# 4.14.3 Created: 2023-11-16 13:54:50 +0000 UTC Image Digest: `sha256:8a1d195efbc3caf07a47b4d285166cd7c73337c90f191986bec8beb6ee27b4f4` Promoted from registry.ci.openshift.org/ocp-arm64/release-arm64:4.14.0-0.nightly-arm64-2023-11-15-111507 ## Changes from 4.14.2 ### Components * Kubernetes 1.27.6 * Red Hat Enterprise Linux CoreOS upgraded from 414.92.202311061957-0 to 414.92.202311150705-0 ### Rebuilt images without code change * [driver-toolkit](https://github.com/openshift/driver-toolkit) git [cafed17b](https://github.com/openshift/driver-toolkit/commit/cafed17b0c2b4cf8d8310304888787ed7adf7474) `sha256:5d8f215f79ae57a23d2627062e6ee08c48bf77ae17e1ac969d5cc0b6ce5295a4` * [ironic-machine-os-downloader](https://github.com/openshift/ironic-rhcos-downloader) git [7b56c306](https://github.com/openshift/ironic-rhcos-downloader/commit/7b56c30661e39b212fc632e8e184c70b14dcf3a2) `sha256:2a764e7c35d27cdd87479326ffbc2eaa85f8d81256fcc1415684d38e22a723c1` * machine-os-content `sha256:13ea0be8c7a75acb98f5b4a0e776581626aa42219162f10243a399d0e14dae0c` * [machine-os-images](https://github.com/openshift/machine-os-images) git [d3a4a6c3](https://github.com/openshift/machine-os-images/commit/d3a4a6c3b46e26fa260de80465b45879311e23c4) `sha256:c5d1c78280f88bd8989dace00be9b0b4cdf0c03f6159b7e367241afc6e6f2be9` * rhel-coreos `sha256:88b781046c1b66630f2f603b68d53449e6b9a30f287008b495bf02eb430780be` * rhel-coreos-extensions `sha256:a61058ebef9afda3cfd3cd7290690d60055ef7d393cc061128cf29cb3d08c116` ### [alibaba-cloud-controller-manager, alibaba-cloud-csi-driver, alibaba-disk-csi-driver-operator, alibaba-machine-controllers, csi-driver-manila, csi-driver-manila-operator, csi-driver-nfs, hyperkube, ibm-cloud-controller-manager, ibm-vpc-block-csi-driver, ibm-vpc-block-csi-driver-operator, ibm-vpc-node-label-updater, ibmcloud-cluster-api-controllers, ibmcloud-machine-controllers, kuryr-cni, kuryr-controller, nutanix-cloud-controller-manager, nutanix-machine-controllers, pod, powervs-block-csi-driver, powervs-block-csi-driver-operator, powervs-cloud-controller-manager, powervs-machine-controllers, vsphere-cloud-controller-manager, vsphere-csi-driver, vsphere-csi-driver-operator, vsphere-csi-driver-syncer, vsphere-problem-detector](https://github.com/openshift/kubernetes/tree/b49f9d1356bca4e8dd206a3b019184beffd88153) * [OCPBUGS-22861](https://issues.redhat.com/browse/OCPBUGS-22861): UPSTREAM: <carry>: support for both icsp and idms objects [#1780](https://github.com/openshift/kubernetes/pull/1780) * [Full changelog](https://github.com/openshift/kubernetes/compare/f67aeb31c9b95fd8998de8b895ac91bfdf733b2e...b49f9d1356bca4e8dd206a3b019184beffd88153) ### [aws-pod-identity-webhook](https://github.com/openshift/aws-pod-identity-webhook/tree/3aa931a62aba6d245d7411e83709820dc8636ede) * NO-ISSUE: Sync OWNERS with team members [#176](https://github.com/openshift/aws-pod-identity-webhook/pull/176) * [Full changelog](https://github.com/openshift/aws-pod-identity-webhook/compare/8cc7a270f0b05bbb12bb9cb708a408b044d532a6...3aa931a62aba6d245d7411e83709820dc8636ede) ### [baremetal-installer, installer, installer-artifacts](https://github.com/openshift/installer/tree/cebc8ab0fd6f8b66197f5a4e058ea4913dbb587c) * [OCPBUGS-21868](https://issues.redhat.com/browse/OCPBUGS-21868): vSphere,segfault on version check [#7605](https://github.com/openshift/installer/pull/7605) * [OCPBUGS-22945](https://issues.redhat.com/browse/OCPBUGS-22945): Update