# 4.20.0-ec.7
Created: 2026-01-27 01:21:02 +0000 UTC
Image Digest: `sha256:835a2d91135b51bd46c81c3a4f3a91997abc85ec19dd5ee1a448ebf76fef08c1`
Promoted from quay.io/openshift-release-dev/ocp-release-nightly@sha256:225a7a9f577005321394c0a20133f883229938ab69f8ac910a071ade6ab51d88
## Changes from 4.22.0-ec.1
### Components
* Kubectl upgraded from 1.34.1 to 1.33.3
* Kubernetes upgraded from 1.34.2 to 1.33.6
* Kubernetes Tests upgraded from 1.34.1 to 1.33.4
* Red Hat Enterprise Linux CoreOS upgraded from 9.6.20260112-0 to 9.6.20260117-0
### FeatureGate Changes
| FeatureGate | Default
Hypershift | Default
SelfManagedHA | DevPreviewNoUpgrade
Hypershift | DevPreviewNoUpgrade
SelfManagedHA | OKD
Hypershift | OKD
SelfManagedHA | TechPreviewNoUpgrade
Hypershift | TechPreviewNoUpgrade
SelfManagedHA |
| :------ | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: |
| AWSDualStackInstall
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| AzureDualStackInstall
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| CBORServingAndStorage
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| CRDCompatibilityRequirementOperator
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| ClientsAllowCBOR
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| ClientsPreferCBOR
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| ClusterAPIMachineManagement
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| ClusterAPIMachineManagementVSphere
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| ClusterUpdateAcceptRisks
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| EventTTL
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| ExternalOIDCWithUpstreamParity
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| GCPDualStackInstall
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| HyperShiftOnlyDynamicResourceAllocation
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| ManagedBootImagesCPMS
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| MutableCSINodeAllocatableCount
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| NetworkConnect
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| NewOLMBoxCutterRuntime
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| NoRegistryClusterInstall
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| OSStreams
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| OnPremDNSRecords
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| ProvisioningRequestAvailable
(0 tests)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed)| Not Available
(Changed)| Not Available
(Changed)| Unconditionally Enabled
(Changed)| Unconditionally Enabled
(Changed) |
| GCPClusterHostedDNSInstall
(0 tests)| Disabled
(Changed)| Disabled
(Changed)| Enabled| Enabled| Not Available
(Changed)| Not Available
(Changed)| Enabled| Enabled |
| ImageStreamImportMode
(4 tests)| Disabled
(Changed)| Disabled
(Changed)| Enabled| Enabled| Not Available
(Changed)| Not Available
(Changed)| Enabled| Enabled |
| ManagedBootImagesAzure
(0 tests)| Disabled
(Changed)| Disabled
(Changed)| Enabled| Enabled| Not Available
(Changed)| Not Available
(Changed)| Enabled| Enabled |
| ManagedBootImagesvSphere
(6 tests)| Disabled
(Changed)| Disabled
(Changed)| Enabled| Enabled| Not Available
(Changed)| Not Available
(Changed)| Enabled| Enabled |
| OpenShiftPodSecurityAdmission
(0 tests)| Disabled
(Changed)| Disabled
(Changed)| Enabled| Enabled| Not Available
(Changed)| Not Available
(Changed)| Enabled| Enabled |
| SigstoreImageVerificationPKI
(0 tests)| Disabled
(Changed)| Disabled
(Changed)| Enabled| Enabled| Not Available
(Changed)| Not Available
(Changed)| Enabled| Enabled |
| VolumeAttributesClass
(50 tests)| Disabled
(Changed)| Disabled
(Changed)| Enabled| Enabled| Not Available
(Changed)| Not Available
(Changed)| Enabled| Enabled |
| NewOLMOwnSingleNamespace
(0 tests)| Disabled| Disabled
(Changed)| Disabled| Enabled| Not Available
(Changed)| Not Available
(Changed)| Disabled| Enabled |
| NewOLMWebhookProviderOpenshiftServiceCA
(0 tests)| Disabled| Disabled
(Changed)| Disabled| Enabled| Not Available
(Changed)| Not Available
(Changed)| Disabled| Enabled |
| IngressControllerLBSubnetsAWS
(0 tests)| Enabled
(New)| Enabled
(New)| Enabled
(New)| Enabled
(New)| Not Available
(Changed)| Not Available
(Changed)| Enabled
(New)| Enabled
(New) |
| SetEIPForNLBIngressController
(0 tests)| Enabled
(New)| Enabled
(New)| Enabled
(New)| Enabled
(New)| Not Available
(Changed)| Not Available
(Changed)| Enabled
(New)| Enabled
(New) |
| BootImageSkewEnforcement
(0 tests)| Disabled| Disabled| Enabled| Enabled| Not Available
(Changed)| Not Available
(Changed)| Disabled
(Changed)| Disabled
(Changed) |
| IngressControllerDynamicConfigurationManager
(0 tests)| Disabled| Disabled| Enabled| Enabled| Not Available
(Changed)| Not Available
(Changed)| Enabled
(Changed)| Enabled
(Changed) |
| VSphereMixedNodeEnv
(0 tests)| Disabled| Disabled| Enabled| Enabled| Not Available
(Changed)| Not Available
(Changed)| Disabled
(Changed)| Disabled
(Changed) |
| DynamicResourceAllocation
(47 tests)| | | Enabled
(New)| Enabled
(New)| Not Available
(Changed)| Not Available
(Changed)| Enabled
(New)| Enabled
(New) |
| InsightsConfigAPI
(0 tests)| | | Enabled
(New)| Enabled
(New)| Not Available
(Changed)| Not Available
(Changed)| Enabled
(New)| Enabled
(New) |
| NoRegistryClusterOperations
(0 tests)| | | | Enabled
(New)| Not Available
(Changed)| Not Available
(Changed)| | Enabled
(New) |
| NodeSwap
(0 tests)| | | Enabled
(New)| Enabled
(New)| Not Available
(Changed)| Not Available
(Changed)| Enabled
(New)| Enabled
(New) |
| TranslateStreamCloseWebsocketRequests
(0 tests)| | | Enabled
(New)| Enabled
(New)| Not Available
(Changed)| Not Available
(Changed)| Enabled
(New)| Enabled
(New) |
### New images
* [ovirt-csi-driver](https://github.com/openshift/ovirt-csi-driver) git [1db726a9](https://github.com/openshift/ovirt-csi-driver/commit/1db726a940d5ec150fd185a215f1368990653082) `sha256:d39a7af2f4982f56e30953364de53436596f987a0e14ea0750d49665bbdcc0b0`
* [ovirt-csi-driver-operator](https://github.com/openshift/ovirt-csi-driver-operator) git [7e1f4a30](https://github.com/openshift/ovirt-csi-driver-operator/commit/7e1f4a300fc4b212f4e79cd9bcc9deb6d137b9b7) `sha256:be5dfd05672227ab114388fb873e49199e4bdcceda5048f4efd2e02a2f998742`
### Removed images
* rhel-coreos-10
* rhel-coreos-10-extensions
### Rebuilt images without code change
* [egress-router-cni](https://github.com/openshift/egress-router-cni) git [5e0f8d1b](https://github.com/openshift/egress-router-cni/commit/5e0f8d1b545899fda27c5e1cc8707d33cba1b534) `sha256:fd64a613bfe06268ada69e37b9e7e55faeee5e6b106c942cb94d35d817271811`
### [agent-installer-api-server](https://github.com/openshift/assisted-service/tree/43bfecff9fdba24bfa8ce1ffdcb3a7d72b6e6286)
* [OCPBUGS-57606](https://issues.redhat.com/browse/OCPBUGS-57606): Updating ose-agent-installer-api-server-container image to be consist… [#8399](https://github.com/openshift/assisted-service/pull/8399)
* [OCPBUGS-63486](https://issues.redhat.com/browse/OCPBUGS-63486): Align kube descheduler activation CR with OVE needs [#8136](https://github.com/openshift/assisted-service/pull/8136)
* And 1 elided commits (e.g. from squash or rebase merges)
* [Full changelog](https://github.com/openshift/assisted-service/compare/d25f1258faf1bb9dd18322dd8390c691767a82b5...43bfecff9fdba24bfa8ce1ffdcb3a7d72b6e6286)
### [agent-installer-node-agent](https://github.com/openshift/assisted-installer-agent/tree/637327ec40cd1f85ac5d7d4f114a2fae89baa8b0)
* [OCPBUGS-57718](https://issues.redhat.com/browse/OCPBUGS-57718): Update golang images to 1.24 for OpenShift 4.20 [#1194](https://github.com/openshift/assisted-installer-agent/pull/1194)
* [Full changelog](https://github.com/openshift/assisted-installer-agent/compare/7a50b685069e274ddc14fb301136c3f59910dc2d...637327ec40cd1f85ac5d7d4f114a2fae89baa8b0)
### [agent-installer-ui](https://github.com/openshift-assisted/assisted-installer-ui/tree/c0370c199bd9d314d14cdf668f4dddff6d475514)
* remove external platforms field from below sea level UI (#3318) [#3318](https://github.com/openshift-assisted/assisted-installer-ui/pull/3318)
* Adding TechPreview Budge for Assisted installer and agent (#3296) [#3296](https://github.com/openshift-assisted/assisted-installer-ui/pull/3296)
* [OCPBUGS-62680](https://issues.redhat.com/browse/OCPBUGS-62680): Include assisted disconnected UI image in release payload (#3188) (#3189) [#3188](https://github.com/openshift-assisted/assisted-installer-ui/pull/3188)
* [OCPBUGS-61953](https://issues.redhat.com/browse/OCPBUGS-61953): Update dependency sourcing to remote (#3178) [#3178](https://github.com/openshift-assisted/assisted-installer-ui/pull/3178)
* [Full changelog](https://github.com/openshift-assisted/assisted-installer-ui/compare/d47ab5f7c27c9d0890041bf925b1e617aa8de9d0...c0370c199bd9d314d14cdf668f4dddff6d475514)
### [agent-installer-utils](https://github.com/openshift/agent-installer-utils/tree/523e7d76637bd70cec447e7ce4655bf2bfee9272)
* [OCPBUGS-69834](https://issues.redhat.com/browse/OCPBUGS-69834): Update quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2 Docker digest to 20eb21c [#208](https://github.com/openshift/agent-installer-utils/pull/208)
* [OCPBUGS-69830](https://issues.redhat.com/browse/OCPBUGS-69830): Update Konflux references [#207](https://github.com/openshift/agent-installer-utils/pull/207)
* [OCPBUGS-67306](https://issues.redhat.com/browse/OCPBUGS-67306): Update Konflux release version to 4.20.8 [#212](https://github.com/openshift/agent-installer-utils/pull/212)
* [OCPBUGS-66431](https://issues.redhat.com/browse/OCPBUGS-66431): Add Konflux PipelineRun params required by release pipeline [#206](https://github.com/openshift/agent-installer-utils/pull/206)
* [OCPBUGS-66425](https://issues.redhat.com/browse/OCPBUGS-66425): Update quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2 Docker digest to 13cf619 [#186](https://github.com/openshift/agent-installer-utils/pull/186)
* [OCPBUGS-66422](https://issues.redhat.com/browse/OCPBUGS-66422): Update Konflux references [#185](https://github.com/openshift/agent-installer-utils/pull/185)
* [OCPBUGS-66406](https://issues.redhat.com/browse/OCPBUGS-66406): Update Konflux release version to 4.20.6 [#204](https://github.com/openshift/agent-installer-utils/pull/204)
* [OCPBUGS-65715](https://issues.redhat.com/browse/OCPBUGS-65715): Update 4.20 version to 4.20.4 [#196](https://github.com/openshift/agent-installer-utils/pull/196)
* [OCPBUGS-64694](https://issues.redhat.com/browse/OCPBUGS-64694): Update 4.20 version to 4.20.2 [#193](https://github.com/openshift/agent-installer-utils/pull/193)
* [OCPBUGS-63585](https://issues.redhat.com/browse/OCPBUGS-63585): AGENT-1203: Simplify isobuilder [#189](https://github.com/openshift/agent-installer-utils/pull/189)
* [OCPBUGS-63590](https://issues.redhat.com/browse/OCPBUGS-63590): Update 4.20 version to 4.20.1 [#190](https://github.com/openshift/agent-installer-utils/pull/190)
* [OCPBUGS-63372](https://issues.redhat.com/browse/OCPBUGS-63372): Backport Konflux changes [#183](https://github.com/openshift/agent-installer-utils/pull/183)
* [OCPBUGS-62749](https://issues.redhat.com/browse/OCPBUGS-62749): Red Hat Konflux kflux-prd-rh02 update ove-ui-iso-4-20 [#172](https://github.com/openshift/agent-installer-utils/pull/172)
* [Full changelog](https://github.com/openshift/agent-installer-utils/compare/4231408ba540c2b5ec05372a041ffc8767348d17...523e7d76637bd70cec447e7ce4655bf2bfee9272)
### [aws-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-aws/tree/300439ea0736444a160c061578b3bd8956d4f7e6)
* [OCPBUGS-61040](https://issues.redhat.com/browse/OCPBUGS-61040): Merge https://github.com/kubernetes-sigs/cluster-api-provider-aws:v2.9.2 (d3a7da1) into release-4.20 [#578](https://github.com/openshift/cluster-api-provider-aws/pull/578)
* [Full changelog](https://github.com/openshift/cluster-api-provider-aws/compare/1b4220abf0f24aac32787ebbe80024288a49dd17...300439ea0736444a160c061578b3bd8956d4f7e6)
### [aws-ebs-csi-driver-operator, azure-disk-csi-driver-operator, azure-file-csi-driver-operator, csi-driver-manila-operator, openstack-cinder-csi-driver-operator](https://github.com/openshift/csi-operator/tree/158b88f6d146e74cca1fc9b79379463fde546552)
* [OCPBUGS-72563](https://issues.redhat.com/browse/OCPBUGS-72563): deploy prometheus role and binding on hypershift guest [#491](https://github.com/openshift/csi-operator/pull/491)
