Archived version change logs
The following versions are no longer supported for Red Hat® OpenShift® on IBM Cloud®. You can review the archive of the change logs.
Unsupported versions: Archived version history
Looking for the change logs of supported versions? See Red Hat OpenShift version change log.
Version 4.5 change log (Unsupported as of 10 October 2021)
Version 4.5 is unsupported. You can review the following archive of the 4.5 change logs.
Change log for worker node fix pack 4.5.41_1553_openshift, released 27 September 2021
The following table shows the changes that are in the worker node fix pack patch update 4.5.41_1553_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| Disk identification | N/A | N/A | Enhanced the disk identification logic to handle the case of 2+ partitions. |
| Haproxy | 9c98dc5 | 07f1e9 | Updated image with fixes for CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-36222, and CVE-2021-37750. |
Change log for master fix pack 4.5.41_1552_openshift, released 28 September 2021
The following table shows the changes that are in the master fix pack patch update 4.5.41_1552_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Gateway-enabled cluster controller | 1444 | 1510 | Updated image for CVE-2021-3711 and CVE-2021-3712. |
| IBM Cloud Block Storage plug-in and driver | v2.0.9 | v2.1.1 | Updated to use Go version 1.16.7. Updated universal base image (UBI) to the latest 8.4-208 version to resolve CVEs. |
| IBM Cloud File Storage for Classic plug-in and monitor | 398 | 400 | Updated to use Go version 1.16.7. Updated universal base image (UBI) to the latest 8.4-208 version to resolve CVEs. |
| IBM Cloud RBAC Operator | 945df65 | e3cb629 | Updated to use Go version 1.16.7. |
| Load balancer and load balancer monitor for IBM Cloud Provider | 1510 | 1550 | Updated image for CVE-2021-3711 and CVE-2021-3712. |
| Kubernetes API server auditing configuration | N/A | N/A | Updated to support verbose Kubernetes API server auditing. |
| OpenShift Container PlatformControl Plane Operator | v4.5.0-20210816 | v4.5.0-20210830 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| Red Hat OpenShift on IBM Cloud Metrics Server | v4.5.0-20210816 | v4.5.0-20210830 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| Red Hat OpenShift on IBM Cloud toolkit | 4.5.0+20210816 | 4.5.0+20210830 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
Change log for worker node fix pack 4.5.41_1551_openshift, released 13 September 2021
The following table shows the changes that are in the worker node fix pack patch update 4.5.41_1551_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| RHEL 7 Packages | 3.10.0-1160.36.2.el7 | 3.10.0-1160.42.2.el7 | Updated worker node image package updates for CVE-2021-25214, CVE-2020-27777, CVE-2021-22555, CVE-2021-29154, CVE-2021-29650, CVE-2021-32399, and CVE-2021-3715. |
Change log for master fix pack 4.5.41_1549_openshift, released 25 August 2021
The following table shows the changes that are in the master fix pack patch update 4.5.41_1549_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Cluster health image | v1.2.14 | v1.2.15 | Updated to use Go version 1.15.15. Updated universal base image (UBI) to the latest 8.4 version to resolve CVEs. |
| Gateway-enabled cluster controller | 1348 | 1444 | Updated image for CVE-2021-36159. |
| IBM Calico extension | 747 | 763 | Updated to use Go version 1.16.6. Updated universal base image (UBI) to the latest 8.4-205 version to resolve CVEs. |
| IBM Cloud Block Storage for Classic plug-in and driver | v2.0.8 | v2.0.9 | Updated to use Go version 1.16.6. Updated image for CVE-2021-33910. |
| IBM Cloud File Storage for Classic plug-in and monitor | 395 | 398 | Updated to use Go version 1.16.6. Updated image for CVE-2021-33910. |
| Key Management Service provider | v2.3.6 | v2.3.7 | Updated to use Go version 1.15.15. Updated UBI to the latest 8.4 version to resolve CVEs. |
| Load balancer and load balancer monitor for IBM Cloud Provider | 1328 | 1510 | Updated image for CVE-2020-27780. |
| Red Hat OpenShift Control Plane Operator | v4.5.0-20210630 | v4.5.0-20210816 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| OpenVPN Operator image | v1.3.4 | v1.3.6 | Updated image for CVE-2021-33910. |
| Red Hat OpenShift on IBM Cloud Cloud Metrics Server | v4.5.0-20210630 | v4.5.0-20210816 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| Red Hat OpenShift on IBM Cloud toolkit | 4.5.0+20210630 | 4.5.0+20210816 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
Change log for worker node fix pack 4.5.41_1548_openshift, released 16 August 2021
The following table shows the changes that are in the worker node fix pack patch update 4.5.41_1548_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| HA proxy | 68e6b3 | 9c98dc | Updated image with fixes for CVE-2021-27218 |
| RHEL Packages | N/A | N/A | Updated image with fixes for: CVE-2020-0543, CVE-2020-0548, CVE-2020-0549, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698, CVE-2020-24489, CVE-2020-24511, and CVE-2020-24512. |
Change log for worker node fix pack 4.5.41_1547_openshift, released 02 August 2021
The following table shows the changes that are in the worker node fix pack patch update 4.5.41_1547_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| HA proxy | aae810 | 68e6b3 | Updated image with fixes for CVE-2021-33910. |
| Registry endpoints | Added ability to access all global registries for private service enabled clusters through the public domain. Added zonal public registry endpoints for clusters with both private and public service endpoints enabled. | ||
| Read only disk self healing | For VPC Gen2 workers. Added automation to recover from disks going read only. | ||
| RHEL 7 Packages | 3.10.0-1160.31.1 | 3.10.0-1160.36.2 | Updated worker node images & Kernel with package updates: CVE-2019-20934, CVE-2020-11668, CVE-2021-33033, CVE-2021-33034, CVE-2021-33909. |
| OpenShift Container Platform | 4.6.38 | 4.6.40 | For more information, see the change logs. |
Change log for fix pack 4.5.41_1546_openshift, released 27 July 2021
The following table shows the changes that are in the master fix pack patch update 4.5.41_1546_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Cluster health image | v1.2.13 | v1.2.14 | Updated universal base image (UBI) to the latest version to resolve CVEs. |
| etcd | v3.4.14 | v3.4.16 | See the etcd release notes). |
| IBM Calico extension | 730 | 747 | Updated universal base image (UBI) to version 8.4-205 to resolve CVEs. |
| IBM Cloud Block Storage for Classic plug-in and driver | v2.0.7 | v2.0.8 | Updated to use Go version 1.16.6. Updated universal base image (UBI) to version 8.4-205 to resolve CVEs. |
| IBM Cloud File Storage for Classic plug-in and monitor | 394 | 395 | Updated universal base image (UBI) to version 8.4-205 to resolve CVEs. |
| IBM Cloud RBAC Operator | b68ea92 | 945df65 | Updated image for CVE-2021-33194. |
| Key Management Service provider | v2.3.5 | v2.3.6 | Updated universal base image (UBI) to the latest version to resolve CVEs. |
| Red Hat OpenShift | 4.5.40 | 4.5.41 | See the Red Hat OpenShift release notes. |
| Red Hat OpenShift Control Plane Operator | v4.5.0-20210608 | v4.5.0-20210630 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| OpenVPN Operator image | v1.3.3 | v1.3.4 | Updated Ansible operator base image to version 1.8.1 to resolve CVEs. |
| Red Hat OpenShift on IBM Cloud Metrics Server | v4.5.0-20210608 | v4.5.0-20210630 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| Red Hat OpenShift on IBM Cloud toolkit | 4.5.0+20210608 | 4.5.0+20210630 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
