IBM Cloud Docs
Archived version change logs

Archived version change logs

The following versions are no longer supported for Red Hat® OpenShift® on IBM Cloud®. You can review the archive of the change logs.

Unsupported versions: Archived version history

Looking for the change logs of supported versions? See Red Hat OpenShift version change log.

Version 4.5 change log (Unsupported as of 10 October 2021)

Version 4.5 is unsupported. You can review the following archive of the 4.5 change logs.

Change log for worker node fix pack 4.5.41_1553_openshift, released 27 September 2021

The following table shows the changes that are in the worker node fix pack patch update 4.5.41_1553_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.41_1551_openshift
Component Previous Current Description
Disk identification N/A N/A Enhanced the disk identification logic to handle the case of 2+ partitions.
Haproxy 9c98dc5 07f1e9 Updated image with fixes for CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-36222, and CVE-2021-37750.

Change log for master fix pack 4.5.41_1552_openshift, released 28 September 2021

The following table shows the changes that are in the master fix pack patch update 4.5.41_1552_openshift. Master patch updates are applied automatically.

Changes since version 4.5.41_1549_openshift
Component Previous Current Description
Gateway-enabled cluster controller 1444 1510 Updated image for CVE-2021-3711 and CVE-2021-3712.
IBM Cloud Block Storage plug-in and driver v2.0.9 v2.1.1 Updated to use Go version 1.16.7. Updated universal base image (UBI) to the latest 8.4-208 version to resolve CVEs.
IBM Cloud File Storage for Classic plug-in and monitor 398 400 Updated to use Go version 1.16.7. Updated universal base image (UBI) to the latest 8.4-208 version to resolve CVEs.
IBM Cloud RBAC Operator 945df65 e3cb629 Updated to use Go version 1.16.7.
Load balancer and load balancer monitor for IBM Cloud Provider 1510 1550 Updated image for CVE-2021-3711 and CVE-2021-3712.
Kubernetes API server auditing configuration N/A N/A Updated to support verbose Kubernetes API server auditing.
OpenShift Container PlatformControl Plane Operator v4.5.0-20210816 v4.5.0-20210830 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
Red Hat OpenShift on IBM Cloud Metrics Server v4.5.0-20210816 v4.5.0-20210830 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
Red Hat OpenShift on IBM Cloud toolkit 4.5.0+20210816 4.5.0+20210830 See the Red Hat OpenShift on IBM Cloud toolkit release notes.

Change log for worker node fix pack 4.5.41_1551_openshift, released 13 September 2021

The following table shows the changes that are in the worker node fix pack patch update 4.5.41_1551_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.41_1549_openshift
Component Previous Current Description
RHEL 7 Packages 3.10.0-1160.36.2.el7 3.10.0-1160.42.2.el7 Updated worker node image package updates for CVE-2021-25214, CVE-2020-27777, CVE-2021-22555, CVE-2021-29154, CVE-2021-29650, CVE-2021-32399, and CVE-2021-3715.

Change log for master fix pack 4.5.41_1549_openshift, released 25 August 2021

The following table shows the changes that are in the master fix pack patch update 4.5.41_1549_openshift. Master patch updates are applied automatically.

Changes since version 4.5.41_1546_openshift
Component Previous Current Description
Cluster health image v1.2.14 v1.2.15 Updated to use Go version 1.15.15. Updated universal base image (UBI) to the latest 8.4 version to resolve CVEs.
Gateway-enabled cluster controller 1348 1444 Updated image for CVE-2021-36159.
IBM Calico extension 747 763 Updated to use Go version 1.16.6. Updated universal base image (UBI) to the latest 8.4-205 version to resolve CVEs.
IBM Cloud Block Storage for Classic plug-in and driver v2.0.8 v2.0.9 Updated to use Go version 1.16.6. Updated image for CVE-2021-33910.
IBM Cloud File Storage for Classic plug-in and monitor 395 398 Updated to use Go version 1.16.6. Updated image for CVE-2021-33910.
Key Management Service provider v2.3.6 v2.3.7 Updated to use Go version 1.15.15. Updated UBI to the latest 8.4 version to resolve CVEs.
Load balancer and load balancer monitor for IBM Cloud Provider 1328 1510 Updated image for CVE-2020-27780.
Red Hat OpenShift Control Plane Operator v4.5.0-20210630 v4.5.0-20210816 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
OpenVPN Operator image v1.3.4 v1.3.6 Updated image for CVE-2021-33910.
Red Hat OpenShift on IBM Cloud Cloud Metrics Server v4.5.0-20210630 v4.5.0-20210816 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
Red Hat OpenShift on IBM Cloud toolkit 4.5.0+20210630 4.5.0+20210816 See the Red Hat OpenShift on IBM Cloud toolkit release notes.

Change log for worker node fix pack 4.5.41_1548_openshift, released 16 August 2021

The following table shows the changes that are in the worker node fix pack patch update 4.5.41_1548_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.6.40_1551_openshift
Component Previous Current Description
HA proxy 68e6b3 9c98dc Updated image with fixes for CVE-2021-27218
RHEL Packages N/A N/A Updated image with fixes for: CVE-2020-0543, CVE-2020-0548, CVE-2020-0549, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698, CVE-2020-24489, CVE-2020-24511, and CVE-2020-24512.

Change log for worker node fix pack 4.5.41_1547_openshift, released 02 August 2021

The following table shows the changes that are in the worker node fix pack patch update 4.5.41_1547_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.41_1545_openshift
Component Previous Current Description
HA proxy aae810 68e6b3 Updated image with fixes for CVE-2021-33910.
Registry endpoints Added ability to access all global registries for private service enabled clusters through the public domain. Added zonal public registry endpoints for clusters with both private and public service endpoints enabled.
Read only disk self healing For VPC Gen2 workers. Added automation to recover from disks going read only.
RHEL 7 Packages 3.10.0-1160.31.1 3.10.0-1160.36.2 Updated worker node images & Kernel with package updates: CVE-2019-20934, CVE-2020-11668, CVE-2021-33033, CVE-2021-33034, CVE-2021-33909.
OpenShift Container Platform 4.6.38 4.6.40 For more information, see the change logs.

Change log for fix pack 4.5.41_1546_openshift, released 27 July 2021

The following table shows the changes that are in the master fix pack patch update 4.5.41_1546_openshift. Master patch updates are applied automatically.

Changes since version 4.5.40_1543_openshift
Component Previous Current Description
Cluster health image v1.2.13 v1.2.14 Updated universal base image (UBI) to the latest version to resolve CVEs.
etcd v3.4.14 v3.4.16 See the etcd release notes).
IBM Calico extension 730 747 Updated universal base image (UBI) to version 8.4-205 to resolve CVEs.
IBM Cloud Block Storage for Classic plug-in and driver v2.0.7 v2.0.8 Updated to use Go version 1.16.6. Updated universal base image (UBI) to version 8.4-205 to resolve CVEs.
IBM Cloud File Storage for Classic plug-in and monitor 394 395 Updated universal base image (UBI) to version 8.4-205 to resolve CVEs.
IBM Cloud RBAC Operator b68ea92 945df65 Updated image for CVE-2021-33194.
Key Management Service provider v2.3.5 v2.3.6 Updated universal base image (UBI) to the latest version to resolve CVEs.
Red Hat OpenShift 4.5.40 4.5.41 See the Red Hat OpenShift release notes.
Red Hat OpenShift Control Plane Operator v4.5.0-20210608 v4.5.0-20210630 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
OpenVPN Operator image v1.3.3 v1.3.4 Updated Ansible operator base image to version 1.8.1 to resolve CVEs.
Red Hat OpenShift on IBM Cloud Metrics Server v4.5.0-20210608 v4.5.0-20210630 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
Red Hat OpenShift on IBM Cloud toolkit 4.5.0+20210608 4.5.0+20210630 See the Red Hat OpenShift on IBM Cloud toolkit release notes.

Change log for worker node fix pack 4.5.41_1545_openshift, released 19 July 2021

The following table shows the changes that are in the worker node fix pack 4.5.41_1545_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.40_1544_openshift
Component Previous Current Description
Red Hat OpenShift 4.5.40 4.5.41 See the Red Hat OpenShift release notes.
RHEL 7 Packages N/A N/A Updated worker node image with package updates.

Change log for worker node fix pack 4.5.40_1544_openshift, released 6 July 2021

The following table shows the changes that are in the worker node fix pack 4.5.40_1544_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.40_1542_openshift
Component Previous Current Description
HA proxy 700dc6 aae810 Updated image with fixes for CVE-2021-3520, CVE-2021-20271, CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, and CVE-2021-3541.

Change log for master fix pack 4.5.40_1543_openshift, released 28 June 2021

The following table shows the changes that are in the master fix pack patch update 4.5.40_1543_openshift. Master patch updates are applied automatically.

