IBM Cloud Docs
Version 3.11 change log

Version 3.11 change log

This version is no longer supported. Update your cluster to a supported version as soon as possible.

View information of version changes for major, minor, and patch updates that are available for your Red Hat® OpenShift® on IBM Cloud® clusters that run version 3.11. Changes include updates to Red Hat OpenShift, Kubernetes, and IBM Cloud Provider components.

Overview

Unless otherwise noted in the change logs, the IBM Cloud provider version enables Red Hat OpenShift APIs and features that are at beta. Red Hat OpenShift alpha features, which are subject to change, are disabled.

Check the Security Bulletins on IBM Cloud Status for security vulnerabilities that affect Red Hat OpenShift on IBM Cloud. You can filter the results to view only Kubernetes Service security bulletins that are relevant to Red Hat OpenShift on IBM Cloud. Change log entries that address other security vulnerabilities but don't also refer to an IBM security bulletin are for vulnerabilities that are not known to affect Red Hat OpenShift on IBM Cloud in normal usage. If you run privileged containers, run commands on the workers, or execute untrusted code, then you might be at risk.

Master patch updates are applied automatically. Worker node patch updates can be applied by reloading or updating the worker nodes. For more information about major, minor, and patch versions and preparation actions between minor versions, see Red Hat OpenShift versions.

Version 3.11 change log

Review the change logs for Red Hat OpenShift on IBM Cloud version 3.11 patch updates.

Change log for worker node fix pack 3.11.705_1634_openshift, released 7 June 2022

The following table shows the changes that are in the worker node fix pack 3.11.705_1634_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.685_1632_openshift
Component Previous Current Description
RHEL 7 Packages N/A N/A Worker node package updates for CVE-2022-24903.
Red Hat OpenShift on IBM Cloud node 3.11.685 3.11.705 See the Red Hat OpenShift on IBM Cloud release notes.

Change log for master fix pack 3.11.705_1633_openshift, released 3 June 2022

The following table shows the changes that are in the master fix pack 3.11.705_1633_openshift. Master patch updates are applied automatically.

Changes since version 3.11.664_1629_openshift
Component Previous Current Description
Cluster health image v1.1.36 v1.1.37 Updated Go to version 1.17.10 and also updated the dependencies. Update registry base image version to 104
IBM Cloud File Storage for Classic plug-in and monitor 408 410 Updated universal base image (UBI) to version 8.6-751 to resolve CVEs.
Key Management Service provider v1.0.26 v1.0.27 Updated Go to version 1.17.10 and updated the golang dependencies.
Load balancer and load balancer monitor for IBM Cloud Provider 1915 1997 Updated Go to version 1.17.10 and updated dependencies.
Red Hat OpenShift on IBM Cloud Control Plane 3.11.664 3.11.705 See the Red Hat OpenShift on IBM Cloud release notes.

Change log for worker node fix pack 3.11.685_1632_openshift, released 23 May 2022

The following table shows the changes that are in the worker node fix pack 3.11.685_1632_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.685_openshift
Component Previous Current Description
RHEL 7 Packages 3.10.0-1160.62.1 3.10.0-1160.66.1 Worker node kernel & package updates for CVE-2018-25032, CVE-2022-1271, CVE-2022-0492.
HA proxy 36b0307 468c09 CVE-2021-3634.

Change log for worker node fix pack 3.11.685_openshift, released 09 May 2022

The following table shows the changes that are in the worker node fix pack 3.11.685_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.664_openshift
Component Previous Current Description
RHEL 7 Packages N/A N/A N/A
Red Hat OpenShift on IBM Cloud node 3.11.664 3.11.685 See the Red Hat OpenShift on IBM Cloud release notes.
Haproxy f53b22 36b030 CVE-2022-1271, CVE-2022-1154, CVE-2018-25032.

Change log for master fix pack 3.11.664_1629_openshift, released 26 April 2022

The following table shows the changes that are in the master fix pack 3.11.664_1629_openshift. Master patch updates are applied automatically.

Changes since version 3.11.634_1626_openshift
Component Previous Current Description
Cluster health image v1.1.35 v1.1.36 Updated Go to version 1.17.9 and also updated the dependencies. Update registry base image version to 103.
IBM Cloud File Storage for Classic plug-in and monitor 407 408 Fixed CVE-2022-0778.
Load balancer and Load balancer monitor for IBM Cloud Provider 1866 1915 Updated the image to resolve CVEs.
OpenVPN client 2.5.4-r0-IKS-579 2.5.6-r0-IKS-592 Updated OpenVPN client to version 2.5.6-r0.
OpenVPN server 2.5.4-r0-IKS-578 2.5.6-r0-IKS-591 Updated OpenVPN server to version 2.5.6-r0.
Red Hat OpenShift on IBM Cloud Control Plane 3.11.634 3.11.664 See the Red Hat OpenShift on IBM Cloud release notes.

Change log for worker node fix pack 3.11.664_1630_openshift, released 25 April 2022

Changes since version 3.11.664_1628_openshift
Component Previous Current Description
RHEL 7 Packages N/A N/A Package updates.

Change log for worker node fix pack 3.11.664_1628_openshift, released 11 April 2022

The following table shows the changes that are in the worker node fix pack 3.11.664_1628_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.634_1627_openshift
Component Previous Current Description
RHEL Packages 3.10.0-1160.59.1 3.10.0-1160.62.1 Kernel and package updates for CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826 CVE-2022-22827, CVE-2022-23852, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2021-4028, CVE-2021-4083 CVE-2022-0778.
OpenShift 3.11.634 3.11.664 See the OpenShift release notes.

Change log for master fix pack 3.11.634_1626_openshift, released 30 March 2022

Changes since version 3.11.570_1623_openshift
Component Previous Current Description
Cluster health image v1.1.32 v1.1.35 Updated golang dependencies and updated base image to version 102 to fix CVEs. CVE-2022-23218, CVE-2022-23219
Key Management Service provider v1.0.25 v1.0.26 Update golang dependencies, update Go to version to 1.17.8, and moved to base image 102 to reduce CVE footprint and handle CVE-2022-24407.
Load balancer and load balancer monitor for IBM Cloud Provider 1748 1866 Updated the image to resolve CVEs. Updated to use Go version 1.17.8.
Red Hat OpenShift Control Plane 3.11.570 3.11.634 See the Red Hat OpenShift release notes
OpenVPN client 2.5.4-r0-IKS-556 2.5.4-r0-IKS-579 Updated Go to version 1.16.15.
OpenVPN server 2.5.4-r0-IKS-555 2.5.4-r0-IKS-578 Updated Go to version 1.16.15.
IBM Cloud File Storage for Classic plug-in and monitor 405 407 Updated Go to version 1.16.14. Updated UBI image to version 8.5-240.

Change log for worker node pack 3.11.634_1627_openshift, released 28 March 2022

Changes since version 3.11.570_1624_openshift
Component Previous Current Description
RHEL 7 Packages N/A N/A N/A
HA proxy 15198f b40c07 CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315, CVE-2021-3999, CVE-2022-23218, CVE-2022-23219, CVE-2022-23308, CVE-2021-23177, CVE-2021-31566.
Red Hat OpenShift node N/A N/A N/A

Change log for worker node pack 3.11.570_1624_openshift, released 14 March 2022

Changes since version 3.11.570_1623_openshift
Component Previous Current Description
RHEL 7 Packages N/A N/A N/A
Red Hat OpenShift 3.11.570 3.11.634 See the Red Hat OpenShift release notes.

Change log for master fix pack 3.11.570_1623_openshift, released 3 March 2022

Changes since version 3.11.570_1619_openshift
Component Previous Current Description
Cluster health image v1.1.30 v1.1.32 Updated golang.org/x/crypto to v0.0.0-20220214200702-86341886e292. Adds fix for CVE-2021-43565. Adds Golang dependency updates.
Key Management Service provider v1.0.22 v1.0.25 Updated golang.org/x/crypto to v0.0.0-20220214200702-86341886e292. Adds fix for CVE-2021-43565. Adds Golang dependency updates.
IBM Cloud File Storage for Classic plug-in and monitor 404 405 Adds fix for CVE-2021-3538 and adds dependency updates.

Change log for worker node fix pack 3.11.570_1624_openshift, released 28 February 2022

Changes since version 3.11.570_1621_openshift
Component Previous Current Description
RHEL 7 Packages 3.10.0-1160.53.1.el7 3.10.0-1160.59.1.el7 Kernel and package updates for CVE-2020-25709, CVE-2020-25710, CVE-2022-24407, CVE-2020-0465, CVE-2020-0466, CVE-2021-0920, CVE-2021-3564, CVE-2021-3573, CVE-2021-3752, CVE-2021-4155, CVE-2022-0330, CVE-2022-22942.
HA proxy f6a2b3 15198fb Contains fixes for CVE-2022-24407

Change log for worker node fix pack 3.11.570_1621_openshift, released 14 February 2022

Changes since version 3.11.570_1620_openshift
Component Previous Current Description
RHEL 7 Packages N/A N/A N/A
Red Hat OpenShift N/A N/A N/A
HA proxy d38fa1 f6a2b3 CVE-2021-3521 CVE-2021-4122.

Change log for worker node fix pack 3.11.570_1620_openshift, released 31 January 2022

The following table shows the changes that are in the worker node fix pack 3.11.570_1620_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.570_1618_openshift
Component Previous Current Description
RHEL 7 Packages N/A N/A Updated worker node images with package updates for CVE-2021-4034.

Change log for master fix pack 3.11.570_1619_openshift, released 26 January 2022

The following table shows the changes that are in the master fix pack patch update 3.11.570_1619_openshift. Master patch updates are applied automatically.

