter FIPS Mode to Designed for FIPS #13804
OCPBUGS-32697: Routes created by devfiles do not always use HTTPS #13787
OCPBUGS-21799: Fix empty editor error #13256
OCPBUGS-32168: fix bug where paused MCPs were incorrectly unpausing w… #13753
OCPBUGS-20173: Console should not panic when no response is retrieved for plugin assets #13217
OCPBUGS-31388: Application creation fail when manually entering input scaling value in local setup #13697
OCPBUGS-31394: PipelineRuns in Console show wrong status or load indefinitely #13698
OCPBUGS-31864: Fix config ini format #13738
OCPBUGS-25145: fix vCenter cluster being empty #13436
OCPBUGS-28746: fix bug where Expand PVC modal assumes pvc.spec.resou… #13558
OCPBUGS-29783: Fix operands list endpoint #13625
OCPBUGS-29813: Release 4.14 backports #13646
OCPBUGS-29813: Addition of optional chaining to prevent yaml crash #13541
OCPBUGS-25274: Add support for Azure Workload Identity / Federated Identity based in… #13642
OCPBUGS-28972: Add flags checks to hide Pipeline static plugin List and details pages #13572
OCPBUGS-27898: Add support for custom segment domains (to load JS and make API calls) #13540
OCPBUGS-29349: Error in displaying BuildRun logs in Console #13601
OCPBUGS-29100: Pipeline Name gets changed to “new-pipeline” on the Edit Pipeline YAML/Builder #13585
OCPBUGS-29239: Add a new allowInsecure option to the internet proxy #13592
OCPBUGS-28990: update check for the ‘provider’ label on the PackageMa… #13573
OCPBUGS-27157: add additional check to determine if file is binary #13507
OCPBUGS-28635: Bump graphql-go to v1.3.0 #13553
OCPBUGS-27305: Copy response code from proxied plugin requests #13517
OCPBUGS-27851: fix bug where Clone PVC modal assumes pvc.spec.resourc… #13537
OCPBUGS-27350: Add Pipeline metrics tab using plugin #13520
OCPBUGS-26171: Set unlimited line width in YAML editor #13482
OCPBUGS-24640: Strip ‘Server’ header from proxy response #13423
OCPBUGS-25997: change Alertmanager form to create using matchers inst… #13478
OCPBUGS-24349: Fix crash when ArtifactHub Task has no version #13399
OCPBUGS-25397: fix runtime error on Node details Overview when Machin… #13446
OCPBUGS-23771: Fix for yaml editor that crashes with MCE and ACM plugins enabled #13360
OCPBUGS-24667: Fix plugin proxy handler #13425
OCPBUGS-24474: S2I Build Wizard should check for Containerfile in addition to Dockerfile #13415
OCPBUGS-24432: fix filtering issues on Events #13413
OCPBUGS-24352: add access review for impersonate #13400
OCPBUGS-22240: Save also the location.search and .hash values in localStorage to restore them after login #13270
OCPBUGS-24293: ConsolePlugin metrics must no longer be grouped by the vendor #13391
OCPBUGS-24423: Searching for items in quick search is confusing #13412
OCPBUGS-22375: Delete results.tekton.dev annotations before rerun the pipelineRun #13278
OCPBUGS-22478: Extra space is in the translation text(Chinese) of ‘Create rolebinding’ and ‘replicate rolebinding’ #13290
OCPBUGS-24196: ApiVersion displayed on console is v1alpha1 whereas we support v1beta1 #13402
OCPBUGS-23423: Cannot Edit Shipwright Build #13343
OCPBUGS-22980: remove expandable toggle for conditional update risk d… #13308
OCPBUGS-22374: Telemetry- Current page was sometimes not tracked when reloading the current page #13277
OCPBUGS-22177: Channel page shows “Required” message for the default name when navigate to create channel page #13262
OCPBUGS-19371: Upgrade DomainMapping apiVersion to v1beta1 #13165
OCPBUGS-19416: Correct logout process #13173
OCPBUGS-22285: updating doc links for 4.14 GA #13273
OCPBUGS-19845: mock apis for git repo in test serverless function tests #13199
OCPBUGS-22460: Fix the forms when BC is not installed in the cluster #13288
OCPBUGS-21877: add support for new features annotations while preserv… #13258
OCPBUGS-22377: Fixed Edit Application form for Knative Services #13279
Full changelog

console-operator

OCPBUGS-31916: use InfrastructureTopology for clusters using external CP as the console deploys on the worker nodes #885
OCPBUGS-21029: Bump library-go and golang.org/x/net #850
OCPBUGS-23968: Disable route controller health check for NLB setup #817
OCPBUGS-24293: ConsolePlugin metrics must no longer be grouped by the vendor #820
OCPBUGS-22274: Disable HTTP/2 for webhook #803
OCPBUGS-20480: Reset console operator’s conditions #797
Full changelog

container-networking-plugins

OCPBUGS-33066: macvlan enable ipv6 ndisc_notify #160
OCPBUGS-20374: build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 [backport 4.14] #129
Full changelog

coredns

OCPBUGS-37467: UPSTREAM: 6354: openshift: key cache on Checking Disabled (CD) bit #126
OCPBUGS-28200: UPSTREAM: 6277: openshift: Fix OCPBUGS-28200 #114
OCPBUGS-21067: UPSTREAM: <carry>: openshift: address CVE-2023-39325 #100
Full changelog

csi-driver-manila, openstack-cinder-csi-driver, openstack-cloud-controller-manager

manage-security-groups: Only add SGs to LB members (#2455) #2455
Fix protocol case mismatch (tcp vs TCP) (#2320) #2320
Get IP addresses of neutron subports (#2306) #2306
Make manage-security-groups work with OVN (#2291) #2291
Delete sgs on reconfiguration (#2305) #2305
Optimize applyNodeSecurityGroupIDForLB() (#2293) #2293
Remove unused manila code (#2299) #2299
Use instanceIDFromProviderID() function (#2302) #2302
Remove filtering by device_owner. (#2304) #2304
Allocate array capacity in advance (#2297) #2297
Corrected the grammar (#2301) #2301
Delete unused SG rules with manage-security-groups (#2287) #2287
Improved the grammar in sidecarcompatibility.md (#2292) #2292
Added comments and arranged the variable names (#2290) #2290
occm cinder-csi securityContext (#2286) #2286
fixed Grammatical mistakes in barbican-kms-plugin (#2289) #2289
efactors and enhances the codebase of the cinder csi plugin (#2288) #2288
Wait for LB to be ACTIVE on HM update (#2280) #2280
(barbican-kms-plugin)Refactor and enhance Barbican KMS plugin codebase. (#2278) #2278
Fixed the typo in the load balancing section in the README (#2232) #2232
Fix image tag in manila csi e2e test (#2244) #2244
enable secret injection and common annotations (#2264) #2264
Update to gophercloud 1.4.0 (#2265) #2265
Replace call to Nova os-interfaces with direct Neutron call (#2250) #2250
add secret enabled option (#2239) #2239
Fix CSI spec versions (#2254) #2254
LoadBalancers: Remove dead SG code (#2248) #2248
Make ensureSecurityRule() safely idempotent (#2249) #2249
shrink image, remove unnecessary utils (#2233) (#2238) #2233
Doc: update statement about neutron lbaas removeal (#2236) #2236
add environment variable for timeout (#2235) #2235
Increase timeout for LB to get to ACTIVE state (#2223) #2223
Ignore proxies when calling Nova Metadata (#2218) #2218
add priorityClassName to openstack-cloud-controller-manager helm chart (#2210) #2210
Do not default Octavia provider to “octavia” (#2208) #2208
retry ubuntu image download on temp error (#2507) #2507
update k8s.io/kubernetes to v1.27.8 in go.mod (#2497) #2497
fix: octavia tlsContainerRef validation for barbican secrets (#2460) #2460
Use standard service account name in OCCM helm chart (#2448) #2448
1.27.3 release (#2427) #2427
Make sure we don’t mask LB tests failures and fix what was failing (#2360) (#2367) #2360
Full changelog