Changes since version 4.5.39_1539_openshift
Component Previous Current Description
Cluster health image v1.2.12 v1.2.13 Updated to use Go version 1.15.12. Updated image for CVE-2021-33194.
Gateway-enabled cluster controller 1352 1348 Updated to run as a non-root user by default, with privileged escalation as needed.
IBM Calico extension 689 730 Updated to use Go version 1.16.15. Updated minimal universal base image (UBI) to version 8.4 to resolve CVEs.
IBM Cloud Block Storage for Classic plug-in and driver v2.0.4 v2.0.7 Updated to use Go version 1.15.12. Updated image for CVE-2021-33194. Updated minimal UBI to version 8.4 to resolve CVEs.
IBM Cloud Controller Manager v1.18.19-2 v1.18.20-1 Updated to support the Kubernetes 1.18.20 release. Updated image to implement additional IBM security controls.
IBM Cloud File Storage for Classic plug-in and monitor 392 394 Updated to use Go version 1.15.12. Updated UBI to version 8.4 to resolve CVEs.
IBM Cloud RBAC Operator 63cd064 b68ea92 Update to use Go version 1.16.4. Updated UBI to version 8.4 to resolve CVEs.
Key Management Service provider v2.3.4 v2.3.5 Updated to use Go version 1.15.12. Updated image for CVE-2021-33194.
Red Hat OpenShift 4.5.39 4.5.40 See the Red Hat OpenShift release notes.
Red Hat OpenShift Control Plane Operator v4.5.0-20210512 v4.5.0-20210608 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
OpenVPN Operator image v1.3.1 v1.3.3 Updated ansible operator base image to version 1.8.0 to resolve CVEs and updated image to implement additional IBM security controls.
Portieris admission controller v0.10.2 v0.10.3 See the Portieris admission controller release notes.
Red Hat OpenShift on IBM Cloud Metrics Server v4.5.0-20210512 v4.5.0-20210608 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
Red Hat OpenShift on IBM Cloud toolkit 4.5.0+20210512 4.5.0+20210608 See the Red Hat OpenShift on IBM Cloud toolkit release notes.

Change log for worker node fix pack 4.5.40_1542_openshift, released 22 June 2021

The following table shows the changes that are in the worker node fix pack 4.5.40_1542_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.40_1541_openshift
Component Previous Current Description
HA proxy 26c5cc d3dc33 Updated image with fixes for CVE-2020-24977, CVE-2020-13434, CVE-2020-15358, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2019-2708, CVE-2019-13012, CVE-2020-13543, CVE-2020-13584, CVE-2020-9948, CVE-2020-9951, CVE-2020-9983, CVE-2021-27219, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2016-10228, CVE-2019-25013, CVE-2019-9169, CVE-2020-27618, CVE-2021-3326, CVE-2020-26116, CVE-2020-27619, CVE-2021-23336, CVE-2021-3177, CVE-2019-3842, CVE-2020-13776, CVE-2020-24330, CVE-2020-24331, CVE-2020-24332, CVE-2017-14502, CVE-2020-8927 and CVE-2020-28196.
IBM Cloud Container Registry N/A N/A Added private-only registry support for ca.icr.io, br.icr.io and jp2.icr.io.
RHEL 7 Packages 3.10.0-1160.25 3.10.0-1160.31 Updated worker node image with kernel package updates for CVE-2020-8648, CVE-2020-12362CVE-2020-12363CVE-2020-12364 CVE-2020-27170CVE-2021-3347, CVE-2020-24489, CVE-2020-24511CVE-2020-24512, CVE-2020-24513 and CVE-2021-25217.

Change log for worker node fix pack 4.5.40_1541_openshift, released 7 June 2021

The following table shows the changes that are in the worker node fix pack 4.5.40_1541_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.39_1540_openshift
Component Previous Current Description
HA proxy 26c5cc 700dc6 Updated the image for CVE-2021-27219.
Red Hat OpenShift 4.5.39 4.5.40 See the Red Hat OpenShift release notes. The update resolves CVE-2021-30465 (see the IBM security bulletin).
TCP keepalive optimization for VPC N/A N/A Set the net.ipv4.tcp_keepalive_time setting to 180 seconds for compatibility with VPC gateways.
RHEL 7 Packages N/A N/A Updated worker node image with package updates for CVE-2021-27219.

Change log for worker node fix pack 4.5.39_1540_openshift, released 24 May 2021

The following table shows the changes that are in the worker node fix pack 4.5.39_1540_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.38_1538_openshift
Component Previous Current Description
HA proxy e0fa2f 26c5cc Updated image with fixes for CVE-2020-26116, CVE-2020-27619, CVE-2021-23336, CVE-2021-3177, CVE-2019-3842, CVE-2020-13776, CVE-2019-18276, CVE-2020-24977, CVE-2020-13434, CVE-2020-15358, CVE-2019-13012, CVE-2020-13543, CVE-2020-13584, CVE-2020-9948, CVE-2020-9951, CVE-2020-9983, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2020-24330, CVE-2020-24331, CVE-2020-24332, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2020-28196, CVE-2019-2708, CVE-2016-10228, CVE-2019-25013, CVE-2019-9169, CVE-2020-27618, CVE-2021-3326, and CVE-2020-8927.
Red Hat OpenShift 4.5.38 4.5.39 See the Red Hat OpenShift release notes.
RHEL 7 Packages N/A N/A Updated worker node image with package updates.

Change log for master fix pack 4.5.39_1539_openshift, released 24 May 2021

The following table shows the changes that are in the master fix pack patch update 4.5.39_1539_openshift. Master patch updates are applied automatically.

Changes since version 4.5.37_1536_openshift
Component Previous Current Description
Cluster health image v1.2.11 v1.2.12 Improved the add-on status information that displays when errors are occur. Updated image to implement additional IBM security controls and for CVE-2020-26160, CVE-2020-28483 and CVE-2021-20305.
Gateway-enabled cluster controller 1322 1352 Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-28831, CVE-2021-30139, CVE-2021-3449 and CVE-2021-3450.
IBM Calico extension 618 689 Updated to use Go version 1.15.12. Updated image to implement additional IBM security controls and for CVE-2020-14391, CVE-2020-25661 and CVE-2020-25662.
IBM Cloud® Block Storage for Classic driver and plug-in v2.0.3 v2.0.4 Updated image for CVE-2021-3449 and CVE-2021-3450.
IBM Cloud Controller Manager v1.18.18-1 v1.18.19-2 Updated to support the Kubernetes 1.18.19 release.
IBM Cloud File Storage for Classic plug-in and monitor 390 392 Improved the prerequisite validation logic for provisioning persistent volume claims (PVCs). Updated image to implement additional IBM security controls and for CVE-2021-20305.
IBM Cloud RBAC Operator b6a694b 63cd064 Updated image to implement additional IBM security controls and for CVE-2020-28483.
Key Management Service provider v2.3.3 v2.3.4 Updated image to implement additional IBM security controls and for CVE-2020-28483 and CVE-2020-26160.
Load balancer and load balancer monitor for IBM Cloud Provider 1274 1328 Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-28831, CVE-2021-30139, CVE-2021-3449 and CVE-2021-3450.
Red Hat OpenShift 4.5.37 4.5.39 See the Red Hat OpenShift release notes.
Red Hat OpenShift Control Plane Operator v4.5.0-20210329 v4.5.0-20210512 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
OpenVPN Operator image v1.3.0 v1.3.1 Updated image for CVE-2021-20305.
Portieris admission controller v0.10.1 v0.10.2 See the Portieris admission controller release notes.
Red Hat OpenShift on IBM Cloud Metrics Server v4.5.0-20210329 v4.5.0-20210512 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
Red Hat OpenShift on IBM Cloud toolkit 4.5.0+20210329 4.5.0+20210512 See the Red Hat OpenShift on IBM Cloud toolkit release notes).

Change log for worker node fix pack 4.5.38_1538_openshift, released 10 May 2021

The following table shows the changes that are in the worker node fix pack 4.5.38_1538_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.37_1537_openshift
Component Previous Current Description
Red Hat OpenShift 4.5.37 4.5.38 See the Red Hat OpenShift release notes.

Configured worker nodes to integrate with a newer version of the NVIDIA GPU operator. Now when you create an instance of the ClusterPolicy for the GPU operator, you must enter 450.80.02 for the Driver Config version.

RHEL 7 Packages 3.10.0-1160.24 3.10.0-1160.25 To increase resiliency, rsyslog no longer keeps old file descriptors. Updated worker node images with kernel and package updates for CVE-2021-25215, CVE-2020-25692, and CVE-2020-25648.

Change log for master fix pack 4.5.37_1536_openshift, released 27 April 2021

The following table shows the changes that are in the master fix pack patch update 4.5.37_1536_openshift. Master patch updates are applied automatically.

