VARIoT IoT vulnerabilities database

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries. Racom MIDGE A cross-site request forgery vulnerability exists in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. RACOM M!DGE is a cellular router designed for mission-critical applications such as SCADA and telemetry, and is very suitable for many different wireless applications. No detailed vulnerability details are currently provided

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands. Racom MIDGE For firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. RACOM M!DGE is a cellular router designed for mission-critical applications such as SCADA and telemetry, and is very suitable for many different wireless applications. Attackers can use this vulnerability to execute arbitrary OS commands

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral. Racom MIDGE There is a permission management vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. RACOM M!DGE is a cellular router designed for mission-critical applications such as SCADA and telemetry, and is very suitable for many different wireless applications. RACOM M!DGE version 4.4.40.105 firmware has a directory traversal vulnerability

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the error handling functionality of web pages. RACOM M!DGE is a cellular router designed for mission-critical applications such as SCADA and telemetry, and is very suitable for many different wireless applications

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the regionalSettings.php dialogs. RACOM M!DGE is a cellular router designed for mission-critical applications such as SCADA and telemetry, and is very suitable for many different wireless applications. Attackers can use this vulnerability to execute JavaScript code through regionalSettings.php

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Advantech WebAccess/SCADA Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture of Advantech. The software supports dynamic graphic display and real-time data control, and provides functions for remote control and management of automation equipment

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Advantech WebAccess/SCADA Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture of Advantech. The software supports dynamic graphic display and real-time data control, and provides functions for remote control and management of automation equipment

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Advantech WebAccess/SCADA Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture of Advantech. The software supports dynamic graphic display and real-time data control, and provides functions for remote control and management of automation equipment

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs. RACOM M!DGE is a cellular router designed for mission-critical applications such as SCADA and telemetry, and is very suitable for many different wireless applications. Attackers can use this vulnerability to execute JavaScript code through virtualization.php

An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. Advantech WebAccess/SCADA Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture of Advantech. The software supports dynamic graphic display and real-time data control, and provides functions for remote control and management of automation equipment

Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication. Racom MIDGE There is an information leakage vulnerability in the firmware.Information may be obtained. RACOM M!DGE is a cellular router designed for mission-critical applications such as SCADA and telemetry, and is very suitable for many different wireless applications

Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3. GateManager Web server Contains an unspecified vulnerability.Information may be obtained. Secomea GateManager is a remote access server product of Secomea, Denmark

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3. plural GateManager The product contains a vulnerability regarding the lack of encryption of critical data.Information may be obtained. Secomea GateManager is a remote access server product of Secomea, Denmark

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). Please keep an eye on CNNVD or manufacturer announcements. Nessus Agent versions 7.2.0 up to and including 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged malicious user to obtain the token. Additionally, one third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the provider. Additional details can be found in the upstream advisories https://www.openssl.org/news/secadv/20191206.txt and https://www.openssl.org/news/secadv/20210216.txt . For the stable distribution (buster), these problems have been fixed in version 1.1.1d-0+deb10u5. For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAtHDpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SYCg/9HRfTx/x8jaG8pn8kcPmUiSs+WkMBXmQeg97Gf6NLeflYczwtZ9MGWAAj J9R72BqppoSGaI4MPgUQPRDRHclktJOxBkICyiYL35G18x0iFz352rfHegq9rzVe VxJAXh3Xo6hA/SX046rjh+gJU63fgiE4Wy9T1D9y9A582FHfqhNFpEbWyzA871hG nDFabpyvRltEC/XXu5pejqU9cguc4wF6pVjMffF1ikV6srAFPFO14v5aYYTWHEe1 D5cOUe6ckFIJBHYO4NEldlfRN1OVUZUMERQwjkfJ6RnwOxzN9dAdnhle+nqgeC7P GwyVHTNIIhNOpjo24j0d13npJqdBvpXygG8TVDzRGm70SgMsizIm/b8ID9yzQjXH 45ziZZKLnLDDE55v62bUZ7KOe3DZYp/dElZ6mt/xKikC10GEOv1exsaB12s4LlDx +7VF2U3nAer//G2LkGAPkbNAT1RC1uibnivyed3uHpUwFewE0fsdaoHtwFPPYDNp Y7dyMI+SpAF1/6PW7kBqgHtyp9GAp2fcldV1uLmr9FKoBASvemkReHH1/eDzPqaA xKzJ67vi9vX3IKtEz+T/EftZ5VDb/JW/f5EPsLNKjQJomRaQRr9EnYMVFCERVwvk IMCzTgoed90pMSWyfO7BkywXMk4t14IeV9PhGVTfCrdpr4c2QC4= =hM2Z -----END PGP SIGNATURE----- . Bugs fixed (https://bugzilla.redhat.com/): 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable 6. Description: Red Hat Advanced Cluster Management for Kubernetes 2.3.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Security fixes: * nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017) * redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626) * redis: Integer overflow issue with Streams (CVE-2021-32627) * redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628) * redis: Integer overflow issue with intsets (CVE-2021-32687) * redis: Integer overflow issue with strings (CVE-2021-41099) * redis: Out of bounds read in lua debugger protocol parser (CVE-2021-32672) * redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675) * helm: information disclosure vulnerability (CVE-2021-32690) Bug fixes: * KUBE-API: Support move agent to different cluster in the same namespace (BZ# 1977358) * Add columns to the Agent CRD list (BZ# 1977398) * ClusterDeployment controller watches all Secrets from all namespaces (BZ# 1986081) * RHACM 2.3.3 images (BZ# 1999365) * Workaround for Network Manager not supporting nmconnections priority (BZ# 2001294) * create cluster page empty in Safary Browser (BZ# 2002280) * Compliance state doesn't get updated after fixing the issue causing initially the policy not being able to update the managed object (BZ# 2002667) * Overview page displays VMware based managed cluster as other (BZ# 2004188) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1977358 - [4.8.0] KUBE-API: Support move agent to different cluster in the same namespace 1977398 - [4.8.0] [master] Add columns to the Agent CRD list 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1986081 - [4.8.0] ClusterDeployment controller watches all Secrets from all namespaces 1999365 - RHACM 2.3.3 images 2001294 - [4.8.0] Workaround for Network Manager not supporting nmconnections priority 2002280 - create cluster page empty in Safary Browser 2002667 - Compliance state doesn't get updated after fixing the issue causing initially the policy not being able to update the managed object 2004188 - Overview page displays VMware based managed cluster as other 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings 5. This issue was reported to OpenSSL on 15th December 2020 by Tavis Ormandy from Google. The fix was developed by Matt Caswell. Incorrect SSLv2 rollback protection (CVE-2021-23839) ==================================================== Severity: Low OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. This issue was reported to OpenSSL on 21st January 2021 by D. Katz and Joel Luellwitz from Trustwave. The fix was developed by Matt Caswell. Integer overflow in CipherUpdate (CVE-2021-23840) ================================================= Severity: Low Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. This issue was reported to OpenSSL on 13th December 2020 by Paul Kehrer. The fix was developed by Matt Caswell. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20210216.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . ========================================================================== Ubuntu Security Notice USN-4738-1 February 18, 2021 openssl, openssl1.0 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in OpenSSL. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools - openssl1.0: Secure Socket Layer (SSL) cryptographic library and tools Details: Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. (CVE-2021-23841) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: libssl1.1 1.1.1f-1ubuntu4.2 Ubuntu 20.04 LTS: libssl1.1 1.1.1f-1ubuntu2.2 Ubuntu 18.04 LTS: libssl1.0.0 1.0.2n-1ubuntu5.6 libssl1.1 1.1.1-1ubuntu2.1~18.04.8 Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.19 After a standard system update you need to reboot your computer to make all the necessary changes. Red Hat OpenShift Container Storage is highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provides a multicloud data management service with an S3 compatible API. Security Fix(es): * nodejs-ssh2: Command injection by calling vulnerable method with untrusted input (CVE-2020-26301) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previously, when the namespace store target was deleted, no alert was sent to the namespace bucket because of an issue in calculating the namespace bucket health. With this update, the issue in calculating the namespace bucket health is fixed and alerts are triggered as expected. (BZ#1993873) * Previously, the Multicloud Object Gateway (MCG) components performed slowly and there was a lot of pressure on the MCG components due to non-optimized database queries. With this update the non-optimized database queries are fixed which reduces the compute resources and time taken for queries. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1993873 - [4.8.z clone] Alert NooBaaNamespaceBucketErrorState is not triggered when namespacestore's target bucket is deleted 2006958 - CVE-2020-26301 nodejs-ssh2: Command injection by calling vulnerable method with untrusted input 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP10 security update Advisory ID: RHSA-2021:4613-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:4613 Issue date: 2021-11-10 CVE Names: CVE-2019-17567 CVE-2019-20838 CVE-2020-13950 CVE-2020-14155 CVE-2020-35452 CVE-2021-3712 CVE-2021-23840 CVE-2021-23841 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 ===================================================================== 1. Summary: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es): * httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452) * httpd: mod_session NULL pointer dereference in parser (CVE-2021-26690) * httpd: Heap overflow in mod_session (CVE-2021-26691) * httpd: mod_proxy_wstunnel tunneling of non Upgraded connection (CVE-2019-17567) * httpd: MergeSlashes regression (CVE-2021-30641) * httpd: mod_proxy NULL pointer dereference (CVE-2020-13950) * jbcs-httpd24-openssl: openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) * openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712) * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * pcre: buffer over-read in JIT when UTF is disabled (CVE-2019-20838) * pcre: integer overflow in libpcre (CVE-2020-14155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 1848436 - CVE-2020-14155 pcre: Integer overflow when parsing callout numeric arguments 1848444 - CVE-2019-20838 pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1966724 - CVE-2020-35452 httpd: Single zero byte stack overflow in mod_auth_digest 1966729 - CVE-2021-26690 httpd: mod_session: NULL pointer dereference when parsing Cookie header 1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value 1966738 - CVE-2020-13950 httpd: mod_proxy NULL pointer dereference 1966740 - CVE-2019-17567 httpd: mod_proxy_wstunnel tunneling of non Upgraded connection 1966743 - CVE-2021-30641 httpd: Unexpected URL matching with 'MergeSlashes OFF' 1995634 - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings 5. References: https://access.redhat.com/security/cve/CVE-2019-17567 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-13950 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-35452 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-26690 https://access.redhat.com/security/cve/CVE-2021-26691 https://access.redhat.com/security/cve/CVE-2021-30641 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYwp6tzjgjWX9erEAQiuXBAAqGRhaYNMW349nu//9/VgddwAWrILhsWM HVwFO+dFYzLft8tPDBBt6ibsTJXj/oNlIV0/THEOEVW6juFJH3SENUr6U9sc0LMg qzMiixqIfEGZl7rYSzVKlUnWwr4D4QQjOzQ95q/OQvz7RXpR40BdOx1F1C0fKs9T QyvpQB22hLBmEJqPRSAbRY3fM/aqApV3Y3woUpw/cSqsttaPB9UfdKfm6UBEAnLa 4mioFK/K/V6pjdKBjfHAIVTsdiqQmumF2m91MSzjicVdR5E8krzZot3c+h2h7mnU WPcSNLteylBQlIykK6btnirLZA6lXCv2YaJXDTI+YfJbI+Ywln/m/c+S6zk0cCoL dRS6vmmIXgYjMIEB2tix60OEXp6vIaEHAKqyOdIioMBT55X4o7kKOFH1AjZS8NiY OkKOiyvZ5JAKg1nRS82BeoA3l6HQAiwwP6kvDsyhbqWkYQEUZqK4dXFluP8B01NU vPvLNjZnGRpAKezHhMjOpaLFSvFPM9rU4trGCM5wkqFjcUksPvIKbf0JU99eKXje 1bMQveiB5gHk3/5zbXNfmdhdAYu9PRxk5rjL09oXjWd8rz/atGrZf/jb20vOPQ9S DW41MCGnMw5gZj+i/Z5mewGv0eUF7v9o0hEU0NQK7cc1EyiMf8mIyPeSbkTH55oT EuH/ObqPu58= =Q2rT -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x). OpenSSL There is a security level vulnerability in.Information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Advanced Cluster Management for Kubernetes version 2.3 Advisory ID: RHSA-2021:3016-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2021:3016 Issue date: 2021-08-05 CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2018-20843 CVE-2018-1000858 CVE-2019-2708 CVE-2019-9169 CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 CVE-2019-19906 CVE-2019-20454 CVE-2019-20934 CVE-2019-25013 CVE-2020-1730 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8927 CVE-2020-11668 CVE-2020-13434 CVE-2020-15358 CVE-2020-27618 CVE-2020-28196 CVE-2020-28469 CVE-2020-28500 CVE-2020-28851 CVE-2020-28852 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2021-3326 CVE-2021-3377 CVE-2021-3449 CVE-2021-3450 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 CVE-2021-3541 CVE-2021-3560 CVE-2021-20271 CVE-2021-20305 CVE-2021-21272 CVE-2021-21309 CVE-2021-21321 CVE-2021-21322 CVE-2021-23337 CVE-2021-23343 CVE-2021-23346 CVE-2021-23362 CVE-2021-23364 CVE-2021-23368 CVE-2021-23369 CVE-2021-23382 CVE-2021-23383 CVE-2021-23839 CVE-2021-23840 CVE-2021-23841 CVE-2021-25217 CVE-2021-27219 CVE-2021-27292 CVE-2021-27358 CVE-2021-28092 CVE-2021-28918 CVE-2021-29418 CVE-2021-29477 CVE-2021-29478 CVE-2021-29482 CVE-2021-32399 CVE-2021-33033 CVE-2021-33034 CVE-2021-33502 CVE-2021-33623 CVE-2021-33909 CVE-2021-33910 ===================================================================== 1. Summary: Red Hat Advanced Cluster Management for Kubernetes 2.3.0 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: Red Hat Advanced Cluster Management for Kubernetes 2.3.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/ Security: * fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321) * fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322) * nodejs-netmask: improper input validation of octal input data (CVE-2021-28918) * redis: Integer overflow via STRALGO LCS command (CVE-2021-29477) * redis: Integer overflow via COPY command for large intsets (CVE-2021-29478) * nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469) * nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500) * golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing - -u- extension (CVE-2020-28851) * golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852) * nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377) * oras: zip-slip vulnerability via oras-pull (CVE-2021-21272) * redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * nodejs-lodash: command injection via template (CVE-2021-23337) * nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362) * browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364) * nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368) * nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369) * nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382) * nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383) * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) * nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292) * grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call (CVE-2021-27358) * nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092) * nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418) * ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482) * normalize-url: ReDoS for data URLs (CVE-2021-33502) * nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623) * nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343) * html-parse-stringify: Regular Expression DoS (CVE-2021-23346) * openssl: incorrect SSLv2 rollback protection (CVE-2021-23839) For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section. Bugs: * RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444) * cluster became offline after apiserver health check (BZ# 1942589) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html-single/install/index#installing 4. Bugs fixed (https://bugzilla.redhat.com/): 1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913444 - RFE Make the source code for the endpoint-metrics-operator public 1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull 1927520 - RHACM 2.3.0 images 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call 1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 1942589 - cluster became offline after apiserver health check 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command 1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions 1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id 1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters 5. References: https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2018-1000858 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20934 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-11668 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-28469 https://access.redhat.com/security/cve/CVE-2020-28500 https://access.redhat.com/security/cve/CVE-2020-28851 https://access.redhat.com/security/cve/CVE-2020-28852 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3377 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3516 https://access.redhat.com/security/cve/CVE-2021-3517 https://access.redhat.com/security/cve/CVE-2021-3518 https://access.redhat.com/security/cve/CVE-2021-3520 https://access.redhat.com/security/cve/CVE-2021-3537 https://access.redhat.com/security/cve/CVE-2021-3541 https://access.redhat.com/security/cve/CVE-2021-3560 https://access.redhat.com/security/cve/CVE-2021-20271 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-21272 https://access.redhat.com/security/cve/CVE-2021-21309 https://access.redhat.com/security/cve/CVE-2021-21321 https://access.redhat.com/security/cve/CVE-2021-21322 https://access.redhat.com/security/cve/CVE-2021-23337 https://access.redhat.com/security/cve/CVE-2021-23343 https://access.redhat.com/security/cve/CVE-2021-23346 https://access.redhat.com/security/cve/CVE-2021-23362 https://access.redhat.com/security/cve/CVE-2021-23364 https://access.redhat.com/security/cve/CVE-2021-23368 https://access.redhat.com/security/cve/CVE-2021-23369 https://access.redhat.com/security/cve/CVE-2021-23382 https://access.redhat.com/security/cve/CVE-2021-23383 https://access.redhat.com/security/cve/CVE-2021-23839 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-25217 https://access.redhat.com/security/cve/CVE-2021-27219 https://access.redhat.com/security/cve/CVE-2021-27292 https://access.redhat.com/security/cve/CVE-2021-27358 https://access.redhat.com/security/cve/CVE-2021-28092 https://access.redhat.com/security/cve/CVE-2021-28918 https://access.redhat.com/security/cve/CVE-2021-29418 https://access.redhat.com/security/cve/CVE-2021-29477 https://access.redhat.com/security/cve/CVE-2021-29478 https://access.redhat.com/security/cve/CVE-2021-29482 https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/cve/CVE-2021-33033 https://access.redhat.com/security/cve/CVE-2021-33034 https://access.redhat.com/security/cve/CVE-2021-33502 https://access.redhat.com/security/cve/CVE-2021-33623 https://access.redhat.com/security/cve/CVE-2021-33909 https://access.redhat.com/security/cve/CVE-2021-33910 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYQyKDNzjgjWX9erEAQhAWQ//fU2h/y+76CVkExXChhgJ779lC9Ec1f+X 6yw1b2WCHcztbTwyRtZw90dvIA1rNIDBrd83jIwfzsXzxEfGcCTriOmotHKX44+4 w6uPpmPSOBTsXB/yV/kvbPWpUKkahITC2uvjaInzO2zMmUQ2ntNGpvPu7BbFLmL1 oHMVIZaJ+zrPifwPhGqlp3rAkYe6uGobdvwtrOMXw8L5VnJor+35xLjos5k30IlC 4lftpWm9cD4oozdb5hw4A0i8fyAvue4hzpmgPfUJ6bngux8wycYhPGiRJR1HX03T MSXsWNBtqXNcB7r/GGqen73rr/eyyqsqfJ7+l8Uu7ph5cjk04foZcMqg+rz/1xne gVPkWcUJT8j7BH2sO8qiMdfYNl3+xNqPI9MtPEI8K/eiwynwETZqsKnEGIyhcTcX xe08Io2jV3jlnpQO/SBcvpKyzcqhDOuNBH2ozhn7Ka68WIMk2OuWempQcyDlWizO 1UbgoiMVb0hlP0APVpJKNtpfFCjBzFC24gWSAOPTep3vzA418Sn/moCJupM+3PPA QIzkGAt9f7sffI0JEg0JPEy0/aTmfsPm7XeR6DG+xF7o1nfy1SOcf+tcnPD0K+z8 8fS0uUMB/wO2s5yQ1TctsYzL9S5HRwMtnq7qKwWq9ItYzdQB4pcmyK1WgJAHVAtf Omk9Hj44tdI= =X9lR -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . OpenSSL Security Advisory [16 February 2021] ============================================ Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841) ==================================================================== Severity: Moderate The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. This issue was reported to OpenSSL on 15th December 2020 by Tavis Ormandy from Google. The fix was developed by Matt Caswell. Incorrect SSLv2 rollback protection (CVE-2021-23839) ==================================================== Severity: Low OpenSSL 1.0.2 supports SSLv2. This issue was reported to OpenSSL on 21st January 2021 by D. Katz and Joel Luellwitz from Trustwave. The fix was developed by Matt Caswell. Integer overflow in CipherUpdate (CVE-2021-23840) ================================================= Severity: Low Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. This issue was reported to OpenSSL on 13th December 2020 by Paul Kehrer. The fix was developed by Matt Caswell. References ========== URL for this Security Advisory: https://www.openssl.org/news/secadv/20210216.txt Note: the online version of the advisory may be updated with additional details over time. For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html

An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c. GateManager Is vulnerable to injection.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Secomea GateManager is a remote access server product of Secomea, Denmark. The vulnerability stems from an insecure direct object reference vulnerability