gcloud version to 447.0.0 [#7681](https://github.com/openshift/installer/pull/7681) * [Full changelog](https://github.com/openshift/installer/compare/c0f108be993307e519f8847264d06bc99a9cc7ad...cebc8ab0fd6f8b66197f5a4e058ea4913dbb587c) ### [cluster-etcd-operator](https://github.com/openshift/cluster-etcd-operator/tree/6bc9eabed8465234b1566cf001b6215e267abff5) * [OCPBUGS-22477](https://issues.redhat.com/browse/OCPBUGS-22477): Remove z-upgrades from UpgradeBackupController [#1140](https://github.com/openshift/cluster-etcd-operator/pull/1140) * [OCPBUGS-21802](https://issues.redhat.com/browse/OCPBUGS-21802): remove revision stability check from bootstrap complet… [#1138](https://github.com/openshift/cluster-etcd-operator/pull/1138) * [Full changelog](https://github.com/openshift/cluster-etcd-operator/compare/578c95262a46337d6dddbba1b3432b0ae10aca5e...6bc9eabed8465234b1566cf001b6215e267abff5) ### [cluster-monitoring-operator](https://github.com/openshift/cluster-monitoring-operator/tree/94ddd62daa1ed729055e97b76e07745aa02098fd) * [OCPBUGS-21473](https://issues.redhat.com/browse/OCPBUGS-21473): Set the new --disable-http2 flag for prometheus-adapter to disable HTTP2 [#2147](https://github.com/openshift/cluster-monitoring-operator/pull/2147) * [OCPBUGS-22917](https://issues.redhat.com/browse/OCPBUGS-22917): jsonnet: pin commits [#2143](https://github.com/openshift/cluster-monitoring-operator/pull/2143) * [Full changelog](https://github.com/openshift/cluster-monitoring-operator/compare/ab06fd34f9f152f6b7b65953ea40bab8182c03e9...94ddd62daa1ed729055e97b76e07745aa02098fd) ### [cluster-node-tuning-operator](https://github.com/openshift/cluster-node-tuning-operator/tree/1e657ecbea8f26902473968d60d4c0d8dd2433e0) * render: change dir path (#826) [#826](https://github.com/openshift/cluster-node-tuning-operator/pull/826) * [Full changelog](https://github.com/openshift/cluster-node-tuning-operator/compare/9669c589ed742813a59b54028daae3972b51c6ee...1e657ecbea8f26902473968d60d4c0d8dd2433e0) ### [console](https://github.com/openshift/console/tree/60b4100a67a915c3bb6345f14815354a17da938c) * [OCPBUGS-22980](https://issues.redhat.com/browse/OCPBUGS-22980): remove expandable toggle for conditional update risk d… [#13308](https://github.com/openshift/console/pull/13308) * [Full changelog](https://github.com/openshift/console/compare/92b8759d475ff76a2b7f91cfaf0400b25cd7963c...60b4100a67a915c3bb6345f14815354a17da938c) ### [container-networking-plugins](https://github.com/openshift/containernetworking-plugins/tree/7295a5e0d5b273bd02a9cab8237928bf2957b383) * [OCPBUGS-20374](https://issues.redhat.com/browse/OCPBUGS-20374): build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 [backport 4.14] [#129](https://github.com/openshift/containernetworking-plugins/pull/129) * [Full changelog](https://github.com/openshift/containernetworking-plugins/compare/463386589579bd9e74578b3c0fb278840570cd0f...7295a5e0d5b273bd02a9cab8237928bf2957b383) ### [csi-driver-shared-resource, csi-driver-shared-resource-webhook](https://github.com/openshift/csi-driver-shared-resource/tree/3ffcdcf8b2519009797f871c9c33beae2d5328ed) * [OCPBUGS-23111](https://issues.redhat.com/browse/OCPBUGS-23111): Should reference configmaps instead of secrets [#152](https://github.com/openshift/csi-driver-shared-resource/pull/152) * [Full