csi-driver-manila-operator

OCPBUGS-25657: Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #219
OCPBUGS-23443: Fix selector for manila-csi-driver-controller-metrics service #211
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #209
Full changelog

csi-driver-shared-resource, csi-driver-shared-resource-webhook

OCPBUGS-28952: Replace ‘coreydaley’ with ‘sayan-biswas’ in OWNERS file #167
OCPBUGS-25069, OCPBUGS-26309, OCPBUGS-26323: add snyk config file for SAST scan #163
OCPBUGS-23111: Should reference configmaps instead of secrets #152
Full changelog

csi-driver-shared-resource-operator

OCPBUGS-28957: Replace ‘coreydaley’ with ‘sayan-biswas’ in OWNERS file #103
OCPBUGS-26312: add snyk config file for SAST scank #97
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #91
Full changelog

csi-external-provisioner

OCPBUGS-35112: CVE-2023-48795: bump golang.org/x/crypto to v0.17.0 #99
Full changelog

csi-external-snapshotter, csi-snapshot-controller, csi-snapshot-validation-webhook

OCPBUGS-29433: cherry-pick:release-4.14: OCPBUGS-29244 Update VolumeSnapshot and VolumeSnapshotContent using JSON patch #142
Full changelog

docker-builder

BUILD-854: Add adambkaplan as approver #404
OCPBUGS-28949: Replace ‘coreydaley’ with ‘sayan-biswas’ #379
OCPBUGS-23006: Add -p flag to cp command to preserve timestamps #370
OCPBUGS-20726: [release-4.14] Bumping golang.org/x/net #362
Full changelog

docker-registry

OCPBUGS-31857: vendor: bump aws-sdk-go to support ca-west-1 #397
OCPBUGS-29604: vendor: bump distribution to fix azure storage path bug #394
OCPBUGS-22826: Allow ICSP IDMS coexisting #385
Full changelog

egress-router-cni

OCPBUGS-35143: update to go 1.19 and k8s.io mods to v0.27.4 #87
Full changelog

etcd

OCPBUGS-32813: Revert “Merge pull request #261 from Elbehery/rebase-etcd-3.5.13-open… #265
OCPBUGS-31650: Rebase etcd 3.5.13 openshift 4.14 #261
OCPBUGS-28733: Rebase etcd 3.5.12 openshift 4.14 #244
OCPBUGS-24939: Rebase etcd 3.5.11 openshift 4.14 #235
OCPBUGS-22727: [4.14] Rebase openshift/etcd to 3.5.10 #226
OCPBUGS-21221: Carrying fixes for CVE-2023-44487 #222
Full changelog

gcp-cloud-controller-manager

OCPBUGS-21321: Bump golang.org/x/net to v0.18.0 #42
Full changelog

gcp-cluster-api-controllers

OCPBUGS-17290, OCPBUGS-21417: Bump golang.org/x/net to v0.17.0 #203
Full changelog

gcp-pd-csi-driver-operator

OCPBUGS-25657: Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #107
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #96
Full changelog

haproxy-router

OCPBUGS-32634: Properly handle rewrite-target annotation #583
OCPBUGS-33797: Reject routes with MD5 certs #598
OCPBUGS-33389: Count active services before setting weight to 1 #592
OCPBUGS-30773: OCPBUGS 6958 backport to 4.14 #568
OCPBUGS-32437: Introduce ‘idle-close-on-response’ option for frontends #580
OCPBUGS-21134: Bump golang.org/x/net to v0.17.0 to address CVE-2023-39325 #530
Full changelog

hyperkube, pod

OCPBUGS-39413: Return from EnsureHostInPool on all NIC errors #2073
: OCPBUGS-38959: Upstream: 115702 kubelet: output log even file is rotated #2060
NO-JIRA: update downstream owners #2051
OCPBUGS-37623: Bump to Kubernetes v1.27.16 #2043
OCPBUGS-35553: Disable vulncheck #2010
OCPBUGS-35553: Bump k8s 1.27.15 #1992
OCPBUGS-33964: UPSTREAM: 123055: Fix race condition between resizer and kubelet #1973
UPSTREAM: <carry>: OCPBUGS-32473: fix cpu manager cpuset check #1951
OCPBUGS-33712: Bump to Kubernetes v1.27.14 #1970
OCPBUGS-33417: Provide SCC access via RBAC #1965
OCPBUGS-14373: Fix flaky HPA e2e tests by not failing on context cancelled (#117669) #1958
OCPBUGS-32580: allow override of NewVolumeManagerReconstruction #1956
OCPBUGS-32309: Bump K8s api to 1.27.13 #1950
OCPBUGS-29924: UPSTREAM: <carry>: openshift-kube-apiserver: add kube-apiserver patches #1898
OCPBUGS-31504: Bump to 1.27.12 #1927
OCPBUGS-31741: 4.14: UPSTREAM: 124048: Use the right feature gate when updating uncertain volumes #1936
Address CVE #12
OCPBUGS-30964: Set up CEL IP/CIDR library from 4.14 onwards #1913
OCPBUGS-29662: Update to kubernetes 1.27.11 #1890
OCPBUGS-27347: UPSTREAM: <carry>: Update management webhook pod admission logic #1855
OCPBUGS-27369: Update to kubernetes 1.27.10 #1860
OCPBUGS-25813: Fix uncertain device in 4.14 #1830
UPSTREAM: 117349: OCPBUGS-19431: Bump lumberjack.v2 v2.0.0 -> v2.2.1 #1552
OCPBUGS-26006: Update to Kubernetes 1.27.9 #1838
OCPBUGS-23566: followup to #1808 #1813
OCPBUGS-23566: Update to kubernetes 1.27.8 #1808
OCPBUGS-23286: UPSTREAM: 121881: Use golang library instead of mklink #1801
OCPBUGS-22861: UPSTREAM: <carry>: support for both icsp and idms objects #1780
Full changelog

