-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.13.5 security update
Advisory ID:       RHSA-2023:4091-01
Product:           Red Hat OpenShift Enterprise
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4091
Issue date:        2023-07-20
CVE Names:         CVE-2022-4304 CVE-2022-4450 CVE-2022-41717 
                   CVE-2022-41723 CVE-2022-46663 CVE-2023-0215 
                   CVE-2023-0361 CVE-2023-0464 CVE-2023-0465 
                   CVE-2023-0466 CVE-2023-1255 CVE-2023-1260 
                   CVE-2023-2253 CVE-2023-2650 CVE-2023-2700 
                   CVE-2023-3089 CVE-2023-24329 CVE-2023-24534 
                   CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 
                   CVE-2023-24539 CVE-2023-27561 CVE-2023-29400 
                   CVE-2023-32067 
====================================================================
1. Summary:

Red Hat OpenShift Container Platform release 4.13.5 is now available with
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container
Platform 4.13.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container
Platform 4.13.5 See the following advisory for the RPM packages for this
release:

https://access.redhat.com/errata/RHSA-2023:4093

Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

Security Fix(es):

* golang: net/http: excessive memory growth in a Go server accepting HTTP/2
requests (CVE-2022-41717)

* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK
decoding (CVE-2022-41723)

* distribution/distribution: DoS from malicious API request (CVE-2023-2253)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

All OpenShift Container Platform 4.13 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.13 see the following documentation,
which will be updated shortly for this release, for important instructions
on how to upgrade your cluster and fully apply this asynchronous errata
update:
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

You may download the oc tool and use it to inspect release image metadata
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests
may be found at
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags

The sha values for the release are:

(For x86_64 architecture)
The image digest is
sha256:af19e94813478382e36ae1fa2ae7bbbff1f903dded6180f4eb0624afe6fc6cd4

(For s390x architecture)
The image digest is
sha256:d4d2c747fade057e55f64e02a34bb752bd2cd1484b02f029d0842d346f872870

(For ppc64le architecture)
The image digest is
sha256:48466f0b7c86292379c5d987ec37f0d4a4cc26a69357374e127a7293b230c943

(For aarch64 architecture)
The image digest is
sha256:e9afcbe007e2440d2b862dc7709138df73dd851421d69c7f39f195301e0cda53

All OpenShift Container Platform 4.13 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift Console
or the CLI oc command. Instructions for upgrading a cluster are available
at
https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests
2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding
2189886 - CVE-2023-2253 distribution/distribution: DoS from malicious API request