Change log for worker node fix pack 4.5.41_1545_openshift, released 19 July 2021
The following table shows the changes that are in the worker node fix pack 4.5.41_1545_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| Red Hat OpenShift | 4.5.40 | 4.5.41 | See the Red Hat OpenShift release notes. |
| RHEL 7 Packages | N/A | N/A | Updated worker node image with package updates. |
Change log for worker node fix pack 4.5.40_1544_openshift, released 6 July 2021
The following table shows the changes that are in the worker node fix pack 4.5.40_1544_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| HA proxy | 700dc6 | aae810 | Updated image with fixes for CVE-2021-3520, CVE-2021-20271, CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, and CVE-2021-3541. |
Change log for master fix pack 4.5.40_1543_openshift, released 28 June 2021
The following table shows the changes that are in the master fix pack patch update 4.5.40_1543_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Cluster health image | v1.2.12 | v1.2.13 | Updated to use Go version 1.15.12. Updated image for CVE-2021-33194. |
| Gateway-enabled cluster controller | 1352 | 1348 | Updated to run as a non-root user by default, with privileged escalation as needed. |
| IBM Calico extension | 689 | 730 | Updated to use Go version 1.16.15. Updated minimal universal base image (UBI) to version 8.4 to resolve CVEs. |
| IBM Cloud Block Storage for Classic plug-in and driver | v2.0.4 | v2.0.7 | Updated to use Go version 1.15.12. Updated image for CVE-2021-33194. Updated minimal UBI to version
8.4 to resolve CVEs. |
| IBM Cloud Controller Manager | v1.18.19-2 | v1.18.20-1 | Updated to support the Kubernetes 1.18.20 release. Updated image to implement additional IBM security controls. |
| IBM Cloud File Storage for Classic plug-in and monitor | 392 | 394 | Updated to use Go version 1.15.12. Updated UBI to version 8.4 to resolve CVEs. |
| IBM Cloud RBAC Operator | 63cd064 | b68ea92 | Update to use Go version 1.16.4. Updated UBI to version 8.4 to resolve CVEs. |
| Key Management Service provider | v2.3.4 | v2.3.5 | Updated to use Go version 1.15.12. Updated image for CVE-2021-33194. |
| Red Hat OpenShift | 4.5.39 | 4.5.40 | See the Red Hat OpenShift release notes. |
| Red Hat OpenShift Control Plane Operator | v4.5.0-20210512 | v4.5.0-20210608 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| OpenVPN Operator image | v1.3.1 | v1.3.3 | Updated ansible operator base image to version 1.8.0 to resolve CVEs and updated image to implement additional IBM security controls. |
| Portieris admission controller | v0.10.2 | v0.10.3 | See the Portieris admission controller release notes. |
| Red Hat OpenShift on IBM Cloud Metrics Server | v4.5.0-20210512 | v4.5.0-20210608 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| Red Hat OpenShift on IBM Cloud toolkit | 4.5.0+20210512 | 4.5.0+20210608 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
Change log for worker node fix pack 4.5.40_1542_openshift, released 22 June 2021
The following table shows the changes that are in the worker node fix pack 4.5.40_1542_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
Change log for worker node fix pack 4.5.40_1541_openshift, released 7 June 2021
The following table shows the changes that are in the worker node fix pack 4.5.40_1541_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| HA proxy | 26c5cc | 700dc6 | Updated the image for CVE-2021-27219. |
| Red Hat OpenShift | 4.5.39 | 4.5.40 | See the Red Hat OpenShift release notes. The update resolves CVE-2021-30465 (see the IBM security bulletin). |
TCP keepalive optimization for VPC |
N/A | N/A | Set the net.ipv4.tcp_keepalive_time setting to 180 seconds for compatibility with VPC gateways. |
| RHEL 7 Packages | N/A | N/A | Updated worker node image with package updates for CVE-2021-27219. |
Change log for worker node fix pack 4.5.39_1540_openshift, released 24 May 2021
The following table shows the changes that are in the worker node fix pack 4.5.39_1540_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| HA proxy | e0fa2f | 26c5cc | Updated image with fixes for CVE-2020-26116, CVE-2020-27619, CVE-2021-23336, CVE-2021-3177, CVE-2019-3842, CVE-2020-13776, CVE-2019-18276, CVE-2020-24977, CVE-2020-13434, CVE-2020-15358, CVE-2019-13012, CVE-2020-13543, CVE-2020-13584, CVE-2020-9948, CVE-2020-9951, CVE-2020-9983, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2020-24330, CVE-2020-24331, CVE-2020-24332, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2020-28196, CVE-2019-2708, CVE-2016-10228, CVE-2019-25013, CVE-2019-9169, CVE-2020-27618, CVE-2021-3326, and CVE-2020-8927. |
| Red Hat OpenShift | 4.5.38 | 4.5.39 | See the Red Hat OpenShift release notes. |
| RHEL 7 Packages | N/A | N/A | Updated worker node image with package updates. |
Change log for master fix pack 4.5.39_1539_openshift, released 24 May 2021
The following table shows the changes that are in the master fix pack patch update 4.5.39_1539_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Cluster health image | v1.2.11 | v1.2.12 | Improved the add-on status information that displays when errors are occur. Updated image to implement additional IBM security controls and for CVE-2020-26160, CVE-2020-28483 and CVE-2021-20305. |
| Gateway-enabled cluster controller | 1322 | 1352 | Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-28831,
CVE-2021-30139, CVE-2021-3449 and CVE-2021-3450. |
| IBM Calico extension | 618 | 689 | Updated to use Go version 1.15.12. Updated image to implement additional IBM security controls and for CVE-2020-14391,
CVE-2020-25661 and CVE-2020-25662. |
| IBM Cloud® Block Storage for Classic driver and plug-in | v2.0.3 | v2.0.4 | Updated image for CVE-2021-3449 and CVE-2021-3450. |
| IBM Cloud Controller Manager | v1.18.18-1 | v1.18.19-2 | Updated to support the Kubernetes 1.18.19 release. |
| IBM Cloud File Storage for Classic plug-in and monitor | 390 | 392 | Improved the prerequisite validation logic for provisioning persistent volume claims (PVCs). Updated image to implement additional IBM security controls and for CVE-2021-20305. |
| IBM Cloud RBAC Operator | b6a694b | 63cd064 | Updated image to implement additional IBM security controls and for CVE-2020-28483. |
| Key Management Service provider | v2.3.3 | v2.3.4 | Updated image to implement additional IBM security controls and for CVE-2020-28483 and CVE-2020-26160. |
| Load balancer and load balancer monitor for IBM Cloud Provider | 1274 | 1328 | Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-28831, CVE-2021-30139, CVE-2021-3449 and CVE-2021-3450. |
| Red Hat OpenShift | 4.5.37 | 4.5.39 | See the Red Hat OpenShift release notes. |
| Red Hat OpenShift Control Plane Operator | v4.5.0-20210329 | v4.5.0-20210512 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| OpenVPN Operator image | v1.3.0 | v1.3.1 | Updated image for CVE-2021-20305. |
| Portieris admission controller | v0.10.1 | v0.10.2 | See the Portieris admission controller release notes. |
| Red Hat OpenShift on IBM Cloud Metrics Server | v4.5.0-20210329 | v4.5.0-20210512 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| Red Hat OpenShift on IBM Cloud toolkit | 4.5.0+20210329 | 4.5.0+20210512 | See the Red Hat OpenShift on IBM Cloud toolkit release notes). |
Change log for worker node fix pack 4.5.38_1538_openshift, released 10 May 2021
The following table shows the changes that are in the worker node fix pack 4.5.38_1538_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| Red Hat OpenShift | 4.5.37 | 4.5.38 | See the Red Hat OpenShift release notes.
