4.20 version change log

View information of version changes for major, minor, and patch updates that are available for your Red Hat® OpenShift® on IBM Cloud® clusters that run this version. Changes include updates to Red Hat OpenShift, Kubernetes, and IBM Cloud Provider components.

Overview

Unless otherwise noted in the change logs, the IBM Cloud provider version enables Red Hat OpenShift APIs and features that are at beta. Red Hat OpenShift alpha features are disabled and subject to change.

Check the Security Bulletins on IBM Cloud Status for security vulnerabilities that affect Red Hat OpenShift on IBM Cloud. You can filter the results to view only Kubernetes Service security bulletins that are relevant to Red Hat OpenShift on IBM Cloud. Change log entries that address other security vulnerabilities but don't include an IBM security bulletin are for vulnerabilities that are not known to affect Red Hat OpenShift on IBM Cloud in normal usage. If you run privileged containers, run commands on the workers, or execute untrusted code, then you might be at risk.

Master patch updates are applied automatically. Worker node patch updates can be applied by reloading or updating the worker nodes. For more information about major, minor, and patch versions and preparation actions between minor versions, see Red Hat OpenShift versions.

Version 4.20

Master fix pack 4.20.23_1551_openshift, released 26 June 2026

The following table shows the components that are in the master fix pack 4.20.23_1551_openshift. Master patch updates are applied automatically.

4.20.23_1551_openshift fix pack.
Component	Description
Cluster health image v1.6.16	New version contains updates and security fixes.
etcd v3.5.30	See the etcd release notes.
IBM Cloud Block Storage driver and plug-in v2.5.26	New version contains updates and security fixes.
IBM Cloud Controller Manager v1.33.12-2	New version contains updates and security fixes.
IBM Cloud File Storage for Classic plug-in and monitor v455	New version contains updates and security fixes.
Key Management Service provider 2.10.25	New version contains updates and security fixes.
Portieris admission controller v0.14.0	See the Portieris admission controller release notes
Red Hat OpenShift on IBM Cloud 4.20.23	See the Red Hat OpenShift on IBM Cloud release notes.

Worker node fix pack 4.20.24_1552_openshift, released 15 June 2026

The following table shows the components included in the worker node fix pack 4.20.24_1552_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

4.20.24_1552_openshift fix pack.
Component	Description
RHEL 9 (VPC) 5.14.0-570.116.1.el9_6	Resolves the following CVEs: CVE-2026-5119.
RHEL 9 (Satellite) 5.14.0-570.62.1.el9_6	N/A
RHEL 9 (Classic) 5.14.0-570.116.1.el9_6	N/A
Red Hat OpenShift 4.20.24	For more information, see the change logs.
Red Hat CoreOS 4.20.24	For more information, see the change logs.
HAProxy d4656f400ca14059e1b5b8ef8078b4903290791a	Resolves the following CVEs: CVE-2026-45186.

Worker node fix pack 4.20.23_1550_openshift, released 03 June 2026

The following table shows the components included in the worker node fix pack 4.20.23_1550_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