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Lodash Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. lodash is an open source JavaScript utility library. There is a security vulnerability in Lodash. Please keep an eye on CNNVD or manufacturer announcements. Description: The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as well as to add storage, create VMs and manage user permissions. Bug Fix(es): * This release adds the queue attribute to the virtio-scsi driver in the virtual machine configuration. This improvement enables multi-queue performance with the virtio-scsi driver. (BZ#911394) * With this release, source-load-balancing has been added as a new sub-option for xmit_hash_policy. It can be configured for bond modes balance-xor (2), 802.3ad (4) and balance-tlb (5), by specifying xmit_hash_policy=vlan+srcmac. (BZ#1683987) * The default DataCenter/Cluster will be set to compatibility level 4.6 on new installations of Red Hat Virtualization 4.4.6.; (BZ#1950348) * With this release, support has been added for copying disks between regular Storage Domains and Managed Block Storage Domains. It is now possible to migrate disks between Managed Block Storage Domains and regular Storage Domains. (BZ#1906074) * Previously, the engine-config value LiveSnapshotPerformFreezeInEngine was set by default to false and was supposed to be uses in cluster compatibility levels below 4.4. The value was set to general version. With this release, each cluster level has it's own value, defaulting to false for 4.4 and above. This will reduce unnecessary overhead in removing time outs of the file system freeze command. (BZ#1932284) * With this release, running virtual machines is supported for up to 16TB of RAM on x86_64 architectures. (BZ#1944723) * This release adds the gathering of oVirt/RHV related certificates to allow easier debugging of issues for faster customer help and issue resolution. Information from certificates is now included as part of the sosreport. Note that no corresponding private key information is gathered, due to security considerations. (BZ#1845877) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1113630 - [RFE] indicate vNICs that are out-of-sync from their configuration on engine 1310330 - [RFE] Provide a way to remove stale LUNs from hypervisors 1589763 - [downstream clone] Error changing CD for a running VM when ISO image is on a block domain 1621421 - [RFE] indicate vNIC is out of sync on network QoS modification on engine 1717411 - improve engine logging when migration fail 1766414 - [downstream] [UI] hint after updating mtu on networks connected to running VMs 1775145 - Incorrect message from hot-plugging memory 1821199 - HP VM fails to migrate between identical hosts (the same cpu flags) not supporting TSC. 1845877 - [RFE] Collect information about RHV PKI 1875363 - engine-setup failing on FIPS enabled rhel8 machine 1906074 - [RFE] Support disks copy between regular and managed block storage domains 1910858 - vm_ovf_generations is not cleared while detaching the storage domain causing VM import with old stale configuration 1917718 - [RFE] Collect memory usage from guests without ovirt-guest-agent and memory ballooning 1919195 - Unable to create snapshot without saving memory of running VM from VM Portal. 1919984 - engine-setup failse to deploy the grafana service in an external DWH server 1924610 - VM Portal shows N/A as the VM IP address even if the guest agent is running and the IP is shown in the webadmin portal 1926018 - Failed to run VM after FIPS mode is enabled 1926823 - Integrating ELK with RHV-4.4 fails as RHVH is missing 'rsyslog-gnutls' package. 1928158 - Rename 'CA Certificate' link in welcome page to 'Engine CA certificate' 1928188 - Failed to parse 'writeOps' value 'XXXX' to integer: For input string: "XXXX" 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1929211 - Failed to parse 'writeOps' value 'XXXX' to integer: For input string: "XXXX" 1930522 - [RHV-4.4.5.5] Failed to deploy RHEL AV 8.4.0 host to RHV with error "missing groups or modules: virt:8.4" 1930565 - Host upgrade failed in imgbased but RHVM shows upgrade successful 1930895 - RHEL 8 virtual machine with qemu-guest-agent installed displays Guest OS Memory Free/Cached/Buffered: Not Configured 1932284 - Engine handled FS freeze is not fast enough for Windows systems 1935073 - Ansible ovirt_disk module can create disks with conflicting IDs that cannot be removed 1942083 - upgrade ovirt-cockpit-sso to 0.1.4-2 1943267 - Snapshot creation is failing for VM having vGPU. 1944723 - [RFE] Support virtual machines with 16TB memory 1948577 - [welcome page] remove "Infrastructure Migration" section (obsoleted) 1949543 - rhv-log-collector-analyzer fails to run MAC Pools rule 1949547 - rhv-log-collector-analyzer report contains 'b characters 1950348 - Set compatibility level 4.6 for Default DataCenter/Cluster during new installations of RHV 4.4.6 1950466 - Host installation failed 1954401 - HP VMs pinning is wiped after edit->ok and pinned to first physical CPUs. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.8.2 bug fix and security update Advisory ID: RHSA-2021:2438-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:2438 Issue date: 2021-07-27 CVE Names: CVE-2016-2183 CVE-2020-7774 CVE-2020-15106 CVE-2020-15112 CVE-2020-15113 CVE-2020-15114 CVE-2020-15136 CVE-2020-26160 CVE-2020-26541 CVE-2020-28469 CVE-2020-28500 CVE-2020-28852 CVE-2021-3114 CVE-2021-3121 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 CVE-2021-3541 CVE-2021-3636 CVE-2021-20206 CVE-2021-20271 CVE-2021-20291 CVE-2021-21419 CVE-2021-21623 CVE-2021-21639 CVE-2021-21640 CVE-2021-21648 CVE-2021-22133 CVE-2021-23337 CVE-2021-23362 CVE-2021-23368 CVE-2021-23382 CVE-2021-25735 CVE-2021-25737 CVE-2021-26539 CVE-2021-26540 CVE-2021-27292 CVE-2021-28092 CVE-2021-29059 CVE-2021-29622 CVE-2021-32399 CVE-2021-33034 CVE-2021-33194 CVE-2021-33909 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.8.2 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.2. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2021:2437 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-rel ease-notes.html Security Fix(es): * SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) * nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774) * etcd: Large slice causes panic in decodeRecord method (CVE-2020-15106) * etcd: DoS in wal/wal.go (CVE-2020-15112) * etcd: directories created via os.MkdirAll are not checked for permissions (CVE-2020-15113) * etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS (CVE-2020-15114) * etcd: no authentication is performed against endpoints provided in the - --endpoints flag (CVE-2020-15136) * jwt-go: access restriction bypass vulnerability (CVE-2020-26160) * nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469) * nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500) * golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852) * golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114) * containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206) * containers/storage: DoS via malicious image (CVE-2021-20291) * prometheus: open redirect under the /new endpoint (CVE-2021-29622) * golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194) * go.elastic.co/apm: leaks sensitive HTTP headers during panic (CVE-2021-22133) Space precludes listing in detail the following additional CVEs fixes: (CVE-2021-27292), (CVE-2021-28092), (CVE-2021-29059), (CVE-2021-23382), (CVE-2021-26539), (CVE-2021-26540), (CVE-2021-23337), (CVE-2021-23362) and (CVE-2021-23368) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-x86_64 The image digest is ssha256:0e82d17ababc79b10c10c5186920232810aeccbccf2a74c691487090a2c98ebc (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-s390x The image digest is sha256:a284c5c3fa21b06a6a65d82be1dc7e58f378aa280acd38742fb167a26b91ecb5 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-ppc64le The image digest is sha256:da989b8e28bccadbb535c2b9b7d3597146d14d254895cd35f544774f374cdd0f All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor 3. Solution: For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1725981 - oc explain does not work well with full resource.group names 1747270 - [osp] Machine with name "<cluster-id>-worker"couldn't join the cluster 1772993 - rbd block devices attached to a host are visible in unprivileged container pods 1786273 - [4.6] KAS pod logs show "error building openapi models ... has invalid property: anyOf" for CRDs 1786314 - [IPI][OSP] Install fails on OpenStack with self-signed certs unless the node running the installer has the CA cert in its system trusts 1801407 - Router in v4v6 mode puts brackets around IPv4 addresses in the Forwarded header 1812212 - ArgoCD example application cannot be downloaded from github 1817954 - [ovirt] Workers nodes are not numbered sequentially 1824911 - PersistentVolume yaml editor is read-only with system:persistent-volume-provisioner ClusterRole 1825219 - openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with "Unable to connect to the server" 1825417 - The containerruntimecontroller doesn't roll back to CR-1 if we delete CR-2 1834551 - ClusterOperatorDown fires when operator is only degraded; states will block upgrades 1835264 - Intree provisioner doesn't respect PVC.spec.dataSource sometimes 1839101 - Some sidebar links in developer perspective don't follow same project 1840881 - The KubeletConfigController cannot process multiple confs for a pool/ pool changes 1846875 - Network setup test high failure rate 1848151 - Console continues to poll the ClusterVersion resource when the user doesn't have authority 1850060 - After upgrading to 3.11.219 timeouts are appearing. 1852637 - Kubelet sets incorrect image names in node status images section 1852743 - Node list CPU column only show usage 1853467 - container_fs_writes_total is inconsistent with CPU/memory in summarizing cgroup values 1857008 - [Edge] [BareMetal] Not provided STATE value for machines 1857477 - Bad helptext for storagecluster creation 1859382 - check-endpoints panics on graceful shutdown 1862084 - Inconsistency of time formats in the OpenShift web-console 1864116 - Cloud credential operator scrolls warnings about unsupported platform 1866222 - Should output all options when runing `operator-sdk init --help` 1866318 - [RHOCS Usability Study][Dashboard] Users found it difficult to navigate to the OCS dashboard 1866322 - [RHOCS Usability Study][Dashboard] Alert details page does not help to explain the Alert 1866331 - [RHOCS Usability Study][Dashboard] Users need additional tooltips or definitions 1868755 - [vsphere] terraform provider vsphereprivate crashes when network is unavailable on host 1868870 - CVE-2020-15113 etcd: directories created via os.MkdirAll are not checked for permissions 1868872 - CVE-2020-15112 etcd: DoS in wal/wal.go 1868874 - CVE-2020-15114 etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS 1868880 - CVE-2020-15136 etcd: no authentication is performed against endpoints provided in the --endpoints flag 1868883 - CVE-2020-15106 etcd: Large slice causes panic in decodeRecord method 1871303 - [sig-instrumentation] Prometheus when installed on the cluster should have important platform topology metrics 1871770 - [IPI baremetal] The Keepalived.conf file is not indented evenly 1872659 - ClusterAutoscaler doesn't scale down when a node is not needed anymore 1873079 - SSH to api and console route is possible when the clsuter is hosted on Openstack 1873649 - proxy.config.openshift.io should validate user inputs 1874322 - openshift/oauth-proxy: htpasswd using SHA1 to store credentials 1874931 - Accessibility - Keyboard shortcut to exit YAML editor not easily discoverable 1876918 - scheduler test leaves taint behind 1878199 - Remove Log Level Normalization controller in cluster-config-operator release N+1 1878655 - [aws-custom-region] creating manifests take too much time when custom endpoint is unreachable 1878685 - Ingress resource with "Passthrough" annotation does not get applied when using the newer "networking.k8s.io/v1" API 1879077 - Nodes tainted after configuring additional host iface 1879140 - console auth errors not understandable by customers 1879182 - switch over to secure access-token logging by default and delete old non-sha256 tokens 1879184 - CVO must detect or log resource hotloops 1879495 - [4.6] namespace \“openshift-user-workload-monitoring\” does not exist” 1879638 - Binary file uploaded to a secret in OCP 4 GUI is not properly converted to Base64-encoded string 1879944 - [OCP 4.8] Slow PV creation with vsphere 1880757 - AWS: master not removed from LB/target group when machine deleted 1880758 - Component descriptions in cloud console have bad description (Managed by Terraform) 1881210 - nodePort for router-default metrics with NodePortService does not exist 1881481 - CVO hotloops on some service manifests 1881484 - CVO hotloops on deployment manifests 1881514 - CVO hotloops on imagestreams from cluster-samples-operator 1881520 - CVO hotloops on (some) clusterrolebindings 1881522 - CVO hotloops on clusterserviceversions packageserver 1881662 - Error getting volume limit for plugin kubernetes.io/<name> in kubelet logs 1881694 - Evidence of disconnected installs pulling images from the local registry instead of quay.io 1881938 - migrator deployment doesn't tolerate masters 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1883587 - No option for user to select volumeMode 1883993 - Openshift 4.5.8 Deleting pv disk vmdk after delete machine 1884053 - cluster DNS experiencing disruptions during cluster upgrade in insights cluster 1884800 - Failed to set up mount unit: Invalid argument 1885186 - Removing ssh keys MC does not remove the key from authorized_keys 1885349 - [IPI Baremetal] Proxy Information Not passed to metal3 1885717 - activeDeadlineSeconds DeadlineExceeded does not show terminated container statuses 1886572 - auth: error contacting auth provider when extra ingress (not default) goes down 1887849 - When creating new storage class failure_domain is missing. 1888712 - Worker nodes do not come up on a baremetal IPI deployment with control plane network configured on a vlan on top of bond interface due to Pending CSRs 1889689 - AggregatedAPIErrors alert may never fire 1890678 - Cypress: Fix 'structure' accesibility violations 1890828 - Intermittent prune job failures causing operator degradation 1891124 - CP Conformance: CRD spec and status failures 1891301 - Deleting bmh by "oc delete bmh' get stuck 1891696 - [LSO] Add capacity UI does not check for node present in selected storageclass 1891766 - [LSO] Min-Max filter's from OCS wizard accepts Negative values and that cause PV not getting created 1892642 - oauth-server password metrics do not appear in UI after initial OCP installation 1892718 - HostAlreadyClaimed: The new route cannot be loaded with a new api group version 1893850 - Add an alert for requests rejected by the apiserver 1893999 - can't login ocp cluster with oc 4.7 client without the username 1895028 - [gcp-pd-csi-driver-operator] Volumes created by CSI driver are not deleted on cluster deletion 1895053 - Allow builds to optionally mount in cluster trust stores 1896226 - recycler-pod template should not be in kubelet static manifests directory 1896321 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types 1896751 - [RHV IPI] Worker nodes stuck in the Provisioning Stage if the machineset has a long name 1897415 - [Bare Metal - Ironic] provide the ability to set the cipher suite for ipmitool when doing a Bare Metal IPI install 1897621 - Auth test.Login test.logs in as kubeadmin user: Timeout 1897918 - [oVirt] e2e tests fail due to kube-apiserver not finishing 1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability 1899057 - fix spurious br-ex MAC address error log 1899187 - [Openstack] node-valid-hostname.service failes during the first boot leading to 5 minute provisioning delay 1899587 - [External] RGW usage metrics shown on Object Service Dashboard is incorrect 1900454 - Enable host-based disk encryption on Azure platform 1900819 - Scaled ingress replicas following sharded pattern don't balance evenly across multi-AZ 1901207 - Search Page - Pipeline resources table not immediately updated after Name filter applied or removed 1901535 - Remove the managingOAuthAPIServer field from the authentication.operator API 1901648 - "do you need to set up custom dns" tooltip inaccurate 1902003 - Jobs Completions column is not sorting when there are "0 of 1" and "1 of 1" in the list. 1902076 - image registry operator should monitor status of its routes 1902247 - openshift-oauth-apiserver apiserver pod crashloopbackoffs 1903055 - [OSP] Validation should fail when no any IaaS flavor or type related field are given 1903228 - Pod stuck in Terminating, runc init process frozen 1903383 - Latest RHCOS 47.83. builds failing to install: mount /root.squashfs failed 1903553 - systemd container renders node NotReady after deleting it 1903700 - metal3 Deployment doesn't have unique Pod selector 1904006 - The --dir option doest not work for command `oc image extract` 1904505 - Excessive Memory Use in Builds 1904507 - vsphere-problem-detector: implement missing metrics 1904558 - Random init-p error when trying to start pod 1905095 - Images built on OCP 4.6 clusters create manifests that result in quay.io (and other registries) rejecting those manifests 1905147 - ConsoleQuickStart Card's prerequisites is a combined text instead of a list 1905159 - Installation on previous unused dasd fails after formatting 1905331 - openshift-multus initContainer multus-binary-copy, etc. are not requesting required resources: cpu, memory 1905460 - Deploy using virtualmedia for disabled provisioning network on real BM(HPE) fails 1905577 - Control plane machines not adopted when provisioning network is disabled 1905627 - Warn users when using an unsupported browser such as IE 1905709 - Machine API deletion does not properly handle stopped instances on AWS or GCP 1905849 - Default volumesnapshotclass should be created when creating default storageclass 1906056 - Bundles skipped via the `skips` field cannot be pinned 1906102 - CBO produces standard metrics 1906147 - ironic-rhcos-downloader should not use --insecure 1906304 - Unexpected value NaN parsing x/y attribute when viewing pod Memory/CPU usage chart 1906740 - [aws]Machine should be "Failed" when creating a machine with invalid region 1907309 - Migrate controlflow v1alpha1 to v1beta1 in storage 1907315 - the internal load balancer annotation for AWS should use "true" instead of "0.0.0.0/0" as value 1907353 - [4.8] OVS daemonset is wasting resources even though it doesn't do anything 1907614 - Update kubernetes deps to 1.20 1908068 - Enable DownwardAPIHugePages feature gate 1908169 - The example of Import URL is "Fedora cloud image list" for all templates. 1908170 - sriov network resource injector: Hugepage injection doesn't work with mult container 1908343 - Input labels in Manage columns modal should be clickable 1908378 - [sig-network] pods should successfully create sandboxes by getting pod - Static Pod Failures 1908655 - "Evaluating rule failed" for "record: node:node_num_cpu:sum" rule 1908762 - [Dualstack baremetal cluster] multicast traffic is not working on ovn-kubernetes 1908765 - [SCALE] enable OVN lflow data path groups 1908774 - [SCALE] enable OVN DB memory trimming on compaction 1908916 - CNO: turn on OVN DB RAFT diffs once all master DB pods are capable of it 1909091 - Pod/node/ip/template isn't showing when vm is running 1909600 - Static pod installer controller deadlocks with non-existing installer pod, WAS: kube-apisrever of clsuter operator always with incorrect status due to pleg error 1909849 - release-openshift-origin-installer-e2e-aws-upgrade-fips-4.4 is perm failing 1909875 - [sig-cluster-lifecycle] Cluster version operator acknowledges upgrade : timed out waiting for cluster to acknowledge upgrade 1910067 - UPI: openstacksdk fails on "server group list" 1910113 - periodic-ci-openshift-release-master-ocp-4.5-ci-e2e-44-stable-to-45-ci is never passing 1910318 - OC 4.6.9 Installer failed: Some pods are not scheduled: 3 node(s) didn't match node selector: AWS compute machines without status 1910378 - socket timeouts for webservice communication between pods 1910396 - 4.6.9 cred operator should back-off when provisioning fails on throttling 1910500 - Could not list CSI provisioner on web when create storage class on GCP platform 1911211 - Should show the cert-recovery-controller version correctly 1911470 - ServiceAccount Registry Authfiles Do Not Contain Entries for Public Hostnames 1912571 - libvirt: Support setting dnsmasq options through the install config 1912820 - openshift-apiserver Available is False with 3 pods not ready for a while during upgrade 1913112 - BMC details should be optional for unmanaged hosts 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913341 - GCP: strange cluster behavior in CI run 1913399 - switch to v1beta1 for the priority and fairness APIs 1913525 - Panic in OLM packageserver when invoking webhook authorization endpoint 1913532 - After a 4.6 to 4.7 upgrade, a node went unready 1913974 - snapshot test periodically failing with "can't open '/mnt/test/data': No such file or directory" 1914127 - Deletion of oc get svc router-default -n openshift-ingress hangs 1914446 - openshift-service-ca-operator and openshift-service-ca pods run as root 1914994 - Panic observed in k8s-prometheus-adapter since k8s 1.20 1915122 - Size of the hostname was preventing proper DNS resolution of the worker node names 1915693 - Not able to install gpu-operator on cpumanager enabled node. 1915971 - Role and Role Binding breadcrumbs do not work as expected 1916116 - the left navigation menu would not be expanded if repeat clicking the links in Overview page 1916118 - [OVN] Source IP is not EgressIP if configured allow 0.0.0.0/0 in the EgressFirewall 1916392 - scrape priority and fairness endpoints for must-gather 1916450 - Alertmanager: add title and text fields to Adv. config. section of Slack Receiver form 1916489 - [sig-scheduling] SchedulerPriorities [Serial] fails with "Error waiting for 1 pods to be running - probably a timeout: Timeout while waiting for pods with labels to be ready" 1916553 - Default template's description is empty on details tab 1916593 - Destroy cluster sometimes stuck in a loop 1916872 - need ability to reconcile exgw annotations on pod add 1916890 - [OCP 4.7] api or api-int not available during installation 1917241 - [en_US] The tooltips of Created date time is not easy to read in all most of UIs. 1917282 - [Migration] MCO stucked for rhel worker after enable the migration prepare state 1917328 - It should default to current namespace when create vm from template action on details page 1917482 - periodic-ci-openshift-release-master-ocp-4.7-e2e-metal-ipi failing with "cannot go from state 'deploy failed' to state 'manageable'" 1917485 - [oVirt] ovirt machine/machineset object has missing some field validations 1917667 - Master machine config pool updates are stalled during the migration from SDN to OVNKube. 1917906 - [oauth-server] bump k8s.io/apiserver to 1.20.3 1917931 - [e2e-gcp-upi] failing due to missing pyopenssl library 1918101 - [vsphere]Delete Provisioning machine took about 12 minutes 1918376 - Image registry pullthrough does not support ICSP, mirroring e2es do not pass 1918442 - Service Reject ACL does not work on dualstack 1918723 - installer fails to write boot record on 4k scsi lun on s390x 1918729 - Add hide/reveal button for the token field in the KMS configuration page 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1918785 - Pod request and limit calculations in console are incorrect 1918910 - Scale from zero annotations should not requeue if instance type missing 1919032 - oc image extract - will not extract files from image rootdir - "error: unexpected directory from mapping tests.test" 1919048 - Whereabouts IPv6 addresses not calculated when leading hextets equal 0 1919151 - [Azure] dnsrecords with invalid domain should not be published to Azure dnsZone 1919168 - `oc adm catalog mirror` doesn't work for the air-gapped cluster 1919291 - [Cinder-csi-driver] Filesystem did not expand for on-line volume resize 1919336 - vsphere-problem-detector should check if datastore is part of datastore cluster 1919356 - Add missing profile annotation in cluster-update-keys manifests 1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration 1919398 - Permissive Egress NetworkPolicy (0.0.0.0/0) is blocking all traffic 1919406 - OperatorHub filter heading "Provider Type" should be "Source" 1919737 - hostname lookup delays when master node down 1920209 - Multus daemonset upgrade takes the longest time in the cluster during an upgrade 1920221 - GCP jobs exhaust zone listing query quota sometimes due to too many initializations of cloud provider in tests 1920300 - cri-o does not support configuration of stream idle time 1920307 - "VM not running" should be "Guest agent required" on vm details page in dev console 1920532 - Problem in trying to connect through the service to a member that is the same as the caller. 1920677 - Various missingKey errors in the devconsole namespace 1920699 - Operation cannot be fulfilled on clusterresourcequotas.quota.openshift.io error when creating different OpenShift resources 1920901 - [4.7]"500 Internal Error" for prometheus route in https_proxy cluster 1920903 - oc adm top reporting unknown status for Windows node 1920905 - Remove DNS lookup workaround from cluster-api-provider 1921106 - A11y Violation: button name(s) on Utilization Card on Cluster Dashboard 1921184 - kuryr-cni binds to wrong interface on machine with two interfaces 1921227 - Fix issues related to consuming new extensions in Console static plugins 1921264 - Bundle unpack jobs can hang indefinitely 1921267 - ResourceListDropdown not internationalized 1921321 - SR-IOV obliviously reboot the node 1921335 - ThanosSidecarUnhealthy 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1921720 - test: openshift-tests.[sig-cli] oc observe works as expected [Suite:openshift/conformance/parallel] 1921763 - operator registry has high memory usage in 4.7... cleanup row closes 1921778 - Push to stage now failing with semver issues on old releases 1921780 - Search page not fully internationalized 1921781 - DefaultList component not internationalized 1921878 - [kuryr] Egress network policy with namespaceSelector in Kuryr behaves differently than in OVN-Kubernetes 1921885 - Server-side Dry-run with Validation Downloads Entire OpenAPI spec often 1921892 - MAO: controller runtime manager closes event recorder 1921894 - Backport Avoid node disruption when kube-apiserver-to-kubelet-signer is rotated 1921937 - During upgrade /etc/hostname becomes a directory, nodes are set with kubernetes.io/hostname=localhost label 1921953 - ClusterServiceVersion property inference does not infer package and version 1922063 - "Virtual Machine" should be "Templates" in template wizard 1922065 - Rootdisk size is default to 15GiB in customize wizard 1922235 - [build-watch] e2e-aws-upi - e2e-aws-upi container setup failing because of Python code version mismatch 1922264 - Restore snapshot as a new PVC: RWO/RWX access modes are not click-able if parent PVC is deleted 1922280 - [v2v] on the upstream release, In VM import wizard I see RHV but no oVirt 1922646 - Panic in authentication-operator invoking webhook authorization 1922648 - FailedCreatePodSandBox due to "failed to pin namespaces [uts]: [pinns:e]: /var/run/utsns exists and is not a directory: File exists" 1922764 - authentication operator is degraded due to number of kube-apiservers 1922992 - some button text on YAML sidebar are not translated 1922997 - [Migration]The SDN migration rollback failed. 1923038 - [OSP] Cloud Info is loaded twice 1923157 - Ingress traffic performance drop due to NodePort services 1923786 - RHV UPI fails with unhelpful message when ASSET_DIR is not set. 1923811 - Registry claims Available=True despite .status.readyReplicas == 0 while .spec.replicas == 2 1923847 - Error occurs when creating pods if configuring multiple key-only labels in default cluster-wide node selectors or project-wide node selectors 1923984 - Incorrect anti-affinity for UWM prometheus 1924020 - panic: runtime error: index out of range [0] with length 0 1924075 - kuryr-controller restart when enablePortPoolsPrepopulation = true 1924083 - "Activity" Pane of Persistent Storage tab shows events related to Noobaa too 1924140 - [OSP] Typo in OPENSHFIT_INSTALL_SKIP_PREFLIGHT_VALIDATIONS variable 1924171 - ovn-kube must handle single-stack to dual-stack migration 1924358 - metal UPI setup fails, no worker nodes 1924502 - Failed to start transient scope unit: Argument list too long / systemd[1]: Failed to set up mount unit: Invalid argument 1924536 - 'More about Insights' link points to support link 1924585 - "Edit Annotation" are not correctly translated in Chinese 1924586 - Control Plane status and Operators status are not fully internationalized 1924641 - [User Experience] The message "Missing storage class" needs to be displayed after user clicks Next and needs to be rephrased 1924663 - Insights operator should collect related pod logs when operator is degraded 1924701 - Cluster destroy fails when using byo with Kuryr 1924728 - Difficult to identify deployment issue if the destination disk is too small 1924729 - Create Storageclass for CephFS provisioner assumes incorrect default FSName in external mode (side-effect of fix for Bug 1878086) 1924747 - InventoryItem doesn't internationalize resource kind 1924788 - Not clear error message when there are no NADs available for the user 1924816 - Misleading error messages in ironic-conductor log 1924869 - selinux avc deny after installing OCP 4.7 1924916 - PVC reported as Uploading when it is actually cloning 1924917 - kuryr-controller in crash loop if IP is removed from secondary interfaces 1924953 - newly added 'excessive etcd leader changes' test case failing in serial job 1924968 - Monitoring list page filter options are not translated 1924983 - some components in utils directory not localized 1925017 - [UI] VM Details-> Network Interfaces, 'Name,' is displayed instead on 'Name' 1925061 - Prometheus backed by a PVC may start consuming a lot of RAM after 4.6 -> 4.7 upgrade due to series churn 1925083 - Some texts are not marked for translation on idp creation page. 1925087 - Add i18n support for the Secret page 1925148 - Shouldn't create the redundant imagestream when use `oc new-app --name=testapp2 -i ` with exist imagestream 1925207 - VM from custom template - cloudinit disk is not added if creating the VM from custom template using customization wizard 1925216 - openshift installer fails immediately failed to fetch Install Config 1925236 - OpenShift Route targets every port of a multi-port service 1925245 - oc idle: Clusters upgrading with an idled workload do not have annotations on the workload's service 1925261 - Items marked as mandatory in KMS Provider form are not enforced 1925291 - Baremetal IPI - While deploying with IPv6 provision network with subnet other than /64 masters fail to PXE boot 1925343 - [ci] e2e-metal tests are not using reserved instances 1925493 - Enable snapshot e2e tests 1925586 - cluster-etcd-operator is leaking transports 1925614 - Error: InstallPlan.operators.coreos.com not found 1925698 - On GCP, load balancers report kube-apiserver fails its /readyz check 50% of the time, causing load balancer backend churn and disruptions to apiservers 1926029 - [RFE] Either disable save or give warning when no disks support snapshot 1926054 - Localvolume CR is created successfully, when the storageclass name defined in the localvolume exists. 1926072 - Close button (X) does not work in the new "Storage cluster exists" Warning alert message(introduced via fix for Bug 1867400) 1926082 - Insights operator should not go degraded during upgrade 1926106 - [ja_JP][zh_CN] Create Project, Delete Project and Delete PVC modal are not fully internationalized 1926115 - Texts in “Insights” popover on overview page are not marked for i18n 1926123 - Pseudo bug: revert "force cert rotation every couple days for development" in 4.7 1926126 - some kebab/action menu translation issues 1926131 - Add HPA page is not fully internationalized 1926146 - [sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should be able to connect to a service that is idled because a GET on the route will unidle it 1926154 - Create new pool with arbiter - wrong replica 1926278 - [oVirt] consume K8S 1.20 packages 1926279 - Pod ignores mtu setting from sriovNetworkNodePolicies in case of PF partitioning 1926285 - ignore pod not found status messages 1926289 - Accessibility: Modal content hidden from screen readers 1926310 - CannotRetrieveUpdates alerts on Critical severity 1926329 - [Assisted-4.7][Staging] monitoring stack in staging is being overloaded by the amount of metrics being exposed by assisted-installer pods and scraped by prometheus. 1926336 - Service details can overflow boxes at some screen widths 1926346 - move to go 1.15 and registry.ci.openshift.org 1926364 - Installer timeouts because proxy blocked connection to Ironic API running on bootstrap VM 1926465 - bootstrap kube-apiserver does not have --advertise-address set – was: [BM][IPI][DualStack] Installation fails cause Kubernetes service doesn't have IPv6 endpoints 1926484 - API server exits non-zero on 2 SIGTERM signals 1926547 - OpenShift installer not reporting IAM permission issue when removing the Shared Subnet Tag 1926579 - Setting .spec.policy is deprecated and will be removed eventually. Please use .spec.profile instead is being logged every 3 seconds in scheduler operator log 1926598 - Duplicate alert rules are displayed on console for thanos-querier api return wrong results 1926776 - "Template support" modal appears when select the RHEL6 common template 1926835 - [e2e][automation] prow gating use unsupported CDI version 1926843 - pipeline with finally tasks status is improper 1926867 - openshift-apiserver Available is False with 3 pods not ready for a while during upgrade 1926893 - When deploying the operator via OLM (after creating the respective catalogsource), the deployment "lost" the `resources` section. 1926903 - NTO may fail to disable stalld when relying on Tuned '[service]' plugin 1926931 - Inconsistent ovs-flow rule on one of the app node for egress node 1926943 - vsphere-problem-detector: Alerts in CI jobs 1926977 - [sig-devex][Feature:ImageEcosystem][Slow] openshift sample application repositories rails/nodejs 1927013 - Tables don't render properly at smaller screen widths 1927017 - CCO does not relinquish leadership when restarting for proxy CA change 1927042 - Empty static pod files on UPI deployments are confusing 1927047 - multiple external gateway pods will not work in ingress with IP fragmentation 1927068 - Workers fail to PXE boot when IPv6 provisionining network has subnet other than /64 1927075 - [e2e][automation] Fix pvc string in pvc.view 1927118 - OCP 4.7: NVIDIA GPU Operator DCGM metrics not displayed in OpenShift Console Monitoring Metrics page 1927244 - UPI installation with Kuryr timing out on bootstrap stage 1927263 - kubelet service takes around 43 secs to start container when started from stopped state 1927264 - FailedCreatePodSandBox due to multus inability to reach apiserver 1927310 - Performance: Console makes unnecessary requests for en-US messages on load 1927340 - Race condition in OperatorCondition reconcilation 1927366 - OVS configuration service unable to clone NetworkManager's connections in the overlay FS 1927391 - Fix flake in TestSyncPodsDeletesWhenSourcesAreReady 1927393 - 4.7 still points to 4.6 catalog images 1927397 - p&f: add auto update for priority & fairness bootstrap configuration objects 1927423 - Happy "Not Found" and no visible error messages on error-list page when /silences 504s 1927465 - Homepage dashboard content not internationalized 1927678 - Reboot interface defaults to softPowerOff so fencing is too slow 1927731 - /usr/lib/dracut/modules.d/30ignition/ignition --version sigsev 1927797 - 'Pod(s)' should be included in the pod donut label when a horizontal pod autoscaler is enabled 1927882 - Can't create cluster role binding from UI when a project is selected 1927895 - global RuntimeConfig is overwritten with merge result 1927898 - i18n Admin Notifier 1927902 - i18n Cluster Utilization dashboard duration 1927903 - "CannotRetrieveUpdates" - critical error in openshift web console 1927925 - Manually misspelled as Manualy 1927941 - StatusDescriptor detail item and Status component can cause runtime error when the status is an object or array 1927942 - etcd should use socket option (SO_REUSEADDR) instead of wait for port release on process restart 1927944 - cluster version operator cycles terminating state waiting for leader election 1927993 - Documentation Links in OKD Web Console are not Working 1928008 - Incorrect behavior when we click back button after viewing the node details in Internal-attached mode 1928045 - N+1 scaling Info message says "single zone" even if the nodes are spread across 2 or 0 zones 1928147 - Domain search set in the required domains in Option 119 of DHCP Server is ignored by RHCOS on RHV 1928157 - 4.7 CNO claims to be done upgrading before it even starts 1928164 - Traffic to outside the cluster redirected when OVN is used and NodePort service is configured 1928297 - HAProxy fails with 500 on some requests 1928473 - NetworkManager overlay FS not being created on None platform 1928512 - sap license management logs gatherer 1928537 - Cannot IPI with tang/tpm disk encryption 1928640 - Definite error message when using StorageClass based on azure-file / Premium_LRS 1928658 - Update plugins and Jenkins version to prepare openshift-sync-plugin 1.0.46 release 1928850 - Unable to pull images due to limited quota on Docker Hub 1928851 - manually creating NetNamespaces will break things and this is not obvious 1928867 - golden images - DV should not be created with WaitForFirstConsumer 1928869 - Remove css required to fix search bug in console caused by pf issue in 2021.1 1928875 - Update translations 1928893 - Memory Pressure Drop Down Info is stating "Disk" capacity is low instead of memory 1928931 - DNSRecord CRD is using deprecated v1beta1 API 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1929052 - Add new Jenkins agent maven dir for 3.6 1929056 - kube-apiserver-availability.rules are failing evaluation 1929110 - LoadBalancer service check test fails during vsphere upgrade 1929136 - openshift isn't able to mount nfs manila shares to pods 1929175 - LocalVolumeSet: PV is created on disk belonging to other provisioner 1929243 - Namespace column missing in Nodes Node Details / pods tab 1929277 - Monitoring workloads using too high a priorityclass 1929281 - Update Tech Preview badge to transparent border color when upgrading to PatternFly v4.87.1 1929314 - ovn-kubernetes endpoint slice controller doesn't run on CI jobs 1929359 - etcd-quorum-guard uses origin-cli [4.8] 1929577 - Edit Application action overwrites Deployment envFrom values on save 1929654 - Registry for Azure uses legacy V1 StorageAccount 1929693 - Pod stuck at "ContainerCreating" status 1929733 - oVirt CSI driver operator is constantly restarting 1929769 - Getting 404 after switching user perspective in another tab and reload Project details 1929803 - Pipelines shown in edit flow for Workloads created via ContainerImage flow 1929824 - fix alerting on volume name check for vsphere 1929917 - Bare-metal operator is firing for ClusterOperatorDown for 15m during 4.6 to 4.7 upgrade 1929944 - The etcdInsufficientMembers alert fires incorrectly when any instance is down and not when quorum is lost 1930007 - filter dropdown item filter and resource list dropdown item filter doesn't support multi selection 1930015 - OS list is overlapped by buttons in template wizard 1930064 - Web console crashes during VM creation from template when no storage classes are defined 1930220 - Cinder CSI driver is not able to mount volumes under heavier load 1930240 - Generated clouds.yaml incomplete when provisioning network is disabled 1930248 - After creating a remediation flow and rebooting a worker there is no access to the openshift-web-console 1930268 - intel vfio devices are not expose as resources 1930356 - Darwin binary missing from mirror.openshift.com 1930393 - Gather info about unhealthy SAP pods 1930546 - Monitoring-dashboard-workload keep loading when user with cluster-role cluster-monitoring-view login develoer console 1930570 - Jenkins templates are displayed in Developer Catalog twice 1930620 - the logLevel field in containerruntimeconfig can't be set to "trace" 1930631 - Image local-storage-mustgather in the doc does not come from product registry 1930893 - Backport upstream patch 98956 for pod terminations 1931005 - Related objects page doesn't show the object when its name is empty 1931103 - remove periodic log within kubelet 1931115 - Azure cluster install fails with worker type workers Standard_D4_v2 1931215 - [RFE] Cluster-api-provider-ovirt should handle affinity groups 1931217 - [RFE] Installer should create RHV Affinity group for OCP cluster VMS 1931467 - Kubelet consuming a large amount of CPU and memory and node becoming unhealthy 1931505 - [IPI baremetal] Two nodes hold the VIP post remove and start of the Keepalived container 1931522 - Fresh UPI install on BM with bonding using OVN Kubernetes fails 1931529 - SNO: mentioning of 4 nodes in error message - Cluster network CIDR prefix 24 does not contain enough addresses for 4 hosts each one with 25 prefix (128 addresses) 1931629 - Conversational Hub Fails due to ImagePullBackOff 1931637 - Kubeturbo Operator fails due to ImagePullBackOff 1931652 - [single-node] etcd: discover-etcd-initial-cluster graceful termination race. 1931658 - [single-node] cluster-etcd-operator: cluster never pivots from bootstrapIP endpoint 1931674 - [Kuryr] Enforce nodes MTU for the Namespaces and Pods 1931852 - Ignition HTTP GET is failing, because DHCP IPv4 config is failing silently 1931883 - Fail to install Volume Expander Operator due to CrashLookBackOff 1931949 - Red Hat Integration Camel-K Operator keeps stuck in Pending state 1931974 - Operators cannot access kubeapi endpoint on OVNKubernetes on ipv6 1931997 - network-check-target causes upgrade to fail from 4.6.18 to 4.7 1932001 - Only one of multiple subscriptions to the same package is honored 1932097 - Apiserver liveness probe is marking it as unhealthy during normal shutdown 1932105 - machine-config ClusterOperator claims level while control-plane still updating 1932133 - AWS EBS CSI Driver doesn’t support “csi.storage.k8s.io/fsTyps” parameter 1932135 - When “iopsPerGB” parameter is not set, event for AWS EBS CSI Driver provisioning is not clear 1932152 - When “iopsPerGB” parameter is set to a wrong number, events for AWS EBS CSI Driver provisioning are not clear 1932154 - [AWS ] machine stuck in provisioned phase , no warnings or errors 1932182 - catalog operator causing CPU spikes and bad etcd performance 1932229 - Can’t find kubelet metrics for aws ebs csi volumes 1932281 - [Assisted-4.7][UI] Unable to change upgrade channel once upgrades were discovered 1932323 - CVE-2021-26540 sanitize-html: improper validation of hostnames set by the "allowedIframeHostnames" option can lead to bypass hostname whitelist for iframe element 1932324 - CRIO fails to create a Pod in sandbox stage - starting container process caused: process_linux.go:472: container init caused: Running hook #0:: error running hook: exit status 255, stdout: , stderr: \"\n" 1932362 - CVE-2021-26539 sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation 1932401 - Cluster Ingress Operator degrades if external LB redirects http to https because of new "canary" route 1932453 - Update Japanese timestamp format 1932472 - Edit Form/YAML switchers cause weird collapsing/code-folding issue 1932487 - [OKD] origin-branding manifest is missing cluster profile annotations 1932502 - Setting MTU for a bond interface using Kernel arguments is not working 1932618 - Alerts during a test run should fail the test job, but were not 1932624 - ClusterMonitoringOperatorReconciliationErrors is pending at the end of an upgrade and probably should not be 1932626 - During a 4.8 GCP upgrade OLM fires an alert indicating the operator is unhealthy 1932673 - Virtual machine template provided by red hat should not be editable. The UI allows to edit and then reverse the change after it was made 1932789 - Proxy with port is unable to be validated if it overlaps with service/cluster network 1932799 - During a hive driven baremetal installation the process does not go beyond 80% in the bootstrap VM 1932805 - e2e: test OAuth API connections in the tests by that name 1932816 - No new local storage operator bundle image is built 1932834 - enforce the use of hashed access/authorize tokens 1933101 - Can not upgrade a Helm Chart that uses a library chart in the OpenShift dev console 1933102 - Canary daemonset uses default node selector 1933114 - [sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should be able to connect to a service that is idled because a GET on the route will unidle it [Suite:openshift/conformance/parallel/minimal] 1933159 - multus DaemonSets should use maxUnavailable: 33% 1933173 - openshift-sdn/sdn DaemonSet should use maxUnavailable: 10% 1933174 - openshift-sdn/ovs DaemonSet should use maxUnavailable: 10% 1933179 - network-check-target DaemonSet should use maxUnavailable: 10% 1933180 - openshift-image-registry/node-ca DaemonSet should use maxUnavailable: 10% 1933184 - openshift-cluster-csi-drivers DaemonSets should use maxUnavailable: 10% 1933263 - user manifest with nodeport services causes bootstrap to block 1933269 - Cluster unstable replacing an unhealthy etcd member 1933284 - Samples in CRD creation are ordered arbitarly 1933414 - Machines are created with unexpected name for Ports 1933599 - bump k8s.io/apiserver to 1.20.3 1933630 - [Local Volume] Provision disk failed when disk label has unsupported value like ":" 1933664 - Getting Forbidden for image in a container template when creating a sample app 1933708 - Grafana is not displaying deployment config resources in dashboard `Default /Kubernetes / Compute Resources / Namespace (Workloads)` 1933711 - EgressDNS: Keep short lived records at most 30s 1933730 - [AI-UI-Wizard] Toggling "Use extra disks for local storage" checkbox highlights the "Next" button to move forward but grays out once clicked 1933761 - Cluster DNS service caps TTLs too low and thus evicts from its cache too aggressively 1933772 - MCD Crash Loop Backoff 1933805 - TargetDown alert fires during upgrades because of normal upgrade behavior 1933857 - Details page can throw an uncaught exception if kindObj prop is undefined 1933880 - Kuryr-Controller crashes when it's missing the status object 1934021 - High RAM usage on machine api termination node system oom 1934071 - etcd consuming high amount of memory and CPU after upgrade to 4.6.17 1934080 - Both old and new Clusterlogging CSVs stuck in Pending during upgrade 1934085 - Scheduling conformance tests failing in a single node cluster 1934107 - cluster-authentication-operator builds URL incorrectly for IPv6 1934112 - Add memory and uptime metadata to IO archive 1934113 - mcd panic when there's not enough free disk space 1934123 - [OSP] First public endpoint is used to fetch ignition config from Glance URL (with multiple endpoints) on OSP 1934163 - Thanos Querier restarting and gettin alert ThanosQueryHttpRequestQueryRangeErrorRateHigh 1934174 - rootfs too small when enabling NBDE 1934176 - Machine Config Operator degrades during cluster update with failed to convert Ignition config spec v2 to v3 1934177 - knative-camel-operator CreateContainerError "container_linux.go:366: starting container process caused: chdir to cwd (\"/home/nonroot\") set in config.json failed: permission denied" 1934216 - machineset-controller stuck in CrashLoopBackOff after upgrade to 4.7.0 1934229 - List page text filter has input lag 1934397 - Extend OLM operator gatherer to include Operator/ClusterServiceVersion conditions 1934400 - [ocp_4][4.6][apiserver-auth] OAuth API servers are not ready - PreconditionNotReady 1934516 - Setup different priority classes for prometheus-k8s and prometheus-user-workload pods 1934556 - OCP-Metal images 1934557 - RHCOS boot image bump for LUKS fixes 1934643 - Need BFD failover capability on ECMP routes 1934711 - openshift-ovn-kubernetes ovnkube-node DaemonSet should use maxUnavailable: 10% 1934773 - Canary client should perform canary probes explicitly over HTTPS (rather than redirect from HTTP) 1934905 - CoreDNS's "errors" plugin is not enabled for custom upstream resolvers 1935058 - Can’t finish install sts clusters on aws government region 1935102 - Error: specifying a root certificates file with the insecure flag is not allowed during oc login 1935155 - IGMP/MLD packets being dropped 1935157 - [e2e][automation] environment tests broken 1935165 - OCP 4.6 Build fails when filename contains an umlaut 1935176 - Missing an indication whether the deployed setup is SNO. 1935269 - Topology operator group shows child Jobs. Not shown in details view's resources. 1935419 - Failed to scale worker using virtualmedia on Dell R640 1935528 - [AWS][Proxy] ingress reports degrade with CanaryChecksSucceeding=False in the cluster with proxy setting 1935539 - Openshift-apiserver CO unavailable during cluster upgrade from 4.6 to 4.7 1935541 - console operator panics in DefaultDeployment with nil cm 1935582 - prometheus liveness probes cause issues while replaying WAL 1935604 - high CPU usage fails ingress controller 1935667 - pipelinerun status icon rendering issue 1935706 - test: Detect when the master pool is still updating after upgrade 1935732 - Update Jenkins agent maven directory to be version agnostic [ART ocp build data] 1935814 - Pod and Node lists eventually have incorrect row heights when additional columns have long text 1935909 - New CSV using ServiceAccount named "default" stuck in Pending during upgrade 1936022 - DNS operator performs spurious updates in response to API's defaulting of daemonset's terminationGracePeriod and service's clusterIPs 1936030 - Ingress operator performs spurious updates in response to API's defaulting of NodePort service's clusterIPs field 1936223 - The IPI installer has a typo. It is missing the word "the" in "the Engine". 1936336 - Updating multus-cni builder & base images to be consistent with ART 4.8 (closed) 1936342 - kuryr-controller restarting after 3 days cluster running - pools without members 1936443 - Hive based OCP IPI baremetal installation fails to connect to API VIP port 22623 1936488 - [sig-instrumentation][Late] Alerts shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured: Prometheus query error 1936515 - sdn-controller is missing some health checks 1936534 - When creating a worker with a used mac-address stuck on registering 1936585 - configure alerts if the catalogsources are missing 1936620 - OLM checkbox descriptor renders switch instead of checkbox 1936721 - network-metrics-deamon not associated with a priorityClassName 1936771 - [aws ebs csi driver] The event for Pod consuming a readonly PVC is not clear 1936785 - Configmap gatherer doesn't include namespace name (in the archive path) in case of a configmap with binary data 1936788 - RBD RWX PVC creation with Filesystem volume mode selection is creating RWX PVC with Block volume mode instead of disabling Filesystem volume mode selection 1936798 - Authentication log gatherer shouldn't scan all the pod logs in the openshift-authentication namespace 1936801 - Support ServiceBinding 0.5.0+ 1936854 - Incorrect imagestream is shown as selected in knative service container image edit flow 1936857 - e2e-ovirt-ipi-install-install is permafailing on 4.5 nightlies 1936859 - ovirt 4.4 -> 4.5 upgrade jobs are permafailing 1936867 - Periodic vsphere IPI install is broken - missing pip 1936871 - [Cinder CSI] Topology aware provisioning doesn't work when Nova and Cinder AZs are different 1936904 - Wrong output YAML when syncing groups without --confirm 1936983 - Topology view - vm details screen isntt stop loading 1937005 - when kuryr quotas are unlimited, we should not sent alerts 1937018 - FilterToolbar component does not handle 'null' value for 'rowFilters' prop 1937020 - Release new from image stream chooses incorrect ID based on status 1937077 - Blank White page on Topology 1937102 - Pod Containers Page Not Translated 1937122 - CAPBM changes to support flexible reboot modes 1937145 - [Local storage] PV provisioned by localvolumeset stays in "Released" status after the pod/pvc deleted 1937167 - [sig-arch] Managed cluster should have no crashlooping pods in core namespaces over four minutes 1937244 - [Local Storage] The model name of aws EBS doesn't be extracted well 1937299 - pod.spec.volumes.awsElasticBlockStore.partition is not respected on NVMe volumes 1937452 - cluster-network-operator CI linting fails in master branch 1937459 - Wrong Subnet retrieved for Service without Selector 1937460 - [CI] Network quota pre-flight checks are failing the installation 1937464 - openstack cloud credentials are not getting configured with correct user_domain_name across the cluster 1937466 - KubeClientCertificateExpiration alert is confusing, without explanation in the documentation 1937496 - Metrics viewer in OCP Console is missing date in a timestamp for selected datapoint 1937535 - Not all image pulls within OpenShift builds retry 1937594 - multiple pods in ContainerCreating state after migration from OpenshiftSDN to OVNKubernetes 1937627 - Bump DEFAULT_DOC_URL for 4.8 1937628 - Bump upgrade channels for 4.8 1937658 - Description for storage class encryption during storagecluster creation needs to be updated 1937666 - Mouseover on headline 1937683 - Wrong icon classification of output in buildConfig when the destination is a DockerImage 1937693 - ironic image "/" cluttered with files 1937694 - [oVirt] split ovirt providerIDReconciler logic into NodeController and ProviderIDController 1937717 - If browser default font size is 20, the layout of template screen breaks 1937722 - OCP 4.8 vuln due to BZ 1936445 1937929 - Operand page shows a 404:Not Found error for OpenShift GitOps Operator 1937941 - [RFE]fix wording for favorite templates 1937972 - Router HAProxy config file template is slow to render due to repetitive regex compilations 1938131 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1938321 - Cannot view PackageManifest objects in YAML on 'Home > Search' page nor 'CatalogSource details > Operators tab' 1938465 - thanos-querier should set a CPU request on the thanos-query container 1938466 - packageserver deployment sets neither CPU or memory request on the packageserver container 1938467 - The default cluster-autoscaler should get default cpu and memory requests if user omits them 1938468 - kube-scheduler-operator has a container without a CPU request 1938492 - Marketplace extract container does not request CPU or memory 1938493 - machine-api-operator declares restrictive cpu and memory limits where it should not 1938636 - Can't set the loglevel of the container: cluster-policy-controller and kube-controller-manager-recovery-controller 1938903 - Time range on dashboard page will be empty after drog and drop mouse in the graph 1938920 - ovnkube-master/ovs-node DaemonSets should use maxUnavailable: 10% 1938947 - Update blocked from 4.6 to 4.7 when using spot/preemptible instances 1938949 - [VPA] Updater failed to trigger evictions due to "vpa-admission-controller" not found 1939054 - machine healthcheck kills aws spot instance before generated 1939060 - CNO: nodes and masters are upgrading simultaneously 1939069 - Add source to vm template silently failed when no storage class is defined in the cluster 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1939168 - Builds failing for OCP 3.11 since PR#25 was merged 1939226 - kube-apiserver readiness probe appears to be hitting /healthz, not /readyz 1939227 - kube-apiserver liveness probe appears to be hitting /healthz, not /livez 1939232 - CI tests using openshift/hello-world broken by Ruby Version Update 1939270 - fix co upgradeableFalse status and reason 1939294 - OLM may not delete pods with grace period zero (force delete) 1939412 - missed labels for thanos-ruler pods 1939485 - CVE-2021-20291 containers/storage: DoS via malicious image 1939547 - Include container="POD" in resource queries 1939555 - VSphereProblemDetectorControllerDegraded: context canceled during upgrade to 4.8.0 1939573 - after entering valid git repo url on add flow page, throwing warning message instead Validated 1939580 - Authentication operator is degraded during 4.8 to 4.8 upgrade and normal 4.8 e2e runs 1939606 - Attempting to put a host into maintenance mode warns about Ceph cluster health, but no storage cluster problems are apparent 1939661 - support new AWS region ap-northeast-3 1939726 - clusteroperator/network should not change condition/Degraded during normal serial test execution 1939731 - Image registry operator reports unavailable during normal serial run 1939734 - Node Fanout Causes Excessive WATCH Secret Calls, Taking Down Clusters 1939740 - dual stack nodes with OVN single ipv6 fails on bootstrap phase 1939752 - ovnkube-master sbdb container does not set requests on cpu or memory 1939753 - Delete HCO is stucking if there is still VM in the cluster 1939815 - Change the Warning Alert for Encrypted PVs in Create StorageClass(provisioner:RBD) page 1939853 - [DOC] Creating manifests API should not allow folder in the "file_name" 1939865 - GCP PD CSI driver does not have CSIDriver instance 1939869 - [e2e][automation] Add annotations to datavolume for HPP 1939873 - Unlimited number of characters accepted for base domain name 1939943 - `cluster-kube-apiserver-operator check-endpoints` observed a panic: runtime error: invalid memory address or nil pointer dereference 1940030 - cluster-resource-override: fix spelling mistake for run-level match expression in webhook configuration 1940057 - Openshift builds should use a wach instead of polling when checking for pod status 1940142 - 4.6->4.7 updates stick on OpenStackCinderCSIDriverOperatorCR_OpenStackCinderDriverControllerServiceController_Deploying 1940159 - [OSP] cluster destruction fails to remove router in BYON (with provider network) with Kuryr as primary network 1940206 - Selector and VolumeTableRows not i18ned 1940207 - 4.7->4.6 rollbacks stuck on prometheusrules admission webhook "no route to host" 1940314 - Failed to get type for Dashboard Kubernetes / Compute Resources / Namespace (Workloads) 1940318 - No data under 'Current Bandwidth' for Dashboard 'Kubernetes / Networking / Pod' 1940322 - Split of dashbard is wrong, many Network parts 1940337 - rhos-ipi installer fails with not clear message when openstack tenant doesn't have flavors needed for compute machines 1940361 - [e2e][automation] Fix vm action tests with storageclass HPP 1940432 - Gather datahubs.installers.datahub.sap.com resources from SAP clusters 1940488 - After fix for CVE-2021-3344, Builds do not mount node entitlement keys 1940498 - pods may fail to add logical port due to lr-nat-del/lr-nat-add error messages 1940499 - hybrid-overlay not logging properly before exiting due to an error 1940518 - Components in bare metal components lack resource requests 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1940704 - prjquota is dropped from rootflags if rootfs is reprovisioned 1940755 - [Web-console][Local Storage] LocalVolumeSet could not be created from web-console without detail error info 1940865 - Add BareMetalPlatformType into e2e upgrade service unsupported list 1940876 - Components in ovirt components lack resource requests 1940889 - Installation failures in OpenStack release jobs 1940933 - [sig-arch] Check if alerts are firing during or after upgrade success: AggregatedAPIDown on v1beta1.metrics.k8s.io 1940939 - Wrong Openshift node IP as kubelet setting VIP as node IP 1940940 - csi-snapshot-controller goes unavailable when machines are added removed to cluster 1940950 - vsphere: client/bootstrap CSR double create 1940972 - vsphere: [4.6] CSR approval delayed for unknown reason 1941000 - cinder storageclass creates persistent volumes with wrong label failure-domain.beta.kubernetes.io/zone in multi availability zones architecture on OSP 16. 1941334 - [RFE] Cluster-api-provider-ovirt should handle auto pinning policy 1941342 - Add `kata-osbuilder-generate.service` as part of the default presets 1941456 - Multiple pods stuck in ContainerCreating status with the message "failed to create container for [kubepods burstable podxxx] : dbus: connection closed by user" being seen in the journal log 1941526 - controller-manager-operator: Observed a panic: nil pointer dereference 1941592 - HAProxyDown not Firing 1941606 - [assisted operator] Assisted Installer Operator CSV related images should be digests for icsp 1941625 - Developer -> Topology - i18n misses 1941635 - Developer -> Monitoring - i18n misses 1941636 - BM worker nodes deployment with virtual media failed while trying to clean raid 1941645 - Developer -> Builds - i18n misses 1941655 - Developer -> Pipelines - i18n misses 1941667 - Developer -> Project - i18n misses 1941669 - Developer -> ConfigMaps - i18n misses 1941759 - Errored pre-flight checks should not prevent install 1941798 - Some details pages don't have internationalized ResourceKind labels 1941801 - Many filter toolbar dropdowns haven't been internationalized 1941815 - From the web console the terminal can no longer connect after using leaving and returning to the terminal view 1941859 - [assisted operator] assisted pod deploy first time in error state 1941901 - Toleration merge logic does not account for multiple entries with the same key 1941915 - No validation against template name in boot source customization 1941936 - when setting parameters in containerRuntimeConfig, it will show incorrect information on its description 1941980 - cluster-kube-descheduler operator is broken when upgraded from 4.7 to 4.8 1941990 - Pipeline metrics endpoint changed in osp-1.4 1941995 - fix backwards incompatible trigger api changes in osp1.4 1942086 - Administrator -> Home - i18n misses 1942117 - Administrator -> Workloads - i18n misses 1942125 - Administrator -> Serverless - i18n misses 1942193 - Operand creation form - broken/cutoff blue line on the Accordion component (fieldGroup) 1942207 - [vsphere] hostname are changed when upgrading from 4.6 to 4.7.x causing upgrades to fail 1942271 - Insights operator doesn't gather pod information from openshift-cluster-version 1942375 - CRI-O failing with error "reserving ctr name" 1942395 - The status is always "Updating" on dc detail page after deployment has failed. 