* [OCPBUGS-65895](https://issues.redhat.com/browse/OCPBUGS-65895): allow all-egress for efs operator [#473](https://github.com/openshift/csi-operator/pull/473)
* [OCPBUGS-65686](https://issues.redhat.com/browse/OCPBUGS-65686): Bump gophercloud [#470](https://github.com/openshift/csi-operator/pull/470)
* [OCPBUGS-63560](https://issues.redhat.com/browse/OCPBUGS-63560): Add RBAC ClusterRole and Binding for driver node [#456](https://github.com/openshift/csi-operator/pull/456)
* [OCPBUGS-62688](https://issues.redhat.com/browse/OCPBUGS-62688): Add withCABundleDaemonSetHook() to AWS EFS operator [#441](https://github.com/openshift/csi-operator/pull/441)
* [Full changelog](https://github.com/openshift/csi-operator/compare/21e84b7f096bbb78fe99a4d5fe8e25c6b94f96f1...158b88f6d146e74cca1fc9b79379463fde546552)
### [aws-machine-controllers](https://github.com/openshift/machine-api-provider-aws/tree/999f4f76124e66c7b42af678cb19aff4b29f72d4)
* [OCPBUGS-72570](https://issues.redhat.com/browse/OCPBUGS-72570): Fix reconciler consistency checks in Update and Exists [#164](https://github.com/openshift/machine-api-provider-aws/pull/164)
* [OCPBUGS-63136](https://issues.redhat.com/browse/OCPBUGS-63136): client: re-use a single file for building the session instead of randomly named files [#148](https://github.com/openshift/machine-api-provider-aws/pull/148)
* [Full changelog](https://github.com/openshift/machine-api-provider-aws/compare/94a66d103f05d89bde06824a7bcd91cedc91cff9...999f4f76124e66c7b42af678cb19aff4b29f72d4)
### [aws-pod-identity-webhook](https://github.com/openshift/aws-pod-identity-webhook/tree/8e83772ab8d31b32225744d4f0b0023680692daf)
* [OCPBUGS-74169](https://issues.redhat.com/browse/OCPBUGS-74169): Fix GOTOOLCHAIN env var [#212](https://github.com/openshift/aws-pod-identity-webhook/pull/212)
* [Full changelog](https://github.com/openshift/aws-pod-identity-webhook/compare/dd93f4f1f52532b77a35b1cc63ee5b7eebd7fe3c...8e83772ab8d31b32225744d4f0b0023680692daf)
### [azure-machine-controllers](https://github.com/openshift/machine-api-provider-azure/tree/68db91507ea47f767ee0dc838c08cc371d2ff69f)
* [OCPBUGS-65708](https://issues.redhat.com/browse/OCPBUGS-65708): Set updateDomainCount to one when faultDomainCount is one [#173](https://github.com/openshift/machine-api-provider-azure/pull/173)
* [OCPBUGS-63535](https://issues.redhat.com/browse/OCPBUGS-63535): Support DataDisks on Azure Stack Hub [#165](https://github.com/openshift/machine-api-provider-azure/pull/165)
* [Full changelog](https://github.com/openshift/machine-api-provider-azure/compare/49242a3dbb53572d68f72aea4e3e90515060c586...68db91507ea47f767ee0dc838c08cc371d2ff69f)
### [baremetal-installer, installer, installer-artifacts](https://github.com/openshift/installer/tree/d3d9aafdbe8e96c4b7e786a47475a13aeb75ba5d)
* [OCPBUGS-73681](https://issues.redhat.com/browse/OCPBUGS-73681): pkg/asset/manifests/azure: save cidr blocks [#10208](https://github.com/openshift/installer/pull/10208)
* [OCPBUGS-73785](https://issues.redhat.com/browse/OCPBUGS-73785): ensure deterministic zone ordering for control plane machines [#10219](https://github.com/openshift/installer/pull/10219)
* [OCPBUGS-71212](https://issues.redhat.com/browse/OCPBUGS-71212): Increase agent-installer pre-network-manager timeout [#10199](https://github.com/openshift/installer/pull/10199)
* [OCPBUGS-65767](https://issues.redhat.com/browse/OCPBUGS-65767): Add StandardFXmdsv2Family to azure tested instance type list [#10104](https://github.com/openshift/installer/pull/10104)
* [OCPBUGS-66231](https://issues.redhat.com/browse/OCPBUGS-66231): Use separate tmpfs for ostree checkout on live ISO [#10140](https://github.com/openshift/installer/pull/10140)
* [OCPBUGS-65763](https://issues.redhat.com/browse/OCPBUGS-65763): continue to update 02_storage.json using new property storageAccountId [#10103](https://github.com/openshift/installer/pull/10103)
* [OCPBUGS-66257](https://issues.redhat.com/browse/OCPBUGS-66257): CORS-4249: bump ARO marketplace images [#10142](https://github.com/openshift/installer/pull/10142)
* [OCPBUGS-66207](https://issues.redhat.com/browse/OCPBUGS-66207), [OCPBUGS-66208](https://issues.redhat.com/browse/OCPBUGS-66208): Fix console info for interactive agent installer [#10136](https://github.com/openshift/installer/pull/10136)
* Revert "OCPBUGS-65586: Update the RHCOS 4.20 bootimage metadata to 9.6.202511…" [#10093](https://github.com/openshift/installer/pull/10093)
* [OCPBUGS-65586](https://issues.redhat.com/browse/OCPBUGS-65586): Update the RHCOS 4.20 bootimage metadata to 9.6.202511… [#10084](https://github.com/openshift/installer/pull/10084)
* [OCPBUGS-64924](https://issues.redhat.com/browse/OCPBUGS-64924): Azure UPI ARM template: use storageAccountId [#10069](https://github.com/openshift/installer/pull/10069)
* [OCPBUGS-64595](https://issues.redhat.com/browse/OCPBUGS-64595): Remove pending items on gcp no-op [#10056](https://github.com/openshift/installer/pull/10056)
* [OCPBUGS-63633](https://issues.redhat.com/browse/OCPBUGS-63633): Update the RHCOS 4.20 bootimage metadata to 9.6.20251023-0 [#10037](https://github.com/openshift/installer/pull/10037)
* [OCPBUGS-63461](https://issues.redhat.com/browse/OCPBUGS-63461): Prevent duplicate noProxy when adding nodes [#10028](https://github.com/openshift/installer/pull/10028)
* [OCPBUGS-62920](https://issues.redhat.com/browse/OCPBUGS-62920): AGENT-1269: Use agent-installer-ui image from release [#10009](https://github.com/openshift/installer/pull/10009)
* [OCPBUGS-62343](https://issues.redhat.com/browse/OCPBUGS-62343): [release-4.20] vSphere 7 deprecation [#9973](https://github.com/openshift/installer/pull/9973)
* [OCPBUGS-62124](https://issues.redhat.com/browse/OCPBUGS-62124): Update the RHCOS 4.20 bootimage metadata [#9997](https://github.com/openshift/installer/pull/9997)
* [OCPBUGS-62948](https://issues.redhat.com/browse/OCPBUGS-62948): Add an option in image-based installation to specify architecture [#9943](https://github.com/openshift/installer/pull/9943)
* [OCPBUGS-62935](https://issues.redhat.com/browse/OCPBUGS-62935): Add MTU validation for networkConfig [#10010](https://github.com/openshift/installer/pull/10010)
* [OCPBUGS-62846](https://issues.redhat.com/browse/OCPBUGS-62846): None: Allow IPv6 Primary DualStack installs on platforms None and External [#10005](https://github.com/openshift/installer/pull/10005)
* [OCPBUGS-62656](https://issues.redhat.com/browse/OCPBUGS-62656): Set agent-extract-tui start timeout [#9990](https://github.com/openshift/installer/pull/9990)
* [OCPBUGS-62640](https://issues.redhat.com/browse/OCPBUGS-62640): Wildcards not reliable for copying container files [#9986](https://github.com/openshift/installer/pull/9986)
* [OCPBUGS-62297](https://issues.redhat.com/browse/OCPBUGS-62297): Set default for PrivateDNSZone Project ID [#9968](https://github.com/openshift/installer/pull/9968)
* [OCPBUGS-61528](https://issues.redhat.com/browse/OCPBUGS-61528): Allow user to BYO private zone without specifying name [#9936](https://github.com/openshift/installer/pull/9936)
* [OCPBUGS-61552](https://issues.redhat.com/browse/OCPBUGS-61552): Shellcheck fix 4.20 [#9938](https://github.com/openshift/installer/pull/9938)
* [Full changelog](https://github.com/openshift/installer/compare/58441e769e4bac491207c51e1c90196322e329ec...d3d9aafdbe8e96c4b7e786a47475a13aeb75ba5d)
### [baremetal-operator](https://github.com/openshift/baremetal-operator/tree/b2eb20816f8ea7c8a4c1b04c3a334163465777a8)
* [OCPBUGS-63538](https://issues.redhat.com/browse/OCPBUGS-63538): Create a PreprovisioningImage for servicing if needed [#435](https://github.com/openshift/baremetal-operator/pull/435)
* [OCPBUGS-69667](https://issues.redhat.com/browse/OCPBUGS-69667): Change architecture default to match controller [#440](https://github.com/openshift/baremetal-operator/pull/440)
* [Full changelog](https://github.com/openshift/baremetal-operator/compare/118ad31f2da2decade5fc2a744349653b7f8a7be...b2eb20816f8ea7c8a4c1b04c3a334163465777a8)
### [cli, cli-artifacts, deployer, tools](https://github.com/openshift/oc/tree/dc61926008ad5333863dd1ae2902b95aed6dceaa)
* [OCPBUGS-66241](https://issues.redhat.com/browse/OCPBUGS-66241): Fall back to simpler behavior, if setsid,ps,pkill are not installed [#2158](https://github.com/openshift/oc/pull/2158)
* [OCPBUGS-65481](https://issues.redhat.com/browse/OCPBUGS-65481): pkg/cli/admin/upgrade: Tighten force warnings [#2140](https://github.com/openshift/oc/pull/2140)
* [OCPBUGS-65523](https://issues.redhat.com/browse/OCPBUGS-65523): fix(must-gather): do not set node affinity if nodename is set [#2142](https://github.com/openshift/oc/pull/2142)
* [OCPBUGS-64791](https://issues.redhat.com/browse/OCPBUGS-64791): Rely on overall available disk space of the mounted volume [#2133](https://github.com/openshift/oc/pull/2133)
* [OCPBUGS-64773](https://issues.redhat.com/browse/OCPBUGS-64773): oc adm must-gather: Wrap gather in a session [#2132](https://github.com/openshift/oc/pull/2132)
* [OCPBUGS-61757](https://issues.redhat.com/browse/OCPBUGS-61757): pkg/cli/admin/upgrade/recommend: Enable precheck and accept gates [#2097](https://github.com/openshift/oc/pull/2097)
* [Full changelog](https://github.com/openshift/oc/compare/f532dcb9b9bb6b45e7219c6ab74259630920d5d4...dc61926008ad5333863dd1ae2902b95aed6dceaa)
### [cloud-credential-operator](https://github.com/openshift/cloud-credential-operator/tree/0e03b7a0fa39e7da3a4b5a180915adc44c408d08)
* [OCPBUGS-65798](https://issues.redhat.com/browse/OCPBUGS-65798): ccoctl azure: retry custom role creation on consistency errors [#948](https://github.com/openshift/cloud-credential-operator/pull/948)
* [OCPBUGS-63690](https://issues.redhat.com/browse/OCPBUGS-63690): ccoctl: use pagination when listing resources in aws [#941](https://github.com/openshift/cloud-credential-operator/pull/941)
* [OCPBUGS-63546](https://issues.redhat.com/browse/OCPBUGS-63546): ccoctl: add public-key-file flag to create-all [#936](https://github.com/openshift/cloud-credential-operator/pull/936)
* [OCPBUGS-61586](https://issues.redhat.com/browse/OCPBUGS-61586): set cloud-credential-operator as default-container [#916](https://github.com/openshift/cloud-credential-operator/pull/916)
* [OCPBUGS-61225](https://issues.redhat.com/browse/OCPBUGS-61225): ccoctl: aws to use proper issuer url on subsequent runs [#912](https://github.com/openshift/cloud-credential-operator/pull/912)
* [Full changelog](https://github.com/openshift/cloud-credential-operator/compare/ec9d4a0a81d2300560ae8007e0f7e3911c96f79a...0e03b7a0fa39e7da3a4b5a180915adc44c408d08)
### [cloud-network-config-controller](https://github.com/openshift/cloud-network-config-controller/tree/d22915bc82993ce11cb3fb97e6ae00602f30549b)
* [OCPBUGS-64742](https://issues.redhat.com/browse/OCPBUGS-64742): Fix capacity calculation [#188](https://github.com/openshift/cloud-network-config-controller/pull/188)
* [OCPBUGS-63542](https://issues.redhat.com/browse/OCPBUGS-63542): Change the capacity struct from int to ptrOfInt [#185](https://github.com/openshift/cloud-network-config-controller/pull/185)
* [Full changelog](https://github.com/openshift/cloud-network-config-controller/compare/167375d9eccc804376e8346ab5763ccc8a7abc77...d22915bc82993ce11cb3fb97e6ae00602f30549b)
### [cluster-authentication-operator](https://github.com/openshift/cluster-authentication-operator/tree/fb1a9ab21d72903f79a45f916c6443c0709b9b0c)
* [OCPBUGS-66315](https://issues.redhat.com/browse/OCPBUGS-66315): externaloidc: return errors when node statuses cannot be used to determine oidc state [#814](https://github.com/openshift/cluster-authentication-operator/pull/814)
* [OCPBUGS-61896](https://issues.redhat.com/browse/OCPBUGS-61896): set appropriate rolling update settings [#792](https://github.com/openshift/cluster-authentication-operator/pull/792)
* [OCPBUGS-63319](https://issues.redhat.com/browse/OCPBUGS-63319): (bugfix): configure status controller to remove unset versions [#802](https://github.com/openshift/cluster-authentication-operator/pull/802)
