Headline

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header
CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers
CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter
CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
CVE-2022-32190: golang: net/url: JoinPath does not strip relative path components in all circumstances
CVE-2022-41316: vault: insufficient certificate revocation list checking
CVE-2022-41715: golang: regexp/syntax: limit memory used by parsing regexps
CVE-2023-0296: openshift: etcd grpc-proxy vulnerable to The Birthday attack against 64-bit block cipher

Skip to navigation Skip to main content

Utilities

Subscriptions
Downloads
Containers
Support Cases

Infrastructure and Management

Red Hat Enterprise Linux
Red Hat Virtualization
Red Hat Identity Management
Red Hat Directory Server
Red Hat Certificate System
Red Hat Satellite
Red Hat Subscription Management
Red Hat Update Infrastructure
Red Hat Insights
Red Hat Ansible Automation Platform

Cloud Computing

Red Hat OpenShift
Red Hat CloudForms
Red Hat OpenStack Platform
Red Hat OpenShift Container Platform
Red Hat OpenShift Data Science
Red Hat OpenShift Online
Red Hat OpenShift Dedicated
Red Hat Advanced Cluster Security for Kubernetes
Red Hat Advanced Cluster Management for Kubernetes
Red Hat Quay
OpenShift Dev Spaces
Red Hat OpenShift Service on AWS

Storage

Red Hat Gluster Storage
Red Hat Hyperconverged Infrastructure
Red Hat Ceph Storage
Red Hat OpenShift Data Foundation

Runtimes

Red Hat Runtimes
Red Hat JBoss Enterprise Application Platform
Red Hat Data Grid
Red Hat JBoss Web Server
Red Hat Single Sign On
Red Hat support for Spring Boot
Red Hat build of Node.js
Red Hat build of Thorntail
Red Hat build of Eclipse Vert.x
Red Hat build of OpenJDK
Red Hat build of Quarkus

Integration and Automation

Red Hat Process Automation
Red Hat Process Automation Manager
Red Hat Decision Manager

All Products

Issued:

2023-01-17

Updated:

2023-01-17

RHSA-2022:7399 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: OpenShift Container Platform 4.12.0 bug fix and security update

Type/Severity

Security Advisory: Moderate

Topic

Red Hat OpenShift Container Platform release 4.12.0 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.0. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2022:7398

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

Security Fix(es):

golang: out-of-bounds read in golang.org/x/text/language leads to DoS

(CVE-2021-38561)

golang: net/http: improper sanitization of Transfer-Encoding header

(CVE-2022-1705)

golang: archive/tar: unbounded memory consumption when reading headers

(CVE-2022-2879)

golang: net/http/httputil: ReverseProxy should not forward unparseable

query parameters (CVE-2022-2880)

prometheus/client_golang: Denial of service using

InstrumentHandlerCounter (CVE-2022-21698)

golang: net/http/httputil: NewSingleHostReverseProxy - omit

X-Forwarded-For not working (CVE-2022-32148)

golang: net/url: JoinPath does not strip relative path components in all

circumstances (CVE-2022-32190)

vault: insufficient certificate revocation list checking (CVE-2022-41316)
golang: regexp/syntax: limit memory used by parsing regexps

(CVE-2022-41715)

openshift: etcd grpc-proxy vulnerable to The Birthday attack against 64-bit block cipher (CVE-2023-0296)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s)
listed in the References section.

Solution

See the following documentation, which will be updated shortly for this
release, for important instructions on how to upgrade your cluster and
fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

You may download the oc tool and use it to inspect release image metadata
for x86_64, s390x, ppc64le, aarch64 architectures.

The image digests may be found at
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags

The sha values for the release are:

(For x86_64 architecture)
The image digest is sha256:4c5a7e26d707780be6466ddc9591865beb2e3baa5556432d23e8d57966a2dd18

(For s390x architecture)
The image digest is sha256:ab70750be4fadf5a525141ae32a8577c91dd19f1d6e582a6824339c938216ec0

(For ppc64le architecture)
The image digest is sha256:5a5943dea60b40f73ecee685b12fff1d65cc8bfe946f762fdfe862969483ddbb

(For aarch64 architecture)
The image digest is sha256:cb34667519d1cfd8eedf0fb27e14b7b7e6209323b86977bfaadf91da012d179d

All OpenShift Container Platform 4.12 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Affected Products

Red Hat OpenShift Container Platform 4.12 for RHEL 9 x86_64
Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
Red Hat OpenShift Container Platform for Power 4.12 for RHEL 9 ppc64le
Red Hat OpenShift Container Platform for Power 4.12 for RHEL 8 ppc64le
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 9 s390x
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 8 s390x
Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 9 aarch64
Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 8 aarch64

