Back to index
Download the installer for your operating system or run
oc adm release extract --tools quay.io/openshift-release-dev/ocp-release:4.15.40-x86_64 Team Approvals:
Tests:
Blocking jobs Informing jobs Upgrades from:
Untested upgrades:
4.14.20 ,
4.14.22 ,
4.14.23 ,
4.14.24 ,
4.14.26 ,
4.14.27 ,
4.14.28 ,
4.14.29 ,
4.14.30 ,
4.14.31 ,
4.14.32 ,
4.14.33 ,
4.14.34 ,
4.14.35 ,
4.14.36 ,
4.14.37 ,
4.14.38 ,
4.14.39 ,
4.15.10 ,
4.15.11 ,
4.15.12 ,
4.15.13 ,
4.15.14 ,
4.15.15 ,
4.15.16 ,
4.15.17 ,
4.15.18 ,
4.15.19 ,
4.15.20 ,
4.15.21 ,
4.15.22 ,
4.15.23 ,
4.15.24 ,
4.15.27 ,
4.15.28 ,
4.15.29 ,
4.15.30 ,
4.15.31 ,
4.15.32 ,
4.15.33 ,
4.15.34 ,
4.15.36 ,
4.15.5 ,
4.15.6 ,
4.15.7 ,
4.15.8 ,
4.15.9 Upgrades to:
Loading changelog, this may take a while ...
Changes from 4.15.2
Created: 2024-12-05 15:26:16 +0000 UTC
Image Digest: sha256:54653150ed6f220aa15648f999275802de10eab187528db4590d0cfc498dae9c
Components
Rebuilt images without code change
OCPBUGS-22539 : Bump otelhttp from 0.35.1 to 0.44.0 using replace approach (#6858) #6858
OCPBUGS-43022 : Update go-jose to v2.6.3 to mitigate CVE-2024-28180 (#6894) #6894
OCPBUGS-42571 : Libraries bump to mitigate CVE-2024-27289 (#6834) #6834
OCPBUGS-36577 : Switch to github.com/docker/distribution/reference to Mitigate CVE-2024-3727 (#6753) #6753
OCPBUGS-34641 : Invalid Pull-Secret when using password which contains a colon character (#6381) #6381
OCPBUGS-31631 : Deploy dual stack with IPv6 on top of bond/vlan fails (#6245) #6245
MGMT-17593 : Bump x/net to at least v0.24.0 to mitigate CVE-2023-45288 (#6217) #6217
17549: Bump runc version to 1.1.12 to Mitigate CVE-2024-21626 (#6211) #6211
Revert “MGMT-17549: Bump runc version to 1.1.12 to Mitigate CVE-2024-21626 (#6194)” (#6208) #6194
MGMT-17549 : Bump runc version to 1.1.12 to Mitigate CVE-2024-21626 (#6194) #6194
MGMT-17541 : Replace broken golangci reference (#6191) #6191
OCPBUGS-30232 : Handle skipping hostPrefix validation for IPv6 For non-OVN/SDN networkTypes, the hostPrefix validation is not required and it is skipped. This fixes a regression introduced in the fix for https://issues.redhat.com/browse/OCPBUGS-23069 in which IPv6 CIDRs were not using the correct default hostPrefix. In addition, all cases where the validation is used are now covered. (#6137) #6137
NO-ISSUE: replace postgres images as current one disappeared from quay (#6135) #6135
Full changelog
[[release-4.15] OCPBUGS-41800: set required-scc for openshift workloads #57
Full changelog
[[release-4.15] OCPBUGS-41800: set required-scc for openshift workloads #326
OCPBUGS-24632 : Prevent rollout due to irrelevant path artifacts #317
CFE-1087 : API Bump for capacity Reservation #318
OCPBUGS-34971 : Add unreadyNodeGracePeriod for allowing brief node hiccups #299
OCPBUGS-35496 : Wait for ControlPlaneMachineSet to be created when waiting for it to be updated #308
OCPBUGS-35255 : Improved debugging of API listing errors #301
[Release 4.15] OCPBUGS-32414: Fix ExportFailureDomain to handle empty platform spec #290
[Release 4.15] OCPBUGS-32357: Modified webhook to allow templates by name instead of just by path. #289
Full changelog
OCPBUGS-44275 : Drop sched_migration_cost_ns setting (#1207) #1207
OCPBUGS-44283 : right-hand-side profile_dirs take precedence (#1208) #1208
OCPBUGS-42284 : Add cluster-wide proxy env file (#1171) #1171
TuneD prior to kubelet in one-shot mode (#1125) #1125
set required-scc for openshift workloads (#1117) #1117
OCPBUGS-36870 : Remove tuned/rendered object (#1110) #1110
OCPBUGS-36355 : Backport fix for OCPBUGS-30647 (#1095) #1095
OCPBUGS-33929 : Negative net interface name does not reduce queues (#1066) #1066
Add a ‘.snyk’ to silence static code analysis warnings (#1001) #1001