hypershift

NO-JIRA: Update Konflux references (release-4.14) #5100
chore(deps): update konflux references (release-4.14) #5076
NO-JIRA: chore(deps): update konflux references (release-4.14) #5055
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.44 (release-4.14) #5056
NO-JIRA: Update Konflux references to fedcfe0 (release-4.14) #5043
chore(deps): update konflux references (release-4.14) #5026
chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.43 (release-4.14) #5021
chore(deps): update konflux references to f53fe54 (release-4.14) #5020
NO-JIRA: Update Konflux references (release-4.14) #5011
OCPBUGS-41701: cmd: report server version, supported OCP #4718
NO-JIRA: chore(deps): update konflux references (release-4.14) #4975
OCPBUGS-43688: Use guest DNS resolution in Konnectivity HTTPS proxy by default #4964
chore(deps): update konflux references (release-4.14) #4953
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.42 (release-4.14) #4948
OCPBUGS-43368: Let payload generation pick the release for the NodePool #4913
NO-JIRA: chore(deps): update konflux references (release-4.14) #4934
NO-JIRA: chore(deps): update konflux references to 66f551f (release-4.14) #4924
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.41 (release-4.14) #4917
NO-JIRA: chore(deps): update konflux references to 674e70f (release-4.14) #4910
NO-JIRA: chore(deps): update konflux references (release-4.14) #4898
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.40 (release-4.14) #4879
NO-JIRA: chore(deps): update konflux references to 37b9187 (release-4.14 #4851
OCPBUGS-42533: enable audit log for oauth-openshift #4822
chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v1.21.13 (release-4.14) #4794
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.39 (release-4.14) #4828
NO-JIRA: chore(deps): update konflux references (release-4.14) #4813
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.38 (release-4.14) #4805
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9 (release-4.14) #4788
chore(deps): update registry.access.redhat.com/ubi9-minimal docker tag to v9.4-1227.1726694542 (release-4.14) #4758
chore(deps): update squidfunk/mkdocs-material docker tag to v8.5.11 (release-4.14) #4784
OCPBUGS-41374: CPO oauth idp converter: resolve names before dialing #4763
NO-JIRA: chore(deps): update konflux references to 5ac9b24 (release-4.14) #4783
chore(deps): update konflux references to 2c3426a (release-4.14) #4773
NO-JIRA: chore(deps): update konflux references (release-4.14) #4757
OCPBUGS-42221: Make guest cluster components use the correct KAS port #4753
OCPBUGS-38060: Add HTTP konnectivity proxy to OAuth server #4498
OCPBUGS-38066: [release-4.14] Use HTTP proxy for ingress controller #4724
NO-JIRA: Security fixes for openshift-ci-security job #4752
OCPBUGS-42184: copy image-registry AdditionalTrustedCA configmap into HC openshift-config #4747
OCPBUGS-41506: fix: bump google.golang.org/protobuf #4687
HOSTEDCP-1957: bump go-jose version #4698
OCPBUGS-39378: Set KCM node monitor grace period #4659
chore(deps): update konflux references (release-4.14) #4683
OCPBUGS-39183: fix: bump github.com/IBM/go-sdk-core/v5 #4626
NO-JIRA: Add PodDisruptionBudget for router deployment #4692
NO-JIRA: Revert “Merge pull request #4661 from jparrill/bp-4.14/OCPBUGS-24308” #4667
NO-JIRA: PDB backports #4661
NO-JIRA: Konflux migration 4.14 #4648
OCPBUGS-39230: set proxy envvars on aws CCM #4638
OCPBUGS-38791: Let the CPO oidc check resolve through data plane #4617
NO-JIRA: Flaky cert validation test #4633
HOSTEDCP-1897: [release-4.14] Allow setting Kube APIServer maximum requests in flight #4553
OCPBUGS-37076: Fixed audit-logs sigterm failing to terminate gracefully #4369
OCPBUGS-38624: remove weak ciphers from security profile #4575
OCPBUGS-37173: Add newline after TLS certs referenced by image.config #4471
OCPBUGS-37172: OCPBUGS-35899: Doubled machineHealthCheck timeout on Agent and None #4490
OCPBUGS-36944: [release-4.14] Add HTTP(s) konnectivity proxy and use it with OpenShift APIServer #4360
HOSTEDCP-1795, HOSTEDCP-1796: Customize the self-generated cert validity and rotation #4473
OCPBUGS-37175: Delete IDMS in dataplane once HCP ICS field is removed #4472
NO-JIRA: Konflux mce-2.4 pipeline fixes #4464
NO-JIRA: [release-4.14] OCPBUGS-36297: kubevirt-csi-driver: Pass infra kubeconfig in case of external infra #4288
NO-JIRA: [release-4.14] test/e2e: remove api budget checks #4438
NO-JIRA: chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v1.21.11-2 (release-4.14) - abandoned #4363
NO-JIRA: Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.21.10-1.1719562237 (release-4.14) - abandoned #4326
NO-JIRA: Update registry.access.redhat.com/ubi9-minimal Docker tag to v9.4-1134 (release-4.14) - abandoned #4325
OCPBUGS-36518: Run haproxy to connect to kas from data plane if noproxy settings contain kas #4315
OCPBUGS-36159: Generate default worker security group rules based on machineCIDR #4270
OCPBUGS-35549: Restrict image registry overrides to control plane component #4223
OCPBUGS-35365: fix router on 4.14 y-stream upgrade #4205
NO-JIRA: chore(deps): update konflux references (release-4.14) #4257
OCPBUGS-35401: Fix disconnected metadata inspection for nodepool #4208
OCPBUGS-35482: Add TrustedBundles to OAS container #4216
OCPBUGS-35290: [release-4.14] Backport etcd defrag #4189
NO-JIRA: chore(deps): update konflux references (release-4.14) #4248
OCPBUGS-35183: add AWS STS URL to OIDC provider audiences #4179
NO-JIRA: hack: make the e2e script generic #4201
chore(deps): update konflux references to 2be7c9c (release-4.14) #4225
NO-JIRA: Update Konflux references to 1025001 (release-4.14) #4181
NO-JIRA: chore(deps): update konflux references (release-4.14) #4168
OCPBUGS-34856: [release-4.14] OCPBUGS-34855: Add new permission required in CAPA #4149
NO-JIRA: test/e2e: fix prometheus serviceaccount handling against 4.16+ #4159
NO-JIRA: chore(deps): update rhtap references (release-4.14) #4112
NO-JIRA: chore(deps): update rhtap references to 9aec3ae (release-4.14) #4073
NO-JIRA: Remove CLI inspection of release image #4061
OCPBUGS-33713: Reconcile over ICSP/IDMS #4059
NO-JIRA: chore(deps): update rhtap references to 7cd8020 (release-4.14) #4065