4.20.23_1550_openshift fix pack.
Component	Description
RHEL 9 (VPC) 5.14.0-570.116.1.el9_6	Resolves the following CVEs: RHSA-2026:21392, CVE-2026-4802, RHSA-2026:18042, CVE-2026-39979, CVE-2026-40164, RHSA-2026:16312, CVE-2026-43284, RHSA-2026:20129, CVE-2026-46300, CVE-2026-46333, RHSA-2026:19458, CVE-2026-4878, RHSA-2026:18031, CVE-2026-41651, RHSA-2026:19576, CVE-2026-4786, CVE-2026-6100, RHSA-2026:20603, CVE-2024-12086, CVE-2025-10158, CVE-2026-41035, RHSA-2026:19457, CVE-2025-14087, CVE-2025-14512, RHSA-2026:20548, and CVE-2026-33416.
RHEL 9 (Satellite) 5.14.0-570.62.1.el9_6	N/A
RHEL 9 (Classic) 5.14.0-570.116.1.el9_6	Resolves the following CVEs: RHSA-2026:18042, CVE-2026-39979, CVE-2026-40164, RHSA-2026:16312, CVE-2026-43284, RHSA-2026:20129, CVE-2026-46300, CVE-2026-46333, RHSA-2026:19458, CVE-2026-4878, RHSA-2026:19576, CVE-2026-4786, CVE-2026-6100, RHSA-2026:19457, CVE-2025-14087, CVE-2025-14512, RHSA-2026:20548, and CVE-2026-33416.
Red Hat OpenShift 4.20.23	For more information, see the change logs.
Red Hat CoreOS 4.20.23	For more information, see the change logs.
HAProxy 0e0730588ba21878845cdb0bee615a371a489a02	Resolves the following CVEs: CVE-2026-4046, CVE-2026-33846, CVE-2026-42010, CVE-2026-5260, CVE-2026-42014, CVE-2026-3833, CVE-2026-42015, CVE-2026-33845, CVE-2026-42011, CVE-2026-42009, CVE-2026-42013, and CVE-2026-42012.

Master fix pack 4.20.21_1548_openshift, released 22 May 2026

The following table shows the components that are in the master fix pack 4.20.21_1548_openshift. Master patch updates are applied automatically.

4.20.21_1548_openshift fix pack.
Component	Description
Calico v3.30.7	See the Calico release notes.
etcd v3.5.29	See the etcd release notes.
IBM Cloud Controller Manager v1.33.11-3	New version contains updates and security fixes.
Key Management Service provider 2.10.24	New version contains updates and security fixes.
Portieris admission controller v0.13.38	See the Portieris admission controller release notes
Red Hat OpenShift on IBM Cloud 4.20.21	See the Red Hat OpenShift on IBM Cloud release notes.
Tigera Operator v1.38.13	See the Tigera Operator release notes.

Worker node fix pack 4.20.22_1549_openshift, released 20 May 2026

The following table shows the components included in the worker node fix pack 4.20.22_1549_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