Changes since version 3.11.542_1614_openshift
Component Previous Current Description
Cluster health image v1.1.29 v1.1.30 Updated to use Go version 1.17.5, updated Go dependencies and golangci-lint
Key Management Service provider v1.0.21 v1.0.22 Updated Go dependencies and golangci-lint
Load balancer and load balancer monitor for IBM Cloud Provider 1660 1748 Updated the Alpine base image to the 3.15 version to resolve CVEs. Updated to use Go version 1.17.6.
Red Hat OpenShift Control Plane 3.11.542 3.11.570 See the Red Hat OpenShift release notes
OpenVPN client 2.4.6-r3-IKS-463 2.5.4-r0-IKS-556 Update base image to alpine 3.15 to address CVEs, no longer set the --compress config option, updated scripts.
OpenVPN server 2.4.6-r3-IKS-462 2.5.4-r0-IKS-555 Update base image to alpine 3.15 to address CVEs, no longer set the --compress config option, updated scripts.
IBM Cloud File Storage for Classic plug-in and monitor 402 404 Updated universal base image (UBI) to the 8.5-218 version to resolve CVEs. Updated to use Go version 1.16.13.

Change log for worker node fix pack 3.11.570_1618_openshift, released 18 January 2022

The following table shows the changes that are in the worker node fix pack 3.11.570_1618_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.570_1617_openshift
Component Previous Current Description
RHEL 7 Packages 3.10.0-1160.49.1.el7 3.10.0-1160.53.1.el7 Kernel and package updates for CVE-2020-25704, CVE-2020-36322, CVE-2021-42739, CVE-2021-3712.

Change log for worker node fix pack 3.11.570_1617_openshift, released 4 January 2022

The following table shows the changes that are in the worker node fix pack patch update 3.11.570_1617_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.570_1616_openshift
Component Previous Current Description
HA proxy 3b8663 d38fa1 Contains fixes for CVE-2021-3712.

Change log for worker node fix pack 3.11.570_1616_openshift, released 20 December 2021

The following table shows the changes that are in the worker node fix pack patch update 3.11.570_1616_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.542_1612_openshift
Component Previous Current Description
Red Hat OpenShift node 3.11.542 3.11.570 For more information, see the change logs

Change log for master fix pack 3.11.542_1614_openshift, released 7 December 2021

The following table shows the changes that are in the master fix pack patch update 3.11.542_1614_openshift. Master patch updates are applied automatically.

Changes since version 3.11.542_1611_openshift
Component Previous Current Description
Cluster health image v1.1.27 v1.1.29 Updated universal base image (UBI) to the latest 8.4 version to resolve CVEs. Updated to use Go version 1.16.10.
Key Management Service provider v1.0.19 v1.0.21 Updated universal base image (UBI) to the latest 8.4 version to resolve CVEs. Updated to use Go version 1.16.10.
Load balancer and load balancer monitor for IBM Cloud Provider 1589 1660 Updated Alpine base image to the latest 3.14 version to resolve CVEs. Updated to use Go version 1.16.10.
IBM Cloud File Storage for Classic plug-in and monitor 401 402 Updated universal base image (UBI) to the 8.5-204 version to resolve CVEs. Updated to use Go version 1.16.10.

Change log for worker node fix pack 3.11.542_1615_openshift, released 6 December 2021

The following table shows the changes that are in the worker node fix pack patch update 3.11.542_1615_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.542_1612_openshift
Component Previous Current Description
[{rhel_short}] 7 Packages 3.10.0-1160.45 3.10.0-1160.49 Updated worker node images and kernel with package updates. Contains fixes for CVE-2020-36385, CVE-2021-37750, CVE-2021-41617, CVE-2021-20271

Change log for worker node fix pack 3.11.542_1612_openshift, released 22 November 2021

The following table shows the changes that are in the worker node fix pack patch update 3.11.542_1612_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.542_1610_openshift
Component Previous Current Description
HA proxy 07f1e9e 3b8663 Contains fixes for CVE-2021-20231, CVE-2021-20232, CVE-2021-3580, CVE-2021-22946, CVE-2021-22947, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2019-20838, CVE-2020-14155, CVE-2018-20673, CVE-2021-42574, CVE-2019-17594, CVE-2019-17595, CVE-2020-12762, CVE-2020-16135, CVE-2021-3445, CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087, CVE-2021-20266, CVE-2019-18218, CVE-2021-23840, CVE-2021-23841, CVE-2021-27645, CVE-2021-33574, CVE-2021-35942, CVE-2021-33560, CVE-2019-13750, CVE-2019-13751, CVE-2019-19603, CVE-2019-5827, CVE-2020-13435, CVE-2020-24370, CVE-2021-28153, CVE-2021-3800, CVE-2021-33928, CVE-2021-33929, CVE-2021-33930, CVE-2021-33938, andCVE-2021-3200.

Change log for master fix pack 3.11.542_1611_openshift, released 17 November 2021

The following table shows the changes that are in the master fix pack patch update 3.11.542_1611_openshift. Master patch updates are applied automatically.

Changes since version 3.11.524_1608_openshift
Component Previous Current Description
Cluster health image v1.1.26 v1.1.27 Updated Go module dependencies and to use Go version 1.16.9. Updated image for CVE-2021-22946, CVE-2021-22947, CVE-2021-33928, CVE-2021-33929 and CVE-2021-33930.
IBM Cloud Controller Manager v1.15.12-404 v1.15.12-407 Updated image for DLA-2797-1.
Key Management Service provider v1.0.18 v1.0.19 Updated Go module dependencies and to use Go version 1.16.9. Updated image for CVE-2021-22946.
Load balancer and load balancer monitor for IBM Cloud Provider 1550 1589 Updated to use Go version 1.16.9.
Red Hat OpenShift 3.11.524 3.11.542 See the Red Hat OpenShift release notes
OpenVPN client 2.4.6-r3-IKS-386 2.4.6-r3-IKS-463 Updated image to implement additional IBM security controls.
OpenVPN server 2.4.6-r3-IKS-385 2.4.6-r3-IKS-462 Updated image to implement additional IBM security controls.

Change log for worker node fix pack 3.11.542_1610_openshift, released 10 November 2021

The following table shows the changes that are in the worker node fix pack patch update 3.11.542_1610_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.524_1609_openshift
Component Previous Current Description
RHEL 7 Packages N/A N/A Updated worker node image packages for CVE-2021-42574.
Red Hat OpenShift 3.11.524 3.11.542 See the Red Hat OpenShift release notes

Change log for master fix pack 3.11.524_1608_openshift, released 29 October 2021

The following table shows the changes that are in the master fix pack patch update 3.11.524_1608_openshift. Master patch updates are applied automatically.

Changes since version 3.11.521_1604_openshift
Component Previous Current Description
Cluster health image v1.1.25 v1.1.26 Updated universal base image (UBI) to the latest 8.4 version to resolve CVEs: CVE-2021-36222, CVE-2021-37750, CVE-2021-22922, CVE-2021-22923, and CVE-2021-22924.
etcd v3.3.25 v3.3.26 See the etcd release notes.
IBM Cloud File Storage for Classic plug-in and monitor 400 401 Updated universal base image (UBI) to the latest 8.4-210 version to resolve CVEs.
Key Management Service provider v1.0.17 v1.0.18 Updated universal base image (UBI) to the latest 8.4 version to resolve CVEs: CVE-2021-36222, CVE-2021-37750, CVE-2021-22922, CVE-2021-22923, and CVE-2021-22924.
Red Hat OpenShift Container Platform 3.11.521 3.11.524 See the Red Hat OpenShift Container Platform release notes.

Change log for worker node fix pack 3.11.524_1609_openshift, released 25 October 2021

The following table shows the changes that are in the worker node fix pack patch update 3.11.524_1609_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.524_1606_openshift
Component Previous Current Description
Red Hat OpenShift node 3.11.521 3.11.524 See the Red Hat OpenShift release notes.
RHEL 7 Packages 3.10.0-1160.42.2.el7 3.10.0-1160.45.1.el7 Updated worker node images and kernel with package updates for CVE-2021-3778 and CVE-2021-3796.
Worker-pool taint automation N/A N/A Fixes known issue related to worker-pool taint automation that prevents workers from getting providerID.

Change log for worker node fix pack 3.11.524_1606_openshift, released 11 October 2021

The following table shows the changes that are in the worker node fix pack patch update 3.11.524_1606_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.521_1605_openshift
Component Previous Current Description
OpenShift Container Platform node 3.11.521 3.11.524 See the OpenShift Container Platform release notes. The update resolves CVE-2021-25741 (see the IBM security bulletin).

Change log for master fix pack 3.11.521_1604_openshift, released 28 September 2021

The following table shows the changes that are in the worker node fix pack patch update 3.11.521_1604_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.487_1601_openshift
Component Previous Current Description
IBM Cloud File Storage for Classic plug-in and monitor 398 400 Updated to use Go version 1.16.7. Updated universal base image (UBI) to the latest 8.4-208 version to resolve CVEs.
Load balancer and load balancer monitor for IBM Cloud Provider 1510 1550 Updated image for CVE-2021-3711 and CVE-2021-3712.
OpenShift Container Platform 3.11.487 3.11.521 See the OpenShift Container Platform release notes.

Change log for worker node fix pack 3.11.521_1605_openshift, released 27 September 2021

The following table shows the changes that are in the worker node fix pack patch update 3.11.521_1605_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.501_1603_openshift
Component Previous Current Description
Disk identification N/A N/A Enhanced the disk identification logic to handle the case of 2+ partitions.
HA proxy 9c98dc5 07f1e9 Updated image with fixes for CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-36222, and CVE-2021-37750.
OpenShift Container Platform 3.11.501 3.11.521 See the OpenShift Container Platform release notes.

Change log for worker node fix pack 3.11.501_1603_openshift, released 13 September 2021

The following table shows the changes that are in the worker node fix pack patch update 3.11.501_1603_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.501_1602_openshift
Component Previous Current Description
RHEL 7 Packages 3.10.0-1160.36.2.el7 3.10.0-1160.42.2.el7 Updated worker node image with package updates for CVE-2021-25214, CVE-2020-27777, CVE-2021-22555, CVE-2021-29154, CVE-2021-29650, CVE-2021-32399, and CVE-2021-3715.

Change log for worker node fix pack 3.11.501_1602_openshift, released 30 August 2021

The following table shows the changes that are in the worker node fix pack patch update 3.11.501_1602_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.487_1600_openshift
Component Previous Current Description
OpenShift Container Platform 3.11.487 3.11.501 For more information, see the change logs.