OCPBUGS-33844: Fix disconnected metadata inspection #4049
OCPBUGS-33843: Recycler-pod image now points to the OCP Payload reference #4048
NO-JIRA: chore(deps): update rhtap references (release-4.14) #4040
HOSTEDCP-1480: Update TLS cert hash creation with sha512 #4025
NO-JIRA: Update RHTAP references (release-4.14) #3995
HOSTEDCP-1552: Update RHTAP tekton files for 0.3 -> 0.4 migration #3958
OCPBUGS-33105: [release-4.14] remove PrivateIngressController cleanup #3960
OCPBUGS-32471: Fix ICSP and IDMS inclusion as registriesOverrides #3912
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3920
OCPBUGS-32221: Added support for OLM Disable default sources on HC creation #3882
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3903
NO-JIRA: [4.14] [e2e test framework] Add a flag to add an annotation to Hosted Cluster #3905
HOSTEDCP-1526: [release-4.14] Support additional node selectors for request serving nodes #3898
chore(deps): update rhtap references (release-4.14) #3888
NO-JIRA: Update RHTAP references (release-4.14) #3874
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3869
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3858
NO-JIRA: Update RHTAP references (release-4.14) #3836
OCPBUGS-31657: disable http2 for ignition server and proxy #3831
OCPBUGS-31605: inject built-in MCP selector for KubeletConfigs and ContainerRuntimeConfigs #3826
HOSTEDCP-1322: NodeUpgradeType defaulted by provider #3822
NO-JIRA: Update RHTAP references (release-4.14) #3813
OCPBUGS-31417: honor HC image configuration #3806
OCPBUGS-23914: Added OLMCatalogPlacement option to the CLI #3229
OCPBUGS-30211: set Konnectivity cipher suites #3679
chore(deps): update rhtap references (release-4.14) #3792
OCPBUGS-31048: [4.15] HCP deletion can get stuck if CPO is unable to delete the default worker security group #3771
HOSTEDCP-1488: Use regionalized STS endpoints in AWS #3756
NO-JIRA: Update RHTAP references (release-4.14) #3755
chore(deps): update rhtap references (release-4.14) #3739
OCPBUGS-30596: Bump golang.org/x/net to version v0.17.0 #3711
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3706
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3676
NO-JIRA: Update RHTAP references (release-4.14) #3672
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3651
OCPBUGS-29782: use 2040 for apiserver svc in IBM provider #3594
”[release-4.14] OCPBUGS-29259: Fix default release image lookup” #3550
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3620
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3625
OCPBUGS-29094: Make ControllerAvailabilityPolicy immutable #3534
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3604
NO-JIRA: Update RHTAP references (release-4.14) #3591
NO-JIRA: Update RHTAP references (release-4.14) #3519
NO-JIRA: Approvers update #3580
MULTIARCH-4084: Reduce the policy access scope to specific instance #3530
OCPBUGS-29206: Add GC knobs for KAS #3543
OCPBUGS-29187: node spread anti-affinity for HA HCP #3541
OCPBUGS-19956, OCPBUGS-28984, OCPBUGS-28985, OCPBUGS-28986, OCPBUGS-29000: Support Disconnected HCP #3520
OCPBUGS-29030: Add ValidatingAdmissionPolicy to KAS config #3524
HOSTEDCP-1272: Added CLI support to create DualStack clusters using default values #3514
OCPBUGS-28238: consider HCP upgradeable if CVO has no upgradable condition #3468
OCPBUGS-26526: Documented to disable UWM telemetry writer in disconnected envs #3389
OCPBUGS-26526: Disable UWM Telemetry writer when telemeter-client cm not exists #3388
OCPBUGS-27072: Apply Scheduling Configuration for kCCM #3418
NO-JIRA: Update RHTAP references (release-4.14) #3509
OCPBUGS-20180, OCPBUGS-20547: Added network validations #3096
OCPBUGS-23997: add watch for HCP pullsecret to HCCO #3265
OCPBUGS-28249: Required RBAC for network-node-identity is not created when hosted cluster networkType is set to Other. #3485
NO-JIRA: Update RHTAP references (release-4.14) #3447
OCPBUGS-24315: Add prestop to konnectiviy server #3268
OCPBUGS-24307: Set shutdown-delay-duration to 15s #3264
OCPBUGS-21795: change trusted bundle volume mount for CPO #3102
OCPBUGS-25217: Konnectivity agent update strategy #3308
OCPBUGS-26574: Set new condition on SG deletion. #3398
Update RHTAP references (release-4.14) #3402
Update RHTAP references (release-4.14) #3383
OCPBUGS-22360: Validate accessTokenInactivityTimeout >= 300s #3175
OCPBUGS-23936: Use correct kubeconfig in CCM and remove CCMs access t… #3232
OCPBUGS-12720: Updating hypershift images to be consistent with ART #2467
OCPBUGS-24627: unset ServiceAccount on ignition-server-proxy #3295
[Release 4.14] OCPBUGS-24556: Fix a bug on deletion of a hostedcluster #3290
OCPBUGS-24269: add CLI oauthclient #3272
OCPBUGS-23569: Added IPFamilyPolicy to services exposed at the HCP in DualStack mode #3224
HOSTEDCP-1318: external OIDC enablement #3261
OCPBUGS-23747: Added brackets to IPv6 KAS address on kubeconfig #3228
OCPBUGS-24063: fix(cpo): Set restart annotation on network-node-identity #3248
release-4.14, HOSTEDCP-1315: Improve NodePool CPU arch & platform check #3236
OCPBUGS-22676: Make the OLMCatalogPlacement field immutable #3143
OCPBUGS-23558: Let router use svc ips 4.14 #3221
OCPBUGS-19678: Remove cluster name validation from HCC #3040
”[release-4.14] CNV-35326: unsupported escape hatch mechanism custom HS/KV vms” #3202
OCPBUGS-23027: Configure HSTS for kube-apiserver #3169
NO-JIRA: chore(deps): update rhtap references (release-4.14) #3085
OCPBUGS-23142: adding permission to CNO RBAC Calico path for network-node-identity deploy #3182
OCPBUGS-22295: Added brackets to the kubeconfig server address when IPv6 #3117
OCPBUGS-22690: Use the same etcd snapshot for all replicas during etcd restore #3146
OCPBUGS-22959: Update regex validation for nodepool.spec.taints.value #3165
HOSTEDCP-1280: Adjustment cluster-cidr,service-cidr to support dualstack #3162
OCPBUGS-22898: Stop exposing kas on 6443 private route service load balancer #3159
OCPBUGS-22898: Stop defaulting aws private haproxy external port to 6443 #3160
OCPBUGS-19897: Add konnectivity-proxy container to CNO #3058
OCPBUGS-22379: Cluster-policy-controller: add missing RBAC for privileged namespaces PSA syncer controller #3131
OCPBUGS-20526: Align PSA labels on guest cluster namespaces with standalone OCP #3111
Full changelog