1942521 - [Assisted-4.7] [Staging][OCS] Minimum memory for selected role is failing although minimum OCP requirement satisfied 1942522 - Resolution fails to sort channel if inner entry does not satisfy predicate 1942536 - Corrupted image preventing containers from starting 1942548 - Administrator -> Networking - i18n misses 1942553 - CVE-2021-22133 go.elastic.co/apm: leaks sensitive HTTP headers during panic 1942555 - Network policies in ovn-kubernetes don't support external traffic from router when the endpoint publishing strategy is HostNetwork 1942557 - Query is reporting "no datapoint" when label cluster="" is set but work when the label is removed or when running directly in Prometheus 1942608 - crictl cannot list the images with an error: error locating item named "manifest" for image with ID 1942614 - Administrator -> Storage - i18n misses 1942641 - Administrator -> Builds - i18n misses 1942673 - Administrator -> Pipelines - i18n misses 1942694 - Resource names with a colon do not display property in the browser window title 1942715 - Administrator -> User Management - i18n misses 1942716 - Quay Container Security operator has Medium <-> Low colors reversed 1942725 - [SCC] openshift-apiserver degraded when creating new pod after installing Stackrox which creates a less privileged SCC [4.8] 1942736 - Administrator -> Administration - i18n misses 1942749 - Install Operator form should use info icon for popovers 1942837 - [OCPv4.6] unable to deploy pod with unsafe sysctls 1942839 - Windows VMs fail to start on air-gapped environments 1942856 - Unable to assign nodes for EgressIP even if the egress-assignable label is set 1942858 - [RFE]Confusing detach volume UX 1942883 - AWS EBS CSI driver does not support partitions 1942894 - IPA error when provisioning masters due to an error from ironic.conductor - /dev/sda is busy 1942935 - must-gather improvements 1943145 - vsphere: client/bootstrap CSR double create 1943175 - unable to install IPI PRIVATE OpenShift cluster in Azure due to organization policies (set azure storage account TLS version default to 1.2) 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1943219 - unable to install IPI PRIVATE OpenShift cluster in Azure - SSH access from the Internet should be blocked 1943224 - cannot upgrade openshift-kube-descheduler from 4.7.2 to latest 1943238 - The conditions table does not occupy 100% of the width. 1943258 - [Assisted-4.7][Staging][Advanced Networking] Cluster install fails while waiting for control plane 1943314 - [OVN SCALE] Combine Logical Flows inside Southbound DB. 1943315 - avoid workload disruption for ICSP changes 1943320 - Baremetal node loses connectivity with bonded interface and OVNKubernetes 1943329 - TLSSecurityProfile missing from KubeletConfig CRD Manifest 1943356 - Dynamic plugins surfaced in the UI should be referred to as "Console plugins" 1943539 - crio-wipe is failing to start "Failed to shutdown storage before wiping: A layer is mounted: layer is in use by a container" 1943543 - DeploymentConfig Rollback doesn't reset params correctly 1943558 - [assisted operator] Assisted Service pod unable to reach self signed local registry in disco environement 1943578 - CoreDNS caches NXDOMAIN responses for up to 900 seconds 1943614 - add bracket logging on openshift/builder calls into buildah to assist test-platform team triage 1943637 - upgrade from ocp 4.5 to 4.6 does not clear SNAT rules on ovn 1943649 - don't use hello-openshift for network-check-target 1943667 - KubeDaemonSetRolloutStuck fires during upgrades too often because it does not accurately detect progress 1943719 - storage-operator/vsphere-problem-detector causing upgrades to fail that would have succeeded in past versions 1943804 - API server on AWS takes disruption between 70s and 110s after pod begins termination via external LB 1943845 - Router pods should have startup probes configured 1944121 - OVN-kubernetes references AddressSets after deleting them, causing ovn-controller errors 1944160 - CNO: nbctl daemon should log reconnection info 1944180 - OVN-Kube Master does not release election lock on shutdown 1944246 - Ironic fails to inspect and move node to "manageable' but get bmh remains in "inspecting" 1944268 - openshift-install AWS SDK is missing endpoints for the ap-northeast-3 region 1944509 - Translatable texts without context in ssh expose component 1944581 - oc project not works with cluster proxy 1944587 - VPA could not take actions based on the recommendation when min-replicas=1 1944590 - The field name "VolumeSnapshotContent" is wrong on VolumeSnapshotContent detail page 1944602 - Consistant fallures of features/project-creation.feature Cypress test in CI 1944631 - openshif authenticator should not accept non-hashed tokens 1944655 - [manila-csi-driver-operator] openstack-manila-csi-nodeplugin pods stucked with ".. still connecting to unix:///var/lib/kubelet/plugins/csi-nfsplugin/csi.sock" 1944660 - dm-multipath race condition on bare metal causing /boot partition mount failures 1944674 - Project field become to "All projects" and disabled in "Review and create virtual machine" step in devconsole 1944678 - Whereabouts IPAM CNI duplicate IP addresses assigned to pods 1944761 - field level help instances do not use common util component <FieldLevelHelp> 1944762 - Drain on worker node during an upgrade fails due to PDB set for image registry pod when only a single replica is present 1944763 - field level help instances do not use common util component <FieldLevelHelp> 1944853 - Update to nodejs >=14.15.4 for ARM 1944974 - Duplicate KubeControllerManagerDown/KubeSchedulerDown alerts 1944986 - Clarify the ContainerRuntimeConfiguration cr description on the validation 1945027 - Button 'Copy SSH Command' does not work 1945085 - Bring back API data in etcd test 1945091 - In k8s 1.21 bump Feature:IPv6DualStack tests are disabled 1945103 - 'User credentials' shows even the VM is not running 1945104 - In k8s 1.21 bump '[sig-storage] [cis-hostpath] [Testpattern: Generic Ephemeral-volume' tests are disabled 1945146 - Remove pipeline Tech preview badge for pipelines GA operator 1945236 - Bootstrap ignition shim doesn't follow proxy settings 1945261 - Operator dependency not consistently chosen from default channel 1945312 - project deletion does not reset UI project context 1945326 - console-operator: does not check route health periodically 1945387 - Image Registry deployment should have 2 replicas and hard anti-affinity rules 1945398 - 4.8 CI failure: [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial] 1945431 - alerts: SystemMemoryExceedsReservation triggers too quickly 1945443 - operator-lifecycle-manager-packageserver flaps Available=False with no reason or message 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1945548 - catalog resource update failed if spec.secrets set to "" 1945584 - Elasticsearch operator fails to install on 4.8 cluster on ppc64le/s390x 1945599 - Optionally set KERNEL_VERSION and RT_KERNEL_VERSION 1945630 - Pod log filename no longer in <pod-name>-<container-name>.log format 1945637 - QE- Automation- Fixing smoke test suite for pipeline-plugin 1945646 - gcp-routes.sh running as initrc_t unnecessarily 1945659 - [oVirt] remove ovirt_cafile from ovirt-credentials secret 1945677 - Need ACM Managed Cluster Info metric enabled for OCP monitoring telemetry 1945687 - Dockerfile needs updating to new container CI registry 1945700 - Syncing boot mode after changing device should be restricted to Supermicro 1945816 - " Ingresses " should be kept in English for Chinese 1945818 - Chinese translation issues: Operator should be the same with English `Operators` 1945849 - Unnecessary series churn when a new version of kube-state-metrics is rolled out 1945910 - [aws] support byo iam roles for instances 1945948 - SNO: pods can't reach ingress when the ingress uses a different IPv6. 1946079 - Virtual master is not getting an IP address 1946097 - [oVirt] oVirt credentials secret contains unnecessary "ovirt_cafile" 1946119 - panic parsing install-config 1946243 - No relevant error when pg limit is reached in block pools page 1946307 - [CI] [UPI] use a standardized and reliable way to install google cloud SDK in UPI image 1946320 - Incorrect error message in Deployment Attach Storage Page 1946449 - [e2e][automation] Fix cloud-init tests as UI changed 1946458 - Edit Application action overwrites Deployment envFrom values on save 1946459 - In bare metal IPv6 environment, [sig-storage] [Driver: nfs] tests are failing in CI. 1946479 - In k8s 1.21 bump BoundServiceAccountTokenVolume is disabled by default 1946497 - local-storage-diskmaker pod logs "DeviceSymlinkExists" and "not symlinking, could not get lock: <nil>" 1946506 - [on-prem] mDNS plugin no longer needed 1946513 - honor use specified system reserved with auto node sizing 1946540 - auth operator: only configure webhook authenticators for internal auth when oauth-apiserver pods are ready 1946584 - Machine-config controller fails to generate MC, when machine config pool with dashes in name presents under the cluster 1946607 - etcd readinessProbe is not reflective of actual readiness 1946705 - Fix issues with "search" capability in the Topology Quick Add component 1946751 - DAY2 Confusing event when trying to add hosts to a cluster that completed installation 1946788 - Serial tests are broken because of router 1946790 - Marketplace operator flakes Available=False OperatorStarting during updates 1946838 - Copied CSVs show up as adopted components 1946839 - [Azure] While mirroring images to private registry throwing error: invalid character '<' looking for beginning of value 1946865 - no "namespace:kube_pod_container_resource_requests_cpu_cores:sum" and "namespace:kube_pod_container_resource_requests_memory_bytes:sum" metrics 1946893 - the error messages are inconsistent in DNS status conditions if the default service IP is taken 1946922 - Ingress details page doesn't show referenced secret name and link 1946929 - the default dns operator's Progressing status is always True and cluster operator dns Progressing status is False 1947036 - "failed to create Matchbox client or connect" on e2e-metal jobs or metal clusters via cluster-bot 1947066 - machine-config-operator pod crashes when noProxy is * 1947067 - [Installer] Pick up upstream fix for installer console output 1947078 - Incorrect skipped status for conditional tasks in the pipeline run 1947080 - SNO IPv6 with 'temporary 60-day domain' option fails with IPv4 exception 1947154 - [master] [assisted operator] Unable to re-register an SNO instance if deleting CRDs during install 1947164 - Print "Successfully pushed" even if the build push fails. 1947176 - OVN-Kubernetes leaves stale AddressSets around if the deletion was missed. 1947293 - IPv6 provision addresses range larger then /64 prefix (e.g. /48) 1947311 - When adding a new node to localvolumediscovery UI does not show pre-existing node name's 1947360 - [vSphere csi driver operator] operator pod runs as “BestEffort” qosClass 1947371 - [vSphere csi driver operator] operator doesn't create “csidriver” instance 1947402 - Single Node cluster upgrade: AWS EBS CSI driver deployment is stuck on rollout 1947478 - discovery v1 beta1 EndpointSlice is deprecated in Kubernetes 1.21 (OCP 4.8) 1947490 - If Clevis on a managed LUKs volume with Ignition enables, the system will fails to automatically open the LUKs volume on system boot 1947498 - policy v1 beta1 PodDisruptionBudget is deprecated in Kubernetes 1.21 (OCP 4.8) 1947663 - disk details are not synced in web-console 1947665 - Internationalization values for ceph-storage-plugin should be in file named after plugin 1947684 - MCO on SNO sometimes has rendered configs and sometimes does not 1947712 - [OVN] Many faults and Polling interval stuck for 4 seconds every roughly 5 minutes intervals. 1947719 - 8 APIRemovedInNextReleaseInUse info alerts display 1947746 - Show wrong kubernetes version from kube-scheduler/kube-controller-manager operator pods 1947756 - [azure-disk-csi-driver-operator] Should allow more nodes to be updated simultaneously for speeding up cluster upgrade 1947767 - [azure-disk-csi-driver-operator] Uses the same storage type in the sc created by it as the default sc? 1947771 - [kube-descheduler]descheduler operator pod should not run as “BestEffort” qosClass 1947774 - CSI driver operators use "Always" imagePullPolicy in some containers 1947775 - [vSphere csi driver operator] doesn’t use the downstream images from payload. 1947776 - [vSphere csi driver operator] Should allow more nodes to be updated simultaneously for speeding up cluster upgrade 1947779 - [LSO] Should allow more nodes to be updated simultaneously for speeding up LSO upgrade 1947785 - Cloud Compute: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert 1947789 - Console: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert 1947791 - MCO: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert 1947793 - DevEx: APIRemovedInNextReleaseInUse info alerts display 1947794 - OLM: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component does not trigger APIRemovedInNextReleaseInUse alert 1947795 - Networking: APIRemovedInNextReleaseInUse info alerts display 1947797 - CVO: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert 1947798 - Images: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert 1947800 - Ingress: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert 1947801 - Kube Storage Version Migrator APIRemovedInNextReleaseInUse info alerts display 1947803 - Openshift Apiserver: APIRemovedInNextReleaseInUse info alerts display 1947806 - Re-enable h2spec, http/2 and grpc-interop e2e tests in openshift/origin 1947828 - `download it` link should save pod log in <pod-name>-<container-name>.log format 1947866 - disk.csi.azure.com.spec.operatorLogLevel is not updated when CSO loglevel is changed 1947917 - Egress Firewall does not reliably apply firewall rules 1947946 - Operator upgrades can delete existing CSV before completion 1948011 - openshift-controller-manager constantly reporting type "Upgradeable" status Unknown 1948012 - service-ca constantly reporting type "Upgradeable" status Unknown 1948019 - [4.8] Large number of requests to the infrastructure cinder volume service 1948022 - Some on-prem namespaces missing from must-gather 1948040 - cluster-etcd-operator: etcd is using deprecated logger 1948082 - Monitoring should not set Available=False with no reason on updates 1948137 - CNI DEL not called on node reboot - OCP 4 CRI-O. 1948232 - DNS operator performs spurious updates in response to API's defaulting of daemonset's maxSurge and service's ipFamilies and ipFamilyPolicy fields 1948311 - Some jobs failing due to excessive watches: the server has received too many requests and has asked us to try again later 1948359 - [aws] shared tag was not removed from user provided IAM role 1948410 - [LSO] Local Storage Operator uses imagePullPolicy as "Always" 1948415 - [vSphere csi driver operator] clustercsidriver.spec.logLevel doesn't take effective after changing 1948427 - No action is triggered after click 'Continue' button on 'Show community Operator' windows 1948431 - TechPreviewNoUpgrade does not enable CSI migration 1948436 - The outbound traffic was broken intermittently after shutdown one egressIP node 1948443 - OCP 4.8 nightly still showing v1.20 even after 1.21 merge 1948471 - [sig-auth][Feature:OpenShiftAuthorization][Serial] authorization TestAuthorizationResourceAccessReview should succeed [Suite:openshift/conformance/serial] 1948505 - [vSphere csi driver operator] vmware-vsphere-csi-driver-operator pod restart every 10 minutes 1948513 - get-resources.sh doesn't honor the no_proxy settings 1948524 - 'DeploymentUpdated' Updated Deployment.apps/downloads -n openshift-console because it changed message is printed every minute 1948546 - VM of worker is in error state when a network has port_security_enabled=False 1948553 - When setting etcd spec.LogLevel is not propagated to etcd operand 1948555 - A lot of events "rpc error: code = DeadlineExceeded desc = context deadline exceeded" were seen in azure disk csi driver verification test 1948563 - End-to-End Secure boot deployment fails "Invalid value for input variable" 1948582 - Need ability to specify local gateway mode in CNO config 1948585 - Need a CI jobs to test local gateway mode with bare metal 1948592 - [Cluster Network Operator] Missing Egress Router Controller 1948606 - DNS e2e test fails "[sig-arch] Only known images used by tests" because it does not use a known image 1948610 - External Storage [Driver: disk.csi.azure.com] [Testpattern: Dynamic PV (block volmode)] multiVolume [Slow] should access to two volumes with the same volume mode and retain data across pod recreation on the same node [LinuxOnly] 1948626 - TestRouteAdmissionPolicy e2e test is failing often 1948628 - ccoctl needs to plan for future (non-AWS) platform support in the CLI 1948634 - upgrades: allow upgrades without version change 1948640 - [Descheduler] operator log reports key failed with : kubedeschedulers.operator.openshift.io "cluster" not found 1948701 - unneeded CCO alert already covered by CVO 1948703 - p&f: probes should not get 429s 1948705 - [assisted operator] SNO deployment fails - ClusterDeployment shows `bootstrap.ign was not found` 1948706 - Cluster Autoscaler Operator manifests missing annotation for ibm-cloud-managed profile 1948708 - cluster-dns-operator includes a deployment with node selector of masters for the IBM cloud managed profile 1948711 - thanos querier and prometheus-adapter should have 2 replicas 1948714 - cluster-image-registry-operator targets master nodes in ibm-cloud-managed-profile 1948716 - cluster-ingress-operator deployment targets master nodes for ibm-cloud-managed profile 1948718 - cluster-network-operator deployment manifest for ibm-cloud-managed profile contains master node selector 1948719 - Machine API components should use 1.21 dependencies 1948721 - cluster-storage-operator deployment targets master nodes for ibm-cloud-managed profile 1948725 - operator lifecycle manager does not include profile annotations for ibm-cloud-managed 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1948771 - ~50% of GCP upgrade jobs in 4.8 failing with "AggregatedAPIDown" alert on packages.coreos.com 1948782 - Stale references to the single-node-production-edge cluster profile 1948787 - secret.StringData shouldn't be used for reads 1948788 - Clicking an empty metrics graph (when there is no data) should still open metrics viewer 1948789 - Clicking on a metrics graph should show request and limits queries as well on the resulting metrics page 1948919 - Need minor update in message on channel modal 1948923 - [aws] installer forces the platform.aws.amiID option to be set, while installing a cluster into GovCloud or C2S region 1948926 - Memory Usage of Dashboard 'Kubernetes / Compute Resources / Pod' contain wrong CPU query 1948936 - [e2e][automation][prow] Prow script point to deleted resource 1948943 - (release-4.8) Limit the number of collected pods in the workloads gatherer 1948953 - Uninitialized cloud provider error when provisioning a cinder volume 1948963 - [RFE] Cluster-api-provider-ovirt should handle hugepages 1948966 - Add the ability to run a gather done by IO via a Kubernetes Job 1948981 - Align dependencies and libraries with latest ironic code 1948998 - style fixes by GoLand and golangci-lint 1948999 - Can not assign multiple EgressIPs to a namespace by using automatic way. 1949019 - PersistentVolumes page cannot sync project status automatically which will block user to create PV 1949022 - Openshift 4 has a zombie problem 1949039 - Wrong env name to get podnetinfo for hugepage in app-netutil 1949041 - vsphere: wrong image names in bundle 1949042 - [sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should pass the http2 tests (on OpenStack) 1949050 - Bump k8s to latest 1.21 1949061 - [assisted operator][nmstate] Continuous attempts to reconcile InstallEnv in the case of invalid NMStateConfig 1949063 - [sig-network] Conntrack should be able to preserve UDP traffic when server pod cycles for a NodePort service 1949075 - Extend openshift/api for Add card customization 1949093 - PatternFly v4.96.2 regression results in a.pf-c-button hover issues 1949096 - Restore private git clone tests 1949099 - network-check-target code cleanup 1949105 - NetworkPolicy ... should enforce ingress policy allowing any port traffic to a server on a specific protocol 1949145 - Move openshift-user-critical priority class to CCO 1949155 - Console doesn't correctly check for favorited or last namespace on load if project picker used 1949180 - Pipelines plugin model kinds aren't picked up by parser 1949202 - sriov-network-operator not available from operatorhub on ppc64le 1949218 - ccoctl not included in container image 1949237 - Bump OVN: Lots of conjunction warnings in ovn-controller container logs 1949277 - operator-marketplace: deployment manifests for ibm-cloud-managed profile have master node selectors 1949294 - [assisted operator] OPENSHIFT_VERSIONS in assisted operator subscription does not propagate 1949306 - need a way to see top API accessors 1949313 - Rename vmware-vsphere-* images to vsphere-* images before 4.8 ships 1949316 - BaremetalHost resource automatedCleaningMode ignored due to outdated vendoring 1949347 - apiserver-watcher support for dual-stack 1949357 - manila-csi-controller pod not running due to secret lack(in another ns) 1949361 - CoreDNS resolution failure for external hostnames with "A: dns: overflow unpacking uint16" 1949364 - Mention scheduling profiles in scheduler operator repository 1949370 - Testability of: Static pod installer controller deadlocks with non-existing installer pod, WAS: kube-apisrever of clsuter operator always with incorrect status due to pleg error 1949384 - Edit Default Pull Secret modal - i18n misses 1949387 - Fix the typo in auto node sizing script 1949404 - label selector on pvc creation page - i18n misses 1949410 - The referred role doesn't exist if create rolebinding from rolebinding tab of role page 1949411 - VolumeSnapshot, VolumeSnapshotClass and VolumeSnapshotConent Details tab is not translated - i18n misses 1949413 - Automatic boot order setting is done incorrectly when using by-path style device names 1949418 - Controller factory workers should always restart on panic() 1949419 - oauth-apiserver logs "[SHOULD NOT HAPPEN] failed to update managedFields for authentication.k8s.io/v1, Kind=TokenReview: failed to convert new object (authentication.k8s.io/v1, Kind=TokenReview)" 1949420 - [azure csi driver operator] pvc.status.capacity and pv.spec.capacity are processed not the same as in-tree plugin 1949435 - ingressclass controller doesn't recreate the openshift-default ingressclass after deleting it 1949480 - Listeners timeout are constantly being updated 1949481 - cluster-samples-operator restarts approximately two times per day and logs too many same messages 1949509 - Kuryr should manage API LB instead of CNO 1949514 - URL is not visible for routes at narrow screen widths 1949554 - Metrics of vSphere CSI driver sidecars are not collected 1949582 - OCP v4.7 installation with OVN-Kubernetes fails with error "egress bandwidth restriction -1 is not equals" 1949589 - APIRemovedInNextEUSReleaseInUse Alert Missing 1949591 - Alert does not catch removed api usage during end-to-end tests. 1949593 - rename DeprecatedAPIInUse alert to APIRemovedInNextReleaseInUse 1949612 - Install with 1.21 Kubelet is spamming logs with failed to get stats failed command 'du' 1949626 - machine-api fails to create AWS client in new regions 1949661 - Kubelet Workloads Management changes for OCPNODE-529 1949664 - Spurious keepalived liveness probe failures 1949671 - System services such as openvswitch are stopped before pod containers on system shutdown or reboot 1949677 - multus is the first pod on a new node and the last to go ready 1949711 - cvo unable to reconcile deletion of openshift-monitoring namespace 1949721 - Pick 99237: Use the audit ID of a request for better correlation 1949741 - Bump golang version of cluster-machine-approver 1949799 - ingresscontroller should deny the setting when spec.tuningOptions.threadCount exceed 64 1949810 - OKD 4.7 unable to access Project Topology View 1949818 - Add e2e test to perform MCO operation Single Node OpenShift 1949820 - Unable to use `oc adm top is` shortcut when asking for `imagestreams` 1949862 - The ccoctl tool hits the panic sometime when running the delete subcommand 1949866 - The ccoctl fails to create authentication file when running the command `ccoctl aws create-identity-provider` with `--output-dir` parameter 1949880 - adding providerParameters.gcp.clientAccess to existing ingresscontroller doesn't work 1949882 - service-idler build error 1949898 - Backport RP#848 to OCP 4.8 1949907 - Gather summary of PodNetworkConnectivityChecks 1949923 - some defined rootVolumes zones not used on installation 1949928 - Samples Operator updates break CI tests 1949935 - Fix incorrect access review check on start pipeline kebab action 1949956 - kaso: add minreadyseconds to ensure we don't have an LB outage on kas 1949967 - Update Kube dependencies in MCO to 1.21 1949972 - Descheduler metrics: populate build info data and make the metrics entries more readeable 1949978 - [sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should pass the h2spec conformance tests [Suite:openshift/conformance/parallel/minimal] 1949990 - (release-4.8) Extend the OLM operator gatherer to include CSV display name 1949991 - openshift-marketplace pods are crashlooping 1950007 - [CI] [UPI] easy_install is not reliable enough to be used in an image 1950026 - [Descheduler] Need better way to handle evicted pod count for removeDuplicate pod strategy 1950047 - CSV deployment template custom annotations are not propagated to deployments 1950112 - SNO: machine-config pool is degraded: error running chcon -R -t var_run_t /run/mco-machine-os-content/os-content-321709791 1950113 - in-cluster operators need an API for additional AWS tags 1950133 - MCO creates empty conditions on the kubeletconfig object 1950159 - Downstream ovn-kubernetes repo should have no linter errors 1950175 - Update Jenkins and agent base image to Go 1.16 1950196 - ssh Key is added even with 'Expose SSH access to this virtual machine' unchecked 1950210 - VPA CRDs use deprecated API version 1950219 - KnativeServing is not shown in list on global config page 1950232 - [Descheduler] - The minKubeVersion should be 1.21 1950236 - Update OKD imagestreams to prefer centos7 images 1950270 - should use "kubernetes.io/os" in the dns/ingresscontroller node selector description when executing oc explain command 1950284 - Tracking bug for NE-563 - support user-defined tags on AWS load balancers 1950341 - NetworkPolicy: allow-from-router policy does not allow access to service when the endpoint publishing strategy is HostNetwork on OpenshiftSDN network 1950379 - oauth-server is in pending/crashbackoff at beginning 50% of CI runs 1950384 - [sig-builds][Feature:Builds][sig-devex][Feature:Jenkins][Slow] openshift pipeline build perm failing 1950409 - Descheduler operator code and docs still reference v1beta1 1950417 - The Marketplace Operator is building with EOL k8s versions 1950430 - CVO serves metrics over HTTP, despite a lack of consumers 1950460 - RFE: Change Request Size Input to Number Spinner Input 1950471 - e2e-metal-ipi-ovn-dualstack is failing with etcd unable to bootstrap 1950532 - Include "update" when referring to operator approval and channel 1950543 - Document non-HA behaviors in the MCO (SingleNodeOpenshift) 1950590 - CNO: Too many OVN netFlows collectors causes ovnkube pods CrashLoopBackOff 1950653 - BuildConfig ignores Args 1950761 - Monitoring operator deployments anti-affinity rules prevent their rollout on single-node 1950908 - kube_pod_labels metric does not contain k8s labels 1950912 - [e2e][automation] add devconsole tests 1950916 - [RFE]console page show error when vm is poused 1950934 - Unnecessary rollouts can happen due to unsorted endpoints 1950935 - Updating cluster-network-operator builder & base images to be consistent with ART 1950978 - the ingressclass cannot be removed even after deleting the related custom ingresscontroller 1951007 - ovn master pod crashed 1951029 - Drainer panics on missing context for node patch 1951034 - (release-4.8) Split up the GatherClusterOperators into smaller parts 1951042 - Panics every few minutes in kubelet logs post-rebase 1951043 - Start Pipeline Modal Parameters should accept empty string defaults 1951058 - [gcp-pd-csi-driver-operator] topology and multipods capabilities are not enabled in e2e tests 1951066 - [IBM][ROKS] Enable volume snapshot controllers on IBM Cloud 1951084 - avoid benign "Path \"/run/secrets/etc-pki-entitlement\" from \"/etc/containers/mounts.conf\" doesn't exist, skipping" messages 1951158 - Egress Router CRD missing Addresses entry 1951169 - Improve API Explorer discoverability from the Console 1951174 - re-pin libvirt to 6.0.0 1951203 - oc adm catalog mirror can generate ICSPs that exceed etcd's size limit 1951209 - RerunOnFailure runStrategy shows wrong VM status (Starting) on Succeeded VMI 1951212 - User/Group details shows unrelated subjects in role bindings tab 1951214 - VM list page crashes when the volume type is sysprep 1951339 - Cluster-version operator does not manage operand container environments when manifest lacks opinions 1951387 - opm index add doesn't respect deprecated bundles 1951412 - Configmap gatherer can fail incorrectly 1951456 - Docs and linting fixes 1951486 - Replace "kubevirt_vmi_network_traffic_bytes_total" with new metrics names 1951505 - Remove deprecated techPreviewUserWorkload field from CMO's configmap 1951558 - Backport Upstream 101093 for Startup Probe Fix 1951585 - enterprise-pod fails to build 1951636 - assisted service operator use default serviceaccount in operator bundle 1951637 - don't rollout a new kube-apiserver revision on oauth accessTokenInactivityTimeout changes 1951639 - Bootstrap API server unclean shutdown causes reconcile delay 1951646 - Unexpected memory climb while container not in use 1951652 - Add retries to opm index add 1951670 - Error gathering bootstrap log after pivot: The bootstrap machine did not execute the release-image.service systemd unit 1951671 - Excessive writes to ironic Nodes 1951705 - kube-apiserver needs alerts on CPU utlization 1951713 - [OCP-OSP] After changing image in machine object it enters in Failed - Can't find created instance 1951853 - dnses.operator.openshift.io resource's spec.nodePlacement.tolerations godoc incorrectly describes default behavior 1951858 - unexpected text '0' on filter toolbar on RoleBinding tab 1951860 - [4.8] add Intel XXV710 NIC model (1572) support in SR-IOV Operator 1951870 - sriov network resources injector: user defined injection removed existing pod annotations 1951891 - [migration] cannot change ClusterNetwork CIDR during migration 1951952 - [AWS CSI Migration] Metrics for cloudprovider error requests are lost 1952001 - Delegated authentication: reduce the number of watch requests 1952032 - malformatted assets in CMO 1952045 - Mirror nfs-server image used in jenkins-e2e 1952049 - Helm: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert 1952079 - rebase openshift/sdn to kube 1.21 1952111 - Optimize importing from @patternfly/react-tokens 1952174 - DNS operator claims to be done upgrading before it even starts 1952179 - OpenStack Provider Ports UI Underscore Variables 1952187 - Pods stuck in ImagePullBackOff with errors like rpc error: code = Unknown desc = Error committing the finished image: image with ID "SomeLongID" already exists, but uses a different top layer: that ID 1952211 - cascading mounts happening exponentially on when deleting openstack-cinder-csi-driver-node pods 1952214 - Console Devfile Import Dev Preview broken 1952238 - Catalog pods don't report termination logs to catalog-operator 1952262 - Need support external gateway via hybrid overlay 1952266 - etcd operator bumps status.version[name=operator] before operands update 1952268 - etcd operator should not set Degraded=True EtcdMembersDegraded on healthy machine-config node reboots 1952282 - CSR approver races with nodelink controller and does not requeue 1952310 - VM cannot start up if the ssh key is added by another template 1952325 - [e2e][automation] Check support modal in ssh tests and skip template parentSupport 1952333 - openshift/kubernetes vulnerable to CVE-2021-3121 1952358 - Openshift-apiserver CO unavailable in fresh OCP 4.7.5 installations 1952367 - No VM status on overview page when VM is pending 1952368 - worker pool went degraded due to no rpm-ostree on rhel worker during applying new mc 1952372 - VM stop action should not be there if the VM is not running 1952405 - console-operator is not reporting correct Available status 1952448 - Switch from Managed to Disabled mode: no IP removed from configuration and no container metal3-static-ip-manager stopped 1952460 - In k8s 1.21 bump '[sig-network] Firewall rule control plane should not expose well-known ports' test is disabled 1952473 - Monitor pod placement during upgrades 1952487 - Template filter does not work properly 1952495 - “Create” button on the Templates page is confuse 1952527 - [Multus] multi-networkpolicy does wrong filtering 1952545 - Selection issue when inserting YAML snippets 1952585 - Operator links for 'repository' and 'container image' should be clickable in OperatorHub 1952604 - Incorrect port in external loadbalancer config 1952610 - [aws] image-registry panics when the cluster is installed in a new region 1952611 - Tracking bug for OCPCLOUD-1115 - support user-defined tags on AWS EC2 Instances 1952618 - 4.7.4->4.7.8 Upgrade Caused OpenShift-Apiserver Outage 1952625 - Fix translator-reported text issues 1952632 - 4.8 installer should default ClusterVersion channel to stable-4.8 1952635 - Web console displays a blank page- white space instead of cluster information 1952665 - [Multus] multi-networkpolicy pod continue restart due to OOM (out of memory) 1952666 - Implement Enhancement 741 for Kubelet 1952667 - Update Readme for cluster-baremetal-operator with details about the operator 1952684 - cluster-etcd-operator: metrics controller panics on invalid response from client 1952728 - It was not clear for users why Snapshot feature was not available 1952730 - “Customize virtual machine” and the “Advanced” feature are confusing in wizard 1952732 - Users did not understand the boot source labels 1952741 - Monitoring DB: after set Time Range as Custom time range, no data display 1952744 - PrometheusDuplicateTimestamps with user workload monitoring enabled 1952759 - [RFE]It was not immediately clear what the Star icon meant 1952795 - cloud-network-config-controller CRD does not specify correct plural name 1952819 - failed to configure pod interface: error while waiting on flows for pod: timed out waiting for OVS flows 1952820 - [LSO] Delete localvolume pv is failed 1952832 - [IBM][ROKS] Enable the Web console UI to deploy OCS in External mode on IBM Cloud 1952891 - Upgrade failed due to cinder csi driver not deployed 1952904 - Linting issues in gather/clusterconfig package 1952906 - Unit tests for configobserver.go 1952931 - CI does not check leftover PVs 1952958 - Runtime error loading console in Safari 13 1953019 - [Installer][baremetal][metal3] The baremetal IPI installer fails on delete cluster with: failed to clean baremetal bootstrap storage pool 1953035 - Installer should error out if publish: Internal is set while deploying OCP cluster on any on-prem platform 1953041 - openshift-authentication-operator uses 3.9k% of its requested CPU 1953077 - Handling GCP's: Error 400: Permission accesscontextmanager.accessLevels.list is not valid for this resource 1953102 - kubelet CPU use during an e2e run increased 25% after rebase 1953105 - RHCOS system components registered a 3.5x increase in CPU use over an e2e run before and after 4/9 1953169 - endpoint slice controller doesn't handle services target port correctly 1953257 - Multiple EgressIPs per node for one namespace when "oc get hostsubnet" 1953280 - DaemonSet/node-resolver is not recreated by dns operator after deleting it 1953291 - cluster-etcd-operator: peer cert DNS SAN is populated incorrectly 1953418 - [e2e][automation] Fix vm wizard validate tests 1953518 - thanos-ruler pods failed to start up for "cannot unmarshal DNS message" 1953530 - Fix openshift/sdn unit test flake 1953539 - kube-storage-version-migrator: priorityClassName not set 1953543 - (release-4.8) Add missing sample archive data 1953551 - build failure: unexpected trampoline for shared or dynamic linking 1953555 - GlusterFS tests fail on ipv6 clusters 1953647 - prometheus-adapter should have a PodDisruptionBudget in HA topology 1953670 - ironic container image build failing because esp partition size is too small 1953680 - ipBlock ignoring all other cidr's apart from the last one specified 1953691 - Remove unused mock 1953703 - Inconsistent usage of Tech preview badge in OCS plugin of OCP Console 1953726 - Fix issues related to loading dynamic plugins 1953729 - e2e unidling test is flaking heavily on SNO jobs 1953795 - Ironic can't virtual media attach ISOs sourced from ingress routes 1953798 - GCP e2e (parallel and upgrade) regularly trigger KubeAPIErrorBudgetBurn alert, also happens on AWS 1953803 - [AWS] Installer should do pre-check to ensure user-provided private hosted zone name is valid for OCP cluster 1953810 - Allow use of storage policy in VMC environments 1953830 - The oc-compliance build does not available for OCP4.8 1953846 - SystemMemoryExceedsReservation alert should consider hugepage reservation 1953977 - [4.8] packageserver pods restart many times on the SNO cluster 1953979 - Ironic caching virtualmedia images results in disk space limitations 1954003 - Alerts shouldn't report any alerts in firing or pending state: openstack-cinder-csi-driver-controller-metrics TargetDown 1954025 - Disk errors while scaling up a node with multipathing enabled 1954087 - Unit tests for kube-scheduler-operator 1954095 - Apply user defined tags in AWS Internal Registry 1954105 - TaskRuns Tab in PipelineRun Details Page makes cluster based calls for TaskRuns 1954124 - oc set volume not adding storageclass to pvc which leads to issues using snapshots 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954177 - machine-api: admissionReviewVersions v1beta1 is going to be removed in 1.22 1954187 - multus: admissionReviewVersions v1beta1 is going to be removed in 1.22 1954248 - Disable Alertmanager Protractor e2e tests 1954317 - [assisted operator] Environment variables set in the subscription not being inherited by the assisted-service container 1954330 - NetworkPolicy: allow-from-router with label policy-group.network.openshift.io/ingress: "" does not work on a upgraded cluster 1954421 - Get 'Application is not available' when access Prometheus UI 1954459 - Error: Gateway Time-out display on Alerting console 1954460 - UI, The status of "Used Capacity Breakdown [Pods]" is "Not available" 1954509 - FC volume is marked as unmounted after failed reconstruction 1954540 - Lack translation for local language on pages under storage menu 1954544 - authn operator: endpoints controller should use the context it creates 1954554 - Add e2e tests for auto node sizing 1954566 - Cannot update a component (`UtilizationCard`) error when switching perspectives manually 1954597 - Default image for GCP does not support ignition V3 1954615 - Undiagnosed panic detected in pod: pods/openshift-cloud-credential-operator_cloud-credential-operator 1954634 - apirequestcounts does not honor max users 1954638 - apirequestcounts should indicate removedinrelease of empty instead of 2.0 1954640 - Support of gatherers with different periods 1954671 - disable volume expansion support in vsphere csi driver storage class 1954687 - localvolumediscovery and localvolumset e2es are disabled 1954688 - LSO has missing examples for localvolumesets 1954696 - [API-1009] apirequestcounts should indicate useragent 1954715 - Imagestream imports become very slow when doing many in parallel 1954755 - Multus configuration should allow for net-attach-defs referenced in the openshift-multus namespace 1954765 - CCO: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert 1954768 - baremetal-operator: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert 1954770 - Backport upstream fix for Kubelet getting stuck in DiskPressure 1954773 - OVN: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component does not trigger APIRemovedInNextReleaseInUse alert 1954783 - [aws] support byo private hosted zone 1954790 - KCM Alert PodDisruptionBudget At and Limit do not alert with maxUnavailable or MinAvailable by percentage 1954830 - verify-client-go job is failing for release-4.7 branch 1954865 - Add necessary priority class to pod-identity-webhook deployment 1954866 - Add necessary priority class to downloads 1954870 - Add necessary priority class to network components 1954873 - dns server may not be specified for clusters with more than 2 dns servers specified by openstack. 1954891 - Add necessary priority class to pruner 1954892 - Add necessary priority class to ingress-canary 1954931 - (release-4.8) Remove legacy URL anonymization in the ClusterOperator related resources 1954937 - [API-1009] `oc get apirequestcount` shows blank for column REQUESTSINCURRENTHOUR 1954959 - unwanted decorator shown for revisions in topology though should only be shown only for knative services 1954972 - TechPreviewNoUpgrade featureset can be undone 1954973 - "read /proc/pressure/cpu: operation not supported" in node-exporter logs 1954994 - should update to 2.26.0 for prometheus resources label 1955051 - metrics "kube_node_status_capacity_cpu_cores" does not exist 1955089 - Support [sig-cli] oc observe works as expected test for IPv6 1955100 - Samples: APIRemovedInNextReleaseInUse info alerts display 1955102 - Add vsphere_node_hw_version_total metric to the collected metrics 1955114 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM 1955196 - linuxptp-daemon crash on 4.8 1955226 - operator updates apirequestcount CRD over and over 1955229 - release-openshift-origin-installer-e2e-aws-calico-4.7 is permfailing 1955256 - stop collecting API that no longer exists 1955324 - Kubernetes Autoscaler should use Go 1.16 for testing scripts 1955336 - Failure to Install OpenShift on GCP due to Cluster Name being similar to / contains "google" 1955414 - 4.8 -> 4.7 rollbacks broken on unrecognized flowschema openshift-etcd-operator 1955445 - Drop crio image metrics with high cardinality 1955457 - Drop container_memory_failures_total metric because of high cardinality 1955467 - Disable collection of node_mountstats_nfs metrics in node_exporter 1955474 - [aws-ebs-csi-driver] rebase from version v1.0.0 1955478 - Drop high-cardinality metrics from kube-state-metrics which aren't used 1955517 - Failed to upgrade from 4.6.25 to 4.7.8 due to the machine-config degradation 1955548 - [IPI][OSP] OCP 4.6/4.7 IPI with kuryr exceeds defined serviceNetwork range 1955554 - MAO does not react to events triggered from Validating Webhook Configurations 1955589 - thanos-querier should have a PodDisruptionBudget in HA topology 1955595 - Add DevPreviewLongLifecycle Descheduler profile 1955596 - Pods stuck in creation phase on realtime kernel SNO 1955610 - release-openshift-origin-installer-old-rhcos-e2e-aws-4.7 is permfailing 1955622 - 4.8-e2e-metal-assisted jobs: Timeout of 360 seconds expired waiting for Cluster to be in status ['installing', 'error'] 1955701 - [4.8] RHCOS boot image bump for RHEL 8.4 Beta 1955749 - OCP branded templates need to be translated 1955761 - packageserver clusteroperator does not set reason or message for Available condition 1955783 - NetworkPolicy: ACL audit log message for allow-from-router policy should also include the namespace to distinguish between two policies similarly named configured in respective namespaces 1955803 - OperatorHub - console accepts any value for "Infrastructure features" annotation 1955822 - CIS Benchmark 5.4.1 Fails on ROKS 4: Prefer using secrets as files over secrets as environment variables 1955854 - Ingress clusteroperator reports Degraded=True/Available=False if any ingresscontroller is degraded or unavailable 1955862 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1955874 - Webscale: sriov vfs are not created and sriovnetworknodestate indicates sync succeeded - state is not correct 1955879 - Customer tags cannot be seen in S3 level when set spec.managementState from Managed-> Removed-> Managed in configs.imageregistry with high ratio 1955969 - Workers cannot be deployed attached to multiple networks. 1956079 - Installer gather doesn't collect any networking information 1956208 - Installer should validate root volume type 1956220 - Set htt proxy system properties as expected by kubernetes-client 1956281 - Disconnected installs are failing with kubelet trying to pause image from the internet 1956334 - Event Listener Details page does not show Triggers section 1956353 - test: analyze job consistently fails 1956372 - openshift-gcp-routes causes disruption during upgrade by stopping before all pods terminate 1956405 - Bump k8s dependencies in cluster resource override admission operator 1956411 - Apply custom tags to AWS EBS volumes 1956480 - [4.8] Bootimage bump tracker 1956606 - probes FlowSchema manifest not included in any cluster profile 1956607 - Multiple manifests lack cluster profile annotations 1956609 - [cluster-machine-approver] CSRs for replacement control plane nodes not approved after restore from backup 1956610 - manage-helm-repos manifest lacks cluster profile annotations 1956611 - OLM CRD schema validation failing against CRs where the value of a string field is a blank string 1956650 - The container disk URL is empty for Windows guest tools 1956768 - aws-ebs-csi-driver-controller-metrics TargetDown 1956826 - buildArgs does not work when the value is taken from a secret 1956895 - Fix chatty kubelet log message 1956898 - fix log files being overwritten on container state loss 1956920 - can't open terminal for pods that have more than one container running 1956959 - ipv6 disconnected sno crd deployment hive reports success status and clusterdeployrmet reporting false 1956978 - Installer gather doesn't include pod names in filename 1957039 - Physical VIP for pod -> Svc -> Host is incorrectly set to an IP of 169.254.169.2 for Local GW 1957041 - Update CI e2echart with more node info 1957127 - Delegated authentication: reduce the number of watch requests 1957131 - Conformance tests for OpenStack require the Cinder client that is not included in the "tests" image 1957146 - Only run test/extended/router/idle tests on OpenshiftSDN or OVNKubernetes 1957149 - CI: "Managed cluster should start all core operators" fails with: OpenStackCinderDriverStaticResourcesControllerDegraded: "volumesnapshotclass.yaml" (string): missing dynamicClient 1957179 - Incorrect VERSION in node_exporter 1957190 - CI jobs failing due too many watch requests (prometheus-operator) 1957198 - Misspelled console-operator condition 1957227 - Issue replacing the EnvVariables using the unsupported ConfigMap 1957260 - [4.8] [gcp] Installer is missing new region/zone europe-central2 1957261 - update godoc for new build status image change trigger fields 1957295 - Apply priority classes conventions as test to openshift/origin repo 1957315 - kuryr-controller doesn't indicate being out of quota 1957349 - [Azure] Machine object showing Failed phase even node is ready and VM is running properly 1957374 - mcddrainerr doesn't list specific pod 1957386 - Config serve and validate command should be under alpha 1957446 - prepare CCO for future without v1beta1 CustomResourceDefinitions 1957502 - Infrequent panic in kube-apiserver in aws-serial job 1957561 - lack of pseudolocalization for some text on Cluster Setting page 1957584 - Routes are not getting created when using hostname without FQDN standard 1957597 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1957645 - Event "Updated PrometheusRule.monitoring.coreos.com/v1 because it changed" is frequently looped with weird empty {} changes 1957708 - e2e-metal-ipi and related jobs fail to bootstrap due to multiple VIP's 1957726 - Pod stuck in ContainerCreating - Failed to start transient scope unit: Connection timed out 1957748 - Ptp operator pod should have CPU and memory requests set but not limits 1957756 - Device Replacemet UI, The status of the disk is "replacement ready" before I clicked on "start replacement" 1957772 - ptp daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent 1957775 - CVO creating cloud-controller-manager too early causing upgrade failures 1957809 - [OSP] Install with invalid platform.openstack.machinesSubnet results in runtime error 1957822 - Update apiserver tlsSecurityProfile description to include Custom profile 1957832 - CMO end-to-end tests work only on AWS 1957856 - 'resource name may not be empty' is shown in CI testing 1957869 - baremetal IPI power_interface for irmc is inconsistent 1957879 - cloud-controller-manage ClusterOperator manifest does not declare relatedObjects 1957889 - Incomprehensible documentation of the GatherClusterOperatorPodsAndEvents gatherer 1957893 - ClusterDeployment / Agent conditions show "ClusterAlreadyInstalling" during each spoke install 1957895 - Cypress helper projectDropdown.shouldContain is not an assertion 1957908 - Many e2e failed requests caused by kube-storage-version-migrator-operator's version reads 1957926 - "Add Capacity" should allow to add n*3 (or n*4) local devices at once 1957951 - [aws] destroy can get blocked on instances stuck in shutting-down state 1957967 - Possible test flake in listPage Cypress view 1957972 - Leftover templates from mdns 1957976 - Ironic execute_deploy_steps command to ramdisk times out, resulting in a failed deployment in 4.7 1957982 - Deployment Actions clickable for view-only projects 1957991 - ClusterOperatorDegraded can fire during installation 1958015 - "config-reloader-cpu" and "config-reloader-memory" flags have been deprecated for prometheus-operator 1958080 - Missing i18n for login, error and selectprovider pages 1958094 - Audit log files are corrupted sometimes 1958097 - don't show "old, insecure token format" if the token does not actually exist 1958114 - Ignore staged vendor files in pre-commit script 1958126 - [OVN]Egressip doesn't take effect 1958158 - OAuth proxy container for AlertManager and Thanos are flooding the logs 1958216 - ocp libvirt: dnsmasq options in install config should allow duplicate option names 1958245 - cluster-etcd-operator: static pod revision is not visible from etcd logs 1958285 - Deployment considered unhealthy despite being available and at latest generation 1958296 - OLM must explicitly alert on deprecated APIs in use 1958329 - pick 97428: add more context to log after a request times out 1958367 - Build metrics do not aggregate totals by build strategy 1958391 - Update MCO KubeletConfig to mixin the API Server TLS Security Profile Singleton 1958405 - etcd: current health checks and reporting are not adequate to ensure availability 1958406 - Twistlock flags mode of /var/run/crio/crio.sock 1958420 - openshift-install 4.7.10 fails with segmentation error 1958424 - aws: support more auth options in manual mode 1958439 - Install/Upgrade button on Install/Upgrade Helm Chart page does not work with Form View 1958492 - CCO: pod-identity-webhook still accesses APIRemovedInNextReleaseInUse 1958643 - All pods creation stuck due to SR-IOV webhook timeout 1958679 - Compression on pool can't be disabled via UI 1958753 - VMI nic tab is not loadable 1958759 - Pulling Insights report is missing retry logic 1958811 - VM creation fails on API version mismatch 1958812 - Cluster upgrade halts as machine-config-daemon fails to parse `rpm-ostree status` during cluster upgrades 1958861 - [CCO] pod-identity-webhook certificate request failed 1958868 - ssh copy is missing when vm is running 1958884 - Confusing error message when volume AZ not found 1958913 - "Replacing an unhealthy etcd member whose node is not ready" procedure results in new etcd pod in CrashLoopBackOff 1958930 - network config in machine configs prevents addition of new nodes with static networking via kargs 1958958 - [SCALE] segfault with ovnkube adding to address set 1958972 - [SCALE] deadlock in ovn-kube when scaling up to 300 nodes 1959041 - LSO Cluster UI,"Troubleshoot" link does not exist after scale down osd pod 1959058 - ovn-kubernetes has lock contention on the LSP cache 1959158 - packageserver clusteroperator Available condition set to false on any Deployment spec change 1959177 - Descheduler dev manifests are missing permissions 1959190 - Set LABEL io.openshift.release.operator=true for driver-toolkit image addition to payload 1959194 - Ingress controller should use minReadySeconds because otherwise it is disrupted during deployment updates 1959278 - Should remove prometheus servicemonitor from openshift-user-workload-monitoring 1959294 - openshift-operator-lifecycle-manager:olm-operator-serviceaccount should not rely on external networking for health check 1959327 - Degraded nodes on upgrade - Cleaning bootversions: Read-only file system 1959406 - Difficult to debug performance on ovn-k without pprof enabled 1959471 - Kube sysctl conformance tests are disabled, meaning we can't submit conformance results 1959479 - machines doesn't support dual-stack loadbalancers on Azure 1959513 - Cluster-kube-apiserver does not use library-go for audit pkg 1959519 - Operand details page only renders one status donut no matter how many 'podStatuses' descriptors are used 1959550 - Overly generic CSS rules for dd and dt elements breaks styling elsewhere in console 1959564 - Test verify /run filesystem contents failing 1959648 - oc adm top --help indicates that oc adm top can display storage usage while it cannot 1959650 - Gather SDI-related MachineConfigs 1959658 - showing a lot "constructing many client instances from the same exec auth config" 1959696 - Deprecate 'ConsoleConfigRoute' struct in console-operator config 1959699 - [RFE] Collect LSO pod log and daemonset log managed by LSO 1959703 - Bootstrap gather gets into an infinite loop on bootstrap-in-place mode 1959711 - Egressnetworkpolicy doesn't work when configure the EgressIP 1959786 - [dualstack]EgressIP doesn't work on dualstack cluster for IPv6 1959916 - Console not works well against a proxy in front of openshift clusters 1959920 - UEFISecureBoot set not on the right master node 1959981 - [OCPonRHV] - Affinity Group should not create by default if we define empty affinityGroupsNames: [] 1960035 - iptables is missing from ose-keepalived-ipfailover image 1960059 - Remove "Grafana UI" link from Console Monitoring > Dashboards page 1960089 - ImageStreams list page, detail page and breadcrumb are not following CamelCase conventions 1960129 - [e2e][automation] add smoke tests about VM pages and actions 1960134 - some origin images are not public 1960171 - Enable SNO checks for image-registry 1960176 - CCO should recreate a user for the component when it was removed from the cloud providers 1960205 - The kubelet log flooded with reconcileState message once CPU manager enabled 1960255 - fixed obfuscation permissions 1960257 - breaking changes in pr template 1960284 - ExternalTrafficPolicy Local does not preserve connections correctly on shutdown, policy Cluster has significant performance cost 1960323 - Address issues raised by coverity security scan 1960324 - manifests: extra "spec.version" in console quickstarts makes CVO hotloop 1960330 - manifests: invalid selector in ServiceMonitor makes CVO hotloop 1960334 - manifests: invalid selector in ServiceMonitor makes CVO hotloop 1960337 - manifests: invalid selector in ServiceMonitor makes CVO hotloop 1960339 - manifests: unset "preemptionPolicy" makes CVO hotloop 1960531 - Items under 'Current Bandwidth' for Dashboard 'Kubernetes / Networking / Pod' keep added for every access 1960534 - Some graphs of console dashboards have no legend and tooltips are difficult to undstand compared with grafana 1960546 - Add virt_platform metric to the collected metrics 1960554 - Remove rbacv1beta1 handling code 1960612 - Node disk info in overview/details does not account for second drive where /var is located 1960619 - Image registry integration tests use old-style OAuth tokens 1960683 - GlobalConfigPage is constantly requesting resources 1960711 - Enabling IPsec runtime causing incorrect MTU on Pod interfaces 1960716 - Missing details for debugging 1960732 - Outdated manifests directory in CSI driver operator repositories 1960757 - [OVN] hostnetwork pod can access MCS port 22623 or 22624 on master 1960758 - oc debug / oc adm must-gather do not require openshift/tools and openshift/must-gather to be "the newest" 1960767 - /metrics endpoint of the Grafana UI is accessible without authentication 1960780 - CI: failed to create PDB "service-test" the server could not find the requested resource 1961064 - Documentation link to network policies is outdated 1961067 - Improve log gathering logic 1961081 - policy/v1beta1 PodDisruptionBudget is deprecated in v1.21+, unavailable in v1.25+; use policy/v1 PodDisruptionBudget in CMO logs 1961091 - Gather MachineHealthCheck definitions 1961120 - CSI driver operators fail when upgrading a cluster 1961173 - recreate existing static pod manifests instead of updating 1961201 - [sig-network-edge] DNS should answer A and AAAA queries for a dual-stack service is constantly failing 1961314 - Race condition in operator-registry pull retry unit tests 1961320 - CatalogSource does not emit any metrics to indicate if it's ready or not 1961336 - Devfile sample for BuildConfig is not defined 1961356 - Update single quotes to double quotes in string 1961363 - Minor string update for " No Storage classes found in cluster, adding source is disabled." 1961393 - DetailsPage does not work with group~version~kind 1961452 - Remove "Alertmanager UI" link from Console Monitoring > Alerting page 1961466 - Some dropdown placeholder text on route creation page is not translated 1961472 - openshift-marketplace pods in CrashLoopBackOff state after RHACS installed with an SCC with readOnlyFileSystem set to true 1961506 - NodePorts do not work on RHEL 7.9 workers (was "4.7 -> 4.8 upgrade is stuck at Ingress operator Degraded with rhel 7.9 workers") 1961536 - clusterdeployment without pull secret is crashing assisted service pod 1961538 - manifests: invalid namespace in ClusterRoleBinding makes CVO hotloop 1961545 - Fixing Documentation Generation 1961550 - HAproxy pod logs showing error "another server named 'pod:httpd-7c7ccfffdc-wdkvk:httpd:8080-tcp:10.128.x.x:8080' was already defined at line 326, please use distinct names" 1961554 - respect the shutdown-delay-duration from OpenShiftAPIServerConfig 1961561 - The encryption controllers send lots of request to an API server 1961582 - Build failure on s390x 1961644 - NodeAuthenticator tests are failing in IPv6 1961656 - driver-toolkit missing some release metadata 1961675 - Kebab menu of taskrun contains Edit options which should not be present 1961701 - Enhance gathering of events 1961717 - Update runtime dependencies to Wallaby builds for bugfixes 1961829 - Quick starts prereqs not shown when description is long 1961852 - Excessive lock contention when adding many pods selected by the same NetworkPolicy 1961878 - Add Sprint 199 translations 1961897 - Remove history listener before console UI is unmounted 1961925 - New ManagementCPUsOverride admission plugin blocks pod creation in clusters with no nodes 1962062 - Monitoring dashboards should support default values of "All" 1962074 - SNO:the pod get stuck in CreateContainerError and prompt "failed to add conmon to systemd sandbox cgroup: dial unix /run/systemd/private: connect: resource temporarily unavailable" after adding a performanceprofile 1962095 - Replace gather-job image without FQDN 1962153 - VolumeSnapshot routes are ambiguous, too generic 1962172 - Single node CI e2e tests kubelet metrics endpoints intermittent downtime 1962219 - NTO relies on unreliable leader-for-life implementation. 1962256 - use RHEL8 as the vm-example 1962261 - Monitoring components requesting more memory than they use 1962274 - OCP on RHV installer fails to generate an install-config with only 2 hosts in RHV cluster 1962347 - Cluster does not exist logs after successful installation 1962392 - After upgrade from 4.5.16 to 4.6.17, customer's application is seeing re-transmits 1962415 - duplicate zone information for in-tree PV after enabling migration 1962429 - Cannot create windows vm because kubemacpool.io denied the request 1962525 - [Migration] SDN migration stuck on MCO on RHV cluster 1962569 - NetworkPolicy details page should also show Egress rules 1962592 - Worker nodes restarting during OS installation 1962602 - Cloud credential operator scrolls info "unable to provide upcoming..." on unsupported platform 1962630 - NTO: Ship the current upstream TuneD 1962687 - openshift-kube-storage-version-migrator pod failed due to Error: container has runAsNonRoot and image will run as root 1962698 - Console-operator can not create resource console-public configmap in the openshift-config-managed namespace 1962718 - CVE-2021-29622 prometheus: open redirect under the /new endpoint 1962740 - Add documentation to Egress Router 1962850 - [4.8] Bootimage bump tracker 1962882 - Version pod does not set priorityClassName 1962905 - Ramdisk ISO source defaulting to "http" breaks deployment on a good amount of BMCs 1963068 - ironic container should not specify the entrypoint 1963079 - KCM/KS: ability to enforce localhost communication with the API server. 