Fixes

BZ - 1843043 - Config api resource has a terrible description
BZ - 1876933 - No useful message after hitting volume attachment limit
BZ - 1879980 - oc adm groups prune cannot find the groups present in ldap and finishes to delete all of them
BZ - 1894268 - SDN to OVN migration problem due to overlap with “Join network”
BZ - 1896533 - network operator degraded due to additionalNetwork in non-existent namespace
BZ - 1904106 - Graphs in dev console shouldn’t go below 0
BZ - 1917662 - oc exec cmd run executed file in azure file volume return 139 or exec failed: container_linux.go:366: starting container process caused: interrupted system call
BZ - 1924017 - [OCPonRHV] [Workers only] Special configuration for High Performance VMs is not implemented for worker nodes
BZ - 1944065 - [VPA] recommender is logging errors for pods with init containers
BZ - 1944365 - openstack: missing validation for apiVIP and ingressVIP
BZ - 1951835 - CVO should propagate ClusterOperator’s Degraded to ClusterVersion’s Failing during install
BZ - 1951901 - incorrect Worker nodes number calculated when nodes have both master and worker role
BZ - 1957709 - Creation of LoadBalancer service (Openstack Lbaas) take too much to be ready when creating IngressControllers with endpointPublishingStrategy=LoadBalancerService
BZ - 1962502 - The route generated from ingress is still admitted after updating the spec.ingressClassName to mismatch
BZ - 1977660 - the pod events show error codes when crio recreate the missing symlinks
BZ - 1997396 - No alerts have triggered for CPU and Memory limit with Cluster Autoscaler
BZ - 2000276 - EncryptionStateControllerDegraded: failed to get converged static pod revision
BZ - 2000552 - must-gather should collect ALL apiservices
BZ - 2000554 - must-gather should collect webhooks service namespaces
BZ - 2001027 - ClusterAutoscaler with balanceSimilarNodeGroups does not scale even across MachineSet
BZ - 2001211 - Resource usage measurement data display the concatenation of English and translation sentence fragments on utilization section when moving the mouse over each resource usage chart in Developer->Project
BZ - 2001409 - All critical alerts should have links to a runbook
BZ - 2006378 - improve check that verifies task permissions in vsphere
BZ - 2006611 - CVO resolves the version takes a long time sometimes when upgrading via `–to-image`
BZ - 2010365 - OpenShift Alerting Rules Style-Guide Compliance
BZ - 2010375 - OpenShift Alerting Rules Style-Guide Compliance
BZ - 2018481 - [osp][octavia lb] Route shard not consistently served in a LoadBalancerService type IngressController
BZ - 2021297 - Dynamic Plugins: Console isn’t honoring declared `@console/pluginAPI` dependency
BZ - 2022328 - kube-controller unpublishing volume after maxWaitForUnmountDuration leaves block devices on node in a inconsistent state
BZ - 2023443 - Console plugin SDK build passes even if there are errors in one of its dist packages
BZ - 2028474 - [OCPonRHV] Remove clustername length limitation(metadata name)
BZ - 2030406 - Dynamic plugin demo nav outputs incorrect markup that doesn’t conform to the Console navigation which uses the PatternFly Navigation component
BZ - 2033167 - oc extract ?to option doesn?t create the target directory if it?s not present
BZ - 2033499 - Populate acceptedRisks on Recommended=False updates for conditional edges
BZ - 2034883 - MCO does not sync kubeAPIServerServingCAData to controllerconfig if there are not ready nodes
BZ - 2037329 - [UI] MultiClusterHub details after it’s creation starts flickers, disappears and appears back (happened twice)
BZ - 2039411 - Monitoring operator reports unavailable=true while one Prometheus pod is ready
BZ - 2040612 - crio umask sometimes set to 0000
BZ - 2043518 - Better message in the CMO degraded/unavailable conditions when pods can’t be scheduled
BZ - 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
BZ - 2046335 - ETCD Operator goes degraded when a second internal node ip is added
BZ - 2048349 - Service CA Operator does not reconcile for spec.loglevel changes in ServiceCA CRD
BZ - 2048789 - broken toolbox in OCP 4.10 with non-default image
BZ - 2049591 - [RFE] Toolbox - make sure we are running on the latest image?
BZ - 2052662 - Opening Insights popup crashes the page
BZ - 2055247 - [Azure] Fail to create master nodes with dcasv5 /dcadsv5 -series Confidential Virtual Machine
BZ - 2055620 - ImageStreamChange triggers using annotations does not work
BZ - 2056387 - [IPI on Alibabacloud][RHEL scaleup] new RHEL worker were not added into the backend of Ingress SLB automatically
BZ - 2056888 - [Secondary Scheduler] - Version number incorrect in secondary scheduler operator bundle
BZ - 2057637 - default VolumeSnapshotClass created by the csi-driver-manila-operator does not contain secrets
BZ - 2057972 - Extra space is in the translation text(Chinese) of ‘Create rolebinding’ and ‘replicate rolebinding’
BZ - 2059125 - The oc binary for mac arm64 can?t be executed
BZ - 2059599 - [ibm]Lots of info message from ibmcsidriver/identity.go:83 displayed in the log ibm-vpc-block-csi-node/iks-vpc-block-node-driver
BZ - 2060068 - machine-api-provider-aws creates EC2 instances with the default security group when no matching security group is found
BZ - 2060079 - Re-think kubeproxy_sync_proxy_rules_duration_seconds_bucket alerts
BZ - 2061947 - IBM Cloud: Uninstall does not succeed when there is nothing to clean up
BZ - 2062579 - [IBMCloud] Provide invalid profile machine stuck in “Provisioning” phase
BZ - 2063764 - Operators - OperatorHub : i18n misses
BZ - 2065192 - GCP - Less privileged service accounts are created with Service Account User role
BZ - 2065727 - Scaling down an hypershift cluster ends with BMH shutdown and in maintenance mode
BZ - 2066560 - two router pods are in ContainerCreating status when tried to patch ingress-operator with custom error code pages directly
BZ - 2067059 - No topologySpreadConstraints shown in `oc describe resource`
BZ - 2067323 - [sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should pass the gRPC interoperability tests [Suite:openshift/conformance/parallel/minimal]
BZ - 2068910 - After node re-created, some ovn annotations are not found for the node and due to that pod is in crashloop
BZ - 2070562 - Base64 data value for java keystore secret changing automatically, when we edit it from the console and saving it without doing any changes
BZ - 2071792 - Non-kubeadmin user will not have access to openshift-config ns to pull secret/CM for adding private HCR in a namespace
BZ - 2073617 - [IBM] allowedTopologies in SC causes scheduling to fail when region is empty
BZ - 2075107 - Heading mismatch of CloudShellDrawer & Fullscreen
BZ - 2075607 - [4.10] IBM VPC operator needs e2e csi tests for ibmcloud
BZ - 2077933 - Kube controller manager does not handle new configurations available in the cloud provider OpenStack
BZ - 2078691 - [OVN] Node to service traffic is blocked if service is “internalTrafficPolicy: Local” even backed pod is on the same node
BZ - 2078727 - [IBM] Volume is not provisioned when storageclass Region is provided but without zone info
BZ - 2079214 - modal text goes outside of modal boundary and doesn’t have scroll bar
BZ - 2079249 - list pages in pipelines is taking more time to load when there are too many items
BZ - 2079679 - [bz-monitoring][invariant] alert/Watchdog must have no gaps or changes
BZ - 2079690 - [RH OCP 4.9] Affinity definition YAML shows difference in web console
BZ - 2080260 - 404 not found when create Image Manifest Vulnerability on Operator “Container Security”
BZ - 2080449 - [Azure-file CSI Driver] Read/Write permission denied for non-admin user on azure file csi provisioned volume with fsType=ext4,ext3,ext2,xfs
BZ - 2081674 - Developer add page create a new project modal redirects to admin project page after creation
BZ - 2081734 - metal3-dnsmasq: workers are not provisioned during the cluster installation when BootMacAddress is not provided lower-case
BZ - 2082395 - Private cluster installer on Azure asking for baseDomainResourceGroup even when it has nothing to do with basedomain as mentioned in documentation.
BZ - 2082588 - [RFE] Add new Azure instance types to the official “tested/supported” list
BZ - 2082599 - retry logic should have an upper bound on the number of failed attempts
BZ - 2082773 - [AWS-EBS-CSI-driver-Operator] Generic ephemeral volumes online resize Filesystem type volume stucked at file system resize phase
BZ - 2083041 - Updating externalTrafficPolicy=cluster to externalTrafficPolicy=local doesn’t work
BZ - 2083226 - alertmanager-main pods failing to start due to startupprobe timeout
BZ - 2084453 - Edit PodDisruptionBudget page sometimes takes user to not synced YAML view
BZ - 2084471 - Capital letters in install-config.yaml .platform.baremetal.hosts[].name cause bootkube errors
BZ - 2084504 - can not silent platform alert from developer console
BZ - 2085390 - machine-controller is case sensitive which can lead to false/positive errors
BZ - 2086231 - Install Shared Resource CSI Driver Webhook
BZ - 2086887 - DNS occasionally unavailable after large scale up operation
BZ - 2087032 - Operator-sdk “run bundle” “run bundleup-grade” can’t support proxy env
BZ - 2087679 - EgressQoSes not gathered for debugging purposes
BZ - 2087981 - PowerOnVM_Task is deprecated use PowerOnMultiVM_Task for DRS ClusterRecommendation
BZ - 2088033 - Clear text password/secret in operator pod
BZ - 2088583 - libguestfs: error: download: /boot/loader/entries/ostree-1-rhcos.conf: No such file or directory
BZ - 2089199 - etcd Dashboard should be removed on guest cluster of hypershift
BZ - 2089221 - Could not de-select a Git Secret in add and edit forms
BZ - 2089402 - BuildConfig throws error when using a label with a / in it
BZ - 2089807 - Many errors when powering off a master
BZ - 2089950 - Upgrade fails with message Cluster operator console is not available
BZ - 2090135 - [upstream] Operator-sdk run bundle offer the wrong error message
BZ - 2090836 - Bootstrap node should honor http proxy
BZ - 2090988 - ReplicaSet prometheus-operator-admission-webhook has timed out progressing
BZ - 2091102 - Name of workload get changed, when project and image stream gets changed on edit deployment page of the workload.
BZ - 2091109 - Add to application dropdown options are not visible on application-grouping sidebar action dropdown.
BZ - 2091238 - NetworkPolicies: ovnkube-master pods crashing due to panic: “invalid memory address or nil pointer dereference”
BZ - 2091545 - Namespace value is missing on the list when selecting “All namespaces” for operators
BZ - 2091555 - Sort function doesn’t work on “Namespaces” column on operator details page
BZ - 2091573 - Input values in Instantiate Template are disappeared randomly in the developer console
BZ - 2091864 - Registry Pod don’t have “securityContext.runAsNonRoot=true” config that generated by run bundle
BZ - 2092319 - [Firefox] multi-line node status formatting issue
BZ - 2092731 - Give more clear information when `oc adm release new` without the --keep-manifest-list opotion for the manifestlist imagestream YAML
BZ - 2092920 - Dependent tasks in Pipeline chart linked incorrectly
BZ - 2093016 - [azure disk] add metric and alert to help identify cascading test failures
BZ - 2093040 - unable to start `toolbox` on RHCOS using `podman` 4.0
BZ - 2093046 - must-gather debug pods are missing priority class
BZ - 2093440 - [sig-arch][Early] Managed cluster should start all core operators - NodeCADaemonControllerDegraded: failed to update object
BZ - 2093826 - Pods with OVN hardware offloading enabled interface fail to start
BZ - 2093852 - Affinity rule created in console deployment for single-replica infrastructure
BZ - 2093892 - no api_key_file field in AlertmanagerConfig, but error message complains it
BZ - 2094012 - Listing secrets in all namespaces with a specific labelSelector does not work properly
BZ - 2094068 - No runbook created for NorthboundStale alert
BZ - 2094101 - `podman` dumping core on RHCOS 4.11 + RHEL 8.6 on `aarch64`
BZ - 2094174 - ReleaseAccepted=False keeps complaining about the update cannot be verified after the upgrade is cleared
BZ - 2094240 - MachineConfigPool details page should use consistent word for resume updating
BZ - 2094362 - Duplicate prometheus rules for API SLOs after upgrade
BZ - 2094462 - DeleteACLsFromPortGroupOps doesn’t actually have any UUIDs set, so it deletes nothing and complains
BZ - 2094502 - Creating an MCH instance does not work via blue button
BZ - 2094558 - MetalLB: Creating ip address pool and community CR through webconsole the words like addresses and communities are truncated
BZ - 2094716 - Unable to install a fully air gapped OCP 4.10 cluster in AWS using IPI
BZ - 2094783 - storageclass should not be created for unsupported vsphere version
BZ - 2094865 - INIT container stuck forever
BZ - 2095323 - Openshift on OpenStack does not honor machineNetwork setting with multiple networks
BZ - 2095623 - [rebase v1.24] [sig-storage] In-tree Volumes [Driver: azure-file] tests fail
BZ - 2095708 - oc adm inspect throws out erorr "the server doesn’t have a resource type “egressfirewalls” for all operators
BZ - 2095852 - Unable to create Network Policies: error: unexpectedly found multiple equivalent ACLs (arp v/s arp||nd) (ns_netpol1 v/s ns_netpol2)
BZ - 2097026 - Administration - Cluster Settings - Cluster Operators : Filter menu values are in English
BZ - 2097073 - etcdExcessiveDatabaseGrowth should not use increase() around gauge metrics
BZ - 2097221 - [OVN HWOL] Avoid masked access to ct_label to allow offloading of ECMP symmetric reply and load balanced traffic
BZ - 2097243 - NodeIP is used instead of EgressIP
BZ - 2097431 - Degraded=True noise with: UpgradeBackupControllerDegraded: unable to retrieve cluster version, no completed update was found in cluster version status history
BZ - 2097557 - can not upgrade. Incorrect reading of olm.maxOpenShiftVersion