ibm-cloud-controller-manager

OCPBUGS-23861: Bump otelgrpc to v0.49.0 #73
OCPBUGS-24665: Add Snyk file to exclude vendor directory on scan #65
OCPBUGS-21149: Bump golang.org/x/net to v0.18.0 #55
Full changelog

ibm-vpc-block-csi-driver

OCPBUGS-36065: CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 #73
Full changelog

ibm-vpc-block-csi-driver-operator

OCPBUGS-36071: CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 #122
OCPBUGS-25657: Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #104
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #91
Full changelog

ibm-vpc-node-label-updater

OCPBUGS-36011: CVE-2024-6104: bump github.com/hashicorp/go-retryablehttp to v0.7.7 #42
Full changelog

ibmcloud-cluster-api-controllers

OCPBUGS-27279: Add Snyk file to exclude vendor directory on scan #76
OCPBUGS-21436: Bump golang.org/x/net to v0.18.0 #63
Full changelog

insights-operator

Add haproxy metric (#999) #999
Add missing permission for GatherClusterIngressCertificates (#984) #984
OCPBUGS-37673: Ingress controller related certificates’ validate dates gathering (#976) #976
OCPBUGS-36475: properly encode the URL for the advisor links (#962) #962
OCPBUGS-36380: Collect aggregated Prometheus Alertmanager instances (#960) #960
OCPBUGS-33193: anonymization - externalIP can be nil (#931) (#933) #931
OCPBUGS-31975: bump golang.org/x/net version (#926) #926
OCPBUGS-32343: fix error message when the data processing was not successful (#833) (#928) #833
Add linting recommendations (#904) #904
gather etcd_server_slow metrics (#902) #902
OCPBUGS-23962: adds helm information gather (#868) (#877) #868
OCPBUGS-23445: DVO gatherer - add retry logic (#861) (#870) #861
OCPBUGS-22958: adds cluster storageclasses gather (#858) (#865) #858
OCPBUGS-21859: remove username & password config options (#843) #843
OCPBGUS-20767: update dependencies (#837) #837
Full changelog

ironic

OCPBUGS-43954, OCPBUGS-43962: Bump python-waitress [4.14] #607
OCPBUGS-39019: Bump ironic-lib to fix utf8 decoding issue #571
OCPBUGS-32266: redfish-virtualmedia fails on XFusion nodes #548
OCPBUGS-37762, OCPBUGS-39382: Include fixes for CVE-2024-44082 #584
OCPBUGS-38508: set min version for python3-webob #555
OCPBUGS-33375: bump werkzeug #537
OCPBUGS-37410: bump jinja2 #530
OCPBUGS-37115: Update eventlet version #524
Bug OCPBUGS-34657: Disable installation of .pyc files through pip #512
METAL-1004: Update ironic-lib to latest release-4.14 commit #492
OCPBUGS-32364: [4.14] remove unused prometheus-exporter #487
OCPBUGS-32169: [4.14] Add hybrid configuration for cachito #482
OCPBUGS-32388: Use unix sockets by default for reverse proxy communication #475
OCPBUGS-32169: [4.14] Add requirements placeholders for cachito #469
OCPBUGS-27773: Update inspector package to fix LLDP unicode error #452
OCPBUGS-27193: Fix Inspector iPXE config for IPv6 addresses #448
OCPBUGS-19884: update Ironic to include secure boot fixes #445
OCPBUGS-23903: Ironic side of external_http_url (METAL-163) is not wired in correctly #429
OCPBUGS-23505: Uplift eventlet version #426
OCPBUGS-23354: Upgrade markupsafe and werkzeug dependencies #421
OCPBUGS-14926: Handle Eject DVD 4.14 #415
OCPBUGS-22253: Use bash process substitution instead of pipe #411
Full changelog

ironic-agent

OCPBUGS-39019: Bump ironic-lib to fix utf8 decoding issue #158
OCPBUGS-39382: Include fixes for CVE-2024-44082 #163
OCPBUGS-33375: set webob and bump werkzeug #151
OCPBUGS-33452: update ironic-lib with latest fixes #133
METAL-1004: Update ironic-lib to latest release-4.14 commit #130
OCPBUGS-32170: [4.14] Add hybrid configuration for cachito #127
OCPBUGS-32170: [4.14] Add placeholders for cachito #124
OCPBUGS-29454: Always add ignition to set hostname on /etc/hostname #109
OCPBUGS-28554: Update to latest ironic-python-agent for bugfixes #107
OCPBUGS-25685: Relax packages requirements #103
OCPBUGS-23751: Update packages with latest fixes #96
Full changelog

k8s-prometheus-adapter

OCPBUGS-21473: Add a toggle to disable HTTP/2 on the server to mitigate CVE-2023-44487 #89
Full changelog

keepalived-ipfailover

OCPBUGS-30414: update unit tests in egress/dns-proxy #173
Full changelog

kube-proxy, sdn

[Release 4.14] OCPBUGS-43484: NP-1092: backport SDN live migration #631
OCPBUGS-20790: update x/net to v0.17.0 #587
Full changelog

kube-rbac-proxy

OCPBUGS-31971: bump golang.org/x/net [4.14] #108
OCPBUGS-20717: http2: trim connetions and buffers, v4.14 #81
Full changelog

kubevirt-cloud-controller-manager

OCPBUGS-23866: deps, bump opentelemetry #38
OCPBUGS-21174: Bump golang.org/x/net to v0.18.0 #37
OCPBUGS-30861: Bump golang.org/x/net to v0.18.0 #36
Full changelog

kubevirt-csi-driver

“OCPBUGS-29792: [release-4.14] Address CVE-2024-1725: Restrict access to infrastructure PVCs by requiring matching infraClusterLabels on tenant PVCs” #34
Full changelog

machine-api-operator

OCPBUGS-43821: install/0000_30_machine-api-operator_00_credentials-request: Set skipServiceCheck again for GCP #1303
CFE-1051: Adding web-hook validation for capacityReservationGroupID #1260
OCPBUGS-31980: Update x/net to v0.25.0 #1236
OCPBUGS-30898: Azure MAO CredentialsRequest Contains Unnecessary virtualMachines/extensions Permissions #1224
OCPBUGS-28745: Set –max-concurrent-reconciles=10 for Azure machine controller #1217
OCPBUGS-28745: Add AddWithActuatorOpts to allow overriding Machine controller options #1214
OCPBUGS-24998: Add Snyk file to exclude vendor directory on scan #1191
OCPBUGS-24047: Update reference URL #1186
OCPBUGS-24047: Use docs URL instead of KCS article #1180
OCPBUGS-17297: [release-4.14] Update x/net to fix CVE #1173
Full changelog