Changes since version 4.5.35_1533_openshift
Component Previous Current Description
Cluster health image v1.2.9 v1.2.11 Fixed Red Hat OpenShift version check for unsupported add-ons. Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-3449, CVE-2021-3450, and CVE-2021-20305.
Cluster master operations N/A N/A Resolved a Red Hat OpenShift API server target down alert on clusters that are updated from version 4.4 or earlier.
IBM Cloud Block Storage for Classic driver and plug-in v2.0.1 v2.0.3 Updated to use Go version 1.15.9 and for CVE-2020-28851.
IBM Cloud Controller Manager v1.18.17-1 v1.18.18-1 Updated to support the Kubernetes 1.18.18 release.
IBM Cloud File Storage for Classic plug-in and monitor 389 390 Updated to use Go version 1.15.9 and for CVE-2020-28851, and CVE-2021-3121.
IBM Cloud RBAC Operator 3dd6bbc b6a694b Updated image for CVE-2021-3449 and CVE-2021-3450.
Key Management Service provider v2.2.5 v2.3.3 Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-3449, CVE-2021-3450, and CVE-2021-20305.
Red Hat OpenShift 4.5.35 4.5.37 See the Red Hat OpenShift release notes.
Red Hat OpenShift Control Plane Operator v4.5.0-20210301 v4.5.0-20210329 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
OpenVPN client 2.4.6-r3-IKS-301 2.4.6-r3-IKS-386 Updated image to implement additional IBM security controls.
OpenVPN Operator image v1.2.0 v1.3.0 Added OpenVPN support to the Red Hat OpenShift API server to support webhooks. Updated image to implement additional IBM security controls and for CVE-2021-3449, CVE-2021-3450, and CVE-2021-20305.
OpenVPN server 2.4.6-r3-IKS-301 2.4.6-r3-IKS-385 Updated image to implement additional IBM security controls.
Red Hat OpenShift on IBM Cloud Metrics Server v4.5.0-20210301 v4.5.0-20210329 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
Red Hat OpenShift on IBM Cloud toolkit 4.5.0+20210301 4.5.0+20210329 See the Red Hat OpenShift on IBM Cloud toolkit release notes.

Change log for worker node fix pack 4.5.37_1537_openshift, released 26 April 2021

The following table shows the changes that are in the worker node fix pack 4.5.37_1537_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.35_1535_openshift
Component Previous Current Description
HA proxy a3b1ff e0fa2f The update addresses CVE-2021-20305.
Red Hat OpenShift 4.5.35 4.5.37 See the Red Hat OpenShift release notes.
RHEL 7 Packages N/A N/A Updated worker node images with package updates for CVE-2021-20305.

Change log for worker node fix pack 4.5.35_1535_openshift, released 12 April 2021

The following table shows the changes that are in the worker node fix pack 4.5.35_1535_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.35_1534_openshift
Component Previous Current Description
HA proxy 9b2dca a3b1ff The update addresses CVE-2021-3449 and CVE-2021-3450.
RHEL 7 Packages 3.10.0-1160.21.1.el7 3.10.0-1160.24.1.el7 Updated worker node images with kernel and package updates for CVE-2021-27363, CVE-2021-27364, and CVE-2021-27365.

Change log for master fix pack 4.5.35_1533_openshift, released 30 March 2021

The following table shows the changes that are in the master fix pack patch update 4.5.35_1533_openshift. Master patch updates are applied automatically.

Changes since version 4.5.31_1531_openshift
Component Previous Current Description
Activity Tracker event N/A N/A Now, the containers-kubernetes.version.update event is sent to Activity Tracker when a master fix pack update is initiated for a cluster.
Cluster health image v1.2.8 v1.2.9 Updated image for CVE-2020-28851.
Gateway-enabled cluster controller 1232 1322 Updated to use Go version 1.15.10 and for CVE-2021-23839, CVE-2021-23840, and CVE-2021-23841.
IBM Cloud Controller Manager v1.18.16-2 v1.18.17-1 Updated to support the Kubernetes 1.18.17 release. Fixed a bug that prevented VPC load balancers from supporting more than 50 subnets in an account.
IBM Cloud File Storage for Classic plug-in and monitor 388 389 Updated to use Go version 1.15.8.
IBM Cloud RBAC Operator 86de2b7 3dd6bbc Updated image for CVE-2020-28851.
Red Hat OpenShift 4.5.31 4.5.35 See the Red Hat OpenShift release notes.
Red Hat OpenShift Control Plane Operator v4.5.0-20210112 v4.5.0-20210301 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
OpenVPN Operator image v1.1.2 v1.2.0 Fixed a bug that could prevent worker node VPN updates.
Red Hat OpenShift on IBM Cloud Metrics Server v4.5.0-20210112 v4.5.0-20210301 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
Red Hat OpenShift on IBM Cloud toolkit 4.5.0+20210112 4.5.0+20210301 See the Red Hat OpenShift on IBM Cloud toolkit release notes.

Change log for worker node fix pack 4.5.35_1534_openshift, released 29 March 2021

The following table shows the changes that are in the worker node fix pack 4.5.35_1534_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.33_1532_openshift
Component Previous Current Description
Red Hat OpenShift 4.5.33 4.5.35 See the Red Hat OpenShift release notes.
RHEL 7 Packages 3.10.0-1160.15.2.el7 3.10.0-1160.21.1.el7 Updated worker node images with kernel and package updates for CVE-2019-19532, CVE-2020-0427, CVE-2020-7053, CVE-2020-14351, CVE-2020-25211, CVE-2020-25645, CVE-2020-25656, CVE-2020-25705, CVE-2020-28374, CVE-2020-29661, and CVE-2021-20265.

Change log for worker node fix pack 4.5.33_1532_openshift, released 12 March 2021

The following table shows the changes that are in the worker node fix pack 4.5.33_1532_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.31_1531_openshift
Component Previous Current Description
Red Hat OpenShift 4.5.31 4.5.33 See the Red Hat OpenShift release notes.
RHEL 7 Packages N/A N/A Updated worker node with package updates for CVE-2020-8625, CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233, and CVE-2021-27803.

Change log for worker node fix pack 4.5.31_1531_openshift, released 1 March 2021

The following table shows the changes that are in the worker node fix pack 4.5.31_1531_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.31_1529_openshift
Component Previous Current Description
Image garbage collection N/A N/A Fixed a race condition during the provisioning of worker nodes that might cause image garbage collection to fail.
IBM Cloud Container Registry private endpoints N/A N/A VPC worker nodes: Fixed a bug where traffic to the private endpoints of IBM Cloud Container Registry might fail after rebooting the worker node.
RHEL 7 Packages N/A N/A Updated worker node with package updates.

Change log for master fix pack 4.5.31_1531_openshift, released 27 February 2021

The following table shows the changes that are in the master fix pack patch update 4.5.31_1531_openshift. Master patch updates are applied automatically.

Changes since version 4.5.31_1530_openshift
Component Previous Current Description
Load balancer and load balancer monitor for IBM Cloud Provider 1165 1274 Fixed a bug that might cause version 2.0 network load balancers (NLBs) to crash and restart on load balancer updates.
OpenVPN Operator image v1.1.0 v1.1.2 Updated image to implement additional IBM security controls.

Change log for master fix pack 4.5.31_1530_openshift, released 22 February 2021

The following table shows the changes that are in the master fix pack patch update 4.5.31_1530_openshift. Master patch updates are applied automatically.

Changes since version 4.5.24_1527_openshift
Component Previous Current Description
Calico v3.16.5 v3.16.6 See the Calico release notes.
Tigera Operator v1.10.9 v1.10.10 See the Tigera Operator release notes.
Cluster health image v1.2.6 v1.2.8 Updated to use Go version 1.15.7. Updated image to implement additional IBM security controls.
Gateway-enabled cluster controller 1195 1232 Updated to use Go version 1.15.7.
IBM Calico extension 567 618 Updated to use Go version 1.15.7.
IBM Cloud Controller Manager v1.18.15-3 v1.18.16-1 Updated to support the Kubernetes 1.18.16 release and to use calicoctl version 3.13.5. Updated image to implement additional IBM security controls and for DLA-2509-1. Updated version 1.0 and 2.0 network load balancers (NLBs) to run as a non-root user by default, with privileged escalation as needed.
IBM Cloud File Storage for Classic plug-in and monitor 385 388 Improved the retry logic for provisioning persistent volume claims (PVCs).
IBM Cloud RBAC Operator f859228 86de2b7 Updated to use Go version 1.15.7.
Key Management Service provider v2.2.3 v2.2.5 Updated to use Go version 1.15.7. Updated image to implement additional IBM security controls.
Load balancer and load balancer monitor for IBM Cloud Provider 1078 1165 Updated to run as a non-root user by default, with privileged escalation as needed. Updated to use Go version 1.15.7.
Red Hat OpenShift 4.5.24 4.5.31 See the Red Hat OpenShift release notes.