BZ - 2097691 - [vsphere] failed to create cluster if datacenter is embedded in a Folder
BZ - 2097701 - MetaLLB: Validation unable to create BGPPeers with spec.peerASN Value in OCP 4.10
BZ - 2097785 - Ensure OSUpdateStaged gets sent to the API server before rebooting
BZ - 2098053 - Add a e2e test to validate address mismatch between pod address family and external gw family
BZ - 2098054 - The control plane should tag AWS security groups at creation
BZ - 2098072 - [vsphere] update install-config description for diskType
BZ - 2098124 - [Kubernetes] [ISCSI] ipv6 single stack cluster could not get SCSI server host number
BZ - 2098234 - Local Update Server link 404
BZ - 2098299 - install-config: Strict unmarshalling conflicts with new fields
BZ - 2099401 - [IBMCloud] Client does not set region endpoint for InstallConfig
BZ - 2099664 - MachineConfigPool is not getting updated
BZ - 2099795 - README file for helm charts coded in Chinese shows messy characters when viewing in developer perspective.
BZ - 2099864 - vmware-vsphere-csi-driver-controller can’t use host port error on e2e-vsphere-serial
BZ - 2099939 - enabled UWM alertmanager only, user project AlertmanagerConfig is not loaded to UWM alertmanager or platform alertmanager
BZ - 2099945 - [OVN] bonding fails after active-backup fail-over and reboot, kargs static IP
BZ - 2099991 - pass the “–quiet” option via the buildconfig for s2i
BZ - 2100166 - heterogeneous arch: oc adm extract encodes arch specific release payload pullspec rather than the manifestlisted pullspec
BZ - 2100220 - Completed pods may not be correctly cleaned up
BZ - 2100249 - Revert Bug 2082599: add upper bound to number of failed attempts
BZ - 2100312 - should use the same value for AlertRelabelConfig with oc explain
BZ - 2100334 - Event sources do not show up until KnativeServing is installed
BZ - 2100342 - Operator-sdk run bundle offer the wrong error message
BZ - 2100472 - TechPreview feature is not enabled, but find “failed to list *v1alpha1.AlertingRule: alertingrules.monitoring.openshift.io is forbidden” in cmo logs
BZ - 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
BZ - 2100640 - “Show operands in all namespaces” radio group font size is too large.
BZ - 2100702 - No need to pass to-image-base for `oc adm release new` command when use --from-release
BZ - 2100708 - Print the dup choose image message is noisy
BZ - 2100774 - In the Deploy Image form Image name from external registry field Required text is not red as other fields
BZ - 2100843 - Selecting add connector context menu option opens the side panel of the node
BZ - 2100845 - MetalLB: matchExpressions used in CR like L2Advertisement allow duplicate entries
BZ - 2100852 - worker-user-data secret couldn’t be synced up from openshift-mahcine-api to openshift-cluster-api
BZ - 2100860 - Users can’t silence alerts from the dev console when dedicated UWM Alertmanager is deployed
BZ - 2100882 - downloading govc is impacted by github rate limiting
BZ - 2100918 - Add debug logging to TestIngressOperatorCacheIsNotGlobal
BZ - 2100923 - [SSO] Deleting secondary scheduler CR does not delete the corresponding deployment
BZ - 2101157 - OVS-Configure doesn’t iterate connection names containing spaces correctly
BZ - 2101343 - topolvm-controller get into CrashLoopBackOff few minutes after install
BZ - 2101357 - catalog-operator fatal error: concurrent map writes
BZ - 2101444 - kube-apiserver-operator should raise an alert when there is a Pod Security admission violation
BZ - 2101511 - [4.12] Tag new ironic packages when we have builds
BZ - 2101520 - csi-snapshot-controller-operator occasionally establishes an unusual number of watch requests
BZ - 2101622 - Drain happens before other image-registry pod is ready to service requests, causing disruption
BZ - 2101645 - [Cluster storage Operator] DefaultStorageClassController report fake message “No default StorageClass for this platform” on azure and openstack
BZ - 2101736 - Finalizers can’t be removed for machines
BZ - 2101843 - pv fails to recycle with PodSecurity error
BZ - 2101878 - Route status isn’t always getting cleared with routeSelector updates
BZ - 2101880 - [cloud-credential-operator]container has runAsNonRoot and image will run as root
BZ - 2101885 - The bash completion doesn’t work for get subcommand
BZ - 2101992 - [Azure] IP address release: After deleting and recreating egressIP object, egress traffic was intermittently broke for about 1 minute
BZ - 2102004 - 4.10 to 4.11 update: Degraded node: unexpected on-disk state: mode mismatch for file: "/etc/crio/crio.conf.d/01-ctrcfg-pidsLimit"; expected: -rw-r–r--/420/0644; received: ----------/0/0
BZ - 2102098 - [OSD] There is no error message shown on node label edit modal
BZ - 2102109 - co/node-tuning: Waiting for 15/72 Profiles to be applied
BZ - 2102228 - Update rhcos.json in installer to point at new CDN
BZ - 2102269 - The base image is still 4.10 for operator-sdk
BZ - 2102324 - GCP: Panic when unknown region AND machinesets specified in install config
BZ - 2102341 - [UI] ODF operator icon is missing on the Installed Operators page
BZ - 2102344 - [SSO] sso operator cannot be upgraded from 1.0.0 to 1.0.1 or 1.1
BZ - 2102371 - Openshift-Ansible RHEL 8 CI update
BZ - 2102383 - Kube controllers crash when nodes are shut off in OpenStack
BZ - 2102450 - Kernel parm needs to be added when a pao performance profile is applied, rcutree.kthread_prio=11
BZ - 2102632 - a shorter cluster name leads to Uninstall fails with Observed a panic: runtime.boundsError
BZ - 2102673 - FRR start race condition
BZ - 2102676 - Updates / config metrics are not available in 4.11
BZ - 2102766 - OCP 4.12 Using RHCOS 411.84
BZ - 2103061 - [4.12] Backport Prow CI improvements from master
BZ - 2103090 - Storage - StorageClasses - Create StorageClass - Provisioner: Upon selection of Provisoner i18n misses
BZ - 2103126 - must-gather namespace should have ?privileged? warn and audit pod security labels besides enforce
BZ - 2103144 - [IPv6] apiVIP and ingressVIP non-equality validation doesn’t account for synonyms
BZ - 2103178 - disabling ipv6 router advertisements using “all” does not disable it on secondary interfaces
BZ - 2103224 - Sidebar perspective dropdown switcher has different background color and incorrect border color when in dark theme mode
BZ - 2103236 - GCP: Error message for insufficient permissions needs to be improved
BZ - 2103283 - In CI 4.10 HAProxy must-gather takes longer than 10 minutes
BZ - 2103590 - [HyperShift] Election timeouts on OVNKube masters for Hypershift guests post statefulset recreation
BZ - 2103668 - ovnkube-node pod fails to start - unable to add OVN masquerade route to host, error: failed to add route for subnet - after upgrading to 4.10
BZ - 2103680 - Setting disableNetworkDiagnostics: true does not persist when network-operator pod gets re-created
BZ - 2103725 - Carry HAProxy patch ‘BUG/MEDIUM: h2: match absolute-path not path-absolute for :path’
BZ - 2103786 - MCP upgrades can stall waiting for master node reboots since MCC no longer gets drained
BZ - 2103940 - kube-controller-manager operator 4.11.0-rc.0 degraded on disabled monitoring stack
BZ - 2103972 - Pipelines (Multi-column table) column titles are not aligned with the column content (input fields) starting with 4.9
BZ - 2103981 - Topology resource sidebar shows all Builds and should show just the last n
BZ - 2104275 - Supermicro server FirmwareSchema CR does not contain allowable_values, attribute_type and read_only flag
BZ - 2104337 - Remove `yq` curls from CI steps
BZ - 2104373 - [AWS] CCM cannot work on Commercial Cloud Services (C2S) Top Secret Region
BZ - 2104481 - PROXY protocol is not configurable for “private” endpoint publishing strategy
BZ - 2104503 - Update ose-machine-config-operator images to be consistent with ART
BZ - 2104549 - telemeter golangci-lint outdated blocking ART PRs that update to Go1.18
BZ - 2104578 - Installer creates unnecessary master_ingress_cluster_policy_controller security group rule
BZ - 2104619 - Upgrade from 4.11.0-rc0 -> 4.11.0-rc.1 failed. rpm-ostree status shows No space left on device
BZ - 2104642 - Add a validation webhook for Nutanix machine provider spec in Machine API Operator
BZ - 2104784 - Some EgressIP was not correctly assigned to the egress node under some condition
BZ - 2104803 - lr-policy-list for EgressIP was lost after scale down the test pods
BZ - 2104953 - Reintroduce kube1.24 for SDN
BZ - 2105003 - e2e-metal-ipi-ovn-dualstack failure: Timed out waiting for node count (5) to equal or exceed machine count (6).
BZ - 2105045 - OLM updates namespace labels even if they haven’t changed
BZ - 2105071 - container-selinux: Mostly-confined containers which create their own user and mount namespaces can’t mount overlay filesystems
BZ - 2105123 - Tuned overwriting IRQBALANCE_BANNED_CPUS
BZ - 2105165 - [IPI-IBMCloud] explain installconfig.platform.ibmcloud.resourceGroupName need update
BZ - 2105303 - Specify the namespace and the index entry along with the chart url to get the chart details
BZ - 2105325 - [oc adm release] extraction of the installer against a manifestlisted payload referenced by tag leads to a bad release image reference
BZ - 2105328 - crud/other-routes.spec.ts Cypress test failing at a high rate in CI
BZ - 2105341 - Bootstrap Gather Fails when cluster.tfvars.json is not available in Azure
BZ - 2105344 - Console app pod action provider extension is incorrectly defined
BZ - 2105399 - [SSO] secondary scheduler CR instance does not get updated when SSO is upgraded from 1.0.1 to 1.1.0
BZ - 2105706 - Race condition with pendingCloudPrivateIPConfigsOps in EgressIP code
BZ - 2105909 - OLM create-namespace.spec.ts e2e test fails always
BZ - 2105918 - Install Helm chart form doesn’t allow the user select a specific version
BZ - 2105933 - OKD: update FCOS to latest stable
BZ - 2105967 - Add E2E test case for Telco Friendly workload specific API
BZ - 2105996 - Broken assign error display for cloudprivateipconfig
BZ - 2106044 - etcd backup seems to not be triggered in 4.10.18–>4.10.20 upgrade
BZ - 2106055 - vSphere defaults to SecureBoot on; breaks installation of out-of-tree drivers
BZ - 2106061 - [4.12] Bootimage bump tracker
BZ - 2106086 - IngressController spec.tuningOptions.healthCheckInterval validation allows invalid values such as “0abc”
BZ - 2106298 - unix domain socket mode is broken when specified as ovn database transport method
BZ - 2106366 - ProjectHelmChartRepository form doesn’t allow the user to make a difference between name and displayname
BZ - 2106372 - TypeError while creating NodeObservability Run under NodeObservability Operator
BZ - 2106377 - ProjectHelmChartRepository display name (spec.name) is not used in Helm Charts catalog
BZ - 2106378 - Spoke BMH stuck ?provisioning? after changing a BIOS attribute via the converged workflow
BZ - 2106403 - Nutanix: the e2e-nutanix-operator webhooks test suite does not support provider Nutanix
BZ - 2106444 - EgressnodeIP update need special logic to handle creation errors
BZ - 2106449 - openshift4/ose-operator-registry image is vulnerable to multiple CVEs
BZ - 2106476 - Order of config attributes are not maintained during conversion of PT4l from ptpconfig to ptp4l.0.config file
BZ - 2106667 - UPI: Install playbooks don’t honour platform.openstack.externalDNS
BZ - 2106733 - Machine Controller stuck with Terminated Instances while Provisioning on AWS
BZ - 2106770 - metallb greenwave tests failure
BZ - 2106803 - E2E: intermittent failure is seen on tests for devfile
BZ - 2106805 - Spec flag not overriding defaults in headless cypress tests
BZ - 2106862 - After ovnkube-node restart, external traffic policy local no longer works
BZ - 2106866 - Test Flake - Using OLM descriptor components successfully creates operand using form
BZ - 2106935 - kubernetes-nmstate-operator fails to install with error “no channel heads (entries not replaced by another entry) found in channel”
BZ - 2107043 - HTTPS_PROXY ENV missing in some CSI driver operators
BZ - 2107068 - etcd-metrics container is flooding logs
BZ - 2107113 - Adding SSH keys for core user post-install creates .ssh folder owned by root
BZ - 2107178 - Bond CNI: Failed to recreate pod with active-active bond: Failed to attached links to bond: Failed to set link: net2 MASTER, master index used: 4, error: bad address
BZ - 2107241 - [OCPonRHV] CSI provisioned disks are effectively preallocated due to go-ovirt-client setting Provisioned and Initial size of the disk to the same value
BZ - 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
BZ - 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
BZ - 2107469 - Confusing subtitle in Create Service Binding modal when the target is already known
BZ - 2107513 - [SSO] 1.0.1 csv is pulling in secondary-scheduler-operator-container-v1.1-5
BZ - 2107558 - When deploying via the web ui, the namespace is always openshift-operators
BZ - 2107566 - [GCP] create gcpcluster get error
BZ - 2107578 - Power VS machine Processor is always defaulted to 0.5
BZ - 2107999 - [GCP] capg-controller-manager report panic after creating machineset and machine stuck in Provisioning
BZ - 2108033 - remove ovn-kubernetes dependency on arping executable file
BZ - 2108054 - Report alert when upstream CSI driver is found
BZ - 2108222 - Missing spec.cpu.offlined field in v1 API
BZ - 2108307 - oc debug node should set hostIPC to true
BZ - 2108317 - Fix two issues in hybrid overlay
BZ - 2108320 - rpm-ostreed: start limit hit easily
BZ - 2108473 - [vSphere CSI driver operator] CSI controller pod restarting constantly
BZ - 2108551 - [CI Watcher] Bulk Import e2e test flaking at a high rate
BZ - 2108647 - [azure] Standard_D2s_v3 as worker failed by ?accelerated networking not supported on instance type?
BZ - 2108708 - Ingress operator creates a “default” ingresscontroller on HyperShift
BZ - 2108858 - cluster-version operator should clear (pod) securityContext when the manifest does not set the property