* [OCPBUGS-64668](https://issues.redhat.com/browse/OCPBUGS-64668): Update OIDC e2e test to expect admission-time validation error of invalid CEL expression [#804](https://github.com/openshift/cluster-authentication-operator/pull/804)
* [Full changelog](https://github.com/openshift/cluster-authentication-operator/compare/dc89ba7f892ebdebe3b4e1a77b701ec1a5e56e72...fb1a9ab21d72903f79a45f916c6443c0709b9b0c)
### [cluster-autoscaler](https://github.com/openshift/kubernetes-autoscaler/tree/aaf5a61941b70a3b5792c0541e97356565c9977f)
* [OCPBUGS-63675](https://issues.redhat.com/browse/OCPBUGS-63675): update node info processors to include unschedulable nodes [#391](https://github.com/openshift/kubernetes-autoscaler/pull/391)
* [OCPBUGS-63495](https://issues.redhat.com/browse/OCPBUGS-63495): refactor cloud provider options [#387](https://github.com/openshift/kubernetes-autoscaler/pull/387)
* [Full changelog](https://github.com/openshift/kubernetes-autoscaler/compare/ca299b2e390bd155550caf154dcf16ac9b130ee9...aaf5a61941b70a3b5792c0541e97356565c9977f)
### [cluster-baremetal-operator](https://github.com/openshift/cluster-baremetal-operator/tree/dd59e1f8ff03f03fc7a79946ef005fe79ca44379)
* [OCPBUGS-71203](https://issues.redhat.com/browse/OCPBUGS-71203): Mount /etc/pki/ca-trust to machine-os-images & Enable runtime extraction of aarch64 images [#543](https://github.com/openshift/cluster-baremetal-operator/pull/543)
* [OCPBUGS-62316](https://issues.redhat.com/browse/OCPBUGS-62316): Always have a service for ironic-api port [#511](https://github.com/openshift/cluster-baremetal-operator/pull/511)
* [Full changelog](https://github.com/openshift/cluster-baremetal-operator/compare/e4784ab659e24cf636dae8f0c159403b2f36325f...dd59e1f8ff03f03fc7a79946ef005fe79ca44379)
### [cluster-capi-operator](https://github.com/openshift/cluster-capi-operator/tree/acf331446369b5307b6b435af14daabdca9fafbc)
* [OCPBUGS-62755](https://issues.redhat.com/browse/OCPBUGS-62755): kubeconfig controller: do not error on token secret not yet populated [#377](https://github.com/openshift/cluster-capi-operator/pull/377)
* [OCPBUGS-61770](https://issues.redhat.com/browse/OCPBUGS-61770): Fix conversion of Machines without MachineSet [#362](https://github.com/openshift/cluster-capi-operator/pull/362)
* [Full changelog](https://github.com/openshift/cluster-capi-operator/compare/b76286b603a05f1b6d28269ad609c4a8d53350ab...acf331446369b5307b6b435af14daabdca9fafbc)
### [cluster-cloud-controller-manager-operator](https://github.com/openshift/cluster-cloud-controller-manager-operator/tree/276696ccf679830b25df341edb7aae9bb3f4e763)
* [OCPBUGS-63164](https://issues.redhat.com/browse/OCPBUGS-63164): ccm: disable unused secure-serving port and webhook [#419](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/419)
* [Full changelog](https://github.com/openshift/cluster-cloud-controller-manager-operator/compare/422f2dcc973f1f506b2eb4f516f34a356b4ae0fe...276696ccf679830b25df341edb7aae9bb3f4e763)
### [cluster-config-api](https://github.com/openshift/api/tree/50517c6f4bfdbf9fc2cb291fd97cce150a3237ca)
* [CORENET-6431](https://issues.redhat.com/browse/CORENET-6431): network, virt: Graduate PreconfiguredUDNAddresses feature gate [#2546](https://github.com/openshift/api/pull/2546)
* [OCPBUGS-66204](https://issues.redhat.com/browse/OCPBUGS-66204): Introduce ClosedClientConnectionPolicy to IngressController API [#2609](https://github.com/openshift/api/pull/2609)
* [OCPBUGS-66135](https://issues.redhat.com/browse/OCPBUGS-66135): Add HTTPKeepAliveTimeout to IngressController API [#2607](https://github.com/openshift/api/pull/2607)
* [OCPBUGS-64843](https://issues.redhat.com/browse/OCPBUGS-64843): payload-command: remove authentication CR from hypershift payload [#2573](https://github.com/openshift/api/pull/2573)
* [OCPBUGS-64940](https://issues.redhat.com/browse/OCPBUGS-64940): Promote BYO OIDC features [#2515](https://github.com/openshift/api/pull/2515)
* [OCPBUGS-62280](https://issues.redhat.com/browse/OCPBUGS-62280): ConsoleLink CRD has incorrect additionalPrinterColumns entry [#2509](https://github.com/openshift/api/pull/2509)
* [OCPBUGS-62256](https://issues.redhat.com/browse/OCPBUGS-62256): ConsoleLink CRD has incorrect additionalPrinterColumns entry [#2508](https://github.com/openshift/api/pull/2508)
* [OCPBUGS-61977](https://issues.redhat.com/browse/OCPBUGS-61977): Add 'AGE' print column to MachineConfigNode object [#2497](https://github.com/openshift/api/pull/2497)
* [OCPBUGS-56778](https://issues.redhat.com/browse/OCPBUGS-56778): Disable PSA for 4.20 [#2475](https://github.com/openshift/api/pull/2475)
* [Full changelog](https://github.com/openshift/api/compare/900e7e5b58abb3556fcdb9eb4d704a56f69cee23...50517c6f4bfdbf9fc2cb291fd97cce150a3237ca)
### [cluster-csi-snapshot-controller-operator](https://github.com/openshift/cluster-csi-snapshot-controller-operator/tree/019abe0c7671962829eb91269e1d76916966320e)
* [OCPBUGS-62258](https://issues.redhat.com/browse/OCPBUGS-62258): add all-egress label to deployments on HCP and IBM [#244](https://github.com/openshift/cluster-csi-snapshot-controller-operator/pull/244)
* [Full changelog](https://github.com/openshift/cluster-csi-snapshot-controller-operator/compare/f57fd597a374ed37f2cdfa37e2853753fd9f7773...019abe0c7671962829eb91269e1d76916966320e)
### [cluster-etcd-operator](https://github.com/openshift/cluster-etcd-operator/tree/c706661bce28d9f2beb0c1c0037f1481160db396)
* [OCPBUGS-63677](https://issues.redhat.com/browse/OCPBUGS-63677): Backport 1504 1514 release.420 [#1516](https://github.com/openshift/cluster-etcd-operator/pull/1516)
* [OCPBUGS-62738](https://issues.redhat.com/browse/OCPBUGS-62738): CNTRLPLANE-1315:Add OpenShift Tests Extension (OTE) for cluster-etcd-operator [#1491](https://github.com/openshift/cluster-etcd-operator/pull/1491)
* [OCPBUGS-63249](https://issues.redhat.com/browse/OCPBUGS-63249): Ensure revision.json persists on ungraceful shutdown [#1501](https://github.com/openshift/cluster-etcd-operator/pull/1501)
* [Full changelog](https://github.com/openshift/cluster-etcd-operator/compare/4dd842f6f0229c4d96a232dd3b134c6986c69f23...c706661bce28d9f2beb0c1c0037f1481160db396)
### [cluster-ingress-operator](https://github.com/openshift/cluster-ingress-operator/tree/24ef5ae121b8f658b649bb555be827f114ead438)
* NO-JIRA: Add new NID team members to OWNERS [#1317](https://github.com/openshift/cluster-ingress-operator/pull/1317)
* [OCPBUGS-66135](https://issues.redhat.com/browse/OCPBUGS-66135): Implement HTTPKeepAliveTimeout tuning option [#1312](https://github.com/openshift/cluster-ingress-operator/pull/1312)
* [OCPBUGS-66204](https://issues.redhat.com/browse/OCPBUGS-66204): Implement ClosedClientConnectionPolicy field [#1314](https://github.com/openshift/cluster-ingress-operator/pull/1314)
* [OCPBUGS-65664](https://issues.redhat.com/browse/OCPBUGS-65664): IngressOperator not exposing some metrics for degraded… [#1305](https://github.com/openshift/cluster-ingress-operator/pull/1305)
* [Full changelog](https://github.com/openshift/cluster-ingress-operator/compare/b73e34f61c2ca001a0d61410aeaa69fba0b9181e...24ef5ae121b8f658b649bb555be827f114ead438)
### [cluster-kube-apiserver-operator](https://github.com/openshift/cluster-kube-apiserver-operator/tree/974542ae2ef86a631546b3a48fd0da3c2e3b74dd)
* [OCPBUGS-65679](https://issues.redhat.com/browse/OCPBUGS-65679): enable resource v1beta2 api if DynamicResourceAllocation is enabled [#1929](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1929)
* [OCPBUGS-62057](https://issues.redhat.com/browse/OCPBUGS-62057): OpenShift cluster got degraded after rotating the kube-apiserver-service-network-signer cert [#1961](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1961)
* [OCPBUGS-64689](https://issues.redhat.com/browse/OCPBUGS-64689): Add priority field to prevent early shutdown [#1955](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1955)
* [OCPBUGS-55670](https://issues.redhat.com/browse/OCPBUGS-55670): revert dev cert rotation [#1906](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1906)
* [Full changelog](https://github.com/openshift/cluster-kube-apiserver-operator/compare/1cdedef05f6628edc871c99bab07ea161a979f4e...974542ae2ef86a631546b3a48fd0da3c2e3b74dd)
### [cluster-kube-cluster-api-operator](https://github.com/openshift/cluster-api-operator/tree/234e218207ec963df04ec1fedad85a421eb7a1ff)
* [OCPBUGS-63173](https://issues.redhat.com/browse/OCPBUGS-63173): Updating ose-cluster-kube-cluster-api-operator-container image to be consistent with ART for 4.20 [#62](https://github.com/openshift/cluster-api-operator/pull/62)
* [Full changelog](https://github.com/openshift/cluster-api-operator/compare/aec493448525ff03d0da25a4bf885fbd35214642...234e218207ec963df04ec1fedad85a421eb7a1ff)
### [cluster-kube-controller-manager-operator](https://github.com/openshift/cluster-kube-controller-manager-operator/tree/438c9dba80ddadeabe9efe4a654297a7b550b2b8)
* [OCPBUGS-64684](https://issues.redhat.com/browse/OCPBUGS-64684): Add priority field to prevent early shutdown [#890](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/890)
* [OCPBUGS-55217](https://issues.redhat.com/browse/OCPBUGS-55217): Throttle resourcesynccontroller on pairs with dual writers. [#882](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/882)
* [OCPBUGS-61323](https://issues.redhat.com/browse/OCPBUGS-61323): CNTRLPLANE-1275:Fixing arch issue [#870](https://github.com/openshift/cluster-kube-controller-manager-operator/pull/870)
* [Full changelog](https://github.com/openshift/cluster-kube-controller-manager-operator/compare/df5e370df1296c621e9714eb7690e019db17d444...438c9dba80ddadeabe9efe4a654297a7b550b2b8)
### [cluster-kube-scheduler-operator](https://github.com/openshift/cluster-kube-scheduler-operator/tree/58cbd296eecc61c0871739588ae65af9c05e87a6)
* [OCPBUGS-61544](https://issues.redhat.com/browse/OCPBUGS-61544): add readonlyRootFilesystem [#576](https://github.com/openshift/cluster-kube-scheduler-operator/pull/576)
* [Full changelog](https://github.com/openshift/cluster-kube-scheduler-operator/compare/f56b603a018af8ec2ff6fcb3a72cb8dc3f28b3e5...58cbd296eecc61c0871739588ae65af9c05e87a6)
### [cluster-kube-storage-version-migrator-operator](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/tree/5adc14299739bc64c8812cbab0b0ff2d12863602)
* [OCPBUGS-61325](https://issues.redhat.com/browse/OCPBUGS-61325): CNTRLPLANE-1306:Fixing arch issue [#131](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/pull/131)
* [Full changelog](https://github.com/openshift/cluster-kube-storage-version-migrator-operator/compare/7cbd9e08e5f1cf69b542e918fd784845301d2917...5adc14299739bc64c8812cbab0b0ff2d12863602)
### [cluster-machine-approver](https://github.com/openshift/cluster-machine-approver/tree/b3c82b2eec66ae3ae510df0603af1212c34be618)
* [OCPBUGS-63587](https://issues.redhat.com/browse/OCPBUGS-63587): port 9193 need to be internal and port 9194 need to have a service [#280](https://github.com/openshift/cluster-machine-approver/pull/280)
* [Full changelog](https://github.com/openshift/cluster-machine-approver/compare/d864813cd3ab01c0f975b2bf41e9046948f0afa1...b3c82b2eec66ae3ae510df0603af1212c34be618)
### [cluster-monitoring-operator](https://github.com/openshift/cluster-monitoring-operator/tree/47ab4cb2b5bb27718150b82bb3e0a03755200ca3)
* [OCPBUGS-67166](https://issues.redhat.com/browse/OCPBUGS-67166): Add the collection of MTV migration metrics [#2772](https://github.com/openshift/cluster-monitoring-operator/pull/2772)
* [OCPBUGS-62978](https://issues.redhat.com/browse/OCPBUGS-62978): add tls configuration for the monitoring plugin deployment [#2718](https://github.com/openshift/cluster-monitoring-operator/pull/2718)
* [OCPBUGS-62829](https://issues.redhat.com/browse/OCPBUGS-62829): Remove cluster from non-multicluster dashboards [#2701](https://github.com/openshift/cluster-monitoring-operator/pull/2701)
* [OCPBUGS-64577](https://issues.redhat.com/browse/OCPBUGS-64577): Fix KSM deny-list typo [#2729](https://github.com/openshift/cluster-monitoring-operator/pull/2729)
* [OCPBUGS-63408](https://issues.redhat.com/browse/OCPBUGS-63408): chore(prometheus/remotewrite): [release-4.20] clarify that the in-cluster proxy env vars set in prometheus container can be used in all configs that support proxyConfig.proxyFromEnvironment [#2721](https://github.com/openshift/cluster-monitoring-operator/pull/2721)