Configured worker nodes to integrate with a newer version of the NVIDIA GPU operator. Now when you create an instance of the |
| RHEL 7 Packages | 3.10.0-1160.24 | 3.10.0-1160.25 | To increase resiliency, rsyslog no longer keeps old file descriptors. Updated worker node images with kernel and package updates for CVE-2021-25215,
CVE-2020-25692, and CVE-2020-25648. |
Change log for master fix pack 4.5.37_1536_openshift, released 27 April 2021
The following table shows the changes that are in the master fix pack patch update 4.5.37_1536_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Cluster health image | v1.2.9 | v1.2.11 | Fixed Red Hat OpenShift version check for unsupported add-ons. Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-3449, CVE-2021-3450, and CVE-2021-20305. |
| Cluster master operations | N/A | N/A | Resolved a Red Hat OpenShift API server target down alert on clusters that are updated from version 4.4 or earlier. |
| IBM Cloud Block Storage for Classic driver and plug-in | v2.0.1 | v2.0.3 | Updated to use Go version 1.15.9 and for CVE-2020-28851. |
| IBM Cloud Controller Manager | v1.18.17-1 | v1.18.18-1 | Updated to support the Kubernetes 1.18.18 release. |
| IBM Cloud File Storage for Classic plug-in and monitor | 389 | 390 | Updated to use Go version 1.15.9 and for CVE-2020-28851, and CVE-2021-3121. |
| IBM Cloud RBAC Operator | 3dd6bbc | b6a694b | Updated image for CVE-2021-3449 and CVE-2021-3450. |
| Key Management Service provider | v2.2.5 | v2.3.3 | Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-3449,
CVE-2021-3450, and CVE-2021-20305. |
| Red Hat OpenShift | 4.5.35 | 4.5.37 | See the Red Hat OpenShift release notes. |
| Red Hat OpenShift Control Plane Operator | v4.5.0-20210301 | v4.5.0-20210329 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| OpenVPN client | 2.4.6-r3-IKS-301 | 2.4.6-r3-IKS-386 | Updated image to implement additional IBM security controls. |
| OpenVPN Operator image | v1.2.0 | v1.3.0 | Added OpenVPN support to the Red Hat OpenShift API server to support webhooks. Updated image to implement additional IBM security controls and for CVE-2021-3449, CVE-2021-3450, and CVE-2021-20305. |
| OpenVPN server | 2.4.6-r3-IKS-301 | 2.4.6-r3-IKS-385 | Updated image to implement additional IBM security controls. |
| Red Hat OpenShift on IBM Cloud Metrics Server | v4.5.0-20210301 | v4.5.0-20210329 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| Red Hat OpenShift on IBM Cloud toolkit | 4.5.0+20210301 | 4.5.0+20210329 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
Change log for worker node fix pack 4.5.37_1537_openshift, released 26 April 2021
The following table shows the changes that are in the worker node fix pack 4.5.37_1537_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| HA proxy | a3b1ff | e0fa2f | The update addresses CVE-2021-20305. |
| Red Hat OpenShift | 4.5.35 | 4.5.37 | See the Red Hat OpenShift release notes. |
| RHEL 7 Packages | N/A | N/A | Updated worker node images with package updates for CVE-2021-20305. |
Change log for worker node fix pack 4.5.35_1535_openshift, released 12 April 2021
The following table shows the changes that are in the worker node fix pack 4.5.35_1535_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| HA proxy | 9b2dca | a3b1ff | The update addresses CVE-2021-3449 and CVE-2021-3450. |
| RHEL 7 Packages | 3.10.0-1160.21.1.el7 | 3.10.0-1160.24.1.el7 | Updated worker node images with kernel and package updates for CVE-2021-27363, CVE-2021-27364, and CVE-2021-27365. |
Change log for master fix pack 4.5.35_1533_openshift, released 30 March 2021
The following table shows the changes that are in the master fix pack patch update 4.5.35_1533_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Activity Tracker event | N/A | N/A | Now, the containers-kubernetes.version.update event is sent to Activity Tracker when a master fix pack update is initiated for a cluster. |
| Cluster health image | v1.2.8 | v1.2.9 | Updated image for CVE-2020-28851. |
| Gateway-enabled cluster controller | 1232 | 1322 | Updated to use Go version 1.15.10 and for CVE-2021-23839, CVE-2021-23840, and CVE-2021-23841. |
| IBM Cloud Controller Manager | v1.18.16-2 | v1.18.17-1 | Updated to support the Kubernetes 1.18.17 release. Fixed a bug that prevented VPC load balancers from supporting more than 50 subnets in an account. |
| IBM Cloud File Storage for Classic plug-in and monitor | 388 | 389 | Updated to use Go version 1.15.8. |
| IBM Cloud RBAC Operator | 86de2b7 | 3dd6bbc | Updated image for CVE-2020-28851. |
| Red Hat OpenShift | 4.5.31 | 4.5.35 | See the Red Hat OpenShift release notes. |
| Red Hat OpenShift Control Plane Operator | v4.5.0-20210112 | v4.5.0-20210301 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| OpenVPN Operator image | v1.1.2 | v1.2.0 | Fixed a bug that could prevent worker node VPN updates. |
| Red Hat OpenShift on IBM Cloud Metrics Server | v4.5.0-20210112 | v4.5.0-20210301 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| Red Hat OpenShift on IBM Cloud toolkit | 4.5.0+20210112 | 4.5.0+20210301 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
Change log for worker node fix pack 4.5.35_1534_openshift, released 29 March 2021
The following table shows the changes that are in the worker node fix pack 4.5.35_1534_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| Red Hat OpenShift | 4.5.33 | 4.5.35 | See the Red Hat OpenShift release notes. |
| RHEL 7 Packages | 3.10.0-1160.15.2.el7 | 3.10.0-1160.21.1.el7 | Updated worker node images with kernel and package updates for CVE-2019-19532, CVE-2020-0427, CVE-2020-7053, CVE-2020-14351, CVE-2020-25211, CVE-2020-25645, CVE-2020-25656, CVE-2020-25705, CVE-2020-28374, CVE-2020-29661, and CVE-2021-20265. |
Change log for worker node fix pack 4.5.33_1532_openshift, released 12 March 2021
The following table shows the changes that are in the worker node fix pack 4.5.33_1532_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| Red Hat OpenShift | 4.5.31 | 4.5.33 | See the Red Hat OpenShift release notes. |
| RHEL 7 Packages | N/A | N/A | Updated worker node with package updates for CVE-2020-8625, CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233, and CVE-2021-27803. |
Change log for worker node fix pack 4.5.31_1531_openshift, released 1 March 2021
The following table shows the changes that are in the worker node fix pack 4.5.31_1531_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| Image garbage collection | N/A | N/A | Fixed a race condition during the provisioning of worker nodes that might cause image garbage collection to fail. |
| IBM Cloud Container Registry private endpoints | N/A | N/A | VPC worker nodes: Fixed a bug where traffic to the private endpoints of IBM Cloud Container Registry might fail after rebooting the worker node. |
| RHEL 7 Packages | N/A | N/A | Updated worker node with package updates. |
Change log for master fix pack 4.5.31_1531_openshift, released 27 February 2021
The following table shows the changes that are in the master fix pack patch update 4.5.31_1531_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Load balancer and load balancer monitor for IBM Cloud Provider | 1165 | 1274 | Fixed a bug that might cause version 2.0 network load balancers (NLBs) to crash and restart on load balancer updates. |
| OpenVPN Operator image | v1.1.0 | v1.1.2 | Updated image to implement additional IBM security controls. |
Change log for master fix pack 4.5.31_1530_openshift, released 22 February 2021
The following table shows the changes that are in the master fix pack patch update 4.5.31_1530_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Calico | v3.16.5 | v3.16.6 | See the Calico release notes. |
| Tigera Operator | v1.10.9 | v1.10.10 | See the Tigera Operator release notes. |
| Cluster health image | v1.2.6 | v1.2.8 | Updated to use Go version 1.15.7. Updated image to implement additional IBM security controls. |