BZ - 2109045 - ovn-k needs kubernetes 1.24 bump
BZ - 2109056 - Bring avoidbuggyips back
BZ - 2109059 - Reply to arp requests on interfaces with no ip
BZ - 2109152 - Kube-apiserver was down and could not recover
BZ - 2109258 - Legacy machine deletion annotation is not respected
BZ - 2109374 - ClusterVersion availableUpdates is stale: PromQL conditional risks vs. slow/stuck Thanos
BZ - 2109388 - [AWS] s3 GetBucketPolicy permission is missing in installer validation
BZ - 2109469 - Code cleanup: Don’t call useServiceLevelTitle hook in the JSX
BZ - 2109502 - Prerelease report bug link should be updated to JIRA instead of Bugzilla
BZ - 2109511 - Failed PipelineRun logs text is not visible in light mode
BZ - 2109538 - Nutanix platform validations run at `create manifests` stage
BZ - 2109697 - Migrate openshift-ansible to ansible-core
BZ - 2109800 - [IBMCloud] context deadline exceeded for kube-scheduler targets
BZ - 2109854 - Max unavailable and Max surge have inaccurate description
BZ - 2109945 - HyperShift: ovnkube-node not able to connect to sbdb
BZ - 2109963 - Master node in SchedulingDisabled after upgrade from 4.10.24 -> 4.11.0-rc.4
BZ - 2109965 - oci hook Low-latency-hooks causing high container creation times under platform cpu load
BZ - 2109967 - failed to apply dns nncp on vSphere/OpenStack platform
BZ - 2110281 - daemon: Drop tuneableFCOSArgsAllowlist
BZ - 2110321 - Workloads list page has different PDB action items from details page when All Projects selected
BZ - 2110501 - [Upgrade]deployment openshift-machine-api/machine-api-operator has a replica failure FailedCreate
BZ - 2110525 - Form/YAML form errors stay around
BZ - 2110590 - Upgrade failing because restrictive scc is injected into version pod
BZ - 2110617 - Split the route controllers out from OCM
BZ - 2110629 - openshift-controller-manager(-operator) namespace should clear run-level annotations
BZ - 2110722 - openshift-tests: allow -f to match tests for any test suite
BZ - 2110927 - Edit YAML page shows unexpected zero (0) and doesn’t clear errors anymore
BZ - 2111151 - Cannot delete a Machine if a VM got stuck in ERROR
BZ - 2111165 - Project auth cache is fully invalidated on changes to namespaces and namespaced RBAC
BZ - 2111205 - console-plugin-demo build failing in CI
BZ - 2111467 - Node internal DNS address is not set for machine
BZ - 2111474 - Fetch internal IPs of vms from dhcp server
BZ - 2111534 - [OVNK] Conntrack Rules are removed before the service rules/flows
BZ - 2111537 - oc image info ignores --output for multiarch image
BZ - 2111586 - Export OVS metrics
BZ - 2111686 - [OKD/nanokube] Different NPE when using console with a nanokube cluster
BZ - 2111733 - pod cannot access kubernetes service
BZ - 2111817 - rpm-ostreed start timeout on nodes with medium/high load
BZ - 2111842 - vSphere test failure: [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial]
BZ - 2111878 - Azure EgressIP gives up reconciling with No matching nodes found when updating the same egressip consecutively
BZ - 2111972 - openshift-machine-api namespace runlevel label should be set to empty string
BZ - 2111979 - openshift-controller-manager-operator NS runlevel needs to be set to emptystring
BZ - 2111984 - OpenShift controller manager needs permissions to get/create/update leases for leader election
BZ - 2112086 - [hybrid-overlay] AWS EC2 metadata service not available in host’s vNIC for Windows
BZ - 2112146 - [CI watcher] Create pod sample fail because of a restricted pod security admission policy
BZ - 2112237 - [ Cluster storage Operator 4.x(10/11/12) ] DefaultStorageClassController report fake message “No default StorageClass for this platform” on Alicloud, IBM, Nutanix
BZ - 2112481 - Synced editor forms have incorrect and inconsistent visual display
BZ - 2112812 - [OCP 4.10] Developer catalog fails to load (on a fully disconnected cluster and on a disconnected cluster with proxy)
BZ - 2112862 - Namespace CRUD integration test is failing
BZ - 2112934 - The oc adm inspect ns/[namespace_name] command is not collecting the servicemonitors in the namespace
BZ - 2113936 - Fix e2e tests for [reboots][machine_config_labels] (tsc=nowatchdog)
BZ - 2113977 - Fix pod stuck in termination state when mount fails or gets skipped after kubelet restart
BZ - 2114009 - [4.12 Alicloud Snapshot] taking more time(4min+) to make snapshot content with ready status and (volume/snapshot content) getting created in default Resource group id
BZ - 2114488 - Monitoring Alert decorator in Topology color is grey instead of red
BZ - 2114506 - olm e2e failing when capabilities are disabled
BZ - 2114721 - telemeter-client pod does not use the updated pull secret when it is changed
BZ - 2114754 - “gather bootstrap” creates unexpected folder “serial-log-bundle-<timestamp>” beyond “log-bundle-<timestamp>.tar.gz”
BZ - 2114779 - Node Tuning Operator(NTO) - OCP upgrade failed due to node-tuning CO still progressing
BZ - 2114834 - Failure when creating Floating IP for load-balancer
BZ - 2114968 - 4.12-nightly payloads blocked by metal jobs failing with “Still creating …” when creating nodes
BZ - 2115308 - Kube API server operator should not update replicas when Machine/Node is being removed
BZ - 2115347 - 03279843 | Sev 3 | Negative regex matchers for alertmanager silences not properly parsed or read by console
BZ - 2115358 - control-plane-machine-set-operator pod got panic when create cpms on a single zone deployment
BZ - 2115479 - ovnkube direct-lists pods on a node when the node object changes
BZ - 2115522 - Strange padding in new Helm Chart Repository table row
BZ - 2115527 - ServiceAccounts PATCH noise leads to Secret leakage
BZ - 2115528 - bump bootimage to include latest rpm-ostree
BZ - 2115638 - CPMS cannot trigger RollingUpdate when adding failure domain
BZ - 2115684 - Gather ODF CephCluster resource status
BZ - 2115790 - [4.12] Bootimage bump tracker
BZ - 2115799 - CI failing tests: Perform actions on knative service and revision knative service menu options
BZ - 2115802 - Minor test fixes related to getting updated profile and checking kubeletconfiguration
BZ - 2115814 - Issues with samples in a disconnected cluster in OCP 4.9
BZ - 2115899 - BuildConfig form: Docker image repository should be just called Image registry
BZ - 2116382 - Setting a telemeter proxy in the cluster-monitoring-config config map does not work as expected
BZ - 2116415 - CI failing tests: Event tab in build details page
BZ - 2116460 - percpu Memory leak CRIO due to no garbage collection in /run/crio/exits for exited containers
BZ - 2116547 - phyc2sys config will be automatically added to ptpconfigs even if it is not included in user PGT
BZ - 2116715 - remove dead code from openshift-controller-manager
BZ - 2116973 - Multiple navigation items displaying as active
BZ - 2116982 - multus-admission-controller in openshift-multus has 2 replicas on SNO
BZ - 2117033 - Cluster-version operator ClusterOperator checks are unecessarily slow on update
BZ - 2117142 - Update the permission for Project Helm Chart Repository
BZ - 2117235 - separate route controllers to a new command
BZ - 2117255 - Failed to dump flows for flow sync, stderr: “ovs-ofctl: br-ext is not a bridge or a socket”
BZ - 2117310 - [OVN] New pods unable to establish TCP connections and get constant timeouts causing application downtime
BZ - 2117387 - vsphere: installer for vsphere does not have steal clock accounting enabled
BZ - 2117423 - Backport: https://github.com/openshift/kubernetes/pull/1295
BZ - 2117439 - change controlplanemachineset machineType to other type trigger RollingUpdate cause cluster error
BZ - 2117474 - ccoctl panics while trying to create a secret from credential request which does not have providerspec within it
BZ - 2117524 - openshift-ingress-operator with mTLS does not download CRL
BZ - 2117569 - kube-controller-manager needs to stop watching all events
BZ - 2117595 - Upgrade golangci-lint to 1.47.3 in image-customization-controller
BZ - 2117602 - LocalVolume does support by-path volumes
BZ - 2117646 - Changing `spec.host` field on any of routes in the openshift-console namespace wont trigger sync loop
BZ - 2117738 - Plugin page error boundary message is not cleared after leaving page
BZ - 2117749 - Bump to latest k8s.io 1.24 release
BZ - 2117822 - oc adm release extract should handle ccoctl
BZ - 2118286 - KCMO should not be dependent on monitoring stack
BZ - 2118318 - kube-controller-manager resource quota controller needs to stop watching all events
BZ - 2118550 - [capi] azure and vsphere image in payload
BZ - 2118563 - [OSP][SDN] The displayed IP Capacity is not consistent with port allowed maximum addresses
BZ - 2118625 - [Nutanix] ccoctl panics if nutanix credentials source file and openshift credentials requests files are in the same directory
BZ - 2124668 - CVE-2022-32190 golang: net/url: JoinPath does not strip relative path components in all circumstances
BZ - 2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers
BZ - 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
BZ - 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
BZ - 2135339 - CVE-2022-41316 vault: insufficient certificate revocation list checking
BZ - 2161287 - CVE-2023-0296 openshift: etcd grpc-proxy vulnerable to The Birthday attack against 64-bit block cipher
OCPBUGS-2223 - Default catalogSources are not updated to 4.12
OCPBUGS-2219 - ConsolePlugin CRs cannot be garbage collected due to missing spec.i18n.loadType value
OCPBUGS-939 - Flaky CI: Object.verifyTopologyPage timeout after importing a Devfile
OCPBUGS-929 - The help message of “opm alpha render-graph” is not correct
OCPBUGS-927 - Azure install fails in CI: Error: error creating/updating Private DNS Zone Virtual network link
OCPBUGS-926 - [vsphere-problem-detector] report privilege missing when using pre-existing folder and/or resource pool with ReadOnly permission
OCPBUGS-2197 - [upgrade 4.11.z to 4.12 nightly] rpm-ostree update via container failed
OCPBUGS-1106 - Devfile Catalog and Import a Devfile on a fully disconnected cluster should fail directly instead of timeout after 30sec
OCPBUGS-917 - create egressqos with wrong syntax/value rules success
OCPBUGS-2195 - NPE on visiting topology for ns which got deleted
OCPBUGS-1083 - e2e-aws-ovn-serial fails because of OVNKubernetesControllerDisconnectedSouthboundDatabase
OCPBUGS-2181 - e2e tests: Installs Red Hat Integration - 3scale operator test is failing due to change of Operator name
OCPBUGS-1227 - Node events create unnecessary CPU load
OCPBUGS-889 - 4.12 installer is pointing at stable-4.11 channel
OCPBUGS-884 - Update RHCOS release browser url
OCPBUGS-2175 - Windows to linux networking broken since downstream OVN merge
OCPBUGS-1132 - e2e: perfprof: unbreak the e2e-gcp PAO lane
OCPBUGS-2167 - Workload hints feature breaks backwards compatibility
OCPBUGS-1105 - Import a Devfile on a disconnected cluster with a proxy doesn?t work
OCPBUGS-872 - provisioning interface on master node not getting ipv4 dhcp ip address from bootstrap dhcp server on OCP IPI BareMetal install
OCPBUGS-2158 - Track changes of serviceAccountIssuer in operator status
OCPBUGS-1076 - CNO in HyperShift management cluster is reconciling ovn-kubemaster in Hosted Control Plane namespace.
OCPBUGS-869 - Change 'OpenShift Managed (Azure)' to ‘Azure Red Hat OpenShift’ for Azure support case link
OCPBUGS-2157 - Documentation for cleaning crio produces kubelet errors
OCPBUGS-867 - package-server-manager does not stomp on changes made to packgeserver CSV
OCPBUGS-2155 - Etcd scaling test was mistakenly added to the parallel suite
OCPBUGS-864 - ClusterOperator Conditions Update on Reordering
OCPBUGS-194 - Layout for API Explorer page is incorrect
OCPBUGS-2151 - machine-api-operator degraded during 3+1 deployment due to minimum worker replica count is 2
OCPBUGS-861 - Rebase openshift/etcd 4.12 onto v3.5.5
OCPBUGS-944 - CI failure due to pod security in manila
OCPBUGS-2138 - Get OSImageURL override related metric data available in telemetry
OCPBUGS-1226 - OpenStack UPI scripts do not create server group for Computes
OCPBUGS-858 - package-server-manager does not migrate packageserver CSV from v0.17.0 to v0.18.3 on OCP 4.8 -> 4.9 upgrade
OCPBUGS-1231 - base image can’t be fetched in a disconnected environment
OCPBUGS-2396 - FIPS jobs are broken after images rebuilt with golang 1.19
OCPBUGS-853 - openshift-ingress-operator is failing to update router-certs because “Too long: must have at most 1048576 bytes” message
OCPBUGS-2125 - CVO skips reconciling the installed optional resources in the 4.11 to 4.12 upgrade
OCPBUGS-852 - oc debug requires a user to create a namespace with specific security labels
OCPBUGS-2122 - machine-config-daemon failed to update the OS for cluster running behind proxy
OCPBUGS-850 - Dockerfile: provide full URL to CentOS stream image
OCPBUGS-959 - Born in 4.1 and 4.2 clusters have ‘openshift.io/run-level: 1’ uncleared
OCPBUGS-825 - Available=False with no reason
OCPBUGS-2102 - Resource quota e2e tests fails after latest changes to master
OCPBUGS-819 - [ExtDNS] Invalid TXT records for wildcard domains on Azure
OCPBUGS-2100 - Alert icon color is black in the Topology list view
OCPBUGS-2086 - Detect failure to prepare installation
OCPBUGS-800 - Name of workload get changed, when project and image stream gets changed on reloading the form on the edit deployment page of the workload
OCPBUGS-1069 - Update ODC owners
OCPBUGS-785 - Bump documentationBaseURL to 4.12
OCPBUGS-2079 - systemReserved:ephemeral-storage in KubeletConfig doesn’t work as expected
OCPBUGS-766 - Missing the instance-type/region/zone labels in Machine CRs
OCPBUGS-2076 - CI AWS CCM cluster install failure
OCPBUGS-753 - dns-default pod missing “target.workload.openshift.io/management:” annotation
OCPBUGS-2075 - Do not show notification switch for the alert rule which have no alerts associated
OCPBUGS-745 - [4.12] Supermicro server FirmwareSchema CR does not contain allowable_values, attribute_type and read_only flag