* [OCPBUGS-62979](https://issues.redhat.com/browse/OCPBUGS-62979): Remove AlertManager endpoints when disabled [#2710](https://github.com/openshift/cluster-monitoring-operator/pull/2710)
* [OCPBUGS-62750](https://issues.redhat.com/browse/OCPBUGS-62750): Add mcd_local_unsupported_packages metric from MCO to telemetry 4.20 [#2692](https://github.com/openshift/cluster-monitoring-operator/pull/2692)
* [OCPBUGS-62308](https://issues.redhat.com/browse/OCPBUGS-62308): test: remove image registry e2e tests [#2686](https://github.com/openshift/cluster-monitoring-operator/pull/2686)
* [OCPBUGS-61680](https://issues.redhat.com/browse/OCPBUGS-61680): add flag `--watch-referenced-objects-in-all-namespaces` to prometheus-operator [#2667](https://github.com/openshift/cluster-monitoring-operator/pull/2667)
* [OCPBUGS-61207](https://issues.redhat.com/browse/OCPBUGS-61207): chore(jsonnet): use prometheus_remote_storage_queue_highest_timestamp_seconds in PrometheusRemoteWriteBehind [#2661](https://github.com/openshift/cluster-monitoring-operator/pull/2661)
* [OCPBUGS-61166](https://issues.redhat.com/browse/OCPBUGS-61166): Revert "MON-4343: Cleanup deprecate pa config" [#2659](https://github.com/openshift/cluster-monitoring-operator/pull/2659)
* [Full changelog](https://github.com/openshift/cluster-monitoring-operator/compare/130336482f23a076e89f2f4b29222420b97c2f04...47ab4cb2b5bb27718150b82bb3e0a03755200ca3)
### [cluster-network-operator](https://github.com/openshift/cluster-network-operator/tree/63bfcdac6e6d861a4bc54dad13e91bd60e767b18)
* [CORENET-6311](https://issues.redhat.com/browse/CORENET-6311), [OCPBUGS-74139](https://issues.redhat.com/browse/OCPBUGS-74139): Skip running _stackmanager for libreswan 5.3+ [#2872](https://github.com/openshift/cluster-network-operator/pull/2872)
* [OCPBUGS-73365](https://issues.redhat.com/browse/OCPBUGS-73365): fix(hypershift): use net.JoinHostPort for URL construction [#2876](https://github.com/openshift/cluster-network-operator/pull/2876)
* [OCPBUGS-66253](https://issues.redhat.com/browse/OCPBUGS-66253): Add kubevirt platform to dual-stack supported platforms [#2860](https://github.com/openshift/cluster-network-operator/pull/2860)
* [OCPBUGS-66412](https://issues.redhat.com/browse/OCPBUGS-66412): Fix whereabouts-token-watcher DaemonSet improvements [#2850](https://github.com/openshift/cluster-network-operator/pull/2850)
* [OCPBUGS-66164](https://issues.redhat.com/browse/OCPBUGS-66164): [release-4.20] CORENET-6465: Remove unneeded logging config from managed ovn-kubernetes [#2838](https://github.com/openshift/cluster-network-operator/pull/2838)
* [OCPBUGS-66162](https://issues.redhat.com/browse/OCPBUGS-66162): [release-4.20] CORENET-6488: Preserve custom resource requests on ovn-control-plane pods [#2835](https://github.com/openshift/cluster-network-operator/pull/2835)
* [OCPBUGS-46422](https://issues.redhat.com/browse/OCPBUGS-46422): Add a ValidatingAdmissionPolicy blocking ServiceCIDR changes [4.20] [#2827](https://github.com/openshift/cluster-network-operator/pull/2827)
* [OCPBUGS-64733](https://issues.redhat.com/browse/OCPBUGS-64733): api, l2udn: subnets must be masked [#2823](https://github.com/openshift/cluster-network-operator/pull/2823)
* [OCPBUGS-62678](https://issues.redhat.com/browse/OCPBUGS-62678): Tweak iptables-alerter to try to avoid crictl bug [#2811](https://github.com/openshift/cluster-network-operator/pull/2811)
* [OCPBUGS-62273](https://issues.redhat.com/browse/OCPBUGS-62273): Fix EgressIP stale GARP post reboot + pod restart [#2806](https://github.com/openshift/cluster-network-operator/pull/2806)
* [OCPBUGS-61779](https://issues.redhat.com/browse/OCPBUGS-61779): Relax label req. of DPU/DPU Host/Smart NIC [#2800](https://github.com/openshift/cluster-network-operator/pull/2800)
* [OCPBUGS-61370](https://issues.redhat.com/browse/OCPBUGS-61370): Set maxUnavailable 10% on MultiNetworkPolicy DS [#2793](https://github.com/openshift/cluster-network-operator/pull/2793)
* [Full changelog](https://github.com/openshift/cluster-network-operator/compare/032e38a7b9a47207ecab2eab59b1ba8bef77ed33...63bfcdac6e6d861a4bc54dad13e91bd60e767b18)
### [cluster-node-tuning-operator](https://github.com/openshift/cluster-node-tuning-operator/tree/601b61fe23b44be64007c238c4299ca1ae594292)
* [OCPBUGS-70349](https://issues.redhat.com/browse/OCPBUGS-70349): Remove CgroupModeV1 reference from the code [#1437](https://github.com/openshift/cluster-node-tuning-operator/pull/1437)
* [OCPBUGS-62721](https://issues.redhat.com/browse/OCPBUGS-62721): E2E: skip SMT disabled test when L3 cache spans entire NUMA node [#1404](https://github.com/openshift/cluster-node-tuning-operator/pull/1404)
* [OCPBUGS-63751](https://issues.redhat.com/browse/OCPBUGS-63751): PPC: ghw: filter out namespaces dir [#1421](https://github.com/openshift/cluster-node-tuning-operator/pull/1421)
* [OCPBUGS-64832](https://issues.redhat.com/browse/OCPBUGS-64832): e2e:hugepages: changing tests to use hugepages-allocator tool [#1427](https://github.com/openshift/cluster-node-tuning-operator/pull/1427)
* [OCPBUGS-64588](https://issues.redhat.com/browse/OCPBUGS-64588): e2e:llc: skip test when no BM worker is found [#1422](https://github.com/openshift/cluster-node-tuning-operator/pull/1422)
* [OCPBUGS-63010](https://issues.redhat.com/browse/OCPBUGS-63010): E2E: Add test cases related to schedulable control plane nodes [#1409](https://github.com/openshift/cluster-node-tuning-operator/pull/1409)
* [OCPBUGS-62889](https://issues.redhat.com/browse/OCPBUGS-62889): E2E: llc: make sure to remove any trailing newspaces [#1408](https://github.com/openshift/cluster-node-tuning-operator/pull/1408)
* [OCPBUGS-63334](https://issues.redhat.com/browse/OCPBUGS-63334): Do not cause kubelet failed dependency by ocp-tuned-one-shot.service [#1415](https://github.com/openshift/cluster-node-tuning-operator/pull/1415)
* [OCPBUGS-62214](https://issues.redhat.com/browse/OCPBUGS-62214): E2E: Add function to check control plane nodes are schedulable. [#1398](https://github.com/openshift/cluster-node-tuning-operator/pull/1398)
* [OCPBUGS-62023](https://issues.redhat.com/browse/OCPBUGS-62023): release-4.20: e2e: set of fixes/changes to ovs pinning testing [#1394](https://github.com/openshift/cluster-node-tuning-operator/pull/1394)
* [OCPBUGS-62017](https://issues.redhat.com/browse/OCPBUGS-62017): E2E: llc: Create testing namespace before Runtime tests [#1393](https://github.com/openshift/cluster-node-tuning-operator/pull/1393)
* And 1 elided commits (e.g. from squash or rebase merges)
* [Full changelog](https://github.com/openshift/cluster-node-tuning-operator/compare/e056525798ed04945e08ff2daa8459cc318f30d4...601b61fe23b44be64007c238c4299ca1ae594292)
### [cluster-openshift-controller-manager-operator](https://github.com/openshift/cluster-openshift-controller-manager-operator/tree/aa455c043152123595c2b4f72e02279aad9dd48a)
* [OCPBUGS-61607](https://issues.redhat.com/browse/OCPBUGS-61607): set up openshift-tests-extension for cluster-openshift-controller-manager-operator and add a sanity test [#396](https://github.com/openshift/cluster-openshift-controller-manager-operator/pull/396)
* [Full changelog](https://github.com/openshift/cluster-openshift-controller-manager-operator/compare/2617a201bb3607192a9f82faa18384676f611e3c...aa455c043152123595c2b4f72e02279aad9dd48a)
### [cluster-policy-controller](https://github.com/openshift/cluster-policy-controller/tree/47c783103216aa5e1242632127a5d8f98b8b7455)
* [OCPBUGS-62053](https://issues.redhat.com/browse/OCPBUGS-62053): fix(psalabelsyncer): return an error instead of panic when converting an unknown volume [#168](https://github.com/openshift/cluster-policy-controller/pull/168)
* [Full changelog](https://github.com/openshift/cluster-policy-controller/compare/8b775487512fb543bff470ff1042bd3ac31b29be...47c783103216aa5e1242632127a5d8f98b8b7455)
### [cluster-samples-operator](https://github.com/openshift/cluster-samples-operator/tree/b343f70f19ffd559e1a81d3a3e65bd106e634c13)
* [OCPBUGS-63507](https://issues.redhat.com/browse/OCPBUGS-63507): references to github.com/sclorg/django-ex.git now also refer to the branch [#655](https://github.com/openshift/cluster-samples-operator/pull/655)
* [Full changelog](https://github.com/openshift/cluster-samples-operator/compare/4a32fd6f5d45c82f9e17c6d25825b42acc5b6a11...b343f70f19ffd559e1a81d3a3e65bd106e634c13)
### [cluster-storage-operator](https://github.com/openshift/cluster-storage-operator/tree/d6b7775e872264a8e53f4bfe3ba884a3888367b7)
* [OCPBUGS-62668](https://issues.redhat.com/browse/OCPBUGS-62668), [OCPBUGS-62993](https://issues.redhat.com/browse/OCPBUGS-62993): Move metrics to vsphere driver [#630](https://github.com/openshift/cluster-storage-operator/pull/630)
* [OCPBUGS-62175](https://issues.redhat.com/browse/OCPBUGS-62175): add all-egress label to deployments on HCP and IBM [#622](https://github.com/openshift/cluster-storage-operator/pull/622)
* [OCPBUGS-61249](https://issues.redhat.com/browse/OCPBUGS-61249): Fix logging e2e also faster cleanup [#613](https://github.com/openshift/cluster-storage-operator/pull/613)
* [Full changelog](https://github.com/openshift/cluster-storage-operator/compare/00672f31c315df02eaf076b63c2d9999aafbacee...d6b7775e872264a8e53f4bfe3ba884a3888367b7)
### [cluster-version-operator](https://github.com/openshift/cluster-version-operator/tree/73583cd49830e22349b5d8bf25dc2e95f3882692)
* [OCPBUGS-70180](https://issues.redhat.com/browse/OCPBUGS-70180): [release-4.20] OCPBUGS-70180: Unify capitalization when comparing architectures for available updates [#1281](https://github.com/openshift/cluster-version-operator/pull/1281)
* [OCPBUGS-63001](https://issues.redhat.com/browse/OCPBUGS-63001): Add ClusterVersionOperator manifests to TechPreviewNoUpgrade clusters in 4.20 [#1247](https://github.com/openshift/cluster-version-operator/pull/1247)
* [OCPBUGS-62867](https://issues.redhat.com/browse/OCPBUGS-62867): temporarily disable metrics auth for hypershift clusters [#1244](https://github.com/openshift/cluster-version-operator/pull/1244)
* [Full changelog](https://github.com/openshift/cluster-version-operator/compare/83243780aed4e0d9c4ebff528e54b918d4170fd3...73583cd49830e22349b5d8bf25dc2e95f3882692)
### [console](https://github.com/openshift/console/tree/d6d2894d43709f52e346839221a6d719b82dcd49)
* [OCPBUGS-67225](https://issues.redhat.com/browse/OCPBUGS-67225): Remove unwanted semicolon from Serverless Channel and Broker list [#15834](https://github.com/openshift/console/pull/15834)
* [OCPBUGS-69917](https://issues.redhat.com/browse/OCPBUGS-69917): There should be no role ARN field as token-auth-aws/azure/gcp=false in csv annotations [#15869](https://github.com/openshift/console/pull/15869)
* [OCPBUGS-73775](https://issues.redhat.com/browse/OCPBUGS-73775): make cloudCredentials optional so operators load when … [#15918](https://github.com/openshift/console/pull/15918)
* [OCPBUGS-69732](https://issues.redhat.com/browse/OCPBUGS-69732): Fix Helm chart installation with CA/TLS certificates [#15862](https://github.com/openshift/console/pull/15862)
* [OCPBUGS-70332](https://issues.redhat.com/browse/OCPBUGS-70332): Visiting Group Detail Page > RoleBindings will show error [#15887](https://github.com/openshift/console/pull/15887)
* [OCPBUGS-67136](https://issues.redhat.com/browse/OCPBUGS-67136): Spread operand details across 2 col [#15858](https://github.com/openshift/console/pull/15858)
* [OCPBUGS-66427](https://issues.redhat.com/browse/OCPBUGS-66427): Update client initialization in checkPackageManifestHandler [#15822](https://github.com/openshift/console/pull/15822)
* [OCPBUGS-67221](https://issues.redhat.com/browse/OCPBUGS-67221): Disallowed Pipelines-plugin Pipelines navigation section [#15833](https://github.com/openshift/console/pull/15833)
* [OCPBUGS-66248](https://issues.redhat.com/browse/OCPBUGS-66248): The number of Quick Starts item is wrong [#15797](https://github.com/openshift/console/pull/15797)
* [OCPBUGS-66206](https://issues.redhat.com/browse/OCPBUGS-66206): Sync YAML editor modal settings [#15787](https://github.com/openshift/console/pull/15787)
* [OCPBUGS-65900](https://issues.redhat.com/browse/OCPBUGS-65900): Fix unnecessary rerenders with pod-connect [#15758](https://github.com/openshift/console/pull/15758)