Change log for master fix pack 3.11.487_1601_openshift, released 25 August 2021

The following table shows the changes that are in the master fix pack patch update 3.11.487_1601. Master patch updates are applied automatically.

Changes since version 3.11.465_1599_openshift
Component Previous Current Description
Cluster health image v1.1.24 v1.1.25 Updated to use Go version 1.15.15. Updated universal base image (UBI) to the latest 8.4 version to resolve CVEs.
Key Management Service provider v1.0.16 v1.0.17 Updated to use Go version 1.15.15. Updated UBI to the latest 8.4 version to resolve CVEs.
Load balancer and load balancer monitor for IBM Cloud Provider 1328 1510 Updated image for CVE-2020-27780.
Red Hat OpenShift 3.11.439 3.11.487 See the OpenShift Container Platform release notes.

Change log for worker node fix pack 3.11.487_1600_openshift, released 16 August 2021

Changes since version 3.11.465_1599_openshift
Component Previous Current Description
HA proxy 68e6b3 9c98dc Updated image with fixes for CVE-2021-27218
RHEL 7 Packages N/A N/A Updated image with fixes for: CVE-2020-0543, CVE-2020-0548, CVE-2020-0549, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698, CVE-2020-24489, CVE-2020-24511, and CVE-2020-24512.
OpenShift Container Platform 3.11.465 3.11.487 See the OpenShift Container Platform release notes.

Change log for worker node fix pack 3.11.465_1599_openshift, released 02 August 2021

The following table shows the changes that are in the worker node fix pack patch update 3.11.465_1599_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.465_1596_openshift
Component Previous Current Description
HA proxy aae810 68e6b3 Updated image with fixes for CVE-2021-33910.
Registry endpoints Added zonal public registry endpoints for clusters with both private and public service endpoints enabled.
Read only disk self healing For VPC Gen2 workers. Added automation to recover from disks going read only.
RHEL 7 Packages 3.10.0-1160.31.1 3.10.0-1160.36.2 Updated worker node images & Kernel with package updates: CVE-2019-20934, CVE-2020-11668, CVE-2021-33033, CVE-2021-33034, CVE-2021-33909.

Change log for master fix pack 3.11.439_1598_openshift, released 27 July 2021

The following table shows the changes that are in the master fix pack patch update 311.439_1598_openshift. Master patch updates are applied automatically.

Changes since version 3.11.439_1594_openshift
Component Previous Current Description
Cluster health image v1.1.23 v1.1.24 Updated universal base image (UBI) to the latest version to resolve CVEs.
Key Management Service provider v1.0.15 v1.0.16 Updated universal base image (UBI) to the latest version to resolve CVEs.
IBM Cloud File Storage for Classic plug-in and monitor 394 395 Updated universal base image (UBI) to version 8.4-205 to resolve CVEs.

Change log for worker node fix pack 3.11.465_1596_openshift, released 19 July 2021

The following table shows the changes that are in the worker node fix pack 3.11.465_1596_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.462_1595_openshift
Component Previous Current Description
Red Hat OpenShift node 3.11.462 3.11.465 See the Red Hat OpenShift release notes.
RHEL 7 Packages N/A N/A Updated worker node image with package updates.

Change log for worker node fix pack 3.11.462_1595_openshift, released 6 July 2021

The following table shows the changes that are in the worker node fix pack 3.11.462_1595_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.452_1593_openshift
Component Previous Current Description
HA proxy 700dc6 aae810 Updated image with fixes for CVE-2021-3520, CVE-2021-20271, CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, and CVE-2021-3541.
Red Hat OpenShift 3.11.452 3.11.462 See the Red Hat OpenShift release notes.

Change log for master fix pack 3.11.439_1594_openshift, released 28 June 2021

The following table shows the changes that are in the master fix pack patch update 3.11.439_1594_openshift. Master patch updates are applied automatically.

Changes since version 3.11.420_1590_openshift
Component Previous Current Description
Cluster health image v1.1.22 v1.1.23 Updated to use Go version 1.15.12. Updated image for CVE-2021-33194.
IBM Cloud File Storage for Classic plug-in and monitor 392 394 Updated to use Go version 1.15.12. Updated universal base image (UBI) to version 8.4 to resolve CVEs.
Key Management Service provider v1.0.14 v1.0.15 Updated to use Go version 1.15.12. Updated image for CVE-2021-33194.
Red Hat OpenShift 3.11.420 3.11.439 See the Red Hat OpenShift release notes.

Change log for worker node fix pack 3.11.452_1593_openshift, released 22 June 2021

The following table shows the changes that are in the worker node fix pack 3.11.452_1593_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.439_1592_openshift
Component Previous Current Description
HA proxy 26c5cc d3dc33 Updated image with fixes for CVE-2020-24977, CVE-2020-13434, CVE-2020-15358, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2019-2708, CVE-2019-13012, CVE-2020-13543, CVE-2020-13584, CVE-2020-9948, CVE-2020-9951, CVE-2020-9983, CVE-2021-27219, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2016-10228, CVE-2019-25013, CVE-2019-9169, CVE-2020-27618, CVE-2021-3326, CVE-2020-26116, CVE-2020-27619, CVE-2021-23336, CVE-2021-3177, CVE-2019-3842, CVE-2020-13776, CVE-2020-24330, CVE-2020-24331, CVE-2020-24332, CVE-2017-14502, CVE-2020-8927 and CVE-2020-28196.
IBM Cloud Container Registry N/A N/A Added private-only registry support for ca.icr.io, br.icr.io and jp2.icr.io.
Red Hat OpenShift 3.11.439 3.11.452 See the Red Hat OpenShift release notes.
RHEL 7 Packages 3.10.0-1160.25 3.10.0-1160.31 Updated worker node image with kernel package updates for CVE-2020-8648, CVE-2020-12362CVE-2020-12363CVE-2020-12364 CVE-2020-27170CVE-2021-3347, CVE-2020-24489, CVE-2020-24511CVE-2020-24512, CVE-2020-24513 and CVE-2021-25217.

Change log for worker node fix pack 3.11.439_1592_openshift, released 7 June 2021

The following table shows the changes that are in the worker node fix pack 3.11.439_1592_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.439_1591_openshift
Component Previous Current Description
HA proxy 26c5cc 700dc6 Updated the image for CVE-2021-27219.
TCP keepalive optimization for VPC N/A N/A Set the net.ipv4.tcp_keepalive_time setting to 180 seconds for compatibility with VPC gateways.
RHEL 7 Packages N/A N/A Updated worker node image with package updates for CVE-2021-27219.

Change log for worker node fix pack 3.11.439_1591_openshift, released 24 May 2021

The following table shows the changes that are in the worker node fix pack 3.11.439_1591_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.420_1588_openshift
Component Previous Current Description
HA proxy e0fa2f 26c5cc Updated image with fixes for CVE-2020-26116, CVE-2020-27619, CVE-2021-23336, CVE-2021-3177, CVE-2019-3842, CVE-2020-13776, CVE-2019-18276, CVE-2020-24977, CVE-2020-13434, CVE-2020-15358, CVE-2019-13012, CVE-2020-13543, CVE-2020-13584, CVE-2020-9948, CVE-2020-9951, CVE-2020-9983, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2020-24330, CVE-2020-24331, CVE-2020-24332, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2020-28196, CVE-2019-2708, CVE-2016-10228, CVE-2019-25013, CVE-2019-9169, CVE-2020-27618, CVE-2021-3326, and CVE-2020-8927.
Red Hat OpenShift node 3.11.420 3.11.439 See the Red Hat OpenShift release notes.
RHEL 7 Packages N/A N/A Updated worker node image with package updates.

Change log for master fix pack 3.11.420_1590_openshift, released 24 May 2021

The following table shows the changes that are in the master fix pack patch update 3.11.420_1590_openshift. Master patch updates are applied automatically.

Changes since version 3.11.420_1586_openshift
Component Previous Current Description
Cluster health image v1.1.21 v1.1.22 Updated image to implement additional IBM security controls and for CVE-2020-26160, CVE-2020-28483 and CVE-2021-20305.
IBM Cloud File Storage for Classic plug-in and monitor 390 392 Improved the prerequisite validation logic for provisioning persistent volume claims (PVCs). Updated image to implement additional IBM security controls and for CVE-2021-20305.
Key Management Service provider v1.0.12 v1.0.14 Updated image to implement additional IBM security controls and for CVE-2020-26160 and CVE-2020-28483.
Load balancer and load balancer monitor for IBM Cloud Provider 1274 1328 Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-28831, CVE-2021-30139, CVE-2021-3449 and CVE-2021-3450.

Change log for worker node fix pack 3.11.420_1588_openshift, released 10 May 2021

The following table shows the changes that are in the worker node fix pack 3.11.420_1588_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.420_1587_openshift
Component Previous Current Description
RHEL 7 Packages 3.10.0-1160.24 3.10.0-1160.25 To increase resiliency, rsyslog no longer keeps old file descriptors. Updated worker node images with kernel and package updates for CVE-2021-25215, CVE-2020-25692, and CVE-2020-25648.

Change log for master fix pack 3.11.420_1586_openshift, released 27 April 2021

The following table shows the changes that are in the master fix pack patch update 3.11.420_1586_openshift. Master patch updates are applied automatically.

Changes since version 3.11.394_1583_openshift
Component Previous Current Description
Cluster health image v1.1.19 v1.1.21 Updated to use Go version 1.15.11. Updated image to implement additional IBM security controls and for CVE-2021-3449, CVE-2021-3450, and CVE-2021-20305.
IBM Cloud File Storage for Classic plug-in and monitor 389 390 Updated to use Go version 1.15.9 and for CVE-2020-28851 and CVE-2021-3121.
Key Management Service provider v1.0.10 v1.0.12 Updated to use Go version 1.15.11 and for CVE-2021-3449, CVE-2021-3450, and CVE-2021-20305.
Red Hat OpenShift 3.11.394 3.11.420 See the Red Hat OpenShift release notes.
OpenVPN client 2.4.6-r3-IKS-301 2.4.6-r3-IKS-386 Updated image to implement additional IBM security controls.
OpenVPN server 2.4.6-r3-IKS-301 2.4.6-r3-IKS-385 Updated image to implement additional IBM security controls.