OCPBUGS-2071 - revert “force cert rotation every couple days for development” in 4.12
OCPBUGS-1080 - It’s not possible to share BMC secrets between BareMetalHosts
OCPBUGS-729 - vsphere privilege check fails on vsphere6.7 u3 as missing privilege “InventoryService.Tagging.ObjectAttachable”
OCPBUGS-954 - [2087981] PowerOnVM_Task is deprecated use PowerOnMultiVM_Task for DRS ClusterRecommendation
OCPBUGS-2063 - List pages in pipelines is taking more time to load when there are too many items
OCPBUGS-722 - Undiagnosed panic detected in pod: openshift-controller-manager-operator_openshift-controller-manager-operator invalid memory address or nil pointer dereference
OCPBUGS-2029 - proxy config in installconfig fails to be applied
OCPBUGS-718 - Inefficient use of SG rules when creating Service LBs leads to scale issues
OCPBUGS-2010 - [noop][4.12] ironic clear_job_queue and reset_idrac pending issues
OCPBUGS-717 - Inquiries from customers regarding the EOL of Python 3.7.
OCPBUGS-2009 - User should be warned that MetalLB controller pod config node affinity cannot have weight 0
OCPBUGS-716 - EventsRecorder nonstandard / log only
OCPBUGS-2004 - egressip healthcheck through GRPC on dualstack cluster only uses v6 address when trying to re-connect to egressIP node
OCPBUGS-706 - [IBMCloud] e2e-ibmcloud-ipi-ibmcloud-gather-resources fails
OCPBUGS-1992 - [osp][octavia lb] failing to create floating IP for external LB
OCPBUGS-946 - Warnings in storage cluster operator PowerVS CSI driver deployment
OCPBUGS-705 - vSphere privilege checking failing when providing user-defined folder and/or resource pool
OCPBUGS-3443 - [4.12] Descheduler pod is OOM killed when using descheduler-operator profiles on big clusters
OCPBUGS-1979 - Update openshift/etcd Go version to 1.16
OCPBUGS-690 - [2112237] [ Cluster storage Operator 4.x(10/11/12) ] DefaultStorageClassController report fake message “No default StorageClass for this platform” on Alicloud, IBM, Nutanix
OCPBUGS-1962 - Controller and speakers are not created with tolerations effect is NoScheduleNoSchedule and tolerationSeconds is set 10
OCPBUGS-675 - panic in etcdcli
OCPBUGS-1950 - Devfile samples (in Developer Catalog) link doesn’t include the current selected namespace
OCPBUGS-670 - Prefer local dns does not work expectedly on OCPv4.12
OCPBUGS-1949 - kube-controller log gatherer should limit number of bytes read
OCPBUGS-651 - CBO gets confused by Terminating ports when a master fails
OCPBUGS-1941 - [4.12] Bootimage bump tracker
OCPBUGS-650 - “opm alpha render-veneer semver” raise error when no “Candidate” in config yaml
OCPBUGS-1916 - Workloads list page has different HPA action items from details page when All Projects selected
OCPBUGS-643 - catsrc is not ready due to “compute digest: compute hash: write tar: open /tmp/cache/cache: permission denied”
OCPBUGS-1913 - Agent Installer: Do not fail on deprecated apiVip and ingressVip values
OCPBUGS-617 - oc-mirror does not mirror arm64 OCP release payload
OCPBUGS-1912 - downstream `opm alpha diff` moving to `oc-mirror`
OCPBUGS-613 - oc adm inspect --rotated-pod-logs not working properly for static pods
OCPBUGS-2909 - Invalid documentation link in knative-plugin README
OCPBUGS-1900 - Bootstrap error in SNO installation
OCPBUGS-1896 - [CORS-2260] “create install-config” got error ‘credentialsMode: Forbidden: environmental authentication is only supported with Manual credentials mode’
OCPBUGS-2874 - Add Capacity button does not exist after upgrade OCP version [OCP4.11->OCP4.12]
OCPBUGS-1881 - [vSphere] cluster destroy get stuck if vm have not tag attached
OCPBUGS-967 - Panic in test: [sig-network] IngressClass [Feature:Ingress] should prevent Ingress creation if more than 1 IngressClass marked as default [Serial] [Suite:openshift/conformance/serial]
OCPBUGS-2854 - Controlplanmachineset couldn’t be created after deleting a machineset
OCPBUGS-1880 - Openshift version upgrade cause multiple worker go in draining node
OCPBUGS-2848 - Routes per shard metric inaccurate if using matchExpression
OCPBUGS-1877 - download ‘aliyun’
OCPBUGS-2837 - Excessive debug logs
OCPBUGS-2826 - ovnkube-trace: ofproto/trace fails for IPv6
OCPBUGS-1856 - [IBMCloud] install private cluster need manually add a rule to the security group for *sg-kube-api-lb
OCPBUGS-2822 - [4.12] EFS csi controller&driver pod are CrashLoopBackOff due to csi-driver container is not running on arm.
OCPBUGS-1263 - cri-o should report the stage of container and pod creation it’s stuck at
OCPBUGS-2803 - Project auth cache sync blocks list handler
OCPBUGS-1853 - [OVNK] ARP doesn’t exist for v6: https://github.com/j-keck/arping/
OCPBUGS-2779 - Import: Advanced option sentence is splited into two parts and headlines has no padding
OCPBUGS-1831 - failed to run command in pod with network-tools script pod-run-netns-command locally
OCPBUGS-2775 - After added/removed label from a namespace, one stats of “route_metrics_controller_routes_per_shard” in Observe >> Metrics page aren’t correct
OCPBUGS-1827 - knative service e2e tests are failing
OCPBUGS-2774 - [AWS][GCP] the new created nodes are not added to load balancer
OCPBUGS-1825 - Ingress Node Firewall rule becomes non-functional when daemons and controller manager deployment are re-deployed
OCPBUGS-2757 - rebase should handle idempotency
OCPBUGS-1824 - Systemd service been deactivated in limited network environment
OCPBUGS-1237 - e2e-gcp-builds is permafailing
OCPBUGS-2741 - CPMS failureDomains is not keep consistent with master machines on heterogeneous cluster after upgrade from 4.11 to 4.12
OCPBUGS-1810 - must gather for gather_ingress_node_firewall breaks with permission issues
OCPBUGS-2726 - Descheduler SoftTopologyAndDuplicates uses Stategy RemovePodsViolatingTopologySpreadConstraint which has invalid mapping
OCPBUGS-1806 - OCP cluster install on baremetal fails when hostname of master nodes does not include the text “master” (take 2)
OCPBUGS-2656 - VPA E2Es fail due to CSV name mismatch
OCPBUGS-2654 - Console OLM Integration Tests Reference Operator Not Present in 4.12 Certified Operators CatalogSource
OCPBUGS-1799 - Ironic API proxy pods crash loop if IPv6 is used
OCPBUGS-2651 - Pipeline Run nodes should show focus border
OCPBUGS-1789 - Users can’t silence alerts from the dev console when dedicated UWM Alertmanager is deployed
OCPBUGS-2638 - Switch libvirt VM’s to vnc graphic mode
OCPBUGS-1776 - Duplicate “Getting Started” notification will show on Search page for normal user
OCPBUGS-1746 - Update the Github App events and permissions
OCPBUGS-1268 - HelmChartRepositories has no action menu if the default repo is disabled
OCPBUGS-2621 - Enable TechPreview cause cluster error on single node cluster
OCPBUGS-1736 - cncc crashloop in proxy deployments
OCPBUGS-2592 - CVO hot-loops on Deployment manifests
OCPBUGS-1731 - Rebase CoreDNS to 1.10.0, based on k8s 1.25
OCPBUGS-1257 - Keepalived health check causes unnecessary VIP flapping when HAProxy is healthy
OCPBUGS-2558 - [RFE] Add new Azure instance types to the official “tested/supported” list
OCPBUGS-1730 - Bump openshift-router to k8s 1.25
OCPBUGS-2512 - apiserver pods cannot reach etcd on single node IPv6 cluster: transport: authentication handshake failed: x509: certificate is valid for ::1, 127.0.0.1, ::1, fd69::2, not 2620:52:0:198::10"
OCPBUGS-1718 - prometheus-k8s-0 ends in CrashLoopBackOff with evel=error err="opening storage failed: /prometheus/chunks_head/000002: invalid magic number 0" on SNO after hard reboot tests
OCPBUGS-2508 - Worker creation fails within provider networks (as primary and secondary)
OCPBUGS-1717 - Image registry panics while deploying OCP in me-central-1 AWS region
OCPBUGS-2495 - ‘oc login’ should be robust in the face of gather failures
OCPBUGS-1708 - console.openshift.io/use-i18n false in v1alpha API is converted to “” in the v1 APi, which is not a valid value for the enum type declared in the code.?
OCPBUGS-2478 - i18n translation missing in “Remove component node from application” modal
OCPBUGS-1705 - OVN-Kubernetes master crashing due to too long ACL names during upgrade
OCPBUGS-2469 - ControlPlaneMachineSets are not included in must-gathers
OCPBUGS-1698 - [vsphere] Installer get panic error when no setting platform.vsphere.failureDomains.topology.networks
OCPBUGS-2455 - Pods and PDBs list page just reports ‘Not found’ when no Pod/PDB
OCPBUGS-1678 - CI: Backend unit tests fails because devfile registry was updated (mock response)
OCPBUGS-1244 - Add PowerVS region mon01 to installer
OCPBUGS-1234 - AWS tagging limit hit issue when trying to add more than 10 tags
OCPBUGS-2446 - Control Plane Machine Set does not expose errors
OCPBUGS-2438 - Help popovers cause error on Observe > Alerting pages
OCPBUGS-2437 - Clusters with large numbers of CSVs can cause crashloop, block upgrades
OCPBUGS-1256 - [CI-Watcher] e2e issue with tests: Using OLM descriptor components. Using OLM descriptor components deletes operand
OCPBUGS-2436 - Installer fails to create ingress.config.openshift.io/cluster on AWS because of missing spec.loadBalancer.platform.aws.type
OCPBUGS-1274 - machine-api-termination-handler Pods don’t launch on tainted spot instances
OCPBUGS-2435 - Nil-pointer dereference in TestRouterCompressionOperation on e2e-gcp-operator
OCPBUGS-1247 - AWS Control Plane machine set are breaking single node clusters
OCPBUGS-963 - [OCPonOpenstack] Remove clustername length limitation
OCPBUGS-1677 - CI: Backend unit tests fails because devfile registry was updated (fix assertion)
OCPBUGS-1533 - sdn rebase to 1.25
OCPBUGS-1558 - Bump cluster-dns-operator to k8s 1.25
OCPBUGS-595 - Kubelet cannot be started on worker nodes after upgrade to OCP 4.11 (RHCOS 8.6) when custom SELinux policies are applied
OCPBUGS-585 - Tuned overwriting IRQBALANCE_BANNED_CPUS
OCPBUGS-1554 - Bump cluster-ingress-operator to k8s 1.25
OCPBUGS-576 - unbound router_id variable while creating event
OCPBUGS-1437 - OLM Reports ResolutionFailed when there are multiple upgrade paths between channel entries
OCPBUGS-575 - The lacking securityContext.seccompProfile.type of OLM deployments is blocking OCP upgrade to 4.12
OCPBUGS-569 - CVO History Pruner is non-functional, letting history length above MaxHistory
OCPBUGS-561 - [4.12] Bootimage bump tracker
OCPBUGS-1549 - DNS operator does not reconcile the openshift-dns namespace
OCPBUGS-1515 - Join network CIDR not accept v6InternalSubnet fdxx::/48
OCPBUGS-548 - The application dropdown menu uses a custom component with a configuration to favorite applications, similar to the Project selection menu, but is inconsistent in the way it looks and behaves.
OCPBUGS-1505 - Booting live ISO: /dev/sr0 already mounted or mount point busy
OCPBUGS-540 - Input values in Instantiate Template are disappeared randomly in the developer console
OCPBUGS-1434 - Downstream Autoscaling Eviction Annotation to OCP 4.12
OCPBUGS-533 - member loses rights after some other user login
OCPBUGS-527 - Misleading error message when lacking assets to create the installation image
OCPBUGS-1324 - Clusters with a custom osImage cannot be upgraded
OCPBUGS-525 - Prerelease report bug link should be updated to JIRA instead of Bugzilla
OCPBUGS-1512 - [OCP 4.12] Fix generate script in CBO
OCPBUGS-523 - Plugin page error boundary message is not cleared after leaving page
OCPBUGS-1522 - Regular user cannot open the debug container from pods they created
OCPBUGS-1456 - Cluster operator-related tests failing on techpreview because of “platform-operators-aggregated”
OCPBUGS-519 - publicIP is allowed in Azure disconnected installation for machines
OCPBUGS-514 - [OCPonRHV] CSI provisioned disks are effectively preallocated due to go-ovirt-client setting Provisioned and Initial size of the disk to the same value
OCPBUGS-1502 - PodNetworkConnectivityCheck gatherer reads too much data into memory
OCPBUGS-505 - Input box aria-label and name wrong for editing PDB inside Deployments
OCPBUGS-1482 - Can’t install clusters with schedulable masters
OCPBUGS-499 - ClusterOperator Conditions Update on Reordering
OCPBUGS-498 - Update console operator vendor with latest openshift/api
OCPBUGS-1503 - configure-ovs.sh fails on unrelated, invalid connection files (non-existing interfaces)
OCPBUGS-478 - ironic-machine-os-downloader image is missing virt-* tools in OCP 4.12 nightlies
OCPBUGS-1364 - Improve prometheus-adapter consistency
OCPBUGS-1489 - [vsphere] one vm folder is not deleted when destroying ocp cluster configured region/zone
OCPBUGS-469 - OVN master trying to deleteLogicalPort for object which is already gone
OCPBUGS-456 - [4.12] update all ironic related packages to latest bugfix
OCPBUGS-1484 - Remove policy/v1beta1 in 4.11 and later
OCPBUGS-1351 - health_statuses_insights metrics is showing disabled rules in “total”
OCPBUGS-454 - [vsphere] update install-config description for diskType
OCPBUGS-1498 - e2e: performance: Verify kernel param rcutree.kthread
OCPBUGS-1429 - get updated rpm-ostree in 4.12 bootimages
OCPBUGS-451 - Show Git icon in repository link in details page should be based on the git provider
OCPBUGS-1479 - PDB list page should only show Create Pod button to user has sufficient permission
OCPBUGS-439 - DVO gatherer relies on the namespace name
OCPBUGS-1353 - ETCD Operator goes degraded when a second internal node ip is added
OCPBUGS-435 - Dropdown items on storageclass creation page need i18n support
OCPBUGS-431 - Nutanix platform validations run at `create manifests` stage
OCPBUGS-1290 - Update Kafka Sink text description
OCPBUGS-428 - Insights Operator should collect helm upgrade and uninstall metric
OCPBUGS-426 - [OSP][OVN]unable to create logical router policy for egressIP after update duplicate IP to uniq one
OCPBUGS-3265 - Console shouldn’t try to install dynamic plugins if permissions aren’t available
OCPBUGS-1318 - Dual stack cluster fails on installation when multi-path routing entries exist
OCPBUGS-421 - Disconnected IPI OCP 4.10.22 cluster install on baremetal fails when hostname of master nodes does not include the text "master