Change log for worker node fix pack 4.5.31_1529_openshift, released 15 February 2021

The following table shows the changes that are in the worker node fix pack 4.5.31_1529_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.28_1528_openshift
Component Previous Current Description
Red Hat OpenShift 4.5.28 4.5.31 See the Red Hat OpenShift release notes.
RHEL 7 Packages 3.10.0-1160.11.1.el7 3.10.0-1160.15.2.el7 Updated worker node with image kernel and package updates for: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723, CVE-2020-15436, CVE-2020-35513, CVE-2019-25013, CVE-2020-10029, CVE-2020-29573, and CVE-2020-12321){: external}.

Change log for worker node fix pack 4.5.28_1528_openshift, released 1 February 2021

The following table shows the changes that are in the worker node fix pack 4.5.28_1528_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.24_1526_openshift
Component Previous Current Description
Red Hat OpenShift 4.5.24 4.5.28 See the Red Hat OpenShift release notes.
RHEL 7 Packages N/A N/A Updated worker node image with package updates for CVE-2021-3156, CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686.

Change log for master fix pack 4.5.24_1527_openshift, released 19 January 2021

The following table shows the changes that are in the master fix pack patch update 4.5.24_1527_openshift. Master patch updates are applied automatically.

Changes since version 4.5.24_1525_openshift
Component Previous Current Description
Cluster health image v1.2.4 v1.2.6 Updated image to implement additional IBM security controls.
Gateway-enabled cluster controller 1184 1195 Updated image for CVE-2020-1971.
IBM Calico extension 556 567 Updated image to implement additional IBM security controls and for CVE-2020-1971 and CVE-2020-24659.
IBM Cloud Block Storage driver and plug-in v2.0.0 v2.0.1 Updated image for CVE-2020-1971 and CVE-2020-24659.
IBM Cloud Controller Manager v1.18.14-1 v1.18.15-3 Updated to support the Kubernetes 1.18.15 release and to implement additional IBM security controls.
IBM Cloud File Storage for Classic plug-in and monitor 384 385 Updated image for CVE-2020-1971 and CVE-2020-24659.
Key Management Service provider v2.2.2 v2.2.3 Fixed bug to ignore conflict errors during KMS secret re-encryption. Updated to use Go version 1.15.5. Updated image to implement additional IBM security controls and for CVE-2020-1971.
Load balancer and load balancer monitor for IBM Cloud Provider 1004 1078 Updated image for CVE-2020-1971.
Red Hat OpenShift N/A N/A Updated to implement additional IBM security controls.
Red Hat OpenShift Control Plane Operator v4.5.0-20201210 v4.5.0-20210112 See the Red Hat OpenShift on IBM Cloud toolkit release notes. Updated to implement additional IBM security controls.
OpenVPN Operator image v1.0.12 v1.1.0 Updated image for CVE-2020-1971.
Red Hat OpenShift on IBM Cloud Metrics Server v4.5.0-20201210 v4.5.0-20210112 See the Red Hat OpenShift on IBM Cloud toolkit release notes. Updated to implement additional IBM security controls.
Red Hat OpenShift on IBM Cloud toolkit 4.5.0+20201210 4.5.0+20210112 See the Red Hat OpenShift on IBM Cloud toolkit release notes.

Change log for worker node fix pack 4.5.24_1526_openshift, released 18 January 2021

The following table shows the changes that are in the worker node fix pack 4.5.24_1526_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.22_1524_openshift
Component Previous Current Description
Red Hat OpenShift 4.5.22 4.5.24 See the Red Hat OpenShift release notes.
RHEL 7 Packages N/A N/A Updated worker node image with package updates.

Change log for master fix pack 4.5.24_1525_openshift, released 6 January 2021

The following table shows the changes that are in the master fix pack patch update 4.5.24_1525_openshift. Master patch updates are applied automatically.

Changes since version 4.5.18_1523_openshift
Component Previous Current Description
IBM Calico extension 538 556 Updated image to include the ip command.
IBM Cloud Block Storage driver and plug-in 1.17.2 v2.0.0 Updated to use the universal base image (UBI), to use Go version 1.15.5, to run with a least privileged security context, and to improve logging. Updated image to implement additional IBM security controls.
IBM Cloud Controller Manager v1.18.13-1 v1.18.14-1 Updated to support the Kubernetes 1.18.14 release.
IBM Cloud File Storage for Classic plug-in N/A N/A Updated to run with a privileged security context.
IBM Cloud RBAC Operator c148a8a f859228 Updated image for CVE-2020-1971 and CVE-2020-24659.
Red Hat OpenShift Control Plane Operator v4.5.0-20201207 v4.5.0-20201210 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
Red Hat OpenShift 4.5.18 4.5.24 See the Red Hat OpenShift release notes. The update resolves CVE-2020-8559 (see the IBM security bulletin).
Red Hat OpenShift on IBM Cloud Metrics Server v4.5.0-20201207 v4.5.0-20201210 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
Red Hat OpenShift on IBM Cloud toolkit 4.5.0+20201207 4.5.0+20201210 See the Red Hat OpenShift on IBM Cloud toolkit release notes.

Change log for worker node fix pack 4.5.22_1524_openshift, released 21 December 2020

The following table shows the changes that are in the worker node fix pack update 4.5.21_1524_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.18_1523_openshift
Component Previous Current Description
HAProxy db4e6d 9b2dca Image update for CVE-2020-1971 and CVE-2020-24659.
Red Hat OpenShift 4.5.21 4.5.22 See the Red Hat OpenShift release notes.
RHEL 7 Packages 3.10.0-1160.6.1.el7 3.10.0-1160.11.1.el7 Updated worker node image with kernel and package updates for: CVE-2019-18282, CVE-2020-10769, CVE-2020-14314, CVE-2020-14385, CVE-2020-24394, CVE-2020-25212, CVE-2020-25643, and CVE-2020-1971.

Change log for master fix pack 4.5.18_1523_openshift, released 14 December 2020

The following table shows the changes that are in the master fix pack patch update 4.5.18_1523_openshift. Master patch updates are applied automatically.

Changes since version 4.5.18_1521_openshift
Component Previous Current Description
Cluster health image v1.2.3 v1.2.4 Updated image to implement additional IBM security controls.
etcd v3.4.13 v3.4.14 See the etcd release notes.
Gateway-enabled cluster controller 1105 1184 Updated to use Go version 1.15.5. Updated image to implement additional IBM security controls.
IBM Calico extension 469 538 Updated to use the universal base image (UBI), to run as a non-root user and to use Go version 1.15.5. Updated image to implement additional IBM security controls.
IBM Cloud Controller Manager v1.18.12-1 v1.18.13-1 Updated to support the Kubernetes 1.18.13 release. Updated image to implement additional IBM security controls. Fixed a bug in VPC load balancer creation when the cluster, VPC or subnet are in a different resource group.
IBM Cloud File Storage for Classic monitor 379 384 Updated to use Go version 1.15.5 and to run as a non-root user. Updated image to implement additional IBM security controls.
IBM Cloud File Storage for Classic plug-in 379 384 Updated to use Go version 1.15.5 and to run with a least privileged security context. Updated image to implement additional IBM security controls.
IBM Cloud RBAC Operator 197bc70 c148a8a Updated to use Go version 1.15.6 and updated image to implement additional IBM security controls.
Key management service (KMS) provider v2.2.1 v2.2.2 Updated image to implement additional IBM security controls.
Load balancer and load balancer monitor for IBM Cloud Provider 234 1004 Updated Alpine base image to version 3.12 and to use Go version 1.15.5. Updated image for CVE-2020-8037 and CVE-2020-28928. Updated image to implement additional IBM security controls.
Red Hat OpenShift Control Plane Operator v4.5.0-20201113 v4.5.0-20201207 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
OpenVPN client 2.4.6-r3-IKS-116 2.4.6-r3-IKS-301 Updated image to implement additional IBM security controls.
OpenVPN Operator image v1.0.10 v1.0.12 Updated image to implement additional IBM security controls.
OpenVPN server 2.4.6-r3-IKS-131 2.4.6-r3-IKS-301 Updated image to implement additional IBM security controls.
Red Hat OpenShift on IBM Cloud Metrics Server v4.5.0-20201113 v4.5.0-20201207 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
Red Hat OpenShift on IBM Cloud toolkit 4.5.0+20201113 4.5.0+20201207 See the Red Hat OpenShift on IBM Cloud toolkit release notes.

Change log for worker node fix pack 4.5.21_1522_openshift, released 7 December 2020

The following table shows the changes that are in the worker node fix pack update 4.5.21_1522_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.19_1521_openshift
Component Previous Current Description
HAProxy 1.8.26-384f42 db4e6d Added provenance labels for source tracking.
Red Hat OpenShift 4.5.19 4.5.21 See the Red Hat OpenShift release notes.
RHEL 7 Packages N/A N/A Updated worker node image with package updates.