fix extra-reboot on upgrade with paused mcp worker (#1049) #1049
fix rendering extra ctrcfgs (#975) #975
OCPBUGS-31694 : E2E: Workload hints test cases fixes (#1012) (#1043) #1012
Reduce number of reboots in offline tests (#1014) #1014
Systemd processes not being moved to cpuset/systemd.slice fix (#1016) #1016
Scheduler plugin: ignore IRQs (#983) #983
e2e: when crun is enabled by default skip checking runc config (#1013) #1013
OCPBUGS-30507 : Add performance real time tuned template (#984) #984
Report duplicate priority only for multiple matching profiles (#965) #965
hack: fix backport of render-sync.sh (#996) #996
Full changelog
OCPBUGS-43931 : Return the right tagReference on Catalogs ImageStream #5187
NO-JIRA: Update squidfunk/mkdocs-material Docker tag to v9.5.47 (release-4.15) #5210
NO-JIRA: chore(deps): update konflux references (release-4.15) #5208
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.46 (release-4.15) #5190
NO-JIRA: chore(deps): update konflux references to 7779f9e (release-4.15) #5182
OCPBUGS-44278 : Configure OAuth https proxy to dial cloud endpoints directly #5068
NO-JIRA: chore(deps): update konflux references (release-4.15) #5159
chore(deps): update konflux references (release-4.15) #5136
NO-JIRA: chore(deps): update registry.access.redhat.com/ubi9-minimal docker tag to v9.5-1731604394 (release-4.15) #5129
chore(deps): update konflux references (release-4.15) #5118
NO-JIRA: chore(deps): update registry.access.redhat.com/ubi9-minimal docker tag to v9.5-1731518200 (release-4.15) #5106
chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v9 (release-4.15) #5110
NO-JIRA: Update Konflux references (release-4.15) #5109
NO-JIRA: chore(deps): update konflux references to 11b7f08 (release-4.15) #5101
chore(deps): update konflux references (release-4.15) #5077
NO-JIRA: chore(deps): update konflux references (release-4.15) #5054
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.44 (release-4.15) #5060
OCPBUGS-44201 : add ValidIDPConfiguration condition to report IDP config issues #5037
NO-JIRA: Update Konflux references to fedcfe0 (release-4.15) #5040
chore(deps): update konflux references (release-4.15) #5025
chore(deps): update konflux references to f53fe54 (release-4.15) #5022
NO-JIRA: Update squidfunk/mkdocs-material Docker tag to v9.5.43 (release-4.15) #5016
NO-JIRA: Update Konflux references (release-4.15) #5010
NO-JIRA: chore(deps): update konflux references (release-4.15) #4974
OCPBUGS-43635 : label routes only when HCP router used #4961
NO-JIRA: chore(deps): update konflux references (release-4.15) #4957
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.42 (release-4.15) #4949
OCPBUGS-43468 : Use guest DNS resolution in Konnectivity HTTPS proxy by default #4929
NO-JIRA: chore(deps): update konflux references (release-4.15) #4932
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.41 (release-4.15) #4916
NO-JIRA: chore(deps): update konflux references (release-4.15) #4922
NO-JIRA: chore(deps): update konflux references to 674e70f (release-4.15) #4909
OCPBUGS-42881 : Let payload generation pick the release for the NodePool #4867
OCPBUGS-42992 : Conditionally manage kubeconfig secrets for DNS and Ingress operators #4876
NO-JIRA: chore(deps): update konflux references (release-4.15) #4897
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.40 (release-4.15) #4881
NO-JIRA: chore(deps): update konflux references to 37b9187 (release-4.15) #4850
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.39 (release-4.15) #4807
NO-JIRA: chore(deps): update konflux references (release-4.15) #4815
NO-JIRA: chore(deps): update squidfunk/mkdocs-material docker tag to v9.5.37 (release-4.15) #4793