| Gateway-enabled cluster controller | 1195 | 1232 | Updated to use Go version 1.15.7. |
| IBM Calico extension | 567 | 618 | Updated to use Go version 1.15.7. |
| IBM Cloud Controller Manager | v1.18.15-3 | v1.18.16-1 | Updated to support the Kubernetes 1.18.16 release and to use calicoctl version 3.13.5. Updated image to implement additional IBM security controls and for DLA-2509-1. Updated version 1.0 and 2.0 network load balancers (NLBs) to run as a non-root user by default, with privileged escalation as needed. |
| IBM Cloud File Storage for Classic plug-in and monitor | 385 | 388 | Improved the retry logic for provisioning persistent volume claims (PVCs). |
| IBM Cloud RBAC Operator | f859228 | 86de2b7 | Updated to use Go version 1.15.7. |
| Key Management Service provider | v2.2.3 | v2.2.5 | Updated to use Go version 1.15.7. Updated image to implement additional IBM security controls. |
| Load balancer and load balancer monitor for IBM Cloud Provider | 1078 | 1165 | Updated to run as a non-root user by default, with privileged escalation as needed. Updated to use Go version 1.15.7. |
| Red Hat OpenShift | 4.5.24 | 4.5.31 | See the Red Hat OpenShift release notes. |
Change log for worker node fix pack 4.5.31_1529_openshift, released 15 February 2021
The following table shows the changes that are in the worker node fix pack 4.5.31_1529_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| Red Hat OpenShift | 4.5.28 | 4.5.31 | See the Red Hat OpenShift release notes. |
| RHEL 7 Packages | 3.10.0-1160.11.1.el7 | 3.10.0-1160.15.2.el7 | Updated worker node with image kernel and package updates for: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723, CVE-2020-15436, CVE-2020-35513, CVE-2019-25013, CVE-2020-10029, CVE-2020-29573, and CVE-2020-12321){: external}. |
Change log for worker node fix pack 4.5.28_1528_openshift, released 1 February 2021
The following table shows the changes that are in the worker node fix pack 4.5.28_1528_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| Red Hat OpenShift | 4.5.24 | 4.5.28 | See the Red Hat OpenShift release notes. |
| RHEL 7 Packages | N/A | N/A | Updated worker node image with package updates for CVE-2021-3156, CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686. |
Change log for master fix pack 4.5.24_1527_openshift, released 19 January 2021
The following table shows the changes that are in the master fix pack patch update 4.5.24_1527_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Cluster health image | v1.2.4 | v1.2.6 | Updated image to implement additional IBM security controls. |
| Gateway-enabled cluster controller | 1184 | 1195 | Updated image for CVE-2020-1971. |
| IBM Calico extension | 556 | 567 | Updated image to implement additional IBM security controls and for CVE-2020-1971 and CVE-2020-24659. |
| IBM Cloud Block Storage driver and plug-in | v2.0.0 | v2.0.1 | Updated image for CVE-2020-1971 and CVE-2020-24659. |
| IBM Cloud Controller Manager | v1.18.14-1 | v1.18.15-3 | Updated to support the Kubernetes 1.18.15 release and to implement additional IBM security controls. |
| IBM Cloud File Storage for Classic plug-in and monitor | 384 | 385 | Updated image for CVE-2020-1971 and CVE-2020-24659. |
| Key Management Service provider | v2.2.2 | v2.2.3 | Fixed bug to ignore conflict errors during KMS secret re-encryption. Updated to use Go version 1.15.5. Updated image to implement additional IBM security controls and for CVE-2020-1971. |
| Load balancer and load balancer monitor for IBM Cloud Provider | 1004 | 1078 | Updated image for CVE-2020-1971. |
| Red Hat OpenShift | N/A | N/A | Updated to implement additional IBM security controls. |
| Red Hat OpenShift Control Plane Operator | v4.5.0-20201210 | v4.5.0-20210112 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. Updated to implement additional IBM security controls. |
| OpenVPN Operator image | v1.0.12 | v1.1.0 | Updated image for CVE-2020-1971. |
| Red Hat OpenShift on IBM Cloud Metrics Server | v4.5.0-20201210 | v4.5.0-20210112 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. Updated to implement additional IBM security controls. |
| Red Hat OpenShift on IBM Cloud toolkit | 4.5.0+20201210 | 4.5.0+20210112 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
Change log for worker node fix pack 4.5.24_1526_openshift, released 18 January 2021
The following table shows the changes that are in the worker node fix pack 4.5.24_1526_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| Red Hat OpenShift | 4.5.22 | 4.5.24 | See the Red Hat OpenShift release notes. |
| RHEL 7 Packages | N/A | N/A | Updated worker node image with package updates. |
Change log for master fix pack 4.5.24_1525_openshift, released 6 January 2021
The following table shows the changes that are in the master fix pack patch update 4.5.24_1525_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| IBM Calico extension | 538 | 556 | Updated image to include the ip command. |
| IBM Cloud Block Storage driver and plug-in | 1.17.2 | v2.0.0 | Updated to use the universal base image (UBI), to use Go version 1.15.5, to run with a least privileged security context, and to improve logging. Updated image to implement additional IBM security controls. |
| IBM Cloud Controller Manager | v1.18.13-1 | v1.18.14-1 | Updated to support the Kubernetes 1.18.14 release. |
| IBM Cloud File Storage for Classic plug-in | N/A | N/A | Updated to run with a privileged security context. |
| IBM Cloud RBAC Operator | c148a8a | f859228 | Updated image for CVE-2020-1971 and CVE-2020-24659. |
| Red Hat OpenShift Control Plane Operator | v4.5.0-20201207 | v4.5.0-20201210 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| Red Hat OpenShift | 4.5.18 | 4.5.24 | See the Red Hat OpenShift release notes. The update resolves CVE-2020-8559 (see the IBM security bulletin). |
| Red Hat OpenShift on IBM Cloud Metrics Server | v4.5.0-20201207 | v4.5.0-20201210 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| Red Hat OpenShift on IBM Cloud toolkit | 4.5.0+20201207 | 4.5.0+20201210 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
Change log for worker node fix pack 4.5.22_1524_openshift, released 21 December 2020
The following table shows the changes that are in the worker node fix pack update 4.5.21_1524_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| HAProxy | db4e6d | 9b2dca | Image update for CVE-2020-1971 and CVE-2020-24659. |
| Red Hat OpenShift | 4.5.21 | 4.5.22 | See the Red Hat OpenShift release notes. |
| RHEL 7 Packages | 3.10.0-1160.6.1.el7 | 3.10.0-1160.11.1.el7 | Updated worker node image with kernel and package updates for: CVE-2019-18282, CVE-2020-10769, CVE-2020-14314, CVE-2020-14385, CVE-2020-24394, CVE-2020-25212, CVE-2020-25643, and CVE-2020-1971. |
Change log for master fix pack 4.5.18_1523_openshift, released 14 December 2020
The following table shows the changes that are in the master fix pack patch update 4.5.18_1523_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Cluster health image | v1.2.3 | v1.2.4 | Updated image to implement additional IBM security controls. |
| etcd | v3.4.13 | v3.4.14 | See the etcd release notes. |
| Gateway-enabled cluster controller | 1105 | 1184 | Updated to use Go version 1.15.5. Updated image to implement additional IBM security controls. |
| IBM Calico extension | 469 | 538 | Updated to use the universal base image (UBI), to run as a non-root user and to use Go version 1.15.5. Updated image to implement additional IBM security controls. |
| IBM Cloud Controller Manager | v1.18.12-1 | v1.18.13-1 | Updated to support the Kubernetes 1.18.13 release. Updated image to implement additional IBM security controls. Fixed a bug in VPC load balancer creation when the cluster, VPC or subnet are in a different resource group. |
| IBM Cloud File Storage for Classic monitor | 379 | 384 | Updated to use Go version 1.15.5 and to run as a non-root user. Updated image to implement additional IBM security controls. |