* [OCPBUGS-61785](https://issues.redhat.com/browse/OCPBUGS-61785): Add validation and type guards on healthHandler calls to prevent errors [#15500](https://github.com/openshift/console/pull/15500)
* [OCPBUGS-65793](https://issues.redhat.com/browse/OCPBUGS-65793): OpenShift Console can only show user name instead of full name as the display name [#15743](https://github.com/openshift/console/pull/15743)
* [OCPBUGS-65949](https://issues.redhat.com/browse/OCPBUGS-65949): Add SDK-webpack 4.20 changelogs [#15768](https://github.com/openshift/console/pull/15768)
* NO-JIRA: Add SDK 4.20 changelogs [#15765](https://github.com/openshift/console/pull/15765)
* [OCPBUGS-65761](https://issues.redhat.com/browse/OCPBUGS-65761): Preserve query string in perspective switch + remove dev console folks from `reviewers` [#15740](https://github.com/openshift/console/pull/15740)
* [OCPBUGS-64861](https://issues.redhat.com/browse/OCPBUGS-64861), [OCPBUGS-64863](https://issues.redhat.com/browse/OCPBUGS-64863): Upgrade Helm to 3.18.5 [#15705](https://github.com/openshift/console/pull/15705)
* [OCPBUGS-64702](https://issues.redhat.com/browse/OCPBUGS-64702): Lack Chinese/Japanese/Korean translations for 'On/Off' switch button on editor setting modal of yaml page. [#15683](https://github.com/openshift/console/pull/15683)
* [OCPBUGS-63125](https://issues.redhat.com/browse/OCPBUGS-63125): use tenancy path for project scoped status card [#15608](https://github.com/openshift/console/pull/15608)
* [OCPBUGS-61330](https://issues.redhat.com/browse/OCPBUGS-61330): fix namespace path generation for non-namespaced resources [#15498](https://github.com/openshift/console/pull/15498)
* [OCPBUGS-62953](https://issues.redhat.com/browse/OCPBUGS-62953): Automatically redirect all-namespaces catalog to default namespace [#15640](https://github.com/openshift/console/pull/15640)
* [OCPBUGS-64862](https://issues.redhat.com/browse/OCPBUGS-64862): Convert standalone terminal route to extension [#15702](https://github.com/openshift/console/pull/15702)
* [OCPBUGS-63499](https://issues.redhat.com/browse/OCPBUGS-63499): Turn on `fContentSecurityPolicyEnabled` by default [#15639](https://github.com/openshift/console/pull/15639)
* [OCPBUGS-64639](https://issues.redhat.com/browse/OCPBUGS-64639): HPA Form View in RHOCP Web Console Incorrectly Requires Both CPU and … [#15673](https://github.com/openshift/console/pull/15673)
* [OCPBUGS-63616](https://issues.redhat.com/browse/OCPBUGS-63616): Preserve path on perspective switch [#15650](https://github.com/openshift/console/pull/15650)
* [OCPBUGS-64809](https://issues.redhat.com/browse/OCPBUGS-64809): Never allow OTHER_CATEGORY in categories [#15690](https://github.com/openshift/console/pull/15690)
* [OCPBUGS-63608](https://issues.redhat.com/browse/OCPBUGS-63608): Fix catalog search relevance scoring, so that operators with attribute.keywords are displayed and remove unnecessary metadataName from calculation [#15648](https://github.com/openshift/console/pull/15648)
* [OCPBUGS-63470](https://issues.redhat.com/browse/OCPBUGS-63470): limit node log length to 1000 lines [#15635](https://github.com/openshift/console/pull/15635)
* [OCPBUGS-63440](https://issues.redhat.com/browse/OCPBUGS-63440): Expose prometheus tenancy label path as a proxy [#15632](https://github.com/openshift/console/pull/15632)
* [OCPBUGS-63465](https://issues.redhat.com/browse/OCPBUGS-63465): Remove required flag from 'console.flag/model' pipelines-plugin extension [#15634](https://github.com/openshift/console/pull/15634)
* [OCPBUGS-63403](https://issues.redhat.com/browse/OCPBUGS-63403): Fix Bare Metal Hosts nav item [#15628](https://github.com/openshift/console/pull/15628)
* [OCPBUGS-62644](https://issues.redhat.com/browse/OCPBUGS-62644): bump dompurify to latest [#15587](https://github.com/openshift/console/pull/15587)
* [OCPBUGS-61926](https://issues.redhat.com/browse/OCPBUGS-61926): PVC shows negative Available space in OpenShift Console on RHOCP 4 [#15512](https://github.com/openshift/console/pull/15512)
* [OCPBUGS-61861](https://issues.redhat.com/browse/OCPBUGS-61861): cluster in workload identity mode is not applied with the token-auth-… [#15507](https://github.com/openshift/console/pull/15507)
* [OCPBUGS-61848](https://issues.redhat.com/browse/OCPBUGS-61848): Updation of label from edit label doesn't work [#15506](https://github.com/openshift/console/pull/15506)
* [OCPBUGS-62196](https://issues.redhat.com/browse/OCPBUGS-62196): Add Missing Periods to Error Messages and update try again button link [#15537](https://github.com/openshift/console/pull/15537)
* [OCPBUGS-62015](https://issues.redhat.com/browse/OCPBUGS-62015): Help dropdown should be closed automatically after tour model opened [#15519](https://github.com/openshift/console/pull/15519)
* [OCPBUGS-61990](https://issues.redhat.com/browse/OCPBUGS-61990): Change default tab size from 4 to 2 [#15515](https://github.com/openshift/console/pull/15515)
* [OCPBUGS-61671](https://issues.redhat.com/browse/OCPBUGS-61671): i18n upload/download routine task for OCP version 4.20 [#15485](https://github.com/openshift/console/pull/15485)
* [OCPBUGS-61777](https://issues.redhat.com/browse/OCPBUGS-61777): Fix improper DescriptionList refactor [#15499](https://github.com/openshift/console/pull/15499)
* [OCPBUGS-61327](https://issues.redhat.com/browse/OCPBUGS-61327): Correct the ordering of Catalog categories to be alphabetized [#15468](https://github.com/openshift/console/pull/15468)
* [OCPBUGS-61226](https://issues.redhat.com/browse/OCPBUGS-61226): fix typo in update approval strategy label [#15458](https://github.com/openshift/console/pull/15458)
* [Full changelog](https://github.com/openshift/console/compare/a1355a39df6560b40532501f668bea94e3f63cf7...d6d2894d43709f52e346839221a6d719b82dcd49)
### [console-operator](https://github.com/openshift/console-operator/tree/ac81d030ea60351838be670de5ddca92a0320d45)
* [OCPBUGS-69960](https://issues.redhat.com/browse/OCPBUGS-69960): Reset StorageVersionMigrationDegraded condition [#1085](https://github.com/openshift/console-operator/pull/1085)
* [OCPBUGS-69654](https://issues.redhat.com/browse/OCPBUGS-69654): Update path for browsing catalogs and operators in quickstarts. [#1083](https://github.com/openshift/console-operator/pull/1083)
* [OCPBUGS-64602](https://issues.redhat.com/browse/OCPBUGS-64602): Remove v1alpha1 ConsolePlugin version from CRDs status [#1060](https://github.com/openshift/console-operator/pull/1060)
* [OCPBUGS-61230](https://issues.redhat.com/browse/OCPBUGS-61230): pluginOrder field should only contain available plugins [#1040](https://github.com/openshift/console-operator/pull/1040)
* [Full changelog](https://github.com/openshift/console-operator/compare/788be29134ca30f8a04c74a8388d97b18158654e...ac81d030ea60351838be670de5ddca92a0320d45)
### [csi-driver-manila, openstack-cinder-csi-driver, openstack-cloud-controller-manager](https://github.com/openshift/cloud-provider-openstack/tree/eeae3b042d3de06808d00c7f4e72c014e25ffb1c)
* [OCPBUGS-64811](https://issues.redhat.com/browse/OCPBUGS-64811): Merge https://github.com/kubernetes/cloud-provider-openstack:release-1.33 into release-4.20 [#355](https://github.com/openshift/cloud-provider-openstack/pull/355)
* [Full changelog](https://github.com/openshift/cloud-provider-openstack/compare/027d9521e20ccbfd902ee59f3bd51d82186983d8...eeae3b042d3de06808d00c7f4e72c014e25ffb1c)
### [csi-external-resizer](https://github.com/openshift/csi-external-resizer/tree/c674bea9bb6a81e463c7fefa974e2109d829daef)
* [OCPBUGS-61546](https://issues.redhat.com/browse/OCPBUGS-61546): Requeue PVC over PV creation [#172](https://github.com/openshift/csi-external-resizer/pull/172)
* [Full changelog](https://github.com/openshift/csi-external-resizer/compare/15afb4448eca9af0c32d4f4bcf0b6e8ae4b0bb18...c674bea9bb6a81e463c7fefa974e2109d829daef)
### [csi-node-driver-registrar](https://github.com/openshift/csi-node-driver-registrar/tree/6ce4713c87b735e2546a65a871bd2c7cfe383c31)
* [OCPBUGS-62844](https://issues.redhat.com/browse/OCPBUGS-62844): update log level verbosity to not clutter logs [#87](https://github.com/openshift/csi-node-driver-registrar/pull/87)
* [Full changelog](https://github.com/openshift/csi-node-driver-registrar/compare/65d7aa731ce115a2ecb0d79720a05d34c92b05ba...6ce4713c87b735e2546a65a871bd2c7cfe383c31)
### [docker-builder](https://github.com/openshift/builder/tree/8c0a564f464540d0e2ffc0ce4c98d90a730bc2d2)
* [OCPBUGS-64857](https://issues.redhat.com/browse/OCPBUGS-64857): BuildConfig inline Dockerfile fails with heredoc syntax [#483](https://github.com/openshift/builder/pull/483)
* [Full changelog](https://github.com/openshift/builder/compare/e43923c93ce066c09d09110f0796232dadfd4a60...8c0a564f464540d0e2ffc0ce4c98d90a730bc2d2)
### [docker-registry](https://github.com/openshift/image-registry/tree/0c09647aa2db93a8584dfe8079ed919145c662fb)
* [OCPBUGS-61638](https://issues.redhat.com/browse/OCPBUGS-61638): update OWNERS [#449](https://github.com/openshift/image-registry/pull/449)
* [Full changelog](https://github.com/openshift/image-registry/compare/aa20986bae53e76d633e08d68481a08809dc0433...0c09647aa2db93a8584dfe8079ed919145c662fb)
### [etcd](https://github.com/openshift/etcd/tree/eac09c01677bb03daed156d407be27785fd61e0d)
* [OCPBUGS-63474](https://issues.redhat.com/browse/OCPBUGS-63474): 4.20 rebase 3.5.24 [#347](https://github.com/openshift/etcd/pull/347)
* [OCPBUGS-60874](https://issues.redhat.com/browse/OCPBUGS-60874): Revert "OCPBUGS-52181: Ensure cluster id changes during force-new-cluster" [#339](https://github.com/openshift/etcd/pull/339)
* [OCPBUGS-57675](https://issues.redhat.com/browse/OCPBUGS-57675): Updating ose-etcd-container image to be consistent with ART for 4.20 [#334](https://github.com/openshift/etcd/pull/334)
* [ETCD-726](https://issues.redhat.com/browse/ETCD-726): Rebase etcd 3.5.21 openshift 4.19 [#324](https://github.com/openshift/etcd/pull/324)
* [OCPBUGS-52181](https://issues.redhat.com/browse/OCPBUGS-52181): Ensure cluster id changes during force-new-cluster [#313](https://github.com/openshift/etcd/pull/313)
* [OCPBUGS-50510](https://issues.redhat.com/browse/OCPBUGS-50510): Add configurable option for hardware-related timeout delay [#311](https://github.com/openshift/etcd/pull/311)
* [OCPBUGS-45488](https://issues.redhat.com/browse/OCPBUGS-45488): Updating ose-etcd-container image to be consistent with ART for 4.19 [#306](https://github.com/openshift/etcd/pull/306)
* [ETCD-717](https://issues.redhat.com/browse/ETCD-717): Rebase etcd 3.5.19 openshift 4.19 [#315](https://github.com/openshift/etcd/pull/315)
* DOWNSTREAM: <carry>: OCPBUGS-51838: fix a compaction induce latency issue [#309](https://github.com/openshift/etcd/pull/309)
* [ETCD-709](https://issues.redhat.com/browse/ETCD-709): Rebase etcd 3.5.18 openshift 4.19 [#308](https://github.com/openshift/etcd/pull/308)
* [OCPBUGS-44528](https://issues.redhat.com/browse/OCPBUGS-44528): Rebase etcd 3.5.17 openshift 4.18 [#302](https://github.com/openshift/etcd/pull/302)
* DOWNSTREAM: <carry>: ETCD-697: add tls min/max version to grpc proxy [#301](https://github.com/openshift/etcd/pull/301)
* DOWNSTREAM: <carry>: ETCD-696: Add rev bumping to force-new-cluster [#300](https://github.com/openshift/etcd/pull/300)
* NO-ISSUE: Add support for cachi2 based deps in Dockerfile.art [#296](https://github.com/openshift/etcd/pull/296)
* NO-ISSUE: Add support for cachi2 based deps [#294](https://github.com/openshift/etcd/pull/294)
* [OCPBUGS-39188](https://issues.redhat.com/browse/OCPBUGS-39188): Rebase etcd 3.5.16 openshift 4.18 [#290](https://github.com/openshift/etcd/pull/290)
* NO-JIRA: use golang 1.22 image [#285](https://github.com/openshift/etcd/pull/285)
* [ETCD-656](https://issues.redhat.com/browse/ETCD-656): Automate datadir move after quorum-restore [#284](https://github.com/openshift/etcd/pull/284)
* DOWNSTREAM: <carry>: ETCD-653: add jq to the etcd image [#282](https://github.com/openshift/etcd/pull/282)
* [OCPBUGS-34653](https://issues.redhat.com/browse/OCPBUGS-34653): Rebase etcd 3.5.14 openshift 4.17 [#273](https://github.com/openshift/etcd/pull/273)
* [CORS-3191](https://issues.redhat.com/browse/CORS-3191): DOWNSTREAM <carry>: add native binary to installer images [#269](https://github.com/openshift/etcd/pull/269)