1963154 - Current BMAC reconcile flow skips Ironic's deprovision step 1963159 - Add Sprint 200 translations 1963204 - Update to 8.4 IPA images 1963205 - Installer is using old redirector 1963208 - Translation typos/inconsistencies for Sprint 200 files 1963209 - Some strings in public.json have errors 1963211 - Fix grammar issue in kubevirt-plugin.json string 1963213 - Memsource download script running into API error 1963219 - ImageStreamTags not internationalized 1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment 1963267 - Warning: Invalid DOM property `classname`. Did you mean `className`? console warnings in volumes table 1963502 - create template from is not descriptive 1963676 - in vm wizard when selecting an os template it looks like selecting the flavor too 1963833 - Cluster monitoring operator crashlooping on single node clusters due to segfault 1963848 - Use OS-shipped stalld vs. the NTO-shipped one. 1963866 - NTO: use the latest k8s 1.21.1 and openshift vendor dependencies 1963871 - cluster-etcd-operator:[build] upgrade to go 1.16 1963896 - The VM disks table does not show easy links to PVCs 1963912 - "[sig-network] DNS should provide DNS for {services, cluster, subdomain, hostname}" failures on vsphere 1963932 - Installation failures in bootstrap in OpenStack release jobs 1963964 - Characters are not escaped on config ini file causing Kuryr bootstrap to fail 1964059 - rebase openshift/sdn to kube 1.21.1 1964197 - Failing Test vendor/k8s.io/kube-aggregator/pkg/apiserver TestProxyCertReload due to hardcoded certificate expiration 1964203 - e2e-metal-ipi, e2e-metal-ipi-ovn-dualstack and e2e-metal-ipi-ovn-ipv6 are failing due to "Unknown provider baremetal" 1964243 - The `oc compliance fetch-raw` doesn’t work for disconnected cluster 1964270 - Failed to install 'cluster-kube-descheduler-operator' with error: "clusterkubedescheduleroperator.4.8.0-202105211057.p0.assembly.stream\": must be no more than 63 characters" 1964319 - Network policy "deny all" interpreted as "allow all" in description page 1964334 - alertmanager/prometheus/thanos-querier /metrics endpoints are not secured 1964472 - Make project and namespace requirements more visible rather than giving me an error after submission 1964486 - Bulk adding of CIDR IPS to whitelist is not working 1964492 - Pick 102171: Implement support for watch initialization in P&F 1964625 - NETID duplicate check is only required in NetworkPolicy Mode 1964748 - Sync upstream 1.7.2 downstream 1964756 - PVC status is always in 'Bound' status when it is actually cloning 1964847 - Sanity check test suite missing from the repo 1964888 - opoenshift-apiserver imagestreamimports depend on >34s timeout support, WAS: transport: loopyWriter.run returning. connection error: desc = "transport is closing" 1964936 - error log for "oc adm catalog mirror" is not correct 1964979 - Add mapping from ACI to infraenv to handle creation order issues 1964997 - Helm Library charts are showing and can be installed from Catalog 1965024 - [DR] backup and restore should perform consistency checks on etcd snapshots 1965092 - [Assisted-4.7] [Staging][OLM] Operators deployments start before all workers finished installation 1965283 - 4.7->4.8 upgrades: cluster operators are not ready: openshift-controller-manager (Upgradeable=Unknown NoData: ), service-ca (Upgradeable=Unknown NoData: 1965330 - oc image extract fails due to security capabilities on files 1965334 - opm index add fails during image extraction 1965367 - Typo in in etcd-metric-serving-ca resource name 1965370 - "Route" is not translated in Korean or Chinese 1965391 - When storage class is already present wizard do not jumps to "Stoarge and nodes" 1965422 - runc is missing Provides oci-runtime in rpm spec 1965522 - [v2v] Multiple typos on VM Import screen 1965545 - Pod stuck in ContainerCreating: Unit ...slice already exists 1965909 - Replace "Enable Taint Nodes" by "Mark nodes as dedicated" 1965921 - [oVirt] High performance VMs shouldn't be created with Existing policy 1965929 - kube-apiserver should use cert auth when reaching out to the oauth-apiserver with a TokenReview request 1966077 - `hidden` descriptor is visible in the Operator instance details page` 1966116 - DNS SRV request which worked in 4.7.9 stopped working in 4.7.11 1966126 - root_ca_cert_publisher_sync_duration_seconds metric can have an excessive cardinality 1966138 - (release-4.8) Update K8s & OpenShift API versions 1966156 - Issue with Internal Registry CA on the service pod 1966174 - No storage class is installed, OCS and CNV installations fail 1966268 - Workaround for Network Manager not supporting nmconnections priority 1966401 - Revamp Ceph Table in Install Wizard flow 1966410 - kube-controller-manager should not trigger APIRemovedInNextReleaseInUse alert 1966416 - (release-4.8) Do not exceed the data size limit 1966459 - 'policy/v1beta1 PodDisruptionBudget' and 'batch/v1beta1 CronJob' appear in image-registry-operator log 1966487 - IP address in Pods list table are showing node IP other than pod IP 1966520 - Add button from ocs add capacity should not be enabled if there are no PV's 1966523 - (release-4.8) Gather MachineAutoScaler definitions 1966546 - [master] KubeAPI - keep day1 after cluster is successfully installed 1966561 - Workload partitioning annotation workaround needed for CSV annotation propagation bug 1966602 - don't require manually setting IPv6DualStack feature gate in 4.8 1966620 - The bundle.Dockerfile in the repo is obsolete 1966632 - [4.8.0] [assisted operator] Unable to re-register an SNO instance if deleting CRDs during install 1966654 - Alertmanager PDB is not created, but Prometheus UWM is 1966672 - Add Sprint 201 translations 1966675 - Admin console string updates 1966677 - Change comma to semicolon 1966683 - Translation bugs from Sprint 201 files 1966684 - Verify "Creating snapshot for claim <1>{pvcName}</1>" displays correctly 1966697 - Garbage collector logs every interval - move to debug level 1966717 - include full timestamps in the logs 1966759 - Enable downstream plugin for Operator SDK 1966795 - [tests] Release 4.7 broken due to the usage of wrong OCS version 1966813 - "Replacing an unhealthy etcd member whose node is not ready" procedure results in new etcd pod in CrashLoopBackOff 1966862 - vsphere IPI - local dns prepender is not prepending nameserver 127.0.0.1 1966892 - [master] [Assisted-4.8][SNO] SNO node cannot transition into "Writing image to disk" from "Waiting for bootkub[e" 1966952 - [4.8.0] [Assisted-4.8][SNO][Dual Stack] DHCPv6 settings "ipv6.dhcp-duid=ll" missing from dual stack install 1967104 - [4.8.0] InfraEnv ctrl: log the amount of NMstate Configs baked into the image 1967126 - [4.8.0] [DOC] KubeAPI docs should clarify that the InfraEnv Spec pullSecretRef is currently ignored 1967197 - 404 errors loading some i18n namespaces 1967207 - Getting started card: console customization resources link shows other resources 1967208 - Getting started card should use semver library for parsing the version instead of string manipulation 1967234 - Console is continuously polling for ConsoleLink acm-link 1967275 - Awkward wrapping in getting started dashboard card 1967276 - Help menu tooltip overlays dropdown 1967398 - authentication operator still uses previous deleted pod ip rather than the new created pod ip to do health check 1967403 - (release-4.8) Increase workloads fingerprint gatherer pods limit 1967423 - [master] clusterDeployments controller should take 1m to reqeueue when failing with AddOpenshiftVersion 1967444 - openshift-local-storage pods found with invalid priority class, should be openshift-user-critical or begin with system- while running e2e tests 1967531 - the ccoctl tool should extend MaxItems when listRoles, the default value 100 is a little small 1967578 - [4.8.0] clusterDeployments controller should take 1m to reqeueue when failing with AddOpenshiftVersion 1967591 - The ManagementCPUsOverride admission plugin should not mutate containers with the limit 1967595 - Fixes the remaining lint issues 1967614 - prometheus-k8s pods can't be scheduled due to volume node affinity conflict 1967623 - [OCPonRHV] - ./openshift-install installation with install-config doesn't work if ovirt-config.yaml doesn't exist and user should fill the FQDN URL 1967625 - Add OpenShift Dockerfile for cloud-provider-aws 1967631 - [4.8.0] Cluster install failed due to timeout while "Waiting for control plane" 1967633 - [4.8.0] [Assisted-4.8][SNO] SNO node cannot transition into "Writing image to disk" from "Waiting for bootkube" 1967639 - Console whitescreens if user preferences fail to load 1967662 - machine-api-operator should not use deprecated "platform" field in infrastructures.config.openshift.io 1967667 - Add Sprint 202 Round 1 translations 1967713 - Insights widget shows invalid link to the OCM 1967717 - Insights Advisor widget is missing a description paragraph and contains deprecated naming 1967745 - When setting DNS node placement by toleration to not tolerate master node, effect value should not allow string other than "NoExecute" 1967803 - should update to 7.5.5 for grafana resources version label 1967832 - Add more tests for periodic.go 1967833 - Add tasks pool to tasks_processing 1967842 - Production logs are spammed on "OCS requirements validation status Insufficient hosts to deploy OCS. A minimum of 3 hosts is required to deploy OCS" 1967843 - Fix null reference to messagesToSearch in gather_logs.go 1967902 - [4.8.0] Assisted installer chrony manifests missing index numberring 1967933 - Network-Tools debug scripts not working as expected 1967945 - [4.8.0] [assisted operator] Assisted Service Postgres crashes msg: "mkdir: cannot create directory '/var/lib/pgsql/data/userdata': Permission denied" 1968019 - drain timeout and pool degrading period is too short 1968067 - [master] Agent validation not including reason for being insufficient 1968168 - [4.8.0] KubeAPI - keep day1 after cluster is successfully installed 1968175 - [4.8.0] Agent validation not including reason for being insufficient 1968373 - [4.8.0] BMAC re-attaches installed node on ISO regeneration 1968385 - [4.8.0] Infra env require pullSecretRef although it shouldn't be required 1968435 - [4.8.0] Unclear message in case of missing clusterImageSet 1968436 - Listeners timeout updated to remain using default value 1968449 - [4.8.0] Wrong Install-config override documentation 1968451 - [4.8.0] Garbage collector not cleaning up directories of removed clusters 1968452 - [4.8.0] [doc] "Mirror Registry Configuration" doc section needs clarification of functionality and limitations 1968454 - [4.8.0] backend events generated with wrong namespace for agent 1968455 - [4.8.0] Assisted Service operator's controllers are starting before the base service is ready 1968515 - oc should set user-agent when talking with registry 1968531 - Sync upstream 1.8.0 downstream 1968558 - [sig-cli] oc adm storage-admin [Suite:openshift/conformance/parallel] doesn't clean up properly 1968567 - [OVN] Egress router pod not running and openshift.io/scc is restricted 1968625 - Pods using sr-iov interfaces failign to start for Failed to create pod sandbox 1968700 - catalog-operator crashes when status.initContainerStatuses[].state.waiting is nil 1968701 - Bare metal IPI installation is failed due to worker inspection failure 1968754 - CI: e2e-metal-ipi-upgrade failing on KubeletHasDiskPressure, which triggers machine-config RequiredPoolsFailed 1969212 - [FJ OCP4.8 Bug - PUBLIC VERSION]: Masters repeat reboot every few minutes during workers provisioning 1969284 - Console Query Browser: Can't reset zoom to fixed time range after dragging to zoom 1969315 - [4.8.0] BMAC doesn't check if ISO Url changed before queuing BMH for reconcile 1969352 - [4.8.0] Creating BareMetalHost without the "inspect.metal3.io" does not automatically add it 1969363 - [4.8.0] Infra env should show the time that ISO was generated. 1969367 - [4.8.0] BMAC should wait for an ISO to exist for 1 minute before using it 1969386 - Filesystem's Utilization doesn't show in VM overview tab 1969397 - OVN bug causing subports to stay DOWN fails installations 1969470 - [4.8.0] Misleading error in case of install-config override bad input 1969487 - [FJ OCP4.8 Bug]: Avoid always do delete_configuration clean step 1969525 - Replace golint with revive 1969535 - Topology edit icon does not link correctly when branch name contains slash 1969538 - Install a VolumeSnapshotClass by default on CSI Drivers that support it 1969551 - [4.8.0] Assisted service times out on GetNextSteps due to `oc adm release info` taking too long 1969561 - Test "an end user can use OLM can subscribe to the operator" generates deprecation alert 1969578 - installer: accesses v1beta1 RBAC APIs and causes APIRemovedInNextReleaseInUse to fire 1969599 - images without registry are being prefixed with registry.hub.docker.com instead of docker.io 1969601 - manifest for networks.config.openshift.io CRD uses deprecated apiextensions.k8s.io/v1beta1 1969626 - Portfoward stream cleanup can cause kubelet to panic 1969631 - EncryptionPruneControllerDegraded: etcdserver: request timed out 1969681 - MCO: maxUnavailable of ds/machine-config-daemon does not get updated due to missing resourcemerge check 1969712 - [4.8.0] Assisted service reports a malformed iso when we fail to download the base iso 1969752 - [4.8.0] [assisted operator] Installed Clusters are missing DNS setups 1969773 - [4.8.0] Empty cluster name on handleEnsureISOErrors log after applying InfraEnv.yaml 1969784 - WebTerminal widget should send resize events 1969832 - Applying a profile with multiple inheritance where parents include a common ancestor fails 1969891 - Fix rotated pipelinerun status icon issue in safari 1969900 - Test files should not use deprecated APIs that will trigger APIRemovedInNextReleaseInUse 1969903 - Provisioning a large number of hosts results in an unexpected delay in hosts becoming available 1969951 - Cluster local doesn't work for knative services created from dev console 1969969 - ironic-rhcos-downloader container uses and old base image 1970062 - ccoctl does not work with STS authentication 1970068 - ovnkube-master logs "Failed to find node ips for gateway" error 1970126 - [4.8.0] Disable "metrics-events" when deploying using the operator 1970150 - master pool is still upgrading when machine config reports level / restarts on osimageurl change 1970262 - [4.8.0] Remove Agent CRD Status fields not needed 1970265 - [4.8.0] Add State and StateInfo to DebugInfo in ACI and Agent CRDs 1970269 - [4.8.0] missing role in agent CRD 1970271 - [4.8.0] Add ProgressInfo to Agent and AgentClusterInstalll CRDs 1970381 - Monitoring dashboards: Custom time range inputs should retain their values 1970395 - [4.8.0] SNO with AI/operator - kubeconfig secret is not created until the spoke is deployed 1970401 - [4.8.0] AgentLabelSelector is required yet not supported 1970415 - SR-IOV Docs needs documentation for disabling port security on a network 1970470 - Add pipeline annotation to Secrets which are created for a private repo 1970494 - [4.8.0] Missing value-filling of log line in assisted-service operator pod 1970624 - 4.7->4.8 updates: AggregatedAPIDown for v1beta1.metrics.k8s.io 1970828 - "500 Internal Error" for all openshift-monitoring routes 1970975 - 4.7 -> 4.8 upgrades on AWS take longer than expected 1971068 - Removing invalid AWS instances from the CF templates 1971080 - 4.7->4.8 CI: KubePodNotReady due to MCD's 5m sleep between drain attempts 1971188 - Web Console does not show OpenShift Virtualization Menu with VirtualMachine CRDs of version v1alpha3 ! 1971293 - [4.8.0] Deleting agent from one namespace causes all agents with the same name to be deleted from all namespaces 1971308 - [4.8.0] AI KubeAPI AgentClusterInstall confusing "Validated" condition about VIP not matching machine network 1971529 - [Dummy bug for robot] 4.7.14 upgrade to 4.8 and then downgrade back to 4.7.14 doesn't work - clusteroperator/kube-apiserver is not upgradeable 1971589 - [4.8.0] Telemetry-client won't report metrics in case the cluster was installed using the assisted operator 1971630 - [4.8.0] ACM/ZTP with Wan emulation fails to start the agent service 1971632 - [4.8.0] ACM/ZTP with Wan emulation, several clusters fail to step past discovery 1971654 - [4.8.0] InfraEnv controller should always requeue for backend response HTTP StatusConflict (code 409) 1971739 - Keep /boot RW when kdump is enabled 1972085 - [4.8.0] Updating configmap within AgentServiceConfig is not logged properly 1972128 - ironic-static-ip-manager container still uses 4.7 base image 1972140 - [4.8.0] ACM/ZTP with Wan emulation, SNO cluster installs do not show as installed although they are 1972167 - Several operators degraded because Failed to create pod sandbox when installing an sts cluster 1972213 - Openshift Installer| UEFI mode | BM hosts have BIOS halted 1972262 - [4.8.0] "baremetalhost.metal3.io/detached" uses boolean value where string is expected 1972426 - Adopt failure can trigger deprovisioning 1972436 - [4.8.0] [DOCS] AgentServiceConfig examples in operator.md doc should each contain databaseStorage + filesystemStorage 1972526 - [4.8.0] clusterDeployments controller should send an event to InfraEnv for backend cluster registration 1972530 - [4.8.0] no indication for missing debugInfo in AgentClusterInstall 1972565 - performance issues due to lost node, pods taking too long to relaunch 1972662 - DPDK KNI modules need some additional tools 1972676 - Requirements for authenticating kernel modules with X.509 1972687 - Using bound SA tokens causes causes failures to /apis/authorization.openshift.io/v1/clusterrolebindings 1972690 - [4.8.0] infra-env condition message isn't informative in case of missing pull secret 1972702 - [4.8.0] Domain dummy.com (not belonging to Red Hat) is being used in a default configuration 1972768 - kube-apiserver setup fail while installing SNO due to port being used 1972864 - New `local-with-fallback` service annotation does not preserve source IP 1973018 - Ironic rhcos downloader breaks image cache in upgrade process from 4.7 to 4.8 1973117 - No storage class is installed, OCS and CNV installations fail 1973233 - remove kubevirt images and references 1973237 - RHCOS-shipped stalld systemd units do not use SCHED_FIFO to run stalld. 1973428 - Placeholder bug for OCP 4.8.0 image release 1973667 - [4.8] NetworkPolicy tests were mistakenly marked skipped 1973672 - fix ovn-kubernetes NetworkPolicy 4.7->4.8 upgrade issue 1973995 - [Feature:IPv6DualStack] tests are failing in dualstack 1974414 - Uninstalling kube-descheduler clusterkubedescheduleroperator.4.6.0-202106010807.p0.git.5db84c5 removes some clusterrolebindings 1974447 - Requirements for nvidia GPU driver container for driver toolkit 1974677 - [4.8.0] KubeAPI CVO progress is not available on CR/conditions only in events. 1974718 - Tuned net plugin fails to handle net devices with n/a value for a channel 1974743 - [4.8.0] All resources not being cleaned up after clusterdeployment deletion 1974746 - [4.8.0] File system usage not being logged appropriately 1974757 - [4.8.0] Assisted-service deployed on an IPv6 cluster installed with proxy: agentclusterinstall shows error pulling an image from quay. 1974773 - Using bound SA tokens causes fail to query cluster resource especially in a sts cluster 1974839 - CVE-2021-29059 nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string 1974850 - [4.8] coreos-installer failing Execshield 1974931 - [4.8.0] Assisted Service Operator should be Infrastructure Operator for Red Hat OpenShift 1974978 - 4.8.0.rc0 upgrade hung, stuck on DNS clusteroperator progressing 1975155 - Kubernetes service IP cannot be accessed for rhel worker 1975227 - [4.8.0] KubeAPI Move conditions consts to CRD types 1975360 - [4.8.0] [master] timeout on kubeAPI subsystem test: SNO full install and validate MetaData 1975404 - [4.8.0] Confusing behavior when multi-node spoke workers present when only controlPlaneAgents specified 1975432 - Alert InstallPlanStepAppliedWithWarnings does not resolve 1975527 - VMware UPI is configuring static IPs via ignition rather than afterburn 1975672 - [4.8.0] Production logs are spammed on "Found unpreparing host: id 08f22447-2cf1-a107-eedf-12c7421f7380 status insufficient" 1975789 - worker nodes rebooted when we simulate a case where the api-server is down 1975938 - gcp-realtime: e2e test failing [sig-storage] Multi-AZ Cluster Volumes should only be allowed to provision PDs in zones where nodes exist [Suite:openshift/conformance/parallel] [Suite:k8s] 1975964 - 4.7 nightly upgrade to 4.8 and then downgrade back to 4.7 nightly doesn't work - ingresscontroller "default" is degraded 1976079 - [4.8.0] Openshift Installer| UEFI mode | BM hosts have BIOS halted 1976263 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel] 1976376 - disable jenkins client plugin test whose Jenkinsfile references master branch openshift/origin artifacts 1976590 - [Tracker] [SNO][assisted-operator][nmstate] Bond Interface is down when booting from the discovery ISO 1977233 - [4.8] Unable to authenticate against IDP after upgrade to 4.8-rc.1 1977351 - CVO pod skipped by workload partitioning with incorrect error stating cluster is not SNO 1977352 - [4.8.0] [SNO] No DNS to cluster API from assisted-installer-controller 1977426 - Installation of OCP 4.6.13 fails when teaming interface is used with OVNKubernetes 1977479 - CI failing on firing CertifiedOperatorsCatalogError due to slow livenessProbe responses 1977540 - sriov webhook not worked when upgrade from 4.7 to 4.8 1977607 - [4.8.0] Post making changes to AgentServiceConfig assisted-service operator is not detecting the change and redeploying assisted-service pod 1977924 - Pod fails to run when a custom SCC with a specific set of volumes is used 1980788 - NTO-shipped stalld can segfault 1981633 - enhance service-ca injection 1982250 - Performance Addon Operator fails to install after catalog source becomes ready 1982252 - olm Operator is in CrashLoopBackOff state with error "couldn't cleanup cross-namespace ownerreferences" 5. References: https://access.redhat.com/security/cve/CVE-2016-2183 https://access.redhat.com/security/cve/CVE-2020-7774 https://access.redhat.com/security/cve/CVE-2020-15106 https://access.redhat.com/security/cve/CVE-2020-15112 https://access.redhat.com/security/cve/CVE-2020-15113 https://access.redhat.com/security/cve/CVE-2020-15114 https://access.redhat.com/security/cve/CVE-2020-15136 https://access.redhat.com/security/cve/CVE-2020-26160 https://access.redhat.com/security/cve/CVE-2020-26541 https://access.redhat.com/security/cve/CVE-2020-28469 https://access.redhat.com/security/cve/CVE-2020-28500 https://access.redhat.com/security/cve/CVE-2020-28852 https://access.redhat.com/security/cve/CVE-2021-3114 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3516 https://access.redhat.com/security/cve/CVE-2021-3517 https://access.redhat.com/security/cve/CVE-2021-3518 https://access.redhat.com/security/cve/CVE-2021-3520 https://access.redhat.com/security/cve/CVE-2021-3537 https://access.redhat.com/security/cve/CVE-2021-3541 https://access.redhat.com/security/cve/CVE-2021-3636 https://access.redhat.com/security/cve/CVE-2021-20206 https://access.redhat.com/security/cve/CVE-2021-20271 https://access.redhat.com/security/cve/CVE-2021-20291 https://access.redhat.com/security/cve/CVE-2021-21419 https://access.redhat.com/security/cve/CVE-2021-21623 https://access.redhat.com/security/cve/CVE-2021-21639 https://access.redhat.com/security/cve/CVE-2021-21640 https://access.redhat.com/security/cve/CVE-2021-21648 https://access.redhat.com/security/cve/CVE-2021-22133 https://access.redhat.com/security/cve/CVE-2021-23337 https://access.redhat.com/security/cve/CVE-2021-23362 https://access.redhat.com/security/cve/CVE-2021-23368 https://access.redhat.com/security/cve/CVE-2021-23382 https://access.redhat.com/security/cve/CVE-2021-25735 https://access.redhat.com/security/cve/CVE-2021-25737 https://access.redhat.com/security/cve/CVE-2021-26539 https://access.redhat.com/security/cve/CVE-2021-26540 https://access.redhat.com/security/cve/CVE-2021-27292 https://access.redhat.com/security/cve/CVE-2021-28092 https://access.redhat.com/security/cve/CVE-2021-29059 https://access.redhat.com/security/cve/CVE-2021-29622 https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/cve/CVE-2021-33034 https://access.redhat.com/security/cve/CVE-2021-33194 https://access.redhat.com/security/cve/CVE-2021-33909 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYQCOF9zjgjWX9erEAQjsEg/+NSFQdRcZpqA34LWRtxn+01y2MO0WLroQ d4o+3h0ECKYNRFKJe6n7z8MdmPpvV2uNYN0oIwidTESKHkFTReQ6ZolcV/sh7A26 Z7E+hhpTTObxAL7Xx8nvI7PNffw3CIOZSpnKws5TdrwuMkH5hnBSSZntP5obp9Vs ImewWWl7CNQtFewtXbcmUojNzIvU1mujES2DTy2ffypLoOW6kYdJzyWubigIoR6h gep9HKf1X4oGPuDNF5trSdxKwi6W68+VsOA25qvcNZMFyeTFhZqowot/Jh1HUHD8 TWVpDPA83uuExi/c8tE8u7VZgakWkRWcJUsIw68VJVOYGvpP6K/MjTpSuP2itgUX X//1RGQM7g6sYTCSwTOIrMAPbYH0IMbGDjcS4fSZcfg6c+WJnEpZ72ZgjHZV8mxb 1BtQSs2lil48/cwDKM0yMO2nYsKiz4DCCx2W5izP0rLwNA8Hvqh9qlFgkxJWWOvA mtBCelB0E74qrE4NXbX+MIF7+ZQKjd1evE91/VWNs0FLR/xXdP3C5ORLU3Fag0G/ 0oTV73NdxP7IXVAdsECwU2AqS9ne1y01zJKtd7hq7H/wtkbasqCNq5J7HikJlLe6 dpKh5ZRQzYhGeQvho9WQfz/jd4HZZTcB6wxrWubbd05bYt/i/0gau90LpuFEuSDx +bLvJlpGiMg= =NJcM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat Advanced Cluster Management for Kubernetes 2.3.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Bugs: * RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444) * cluster became offline after apiserver health check (BZ# 1942589) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913444 - RFE Make the source code for the endpoint-metrics-operator public 1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull 1927520 - RHACM 2.3.0 images 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call 1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 1942589 - cluster became offline after apiserver health check 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command 1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions 1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id 1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters 5. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Bug Fix(es): * An update in libvirt has changed the way block threshold events are submitted. As a result, the VDSM was confused by the libvirt event, and tried to look up a drive, logging a warning about a missing drive. In this release, the VDSM has been adapted to handle the new libvirt behavior, and does not log warnings about missing drives. (BZ#1948177) * Previously, when a virtual machine was powered off on the source host of a live migration and the migration finished successfully at the same time, the two events interfered with each other, and sometimes prevented migration cleanup resulting in additional migrations from the host being blocked. In this release, additional migrations are not blocked. (BZ#1959436) * Previously, when failing to execute a snapshot and re-executing it later, the second try would fail due to using the previous execution data. In this release, this data will be used only when needed, in recovery mode. (BZ#1984209) 4. Then engine deletes the volume and causes data corruption. 1998017 - Keep cinbderlib dependencies optional for 4.4.8 6. Bug Fix(es): * Documentation is referencing deprecated API for Service Export - Submariner (BZ#1936528) * Importing of cluster fails due to error/typo in generated command (BZ#1936642) * RHACM 2.2.2 images (BZ#1938215) * 2.2 clusterlifecycle fails to allow provision `fips: true` clusters on aws, vsphere (BZ#1941778) 3. Summary: The Migration Toolkit for Containers (MTC) 1.7.4 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. Lodash Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. There is a security vulnerability in Lodash. Please keep an eye on CNNVD or vendor announcements. Description: The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as well as to add storage, create VMs and manage user permissions. Bug Fix(es): * This release adds the queue attribute to the virtio-scsi driver in the virtual machine configuration. This improvement enables multi-queue performance with the virtio-scsi driver. (BZ#911394) * With this release, source-load-balancing has been added as a new sub-option for xmit_hash_policy. It can be configured for bond modes balance-xor (2), 802.3ad (4) and balance-tlb (5), by specifying xmit_hash_policy=vlan+srcmac. (BZ#1683987) * The default DataCenter/Cluster will be set to compatibility level 4.6 on new installations of Red Hat Virtualization 4.4.6.; (BZ#1950348) * With this release, support has been added for copying disks between regular Storage Domains and Managed Block Storage Domains. It is now possible to migrate disks between Managed Block Storage Domains and regular Storage Domains. (BZ#1906074) * Previously, the engine-config value LiveSnapshotPerformFreezeInEngine was set by default to false and was supposed to be uses in cluster compatibility levels below 4.4. The value was set to general version. With this release, each cluster level has it's own value, defaulting to false for 4.4 and above. This will reduce unnecessary overhead in removing time outs of the file system freeze command. (BZ#1932284) * With this release, running virtual machines is supported for up to 16TB of RAM on x86_64 architectures. (BZ#1944723) * This release adds the gathering of oVirt/RHV related certificates to allow easier debugging of issues for faster customer help and issue resolution. Information from certificates is now included as part of the sosreport. Note that no corresponding private key information is gathered, due to security considerations. (BZ#1845877) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/2974891 5. Bugs fixed (https://bugzilla.redhat.com/): 1113630 - [RFE] indicate vNICs that are out-of-sync from their configuration on engine 1310330 - [RFE] Provide a way to remove stale LUNs from hypervisors 1589763 - [downstream clone] Error changing CD for a running VM when ISO image is on a block domain 1621421 - [RFE] indicate vNIC is out of sync on network QoS modification on engine 1717411 - improve engine logging when migration fail 1766414 - [downstream] [UI] hint after updating mtu on networks connected to running VMs 1775145 - Incorrect message from hot-plugging memory 1821199 - HP VM fails to migrate between identical hosts (the same cpu flags) not supporting TSC. 1845877 - [RFE] Collect information about RHV PKI 1875363 - engine-setup failing on FIPS enabled rhel8 machine 1906074 - [RFE] Support disks copy between regular and managed block storage domains 1910858 - vm_ovf_generations is not cleared while detaching the storage domain causing VM import with old stale configuration 1917718 - [RFE] Collect memory usage from guests without ovirt-guest-agent and memory ballooning 1919195 - Unable to create snapshot without saving memory of running VM from VM Portal. 1919984 - engine-setup failse to deploy the grafana service in an external DWH server 1924610 - VM Portal shows N/A as the VM IP address even if the guest agent is running and the IP is shown in the webadmin portal 1926018 - Failed to run VM after FIPS mode is enabled 1926823 - Integrating ELK with RHV-4.4 fails as RHVH is missing 'rsyslog-gnutls' package. 1928158 - Rename 'CA Certificate' link in welcome page to 'Engine CA certificate' 1928188 - Failed to parse 'writeOps' value 'XXXX' to integer: For input string: "XXXX" 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1929211 - Failed to parse 'writeOps' value 'XXXX' to integer: For input string: "XXXX" 1930522 - [RHV-4.4.5.5] Failed to deploy RHEL AV 8.4.0 host to RHV with error "missing groups or modules: virt:8.4" 1930565 - Host upgrade failed in imgbased but RHVM shows upgrade successful 1930895 - RHEL 8 virtual machine with qemu-guest-agent installed displays Guest OS Memory Free/Cached/Buffered: Not Configured 1932284 - Engine handled FS freeze is not fast enough for Windows systems 1935073 - Ansible ovirt_disk module can create disks with conflicting IDs that cannot be removed 1942083 - upgrade ovirt-cockpit-sso to 0.1.4-2 1943267 - Snapshot creation is failing for VM having vGPU. 1944723 - [RFE] Support virtual machines with 16TB memory 1948577 - [welcome page] remove "Infrastructure Migration" section (obsoleted) 1949543 - rhv-log-collector-analyzer fails to run MAC Pools rule 1949547 - rhv-log-collector-analyzer report contains 'b characters 1950348 - Set compatibility level 4.6 for Default DataCenter/Cluster during new installations of RHV 4.4.6 1950466 - Host installation failed 1954401 - HP VMs pinning is wiped after edit->ok and pinned to first physical CPUs. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.8.2 bug fix and security update Advisory ID: RHSA-2021:2438-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:2438 Issue date: 2021-07-27 CVE Names: CVE-2016-2183 CVE-2020-7774 CVE-2020-15106 CVE-2020-15112 CVE-2020-15113 CVE-2020-15114 CVE-2020-15136 CVE-2020-26160 CVE-2020-26541 CVE-2020-28469 CVE-2020-28500 CVE-2020-28852 CVE-2021-3114 CVE-2021-3121 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 CVE-2021-3541 CVE-2021-3636 CVE-2021-20206 CVE-2021-20271 CVE-2021-20291 CVE-2021-21419 CVE-2021-21623 CVE-2021-21639 CVE-2021-21640 CVE-2021-21648 CVE-2021-22133 CVE-2021-23337 CVE-2021-23362 CVE-2021-23368 CVE-2021-23382 CVE-2021-25735 CVE-2021-25737 CVE-2021-26539 CVE-2021-26540 CVE-2021-27292 CVE-2021-28092 CVE-2021-29059 CVE-2021-29622 CVE-2021-32399 CVE-2021-33034 CVE-2021-33194 CVE-2021-33909 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.8.2 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.2. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2021:2437 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-rel ease-notes.html Security Fix(es): * SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) * nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774) * etcd: Large slice causes panic in decodeRecord method (CVE-2020-15106) * etcd: DoS in wal/wal.go (CVE-2020-15112) * etcd: directories created via os.MkdirAll are not checked for permissions (CVE-2020-15113) * etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS (CVE-2020-15114) * etcd: no authentication is performed against endpoints provided in the - --endpoints flag (CVE-2020-15136) * jwt-go: access restriction bypass vulnerability (CVE-2020-26160) * nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469) * nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500) * golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852) * golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114) * containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206) * containers/storage: DoS via malicious image (CVE-2021-20291) * prometheus: open redirect under the /new endpoint (CVE-2021-29622) * golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194) * go.elastic.co/apm: leaks sensitive HTTP headers during panic (CVE-2021-22133) Space precludes listing in detail the following additional CVEs fixes: (CVE-2021-27292), (CVE-2021-28092), (CVE-2021-29059), (CVE-2021-23382), (CVE-2021-26539), (CVE-2021-26540), (CVE-2021-23337), (CVE-2021-23362) and (CVE-2021-23368) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-x86_64 The image digest is ssha256:0e82d17ababc79b10c10c5186920232810aeccbccf2a74c691487090a2c98ebc (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-s390x The image digest is sha256:a284c5c3fa21b06a6a65d82be1dc7e58f378aa280acd38742fb167a26b91ecb5 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.8.2-ppc64le The image digest is sha256:da989b8e28bccadbb535c2b9b7d3597146d14d254895cd35f544774f374cdd0f All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor 3. Solution: For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1725981 - oc explain does not work well with full resource.group names 1747270 - [osp] Machine with name "<cluster-id>-worker"couldn't join the cluster 1772993 - rbd block devices attached to a host are visible in unprivileged container pods 1786273 - [4.6] KAS pod logs show "error building openapi models ... has invalid property: anyOf" for CRDs 1786314 - [IPI][OSP] Install fails on OpenStack with self-signed certs unless the node running the installer has the CA cert in its system trusts 1801407 - Router in v4v6 mode puts brackets around IPv4 addresses in the Forwarded header 1812212 - ArgoCD example application cannot be downloaded from github 1817954 - [ovirt] Workers nodes are not numbered sequentially 1824911 - PersistentVolume yaml editor is read-only with system:persistent-volume-provisioner ClusterRole 1825219 - openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with "Unable to connect to the server" 1825417 - The containerruntimecontroller doesn't roll back to CR-1 if we delete CR-2 1834551 - ClusterOperatorDown fires when operator is only degraded; states will block upgrades 1835264 - Intree provisioner doesn't respect PVC.spec.dataSource sometimes 1839101 - Some sidebar links in developer perspective don't follow same project 1840881 - The KubeletConfigController cannot process multiple confs for a pool/ pool changes 1846875 - Network setup test high failure rate 1848151 - Console continues to poll the ClusterVersion resource when the user doesn't have authority 1850060 - After upgrading to 3.11.219 timeouts are appearing. 1852637 - Kubelet sets incorrect image names in node status images section 1852743 - Node list CPU column only show usage 1853467 - container_fs_writes_total is inconsistent with CPU/memory in summarizing cgroup values 1857008 - [Edge] [BareMetal] Not provided STATE value for machines 1857477 - Bad helptext for storagecluster creation 1859382 - check-endpoints panics on graceful shutdown 1862084 - Inconsistency of time formats in the OpenShift web-console 1864116 - Cloud credential operator scrolls warnings about unsupported platform 1866222 - Should output all options when runing `operator-sdk init --help` 1866318 - [RHOCS Usability Study][Dashboard] Users found it difficult to navigate to the OCS dashboard 1866322 - [RHOCS Usability Study][Dashboard] Alert details page does not help to explain the Alert 1866331 - [RHOCS Usability Study][Dashboard] Users need additional tooltips or definitions 1868755 - [vsphere] terraform provider vsphereprivate crashes when network is unavailable on host 1868870 - CVE-2020-15113 etcd: directories created via os.MkdirAll are not checked for permissions 1868872 - CVE-2020-15112 etcd: DoS in wal/wal.go 1868874 - CVE-2020-15114 etcd: gateway can include itself as an endpoint resulting in resource exhaustion and leads to DoS 1868880 - CVE-2020-15136 etcd: no authentication is performed against endpoints provided in the --endpoints flag 1868883 - CVE-2020-15106 etcd: Large slice causes panic in decodeRecord method 1871303 - [sig-instrumentation] Prometheus when installed on the cluster should have important platform topology metrics 1871770 - [IPI baremetal] The Keepalived.conf file is not indented evenly 1872659 - ClusterAutoscaler doesn't scale down when a node is not needed anymore 1873079 - SSH to api and console route is possible when the clsuter is hosted on Openstack 1873649 - proxy.config.openshift.io should validate user inputs 1874322 - openshift/oauth-proxy: htpasswd using SHA1 to store credentials 1874931 - Accessibility - Keyboard shortcut to exit YAML editor not easily discoverable 1876918 - scheduler test leaves taint behind 1878199 - Remove Log Level Normalization controller in cluster-config-operator release N+1 1878655 - [aws-custom-region] creating manifests take too much time when custom endpoint is unreachable 1878685 - Ingress resource with "Passthrough" annotation does not get applied when using the newer "networking.k8s.io/v1" API 1879077 - Nodes tainted after configuring additional host iface 1879140 - console auth errors not understandable by customers 1879182 - switch over to secure access-token logging by default and delete old non-sha256 tokens 1879184 - CVO must detect or log resource hotloops 1879495 - [4.6] namespace \“openshift-user-workload-monitoring\” does not exist” 1879638 - Binary file uploaded to a secret in OCP 4 GUI is not properly converted to Base64-encoded string 1879944 - [OCP 4.8] Slow PV creation with vsphere 1880757 - AWS: master not removed from LB/target group when machine deleted 1880758 - Component descriptions in cloud console have bad description (Managed by Terraform) 1881210 - nodePort for router-default metrics with NodePortService does not exist 1881481 - CVO hotloops on some service manifests 1881484 - CVO hotloops on deployment manifests 1881514 - CVO hotloops on imagestreams from cluster-samples-operator 1881520 - CVO hotloops on (some) clusterrolebindings 1881522 - CVO hotloops on clusterserviceversions packageserver 1881662 - Error getting volume limit for plugin kubernetes.io/<name> in kubelet logs 1881694 - Evidence of disconnected installs pulling images from the local registry instead of quay.io 1881938 - migrator deployment doesn't tolerate masters 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1883587 - No option for user to select volumeMode 1883993 - Openshift 4.5.8 Deleting pv disk vmdk after delete machine 1884053 - cluster DNS experiencing disruptions during cluster upgrade in insights cluster 1884800 - Failed to set up mount unit: Invalid argument 1885186 - Removing ssh keys MC does not remove the key from authorized_keys 1885349 - [IPI Baremetal] Proxy Information Not passed to metal3 1885717 - activeDeadlineSeconds DeadlineExceeded does not show terminated container statuses 1886572 - auth: error contacting auth provider when extra ingress (not default) goes down 1887849 - When creating new storage class failure_domain is missing. 1888712 - Worker nodes do not come up on a baremetal IPI deployment with control plane network configured on a vlan on top of bond interface due to Pending CSRs 1889689 - AggregatedAPIErrors alert may never fire 1890678 - Cypress: Fix 'structure' accesibility violations 1890828 - Intermittent prune job failures causing operator degradation 1891124 - CP Conformance: CRD spec and status failures 1891301 - Deleting bmh by "oc delete bmh' get stuck 1891696 - [LSO] Add capacity UI does not check for node present in selected storageclass 1891766 - [LSO] Min-Max filter's from OCS wizard accepts Negative values and that cause PV not getting created 1892642 - oauth-server password metrics do not appear in UI after initial OCP installation 1892718 - HostAlreadyClaimed: The new route cannot be loaded with a new api group version 1893850 - Add an alert for requests rejected by the apiserver 1893999 - can't login ocp cluster with oc 4.7 client without the username 1895028 - [gcp-pd-csi-driver-operator] Volumes created by CSI driver are not deleted on cluster deletion 1895053 - Allow builds to optionally mount in cluster trust stores 1896226 - recycler-pod template should not be in kubelet static manifests directory 1896321 - MachineSet scaling from 0 is not available or evaluated incorrectly for the new or changed instance types 1896751 - [RHV IPI] Worker nodes stuck in the Provisioning Stage if the machineset has a long name 1897415 - [Bare Metal - Ironic] provide the ability to set the cipher suite for ipmitool when doing a Bare Metal IPI install 1897621 - Auth test.Login test.logs in as kubeadmin user: Timeout 1897918 - [oVirt] e2e tests fail due to kube-apiserver not finishing 1898680 - CVE-2020-7774 nodejs-y18n: prototype pollution vulnerability 1899057 - fix spurious br-ex MAC address error log 1899187 - [Openstack] node-valid-hostname.service failes during the first boot leading to 5 minute provisioning delay 1899587 - [External] RGW usage metrics shown on Object Service Dashboard is incorrect 1900454 - Enable host-based disk encryption on Azure platform 1900819 - Scaled ingress replicas following sharded pattern don't balance evenly across multi-AZ 1901207 - Search Page - Pipeline resources table not immediately updated after Name filter applied or removed 1901535 - Remove the managingOAuthAPIServer field from the authentication.operator API 1901648 - "do you need to set up custom dns" tooltip inaccurate 1902003 - Jobs Completions column is not sorting when there are "0 of 1" and "1 of 1" in the list. 1902076 - image registry operator should monitor status of its routes 1902247 - openshift-oauth-apiserver apiserver pod crashloopbackoffs 1903055 - [OSP] Validation should fail when no any IaaS flavor or type related field are given 1903228 - Pod stuck in Terminating, runc init process frozen 1903383 - Latest RHCOS 47.83. builds failing to install: mount /root.squashfs failed 1903553 - systemd container renders node NotReady after deleting it 1903700 - metal3 Deployment doesn't have unique Pod selector 1904006 - The --dir option doest not work for command `oc image extract` 1904505 - Excessive Memory Use in Builds 1904507 - vsphere-problem-detector: implement missing metrics 1904558 - Random init-p error when trying to start pod 1905095 - Images built on OCP 4.6 clusters create manifests that result in quay.io (and other registries) rejecting those manifests 1905147 - ConsoleQuickStart Card's prerequisites is a combined text instead of a list 1905159 - Installation on previous unused dasd fails after formatting 1905331 - openshift-multus initContainer multus-binary-copy, etc. are not requesting required resources: cpu, memory 1905460 - Deploy using virtualmedia for disabled provisioning network on real BM(HPE) fails 1905577 - Control plane machines not adopted when provisioning network is disabled 1905627 - Warn users when using an unsupported browser such as IE 1905709 - Machine API deletion does not properly handle stopped instances on AWS or GCP 1905849 - Default volumesnapshotclass should be created when creating default storageclass 1906056 - Bundles skipped via the `skips` field cannot be pinned 1906102 - CBO produces standard metrics 1906147 - ironic-rhcos-downloader should not use --insecure 1906304 - Unexpected value NaN parsing x/y attribute when viewing pod Memory/CPU usage chart 1906740 - [aws]Machine should be "Failed" when creating a machine with invalid region 1907309 - Migrate controlflow v1alpha1 to v1beta1 in storage 1907315 - the internal load balancer annotation for AWS should use "true" instead of "0.0.0.0/0" as value 1907353 - [4.8] OVS daemonset is wasting resources even though it doesn't do anything 1907614 - Update kubernetes deps to 1.20 1908068 - Enable DownwardAPIHugePages feature gate 1908169 - The example of Import URL is "Fedora cloud image list" for all templates. 1908170 - sriov network resource injector: Hugepage injection doesn't work with mult container 1908343 - Input labels in Manage columns modal should be clickable 1908378 - [sig-network] pods should successfully create sandboxes by getting pod - Static Pod Failures 1908655 - "Evaluating rule failed" for "record: node:node_num_cpu:sum" rule 1908762 - [Dualstack baremetal cluster] multicast traffic is not working on ovn-kubernetes 1908765 - [SCALE] enable OVN lflow data path groups 1908774 - [SCALE] enable OVN DB memory trimming on compaction 1908916 - CNO: turn on OVN DB RAFT diffs once all master DB pods are capable of it 1909091 - Pod/node/ip/template isn't showing when vm is running 1909600 - Static pod installer controller deadlocks with non-existing installer pod, WAS: kube-apisrever of clsuter operator always with incorrect status due to pleg error 1909849 - release-openshift-origin-installer-e2e-aws-upgrade-fips-4.4 is perm failing 1909875 - [sig-cluster-lifecycle] Cluster version operator acknowledges upgrade : timed out waiting for cluster to acknowledge upgrade 1910067 - UPI: openstacksdk fails on "server group list" 1910113 - periodic-ci-openshift-release-master-ocp-4.5-ci-e2e-44-stable-to-45-ci is never passing 1910318 - OC 4.6.9 Installer failed: Some pods are not scheduled: 3 node(s) didn't match node selector: AWS compute machines without status 1910378 - socket timeouts for webservice communication between pods 1910396 - 4.6.9 cred operator should back-off when provisioning fails on throttling 1910500 - Could not list CSI provisioner on web when create storage class on GCP platform 1911211 - Should show the cert-recovery-controller version correctly 1911470 - ServiceAccount Registry Authfiles Do Not Contain Entries for Public Hostnames 1912571 - libvirt: Support setting dnsmasq options through the install config 1912820 - openshift-apiserver Available is False with 3 pods not ready for a while during upgrade 1913112 - BMC details should be optional for unmanaged hosts 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913341 - GCP: strange cluster behavior in CI run 1913399 - switch to v1beta1 for the priority and fairness APIs 1913525 - Panic in OLM packageserver when invoking webhook authorization endpoint 1913532 - After a 4.6 to 4.7 upgrade, a node went unready 1913974 - snapshot test periodically failing with "can't open '/mnt/test/data': No such file or directory" 1914127 - Deletion of oc get svc router-default -n openshift-ingress hangs 1914446 - openshift-service-ca-operator and openshift-service-ca pods run as root 1914994 - Panic observed in k8s-prometheus-adapter since k8s 1.20 1915122 - Size of the hostname was preventing proper DNS resolution of the worker node names 1915693 - Not able to install gpu-operator on cpumanager enabled node. 1915971 - Role and Role Binding breadcrumbs do not work as expected 1916116 - the left navigation menu would not be expanded if repeat clicking the links in Overview page 1916118 - [OVN] Source IP is not EgressIP if configured allow 0.0.0.0/0 in the EgressFirewall 1916392 - scrape priority and fairness endpoints for must-gather 1916450 - Alertmanager: add title and text fields to Adv. config. section of Slack Receiver form 1916489 - [sig-scheduling] SchedulerPriorities [Serial] fails with "Error waiting for 1 pods to be running - probably a timeout: Timeout while waiting for pods with labels to be ready" 1916553 - Default template's description is empty on details tab 1916593 - Destroy cluster sometimes stuck in a loop 1916872 - need ability to reconcile exgw annotations on pod add 1916890 - [OCP 4.7] api or api-int not available during installation 1917241 - [en_US] The tooltips of Created date time is not easy to read in all most of UIs. 1917282 - [Migration] MCO stucked for rhel worker after enable the migration prepare state 1917328 - It should default to current namespace when create vm from template action on details page 1917482 - periodic-ci-openshift-release-master-ocp-4.7-e2e-metal-ipi failing with "cannot go from state 'deploy failed' to state 'manageable'" 1917485 - [oVirt] ovirt machine/machineset object has missing some field validations 1917667 - Master machine config pool updates are stalled during the migration from SDN to OVNKube. 1917906 - [oauth-server] bump k8s.io/apiserver to 1.20.3 1917931 - [e2e-gcp-upi] failing due to missing pyopenssl library 1918101 - [vsphere]Delete Provisioning machine took about 12 minutes 1918376 - Image registry pullthrough does not support ICSP, mirroring e2es do not pass 1918442 - Service Reject ACL does not work on dualstack 1918723 - installer fails to write boot record on 4k scsi lun on s390x 1918729 - Add hide/reveal button for the token field in the KMS configuration page 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1918785 - Pod request and limit calculations in console are incorrect 1918910 - Scale from zero annotations should not requeue if instance type missing 1919032 - oc image extract - will not extract files from image rootdir - "error: unexpected directory from mapping tests.test" 1919048 - Whereabouts IPv6 addresses not calculated when leading hextets equal 0 1919151 - [Azure] dnsrecords with invalid domain should not be published to Azure dnsZone 1919168 - `oc adm catalog mirror` doesn't work for the air-gapped cluster 1919291 - [Cinder-csi-driver] Filesystem did not expand for on-line volume resize 1919336 - vsphere-problem-detector should check if datastore is part of datastore cluster 1919356 - Add missing profile annotation in cluster-update-keys manifests 1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration 1919398 - Permissive Egress NetworkPolicy (0.0.0.0/0) is blocking all traffic 1919406 - OperatorHub filter heading "Provider Type" should be "Source" 1919737 - hostname lookup delays when master node down 1920209 - Multus daemonset upgrade takes the longest time in the cluster during an upgrade 1920221 - GCP jobs exhaust zone listing query quota sometimes due to too many initializations of cloud provider in tests 1920300 - cri-o does not support configuration of stream idle time 1920307 - "VM not running" should be "Guest agent required" on vm details page in dev console 1920532 - Problem in trying to connect through the service to a member that is the same as the caller. 1920677 - Various missingKey errors in the devconsole namespace 1920699 - Operation cannot be fulfilled on clusterresourcequotas.quota.openshift.io error when creating different OpenShift resources 1920901 - [4.7]"500 Internal Error" for prometheus route in https_proxy cluster 1920903 - oc adm top reporting unknown status for Windows node 1920905 - Remove DNS lookup workaround from cluster-api-provider 1921106 - A11y Violation: button name(s) on Utilization Card on Cluster Dashboard 1921184 - kuryr-cni binds to wrong interface on machine with two interfaces 1921227 - Fix issues related to consuming new extensions in Console static plugins 1921264 - Bundle unpack jobs can hang indefinitely 1921267 - ResourceListDropdown not internationalized 1921321 - SR-IOV obliviously reboot the node 1921335 - ThanosSidecarUnhealthy 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1921720 - test: openshift-tests.[sig-cli] oc observe works as expected [Suite:openshift/conformance/parallel] 1921763 - operator registry has high memory usage in 4.7... cleanup row closes 1921778 - Push to stage now failing with semver issues on old releases 1921780 - Search page not fully internationalized 1921781 - DefaultList component not internationalized 1921878 - [kuryr] Egress network policy with namespaceSelector in Kuryr behaves differently than in OVN-Kubernetes 1921885 - Server-side Dry-run with Validation Downloads Entire OpenAPI spec often 1921892 - MAO: controller runtime manager closes event recorder 1921894 - Backport Avoid node disruption when kube-apiserver-to-kubelet-signer is rotated 1921937 - During upgrade /etc/hostname becomes a directory, nodes are set with kubernetes.io/hostname=localhost label 1921953 - ClusterServiceVersion property inference does not infer package and version 1922063 - "Virtual Machine" should be "Templates" in template wizard 1922065 - Rootdisk size is default to 15GiB in customize wizard 1922235 - [build-watch] e2e-aws-upi - e2e-aws-upi container setup failing because of Python code version mismatch 1922264 - Restore snapshot as a new PVC: RWO/RWX access modes are not click-able if parent PVC is deleted 1922280 - [v2v] on the upstream release, In VM import wizard I see RHV but no oVirt 1922646 - Panic in authentication-operator invoking webhook authorization 1922648 - FailedCreatePodSandBox due to "failed to pin namespaces [uts]: [pinns:e]: /var/run/utsns exists and is not a directory: File exists" 1922764 - authentication operator is degraded due to number of kube-apiservers 1922992 - some button text on YAML sidebar are not translated 1922997 - [Migration]The SDN migration rollback failed. 1923038 - [OSP] Cloud Info is loaded twice 1923157 - Ingress traffic performance drop due to NodePort services 1923786 - RHV UPI fails with unhelpful message when ASSET_DIR is not set. 1923811 - Registry claims Available=True despite .status.readyReplicas == 0 while .spec.replicas == 2 1923847 - Error occurs when creating pods if configuring multiple key-only labels in default cluster-wide node selectors or project-wide node selectors 1923984 - Incorrect anti-affinity for UWM prometheus 1924020 - panic: runtime error: index out of range [0] with length 0 1924075 - kuryr-controller restart when enablePortPoolsPrepopulation = true 1924083 - "Activity" Pane of Persistent Storage tab shows events related to Noobaa too 1924140 - [OSP] Typo in OPENSHFIT_INSTALL_SKIP_PREFLIGHT_VALIDATIONS variable 1924171 - ovn-kube must handle single-stack to dual-stack migration 1924358 - metal UPI setup fails, no worker nodes 1924502 - Failed to start transient scope unit: Argument list too long / systemd[1]: Failed to set up mount unit: Invalid argument 1924536 - 'More about Insights' link points to support link 1924585 - "Edit Annotation" are not correctly translated in Chinese 1924586 - Control Plane status and Operators status are not fully internationalized 1924641 - [User Experience] The message "Missing storage class" needs to be displayed after user clicks Next and needs to be rephrased 1924663 - Insights operator should collect related pod logs when operator is degraded 1924701 - Cluster destroy fails when using byo with Kuryr 1924728 - Difficult to identify deployment issue if the destination disk is too small 1924729 - Create Storageclass for CephFS provisioner assumes incorrect default FSName in external mode (side-effect of fix for Bug 1878086) 1924747 - InventoryItem doesn't internationalize resource kind 1924788 - Not clear error message when there are no NADs available for the user 1924816 - Misleading error messages in ironic-conductor log 1924869 - selinux avc deny after installing OCP 4.7 1924916 - PVC reported as Uploading when it is actually cloning 1924917 - kuryr-controller in crash loop if IP is removed from secondary interfaces 1924953 - newly added 'excessive etcd leader changes' test case failing in serial job 1924968 - Monitoring list page filter options are not translated 1924983 - some components in utils directory not localized 1925017 - [UI] VM Details-> Network Interfaces, 'Name,' is displayed instead on 'Name' 1925061 - Prometheus backed by a PVC may start consuming a lot of RAM after 4.6 -> 4.7 upgrade due to series churn 1925083 - Some texts are not marked for translation on idp creation page. 1925087 - Add i18n support for the Secret page 1925148 - Shouldn't create the redundant imagestream when use `oc new-app --name=testapp2 -i ` with exist imagestream 1925207 - VM from custom template - cloudinit disk is not added if creating the VM from custom template using customization wizard 1925216 - openshift installer fails immediately failed to fetch Install Config 1925236 - OpenShift Route targets every port of a multi-port service 1925245 - oc idle: Clusters upgrading with an idled workload do not have annotations on the workload's service 1925261 - Items marked as mandatory in KMS Provider form are not enforced 1925291 - Baremetal IPI - While deploying with IPv6 provision network with subnet other than /64 masters fail to PXE boot 1925343 - [ci] e2e-metal tests are not using reserved instances 1925493 - Enable snapshot e2e tests 1925586 - cluster-etcd-operator is leaking transports 1925614 - Error: InstallPlan.operators.coreos.com not found 1925698 - On GCP, load balancers report kube-apiserver fails its /readyz check 50% of the time, causing load balancer backend churn and disruptions to apiservers 1926029 - [RFE] Either disable save or give warning when no disks support snapshot 1926054 - Localvolume CR is created successfully, when the storageclass name defined in the localvolume exists. 1926072 - Close button (X) does not work in the new "Storage cluster exists" Warning alert message(introduced via fix for Bug 1867400) 1926082 - Insights operator should not go degraded during upgrade 1926106 - [ja_JP][zh_CN] Create Project, Delete Project and Delete PVC modal are not fully internationalized 1926115 - Texts in “Insights” popover on overview page are not marked for i18n 1926123 - Pseudo bug: revert "force cert rotation every couple days for development" in 4.7 1926126 - some kebab/action menu translation issues 1926131 - Add HPA page is not fully internationalized 1926146 - [sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should be able to connect to a service that is idled because a GET on the route will unidle it 1926154 - Create new pool with arbiter - wrong replica 1926278 - [oVirt] consume K8S 1.20 packages 1926279 - Pod ignores mtu setting from sriovNetworkNodePolicies in case of PF partitioning 1926285 - ignore pod not found status messages 1926289 - Accessibility: Modal content hidden from screen readers 1926310 - CannotRetrieveUpdates alerts on Critical severity 1926329 - [Assisted-4.7][Staging] monitoring stack in staging is being overloaded by the amount of metrics being exposed by assisted-installer pods and scraped by prometheus. 1926336 - Service details can overflow boxes at some screen widths 1926346 - move to go 1.15 and registry.ci.openshift.org 1926364 - Installer timeouts because proxy blocked connection to Ironic API running on bootstrap VM 1926465 - bootstrap kube-apiserver does not have --advertise-address set – was: [BM][IPI][DualStack] Installation fails cause Kubernetes service doesn't have IPv6 endpoints 1926484 - API server exits non-zero on 2 SIGTERM signals 1926547 - OpenShift installer not reporting IAM permission issue when removing the Shared Subnet Tag 1926579 - Setting .spec.policy is deprecated and will be removed eventually. Please use .spec.profile instead is being logged every 3 seconds in scheduler operator log 1926598 - Duplicate alert rules are displayed on console for thanos-querier api return wrong results 1926776 - "Template support" modal appears when select the RHEL6 common template 1926835 - [e2e][automation] prow gating use unsupported CDI version 1926843 - pipeline with finally tasks status is improper 1926867 - openshift-apiserver Available is False with 3 pods not ready for a while during upgrade 1926893 - When deploying the operator via OLM (after creating the respective catalogsource), the deployment "lost" the `resources` section. 