Change log for worker node fix pack 3.11.420_1587_openshift, released 26 April 2021

The following table shows the changes that are in the worker node fix pack 3.11.420_1587_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.404_1585_openshift
Component Previous Current Description
HA proxy a3b1ff e0fa2f The update addresses CVE-2021-20305.
Red Hat OpenShift node 3.11.404 3.11.420 See the Red Hat OpenShift release notes.
RHEL 7 Packages N/A N/A Updated worker node images with package updates for CVE-2021-20305.

Change log for worker node fix pack 3.11.404_1585_openshift, released 12 April 2021

The following table shows the changes that are in the worker node fix pack 3.11.404_1585_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.404_1584_openshift
Component Previous Current Description
HA proxy 9b2dca a3b1ff The update addresses CVE-2021-3449 and CVE-2021-3450.
RHEL 7 Packages 3.10.0-1160.21.1.el7 3.10.0-1160.24.1.el7 Updated worker node images with kernel and package updates for CVE-2021-27363, CVE-2021-27364, and CVE-2021-27365.

Change log for master fix pack 3.11.394_1583_openshift, released 30 March 2021

The following table shows the changes that are in the master fix pack patch update 3.11.394_1583_openshift. Master patch updates are applied automatically.

Changes since version 3.11.380_1581_openshift
Component Previous Current Description
Activity Tracker event N/A N/A Now, the containers-kubernetes.version.update event is sent to Activity Tracker when a master fix pack update is initiated for a cluster.
Cluster health image v1.1.18 v1.1.19 Updated image for CVE-2020-28851.
IBM Cloud File Storage for Classic plug-in and monitor 388 389 Updated to use Go version 1.15.8.
Load balancer and load balancer monitor for IBM Cloud Provider 1165 1274 Fixed a bug that might cause version 2.0 network load balancers (NLBs) to crash and restart on load balancer updates.
Red Hat OpenShift 3.11.380 3.11.394 See the Red Hat OpenShift release notes.

Change log for worker node fix pack 3.11.404_1584_openshift, released 29 March 2021

The following table shows the changes that are in the worker node fix pack 3.11.404_1584_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.394_1582_openshift
Component Previous Current Description
Red Hat OpenShift node 3.11.394 3.11.404 See the Red Hat OpenShift release notes.
RHEL 7 Packages 3.10.0-1160.15.2.el7 3.10.0-1160.21.1.el7 Updated worker node images with kernel and package updates for CVE-2019-19532, CVE-2020-0427, CVE-2020-7053, CVE-2020-14351, CVE-2020-25211, CVE-2020-25645, CVE-2020-25656, CVE-2020-25705, CVE-2020-28374, CVE-2020-29661, and CVE-2021-20265.

Change log for worker node fix pack 3.11.394_1582_openshift, released 12 March 2021

The following table shows the changes that are in the worker node fix pack 3.11.394_1582_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.380_1581_openshift
Component Previous Current Description
Red Hat OpenShift node 3.11.380 3.11.394 See the Red Hat OpenShift release notes.
RHEL 7 Packages N/A N/A Updated worker node with package updates for CVE-2020-8625, CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233, and CVE-2021-27803.

Change log for worker node fix pack 3.11.380_1581_openshift, released 1 March 2021

The following table shows the changes that are in the worker node fix pack 3.11.380_1581_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.380_1580_openshift
Component Previous Current Description
RHEL 7 Packages N/A N/A Updated worker node with package updates.

Change log for master fix pack 3.11.380_1581_openshift, released 22 February 2021

The following table shows the changes that are in the master fix pack patch update 3.11.380_1581_openshift. Master patch updates are applied automatically.

Changes since version 3.11.346_1578_openshift
Component Previous Current Description
Cluster health image v1.1.16 v1.1.18 Updated to use Go version 1.15.7. Updated image to implement additional IBM security controls.
IBM Cloud File Storage for Classic plug-in and monitor 385 388 Improved the retry logic for provisioning persistent volume claims (PVCs).
Key Management Service provider v1.0.7 v1.0.10 Updated image for CVE-2020-1971 and CVE-2020-24659.
Load balancer and load balancer monitor for IBM Cloud Provider 1078 1165 Updated to use Go version 1.15.7.
Red Hat OpenShift 3.11.346 3.11.380 See the Red Hat OpenShift release notes.

Change log for worker node fix pack 3.11.380_1580_openshift, released 15 February 2021

The following table shows the changes that are in the worker node fix pack 3.11.380_1580_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.374_1579_openshift
Component Previous Current Description
Red Hat OpenShift 3.11.374 3.11.380 See the Red Hat OpenShift release notes.
RHEL 7 Packages 3.10.0-1160.11.1.el7 3.10.0-1160.15.2.el7 Updated worker node with image kernel and package updates for: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723, CVE-2020-15436, CVE-2020-35513, CVE-2019-25013, CVE-2020-10029, CVE-2020-29573, and CVE-2020-12321){: external}.

Change log for worker node fix pack 3.11.374_1579_openshift, released 1 February 2021

The following table shows the changes that are in the worker node fix pack 3.11.374_1579_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.346_1578_openshift
Component Previous Current Description
Red Hat OpenShift node 3.11.346 3.11.374 See the Red Hat OpenShift release notes.
RHEL 7 Packages N/A N/A Updated worker node image with package updates for CVE-2021-3156, CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686.

Change log for master fix pack 3.11.346_1578_openshift, released 19 January 2021

The following table shows the changes that are in the master fix pack patch update 3.11.346_1578_openshift. Master patch updates are applied automatically.

Changes since version 3.11.346_1577_openshift
Component Previous Current Description
Cluster health image v1.1.13 v1.1.16 Updated image to implement additional IBM security controls.
IBM Cloud File Storage for Classic plug-in and monitor 384 385 Updated image for CVE-2020-1971 and CVE-2020-24659.
Key Management Service provider v1.0.5 v1.0.7 Fixed bug to ignore conflict errors during KMS secret re-encryption. Updated to use Go version 1.15.5. Updated image for CVE-2020-1971.
Load balancer and load balancer monitor for IBM Cloud Provider 1004 1078 Updated image for CVE-2020-1971.

Change log for worker node fix pack 3.11.346_1578_openshift, released 18 January 2021

The following table shows the changes that are in the worker node fix pack 3.11.346_1578_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.346_1576_openshift
Component Previous Current Description
RHEL 7 Packages N/A N/A Updated worker node image with package updates.

Change log for master fix pack 3.11.346_1577_openshift, released 6 January 2021

The following table shows the changes that are in the master fix pack patch update 3.11.346_1577_openshift. Master patch updates are applied automatically.

Changes since version 3.11.318_1575_openshift
Component Previous Current Description
IBM Cloud File Storage for Classic plug-in N/A N/A Updated to run as a root user.
Red Hat OpenShift 3.11.318 3.11.346 See the Red Hat OpenShift release notes. The update resolves CVE-2018-1002102 (see the IBM security bulletin) and CVE-2020-8559 (see the IBM security bulletin).

Change log for worker node fix pack 3.11.346_1576_openshift, released 21 December 2020

The following table shows the changes that are in the worker node fix pack update 3.11.346_1576_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.318_1575_openshift
Component Previous Current Description
HA proxy db4e6d 9b2dca Image update for CVE-2020-1971 and CVE-2020-24659.
Red Hat OpenShift node 3.11.318 3.11.346 See the Red Hat OpenShift release notes.
RHEL 7 Packages 3.10.0-1160.6.1.el7 3.10.0-1160.11.1.el7 Updated worker node image with kernel and package updates for: CVE-2019-18282, CVE-2020-10769, CVE-2020-14314, CVE-2020-14385, CVE-2020-24394, CVE-2020-25212, CVE-2020-25643, and CVE-2020-1971.

Change log for master fix pack 3.11.318_1575_openshift, released 14 December 2020

The following table shows the changes that are in the master fix pack patch update 3.11.318_1575_openshift. Master patch updates are applied automatically.

Changes since version 3.11.306_1573_openshift
Component Previous Current Description
IBM Cloud File Storage for Classic plug-in and monitor 379 384 Updated to use Go version 1.15.5. Updated image to run as a non-root user and to implement additional IBM security controls.
Key management service (KMS) provider v1.0.4 v1.0.5 Updated image to implement additional IBM security controls.
Load balancer and load balancer monitor for IBM Cloud Provider 203 1004 Updated Alpine base image to version 3.12 and to use Go version 1.15.5. Updated image for CVE-2020-8037 and CVE-2020-28928. Updated image to implement additional IBM security controls.
Red Hat OpenShift 3.11.306 3.11.318 See the Red Hat OpenShift release notes.
OpenVPN client 2.4.6-r3-IKS-116 2.4.6-r3-IKS-301 Updated image to implement additional IBM security controls.
OpenVPN server 2.4.6-r3-IKS-131 2.4.6-r3-IKS-301 Updated image to implement additional IBM security controls.

Change log for worker node fix pack 3.11.318_1574_openshift, released 7 December 2020

The following table shows the changes that are in the worker node fix pack update 3.11.318_1574_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.318_1573_openshift
Component Previous Current Description
HA proxy 1.8.26-384f42 db4e6d Added provenance labels for source tracking.
RHEL 7 Packages N/A N/A Updated worker node image with package updates.

Change log for worker node fix pack 3.11.318_1573_openshift, released 23 November 2020

The following table shows the changes that are in the worker node fix pack update 3.11.318_1573_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.306_1572_openshift
Component Previous Current Description
Red Hat OpenShift node 3.11.306 3.11.318 See the Red Hat OpenShift release notes.
RHEL 7 Packages 3.10.0-1160.2.2.el7 3.10.0-1160.6.1.el7 Updated worker node image with kernel and package updates for CVE-2020-8622, CVE-2020-8623, CVE-2020-8624, CVE-2019-20907, CVE-2020-15999, CVE-2020-8177, CVE-2019-20811, CVE-2020-14331, CVE-2020-8695, CVE-2020-8696, and CVE-2020-8698.

Change log for master fix pack 3.11.306_1573_openshift, released 16 November 2020

The following table shows the changes that are in the master fix pack patch update 3.11.306_1573_openshift. Master patch updates are applied automatically.