NO-JIRA: chore(deps): update konflux references (release-4.15) #4777
chore(deps): update registry.access.redhat.com/ubi9-minimal docker tag to v9.4-1227.1726694542 (release-4.15) #4766
NO-JIRA: Update squidfunk/mkdocs-material Docker tag to v9 (release-4.15) #4770
chore(deps): update squidfunk/mkdocs-material docker tag to v8.5.11 (release-4.15) #4769
chore(deps): update registry.access.redhat.com/ubi9/go-toolset docker tag to v1.21 (release-4.15) #4767
NO-JIRA: chore(deps): update konflux references (release-4.15) #4762
OCPBUGS-41373 : CPO oauth idp converter: resolve names before dialing #4746
NO-JIRA: Security fixes for openshift-ci-security job #4751
OCPBUGS-42214 : Make guest cluster components use the correct KAS port #4749
OCPBUGS-38059 : Add HTTP konnectivity proxy to OAuth server #4497
HOSTEDCP-1956 : bump CCO and go-jose version #4697
NO-JIRA: chore(deps): update konflux references (release-4.15) #4719
OCPBUGS-41701 : cmd: report server version, supported OCP #4702
OCPBUGS-38065 : [release-4.15] Use HTTP proxy for ingress controller #4699
OCPBUGS-41809 : copy image-registry AdditionalTrustedCA configmap into HC openshift-config #4706
HOSTEDCP-1896 : [release-4.15] Allow setting Kube APIServer maximum requests in flight #4552
OCPBUGS-39463 : handle version skewed NodePools that do not have rhel9 binaries #4666
OCPBUGS-39077 : Set KCM node monitor grace period #4628
OCPBUGS-30465 : fix: bump google.golang.org/protobuf #4616
OCPBUGS-39171 : fix: bump github.com/IBM/go-sdk-core/v5 #4625
OCPBUGS-35815 : Add hypershift-cluster-version-operator image to release providers #4243
NO-JIRA: test: relax mgmt KAS egress check #4631
NO-JIRA: Tolerate restarts for kubevirt external infra #4200
NO-JIRA: Flaky cert validation test #4630
OCPBUGS-38943 : copy oapi ca-trust recursively when building trust anchor #4613
OCPBUGS-39041 : set proxy envvars on aws and azure CCMs #4624
OCPBUGS-38613 : hcco: reconcile apiserver config into hosted cluster #4567
OCPBUGS-38561 : Let the CPO oidc check resolve through data plane #4564
OCPBUGS-34904 : remove weak ciphers from security profile #4547
OCPBUGS-37171 : OCPBUGS-35899: Doubled machineHealthCheck timeout on Agent and None #4489
NO-JIRA: Update Konflux 4.15 and perform migration #4487
NO-JIRA: [release-4.15] Kubevirt on Azure: Change KAS LB Port to 7443 #4469
OCPBUGS-36938 : [release-4.15]: Add HTTP(s) konnectivity proxy and use it with OpenShift APIServer #4358
OCPBUGS-37174 : Delete IDMS in dataplane once HCP ICS field is removed #4457
NO-JIRA: [release-4.15] kubevirt-csi-driver: Pass infra kubeconfig in case of external infra #4279
HOSTEDCP-1795 , HOSTEDCP-1796 : Customize the self-generated cert validity and rotation #4444
OCPBUGS-36916 : Add newline after TLS certs referenced by image.config #4443
OCPBUGS-37695 : Set right endpointSlice port #4441
NO-JIRA: Red Hat Konflux update hypershift-release-mce-25 #4433
NO-JIRA: [release-4.15] test/e2e: remove api budget checks #4413
OCPBUGS-37266 : extract rhel9 MCO binaries for rhel8 based MCO images #4385
OCPBUGS-36606 : enable audit log for oauth-openshift #4320
HOSTEDCP-1714 : Kubernetes API Server Log Verbosity Annotation cherry pick to 4.15 #4178
OCPBUGS-35736 : Complete KAS migration to none endpoint reconciler type #4228
OCPBUGS-35935 : check mgmt cluster for route capability before DeleteIfNeeded for ovn sbdb route #4265
NO-JIRA: chore(deps): update konflux references (release-4.15) #4259
OCPBUGS-35714 : Generate default worker security group rules based on machineCIDR #4266
NO-JIRA: chore(deps): update konflux references (release-4.15) #4252
OCPBUGS-32404 : Fix failure to create a second hostedcluster in the same namespace #3907
NO-JIRA: chore(deps): update konflux references to ff44cf3 (release-4.15) #4246