1926903 - NTO may fail to disable stalld when relying on Tuned '[service]' plugin 1926931 - Inconsistent ovs-flow rule on one of the app node for egress node 1926943 - vsphere-problem-detector: Alerts in CI jobs 1926977 - [sig-devex][Feature:ImageEcosystem][Slow] openshift sample application repositories rails/nodejs 1927013 - Tables don't render properly at smaller screen widths 1927017 - CCO does not relinquish leadership when restarting for proxy CA change 1927042 - Empty static pod files on UPI deployments are confusing 1927047 - multiple external gateway pods will not work in ingress with IP fragmentation 1927068 - Workers fail to PXE boot when IPv6 provisionining network has subnet other than /64 1927075 - [e2e][automation] Fix pvc string in pvc.view 1927118 - OCP 4.7: NVIDIA GPU Operator DCGM metrics not displayed in OpenShift Console Monitoring Metrics page 1927244 - UPI installation with Kuryr timing out on bootstrap stage 1927263 - kubelet service takes around 43 secs to start container when started from stopped state 1927264 - FailedCreatePodSandBox due to multus inability to reach apiserver 1927310 - Performance: Console makes unnecessary requests for en-US messages on load 1927340 - Race condition in OperatorCondition reconcilation 1927366 - OVS configuration service unable to clone NetworkManager's connections in the overlay FS 1927391 - Fix flake in TestSyncPodsDeletesWhenSourcesAreReady 1927393 - 4.7 still points to 4.6 catalog images 1927397 - p&f: add auto update for priority & fairness bootstrap configuration objects 1927423 - Happy "Not Found" and no visible error messages on error-list page when /silences 504s 1927465 - Homepage dashboard content not internationalized 1927678 - Reboot interface defaults to softPowerOff so fencing is too slow 1927731 - /usr/lib/dracut/modules.d/30ignition/ignition --version sigsev 1927797 - 'Pod(s)' should be included in the pod donut label when a horizontal pod autoscaler is enabled 1927882 - Can't create cluster role binding from UI when a project is selected 1927895 - global RuntimeConfig is overwritten with merge result 1927898 - i18n Admin Notifier 1927902 - i18n Cluster Utilization dashboard duration 1927903 - "CannotRetrieveUpdates" - critical error in openshift web console 1927925 - Manually misspelled as Manualy 1927941 - StatusDescriptor detail item and Status component can cause runtime error when the status is an object or array 1927942 - etcd should use socket option (SO_REUSEADDR) instead of wait for port release on process restart 1927944 - cluster version operator cycles terminating state waiting for leader election 1927993 - Documentation Links in OKD Web Console are not Working 1928008 - Incorrect behavior when we click back button after viewing the node details in Internal-attached mode 1928045 - N+1 scaling Info message says "single zone" even if the nodes are spread across 2 or 0 zones 1928147 - Domain search set in the required domains in Option 119 of DHCP Server is ignored by RHCOS on RHV 1928157 - 4.7 CNO claims to be done upgrading before it even starts 1928164 - Traffic to outside the cluster redirected when OVN is used and NodePort service is configured 1928297 - HAProxy fails with 500 on some requests 1928473 - NetworkManager overlay FS not being created on None platform 1928512 - sap license management logs gatherer 1928537 - Cannot IPI with tang/tpm disk encryption 1928640 - Definite error message when using StorageClass based on azure-file / Premium_LRS 1928658 - Update plugins and Jenkins version to prepare openshift-sync-plugin 1.0.46 release 1928850 - Unable to pull images due to limited quota on Docker Hub 1928851 - manually creating NetNamespaces will break things and this is not obvious 1928867 - golden images - DV should not be created with WaitForFirstConsumer 1928869 - Remove css required to fix search bug in console caused by pf issue in 2021.1 1928875 - Update translations 1928893 - Memory Pressure Drop Down Info is stating "Disk" capacity is low instead of memory 1928931 - DNSRecord CRD is using deprecated v1beta1 API 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1929052 - Add new Jenkins agent maven dir for 3.6 1929056 - kube-apiserver-availability.rules are failing evaluation 1929110 - LoadBalancer service check test fails during vsphere upgrade 1929136 - openshift isn't able to mount nfs manila shares to pods 1929175 - LocalVolumeSet: PV is created on disk belonging to other provisioner 1929243 - Namespace column missing in Nodes Node Details / pods tab 1929277 - Monitoring workloads using too high a priorityclass 1929281 - Update Tech Preview badge to transparent border color when upgrading to PatternFly v4.87.1 1929314 - ovn-kubernetes endpoint slice controller doesn't run on CI jobs 1929359 - etcd-quorum-guard uses origin-cli [4.8] 1929577 - Edit Application action overwrites Deployment envFrom values on save 1929654 - Registry for Azure uses legacy V1 StorageAccount 1929693 - Pod stuck at "ContainerCreating" status 1929733 - oVirt CSI driver operator is constantly restarting 1929769 - Getting 404 after switching user perspective in another tab and reload Project details 1929803 - Pipelines shown in edit flow for Workloads created via ContainerImage flow 1929824 - fix alerting on volume name check for vsphere 1929917 - Bare-metal operator is firing for ClusterOperatorDown for 15m during 4.6 to 4.7 upgrade 1929944 - The etcdInsufficientMembers alert fires incorrectly when any instance is down and not when quorum is lost 1930007 - filter dropdown item filter and resource list dropdown item filter doesn't support multi selection 1930015 - OS list is overlapped by buttons in template wizard 1930064 - Web console crashes during VM creation from template when no storage classes are defined 1930220 - Cinder CSI driver is not able to mount volumes under heavier load 1930240 - Generated clouds.yaml incomplete when provisioning network is disabled 1930248 - After creating a remediation flow and rebooting a worker there is no access to the openshift-web-console 1930268 - intel vfio devices are not expose as resources 1930356 - Darwin binary missing from mirror.openshift.com 1930393 - Gather info about unhealthy SAP pods 1930546 - Monitoring-dashboard-workload keep loading when user with cluster-role cluster-monitoring-view login develoer console 1930570 - Jenkins templates are displayed in Developer Catalog twice 1930620 - the logLevel field in containerruntimeconfig can't be set to "trace" 1930631 - Image local-storage-mustgather in the doc does not come from product registry 1930893 - Backport upstream patch 98956 for pod terminations 1931005 - Related objects page doesn't show the object when its name is empty 1931103 - remove periodic log within kubelet 1931115 - Azure cluster install fails with worker type workers Standard_D4_v2 1931215 - [RFE] Cluster-api-provider-ovirt should handle affinity groups 1931217 - [RFE] Installer should create RHV Affinity group for OCP cluster VMS 1931467 - Kubelet consuming a large amount of CPU and memory and node becoming unhealthy 1931505 - [IPI baremetal] Two nodes hold the VIP post remove and start of the Keepalived container 1931522 - Fresh UPI install on BM with bonding using OVN Kubernetes fails 1931529 - SNO: mentioning of 4 nodes in error message - Cluster network CIDR prefix 24 does not contain enough addresses for 4 hosts each one with 25 prefix (128 addresses) 1931629 - Conversational Hub Fails due to ImagePullBackOff 1931637 - Kubeturbo Operator fails due to ImagePullBackOff 1931652 - [single-node] etcd: discover-etcd-initial-cluster graceful termination race. 1931658 - [single-node] cluster-etcd-operator: cluster never pivots from bootstrapIP endpoint 1931674 - [Kuryr] Enforce nodes MTU for the Namespaces and Pods 1931852 - Ignition HTTP GET is failing, because DHCP IPv4 config is failing silently 1931883 - Fail to install Volume Expander Operator due to CrashLookBackOff 1931949 - Red Hat Integration Camel-K Operator keeps stuck in Pending state 1931974 - Operators cannot access kubeapi endpoint on OVNKubernetes on ipv6 1931997 - network-check-target causes upgrade to fail from 4.6.18 to 4.7 1932001 - Only one of multiple subscriptions to the same package is honored 1932097 - Apiserver liveness probe is marking it as unhealthy during normal shutdown 1932105 - machine-config ClusterOperator claims level while control-plane still updating 1932133 - AWS EBS CSI Driver doesn’t support “csi.storage.k8s.io/fsTyps” parameter 1932135 - When “iopsPerGB” parameter is not set, event for AWS EBS CSI Driver provisioning is not clear 1932152 - When “iopsPerGB” parameter is set to a wrong number, events for AWS EBS CSI Driver provisioning are not clear 1932154 - [AWS ] machine stuck in provisioned phase , no warnings or errors 1932182 - catalog operator causing CPU spikes and bad etcd performance 1932229 - Can’t find kubelet metrics for aws ebs csi volumes 1932281 - [Assisted-4.7][UI] Unable to change upgrade channel once upgrades were discovered 1932323 - CVE-2021-26540 sanitize-html: improper validation of hostnames set by the "allowedIframeHostnames" option can lead to bypass hostname whitelist for iframe element 1932324 - CRIO fails to create a Pod in sandbox stage - starting container process caused: process_linux.go:472: container init caused: Running hook #0:: error running hook: exit status 255, stdout: , stderr: \"\n" 1932362 - CVE-2021-26539 sanitize-html: improper handling of internationalized domain name (IDN) can lead to bypass hostname whitelist validation 1932401 - Cluster Ingress Operator degrades if external LB redirects http to https because of new "canary" route 1932453 - Update Japanese timestamp format 1932472 - Edit Form/YAML switchers cause weird collapsing/code-folding issue 1932487 - [OKD] origin-branding manifest is missing cluster profile annotations 1932502 - Setting MTU for a bond interface using Kernel arguments is not working 1932618 - Alerts during a test run should fail the test job, but were not 1932624 - ClusterMonitoringOperatorReconciliationErrors is pending at the end of an upgrade and probably should not be 1932626 - During a 4.8 GCP upgrade OLM fires an alert indicating the operator is unhealthy 1932673 - Virtual machine template provided by red hat should not be editable. The UI allows to edit and then reverse the change after it was made 1932789 - Proxy with port is unable to be validated if it overlaps with service/cluster network 1932799 - During a hive driven baremetal installation the process does not go beyond 80% in the bootstrap VM 1932805 - e2e: test OAuth API connections in the tests by that name 1932816 - No new local storage operator bundle image is built 1932834 - enforce the use of hashed access/authorize tokens 1933101 - Can not upgrade a Helm Chart that uses a library chart in the OpenShift dev console 1933102 - Canary daemonset uses default node selector 1933114 - [sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should be able to connect to a service that is idled because a GET on the route will unidle it [Suite:openshift/conformance/parallel/minimal] 1933159 - multus DaemonSets should use maxUnavailable: 33% 1933173 - openshift-sdn/sdn DaemonSet should use maxUnavailable: 10% 1933174 - openshift-sdn/ovs DaemonSet should use maxUnavailable: 10% 1933179 - network-check-target DaemonSet should use maxUnavailable: 10% 1933180 - openshift-image-registry/node-ca DaemonSet should use maxUnavailable: 10% 1933184 - openshift-cluster-csi-drivers DaemonSets should use maxUnavailable: 10% 1933263 - user manifest with nodeport services causes bootstrap to block 1933269 - Cluster unstable replacing an unhealthy etcd member 1933284 - Samples in CRD creation are ordered arbitarly 1933414 - Machines are created with unexpected name for Ports 1933599 - bump k8s.io/apiserver to 1.20.3 1933630 - [Local Volume] Provision disk failed when disk label has unsupported value like ":" 1933664 - Getting Forbidden for image in a container template when creating a sample app 1933708 - Grafana is not displaying deployment config resources in dashboard `Default /Kubernetes / Compute Resources / Namespace (Workloads)` 1933711 - EgressDNS: Keep short lived records at most 30s 1933730 - [AI-UI-Wizard] Toggling "Use extra disks for local storage" checkbox highlights the "Next" button to move forward but grays out once clicked 1933761 - Cluster DNS service caps TTLs too low and thus evicts from its cache too aggressively 1933772 - MCD Crash Loop Backoff 1933805 - TargetDown alert fires during upgrades because of normal upgrade behavior 1933857 - Details page can throw an uncaught exception if kindObj prop is undefined 1933880 - Kuryr-Controller crashes when it's missing the status object 1934021 - High RAM usage on machine api termination node system oom 1934071 - etcd consuming high amount of memory and CPU after upgrade to 4.6.17 1934080 - Both old and new Clusterlogging CSVs stuck in Pending during upgrade 1934085 - Scheduling conformance tests failing in a single node cluster 1934107 - cluster-authentication-operator builds URL incorrectly for IPv6 1934112 - Add memory and uptime metadata to IO archive 1934113 - mcd panic when there's not enough free disk space 1934123 - [OSP] First public endpoint is used to fetch ignition config from Glance URL (with multiple endpoints) on OSP 1934163 - Thanos Querier restarting and gettin alert ThanosQueryHttpRequestQueryRangeErrorRateHigh 1934174 - rootfs too small when enabling NBDE 1934176 - Machine Config Operator degrades during cluster update with failed to convert Ignition config spec v2 to v3 1934177 - knative-camel-operator CreateContainerError "container_linux.go:366: starting container process caused: chdir to cwd (\"/home/nonroot\") set in config.json failed: permission denied" 1934216 - machineset-controller stuck in CrashLoopBackOff after upgrade to 4.7.0 1934229 - List page text filter has input lag 1934397 - Extend OLM operator gatherer to include Operator/ClusterServiceVersion conditions 1934400 - [ocp_4][4.6][apiserver-auth] OAuth API servers are not ready - PreconditionNotReady 1934516 - Setup different priority classes for prometheus-k8s and prometheus-user-workload pods 1934556 - OCP-Metal images 1934557 - RHCOS boot image bump for LUKS fixes 1934643 - Need BFD failover capability on ECMP routes 1934711 - openshift-ovn-kubernetes ovnkube-node DaemonSet should use maxUnavailable: 10% 1934773 - Canary client should perform canary probes explicitly over HTTPS (rather than redirect from HTTP) 1934905 - CoreDNS's "errors" plugin is not enabled for custom upstream resolvers 1935058 - Can’t finish install sts clusters on aws government region 1935102 - Error: specifying a root certificates file with the insecure flag is not allowed during oc login 1935155 - IGMP/MLD packets being dropped 1935157 - [e2e][automation] environment tests broken 1935165 - OCP 4.6 Build fails when filename contains an umlaut 1935176 - Missing an indication whether the deployed setup is SNO. 1935269 - Topology operator group shows child Jobs. Not shown in details view's resources. 1935419 - Failed to scale worker using virtualmedia on Dell R640 1935528 - [AWS][Proxy] ingress reports degrade with CanaryChecksSucceeding=False in the cluster with proxy setting 1935539 - Openshift-apiserver CO unavailable during cluster upgrade from 4.6 to 4.7 1935541 - console operator panics in DefaultDeployment with nil cm 1935582 - prometheus liveness probes cause issues while replaying WAL 1935604 - high CPU usage fails ingress controller 1935667 - pipelinerun status icon rendering issue 1935706 - test: Detect when the master pool is still updating after upgrade 1935732 - Update Jenkins agent maven directory to be version agnostic [ART ocp build data] 1935814 - Pod and Node lists eventually have incorrect row heights when additional columns have long text 1935909 - New CSV using ServiceAccount named "default" stuck in Pending during upgrade 1936022 - DNS operator performs spurious updates in response to API's defaulting of daemonset's terminationGracePeriod and service's clusterIPs 1936030 - Ingress operator performs spurious updates in response to API's defaulting of NodePort service's clusterIPs field 1936223 - The IPI installer has a typo. It is missing the word "the" in "the Engine". 1936336 - Updating multus-cni builder & base images to be consistent with ART 4.8 (closed) 1936342 - kuryr-controller restarting after 3 days cluster running - pools without members 1936443 - Hive based OCP IPI baremetal installation fails to connect to API VIP port 22623 1936488 - [sig-instrumentation][Late] Alerts shouldn't report any alerts in firing state apart from Watchdog and AlertmanagerReceiversNotConfigured: Prometheus query error 1936515 - sdn-controller is missing some health checks 1936534 - When creating a worker with a used mac-address stuck on registering 1936585 - configure alerts if the catalogsources are missing 1936620 - OLM checkbox descriptor renders switch instead of checkbox 1936721 - network-metrics-deamon not associated with a priorityClassName 1936771 - [aws ebs csi driver] The event for Pod consuming a readonly PVC is not clear 1936785 - Configmap gatherer doesn't include namespace name (in the archive path) in case of a configmap with binary data 1936788 - RBD RWX PVC creation with Filesystem volume mode selection is creating RWX PVC with Block volume mode instead of disabling Filesystem volume mode selection 1936798 - Authentication log gatherer shouldn't scan all the pod logs in the openshift-authentication namespace 1936801 - Support ServiceBinding 0.5.0+ 1936854 - Incorrect imagestream is shown as selected in knative service container image edit flow 1936857 - e2e-ovirt-ipi-install-install is permafailing on 4.5 nightlies 1936859 - ovirt 4.4 -> 4.5 upgrade jobs are permafailing 1936867 - Periodic vsphere IPI install is broken - missing pip 1936871 - [Cinder CSI] Topology aware provisioning doesn't work when Nova and Cinder AZs are different 1936904 - Wrong output YAML when syncing groups without --confirm 1936983 - Topology view - vm details screen isntt stop loading 1937005 - when kuryr quotas are unlimited, we should not sent alerts 1937018 - FilterToolbar component does not handle 'null' value for 'rowFilters' prop 1937020 - Release new from image stream chooses incorrect ID based on status 1937077 - Blank White page on Topology 1937102 - Pod Containers Page Not Translated 1937122 - CAPBM changes to support flexible reboot modes 1937145 - [Local storage] PV provisioned by localvolumeset stays in "Released" status after the pod/pvc deleted 1937167 - [sig-arch] Managed cluster should have no crashlooping pods in core namespaces over four minutes 1937244 - [Local Storage] The model name of aws EBS doesn't be extracted well 1937299 - pod.spec.volumes.awsElasticBlockStore.partition is not respected on NVMe volumes 1937452 - cluster-network-operator CI linting fails in master branch 1937459 - Wrong Subnet retrieved for Service without Selector 1937460 - [CI] Network quota pre-flight checks are failing the installation 1937464 - openstack cloud credentials are not getting configured with correct user_domain_name across the cluster 1937466 - KubeClientCertificateExpiration alert is confusing, without explanation in the documentation 1937496 - Metrics viewer in OCP Console is missing date in a timestamp for selected datapoint 1937535 - Not all image pulls within OpenShift builds retry 1937594 - multiple pods in ContainerCreating state after migration from OpenshiftSDN to OVNKubernetes 1937627 - Bump DEFAULT_DOC_URL for 4.8 1937628 - Bump upgrade channels for 4.8 1937658 - Description for storage class encryption during storagecluster creation needs to be updated 1937666 - Mouseover on headline 1937683 - Wrong icon classification of output in buildConfig when the destination is a DockerImage 1937693 - ironic image "/" cluttered with files 1937694 - [oVirt] split ovirt providerIDReconciler logic into NodeController and ProviderIDController 1937717 - If browser default font size is 20, the layout of template screen breaks 1937722 - OCP 4.8 vuln due to BZ 1936445 1937929 - Operand page shows a 404:Not Found error for OpenShift GitOps Operator 1937941 - [RFE]fix wording for favorite templates 1937972 - Router HAProxy config file template is slow to render due to repetitive regex compilations 1938131 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1938321 - Cannot view PackageManifest objects in YAML on 'Home > Search' page nor 'CatalogSource details > Operators tab' 1938465 - thanos-querier should set a CPU request on the thanos-query container 1938466 - packageserver deployment sets neither CPU or memory request on the packageserver container 1938467 - The default cluster-autoscaler should get default cpu and memory requests if user omits them 1938468 - kube-scheduler-operator has a container without a CPU request 1938492 - Marketplace extract container does not request CPU or memory 1938493 - machine-api-operator declares restrictive cpu and memory limits where it should not 1938636 - Can't set the loglevel of the container: cluster-policy-controller and kube-controller-manager-recovery-controller 1938903 - Time range on dashboard page will be empty after drog and drop mouse in the graph 1938920 - ovnkube-master/ovs-node DaemonSets should use maxUnavailable: 10% 1938947 - Update blocked from 4.6 to 4.7 when using spot/preemptible instances 1938949 - [VPA] Updater failed to trigger evictions due to "vpa-admission-controller" not found 1939054 - machine healthcheck kills aws spot instance before generated 1939060 - CNO: nodes and masters are upgrading simultaneously 1939069 - Add source to vm template silently failed when no storage class is defined in the cluster 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1939168 - Builds failing for OCP 3.11 since PR#25 was merged 1939226 - kube-apiserver readiness probe appears to be hitting /healthz, not /readyz 1939227 - kube-apiserver liveness probe appears to be hitting /healthz, not /livez 1939232 - CI tests using openshift/hello-world broken by Ruby Version Update 1939270 - fix co upgradeableFalse status and reason 1939294 - OLM may not delete pods with grace period zero (force delete) 1939412 - missed labels for thanos-ruler pods 1939485 - CVE-2021-20291 containers/storage: DoS via malicious image 1939547 - Include container="POD" in resource queries 1939555 - VSphereProblemDetectorControllerDegraded: context canceled during upgrade to 4.8.0 1939573 - after entering valid git repo url on add flow page, throwing warning message instead Validated 1939580 - Authentication operator is degraded during 4.8 to 4.8 upgrade and normal 4.8 e2e runs 1939606 - Attempting to put a host into maintenance mode warns about Ceph cluster health, but no storage cluster problems are apparent 1939661 - support new AWS region ap-northeast-3 1939726 - clusteroperator/network should not change condition/Degraded during normal serial test execution 1939731 - Image registry operator reports unavailable during normal serial run 1939734 - Node Fanout Causes Excessive WATCH Secret Calls, Taking Down Clusters 1939740 - dual stack nodes with OVN single ipv6 fails on bootstrap phase 1939752 - ovnkube-master sbdb container does not set requests on cpu or memory 1939753 - Delete HCO is stucking if there is still VM in the cluster 1939815 - Change the Warning Alert for Encrypted PVs in Create StorageClass(provisioner:RBD) page 1939853 - [DOC] Creating manifests API should not allow folder in the "file_name" 1939865 - GCP PD CSI driver does not have CSIDriver instance 1939869 - [e2e][automation] Add annotations to datavolume for HPP 1939873 - Unlimited number of characters accepted for base domain name 1939943 - `cluster-kube-apiserver-operator check-endpoints` observed a panic: runtime error: invalid memory address or nil pointer dereference 1940030 - cluster-resource-override: fix spelling mistake for run-level match expression in webhook configuration 1940057 - Openshift builds should use a wach instead of polling when checking for pod status 1940142 - 4.6->4.7 updates stick on OpenStackCinderCSIDriverOperatorCR_OpenStackCinderDriverControllerServiceController_Deploying 1940159 - [OSP] cluster destruction fails to remove router in BYON (with provider network) with Kuryr as primary network 1940206 - Selector and VolumeTableRows not i18ned 1940207 - 4.7->4.6 rollbacks stuck on prometheusrules admission webhook "no route to host" 1940314 - Failed to get type for Dashboard Kubernetes / Compute Resources / Namespace (Workloads) 1940318 - No data under 'Current Bandwidth' for Dashboard 'Kubernetes / Networking / Pod' 1940322 - Split of dashbard is wrong, many Network parts 1940337 - rhos-ipi installer fails with not clear message when openstack tenant doesn't have flavors needed for compute machines 1940361 - [e2e][automation] Fix vm action tests with storageclass HPP 1940432 - Gather datahubs.installers.datahub.sap.com resources from SAP clusters 1940488 - After fix for CVE-2021-3344, Builds do not mount node entitlement keys 1940498 - pods may fail to add logical port due to lr-nat-del/lr-nat-add error messages 1940499 - hybrid-overlay not logging properly before exiting due to an error 1940518 - Components in bare metal components lack resource requests 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1940704 - prjquota is dropped from rootflags if rootfs is reprovisioned 1940755 - [Web-console][Local Storage] LocalVolumeSet could not be created from web-console without detail error info 1940865 - Add BareMetalPlatformType into e2e upgrade service unsupported list 1940876 - Components in ovirt components lack resource requests 1940889 - Installation failures in OpenStack release jobs 1940933 - [sig-arch] Check if alerts are firing during or after upgrade success: AggregatedAPIDown on v1beta1.metrics.k8s.io 1940939 - Wrong Openshift node IP as kubelet setting VIP as node IP 1940940 - csi-snapshot-controller goes unavailable when machines are added removed to cluster 1940950 - vsphere: client/bootstrap CSR double create 1940972 - vsphere: [4.6] CSR approval delayed for unknown reason 1941000 - cinder storageclass creates persistent volumes with wrong label failure-domain.beta.kubernetes.io/zone in multi availability zones architecture on OSP 16. 1941334 - [RFE] Cluster-api-provider-ovirt should handle auto pinning policy 1941342 - Add `kata-osbuilder-generate.service` as part of the default presets 1941456 - Multiple pods stuck in ContainerCreating status with the message "failed to create container for [kubepods burstable podxxx] : dbus: connection closed by user" being seen in the journal log 1941526 - controller-manager-operator: Observed a panic: nil pointer dereference 1941592 - HAProxyDown not Firing 1941606 - [assisted operator] Assisted Installer Operator CSV related images should be digests for icsp 1941625 - Developer -> Topology - i18n misses 1941635 - Developer -> Monitoring - i18n misses 1941636 - BM worker nodes deployment with virtual media failed while trying to clean raid 1941645 - Developer -> Builds - i18n misses 1941655 - Developer -> Pipelines - i18n misses 1941667 - Developer -> Project - i18n misses 1941669 - Developer -> ConfigMaps - i18n misses 1941759 - Errored pre-flight checks should not prevent install 1941798 - Some details pages don't have internationalized ResourceKind labels 1941801 - Many filter toolbar dropdowns haven't been internationalized 1941815 - From the web console the terminal can no longer connect after using leaving and returning to the terminal view 1941859 - [assisted operator] assisted pod deploy first time in error state 1941901 - Toleration merge logic does not account for multiple entries with the same key 1941915 - No validation against template name in boot source customization 1941936 - when setting parameters in containerRuntimeConfig, it will show incorrect information on its description 1941980 - cluster-kube-descheduler operator is broken when upgraded from 4.7 to 4.8 1941990 - Pipeline metrics endpoint changed in osp-1.4 1941995 - fix backwards incompatible trigger api changes in osp1.4 1942086 - Administrator -> Home - i18n misses 1942117 - Administrator -> Workloads - i18n misses 1942125 - Administrator -> Serverless - i18n misses 1942193 - Operand creation form - broken/cutoff blue line on the Accordion component (fieldGroup) 1942207 - [vsphere] hostname are changed when upgrading from 4.6 to 4.7.x causing upgrades to fail 1942271 - Insights operator doesn't gather pod information from openshift-cluster-version 1942375 - CRI-O failing with error "reserving ctr name" 1942395 - The status is always "Updating" on dc detail page after deployment has failed. 1942521 - [Assisted-4.7] [Staging][OCS] Minimum memory for selected role is failing although minimum OCP requirement satisfied 1942522 - Resolution fails to sort channel if inner entry does not satisfy predicate 1942536 - Corrupted image preventing containers from starting 1942548 - Administrator -> Networking - i18n misses 1942553 - CVE-2021-22133 go.elastic.co/apm: leaks sensitive HTTP headers during panic 1942555 - Network policies in ovn-kubernetes don't support external traffic from router when the endpoint publishing strategy is HostNetwork 1942557 - Query is reporting "no datapoint" when label cluster="" is set but work when the label is removed or when running directly in Prometheus 1942608 - crictl cannot list the images with an error: error locating item named "manifest" for image with ID 1942614 - Administrator -> Storage - i18n misses 1942641 - Administrator -> Builds - i18n misses 1942673 - Administrator -> Pipelines - i18n misses 1942694 - Resource names with a colon do not display property in the browser window title 1942715 - Administrator -> User Management - i18n misses 1942716 - Quay Container Security operator has Medium <-> Low colors reversed 1942725 - [SCC] openshift-apiserver degraded when creating new pod after installing Stackrox which creates a less privileged SCC [4.8] 1942736 - Administrator -> Administration - i18n misses 1942749 - Install Operator form should use info icon for popovers 1942837 - [OCPv4.6] unable to deploy pod with unsafe sysctls 1942839 - Windows VMs fail to start on air-gapped environments 1942856 - Unable to assign nodes for EgressIP even if the egress-assignable label is set 1942858 - [RFE]Confusing detach volume UX 1942883 - AWS EBS CSI driver does not support partitions 1942894 - IPA error when provisioning masters due to an error from ironic.conductor - /dev/sda is busy 1942935 - must-gather improvements 1943145 - vsphere: client/bootstrap CSR double create 1943175 - unable to install IPI PRIVATE OpenShift cluster in Azure due to organization policies (set azure storage account TLS version default to 1.2) 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1943219 - unable to install IPI PRIVATE OpenShift cluster in Azure - SSH access from the Internet should be blocked 1943224 - cannot upgrade openshift-kube-descheduler from 4.7.2 to latest 1943238 - The conditions table does not occupy 100% of the width. 1943258 - [Assisted-4.7][Staging][Advanced Networking] Cluster install fails while waiting for control plane 1943314 - [OVN SCALE] Combine Logical Flows inside Southbound DB. 1943315 - avoid workload disruption for ICSP changes 1943320 - Baremetal node loses connectivity with bonded interface and OVNKubernetes 1943329 - TLSSecurityProfile missing from KubeletConfig CRD Manifest 1943356 - Dynamic plugins surfaced in the UI should be referred to as "Console plugins" 1943539 - crio-wipe is failing to start "Failed to shutdown storage before wiping: A layer is mounted: layer is in use by a container" 1943543 - DeploymentConfig Rollback doesn't reset params correctly 1943558 - [assisted operator] Assisted Service pod unable to reach self signed local registry in disco environement 1943578 - CoreDNS caches NXDOMAIN responses for up to 900 seconds 1943614 - add bracket logging on openshift/builder calls into buildah to assist test-platform team triage 1943637 - upgrade from ocp 4.5 to 4.6 does not clear SNAT rules on ovn 1943649 - don't use hello-openshift for network-check-target 1943667 - KubeDaemonSetRolloutStuck fires during upgrades too often because it does not accurately detect progress 1943719 - storage-operator/vsphere-problem-detector causing upgrades to fail that would have succeeded in past versions 1943804 - API server on AWS takes disruption between 70s and 110s after pod begins termination via external LB 1943845 - Router pods should have startup probes configured 1944121 - OVN-kubernetes references AddressSets after deleting them, causing ovn-controller errors 1944160 - CNO: nbctl daemon should log reconnection info 1944180 - OVN-Kube Master does not release election lock on shutdown 1944246 - Ironic fails to inspect and move node to "manageable' but get bmh remains in "inspecting" 1944268 - openshift-install AWS SDK is missing endpoints for the ap-northeast-3 region 1944509 - Translatable texts without context in ssh expose component 1944581 - oc project not works with cluster proxy 1944587 - VPA could not take actions based on the recommendation when min-replicas=1 1944590 - The field name "VolumeSnapshotContent" is wrong on VolumeSnapshotContent detail page 1944602 - Consistant fallures of features/project-creation.feature Cypress test in CI 1944631 - openshif authenticator should not accept non-hashed tokens 1944655 - [manila-csi-driver-operator] openstack-manila-csi-nodeplugin pods stucked with ".. still connecting to unix:///var/lib/kubelet/plugins/csi-nfsplugin/csi.sock" 1944660 - dm-multipath race condition on bare metal causing /boot partition mount failures 1944674 - Project field become to "All projects" and disabled in "Review and create virtual machine" step in devconsole 1944678 - Whereabouts IPAM CNI duplicate IP addresses assigned to pods 1944761 - field level help instances do not use common util component <FieldLevelHelp> 1944762 - Drain on worker node during an upgrade fails due to PDB set for image registry pod when only a single replica is present 1944763 - field level help instances do not use common util component <FieldLevelHelp> 1944853 - Update to nodejs >=14.15.4 for ARM 1944974 - Duplicate KubeControllerManagerDown/KubeSchedulerDown alerts 1944986 - Clarify the ContainerRuntimeConfiguration cr description on the validation 1945027 - Button 'Copy SSH Command' does not work 1945085 - Bring back API data in etcd test 1945091 - In k8s 1.21 bump Feature:IPv6DualStack tests are disabled 1945103 - 'User credentials' shows even the VM is not running 1945104 - In k8s 1.21 bump '[sig-storage] [cis-hostpath] [Testpattern: Generic Ephemeral-volume' tests are disabled 1945146 - Remove pipeline Tech preview badge for pipelines GA operator 1945236 - Bootstrap ignition shim doesn't follow proxy settings 1945261 - Operator dependency not consistently chosen from default channel 1945312 - project deletion does not reset UI project context 1945326 - console-operator: does not check route health periodically 1945387 - Image Registry deployment should have 2 replicas and hard anti-affinity rules 1945398 - 4.8 CI failure: [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial] 1945431 - alerts: SystemMemoryExceedsReservation triggers too quickly 1945443 - operator-lifecycle-manager-packageserver flaps Available=False with no reason or message 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1945548 - catalog resource update failed if spec.secrets set to "" 1945584 - Elasticsearch operator fails to install on 4.8 cluster on ppc64le/s390x 1945599 - Optionally set KERNEL_VERSION and RT_KERNEL_VERSION 1945630 - Pod log filename no longer in <pod-name>-<container-name>.log format 1945637 - QE- Automation- Fixing smoke test suite for pipeline-plugin 1945646 - gcp-routes.sh running as initrc_t unnecessarily 1945659 - [oVirt] remove ovirt_cafile from ovirt-credentials secret 1945677 - Need ACM Managed Cluster Info metric enabled for OCP monitoring telemetry 1945687 - Dockerfile needs updating to new container CI registry 1945700 - Syncing boot mode after changing device should be restricted to Supermicro 1945816 - " Ingresses " should be kept in English for Chinese 1945818 - Chinese translation issues: Operator should be the same with English `Operators` 1945849 - Unnecessary series churn when a new version of kube-state-metrics is rolled out 1945910 - [aws] support byo iam roles for instances 1945948 - SNO: pods can't reach ingress when the ingress uses a different IPv6. 1946079 - Virtual master is not getting an IP address 1946097 - [oVirt] oVirt credentials secret contains unnecessary "ovirt_cafile" 1946119 - panic parsing install-config 1946243 - No relevant error when pg limit is reached in block pools page 1946307 - [CI] [UPI] use a standardized and reliable way to install google cloud SDK in UPI image 1946320 - Incorrect error message in Deployment Attach Storage Page 1946449 - [e2e][automation] Fix cloud-init tests as UI changed 1946458 - Edit Application action overwrites Deployment envFrom values on save 1946459 - In bare metal IPv6 environment, [sig-storage] [Driver: nfs] tests are failing in CI. 1946479 - In k8s 1.21 bump BoundServiceAccountTokenVolume is disabled by default 1946497 - local-storage-diskmaker pod logs "DeviceSymlinkExists" and "not symlinking, could not get lock: <nil>" 1946506 - [on-prem] mDNS plugin no longer needed 1946513 - honor use specified system reserved with auto node sizing 1946540 - auth operator: only configure webhook authenticators for internal auth when oauth-apiserver pods are ready 1946584 - Machine-config controller fails to generate MC, when machine config pool with dashes in name presents under the cluster 1946607 - etcd readinessProbe is not reflective of actual readiness 1946705 - Fix issues with "search" capability in the Topology Quick Add component 1946751 - DAY2 Confusing event when trying to add hosts to a cluster that completed installation 1946788 - Serial tests are broken because of router 1946790 - Marketplace operator flakes Available=False OperatorStarting during updates 1946838 - Copied CSVs show up as adopted components 1946839 - [Azure] While mirroring images to private registry throwing error: invalid character '<' looking for beginning of value 1946865 - no "namespace:kube_pod_container_resource_requests_cpu_cores:sum" and "namespace:kube_pod_container_resource_requests_memory_bytes:sum" metrics 1946893 - the error messages are inconsistent in DNS status conditions if the default service IP is taken 1946922 - Ingress details page doesn't show referenced secret name and link 1946929 - the default dns operator's Progressing status is always True and cluster operator dns Progressing status is False 1947036 - "failed to create Matchbox client or connect" on e2e-metal jobs or metal clusters via cluster-bot 1947066 - machine-config-operator pod crashes when noProxy is * 1947067 - [Installer] Pick up upstream fix for installer console output 1947078 - Incorrect skipped status for conditional tasks in the pipeline run 1947080 - SNO IPv6 with 'temporary 60-day domain' option fails with IPv4 exception 1947154 - [master] [assisted operator] Unable to re-register an SNO instance if deleting CRDs during install 1947164 - Print "Successfully pushed" even if the build push fails. 1947176 - OVN-Kubernetes leaves stale AddressSets around if the deletion was missed. 1947293 - IPv6 provision addresses range larger then /64 prefix (e.g. /48) 1947311 - When adding a new node to localvolumediscovery UI does not show pre-existing node name's 1947360 - [vSphere csi driver operator] operator pod runs as “BestEffort” qosClass 1947371 - [vSphere csi driver operator] operator doesn't create “csidriver” instance 1947402 - Single Node cluster upgrade: AWS EBS CSI driver deployment is stuck on rollout 1947478 - discovery v1 beta1 EndpointSlice is deprecated in Kubernetes 1.21 (OCP 4.8) 1947490 - If Clevis on a managed LUKs volume with Ignition enables, the system will fails to automatically open the LUKs volume on system boot 1947498 - policy v1 beta1 PodDisruptionBudget is deprecated in Kubernetes 1.21 (OCP 4.8) 1947663 - disk details are not synced in web-console 1947665 - Internationalization values for ceph-storage-plugin should be in file named after plugin 1947684 - MCO on SNO sometimes has rendered configs and sometimes does not 1947712 - [OVN] Many faults and Polling interval stuck for 4 seconds every roughly 5 minutes intervals. 1947719 - 8 APIRemovedInNextReleaseInUse info alerts display 1947746 - Show wrong kubernetes version from kube-scheduler/kube-controller-manager operator pods 1947756 - [azure-disk-csi-driver-operator] Should allow more nodes to be updated simultaneously for speeding up cluster upgrade 1947767 - [azure-disk-csi-driver-operator] Uses the same storage type in the sc created by it as the default sc? 1947771 - [kube-descheduler]descheduler operator pod should not run as “BestEffort” qosClass 1947774 - CSI driver operators use "Always" imagePullPolicy in some containers 1947775 - [vSphere csi driver operator] doesn’t use the downstream images from payload. 1947776 - [vSphere csi driver operator] Should allow more nodes to be updated simultaneously for speeding up cluster upgrade 1947779 - [LSO] Should allow more nodes to be updated simultaneously for speeding up LSO upgrade 1947785 - Cloud Compute: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert 1947789 - Console: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert 1947791 - MCO: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert 1947793 - DevEx: APIRemovedInNextReleaseInUse info alerts display 1947794 - OLM: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component does not trigger APIRemovedInNextReleaseInUse alert 1947795 - Networking: APIRemovedInNextReleaseInUse info alerts display 1947797 - CVO: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert 1947798 - Images: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert 1947800 - Ingress: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert 1947801 - Kube Storage Version Migrator APIRemovedInNextReleaseInUse info alerts display 1947803 - Openshift Apiserver: APIRemovedInNextReleaseInUse info alerts display 1947806 - Re-enable h2spec, http/2 and grpc-interop e2e tests in openshift/origin 1947828 - `download it` link should save pod log in <pod-name>-<container-name>.log format 1947866 - disk.csi.azure.com.spec.operatorLogLevel is not updated when CSO loglevel is changed 1947917 - Egress Firewall does not reliably apply firewall rules 1947946 - Operator upgrades can delete existing CSV before completion 1948011 - openshift-controller-manager constantly reporting type "Upgradeable" status Unknown 1948012 - service-ca constantly reporting type "Upgradeable" status Unknown 1948019 - [4.8] Large number of requests to the infrastructure cinder volume service 1948022 - Some on-prem namespaces missing from must-gather 1948040 - cluster-etcd-operator: etcd is using deprecated logger 1948082 - Monitoring should not set Available=False with no reason on updates 1948137 - CNI DEL not called on node reboot - OCP 4 CRI-O. 1948232 - DNS operator performs spurious updates in response to API's defaulting of daemonset's maxSurge and service's ipFamilies and ipFamilyPolicy fields 1948311 - Some jobs failing due to excessive watches: the server has received too many requests and has asked us to try again later 1948359 - [aws] shared tag was not removed from user provided IAM role 1948410 - [LSO] Local Storage Operator uses imagePullPolicy as "Always" 1948415 - [vSphere csi driver operator] clustercsidriver.spec.logLevel doesn't take effective after changing 1948427 - No action is triggered after click 'Continue' button on 'Show community Operator' windows 1948431 - TechPreviewNoUpgrade does not enable CSI migration 1948436 - The outbound traffic was broken intermittently after shutdown one egressIP node 1948443 - OCP 4.8 nightly still showing v1.20 even after 1.21 merge 1948471 - [sig-auth][Feature:OpenShiftAuthorization][Serial] authorization TestAuthorizationResourceAccessReview should succeed [Suite:openshift/conformance/serial] 1948505 - [vSphere csi driver operator] vmware-vsphere-csi-driver-operator pod restart every 10 minutes 1948513 - get-resources.sh doesn't honor the no_proxy settings 1948524 - 'DeploymentUpdated' Updated Deployment.apps/downloads -n openshift-console because it changed message is printed every minute 1948546 - VM of worker is in error state when a network has port_security_enabled=False 1948553 - When setting etcd spec.LogLevel is not propagated to etcd operand 1948555 - A lot of events "rpc error: code = DeadlineExceeded desc = context deadline exceeded" were seen in azure disk csi driver verification test 1948563 - End-to-End Secure boot deployment fails "Invalid value for input variable" 1948582 - Need ability to specify local gateway mode in CNO config 1948585 - Need a CI jobs to test local gateway mode with bare metal 1948592 - [Cluster Network Operator] Missing Egress Router Controller 1948606 - DNS e2e test fails "[sig-arch] Only known images used by tests" because it does not use a known image 1948610 - External Storage [Driver: disk.csi.azure.com] [Testpattern: Dynamic PV (block volmode)] multiVolume [Slow] should access to two volumes with the same volume mode and retain data across pod recreation on the same node [LinuxOnly] 1948626 - TestRouteAdmissionPolicy e2e test is failing often 1948628 - ccoctl needs to plan for future (non-AWS) platform support in the CLI 1948634 - upgrades: allow upgrades without version change 1948640 - [Descheduler] operator log reports key failed with : kubedeschedulers.operator.openshift.io "cluster" not found 1948701 - unneeded CCO alert already covered by CVO 1948703 - p&f: probes should not get 429s 1948705 - [assisted operator] SNO deployment fails - ClusterDeployment shows `bootstrap.ign was not found` 1948706 - Cluster Autoscaler Operator manifests missing annotation for ibm-cloud-managed profile 1948708 - cluster-dns-operator includes a deployment with node selector of masters for the IBM cloud managed profile 1948711 - thanos querier and prometheus-adapter should have 2 replicas 1948714 - cluster-image-registry-operator targets master nodes in ibm-cloud-managed-profile 1948716 - cluster-ingress-operator deployment targets master nodes for ibm-cloud-managed profile 1948718 - cluster-network-operator deployment manifest for ibm-cloud-managed profile contains master node selector 1948719 - Machine API components should use 1.21 dependencies 1948721 - cluster-storage-operator deployment targets master nodes for ibm-cloud-managed profile 1948725 - operator lifecycle manager does not include profile annotations for ibm-cloud-managed 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1948771 - ~50% of GCP upgrade jobs in 4.8 failing with "AggregatedAPIDown" alert on packages.coreos.com 1948782 - Stale references to the single-node-production-edge cluster profile 1948787 - secret.StringData shouldn't be used for reads 1948788 - Clicking an empty metrics graph (when there is no data) should still open metrics viewer 1948789 - Clicking on a metrics graph should show request and limits queries as well on the resulting metrics page 1948919 - Need minor update in message on channel modal 1948923 - [aws] installer forces the platform.aws.amiID option to be set, while installing a cluster into GovCloud or C2S region 1948926 - Memory Usage of Dashboard 'Kubernetes / Compute Resources / Pod' contain wrong CPU query 1948936 - [e2e][automation][prow] Prow script point to deleted resource 1948943 - (release-4.8) Limit the number of collected pods in the workloads gatherer 1948953 - Uninitialized cloud provider error when provisioning a cinder volume 1948963 - [RFE] Cluster-api-provider-ovirt should handle hugepages 1948966 - Add the ability to run a gather done by IO via a Kubernetes Job 1948981 - Align dependencies and libraries with latest ironic code 1948998 - style fixes by GoLand and golangci-lint 1948999 - Can not assign multiple EgressIPs to a namespace by using automatic way. 1949019 - PersistentVolumes page cannot sync project status automatically which will block user to create PV 1949022 - Openshift 4 has a zombie problem 1949039 - Wrong env name to get podnetinfo for hugepage in app-netutil 1949041 - vsphere: wrong image names in bundle 1949042 - [sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should pass the http2 tests (on OpenStack) 1949050 - Bump k8s to latest 1.21 1949061 - [assisted operator][nmstate] Continuous attempts to reconcile InstallEnv in the case of invalid NMStateConfig 1949063 - [sig-network] Conntrack should be able to preserve UDP traffic when server pod cycles for a NodePort service 1949075 - Extend openshift/api for Add card customization 1949093 - PatternFly v4.96.2 regression results in a.pf-c-button hover issues 1949096 - Restore private git clone tests 1949099 - network-check-target code cleanup 1949105 - NetworkPolicy ... should enforce ingress policy allowing any port traffic to a server on a specific protocol 1949145 - Move openshift-user-critical priority class to CCO 1949155 - Console doesn't correctly check for favorited or last namespace on load if project picker used 1949180 - Pipelines plugin model kinds aren't picked up by parser 1949202 - sriov-network-operator not available from operatorhub on ppc64le 1949218 - ccoctl not included in container image 1949237 - Bump OVN: Lots of conjunction warnings in ovn-controller container logs 1949277 - operator-marketplace: deployment manifests for ibm-cloud-managed profile have master node selectors 1949294 - [assisted operator] OPENSHIFT_VERSIONS in assisted operator subscription does not propagate 1949306 - need a way to see top API accessors 1949313 - Rename vmware-vsphere-* images to vsphere-* images before 4.8 ships 1949316 - BaremetalHost resource automatedCleaningMode ignored due to outdated vendoring 1949347 - apiserver-watcher support for dual-stack 1949357 - manila-csi-controller pod not running due to secret lack(in another ns) 1949361 - CoreDNS resolution failure for external hostnames with "A: dns: overflow unpacking uint16" 1949364 - Mention scheduling profiles in scheduler operator repository 1949370 - Testability of: Static pod installer controller deadlocks with non-existing installer pod, WAS: kube-apisrever of clsuter operator always with incorrect status due to pleg error 1949384 - Edit Default Pull Secret modal - i18n misses 1949387 - Fix the typo in auto node sizing script 1949404 - label selector on pvc creation page - i18n misses 1949410 - The referred role doesn't exist if create rolebinding from rolebinding tab of role page 1949411 - VolumeSnapshot, VolumeSnapshotClass and VolumeSnapshotConent Details tab is not translated - i18n misses 1949413 - Automatic boot order setting is done incorrectly when using by-path style device names 1949418 - Controller factory workers should always restart on panic() 1949419 - oauth-apiserver logs "[SHOULD NOT HAPPEN] failed to update managedFields for authentication.k8s.io/v1, Kind=TokenReview: failed to convert new object (authentication.k8s.io/v1, Kind=TokenReview)" 1949420 - [azure csi driver operator] pvc.status.capacity and pv.spec.capacity are processed not the same as in-tree plugin 1949435 - ingressclass controller doesn't recreate the openshift-default ingressclass after deleting it 1949480 - Listeners timeout are constantly being updated 1949481 - cluster-samples-operator restarts approximately two times per day and logs too many same messages 1949509 - Kuryr should manage API LB instead of CNO 1949514 - URL is not visible for routes at narrow screen widths 1949554 - Metrics of vSphere CSI driver sidecars are not collected 1949582 - OCP v4.7 installation with OVN-Kubernetes fails with error "egress bandwidth restriction -1 is not equals" 1949589 - APIRemovedInNextEUSReleaseInUse Alert Missing 1949591 - Alert does not catch removed api usage during end-to-end tests. 1949593 - rename DeprecatedAPIInUse alert to APIRemovedInNextReleaseInUse 1949612 - Install with 1.21 Kubelet is spamming logs with failed to get stats failed command 'du' 1949626 - machine-api fails to create AWS client in new regions 1949661 - Kubelet Workloads Management changes for OCPNODE-529 1949664 - Spurious keepalived liveness probe failures 1949671 - System services such as openvswitch are stopped before pod containers on system shutdown or reboot 1949677 - multus is the first pod on a new node and the last to go ready 1949711 - cvo unable to reconcile deletion of openshift-monitoring namespace 1949721 - Pick 99237: Use the audit ID of a request for better correlation 1949741 - Bump golang version of cluster-machine-approver 1949799 - ingresscontroller should deny the setting when spec.tuningOptions.threadCount exceed 64 1949810 - OKD 4.7 unable to access Project Topology View 1949818 - Add e2e test to perform MCO operation Single Node OpenShift 1949820 - Unable to use `oc adm top is` shortcut when asking for `imagestreams` 1949862 - The ccoctl tool hits the panic sometime when running the delete subcommand 1949866 - The ccoctl fails to create authentication file when running the command `ccoctl aws create-identity-provider` with `--output-dir` parameter 1949880 - adding providerParameters.gcp.clientAccess to existing ingresscontroller doesn't work 1949882 - service-idler build error 1949898 - Backport RP#848 to OCP 4.8 1949907 - Gather summary of PodNetworkConnectivityChecks 1949923 - some defined rootVolumes zones not used on installation 1949928 - Samples Operator updates break CI tests 1949935 - Fix incorrect access review check on start pipeline kebab action 1949956 - kaso: add minreadyseconds to ensure we don't have an LB outage on kas 1949967 - Update Kube dependencies in MCO to 1.21 1949972 - Descheduler metrics: populate build info data and make the metrics entries more readeable 1949978 - [sig-network-edge][Conformance][Area:Networking][Feature:Router] The HAProxy router should pass the h2spec conformance tests [Suite:openshift/conformance/parallel/minimal] 1949990 - (release-4.8) Extend the OLM operator gatherer to include CSV display name 1949991 - openshift-marketplace pods are crashlooping 1950007 - [CI] [UPI] easy_install is not reliable enough to be used in an image 1950026 - [Descheduler] Need better way to handle evicted pod count for removeDuplicate pod strategy 1950047 - CSV deployment template custom annotations are not propagated to deployments 1950112 - SNO: machine-config pool is degraded: error running chcon -R -t var_run_t /run/mco-machine-os-content/os-content-321709791 1950113 - in-cluster operators need an API for additional AWS tags 1950133 - MCO creates empty conditions on the kubeletconfig object 1950159 - Downstream ovn-kubernetes repo should have no linter errors 1950175 - Update Jenkins and agent base image to Go 1.16 1950196 - ssh Key is added even with 'Expose SSH access to this virtual machine' unchecked 1950210 - VPA CRDs use deprecated API version 1950219 - KnativeServing is not shown in list on global config page 1950232 - [Descheduler] - The minKubeVersion should be 1.21 1950236 - Update OKD imagestreams to prefer centos7 images 1950270 - should use "kubernetes.io/os" in the dns/ingresscontroller node selector description when executing oc explain command 1950284 - Tracking bug for NE-563 - support user-defined tags on AWS load balancers 1950341 - NetworkPolicy: allow-from-router policy does not allow access to service when the endpoint publishing strategy is HostNetwork on OpenshiftSDN network 1950379 - oauth-server is in pending/crashbackoff at beginning 50% of CI runs 1950384 - [sig-builds][Feature:Builds][sig-devex][Feature:Jenkins][Slow] openshift pipeline build perm failing 1950409 - Descheduler operator code and docs still reference v1beta1 1950417 - The Marketplace Operator is building with EOL k8s versions 1950430 - CVO serves metrics over HTTP, despite a lack of consumers 1950460 - RFE: Change Request Size Input to Number Spinner Input 1950471 - e2e-metal-ipi-ovn-dualstack is failing with etcd unable to bootstrap 1950532 - Include "update" when referring to operator approval and channel 1950543 - Document non-HA behaviors in the MCO (SingleNodeOpenshift) 1950590 - CNO: Too many OVN netFlows collectors causes ovnkube pods CrashLoopBackOff 1950653 - BuildConfig ignores Args 1950761 - Monitoring operator deployments anti-affinity rules prevent their rollout on single-node 1950908 - kube_pod_labels metric does not contain k8s labels 1950912 - [e2e][automation] add devconsole tests 1950916 - [RFE]console page show error when vm is poused 1950934 - Unnecessary rollouts can happen due to unsorted endpoints 1950935 - Updating cluster-network-operator builder & base images to be consistent with ART 1950978 - the ingressclass cannot be removed even after deleting the related custom ingresscontroller 1951007 - ovn master pod crashed 1951029 - Drainer panics on missing context for node patch 1951034 - (release-4.8) Split up the GatherClusterOperators into smaller parts 1951042 - Panics every few minutes in kubelet logs post-rebase 1951043 - Start Pipeline Modal Parameters should accept empty string defaults 1951058 - [gcp-pd-csi-driver-operator] topology and multipods capabilities are not enabled in e2e tests 1951066 - [IBM][ROKS] Enable volume snapshot controllers on IBM Cloud 1951084 - avoid benign "Path \"/run/secrets/etc-pki-entitlement\" from \"/etc/containers/mounts.conf\" doesn't exist, skipping" messages 1951158 - Egress Router CRD missing Addresses entry 1951169 - Improve API Explorer discoverability from the Console 1951174 - re-pin libvirt to 6.0.0 1951203 - oc adm catalog mirror can generate ICSPs that exceed etcd's size limit 1951209 - RerunOnFailure runStrategy shows wrong VM status (Starting) on Succeeded VMI 1951212 - User/Group details shows unrelated subjects in role bindings tab 1951214 - VM list page crashes when the volume type is sysprep 1951339 - Cluster-version operator does not manage operand container environments when manifest lacks opinions 1951387 - opm index add doesn't respect deprecated bundles 1951412 - Configmap gatherer can fail incorrectly 1951456 - Docs and linting fixes 1951486 - Replace "kubevirt_vmi_network_traffic_bytes_total" with new metrics names 1951505 - Remove deprecated techPreviewUserWorkload field from CMO's configmap 1951558 - Backport Upstream 101093 for Startup Probe Fix 1951585 - enterprise-pod fails to build 1951636 - assisted service operator use default serviceaccount in operator bundle 1951637 - don't rollout a new kube-apiserver revision on oauth accessTokenInactivityTimeout changes 1951639 - Bootstrap API server unclean shutdown causes reconcile delay 1951646 - Unexpected memory climb while container not in use 1951652 - Add retries to opm index add 1951670 - Error gathering bootstrap log after pivot: The bootstrap machine did not execute the release-image.service systemd unit 1951671 - Excessive writes to ironic Nodes 1951705 - kube-apiserver needs alerts on CPU utlization 1951713 - [OCP-OSP] After changing image in machine object it enters in Failed - Can't find created instance 1951853 - dnses.operator.openshift.io resource's spec.nodePlacement.tolerations godoc incorrectly describes default behavior 1951858 - unexpected text '0' on filter toolbar on RoleBinding tab 1951860 - [4.8] add Intel XXV710 NIC model (1572) support in SR-IOV Operator 1951870 - sriov network resources injector: user defined injection removed existing pod annotations 1951891 - [migration] cannot change ClusterNetwork CIDR during migration 1951952 - [AWS CSI Migration] Metrics for cloudprovider error requests are lost 1952001 - Delegated authentication: reduce the number of watch requests 1952032 - malformatted assets in CMO 1952045 - Mirror nfs-server image used in jenkins-e2e 1952049 - Helm: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert 1952079 - rebase openshift/sdn to kube 1.21 1952111 - Optimize importing from @patternfly/react-tokens 1952174 - DNS operator claims to be done upgrading before it even starts 1952179 - OpenStack Provider Ports UI Underscore Variables 1952187 - Pods stuck in ImagePullBackOff with errors like rpc error: code = Unknown desc = Error committing the finished image: image with ID "SomeLongID" already exists, but uses a different top layer: that ID 1952211 - cascading mounts happening exponentially on when deleting openstack-cinder-csi-driver-node pods 1952214 - Console Devfile Import Dev Preview broken 1952238 - Catalog pods don't report termination logs to catalog-operator 1952262 - Need support external gateway via hybrid overlay 1952266 - etcd operator bumps status.version[name=operator] before operands update 1952268 - etcd operator should not set Degraded=True EtcdMembersDegraded on healthy machine-config node reboots 1952282 - CSR approver races with nodelink controller and does not requeue 1952310 - VM cannot start up if the ssh key is added by another template 1952325 - [e2e][automation] Check support modal in ssh tests and skip template parentSupport 1952333 - openshift/kubernetes vulnerable to CVE-2021-3121 1952358 - Openshift-apiserver CO unavailable in fresh OCP 4.7.5 installations 1952367 - No VM status on overview page when VM is pending 1952368 - worker pool went degraded due to no rpm-ostree on rhel worker during applying new mc 1952372 - VM stop action should not be there if the VM is not running 1952405 - console-operator is not reporting correct Available status 1952448 - Switch from Managed to Disabled mode: no IP removed from configuration and no container metal3-static-ip-manager stopped 1952460 - In k8s 1.21 bump '[sig-network] Firewall rule control plane should not expose well-known ports' test is disabled 1952473 - Monitor pod placement during upgrades 1952487 - Template filter does not work properly 1952495 - “Create” button on the Templates page is confuse 1952527 - [Multus] multi-networkpolicy does wrong filtering 1952545 - Selection issue when inserting YAML snippets 1952585 - Operator links for 'repository' and 'container image' should be clickable in OperatorHub 1952604 - Incorrect port in external loadbalancer config 1952610 - [aws] image-registry panics when the cluster is installed in a new region 1952611 - Tracking bug for OCPCLOUD-1115 - support user-defined tags on AWS EC2 Instances 1952618 - 4.7.4->4.7.8 Upgrade Caused OpenShift-Apiserver Outage 1952625 - Fix translator-reported text issues 1952632 - 4.8 installer should default ClusterVersion channel to stable-4.8 1952635 - Web console displays a blank page- white space instead of cluster information 1952665 - [Multus] multi-networkpolicy pod continue restart due to OOM (out of memory) 1952666 - Implement Enhancement 741 for Kubelet 1952667 - Update Readme for cluster-baremetal-operator with details about the operator 1952684 - cluster-etcd-operator: metrics controller panics on invalid response from client 1952728 - It was not clear for users why Snapshot feature was not available 1952730 - “Customize virtual machine” and the “Advanced” feature are confusing in wizard 1952732 - Users did not understand the boot source labels 1952741 - Monitoring DB: after set Time Range as Custom time range, no data display 1952744 - PrometheusDuplicateTimestamps with user workload monitoring enabled 1952759 - [RFE]It was not immediately clear what the Star icon meant 1952795 - cloud-network-config-controller CRD does not specify correct plural name 1952819 - failed to configure pod interface: error while waiting on flows for pod: timed out waiting for OVS flows 1952820 - [LSO] Delete localvolume pv is failed 1952832 - [IBM][ROKS] Enable the Web console UI to deploy OCS in External mode on IBM Cloud 1952891 - Upgrade failed due to cinder csi driver not deployed 1952904 - Linting issues in gather/clusterconfig package 1952906 - Unit tests for configobserver.go 1952931 - CI does not check leftover PVs 1952958 - Runtime error loading console in Safari 13 1953019 - [Installer][baremetal][metal3] The baremetal IPI installer fails on delete cluster with: failed to clean baremetal bootstrap storage pool 1953035 - Installer should error out if publish: Internal is set while deploying OCP cluster on any on-prem platform 1953041 - openshift-authentication-operator uses 3.9k% of its requested CPU 1953077 - Handling GCP's: Error 400: Permission accesscontextmanager.accessLevels.list is not valid for this resource 1953102 - kubelet CPU use during an e2e run increased 25% after rebase 1953105 - RHCOS system components registered a 3.5x increase in CPU use over an e2e run before and after 4/9 1953169 - endpoint slice controller doesn't handle services target port correctly 1953257 - Multiple EgressIPs per node for one namespace when "oc get hostsubnet" 1953280 - DaemonSet/node-resolver is not recreated by dns operator after deleting it 1953291 - cluster-etcd-operator: peer cert DNS SAN is populated incorrectly 1953418 - [e2e][automation] Fix vm wizard validate tests 1953518 - thanos-ruler pods failed to start up for "cannot unmarshal DNS message" 1953530 - Fix openshift/sdn unit test flake 1953539 - kube-storage-version-migrator: priorityClassName not set 1953543 - (release-4.8) Add missing sample archive data 1953551 - build failure: unexpected trampoline for shared or dynamic linking 1953555 - GlusterFS tests fail on ipv6 clusters 1953647 - prometheus-adapter should have a PodDisruptionBudget in HA topology 1953670 - ironic container image build failing because esp partition size is too small 1953680 - ipBlock ignoring all other cidr's apart from the last one specified 1953691 - Remove unused mock 1953703 - Inconsistent usage of Tech preview badge in OCS plugin of OCP Console 1953726 - Fix issues related to loading dynamic plugins 1953729 - e2e unidling test is flaking heavily on SNO jobs 1953795 - Ironic can't virtual media attach ISOs sourced from ingress routes 1953798 - GCP e2e (parallel and upgrade) regularly trigger KubeAPIErrorBudgetBurn alert, also happens on AWS 1953803 - [AWS] Installer should do pre-check to ensure user-provided private hosted zone name is valid for OCP cluster 1953810 - Allow use of storage policy in VMC environments 1953830 - The oc-compliance build does not available for OCP4.8 1953846 - SystemMemoryExceedsReservation alert should consider hugepage reservation 1953977 - [4.8] packageserver pods restart many times on the SNO cluster 1953979 - Ironic caching virtualmedia images results in disk space limitations 1954003 - Alerts shouldn't report any alerts in firing or pending state: openstack-cinder-csi-driver-controller-metrics TargetDown 1954025 - Disk errors while scaling up a node with multipathing enabled 1954087 - Unit tests for kube-scheduler-operator 1954095 - Apply user defined tags in AWS Internal Registry 1954105 - TaskRuns Tab in PipelineRun Details Page makes cluster based calls for TaskRuns 1954124 - oc set volume not adding storageclass to pvc which leads to issues using snapshots 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954177 - machine-api: admissionReviewVersions v1beta1 is going to be removed in 1.22 1954187 - multus: admissionReviewVersions v1beta1 is going to be removed in 1.22 1954248 - Disable Alertmanager Protractor e2e tests 1954317 - [assisted operator] Environment variables set in the subscription not being inherited by the assisted-service container 1954330 - NetworkPolicy: allow-from-router with label policy-group.network.openshift.io/ingress: "" does not work on a upgraded cluster 1954421 - Get 'Application is not available' when access Prometheus UI 1954459 - Error: Gateway Time-out display on Alerting console 1954460 - UI, The status of "Used Capacity Breakdown [Pods]" is "Not available" 1954509 - FC volume is marked as unmounted after failed reconstruction 1954540 - Lack translation for local language on pages under storage menu 1954544 - authn operator: endpoints controller should use the context it creates 1954554 - Add e2e tests for auto node sizing 1954566 - Cannot update a component (`UtilizationCard`) error when switching perspectives manually 1954597 - Default image for GCP does not support ignition V3 1954615 - Undiagnosed panic detected in pod: pods/openshift-cloud-credential-operator_cloud-credential-operator 1954634 - apirequestcounts does not honor max users 1954638 - apirequestcounts should indicate removedinrelease of empty instead of 2.0 1954640 - Support of gatherers with different periods 1954671 - disable volume expansion support in vsphere csi driver storage class 1954687 - localvolumediscovery and localvolumset e2es are disabled 1954688 - LSO has missing examples for localvolumesets 1954696 - [API-1009] apirequestcounts should indicate useragent 1954715 - Imagestream imports become very slow when doing many in parallel 1954755 - Multus configuration should allow for net-attach-defs referenced in the openshift-multus namespace 1954765 - CCO: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert 1954768 - baremetal-operator: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component won't access APIs that trigger APIRemovedInNextReleaseInUse alert 1954770 - Backport upstream fix for Kubelet getting stuck in DiskPressure 1954773 - OVN: check (see bug 1947801#c4 steps) audit log to find deprecated API access related to this component to ensure this component does not trigger APIRemovedInNextReleaseInUse alert 1954783 - [aws] support byo private hosted zone 1954790 - KCM Alert PodDisruptionBudget At and Limit do not alert with maxUnavailable or MinAvailable by percentage 1954830 - verify-client-go job is failing for release-4.7 branch 1954865 - Add necessary priority class to pod-identity-webhook deployment 1954866 - Add necessary priority class to downloads 1954870 - Add necessary priority class to network components 1954873 - dns server may not be specified for clusters with more than 2 dns servers specified by openstack. 