Changes since version 3.11.286_1570_openshift
Component Previous Current Description
Cluster health image v1.1.12 v1.1.13 Updated image for DLA-2424-1.
IBM Cloud Controller Manager v1.15.12-343 v1.15.12-404 Updated image for DLA-2424-1.
IBM Cloud File Storage for Classic plug-in and monitor 378 379 Updated to use the universal base image (UBI) and to use Go version 1.15.2.
Key Management Service provider v1.0.3 v1.0.4 Updated image for DLA-2424-1.
Red Hat OpenShift 3.11.286 3.11.306 See the Red Hat OpenShift release notes.

Change log for worker node fix pack 3.11.306_1572_openshift, released 9 November 2020

The following table shows the changes that are in the worker node fix pack update 3.11.306_1572_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.306_1571_openshift
Component Previous Current Description
RHEL 7 Packages N/A N/A Updated worker node image with package updates for CVE-2020-15999.

Change log for worker node fix pack 3.11.306_1571_openshift, released 26 October 2020

The following table shows the changes that are in the worker node fix pack update 3.11.306_1571_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.286_1570_openshift
Component Previous Current Description
Red Hat OpenShift node 3.11.286 3.11.306 See the Red Hat OpenShift release notes.
RHEL 7 Packages 3.10.0-1160.2.1.el7 3.10.0-1160.2.2.el7 Updated worker node images with kernel and package updates for CVE-2020-12351 and CVE-2020-12352.

Change log for master fix pack 3.11.286_1571_openshift, released 26 October 2020

The following table shows the changes that are in the master fix pack patch update 3.11.286_1571_openshift. Master patch updates are applied automatically.

Changes since version 3.11.272_1567_openshift
Component Previous Current Description
Cluster health image v1.1.11 v1.1.12 Updated to use Go version 1.15.2.
Red Hat OpenShift 3.11.272 3.11.286 See the Red Hat OpenShift release notes.

Change log for worker node fix pack 3.11.286_1570_openshift, released 12 October 2020

The following table shows the changes that are in the worker node fix pack update 3.11.286_1570_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.286_1569_openshift
Component Previous Current Description
RHEL 7 Packages 3.10.0-1127.19.1.el7 3.10.0-1160.2.1.el7 Updated worker node image with kernel and package updates for: CVE-2019-12450, CVE-2019-14822, CVE-2020-12243, CVE-2019-14866, CVE-2017-12652, CVE-2017-18551, CVE-2018-20836, CVE-2019-9454, CVE-2019-9458, CVE-2019-12614, CVE-2019-15217, CVE-2019-15807, CVE-2019-15917, CVE-2019-16231, CVE-2019-16233, CVE-2019-16994, CVE-2019-17053, CVE-2019-17055, CVE-2019-18808, CVE-2019-19046, CVE-2019-19055, CVE-2019-19058, CVE-2019-19059, CVE-2019-19062, CVE-2019-19063, CVE-2019-19332, CVE-2019-19447, CVE-2019-19523, CVE-2019-19524, CVE-2019-19530, CVE-2019-19534, CVE-2019-19537, CVE-2019-19767, CVE-2019-19807, CVE-2019-20054, CVE-2019-20095, CVE-2019-20636, CVE-2020-1749, CVE-2020-2732, CVE-2020-8647, CVE-2020-8649, CVE-2020-9383, CVE-2020-10690, CVE-2020-10732, CVE-2020-10742, CVE-2020-10751, CVE-2020-10942, CVE-2020-11565, CVE-2020-12770, CVE-2020-12826, CVE-2020-14305, CVE-2019-5482, CVE-2019-19126, CVE-2020-12825, CVE-2019-5094, CVE-2019-5188, CVE-2019-2974, CVE-2020-2574, CVE-2020-2752, CVE-2020-2780, CVE-2020-2812, CVE-2019-12749, CVE-2019-19956, CVE-2019-20388, CVE-2020-7595, CVE-2020-10754, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-17006, CVE-2019-17023, CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, CVE-2020-12402, CVE-2020-12403, CVE-2018-20843, CVE-2019-15903, CVE-2019-14834, CVE-2019-11068, CVE-2019-18197, CVE-2019-16935, CVE-2019-20386, CVE-2019-17498, and CVE-2020-14365.

Change log for worker node fix pack 3.11.286_1569_openshift, released 30 September 2020

The following table shows the changes that are in the worker node fix pack update 3.11.286_1569_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.286_1568_openshift
Component Previous Current Description
Automation for provisioning and reloading N/A N/A Fixes an issue that prevented SDS worker nodes with unified extensible firmware interface (UEFI) bootstrapping from provisioning or reloading.

Change log for worker node fix pack 3.11.286_1568_openshift, released 28 September 2020

The following table shows the changes that are in the worker node fix pack update 3.11.286_1568_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

Changes since version 3.11.272_1566_openshift
Component Previous Current Description
Red Hat OpenShift 3.11.272 3.11.286 See the Red Hat OpenShift release notes.

Change log for master fix pack 3.11.272_1567_openshift, released 21 September 2020

The following table shows the changes that are in the master fix pack patch update 3.11.272_1567_openshift. Master patch updates are applied automatically.

Changes since version 3.11.272_1566_openshift
Component Previous Current Description
Cluster health image v1.1.9 v1.1.11 Updated Go version for CVE-2020-16845 and CVE-2020-24553.
etcd v3.3.22 v3.3.25 See the etcd release notes.
IBM Cloud File Storage for Classic plug-in and monitor 377 378 Updated Go version for CVE-2020-16845.
Key Management Service provider v1.0.1 v1.0.3 Updated Go version for CVE-2020-16845 and CVE-2020-24553.
Red Hat OpenShift 3.11.248 3.11.272 See the Red Hat OpenShift release notes.

Change log for worker node fix pack 3.11.272_1566_openshift, released 14 September 2020

The following table shows the changes that are in the worker node fix pack update 3.11.272_1566_openshift. Worker node patch updates can be applied by updating or reloading the worker node

Changes since version 3.11.272_1565_openshift
Component Previous Current Description
Master proxy 1.8.25-384f42 1.8.26-561f1a See the HA proxy change log.
RHEL 7 packages N/A N/A Updated worker node image with package updates.

Change log for worker node fix pack 3.11.272_1565_openshift, released 31 August 2020

The following table shows the changes that are in the worker node fix pack update 3.11.272_1565_openshift. Worker node patch updates can be applied by updating or reloading the worker node

Changes since version 3.11.248_1564_openshift
Component Previous Current Description
RHEL 7 packages 3.10.0-1127.18.2.el7 3.10.0-1127.19.1.el7 Updated worker node image with kernel and package updates.
Red Hat OpenShift node 3.11.248 3.11.272 See the Red Hat OpenShift release notes.

Change log for master fix pack 3.11.248_1564_openshift, released 18 August 2020

The following table shows the changes that are in the master fix pack patch update 3.11.248_1564_openshift. Master patch updates are applied automatically.

Changes since version 3.11.232_1561_openshift
Component Previous Current Description
Calico node configuration N/A N/A Disabled the pod readiness probe and removed the felix check from the pod liveness probe.
Cluster health image v1.1.8 v1.1.9 Updated to use Go version 1.13.13.
IBM Cloud File Storage for Classic plug-in and monitor 376 377 Fixed a bug that prevents persistent volume claim (PVC) creation failures from being retried.
Key Management Service provider v1.0.0 v1.0.1 Updated image for CVE-2020-15586.
Red Hat OpenShift 3.11.232 3.11.248 See the Red Hat OpenShift release notes.

Change log for worker node fix pack 3.11.248_1564_openshift, released 17 August 2020

The following table shows the changes that are in the worker node fix pack update 3.11.248_1564_openshift. Worker node patch updates can be applied by updating or reloading the worker node

Changes since version 3.11.248_1561_openshift
Component Previous Current Description
RHEL 7 packages N/A N/A Updated worker node images with package updates.

Change log for worker node fix pack 3.11.248_1561_openshift, released 3 August 2020

The following table shows the changes that are in the worker node fix pack update 3.11.248_1561_openshift. Worker node patch updates can be applied by updating or reloading the worker node

Changes since version 3.11.232_1558_openshift
Component Previous Current Description
Red Hat OpenShift node 3.11.232 3.11.248 See the Red Hat OpenShift release notes. The update resolves CVE-2020-8558 (see the IBM security bulletin).
RHEL 7 Packages 3.10.0-1127.13.1.el7 3.10.0-1127.18.2.el7 Updated worker node images with package updates for CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707, CVE-2019-19527, CVE-2020-10757, CVE-2020-12653, and CVE-2020-12654.

Change log for master fix pack 3.11.232_1560_openshift, released 24 July 2020

The following table shows the changes that are in the master fix pack update 3.11.232_1560_openshift. Master patch updates are applied automatically.

Changes since version 3.11.232_1559_openshift
Component Previous Current Description
Heapster configuration N/A N/A Configuration changes now properly trigger a restart of the heapster pod in kube-system namespace.
Cluster master operations N/A N/A Fixed a problem that might cause pods to fail authentication to the Kubernetes API server after a cluster master operation.
IBM Cloud File Storage for Classic plug-in and monitor 375 376 Updated to use Go version 1.13.8.

Change log for master fix pack 3.11.232_1559_openshift, released 20 July 2020

The following table shows the changes that are in the master fix pack update 3.11.232_1559_openshift. Master patch updates are applied automatically.

Changes since version 3.11.232_1555_openshift
Component Previous Current Description
IBM Cloud Block Storage driver configuration N/A N/A Added a pod memory limit.
IBM Cloud File Storage for Classic plug-in and monitor configuration N/A N/A Added a pod memory limit.
Red Hat OpenShift 3.11.219 3.11.232 See the Red Hat OpenShift release notes. The update resolves CVE-2019-11254 (see the IBM security bulletin) and CVE-2020-8555 (see the IBM security bulletin).