5. JIRA issues fixed (https://issues.redhat.com/):

OCPBUGS-10326 - Re-enable operator-install-single-namespace.spec.ts test
OCPBUGS-11143 - [Azure] Replace master failed as new master did not add into lb backend 
OCPBUGS-11974 - User telemetry is broken (inaccurate) due to the fact that page titles are not unique.
OCPBUGS-12206 - [4.13] Keep systemd journal using LZ4 compression (via new env var)
OCPBUGS-12256 - ptp operator socket management need rework since a few test case fails due to cleaning up the file before other processes are terminated.
OCPBUGS-12743 - [4.13] SNO cluster deployment failing due to authentication and console CO in degraded state
OCPBUGS-12785 - [release-4.13] Enable/Disable plugin options are not shown on Operator details page
OCPBUGS-13311 - Kubelet CA file not written by MCD firstboot
OCPBUGS-13323 - [4.13] Bootimage bump tracker
OCPBUGS-13642 - [release-4.13] OLM k8sResourcePrefix x-descriptor dropdown unexpectedly clears selections
OCPBUGS-13747 - [4.13] cgroupv1 support for cpu balancing is broken for non-SNO nodes
OCPBUGS-13752 - AdditionalTrustBundle is only included when doing mirroring
OCPBUGS-13809 - OVN image pre-puller pod uses `imagePullPolicy: Always` and blocks upgrade when there is no registry
OCPBUGS-13812 - [azure] Installer doesn't validate diskType on ASH which lead to install fails with unsupported disktype
OCPBUGS-14030 - Invalid CA certificate bundle provided by service account token
OCPBUGS-14166 - Make Serverless form is broken
OCPBUGS-14189 - Route Checkbox getting checked even if it is unchecked during editing the Serverless Function form
OCPBUGS-14251 - Add new console metrics to cluster-monitoring-operator telemetry configuration (4.13)
OCPBUGS-14267 - [Openshift Pipelines] Metrics page is broken
OCPBUGS-14310 - Could not import multiple resources via JSON (while YAML supports this)
OCPBUGS-14318 - [release-4.13] gather podDisruptionBudget only from openshift namespaces
OCPBUGS-14336 - [Openshift Pipelines] Link to Openshift Route from service is breaking because of hardcoded value of targetPort
OCPBUGS-14426 - Failed to list Kepler CSV
OCPBUGS-14459 - The MCD repeats a "State and Reason" log line even when nothing is happening
OCPBUGS-14482 - Sync RHEL9 Dockerfiles to regular Dockerfiles
OCPBUGS-14598 - Update Jenkins to use 4.13 images
OCPBUGS-14773 - (release-4.13) gather "gateway-mode-config" config map from "openshift-network-operator" namespace
OCPBUGS-14867 - When installing SNO with bootstrap in place it takes cluster-policy-controller 6 minutes to acquire the leader lease
OCPBUGS-14916 - images: RHEL-8-based container image is broken
OCPBUGS-14943 - visiting Configurations page returns error Cannot read properties of undefined (reading 'apiGroup')
OCPBUGS-15031 - (release-4.13) Insights config not correctly deserialized
OCPBUGS-15101 - IngressVIP getting attach to two nodes at once
OCPBUGS-15130 - Helm Repository "Edit" button results in 404
OCPBUGS-15139 - The whereabouts-reconciler should not set an hard-coded node selector on the kubernetes.io/architecture label
OCPBUGS-15161 - CPMS: Surface cpms vs machine diff
OCPBUGS-15171 - CPO doesn't skip AWS resource deletion for 'Unknown' OIDC state
OCPBUGS-15187 - images: RHEL-8 container image is missing `xz`
OCPBUGS-15224 - [4.13] openvswitch user is not in the hugetblfs group
OCPBUGS-15225 - while/after upgrading to OKD 4.11 2023-01-14 CoreDNS has a problem with UDP overflows
OCPBUGS-15228 - Create helm release page doesn't show a YAML editor when schema isn't available (httpd-imagestreams chart)
OCPBUGS-15230 - Allow installer to use existing Azure NSG during OpenShift IPI install
OCPBUGS-15246 - Bump to kubernetes 1.26.6
OCPBUGS-15281 - Leftover IngressController Preventing Clean Uninstall
OCPBUGS-15289 - GCP XPN Installs Require bindPrivateDNSZone Permission in host project
OCPBUGS-15330 - CPMSO: fix linting issue comment in test
OCPBUGS-15335 - PipelineRun failed with log 'Tasks Completed: 3 (Failed: 1, Cancelled 0), Skipped: 1.'
OCPBUGS-15360 - Serverless functions UI warning is misleading
OCPBUGS-15372 - [4.13z] Duplicate acls cause network policy failure for namespaces with long names (>61 chars)
OCPBUGS-15376 - [4.13] Cleanup Tech debt: remove unused repo code
OCPBUGS-15410 - [release-4.13] Add Git Repository (PAC) doesn't setup GitLab and Bitbucket configuration correct
OCPBUGS-15434 - [GWAPI] [4.13.z] The DNS provider failed to ensure the record, invalid value for name (gcp)
OCPBUGS-15457 - python-grpcio and python-protobuf are unneeded dependencies
OCPBUGS-15463 - [release-4.13] Unable to set protectKernelDefaults from "true" to "false" in kubelet.conf [release-4.13]
OCPBUGS-15465 - [CI Watcher] Testing uninstall of Business Automation Operator "attempts to uninstall the Operator and delete all Operand Instances, shows 'Error Deleting Operands' alert"
OCPBUGS-15476 - Network Operator not setting its version and blocking upgrade completion
OCPBUGS-15481 - [CI Watcher] Broken pipeline-plugin e2e tests: PipelineResource CRD isn't installed anymore
OCPBUGS-15512 - HCP Service Loadbalancer uses default SecurityGroup
OCPBUGS-15515 - CI fails on TestAWSELBConnectionIdleTimeout
OCPBUGS-15557 - TUI stuck on agent installer network boot setup
OCPBUGS-15580 - updated nmstate builds will not work for MCO
OCPBUGS-15585 - [4.13] Cannot fix a misconfigured Egress Firewall
OCPBUGS-15586 - [4.13] NetworkPolicy not working as expected when allowing inbound traffic from any namespace
OCPBUGS-15589 - Dynamic conversion webhook clientConfig not retained as operator installs
OCPBUGS-15591 - GCP bootstrap VM should allow SecureBoot setting on 4.13 clustersOCPBUGS-15606 - Can't use git lfs in BuildConfig git source with strategy Docker
OCPBUGS-15608 - [release-4.13] Clean up old RHEL9 dockerfiles to reduce confusion
OCPBUGS-15720 - Helm Chart installation form hangs on create if JSON-schema is using 2019-09 or 2020-20 standard revisions
OCPBUGS-15721 - Helm Chart installation form hangs on create if JSON-schema contains unknown value format
OCPBUGS-15722 - Helm Chart installation screen fails to render if JSON schema contains remote $refs
OCPBUGS-15734 - [4.13] binary should be compiled on RHEL9
OCPBUGS-15736 - TuneD reverts node level profiles on termination
OCPBUGS-15738 - tuned daemonset rprivate default mount propagation with `hostPath: path: /`  volumeMount breaks CSI driver relying on multipath
OCPBUGS-15746 - Alibaba clusters are TechPreview and should not be upgradeable
OCPBUGS-15756 - [release-4.13] Bump Jenkins and Jenkins Agent Base image versions
OCPBUGS-15777 - ironic-agent-image PRs permafailing due to udevadm command missing
OCPBUGS-15782 - [OSD] There is no error message shown on node label edit modal
OCPBUGS-15787 - Project admins cannot see 'Pipelines' section in 'import from git' from RHOCP4 web console
OCPBUGS-15808 - [4.13.x] Downstream OLM PSA plug-in is disabled
OCPBUGS-15848 - The upgrade Helm Release tab in OpenShift GUI Developer console is not refreshing with updated values.
OCPBUGS-15892 - 9% of OKD tests failing on error: tag latest failed: Internal error occurred: registry.centos.org/dotnet/dotnet-31-centos7:latest: Get "": dial tcp: lookup registry.centos.org on 172.30.0.10:53: no such host
OCPBUGS-15962 - ovn-k8s-cni-overlay: /lib64/libc.so.6: version `GLIBC_2.34' not found on 4.12-to-4.13
OCPBUGS-15965 - Active Endpoint Connection blocks cluster uninstallation
OCPBUGS-16084 - [4.13] OCP 4.14.0-ec.3 machine-api-controller pod crashing 
OCPBUGS-7762 - openshift-tests does not file Azure Disk zone topology