OCPBUGS-418 - [OCP web console] Search result doesn’t clear when user clears name filter in one-shot for any resources
OCPBUGS-1416 - ODC add-page e2e tests doesn’t pass (outdated checks)
OCPBUGS-416 - [IBMCloud] The udevadm utility is missing in the IBM Cloud VPC block storage IPI image
OCPBUGS-1417 - Disconnected Openshift cluster on AWS having problem with manual egress IP assignment
OCPBUGS-407 - [2116382] Setting a telemeter proxy in the cluster-monitoring-config config map does not work as expected
OCPBUGS-1409 - E2E: intermittent failure is seen on tests for devfile
OCPBUGS-392 - Setting disableNetworkDiagnostics: true does not persist when network-operator pod gets re-created
OCPBUGS-1470 - i18n: Incorrect plural for maxUnavailable pod count
OCPBUGS-2915 - InsightsRecommendationActive should link cluster-specific page
OCPBUGS-384 - GCP Filestore csi operator has wrong spec.description in csv files
OCPBUGS-1321 - node_exporter collects metrics for “virtual” network interfaces
OCPBUGS-1329 - etcd and kube-apiserver pods get restarted due to failed liveness probes while deleting/re-creating pods on SNO
OCPBUGS-1402 - panic in cvo pod
OCPBUGS-364 - Update ose-baremetal-installer images to be consistent with ART
OCPBUGS-1361 - Expect more detail info when report vSphere privilege alert
OCPBUGS-1421 - Document how to use RWX vSphere volumes
OCPBUGS-3263 - The terraform binaries shipped by the installer are not statically linked
OCPBUGS-346 - Failed to create volumesnapshotcontent for gcp-filestore-csi-driver-operator
OCPBUGS-1569 - OBC and OB option showing twice to user of a Project on Console
OCPBUGS-1044 - There’s an issue with node-exporter pods running when using a bare metal AMD EPYC setup
OCPBUGS-1038 - Whereabouts reconciliation should be launched by the CNO when using a conflist
OCPBUGS-305 - Cluster-version operator ClusterOperator checks are unecessarily slow on update
OCPBUGS-193 - Kebab menu not working properly for helm repository
OCPBUGS-3208 - [4.12] SCOS build fails due to pinned kernel
OCPBUGS-302 - openshift-install gather bootstrap panics
OCPBUGS-987 - Whereabouts should allow non default interfaces to Pod IP list
OCPBUGS-184 - [OCP web console] Wrong message “404: Not found” while the user selects an installed operator and navigates from operator hub to installed operator page.
OCPBUGS-3204 - Permission denied when write data to mounted gcp filestore volume instance
OCPBUGS-1004 - The error message of “opm alpha render-veneer semver” is not correct
OCPBUGS-270 - Dev Catalog taking too much time to load in a complete disconnected cluster
OCPBUGS-183 - Log line numbers overlap with cut-off rule when number is too big
OCPBUGS-3194 - [4.12.z backport][4.8][OVN] RHEL 7.9 DHCP worker ovs-configuration fails
OCPBUGS-268 - vsphere: installer for vsphere does not have steal clock accounting enabled
OCPBUGS-180 - Name of “Role” should keep pace with the name in CLI
OCPBUGS-262 - downloading govc is impacted by github rate limiting
OCPBUGS-1049 - Pod security policy change breaks cluster-ingress-operator’s TestCanaryRoute E2E tests
OCPBUGS-171 - VirtualMediaViaExternalNetwork is broken with virtual media TLS
OCPBUGS-3179 - Regression in ptp-operator conformance tests
OCPBUGS-256 - intra namespace allow network policy doesn’t work after applying ingress&egress deny all network policy
OCPBUGS-169 - Console e2e tests broken due to pod security admission controller
OCPBUGS-3177 - RHCOS 4.12/s390x kdump is failling, disable test
OCPBUGS-246 - Incorrect retry cause false positive in CNF tests
OCPBUGS-1029 - Developer catalog fails to load
OCPBUGS-165 - Spike in pod-latency graph observed due to ovnkube-master restarts
OCPBUGS-1641 - irqbalance: add unit to clear the cpu ban list
OCPBUGS-238 - ReEnable e2e tests for knative
OCPBUGS-977 - SR-IOV MutiNetworkPolicy: Rules are not removed after disabling multinetworkpolicy
OCPBUGS-122 - Error: open /etc/nsswitch.conf: permission denied and Error: open ./db-609956243: permission denied
OCPBUGS-236 - custom ingress-controller can’t be deleted
OCPBUGS-978 - leases not gracefully released in OCM
OCPBUGS-2373 - When changing a lb service to another type, the freed ip is not reused
OCPBUGS-999 - aws driver toolkit jobs are permafailing
OCPBUGS-224 - Missing $SEARCH domain in /etc/resolve.conf for OCP v4.9.31 cluster
OCPBUGS-216 - kuryr-controller timing out liveness probe
OCPBUGS-78 - Uninstalled operator can’t be reinstalled if it included a conversion webhook
OCPBUGS-212 - co/kube-controller-manager degraded: GarbageCollectorDegraded: error fetching rules: Get "https://thanos-querier.openshift-monitoring.svc:9091/api/v1/rules": dial tcp 172.30.153.28:9091: connect: cannot assign requested address
OCPBUGS-990 - HyperShift 4.12 jobs fail to install csi-snapshot-controller-operator
OCPBUGS-69 - No event log was emitted when egressIP exceeds capacity limit for cloud providers with SDN plugin
OCPBUGS-208 - Race condition when creating / deleting mac_address_pairs
OCPBUGS-2372 - Duplicate addresses when the controller is restarted
OCPBUGS-1000 - Allow scale-down of unhealthy member when it doesn’t violate quorum
OCPBUGS-1017 - Can’t cancel login when using multi-cluster
OCPBUGS-2369 - NPE on topology if creates a k8s svc and KSVC which has no metadata in template
OCPBUGS-985 - Metal serial tests are failing on webhook admission about provisioningDHCPRange
OCPBUGS-2362 - OVN-K alerts must be set to the correct severity level
OCPBUGS-1067 - [vsphere-CSI-Driver-Operator] The storageclass “thin-csi” could not be re-created after deleting
OCPBUGS-2360 - [IPI on Baremetal] ipv6 support issue in metal3-httpd
OCPBUGS-3436 - domain 24 missing from phc2sys options
OCPBUGS-2354 - co/storage is not available due to csi driver not have proxy setting on ibm cloud
OCPBUGS-1068 - Correct namespace for SimpleContentAccessNotAvailable
OCPBUGS-2346 - Remove namespace and name from gathered DVO metrics
OCPBUGS-943 - Could not import Devfile after testing a non-Devfile version
OCPBUGS-2340 - OnDelete update strategy cannot work when master machines are not index as 0, 1, 2
OCPBUGS-3115 - [2117255] Failed to dump flows for flow sync, stderr: “ovs-ofctl: br-ext is not a bridge or a socket”
OCPBUGS-2338 - Confusing error messages when missing VIPs
OCPBUGS-1570 - Event Sources not shown in topology
OCPBUGS-2334 - NE-956: Configurable LB Source Ranges breaks TestScopeChange
OCPBUGS-3094 - [4.12] The control plane should tag AWS security groups at creation
OCPBUGS-2330 - events.events.k8s.io is forbidden: User “system:serviceaccount:openshift-kube-descheduler-operator:openshift-descheduler-operand” cannot create resource “events” in API group “events.k8s.io” in the namespace “e2e-test-default-b6y9atnu-jxz6p”
OCPBUGS-3081 - monitor not working with UDP lb when externalTrafficPolicy: Local
OCPBUGS-3428 - [4.12] Skip broken [sig-devex][Feature:ImageEcosystem] tests
OCPBUGS-2328 - Panic observed: runtime error: index out of range
OCPBUGS-3080 - [4.12] RPS hook only sets the first queue, but there are now many
OCPBUGS-3425 - [release-4.12] Azure Disk CSI Driver Operator gets degraded without “CSISnapshot” capability
OCPBUGS-2327 - Add validation for releaseImage and mirror
OCPBUGS-3071 - [4.12][AWS] curl network Loadbalancer always get “Connection time out”
OCPBUGS-2325 - Add e2e test cases for INF spec.ingress
OCPBUGS-3366 - Disconnected cluster installation fails with pull secret must contain auth for “registry.ci.openshift.org”
OCPBUGS-2322 - Kuryr does not accept application credentials
OCPBUGS-3363 - openshift-ingress-operator with mTLS does not download CRL
OCPBUGS-2316 - Ingress-node-Firewall:Mixing ICMP v4 and v6 config causes a panic
OCPBUGS-3035 - 4.12 backport: Multiple extra manifests in the same file are not applied correctly
OCPBUGS-3359 - Revert BUILD-407
OCPBUGS-2301 - [gcp][CORS-1774] with "createFirewallRules: Enabled", after successful “create cluster” and then "destroy cluster", the created firewall-rules in the shared VPC are not deleted
OCPBUGS-3028 - panic in WaitForBootstrapComplete
OCPBUGS-3352 - ClusterVersionRecommendedUpdate condition blocks explicitly allowed upgrade which is not in the available updates
OCPBUGS-3022 - GCP: missing multiple regions
OCPBUGS-3346 - [perf/scale] libovsdb builds transaction logs but throws them away
OCPBUGS-3019 - Ingress node firewall pod 's events container on the node causing pod in CrashLoopBackOff state when sctp module is loaded on node
OCPBUGS-3343 - [vsphere] installation fails when setting user-defined folder in failure domain
OCPBUGS-2269 - “error: No enabled repositories” on upgrade with kernelType: realtime enabled
OCPBUGS-3003 - Ignore non-ready endpoints when processing endpointslices
OCPBUGS-1636 - The platform-operators-aggregated cannot be created after enabling TechPreviewNoUpgrade
OCPBUGS-3340 - Environment cannot find Python
OCPBUGS-1616 - masters unavailable & mco degraded in bootstrap techpreview jobs
OCPBUGS-3306 - Agent installer does not support dualstack VIPs
OCPBUGS-2265 - Allow passing documentation links for alerts
OCPBUGS-2984 - [RFE] 4.12 Azure DiskEncryptionSet static validation does not support upper-case letters
OCPBUGS-3297 - Bugfix in privileged-daemonset and better dependencies
OCPBUGS-2262 - [gcp][CORS-1774] “platform.gcp.publicDNSZone” and “platform.gcp.privateDNSZone” should be for existing DNS zones
OCPBUGS-1629 - Facing issue while configuring egress IP pool in OCP cluster which uses STS
OCPBUGS-2979 - [4.12] automatic replacement of an unhealthy member machine
OCPBUGS-3289 - [IBMCloud] Worker machines unreachable during initial bring up
OCPBUGS-2249 - Conditional gatherer cluster_version_matches issues
OCPBUGS-2975 - PTP 4.12 - PTP - AMQ HTTP on event caused ptp stopped working after fresh deployment
OCPBUGS-3281 - OCP 4.10.33 uses a weak 3DES cipher in the VMWare CSI Operator for communication and provides no method to disable it
OCPBUGS-1621 - The CSV of the operator does not have timestamp
OCPBUGS-2974 - administrator console, monitoring-alertmanager-edit user list or create silence, “Observe - Alerting - Silences” page is pending
OCPBUGS-3279 - Service-ca controller exits immediately with an error on sigterm
OCPBUGS-1645 - CPMS should handle clusters where Masters are not indexed from 0
OCPBUGS-198 - Kuryr-Controller Restarting on KuryrPort with missing pod
OCPBUGS-2918 - Update Prometheus Alerts
OCPBUGS-2227 - VPA Operator not enabled in 4.12
OCPBUGS-3075 - [4.12] ovn-k network policy races
OCPBUGS-3111 - metal3 pod crashloops on OKD in BareMetal IPI or assisted-installer bare metal installations
OCPBUGS-3694 - [4.12] Router e2e: drop template.openshift.io apigroup dependency
OCPBUGS-3696 - Surface ClusterVersion RetrievedUpdates condition messages
OCPBUGS-3754 - Create Alertmanager silence form does not explain the new “Negative matcher” option
OCPBUGS-2998 - OCP 4.12 Driver Toolkit (DTK) mismatch in kernel package and node kernel versions
OCPBUGS-3398 - 4.12 backport: Unable to configure cluster-wide proxy
OCPBUGS-3464 - IBM operator needs deployment manifest fixes
OCPBUGS-3468 - Disable check_pkt_length in OVN-K for OvS Hardware Offload Cases
OCPBUGS-3479 - [4.12] Baremetal Provisioning fails on HP Gen9 systems due to eTag handling
OCPBUGS-3483 - Minor test fixes related to getting updated profile and checking kubeletconfiguration
OCPBUGS-3493 - [Ingress Node Firewall Operator] [Web Console] Allow user to override namespace where the operator is installed, currently user can install it only in openshift-operators ns
OCPBUGS-3503 - CRD-based and openshift-apiserver-based Route validation/defaulting must use the shared implementation
OCPBUGS-3510 - Update cluster-authentication-operator not to go degraded without console
OCPBUGS-3557 - [4.12] provisioning of baremetal nodes fails when using multipath device as rootDeviceHints
OCPBUGS-3571 - Placeholder bug for OCP 4.12.0 metadata release
OCPBUGS-3650 - EUS upgrade stuck on worker pool update: error running skopeo inspect --no-tags
OCPBUGS-3663 - don’t enforce PSa in 4.12
OCPBUGS-1904 - CSI driver operators are degraded without “CSISnapshot” capability
OCPBUGS-3772 - Default for spec.to.weight missing from Route CRD schema
OCPBUGS-3523 - Operator attempts to render both GA and Tech Preview API Extensions
OCPBUGS-3658 - OVN-Kubernetes should not send IPs with leading zeros to OVN
OCPBUGS-3700 - [osp][octavia lb] NodePort allocation cannot be disabled for LB type svcs
OCPBUGS-3763 - PTP operator: Use priority class node critical
OCPBUGS-3770 - cvo pod crashloop during bootstrap: featuregates: connection refused
OCPBUGS-3927 - “Error loading” when normal user check operands on All namespaces
OCPBUGS-3944 - Handle 0600 kubeconfig
OCPBUGS-3958 - [4.12] Use kernel-rt from ose repo
OCPBUGS-3966 - must-gather namespace should have ?privileged? warn and audit pod security labels besides enforce
OCPBUGS-4001 - fix operator naming convention
OCPBUGS-4004 - Consistent e2e test failure:Events.Events: event view displays created pod
OCPBUGS-4043 - [2109965] oci hook Low-latency-hooks causing high container creation times under platform cpu load
OCPBUGS-4063 - Fails to deprovision cluster when swift omits ‘content-type’
OCPBUGS-4083 - CCM not able to remove a LB in ERROR state
OCPBUGS-4097 - [IPI-BareMetal]: Dual stack deployment failed on BootStrap stage
OCPBUGS-4112 - Remove autoscaling/v2beta2 in 4.12 and later
OCPBUGS-4116 - Re-enable pipeline CI tests
OCPBUGS-3307 - [gcp] when the optional Service Usage API is disabled, IPI installation cannot succeed
OCPBUGS-3348 - 4.12: When adding nodes, the overlapped node-subnet can be allocated.
OCPBUGS-3406 - [gcp][CORS-1774] with both “id” and “project” specified for "privateDNSZone", it seems installer doesn’t horner “project”
OCPBUGS-3437 - cloud-network-config-controller not using proxy settings of the management cluster
OCPBUGS-3455 - track `rhcos-4.12` branch for fedora-coreos-config submodule