machine-config-operator

OCPBUGS-42111: Do not use ‘restart’ for ‘oneshot’ service #4622
MCO-1278: Backport Telemetry to 4.14 #4672
OCPBUGS-43981: Panic seen in CI job for MCC pod #4671
OCPBUGS-43980: MCPs report wrong number of nodes when we move nodes from one custom MCP to another custom MCP #4673
OCPBUGS-37552: On-Prem resolv prepender to watch for NM changes #4500
OCPBUGS-35322: Decrease logs of haproxy #4405
OCPBUGS-32258: Log network service output to console #4320
OCPBUGS-38371: Revert “MCD-pull: run after network-online.target in Azure” #4526
OCPBUGS-37769: Move StartLimitIntervalSec to Unit section #4521
OCPBUGS-30794: Mount /run/nodeip-configuration into coredns containers #4253
OCPBUGS-37483: Remove weights from ingress check script #4485
OCPBUGS-37738: Openshift uncordoned compute-node that was intentionally cordoned #4502
OCPBUGS-36915: Use NM’s dns-change event for resolv.conf #4473
OCPBUGS-37223: Copy RHEL9 binaries used in HCP #4479
OCPBUGS-36776: daemon: Handle correctly OS Version for 4.1 and 4.2 bootimages #4463
OCPBUGS-36593: MCD-pull: run after network-online.target in Azure #4456
OCPBUGS-36356: daemon/update: disable systemd unit before overwriting #4447
OCPBUGS-32472: Delete state files on reboot only #4331
OCPBUGS-33590: ovs-configure: fix vlan_parent calculation #4361
OCPBUGS-34716: If multiple hostnames are returned, use the first one for the Node name #4385
OCPBUGS-17658: Controller pod is spamming unknown field “spec.dns.spec.platform” message #4383
OCPBUGS-33643: Don’t error if the certs.d dir doesn’t exist yet #4362
OCPBUGS-32341: Remove the condition for checking the multiple ovs-if-br-ex profiles #4325
OCPBUGS-27030: Log network service output to console #4114
: OCPBUGS-31731: kubelet: restorecon necessary files on kubelet’s prestart #4307
OCPBUGS-32260: fix: resources were in the wrong indentation level #4322
OCPBUGS-27108: Add \n in cert_writer for old cert methods and skip cloudCA validation #4117
OCPBUGS-31487: Prevent OVS-configuration to run before kdump #4291
OCPBUGS-29400: Run resolv-prepender entirely async #4182
OCPBUGS-31681: make verify should use MCO’s kube version #4305
OCPBUGS-30992: add preferredduringscheduling annotation to kube-rbac-proxy-crio #4266
OCPBUGS-30872: add static pods for rbacproxy #4258
OCPBUGS-30107: annotate on-prem static pods for workload partitioning #4230
OCPBUGS-30225: set nodeStatusReportFrequency #4242
OCPBUGS-29290: AWS: Always persist the existing node name on 4.14 #4215
OCPBUGS-20039: Add v6-primary dual stack support to VSphere UPI #3956
OCPBUGS-29457: Add existing kubeletconfig/ctrcfg mc-name-suffix annotation #4187
OCPBUGS-26072: Fix bootstrap with NTO Operator and duplicate MachineConfigs #4098
OCPBUGS-28379: fix nodeStatusUpdateFrequency #4149
OCPBUGS-28384: daemon: allow the user to override drains on IR changes #4150
OCPBUGS-27759: Add Image Credential Provider flags for Kubelet on AWS #4144
[OCP 4.14] OCPBUGS-24660: daemon: Add support for new nmstate logic #4066
OCPBUGS-27178: use *resource.Quantity to not automatically set 0 #4121
OCPBUGS-23089: Don’t retry node-ip show in resolv-prepender #4022
OCPBUGS-27362: Fix typo in AWS node env unit #4131
OCPBUGS-26500: crio: drop automatic image cleanup on upgrades #4105
OCPBUGS-26559: Azure Run ovs-configuration.service before dnsmasq.service #4109
OCPBUGS-26551: kubelet: fix kubelet labels #4107
OCPBUGS-24596: [release-4.14] execute cert related processes to ensure proper rotation #4063
OCPBUGS-24397: gcp-routes: don’t exit on crictl failures #4056
OCPBUGS-20554: Ensure gcp-routes hack for internalLB hairpin traffic works for SGW #3973
OCPBUGS-23474: Use shorter IP label for keepalived VIP #4041
OCPBUGS-23208: workaround nmstate bug by configuring ipv{4,6} addresses #4031
OCPBUGS-22275: support icsp and idms objects #3995
OCPBUGS-22391: Require a hostname override for AWS #4001
OCPBUGS-20418: Introduce kubelet-dependencies.target and firstboot-osupdate.target #3967
OCPBUGS-20051: Support to append the duplicate kernel arguments to the rendered MC #3957
OCPBUGS-21065: Update library-go and k8s dependencies to latest version #3994
Full changelog

machine-image-customization-controller

OCPBUGS-24576: configurable ironic agent vlan creation #111
Full changelog

monitoring-plugin

NO-JIRA: [release-4.14] OU-179: Fix the root cause of externalLabels not present on alerts #244
OCPBUGS-44137: upgrade dompurify dependency #243
OCPBUGS-43243: upgrade dynamic plugin sdk to remove vulnerable dependencies 4.14 #219
OU-318: consider all metric keys to display all results on dashboards tables #99
OCPBUGS-24664: disable query link for non metric-based alerts #82
Full changelog

multus-admission-controller

OCPBUGS-42048: Update owners #91
OCPBUGS-21372: Update go.mod for CVE-2023-39325 [Release-4.14] #71
Full changelog

multus-cni

OCPBUGS-35578: Update owners file #243
OCPBUGS-33478: Fix CNI cache update function to prevent nil access #232
OCPBUGS-26331: Fix SAST scan issues for multus-cni-container [4.14] #220
OCPBUGS-21099: Update go.mod for CVE-2023-39325 [Release-4.14] #194
Full changelog

multus-networkpolicy

Update owners (#62) #62
Update vendor package (#40) #40
OCPBUGS-21454: Update go.mod for CVE-2023-39325 (#33) #33
Full changelog

multus-route-override-cni

OCPBUGS-42049: [release-4.15]Update owners #60
Full changelog

multus-whereabouts-ipam-cni

OCPBUGS-42047: Update owners #311
OCPBUGS-37815, OCPBUGS-37817: [release-4.14] align api calls timeout and skip pods marked for deletion #309
OCPBUGS-36722: Return previous IP allocation for add cmd #296
OCPBUGS-35263: Use IP to identify orphaned allocation to be deleted #289
OCPBUGS-27858: Enable reconciler configuration 4.14 #240
OCPBUGS-26553: Cherry pick fix assignment 4.14 #230
OCPBUGS-21518: update golang.org/x/net to v0.17.0 #207
Full changelog

must-gather

OCPBUGS-43058: [Backport 4.14] Multus is now a Pod and will be captured by normal #451
Full changelog

network-metrics-daemon

Correct 4.16 owners file (#100) #100
Added METRIC_TEST_IMAGE var (#88) #88
Update the k8s dependencies to 1.27.7 (#82) #82
Full changelog

network-tools

OCPBUGS-31862: replace wireshark with wireshark-cli #122
OCPBUGS-22172: Move commands to the function to avoid them being executed on -h. #94
Full changelog

nutanix-machine-controllers

OCPBUGS-29549: IPI install fails on Nutanix when using DHCP #70
Full changelog

oauth-apiserver

OCPBUGS-31982: bump x/net to 0.24.0 #110
OCPBUGS-21100: bump k8s.io (release-4.14) #100
OCPBUGS-27116: UPSTREAM: <carry>: retry etcd Unavailable errors #97
Full changelog

oauth-proxy

OCPBUGS-20980: go.mod: bump golang.org/x/net to v0.17.0 #267
Full changelog

oauth-server

OCPBUGS-21393: go.mod: bump golang.org/x/net to v0.17.0 #138
Full changelog

oc-mirror

Bump version to include v5.11.0 of go-git (#822) #822
Fix to ensure operator not found error exits with correct status (#797) #797
OCPBUGS-28871: Capability to override default channel (#749) (#790) #749
OCPBUGS-19429: Fix cross EUS channel upgrade path calculation (#769) #769
OCPBUGS-23327: Fix MirrorToDisk of oci catalogs in hidden folders (#766) #766
skipping prune failure if manifest not found (#735) #735
OCPBUGS-21472: fix: CVE-2023-39325 (#711) #711
Full changelog

olm-catalogd

OCPBUGS-27585, OCPBUGS-27670: [release-4.14] bump github.com/go-git/go-git/v5 to v5.11.0 #40
Full changelog

olm-operator-controller

OCPBUGS-27590, OCPBUGS-27675: [release-4.14] bump github.com/go-git/go-git/v5 to v5.11.0 #69
OCPBUGS-22616: [release-4.14] Bump go.opentelemetry.io dependencies #58
Full changelog

olm-rukpak

: OCPBUGS-27680,OCPBUGS-27595: UPSTREAM: <carry>: Update go-git to v5.11.0 #73
OCPBUGS-23358: [release-4.14] Address http2 vulnerability #53
Full changelog