* [CORS-3249](https://issues.redhat.com/browse/CORS-3249): DOWNSTREAM <carry>: installer: make etcd binaries static [#268](https://github.com/openshift/etcd/pull/268)
* [CORS-3249](https://issues.redhat.com/browse/CORS-3249): DOWNSTREAM <carry>: add installer Dockerfile for ART builds [#267](https://github.com/openshift/etcd/pull/267)
* [OCPBUGS-31624](https://issues.redhat.com/browse/OCPBUGS-31624): Rebase etcd 3.5.13 openshift 4.16 [#259](https://github.com/openshift/etcd/pull/259)
* no-issue: Update Installer dockerfile to use golang-1.20 [#251](https://github.com/openshift/etcd/pull/251)
* [OCPBUGS-28730](https://issues.redhat.com/browse/OCPBUGS-28730): Rebase etcd 3.5.12 openshift 4.16 [#242](https://github.com/openshift/etcd/pull/242)
* [CORS-3191](https://issues.redhat.com/browse/CORS-3191): Add Dockerfile to build etcd for openshift-installer [#249](https://github.com/openshift/etcd/pull/249)
* [OCPBUGS-24988](https://issues.redhat.com/browse/OCPBUGS-24988): Updating ose-etcd-container image to be consistent with ART [#236](https://github.com/openshift/etcd/pull/236)
* [OCPBUGS-24931](https://issues.redhat.com/browse/OCPBUGS-24931): Rebase etcd 3.5.11 openshift 4.16 [#237](https://github.com/openshift/etcd/pull/237)
* [OCPBUGS-19279](https://issues.redhat.com/browse/OCPBUGS-19279): Updating ose-etcd images to be consistent with ART [#215](https://github.com/openshift/etcd/pull/215)
* [OCPBUGS-20560](https://issues.redhat.com/browse/OCPBUGS-20560): [4.15] Rebase openshift/etcd to 3.5.10 [#224](https://github.com/openshift/etcd/pull/224)
* [OCPBUGS-18179](https://issues.redhat.com/browse/OCPBUGS-18179): UPSTREAM <carry>: update build images to rhel9 [#211](https://github.com/openshift/etcd/pull/211)
* [OCPBUGS-11850](https://issues.redhat.com/browse/OCPBUGS-11850): Rebase etcd-3.5.9 into openshift-4.14 [#203](https://github.com/openshift/etcd/pull/203)
* [OCPBUGS-11850](https://issues.redhat.com/browse/OCPBUGS-11850): Rebase etcd-3.5.8 into openshift-4.14 [#201](https://github.com/openshift/etcd/pull/201)
* Update owners [#184](https://github.com/openshift/etcd/pull/184)
* Updating ose-etcd images to be consistent with ART [#182](https://github.com/openshift/etcd/pull/182)
* Updating ose-etcd images to be consistent with ART [#181](https://github.com/openshift/etcd/pull/181)
* [OCPBUGS-5458](https://issues.redhat.com/browse/OCPBUGS-5458): UPSTREAM:<carry>: etcdserver: process the scenaro of the last WAL rec… [#175](https://github.com/openshift/etcd/pull/175)
* [OCPBUGS-3098](https://issues.redhat.com/browse/OCPBUGS-3098): Rebase openshift/etcd 4.13 onto v3.5.6 [#168](https://github.com/openshift/etcd/pull/168)
* Bug OCPBUGS-3098: UPSTREAM: <carry>: server/etcdmain: add configurable cipher list to gRPC proxy listener [#162](https://github.com/openshift/etcd/pull/162)
* [OCPBUGS-861](https://issues.redhat.com/browse/OCPBUGS-861): Rebase openshift/etcd 4.12 onto v3.5.5 [#144](https://github.com/openshift/etcd/pull/144)
* Updating ose-etcd images to be consistent with ART [#134](https://github.com/openshift/etcd/pull/134)
* [Bug 2085997](https://bugzilla.redhat.com/show_bug.cgi?id=2085997): increases cluster discovery time from 10s to 135s [#131](https://github.com/openshift/etcd/pull/131)
* Revert "UPSTREAM: <carry>: increases cluster discovery time from 10s to 180s" [#130](https://github.com/openshift/etcd/pull/130)
* [Bug 2085997](https://bugzilla.redhat.com/show_bug.cgi?id=2085997): increases cluster discovery time from 10s to 180s [#129](https://github.com/openshift/etcd/pull/129)
* Add new members to reviewers/approvers [#121](https://github.com/openshift/etcd/pull/121)
* Remove MemberList patch [#120](https://github.com/openshift/etcd/pull/120)
* 3.5.3 with history [#116](https://github.com/openshift/etcd/pull/116)
* Contiguous to 3.5.2 [#109](https://github.com/openshift/etcd/pull/109)
* OWNERS: bump [#104](https://github.com/openshift/etcd/pull/104)
* UPSTREAM: <carry>: add --experimental-max-learner flag [#102](https://github.com/openshift/etcd/pull/102)
* OWNERS: clean up [#101](https://github.com/openshift/etcd/pull/101)
* [Bug 2003775](https://bugzilla.redhat.com/show_bug.cgi?id=2003775): UPSTREAM: <carry>: server: Fix for v3.5 Ensure that cluster members stored in v2store and backend are in sync [#98](https://github.com/openshift/etcd/pull/98)
* UPSTREAM: <carry>: storage/backend: Add a gauge to indicate if defrag is active [#97](https://github.com/openshift/etcd/pull/97)
* Updating ose-etcd images to be consistent with ART [#95](https://github.com/openshift/etcd/pull/95)
* [Bug 1994986](https://bugzilla.redhat.com/show_bug.cgi?id=1994986): (CARRY) etcdctl/ctlv3/ctl.go: Remove check perf command [#94](https://github.com/openshift/etcd/pull/94)
* [Bug 1992673](https://bugzilla.redhat.com/show_bug.cgi?id=1992673): Fix build [#93](https://github.com/openshift/etcd/pull/93)
* [ETCD-203](https://issues.redhat.com/browse/ETCD-203): Updating ose-etcd images to be consistent with ART [#92](https://github.com/openshift/etcd/pull/92)
* [ETCD-202](https://issues.redhat.com/browse/ETCD-202): bump etcd v3.5.0 [#91](https://github.com/openshift/etcd/pull/91)
* [ETCD-200](https://issues.redhat.com/browse/ETCD-200): Bump etcd v3.4.16 to go 1.15 [#86](https://github.com/openshift/etcd/pull/86)
* Updating ose-etcd images to be consistent with ART [#87](https://github.com/openshift/etcd/pull/87)
* [ETCD-199](https://issues.redhat.com/browse/ETCD-199): bump etcd v3.4.16 [#83](https://github.com/openshift/etcd/pull/83)
* Updating ose-etcd images to be consistent with ART [#84](https://github.com/openshift/etcd/pull/84)
* [Bug 1958913](https://bugzilla.redhat.com/show_bug.cgi?id=1958913): discover-etcd-initial-cluster: retry if member is not part of member list and dataDir exists [#81](https://github.com/openshift/etcd/pull/81)
* [Bug 1958405](https://bugzilla.redhat.com/show_bug.cgi?id=1958405): UPSTREAM: <carry>: etcdserver/api/etcdhttp: log successful etcd server side health check in debug level [#80](https://github.com/openshift/etcd/pull/80)
* [Bug 1958405](https://bugzilla.redhat.com/show_bug.cgi?id=1958405): UPSTREAM: <carry>: *: log server-side /health checks [#79](https://github.com/openshift/etcd/pull/79)
* [Bug 1958405](https://bugzilla.redhat.com/show_bug.cgi?id=1958405): UPSTREAM: <carry>: server: add support for log rotation (#12774) [#78](https://github.com/openshift/etcd/pull/78)
* UPSTREAM: <carry>: *: ensure zap logger is set before use [#75](https://github.com/openshift/etcd/pull/75)
* [ETCD-180](https://issues.redhat.com/browse/ETCD-180): Bug 1927942: UPSTREAM: <carry>: *: add support for socket options [#70](https://github.com/openshift/etcd/pull/70)
* [ETCD-178](https://issues.redhat.com/browse/ETCD-178): Bug 1931652: openshift-tools: fix on off flow and add unit tests [#73](https://github.com/openshift/etcd/pull/73)
* Updating ose-etcd builder & base images to be consistent with ART [#68](https://github.com/openshift/etcd/pull/68)
* [Bug 1870189](https://bugzilla.redhat.com/show_bug.cgi?id=1870189): Bump v3.4.14 [#65](https://github.com/openshift/etcd/pull/65)
* OWNERS: add component [#60](https://github.com/openshift/etcd/pull/60)
* Updating ose-etcd builder & base images to be consistent with ART [#59](https://github.com/openshift/etcd/pull/59)
* [Bug 1878163](https://bugzilla.redhat.com/show_bug.cgi?id=1878163): Updating ose-etcd builder & base images to be consistent with ART [#57](https://github.com/openshift/etcd/pull/57)
* [Bug 1883772](https://bugzilla.redhat.com/show_bug.cgi?id=1883772): discover-etcd-initial-cluster: improve error handling when we dont scale member [#56](https://github.com/openshift/etcd/pull/56)
* [Bug 1859196](https://bugzilla.redhat.com/show_bug.cgi?id=1859196): bump etcd v3.4.9 [#52](https://github.com/openshift/etcd/pull/52)
* [Bug 1814576](https://bugzilla.redhat.com/show_bug.cgi?id=1814576): make evaluation of targetMember strict [#48](https://github.com/openshift/etcd/pull/48)
* *: bump etcd to v3.4.7 [#44](https://github.com/openshift/etcd/pull/44)
* list all peers in initial-cluster [#38](https://github.com/openshift/etcd/pull/38)
* [Bug 1808544](https://bugzilla.redhat.com/show_bug.cgi?id=1808544): If we weren't able to get client or target member go ahead and start ... [#36](https://github.com/openshift/etcd/pull/36)
* [Bug 1808073](https://bugzilla.redhat.com/show_bug.cgi?id=1808073): fix archive member name, unmask error [#34](https://github.com/openshift/etcd/pull/34)
* [Bug 1806751](https://bugzilla.redhat.com/show_bug.cgi?id=1806751): Archive data-dir if target member is unstarted [#29](https://github.com/openshift/etcd/pull/29)
* Use var lib etcd as data dir [#30](https://github.com/openshift/etcd/pull/30)
* [Bug 1805807](https://bugzilla.redhat.com/show_bug.cgi?id=1805807): create logic for golang ETCD_INITIAL_CLUSTER [#28](https://github.com/openshift/etcd/pull/28)
* add stub discovery-etcd-initial-cluster [#26](https://github.com/openshift/etcd/pull/26)
* [Bug 1801237](https://bugzilla.redhat.com/show_bug.cgi?id=1801237): *: bump etcd to v3.3.18 [#21](https://github.com/openshift/etcd/pull/21)
* : bump etcd to v3.3.17 [#20](https://github.com/openshift/etcd/pull/20)
* Dockerfile: bump golang 1.12 [#19](https://github.com/openshift/etcd/pull/19)
* BUG 1747124: Dockerfile: use build instead of make build [#17](https://github.com/openshift/etcd/pull/17)
* Dockerfile: bump golang to 1.11 [#14](https://github.com/openshift/etcd/pull/14)
* [Bug 1706103](https://bugzilla.redhat.com/show_bug.cgi?id=1706103): Dockerfile: set coreos org as canonical for release-3.3 [#12](https://github.com/openshift/etcd/pull/12)
* [cherry-pick openshift-4.0] *: Change gRPC proxy to expose etcd server endpoint /metrics [#6](https://github.com/openshift/etcd/pull/6)
* Dockerfile: resolve issue where binary was not properly copied [#5](https://github.com/openshift/etcd/pull/5)
* clientv3: automated cherry pick of #10153 to release-3.3 [#10161](https://github.com/openshift/etcd/pull/10161)
* Automated cherry pick of #9997 [#10041](https://github.com/openshift/etcd/pull/10041)
* etcdctl: cherry pick of #10109 to release-3.3 [#10122](https://github.com/openshift/etcd/pull/10122)
* etcdserver: remove duplicated imports [#10093](https://github.com/openshift/etcd/pull/10093)
* etcdserver: cherry-pick #9861 to release-3.3 [#10027](https://github.com/openshift/etcd/pull/10027)
* Automated cherry pick of #9990 [#10004](https://github.com/openshift/etcd/pull/10004)
* Automated cherry pick of #9761 [#9940](https://github.com/openshift/etcd/pull/9940)
* And 206 elided commits (e.g. from squash or rebase merges)
* [Full changelog](https://github.com/openshift/etcd/compare/806f690e1f140e0aea2eb05ef5f288b756b62895...eac09c01677bb03daed156d407be27785fd61e0d)
### [haproxy-router](https://github.com/openshift/router/tree/db8d384266051ef06b67883aaa83674bc6c9f1ae)
* [OCPBUGS-66204](https://issues.redhat.com/browse/OCPBUGS-66204): Add option abortonclose to HAProxy configuration template [#695](https://github.com/openshift/router/pull/695)
* [OCPBUGS-61558](https://issues.redhat.com/browse/OCPBUGS-61558): Revert Prevent startup failures due to name resolution" [#674](https://github.com/openshift/router/pull/674)
* [Full changelog](https://github.com/openshift/router/compare/b5fcf0cd7f62a4eb76faa167cc9eca7e198fb5c9...db8d384266051ef06b67883aaa83674bc6c9f1ae)
### [hyperkube, kube-proxy, pod](https://github.com/openshift/kubernetes/tree/33a825ebe5da727e8ccce0fb3c9d33fce7c6bdd9)
* [OCPBUGS-61843](https://issues.redhat.com/browse/OCPBUGS-61843): UPSTREAM: 131850: cpumanager: uncorecache alignment for odd integer cpus [#2498](https://github.com/openshift/kubernetes/pull/2498)
* [OCPBUGS-65551](https://issues.redhat.com/browse/OCPBUGS-65551): Bump 1.33.6 [#2518](https://github.com/openshift/kubernetes/pull/2518)
* [OCPBUGS-46422](https://issues.redhat.com/browse/OCPBUGS-46422): Remove patch/update from ServiceCIDR API conformance test [#2466](https://github.com/openshift/kubernetes/pull/2466)
* NO-JIRA: enable CBOR tests [#2502](https://github.com/openshift/kubernetes/pull/2502)
* [OCPBUGS-63601](https://issues.redhat.com/browse/OCPBUGS-63601): UPSTREAM: <carry>: Skip CPU resource status for workload-partitioning [#2504](https://github.com/openshift/kubernetes/pull/2504)