6. References:

https://access.redhat.com/security/cve/CVE-2022-4304
https://access.redhat.com/security/cve/CVE-2022-4450
https://access.redhat.com/security/cve/CVE-2022-41717
https://access.redhat.com/security/cve/CVE-2022-41723
https://access.redhat.com/security/cve/CVE-2022-46663
https://access.redhat.com/security/cve/CVE-2023-0215
https://access.redhat.com/security/cve/CVE-2023-0361
https://access.redhat.com/security/cve/CVE-2023-0464
https://access.redhat.com/security/cve/CVE-2023-0465
https://access.redhat.com/security/cve/CVE-2023-0466
https://access.redhat.com/security/cve/CVE-2023-1255
https://access.redhat.com/security/cve/CVE-2023-1260
https://access.redhat.com/security/cve/CVE-2023-2253
https://access.redhat.com/security/cve/CVE-2023-2650
https://access.redhat.com/security/cve/CVE-2023-2700
https://access.redhat.com/security/cve/CVE-2023-3089
https://access.redhat.com/security/cve/CVE-2023-24329
https://access.redhat.com/security/cve/CVE-2023-24534
https://access.redhat.com/security/cve/CVE-2023-24536
https://access.redhat.com/security/cve/CVE-2023-24537
https://access.redhat.com/security/cve/CVE-2023-24538
https://access.redhat.com/security/cve/CVE-2023-24539
https://access.redhat.com/security/cve/CVE-2023-27561
https://access.redhat.com/security/cve/CVE-2023-29400
https://access.redhat.com/security/cve/CVE-2023-32067
https://access.redhat.com/security/updates/classification/#moderate
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

7. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJkuYVOAAoJENzjgjWX9erExUgP/2/25PbUv77tHgYG+Oj5rmcT
oTnu0LnBLOsDXYGOomnrE/UZFvWtQr8lGWpvkHpZjJjg7IZo4vN4mUhK+z7dM+3M
zuyV++GHDF/zr1XxYf6xWWWNtdCTwWsUKcb6FB4J+WCiUJ8PSYFY3lbPcvAbTamP
Hj1JHc3/NxYswwfwBcmK+E4DX4y0XImRdu5+vIXZdp5dpTBehchnSa+Mgjt7vdwi
rHi7CdAsHDrPQhThlIRmc17cwsqiZS760xxpx9UNHvix5UQA9ns+OcUx/dLaGR9E
dp41kCebze5st+wpBMCPoOZEvHJIMjC6ODFVb4mzRbhbAbWJS6GZl2V783v5RGrr
FemE7DDKKt6QEjZhT61GXVS9EdWdFrNii5kmgEiUc/F6Md0fHrPcdt5yxK0dhPZb
3R/64vcMsHllsEStpg8s1aieAZbpmheylEKK+zf82Vz3nlBNX5kxi2IxCrl4nG6X
KublzGkkKiNXS9rZqzPDRgtGAn5Qi01U9kUzVgdKGfMsyRnvAVDeZf/FUdOhCm7M
h2Yt9M2cgPImRWatKkECpsAwcHbgGtsFL96/5z6CSOoXbqkB2xV6LVixsoa4ys76
cHsXRPJFDU97Y1I9h1kJbro/N8UdPZSicVdsWrLYadujBrhaPq5MoW+B1FpayaDh
+AfFGtVd9LRp5sYROCuT
=2EuA
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-4091:01 Moderate: OpenShift Container Platform 4.13.5

Red Hat OpenShift Container Platform release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements

Summary

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.5 See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2023:4093
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html
Security Fix(es):
* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)
* distribution/distribution: DoS from malicious API request (CVE-2023-2253)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

Summary

Solution

For OpenShift Container Platform 4.13 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html
You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags
The sha values for the release are:
(For x86_64 architecture) The image digest is sha256:af19e94813478382e36ae1fa2ae7bbbff1f903dded6180f4eb0624afe6fc6cd4
(For s390x architecture) The image digest is sha256:d4d2c747fade057e55f64e02a34bb752bd2cd1484b02f029d0842d346f872870
(For ppc64le architecture) The image digest is sha256:48466f0b7c86292379c5d987ec37f0d4a4cc26a69357374e127a7293b230c943
(For aarch64 architecture) The image digest is sha256:e9afcbe007e2440d2b862dc7709138df73dd851421d69c7f39f195301e0cda53
All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

References

https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-41723 https://access.redhat.com/security/cve/CVE-2022-46663 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-0464 https://access.redhat.com/security/cve/CVE-2023-0465 https://access.redhat.com/security/cve/CVE-2023-0466 https://access.redhat.com/security/cve/CVE-2023-1255 https://access.redhat.com/security/cve/CVE-2023-1260 https://access.redhat.com/security/cve/CVE-2023-2253 https://access.redhat.com/security/cve/CVE-2023-2650 https://access.redhat.com/security/cve/CVE-2023-2700 https://access.redhat.com/security/cve/CVE-2023-3089 https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/cve/CVE-2023-24534 https://access.redhat.com/security/cve/CVE-2023-24536 https://access.redhat.com/security/cve/CVE-2023-24537 https://access.redhat.com/security/cve/CVE-2023-24538 https://access.redhat.com/security/cve/CVE-2023-24539 https://access.redhat.com/security/cve/CVE-2023-27561 https://access.redhat.com/security/cve/CVE-2023-29400 https://access.redhat.com/security/cve/CVE-2023-32067 https://access.redhat.com/security/updates/classification/#moderate https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

Package List

Severity

Advisory ID: RHSA-2023:4091-01

Product: Red Hat OpenShift Enterprise

Advisory URL: https://access.redhat.com/errata/RHSA-2023:4091

Issued Date: : 2023-07-20

CVE Names: CVE-2022-4304 CVE-2022-4450 CVE-2022-41717 CVE-2022-41723 CVE-2022-46663 CVE-2023-0215 CVE-2023-0361 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-1255 CVE-2023-1260 CVE-2023-2253 CVE-2023-2650 CVE-2023-2700 CVE-2023-3089 CVE-2023-24329 CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 CVE-2023-24539 CVE-2023-27561 CVE-2023-29400 CVE-2023-32067

Topic

Red Hat OpenShift Container Platform release 4.13.5 is now available withupdates to packages and images that fix several bugs and add enhancements.This release includes a security update for Red Hat OpenShift ContainerPlatform 4.13.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topic

Relevant Releases Architectures

Bugs Fixed

2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

2189886 - CVE-2023-2253 distribution/distribution: DoS from malicious API request

5. JIRA issues fixed (https://issues.redhat.com/):

OCPBUGS-10326 - Re-enable operator-install-single-namespace.spec.ts test

OCPBUGS-11143 - [Azure] Replace master failed as new master did not add into lb backend

OCPBUGS-11974 - User telemetry is broken (inaccurate) due to the fact that page titles are not unique.