1954891 - Add necessary priority class to pruner 1954892 - Add necessary priority class to ingress-canary 1954931 - (release-4.8) Remove legacy URL anonymization in the ClusterOperator related resources 1954937 - [API-1009] `oc get apirequestcount` shows blank for column REQUESTSINCURRENTHOUR 1954959 - unwanted decorator shown for revisions in topology though should only be shown only for knative services 1954972 - TechPreviewNoUpgrade featureset can be undone 1954973 - "read /proc/pressure/cpu: operation not supported" in node-exporter logs 1954994 - should update to 2.26.0 for prometheus resources label 1955051 - metrics "kube_node_status_capacity_cpu_cores" does not exist 1955089 - Support [sig-cli] oc observe works as expected test for IPv6 1955100 - Samples: APIRemovedInNextReleaseInUse info alerts display 1955102 - Add vsphere_node_hw_version_total metric to the collected metrics 1955114 - 4.7-e2e-metal-ipi-ovn-dualstack intermittent test failures, worker hostname is overwritten by NM 1955196 - linuxptp-daemon crash on 4.8 1955226 - operator updates apirequestcount CRD over and over 1955229 - release-openshift-origin-installer-e2e-aws-calico-4.7 is permfailing 1955256 - stop collecting API that no longer exists 1955324 - Kubernetes Autoscaler should use Go 1.16 for testing scripts 1955336 - Failure to Install OpenShift on GCP due to Cluster Name being similar to / contains "google" 1955414 - 4.8 -> 4.7 rollbacks broken on unrecognized flowschema openshift-etcd-operator 1955445 - Drop crio image metrics with high cardinality 1955457 - Drop container_memory_failures_total metric because of high cardinality 1955467 - Disable collection of node_mountstats_nfs metrics in node_exporter 1955474 - [aws-ebs-csi-driver] rebase from version v1.0.0 1955478 - Drop high-cardinality metrics from kube-state-metrics which aren't used 1955517 - Failed to upgrade from 4.6.25 to 4.7.8 due to the machine-config degradation 1955548 - [IPI][OSP] OCP 4.6/4.7 IPI with kuryr exceeds defined serviceNetwork range 1955554 - MAO does not react to events triggered from Validating Webhook Configurations 1955589 - thanos-querier should have a PodDisruptionBudget in HA topology 1955595 - Add DevPreviewLongLifecycle Descheduler profile 1955596 - Pods stuck in creation phase on realtime kernel SNO 1955610 - release-openshift-origin-installer-old-rhcos-e2e-aws-4.7 is permfailing 1955622 - 4.8-e2e-metal-assisted jobs: Timeout of 360 seconds expired waiting for Cluster to be in status ['installing', 'error'] 1955701 - [4.8] RHCOS boot image bump for RHEL 8.4 Beta 1955749 - OCP branded templates need to be translated 1955761 - packageserver clusteroperator does not set reason or message for Available condition 1955783 - NetworkPolicy: ACL audit log message for allow-from-router policy should also include the namespace to distinguish between two policies similarly named configured in respective namespaces 1955803 - OperatorHub - console accepts any value for "Infrastructure features" annotation 1955822 - CIS Benchmark 5.4.1 Fails on ROKS 4: Prefer using secrets as files over secrets as environment variables 1955854 - Ingress clusteroperator reports Degraded=True/Available=False if any ingresscontroller is degraded or unavailable 1955862 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1955874 - Webscale: sriov vfs are not created and sriovnetworknodestate indicates sync succeeded - state is not correct 1955879 - Customer tags cannot be seen in S3 level when set spec.managementState from Managed-> Removed-> Managed in configs.imageregistry with high ratio 1955969 - Workers cannot be deployed attached to multiple networks. 1956079 - Installer gather doesn't collect any networking information 1956208 - Installer should validate root volume type 1956220 - Set htt proxy system properties as expected by kubernetes-client 1956281 - Disconnected installs are failing with kubelet trying to pause image from the internet 1956334 - Event Listener Details page does not show Triggers section 1956353 - test: analyze job consistently fails 1956372 - openshift-gcp-routes causes disruption during upgrade by stopping before all pods terminate 1956405 - Bump k8s dependencies in cluster resource override admission operator 1956411 - Apply custom tags to AWS EBS volumes 1956480 - [4.8] Bootimage bump tracker 1956606 - probes FlowSchema manifest not included in any cluster profile 1956607 - Multiple manifests lack cluster profile annotations 1956609 - [cluster-machine-approver] CSRs for replacement control plane nodes not approved after restore from backup 1956610 - manage-helm-repos manifest lacks cluster profile annotations 1956611 - OLM CRD schema validation failing against CRs where the value of a string field is a blank string 1956650 - The container disk URL is empty for Windows guest tools 1956768 - aws-ebs-csi-driver-controller-metrics TargetDown 1956826 - buildArgs does not work when the value is taken from a secret 1956895 - Fix chatty kubelet log message 1956898 - fix log files being overwritten on container state loss 1956920 - can't open terminal for pods that have more than one container running 1956959 - ipv6 disconnected sno crd deployment hive reports success status and clusterdeployrmet reporting false 1956978 - Installer gather doesn't include pod names in filename 1957039 - Physical VIP for pod -> Svc -> Host is incorrectly set to an IP of 169.254.169.2 for Local GW 1957041 - Update CI e2echart with more node info 1957127 - Delegated authentication: reduce the number of watch requests 1957131 - Conformance tests for OpenStack require the Cinder client that is not included in the "tests" image 1957146 - Only run test/extended/router/idle tests on OpenshiftSDN or OVNKubernetes 1957149 - CI: "Managed cluster should start all core operators" fails with: OpenStackCinderDriverStaticResourcesControllerDegraded: "volumesnapshotclass.yaml" (string): missing dynamicClient 1957179 - Incorrect VERSION in node_exporter 1957190 - CI jobs failing due too many watch requests (prometheus-operator) 1957198 - Misspelled console-operator condition 1957227 - Issue replacing the EnvVariables using the unsupported ConfigMap 1957260 - [4.8] [gcp] Installer is missing new region/zone europe-central2 1957261 - update godoc for new build status image change trigger fields 1957295 - Apply priority classes conventions as test to openshift/origin repo 1957315 - kuryr-controller doesn't indicate being out of quota 1957349 - [Azure] Machine object showing Failed phase even node is ready and VM is running properly 1957374 - mcddrainerr doesn't list specific pod 1957386 - Config serve and validate command should be under alpha 1957446 - prepare CCO for future without v1beta1 CustomResourceDefinitions 1957502 - Infrequent panic in kube-apiserver in aws-serial job 1957561 - lack of pseudolocalization for some text on Cluster Setting page 1957584 - Routes are not getting created when using hostname without FQDN standard 1957597 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1957645 - Event "Updated PrometheusRule.monitoring.coreos.com/v1 because it changed" is frequently looped with weird empty {} changes 1957708 - e2e-metal-ipi and related jobs fail to bootstrap due to multiple VIP's 1957726 - Pod stuck in ContainerCreating - Failed to start transient scope unit: Connection timed out 1957748 - Ptp operator pod should have CPU and memory requests set but not limits 1957756 - Device Replacemet UI, The status of the disk is "replacement ready" before I clicked on "start replacement" 1957772 - ptp daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent 1957775 - CVO creating cloud-controller-manager too early causing upgrade failures 1957809 - [OSP] Install with invalid platform.openstack.machinesSubnet results in runtime error 1957822 - Update apiserver tlsSecurityProfile description to include Custom profile 1957832 - CMO end-to-end tests work only on AWS 1957856 - 'resource name may not be empty' is shown in CI testing 1957869 - baremetal IPI power_interface for irmc is inconsistent 1957879 - cloud-controller-manage ClusterOperator manifest does not declare relatedObjects 1957889 - Incomprehensible documentation of the GatherClusterOperatorPodsAndEvents gatherer 1957893 - ClusterDeployment / Agent conditions show "ClusterAlreadyInstalling" during each spoke install 1957895 - Cypress helper projectDropdown.shouldContain is not an assertion 1957908 - Many e2e failed requests caused by kube-storage-version-migrator-operator's version reads 1957926 - "Add Capacity" should allow to add n*3 (or n*4) local devices at once 1957951 - [aws] destroy can get blocked on instances stuck in shutting-down state 1957967 - Possible test flake in listPage Cypress view 1957972 - Leftover templates from mdns 1957976 - Ironic execute_deploy_steps command to ramdisk times out, resulting in a failed deployment in 4.7 1957982 - Deployment Actions clickable for view-only projects 1957991 - ClusterOperatorDegraded can fire during installation 1958015 - "config-reloader-cpu" and "config-reloader-memory" flags have been deprecated for prometheus-operator 1958080 - Missing i18n for login, error and selectprovider pages 1958094 - Audit log files are corrupted sometimes 1958097 - don't show "old, insecure token format" if the token does not actually exist 1958114 - Ignore staged vendor files in pre-commit script 1958126 - [OVN]Egressip doesn't take effect 1958158 - OAuth proxy container for AlertManager and Thanos are flooding the logs 1958216 - ocp libvirt: dnsmasq options in install config should allow duplicate option names 1958245 - cluster-etcd-operator: static pod revision is not visible from etcd logs 1958285 - Deployment considered unhealthy despite being available and at latest generation 1958296 - OLM must explicitly alert on deprecated APIs in use 1958329 - pick 97428: add more context to log after a request times out 1958367 - Build metrics do not aggregate totals by build strategy 1958391 - Update MCO KubeletConfig to mixin the API Server TLS Security Profile Singleton 1958405 - etcd: current health checks and reporting are not adequate to ensure availability 1958406 - Twistlock flags mode of /var/run/crio/crio.sock 1958420 - openshift-install 4.7.10 fails with segmentation error 1958424 - aws: support more auth options in manual mode 1958439 - Install/Upgrade button on Install/Upgrade Helm Chart page does not work with Form View 1958492 - CCO: pod-identity-webhook still accesses APIRemovedInNextReleaseInUse 1958643 - All pods creation stuck due to SR-IOV webhook timeout 1958679 - Compression on pool can't be disabled via UI 1958753 - VMI nic tab is not loadable 1958759 - Pulling Insights report is missing retry logic 1958811 - VM creation fails on API version mismatch 1958812 - Cluster upgrade halts as machine-config-daemon fails to parse `rpm-ostree status` during cluster upgrades 1958861 - [CCO] pod-identity-webhook certificate request failed 1958868 - ssh copy is missing when vm is running 1958884 - Confusing error message when volume AZ not found 1958913 - "Replacing an unhealthy etcd member whose node is not ready" procedure results in new etcd pod in CrashLoopBackOff 1958930 - network config in machine configs prevents addition of new nodes with static networking via kargs 1958958 - [SCALE] segfault with ovnkube adding to address set 1958972 - [SCALE] deadlock in ovn-kube when scaling up to 300 nodes 1959041 - LSO Cluster UI,"Troubleshoot" link does not exist after scale down osd pod 1959058 - ovn-kubernetes has lock contention on the LSP cache 1959158 - packageserver clusteroperator Available condition set to false on any Deployment spec change 1959177 - Descheduler dev manifests are missing permissions 1959190 - Set LABEL io.openshift.release.operator=true for driver-toolkit image addition to payload 1959194 - Ingress controller should use minReadySeconds because otherwise it is disrupted during deployment updates 1959278 - Should remove prometheus servicemonitor from openshift-user-workload-monitoring 1959294 - openshift-operator-lifecycle-manager:olm-operator-serviceaccount should not rely on external networking for health check 1959327 - Degraded nodes on upgrade - Cleaning bootversions: Read-only file system 1959406 - Difficult to debug performance on ovn-k without pprof enabled 1959471 - Kube sysctl conformance tests are disabled, meaning we can't submit conformance results 1959479 - machines doesn't support dual-stack loadbalancers on Azure 1959513 - Cluster-kube-apiserver does not use library-go for audit pkg 1959519 - Operand details page only renders one status donut no matter how many 'podStatuses' descriptors are used 1959550 - Overly generic CSS rules for dd and dt elements breaks styling elsewhere in console 1959564 - Test verify /run filesystem contents failing 1959648 - oc adm top --help indicates that oc adm top can display storage usage while it cannot 1959650 - Gather SDI-related MachineConfigs 1959658 - showing a lot "constructing many client instances from the same exec auth config" 1959696 - Deprecate 'ConsoleConfigRoute' struct in console-operator config 1959699 - [RFE] Collect LSO pod log and daemonset log managed by LSO 1959703 - Bootstrap gather gets into an infinite loop on bootstrap-in-place mode 1959711 - Egressnetworkpolicy doesn't work when configure the EgressIP 1959786 - [dualstack]EgressIP doesn't work on dualstack cluster for IPv6 1959916 - Console not works well against a proxy in front of openshift clusters 1959920 - UEFISecureBoot set not on the right master node 1959981 - [OCPonRHV] - Affinity Group should not create by default if we define empty affinityGroupsNames: [] 1960035 - iptables is missing from ose-keepalived-ipfailover image 1960059 - Remove "Grafana UI" link from Console Monitoring > Dashboards page 1960089 - ImageStreams list page, detail page and breadcrumb are not following CamelCase conventions 1960129 - [e2e][automation] add smoke tests about VM pages and actions 1960134 - some origin images are not public 1960171 - Enable SNO checks for image-registry 1960176 - CCO should recreate a user for the component when it was removed from the cloud providers 1960205 - The kubelet log flooded with reconcileState message once CPU manager enabled 1960255 - fixed obfuscation permissions 1960257 - breaking changes in pr template 1960284 - ExternalTrafficPolicy Local does not preserve connections correctly on shutdown, policy Cluster has significant performance cost 1960323 - Address issues raised by coverity security scan 1960324 - manifests: extra "spec.version" in console quickstarts makes CVO hotloop 1960330 - manifests: invalid selector in ServiceMonitor makes CVO hotloop 1960334 - manifests: invalid selector in ServiceMonitor makes CVO hotloop 1960337 - manifests: invalid selector in ServiceMonitor makes CVO hotloop 1960339 - manifests: unset "preemptionPolicy" makes CVO hotloop 1960531 - Items under 'Current Bandwidth' for Dashboard 'Kubernetes / Networking / Pod' keep added for every access 1960534 - Some graphs of console dashboards have no legend and tooltips are difficult to undstand compared with grafana 1960546 - Add virt_platform metric to the collected metrics 1960554 - Remove rbacv1beta1 handling code 1960612 - Node disk info in overview/details does not account for second drive where /var is located 1960619 - Image registry integration tests use old-style OAuth tokens 1960683 - GlobalConfigPage is constantly requesting resources 1960711 - Enabling IPsec runtime causing incorrect MTU on Pod interfaces 1960716 - Missing details for debugging 1960732 - Outdated manifests directory in CSI driver operator repositories 1960757 - [OVN] hostnetwork pod can access MCS port 22623 or 22624 on master 1960758 - oc debug / oc adm must-gather do not require openshift/tools and openshift/must-gather to be "the newest" 1960767 - /metrics endpoint of the Grafana UI is accessible without authentication 1960780 - CI: failed to create PDB "service-test" the server could not find the requested resource 1961064 - Documentation link to network policies is outdated 1961067 - Improve log gathering logic 1961081 - policy/v1beta1 PodDisruptionBudget is deprecated in v1.21+, unavailable in v1.25+; use policy/v1 PodDisruptionBudget in CMO logs 1961091 - Gather MachineHealthCheck definitions 1961120 - CSI driver operators fail when upgrading a cluster 1961173 - recreate existing static pod manifests instead of updating 1961201 - [sig-network-edge] DNS should answer A and AAAA queries for a dual-stack service is constantly failing 1961314 - Race condition in operator-registry pull retry unit tests 1961320 - CatalogSource does not emit any metrics to indicate if it's ready or not 1961336 - Devfile sample for BuildConfig is not defined 1961356 - Update single quotes to double quotes in string 1961363 - Minor string update for " No Storage classes found in cluster, adding source is disabled." 1961393 - DetailsPage does not work with group~version~kind 1961452 - Remove "Alertmanager UI" link from Console Monitoring > Alerting page 1961466 - Some dropdown placeholder text on route creation page is not translated 1961472 - openshift-marketplace pods in CrashLoopBackOff state after RHACS installed with an SCC with readOnlyFileSystem set to true 1961506 - NodePorts do not work on RHEL 7.9 workers (was "4.7 -> 4.8 upgrade is stuck at Ingress operator Degraded with rhel 7.9 workers") 1961536 - clusterdeployment without pull secret is crashing assisted service pod 1961538 - manifests: invalid namespace in ClusterRoleBinding makes CVO hotloop 1961545 - Fixing Documentation Generation 1961550 - HAproxy pod logs showing error "another server named 'pod:httpd-7c7ccfffdc-wdkvk:httpd:8080-tcp:10.128.x.x:8080' was already defined at line 326, please use distinct names" 1961554 - respect the shutdown-delay-duration from OpenShiftAPIServerConfig 1961561 - The encryption controllers send lots of request to an API server 1961582 - Build failure on s390x 1961644 - NodeAuthenticator tests are failing in IPv6 1961656 - driver-toolkit missing some release metadata 1961675 - Kebab menu of taskrun contains Edit options which should not be present 1961701 - Enhance gathering of events 1961717 - Update runtime dependencies to Wallaby builds for bugfixes 1961829 - Quick starts prereqs not shown when description is long 1961852 - Excessive lock contention when adding many pods selected by the same NetworkPolicy 1961878 - Add Sprint 199 translations 1961897 - Remove history listener before console UI is unmounted 1961925 - New ManagementCPUsOverride admission plugin blocks pod creation in clusters with no nodes 1962062 - Monitoring dashboards should support default values of "All" 1962074 - SNO:the pod get stuck in CreateContainerError and prompt "failed to add conmon to systemd sandbox cgroup: dial unix /run/systemd/private: connect: resource temporarily unavailable" after adding a performanceprofile 1962095 - Replace gather-job image without FQDN 1962153 - VolumeSnapshot routes are ambiguous, too generic 1962172 - Single node CI e2e tests kubelet metrics endpoints intermittent downtime 1962219 - NTO relies on unreliable leader-for-life implementation. 1962256 - use RHEL8 as the vm-example 1962261 - Monitoring components requesting more memory than they use 1962274 - OCP on RHV installer fails to generate an install-config with only 2 hosts in RHV cluster 1962347 - Cluster does not exist logs after successful installation 1962392 - After upgrade from 4.5.16 to 4.6.17, customer's application is seeing re-transmits 1962415 - duplicate zone information for in-tree PV after enabling migration 1962429 - Cannot create windows vm because kubemacpool.io denied the request 1962525 - [Migration] SDN migration stuck on MCO on RHV cluster 1962569 - NetworkPolicy details page should also show Egress rules 1962592 - Worker nodes restarting during OS installation 1962602 - Cloud credential operator scrolls info "unable to provide upcoming..." on unsupported platform 1962630 - NTO: Ship the current upstream TuneD 1962687 - openshift-kube-storage-version-migrator pod failed due to Error: container has runAsNonRoot and image will run as root 1962698 - Console-operator can not create resource console-public configmap in the openshift-config-managed namespace 1962718 - CVE-2021-29622 prometheus: open redirect under the /new endpoint 1962740 - Add documentation to Egress Router 1962850 - [4.8] Bootimage bump tracker 1962882 - Version pod does not set priorityClassName 1962905 - Ramdisk ISO source defaulting to "http" breaks deployment on a good amount of BMCs 1963068 - ironic container should not specify the entrypoint 1963079 - KCM/KS: ability to enforce localhost communication with the API server. 1963154 - Current BMAC reconcile flow skips Ironic's deprovision step 1963159 - Add Sprint 200 translations 1963204 - Update to 8.4 IPA images 1963205 - Installer is using old redirector 1963208 - Translation typos/inconsistencies for Sprint 200 files 1963209 - Some strings in public.json have errors 1963211 - Fix grammar issue in kubevirt-plugin.json string 1963213 - Memsource download script running into API error 1963219 - ImageStreamTags not internationalized 1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment 1963267 - Warning: Invalid DOM property `classname`. Did you mean `className`? console warnings in volumes table 1963502 - create template from is not descriptive 1963676 - in vm wizard when selecting an os template it looks like selecting the flavor too 1963833 - Cluster monitoring operator crashlooping on single node clusters due to segfault 1963848 - Use OS-shipped stalld vs. the NTO-shipped one. 1963866 - NTO: use the latest k8s 1.21.1 and openshift vendor dependencies 1963871 - cluster-etcd-operator:[build] upgrade to go 1.16 1963896 - The VM disks table does not show easy links to PVCs 1963912 - "[sig-network] DNS should provide DNS for {services, cluster, subdomain, hostname}" failures on vsphere 1963932 - Installation failures in bootstrap in OpenStack release jobs 1963964 - Characters are not escaped on config ini file causing Kuryr bootstrap to fail 1964059 - rebase openshift/sdn to kube 1.21.1 1964197 - Failing Test vendor/k8s.io/kube-aggregator/pkg/apiserver TestProxyCertReload due to hardcoded certificate expiration 1964203 - e2e-metal-ipi, e2e-metal-ipi-ovn-dualstack and e2e-metal-ipi-ovn-ipv6 are failing due to "Unknown provider baremetal" 1964243 - The `oc compliance fetch-raw` doesn’t work for disconnected cluster 1964270 - Failed to install 'cluster-kube-descheduler-operator' with error: "clusterkubedescheduleroperator.4.8.0-202105211057.p0.assembly.stream\": must be no more than 63 characters" 1964319 - Network policy "deny all" interpreted as "allow all" in description page 1964334 - alertmanager/prometheus/thanos-querier /metrics endpoints are not secured 1964472 - Make project and namespace requirements more visible rather than giving me an error after submission 1964486 - Bulk adding of CIDR IPS to whitelist is not working 1964492 - Pick 102171: Implement support for watch initialization in P&F 1964625 - NETID duplicate check is only required in NetworkPolicy Mode 1964748 - Sync upstream 1.7.2 downstream 1964756 - PVC status is always in 'Bound' status when it is actually cloning 1964847 - Sanity check test suite missing from the repo 1964888 - opoenshift-apiserver imagestreamimports depend on >34s timeout support, WAS: transport: loopyWriter.run returning. connection error: desc = "transport is closing" 1964936 - error log for "oc adm catalog mirror" is not correct 1964979 - Add mapping from ACI to infraenv to handle creation order issues 1964997 - Helm Library charts are showing and can be installed from Catalog 1965024 - [DR] backup and restore should perform consistency checks on etcd snapshots 1965092 - [Assisted-4.7] [Staging][OLM] Operators deployments start before all workers finished installation 1965283 - 4.7->4.8 upgrades: cluster operators are not ready: openshift-controller-manager (Upgradeable=Unknown NoData: ), service-ca (Upgradeable=Unknown NoData: 1965330 - oc image extract fails due to security capabilities on files 1965334 - opm index add fails during image extraction 1965367 - Typo in in etcd-metric-serving-ca resource name 1965370 - "Route" is not translated in Korean or Chinese 1965391 - When storage class is already present wizard do not jumps to "Stoarge and nodes" 1965422 - runc is missing Provides oci-runtime in rpm spec 1965522 - [v2v] Multiple typos on VM Import screen 1965545 - Pod stuck in ContainerCreating: Unit ...slice already exists 1965909 - Replace "Enable Taint Nodes" by "Mark nodes as dedicated" 1965921 - [oVirt] High performance VMs shouldn't be created with Existing policy 1965929 - kube-apiserver should use cert auth when reaching out to the oauth-apiserver with a TokenReview request 1966077 - `hidden` descriptor is visible in the Operator instance details page` 1966116 - DNS SRV request which worked in 4.7.9 stopped working in 4.7.11 1966126 - root_ca_cert_publisher_sync_duration_seconds metric can have an excessive cardinality 1966138 - (release-4.8) Update K8s & OpenShift API versions 1966156 - Issue with Internal Registry CA on the service pod 1966174 - No storage class is installed, OCS and CNV installations fail 1966268 - Workaround for Network Manager not supporting nmconnections priority 1966401 - Revamp Ceph Table in Install Wizard flow 1966410 - kube-controller-manager should not trigger APIRemovedInNextReleaseInUse alert 1966416 - (release-4.8) Do not exceed the data size limit 1966459 - 'policy/v1beta1 PodDisruptionBudget' and 'batch/v1beta1 CronJob' appear in image-registry-operator log 1966487 - IP address in Pods list table are showing node IP other than pod IP 1966520 - Add button from ocs add capacity should not be enabled if there are no PV's 1966523 - (release-4.8) Gather MachineAutoScaler definitions 1966546 - [master] KubeAPI - keep day1 after cluster is successfully installed 1966561 - Workload partitioning annotation workaround needed for CSV annotation propagation bug 1966602 - don't require manually setting IPv6DualStack feature gate in 4.8 1966620 - The bundle.Dockerfile in the repo is obsolete 1966632 - [4.8.0] [assisted operator] Unable to re-register an SNO instance if deleting CRDs during install 1966654 - Alertmanager PDB is not created, but Prometheus UWM is 1966672 - Add Sprint 201 translations 1966675 - Admin console string updates 1966677 - Change comma to semicolon 1966683 - Translation bugs from Sprint 201 files 1966684 - Verify "Creating snapshot for claim <1>{pvcName}</1>" displays correctly 1966697 - Garbage collector logs every interval - move to debug level 1966717 - include full timestamps in the logs 1966759 - Enable downstream plugin for Operator SDK 1966795 - [tests] Release 4.7 broken due to the usage of wrong OCS version 1966813 - "Replacing an unhealthy etcd member whose node is not ready" procedure results in new etcd pod in CrashLoopBackOff 1966862 - vsphere IPI - local dns prepender is not prepending nameserver 127.0.0.1 1966892 - [master] [Assisted-4.8][SNO] SNO node cannot transition into "Writing image to disk" from "Waiting for bootkub[e" 1966952 - [4.8.0] [Assisted-4.8][SNO][Dual Stack] DHCPv6 settings "ipv6.dhcp-duid=ll" missing from dual stack install 1967104 - [4.8.0] InfraEnv ctrl: log the amount of NMstate Configs baked into the image 1967126 - [4.8.0] [DOC] KubeAPI docs should clarify that the InfraEnv Spec pullSecretRef is currently ignored 1967197 - 404 errors loading some i18n namespaces 1967207 - Getting started card: console customization resources link shows other resources 1967208 - Getting started card should use semver library for parsing the version instead of string manipulation 1967234 - Console is continuously polling for ConsoleLink acm-link 1967275 - Awkward wrapping in getting started dashboard card 1967276 - Help menu tooltip overlays dropdown 1967398 - authentication operator still uses previous deleted pod ip rather than the new created pod ip to do health check 1967403 - (release-4.8) Increase workloads fingerprint gatherer pods limit 1967423 - [master] clusterDeployments controller should take 1m to reqeueue when failing with AddOpenshiftVersion 1967444 - openshift-local-storage pods found with invalid priority class, should be openshift-user-critical or begin with system- while running e2e tests 1967531 - the ccoctl tool should extend MaxItems when listRoles, the default value 100 is a little small 1967578 - [4.8.0] clusterDeployments controller should take 1m to reqeueue when failing with AddOpenshiftVersion 1967591 - The ManagementCPUsOverride admission plugin should not mutate containers with the limit 1967595 - Fixes the remaining lint issues 1967614 - prometheus-k8s pods can't be scheduled due to volume node affinity conflict 1967623 - [OCPonRHV] - ./openshift-install installation with install-config doesn't work if ovirt-config.yaml doesn't exist and user should fill the FQDN URL 1967625 - Add OpenShift Dockerfile for cloud-provider-aws 1967631 - [4.8.0] Cluster install failed due to timeout while "Waiting for control plane" 1967633 - [4.8.0] [Assisted-4.8][SNO] SNO node cannot transition into "Writing image to disk" from "Waiting for bootkube" 1967639 - Console whitescreens if user preferences fail to load 1967662 - machine-api-operator should not use deprecated "platform" field in infrastructures.config.openshift.io 1967667 - Add Sprint 202 Round 1 translations 1967713 - Insights widget shows invalid link to the OCM 1967717 - Insights Advisor widget is missing a description paragraph and contains deprecated naming 1967745 - When setting DNS node placement by toleration to not tolerate master node, effect value should not allow string other than "NoExecute" 1967803 - should update to 7.5.5 for grafana resources version label 1967832 - Add more tests for periodic.go 1967833 - Add tasks pool to tasks_processing 1967842 - Production logs are spammed on "OCS requirements validation status Insufficient hosts to deploy OCS. A minimum of 3 hosts is required to deploy OCS" 1967843 - Fix null reference to messagesToSearch in gather_logs.go 1967902 - [4.8.0] Assisted installer chrony manifests missing index numberring 1967933 - Network-Tools debug scripts not working as expected 1967945 - [4.8.0] [assisted operator] Assisted Service Postgres crashes msg: "mkdir: cannot create directory '/var/lib/pgsql/data/userdata': Permission denied" 1968019 - drain timeout and pool degrading period is too short 1968067 - [master] Agent validation not including reason for being insufficient 1968168 - [4.8.0] KubeAPI - keep day1 after cluster is successfully installed 1968175 - [4.8.0] Agent validation not including reason for being insufficient 1968373 - [4.8.0] BMAC re-attaches installed node on ISO regeneration 1968385 - [4.8.0] Infra env require pullSecretRef although it shouldn't be required 1968435 - [4.8.0] Unclear message in case of missing clusterImageSet 1968436 - Listeners timeout updated to remain using default value 1968449 - [4.8.0] Wrong Install-config override documentation 1968451 - [4.8.0] Garbage collector not cleaning up directories of removed clusters 1968452 - [4.8.0] [doc] "Mirror Registry Configuration" doc section needs clarification of functionality and limitations 1968454 - [4.8.0] backend events generated with wrong namespace for agent 1968455 - [4.8.0] Assisted Service operator's controllers are starting before the base service is ready 1968515 - oc should set user-agent when talking with registry 1968531 - Sync upstream 1.8.0 downstream 1968558 - [sig-cli] oc adm storage-admin [Suite:openshift/conformance/parallel] doesn't clean up properly 1968567 - [OVN] Egress router pod not running and openshift.io/scc is restricted 1968625 - Pods using sr-iov interfaces failign to start for Failed to create pod sandbox 1968700 - catalog-operator crashes when status.initContainerStatuses[].state.waiting is nil 1968701 - Bare metal IPI installation is failed due to worker inspection failure 1968754 - CI: e2e-metal-ipi-upgrade failing on KubeletHasDiskPressure, which triggers machine-config RequiredPoolsFailed 1969212 - [FJ OCP4.8 Bug - PUBLIC VERSION]: Masters repeat reboot every few minutes during workers provisioning 1969284 - Console Query Browser: Can't reset zoom to fixed time range after dragging to zoom 1969315 - [4.8.0] BMAC doesn't check if ISO Url changed before queuing BMH for reconcile 1969352 - [4.8.0] Creating BareMetalHost without the "inspect.metal3.io" does not automatically add it 1969363 - [4.8.0] Infra env should show the time that ISO was generated. 1969367 - [4.8.0] BMAC should wait for an ISO to exist for 1 minute before using it 1969386 - Filesystem's Utilization doesn't show in VM overview tab 1969397 - OVN bug causing subports to stay DOWN fails installations 1969470 - [4.8.0] Misleading error in case of install-config override bad input 1969487 - [FJ OCP4.8 Bug]: Avoid always do delete_configuration clean step 1969525 - Replace golint with revive 1969535 - Topology edit icon does not link correctly when branch name contains slash 1969538 - Install a VolumeSnapshotClass by default on CSI Drivers that support it 1969551 - [4.8.0] Assisted service times out on GetNextSteps due to `oc adm release info` taking too long 1969561 - Test "an end user can use OLM can subscribe to the operator" generates deprecation alert 1969578 - installer: accesses v1beta1 RBAC APIs and causes APIRemovedInNextReleaseInUse to fire 1969599 - images without registry are being prefixed with registry.hub.docker.com instead of docker.io 1969601 - manifest for networks.config.openshift.io CRD uses deprecated apiextensions.k8s.io/v1beta1 1969626 - Portfoward stream cleanup can cause kubelet to panic 1969631 - EncryptionPruneControllerDegraded: etcdserver: request timed out 1969681 - MCO: maxUnavailable of ds/machine-config-daemon does not get updated due to missing resourcemerge check 1969712 - [4.8.0] Assisted service reports a malformed iso when we fail to download the base iso 1969752 - [4.8.0] [assisted operator] Installed Clusters are missing DNS setups 1969773 - [4.8.0] Empty cluster name on handleEnsureISOErrors log after applying InfraEnv.yaml 1969784 - WebTerminal widget should send resize events 1969832 - Applying a profile with multiple inheritance where parents include a common ancestor fails 1969891 - Fix rotated pipelinerun status icon issue in safari 1969900 - Test files should not use deprecated APIs that will trigger APIRemovedInNextReleaseInUse 1969903 - Provisioning a large number of hosts results in an unexpected delay in hosts becoming available 1969951 - Cluster local doesn't work for knative services created from dev console 1969969 - ironic-rhcos-downloader container uses and old base image 1970062 - ccoctl does not work with STS authentication 1970068 - ovnkube-master logs "Failed to find node ips for gateway" error 1970126 - [4.8.0] Disable "metrics-events" when deploying using the operator 1970150 - master pool is still upgrading when machine config reports level / restarts on osimageurl change 1970262 - [4.8.0] Remove Agent CRD Status fields not needed 1970265 - [4.8.0] Add State and StateInfo to DebugInfo in ACI and Agent CRDs 1970269 - [4.8.0] missing role in agent CRD 1970271 - [4.8.0] Add ProgressInfo to Agent and AgentClusterInstalll CRDs 1970381 - Monitoring dashboards: Custom time range inputs should retain their values 1970395 - [4.8.0] SNO with AI/operator - kubeconfig secret is not created until the spoke is deployed 1970401 - [4.8.0] AgentLabelSelector is required yet not supported 1970415 - SR-IOV Docs needs documentation for disabling port security on a network 1970470 - Add pipeline annotation to Secrets which are created for a private repo 1970494 - [4.8.0] Missing value-filling of log line in assisted-service operator pod 1970624 - 4.7->4.8 updates: AggregatedAPIDown for v1beta1.metrics.k8s.io 1970828 - "500 Internal Error" for all openshift-monitoring routes 1970975 - 4.7 -> 4.8 upgrades on AWS take longer than expected 1971068 - Removing invalid AWS instances from the CF templates 1971080 - 4.7->4.8 CI: KubePodNotReady due to MCD's 5m sleep between drain attempts 1971188 - Web Console does not show OpenShift Virtualization Menu with VirtualMachine CRDs of version v1alpha3 ! 1971293 - [4.8.0] Deleting agent from one namespace causes all agents with the same name to be deleted from all namespaces 1971308 - [4.8.0] AI KubeAPI AgentClusterInstall confusing "Validated" condition about VIP not matching machine network 1971529 - [Dummy bug for robot] 4.7.14 upgrade to 4.8 and then downgrade back to 4.7.14 doesn't work - clusteroperator/kube-apiserver is not upgradeable 1971589 - [4.8.0] Telemetry-client won't report metrics in case the cluster was installed using the assisted operator 1971630 - [4.8.0] ACM/ZTP with Wan emulation fails to start the agent service 1971632 - [4.8.0] ACM/ZTP with Wan emulation, several clusters fail to step past discovery 1971654 - [4.8.0] InfraEnv controller should always requeue for backend response HTTP StatusConflict (code 409) 1971739 - Keep /boot RW when kdump is enabled 1972085 - [4.8.0] Updating configmap within AgentServiceConfig is not logged properly 1972128 - ironic-static-ip-manager container still uses 4.7 base image 1972140 - [4.8.0] ACM/ZTP with Wan emulation, SNO cluster installs do not show as installed although they are 1972167 - Several operators degraded because Failed to create pod sandbox when installing an sts cluster 1972213 - Openshift Installer| UEFI mode | BM hosts have BIOS halted 1972262 - [4.8.0] "baremetalhost.metal3.io/detached" uses boolean value where string is expected 1972426 - Adopt failure can trigger deprovisioning 1972436 - [4.8.0] [DOCS] AgentServiceConfig examples in operator.md doc should each contain databaseStorage + filesystemStorage 1972526 - [4.8.0] clusterDeployments controller should send an event to InfraEnv for backend cluster registration 1972530 - [4.8.0] no indication for missing debugInfo in AgentClusterInstall 1972565 - performance issues due to lost node, pods taking too long to relaunch 1972662 - DPDK KNI modules need some additional tools 1972676 - Requirements for authenticating kernel modules with X.509 1972687 - Using bound SA tokens causes causes failures to /apis/authorization.openshift.io/v1/clusterrolebindings 1972690 - [4.8.0] infra-env condition message isn't informative in case of missing pull secret 1972702 - [4.8.0] Domain dummy.com (not belonging to Red Hat) is being used in a default configuration 1972768 - kube-apiserver setup fail while installing SNO due to port being used 1972864 - New `local-with-fallback` service annotation does not preserve source IP 1973018 - Ironic rhcos downloader breaks image cache in upgrade process from 4.7 to 4.8 1973117 - No storage class is installed, OCS and CNV installations fail 1973233 - remove kubevirt images and references 1973237 - RHCOS-shipped stalld systemd units do not use SCHED_FIFO to run stalld. 1973428 - Placeholder bug for OCP 4.8.0 image release 1973667 - [4.8] NetworkPolicy tests were mistakenly marked skipped 1973672 - fix ovn-kubernetes NetworkPolicy 4.7->4.8 upgrade issue 1973995 - [Feature:IPv6DualStack] tests are failing in dualstack 1974414 - Uninstalling kube-descheduler clusterkubedescheduleroperator.4.6.0-202106010807.p0.git.5db84c5 removes some clusterrolebindings 1974447 - Requirements for nvidia GPU driver container for driver toolkit 1974677 - [4.8.0] KubeAPI CVO progress is not available on CR/conditions only in events. 1974718 - Tuned net plugin fails to handle net devices with n/a value for a channel 1974743 - [4.8.0] All resources not being cleaned up after clusterdeployment deletion 1974746 - [4.8.0] File system usage not being logged appropriately 1974757 - [4.8.0] Assisted-service deployed on an IPv6 cluster installed with proxy: agentclusterinstall shows error pulling an image from quay. 1974773 - Using bound SA tokens causes fail to query cluster resource especially in a sts cluster 1974839 - CVE-2021-29059 nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string 1974850 - [4.8] coreos-installer failing Execshield 1974931 - [4.8.0] Assisted Service Operator should be Infrastructure Operator for Red Hat OpenShift 1974978 - 4.8.0.rc0 upgrade hung, stuck on DNS clusteroperator progressing 1975155 - Kubernetes service IP cannot be accessed for rhel worker 1975227 - [4.8.0] KubeAPI Move conditions consts to CRD types 1975360 - [4.8.0] [master] timeout on kubeAPI subsystem test: SNO full install and validate MetaData 1975404 - [4.8.0] Confusing behavior when multi-node spoke workers present when only controlPlaneAgents specified 1975432 - Alert InstallPlanStepAppliedWithWarnings does not resolve 1975527 - VMware UPI is configuring static IPs via ignition rather than afterburn 1975672 - [4.8.0] Production logs are spammed on "Found unpreparing host: id 08f22447-2cf1-a107-eedf-12c7421f7380 status insufficient" 1975789 - worker nodes rebooted when we simulate a case where the api-server is down 1975938 - gcp-realtime: e2e test failing [sig-storage] Multi-AZ Cluster Volumes should only be allowed to provision PDs in zones where nodes exist [Suite:openshift/conformance/parallel] [Suite:k8s] 1975964 - 4.7 nightly upgrade to 4.8 and then downgrade back to 4.7 nightly doesn't work - ingresscontroller "default" is degraded 1976079 - [4.8.0] Openshift Installer| UEFI mode | BM hosts have BIOS halted 1976263 - [sig-cli] oc adm must-gather runs successfully for audit logs [Suite:openshift/conformance/parallel] 1976376 - disable jenkins client plugin test whose Jenkinsfile references master branch openshift/origin artifacts 1976590 - [Tracker] [SNO][assisted-operator][nmstate] Bond Interface is down when booting from the discovery ISO 1977233 - [4.8] Unable to authenticate against IDP after upgrade to 4.8-rc.1 1977351 - CVO pod skipped by workload partitioning with incorrect error stating cluster is not SNO 1977352 - [4.8.0] [SNO] No DNS to cluster API from assisted-installer-controller 1977426 - Installation of OCP 4.6.13 fails when teaming interface is used with OVNKubernetes 1977479 - CI failing on firing CertifiedOperatorsCatalogError due to slow livenessProbe responses 1977540 - sriov webhook not worked when upgrade from 4.7 to 4.8 1977607 - [4.8.0] Post making changes to AgentServiceConfig assisted-service operator is not detecting the change and redeploying assisted-service pod 1977924 - Pod fails to run when a custom SCC with a specific set of volumes is used 1980788 - NTO-shipped stalld can segfault 1981633 - enhance service-ca injection 1982250 - Performance Addon Operator fails to install after catalog source becomes ready 1982252 - olm Operator is in CrashLoopBackOff state with error "couldn't cleanup cross-namespace ownerreferences" 5. References: https://access.redhat.com/security/cve/CVE-2016-2183 https://access.redhat.com/security/cve/CVE-2020-7774 https://access.redhat.com/security/cve/CVE-2020-15106 https://access.redhat.com/security/cve/CVE-2020-15112 https://access.redhat.com/security/cve/CVE-2020-15113 https://access.redhat.com/security/cve/CVE-2020-15114 https://access.redhat.com/security/cve/CVE-2020-15136 https://access.redhat.com/security/cve/CVE-2020-26160 https://access.redhat.com/security/cve/CVE-2020-26541 https://access.redhat.com/security/cve/CVE-2020-28469 https://access.redhat.com/security/cve/CVE-2020-28500 https://access.redhat.com/security/cve/CVE-2020-28852 https://access.redhat.com/security/cve/CVE-2021-3114 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3516 https://access.redhat.com/security/cve/CVE-2021-3517 https://access.redhat.com/security/cve/CVE-2021-3518 https://access.redhat.com/security/cve/CVE-2021-3520 https://access.redhat.com/security/cve/CVE-2021-3537 https://access.redhat.com/security/cve/CVE-2021-3541 https://access.redhat.com/security/cve/CVE-2021-3636 https://access.redhat.com/security/cve/CVE-2021-20206 https://access.redhat.com/security/cve/CVE-2021-20271 https://access.redhat.com/security/cve/CVE-2021-20291 https://access.redhat.com/security/cve/CVE-2021-21419 https://access.redhat.com/security/cve/CVE-2021-21623 https://access.redhat.com/security/cve/CVE-2021-21639 https://access.redhat.com/security/cve/CVE-2021-21640 https://access.redhat.com/security/cve/CVE-2021-21648 https://access.redhat.com/security/cve/CVE-2021-22133 https://access.redhat.com/security/cve/CVE-2021-23337 https://access.redhat.com/security/cve/CVE-2021-23362 https://access.redhat.com/security/cve/CVE-2021-23368 https://access.redhat.com/security/cve/CVE-2021-23382 https://access.redhat.com/security/cve/CVE-2021-25735 https://access.redhat.com/security/cve/CVE-2021-25737 https://access.redhat.com/security/cve/CVE-2021-26539 https://access.redhat.com/security/cve/CVE-2021-26540 https://access.redhat.com/security/cve/CVE-2021-27292 https://access.redhat.com/security/cve/CVE-2021-28092 https://access.redhat.com/security/cve/CVE-2021-29059 https://access.redhat.com/security/cve/CVE-2021-29622 https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/cve/CVE-2021-33034 https://access.redhat.com/security/cve/CVE-2021-33194 https://access.redhat.com/security/cve/CVE-2021-33909 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYQCOF9zjgjWX9erEAQjsEg/+NSFQdRcZpqA34LWRtxn+01y2MO0WLroQ d4o+3h0ECKYNRFKJe6n7z8MdmPpvV2uNYN0oIwidTESKHkFTReQ6ZolcV/sh7A26 Z7E+hhpTTObxAL7Xx8nvI7PNffw3CIOZSpnKws5TdrwuMkH5hnBSSZntP5obp9Vs ImewWWl7CNQtFewtXbcmUojNzIvU1mujES2DTy2ffypLoOW6kYdJzyWubigIoR6h gep9HKf1X4oGPuDNF5trSdxKwi6W68+VsOA25qvcNZMFyeTFhZqowot/Jh1HUHD8 TWVpDPA83uuExi/c8tE8u7VZgakWkRWcJUsIw68VJVOYGvpP6K/MjTpSuP2itgUX X//1RGQM7g6sYTCSwTOIrMAPbYH0IMbGDjcS4fSZcfg6c+WJnEpZ72ZgjHZV8mxb 1BtQSs2lil48/cwDKM0yMO2nYsKiz4DCCx2W5izP0rLwNA8Hvqh9qlFgkxJWWOvA mtBCelB0E74qrE4NXbX+MIF7+ZQKjd1evE91/VWNs0FLR/xXdP3C5ORLU3Fag0G/ 0oTV73NdxP7IXVAdsECwU2AqS9ne1y01zJKtd7hq7H/wtkbasqCNq5J7HikJlLe6 dpKh5ZRQzYhGeQvho9WQfz/jd4HZZTcB6wxrWubbd05bYt/i/0gau90LpuFEuSDx +bLvJlpGiMg= =NJcM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat Advanced Cluster Management for Kubernetes 2.3.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Bugs: * RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444) * cluster became offline after apiserver health check (BZ# 1942589) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1913333 - CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension 1913338 - CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag 1913444 - RFE Make the source code for the endpoint-metrics-operator public 1921286 - CVE-2021-21272 oras: zip-slip vulnerability via oras-pull 1927520 - RHACM 2.3.0 images 1928937 - CVE-2021-23337 nodejs-lodash: command injection via template 1928954 - CVE-2020-28500 nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions 1930294 - CVE-2021-23839 openssl: incorrect SSLv2 rollback protection 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1936427 - CVE-2021-3377 nodejs-ansi_up: XSS due to insufficient URL sanitization 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1940196 - View Resource YAML option shows 404 error when reviewing a Subscription for an application 1940613 - CVE-2021-27292 nodejs-ua-parser-js: ReDoS via malicious User-Agent header 1941024 - CVE-2021-27358 grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call 1941675 - CVE-2021-23346 html-parse-stringify: Regular Expression DoS 1942178 - CVE-2021-21321 fastify-reply-from: crafted URL allows prefix scape of the proxied backend service 1942182 - CVE-2021-21322 fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service 1942589 - cluster became offline after apiserver health check 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() 1944822 - CVE-2021-29418 nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1945459 - CVE-2020-28469 nodejs-glob-parent: Regular expression denial of service 1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1954368 - CVE-2021-29482 ulikunitz/xz: Infinite loop in readUvarint allows for denial of service 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option 1956818 - CVE-2021-23343 nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe 1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command 1957414 - CVE-2021-29478 redis: Integer overflow via COPY command for large intsets 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1968122 - clusterdeployment fails because hiveadmission sc does not have correct permissions 1972703 - Subctl fails to join cluster, since it cannot auto-generate a valid cluster id 1983131 - Defragmenting an etcd member doesn't reduce the DB size (7.5GB) on a setup with ~1000 spoke clusters 5. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Bug Fix(es): * An update in libvirt has changed the way block threshold events are submitted. As a result, the VDSM was confused by the libvirt event, and tried to look up a drive, logging a warning about a missing drive. In this release, the VDSM has been adapted to handle the new libvirt behavior, and does not log warnings about missing drives. (BZ#1948177) * Previously, when a virtual machine was powered off on the source host of a live migration and the migration finished successfully at the same time, the two events interfered with each other, and sometimes prevented migration cleanup resulting in additional migrations from the host being blocked. In this release, additional migrations are not blocked. (BZ#1959436) * Previously, when failing to execute a snapshot and re-executing it later, the second try would fail due to using the previous execution data. In this release, this data will be used only when needed, in recovery mode. (BZ#1984209) 4. Then engine deletes the volume and causes data corruption. 1998017 - Keep cinbderlib dependencies optional for 4.4.8 6. Bug Fix(es): * Documentation is referencing deprecated API for Service Export - Submariner (BZ#1936528) * Importing of cluster fails due to error/typo in generated command (BZ#1936642) * RHACM 2.2.2 images (BZ#1938215) * 2.2 clusterlifecycle fails to allow provision `fips: true` clusters on aws, vsphere (BZ#1941778) 3. Summary: The Migration Toolkit for Containers (MTC) 1.7.4 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. GNOME GLib Is vulnerable to a conversion error between numeric types.Denial of service (DoS) It may be put into a state. Currently there is no information about this vulnerability. Please keep an eye on CNNVD or manufacturer announcements. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Bug Fix(es): * Previously, systemtap dependencies were not included in the RHV-H channel. Therefore, systemtap could not be installed. In this release, the systemtap dependencies have been included in the channel, resolving the issue. (BZ#1903997) 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GLib: Multiple vulnerabilities Date: July 07, 2021 Bugs: #768753, #775632 ID: 202107-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in GLib, the worst of which could result in the arbitrary execution of code. Background ========== GLib is a library providing a number of GNOME's core objects and functions. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/glib < 2.66.8 >= 2.66.8 Description =========== Multiple vulnerabilities have been discovered in GLib. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All GLib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/glib-2.66.8" References ========== [ 1 ] CVE-2021-27218 https://nvd.nist.gov/vuln/detail/CVE-2021-27218 [ 2 ] CVE-2021-27219 https://nvd.nist.gov/vuln/detail/CVE-2021-27219 [ 3 ] CVE-2021-28153 https://nvd.nist.gov/vuln/detail/CVE-2021-28153 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202107-13 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . 7.4) - x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: glib2 security update Advisory ID: RHSA-2021:2147-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2147 Issue date: 2021-05-31 CVE Names: CVE-2021-27219 ==================================================================== 1. Summary: An update for glib2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: glib2-2.56.1-9.el7_9.src.rpm x86_64: glib2-2.56.1-9.el7_9.i686.rpm glib2-2.56.1-9.el7_9.x86_64.rpm glib2-debuginfo-2.56.1-9.el7_9.i686.rpm glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: glib2-doc-2.56.1-9.el7_9.noarch.rpm x86_64: glib2-debuginfo-2.56.1-9.el7_9.i686.rpm glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm glib2-devel-2.56.1-9.el7_9.i686.rpm glib2-devel-2.56.1-9.el7_9.x86_64.rpm glib2-fam-2.56.1-9.el7_9.x86_64.rpm glib2-static-2.56.1-9.el7_9.i686.rpm glib2-static-2.56.1-9.el7_9.x86_64.rpm glib2-tests-2.56.1-9.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: glib2-2.56.1-9.el7_9.src.rpm x86_64: glib2-2.56.1-9.el7_9.i686.rpm glib2-2.56.1-9.el7_9.x86_64.rpm glib2-debuginfo-2.56.1-9.el7_9.i686.rpm glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: glib2-doc-2.56.1-9.el7_9.noarch.rpm x86_64: glib2-debuginfo-2.56.1-9.el7_9.i686.rpm glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm glib2-devel-2.56.1-9.el7_9.i686.rpm glib2-devel-2.56.1-9.el7_9.x86_64.rpm glib2-fam-2.56.1-9.el7_9.x86_64.rpm glib2-static-2.56.1-9.el7_9.i686.rpm glib2-static-2.56.1-9.el7_9.x86_64.rpm glib2-tests-2.56.1-9.el7_9.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: glib2-2.56.1-9.el7_9.src.rpm ppc64: glib2-2.56.1-9.el7_9.ppc.rpm glib2-2.56.1-9.el7_9.ppc64.rpm glib2-debuginfo-2.56.1-9.el7_9.ppc.rpm glib2-debuginfo-2.56.1-9.el7_9.ppc64.rpm glib2-devel-2.56.1-9.el7_9.ppc.rpm glib2-devel-2.56.1-9.el7_9.ppc64.rpm ppc64le: glib2-2.56.1-9.el7_9.ppc64le.rpm glib2-debuginfo-2.56.1-9.el7_9.ppc64le.rpm glib2-devel-2.56.1-9.el7_9.ppc64le.rpm s390x: glib2-2.56.1-9.el7_9.s390.rpm glib2-2.56.1-9.el7_9.s390x.rpm glib2-debuginfo-2.56.1-9.el7_9.s390.rpm glib2-debuginfo-2.56.1-9.el7_9.s390x.rpm glib2-devel-2.56.1-9.el7_9.s390.rpm glib2-devel-2.56.1-9.el7_9.s390x.rpm x86_64: glib2-2.56.1-9.el7_9.i686.rpm glib2-2.56.1-9.el7_9.x86_64.rpm glib2-debuginfo-2.56.1-9.el7_9.i686.rpm glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm glib2-devel-2.56.1-9.el7_9.i686.rpm glib2-devel-2.56.1-9.el7_9.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: glib2-doc-2.56.1-9.el7_9.noarch.rpm ppc64: glib2-debuginfo-2.56.1-9.el7_9.ppc.rpm glib2-debuginfo-2.56.1-9.el7_9.ppc64.rpm glib2-fam-2.56.1-9.el7_9.ppc64.rpm glib2-static-2.56.1-9.el7_9.ppc.rpm glib2-static-2.56.1-9.el7_9.ppc64.rpm glib2-tests-2.56.1-9.el7_9.ppc64.rpm ppc64le: glib2-debuginfo-2.56.1-9.el7_9.ppc64le.rpm glib2-fam-2.56.1-9.el7_9.ppc64le.rpm glib2-static-2.56.1-9.el7_9.ppc64le.rpm glib2-tests-2.56.1-9.el7_9.ppc64le.rpm s390x: glib2-debuginfo-2.56.1-9.el7_9.s390.rpm glib2-debuginfo-2.56.1-9.el7_9.s390x.rpm glib2-fam-2.56.1-9.el7_9.s390x.rpm glib2-static-2.56.1-9.el7_9.s390.rpm glib2-static-2.56.1-9.el7_9.s390x.rpm glib2-tests-2.56.1-9.el7_9.s390x.rpm x86_64: glib2-debuginfo-2.56.1-9.el7_9.i686.rpm glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm glib2-fam-2.56.1-9.el7_9.x86_64.rpm glib2-static-2.56.1-9.el7_9.i686.rpm glib2-static-2.56.1-9.el7_9.x86_64.rpm glib2-tests-2.56.1-9.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: glib2-2.56.1-9.el7_9.src.rpm x86_64: glib2-2.56.1-9.el7_9.i686.rpm glib2-2.56.1-9.el7_9.x86_64.rpm glib2-debuginfo-2.56.1-9.el7_9.i686.rpm glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm glib2-devel-2.56.1-9.el7_9.i686.rpm glib2-devel-2.56.1-9.el7_9.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: glib2-doc-2.56.1-9.el7_9.noarch.rpm x86_64: glib2-debuginfo-2.56.1-9.el7_9.i686.rpm glib2-debuginfo-2.56.1-9.el7_9.x86_64.rpm glib2-fam-2.56.1-9.el7_9.x86_64.rpm glib2-static-2.56.1-9.el7_9.i686.rpm glib2-static-2.56.1-9.el7_9.x86_64.rpm glib2-tests-2.56.1-9.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-27219 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYLS3ctzjgjWX9erEAQi/oBAAk7Y1nA3n84Zz7y/KwwhHGlbTLc0NXn4c nRQUpxJuScuvefAmM+Z73qxqxdM+hBQfDoodATPeTgYT7mYFnN3n+dTrv7Sg1kks aU9Q6d7HdRnk4mhOK3blYI8Ln5LYkcRcqmpyZ8sN14Cqffc+o5VEIwT6hht9/iZL UJQDhdbWT/EDXcZ7iV+1ahicKczm/XEZVkC8zAa9rcQlJ3JJ36gmMuCvmYbS4TOb 8UKNb2hpjkk9laGC5BWG8dnpzrdQnUXmd39n7rltLiIxoQeq3UWo44UCV7XZFcVT eoEt5o3no3+mlIcYto6u5lgfq83D/bI6OuRVRm3BaAp5lBNqPU6dzv2sxtWbKizR vIlmBmoWvYXbNxwkGZeQ5ZU3TTumCUOqIvT5KFIdurWPeknb9zD4Xt8JIuWNXwbV 1mv5jnAz8+v8LX2hQpUh2QPEpTi6GKDWhTE2w+Ulh4s0SCTICc8pjdyNx+PljDDx HyWwPu7veac0fewc+VHZzsTqrKFnH46+A6LIv2bySioa0oomxxWZrSg5BBx+tQXn ND/TjXaFnmrHVyDP7zD0PPBR13PlN8o++LK6oIADSrruc/1FPC7veEqFjMyHwemG nJyp479dwq4M7kpBgd9VfFTVjluCxYsA7FDwP+6q3k+ZJR6S0Dm5pXail/S1gPpw qTmrr3x9NbI=Nn9w -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4759-1 March 08, 2021 glib2.0 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in GLib. Software Description: - glib2.0: GLib library of C routines Details: Krzesimir Nowak discovered that GLib incorrectly handled certain large buffers. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-27218) Kevin Backhouse discovered that GLib incorrectly handled certain memory allocations. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-27219) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: libglib2.0-0 2.66.1-2ubuntu0.1 Ubuntu 20.04 LTS: libglib2.0-0 2.64.6-1~ubuntu20.04.2 Ubuntu 18.04 LTS: libglib2.0-0 2.56.4-0ubuntu0.18.04.7 Ubuntu 16.04 LTS: libglib2.0-0 2.48.2-0ubuntu4.7 After a standard system update you need to restart your session to make all the necessary changes