* [OCPBUGS-61555](https://issues.redhat.com/browse/OCPBUGS-61555): Bump 1.33.5 [#2461](https://github.com/openshift/kubernetes/pull/2461)
* [OCPBUGS-61753](https://issues.redhat.com/browse/OCPBUGS-61753): UPSTREAM: <carry>: Add retries for GetCurrentResourceVersion. [#2469](https://github.com/openshift/kubernetes/pull/2469)
* [OCPBUGS-61720](https://issues.redhat.com/browse/OCPBUGS-61720): Do not remove PVC ClaimRef to fix flaky VAC test [#2463](https://github.com/openshift/kubernetes/pull/2463)
* [OCPBUGS-61197](https://issues.redhat.com/browse/OCPBUGS-61197): UPSTREAM: 133425: Fix SELinux label comparison [#2445](https://github.com/openshift/kubernetes/pull/2445)
* [OCPBUGS-61347](https://issues.redhat.com/browse/OCPBUGS-61347): UPSTREAM: <carry>: backporting fix for concurrent map iteration and write [#2450](https://github.com/openshift/kubernetes/pull/2450)
* [OCPBUGS-61333](https://issues.redhat.com/browse/OCPBUGS-61333): Unrevert bump to v1.33.4 [#2449](https://github.com/openshift/kubernetes/pull/2449)
* [Full changelog](https://github.com/openshift/kubernetes/compare/581cfc7ee3313c212378878350aec16236e3f155...33a825ebe5da727e8ccce0fb3c9d33fce7c6bdd9)
### [hypershift](https://github.com/openshift/hypershift/tree/d422e678c60ed6250c870365cd48d50355fa472f)
* [OCPBUGS-72409](https://issues.redhat.com/browse/OCPBUGS-72409): fix(Portieris): Fix Portieris by mounting emptyDir to './.trust' work dir [#7421](https://github.com/openshift/hypershift/pull/7421)
* [OCPBUGS-73365](https://issues.redhat.com/browse/OCPBUGS-73365): fix(cno): use brackets only for IPv6 in server URL [#7461](https://github.com/openshift/hypershift/pull/7461)
* [OCPBUGS-72405](https://issues.redhat.com/browse/OCPBUGS-72405): Fix Konflux EC voilation, update deprecated base … [#7444](https://github.com/openshift/hypershift/pull/7444)
* [OCPBUGS-66409](https://issues.redhat.com/browse/OCPBUGS-66409): test: Fix control plane components rollout failure when NetworkType is not OVNKubernetes [#7337](https://github.com/openshift/hypershift/pull/7337)
* [CNTRLPLANE-2205](https://issues.redhat.com/browse/CNTRLPLANE-2205): fix(hcco): allow for ARN reuse across components [#7383](https://github.com/openshift/hypershift/pull/7383)
* [OCPBUGS-69378](https://issues.redhat.com/browse/OCPBUGS-69378): test: remove network-dependent unit tests for image metadata [#7391](https://github.com/openshift/hypershift/pull/7391)
* [OCPBUGS-66397](https://issues.redhat.com/browse/OCPBUGS-66397): fix(kas): apply LoadBalancerSourceRanges only for LoadBalancer service type [#7336](https://github.com/openshift/hypershift/pull/7336)
* NO-JIRA: Update expected digest for busybox:latest in TestGetDigest [#7350](https://github.com/openshift/hypershift/pull/7350)
* [CNTRLPLANE-1710](https://issues.redhat.com/browse/CNTRLPLANE-1710): feat(globalps): security enhancements on GlobalPullSecret feature [#7234](https://github.com/openshift/hypershift/pull/7234)
* [OCPBUGS-65576](https://issues.redhat.com/browse/OCPBUGS-65576): add hypershift-no-cgo to the latest operator conta… [#7229](https://github.com/openshift/hypershift/pull/7229)
* [CORENET-6484](https://issues.redhat.com/browse/CORENET-6484): Restart ovnkube-control-plane pods when restart-date annotation is set [#7190](https://github.com/openshift/hypershift/pull/7190)
* [OCPBUGS-63509](https://issues.redhat.com/browse/OCPBUGS-63509): fix(ingress): add LoadBalancerSourceRanges support for external router service [#7098](https://github.com/openshift/hypershift/pull/7098)
* [OCPBUGS-64848](https://issues.redhat.com/browse/OCPBUGS-64848): feat: Promote ExternalOIDCWithUIDAndExtraClaimMappings feature to GA for Hypershift [#7204](https://github.com/openshift/hypershift/pull/7204)
* [OCPBUGS-61774](https://issues.redhat.com/browse/OCPBUGS-61774): fix(capi-provider): use single replica deployment for aws and azure [#6834](https://github.com/openshift/hypershift/pull/6834)
* [CNTRLPLANE-1908](https://issues.redhat.com/browse/CNTRLPLANE-1908): control-plane-operator-4-20 Konflux pipelines [#7216](https://github.com/openshift/hypershift/pull/7216)
* [OCPBUGS-63539](https://issues.redhat.com/browse/OCPBUGS-63539): remove NTO Service and ServiceMonitor [#7099](https://github.com/openshift/hypershift/pull/7099)
* [OCPBUGS-63718](https://issues.redhat.com/browse/OCPBUGS-63718): specify SCC annotation for pods in data plane [#7132](https://github.com/openshift/hypershift/pull/7132)
* [OCPBUGS-63128](https://issues.redhat.com/browse/OCPBUGS-63128): resolve initContainer permission issue after node reboot [#7080](https://github.com/openshift/hypershift/pull/7080)
* [OCPBUGS-63604](https://issues.redhat.com/browse/OCPBUGS-63604): fix(konnectivity): resolve circular dependency causing DNS timeouts and excessive retries [#7107](https://github.com/openshift/hypershift/pull/7107)
* [OCPBUGS-63367](https://issues.redhat.com/browse/OCPBUGS-63367): FIPS compliant hypershift binary [#7083](https://github.com/openshift/hypershift/pull/7083)
* [OCPBUGS-62020](https://issues.redhat.com/browse/OCPBUGS-62020): fix(security): harden konnectivity-agent DaemonSet security context [#6870](https://github.com/openshift/hypershift/pull/6870)
* [OCPBUGS-62806](https://issues.redhat.com/browse/OCPBUGS-62806): Fix driver-config ConfigMap content flapping due to random ordering [#6945](https://github.com/openshift/hypershift/pull/6945)
* [OCPBUGS-63387](https://issues.redhat.com/browse/OCPBUGS-63387): fix: routes are not used in case of IBM Cloud [#7079](https://github.com/openshift/hypershift/pull/7079)
* [CNTRLPLANE-1648](https://issues.redhat.com/browse/CNTRLPLANE-1648): Remove main-branch build pipelines from release-4.20 [#7050](https://github.com/openshift/hypershift/pull/7050)
* [OCPSTRAT-2472](https://issues.redhat.com/browse/OCPSTRAT-2472): Add latest tag to MCE 2.10 build pipeline [#6912](https://github.com/openshift/hypershift/pull/6912)
* [OCPBUGS-62182](https://issues.redhat.com/browse/OCPBUGS-62182): fix(kas-bootstrap): increase wait timeouts to avoid KAS startup races [#6887](https://github.com/openshift/hypershift/pull/6887)
* [OCPBUGS-62005](https://issues.redhat.com/browse/OCPBUGS-62005): Enable VolumeAttributesClass runtime config [#6868](https://github.com/openshift/hypershift/pull/6868)
* [OCPBUGS-62006](https://issues.redhat.com/browse/OCPBUGS-62006): fix(ignition-server): Don't delete user-managed cert secrets [#6869](https://github.com/openshift/hypershift/pull/6869)
* [OCPBUGS-61863](https://issues.redhat.com/browse/OCPBUGS-61863): ci: Use the common MCE konflux pipeline [#6847](https://github.com/openshift/hypershift/pull/6847)
* [OCPBUGS-61066](https://issues.redhat.com/browse/OCPBUGS-61066): fix: propagate AWSLoadBalancerTargetNodesAnnotation to HCP [#6772](https://github.com/openshift/hypershift/pull/6772)
* [OCPBUGS-61575](https://issues.redhat.com/browse/OCPBUGS-61575): fix(kas): Set correct container port in postStart handler, 2 [#6854](https://github.com/openshift/hypershift/pull/6854)
* [OCPBUGS-61565](https://issues.redhat.com/browse/OCPBUGS-61565): [release-4.20] fix(proxy): ensure URLs have scheme before proxy resolution [#6791](https://github.com/openshift/hypershift/pull/6791)
* [OCPBUGS-61746](https://issues.redhat.com/browse/OCPBUGS-61746): fix(oauth): oauth-openshift deployment should be HA [#6828](https://github.com/openshift/hypershift/pull/6828)
* [OCPBUGS-56778](https://issues.redhat.com/browse/OCPBUGS-56778): fix(kas): Disable PSA enforcement in 4.20 [#6830](https://github.com/openshift/hypershift/pull/6830)
* [CNTRLPLANE-1397](https://issues.redhat.com/browse/CNTRLPLANE-1397): feat(konflux): tag MCE HO images with latest [#6784](https://github.com/openshift/hypershift/pull/6784)
* [OCPBUGS-61670](https://issues.redhat.com/browse/OCPBUGS-61670): fix(control-plane): remove resource limits from kube-controller-manager [#6804](https://github.com/openshift/hypershift/pull/6804)
* [OCPBUGS-61667](https://issues.redhat.com/browse/OCPBUGS-61667): resolve MIRRORED_RELEASE_IMAGE flapping [#6803](https://github.com/openshift/hypershift/pull/6803)
* [OCPBUGS-61321](https://issues.redhat.com/browse/OCPBUGS-61321): rename CCM deployments to align with 4.19 [#6768](https://github.com/openshift/hypershift/pull/6768)
* [OCPBUGS-61322](https://issues.redhat.com/browse/OCPBUGS-61322): fix: cleanup old PKI operator deployment during upgrades [#6769](https://github.com/openshift/hypershift/pull/6769)
* [Full changelog](https://github.com/openshift/hypershift/compare/ed9c78c1ba5c787ed659cbb6e8ef6487d78dccb9...d422e678c60ed6250c870365cd48d50355fa472f)
### [insights-operator](https://github.com/openshift/insights-operator/tree/d677651537715900907eec88e6f0537c8c94c6e9)
* [OCPBUGS-66062](https://issues.redhat.com/browse/OCPBUGS-66062): Add filtering to add other possible pod status to QEMU gatherer [#1185](https://github.com/openshift/insights-operator/pull/1185)
* [OCPBUGS-64800](https://issues.redhat.com/browse/OCPBUGS-64800): QEMU logs are not gathered if there are pending status virt-launcher pods [#1174](https://github.com/openshift/insights-operator/pull/1174)
* [OCPBUGS-65660](https://issues.redhat.com/browse/OCPBUGS-65660): [bugfix] The archive's records may include files whose names are out of bounds [#1177](https://github.com/openshift/insights-operator/pull/1177)
* [OCPBUGS-62019](https://issues.redhat.com/browse/OCPBUGS-62019): update DataGather condition when gathering job fails [#1155](https://github.com/openshift/insights-operator/pull/1155)
* [OCPBUGS-61784](https://issues.redhat.com/browse/OCPBUGS-61784): Update error message for missing SCA certificates [#1139](https://github.com/openshift/insights-operator/pull/1139)
* [OCPBUGS-61845](https://issues.redhat.com/browse/OCPBUGS-61845): add missing permissions for replicasets and events [#1144](https://github.com/openshift/insights-operator/pull/1144)
* And 2 elided commits (e.g. from squash or rebase merges)
* [Full changelog](https://github.com/openshift/insights-operator/compare/1cb29376203878e530fe76f48cbcbd31002c717a...d677651537715900907eec88e6f0537c8c94c6e9)
### [ironic](https://github.com/openshift/ironic-image/tree/c6c2be3dbdedd8ab7c0b9701307c17df7d2bb591)
* [OCPBUGS-69786](https://issues.redhat.com/browse/OCPBUGS-69786): Bump eventlet version [#756](https://github.com/openshift/ironic-image/pull/756)
* [METAL-1695](https://issues.redhat.com/browse/METAL-1695): OKD: install Ironic from the OpenShift fork [#740](https://github.com/openshift/ironic-image/pull/740)
* [OKD-304](https://issues.redhat.com/browse/OKD-304): Fix python dependencies for OKD [#731](https://github.com/openshift/ironic-image/pull/731)
* [OCPBUGS-64850](https://issues.redhat.com/browse/OCPBUGS-64850): Handle HTTP 400 and 409 race condition in Redfish power operations [#720](https://github.com/openshift/ironic-image/pull/720)
* [OCPBUGS-64820](https://issues.redhat.com/browse/OCPBUGS-64820): Fix IPA external inspection callback url override [#713](https://github.com/openshift/ironic-image/pull/713)
* [OCPBUGS-52427](https://issues.redhat.com/browse/OCPBUGS-52427): Bump ironic and sushy to fix idrac10 [#698](https://github.com/openshift/ironic-image/pull/698)
* [OKD-290](https://issues.redhat.com/browse/OKD-290): (OKD4.20) Fix ironic-image errors and metal3 pod crashes on CentOS9 [#696](https://github.com/openshift/ironic-image/pull/696)
* [OCPBUGS-61461](https://issues.redhat.com/browse/OCPBUGS-61461): revert the switch to local RPC [#690](https://github.com/openshift/ironic-image/pull/690)
* [OCPBUGS-61257](https://issues.redhat.com/browse/OCPBUGS-61257): set [json_rpc]port unconditionally [#686](https://github.com/openshift/ironic-image/pull/686)
* [Full changelog](https://github.com/openshift/ironic-image/compare/324282211ff7df42b93360c435767a9793d542b6...c6c2be3dbdedd8ab7c0b9701307c17df7d2bb591)
### [ironic-agent](https://github.com/openshift/ironic-agent-image/tree/6ae9e9e35571eedf00c240e10f62b56bbac1af07)
* [OCPBUGS-69777](https://issues.redhat.com/browse/OCPBUGS-69777): Bump eventlet version [#228](https://github.com/openshift/ironic-agent-image/pull/228)
* [OCPBUGS-66934](https://issues.redhat.com/browse/OCPBUGS-66934): Filter out more USB network devices [#221](https://github.com/openshift/ironic-agent-image/pull/221)
