4.20 version change log
View information of version changes for major, minor, and patch updates that are available for your Red Hat® OpenShift® on IBM Cloud® clusters that run this version. Changes include updates to Red Hat OpenShift, Kubernetes, and IBM Cloud Provider components.
Overview
Unless otherwise noted in the change logs, the IBM Cloud provider version enables Red Hat OpenShift APIs and features that are at beta. Red Hat OpenShift alpha features are disabled and subject to change.
Check the Security Bulletins on IBM Cloud Status for security vulnerabilities that affect Red Hat OpenShift on IBM Cloud. You can filter the results to view only Kubernetes Service security bulletins that are relevant to Red Hat OpenShift on IBM Cloud. Change log entries that address other security vulnerabilities but don't include an IBM security bulletin are for vulnerabilities that are not known to affect Red Hat OpenShift on IBM Cloud in normal usage. If you run privileged containers, run commands on the workers, or execute untrusted code, then you might be at risk.
Master patch updates are applied automatically. Worker node patch updates can be applied by reloading or updating the worker nodes. For more information about major, minor, and patch versions and preparation actions between minor versions, see Red Hat OpenShift versions.
Version 4.20
Worker node fix pack 4.20.13_1537_openshift, released 09 February 2026
The following table shows the components included in the worker node fix pack 4.20.13_1537_openshift. Worker node patch updates can be applied by updating, reloading (in classic infrastructure), or replacing (in VPC infrastructure) the worker node.
| Component | Version | Description |
|---|---|---|
| RHEL 9 (VPC) | 5.14.0-570.62.1.el9_6 | CIS benchmark compliance 1.6.6, 3.1.3, 4.1.2, 4.3.4, 5.3.2.1, 5.3.3.2.4, 5.3.3.2.7, 5.3.3.3.1, 5.3.3.4.2, 5.4.1.5, 5.4.2.5Resolves the following CVEs: RHSA-2025:19930, CVE-2024-36350, CVE-2024-36357, and CVE-2025-40300. |
| RHEL 9 (Classic) | 5.14.0-570.62.1.el9_6 | CIS benchmark compliance 1.6.6, 3.1.3, 4.1.2, 4.3.4, 5.3.2.1, 5.3.3.2.4, 5.3.3.2.7, 5.3.3.3.1, 5.3.3.4.2, 5.4.1.5, 5.4.2.5Resolves the following CVEs: RHSA-2025:19930, CVE-2024-36350, CVE-2024-36357, and CVE-2025-40300. |
| Red Hat OpenShift | 4.20.13 | For more information, see the change logs. |
| Red Hat CoreOS | 4.20.13 | For more information, see the change logs. |
| HAProxy | ace947f4ecf45f28effe8d125ffda48f9890223b | Resolves the following CVEs: CVE-2025-14104. |
Master and worker fixpacks 4.20.12_1536_openshift and 4.20.10_1535_openshift, released 04 January 2026
| Component | Previous | Current | Description |
|---|---|---|---|
| Calico | v3.29.7 | v3.30.4 | See the Calico release notes. |
| Cluster health image | v1.6.13 | v1.6.14 | New version contains updates and security fixes. |
| IBM Cloud Block Storage driver and plug-in | v2.5.22 | v2.5.24 | New version contains updates and security fixes. |
| IBM Cloud Controller Manager | v1.32.11-2 | v1.33.7-7 | New version contains updates and security fixes. |
| Red Hat OpenShift (master) | 4.19.21 | 4.20.12 | See the Red Hat OpenShift on IBM Cloud release notes. |
| Red Hat OpenShift (worker node) | 4.19.21 | 4.20.10 | See the Red Hat OpenShift on IBM Cloud release notes. |
| Tigera Operator | v1.36.16 | v1.38.8 | See the Tigera Operator release notes. |