Change log for worker node fix pack 3.11.232_1558_openshift, released 20 July 2020

The following table shows the changes that are in the worker node fix pack update 3.11.232_1558_openshift. Worker node patch updates can be applied by updating or reloading the worker node

Changes since version 3.11.232_1555_openshift
Component Previous Current Description
Master Proxy 2.0.15-afe432 1.8.25-384f42 See the HA proxy change logs. Fixes a connection leak that happens when HA proxy is under high load.
RHEL 7 Packages N/A N/A Updated worker node images with package updates for CVE-2020-12049.

Change log for worker node fix pack 3.11.232_1555_openshift, released 6 July 2020

The following table shows the changes that are in the worker node fix pack update 3.11.232_1555_openshift. Worker node patch updates can be applied by updating or reloading the worker node

Changes since version 3.11.232_1554_openshift
Component Previous Current Description
Master Proxy 1.8.25-30b675 2.0.15-afe432 See the HA proxy change logs.
RHEL 7 Packages 3.10.0-1127.10.1.el7 3.10.0-1127.13.1.el7 Updated worker node images with kernel package updates for CVE-2020-10749, CVE-2020-1702, CVE-2016-8867, CVE-2020-14298, CVE-2020-14300, CVE-2020-12888, CVE-2020-11868, and CVE-2020-13817.
Worker node drain automation N/A N/A Fixes a race condition that can cause worker node drain automation to fail.

Change log for master fix pack 3.11.219_1554_openshift and worker node fix pack 3.11.232_1554_openshift, released 22 June 2020

The following table shows the changes that are in the master fix pack update 3.11.219_1554_openshift and in worker node fix pack update 3.11.232_1554_openshift. Master patch updates are applied automatically. Worker node patch updates can be applied by updating or reloading the worker node For more information, see Update types.

Changes since version 3.11.219_1552_openshift
Component Location Previous Current Description
Calico Master v3.8.6 v3.8.9 See the Calico release notes.
Cluster health image Master v1.1.5 v1.1.8 Additional status information is included when an add-on health state is critical. Improved performance when handling cluster status updates.
Cluster master operations Master N/A N/A Cluster master operations such as refresh or update are now canceled if a broken Kubernetes admission webhook is detected.
etcd Master v3.3.20 v3.3.22 See the etcd release notes.
IBM Cloud Controller Manager Master v1.15.12-316 v1.15.12-343 Updated to use calicoctl version 3.8.9.
IBM Cloud File Storage for Classic plug-in Master 373 375 Fixed a bug that might cause error handling to create additional persistent volumes.
Red Hat OpenShift Master 3.11.216 3.11.219 See the Red Hat OpenShift release notes. The master update resolves CVE-2020-8552 (see the IBM security bulletin).
Red Hat OpenShift node Worker 3.11.219 3.11.232 See the Red Hat OpenShift release notes.
RHEL 7 packages Worker N/A N/A Updated worker node images with package updates for CVE-2020-0543, CVE-2020-0548, and CVE-2020-0549.

Change log for worker node fix pack 3.11.219_1552_openshift, released 8 June 2020

The following table shows the changes that are in the worker node fix pack update 3.11.219_1552_openshift. Worker node patch updates can be applied by updating or reloading the worker node

Changes since version 3.11.216_1551_openshift
Component Previous Current Description
Red Hat OpenShift node 3.11.216 3.11.219 See the Red Hat OpenShift release notes.

Change log for 3.11.216_1551_openshift, released 26 May 2020

The following table shows the changes that are in the master and worker node update 3.11.216_1551_openshift. Master patch updates are applied automatically. Worker node patch updates can be applied by updating or reloading the worker node For more information, see Update types.

Changes since version 3.11.216_1550_openshift
Component Location Previous Current Description
Cluster health image Master v1.1.1 v1.1.5 When cluster add-ons don't support the current cluster version, a warning is now returned in the cluster health state.
etcd Master v3.3.18 v3.3.20 See the etcd release notes.
IBM Cloud Controller Manager Master v1.15.11-274 v1.15.12-316 Updated to support the Kubernetes 1.15.12 release.
IBM Cloud File Storage for Classic plug-in and monitor Master 358 373 Updated image for CVE-2020-1967 and CVE-2020-11655.
IBM Cloud Paks Master N/A N/A Removed duplicate repositories in ClusterImagePolicies resources that are installed by IBM Cloud Paks.
Load balancer and load balancer monitor for IBM Cloud Provider Master 169 203 Version 2.0 network load balancers (NLB) were updated to fix problems with long-lived network connections to endpoints that failed readiness probes. Updated image for CVE-2020-1967.
Red Hat OpenShift Master 3.11.200 3.11.216 See the Red Hat OpenShift release notes.
RHEL 7 Packages Worker 3.10.0-1127.el7 3.10.0-1127.8.2.el7 Updated worker node images with kernel package updates for CVE-2017-18595, CVE-2019-19768, and CVE-2020-10711.

Change log for worker node fix pack 3.11.216_1550_openshift, released 11 May 2020

The following table shows the changes that are in the worker node fix pack update 3.11.216_1550_openshift. Worker node patch updates can be applied by updating or reloading the worker node

Changes since version 3.11.200_1549_openshift
Component Previous Current Description
Red Hat OpenShift node 3.11.200 3.11.216 See the Red Hat OpenShift release notes.

Change log for worker node fix pack 3.11.200_1549_openshift, released 27 April 2020

The following table shows the changes that are in the worker node fix pack update 3.11.200_1549_openshift. Worker node patch updates can be applied by updating or reloading the worker node

Changes since version 3.11.200_1546_openshift
Component Previous Current Description
HA proxy 1.8.25-30b675 1.8.25-adb65d Update addresses CVE-2020-1967.
RHEL 7 Packages N/A N/A Updated worker node images with package updates for CVE-2019-19921.

Change log for master fix pack 3.11.200_1548_openshift, released 23 April 2020

The following table shows the changes that are in the master fix pack update 3.11.200_1548_openshift. Master patch updates are applied automatically.

Changes since version 3.11.200_1546_openshift
Component Previous Current Description
Calico configuration N/A N/A Updated to allow egress from the worker nodes via the allow-vrrp GlobalNetworkPolicy.
Cluster health N/A v1.1.1 Cluster health now includes more add-on status information.
IBM Cloud Controller Manager v1.15.10-252 v1.15.11-274 Updated to support the Kubernetes 1.15.11 release and to use Go version 1.12.17.
IBM Cloud Paks N/A N/A Fixed ClusterImagePolicies resources that are installed by IBM Cloud Paks which prevent cluster master operations from succeeding.
Key Management Service provider 277 v1.0.0 Updated the IBM Key Protect Go client.
Red Hat OpenShift 3.11.170 3.11.200 See the Red Hat OpenShift release notes.
OpenVPN client N/A N/A Fixed a problem that might cause the vpn-config secret in the kube-system project to be deleted during cluster master operations.

Change log for worker node fix pack 3.11.200_1546_openshift, released 13 April 2020

The following table shows the changes that are in the worker node fix pack update 3.11.200_1546_openshift. Worker node patch updates can be applied by updating or reloading the worker node

Changes since version 3.11.188_1545_openshift
Component Previous Current Description
HA proxy 1.8.23 1.8.25 See the HA proxy change logs. Contains update for CVE-2020-11100.
Red Hat OpenShift node 3.11.188 3.11.200 See the Red Hat OpenShift release notes.
RHEL 7 Packages 3.10.0-1062.18.1.el7 3.10.0-1127.el7 Updated worker node images with package and kernel updates for CVE-2015-2716, CVE-2015-8035, CVE-2015-9289, CVE-2016-5131, CVE-2017-1000476, CVE-2017-11166, CVE-2017-12805, CVE-2017-12806, CVE-2017-15412, CVE-2017-17807, CVE-2017-18251, CVE-2017-18252, CVE-2017-18254, CVE-2017-18258, CVE-2017-18271, CVE-2017-18273, CVE-2017-6519, CVE-2018-10177, CVE-2018-10360, CVE-2018-10804, CVE-2018-10805, CVE-2018-1116, CVE-2018-11656, CVE-2018-12599, CVE-2018-12600, CVE-2018-13153, CVE-2018-14404, CVE-2018-14434, CVE-2018-14435, CVE-2018-14436, CVE-2018-14437, CVE-2018-14567, CVE-2018-15607, CVE-2018-16328, CVE-2018-16749, CVE-2018-16750, CVE-2018-18544, CVE-2018-18751, CVE-2018-19985, CVE-2018-20169, CVE-2018-20467, CVE-2018-20852, CVE-2018-5745, CVE-2018-7191, CVE-2018-8804, CVE-2018-9133, CVE-2019-10131, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-10650, CVE-2019-11190, CVE-2019-11470, CVE-2019-11472, CVE-2019-11597, CVE-2019-11598, CVE-2019-11884, CVE-2019-12382, CVE-2019-12974, CVE-2019-12975, CVE-2019-12976, CVE-2019-12978, CVE-2019-12979, CVE-2019-13133, CVE-2019-13134, CVE-2019-13135, CVE-2019-13233, CVE-2019-13295, CVE-2019-13297, CVE-2019-13300, CVE-2019-13301, CVE-2019-13304, CVE-2019-13305, CVE-2019-13306, CVE-2019-13307, CVE-2019-13309, CVE-2019-13310, CVE-2019-13311, CVE-2019-13454, CVE-2019-13648, CVE-2019-14283, CVE-2019-14980, CVE-2019-14981, CVE-2019-15139, CVE-2019-15140, CVE-2019-15141, CVE-2019-15221, CVE-2019-15916, CVE-2019-16056, CVE-2019-16708, CVE-2019-16709, CVE-2019-16710, CVE-2019-16711, CVE-2019-16712, CVE-2019-16713, CVE-2019-16746, CVE-2019-16884, CVE-2019-17041, CVE-2019-17042, CVE-2019-17540, CVE-2019-17541, CVE-2019-18660, CVE-2019-19948, CVE-2019-19949, CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2805, CVE-2019-3820, CVE-2019-3901, CVE-2019-5436, CVE-2019-6465, CVE-2019-6477, CVE-2019-7175, CVE-2019-7397, CVE-2019-7398, CVE-2019-9503, CVE-2019-9924, CVE-2019-9956, CVE-2020-1702, andCVE-2020-8945.