| IBM Cloud File Storage for Classic plug-in | 379 | 384 | Updated to use Go version 1.15.5 and to run with a least privileged security context. Updated image to implement additional IBM security controls. |
| IBM Cloud RBAC Operator | 197bc70 | c148a8a | Updated to use Go version 1.15.6 and updated image to implement additional IBM security controls. |
| Key management service (KMS) provider | v2.2.1 | v2.2.2 | Updated image to implement additional IBM security controls. |
| Load balancer and load balancer monitor for IBM Cloud Provider | 234 | 1004 | Updated Alpine base image to version 3.12 and to use Go version 1.15.5. Updated image for CVE-2020-8037 and CVE-2020-28928. Updated image to implement additional IBM security controls. |
| Red Hat OpenShift Control Plane Operator | v4.5.0-20201113 | v4.5.0-20201207 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| OpenVPN client | 2.4.6-r3-IKS-116 | 2.4.6-r3-IKS-301 | Updated image to implement additional IBM security controls. |
| OpenVPN Operator image | v1.0.10 | v1.0.12 | Updated image to implement additional IBM security controls. |
| OpenVPN server | 2.4.6-r3-IKS-131 | 2.4.6-r3-IKS-301 | Updated image to implement additional IBM security controls. |
| Red Hat OpenShift on IBM Cloud Metrics Server | v4.5.0-20201113 | v4.5.0-20201207 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| Red Hat OpenShift on IBM Cloud toolkit | 4.5.0+20201113 | 4.5.0+20201207 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
Change log for worker node fix pack 4.5.21_1522_openshift, released 7 December 2020
The following table shows the changes that are in the worker node fix pack update 4.5.21_1522_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| HAProxy | 1.8.26-384f42 | db4e6d | Added provenance labels for source tracking. |
| Red Hat OpenShift | 4.5.19 | 4.5.21 | See the Red Hat OpenShift release notes. |
| RHEL 7 Packages | N/A | N/A | Updated worker node image with package updates. |
Change log for worker node fix pack 4.5.19_1521_openshift, released 23 November 2020
The following table shows the changes that are in the worker node fix pack update 4.5.19_1521_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| Ephemeral storage reservations | N/A | N/A | Local ephemeral storage is reserved on the Kubernetes data disk for system components. For more information, see Worker node resource reserves. |
| Red Hat OpenShift node | 4.5.17 | 4.5.19 | See the Red Hat OpenShift release notes. |
| RHEL 7 Packages | 3.10.0-1160.2.2.el7 | 3.10.0-1160.6.1.el7 | Updated worker node image with kernel and package updates for CVE-2020-8622, CVE-2020-8623, CVE-2020-8624, CVE-2019-20907, CVE-2020-15999, CVE-2020-8177, CVE-2019-20811, CVE-2020-14331, CVE-2020-8695, CVE-2020-8696, and CVE-2020-8698. |
Change log for master fix pack 4.5.18_1521_openshift, released 16 November 2020
The following table shows the changes that are in the master fix pack patch update 4.5.18_1521_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Calico | v3.16.1 | v3.16.5 | See the Calico release notes. |
| Tigera Operator | v1.10.3 | v1.10.9 | See the Tigera Operator release notes. In addition, Tigera Operator metrics are disabled. |
| Cluster health image | v1.2.2 | v1.2.3 | Added status codes to add-on health messages. Set add-on health state to critical and status to unknown when cluster health is critical. When a cluster has a Kubernetes key management service (KMS)
provider enabled and a disabled Key Protect key, the cluster health state is now set to critical. Updated image for DLA-2424-1. |
| IBM Cloud Controller Manager | v1.18.10-1 | v1.18.12-1 | Updated to support the Kubernetes 1.18.12 release. Updated image for DLA-2424-1. |
| IBM Cloud RBAC Operator | 31c794a | 197bc70 | Updated image for CVE-2019-20454, CVE-2020-10029, CVE-2020-1751, CVE-2020-1752, CVE-2019-20807, CVE-2019-16935, CVE-2019-20907, CVE-2020-14422, CVE-2020-8492, CVE-2019-15165, CVE-2019-16168, CVE-2019-20218, CVE-2019-5018, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-6405, CVE-2020-9327, CVE-2020-8177, CVE-2019-13050, CVE-2018-20843, CVE-2019-15903, CVE-2019-14889, CVE-2020-1730, CVE-2019-1551, CVE-2020-14382, CVE-2019-13627, CVE-2019-19956, CVE-2019-20388, CVE-2020-7595, CVE-2019-20386, CVE-2019-19906, CVE-2019-20387, and CVE-2019-19221. |
| Key Management Service provider | v2.1.0 | v2.2.1 | Updated to support service-to-service authentication and to use Go version 1.15.2. Updated image for DLA-2424-1. |
| Red Hat OpenShift Control Plane Operator | v4.5.0-20201022 | v4.5.0-20201113 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| Red Hat OpenShift | 4.5.15 | 4.5.18 | See the Red Hat OpenShift release notes. |
| OpenVPN Operator image | v1.0.9 | v1.0.10 | Updated image for CVE-2019-20454, CVE-2020-10029, CVE-2020-1751, CVE-2020-1752, CVE-2019-20807, CVE-2019-16935, CVE-2019-20907, CVE-2020-14422, CVE-2020-8492, CVE-2019-15165, CVE-2019-16168, CVE-2019-20218, CVE-2019-5018, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-6405, CVE-2020-9327, CVE-2020-8177, CVE-2019-13050, CVE-2018-20843, CVE-2019-15903, CVE-2019-14889, CVE-2020-1730, CVE-2019-1551, CVE-2020-14382, CVE-2019-13627, CVE-2019-19956, CVE-2019-20388, CVE-2020-7595, CVE-2019-20386, CVE-2019-19906, CVE-2019-20387, and CVE-2019-19221. |
| Red Hat OpenShift on IBM Cloud Server | v4.5.0-20201022 | v4.5.0-20201113 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| Red Hat OpenShift on IBM Cloud toolkit | 4.5.0+20201022 | 4.5.0+20201113 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
Change log for worker node fix pack 4.5.17_1519_openshift, released 9 November 2020
The following table shows the changes that are in the worker node fix pack update 4.5.17_1519_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| Red Hat OpenShift | 4.5.15 | 4.5.17 | See the Red Hat OpenShift release notes. |
| RHEL 7 Packages | N/A | N/A | Updated worker node image with package updates for CVE-2020-15999. |
Change log for worker node fix pack 4.5.15_1518_openshift, released 26 October 2020
The following table shows the changes that are in the worker node fix pack update 4.5.15_1518_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| Red Hat OpenShift | 4.5.13 | 4.5.15 | See the Red Hat OpenShift release notes. |
| RHEL 7 Packages | 3.10.0-1160.2.1.el7 | 3.10.0-1160.2.2.el7 | Updated worker node images with kernel and package updates for CVE-2020-12351 and CVE-2020-12352. |
Change log for master fix pack 4.5.15_1518_openshift, released 26 October 2020
The following table shows the changes that are in the master fix pack patch update 4.5.15_1518_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Cluster health image | v1.2.1 | v1.2.2 | Fixed the cluster health status for when add-on customizations are used. |
| IBM Cloud Controller Manager | v1.18.9-2 | v1.18.10-1 | Updated to support the Kubernetes 1.18.10 release. |
| IBM Cloud File Storage for Classic plug-in and monitor | 378 | 379 | Updated to use the universal base image (UBI) and to use Go version 1.15.2. |
| Kubernetes configuration | N/A | N/A | Kubernetes service account token volume projection is enabled
and issues tokens that use https://kubernetes.default.svc as the default API audience. |
| Red Hat OpenShift | 4.5.13 | 4.5.15 | See the Red Hat OpenShift release notes. |
| Red Hat OpenShift Control Plane Operator | v4.5.0-20201009 | v4.5.0-20201022 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| Red Hat OpenShift on IBM Cloud Metrics Server | v4.5.0-20201009 | v4.5.0-20201022 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| Red Hat OpenShift on IBM Cloud toolkit | 4.5.0+20201009 | 4.5.0+20201022 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
Change log for 4.5.13_1515_openshift, released 13 October 2020
The following table shows the changes that are in the 4.5.13_1515_openshift version update.