Change log for worker node fix pack 4.5.19_1521_openshift, released 23 November 2020

The following table shows the changes that are in the worker node fix pack update 4.5.19_1521_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.17_1519_openshift
Component Previous Current Description
Ephemeral storage reservations N/A N/A Local ephemeral storage is reserved on the Kubernetes data disk for system components.
Red Hat OpenShift node 4.5.17 4.5.19 See the Red Hat OpenShift release notes.
RHEL 7 Packages 3.10.0-1160.2.2.el7 3.10.0-1160.6.1.el7 Updated worker node image with kernel and package updates for CVE-2020-8622, CVE-2020-8623, CVE-2020-8624, CVE-2019-20907, CVE-2020-15999, CVE-2020-8177, CVE-2019-20811, CVE-2020-14331, CVE-2020-8695, CVE-2020-8696, and CVE-2020-8698.

Change log for master fix pack 4.5.18_1521_openshift, released 16 November 2020

The following table shows the changes that are in the master fix pack patch update 4.5.18_1521_openshift. Master patch updates are applied automatically.

Changes since version 4.5.15_1518_openshift
Component Previous Current Description
Calico v3.16.1 v3.16.5 See the Calico release notes.
Tigera Operator v1.10.3 v1.10.9 See the Tigera Operator release notes. In addition, Tigera Operator metrics are disabled.
Cluster health image v1.2.2 v1.2.3 Added status codes to add-on health messages. Set add-on health state to critical and status to unknown when cluster health is critical. When a cluster has a Kubernetes key management service (KMS) provider enabled and a disabled Key Protect key, the cluster health state is now set to critical. Updated image for DLA-2424-1.
IBM Cloud Controller Manager v1.18.10-1 v1.18.12-1 Updated to support the Kubernetes 1.18.12 release. Updated image for DLA-2424-1.
IBM Cloud RBAC Operator 31c794a 197bc70 Updated image for CVE-2019-20454, CVE-2020-10029, CVE-2020-1751, CVE-2020-1752, CVE-2019-20807, CVE-2019-16935, CVE-2019-20907, CVE-2020-14422, CVE-2020-8492, CVE-2019-15165, CVE-2019-16168, CVE-2019-20218, CVE-2019-5018, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-6405, CVE-2020-9327, CVE-2020-8177, CVE-2019-13050, CVE-2018-20843, CVE-2019-15903, CVE-2019-14889, CVE-2020-1730, CVE-2019-1551, CVE-2020-14382, CVE-2019-13627, CVE-2019-19956, CVE-2019-20388, CVE-2020-7595, CVE-2019-20386, CVE-2019-19906, CVE-2019-20387, and CVE-2019-19221.
Key Management Service provider v2.1.0 v2.2.1 Updated to support service-to-service authentication and to use Go version 1.15.2. Updated image for DLA-2424-1.
Red Hat OpenShift Control Plane Operator v4.5.0-20201022 v4.5.0-20201113 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
Red Hat OpenShift 4.5.15 4.5.18 See the Red Hat OpenShift release notes.
OpenVPN Operator image v1.0.9 v1.0.10 Updated image for CVE-2019-20454, CVE-2020-10029, CVE-2020-1751, CVE-2020-1752, CVE-2019-20807, CVE-2019-16935, CVE-2019-20907, CVE-2020-14422, CVE-2020-8492, CVE-2019-15165, CVE-2019-16168, CVE-2019-20218, CVE-2019-5018, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-6405, CVE-2020-9327, CVE-2020-8177, CVE-2019-13050, CVE-2018-20843, CVE-2019-15903, CVE-2019-14889, CVE-2020-1730, CVE-2019-1551, CVE-2020-14382, CVE-2019-13627, CVE-2019-19956, CVE-2019-20388, CVE-2020-7595, CVE-2019-20386, CVE-2019-19906, CVE-2019-20387, and CVE-2019-19221.
Red Hat OpenShift on IBM Cloud Server v4.5.0-20201022 v4.5.0-20201113 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
Red Hat OpenShift on IBM Cloud toolkit 4.5.0+20201022 4.5.0+20201113 See the Red Hat OpenShift on IBM Cloud toolkit release notes.

Change log for worker node fix pack 4.5.17_1519_openshift, released 9 November 2020

The following table shows the changes that are in the worker node fix pack update 4.5.17_1519_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.15_1518_openshift
Component Previous Current Description
Red Hat OpenShift 4.5.15 4.5.17 See the Red Hat OpenShift release notes.
RHEL 7 Packages N/A N/A Updated worker node image with package updates for CVE-2020-15999.

Change log for worker node fix pack 4.5.15_1518_openshift, released 26 October 2020

The following table shows the changes that are in the worker node fix pack update 4.5.15_1518_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.5.13_1515_openshift
Component Previous Current Description
Red Hat OpenShift 4.5.13 4.5.15 See the Red Hat OpenShift release notes.
RHEL 7 Packages 3.10.0-1160.2.1.el7 3.10.0-1160.2.2.el7 Updated worker node images with kernel and package updates for CVE-2020-12351 and CVE-2020-12352.

Change log for master fix pack 4.5.15_1518_openshift, released 26 October 2020

The following table shows the changes that are in the master fix pack patch update 4.5.15_1518_openshift. Master patch updates are applied automatically.

Changes since version 4.5.13_1515_openshift
Component Previous Current Description
Cluster health image v1.2.1 v1.2.2 Fixed the cluster health status for when add-on customizations are used.
IBM Cloud Controller Manager v1.18.9-2 v1.18.10-1 Updated to support the Kubernetes 1.18.10 release.
IBM Cloud File Storage for Classic plug-in and monitor 378 379 Updated to use the universal base image (UBI) and to use Go version 1.15.2.
Kubernetes configuration N/A N/A Kubernetes service account token volume projection is enabled and issues tokens that use https://kubernetes.default.svc as the default API audience.
Red Hat OpenShift 4.5.13 4.5.15 See the Red Hat OpenShift release notes.
Red Hat OpenShift Control Plane Operator v4.5.0-20201009 v4.5.0-20201022 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
Red Hat OpenShift on IBM Cloud Metrics Server v4.5.0-20201009 v4.5.0-20201022 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
Red Hat OpenShift on IBM Cloud toolkit 4.5.0+20201009 4.5.0+20201022 See the Red Hat OpenShift on IBM Cloud toolkit release notes.

Change log for 4.5.13_1515_openshift, released 13 October 2020

The following table shows the changes that are in the 4.5.13_1515_openshift version update.

Changes since version 4.4.20_1518_openshift
Component Previous Current Description
Calico v3.13.3 v3.16.1 See the Calico release notes. In addition, Calico pods in the calico-system namespace now set CPU and memory requests.
Tigera Operator v1.3.4 v1.10.3 See the Tigera Operator release notes.
Cluster health image v1.1.11 v1.2.1 When a cluster has a Kubernetes key management service (KMS) provider enabled and a disabled Key Protect key, a warning is now returned in the cluster health state. Fixed check to determine if an add-on is unsupported. In addition, updated to use Go version 1.15.2.
Cluster master HA configuration N/A N/A Updated configuration to improve availability during cluster master operations.
Gateway-enabled cluster controller 1082 1105 Updated to use Go version 1.15.2.
IBM Cloud Block Storage for Classic driver and plug-in 1.17.1 1.17.2 Updated to use Go version 1.13.15.
IBM Cloud Controller Manager v1.17.12-1 v1.18.9-2 Updated to support the Kubernetes 1.18.9 release and to use calicoctl version 3.13.4. Updated network load balancer (NLB) events to use the latest IBM Cloud troubleshooting documentation. For VPC load balancers, the service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: "proxy-protocol" annotation was added to preserve the source IP address of requests to apps in your cluster.
IBM Cloud RBAC Operator 4b47693 31c794a Updated to use Go version 1.15.2.
Key Management Service provider v2.0.4 v2.1.0 Updated to use the key management service (KMS) provider secret to identify when a Key Protect key is enabled and disabled so that encryption and decryption requests are updated accordingly.
Load balancer and load balancer monitor for IBM Cloud Provider 208 234 Improved startup performance of version 2.0 private network load balancers (NLBs). Updated to use Go version 1.15.2.
Red Hat OpenShift Control Plane Operator v4.4.0-20200821 v4.5.0-20201009 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
Red Hat OpenShift 4.4.20 4.5.13 See the Red Hat OpenShift release notes.
Red Hat OpenShift configuration N/A N/A New version 4.5 clusters that run on the VPC infrastructure provider and use IBM Cloud Object Storage now proxy container image traffic through the internal registry pods directly to the Object Storage endpoints. To configure this proxy for version 4.5 clusters that were updated from a previous version, see the troubleshooting topic.
OpenVPN Operator image v1.0.8 v1.0.9 Updated to improve OpenVPN availability.
Red Hat OpenShift on IBM Cloud Metrics Server N/A v4.5.0-20201009 New!: Red Hat OpenShift on IBM Cloud now provides custom cluster metrics. See the Red Hat OpenShift on IBM Cloud toolkit release notes.
Red Hat OpenShift on IBM Cloud toolkit 4.4.0+20200821 4.5.0+20201009 See the Red Hat OpenShift on IBM Cloud release notes.