4.20.22_1549_openshift fix pack.
Component	Description
RHEL 9 (VPC) 5.14.0-570.112.1.el9_6	Resolves the following CVEs: RHSA-2025:22392, CVE-2025-38724, CVE-2025-39864, CVE-2025-39881, CVE-2025-39883, CVE-2025-39918, CVE-2025-39955, CVE-2025-40186, RHSA-2026:0457, CVE-2025-23142, CVE-2025-39806, CVE-2025-39981, CVE-2025-39983, CVE-2025-40176, CVE-2025-68287, RHSA-2026:0804, CVE-2025-21795, CVE-2025-37849, CVE-2025-37891, CVE-2025-39697, CVE-2025-40154, CVE-2025-68285, RHSA-2026:14339, CVE-2024-53216, CVE-2025-68741, CVE-2026-23243, CVE-2026-23401, CVE-2026-31431, CVE-2026-31532, CVE-2026-43077, RHSA-2026:16312, CVE-2026-43284, RHSA-2026:1703, CVE-2025-21863, CVE-2025-40248, CVE-2025-68301, RHSA-2026:16059, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414, RHSA-2026:13889, CVE-2026-35535, RHSA-2025:21563, CVE-2024-56690, RHSA-2025:21933, CVE-2025-39898, CVE-2025-39971, CVE-2025-39973, CVE-2025-40047, RHSA-2025:22802, CVE-2025-39966, RHSA-2025:23789, CVE-2025-39843, CVE-2025-39925, RHSA-2026:11313, CVE-2026-23097, CVE-2026-31402, RHSA-2026:1194, CVE-2023-53034, CVE-2025-37761, CVE-2025-37789, CVE-2025-37819, CVE-2025-37869, CVE-2025-38289, CVE-2025-40141, CVE-2025-40251, CVE-2025-40258, CVE-2025-40277, CVE-2025-40318, RHSA-2026:2352, CVE-2024-54456, CVE-2025-21647, CVE-2025-21786, CVE-2025-21791, CVE-2025-38022, CVE-2025-38051, CVE-2025-38568, CVE-2025-40294, CVE-2025-40322, CVE-2025-68349, RHSA-2026:2759, CVE-2025-37882, CVE-2025-38349, CVE-2025-38730, CVE-2025-39760, CVE-2025-39933, CVE-2025-40269, CVE-2025-40271, CVE-2025-40304, RHSA-2026:3088, CVE-2025-37861, CVE-2025-38106, CVE-2025-38415, RHSA-2026:3520, CVE-2025-38154, RHSA-2026:4011, CVE-2024-47727, CVE-2024-56603, CVE-2025-22056, CVE-2025-38024, CVE-2025-38129, CVE-2025-38141, CVE-2025-38703, RHSA-2026:4745, CVE-2024-53229, CVE-2025-38206, CVE-2025-40240, CVE-2025-68811, CVE-2025-71085, RHSA-2026:5197, CVE-2025-38248, CVE-2026-23001, RHSA-2026:6164, CVE-2024-56645, CVE-2025-40096, CVE-2025-68800, CVE-2026-23209, RHSA-2026:6940, CVE-2025-38180, CVE-2026-23231, RHSA-2026:9112, CVE-2026-23066, CVE-2026-23111, CVE-2026-23144, CVE-2026-23171, CVE-2026-23193, CVE-2026-23204, RHSA-2026:17524, and CVE-2026-33636.
RHEL 9 (Classic) 5.14.0-570.112.1.el9_6	Resolves the following CVEs: RHSA-2026:2229, CVE-2025-6176, RHSA-2025:21773, CVE-2025-59375, RHSA-2026:1229, CVE-2025-68973, RHSA-2026:18042, CVE-2026-39979, CVE-2026-40164, RHSA-2025:22392, CVE-2025-38724, CVE-2025-39864, CVE-2025-39881, CVE-2025-39883, CVE-2025-39918, CVE-2025-39955, CVE-2025-40186, RHSA-2026:0457, CVE-2025-23142, CVE-2025-39806, CVE-2025-39981, CVE-2025-39983, CVE-2025-40176, CVE-2025-68287, RHSA-2026:0804, CVE-2025-21795, CVE-2025-37849, CVE-2025-37891, CVE-2025-39697, CVE-2025-40154, CVE-2025-68285, RHSA-2026:14339, CVE-2024-53216, CVE-2025-68741, CVE-2026-23243, CVE-2026-23401, CVE-2026-31431, CVE-2026-31532, CVE-2026-43077, RHSA-2026:16312, CVE-2026-43284, RHSA-2026:1703, CVE-2025-21863, CVE-2025-40248