Change log for worker node fix pack 3.11.188_1545_openshift, released 30 March 2020

The following table shows the changes that are in the worker node fix pack update 3.11.188_1545_openshift. Worker node patch updates can be applied by updating or reloading the worker node

Changes since version 3.11.170_1544_openshift
Component Previous Current Description
RHEL 7 packages 3.10.0-1062.12.1.el7 3.10.0-1062.18.1.el7 Updated worker node images with package and kernel updates for CVE-2019-19921, CVE-2019-11487, CVE-2019-17666, and CVE-2019-19338.
Red Hat OpenShift node 3.11.170 3.11.188 See the Red Hat OpenShift release notes.

Change log for 3.11.170_1544_openshift, released 16 March 2020

The following table shows the changes that are in the master and worker node update 3.11.170_1544_openshift. Master patch updates are applied automatically. Worker node patch updates can be applied by updating or reloading the worker node For more information, see Update types.

Changes since version 3.11.170_1543
Component Location Previous Current Description
Calico Master v3.6.5 v3.8.6 See the Calico release notes.
Cluster health Master N/A N/A Cluster health status now includes links to IBM Cloud documentation.
Red Hat OpenShift Both 3.11.161 3.11.170 See the Red Hat OpenShift release notes.
RHEL 7 Packages Worker N/A N/A Updated worker node images with package updates for CVE-2020-8597.

Change log for master fix pack 3.11.161_1542_openshift, released 18 February 2020

The following table shows the changes that are in the master fix pack update 3.11.161_1542_openshift. Master patch updates are applied automatically.

Changes since version 3.11.161_1540_openshift
Component Previous Current Description
Cluster master HA configuration N/A N/A Updated configuration to improve availability during cluster master operations.
Heapster v1.5.4 v3.11.161 Replaces Kubernetes Heapster with Red Hat OpenShift Heapster.
IBM Cloud Controller Manager v1.15.9-240 v1.15.10-252 Updated to support the Kubernetes 1.15.10 release.

Change log for worker node fix pack 3.11.170_1543_openshift, released 17 February 2020

The following table shows the changes that are in the worker node fix pack update 3.11.170_1543_openshift. Worker node patch updates can be applied by updating or reloading the worker node

Changes since version 3.11.161_1542_openshift
Component Previous Current Description
Red Hat OpenShift node 3.11.161 3.11.170 See the Red Hat OpenShift release notes. Fixes CVE-2019-11244.

Change log for worker node fix pack 3.11.161_1542_openshift, released 17 February 2020

The following table shows the changes that are in the worker node fix pack update 3.11.161_1542_openshift. Worker node patch updates can be applied by updating or reloading the worker node

Changes since version 3.11.161_1540_openshift
Component Previous Current Description
RHEL 7 packages 3.10.0-1062.9.1.el7 3.10.0-1062.12.1.el7 Updated worker node images with kernel and package updates for CVE-2019-18408, CVE-2019-13734, CVE-2019-14816, CVE-2019-14895, CVE-2019-14898, CVE-2019-14901, and CVE-2019-17133.

Change log for worker node fix pack 3.11.161_1540_openshift, released 3 February 2020

The following table shows the changes that are in the worker node fix pack 3.11.161_1540_openshift.

Changes since version 3.11.161_1538_openshift
Component Previous Current Description
RHEL 7 packages N/A N/A Updated worker node images with package updates for CVE-2019-13734 and CVE-2019-18408.

Change log for master fix pack 3.11.161_1539_openshift, released 3 February 2020

The following table shows the changes that are in the master fix pack 3.11.161_1539_openshift.

Changes since version 3.11.161_1538_openshift
Component Previous Current Description
Cluster ingress route configuration N/A N/A Fixed a bug that reset ingress route configurations to the default subdomain in clusters that were created with version 3.11.141_1524 or earlier.
IBM Cloud Controller Manager v1.15.7-229 v1.15.9-240 Updated to support the Kubernetes 1.15.9 release. Updated to use calicoctl version 3.8.6.
IBM Cloud File Storage for Classic plug-in and monitor 357 358 Image updated for CVE-2019-5188.
OpenVPN server N/A N/A OpenVPN server is now restarted during the cluster master refresh operation.

Change log for 3.11.161_1538_openshift, released 20 January 2020

The following table shows the changes that are in the patch 3.11.161_1538_openshift.

Changes since version 3.11.154_1537
Component Previous Current Description
Cluster master HA Proxy 1.8.21-alpine 1.8.23-alpine See the HA proxy release notes. Update resolves CVE-2019-1551.
etcd v3.3.17 v3.3.18 See the etcd release notes. Update resolves CVE-2019-1551.
IBM Cloud Controller Manager v1.15.6-200 v1.15.7-229 Updated to support the Kubernetes 1.15.7 release.
IBM Cloud File Storage for Classic plug-in and monitor 354 357 Made the ibmc-block-gold storage class the default storage class for new clusters only. The default storage class for existing clusters is unchanged. Added the following storage classes: ibmc-file-bronze-gid, ibmc-file-silver-gid, and ibmc-file-gold-gid. Fixed bugs in support of non-root user access to an NFS file share. Resolved CVE-2019-1551.
Key Management Service provider 270 277 Updated the IBM Key Protect Go client.
Load balancer and load balancer monitor for IBM Cloud Provider 159 169 Updated image for CVE-2019-1551.
Red Hat OpenShift 3.11.154 3.11.161 See the Red Hat OpenShift release notes.
Red Hat OpenShift router configuration N/A N/A Improved general availability of the Red Hat OpenShift router and enhanced the configuration for multizone clusters. Now, the router runs 3 pods with a scheduling configuration that prefers running pods across worker nodes and zones.
OpenVPN server 2.4.6-r3-IKS-121 2.4.6-r3-IKS-131 Updated image for CVE-2019-1551.

Change log for worker node fix pack 3.11.157_1537_openshift, released 23 December 2019

The following table shows the changes that are in the worker node fix pack 3.11.157_1537_openshift.

Changes since version 3.11.154_1534
Component Previous Current Description
RHEL 7 packages N/A N/A Updated worker node images with package updates for CVE-2019-11729 and CVE-2019-11745.
Red Hat OpenShift node 3.11.154 3.11.157 See the Red Hat OpenShift release notes.
Maximum process IDs (PIDs) for pods N/A N/A Updated to support scaling the maximum allowed pod process IDs (PIDs) based on the worker node machine type.

Change log for master fix pack 3.11.154_1536_openshift, released 17 December 2019

The following table shows the changes that are in the master fix pack 3.11.154_1536_openshift.

Changes since version 3.11.154_1534
Component Previous Current Description
IBM Cloud Block Storage driver and plug-in N/A N/A Fixed a bug that might prevent updating the driver and plug-in components.
IBM Cloud File Storage for Classic plug-in and monitor 353 354 Updated to support non-root user access to an NFS file share by allocating a group ID (GID) in the storage class.
IBM Cloud Controller Manager v1.15.6-182 v1.15.6-200 Updated version 1.0 and 2.0 network load balancers (NLBs) to prefer scheduling NLB pods on worker nodes that don't currently run any NLB pods. In addition, the Virtual Private Cloud (VPC) load balancer plug-in is updated to use Go version 1.12.11.
Key Management Service provider 254 270 Improves performance of secret management by minimizing the number of data encryption keys (DEKs) that are used to unwrap secrets in the cluster. In addition, the IBM Key Protect Go client is updated.

Change log for worker node fix pack 3.11.154_1534_openshift, released 9 December 2019

The following table shows the changes that are in the worker node fix pack 3.11.154_1534_openshift.

Changes since version 3.11.153_1533
Component Previous Current Description
RHEL 7 kernel and packages 3.10.0-1062.4.3.el7 3.10.0-1062.9.1.el7 Updated worker node images with kernel and package updates for CVE-2019-14821 and CVE-2019-15239.

Change log for worker node fix pack 3.11.154_1533_openshift, released 25 November 2019

The following table shows the changes that are in the worker node fix pack 3.11.154_1533_openshift.

Changes since version 3.11.153_1530
Component Previous Current Description
Red Hat OpenShift node 3.11.153 3.11.154 See the Red Hat OpenShift release notes.
RHEL 7 kernel and packages 3.10.0-1062.4.1.el7 3.10.0-1062.4.3.el7 Updated worker node images with kernel and package updates for CVE-2018-12207, CVE-2019-0154, CVE-2019-11135, and CVE-2019-0155.

Change log for master fix pack 3.11.154_1533_openshift, released 21 November 2019

The following table shows the changes that are in the master fix pack 3.11.154_1533_openshift.

Changes since version 3.11.153_1530
Component Previous Current Description
IBM Cloud Block Storage driver and plug-in 1.15.2 1.15.4 Updated to use Go version 1.13.4.
IBM Cloud File Storage for Classic plug-in and monitor 350 353 Updated to use the distroless/static base image and to use Go version 1.12.11.
IBM Cloud Controller Manager v1.15.5-119 v1.15.6-182 Updated to support the Kubernetes 1.15.6 release. Updated to use Go version 1.12.12 and calicoctl version v3.8.4.
Key Management Service provider 237 254 Updated to use Go version 1.12.13.
Red Hat OpenShift 3.11.153 3.11.154 See the Red Hat OpenShift release notes. Update resolves CVE-2019-11253 (see the IBM security bulletin).

Change log for worker node fix pack 3.11.153_1530_openshift, released 11 November 2019

The following table shows the changes that are in the worker node fix pack 3.11.153_1530_openshift.

Changes since version 3.11.146_1529
Component Previous Current Description
RHEL 7 packages N/A N/A Updated worker node images with package updates.

Change log for worker node fix pack 3.11.153_1529_openshift, released 28 October 2019

The following table shows the changes that are in the worker node fix pack 3.11.153_1529_openshift.

Changes since version 3.11.146_1528
Component Previous Current Description
Red Hat OpenShift node 3.11.146 3.11.153 See the Red Hat OpenShift release notes.
RHEL 7 packages and kernel 3.10.0-1062.1.2.el7 3.10.0-1062.4.1.el7 Updated worker node images with kernel and package updates for CVE-2019-14835, CVE-2019-14287, CVE-2019-3846 CVE-2019-10126, CVE-2019-9506, and CVE-2018-20856.