Version 4.4 change log (unsupported as of 31 May 2021)

Version 4.4 is unsupported. You can review the following archive of the 4.4 change logs.

Change log for worker node fix pack 4.4.33_1544_openshift, released 24 May 2021

The following table shows the changes that are in the worker node fix pack 4.4.33_1544_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.4.33_1541_openshift
Component Previous Current Description
HA proxy e0fa2f 26c5cc Updated image with fixes for CVE-2020-26116, CVE-2020-27619, CVE-2021-23336, CVE-2021-3177, CVE-2019-3842, CVE-2020-13776, CVE-2019-18276, CVE-2020-24977, CVE-2020-13434, CVE-2020-15358, CVE-2019-13012, CVE-2020-13543, CVE-2020-13584, CVE-2020-9948, CVE-2020-9951, CVE-2020-9983, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2020-24330, CVE-2020-24331, CVE-2020-24332, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2020-28196, CVE-2019-2708, CVE-2016-10228, CVE-2019-25013, CVE-2019-9169, CVE-2020-27618, CVE-2021-3326, and CVE-2020-8927.
RHEL 7 Packages N/A N/A Updated worker node image with package updates.

Change log for master fix pack 4.4.33_1543_openshift, released 24 May 2021

The following table shows the changes that are in the master fix pack patch update 4.4.33_1543_openshift. Master patch updates are applied automatically.

Changes since version 4.4.33_1539_openshift
Component Previous Current Description
Cluster health image v1.1.21 v1.1.22 Updated image to implement additional IBM security controls and for CVE-2020-26160, CVE-2020-28483 and CVE-2021-20305.
Gateway-enabled cluster controller 1322 1352 Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-28831, CVE-2021-30139, CVE-2021-3449 and CVE-2021-3450.
IBM Calico extension 618 689 Updated to use Go version 1.15.12. Updated image to implement additional IBM security controls and for CVE-2020-14391, CVE-2020-25661 and CVE-2020-25662.
IBM Cloud® Block Storage for Classic driver and plug-in v2.0.3 v2.0.4 Updated image for CVE-2021-3449 and CVE-2021-3450.
IBM Cloud File Storage for Classic plug-in and monitor 390 392 Improved the prerequisite validation logic for provisioning persistent volume claims (PVCs). Updated image to implement additional IBM security controls and for CVE-2021-20305.
IBM Cloud RBAC Operator b6a694b 63cd064 Updated image to implement additional IBM security controls and for CVE-2020-28483.
Key Management Service provider v2.3.3 v2.3.4 Updated image to implement additional IBM security controls and for CVE-2020-28483 and CVE-2020-26160.
Load balancer and load balancer monitor for IBM Cloud Provider 1274 1328 Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-28831, CVE-2021-30139, CVE-2021-3449 and CVE-2021-3450.
OpenVPN Operator image v1.3.0 v1.3.1 Updated image for CVE-2021-20305.

Change log for worker node fix pack 4.4.33_1541_openshift, released 10 May 2021

The following table shows the changes that are in the worker node fix pack 4.4.33_1541_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.4.33_1540_openshift
Component Previous Current Description
RHEL 7 Packages 3.10.0-1160.24 3.10.0-1160.25 To increase resiliency, rsyslog no longer keeps old file descriptors. Updated worker node images with kernel and package updates for CVE-2021-25215, CVE-2020-25692, and CVE-2020-25648.

Change log for master fix pack 4.4.33_1539_openshift, released 27 April 2021

The following table shows the changes that are in the master fix pack patch update 4.4.33_1539_openshift. Master patch updates are applied automatically.

Changes since version 4.4.33_1536_openshift
Component Previous Current Description
Cluster health image v1.1.19 v1.1.21 Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-3449, CVE-2021-3450, and CVE-2021-20305.
IBM Cloud Block Storage driver and plug-in v2.0.1 v2.0.3 Updated to use Go version 1.15.9 and for CVE-2020-28851.
IBM Cloud File Storage for Classic plug-in and monitor 389 390 Updated to use Go version 1.15.9 and for CVE-2020-28851 and CVE-2021-3121.
IBM Cloud RBAC Operator 3dd6bbc b6a694b Updated image for CVE-2021-3449 and CVE-2021-3450.
Key Management Service provider v2.2.5 v2.3.3 Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-3449, CVE-2021-3450, and CVE-2021-20305.
OpenVPN client 2.4.6-r3-IKS-301 2.4.6-r3-IKS-386 Updated image to implement additional IBM security controls.
OpenVPN Operator image v1.2.0 v1.3.0 Added OpenVPN support to the Red Hat OpenShift API server to support webhooks. Updated image to implement additional IBM security controls and for CVE-2021-3449, CVE-2021-3450, and CVE-2021-20305.
OpenVPN server 2.4.6-r3-IKS-301 2.4.6-r3-IKS-385 Updated image to implement additional IBM security controls.

Change log for worker node fix pack 4.4.33_1540_openshift, released 26 April 2021

The following table shows the changes that are in the worker node fix pack 4.4.33_1540_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.4.33_1538_openshift
Component Previous Current Description
HA proxy a3b1ff e0fa2f The update addresses CVE-2021-20305.
RHEL 7 Packages N/A N/A Updated worker node images with package updates for CVE-2021-20305.

Change log for worker node fix pack 4.4.33_1538_openshift, released 12 April 2021

The following table shows the changes that are in the worker node fix pack 4.4.33_1538_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.4.33_1537_openshift
Component Previous Current Description
HA proxy 9b2dca a3b1ff The update addresses CVE-2021-3449 and CVE-2021-3450.
RHEL 7 Packages 3.10.0-1160.21.1.el7 3.10.0-1160.24.1.el7 Updated worker node images with kernel and package updates for CVE-2021-27363, CVE-2021-27364, and CVE-2021-27365.

Change log for master fix pack 4.4.33_1536_openshift, released 30 March 2021

The following table shows the changes that are in the master fix pack patch update 4.4.33_1536_openshift. Master patch updates are applied automatically.

Changes since version 4.4.33_1534_openshift
Component Previous Current Description
Activity Tracker event N/A N/A Now, the containers-kubernetes.version.update event is sent to Activity Tracker when a master fix pack update is initiated for a cluster.
Cluster health image v1.1.18 v1.1.19 Updated image for CVE-2020-28851.
Gateway-enabled cluster controller 1232 1322 Updated to use Go version 1.15.10 and for CVE-2021-23839, CVE-2021-23840, and CVE-2021-23841.
IBM Cloud File Storage for Classic plug-in and monitor 388 389 Updated to use Go version 1.15.8.
IBM Cloud RBAC Operator 86de2b7 3dd6bbc Updated image for CVE-2020-28851.
Load balancer and load balancer monitor for IBM Cloud Provider 1165 1274 Fixed a bug that might cause version 2.0 network load balancers (NLBs) to crash and restart on load balancer updates.
OpenVPN Operator image v1.1.0 v1.2.0 Fixed a bug that could prevent worker node VPN updates.

Change log for worker node fix pack 4.4.33_1537_openshift, released 29 March 2021

The following table shows the changes that are in the worker node fix pack 4.4.33_1537_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.4.33_1535_openshift
Component Previous Current Description
RHEL 7 Packages 3.10.0-1160.15.2.el7 3.10.0-1160.21.1.el7 Updated worker node images with kernel and package updates for CVE-2019-19532, CVE-2020-0427, CVE-2020-7053, CVE-2020-14351, CVE-2020-25211, CVE-2020-25645, CVE-2020-25656, CVE-2020-25705, CVE-2020-28374, CVE-2020-29661, and CVE-2021-20265.

Change log for worker node fix pack 4.4.33_1535_openshift, released 12 March 2021

The following table shows the changes that are in the worker node fix pack 4.4.33_1535_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.4.33_1534_openshift
Component Previous Current Description
RHEL 7 Packages N/A N/A Updated worker node with package updates for CVE-2020-8625, CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233, and CVE-2021-27803.

Change log for worker node fix pack 4.4.33_1534_openshift, released 1 March 2021

The following table shows the changes that are in the worker node fix pack 4.4.33_1534_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.4.33_1533_openshift
Component Previous Current Description
Image garbage collection N/A N/A Fixed a race condition during the provisioning of worker nodes that might cause image garbage collection to fail.
IBM Cloud Container Registry private endpoints N/A N/A VPC worker nodes: Fixed a bug where traffic to the private endpoints of IBM Cloud Container Registry might fail after rebooting the worker node.
RHEL 7 Packages N/A N/A Updated worker node with package updates.