, CVE-2025-68301, RHSA-2026:7105, CVE-2026-4111, RHSA-2026:8866, CVE-2026-4424, CVE-2026-5121, RHSA-2026:19458, CVE-2026-4878, RHSA-2026:0210, CVE-2025-64720, CVE-2025-65018, CVE-2025-66293, RHSA-2026:3576, CVE-2026-22695, CVE-2026-22801, CVE-2026-25646, RHSA-2026:8548, CVE-2026-27135, RHSA-2026:16059, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414, RHSA-2026:9415, CVE-2026-3497, RHSA-2026:1503, CVE-2025-15467, CVE-2025-69419, RHSA-2026:1729, CVE-2025-66418, CVE-2025-66471, CVE-2026-21441, RHSA-2026:9354, CVE-2026-4519, RHSA-2025:21067, CVE-2025-11561, RHSA-2026:13889, CVE-2026-35535, RHSA-2026:6539, CVE-2026-25749, CVE-2026-28417, CVE-2026-28421, CVE-2026-33412, RHSA-2025:23400, CVE-2025-11083, RHSA-2025:23043, CVE-2025-9086, RHSA-2026:1465, CVE-2025-13601, RHSA-2026:19457, CVE-2025-14087, CVE-2025-14512, RHSA-2026:6630, CVE-2025-14831, RHSA-2026:4823, CVE-2025-61662, RHSA-2025:21563, CVE-2024-56690, RHSA-2025:21933, CVE-2025-39898, CVE-2025-39971, CVE-2025-39973, CVE-2025-40047, RHSA-2025:22802, CVE-2025-39966, RHSA-2025:23789, CVE-2025-39843, CVE-2025-39925, RHSA-2026:11313, CVE-2026-23097, CVE-2026-31402, RHSA-2026:1194, CVE-2023-53034, CVE-2025-37761, CVE-2025-37789, CVE-2025-37819, CVE-2025-37869, CVE-2025-38289, CVE-2025-40141, CVE-2025-40251, CVE-2025-40258, CVE-2025-40277, CVE-2025-40318, RHSA-2026:2352, CVE-2024-54456, CVE-2025-21647, CVE-2025-21786, CVE-2025-21791, CVE-2025-38022, CVE-2025-38051, CVE-2025-38568, CVE-2025-40294, CVE-2025-40322, CVE-2025-68349, RHSA-2026:2759, CVE-2025-37882, CVE-2025-38349, CVE-2025-38730, CVE-2025-39760, CVE-2025-39933, CVE-2025-40269, CVE-2025-40271, CVE-2025-40304, RHSA-2026:3088, CVE-2025-37861, CVE-2025-38106, CVE-2025-38415, RHSA-2026:3520, CVE-2025-38154, RHSA-2026:4011, CVE-2024-47727, CVE-2024-56603, CVE-2025-22056, CVE-2025-38024, CVE-2025-38129, CVE-2025-38141, CVE-2025-38703, RHSA-2026:4745, CVE-2024-53229, CVE-2025-38206, CVE-2025-40240, CVE-2025-68811, CVE-2025-71085, RHSA-2026:5197, CVE-2025-38248, CVE-2026-23001, RHSA-2026:6164, CVE-2024-56645, CVE-2025-40096, CVE-2025-68800, CVE-2026-23209, RHSA-2026:6940, CVE-2025-38180, CVE-2026-23231, RHSA-2026:9112, CVE-2026-23066, CVE-2026-23111, CVE-2026-23144, CVE-2026-23171, CVE-2026-23193, CVE-2026-23204, RHSA-2026:17524, CVE-2026-33636, RHSA-2026:0428, CVE-2025-5987, RHSA-2025:22377, CVE-2025-9714, RHSA-2026:3941, CVE-2025-12801, RHSA-2026:0693, CVE-2025-61984, CVE-2025-61985, RHSA-2025:21174, CVE-2025-9230, RHSA-2026:2275, CVE-2025-12084, RHSA-2026:5218, CVE-2025-15366, CVE-2025-15367, CVE-2026-1299, RHSA-2026:0435, and CVE-2025-45582.
RHEL 9 (Satellite) 5.14.0-570.62.1.el9_6	N/A
Red Hat OpenShift 4.20.22	For more information, see the change logs.
Red Hat CoreOS 4.20.22	For more information, see the change logs.
HAProxy 6ba93946d8bd08ba581321189c719ab548cadf01	Resolves the following CVEs: CVE-2025-9714, CVE-2026-4424, CVE-2026-40356, CVE-2025-14512, CVE-2026-4878, CVE-2026-40355, CVE-2026-5121, and CVE-2025-14087.