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. Currently there is no information about this vulnerability. Please keep an eye on CNNVD or manufacturer announcements. Relevant releases/architectures: Red Hat Enterprise Linux CRB (v. 8) - noarch 3. Description: GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. The following packages have been upgraded to a later upstream version: mingw-glib2 (2.66.7). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1929847 - CVE-2021-27218 glib: integer overflow in g_byte_array_new_take function when called with a buffer of 4GB or more on a 64-bit platform 1929858 - CVE-2021-27219 glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits 6. Package List: Red Hat Enterprise Linux CRB (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Description: Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1869800 - CVE-2020-8911 aws/aws-sdk-go: CBC padding oracle issue in AWS S3 Crypto SDK for golang 1869801 - CVE-2020-8912 aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto SDK for golang 1930083 - CVE-2021-3442 PT RHOAM: XSS in 3scale at various places 5. JIRA issues fixed (https://issues.jboss.org/): TRACING-2083 - Rebuild product images to address CVE-2021-33910 - Jaeger components 1.20 TRACING-2087 - Jaeger agent sidecar injection failed due to missing configmaps in the application namespace 6. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Software Description: - glib2.0: GLib library of C routines Details: Krzesimir Nowak discovered that GLib incorrectly handled certain large buffers. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-27218) Kevin Backhouse discovered that GLib incorrectly handled certain memory allocations. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-27219) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: libglib2.0-0 2.66.1-2ubuntu0.1 Ubuntu 20.04 LTS: libglib2.0-0 2.64.6-1~ubuntu20.04.2 Ubuntu 18.04 LTS: libglib2.0-0 2.56.4-0ubuntu0.18.04.7 Ubuntu 16.04 LTS: libglib2.0-0 2.48.2-0ubuntu4.7 After a standard system update you need to restart your session to make all the necessary changes. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.3/html/release_notes/ Security: * nodejs-kind-of: ctorName in index.js allows external user input to overwrite certain internal attributes (CVE-2019-20149) Bugs: * RHACM 2.3.2 images (BZ# 1991623) 3. Bugs fixed (https://bugzilla.redhat.com/): 1959721 - CVE-2019-20149 nodejs-kind-of: ctorName in index.js allows external user input to overwrite certain internal attributes 1991623 - RHACM 2.3.2 images 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.10.3 security update Advisory ID: RHSA-2022:0056-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2022:0056 Issue date: 2022-03-10 CVE Names: CVE-2014-3577 CVE-2016-10228 CVE-2017-14502 CVE-2018-20843 CVE-2018-1000858 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-9169 CVE-2019-13050 CVE-2019-13627 CVE-2019-14889 CVE-2019-15903 CVE-2019-19906 CVE-2019-20454 CVE-2019-20807 CVE-2019-25013 CVE-2020-1730 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-8927 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-9952 CVE-2020-10018 CVE-2020-11793 CVE-2020-13434 CVE-2020-14391 CVE-2020-15358 CVE-2020-15503 CVE-2020-25660 CVE-2020-25677 CVE-2020-27618 CVE-2020-27781 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2021-3121 CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 CVE-2021-3521 CVE-2021-3537 CVE-2021-3541 CVE-2021-3733 CVE-2021-3749 CVE-2021-20305 CVE-2021-21684 CVE-2021-22946 CVE-2021-22947 CVE-2021-25215 CVE-2021-27218 CVE-2021-30666 CVE-2021-30761 CVE-2021-30762 CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 CVE-2021-36222 CVE-2021-37750 CVE-2021-39226 CVE-2021-41190 CVE-2021-43813 CVE-2021-44716 CVE-2021-44717 CVE-2022-0532 CVE-2022-21673 CVE-2022-24407 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.10.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.3. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2022:0055 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html Security Fix(es): * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) * grafana: Snapshot authentication bypass (CVE-2021-39226) * golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716) * nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749) * golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717) * grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673) * grafana: directory traversal vulnerability (CVE-2021-43813) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-x86_64 The image digest is sha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56 (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-s390x The image digest is sha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le The image digest is sha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for moderate instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1808240 - Always return metrics value for pods under the user's namespace 1815189 - feature flagged UI does not always become available after operator installation 1825034 - e2e: Mock CSI tests fail on IBM ROKS clusters 1826225 - edge terminated h2 (gRPC) connections need a haproxy template change to work correctly 1860774 - csr for vSphere egress nodes were not approved automatically during cert renewal 1878106 - token inactivity timeout is not shortened after oauthclient/oauth config values are lowered 1878925 - 'oc adm upgrade --to ...' rejects versions which occur only in history, while the cluster-version operator supports history fallback 1880738 - origin e2e test deletes original worker 1882983 - oVirt csi driver should refuse to provision RWX and ROX PV 1886450 - Keepalived router id check not documented for RHV/VMware IPI 1889488 - The metrics endpoint for the Scheduler is not protected by RBAC 1894431 - Router pods fail to boot if the SSL certificate applied is missing an empty line at the bottom 1896474 - Path based routing is broken for some combinations 1897431 - CIDR support for additional network attachment with the bridge CNI plug-in 1903408 - NodePort externalTrafficPolicy does not work for ovn-kubernetes 1907433 - Excessive logging in image operator 1909906 - The router fails with PANIC error when stats port already in use 1911173 - [MSTR-998] Many charts' legend names show {{}} instead of words 1914053 - pods assigned with Multus whereabouts IP get stuck in ContainerCreating state after node rebooting. 1916169 - a reboot while MCO is applying changes leaves the node in undesirable state and MCP looks fine (UPDATED=true) 1917893 - [ovirt] install fails: due to terraform error "Cannot attach Virtual Disk: Disk is locked" on vm resource 1921627 - GCP UPI installation failed due to exceeding gcp limitation of instance group name 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1926522 - oc adm catalog does not clean temporary files 1927478 - Default CatalogSources deployed by marketplace do not have toleration for tainted nodes. 1928141 - kube-storage-version-migrator constantly reporting type "Upgradeable" status Unknown 1928285 - [LSO][OCS][arbiter] OCP Console shows no results while in fact underlying setup of LSO localvolumeset and it's storageclass is not yet finished, confusing users 1931594 - [sig-cli] oc --request-timeout works as expected fails frequently on s390x 1933847 - Prometheus goes unavailable (both instances down) during 4.8 upgrade 1937085 - RHV UPI inventory playbook missing guarantee_memory 1937196 - [aws ebs csi driver] events for block volume expansion may cause confusion 1938236 - vsphere-problem-detector does not support overriding log levels via storage CR 1939401 - missed labels for CMO/openshift-state-metric/telemeter-client/thanos-querier pods 1939435 - Setting an IPv6 address in noProxy field causes error in openshift installer 1939552 - [sig-api-machinery] CustomResourcePublishOpenAPI [Privileged:ClusterAdmin] works for CRD preserving unknown fields in an embedded object [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s] 1942913 - ThanosSidecarUnhealthy isn't resilient to WAL replays. 1943363 - [ovn] CNO should gracefully terminate ovn-northd 1945274 - ostree-finalize-staged.service failed while upgrading a rhcos node to 4.6.17 1948080 - authentication should not set Available=False APIServices_Error with 503s 1949262 - Prometheus Statefulsets should have 2 replicas and hard affinity set 1949672 - [GCP] Update 4.8 UPI template to match ignition version: 3.2.0 1950827 - [LSO] localvolumediscoveryresult name is not friendly to customer 1952576 - csv_succeeded metric not present in olm-operator for all successful CSVs 1953264 - "remote error: tls: bad certificate" logs in prometheus-operator container 1955300 - Machine config operator reports unavailable for 23m during upgrade 1955489 - Alertmanager Statefulsets should have 2 replicas and hard affinity set 1955490 - Thanos ruler Statefulsets should have 2 replicas and hard affinity set 1955544 - [IPI][OSP] densed master-only installation with 0 workers fails due to missing worker security group on masters 1956496 - Needs SR-IOV Docs Upstream 1956739 - Permission for authorized_keys for core user changes from core user to root when changed the pull secret 1956776 - [vSphere] Installer should do pre-check to ensure user-provided network name is valid 1956964 - upload a boot-source to OpenShift virtualization using the console 1957547 - [RFE]VM name is not auto filled in dev console 1958349 - ovn-controller doesn't release the memory after cluster-density run 1959352 - [scale] failed to get pod annotation: timed out waiting for annotations 1960378 - icsp allows mirroring of registry root - install-config imageContentSources does not 1960674 - Broken test: [sig-imageregistry][Serial][Suite:openshift/registry/serial] Image signature workflow can push a signed image to openshift registry and verify it [Suite:openshift/conformance/serial] 1961317 - storage ClusterOperator does not declare ClusterRoleBindings in relatedObjects 1961391 - String updates 1961509 - DHCP daemon pod should have CPU and memory requests set but not limits 1962066 - Edit machine/machineset specs not working 1962206 - openshift-multus/dhcp-daemon set should meet platform requirements for update strategy that have maxUnavailable update of 10 or 33 percent 1963053 - `oc whoami --show-console` should show the web console URL, not the server api URL 1964112 - route SimpleAllocationPlugin: host name validation errors: spec.host: Invalid value: ... must be no more than 63 characters 1964327 - Support containers with name:tag@digest 1964789 - Send keys and disconnect does not work for VNC console 1965368 - ClusterQuotaAdmission received non-meta object - message constantly reported in OpenShift Container Platform 4.7 1966445 - Unmasking a service doesn't work if it masked using MCO 1966477 - Use GA version in KAS/OAS/OauthAS to avoid: "audit.k8s.io/v1beta1" is deprecated and will be removed in a future release, use "audit.k8s.io/v1" instead 1966521 - kube-proxy's userspace implementation consumes excessive CPU 1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up 1970021 - nmstate does not persist its configuration due to overlay systemd-connections-merged mount 1970218 - MCO writes incorrect file contents if compression field is specified 1970331 - [sig-auth][Feature:SCC][Early] should not have pod creation failures during install [Suite:openshift/conformance/parallel] 1970805 - Cannot create build when docker image url contains dir structure 1972033 - [azure] PV region node affinity is failure-domain.beta.kubernetes.io instead of topology.kubernetes.io 1972827 - image registry does not remain available during upgrade 1972962 - Should set the minimum value for the `--max-icsp-size` flag of `oc adm catalog mirror` 1973447 - ovn-dbchecker peak memory spikes to ~500MiB during cluster-density run 1975826 - ovn-kubernetes host directed traffic cannot be offloaded as CT zone 64000 is not established 1976301 - [ci] e2e-azure-upi is permafailing 1976399 - During the upgrade from OpenShift 4.5 to OpenShift 4.6 the election timers for the OVN north and south databases did not change. 1976674 - CCO didn't set Upgradeable to False when cco mode is configured to Manual on azure platform 1976894 - Unidling a StatefulSet does not work as expected 1977319 - [Hive] Remove stale cruft installed by CVO in earlier releases 1977414 - Build Config timed out waiting for condition 400: Bad Request 1977929 - [RFE] Display Network Attachment Definitions from openshift-multus namespace during OCS deployment via UI using Multus 1978528 - systemd-coredump started and failed intermittently for unknown reasons 1978581 - machine-config-operator: remove runlevel from mco namespace 1979562 - Cluster operators: don't show messages when neither progressing, degraded or unavailable 1979962 - AWS SDN Network Stress tests have not passed in 4.9 release-openshift-origin-installer-e2e-aws-sdn-network-stress-4.9 1979966 - OCP builds always fail when run on RHEL7 nodes 1981396 - Deleting pool inside pool page the pool stays in Ready phase in the heading 1981549 - Machine-config daemon does not recover from broken Proxy configuration 1981867 - [sig-cli] oc explain should contain proper fields description for special types [Suite:openshift/conformance/parallel] 1981941 - Terraform upgrade required in openshift-installer to resolve multiple issues 1982063 - 'Control Plane' is not translated in Simplified Chinese language in Home->Overview page 1982498 - Default registry credential path should be adjusted to use containers/auth.json for oc commands 1982662 - Workloads - DaemonSets - Add storage: i18n misses 1982726 - kube-apiserver audit logs show a lot of 404 errors for DELETE "*/secrets/encryption-config" on single node clusters 1983758 - upgrades are failing on disruptive tests 1983964 - Need Device plugin configuration for the NIC "needVhostNet" & "isRdma" 1984592 - global pull secret not working in OCP4.7.4+ for additional private registries 1985073 - new-in-4.8 ExtremelyHighIndividualControlPlaneCPU fires on some GCP update jobs 1985486 - Cluster Proxy not used during installation on OSP with Kuryr 1985724 - VM Details Page missing translations 1985838 - [OVN] CNO exportNetworkFlows does not clear collectors when deleted 1985933 - Downstream image registry recommendation 1985965 - oVirt CSI driver does not report volume stats 1986216 - [scale] SNO: Slow Pod recovery due to "timed out waiting for OVS port binding" 1986237 - "MachineNotYetDeleted" in Pending state , alert not fired 1986239 - crictl create fails with "PID namespace requested, but sandbox infra container invalid" 1986302 - console continues to fetch prometheus alert and silences for normal user 1986314 - Current MTV installation for KubeVirt import flow creates unusable Forklift UI 1986338 - error creating list of resources in Import YAML 1986502 - yaml multi file dnd duplicates previous dragged files 1986819 - fix string typos for hot-plug disks 1987044 - [OCPV48] Shutoff VM is being shown as "Starting" in WebUI when using spec.runStrategy Manual/RerunOnFailure 1987136 - Declare operatorframework.io/arch.* labels for all operators 1987257 - Go-http-client user-agent being used for oc adm mirror requests 1987263 - fsSpaceFillingUpWarningThreshold not aligned to Kubernetes Garbage Collection Threshold 1987445 - MetalLB integration: All gateway routers in the cluster answer ARP requests for LoadBalancer services IP 1988406 - SSH key dropped when selecting "Customize virtual machine" in UI 1988440 - Network operator changes ovnkube-config too early causing ovnkube-master pods to crashloop during cluster upgrade 1988483 - Azure drop ICMP need to frag FRAG when using OVN: openshift-apiserver becomes False after env runs some time due to communication between one master to pods on another master fails with "Unable to connect to the server" 1988879 - Virtual media based deployment fails on Dell servers due to pending Lifecycle Controller jobs 1989438 - expected replicas is wrong 1989502 - Developer Catalog is disappearing after short time 1989843 - 'More' and 'Show Less' functions are not translated on several page 1990014 - oc debug <pod-name> does not work for Windows pods 1990190 - e2e testing failed with basic manifest: reason/ExternalProvisioning waiting for a volume to be created 1990193 - 'more' and 'Show Less' is not being translated on Home -> Search page 1990255 - Partial or all of the Nodes/StorageClasses don't appear back on UI after text is removed from search bar 1990489 - etcdHighNumberOfFailedGRPCRequests fires only on metal env in CI 1990506 - Missing udev rules in initramfs for /dev/disk/by-id/scsi-* symlinks 1990556 - get-resources.sh doesn't honor the no_proxy settings even with no_proxy var 1990625 - Ironic agent registers with SLAAC address with privacy-stable 1990635 - CVO does not recognize the channel change if desired version and channel changed at the same time 1991067 - github.com can not be resolved inside pods where cluster is running on openstack. 1991573 - Enable typescript strictNullCheck on network-policies files 1991641 - Baremetal Cluster Operator still Available After Delete Provisioning 1991770 - The logLevel and operatorLogLevel values do not work with Cloud Credential Operator 1991819 - Misspelled word "ocurred" in oc inspect cmd 1991942 - Alignment and spacing fixes 1992414 - Two rootdisks show on storage step if 'This is a CD-ROM boot source' is checked 1992453 - The configMap failed to save on VM environment tab 1992466 - The button 'Save' and 'Reload' are not translated on vm environment tab 1992475 - The button 'Open console in New Window' and 'Disconnect' are not translated on vm console tab 1992509 - Could not customize boot source due to source PVC not found 1992541 - all the alert rules' annotations "summary" and "description" should comply with the OpenShift alerting guidelines 1992580 - storageProfile should stay with the same value by check/uncheck the apply button 1992592 - list-type missing in oauth.config.openshift.io for identityProviders breaking Server Side Apply 1992777 - [IBMCLOUD] Default "ibm_iam_authorization_policy" is not working as expected in all scenarios 1993364 - cluster destruction fails to remove router in BYON with Kuryr as primary network (even after BZ 1940159 got fixed) 1993376 - periodic-ci-openshift-release-master-ci-4.6-upgrade-from-stable-4.5-e2e-azure-upgrade is permfailing 1994094 - Some hardcodes are detected at the code level in OpenShift console components 1994142 - Missing required cloud config fields for IBM Cloud 1994733 - MetalLB: IP address is not assigned to service if there is duplicate IP address in two address pools 1995021 - resolv.conf and corefile sync slows down/stops after keepalived container restart 1995335 - [SCALE] ovnkube CNI: remove ovs flows check 1995493 - Add Secret to workload button and Actions button are not aligned on secret details page 1995531 - Create RDO-based Ironic image to be promoted to OKD 1995545 - Project drop-down amalgamates inside main screen while creating storage system for odf-operator 1995887 - [OVN]After reboot egress node, lr-policy-list was not correct, some duplicate records or missed internal IPs 1995924 - CMO should report `Upgradeable: false` when HA workload is incorrectly spread 1996023 - kubernetes.io/hostname values are larger than filter when create localvolumeset from webconsole 1996108 - Allow backwards compatibility of shared gateway mode to inject host-based routes into OVN 1996624 - 100% of the cco-metrics/cco-metrics targets in openshift-cloud-credential-operator namespace are down 1996630 - Fail to delete the first Authorized SSH Key input box on Advanced page 1996647 - Provide more useful degraded message in auth operator on DNS errors 1996736 - Large number of 501 lr-policies in INCI2 env 1996886 - timedout waiting for flows during pod creation and ovn-controller pegged on worker nodes 1996916 - Special Resource Operator(SRO) - Fail to deploy simple-kmod on GCP 1996928 - Enable default operator indexes on ARM 1997028 - prometheus-operator update removes env var support for thanos-sidecar 1997059 - Failed to create cluster in AWS us-east-1 region due to a local zone is used 1997226 - Ingresscontroller reconcilations failing but not shown in operator logs or status of ingresscontroller. 1997245 - "Subscription already exists in openshift-storage namespace" error message is seen while installing odf-operator via UI 1997269 - Have to refresh console to install kube-descheduler 1997478 - Storage operator is not available after reboot cluster instances 1997509 - flake: [sig-cli] oc builds new-build [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 1997967 - storageClass is not reserved from default wizard to customize wizard 1998035 - openstack IPI CI: custom var-lib-etcd.mount (ramdisk) unit is racing due to incomplete After/Before order 1998038 - [e2e][automation] add tests for UI for VM disk hot-plug 1998087 - Fix CephHealthCheck wrapping contents and add data-tests for HealthItem and SecondaryStatus 1998174 - Create storageclass gp3-csi after install ocp cluster on aws 1998183 - "r: Bad Gateway" info is improper 1998235 - Firefox warning: Cookie “csrf-token” will be soon rejected 1998377 - Filesystem table head is not full displayed in disk tab 1998378 - Virtual Machine is 'Not available' in Home -> Overview -> Cluster inventory 1998519 - Add fstype when create localvolumeset instance on web console 1998951 - Keepalived conf ingress peer on in Dual stack cluster contains both IPv6 and IPv4 addresses 1999076 - [UI] Page Not Found error when clicking on Storage link provided in Overview page 1999079 - creating pods before sriovnetworknodepolicy sync up succeed will cause node unschedulable 1999091 - Console update toast notification can appear multiple times 1999133 - removing and recreating static pod manifest leaves pod in error state 1999246 - .indexignore is not ingore when oc command load dc configuration 1999250 - ArgoCD in GitOps operator can't manage namespaces 1999255 - ovnkube-node always crashes out the first time it starts 1999261 - ovnkube-node log spam (and security token leak?) 1999309 - While installing odf-operator via UI, web console update pop-up navigates to OperatorHub -> Operator Installation page 1999314 - console-operator is slow to mark Degraded as False once console starts working 1999425 - kube-apiserver with "[SHOULD NOT HAPPEN] failed to update managedFields" err="failed to convert new object (machine.openshift.io/v1beta1, Kind=MachineHealthCheck) 1999556 - "master" pool should be updated before the CVO reports available at the new version occurred 1999578 - AWS EFS CSI tests are constantly failing 1999603 - Memory Manager allows Guaranteed QoS Pod with hugepages requested is exactly equal to the left over Hugepages 1999619 - cloudinit is malformatted if a user sets a password during VM creation flow 1999621 - Empty ssh_authorized_keys entry is added to VM's cloudinit if created from a customize flow 1999649 - MetalLB: Only one type of IP address can be assigned to service on dual stack cluster from a address pool that have both IPv4 and IPv6 addresses defined 1999668 - openshift-install destroy cluster panic's when given invalid credentials to cloud provider (Azure Stack Hub) 1999734 - IBM Cloud CIS Instance CRN missing in infrastructure manifest/resource 1999771 - revert "force cert rotation every couple days for development" in 4.10 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 1999796 - Openshift Console `Helm` tab is not showing helm releases in a namespace when there is high number of deployments in the same namespace. 1999836 - Admin web-console inconsistent status summary of sparse ClusterOperator conditions 1999903 - Click "This is a CD-ROM boot source" ticking "Use template size PVC" on pvc upload form 1999983 - No way to clear upload error from template boot source 2000081 - [IPI baremetal] The metal3 pod failed to restart when switching from Disabled to Managed provisioning without specifying provisioningInterface parameter 2000096 - Git URL is not re-validated on edit build-config form reload 2000216 - Successfully imported ImageStreams are not resolved in DeploymentConfig 2000236 - Confusing usage message from dynkeepalived CLI 2000268 - Mark cluster unupgradable if vcenter, esxi versions or HW versions are unsupported 2000430 - bump cluster-api-provider-ovirt version in installer 2000450 - 4.10: Enable static PV multi-az test 2000490 - All critical alerts shipped by CMO should have links to a runbook 2000521 - Kube-apiserver CO degraded due to failed conditional check (ConfigObservationDegraded) 2000573 - Incorrect StorageCluster CR created and ODF cluster getting installed with 2 Zone OCP cluster 2000628 - ibm-flashsystem-storage-storagesystem got created without any warning even when the attempt was cancelled 2000651 - ImageStreamTag alias results in wrong tag and invalid link in Web Console 2000754 - IPerf2 tests should be lower 2000846 - Structure logs in the entire codebase of Local Storage Operator 2000872 - [tracker] container is not able to list on some directories within the nfs after upgrade to 4.7.24 2000877 - OCP ignores STOPSIGNAL in Dockerfile and sends SIGTERM 2000938 - CVO does not respect changes to a Deployment strategy 2000963 - 'Inline-volume (default fs)] volumes should store data' tests are failing on OKD with updated selinux-policy 2001008 - [MachineSets] CloneMode defaults to linkedClone, but I don't have snapshot and should be fullClone 2001240 - Remove response headers for downloads of binaries from OpenShift WebConsole 2001295 - Remove openshift:kubevirt-machine-controllers decleration from machine-api 2001317 - OCP Platform Quota Check - Inaccurate MissingQuota error 2001337 - Details Card in ODF Dashboard mentions OCS 2001339 - fix text content hotplug 2001413 - [e2e][automation] add/delete nic and disk to template 2001441 - Test: oc adm must-gather runs successfully for audit logs - fail due to startup log 2001442 - Empty termination.log file for the kube-apiserver has too permissive mode 2001479 - IBM Cloud DNS unable to create/update records 2001566 - Enable alerts for prometheus operator in UWM 2001575 - Clicking on the perspective switcher shows a white page with loader 2001577 - Quick search placeholder is not displayed properly when the search string is removed 2001578 - [e2e][automation] add tests for vm dashboard tab 2001605 - PVs remain in Released state for a long time after the claim is deleted 2001617 - BucketClass Creation is restricted on 1st page but enabled using side navigation options 2001620 - Cluster becomes degraded if it can't talk to Manila 2001760 - While creating 'Backing Store', 'Bucket Class', 'Namespace Store' user is navigated to 'Installed Operators' page after clicking on ODF 2001761 - Unable to apply cluster operator storage for SNO on GCP platform. 2001765 - Some error message in the log of diskmaker-manager caused confusion 2001784 - show loading page before final results instead of showing a transient message No log files exist 2001804 - Reload feature on Environment section in Build Config form does not work properly 2001810 - cluster admin unable to view BuildConfigs in all namespaces 2001817 - Failed to load RoleBindings list that will lead to ‘Role name’ is not able to be selected on Create RoleBinding page as well 2001823 - OCM controller must update operator status 2001825 - [SNO]ingress/authentication clusteroperator degraded when enable ccm from start 2001835 - Could not select image tag version when create app from dev console 2001855 - Add capacity is disabled for ocs-storagecluster 2001856 - Repeating event: MissingVersion no image found for operand pod 2001959 - Side nav list borders don't extend to edges of container 2002007 - Layout issue on "Something went wrong" page 2002010 - ovn-kube may never attempt to retry a pod creation 2002012 - Cannot change volume mode when cloning a VM from a template 2002027 - Two instances of Dotnet helm chart show as one in topology 2002075 - opm render does not automatically pulling in the image(s) used in the deployments 2002121 - [OVN] upgrades failed for IPI OSP16 OVN IPSec cluster 2002125 - Network policy details page heading should be updated to Network Policy details 2002133 - [e2e][automation] add support/virtualization and improve deleteResource 2002134 - [e2e][automation] add test to verify vm details tab 2002215 - Multipath day1 not working on s390x 2002238 - Image stream tag is not persisted when switching from yaml to form editor 2002262 - [vSphere] Incorrect user agent in vCenter sessions list 2002266 - SinkBinding create form doesn't allow to use subject name, instead of label selector 2002276 - OLM fails to upgrade operators immediately 2002300 - Altering the Schedule Profile configurations doesn't affect the placement of the pods 2002354 - Missing DU configuration "Done" status reporting during ZTP flow 2002362 - Dynamic Plugin - ConsoleRemotePlugin for webpack doesn't use commonjs 2002368 - samples should not go degraded when image allowedRegistries blocks imagestream creation 2002372 - Pod creation failed due to mismatched pod IP address in CNI and OVN 2002397 - Resources search is inconsistent 2002434 - CRI-O leaks some children PIDs 2002443 - Getting undefined error on create local volume set page 2002461 - DNS operator performs spurious updates in response to API's defaulting of service's internalTrafficPolicy 2002504 - When the openshift-cluster-storage-operator is degraded because of "VSphereProblemDetectorController_SyncError", the insights operator is not sending the logs from all pods. 2002559 - User preference for topology list view does not follow when a new namespace is created 2002567 - Upstream SR-IOV worker doc has broken links 2002588 - Change text to be sentence case to align with PF 2002657 - ovn-kube egress IP monitoring is using a random port over the node network 2002713 - CNO: OVN logs should have millisecond resolution 2002748 - [ICNI2] 'ErrorAddingLogicalPort' failed to handle external GW check: timeout waiting for namespace event 2002759 - Custom profile should not allow not including at least one required HTTP2 ciphersuite 2002763 - Two storage systems getting created with external mode RHCS 2002808 - KCM does not use web identity credentials 2002834 - Cluster-version operator does not remove unrecognized volume mounts 2002896 - Incorrect result return when user filter data by name on search page 2002950 - Why spec.containers.command is not created with "oc create deploymentconfig <dc-name> --image=<image> -- <command>" 2003096 - [e2e][automation] check bootsource URL is displaying on review step 2003113 - OpenShift Baremetal IPI installer uses first three defined nodes under hosts in install-config for master nodes instead of filtering the hosts with the master role 2003120 - CI: Uncaught error with ResizeObserver on operand details page 2003145 - Duplicate operand tab titles causes "two children with the same key" warning 2003164 - OLM, fatal error: concurrent map writes 2003178 - [FLAKE][knative] The UI doesn't show updated traffic distribution after accepting the form 2003193 - Kubelet/crio leaks netns and veth ports in the host 2003195 - OVN CNI should ensure host veths are removed 2003204 - Jenkins all new container images (openshift4/ose-jenkins) not supporting '-e JENKINS_PASSWORD=password' ENV which was working for old container images 2003206 - Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace 2003239 - "[sig-builds][Feature:Builds][Slow] can use private repositories as build input" tests fail outside of CI 2003244 - Revert libovsdb client code 2003251 - Patternfly components with list element has list item bullet when they should not. 2003252 - "[sig-builds][Feature:Builds][Slow] starting a build using CLI start-build test context override environment BUILD_LOGLEVEL in buildconfig" tests do not work as expected outside of CI 2003269 - Rejected pods should be filtered from admission regression 2003357 - QE- Removing the epic tags for gherkin tags related to 4.9 Release 2003426 - [e2e][automation] add test for vm details bootorder 2003496 - [e2e][automation] add test for vm resources requirment settings 2003641 - All metal ipi jobs are failing in 4.10 2003651 - ODF4.9+LSO4.8 installation via UI, StorageCluster move to error state 2003655 - [IPI ON-PREM] Keepalived chk_default_ingress track script failed even though default router pod runs on node 2003683 - Samples operator is panicking in CI 2003711 - [UI] Empty file ceph-external-cluster-details-exporter.py downloaded from external cluster "Connection Details" page 2003715 - Error on creating local volume set after selection of the volume mode 2003743 - Remove workaround keeping /boot RW for kdump support 2003775 - etcd pod on CrashLoopBackOff after master replacement procedure 2003788 - CSR reconciler report error constantly when BYOH CSR approved by other Approver 2003792 - Monitoring metrics query graph flyover panel is useless 2003808 - Add Sprint 207 translations 2003845 - Project admin cannot access image vulnerabilities view 2003859 - sdn emits events with garbage messages 2003896 - (release-4.10) ApiRequestCounts conditional gatherer 2004009 - 4.10: Fix multi-az zone scheduling e2e for 5 control plane replicas 2004051 - CMO can report as being Degraded while node-exporter is deployed on all nodes 2004059 - [e2e][automation] fix current tests for downstream 2004060 - Trying to use basic spring boot sample causes crash on Firefox 2004101 - [UI] When creating storageSystem deployment type dropdown under advanced setting doesn't close after selection 2004127 - [flake] openshift-controller-manager event reason/SuccessfulDelete occurs too frequently 2004203 - build config's created prior to 4.8 with image change triggers can result in trigger storm in OCM/openshift-apiserver 2004313 - [RHOCP 4.9.0-rc.0] Failing to deploy Azure cluster from the macOS installer - ignition_bootstrap.ign: no such file or directory 2004449 - Boot option recovery menu prevents image boot 2004451 - The backup filename displayed in the RecentBackup message is incorrect 2004459 - QE - Modified the AddFlow gherkin scripts and automation scripts 2004508 - TuneD issues with the recent ConfigParser changes. 2004510 - openshift-gitops operator hooks gets unauthorized (401) errors during jobs executions 2004542 - [osp][octavia lb] cannot create LoadBalancer type svcs 2004578 - Monitoring and node labels missing for an external storage platform 2004585 - prometheus-k8s-0 cpu usage keeps increasing for the first 3 days 2004596 - [4.10] Bootimage bump tracker 2004597 - Duplicate ramdisk log containers running 2004600 - Duplicate ramdisk log containers running 2004609 - output of "crictl inspectp" is not complete 2004625 - BMC credentials could be logged if they change 2004632 - When LE takes a large amount of time, multiple whereabouts are seen 2004721 - ptp/worker custom threshold doesn't change ptp events threshold 2004736 - [knative] Create button on new Broker form is inactive despite form being filled 2004796 - [e2e][automation] add test for vm scheduling policy 2004814 - (release-4.10) OCM controller - change type of the etc-pki-entitlement secret to opaque 2004870 - [External Mode] Insufficient spacing along y-axis in RGW Latency Performance Card 2004901 - [e2e][automation] improve kubevirt devconsole tests 2004962 - Console frontend job consuming too much CPU in CI 2005014 - state of ODF StorageSystem is misreported during installation or uninstallation 2005052 - Adding a MachineSet selector matchLabel causes orphaned Machines 2005179 - pods status filter is not taking effect 2005182 - sync list of deprecated apis about to be removed 2005282 - Storage cluster name is given as title in StorageSystem details page 2005355 - setuptools 58 makes Kuryr CI fail 2005407 - ClusterNotUpgradeable Alert should be set to Severity Info 2005415 - PTP operator with sidecar api configured throws bind: address already in use 2005507 - SNO spoke cluster failing to reach coreos.live.rootfs_url is missing url in console 2005554 - The switch status of the button "Show default project" is not revealed correctly in code 2005581 - 4.8.12 to 4.9 upgrade hung due to cluster-version-operator pod CrashLoopBackOff: error creating clients: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable 2005761 - QE - Implementing crw-basic feature file 2005783 - Fix accessibility issues in the "Internal" and "Internal - Attached Mode" Installation Flow 2005811 - vSphere Problem Detector operator - ServerFaultCode: InvalidProperty 2005854 - SSH NodePort service is created for each VM 2005901 - KS, KCM and KA going Degraded during master nodes upgrade 2005902 - Current UI flow for MCG only deployment is confusing and doesn't reciprocate any message to the end-user 2005926 - PTP operator NodeOutOfPTPSync rule is using max offset from the master instead of openshift_ptp_clock_state metrics 2005971 - Change telemeter to report the Application Services product usage metrics 2005997 - SELinux domain container_logreader_t does not have a policy to follow sym links for log files 2006025 - Description to use an existing StorageClass while creating StorageSystem needs to be re-phrased 2006060 - ocs-storagecluster-storagesystem details are missing on UI for MCG Only and MCG only in LSO mode deployment types 2006101 - Power off fails for drivers that don't support Soft power off 2006243 - Metal IPI upgrade jobs are running out of disk space 2006291 - bootstrapProvisioningIP set incorrectly when provisioningNetworkCIDR doesn't use the 0th address 2006308 - Backing Store YAML tab on click displays a blank screen on UI 2006325 - Multicast is broken across nodes 2006329 - Console only allows Web Terminal Operator to be installed in OpenShift Operators 2006364 - IBM Cloud: Set resourceGroupId for resourceGroups, not simply resource 2006561 - [sig-instrumentation] Prometheus when installed on the cluster shouldn't have failing rules evaluation [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2006690 - OS boot failure "x64 Exception Type 06 - Invalid Opcode Exception" 2006714 - add retry for etcd errors in kube-apiserver 2006767 - KubePodCrashLooping may not fire 2006803 - Set CoreDNS cache entries for forwarded zones 2006861 - Add Sprint 207 part 2 translations 2006945 - race condition can cause crashlooping bootstrap kube-apiserver in cluster-bootstrap 2006947 - e2e-aws-proxy for 4.10 is permafailing with samples operator errors 2006975 - clusteroperator/etcd status condition should not change reasons frequently due to EtcdEndpointsDegraded 2007085 - Intermittent failure mounting /run/media/iso when booting live ISO from USB stick 2007136 - Creation of BackingStore, BucketClass, NamespaceStore fails 2007271 - CI Integration for Knative test cases 2007289 - kubevirt tests are failing in CI 2007322 - Devfile/Dockerfile import does not work for unsupported git host 2007328 - Updated patternfly to v4.125.3 and pf.quickstarts to v1.2.3. 2007379 - Events are not generated for master offset for ordinary clock 2007443 - [ICNI 2.0] Loadbalancer pods do not establish BFD sessions with all workers that host pods for the routed namespace 2007455 - cluster-etcd-operator: render command should fail if machineCidr contains reserved address 2007495 - Large label value for the metric kubelet_started_pods_errors_total with label message when there is a error 2007522 - No new local-storage-operator-metadata-container is build for 4.10 2007551 - No new ose-aws-efs-csi-driver-operator-bundle-container is build for 4.10 2007580 - Azure cilium installs are failing e2e tests 2007581 - Too many haproxy processes in default-router pod causing high load average after upgrade from v4.8.3 to v4.8.10 2007677 - Regression: core container io performance metrics are missing for pod, qos, and system slices on nodes 2007692 - 4.9 "old-rhcos" jobs are permafailing with storage test failures 2007710 - ci/prow/e2e-agnostic-cmd job is failing on prow 2007757 - must-gather extracts imagestreams in the "openshift" namespace, but not Templates 2007802 - AWS machine actuator get stuck if machine is completely missing 2008096 - TestAWSFinalizerDeleteS3Bucket sometimes fails to teardown operator 2008119 - The serviceAccountIssuer field on Authentication CR is reseted to “” when installation process 2008151 - Topology breaks on clicking in empty state 2008185 - Console operator go.mod should use go 1.16.version 2008201 - openstack-az job is failing on haproxy idle test 2008207 - vsphere CSI driver doesn't set resource limits 2008223 - gather_audit_logs: fix oc command line to get the current audit profile 2008235 - The Save button in the Edit DC form remains disabled 2008256 - Update Internationalization README with scope info 2008321 - Add correct documentation link for MON_DISK_LOW 2008462 - Disable PodSecurity feature gate for 4.10 2008490 - Backing store details page does not contain all the kebab actions. 2008521 - gcp-hostname service should correct invalid search entries in resolv.conf 2008532 - CreateContainerConfigError:: failed to prepare subPath for volumeMount 2008539 - Registry doesn't fall back to secondary ImageContentSourcePolicy Mirror 2008540 - HighlyAvailableWorkloadIncorrectlySpread always fires on upgrade on cluster with two workers 2008599 - Azure Stack UPI does not have Internal Load Balancer 2008612 - Plugin asset proxy does not pass through browser cache headers 2008712 - VPA webhook timeout prevents all pods from starting 2008733 - kube-scheduler: exposed /debug/pprof port 2008911 - Prometheus repeatedly scaling prometheus-operator replica set 2008926 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial] 2008987 - OpenShift SDN Hosted Egress IP's are not being scheduled to nodes after upgrade to 4.8.12 2009055 - Instances of OCS to be replaced with ODF on UI 2009078 - NetworkPodsCrashLooping alerts in upgrade CI jobs 2009083 - opm blocks pruning of existing bundles during add 2009111 - [IPI-on-GCP] 'Install a cluster with nested virtualization enabled' failed due to unable to launch compute instances 2009131 - [e2e][automation] add more test about vmi 2009148 - [e2e][automation] test vm nic presets and options 2009233 - ACM policy object generated by PolicyGen conflicting with OLM Operator 2009253 - [BM] [IPI] [DualStack] apiVIP and ingressVIP should be of the same primary IP family 2009298 - Service created for VM SSH access is not owned by the VM and thus is not deleted if the VM is deleted 2009384 - UI changes to support BindableKinds CRD changes 2009404 - ovnkube-node pod enters CrashLoopBackOff after OVN_IMAGE is swapped 2009424 - Deployment upgrade is failing availability check 2009454 - Change web terminal subscription permissions from get to list 2009465 - container-selinux should come from rhel8-appstream 2009514 - Bump OVS to 2.16-15 2009555 - Supermicro X11 system not booting from vMedia with AI 2009623 - Console: Observe > Metrics page: Table pagination menu shows bullet points 2009664 - Git Import: Edit of knative service doesn't work as expected for git import flow 2009699 - Failure to validate flavor RAM 2009754 - Footer is not sticky anymore in import forms 2009785 - CRI-O's version file should be pinned by MCO 2009791 - Installer: ibmcloud ignores install-config values 2009823 - [sig-arch] events should not repeat pathologically - reason/VSphereOlderVersionDetected Marking cluster un-upgradeable because one or more VMs are on hardware version vmx-13 2009840 - cannot build extensions on aarch64 because of unavailability of rhel-8-advanced-virt repo 2009859 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests 2009873 - Stale Logical Router Policies and Annotations for a given node 2009879 - There should be test-suite coverage to ensure admin-acks work as expected 2009888 - SRO package name collision between official and community version 2010073 - uninstalling and then reinstalling sriov-network-operator is not working 2010174 - 2 PVs get created unexpectedly with different paths that actually refer to the same device on the node. 2010181 - Environment variables not getting reset on reload on deployment edit form 2010310 - [sig-instrumentation][Late] OpenShift alerting rules should have description and summary annotations [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2010341 - OpenShift Alerting Rules Style-Guide Compliance 2010342 - Local console builds can have out of memory errors 2010345 - OpenShift Alerting Rules Style-Guide Compliance 2010348 - Reverts PIE build mode for K8S components 2010352 - OpenShift Alerting Rules Style-Guide Compliance 2010354 - OpenShift Alerting Rules Style-Guide Compliance 2010359 - OpenShift Alerting Rules Style-Guide Compliance 2010368 - OpenShift Alerting Rules Style-Guide Compliance 2010376 - OpenShift Alerting Rules Style-Guide Compliance 2010662 - Cluster is unhealthy after image-registry-operator tests 2010663 - OpenShift Alerting Rules Style-Guide Compliance (ovn-kubernetes subcomponent) 2010665 - Bootkube tries to use oc after cluster bootstrap is done and there is no API 2010698 - [BM] [IPI] [Dual Stack] Installer must ensure ipv6 short forms too if clusterprovisioning IP is specified as ipv6 address 2010719 - etcdHighNumberOfFailedGRPCRequests runbook is missing 2010864 - Failure building EFS operator 2010910 - ptp worker events unable to identify interface for multiple interfaces 2010911 - RenderOperatingSystem() returns wrong OS version on OCP 4.7.24 2010921 - Azure Stack Hub does not handle additionalTrustBundle 2010931 - SRO CSV uses non default category "Drivers and plugins" 2010946 - concurrent CRD from ovirt-csi-driver-operator gets reconciled by CVO after deployment, changing CR as well. 2011038 - optional operator conditions are confusing 2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass 2011171 - diskmaker-manager constantly redeployed by LSO when creating LV's 2011293 - Build pod are not pulling images if we are not explicitly giving the registry name with the image 2011368 - Tooltip in pipeline visualization shows misleading data 2011386 - [sig-arch] Check if alerts are firing during or after upgrade success --- alert KubePodNotReady fired for 60 seconds with labels 2011411 - Managed Service's Cluster overview page contains link to missing Storage dashboards 2011443 - Cypress tests assuming Admin Perspective could fail on shared/reference cluster 2011513 - Kubelet rejects pods that use resources that should be freed by completed pods 2011668 - Machine stuck in deleting phase in VMware "reconciler failed to Delete machine" 2011693 - (release-4.10) "insightsclient_request_recvreport_total" metric is always incremented 2011698 - After upgrading cluster to 4.8 the kube-state-metrics service doesn't export namespace labels anymore 2011733 - Repository README points to broken documentarion link 2011753 - Ironic resumes clean before raid configuration job is actually completed 2011809 - The nodes page in the openshift console doesn't work. You just get a blank page 2011822 - Obfuscation doesn't work at clusters with OVN 2011882 - SRO helm charts not synced with templates 2011893 - Validation: BMC driver ipmi is not supported for secure UEFI boot 2011896 - [4.10] ClusterVersion Upgradeable=False MultipleReasons should include all messages 2011903 - vsphere-problem-detector: session leak 2011927 - OLM should allow users to specify a proxy for GRPC connections 2011956 - [tracker] Kubelet rejects pods that use resources that should be freed by completed pods 2011960 - [tracker] Storage operator is not available after reboot cluster instances 2011971 - ICNI2 pods are stuck in ContainerCreating state 2011972 - Ingress operator not creating wildcard route for hypershift clusters 2011977 - SRO bundle references non-existent image 2012069 - Refactoring Status controller 2012177 - [OCP 4.9 + OCS 4.8.3] Overview tab is missing under Storage after successful deployment on UI 2012228 - ibmcloud: credentialsrequests invalid for machine-api-operator: resource-group 2012233 - [IBMCLOUD] IPI: "Exceeded limit of remote rules per security group (the limit is 5 remote rules per security group)" 2012235 - [IBMCLOUD] IPI: IBM cloud provider requires ResourceGroupName in cloudproviderconfig 2012317 - Dynamic Plugins: ListPageCreateDropdown items cut off 2012407 - [e2e][automation] improve vm tab console tests 2012426 - ThanosSidecarBucketOperationsFailed/ThanosSidecarUnhealthy alerts don't have namespace label 2012562 - migration condition is not detected in list view 2012770 - when using expression metric openshift_apps_deploymentconfigs_last_failed_rollout_time namespace label is re-written 2012780 - The port 50936 used by haproxy is occupied by kube-apiserver 2012838 - Setting the default maximum container root partition size for Overlay with CRI-O stop working 2012902 - Neutron Ports assigned to Completed Pods are not reused Edit 2012915 - kube_persistentvolumeclaim_labels and kube_persistentvolume_labels are missing in OCP 4.8 monitoring stack 2012971 - Disable operands deletes 2013034 - Cannot install to openshift-nmstate namespace 2013127 - OperatorHub links could not be opened in a new tabs (sharing and open a deep link works fine) 2013199 - post reboot of node SRIOV policy taking huge time 2013203 - UI breaks when trying to create block pool before storage cluster/system creation 2013222 - Full breakage for nightly payload promotion 2013273 - Nil pointer exception when phc2sys options are missing 2013321 - TuneD: high CPU utilization of the TuneD daemon. 2013416 - Multiple assets emit different content to the same filename 2013431 - Application selector dropdown has incorrect font-size and positioning 2013528 - mapi_current_pending_csr is always set to 1 on OpenShift Container Platform 4.8 2013545 - Service binding created outside topology is not visible 2013599 - Scorecard support storage is not included in ocp4.9 2013632 - Correction/Changes in Quick Start Guides for ODF 4.9 (Install ODF guide) 2013646 - fsync controller will show false positive if gaps in metrics are observed. 2013710 - ZTP Operator subscriptions for 4.9 release branch should point to 4.9 by default 2013751 - Service details page is showing wrong in-cluster hostname 2013787 - There are two tittle 'Network Attachment Definition Details' on NAD details page 2013871 - Resource table headings are not aligned with their column data 2013895 - Cannot enable accelerated network via MachineSets on Azure 2013920 - "--collector.filesystem.ignored-mount-points is DEPRECATED and will be removed in 2.0.0, use --collector.filesystem.mount-points-exclude" 2013930 - Create Buttons enabled for Bucket Class, Backingstore and Namespace Store in the absence of Storagesystem(or MCG) 2013969 - oVIrt CSI driver fails on creating PVCs on hosted engine storage domain 2013990 - Observe dashboard crashs on reload when perspective has changed (in another tab) 2013996 - Project detail page: Action "Delete Project" does nothing for the default project 2014071 - Payload imagestream new tags not properly updated during cluster upgrade 2014153 - SRIOV exclusive pooling 2014202 - [OCP-4.8.10] OVN-Kubernetes: service IP is not responding when egressIP set to the namespace 2014238 - AWS console test is failing on importing duplicate YAML definitions 2014245 - Several aria-labels, external links, and labels aren't internationalized 2014248 - Several files aren't internationalized 2014352 - Could not filter out machine by using node name on machines page 2014464 - Unexpected spacing/padding below navigation groups in developer perspective 2014471 - Helm Release notes tab is not automatically open after installing a chart for other languages 2014486 - Integration Tests: OLM single namespace operator tests failing 2014488 - Custom operator cannot change orders of condition tables 2014497 - Regex slows down different forms and creates too much recursion errors in the log 2014538 - Kuryr controller crash looping on self._get_vip_port(loadbalancer).id 'NoneType' object has no attribute 'id' 2014614 - Metrics scraping requests should be assigned to exempt priority level 2014710 - TestIngressStatus test is broken on Azure 2014954 - The prometheus-k8s-{0,1} pods are CrashLoopBackoff repeatedly 2014995 - oc adm must-gather cannot gather audit logs with 'None' audit profile 2015115 - [RFE] PCI passthrough 2015133 - [IBMCLOUD] ServiceID API key credentials seems to be insufficient for ccoctl '--resource-group-name' parameter 2015154 - Support ports defined networks and primarySubnet 2015274 - Yarn dev fails after updates to dynamic plugin JSON schema logic 2015337 - 4.9.0 GA MetalLB operator image references need to be adjusted to match production 2015386 - Possibility to add labels to the built-in OCP alerts 2015395 - Table head on Affinity Rules modal is not fully expanded 2015416 - CI implementation for Topology plugin 2015418 - Project Filesystem query returns No datapoints found 2015420 - No vm resource in project view's inventory 2015422 - No conflict checking on snapshot name 2015472 - Form and YAML view switch button should have distinguishable status 2015481 - [4.10] sriov-network-operator daemon pods are failing to start 2015493 - Cloud Controller Manager Operator does not respect 'additionalTrustBundle' setting 2015496 - Storage - PersistentVolumes : Claim colum value 'No Claim' in English 2015498 - [UI] Add capacity when not applicable (for MCG only deployment and External mode cluster) fails to pass any info. to user and tries to just load a blank screen on 'Add Capacity' button click 2015506 - Home - Search - Resources - APIRequestCount : hard to select an item from ellipsis menu 2015515 - Kubelet checks all providers even if one is configured: NoCredentialProviders: no valid providers in chain. 2015535 - Administration - ResourceQuotas - ResourceQuota details: Inside Pie chart 'x% used' is in English 2015549 - Observe - Metrics: Column heading and pagination text is in English 2015557 - Workloads - DeploymentConfigs : Error message is in English 2015568 - Compute - Nodes : CPU column's values are in English 2015635 - Storage operator fails causing installation to fail on ASH 2015660 - "Finishing boot source customization" screen should not use term "patched" 2015793 - [hypershift] The collect-profiles job's pods should run on the control-plane node 2015806 - Metrics view in Deployment reports "Forbidden" when not cluster-admin 2015819 - Conmon sandbox processes run on non-reserved CPUs with workload partitioning 2015837 - OS_CLOUD overwrites install-config's platform.openstack.cloud 2015950 - update from 4.7.22 to 4.8.11 is failing due to large amount of secrets to watch 2015952 - RH CodeReady Workspaces Operator in e2e testing will soon fail 2016004 - [RFE] RHCOS: help determining whether a user-provided image was already booted (Ignition provisioning already performed) 2016008 - [4.10] Bootimage bump tracker 2016052 - No e2e CI presubmit configured for release component azure-file-csi-driver 2016053 - No e2e CI presubmit configured for release component azure-file-csi-driver-operator 2016054 - No e2e CI presubmit configured for release component cluster-autoscaler 2016055 - No e2e CI presubmit configured for release component console 2016058 - openshift-sync does not synchronise in "ose-jenkins:v4.8" 2016064 - No e2e CI presubmit configured for release component ibm-cloud-controller-manager 2016065 - No e2e CI presubmit configured for release component ibmcloud-machine-controllers 2016175 - Pods get stuck in ContainerCreating state when attaching volumes fails on SNO clusters. 2016179 - Add Sprint 208 translations 2016228 - Collect Profiles pprof secret is hardcoded to openshift-operator-lifecycle-manager 2016235 - should update to 7.5.11 for grafana resources version label 2016296 - Openshift virtualization : Create Windows Server 2019 VM using template : Fails 2016334 - shiftstack: SRIOV nic reported as not supported 2016352 - Some pods start before CA resources are present 2016367 - Empty task box is getting created for a pipeline without finally task 2016435 - Duplicate AlertmanagerClusterFailedToSendAlerts alerts 2016438 - Feature flag gating is missing in few extensions contributed via knative plugin 2016442 - OCPonRHV: pvc should be in Bound state and without error when choosing default sc 2016446 - [OVN-Kubernetes] Egress Networkpolicy is failing Intermittently for statefulsets 2016453 - Complete i18n for GaugeChart defaults 2016479 - iface-id-ver is not getting updated for existing lsp 2016925 - Dashboards with All filter, change to a specific value and change back to All, data will disappear 2016951 - dynamic actions list is not disabling "open console" for stopped vms 2016955 - m5.large instance type for bootstrap node is hardcoded causing deployments to fail if instance type is not available 2016988 - NTO does not set io_timeout and max_retries for AWS Nitro instances 2017016 - [REF] Virtualization menu 2017036 - [sig-network-edge][Feature:Idling] Unidling should handle many TCP connections fails in periodic-ci-openshift-release-master-ci-4.9-e2e-openstack-ovn 2017050 - Dynamic Plugins: Shared modules loaded multiple times, breaking use of PatternFly 2017130 - t is not a function error navigating to details page 2017141 - Project dropdown has a dynamic inline width added which can cause min-width issue 2017244 - ovirt csi operator static files creation is in the wrong order 2017276 - [4.10] Volume mounts not created with the correct security context 2017327 - When run opm index prune failed with error removing operator package cic-operator FOREIGN KEY constraint failed. 2017427 - NTO does not restart TuneD daemon when profile application is taking too long 2017535 - Broken Argo CD link image on GitOps Details Page 2017547 - Siteconfig application sync fails with The AgentClusterInstall is invalid: spec.provisionRequirements.controlPlaneAgents: Required value when updating images references 2017564 - On-prem prepender dispatcher script overwrites DNS search settings 2017565 - CCMO does not handle additionalTrustBundle on Azure Stack 2017566 - MetalLB: Web Console -Create Address pool form shows address pool name twice 2017606 - [e2e][automation] add test to verify send key for VNC console 2017650 - [OVN]EgressFirewall cannot be applied correctly if cluster has windows nodes 2017656 - VM IP address is "undefined" under VM details -> ssh field 2017663 - SSH password authentication is disabled when public key is not supplied 2017680 - [gcp] Couldn’t enable support for instances with GPUs on GCP 2017732 - [KMS] Prevent creation of encryption enabled storageclass without KMS connection set 2017752 - (release-4.10) obfuscate identity provider attributes in collected authentication.operator.openshift.io resource 2017756 - overlaySize setting on containerruntimeconfig is ignored due to cri-o defaults 2017761 - [e2e][automation] dummy bug for 4.9 test dependency 2017872 - Add Sprint 209 translations 2017874 - The installer is incorrectly checking the quota for X instances instead of G and VT instances 2017879 - Add Chinese translation for "alternate" 2017882 - multus: add handling of pod UIDs passed from runtime 2017909 - [ICNI 2.0] ovnkube-masters stop processing add/del events for pods 2018042 - HorizontalPodAutoscaler CPU averageValue did not show up in HPA metrics GUI 2018093 - Managed cluster should ensure control plane pods do not run in best-effort QoS 2018094 - the tooltip length is limited 2018152 - CNI pod is not restarted when It cannot start servers due to ports being used 2018208 - e2e-metal-ipi-ovn-ipv6 are failing 75% of the time 2018234 - user settings are saved in local storage instead of on cluster 2018264 - Delete Export button doesn't work in topology sidebar (general issue with unknown CSV?) 2018272 - Deployment managed by link and topology sidebar links to invalid resource page (at least for Exports) 2018275 - Topology graph doesn't show context menu for Export CSV 2018279 - Edit and Delete confirmation modals for managed resource should close when the managed resource is clicked 2018380 - Migrate docs links to access.redhat.com 2018413 - Error: context deadline exceeded, OCP 4.8.9 2018428 - PVC is deleted along with VM even with "Delete Disks" unchecked 2018445 - [e2e][automation] enhance tests for downstream 2018446 - [e2e][automation] move tests to different level 2018449 - [e2e][automation] add test about create/delete network attachment definition 2018490 - [4.10] Image provisioning fails with file name too long 2018495 - Fix typo in internationalization README 2018542 - Kernel upgrade does not reconcile DaemonSet 2018880 - Get 'No datapoints found.' when query metrics about alert rule KubeCPUQuotaOvercommit and KubeMemoryQuotaOvercommit 2018884 - QE - Adapt crw-basic feature file to OCP 4.9/4.10 changes 2018935 - go.sum not updated, that ART extracts version string from, WAS: Missing backport from 4.9 for Kube bump PR#950 2018965 - e2e-metal-ipi-upgrade is permafailing in 4.10 2018985 - The rootdisk size is 15Gi of windows VM in customize wizard 2019001 - AWS: Operator degraded (CredentialsFailing): 1 of 6 credentials requests are failing to sync. 2019096 - Update SRO leader election timeout to support SNO 2019129 - SRO in operator hub points to wrong repo for README 2019181 - Performance profile does not apply 2019198 - ptp offset metrics are not named according to the log output 2019219 - [IBMCLOUD]: cloud-provider-ibm missing IAM permissions in CCCMO CredentialRequest 2019284 - Stop action should not in the action list while VMI is not running 2019346 - zombie processes accumulation and Argument list too long 2019360 - [RFE] Virtualization Overview page 2019452 - Logger object in LSO appends to existing logger recursively 2019591 - Operator install modal body that scrolls has incorrect padding causing shadow position to be incorrect 2019634 - Pause and migration is enabled in action list for a user who has view only permission 2019636 - Actions in VM tabs should be disabled when user has view only permission 2019639 - "Take snapshot" should be disabled while VM image is still been importing 2019645 - Create button is not removed on "Virtual Machines" page for view only user 2019646 - Permission error should pop-up immediately while clicking "Create VM" button on template page for view only user 2019647 - "Remove favorite" and "Create new Template" should be disabled in template action list for view only user 2019717 - cant delete VM with un-owned pvc attached 2019722 - The shared-resource-csi-driver-node pod runs as “BestEffort” qosClass 2019739 - The shared-resource-csi-driver-node uses imagePullPolicy as "Always" 2019744 - [RFE] Suggest users to download newest RHEL 8 version 2019809 - [OVN][Upgrade] After upgrade to 4.7.34 ovnkube-master pods are in CrashLoopBackOff/ContainerCreating and other multiple issues at OVS/OVN level 2019827 - Display issue with top-level menu items running demo plugin 2019832 - 4.10 Nightlies blocked: Failed to upgrade authentication, operator was degraded 2019886 - Kuryr unable to finish ports recovery upon controller restart 2019948 - [RFE] Restructring Virtualization links 2019972 - The Nodes section doesn't display the csr of the nodes that are trying to join the cluster 2019977 - Installer doesn't validate region causing binary to hang with a 60 minute timeout 2019986 - Dynamic demo plugin fails to build 2019992 - instance:node_memory_utilisation:ratio metric is incorrect 2020001 - Update dockerfile for demo dynamic plugin to reflect dir change 2020003 - MCD does not regard "dangling" symlinks as a files, attempts to write through them on next backup, resulting in "not writing through dangling symlink" error and degradation. 