Change log for master fix pack 4.4.33_1534_openshift, released 22 February 2021

The following table shows the changes that are in the master fix pack patch update 4.4.33_1534_openshift. Master patch updates are applied automatically.

Changes since version 4.4.31_1531_openshift
Component Previous Current Description
Calico v3.13.3 v3.13.5 See the Calico release notes.
Tigera Operator v1.3.4 v1.3.6 See the Tigera Operator release notes.
Cluster health image v1.1.16 v1.1.18 Updated to use Go version 1.15.7. Updated image to implement additional IBM security controls.
Gateway-enabled cluster controller 1195 1232 Updated to use Go version 1.15.7.
IBM Calico extension 567 618 Updated to use Go version 1.15.7.
IBM Cloud Controller Manager v1.17.17-1 v1.17.17-5 Updated image for for DLA-2509-1.
IBM Cloud File Storage for Classic plug-in and monitor 385 388 Improved the retry logic for provisioning persistent volume claims (PVCs).
IBM Cloud RBAC Operator f859228 86de2b7 Updated to use Go version 1.15.7.
Key Management Service provider v2.2.3 v2.2.5 Updated to use Go version 1.15.7. Updated image to implement additional IBM security controls.
Load balancer and load balancer monitor for IBM Cloud Provider 1078 1165 Updated to use Go version 1.15.7.
Red Hat OpenShift 4.4.31 4.4.33 See the Red Hat OpenShift release notes.

Change log for worker node fix pack 4.4.33_1533_openshift, released 15 February 2021

The following table shows the changes that are in the worker node fix pack 4.4.33_1533_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.4.31_1532_openshift
Component Previous Current Description
Red Hat OpenShift 4.4.31 4.4.33 See the Red Hat OpenShift release notes.
RHEL 7 Packages 3.10.0-1160.11.1.el7 3.10.0-1160.15.2.el7 Updated worker node with image kernel and package updates for: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723, CVE-2020-15436, CVE-2020-35513, CVE-2019-25013, CVE-2020-10029, CVE-2020-29573, and CVE-2020-12321){: external}.

Change log for worker node fix pack 4.4.31_1532_openshift, released 1 February 2021

The following table shows the changes that are in the worker node fix pack 4.4.31_1532_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.4.31_1530_openshift
Component Previous Current Description
RHEL 7 Packages N/A N/A Updated worker node image with package updates for CVE-2021-3156, CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686.

Change log for master fix pack 4.4.31_1531_openshift, released 19 January 2021

The following table shows the changes that are in the master fix pack patch update 4.4.31_1531_openshift. Master patch updates are applied automatically.

Changes since version 4.4.31_1529_openshift
Component Previous Current Description
Cluster health image v1.1.13 v1.1.16 Updated image to implement additional IBM security controls.
Gateway-enabled cluster controller 1184 1195 Updated image for CVE-2020-1971.
IBM Calico extension 556 567 Updated image to implement additional IBM security controls and for CVE-2020-1971 and CVE-2020-24659.
IBM Cloud Block Storage driver and plug-in v2.0.0 v2.0.1 Updated image for CVE-2020-1971 and CVE-2020-24659.
IBM Cloud Controller Manager v1.17.16-1 v1.17.17-1 Updated to support the Kubernetes 1.17.17 release.
IBM Cloud File Storage for Classic plug-in and monitor 384 385 Updated image for CVE-2020-1971 and CVE-2020-24659.
Key Management Service provider v2.2.2 v2.2.3 Fixed bug to ignore conflict errors during KMS secret re-encryption. Updated to use Go version 1.15.5. Updated image to implement additional IBM security controls and for CVE-2020-1971.
Load balancer and load balancer monitor for IBM Cloud Provider 1004 1078 Updated image for CVE-2020-1971.
Red Hat OpenShift Control Plane Operator v4.4.0-20201210 v4.4.0-20210112 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
OpenVPN Operator image v1.0.12 v1.1.0 Updated image for CVE-2020-1971.
Red Hat OpenShift on IBM Cloud toolkit 4.4.0+20201210 4.4.0+20210112 See the Red Hat OpenShift on IBM Cloud toolkit release notes.

Change log for worker node fix pack 4.4.31_1530_openshift, released 18 January 2021

The following table shows the changes that are in the worker node fix pack 4.4.31_1530_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.4.31_1528_openshift
Component Previous Current Description
RHEL 7 Packages N/A N/A Updated worker node image with package updates.

Change log for master fix pack 4.4.31_1529_openshift, released 6 January 2021

The following table shows the changes that are in the master fix pack patch update 4.4.31_1529_openshift. Master patch updates are applied automatically.

Changes since version 4.4.29_1527_openshift
Component Previous Current Description
IBM Calico extension 538 556 Updated image to include the ip command.
IBM Cloud Block Storage driver and plug-in 1.17.2 v2.0.0 Updated to use the universal base image (UBI), to use Go version 1.15.5, to run with a least privileged security context, and to improve logging. Updated image to implement additional IBM security controls.
IBM Cloud Controller Manager v1.17.15-1 v1.17.16-1 Updated to support the Kubernetes 1.17.16 release.
IBM Cloud File Storage for Classic plug-in N/A N/A Updated to run with a privileged security context.
IBM Cloud RBAC Operator c148a8a f859228 Updated image for CVE-2020-1971 and CVE-2020-24659.
Key Management Service provider v2.0.7 v2.2.2

Updated the key management service (KMS) provider support as follows.

  • Updated to use Go version 1.15.2.
  • Added support for service-to-service authentication.
  • Updated to use the KMS provider secret to identify when a Key Protect key is enabled and disabled so that encryption and decryption requests are updated accordingly.
Red Hat OpenShift Control Plane Operator v4.4.0-20201207 v4.4.0-20201210 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
Red Hat OpenShift 4.4.29 4.4.31 See the Red Hat OpenShift release notes.
Red Hat OpenShift on IBM Cloud toolkit 4.4.0+20201207 4.4.0+20201210 See the Red Hat OpenShift on IBM Cloud toolkit release notes.

Change log for worker node fix pack 4.4.31_1528_openshift, released 21 December 2020

The following table shows the changes that are in the worker node fix pack update 4.4.31_1528_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.4.29_1527_openshift
Component Previous Current Description
HAProxy db4e6d 9b2dca Image update for CVE-2020-1971 and CVE-2020-24659.
RHEL 7 Packages 3.10.0-1160.6.1.el7 3.10.0-1160.11.1.el7 Updated worker node image with kernel and package updates for: CVE-2019-18282, CVE-2020-10769, CVE-2020-14314, CVE-2020-14385, CVE-2020-24394, CVE-2020-25212, CVE-2020-25643, and CVE-2020-1971.

Change log for master fix pack 4.4.29_1527_openshift, released 14 December 2020

The following table shows the changes that are in the master fix pack patch update 4.4.29_1527_openshift. Master patch updates are applied automatically.

Changes since version 4.4.29_1525_openshift
Component Previous Current Description
etcd v3.4.13 v3.4.14 See the etcd release notes.
Gateway-enabled cluster controller 1105 1184 Updated to use Go version 1.15.5. Updated image to implement additional IBM security controls.
IBM Calico extension 378 538 Updated to use the universal base image (UBI), to run as a non-root user and to use Go version 1.15.5. Updated image to implement additional IBM security controls.
IBM Cloud Controller Manager v1.17.14-1 v1.17.15-1 Updated to support the Kubernetes 1.17.15 release. Updated image to implement additional IBM security controls.
IBM Cloud File Storage for Classic monitor 379 384 Updated to use Go version 1.15.5 and to run as a non-root user. Updated image to implement additional IBM security controls.
IBM Cloud File Storage for Classic plug-in 379 384 Updated to use Go version 1.15.5 and to run with a least privileged security context. Updated image to implement additional IBM security controls.
IBM Cloud RBAC Operator 197bc70 c148a8a Updated to use Go version 1.15.6 and updated image to implement additional IBM security controls.
Key management service (KMS) provider v2.0.5 v2.0.7 Updated image to implement additional IBM security controls.
Load balancer and load balancer monitor for IBM Cloud Provider 208 1004 Updated Alpine base image to version 3.12 and to use Go version 1.15.5. Updated image for CVE-2020-8037 and CVE-2020-28928. Updated image to implement additional IBM security controls.
Red Hat OpenShift Control Plane Operator v4.4.0-20201110 v4.4.0-20201207 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
OpenVPN client 2.4.6-r3-IKS-116 2.4.6-r3-IKS-301 Updated image to implement additional IBM security controls.
OpenVPN Operator image v1.0.10 v1.0.12 Updated image to implement additional IBM security controls.
OpenVPN server 2.4.6-r3-IKS-131 2.4.6-r3-IKS-301 Updated image to implement additional IBM security controls.
Red Hat OpenShift on IBM Cloud toolkit 4.4.0+20201110 4.4.0+20201207 See the Red Hat OpenShift on IBM Cloud toolkit release notes.