OCPBUGS-12206 - [4.13] Keep systemd journal using LZ4 compression (via new env var)

OCPBUGS-12256 - ptp operator socket management need rework since a few test case fails due to cleaning up the file before other processes are terminated.

OCPBUGS-12743 - [4.13] SNO cluster deployment failing due to authentication and console CO in degraded state

OCPBUGS-12785 - [release-4.13] Enable/Disable plugin options are not shown on Operator details page

OCPBUGS-13311 - Kubelet CA file not written by MCD firstboot

OCPBUGS-13323 - [4.13] Bootimage bump tracker

OCPBUGS-13642 - [release-4.13] OLM k8sResourcePrefix x-descriptor dropdown unexpectedly clears selections

OCPBUGS-13747 - [4.13] cgroupv1 support for cpu balancing is broken for non-SNO nodes

OCPBUGS-13752 - AdditionalTrustBundle is only included when doing mirroring

OCPBUGS-13809 - OVN image pre-puller pod uses `imagePullPolicy: Always` and blocks upgrade when there is no registry

OCPBUGS-13812 - [azure] Installer doesn't validate diskType on ASH which lead to install fails with unsupported disktype

OCPBUGS-14030 - Invalid CA certificate bundle provided by service account token

OCPBUGS-14166 - Make Serverless form is broken

OCPBUGS-14189 - Route Checkbox getting checked even if it is unchecked during editing the Serverless Function form

OCPBUGS-14251 - Add new console metrics to cluster-monitoring-operator telemetry configuration (4.13)

OCPBUGS-14267 - [Openshift Pipelines] Metrics page is broken

OCPBUGS-14310 - Could not import multiple resources via JSON (while YAML supports this)

OCPBUGS-14318 - [release-4.13] gather podDisruptionBudget only from openshift namespaces

OCPBUGS-14336 - [Openshift Pipelines] Link to Openshift Route from service is breaking because of hardcoded value of targetPort

OCPBUGS-14426 - Failed to list Kepler CSV

OCPBUGS-14459 - The MCD repeats a "State and Reason" log line even when nothing is happening

OCPBUGS-14482 - Sync RHEL9 Dockerfiles to regular Dockerfiles

OCPBUGS-14598 - Update Jenkins to use 4.13 images

OCPBUGS-14773 - (release-4.13) gather "gateway-mode-config" config map from "openshift-network-operator" namespace

OCPBUGS-14867 - When installing SNO with bootstrap in place it takes cluster-policy-controller 6 minutes to acquire the leader lease

OCPBUGS-14916 - images: RHEL-8-based container image is broken

OCPBUGS-14943 - visiting Configurations page returns error Cannot read properties of undefined (reading 'apiGroup')

OCPBUGS-15031 - (release-4.13) Insights config not correctly deserialized

OCPBUGS-15101 - IngressVIP getting attach to two nodes at once

OCPBUGS-15130 - Helm Repository "Edit" button results in 404

OCPBUGS-15139 - The whereabouts-reconciler should not set an hard-coded node selector on the kubernetes.io/architecture label

OCPBUGS-15161 - CPMS: Surface cpms vs machine diff

OCPBUGS-15171 - CPO doesn't skip AWS resource deletion for 'Unknown' OIDC state

OCPBUGS-15187 - images: RHEL-8 container image is missing `xz`

OCPBUGS-15224 - [4.13] openvswitch user is not in the hugetblfs group

OCPBUGS-15225 - while/after upgrading to OKD 4.11 2023-01-14 CoreDNS has a problem with UDP overflows

OCPBUGS-15228 - Create helm release page doesn't show a YAML editor when schema isn't available (httpd-imagestreams chart)

OCPBUGS-15230 - Allow installer to use existing Azure NSG during OpenShift IPI install

OCPBUGS-15246 - Bump to kubernetes 1.26.6

OCPBUGS-15281 - Leftover IngressController Preventing Clean Uninstall

OCPBUGS-15289 - GCP XPN Installs Require bindPrivateDNSZone Permission in host project

OCPBUGS-15330 - CPMSO: fix linting issue comment in test

OCPBUGS-15335 - PipelineRun failed with log 'Tasks Completed: 3 (Failed: 1, Cancelled 0), Skipped: 1.'