Worker node fix pack 4.20.19_1546_openshift, released 04 May 2026

The following table shows the components included in the worker node fix pack 4.20.19_1546_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

4.20.19_1546_openshift fix pack.
Component	Description
RHEL 9 (VPC) 5.14.0-570.62.1.el9_6	Resolves the following CVEs: RHSA-2026:9415, CVE-2026-3497, RHSA-2026:11313, CVE-2026-23097, CVE-2026-31402, RHSA-2026:11329, CVE-2025-43213, CVE-2025-43214, CVE-2025-43457, CVE-2025-43511, CVE-2025-46299, CVE-2026-20608, CVE-2026-20635, CVE-2026-20636, CVE-2026-20643, CVE-2026-20644, CVE-2026-20652, CVE-2026-20664, CVE-2026-20665, CVE-2026-20676, CVE-2026-20691, CVE-2026-28857, CVE-2026-28859, CVE-2026-28871, and mitigates CVE-2026-31431.
RHEL 9 (Classic) 5.14.0-570.62.1.el9_6	Resolves the following CVEs: RHSA-2026:9415, CVE-2026-3497, RHSA-2026:11313, CVE-2026-23097, CVE-2026-31402, RHSA-2026:11329, CVE-2025-43213, CVE-2025-43214, CVE-2025-43457, CVE-2025-43511, CVE-2025-46299, CVE-2026-20608, CVE-2026-20635, CVE-2026-20636, CVE-2026-20643, CVE-2026-20644, CVE-2026-20652, CVE-2026-20664, CVE-2026-20665, CVE-2026-20676, CVE-2026-20691, CVE-2026-28857, CVE-2026-28859, CVE-2026-28871, and mitigates CVE-2026-31431.
Red Hat OpenShift 4.20.19	For more information, see the change logs.
Red Hat CoreOS 4.20.19	For more information, see the change logs. Includes mitigation for CVE-2026-31431.
HAProxy c7e825675cbd75e8433801c99f8aca3b207a5a46	Resolves the following CVEs: CVE-2026-5121, CVE-2025-9714, and CVE-2026-4424.

Master fix pack 4.20.18_1545_openshift, released 27 April 2026

The following table shows the components that are in the master fix pack 4.20.18_1545_openshift. Master patch updates are applied automatically.

4.20.18_1545_openshift fix pack.
Component	Description
Calico v3.30.7	See the Calico release notes.
Cluster health image v1.6.15	New version contains updates and security fixes.
etcd v3.5.29	See the etcd release notes.
IBM Cloud Block Storage driver and plug-in v2.5.25	New version contains updates and security fixes.
IBM Cloud Controller Manager v1.33.10-2	New version contains updates and security fixes.
IBM Cloud File Storage for Classic plug-in and monitor v454	New version contains updates and security fixes.
IBM Cloud RBAC Operator 6212368	New version contains updates and security fixes.
Key Management Service provider 2.10.23	New version contains updates and security fixes.
Load balancer and load balancer monitor for IBM Cloud Provider 3563	New version contains updates and security fixes.
Portieris admission controller v0.13.37	See the Portieris admission controller release notes
Red Hat OpenShift on IBM Cloud 4.20.18	See the Red Hat OpenShift on IBM Cloud release notes.
Tigera Operator v1.38.13	See the Tigera Operator release notes.

Worker node fix pack 4.20.18_1544_openshift, released 20 April 2026

The following table shows the components included in the worker node fix pack 4.20.18_1544_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

4.20.18_1544_openshift fix pack.
Component	Description
RHEL 9 (VPC) 5.14.0-570.62.1.el9_6	N/A
RHEL 9 (Classic) 5.14.0-570.62.1.el9_6	N/A
Red Hat OpenShift 4.20.18	For more information, see the change logs.
Red Hat CoreOS 4.20.18	For more information, see the change logs.
HAProxy c7e825675cbd75e8433801c99f8aca3b207a5a46	Resolves the following CVEs: CVE-2026-27135.