openshift-apiserver

OCPBUGS-32445: bump(x/net) to v0.23.0 #429
OCPBUGS-31509: vendor upgrade runtime-utils #426
OCPBUGS-27104: UPSTREAM: <carry>: retry etcd Unavailable errors #412
: OCPBUGS-21464: Enable HTTP/2 CVE mitigation #397
OCPBUGS-20150: pkg/image: avoid unnecessary service lookups when registry is removed #393
Full changelog

openshift-controller-manager

NO-JIRA: cleanup root and app OWNERS #349
OCPBUGS-32869: replaces deprecated square/go-jose wtih go-jose/go-jose #342
OCPBUGS-41951: Add adambkaplan as approver #334
[release 4.14] OCPBUGS-33288: Update opentelemetry dependency #295
OCPBUGS-28950: Replace ‘coreydaley’ with ‘sayan-biswas’ in OWNERS file #286
Full changelog

openstack-cinder-csi-driver-operator

OCPBUGS-35337: Correct out-of-bounds check #173
OCPBUGS-34792: Make Cinder CSI Driver Topology feature configurable #162
OCPBUGS-25657: Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #153
OCPBUGS-26460, OCPBUGS-26461: [release-4.14] CVE-2023-45142,CVE-2023-47108: bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to v0.46.1 #156
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #142
OCPBUGS-21573: CVE-2023-44487: bump golang.org/x/net to v0.17.0 #135
Full changelog

openstack-machine-api-provider

OCPBUGS-32428: Ensure portSecurity is correctly set in the Instance Ports #109
OCPBUGS-23202: Don’t build InstanceSpec during delete operations #95
Full changelog

operator-lifecycle-manager, operator-registry

OCPBUGS-42828: add optional schema migrations; default to olm.bundle.object instead of olm.csv.metadata #878
OCPBUGS-41872: Fix e2e flake: upgrade CRD with deprecated version #865
OCPBUGS-42150: (fix) registry pods do not come up again after node failure (#3366) #872
OCPBUGS-42017: adds paginating lister for evaluating CRs’ upgrade fitness versus new CRDs. #869
OCPBUGS-38544: (fix) Resolver: list CatSrc using client, instead of referring to registry-server cache (#3349) #842
OCPBUGS-36949: [CARRY] perform operator apiService certificate validity checks directly #821
OCPBUGS-37016: Bump github.com/containers/image/v5 #824
OCPBUGS-36452: Can’t install operator on 4.15 after uninstalling it on a prior version #811
OCPBUGS-31969, OCPBUGS-31970: UPSTREAM: <carry>: update golang.org/x/net for CVE-2023-45288 #787
OCPBUGS-35230: Unblock CI #771
OCPBUGS-33356: UPSTREAM: <carry>: bump go-jose #743
OCPBUGS-30775: [4.14] bump grpc to 1.60.1, reconnect idle connections (#3147) #715
OCPBUGS-29192: [release-4.14]: Clear (existing) error cond from Subscription, once error resolved #686
OCPBUGS-29194: Retry failing unpack jobs #689
NO-ISSUE: [release-4.14] Backport e2e fixes to 4.14 #674
OCPBUGS-27314: Don’t sync namespaces that have no subscriptions #675
OCPBUGS-27565, OCPBUGS-27570, OCPBUGS-27650, OCPBUGS-27655: bump go-git/v5 to 5.11.0 #677
OCPBUGS-27485: [CARRY] SSC RBAC #665
OCPBUGS-22538: bump otelhttp to 44.0 for api #647
OCPBUGS-22538: otelhttp bump [release-4.14] #632
OCPBUGS-20829: [releaser-4.14] Fix apiserver vulnerability #608
OCPBUGS-23212: Do not derive installplan.spec.clusterServiceNames from bundle IDs #607
OCPBUGS-18904: [release-4.14] Improve Leader Election Hand Off #605
OCPBUGS-23508: [release-4.14] Use generated namespaces in e2e tests #614
OCPBUGS-20400: Add OLMConfig API to control package server sync interval [release-4.14] #582
OCPBUGS-19789: Backport OCPBUGS-14698: Rename ClusterRoles created by OperatorGroups [release-4.14] #566
Full changelog

operator-marketplace

OCPBUGS-32067: update golang.org/x/net for CVE-2023-45288 #565
Full changelog

ovn-kubernetes, ovn-kubernetes-microshift

OCPBUGS-44379: Revert “Pin libreswan to the known working version 4.5” #2344
OCPBUGS-42952: pin libreswan to the known working version 4.5 #2323
OCPBUGS-42986: Add subnet overlap check for transit switch subnet #2317
OCPBUGS-38263: [release-4.14] Bump OVSDBTimeout and make it configurable #2275
OCPBUGS-38073: Fix registering northd metrics on appropriate nodes #2249
OCPBUGS-37197: [release-4.14] ovspinning: Set affinity of each thread #2236
OCPBUGS-36253: EgressIP: Reload certificates for the grpc heatlhcheck server #2213
OCPBUGS-36554: Handle IP fragments in SGW mode #2219
OCPBUGS-36703: Bump ovn to 23.09.4-16 #2222
OCPBUGS-35009: ipv6+all protocols conntrack flush #2199
OCPBUGS-34570: Fix EIP GARP config overwritten by gateway update #2188
OCPBUGS-33721: use a forked version of j-keck/arping that fixes a threading issue #2170
OCPBUGS-34076: Reuse node-subnet from cache if exists #2177
OCPBUGS-34405: [release-4.14] dns: fix deadlock in case of error #2183
OCPBUGS-33469: drop-forwarding: Add ClusterSubnets to allowed forwarding CIDRs #2160
OCPBUGS-33537: Improves service iptables efficiency on start up #2164
OCPBUGS-32104: Periodically check the ovnkube-node certificate is not expired #2117
OCPBUGS-32319: [release-4.14] Full implementation of KEP-1669 ProxyTerminatingEndpoints + ETP=local fix #2128
[Release 4.14] OCPBUGS-32987: Bump OVS #2148
OCPBUGS-32247: [release-4.14] OVN bump to 23.09.0-139 #2123
OCPBUGS-29397: 4.14 High CPU usage with APB CRD #2118
OCPBUGS-32353: Custom v4 and v6 transit switch subnets while creating kind cluster #2122
OCPBUGS-31853, OCPBUGS-31854: EIP multi NIC IPv6 support and default route with next hop #2114
OCPBUGS-31648: Set mac binding age threshold in gateway routers #2115
OCPBUGS-29342: AdminPolicyBasedExternalRoute CRD failing to watch and reconcile routes for later pods #2076
OCPBUGS-29606: Update HostNetworkNamespace address_set for remote zone nodes #2091
OCPBUGS-28726: Update netpol namespace address sets usage to the old ways #2068
OCPBUGS-28819: Support Permanent Session Affinity #2046
OCPBUGS-29231: [release-4.14] Separate timeout for handler sync from informer sync & do not resync services during node tracker startup #2061
OCPBUGS-29186: Wait for ovnkube controller to start before checking result error. #2067
OCPBUGS-29207: Ignore hybrid-overlay nodes from EgressIP controller #2062
OCPBUGS-25999: Prevent multiple encap-ips per single chassis #2037
OCPBUGS-28789: Fix LGW ETP=Local on IPv6 #2042
OCPBUGS-27925: dont quit if node does not have subnet annotation #2026
OCPBUGS-27256: Ensure session affinity cleanup on backend removal #2021
OCPBUGS-23395: Egressfirewall use port groups #1956
OCPBUGS-27243: CARRY: Updates owners and adds Surya #2019
OCPBUGS-25081: Update ACL syncer: make default deny acls filter more strict, #1981
OCPBUGS-26568: Synchronize node primary address update #2012
OCPBUGS-24326: APB External Route: Add IPv4 and IPv6 validation in CRD schema for static hop IP field #1967
OCPBUGS-25903: Fix Egress IP Deletion Handler to Prevent OVN Policy Leaks #2003
OCPBUGS-25746, OCPBUGS-25747: Dockerfile: Bump OVN to ovn-23.09.0-91.el9fdp #1996
OCPBUGS-24320: APB status not updated when fails to process during the first reconciliations #1968
OCPBUGS-23257: Update leaderelection config to allow retries #1955
OCPBUGS-23387: Ignore completed virt-launcher pods #1954
OCPBUGS-25087: Fragment oversized reply packets in LGW mode #1982
OCPBUGS-22735: OVNK/GW: Ignore headless services in syncServices #1970
OCPBUGS-24350: [release-4.14] fixes MTU configuration on gateway router #1969
OCPBUGS-24209: Significantly reduce shared informer memory usage #1964
Full changelog