OCPBUGS-15360 - Serverless functions UI warning is misleading

OCPBUGS-15372 - [4.13z] Duplicate acls cause network policy failure for namespaces with long names (>61 chars)

OCPBUGS-15376 - [4.13] Cleanup Tech debt: remove unused repo code

OCPBUGS-15410 - [release-4.13] Add Git Repository (PAC) doesn't setup GitLab and Bitbucket configuration correct

OCPBUGS-15434 - [GWAPI] [4.13.z] The DNS provider failed to ensure the record, invalid value for name (gcp)

OCPBUGS-15457 - python-grpcio and python-protobuf are unneeded dependencies

OCPBUGS-15463 - [release-4.13] Unable to set protectKernelDefaults from "true" to "false" in kubelet.conf [release-4.13]

OCPBUGS-15465 - [CI Watcher] Testing uninstall of Business Automation Operator "attempts to uninstall the Operator and delete all Operand Instances, shows 'Error Deleting Operands' alert"

OCPBUGS-15476 - Network Operator not setting its version and blocking upgrade completion

OCPBUGS-15481 - [CI Watcher] Broken pipeline-plugin e2e tests: PipelineResource CRD isn't installed anymore

OCPBUGS-15512 - HCP Service Loadbalancer uses default SecurityGroup

OCPBUGS-15515 - CI fails on TestAWSELBConnectionIdleTimeout

OCPBUGS-15557 - TUI stuck on agent installer network boot setup

OCPBUGS-15580 - updated nmstate builds will not work for MCO

OCPBUGS-15585 - [4.13] Cannot fix a misconfigured Egress Firewall

OCPBUGS-15586 - [4.13] NetworkPolicy not working as expected when allowing inbound traffic from any namespace

OCPBUGS-15589 - Dynamic conversion webhook clientConfig not retained as operator installs

OCPBUGS-15591 - GCP bootstrap VM should allow SecureBoot setting on 4.13 clustersOCPBUGS-15606 - Can't use git lfs in BuildConfig git source with strategy Docker

OCPBUGS-15608 - [release-4.13] Clean up old RHEL9 dockerfiles to reduce confusion

OCPBUGS-15720 - Helm Chart installation form hangs on create if JSON-schema is using 2019-09 or 2020-20 standard revisions

OCPBUGS-15721 - Helm Chart installation form hangs on create if JSON-schema contains unknown value format

OCPBUGS-15722 - Helm Chart installation screen fails to render if JSON schema contains remote $refs

OCPBUGS-15734 - [4.13] binary should be compiled on RHEL9

OCPBUGS-15736 - TuneD reverts node level profiles on termination

OCPBUGS-15738 - tuned daemonset rprivate default mount propagation with `hostPath: path: /` volumeMount breaks CSI driver relying on multipath

OCPBUGS-15746 - Alibaba clusters are TechPreview and should not be upgradeable

OCPBUGS-15756 - [release-4.13] Bump Jenkins and Jenkins Agent Base image versions

OCPBUGS-15777 - ironic-agent-image PRs permafailing due to udevadm command missing

OCPBUGS-15782 - [OSD] There is no error message shown on node label edit modal

OCPBUGS-15787 - Project admins cannot see 'Pipelines' section in 'import from git' from RHOCP4 web console

OCPBUGS-15808 - [4.13.x] Downstream OLM PSA plug-in is disabled

OCPBUGS-15848 - The upgrade Helm Release tab in OpenShift GUI Developer console is not refreshing with updated values.

OCPBUGS-15892 - 9% of OKD tests failing on error: tag latest failed: Internal error occurred: registry.centos.org/dotnet/dotnet-31-centos7:latest: Get "": dial tcp: lookup registry.centos.org on 172.30.0.10:53: no such host

OCPBUGS-15962 - ovn-k8s-cni-overlay: /lib64/libc.so.6: version `GLIBC_2.34' not found on 4.12-to-4.13

OCPBUGS-15965 - Active Endpoint Connection blocks cluster uninstallation

OCPBUGS-16084 - [4.13] OCP 4.14.0-ec.3 machine-api-controller pod crashing

OCPBUGS-7762 - openshift-tests does not file Azure Disk zone topology

Get the Latest News & Insights