Worker node fix pack 4.20.17_1543_openshift, released 06 April 2026

The following table shows the components included in the worker node fix pack 4.20.17_1543_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

4.20.17_1543_openshift fix pack.
Component	Description
RHEL 9 (VPC) 5.14.0-570.62.1.el9_6	CIS benchmark compliance 5.4.2.4
RHEL 9 (Classic) 5.14.0-570.62.1.el9_6	CIS benchmark compliance 5.4.2.4
Red Hat OpenShift 4.20.17	For more information, see the change logs.
Red Hat CoreOS 4.20.17	For more information, see the change logs.
HAProxy 91cc06f4e0a123d06f5ee7c226df6fb83e1ca223	Resolves the following CVEs: CVE-2025-14831, and CVE-2025-9820.

Change log for Master fix pack 4.20.15_1542_openshift, released 02 April 2026

The following table shows the changes that are in the master fix pack 4.20.15_1542_openshift. Master patch updates are applied automatically.

Changes since version 4.20.13-1538-openshift
Component	Previous	Current	Description
Calico	v3.30.4	v3.30.6	See the Calico release notes.
Cluster health image	v1.6.14	v1.6.15	New version contains updates and security fixes.
etcd	v3.5.26	v3.5.27	See the etcd release notes.
IBM Cloud Block Storage driver and plug-in	v2.5.24	v2.5.25	New version contains updates and security fixes.
IBM Cloud Controller Manager	v1.33.7-7	v1.33.9-1	New version contains updates and security fixes.
IBM Cloud File Storage for Classic for Classic plug-in and monitor	452	v454	New version contains updates and security fixes.
IBM Cloud RBAC Operator	8a12251	6212368	New version contains updates and security fixes.
Key Management Service provider	v2.10.20	2.10.22	New version contains updates and security fixes.
Load balancer and load balancer monitor for IBM Cloud Provider	3347	3563	New version contains updates and security fixes.
Portieris admission controller	v0.13.33	v0.13.36	See the Portieris admission controller release notes.
Red Hat OpenShift on IBM Cloud.	4.20.12	4.20.15	See the Red Hat OpenShift on IBM Cloud release notes.
Tigera Operator	v1.38.8	v1.38.11	See the Tigera Operator release notes.

Worker node fix pack 4.20.16_1542_openshift, released 24 March 2026

The following table shows the components included in the worker node fix pack 4.20.16_1542_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

4.20.16_1542_openshift fix pack.
Component	Description
RHEL 9 (VPC) 5.14.0-570.62.1.el9_6	N/A
RHEL 9 (Classic) 5.14.0-570.62.1.el9_6	N/A
Red Hat OpenShift 4.20.16	For more information, see the change logs.
Red Hat CoreOS 4.20.16	For more information, see the change logs. CIS benchmark compliance 3.4.2.3.
HAProxy 10c8639e6b5829d0af51a22755e13756f34630cf	Resolves the following CVEs: CVE-2025-15281, and CVE-2026-0915.

Worker node fix pack 4.20.15_1540_openshift, released 11 March 2026

The following table shows the components included in the worker node fix pack 4.20.15_1540_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

4.20.15_1540_openshift fix pack.
Component	Description
RHEL 9 (VPC) 5.14.0-570.62.1.el9_6	N/A
RHEL 9 (Classic) 5.14.0-570.62.1.el9_6	N/A
Red Hat OpenShift 4.20.15	For more information, see the change logs.
Red Hat CoreOS 4.20.15	For more information, see the change logs. CIS benchmark compliance 1.1.3.2, 1.1.3.3, 3.4.2, 4.2.2.3
HAProxy 965c403695b15b3410d87a3772002edbc5ed2569	Resolves the following CVEs: CVE-2025-69419.