NO-JIRA: feat(olm): Set packageserver replicas to 2 for IBMCloudPlatform #4231
chore(deps): update konflux references to 2be7c9c (release-4.15) #4224
OCPBUGS-34580 : Add TrustedBundles to OAS container #4211
NO-JIRA: hack: make the e2e script generic #4199
OCPBUGS-33627 : Restrict image registry overrides to control plane components #4131
OCPBUGS-34156 : fix router on 4.14 y-stream upgrade #4077
OCPBUGS-35002 : [release-4.15] HOSTEDCP-1122: Backport etcd defrag controller #4162
NO-JIRA: Update Konflux references to 1025001 (release-4.15) #4180
NO-JIRA: chore(deps): update konflux references (release-4.15) #4167
OCPBUGS-34997 : add AWS STS URL to OIDC provider audiences #4157
OCPBUGS-35074 : Fix disconnected metadata inspection for nodepool #4175
HOSTEDCP-1708 : remove liveness and readiness probes that use the metrics #4128
OCPBUGS-34423 : Fixed audit-logs sigterm failing to terminate gracefully #4089
OCPBUGS-33526 : Disable DNS resolving for CNO #4148
OCPBUGS-34904 : remove weak cipher #4156
OCPBUGS-34510 : Reconcile KAS endpoints and endpoint slice #4097
NO-JIRA: test/e2e: fix prometheus serviceaccount handling against 4.16+ #4151
NO-JIRA: chore(deps): update rhtap references (release-4.15) #4120
NO-JIRA: chore(deps): update rhtap references (release-4.15) #4072
OCPBUGS-33510 : Run haproxy to connect to kas from data plane if noproxy settings contain kas #4014
NO-JIRA: chore(deps): update rhtap references to 7cd8020 (release-4.15) #4064
NO-JIRA: Remove CLI inspection of release image #4056
HOSTEDCP-1518 : Preserve container resource requests and limits #4032
NO-JIRA: Update RHTAP references (release-4.15) #4041
OCPBUGS-33118 : Recycler-pod image now points to the OCP Payload reference #3963
OCPBUGS-32220 : Fix disconnected metadata inspection #3881
NO-JIRA: Update RHTAP references to 1f62eaf (release-4.15) #4030
OCPBUGS-33117 : Reconcile over ICSP/IDMS #3962
NO-JIRA: Update RHTAP references to 2d39df1 (release-4.15) #4022
HOSTEDCP-1480 : Update TLS cert hash creation with sha512 #4017
HOSTEDCP-1513 : Support hypershift-operator scoping for hostedclusters #3998
Revert “[release-4.15] OCPBUGS-32013: Set OPERATOR_IMAGE environment variable” #3939
OCPBUGS-33207 : Remove kube-scheduler readiness probe #3955
NO-JIRA: chore(deps): update rhtap references to c6fdbf4 (release-4.15) #3989
OCPBUGS-25858 : Improve description for agent APIServerAddress CLI flag #3977
OCPBUGS-33224 : disable OCM pull secret controller when imageregistry config managementstate is Removed #3976
NO-JIRA: chore(deps): update rhtap references (release-4.15) #3982
OCPBUGS-31747 : update desired image even when HCP doesn’t exist yet #3839
NO-JIRA: chore(deps): update rhtap references to e9efe99 (release-4.15) #3974
OCPBUGS-32229 : disable autoscaler when no nodepool require it #3884
NO-JIRA: chore(deps): update rhtap references (release-4.15) #3967
HOSTEDCP-1552 : Update RHTAP tekton files for 0.3 -> 0.4 migration #3957
OCPBUGS-31826 : use dnsPolicy: Default for konnectivity-agent in data plane #3845
NO-JIRA: Update RHTAP references (release-4.15) #3935
OCPBUGS-32715 : Fix OLM intilization args #3923
HOSTEDCP-1519 : [release-4.15] feat(api): Add ingress-controller-load-balancer-scope annotation #3908
NO-JIRA: chore(deps): update rhtap references (release-4.15) #3921
OCPBUGS-32164 : Fix ICSP and IDMS inclusion as registriesOverrides #3870
NO-JIRA: chore(deps): update rhtap references (release-4.15) #3904
OCPBUGS-30280 : Switch to use service endpoint for Konnectivity #3692
OCPBUGS-32191 : Kas disable audit cherry pick release 4.15 #3875
OCPBUGS-32114 : Add new permission required in CAPA #3861
NO-JIRA: Update RHTAP references (release-4.15) #3887