OCPBUGS-3459 - Installer does not always add router CA to kubeconfig
OCPBUGS-3504 - [4.12] Incorrect network configuration in worker node with two interfaces
OCPBUGS-3515 - Need validation rule for supported arch
OCPBUGS-3519 - Assisted service should always use first matching mirror for release image
OCPBUGS-3520 - Install ends in preparing-failed due to container-images-available validation
OCPBUGS-3774 - Unable to use application credentials for Cinder CSI after OpenStack credentials update
OCPBUGS-3780 - Route CRD validation behavior must be the same as openshift-apiserver behavior
OCPBUGS-3786 - Should show information on page if the upgrade to a target version doesn’t take effect.
OCPBUGS-3811 - Automation Offline CPUs Test cases
OCPBUGS-3837 - service account token secret reference
OCPBUGS-3851 - [4.12][Dual Stack] ovn-ipsec crashlooping due to cert signing issues
OCPBUGS-3874 - masters repeatedly losing connection to API and going NotReady
OCPBUGS-3875 - Route CRD host-assignment behavior must be the same as openshift-apiserver behavior
OCPBUGS-3878 - RouteTargetReference missing default for “weight” in Route CRD v1 schema
OCPBUGS-3884 - [Ingress Node Firewall] Change the logo used for ingress node firewall operator
OCPBUGS-3889 - Egress router POD creation is failing while using openshift-sdn network plugin
OCPBUGS-3276 - Pin down dependencies on CMO release 4.12
OCPBUGS-4121 - [SNO] csi-snapshot-controller CO is degraded when upgrade from 4.12 to 4.13 and reports permissions issue.
OCPBUGS-2635 - Ingress operator degraded during 3+1 deployment due to insufficient worker nodes
OCPBUGS-3055 - 4.12 backport: Wait-for install-complete did not exit upon completion.
OCPBUGS-3175 - CIRO unable to detect swift when it speaks HTTP2
OCPBUGS-3824 - [4.12] Ipsec pods restart due to liveness probes fail in cluster with more than 150 +
OCPBUGS-3871 - Container networking pods cannot be access hosted network pods on another node in ipv6 single stack cluster
OCPBUGS-4339 - oc get dc fails when AllRequestBodies audit-profile is set in apiserver
OCPBUGS-3333 - Console should be using v1 apiVersion for ConsolePlugin model
OCPBUGS-2896 - Refactor retry logic into a separate pkg
OCPBUGS-4292 - Backport specify resources.requests for operator pod
OCPBUGS-4303 - Backport Specify resources.requests for operator pod
OCPBUGS-4308 - sanitize agent-gather output
OCPBUGS-4311 - [4.12] Improve ironic logging configuration in metal3
OCPBUGS-3956 - CNO reporting incorrect status
OCPBUGS-4040 - Authentication operator doesn’t respond to console being enabled
OCPBUGS-4064 - Install failure in create-cluster-and-infraenv.service
OCPBUGS-4068 - Shouldn’t need to put host data in platform baremetal section in installconfig
OCPBUGS-4117 - Re-enable serverless CI tests
OCPBUGS-4118 - Kube-State-metrics pod fails to start due to panic
OCPBUGS-4183 - Upgrades from 4.11.9 to latest 4.12.x Nightly builds do not succeed
OCPBUGS-4193 - [4.12] etcd failure: failed to make etcd client for endpoints [https://[2620:52:0:1eb:367x:5axx:xxx:xxx]:2379]: context deadline exceeded
OCPBUGS-4195 - PTP 4.12 Regression - CLOCK REALTIME status is locked when physical interface is down
OCPBUGS-4218 - highperformance irq balancing support causes the /etc/sysconfig/irqbalance to slowly grow unbounded
OCPBUGS-4223 - Fix tuning plugin vlan handling
OCPBUGS-4230 - CNCC: Wrong log format for Azure locking
OCPBUGS-4234 - Updating ose-cloud-network-config-controller images to be consistent with ART
OCPBUGS-4235 - Updating ose-cloud-network-config-controller images to be consistent with ART
OCPBUGS-4250 - Backport PodNetworkConnectivityCheck for must-gather
OCPBUGS-3798 - [4.12] Bump OVS control plane to get “ovsdb/transaction.c: Refactor assess_weak_refs.”
OCPBUGS-1994 - Unrevert needed for jsonnet deps update PR
OCPBUGS-3249 - CVE-2022-27191 ose-installer-container: golang: crash in a golang.org/x/crypto/ssh server [openshift-4]
OCPBUGS-3378 - [OVN]Sometimes after reboot egress node, egress IP cannot be applied anymore.
OCPBUGS-3390 - [release-4.12] 4.11 SNOs fail to complete install because of “failed to get pod annotation: timed out waiting for annotations: context deadline exceeded”
OCPBUGS-3397 - Avoid re-metric’ing the pods that are already setup when ovnkube-master disrupts/reinitializes/restarts/goes through leader election
OCPBUGS-3442 - Datastore name is too long
OCPBUGS-4505 - [4.12] Pod stuck in containerCreating state when the node on which it is running is Terminated
OCPBUGS-4526 - hypershift: csi-snapshot-controller uses wrong kubeconfig
OCPBUGS-4527 - hypershift: aws-ebs-csi-driver-operator uses wrong kubeconfig
OCPBUGS-4544 - Remove debug level logging on openshift-config-operator
OCPBUGS-4554 - [4.12] OVN silently failing in case of a stuck pod
OCPBUGS-4660 - Debug log messages missing from output and Info messages malformed
OCPBUGS-4251 - HyperShift control plane operators have wrong priorityClass
OCPBUGS-4299 - Backport Specify resources.requests for operator pod
OCPBUGS-4342 - The storage account for the CoreOS image is publicly accessible when deploying fully private cluster on Azure
OCPBUGS-4356 - Reply packet for DNS conversation to service IP uses pod IP as source
OCPBUGS-4361 - [release-4.12] bp ovnkube-trace changes to 4.12
OCPBUGS-4365 - `oc-mirror` will hit error when use docker without namespace for OCI format mirror
OCPBUGS-4366 - Update Kubernetes to 1.25.4
OCPBUGS-4369 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13
OCPBUGS-4379 - apply retry logic to ovnk-node controllers
OCPBUGS-4397 - Route/v1 defaulting for target kind and termination must be sharable between openshift-apiserver and kube-apiserver
OCPBUGS-4399 - Adding back SKIP_INTERFACES
OCPBUGS-4421 - Dockerfile for building ironic-image for OKD does not take into account variant scos
OCPBUGS-4422 - Implement LIST call chunking in openshift-sdn
OCPBUGS-4431 - KubePodNotReady - Increase Tolerance During Master Node Restarts
OCPBUGS-4453 - metal-ipi upgrade success rate dropped 30+% in last week
OCPBUGS-4458 - Node Terminal tab results in error
OCPBUGS-4479 - [4.12] Dockerfile for building ironic-image for OKD does not take into account variant scos
OCPBUGS-4484 - `oc-mirror` will hit error when use docker without namespace for OCI format mirror
OCPBUGS-4488 - Prometheus and Alertmanager incorrect ExternalURL configured
OCPBUGS-4489 - Prometheus continuously restarts due to slow WAL replay
OCPBUGS-4499 - CSR are generated with incorrect Subject Alternate Names
OCPBUGS-4504 - Default to floating automaticRestart for new GCP instances
OCPBUGS-4199 - route-controller-manager not creating routes in 4.12
OCPBUGS-4627 - doc link in PrometheusDataPersistenceNotConfigured message is 4.8
OCPBUGS-3841 - Remove flowcontrol/v1beta1 release manifests in 4.12 and later
OCPBUGS-4048 - Prometheus doesn’t reload TLS certificate and key files on disk
OCPBUGS-2927 - CI jobs are failing with: admission webhook “validation.csi.vsphere.vmware.com” denied the request
OCPBUGS-4414 - [OCI feature] registries.conf support in oc mirror
OCPBUGS-4840 - [4.12] The property TransferProtocolType is required for VirtualMedia.InsertMedia
OCPBUGS-4884 - [4.12] Pods completed + deleted may leak
OCPBUGS-4911 - [Azure]Availability Set will be created when vmSize is invalid in a region which has zones
OCPBUGS-4951 - OLM K8s Dependencies should be at 1.25
OCPBUGS-4547 - CVE-2021-38561 ose-installer-container: golang: out-of-bounds read in golang.org/x/text/language leads to DoS [openshift-4]
OCPBUGS-4599 - Bump samples operator k8s dep to 1.25.2 for 4.12
OCPBUGS-4601 - `oc-mirror` does not work as expected relative path for OCI format copy
OCPBUGS-4637 - Support RHOBS monitoring for HyperShift in CNO
OCPBUGS-4653 - [4.12] Fixes for RHCOS 9 based on RHEL 9.0
OCPBUGS-4667 - vsphere-hostname should check that /etc/hostname is not empty
OCPBUGS-4681 - [release-4.12] remove unnecessary RBAC in KCM
OCPBUGS-4698 - Some nmstate validations are skipped when NM config is in agent-config.yaml
OCPBUGS-4721 - GCP: missing me-west1 region
OCPBUGS-4760 - [4.12] Network Policy executes duplicate transactions for every pod update
OCPBUGS-4766 - limit cluster-policy-controller RBAC permissions
OCPBUGS-4779 - Update openshift/builder release-4.12 to go1.19
OCPBUGS-4783 - [4.12] egressIP annotations not present on OpenShift on Openstack multiAZ installation
OCPBUGS-4784 - [4.12] egressIP annotation including two interfaces when multiple networks
OCPBUGS-4796 - OLM generates invalid component selector labels
OCPBUGS-4803 - Update formatting with gofmt for go1.19
OCPBUGS-4805 - Empty/missing node-sizing SYSTEM_RESERVED_ES parameter can result in kubelet not starting
OCPBUGS-4808 - Use shared library in admission to default Routes served via CRD
OCPBUGS-4837 - [4.12] Pod LSP missing from PortGroup
OCPBUGS-3890 - [ibmcloud] unclear error msg when zones is not match with the Subnets in BYON install
OCPBUGS-3930 - Local Storage Operator (LSO) not available in OperatorHub for OCP 4.12 on Z ec.5 and rc.0 builds
OCPBUGS-4503 - [4.12] [OVNK] Add support for service session affinity timeout
OCPBUGS-2052 - [4.12] boot sequence override request fails with Base.1.8.PropertyNotWritable on Lenovo SE450
OCPBUGS-4286 - [4.12] ovn-kubernetes ovnkube-master containers crashlooping after 4.11.0-0.okd-2022-10-15-073651 update
OCPBUGS-4407 - Update Cluster Sample Operator dependencies and libraries for OCP 4.13
OCPBUGS-3639 - The architecture field in sig image definition for hyperVGeneration V1 needs to match rhcos_image architecture
OCPBUGS-4035 - Topology gets stuck loading
OCPBUGS-4189 - Route CRD vs. OCP defaulting disparity
OCPBUGS-3037 - [apiserver-auth] default SCC restricted allow volumes don’t have “ephemeral” caused deployment with Generic Ephemeral Volumes stuck at Pending
OCPBUGS-4098 - [4.12] Egress IP Health Check Is Not Compatible With VF (Hardware Backed) Management Port
OCPBUGS-4686 - Removal of detection of host kubelet kubeconfig breaks IBM Cloud ROKS
OCPBUGS-4696 - [4.12] SNO not able to bring up Provisioning resource in 4.11.17
OCPBUGS-4763 - Revert Catalog PSA decisions for 4.13 (Marketplace)
OCPBUGS-5100 - virtual media provisioning fails when iLO Ironic driver is used
OCPBUGS-3881 - Revert Catalog PSA decisions for 4.12
OCPBUGS-4013 - On Make Serverless page, to change values of the inputs minpod, maxpod and concurrency fields, we need to click the ? + ? or ? - ', it can’t be changed by typing in it.
OCPBUGS-3311 - [alibabacloud] IPI installation failed with master nodes being NotReady and CCM error “alicloud: unable to split instanceid and region from providerID”
OCPBUGS-4362 - Hard eviction thresholds is different with k8s default when PAO is enabled
OCPBUGS-2152 - RHCOS VM fails to boot on IBM Power (ppc64le) - 4.12
OCPBUGS-2995 - [4.12] Unable to gather OpenStack console logs since kernel cmd line has no console args
OCPBUGS-2997 - [4.12] Bootimage bump tracker
OCPBUGS-4789 - [OCP 4.12] ironic container images have old packages
OCPBUGS-4847 - OnDelete update strategy create two replace machines when deleting a master machine
OCPBUGS-4869 - AWS Deprovision Fails with unrecognized elastic load balancing resource type listener
OCPBUGS-5019 - Fails to deprovision cluster when swift omits ‘content-type’ and there are empty containers
OCPBUGS-5067 - [4.12] coreos-installer output not available in the logs
OCPBUGS-4897 - Developer Topology always blanks with large contents when first rendering
OCPBUGS-4943 - Need to wait longer for VM to obtain IP from DHCP
OCPBUGS-5072 - [4.12] ironic-proxy daemonset not deleted when provisioningNetwork is changed from Disabled to Managed/Unmanaged
OCPBUGS-5143 - provisioning on ilo4-virtualmedia BMC driver fails with error: “Creating vfat image failed: Unexpected error while running command”
OCPBUGS-5156 - [release-4.12] Azure: unable to configure EgressIP if an ASG is set
OCPBUGS-5185 - Dev Sandbox clusters uses clusterType OSD and there is no way to enforce DEVSANDBOX
OCPBUGS-5190 - Installer - provisioning interface on master node not getting ipv4 dhcp ip address from bootstrap dhcp server on OCP IPI BareMetal install
OCPBUGS-5191 - Add support for API version v1beta1 for knativeServing and knativeEventing
OCPBUGS-5253 - Missing ‘ImageContentSourcePolicy’ and ‘CatalogSource’ in the oci fbc feature implementation
OCPBUGS-5289 - Multus: Interface name contains an invalid character / [ocp 4.12]
OCPBUGS-4383 - Don’t log in iterateRetryResources when there are no retry entries
OCPBUGS-4478 - Backport: Guard Pod Hostnames Too Long and Truncated Down Into Collisions With Other Masters
OCPBUGS-4533 - [release-4.12] OVNK: NAT issue for packets exceeding check_pkt_larger() for NodePort services that route to hostNetworked pods
OCPBUGS-4649 - No indication of early installation failures
OCPBUGS-5387 - EUS upgrade: rpm-ostree clean up timeout was reached
OCPBUGS-3293 - WriteRequestBodies audit profile records routes/status events at RequestResponse level
OCPBUGS-3379 - [release-4.12] CephCluster and StorageCluster resources use the same paths
OCPBUGS-3899 - [2035720] [IPI on Alibabacloud] deploying a private cluster by ‘publish: Internal’ failed due to ‘dns_public_record’
OCPBUGS-5417 - Upgrade from 4.11 to 4.12 with Windows machine workers (Spot Instances) failing due to: hcnCreateEndpoint failed in Win32: The object already exists.
OCPBUGS-4962 - openshift-install agent wait-for install-complete errors out before the cluster installation completes
OCPBUGS-3651 - DaemonSet “/openshift-network-diagnostics/network-check-target” is not available
OCPBUGS-5455 - Baremetal host data is still sometimes required
OCPBUGS-5474 - [4.12]Default CatalogSource aren’t created in restricted mode
OCPBUGS-5384 - Old AWS boot images vs. 4.12: unknown provider ‘ec2’
OCPBUGS-5442 - Placeholder bug for OCP 4.12.0 microshift release
OCPBUGS-5444 - Reported vSphere Connection status is misleading