| Component | Previous | Current | Description |
|---|---|---|---|
| Calico | v3.13.3 | v3.16.1 | See the Calico release notes. In addition, Calico pods in the calico-system namespace now set CPU and memory requests. |
| Tigera Operator | v1.3.4 | v1.10.3 | See the Tigera Operator release notes. |
| Cluster health image | v1.1.11 | v1.2.1 | When a cluster has a Kubernetes key management service (KMS) provider enabled and a disabled Key Protect key, a warning is now returned in the cluster health state. Fixed check
to determine if an add-on is unsupported. In addition, updated to use Go version 1.15.2. |
| Cluster master HA configuration | N/A | N/A | Updated configuration to improve availability during cluster master operations. |
| Gateway-enabled cluster controller | 1082 | 1105 | Updated to use Go version 1.15.2. |
| IBM Cloud Block Storage for Classic driver and plug-in | 1.17.1 | 1.17.2 | Updated to use Go version 1.13.15. |
| IBM Cloud Controller Manager | v1.17.12-1 | v1.18.9-2 | Updated to support the Kubernetes 1.18.9 release and to use calicoctl version 3.13.4. Updated network load balancer (NLB) events to use the latest IBM Cloud troubleshooting documentation. For VPC load balancers, the service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: "proxy-protocol" annotation was added to preserve the source IP address of requests to apps in your cluster. |
| IBM Cloud RBAC Operator | 4b47693 | 31c794a | Updated to use Go version 1.15.2. |
| Key Management Service provider | v2.0.4 | v2.1.0 | Updated to use the key management service (KMS) provider secret to identify when a Key Protect key is enabled and disabled so that encryption and decryption requests are updated accordingly. |
| Load balancer and load balancer monitor for IBM Cloud Provider | 208 | 234 | Improved startup performance of version 2.0 private network load balancers (NLBs). Updated to use Go version 1.15.2. |
| Red Hat OpenShift Control Plane Operator | v4.4.0-20200821 | v4.5.0-20201009 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| Red Hat OpenShift | 4.4.20 | 4.5.13 | See the Red Hat OpenShift release notes. |
| Red Hat OpenShift configuration | N/A | N/A | New version 4.5 clusters that run on the VPC infrastructure provider and use IBM Cloud Object Storage now proxy container image traffic through the internal registry pods directly to the Object Storage endpoints. To configure this proxy for version 4.5 clusters that were updated from a previous version, see the troubleshooting topic. |
| OpenVPN Operator image | v1.0.8 | v1.0.9 | Updated to improve OpenVPN availability. |
| Red Hat OpenShift on IBM Cloud Metrics Server | N/A | v4.5.0-20201009 | New!: Red Hat OpenShift on IBM Cloud now provides custom cluster metrics. See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| Red Hat OpenShift on IBM Cloud toolkit | 4.4.0+20200821 | 4.5.0+20201009 | See the Red Hat OpenShift on IBM Cloud release notes. |
Version 4.4 change log (unsupported as of 31 May 2021)
Version 4.4 is unsupported. You can review the following archive of the 4.4 change logs.
Change log for worker node fix pack 4.4.33_1544_openshift, released 24 May 2021
The following table shows the changes that are in the worker node fix pack 4.4.33_1544_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| HA proxy | e0fa2f | 26c5cc | Updated image with fixes for CVE-2020-26116, CVE-2020-27619, CVE-2021-23336, CVE-2021-3177, CVE-2019-3842, CVE-2020-13776, CVE-2019-18276, CVE-2020-24977, CVE-2020-13434, CVE-2020-15358, CVE-2019-13012, CVE-2020-13543, CVE-2020-13584, CVE-2020-9948, CVE-2020-9951, CVE-2020-9983, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2020-24330, CVE-2020-24331, CVE-2020-24332, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2020-28196, CVE-2019-2708, CVE-2016-10228, CVE-2019-25013, CVE-2019-9169, CVE-2020-27618, CVE-2021-3326, and CVE-2020-8927. |
| RHEL 7 Packages | N/A | N/A | Updated worker node image with package updates. |
Change log for master fix pack 4.4.33_1543_openshift, released 24 May 2021
The following table shows the changes that are in the master fix pack patch update 4.4.33_1543_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Cluster health image | v1.1.21 | v1.1.22 | Updated image to implement additional IBM security controls and for CVE-2020-26160, CVE-2020-28483 and CVE-2021-20305. |
| Gateway-enabled cluster controller | 1322 | 1352 | Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-28831,
CVE-2021-30139, CVE-2021-3449 and CVE-2021-3450. |
| IBM Calico extension | 618 | 689 | Updated to use Go version 1.15.12. Updated image to implement additional IBM security controls and for CVE-2020-14391,
CVE-2020-25661 and CVE-2020-25662. |
| IBM Cloud® Block Storage for Classic driver and plug-in | v2.0.3 | v2.0.4 | Updated image for CVE-2021-3449 and CVE-2021-3450. |
| IBM Cloud File Storage for Classic plug-in and monitor | 390 | 392 | Improved the prerequisite validation logic for provisioning persistent volume claims (PVCs). Updated image to implement additional IBM security controls and for CVE-2021-20305. |
| IBM Cloud RBAC Operator | b6a694b | 63cd064 | Updated image to implement additional IBM security controls and for CVE-2020-28483. |
| Key Management Service provider | v2.3.3 | v2.3.4 | Updated image to implement additional IBM security controls and for CVE-2020-28483 and CVE-2020-26160. |
| Load balancer and load balancer monitor for IBM Cloud Provider | 1274 | 1328 | Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-28831, CVE-2021-30139, CVE-2021-3449 and CVE-2021-3450. |
| OpenVPN Operator image | v1.3.0 | v1.3.1 | Updated image for CVE-2021-20305. |
Change log for worker node fix pack 4.4.33_1541_openshift, released 10 May 2021
The following table shows the changes that are in the worker node fix pack 4.4.33_1541_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| RHEL 7 Packages | 3.10.0-1160.24 | 3.10.0-1160.25 | To increase resiliency, rsyslog no longer keeps old file descriptors. Updated worker node images with kernel and package updates for CVE-2021-25215,
CVE-2020-25692, and CVE-2020-25648. |
Change log for master fix pack 4.4.33_1539_openshift, released 27 April 2021
The following table shows the changes that are in the master fix pack patch update 4.4.33_1539_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Cluster health image | v1.1.19 | v1.1.21 | Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-3449,
CVE-2021-3450, and CVE-2021-20305. |
| IBM Cloud Block Storage driver and plug-in | v2.0.1 | v2.0.3 | Updated to use Go version 1.15.9 and for CVE-2020-28851. |
| IBM Cloud File Storage for Classic plug-in and monitor | 389 | 390 | Updated to use Go version 1.15.9 and for CVE-2020-28851 and CVE-2021-3121. |
| IBM Cloud RBAC Operator | 3dd6bbc | b6a694b | Updated image for CVE-2021-3449 and CVE-2021-3450. |
| Key Management Service provider | v2.2.5 | v2.3.3 | Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-3449,
CVE-2021-3450, and CVE-2021-20305. |
| OpenVPN client | 2.4.6-r3-IKS-301 | 2.4.6-r3-IKS-386 | Updated image to implement additional IBM security controls. |
| OpenVPN Operator image | v1.2.0 | v1.3.0 | Added OpenVPN support to the Red Hat OpenShift API server to support webhooks. Updated image to implement additional IBM security controls and for CVE-2021-3449, CVE-2021-3450, and CVE-2021-20305. |
| OpenVPN server | 2.4.6-r3-IKS-301 | 2.4.6-r3-IKS-385 | Updated image to implement additional IBM security controls. |
Change log for worker node fix pack 4.4.33_1540_openshift, released 26 April 2021
The following table shows the changes that are in the worker node fix pack 4.4.33_1540_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| HA proxy | a3b1ff | e0fa2f | The update addresses CVE-2021-20305. |
| RHEL 7 Packages | N/A | N/A | Updated worker node images with package updates for CVE-2021-20305. |
Change log for worker node fix pack 4.4.33_1538_openshift, released 12 April 2021
The following table shows the changes that are in the worker node fix pack 4.4.33_1538_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| HA proxy | 9b2dca | a3b1ff | The update addresses CVE-2021-3449 and CVE-2021-3450. |