NO-JIRA: [release-4.15] [e2e test framework] Add a flag to add an annotation to HostedCluster #3893
HOSTEDCP-1524 : [release-4.15] Support additional node selectors for request serving nodes #3883
NO-JIRA: chore(deps): update rhtap references (release-4.15) #3873
NO-JIRA: chore(deps): update rhtap references (release-4.15) #3868
OCPBUGS-32013 : Set OPERATOR_IMAGE environment variable #3853
NO-JIRA: chore(deps): update rhtap references (release-4.15) #3857
NO-JIRA: Update RHTAP references (release-4.15) #3835
OCPBUGS-31766 : include hostnetwork SCC CPO role for 4.13 and earlier #3840
HOSTEDCP-1438 : [release-4.15] Preserve container resources for more hosted control plane components #3828
OCPBUGS-31324 : Add missing PodSecurityViolation alert #3798
NO-JIRA: Increase stability in autoscaled environments #3777
OCPBUGS-31471 : Reduce log file size for hypershift apiservers #3816
OCPBUGS-31604 : disable http2 for ignition server and proxy #3825
OCPBUGS-31426 : copy issuerCertificateAuthority configmap into HC openshift-config #3808
OCPBUGS-31265 : inject built-in MCP selector for KubeletConfigs and ContainerRuntimeConfigs #3802
NO-JIRA: Update RHTAP references (release-4.15) #3812
NO-JIRA: Remove unused ref to hostnetwork in cpo role #3796
OCPBUGS-31064 : ibmcloud KMS: remove breaking image check and enable KMS v2 support #3774
OCPBUGS-31377 : Manually cherry pick #3782 to 4.15 #3803
OCPBUGS-31326 : fix(ignition): Fix priority class override #3800
OCPBUGS-30804 : honor HC image configuration #3730
”[release-4.15] OCPBUGS-30164: Ensure cloud resources are destroyed for all platforms when –destroy-cloud-resources is used” #3677
OCPBUGS-31116 : external OIDC: fix certificateAuthority field in structured auth config #3783
OCPBUGS-30862 : Manual cherry pick 3685&3727 to release 4.15 #3740
NO-JIRA: chore(deps): update rhtap references (release-4.15) #3791
NO-JIRA: Update RHTAP references (release-4.15) #3785
OCPBUGS-29881 : feat(ho): Add flag for dedicated request serving isolation #3633
OCPBUGS-30742 : [4.15] HCP deletion can get stuck if CPO is unable to delete the default worker security group #3726
OCPBUGS-30650 : Set KAS config pod security Enforce to privileged #3719
NO-JIRA: Bump CPO API budget to 4000 in EnsureApiBudget #3741
OCPBUGS-30651 : Remove EnsurePSANotPrivileged #3744
NO-JIRA: Update RHTAP references (release-4.15) #3754
HOSTEDCP-1488 : Use regionalized STS endpoints in AWS #3747
NO-JIRA: Update RHTAP references (release-4.15) #3738
OCPBUGS-30581 : [release-4.15] OCPBUGS-30220: Align PSA labels on guest cluster namespaces with standalone OCP #3684
OCPBUGS-30572 : [release-4.15] Update OLM Default Catalog Sources to 4.15 #3696
NO-JIRA: chore(deps): update rhtap references (release-4.15) #3705
OCPBUGS-30189 : set Konnectivity cipher suites #3673
Full changelog
gather selected clusterroles (#1024) #1024
OCPBUGS-39565 : Not able to enable repositories during entitled build in OCP Cluster on IBM-Z (#1015) #1015
OCPBUGS-39395 : collect some nmstate customresources (#986) (#989) (#995) (#1002) #986
Add haproxy metric (#983) #983
OCPBUGS-37672 : Ingress controller related certificates’ validate dates gathering (#972) #972
fix the configmapobserver notifications (#971) #971
manifests: set required-scc for openshift workloads (#967) #967
OCPBUGS-35882 : properly encode the URL for the advisor links (#958) #958
OCPBUGS-35865 : Collect aggregated Prometheus Alertmanager instances (#950) #950
OCPBUGS-32702 : anonymization - externalIP can be nil (#931) #931
OCPBUGS-31946 : bump golang.org/x/net version (#925) #925
Full changelog
[[release-4.15] OCPBUGS-41800: set required-scc for openshift workloads #81
Full changelog
Source code for this page located on github