CVEs

CVE-2021-4235
CVE-2021-22570
CVE-2021-38561
CVE-2022-1705
CVE-2022-2879
CVE-2022-2880
CVE-2022-2995
CVE-2022-3162
CVE-2022-3172
CVE-2022-3259
CVE-2022-3466
CVE-2022-21698
CVE-2022-24302
CVE-2022-27664
CVE-2022-30631
CVE-2022-32148
CVE-2022-32189
CVE-2022-32190
CVE-2022-41316
CVE-2022-41715
CVE-2022-42010
CVE-2022-42011
CVE-2022-42012
CVE-2022-42898
CVE-2023-0296

Red Hat OpenShift Container Platform 4.12 for RHEL 9

SRPM

x86_64

Red Hat OpenShift Container Platform 4.12 for RHEL 8

SRPM

x86_64

Red Hat OpenShift Container Platform for Power 4.12 for RHEL 9

SRPM

ppc64le

Red Hat OpenShift Container Platform for Power 4.12 for RHEL 8

SRPM

ppc64le

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 9

SRPM

s390x

Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.12 for RHEL 8

SRPM

s390x

Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 9

SRPM

aarch64

Red Hat OpenShift Container Platform for ARM 64 4.12 for RHEL 8

SRPM

aarch64

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.

11 months ago

Headline

RHSA-2022:7399: Red Hat Security Advisory: OpenShift Container Platform 4.12.0 bug fix and security update

Related news

Red Hat Security Data: Latest News