Change log for worker node fix pack 4.4.31_1526_openshift, released 7 December 2020

The following table shows the changes that are in the worker node fix pack update 4.4.31_1526_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.4.30_1525_openshift
Component Previous Current Description
HAProxy 1.8.26-384f42 db4e6d Added provenance labels for source tracking.
Red Hat OpenShift 4.4.30 4.4.31 See the Red Hat OpenShift release notes.
RHEL 7 Packages N/A N/A Updated worker node image with package updates.

Change log for worker node fix pack 4.4.30_1525_openshift, released 23 November 2020

The following table shows the changes that are in the worker node fix pack update 4.4.30_1525_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.4.29_1524_openshift
Component Previous Current Description
Ephemeral storage reservations N/A N/A Local ephemeral storage is reserved on the Kubernetes data disk for system components.
Red Hat OpenShift node 4.4.29 4.4.30 See the Red Hat OpenShift release notes.
RHEL 7 Packages 3.10.0-1160.2.2.el7 3.10.0-1160.6.1.el7 Updated worker node image with kernel and package updates for CVE-2020-8622, CVE-2020-8623, CVE-2020-8624, CVE-2019-20907, CVE-2020-15999, CVE-2020-8177, CVE-2019-20811, CVE-2020-14331, CVE-2020-8695, CVE-2020-8696, and CVE-2020-8698.

Change log for master fix pack 4.4.29_1525_openshift, released 16 November 2020

The following table shows the changes that are in the master fix pack patch update 4.4.29_1525_openshift. Master patch updates are applied automatically.

Changes since version 4.4.27_1523_openshift
Component Previous Current Description
Cluster health image v1.1.12 v1.1.13 Updated image for DLA-2424-1.
IBM Cloud Controller Manager v1.17.13-1 v1.17.14-1 Updated to support the Kubernetes 1.17.14 release. Updated image for DLA-2424-1.
IBM Cloud File Storage for Classic plug-in and monitor 378 379 Updated to use the universal base image (UBI) and to use Go version 1.15.2.
IBM Cloud RBAC Operator 31c794a 197bc70 Updated image for CVE-2019-20454, CVE-2020-10029, CVE-2020-1751, CVE-2020-1752, CVE-2019-20807, CVE-2019-16935, CVE-2019-20907, CVE-2020-14422, CVE-2020-8492, CVE-2019-15165, CVE-2019-16168, CVE-2019-20218, CVE-2019-5018, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-6405, CVE-2020-9327, CVE-2020-8177, CVE-2019-13050, CVE-2018-20843, CVE-2019-15903, CVE-2019-14889, CVE-2020-1730, CVE-2019-1551, CVE-2020-14382, CVE-2019-13627, CVE-2019-19956, CVE-2019-20388, CVE-2020-7595, CVE-2019-20386, CVE-2019-19906, CVE-2019-20387, and CVE-2019-19221.
Key Management Service provider v2.0.4 v2.0.5 Updated image for DLA-2424-1.
Red Hat OpenShift Control Plane Operator v4.4.0-20200821 v4.4.0-20201110 See the Red Hat OpenShift on IBM Cloud toolkit release notes.
Red Hat OpenShift 4.4.27 4.4.29 See the Red Hat OpenShift release notes.
OpenVPN Operator image v1.0.9 v1.0.10 Updated image for CVE-2019-20454, CVE-2020-10029, CVE-2020-1751, CVE-2020-1752, CVE-2019-20807, CVE-2019-16935, CVE-2019-20907, CVE-2020-14422, CVE-2020-8492, CVE-2019-15165, CVE-2019-16168, CVE-2019-20218, CVE-2019-5018, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-6405, CVE-2020-9327, CVE-2020-8177, CVE-2019-13050, CVE-2018-20843, CVE-2019-15903, CVE-2019-14889, CVE-2020-1730, CVE-2019-1551, CVE-2020-14382, CVE-2019-13627, CVE-2019-19956, CVE-2019-20388, CVE-2020-7595, CVE-2019-20386, CVE-2019-19906, CVE-2019-20387, and CVE-2019-19221.
Red Hat OpenShift on IBM Cloud toolkit 4.4.0+20200821 4.4.0+20201110 See the Red Hat OpenShift on IBM Cloud toolkit release notes.

Change log for worker node fix pack 4.4.29_1524_openshift, released 9 November 2020

The following table shows the changes that are in the worker node fix pack update 4.4.29_1524_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.4.27_1523_openshift
Component Previous Current Description
Red Hat OpenShift 4.4.27 4.4.29 See the Red Hat OpenShift release notes.
RHEL 7 Packages N/A N/A Updated worker node image with package updates for CVE-2020-15999.

Change log for worker node fix pack 4.4.27_1523_openshift, released 26 October 2020

The following table shows the changes that are in the worker node fix pack update 4.4.27_1523_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.4.26_1521_openshift
Component Previous Current Description
Red Hat OpenShift 4.4.26 4.4.27 See the Red Hat OpenShift release notes.
RHEL 7 Packages 3.10.0-1160.2.1.el7 3.10.0-1160.2.2.el7 Updated worker node images with kernel and package updates for CVE-2020-12351 and CVE-2020-12352.

Change log for master fix pack 4.4.27_1523_openshift, released 26 October 2020

The following table shows the changes that are in the master fix pack patch update 4.4.27_1523_openshift. Master patch updates are applied automatically.

Changes since version 4.4.20_1518_openshift
Component Previous Current Description
Cluster health image v1.1.11 v1.1.12 Fixed check for unsupported add-ons. Updated to use Go version 1.15.2.
Gateway-enabled cluster controller 1082 1105 Updated to use Go version 1.15.2.
IBM Cloud Block Storage for Classic driver and plug-in 1.17.1 1.17.2 Updated to use Go version 1.13.15.
IBM Cloud Controller Manager v1.17.12-1 v1.17.13-1 Updated to support the Kubernetes 1.17.13 release.
IBM Cloud RBAC Operator 4b47693 31c794a Updated to use Go version 1.15.2.
Red Hat OpenShift 4.4.20 4.4.27 See the Red Hat OpenShift release notes.
Red Hat OpenShift configuration N/A N/A New version 4.4 clusters that run on the VPC infrastructure provider and use IBM Cloud Object Storage now proxy container image traffic through the internal registry pods directly to the Object Storage endpoints. To configure this proxy for existing version 4.4 clusters, see the troubleshooting topic.
OpenVPN Operator image v1.0.8 v1.0.9 Updated to improve OpenVPN availability.

Change log for worker node fix pack 4.4.26_1521_openshift, released 12 October 2020

The following table shows the changes that are in the worker node fix pack update 4.4.26_1521_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 4.4.23_1520_openshift
Component Previous Current Description
Red Hat OpenShift 4.4.23 4.4.26 See the Red Hat OpenShift release notes.
RHEL 7 Packages 3.10.0-1127.19.1.el7 3.10.0-1160.2.1.el7 Updated worker node image with kernel and package updates for: CVE-2019-12450, CVE-2019-14822, CVE-2020-12243, CVE-2019-14866, CVE-2017-12652, CVE-2017-18551, CVE-2018-20836, CVE-2019-9454, CVE-2019-9458, CVE-2019-12614, CVE-2019-15217, CVE-2019-15807, CVE-2019-15917, CVE-2019-16231, CVE-2019-16233, CVE-2019-16994, CVE-2019-17053, CVE-2019-17055, CVE-2019-18808, CVE-2019-19046, CVE-2019-19055, CVE-2019-19058, CVE-2019-19059, CVE-2019-19062, CVE-2019-19063, CVE-2019-19332, CVE-2019-19447, CVE-2019-19523, CVE-2019-19524, CVE-2019-19530, CVE-2019-19534, CVE-2019-19537, CVE-2019-19767, CVE-2019-19807, CVE-2019-20054, CVE-2019-20095, CVE-2019-20636, CVE-2020-1749, CVE-2020-2732, CVE-2020-8647, CVE-2020-8649, CVE-2020-9383, CVE-2020-10690, CVE-2020-10732, CVE-2020-10742, CVE-2020-10751, CVE-2020-10942, CVE-2020-11565, CVE-2020-12770, CVE-2020-12826, CVE-2020-14305, CVE-2019-5482, CVE-2019-19126, CVE-2020-12825, CVE-2019-5094, CVE-2019-5188, CVE-2019-2974, CVE-2020-2574, CVE-2020-2752, CVE-2020-2780, CVE-2020-2812, CVE-2019-12749, CVE-2019-19956, CVE-2019-20388, CVE-2020-7595, CVE-2020-10754, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-17006, CVE-2019-17023, CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, CVE-2020-12402, CVE-2020-12403, CVE-2018-20843, CVE-2019-15903, CVE-2019-14834, CVE-2019-11068, CVE-2019-18197, CVE-2019-16935, CVE-2019-20386, CVE-2019-17498, and CVE-2020-14365.