| RHEL 7 Packages | 3.10.0-1160.21.1.el7 | 3.10.0-1160.24.1.el7 | Updated worker node images with kernel and package updates for CVE-2021-27363, CVE-2021-27364, and CVE-2021-27365. |
Change log for master fix pack 4.4.33_1536_openshift, released 30 March 2021
The following table shows the changes that are in the master fix pack patch update 4.4.33_1536_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Activity Tracker event | N/A | N/A | Now, the containers-kubernetes.version.update event is sent to Activity Tracker when a master fix pack update is initiated for a cluster. |
| Cluster health image | v1.1.18 | v1.1.19 | Updated image for CVE-2020-28851. |
| Gateway-enabled cluster controller | 1232 | 1322 | Updated to use Go version 1.15.10 and for CVE-2021-23839, CVE-2021-23840, and CVE-2021-23841. |
| IBM Cloud File Storage for Classic plug-in and monitor | 388 | 389 | Updated to use Go version 1.15.8. |
| IBM Cloud RBAC Operator | 86de2b7 | 3dd6bbc | Updated image for CVE-2020-28851. |
| Load balancer and load balancer monitor for IBM Cloud Provider | 1165 | 1274 | Fixed a bug that might cause version 2.0 network load balancers (NLBs) to crash and restart on load balancer updates. |
| OpenVPN Operator image | v1.1.0 | v1.2.0 | Fixed a bug that could prevent worker node VPN updates. |
Change log for worker node fix pack 4.4.33_1537_openshift, released 29 March 2021
The following table shows the changes that are in the worker node fix pack 4.4.33_1537_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| RHEL 7 Packages | 3.10.0-1160.15.2.el7 | 3.10.0-1160.21.1.el7 | Updated worker node images with kernel and package updates for CVE-2019-19532, CVE-2020-0427, CVE-2020-7053, CVE-2020-14351, CVE-2020-25211, CVE-2020-25645, CVE-2020-25656, CVE-2020-25705, CVE-2020-28374, CVE-2020-29661, and CVE-2021-20265. |
Change log for worker node fix pack 4.4.33_1535_openshift, released 12 March 2021
The following table shows the changes that are in the worker node fix pack 4.4.33_1535_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| RHEL 7 Packages | N/A | N/A | Updated worker node with package updates for CVE-2020-8625, CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233, and CVE-2021-27803. |
Change log for worker node fix pack 4.4.33_1534_openshift, released 1 March 2021
The following table shows the changes that are in the worker node fix pack 4.4.33_1534_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| Image garbage collection | N/A | N/A | Fixed a race condition during the provisioning of worker nodes that might cause image garbage collection to fail. |
| IBM Cloud Container Registry private endpoints | N/A | N/A | VPC worker nodes: Fixed a bug where traffic to the private endpoints of IBM Cloud Container Registry might fail after rebooting the worker node. |
| RHEL 7 Packages | N/A | N/A | Updated worker node with package updates. |
Change log for master fix pack 4.4.33_1534_openshift, released 22 February 2021
The following table shows the changes that are in the master fix pack patch update 4.4.33_1534_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Calico | v3.13.3 | v3.13.5 | See the Calico release notes. |
| Tigera Operator | v1.3.4 | v1.3.6 | See the Tigera Operator release notes. |
| Cluster health image | v1.1.16 | v1.1.18 | Updated to use Go version 1.15.7. Updated image to implement additional IBM security controls. |
| Gateway-enabled cluster controller | 1195 | 1232 | Updated to use Go version 1.15.7. |
| IBM Calico extension | 567 | 618 | Updated to use Go version 1.15.7. |
| IBM Cloud Controller Manager | v1.17.17-1 | v1.17.17-5 | Updated image for for DLA-2509-1. |
| IBM Cloud File Storage for Classic plug-in and monitor | 385 | 388 | Improved the retry logic for provisioning persistent volume claims (PVCs). |
| IBM Cloud RBAC Operator | f859228 | 86de2b7 | Updated to use Go version 1.15.7. |
| Key Management Service provider | v2.2.3 | v2.2.5 | Updated to use Go version 1.15.7. Updated image to implement additional IBM security controls. |
| Load balancer and load balancer monitor for IBM Cloud Provider | 1078 | 1165 | Updated to use Go version 1.15.7. |
| Red Hat OpenShift | 4.4.31 | 4.4.33 | See the Red Hat OpenShift release notes. |
Change log for worker node fix pack 4.4.33_1533_openshift, released 15 February 2021
The following table shows the changes that are in the worker node fix pack 4.4.33_1533_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| Red Hat OpenShift | 4.4.31 | 4.4.33 | See the Red Hat OpenShift release notes. |
| RHEL 7 Packages | 3.10.0-1160.11.1.el7 | 3.10.0-1160.15.2.el7 | Updated worker node with image kernel and package updates for: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723, CVE-2020-15436, CVE-2020-35513, CVE-2019-25013, CVE-2020-10029, CVE-2020-29573, and CVE-2020-12321){: external}. |
Change log for worker node fix pack 4.4.31_1532_openshift, released 1 February 2021
The following table shows the changes that are in the worker node fix pack 4.4.31_1532_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| RHEL 7 Packages | N/A | N/A | Updated worker node image with package updates for CVE-2021-3156, CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686. |
Change log for master fix pack 4.4.31_1531_openshift, released 19 January 2021
The following table shows the changes that are in the master fix pack patch update 4.4.31_1531_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Cluster health image | v1.1.13 | v1.1.16 | Updated image to implement additional IBM security controls. |
| Gateway-enabled cluster controller | 1184 | 1195 | Updated image for CVE-2020-1971. |
| IBM Calico extension | 556 | 567 | Updated image to implement additional IBM security controls and for CVE-2020-1971 and CVE-2020-24659. |
| IBM Cloud Block Storage driver and plug-in | v2.0.0 | v2.0.1 | Updated image for CVE-2020-1971 and CVE-2020-24659. |
| IBM Cloud Controller Manager | v1.17.16-1 | v1.17.17-1 | Updated to support the Kubernetes 1.17.17 release. |
| IBM Cloud File Storage for Classic plug-in and monitor | 384 | 385 | Updated image for CVE-2020-1971 and CVE-2020-24659. |
| Key Management Service provider | v2.2.2 | v2.2.3 | Fixed bug to ignore conflict errors during KMS secret re-encryption. Updated to use Go version 1.15.5. Updated image to implement additional IBM security controls and for CVE-2020-1971. |
| Load balancer and load balancer monitor for IBM Cloud Provider | 1004 | 1078 | Updated image for CVE-2020-1971. |
| Red Hat OpenShift Control Plane Operator | v4.4.0-20201210 | v4.4.0-20210112 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| OpenVPN Operator image | v1.0.12 | v1.1.0 | Updated image for CVE-2020-1971. |
| Red Hat OpenShift on IBM Cloud toolkit | 4.4.0+20201210 | 4.4.0+20210112 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
Change log for worker node fix pack 4.4.31_1530_openshift, released 18 January 2021
The following table shows the changes that are in the worker node fix pack 4.4.31_1530_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| RHEL 7 Packages | N/A | N/A | Updated worker node image with package updates. |
Change log for master fix pack 4.4.31_1529_openshift, released 6 January 2021
The following table shows the changes that are in the master fix pack patch update 4.4.31_1529_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| IBM Calico extension | 538 | 556 | Updated image to include the ip command. |
| IBM Cloud Block Storage driver and plug-in | 1.17.2 | v2.0.0 | Updated to use the universal base image (UBI), to use Go version 1.15.5, to run with a least privileged security context, and to improve logging. Updated image to implement additional IBM security controls. |
| IBM Cloud Controller Manager | v1.17.15-1 | v1.17.16-1 | Updated to support the Kubernetes 1.17.16 release. |
| IBM Cloud File Storage for Classic plug-in | N/A | N/A | Updated to run with a privileged security context. |
| IBM Cloud RBAC Operator | c148a8a | f859228 | Updated image for CVE-2020-1971 and CVE-2020-24659. |
| Key Management Service provider | v2.0.7 | v2.2.2 |
Updated the key management service (KMS) provider support as follows.