changelog](https://github.com/openshift/csi-driver-shared-resource/compare/740b4427f2c3d72f47c0cd7b9af6b9c51c009c31...3ffcdcf8b2519009797f871c9c33beae2d5328ed) ### [csi-driver-shared-resource-operator](https://github.com/openshift/csi-driver-shared-resource-operator/tree/a351354201f3ea7ef0bbf49ad0d57f34a40a8149) * [OCPBUGS-23078](https://issues.redhat.com/browse/OCPBUGS-23078): CVE-2023-44487: bump github.com/openshift/library-go to release-4.14 [#91](https://github.com/openshift/csi-driver-shared-resource-operator/pull/91) * [Full changelog](https://github.com/openshift/csi-driver-shared-resource-operator/compare/73ddf3e313dbcec4238657af9b4237b405b16c4a...a351354201f3ea7ef0bbf49ad0d57f34a40a8149) ### [docker-registry](https://github.com/openshift/image-registry/tree/690b5a215111ec83d1368ce14d63152d917e0392) * [OCPBUGS-22826](https://issues.redhat.com/browse/OCPBUGS-22826): Allow ICSP IDMS coexisting [#385](https://github.com/openshift/image-registry/pull/385) * [Full changelog](https://github.com/openshift/image-registry/compare/5e7788a16fbbf051c16f28d590905a8f69cd29ac...690b5a215111ec83d1368ce14d63152d917e0392) ### [gcp-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-gcp/tree/d99fb31aa7280f6b5da00880a64b4774600817a2) * [OCPBUGS-17290](https://issues.redhat.com/browse/OCPBUGS-17290), [OCPBUGS-21417](https://issues.redhat.com/browse/OCPBUGS-21417): Bump golang.org/x/net to v0.17.0 [#203](https://github.com/openshift/cluster-api-provider-gcp/pull/203) * [Full changelog](https://github.com/openshift/cluster-api-provider-gcp/compare/38e337585cf606957429f7043db1a57cda34fcec...d99fb31aa7280f6b5da00880a64b4774600817a2) ### [hypershift](https://github.com/openshift/hypershift/tree/8551bc6d8d2970d239c2c64237b80c41e075cf8d) * [OCPBUGS-23027](https://issues.redhat.com/browse/OCPBUGS-23027): Configure HSTS for kube-apiserver [#3169](https://github.com/openshift/hypershift/pull/3169) * NO-JIRA: chore(deps): update rhtap references (release-4.14) [#3085](https://github.com/openshift/hypershift/pull/3085) * [OCPBUGS-23142](https://issues.redhat.com/browse/OCPBUGS-23142): adding permission to CNO RBAC Calico path for network-node-identity deploy [#3182](https://github.com/openshift/hypershift/pull/3182) * [OCPBUGS-22295](https://issues.redhat.com/browse/OCPBUGS-22295): Added brackets to the kubeconfig server address when IPv6 [#3117](https://github.com/openshift/hypershift/pull/3117) * [Full changelog](https://github.com/openshift/hypershift/compare/f1acb057fd8934defd54ae8f6e51104c6fa1dc7b...8551bc6d8d2970d239c2c64237b80c41e075cf8d) ### [ironic](https://github.com/openshift/ironic-image/tree/5ec3ad0af7e7d29c409a3b14b20117144a0725c2) * [OCPBUGS-14926](https://issues.redhat.com/browse/OCPBUGS-14926): Handle Eject DVD 4.14 [#415](https://github.com/openshift/ironic-image/pull/415) * [OCPBUGS-22253](https://issues.redhat.com/browse/OCPBUGS-22253): Use bash process substitution instead of pipe [#411](https://github.com/openshift/ironic-image/pull/411) * [Full changelog](https://github.com/openshift/ironic-image/compare/5c6d6ee69ac7c37989ab891332ed2612217e753d...5ec3ad0af7e7d29c409a3b14b20117144a0725c2) ### [k8s-prometheus-adapter](https://github.com/openshift/k8s-prometheus-adapter/tree/801a912b3a60d7e840fb1ff38b5ca992f47327fd) * [OCPBUGS-21473](https://issues.redhat.com/browse/OCPBUGS-21473): Add a toggle to disable HTTP/2 on the server to mitigate