2020107 - cluster-version-operator: remove runlevel from CVO namespace 2020153 - Creation of Windows high performance VM fails 2020216 - installer: Azure storage container blob where is stored bootstrap.ign file shouldn't be public 2020250 - Replacing deprecated ioutil 2020257 - Dynamic plugin with multiple webpack compilation passes may fail to build 2020275 - ClusterOperators link in console returns blank page during upgrades 2020377 - permissions error while using tcpdump option with must-gather 2020489 - coredns_dns metrics don't include the custom zone metrics data due to CoreDNS prometheus plugin is not defined 2020498 - "Show PromQL" button is disabled 2020625 - [AUTH-52] User fails to login from web console with keycloak OpenID IDP after enable group membership sync feature 2020638 - [4.7] CI conformance test failures related to CustomResourcePublishOpenAPI 2020664 - DOWN subports are not cleaned up 2020904 - When trying to create a connection from the Developer view between VMs, it fails 2021016 - 'Prometheus Stats' of dashboard 'Prometheus Overview' miss data on console compared with Grafana 2021017 - 404 page not found error on knative eventing page 2021031 - QE - Fix the topology CI scripts 2021048 - [RFE] Added MAC Spoof check 2021053 - Metallb operator presented as community operator 2021067 - Extensive number of requests from storage version operator in cluster 2021081 - Missing PolicyGenTemplate for configuring Local Storage Operator LocalVolumes 2021135 - [azure-file-csi-driver] "make unit-test" returns non-zero code, but tests pass 2021141 - Cluster should allow a fast rollout of kube-apiserver is failing on single node 2021151 - Sometimes the DU node does not get the performance profile configuration applied and MachineConfigPool stays stuck in Updating 2021152 - imagePullPolicy is "Always" for ptp operator images 2021191 - Project admins should be able to list available network attachment defintions 2021205 - Invalid URL in git import form causes validation to not happen on URL change 2021322 - cluster-api-provider-azure should populate purchase plan information 2021337 - Dynamic Plugins: ResourceLink doesn't render when passed a groupVersionKind 2021364 - Installer requires invalid AWS permission s3:GetBucketReplication 2021400 - Bump documentationBaseURL to 4.10 2021405 - [e2e][automation] VM creation wizard Cloud Init editor 2021433 - "[sig-builds][Feature:Builds][pullsearch] docker build where the registry is not specified" test fail permanently on disconnected 2021466 - [e2e][automation] Windows guest tool mount 2021544 - OCP 4.6.44 - Ingress VIP assigned as secondary IP in ovs-if-br-ex and added to resolv.conf as nameserver 2021551 - Build is not recognizing the USER group from an s2i image 2021607 - Unable to run openshift-install with a vcenter hostname that begins with a numeric character 2021629 - api request counts for current hour are incorrect 2021632 - [UI] Clicking on odf-operator breadcrumb from StorageCluster details page displays empty page 2021693 - Modals assigned modal-lg class are no longer the correct width 2021724 - Observe > Dashboards: Graph lines are not visible when obscured by other lines 2021731 - CCO occasionally down, reporting networksecurity.googleapis.com API as disabled 2021936 - Kubelet version in RPMs should be using Dockerfile label instead of git tags 2022050 - [BM][IPI] Failed during bootstrap - unable to read client-key /var/lib/kubelet/pki/kubelet-client-current.pem 2022053 - dpdk application with vhost-net is not able to start 2022114 - Console logging every proxy request 2022144 - 1 of 3 ovnkube-master pods stuck in clbo after ipi bm deployment - dualstack (Intermittent) 2022251 - wait interval in case of a failed upload due to 403 is unnecessarily long 2022399 - MON_DISK_LOW troubleshooting guide link when clicked, gives 404 error . 2022447 - ServiceAccount in manifests conflicts with OLM 2022502 - Patternfly tables with a checkbox column are not displaying correctly because of conflicting css rules. 2022509 - getOverrideForManifest does not check manifest.GVK.Group 2022536 - WebScale: duplicate ecmp next hop error caused by multiple of the same gateway IPs in ovnkube cache 2022612 - no namespace field for "Kubernetes / Compute Resources / Namespace (Pods)" admin console dashboard 2022627 - Machine object not picking up external FIP added to an openstack vm 2022646 - configure-ovs.sh failure - Error: unknown connection 'WARN:' 2022707 - Observe / monitoring dashboard shows forbidden errors on Dev Sandbox 2022801 - Add Sprint 210 translations 2022811 - Fix kubelet log rotation file handle leak 2022812 - [SCALE] ovn-kube service controller executes unnecessary load balancer operations 2022824 - Large number of sessions created by vmware-vsphere-csi-driver-operator during e2e tests 2022880 - Pipeline renders with minor visual artifact with certain task dependencies 2022886 - Incorrect URL in operator description 2023042 - CRI-O filters custom runtime allowed annotation when both custom workload and custom runtime sections specified under the config 2023060 - [e2e][automation] Windows VM with CDROM migration 2023077 - [e2e][automation] Home Overview Virtualization status 2023090 - [e2e][automation] Examples of Import URL for VM templates 2023102 - [e2e][automation] Cloudinit disk of VM from custom template 2023216 - ACL for a deleted egressfirewall still present on node join switch 2023228 - Remove Tech preview badge on Trigger components 1.6 OSP on OCP 4.9 2023238 - [sig-devex][Feature:ImageEcosystem][python][Slow] hot deploy for openshift python image Django example should work with hot deploy 2023342 - SCC admission should take ephemeralContainers into account 2023356 - Devfiles can't be loaded in Safari on macOS (403 - Forbidden) 2023434 - Update Azure Machine Spec API to accept Marketplace Images 2023500 - Latency experienced while waiting for volumes to attach to node 2023522 - can't remove package from index: database is locked 2023560 - "Network Attachment Definitions" has no project field on the top in the list view 2023592 - [e2e][automation] add mac spoof check for nad 2023604 - ACL violation when deleting a provisioning-configuration resource 2023607 - console returns blank page when normal user without any projects visit Installed Operators page 2023638 - Downgrade support level for extended control plane integration to Dev Preview 2023657 - inconsistent behaviours of adding ssh key on rhel node between 4.9 and 4.10 2023675 - Changing CNV Namespace 2023779 - Fix Patch 104847 in 4.9 2023781 - initial hardware devices is not loading in wizard 2023832 - CCO updates lastTransitionTime for non-Status changes 2023839 - Bump recommended FCOS to 34.20211031.3.0 2023865 - Console css overrides prevent dynamic plug-in PatternFly tables from displaying correctly 2023950 - make test-e2e-operator on kubernetes-nmstate results in failure to pull image from "registry:5000" repository 2023985 - [4.10] OVN idle service cannot be accessed after upgrade from 4.8 2024055 - External DNS added extra prefix for the TXT record 2024108 - Occasionally node remains in SchedulingDisabled state even after update has been completed sucessfully 2024190 - e2e-metal UPI is permafailing with inability to find rhcos.json 2024199 - 400 Bad Request error for some queries for the non admin user 2024220 - Cluster monitoring checkbox flickers when installing Operator in all-namespace mode 2024262 - Sample catalog is not displayed when one API call to the backend fails 2024309 - cluster-etcd-operator: defrag controller needs to provide proper observability 2024316 - modal about support displays wrong annotation 2024328 - [oVirt / RHV] PV disks are lost when machine deleted while node is disconnected 2024399 - Extra space is in the translated text of "Add/Remove alternate service" on Create Route page 2024448 - When ssh_authorized_keys is empty in form view it should not appear in yaml view 2024493 - Observe > Alerting > Alerting rules page throws error trying to destructure undefined 2024515 - test-blocker: Ceph-storage-plugin tests failing 2024535 - hotplug disk missing OwnerReference 2024537 - WINDOWS_IMAGE_LINK does not refer to windows cloud image 2024547 - Detail page is breaking for namespace store , backing store and bucket class. 2024551 - KMS resources not getting created for IBM FlashSystem storage 2024586 - Special Resource Operator(SRO) - Empty image in BuildConfig when using RT kernel 2024613 - pod-identity-webhook starts without tls 2024617 - vSphere CSI tests constantly failing with Rollout of the monitoring stack failed and is degraded 2024665 - Bindable services are not shown on topology 2024731 - linuxptp container: unnecessary checking of interfaces 2024750 - i18n some remaining OLM items 2024804 - gcp-pd-csi-driver does not use trusted-ca-bundle when cluster proxy configured 2024826 - [RHOS/IPI] Masters are not joining a clusters when installing on OpenStack 2024841 - test Keycloak with latest tag 2024859 - Not able to deploy an existing image from private image registry using developer console 2024880 - Egress IP breaks when network policies are applied 2024900 - Operator upgrade kube-apiserver 2024932 - console throws "Unauthorized" error after logging out 2024933 - openshift-sync plugin does not sync existing secrets/configMaps on start up 2025093 - Installer does not honour diskformat specified in storage policy and defaults to zeroedthick 2025230 - ClusterAutoscalerUnschedulablePods should not be a warning 2025266 - CreateResource route has exact prop which need to be removed 2025301 - [e2e][automation] VM actions availability in different VM states 2025304 - overwrite storage section of the DV spec instead of the pvc section 2025431 - [RFE]Provide specific windows source link 2025458 - [IPI-AWS] cluster-baremetal-operator pod in a crashloop state after patching from 4.7.21 to 4.7.36 2025464 - [aws] openshift-install gather bootstrap collects logs for bootstrap and only one master node 2025467 - [OVN-K][ETP=local] Host to service backed by ovn pods doesn't work for ExternalTrafficPolicy=local 2025481 - Update VM Snapshots UI 2025488 - [DOCS] Update the doc for nmstate operator installation 2025592 - ODC 4.9 supports invalid devfiles only 2025765 - It should not try to load from storageProfile after unchecking"Apply optimized StorageProfile settings" 2025767 - VMs orphaned during machineset scaleup 2025770 - [e2e] non-priv seems looking for v2v-vmware configMap in ns "kubevirt-hyperconverged" while using customize wizard 2025788 - [IPI on azure]Pre-check on IPI Azure, should check VM Size’s vCPUsAvailable instead of vCPUs for the sku. 2025821 - Make "Network Attachment Definitions" available to regular user 2025823 - The console nav bar ignores plugin separator in existing sections 2025830 - CentOS capitalizaion is wrong 2025837 - Warn users that the RHEL URL expire 2025884 - External CCM deploys openstack-cloud-controller-manager from quay.io/openshift/origin-* 2025903 - [UI] RoleBindings tab doesn't show correct rolebindings 2026104 - [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2026178 - OpenShift Alerting Rules Style-Guide Compliance 2026209 - Updation of task is getting failed (tekton hub integration) 2026223 - Internal error occurred: failed calling webhook "ptpconfigvalidationwebhook.openshift.io" 2026321 - [UPI on Azure] Shall we remove allowedValue about VMSize in ARM templates 2026343 - [upgrade from 4.5 to 4.6] .status.connectionState.address of catsrc community-operators is not correct 2026352 - Kube-Scheduler revision-pruner fail during install of new cluster 2026374 - aws-pod-identity-webhook go.mod version out of sync with build environment 2026383 - Error when rendering custom Grafana dashboard through ConfigMap 2026387 - node tuning operator metrics endpoint serving old certificates after certificate rotation 2026396 - Cachito Issues: sriov-network-operator Image build failure 2026488 - openshift-controller-manager - delete event is repeating pathologically 2026489 - ThanosRuleRuleEvaluationLatencyHigh alerts when a big quantity of alerts defined. 2026560 - Cluster-version operator does not remove unrecognized volume mounts 2026699 - fixed a bug with missing metadata 2026813 - add Mellanox CX-6 Lx DeviceID 101f NIC support in SR-IOV Operator 2026898 - Description/details are missing for Local Storage Operator 2027132 - Use the specific icon for Fedora and CentOS template 2027238 - "Node Exporter / USE Method / Cluster" CPU utilization graph shows incorrect legend 2027272 - KubeMemoryOvercommit alert should be human readable 2027281 - [Azure] External-DNS cannot find the private DNS zone in the resource group 2027288 - Devfile samples can't be loaded after fixing it on Safari (redirect caching issue) 2027299 - The status of checkbox component is not revealed correctly in code 2027311 - K8s watch hooks do not work when fetching core resources 2027342 - Alert ClusterVersionOperatorDown is firing on OpenShift Container Platform after ca certificate rotation 2027363 - The azure-file-csi-driver and azure-file-csi-driver-operator don't use the downstream images 2027387 - [IBMCLOUD] Terraform ibmcloud-provider buffers entirely the qcow2 image causing spikes of 5GB of RAM during installation 2027498 - [IBMCloud] SG Name character length limitation 2027501 - [4.10] Bootimage bump tracker 2027524 - Delete Application doesn't delete Channels or Brokers 2027563 - e2e/add-flow-ci.feature fix accessibility violations 2027585 - CVO crashes when changing spec.upstream to a cincinnati graph which includes invalid conditional edges 2027629 - Gather ValidatingWebhookConfiguration and MutatingWebhookConfiguration resource definitions 2027685 - openshift-cluster-csi-drivers pods crashing on PSI 2027745 - default samplesRegistry prevents the creation of imagestreams when registrySources.allowedRegistries is enforced 2027824 - ovnkube-master CrashLoopBackoff: panic: Expected slice or struct but got string 2027917 - No settings in hostfirmwaresettings and schema objects for masters 2027927 - sandbox creation fails due to obsolete option in /etc/containers/storage.conf 2027982 - nncp stucked at ConfigurationProgressing 2028019 - Max pending serving CSRs allowed in cluster machine approver is not right for UPI clusters 2028024 - After deleting a SpecialResource, the node is still tagged although the driver is removed 2028030 - Panic detected in cluster-image-registry-operator pod 2028042 - Desktop viewer for Windows VM shows "no Service for the RDP (Remote Desktop Protocol) can be found" 2028054 - Cloud controller manager operator can't get leader lease when upgrading from 4.8 up to 4.9 2028106 - [RFE] Use dynamic plugin actions for kubevirt plugin 2028141 - Console tests doesn't pass on Node.js 15 and 16 2028160 - Remove i18nKey in network-policy-peer-selectors.tsx 2028162 - Add Sprint 210 translations 2028170 - Remove leading and trailing whitespace 2028174 - Add Sprint 210 part 2 translations 2028187 - Console build doesn't pass on Node.js 16 because node-sass doesn't support it 2028217 - Cluster-version operator does not default Deployment replicas to one 2028240 - Multiple CatalogSources causing higher CPU use than necessary 2028268 - Password parameters are listed in FirmwareSchema in spite that cannot and shouldn't be set in HostFirmwareSettings 2028325 - disableDrain should be set automatically on SNO 2028484 - AWS EBS CSI driver's livenessprobe does not respect operator's loglevel 2028531 - Missing netFilter to the list of parameters when platform is OpenStack 2028610 - Installer doesn't retry on GCP rate limiting 2028685 - LSO repeatedly reports errors while diskmaker-discovery pod is starting 2028695 - destroy cluster does not prune bootstrap instance profile 2028731 - The containerruntimeconfig controller has wrong assumption regarding the number of containerruntimeconfigs 2028802 - CRI-O panic due to invalid memory address or nil pointer dereference 2028816 - VLAN IDs not released on failures 2028881 - Override not working for the PerformanceProfile template 2028885 - Console should show an error context if it logs an error object 2028949 - Masthead dropdown item hover text color is incorrect 2028963 - Whereabouts should reconcile stranded IP addresses 2029034 - enabling ExternalCloudProvider leads to inoperative cluster 2029178 - Create VM with wizard - page is not displayed 2029181 - Missing CR from PGT 2029273 - wizard is not able to use if project field is "All Projects" 2029369 - Cypress tests github rate limit errors 2029371 - patch pipeline--worker nodes unexpectedly reboot during scale out 2029394 - missing empty text for hardware devices at wizard review 2029414 - Alibaba Disk snapshots with XFS filesystem cannot be used 2029416 - Alibaba Disk CSI driver does not use credentials provided by CCO / ccoctl 2029521 - EFS CSI driver cannot delete volumes under load 2029570 - Azure Stack Hub: CSI Driver does not use user-ca-bundle 2029579 - Clicking on an Application which has a Helm Release in it causes an error 2029644 - New resource FirmwareSchema - reset_required exists for Dell machines and doesn't for HPE 2029645 - Sync upstream 1.15.0 downstream 2029671 - VM action "pause" and "clone" should be disabled while VM disk is still being importing 2029742 - [ovn] Stale lr-policy-list and snat rules left for egressip 2029750 - cvo keep restart due to it fail to get feature gate value during the initial start stage 2029785 - CVO panic when an edge is included in both edges and conditionaledges 2029843 - Downstream ztp-site-generate-rhel8 4.10 container image missing content(/home/ztp) 2030003 - HFS CRD: Attempt to set Integer parameter to not-numeric string value - no error 2030029 - [4.10][goroutine]Namespace stuck terminating: Failed to delete all resource types, 1 remaining: unexpected items still remain in namespace 2030228 - Fix StorageSpec resources field to use correct API 2030229 - Mirroring status card reflect wrong data 2030240 - Hide overview page for non-privileged user 2030305 - Export App job do not completes 2030347 - kube-state-metrics exposes metrics about resource annotations 2030364 - Shared resource CSI driver monitoring is not setup correctly 2030488 - Numerous Azure CI jobs are Failing with Partially Rendered machinesets 2030534 - Node selector/tolerations rules are evaluated too early 2030539 - Prometheus is not highly available 2030556 - Don't display Description or Message fields for alerting rules if those annotations are missing 2030568 - Operator installation fails to parse operatorframework.io/initialization-resource annotation 2030574 - console service uses older "service.alpha.openshift.io" for the service serving certificates. 2030677 - BOND CNI: There is no option to configure MTU on a Bond interface 2030692 - NPE in PipelineJobListener.upsertWorkflowJob 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2030847 - PerformanceProfile API version should be v2 2030961 - Customizing the OAuth server URL does not apply to upgraded cluster 2031006 - Application name input field is not autofocused when user selects "Create application" 2031012 - Services of type loadbalancer do not work if the traffic reaches the node from an interface different from br-ex 2031040 - Error screen when open topology sidebar for a Serverless / knative service which couldn't be started 2031049 - [vsphere upi] pod machine-config-operator cannot be started due to panic issue 2031057 - Topology sidebar for Knative services shows a small pod ring with "0 undefined" as tooltip 2031060 - Failing CSR Unit test due to expired test certificate 2031085 - ovs-vswitchd running more threads than expected 2031141 - Some pods not able to reach k8s api svc IP 198.223.0.1 2031228 - CVE-2021-43813 grafana: directory traversal vulnerability 2031502 - [RFE] New common templates crash the ui 2031685 - Duplicated forward upstreams should be removed from the dns operator 2031699 - The displayed ipv6 address of a dns upstream should be case sensitive 2031797 - [RFE] Order and text of Boot source type input are wrong 2031826 - CI tests needed to confirm driver-toolkit image contents 2031831 - OCP Console - Global CSS overrides affecting dynamic plugins 2031839 - Starting from Go 1.17 invalid certificates will render a cluster dysfunctional 2031858 - GCP beta-level Role (was: CCO occasionally down, reporting networksecurity.googleapis.com API as disabled) 2031875 - [RFE]: Provide online documentation for the SRO CRD (via oc explain) 2031926 - [ipv6dualstack] After SVC conversion from single stack only to RequireDualStack, cannot curl NodePort from the node itself 2032006 - openshift-gitops-application-controller-0 failed to schedule with sufficient node allocatable resource 2032111 - arm64 cluster, create project and deploy the example deployment, pod is CrashLoopBackOff due to the image is built on linux+amd64 2032141 - open the alertrule link in new tab, got empty page 2032179 - [PROXY] external dns pod cannot reach to cloud API in the cluster behind a proxy 2032296 - Cannot create machine with ephemeral disk on Azure 2032407 - UI will show the default openshift template wizard for HANA template 2032415 - Templates page - remove "support level" badge and add "support level" column which should not be hard coded 2032421 - [RFE] UI integration with automatic updated images 2032516 - Not able to import git repo with .devfile.yaml 2032521 - openshift-installer intermittent failure on AWS with "Error: Provider produced inconsistent result after apply" when creating the aws_vpc_dhcp_options_association resource 2032547 - hardware devices table have filter when table is empty 2032565 - Deploying compressed files with a MachineConfig resource degrades the MachineConfigPool 2032566 - Cluster-ingress-router does not support Azure Stack 2032573 - Adopting enforces deploy_kernel/ramdisk which does not work with deploy_iso 2032589 - DeploymentConfigs ignore resolve-names annotation 2032732 - Fix styling conflicts due to recent console-wide CSS changes 2032831 - Knative Services and Revisions are not shown when Service has no ownerReference 2032851 - Networking is "not available" in Virtualization Overview 2032926 - Machine API components should use K8s 1.23 dependencies 2032994 - AddressPool IP is not allocated to service external IP wtih aggregationLength 24 2032998 - Can not achieve 250 pods/node with OVNKubernetes in a multiple worker node cluster 2033013 - Project dropdown in user preferences page is broken 2033044 - Unable to change import strategy if devfile is invalid 2033098 - Conjunction in ProgressiveListFooter.tsx is not translatable 2033111 - IBM VPC operator library bump removed global CLI args 2033138 - "No model registered for Templates" shows on customize wizard 2033215 - Flaky CI: crud/other-routes.spec.ts fails sometimes with an cypress ace/a11y AssertionError: 1 accessibility violation was detected 2033239 - [IPI on Alibabacloud] 'openshift-install' gets the wrong region (‘cn-hangzhou’) selected 2033257 - unable to use configmap for helm charts 2033271 - [IPI on Alibabacloud] destroying cluster succeeded, but the resource group deletion wasn’t triggered 2033290 - Product builds for console are failing 2033382 - MAPO is missing machine annotations 2033391 - csi-driver-shared-resource-operator sets unused CVO-manifest annotations 2033403 - Devfile catalog does not show provider information 2033404 - Cloud event schema is missing source type and resource field is using wrong value 2033407 - Secure route data is not pre-filled in edit flow form 2033422 - CNO not allowing LGW conversion from SGW in runtime 2033434 - Offer darwin/arm64 oc in clidownloads 2033489 - CCM operator failing on baremetal platform 2033518 - [aws-efs-csi-driver]Should not accept invalid FSType in sc for AWS EFS driver 2033524 - [IPI on Alibabacloud] interactive installer cannot list existing base domains 2033536 - [IPI on Alibabacloud] bootstrap complains invalid value for alibabaCloud.resourceGroupID when updating "cluster-infrastructure-02-config.yml" status, which leads to bootstrap failed and all master nodes NotReady 2033538 - Gather Cost Management Metrics Custom Resource 2033579 - SRO cannot update the special-resource-lifecycle ConfigMap if the data field is undefined 2033587 - Flaky CI test project-dashboard.scenario.ts: Resource Quotas Card was not found on project detail page 2033634 - list-style-type: disc is applied to the modal dropdowns 2033720 - Update samples in 4.10 2033728 - Bump OVS to 2.16.0-33 2033729 - remove runtime request timeout restriction for azure 2033745 - Cluster-version operator makes upstream update service / Cincinnati requests more frequently than intended 2033749 - Azure Stack Terraform fails without Local Provider 2033750 - Local volume should pull multi-arch image for kube-rbac-proxy 2033751 - Bump kubernetes to 1.23 2033752 - make verify fails due to missing yaml-patch 2033784 - set kube-apiserver degraded=true if webhook matches a virtual resource 2034004 - [e2e][automation] add tests for VM snapshot improvements 2034068 - [e2e][automation] Enhance tests for 4.10 downstream 2034087 - [OVN] EgressIP was assigned to the node which is not egress node anymore 2034097 - [OVN] After edit EgressIP object, the status is not correct 2034102 - [OVN] Recreate the deleted EgressIP object got InvalidEgressIP warning 2034129 - blank page returned when clicking 'Get started' button 2034144 - [OVN AWS] ovn-kube egress IP monitoring cannot detect the failure on ovn-k8s-mp0 2034153 - CNO does not verify MTU migration for OpenShiftSDN 2034155 - [OVN-K] [Multiple External Gateways] Per pod SNAT is disabled 2034170 - Use function.knative.dev for Knative Functions related labels 2034190 - unable to add new VirtIO disks to VMs 2034192 - Prometheus fails to insert reporting metrics when the sample limit is met 2034243 - regular user cant load template list 2034245 - installing a cluster on aws, gcp always fails with "Error: Incompatible provider version" 2034248 - GPU/Host device modal is too small 2034257 - regular user `Create VM` missing permissions alert 2034285 - [sig-api-machinery] API data in etcd should be stored at the correct location and version for all resources [Serial] [Suite:openshift/conformance/serial] 2034287 - do not block upgrades if we can't create storageclass in 4.10 in vsphere 2034300 - Du validator policy is NonCompliant after DU configuration completed 2034319 - Negation constraint is not validating packages 2034322 - CNO doesn't pick up settings required when ExternalControlPlane topology 2034350 - The CNO should implement the Whereabouts IP reconciliation cron job 2034362 - update description of disk interface 2034398 - The Whereabouts IPPools CRD should include the podref field 2034409 - Default CatalogSources should be pointing to 4.10 index images 2034410 - Metallb BGP, BFD: prometheus is not scraping the frr metrics 2034413 - cloud-network-config-controller fails to init with secret "cloud-credentials" not found in manual credential mode 2034460 - Summary: cloud-network-config-controller does not account for different environment 2034474 - Template's boot source is "Unknown source" before and after set enableCommonBootImageImport to true 2034477 - [OVN] Multiple EgressIP objects configured, EgressIPs weren't working properly 2034493 - Change cluster version operator log level 2034513 - [OVN] After update one EgressIP in EgressIP object, one internal IP lost from lr-policy-list 2034527 - IPI deployment fails 'timeout reached while inspecting the node' when provisioning network ipv6 2034528 - [IBM VPC] volumeBindingMode should be WaitForFirstConsumer 2034534 - Update ose-machine-api-provider-openstack images to be consistent with ART 2034537 - Update team 2034559 - KubeAPIErrorBudgetBurn firing outside recommended latency thresholds 2034563 - [Azure] create machine with wrong ephemeralStorageLocation value success 2034577 - Current OVN gateway mode should be reflected on node annotation as well 2034621 - context menu not popping up for application group 2034622 - Allow volume expansion by default in vsphere CSI storageclass 4.10 2034624 - Warn about unsupported CSI driver in vsphere operator 2034647 - missing volumes list in snapshot modal 2034648 - Rebase openshift-controller-manager to 1.23 2034650 - Rebase openshift/builder to 1.23 2034705 - vSphere: storage e2e tests logging configuration data 2034743 - EgressIP: assigning the same egress IP to a second EgressIP object after a ovnkube-master restart does not fail. 2034766 - Special Resource Operator(SRO) - no cert-manager pod created in dual stack environment 2034785 - ptpconfig with summary_interval cannot be applied 2034823 - RHEL9 should be starred in template list 2034838 - An external router can inject routes if no service is added 2034839 - Jenkins sync plugin does not synchronize ConfigMap having label role=jenkins-agent 2034879 - Lifecycle hook's name and owner shouldn't be allowed to be empty 2034881 - Cloud providers components should use K8s 1.23 dependencies 2034884 - ART cannot build the image because it tries to download controller-gen 2034889 - `oc adm prune deployments` does not work 2034898 - Regression in recently added Events feature 2034957 - update openshift-apiserver to kube 1.23.1 2035015 - ClusterLogForwarding CR remains stuck remediating forever 2035093 - openshift-cloud-network-config-controller never runs on Hypershift cluster 2035141 - [RFE] Show GPU/Host devices in template's details tab 2035146 - "kubevirt-plugin~PVC cannot be empty" shows on add-disk modal while adding existing PVC 2035167 - [cloud-network-config-controller] unable to deleted cloudprivateipconfig when deleting 2035199 - IPv6 support in mtu-migration-dispatcher.yaml 2035239 - e2e-metal-ipi-virtualmedia tests are permanently failing 2035250 - Peering with ebgp peer over multi-hops doesn't work 2035264 - [RFE] Provide a proper message for nonpriv user who not able to add PCI devices 2035315 - invalid test cases for AWS passthrough mode 2035318 - Upgrade management workflow needs to allow custom upgrade graph path for disconnected env 2035321 - Add Sprint 211 translations 2035326 - [ExternalCloudProvider] installation with additional network on workers fails 2035328 - Ccoctl does not ignore credentials request manifest marked for deletion 2035333 - Kuryr orphans ports on 504 errors from Neutron 2035348 - Fix two grammar issues in kubevirt-plugin.json strings 2035393 - oc set data --dry-run=server makes persistent changes to configmaps and secrets 2035409 - OLM E2E test depends on operator package that's no longer published 2035439 - SDN Automatic assignment EgressIP on GCP returned node IP adress not egressIP address 2035453 - [IPI on Alibabacloud] 2 worker machines stuck in Failed phase due to connection to 'ecs-cn-hangzhou.aliyuncs.com' timeout, although the specified region is 'us-east-1' 2035454 - [IPI on Alibabacloud] the OSS bucket created during installation for image registry is not deleted after destroying the cluster 2035467 - UI: Queried metrics can't be ordered on Oberve->Metrics page 2035494 - [SDN Migration]ovnkube-node pods CrashLoopBackOff after sdn migrated to ovn for RHEL workers 2035515 - [IBMCLOUD] allowVolumeExpansion should be true in storage class 2035602 - [e2e][automation] add tests for Virtualization Overview page cards 2035703 - Roles -> RoleBindings tab doesn't show RoleBindings correctly 2035704 - RoleBindings list page filter doesn't apply 2035705 - Azure 'Destroy cluster' get stuck when the cluster resource group is already not existing. 2035757 - [IPI on Alibabacloud] one master node turned NotReady which leads to installation failed 2035772 - AccessMode and VolumeMode is not reserved for customize wizard 2035847 - Two dashes in the Cronjob / Job pod name 2035859 - the output of opm render doesn't contain olm.constraint which is defined in dependencies.yaml 2035882 - [BIOS setting values] Create events for all invalid settings in spec 2035903 - One redundant capi-operator credential requests in “oc adm extract --credentials-requests” 2035910 - [UI] Manual approval options are missing after ODF 4.10 installation starts when Manual Update approval is chosen 2035927 - Cannot enable HighNodeUtilization scheduler profile 2035933 - volume mode and access mode are empty in customize wizard review tab 2035969 - "ip a " shows "Error: Peer netns reference is invalid" after create test pods 2035986 - Some pods under kube-scheduler/kube-controller-manager are using the deprecated annotation 2036006 - [BIOS setting values] Attempt to set Integer parameter results in preparation error 2036029 - New added cloud-network-config operator doesn’t supported aws sts format credential 2036096 - [azure-file-csi-driver] there are no e2e tests for NFS backend 2036113 - cluster scaling new nodes ovs-configuration fails on all new nodes 2036567 - [csi-driver-nfs] Upstream merge: Bump k8s libraries to 1.23 2036569 - [cloud-provider-openstack] Upstream merge: Bump k8s libraries to 1.23 2036577 - OCP 4.10 nightly builds from 4.10.0-0.nightly-s390x-2021-12-18-034912 to 4.10.0-0.nightly-s390x-2022-01-11-233015 fail to upgrade from OCP 4.9.11 and 4.9.12 for network type OVNKubernetes for zVM hypervisor environments 2036622 - sdn-controller crashes when restarted while a previous egress IP assignment exists 2036717 - Valid AlertmanagerConfig custom resource with valid a mute time interval definition is rejected 2036826 - `oc adm prune deployments` can prune the RC/RS 2036827 - The ccoctl still accepts CredentialsRequests without ServiceAccounts on GCP platform 2036861 - kube-apiserver is degraded while enable multitenant 2036937 - Command line tools page shows wrong download ODO link 2036940 - oc registry login fails if the file is empty or stdout 2036951 - [cluster-csi-snapshot-controller-operator] proxy settings is being injected in container 2036989 - Route URL copy to clipboard button wraps to a separate line by itself 2036990 - ZTP "DU Done inform policy" never becomes compliant on multi-node clusters 2036993 - Machine API components should use Go lang version 1.17 2037036 - The tuned profile goes into degraded status and ksm.service is displayed in the log. 2037061 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cluster-api 2037073 - Alertmanager container fails to start because of startup probe never being successful 2037075 - Builds do not support CSI volumes 2037167 - Some log level in ibm-vpc-block-csi-controller are hard code 2037168 - IBM-specific Deployment manifest for package-server-manager should be excluded on non-IBM cluster-profiles 2037182 - PingSource badge color is not matched with knativeEventing color 2037203 - "Running VMs" card is too small in Virtualization Overview 2037209 - [IPI on Alibabacloud] worker nodes are put in the default resource group unexpectedly 2037237 - Add "This is a CD-ROM boot source" to customize wizard 2037241 - default TTL for noobaa cache buckets should be 0 2037246 - Cannot customize auto-update boot source 2037276 - [IBMCLOUD] vpc-node-label-updater may fail to label nodes appropriately 2037288 - Remove stale image reference 2037331 - Ensure the ccoctl behaviors are similar between aws and gcp on the existing resources 2037483 - Rbacs for Pods within the CBO should be more restrictive 2037484 - Bump dependencies to k8s 1.23 2037554 - Mismatched wave number error message should include the wave numbers that are in conflict 2037622 - [4.10-Alibaba CSI driver][Restore size for volumesnapshot/volumesnapshotcontent is showing as 0 in Snapshot feature for Alibaba platform] 2037635 - impossible to configure custom certs for default console route in ingress config 2037637 - configure custom certificate for default console route doesn't take effect for OCP >= 4.8 2037638 - Builds do not support CSI volumes as volume sources 2037664 - text formatting issue in Installed Operators list table 2037680 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :8080 2037689 - [IPI on Alibabacloud] sometimes operator 'cloud-controller-manager' tells empty VERSION, due to conflicts on listening tcp :8080 2037801 - Serverless installation is failing on CI jobs for e2e tests 2037813 - Metal Day 1 Networking - networkConfig Field Only Accepts String Format 2037856 - use lease for leader election 2037891 - 403 Forbidden error shows for all the graphs in each grafana dashboard after upgrade from 4.9 to 4.10 2037903 - Alibaba Cloud: delete-ram-user requires the credentials-requests 2037904 - upgrade operator deployment failed due to memory limit too low for manager container 2038021 - [4.10-Alibaba CSI driver][Default volumesnapshot class is not added/present after successful cluster installation] 2038034 - non-privileged user cannot see auto-update boot source 2038053 - Bump dependencies to k8s 1.23 2038088 - Remove ipa-downloader references 2038160 - The `default` project missed the annotation : openshift.io/node-selector: "" 2038166 - Starting from Go 1.17 invalid certificates will render a cluster non-functional 2038196 - must-gather is missing collecting some metal3 resources 2038240 - Error when configuring a file using permissions bigger than decimal 511 (octal 0777) 2038253 - Validator Policies are long lived 2038272 - Failures to build a PreprovisioningImage are not reported 2038384 - Azure Default Instance Types are Incorrect 2038389 - Failing test: [sig-arch] events should not repeat pathologically 2038412 - Import page calls the git file list unnecessarily twice from GitHub/GitLab/Bitbucket 2038465 - Upgrade chromedriver to 90.x to support Mac M1 chips 2038481 - kube-controller-manager-guard and openshift-kube-scheduler-guard pods being deleted and restarted on a cordoned node when drained 2038596 - Auto egressIP for OVN cluster on GCP: After egressIP object is deleted, egressIP still takes effect 2038663 - update kubevirt-plugin OWNERS 2038691 - [AUTH-8] Panic on user login when the user belongs to a group in the IdP side and the group already exists via "oc adm groups new" 2038705 - Update ptp reviewers 2038761 - Open Observe->Targets page, wait for a while, page become blank 2038768 - All the filters on the Observe->Targets page can't work 2038772 - Some monitors failed to display on Observe->Targets page 2038793 - [SDN EgressIP] After reboot egress node, the egressip was lost from egress node 2038827 - should add user containers in /etc/subuid and /etc/subgid to support run pods in user namespaces 2038832 - New templates for centos stream8 are missing registry suggestions in create vm wizard 2038840 - [SDN EgressIP]cloud-network-config-controller pod was CrashLoopBackOff after some operation 2038864 - E2E tests fail because multi-hop-net was not created 2038879 - All Builds are getting listed in DeploymentConfig under workloads on OpenShift Console 2038934 - CSI driver operators should use the trusted CA bundle when cluster proxy is configured 2038968 - Move feature gates from a carry patch to openshift/api 2039056 - Layout issue with breadcrumbs on API explorer page 2039057 - Kind column is not wide enough in API explorer page 2039064 - Bulk Import e2e test flaking at a high rate 2039065 - Diagnose and fix Bulk Import e2e test that was previously disabled 2039085 - Cloud credential operator configuration failing to apply in hypershift/ROKS clusters 2039099 - [OVN EgressIP GCP] After reboot egress node, egressip that was previously assigned got lost 2039109 - [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customization container when behind a proxy 2039119 - CVO hotloops on Service openshift-monitoring/cluster-monitoring-operator 2039170 - [upgrade]Error shown on registry operator "missing the cloud-provider-config configmap" after upgrade 2039227 - Improve image customization server parameter passing during installation 2039241 - Improve image customization server parameter passing during installation 2039244 - Helm Release revision history page crashes the UI 2039294 - SDN controller metrics cannot be consumed correctly by prometheus 2039311 - oc Does Not Describe Build CSI Volumes 2039315 - Helm release list page should only fetch secrets for deployed charts 2039321 - SDN controller metrics are not being consumed by prometheus 2039330 - Create NMState button doesn't work in OperatorHub web console 2039339 - cluster-ingress-operator should report Unupgradeable if user has modified the aws resources annotations 2039345 - CNO does not verify the minimum MTU value for IPv6/dual-stack clusters. 2039359 - `oc adm prune deployments` can't prune the RS where the associated Deployment no longer exists 2039382 - gather_metallb_logs does not have execution permission 2039406 - logout from rest session after vsphere operator sync is finished 2039408 - Add GCP region northamerica-northeast2 to allowed regions 2039414 - Cannot see the weights increased for NodeAffinity, InterPodAffinity, TaintandToleration 2039425 - No need to set KlusterletAddonConfig CR applicationManager->enabled: true in RAN ztp deployment 2039491 - oc - git:// protocol used in unit tests 2039516 - Bump OVN to ovn21.12-21.12.0-25 2039529 - Project Dashboard Resource Quotas Card empty state test flaking at a high rate 2039534 - Diagnose and fix Project Dashboard Resource Quotas Card test that was previously disabled 2039541 - Resolv-prepender script duplicating entries 2039586 - [e2e] update centos8 to centos stream8 2039618 - VM created from SAP HANA template leads to 404 page if leave one network parameter empty 2039619 - [AWS] In tree provisioner storageclass aws disk type should contain 'gp3' and csi provisioner storageclass default aws disk type should be 'gp3' 2039670 - Create PDBs for control plane components 2039678 - Page goes blank when create image pull secret 2039689 - [IPI on Alibabacloud] Pay-by-specification NAT is no longer supported 2039743 - React missing key warning when open operator hub detail page (and maybe others as well) 2039756 - React missing key warning when open KnativeServing details 2039770 - Observe dashboard doesn't react on time-range changes after browser reload when perspective is changed in another tab 2039776 - Observe dashboard shows nothing if the URL links to an non existing dashboard 2039781 - [GSS] OBC is not visible by admin of a Project on Console 2039798 - Contextual binding with Operator backed service creates visual connector instead of Service binding connector 2039868 - Insights Advisor widget is not in the disabled state when the Insights Operator is disabled 2039880 - Log level too low for control plane metrics 2039919 - Add E2E test for router compression feature 2039981 - ZTP for standard clusters installs stalld on master nodes 2040132 - Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead 2040136 - external-dns-operator pod keeps restarting and reports error: timed out waiting for cache to be synced 2040143 - [IPI on Alibabacloud] suggest to remove region "cn-nanjing" or provide better error message 2040150 - Update ConfigMap keys for IBM HPCS 2040160 - [IPI on Alibabacloud] installation fails when region does not support pay-by-bandwidth 2040285 - Bump build-machinery-go for console-operator to pickup change in yaml-patch repository 2040357 - bump OVN to ovn-2021-21.12.0-11.el8fdp 2040376 - "unknown instance type" error for supported m6i.xlarge instance 2040394 - Controller: enqueue the failed configmap till services update 2040467 - Cannot build ztp-site-generator container image 2040504 - Change AWS EBS GP3 IOPS in MachineSet doesn't take affect in OpenShift 4 2040521 - RouterCertsDegraded certificate could not validate route hostname v4-0-config-system-custom-router-certs.apps 2040535 - Auto-update boot source is not available in customize wizard 2040540 - ovs hardware offload: ovsargs format error when adding vf netdev name 2040603 - rhel worker scaleup playbook failed because missing some dependency of podman 2040616 - rolebindings page doesn't load for normal users 2040620 - [MAPO] Error pulling MAPO image on installation 2040653 - Topology sidebar warns that another component is updated while rendering 2040655 - User settings update fails when selecting application in topology sidebar 2040661 - Different react warnings about updating state on unmounted components when leaving topology 2040670 - Permafailing CI job: periodic-ci-openshift-release-master-nightly-4.10-e2e-gcp-libvirt-cert-rotation 2040671 - [Feature:IPv6DualStack] most tests are failing in dualstack ipi 2040694 - Three upstream HTTPClientConfig struct fields missing in the operator 2040705 - Du policy for standard cluster runs the PTP daemon on masters and workers 2040710 - cluster-baremetal-operator cannot update BMC subscription CR 2040741 - Add CI test(s) to ensure that metal3 components are deployed in vSphere, OpenStack and None platforms 2040782 - Import YAML page blocks input with more then one generateName attribute 2040783 - The Import from YAML summary page doesn't show the resource name if created via generateName attribute 2040791 - Default PGT policies must be 'inform' to integrate with the Lifecycle Operator 2040793 - Fix snapshot e2e failures 2040880 - do not block upgrades if we can't connect to vcenter 2041087 - MetalLB: MetalLB CR is not upgraded automatically from 4.9 to 4.10 2041093 - autounattend.xml missing 2041204 - link to templates in virtualization-cluster-overview inventory card is to all templates 2041319 - [IPI on Alibabacloud] installation in region "cn-shanghai" failed, due to "Resource alicloud_vswitch CreateVSwitch Failed...InvalidCidrBlock.Overlapped" 2041326 - Should bump cluster-kube-descheduler-operator to kubernetes version V1.23 2041329 - aws and gcp CredentialsRequest manifests missing ServiceAccountNames list for cloud-network-config-controller 2041361 - [IPI on Alibabacloud] Disable session persistence and removebBandwidth peak of listener 2041441 - Provision volume with size 3000Gi even if sizeRange: '[10-2000]GiB' in storageclass on IBM cloud 2041466 - Kubedescheduler version is missing from the operator logs 2041475 - React components should have a (mostly) unique name in react dev tools to simplify code analyses 2041483 - MetallB: quay.io/openshift/origin-kube-rbac-proxy:4.10 deploy Metallb CR is missing (controller and speaker pods) 2041492 - Spacing between resources in inventory card is too small 2041509 - GCP Cloud provider components should use K8s 1.23 dependencies 2041510 - cluster-baremetal-operator doesn't run baremetal-operator's subscription webhook 2041541 - audit: ManagedFields are dropped using API not annotation 2041546 - ovnkube: set election timer at RAFT cluster creation time 2041554 - use lease for leader election 2041581 - KubeDescheduler operator log shows "Use of insecure cipher detected" 2041583 - etcd and api server cpu mask interferes with a guaranteed workload 2041598 - Including CA bundle in Azure Stack cloud config causes MCO failure 2041605 - Dynamic Plugins: discrepancy in proxy alias documentation/implementation 2041620 - bundle CSV alm-examples does not parse 2041641 - Fix inotify leak and kubelet retaining memory 2041671 - Delete templates leads to 404 page 2041694 - [IPI on Alibabacloud] installation fails when region does not support the cloud_essd disk category 2041734 - ovs hwol: VFs are unbind when switchdev mode is enabled 2041750 - [IPI on Alibabacloud] trying "create install-config" with region "cn-wulanchabu (China (Ulanqab))" (or "ap-southeast-6 (Philippines (Manila))", "cn-guangzhou (China (Guangzhou))") failed due to invalid endpoint 2041763 - The Observe > Alerting pages no longer have their default sort order applied 2041830 - CI: ovn-kubernetes-master-e2e-aws-ovn-windows is broken 2041854 - Communities / Local prefs are applied to all the services regardless of the pool, and only one community is applied 2041882 - cloud-network-config operator can't work normal on GCP workload identity cluster 2041888 - Intermittent incorrect build to run correlation, leading to run status updates applied to wrong build, builds stuck in non-terminal phases 2041926 - [IPI on Alibabacloud] Installer ignores public zone when it does not exist 2041971 - [vsphere] Reconciliation of mutating webhooks didn't happen 2041989 - CredentialsRequest manifests being installed for ibm-cloud-managed profile 2041999 - [PROXY] external dns pod cannot recognize custom proxy CA 2042001 - unexpectedly found multiple load balancers 2042029 - kubedescheduler fails to install completely 2042036 - [IBMCLOUD] "openshift-install explain installconfig.platform.ibmcloud" contains not yet supported custom vpc parameters 2042049 - Seeing warning related to unrecognized feature gate in kubescheduler & KCM logs 2042059 - update discovery burst to reflect lots of CRDs on openshift clusters 2042069 - Revert toolbox to rhcos-toolbox 2042169 - Can not delete egressnetworkpolicy in Foreground propagation 2042181 - MetalLB: User should not be allowed add same bgp advertisement twice in BGP address pool 2042265 - [IBM]"--scale-down-utilization-threshold" doesn't work on IBMCloud 2042274 - Storage API should be used when creating a PVC 2042315 - Baremetal IPI deployment with IPv6 control plane and disabled provisioning network fails as the nodes do not pass introspection 2042366 - Lifecycle hooks should be independently managed 2042370 - [IPI on Alibabacloud] installer panics when the zone does not have an enhanced NAT gateway 2042382 - [e2e][automation] CI takes more then 2 hours to run 2042395 - Add prerequisites for active health checks test 2042438 - Missing rpms in openstack-installer image 2042466 - Selection does not happen when switching from Topology Graph to List View 2042493 - No way to verify if IPs with leading zeros are still valid in the apiserver 2042567 - insufficient info on CodeReady Containers configuration 2042600 - Alone, the io.kubernetes.cri-o.Devices option poses a security risk 2042619 - Overview page of the console is broken for hypershift clusters 2042655 - [IPI on Alibabacloud] cluster becomes unusable if there is only one kube-apiserver pod running 2042711 - [IBMCloud] Machine Deletion Hook cannot work on IBMCloud 2042715 - [AliCloud] Machine Deletion Hook cannot work on AliCloud 2042770 - [IPI on Alibabacloud] with vpcID & vswitchIDs specified, the installer would still try creating NAT gateway unexpectedly 2042829 - Topology performance: HPA was fetched for each Deployment (Pod Ring) 2042851 - Create template from SAP HANA template flow - VM is created instead of a new template 2042906 - Edit machineset with same machine deletion hook name succeed 2042960 - azure-file CI fails with "gid(0) in storageClass and pod fsgroup(1000) are not equal" 2043003 - [IPI on Alibabacloud] 'destroy cluster' of a failed installation (bug2041694) stuck after 'stage=Nat gateways' 2043042 - [Serial] [sig-auth][Feature:OAuthServer] [RequestHeaders] [IdP] test RequestHeaders IdP [Suite:openshift/conformance/serial] 2043043 - Cluster Autoscaler should use K8s 1.23 dependencies 2043064 - Topology performance: Unnecessary rerenderings in topology nodes (unchanged mobx props) 2043078 - Favorite system projects not visible in the project selector after toggling "Show default projects". 2043117 - Recommended operators links are erroneously treated as external 2043130 - Update CSI sidecars to the latest release for 4.10 2043234 - Missing validation when creating several BGPPeers with the same peerAddress 2043240 - Sync openshift/descheduler with sigs.k8s.io/descheduler 2043254 - crio does not bind the security profiles directory 2043296 - Ignition fails when reusing existing statically-keyed LUKS volume 2043297 - [4.10] Bootimage bump tracker 2043316 - RHCOS VM fails to boot on Nutanix AOS 2043446 - Rebase aws-efs-utils to the latest upstream version. 2043556 - Add proper ci-operator configuration to ironic and ironic-agent images 2043577 - DPU network operator 2043651 - Fix bug with exp. backoff working correcly when setting nextCheck in vsphere operator 2043675 - Too many machines deleted by cluster autoscaler when scaling down 2043683 - Revert bug 2039344 Ignoring IPv6 addresses against etcd cert validation 2043709 - Logging flags no longer being bound to command line 2043721 - Installer bootstrap hosts using outdated kubelet containing bugs 2043731 - [IBMCloud] terraform outputs missing for ibmcloud bootstrap and worker ips for must-gather 2043759 - Bump cluster-ingress-operator to k8s.io/api 1.23 2043780 - Bump router to k8s.io/api 1.23 2043787 - Bump cluster-dns-operator to k8s.io/api 1.23 2043801 - Bump CoreDNS to k8s.io/api 1.23 2043802 - EgressIP stopped working after single egressIP for a netnamespace is switched to the other node of HA pair after the first egress node is shutdown 2043961 - [OVN-K] If pod creation fails, retry doesn't work as expected. 2044201 - Templates golden image parameters names should be supported 2044244 - Builds are failing after upgrading the cluster with builder image [jboss-webserver-5/jws56-openjdk8-openshift-rhel8] 2044248 - [IBMCloud][vpc.block.csi.ibm.io]Cluster common user use the storageclass without parameter “csi.storage.k8s.io/fstype” create pvc,pod successfully but write data to the pod's volume failed of "Permission denied" 2044303 - [ovn][cloud-network-config-controller] cloudprivateipconfigs ips were left after deleting egressip objects 2044347 - Bump to kubernetes 1.23.3 2044481 - collect sharedresource cluster scoped instances with must-gather 2044496 - Unable to create hardware events subscription - failed to add finalizers 2044628 - CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources 2044680 - Additional libovsdb performance and resource consumption fixes 2044704 - Observe > Alerting pages should not show runbook links in 4.10 2044717 - [e2e] improve tests for upstream test environment 2044724 - Remove namespace column on VM list page when a project is selected 2044745 - Upgrading cluster from 4.9 to 4.10 on Azure (ARO) causes the cloud-network-config-controller pod to CrashLoopBackOff 2044808 - machine-config-daemon-pull.service: use `cp` instead of `cat` when extracting MCD in OKD 2045024 - CustomNoUpgrade alerts should be ignored 2045112 - vsphere-problem-detector has missing rbac rules for leases 2045199 - SnapShot with Disk Hot-plug hangs 2045561 - Cluster Autoscaler should use the same default Group value as Cluster API 2045591 - Reconciliation of aws pod identity mutating webhook did not happen 2045849 - Add Sprint 212 translations 2045866 - MCO Operator pod spam "Error creating event" warning messages in 4.10 2045878 - Sync upstream 1.16.0 downstream; includes hybrid helm plugin 2045916 - [IBMCloud] Default machine profile in installer is unreliable 2045927 - [FJ OCP4.10 Bug]: Podman failed to pull the IPA image due to the loss of proxy environment 2046025 - [IPI on Alibabacloud] pre-configured alicloud DNS private zone is deleted after destroying cluster, please clarify 2046137 - oc output for unknown commands is not human readable 2046296 - When creating multiple consecutive egressIPs on GCP not all of them get assigned to the instance 2046297 - Bump DB reconnect timeout 2046517 - In Notification drawer, the "Recommendations" header shows when there isn't any recommendations 2046597 - Observe > Targets page may show the wrong service monitor is multiple monitors have the same namespace & label selectors 2046626 - Allow setting custom metrics for Ansible-based Operators 2046683 - [AliCloud]"--scale-down-utilization-threshold" doesn't work on AliCloud 2047025 - Installation fails because of Alibaba CSI driver operator is degraded 2047190 - Bump Alibaba CSI driver for 4.10 2047238 - When using communities and localpreferences together, only localpreference gets applied 2047255 - alibaba: resourceGroupID not found 2047258 - [aws-usgov] fatal error occurred if AMI is not provided for AWS GovCloud regions 2047317 - Update HELM OWNERS files under Dev Console 2047455 - [IBM Cloud] Update custom image os type 2047496 - Add image digest feature 2047779 - do not degrade cluster if storagepolicy creation fails 2047927 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used 2047929 - use lease for leader election 2047975 - [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Skipped:Disconnected] [Suite:openshift/conformance/parallel] 2048046 - New route annotation to show another URL or hide topology URL decorator doesn't work for Knative Services 2048048 - Application tab in User Preferences dropdown menus are too wide. 2048050 - Topology list view items are not highlighted on keyboard navigation 2048117 - [IBM]Shouldn't change status.storage.bucket and status.storage.resourceKeyCRN when update sepc.stroage,ibmcos with invalid value 2048413 - Bond CNI: Failed to attach Bond NAD to pod 2048443 - Image registry operator panics when finalizes config deletion 2048478 - [alicloud] CCM deploys alibaba-cloud-controller-manager from quay.io/openshift/origin-* 2048484 - SNO: cluster-policy-controller failed to start due to missing serving-cert/tls.crt 2048598 - Web terminal view is broken 2048836 - ovs-configure mis-detecting the ipv6 status on IPv4 only cluster causing Deployment failure 2048891 - Topology page is crashed 2049003 - 4.10: [IBMCloud] ibm-vpc-block-csi-node does not specify an update strategy, only resource requests, or priority class 2049043 - Cannot create VM from template 2049156 - 'oc get project' caused 'Observed a panic: cannot deep copy core.NamespacePhase' when AllRequestBodies is used 2049886 - Placeholder bug for OCP 4.10.0 metadata release 2049890 - Warning annotation for pods with cpu requests or limits on single-node OpenShift cluster without workload partitioning 2050189 - [aws-efs-csi-driver] Merge upstream changes since v1.3.2 2050190 - [aws-ebs-csi-driver] Merge upstream changes since v1.2.0 2050227 - Installation on PSI fails with: 'openstack platform does not have the required standard-attr-tag network extension' 2050247 - Failing test in periodics: [sig-network] Services should respect internalTrafficPolicy=Local Pod and Node, to Pod (hostNetwork: true) [Feature:ServiceInternalTrafficPolicy] [Skipped:Network/OVNKubernetes] [Suite:openshift/conformance/parallel] [Suite:k8s] 2050250 - Install fails to bootstrap, complaining about DefragControllerDegraded and sad members 2050310 - ContainerCreateError when trying to launch large (>500) numbers of pods across nodes 2050370 - alert data for burn budget needs to be updated to prevent regression 2050393 - ZTP missing support for local image registry and custom machine config 2050557 - Can not push images to image-registry when enabling KMS encryption in AlibabaCloud 2050737 - Remove metrics and events for master port offsets 2050801 - Vsphere upi tries to access vsphere during manifests generation phase 2050883 - Logger object in LSO does not log source location accurately 2051692 - co/image-registry is degrade because ImagePrunerDegraded: Job has reached the specified backoff limit 2052062 - Whereabouts should implement client-go 1.22+ 2052125 - [4.10] Crio appears to be coredumping in some scenarios 2052210 - [aws-c2s] kube-apiserver crashloops due to missing cloud config 2052339 - Failing webhooks will block an upgrade to 4.10 mid-way through the upgrade. 2052458 - [IBM Cloud] ibm-vpc-block-csi-controller does not specify an update strategy, priority class, or only resource requests 2052598 - kube-scheduler should use configmap lease 2052599 - kube-controller-manger should use configmap lease 2052600 - Failed to scaleup RHEL machine against OVN cluster due to jq tool is required by configure-ovs.sh 2052609 - [vSphere CSI driver Operator] RWX volumes counts metrics `vsphere_rwx_volumes_total` not valid 2052611 - MetalLB: BGPPeer object does not have ability to set ebgpMultiHop 2052612 - MetalLB: Webhook Validation: Two BGPPeers instances can have different router ID set. 2052644 - Infinite OAuth redirect loop post-upgrade to 4.10.0-rc.1 2052666 - [4.10.z] change gitmodules to rhcos-4.10 branch 2052756 - [4.10] PVs are not being cleaned up after PVC deletion 2053175 - oc adm catalog mirror throws 'missing signature key' error when using file://local/index 2053218 - ImagePull fails with error "unable to pull manifest from example.com/busy.box:v5 invalid reference format" 2053252 - Sidepanel for Connectors/workloads in topology shows invalid tabs 2053268 - inability to detect static lifecycle failure 2053314 - requestheader IDP test doesn't wait for cleanup, causing high failure rates 2053323 - OpenShift-Ansible BYOH Unit Tests are Broken 2053339 - Remove dev preview badge from IBM FlashSystem deployment windows 2053751 - ztp-site-generate container is missing convenience entrypoint 2053945 - [4.10] Failed to apply sriov policy on intel nics 2054109 - Missing "app" label 2054154 - RoleBinding in project without subject is causing "Project access" page to fail 2054244 - Latest pipeline run should be listed on the top of the pipeline run list 2054288 - console-master-e2e-gcp-console is broken 2054562 - DPU network operator 4.10 branch need to sync with master 2054897 - Unable to deploy hw-event-proxy operator 2055193 - e2e-metal-ipi-serial-ovn-ipv6 is failing frequently 2055358 - Summary Interval Hardcoded in PTP Operator if Set in the Global Body Instead of Command Line 2055371 - Remove Check which enforces summary_interval must match logSyncInterval 2055689 - [ibm]Operator storage PROGRESSING and DEGRADED is true during fresh install for ocp4.11 2055894 - CCO mint mode will not work for Azure after sunsetting of Active Directory Graph API 2056441 - AWS EFS CSI driver should use the trusted CA bundle when cluster proxy is configured 2056479 - ovirt-csi-driver-node pods are crashing intermittently 2056572 - reconcilePrecaching error: cannot list resource "clusterserviceversions" in API group "operators.coreos.com" at the cluster scope" 2056629 - [4.10] EFS CSI driver can't unmount volumes with "wait: no child processes" 2056878 - (dummy bug) ovn-kubernetes ExternalTrafficPolicy still SNATs 2056928 - Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation 2056948 - post 1.23 rebase: regression in service-load balancer reliability 2057438 - Service Level Agreement (SLA) always show 'Unknown' 2057721 - Fix Proxy support in RHACM 2.4.2 2057724 - Image creation fails when NMstateConfig CR is empty 2058641 - [4.10] Pod density test causing problems when using kube-burner 2059761 - 4.9.23-s390x-machine-os-content manifest invalid when mirroring content for disconnected install 2060610 - Broken access to public images: Unable to connect to the server: no basic auth credentials 2060956 - service domain can't be resolved when networkpolicy is used in OCP 4.10-rc 5. References: https://access.redhat.com/security/cve/CVE-2014-3577 https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2018-1000858 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-9952 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-25660 https://access.redhat.com/security/cve/CVE-2020-25677 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27781 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3516 https://access.redhat.com/security/cve/CVE-2021-3517 https://access.redhat.com/security/cve/CVE-2021-3518 https://access.redhat.com/security/cve/CVE-2021-3520 https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3537 https://access.redhat.com/security/cve/CVE-2021-3541 https://access.redhat.com/security/cve/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-3749 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-21684 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/cve/CVE-2021-25215 https://access.redhat.com/security/cve/CVE-2021-27218 https://access.redhat.com/security/cve/CVE-2021-30666 https://access.redhat.com/security/cve/CVE-2021-30761 https://access.redhat.com/security/cve/CVE-2021-30762 https://access.redhat.com/security/cve/CVE-2021-33928 https://access.redhat.com/security/cve/CVE-2021-33929 https://access.redhat.com/security/cve/CVE-2021-33930 https://access.redhat.com/security/cve/CVE-2021-33938 https://access.redhat.com/security/cve/CVE-2021-36222 https://access.redhat.com/security/cve/CVE-2021-37750 https://access.redhat.com/security/cve/CVE-2021-39226 https://access.redhat.com/security/cve/CVE-2021-41190 https://access.redhat.com/security/cve/CVE-2021-43813 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-0532 https://access.redhat.com/security/cve/CVE-2022-21673 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYipqONzjgjWX9erEAQjQcBAAgWTjA6Q2NgqfVf63ZpJF1jPurZLPqxDL 0in/5+/wqWaiQ6yk7wM3YBZgviyKnAMCVdrLsaR7R77BvfJcTE3W/fzogxpp6Rne eGT1PTgQRecrSIn+WG4gGSteavTULWOIoPvUiNpiy3Y7fFgjFdah+Nyx3Xd+xehM CEswylOd6Hr03KZ1tS3XL3kGL2botha48Yls7FzDFbNcy6TBAuycmQZifKu8mHaF aDAupVJinDnnVgACeS6CnZTAD+Vrx5W7NIisteXv4x5Hy+jBIUHr8Yge3oxYoFnC Y/XmuOw2KilLZuqFe+KHig45qT+FmNU8E1egcGpNWvmS8hGZfiG1jEQAqDPbZHxp sQAQZLQyz3TvXa29vp4QcsUuMxndIOi+QaK75JmqE06MqMIlFDYpr6eQOIgIZvFO RDZU/qvBjh56ypInoqInBf8KOQMy6eO+r6nFbMGcAfucXmz0EVcSP1oFHAoA1nWN rs1Qz/SO4CvdPERxcr1MLuBLggZ6iqGmHKk5IN0SwcndBHaVJ3j/LBv9m7wBYVry bSvojBDYx5ricbTwB5sGzu7oH5yVl813FA9cjkFpEhBiMtTfI+DKC8ssoRYNHd5Z 7gLW6KWPUIDuCIiiioPZAJMyvJ0IMrNDoQ0lhqPeV7PFdlRhT95M/DagUZOpPVuT b5PUYUBIZLc= =GUDA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: New Features The release of RHACS 3.64 provides the following new features: 1. You can now use deployment and namespace annotations to define where RHACS sends the violation notifications when configuring your notifiers such as Slack, Microsoft Teams, Email, and others. The Red Hat Advanced Cluster Security Operator now supports the ability to allow users to set the enforcement behavior of the admission controller as part of their custom resource. RHACS now supports kernel modules for Ubuntu 16.04 LTS with extended security maintenance (ESM). System changes The release of RHACS 3.64 includes the following system changes: 1. RHACS now pre-fixes the optional security context constraint name with `stackrox` to avoid global naming conflicts. Previously, violations for `port forwards` and `exec` events did not contain information about the user who performed the action that generated the events. The violations now include the user context. The cluster init bundles contain the secrets required for internal RHACS services to communicate with each other. You can delete these to rotate secrets, which have previously sometimes caused outages. This update includes a new deletion workflow that warns about the possible impact of deletion on your environment. The OpenShift compliance operator uses `rpm` only for querying, and it does not install any packages. Therefore, this update includes a policy exception for this pod by default to reduce the violations count. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 5. JIRA issues fixed (https://issues.jboss.org/): RHACS-25 - Release RHACS 3.64 6. This has been fixed (CVE-2021-3703)