Change log for master fix pack 3.11.146_1528_openshift, released 22 October 2019

The following table shows the changes that are in the master fix pack 3.11.146_1528_openshift.

Changes since version 3.11.146_1527
Component Previous Current Description
etcd v3.3.15 v3.3.17 See the etcd release notes. Update resolves CVE-2019-1547, CVE-2019-1549, and CVE-2019-1563.
IBM Cloud Block Storage driver and plug-in N/A N/A Fixed a bug so that the driver and plug-in components can be updated.
IBM Cloud Controller Manager v1.15.3-112 v1.15.5-119 Updated to support the Kubernetes 1.15.5 release. Update resolves CVE-2019-16276.
IBM Cloud File Storage for Classic plug-in and monitor 349 350 Updated image for CVE-2019-1547, CVE-2019-1549, and CVE-2019-1563.
Key Management Service provider 221 237 Updated image for CVE-2019-16276.
Load balancer and load balancer monitor for IBM Cloud provider 153 159 Updated image for CVE-2019-1547, CVE-2019-1549, CVE-2019-1563, and CVE-2019-16276.

Change log for worker node fix pack 3.11.146_1527_openshift, released 14 October 2019

The following table shows the changes that are in the worker node fix pack 3.11.146_1527_openshift.

Changes since version 3.11.146_1525
Component Previous Current Description
RHEL 7 packages and kernel N/A N/A Updated worker node images with package updates.

Change log for master fix pack 3.11.146_1526_openshift, released 4 October 2019

The following table shows the changes that are in the master fix pack 3.11.146_1526_openshift.

Changes since version 3.11.146_1525
Component Previous Current Description
Default IBM security context constraints N/A N/A To support IBM Cloud Paks, the seLinuxContext setting is changed from MustRunAs to RunAsAny for the following default IBM security context constraints: ibm-anyuid-hostaccess-scc, ibm-anyuid-hostpath-scc, and ibm-anyuid-scc.

Change log for 3.11.146_1525_openshift, released 3 October 2019

The following table shows the changes that are in the patch 3.11.146_1525_openshift.

Changes since version 3.11.141_1524
Component Previous Current Description
Calico v3.6.4 v3.6.4 See the Calico release notes.
IBM Cloud Block Storage driver and plug-in 1.15.1 1.15.2 Fixed an issue that might cause worker nodes to fail in a NotReady status or pods not to start because of networking errors.
IBM Cloud Controller Manager v1.11.10-286 v1.15.3-112 Updated to support the Kubernetes 1.15.3 release.
Red Hat OpenShift 3.11.141 3.11.146 See the Red Hat OpenShift release notes. Update resolves CVE-2019-11247 (see the IBM security bulletin) and CVE-2019-11249 (see the IBM security bulletin).
OpenVPN server 2.4.6-r3-IKS-115 2.4.6-r3-IKS-121 Image updated for CVE-2019-1547 and CVE-2019-1563.
RHEL 7 packages and kernel 3.10.0-1062.1.1 3.10.0-1062.1.2 Updated worker node images with kernel and package updates for CVE-2019-1125.

Change log for 3.11.141_1524_openshift, released 16 September 2019

The following table shows the changes that are in the patch 3.11.141_1524_openshift.

Changes since version 3.11.135_1523
Component Previous Current Description
Key Management Service provider 212 216 Improved Kubernetes key management service provider caching of IBM Cloud IAM tokens. In addition, fixed a problem with Kubernetes secret decryption when the cluster's root key is rotated.
Red Hat OpenShift 3.11.135 3.11.141 See the Red Hat OpenShift release notes.
RHEL 7 packages and kernel 3.10.0-1062 3.10.0-1062.1.1 Updated worker node images with kernel and package updates for CVE-2019-1125 and CVE-2019-9500.

Change log for worker node fix pack 3.11.135_1523_openshift, released 3 September 2019

The following table shows the changes that are in the worker node fix pack 3.11.135_1523_openshift.

Changes since version 3.11.135_1521
Component Previous Current Description
RHEL 7 packages N/A N/A Updated worker node images with package updates.

Change log for master fix pack 3.11.135_1522_openshift, released 28 August 2019

The following table shows the changes that are in the master fix pack 3.11.135_1522_openshift.

Changes since version 3.11.135_1521
Component Previous Current Description
Default IBM security context constraints N/A N/A Added ibm-restricted-scc to Default IBM security context constraints.
etcd v3.3.13 v3.3.15 See the etcd release notes. Update resolves CVE-2019-9512, CVE-2019-9514, and CVE-2019-14809.
IBM Cloud File Storage for Classic plug-in 348 349 Image updated for CVE-2019-9512, CVE-2019-9514, and CVE-2019-14809.
Key Management Service provider 207 212 Image updated for CVE-2019-9512, CVE-2019-9514, and CVE-2019-14809.
Load balancer and load balancer monitor for IBM Cloud Provider 147 148 Image updated for CVE-2019-9512, CVE-2019-9514, and CVE-2019-14809.

Change log for worker node fix pack 3.11.135_1521_openshift, released 19 August 2019

The following table shows the changes that are in the worker node fix pack 3.11.135_1521_openshift.

Changes since version 3.11.129_1518
Component Previous Current Description
Cluster master HA Proxy 2.0.1-alpine 1.8.21-alpine Moved to HA Proxy 1.8 to fix socket leak in HA Proxy. Added a liveliness check to monitor the health of HA Proxy. For more information about other changes, see release notes.
Red Hat OpenShift node 3.11.129 3.11.135 For more information, see the Red Hat OpenShift release notes.
RHEL 7 kernel 3.10.0-957.21.3.el7 3.10.0-1062.el7 Updated worker node images with kernel and package updates for CVE-2018-16881, CVE-2019-6470, CVE-2018-14618, CVE-2018-16062, CVE-2018-16402, CVE-2018-16403, CVE-2018-18310, CVE-2018-18520, CVE-2018-18521, CVE-2019-7149, CVE-2019-7150, CVE-2019-7664, CVE-2019-7665, CVE-2016-10739, CVE-2018-16871, CVE-2018-16884, CVE-2019-11085, CVE-2019-11811, CVE-2018-15686, CVE-2018-16866, CVE-2018-16888, CVE-2018-12327, CVE-2018-12641, CVE-2018-12697, CVE-2018-1000876, CVE-2018-16842, CVE-2018-5741, CVE-2018-0495, CVE-2018-12404, CVE-2018-1122, CVE-2018-7755, CVE-2018-8087, CVE-2018-9363, CVE-2018-9516, CVE-2018-9517, CVE-2018-10853, CVE-2018-13053, CVE-2018-13093, CVE-2018-13094, CVE-2018-13095, CVE-2018-14625, CVE-2018-14734, CVE-2018-15594, CVE-2018-16658, CVE-2018-16885, CVE-2018-18281, CVE-2019-3459, CVE-2019-3460, CVE-2019-3882, CVE-2019-3900, CVE-2019-5489, CVE-2018-18074, CVE-2019-3858, CVE-2019-3861, CVE-2019-3862, CVE-2018-14647, CVE-2019-5010, CVE-2019-9740, CVE-2019-9947, CVE-2019-9948, CVE-2017-14503, CVE-2018-1000877, CVE-2018-1000878, CVE-2019-1000019, CVE-2019-1000020, CVE-2018-3058, CVE-2018-3063, CVE-2018-3066, CVE-2018-3081, CVE-2018-3282, CVE-2019-2503, CVE-2019-2529, CVE-2019-2614, CVE-2019-2627, CVE-2018-14348, CVE-2018-15473, CVE-2018-5383, CVE-2018-19788, CVE-2018-0734, CVE-2019-1559, CVE-2018-20060, and CVE-2019-11236.

Change log for master fix pack 3.11.135_1521_openshift, released 17 August 2019

The following table shows the changes that are in the master fix pack 3.11.135_1521_openshift.

Changes since version 3.11.135_1520
Component Previous Current Description
Key Management Service provider 167 207 Fixed an issue that causes the Kubernetes key management service (KMS) provider to fail to manage Kubernetes secrets.

Change log for master fix pack 3.11.135_1520_openshift, released 15 August 2019

The following table shows the changes that are in the master fix pack 3.11.135_1520_openshift.

Changes since version 3.11.129_1517
Component Previous Current Description
Calico configuration N/A N/A Calico calico-kube-controllers deployment in the kube-system namespace sets a memory limit on the calico-kube-controllers container.
IBM Cloud Block Storage driver and plug-in 1.15 1.15.1 Image updated for CVE-2019-14697.
IBM Cloud File Storage for Classic plug-in 347 348 Image updated for CVE-2019-14697.
Load balancer and load balancer monitor for IBM Cloud Provider 146 147 Image updated for CVE-2019-14697.
Red Hat OpenShift 3.11.129 3.11.135 See the Red Hat OpenShift release notes.
OpenVPN client 2.4.6-r3-IKS-90 2.4.6-r3-IKS-116 Image updated for CVE-2019-14697.
OpenVPN server 2.4.6-r3-IKS-25 2.4.6-r3-IKS-115 Image updated for CVE-2019-14697.

Change log for worker node patch 3.11.129_1518_openshift, released 5 August 2019

The following table shows the changes that are in the worker node patch 3.11.129_1518_openshift.

Changes since version 3.11.129_1517
Component Previous Current Description
RHEL 7 packages N/A N/A Updated base packages in the worker node Red Hat Enterprise Linux image.

Change log for 3.11.129_1517_openshift, released 2 August 2019

The following table shows the changes that are in the patch 3.11.129_1517_openshift.

Changes since version 3.11.129_1515
Component Previous Current Description
Cluster DNS configuration N/A N/A For security reasons, enhanced local dnsmasq cache to listen on only localhost. Changed the DNS targetPort for the kubernetes cluster service from 8053 to 53.
Cluster master HA proxy 1.9.7-alpine 2.0.1-alpine See the HA proxy release notes.
Cluster router configuration N/A N/A Fixed bugs that might cause cluster master operations, such as refresh or update, to fail when the router configuration is updated. These fixes also improve master availability during such operations.