Worker node fix pack 4.20.14_1539_openshift, released 24 February 2026

The following table shows the components included in the worker node fix pack 4.20.14_1539_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

4.20.14_1539_openshift fix pack.
Component	Description
RHEL 9 (VPC) 5.14.0-570.62.1.el9_6	CIS benchmark compliance 1.6.3
RHEL 9 (Classic) 5.14.0-570.62.1.el9_6	CIS benchmark compliance 1.6.3
Red Hat OpenShift 4.20.14	For more information, see the change logs.
Red Hat CoreOS 4.20.14	For more information, see the change logs. CIS benchmark compliance 5.2.2, 5.2.3, 5.2.4, 5.2.18
HAProxy 2bf1aebe51a37cd9b4661656ce21e53f918166ea	Resolves the following CVEs: CVE-2025-6176.

Change log for Master fix pack 4.20.13_1538_openshift, released 18 February 2026

The following table shows the changes that are in the master fix pack 4.20.13_1538_openshift. Master patch updates are applied automatically.

Changes since version 4.20.12-1536-openshift
Component	Previous	Current	Description
Calico	v3.30.4	v3.30.6	See the Calico release notes.
IBM Cloud Controller Manager	v1.33.7-4	v1.33.7-8	New version contains updates and security fixes.
IBM Cloud File Storage for Classic for Classic plug-in and monitor	452	v453	New version contains updates and security fixes.
Key Management Service provider	v2.10.20	2.10.21	New version contains updates and security fixes.
Portieris admission controller	v0.13.33	v0.13.35	See the Portieris admission controller release notes.
Red Hat OpenShift on IBM Cloud.	4.20.12	4.20.13	See the Red Hat OpenShift on IBM Cloud release notes.
Tigera Operator	v1.38.8	v1.38.11	See the Tigera Operator release notes.

Worker node fix pack 4.20.13_1537_openshift, released 09 February 2026

The following table shows the components included in the worker node fix pack 4.20.13_1537_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.

4.20.13_1537_openshift fix pack.
Component	Description
RHEL 9 (VPC) 5.14.0-570.62.1.el9_6	CIS benchmark compliance 1.6.6, 3.1.3, 4.1.2, 4.3.4, 5.3.2.1, 5.3.3.2.4, 5.3.3.2.7, 5.3.3.3.1, 5.3.3.4.2, 5.4.1.5, 5.4.2.5Resolves the following CVEs: RHSA-2025:19930, CVE-2024-36350, CVE-2024-36357, and CVE-2025-40300.
RHEL 9 (Classic) 5.14.0-570.62.1.el9_6	CIS benchmark compliance 1.6.6, 3.1.3, 4.1.2, 4.3.4, 5.3.2.1, 5.3.3.2.4, 5.3.3.2.7, 5.3.3.3.1, 5.3.3.4.2, 5.4.1.5, 5.4.2.5Resolves the following CVEs: RHSA-2025:19930, CVE-2024-36350, CVE-2024-36357, and CVE-2025-40300.
Red Hat OpenShift 4.20.13	For more information, see the change logs.
Red Hat CoreOS 4.20.13	For more information, see the change logs.
HAProxy ace947f4ecf45f28effe8d125ffda48f9890223b	Resolves the following CVEs: CVE-2025-14104.

Master and worker fixpacks 4.20.12_1536_openshift and 4.20.10_1535_openshift, released 04 February 2026

Changes since master version 4.19.21-1566-openshift and worker version 4.19.21_1565_openshift.
Component	Previous	Current	Description
Calico	v3.29.7	v3.30.4	See the Calico release notes.
Cluster health image	v1.6.13	v1.6.14	New version contains updates and security fixes.
IBM Cloud Block Storage driver and plug-in	v2.5.22	v2.5.24	New version contains updates and security fixes.
IBM Cloud Controller Manager	v1.32.11-2	v1.33.7-7	New version contains updates and security fixes.
Red Hat OpenShift (master)	4.19.21	4.20.12	See the Red Hat OpenShift on IBM Cloud release notes.
Red Hat OpenShift (worker node)	4.19.21	4.20.10	See the Red Hat OpenShift on IBM Cloud release notes.
Tigera Operator	v1.36.16	v1.38.8	See the Tigera Operator release notes.