CVE-2023-44487 [#89](https://github.com/openshift/k8s-prometheus-adapter/pull/89) * [Full changelog](https://github.com/openshift/k8s-prometheus-adapter/compare/428bb46ca455d22477df7fb62e7a63d2a48fcfbc...801a912b3a60d7e840fb1ff38b5ca992f47327fd) ### [machine-api-operator](https://github.com/openshift/machine-api-operator/tree/e8e6a66b620e9f57262e96a599da0298fe7e858b) * [OCPBUGS-17297](https://issues.redhat.com/browse/OCPBUGS-17297): [release-4.14] Update x/net to fix CVE [#1173](https://github.com/openshift/machine-api-operator/pull/1173) * [Full changelog](https://github.com/openshift/machine-api-operator/compare/525f8e5b89947b38ce07a6a6a3d194bf780d5075...e8e6a66b620e9f57262e96a599da0298fe7e858b) ### [multus-networkpolicy](https://github.com/openshift/multus-networkpolicy/tree/2440eebf5a922691e0dd483bbcddf00e9f63eb16) * [OCPBUGS-21454](https://issues.redhat.com/browse/OCPBUGS-21454): Update go.mod for CVE-2023-39325 (#33) [#33](https://github.com/openshift/multus-networkpolicy/pull/33) * [Full changelog](https://github.com/openshift/multus-networkpolicy/compare/0d76ba791dc3432c51c9a9fa6b95e41034af7988...2440eebf5a922691e0dd483bbcddf00e9f63eb16) ### [network-metrics-daemon](https://github.com/openshift/network-metrics-daemon/tree/64dbc3bf37824f0b32e73cdceabc497505876b24) * Update the k8s dependencies to 1.27.7 (#82) [#82](https://github.com/openshift/network-metrics-daemon/pull/82) * [Full changelog](https://github.com/openshift/network-metrics-daemon/compare/5fd1f2dd60022b33fcd989ba80b8a23d19b890b0...64dbc3bf37824f0b32e73cdceabc497505876b24) ### [openshift-apiserver](https://github.com/openshift/openshift-apiserver/tree/8e1cc19354fb9caa57a454f7fa3f883e73252083) * [OCPBUGS-20150](https://issues.redhat.com/browse/OCPBUGS-20150): pkg/image: avoid unnecessary service lookups when registry is removed [#393](https://github.com/openshift/openshift-apiserver/pull/393) * [Full changelog](https://github.com/openshift/openshift-apiserver/compare/064c2d0ef0ecaeda2bcc4387eaaa7258cee5adcf...8e1cc19354fb9caa57a454f7fa3f883e73252083) ### [service-ca-operator](https://github.com/openshift/service-ca-operator/tree/3c3f82f7112ee4b5656e5c554f9887acdf881175) * [OCPBUGS-21066](https://issues.redhat.com/browse/OCPBUGS-21066): go.mod: bump golang.org/x/net to v0.17.0 [#224](https://github.com/openshift/service-ca-operator/pull/224) * [Full changelog](https://github.com/openshift/service-ca-operator/compare/030a429b314d772b7cc7a1dd9af2073988a5b0a5...3c3f82f7112ee4b5656e5c554f9887acdf881175) ### [tests](https://github.com/openshift/origin/tree/84755239b515ba590d8556f4429c2fe720b6dd45) * [OCPBUGS-23042](https://issues.redhat.com/browse/OCPBUGS-23042): tolerate AWS edge nodes on monitor tests [#28387](https://github.com/openshift/origin/pull/28387) * [OCPBUGS-23145](https://issues.redhat.com/browse/OCPBUGS-23145): Bump watch requests for cluster-baremetal-operator [#28385](https://github.com/openshift/origin/pull/28385) * trt-1340: backport exact and disable monitor tests options to 4.14 [#28391](https://github.com/openshift/origin/pull/28391) * [OCPBUGS-19923](https://issues.redhat.com/browse/OCPBUGS-19923): Updating parameters for build timing PushImage test [#28291](https://github.com/openshift/origin/pull/28291) * [Full changelog](https://github.com/openshift/origin/compare/81a21f13b787689fa2c9ee9d0c4e7277424367be...84755239b515ba590d8556f4429c2fe720b6dd45)