powervs-block-csi-driver

OCPBUGS-36095: Fix CVE-2024-6104 by updating http-retryable to 0.7.7 #90
OCPBUGS-33637: Fix CVE2023-45288 by bumping x/net to v0.24.0 - 4.14 #81
OCPBUGS-25980: Rebase with upstream: Fix snyk code issue: Path Traversal #72
OCPBUGS-24713: synk: ignore vendor dir #60
Full changelog

powervs-block-csi-driver-operator

OCPBUGS-25657: Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #58
OCPBUGS-25715: snyk: ignore vendor dir #60
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #48
Full changelog

powervs-cloud-controller-manager

OCPBUGS-36105: UPSTREAM: <carry>: Fix go-retryablehttp CVE 4.14 #75
OCPBUGS-24727: UPSTREAM: <carry>: snyk code scan exclude vendor directory #54
Full changelog

powervs-machine-controllers

OCPBUGS-41978: Update go.mod to fix CVE - 4.14 #86
OCPBUGS-24730: snyk code scan exclude vendor directory #65
Full changelog

prometheus

OCPBUGS-22531: bump otel dependencies #183
Full changelog

prometheus-config-reloader, prometheus-operator, prometheus-operator-admission-webhook

OCPBUGS-30015: fix: convert continue field between v1beta1 and v1alpha1 #279
OCPBUGS-20881: fix: disable HTTP2 connections by default #253
Full changelog

route-controller-manager

OCPBUGS-21576: bump(k8s,openshift) to address CVE-2023-44487 [4.14] #34
Full changelog

service-ca-operator

OCPBUGS-21066: go.mod: bump golang.org/x/net to v0.17.0 #224
Full changelog

telemeter

OCPBUGS-34830: fix issuer check during JWT authentication 4.14 #539
OCPBUGS-32888: update gopkg.in/square/go-jose.v2 to fix CVE-2024-28180 #535
OCPBUGS-22647: go.mod: bump go.opentelemetry.io/contrib/instrumentation/net/http/ote… #494
Full changelog

tests

OCPBUGS-44107: Adjust createDNSPod() to support hypershift dual-stack test #29256
OCPBUGS-39137: Bump timeout for the pod-network-service endpoints check #29062
OCPBUGS-38365: add Proxy config #28998
OCPBUGS-36800: Removes dependency on samples operator images #28952
#28775 FIX [release-4.14] OCPBUGS-33367: monitor test fix to wait before connecting to a non-existent dns on PowerVS and IBMCloud platforms #28792
#28745 FIX [release-4.14] OCPBUGS-33022: update egressFWTestE2E image which contains ping binary #28899
OCPBUGS-36464: test/extended: skip etcd leader change check on hypershift #28921
OCPBUGS-35475: Use centos7 tag instead of latest for cmd images tests #28881
OCPBUGS-33417: Provide SCC access via RBAC #28806
OCPBUGS-33563: Adjust the method of get the apiServer (release-4.14) #28763
OCPBUGS-29970: Do not assume there is just a single kubelet systemd service #28620
OCPNODE-2101: add kube-rbac-proxy-crio toleration change #28647
OCPBUGS-29928: Only extract node role from properly formatted node-role label #28616
OCPBUGS-29182: updated timeout to 3 seconds to account for network timing issues #28578
OCPBUGS-29034: Replace ‘coreydaley’ with ‘sayan-biswas’ #28574
OCPBUGS-26044: Adding test case for when exceed openshift.io/image-tags will ban to … #28493
OCPBUGS-21774: backport #28316 to 4.14 release #28335
Revert “[release-4.14] OCPBUGS-22720: Use Centos 8 Stream mysql image in tests” #28368
OCPBUGS-23042: tolerate AWS edge nodes on monitor tests #28387
OCPBUGS-23145: Bump watch requests for cluster-baremetal-operator #28385
trt-1340: backport exact and disable monitor tests options to 4.14 #28391
OCPBUGS-19923: Updating parameters for build timing PushImage test #28291
OCPBUGS-22411: fix: increase upper bounds for samples operator #28356
OCPBUGS-22720: Use Centos 8 Stream mysql image in tests #28365
OCPBUGS-22389: Remove all docker.io images due to access denied #28355
Full changelog

thanos

OCPBUGS-22636: Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.42.0 to 0.44.0 #130
Full changelog

vsphere-cloud-controller-manager

OCPBUGS-23889: Bump otelgrpc to v0.49.0 #70
OCPBUGS-21520: Bump golang.org/x/net to v0.18.0 #54
Full changelog

vsphere-cluster-api-controllers

OCPBUGS-35136: Bump x/crypto to v0.24.0 #46
OCPBUGS-17312, OCPBUGS-21558: [release-4.14] bump golang.org/x/net to v0.17.0 #20
Full changelog

vsphere-csi-driver, vsphere-csi-driver-syncer

OCPBUGS-35138: CVE-2023-48795: bump golang.org/x/crypto to v0.17.0 #123
OCPBUGS-33798: FailedPrecondition volume does not appear staged #119
Full changelog

vsphere-csi-driver-operator

OCPBUGS-25657: Add annotation to CSI driver Pod preventing eviction from the cluster-autoscaler #203
OCPBUGS-24224: Explicitly degrade the cluster when conditions are not met #194
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #186
OCPBUGS-23169: Fix vsphere csi controller pods from getting constantly restarted #193
OCPBUGS-22430: disable http/2 server support in webhook #182
Full changelog

vsphere-problem-detector

OCPBUGS-38347: Drop event when CheckDefaultDatastore fails #171
OCPBUGS-35913: Fix missing failure-domains #162
OCPBUGS-24401: Use failure-domains and other changes from master #142
OCPBUGS-21812: Warn usernames without domain name #134
OCPBUGS-23078: CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 #138
Full changelog

View changelog in Markdown or change previous release:

Source code for this page located on github