|
| Red Hat OpenShift Control Plane Operator | v4.4.0-20201207 | v4.4.0-20201210 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| Red Hat OpenShift | 4.4.29 | 4.4.31 | See the Red Hat OpenShift release notes. |
| Red Hat OpenShift on IBM Cloud toolkit | 4.4.0+20201207 | 4.4.0+20201210 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
Change log for worker node fix pack 4.4.31_1528_openshift, released 21 December 2020
The following table shows the changes that are in the worker node fix pack update 4.4.31_1528_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| HAProxy | db4e6d | 9b2dca | Image update for CVE-2020-1971 and CVE-2020-24659. |
| RHEL 7 Packages | 3.10.0-1160.6.1.el7 | 3.10.0-1160.11.1.el7 | Updated worker node image with kernel and package updates for: CVE-2019-18282, CVE-2020-10769, CVE-2020-14314, CVE-2020-14385, CVE-2020-24394, CVE-2020-25212, CVE-2020-25643, and CVE-2020-1971. |
Change log for master fix pack 4.4.29_1527_openshift, released 14 December 2020
The following table shows the changes that are in the master fix pack patch update 4.4.29_1527_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| etcd | v3.4.13 | v3.4.14 | See the etcd release notes. |
| Gateway-enabled cluster controller | 1105 | 1184 | Updated to use Go version 1.15.5. Updated image to implement additional IBM security controls. |
| IBM Calico extension | 378 | 538 | Updated to use the universal base image (UBI), to run as a non-root user and to use Go version 1.15.5. Updated image to implement additional IBM security controls. |
| IBM Cloud Controller Manager | v1.17.14-1 | v1.17.15-1 | Updated to support the Kubernetes 1.17.15 release. Updated image to implement additional IBM security controls. |
| IBM Cloud File Storage for Classic monitor | 379 | 384 | Updated to use Go version 1.15.5 and to run as a non-root user. Updated image to implement additional IBM security controls. |
| IBM Cloud File Storage for Classic plug-in | 379 | 384 | Updated to use Go version 1.15.5 and to run with a least privileged security context. Updated image to implement additional IBM security controls. |
| IBM Cloud RBAC Operator | 197bc70 | c148a8a | Updated to use Go version 1.15.6 and updated image to implement additional IBM security controls. |
| Key management service (KMS) provider | v2.0.5 | v2.0.7 | Updated image to implement additional IBM security controls. |
| Load balancer and load balancer monitor for IBM Cloud Provider | 208 | 1004 | Updated Alpine base image to version 3.12 and to use Go version 1.15.5. Updated image for CVE-2020-8037 and CVE-2020-28928. Updated image to implement additional IBM security controls. |
| Red Hat OpenShift Control Plane Operator | v4.4.0-20201110 | v4.4.0-20201207 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
| OpenVPN client | 2.4.6-r3-IKS-116 | 2.4.6-r3-IKS-301 | Updated image to implement additional IBM security controls. |
| OpenVPN Operator image | v1.0.10 | v1.0.12 | Updated image to implement additional IBM security controls. |
| OpenVPN server | 2.4.6-r3-IKS-131 | 2.4.6-r3-IKS-301 | Updated image to implement additional IBM security controls. |
| Red Hat OpenShift on IBM Cloud toolkit | 4.4.0+20201110 | 4.4.0+20201207 | See the Red Hat OpenShift on IBM Cloud toolkit release notes. |
Change log for worker node fix pack 4.4.31_1526_openshift, released 7 December 2020
The following table shows the changes that are in the worker node fix pack update 4.4.31_1526_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| HAProxy | 1.8.26-384f42 | db4e6d | Added provenance labels for source tracking. |
| Red Hat OpenShift | 4.4.30 | 4.4.31 | See the Red Hat OpenShift release notes. |
| RHEL 7 Packages | N/A | N/A | Updated worker node image with package updates. |
Change log for worker node fix pack 4.4.30_1525_openshift, released 23 November 2020
The following table shows the changes that are in the worker node fix pack update 4.4.30_1525_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| Ephemeral storage reservations | N/A | N/A | Local ephemeral storage is reserved on the Kubernetes data disk for system components. For more information, see Worker node resource reserves. |
| Red Hat OpenShift node | 4.4.29 | 4.4.30 | See the Red Hat OpenShift release notes. |
| RHEL 7 Packages | 3.10.0-1160.2.2.el7 | 3.10.0-1160.6.1.el7 | Updated worker node image with kernel and package updates for CVE-2020-8622, CVE-2020-8623, CVE-2020-8624, CVE-2019-20907, CVE-2020-15999, CVE-2020-8177, CVE-2019-20811, CVE-2020-14331, CVE-2020-8695, CVE-2020-8696, and CVE-2020-8698. |
Change log for master fix pack 4.4.29_1525_openshift, released 16 November 2020
The following table shows the changes that are in the master fix pack patch update 4.4.29_1525_openshift. Master patch updates are applied automatically.
Change log for worker node fix pack 4.4.29_1524_openshift, released 9 November 2020
The following table shows the changes that are in the worker node fix pack update 4.4.29_1524_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| Red Hat OpenShift | 4.4.27 | 4.4.29 | See the Red Hat OpenShift release notes. |
| RHEL 7 Packages | N/A | N/A | Updated worker node image with package updates for CVE-2020-15999. |
Change log for worker node fix pack 4.4.27_1523_openshift, released 26 October 2020
The following table shows the changes that are in the worker node fix pack update 4.4.27_1523_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.
| Component | Previous | Current | Description |
|---|---|---|---|
| Red Hat OpenShift | 4.4.26 | 4.4.27 | See the Red Hat OpenShift release notes. |
| RHEL 7 Packages | 3.10.0-1160.2.1.el7 | 3.10.0-1160.2.2.el7 | Updated worker node images with kernel and package updates for CVE-2020-12351 and CVE-2020-12352. |
Change log for master fix pack 4.4.27_1523_openshift, released 26 October 2020
The following table shows the changes that are in the master fix pack patch update 4.4.27_1523_openshift. Master patch updates are applied automatically.
| Component | Previous | Current | Description |
|---|---|---|---|
| Cluster health image | v1.1.11 | v1.1.12 | Fixed check for unsupported add-ons. Updated to use Go version 1.15.2. |
| Gateway-enabled cluster controller | 1082 | 1105 | Updated to use Go version 1.15.2. |
| IBM Cloud Block Storage for Classic driver and plug-in | 1.17.1 | 1.17.2 | Updated to use Go version 1.13.15. |
| IBM Cloud Controller Manager | v1.17.12-1 | v1.17.13-1 | Updated to support the Kubernetes 1.17.13 release. |
| IBM Cloud RBAC Operator | 4b47693 | 31c794a | Updated to use Go version 1.15.2. |
| Red Hat OpenShift | 4.4.20 | 4.4.27 | See the Red Hat OpenShift release notes. |
| Red Hat OpenShift configuration | N/A | N/A | New version 4.4 clusters that run on the VPC infrastructure provider and use IBM Cloud Object Storage now proxy container image traffic through the internal registry pods directly to the Object Storage endpoints. To configure this proxy for existing version 4.4 clusters, see the troubleshooting topic. |
| OpenVPN Operator image | v1.0.8 | v1.0.9 | Updated to improve OpenVPN availability. |
Change log for worker node fix pack 4.4.26_1521_openshift, released 12 October 2020
The following table shows the changes that are in the worker node fix pack update 4.4.26_1521_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure)
the worker node.