* [OCPBUGS-66084](https://issues.redhat.com/browse/OCPBUGS-66084), [OKD-295](https://issues.redhat.com/browse/OKD-295): Fix broken OKD ironic-agent-image [#216](https://github.com/openshift/ironic-agent-image/pull/216)
* [OCPBUGS-65519](https://issues.redhat.com/browse/OCPBUGS-65519): Include Test advertised ip reachability before assigning it [#212](https://github.com/openshift/ironic-agent-image/pull/212)
* [Full changelog](https://github.com/openshift/ironic-agent-image/compare/ac614863114652e8dd54bc31bde198124c092116...6ae9e9e35571eedf00c240e10f62b56bbac1af07)
### [kube-state-metrics](https://github.com/openshift/kube-state-metrics/tree/086a7f21313d6fbc5ea330d46671ce8934b26c56)
* [OCPBUGS-72589](https://issues.redhat.com/browse/OCPBUGS-72589): fix: only close existing channels [#128](https://github.com/openshift/kube-state-metrics/pull/128)
* [Full changelog](https://github.com/openshift/kube-state-metrics/compare/ba4fefa9c12c41d5c71a1abb340cf428a89b4876...086a7f21313d6fbc5ea330d46671ce8934b26c56)
### [machine-api-operator](https://github.com/openshift/machine-api-operator/tree/4a9b90e306a04ddfacfa408609c98b48a1cdea17)
* [OCPBUGS-61853](https://issues.redhat.com/browse/OCPBUGS-61853): Fixed multi nic e2e to wait for node removal after machineset tests [#1418](https://github.com/openshift/machine-api-operator/pull/1418)
* [OCPBUGS-61853](https://issues.redhat.com/browse/OCPBUGS-61853): Adjusted machine e2e tests to wait for nodes to clean up [#1416](https://github.com/openshift/machine-api-operator/pull/1416)
* [OCPBUGS-61314](https://issues.redhat.com/browse/OCPBUGS-61314): bump openshift/api [#1410](https://github.com/openshift/machine-api-operator/pull/1410)
* [Full changelog](https://github.com/openshift/machine-api-operator/compare/b9e5793c9dc0fa3eaaddc1ae96c0e60aca5dd3c6...4a9b90e306a04ddfacfa408609c98b48a1cdea17)
### [machine-config-operator](https://github.com/openshift/machine-config-operator/tree/4593e456f3b51f4c6c458c00752e38f2687baedc)
* [OCPBUGS-73776](https://issues.redhat.com/browse/OCPBUGS-73776): Fix timeout during configMap cleanup [#5557](https://github.com/openshift/machine-config-operator/pull/5557)
* [OCPBUGS-74081](https://issues.redhat.com/browse/OCPBUGS-74081): Enable existing units without content [#5565](https://github.com/openshift/machine-config-operator/pull/5565)
* [OCPBUGS-66260](https://issues.redhat.com/browse/OCPBUGS-66260): Set -fin timeouts in HAProxy config [#5459](https://github.com/openshift/machine-config-operator/pull/5459)
* [OCPBUGS-70201](https://issues.redhat.com/browse/OCPBUGS-70201): ctrcfg: set increase ulimits when upgrading from 4.20 to 4.21 [#5516](https://github.com/openshift/machine-config-operator/pull/5516)
* [OCPBUGS-69706](https://issues.redhat.com/browse/OCPBUGS-69706): Fix keepalived SIGTERM handling [#5507](https://github.com/openshift/machine-config-operator/pull/5507)
* [OCPBUGS-70322](https://issues.redhat.com/browse/OCPBUGS-70322): Skip boot image updates if arch annotation is not found [#5525](https://github.com/openshift/machine-config-operator/pull/5525)
* [OCPBUGS-70349](https://issues.redhat.com/browse/OCPBUGS-70349): Remove the dead code of setting the operator status for cgroupv1 based clusters [#5446](https://github.com/openshift/machine-config-operator/pull/5446)
* [OCPBUGS-69666](https://issues.redhat.com/browse/OCPBUGS-69666): Remove log exposing kubeconfig [#5505](https://github.com/openshift/machine-config-operator/pull/5505)
* [OCPBUGS-69444](https://issues.redhat.com/browse/OCPBUGS-69444): MCP is not correctly degraded when a pivotError happens [#5503](https://github.com/openshift/machine-config-operator/pull/5503)
* [OCPBUGS-65545](https://issues.redhat.com/browse/OCPBUGS-65545), [OCPBUGS-67007](https://issues.redhat.com/browse/OCPBUGS-67007): cherry pick to few fixes that needed for missing services and configuration [#5480](https://github.com/openshift/machine-config-operator/pull/5480)
* [OCPBUGS-67137](https://issues.redhat.com/browse/OCPBUGS-67137): Fix cleanup in `TestInstallRPMAndCheckMCDMetrics` to decrease risk of test failures due to interference [#5478](https://github.com/openshift/machine-config-operator/pull/5478)
* [OKD-294](https://issues.redhat.com/browse/OKD-294): Migrate runtime from runc to crun on an upgrade for OKD [#5467](https://github.com/openshift/machine-config-operator/pull/5467)
* [OCPBUGS-65898](https://issues.redhat.com/browse/OCPBUGS-65898): fixes systemd unit creation for empty units [#5437](https://github.com/openshift/machine-config-operator/pull/5437)
* [OCPBUGS-64822](https://issues.redhat.com/browse/OCPBUGS-64822): block upgrades for conflict non-default ClusterImagePolicy resources [#5414](https://github.com/openshift/machine-config-operator/pull/5414)
* [OCPBUGS-65777](https://issues.redhat.com/browse/OCPBUGS-65777): Enforce OCP 4.20 and earlier cluster to have AutoSizingReserved disabled by default [#5387](https://github.com/openshift/machine-config-operator/pull/5387)
* [OCPBUGS-65781](https://issues.redhat.com/browse/OCPBUGS-65781): Remove --mount directives [#5425](https://github.com/openshift/machine-config-operator/pull/5425)
* [OCPBUGS-65556](https://issues.redhat.com/browse/OCPBUGS-65556): [release-4.20] Backport: Add delays to reduce TestOSBuildController failures [#5396](https://github.com/openshift/machine-config-operator/pull/5396)
* [OCPBUGS-64822](https://issues.redhat.com/browse/OCPBUGS-64822): remove check for conflicting ClusterImagePolicy in syncUpgradeableStatus [#5413](https://github.com/openshift/machine-config-operator/pull/5413)
* [OCPBUGS-65509](https://issues.redhat.com/browse/OCPBUGS-65509): e2e gcp ocl PR backport [#5407](https://github.com/openshift/machine-config-operator/pull/5407)
* [OCPBUGS-64822](https://issues.redhat.com/browse/OCPBUGS-64822): Implement upgrade blocking for conflicting ClusterImagePolicy named "openshift" [#5397](https://github.com/openshift/machine-config-operator/pull/5397)
* [OCPBUGS-59766](https://issues.redhat.com/browse/OCPBUGS-59766): Update timing of MCN desired config spec update to align with node annotation setting [#5367](https://github.com/openshift/machine-config-operator/pull/5367)
* [OCPBUGS-64656](https://issues.redhat.com/browse/OCPBUGS-64656): Update the OCP base image in Dockerfile to 4.20 reference [#5392](https://github.com/openshift/machine-config-operator/pull/5392)
* [OCPBUGS-63534](https://issues.redhat.com/browse/OCPBUGS-63534): Create temporal allow policy [#5373](https://github.com/openshift/machine-config-operator/pull/5373)
* [OCPBUGS-62167](https://issues.redhat.com/browse/OCPBUGS-62167): Fix - NetworkManager restart or crash renders br-ex unusable [#5353](https://github.com/openshift/machine-config-operator/pull/5353)
* [OCPBUGS-63127](https://issues.redhat.com/browse/OCPBUGS-63127): Ensure the node passed to RunCordonOrUncordon comes from the latest updated state [#5349](https://github.com/openshift/machine-config-operator/pull/5349)
* [OCPBUGS-63337](https://issues.redhat.com/browse/OCPBUGS-63337): RHEL10 RT kernel packages filtering [#5365](https://github.com/openshift/machine-config-operator/pull/5365)
* [OCPBUGS-62801](https://issues.redhat.com/browse/OCPBUGS-62801): Only fire OSImageURLOverridden and set metrics on changes [#5339](https://github.com/openshift/machine-config-operator/pull/5339)
* [OCPBUGS-62273](https://issues.redhat.com/browse/OCPBUGS-62273): Networking: reset ovn-remote config and allow ovnkube controller to s… [#5317](https://github.com/openshift/machine-config-operator/pull/5317)
* [OCPBUGS-62803](https://issues.redhat.com/browse/OCPBUGS-62803): Skip rpm-ostree local rebase if no PIS [#5340](https://github.com/openshift/machine-config-operator/pull/5340)
* [OCPBUGS-62095](https://issues.redhat.com/browse/OCPBUGS-62095): CRI-O: set hard/soft file descriptor ulimits to `1048576` [#5308](https://github.com/openshift/machine-config-operator/pull/5308)
* [OCPBUGS-62174](https://issues.redhat.com/browse/OCPBUGS-62174): Fix MCP updated machine count for image mode disabling case [#5307](https://github.com/openshift/machine-config-operator/pull/5307)
* [OCPBUGS-62675](https://issues.redhat.com/browse/OCPBUGS-62675): Cert Controller should live fetch SAN IPs during cert rotation [#5326](https://github.com/openshift/machine-config-operator/pull/5326)
* [OCPBUGS-62602](https://issues.redhat.com/browse/OCPBUGS-62602): configure-ovs: work around a Cisco switch issue [#5321](https://github.com/openshift/machine-config-operator/pull/5321)
* [OCPBUGS-62080](https://issues.redhat.com/browse/OCPBUGS-62080): Add mcd_local_unsupported_packages recording rule [#5297](https://github.com/openshift/machine-config-operator/pull/5297)
* [OCPBUGS-61882](https://issues.redhat.com/browse/OCPBUGS-61882): Add nil/null checks to image registry secret decode [#5292](https://github.com/openshift/machine-config-operator/pull/5292)
* [OCPBUGS-62073](https://issues.redhat.com/browse/OCPBUGS-62073): Improve MCN CRD clean-up script [#5296](https://github.com/openshift/machine-config-operator/pull/5296)
* [OCPBUGS-61516](https://issues.redhat.com/browse/OCPBUGS-61516): Machine-config controller should actively manage cordon while draining [#5281](https://github.com/openshift/machine-config-operator/pull/5281)
* [OCPBUGS-61824](https://issues.redhat.com/browse/OCPBUGS-61824): Override NMState service definition [#5286](https://github.com/openshift/machine-config-operator/pull/5286)
* [OCPBUGS-61232](https://issues.redhat.com/browse/OCPBUGS-61232): Recheck `generatedByControllerVersion` annotation prior to deleting a degraded MC [#5273](https://github.com/openshift/machine-config-operator/pull/5273)
* [Full changelog](https://github.com/openshift/machine-config-operator/compare/718463b7e8fadcd6c51eda1912238183b259b8a8...4593e456f3b51f4c6c458c00752e38f2687baedc)
### [machine-os-images](https://github.com/openshift/machine-os-images/tree/551bb5d75e782e47b83292d883e41bc57df730a4)
* [OCPBUGS-71203](https://issues.redhat.com/browse/OCPBUGS-71203): Backport multi arch fixes [#77](https://github.com/openshift/machine-os-images/pull/77)
* [Full changelog](https://github.com/openshift/machine-os-images/compare/65860307eaa98c87826e9069f597d602e24d7dab...551bb5d75e782e47b83292d883e41bc57df730a4)
### [metallb-frr](https://github.com/openshift/frr/tree/3ca45c517eafe07aac0866e5cbd32a5c08081f22)
* [OCPBUGS-65516](https://issues.redhat.com/browse/OCPBUGS-65516): [release-4.20] Dockerfile: unpin FRR rpm [#111](https://github.com/openshift/frr/pull/111)
* [Full changelog](https://github.com/openshift/frr/compare/c82bfaad01b196e12f00622a9a609d87e0a56701...3ca45c517eafe07aac0866e5cbd32a5c08081f22)
### [monitoring-plugin](https://github.com/openshift/monitoring-plugin/tree/5a0742a9e3fd7a30de2ca4245681dc15dbdeb1c5)
* [OCPBUGS-73842](https://issues.redhat.com/browse/OCPBUGS-73842): fix: update qs vulnerable dependency [#733](https://github.com/openshift/monitoring-plugin/pull/733)
* NO-JIRA: [release-4.20] fix: remove unnecessary package.lock [#732](https://github.com/openshift/monitoring-plugin/pull/732)
* [OU-1146](https://issues.redhat.com/browse/OU-1146): remove random multiplication [#704](https://github.com/openshift/monitoring-plugin/pull/704)
* [OU-1135](https://issues.redhat.com/browse/OU-1135): [release-4.20] monitoring testing backport [#700](https://github.com/openshift/monitoring-plugin/pull/700)
* [OCPBUGS-69725](https://issues.redhat.com/browse/OCPBUGS-69725): [release-4.20] fix: upgrade node-forge vulnerable dependency [#701](https://github.com/openshift/monitoring-plugin/pull/701)
* [OU-1130](https://issues.redhat.com/browse/OU-1130): Merge main to release 4.20 [#683](https://github.com/openshift/monitoring-plugin/pull/683)
* [OCPBUGS-66389](https://issues.redhat.com/browse/OCPBUGS-66389): Time range and Refresh interval dropdown button lack of unique identifier [#668](https://github.com/openshift/monitoring-plugin/pull/668)
* [OCPBUGS-66240](https://issues.redhat.com/browse/OCPBUGS-66240): configure max TLS version only when specified [#664](https://github.com/openshift/monitoring-plugin/pull/664)
* [OCPBUGS-65947](https://issues.redhat.com/browse/OCPBUGS-65947): add missing conversion units [#654](https://github.com/openshift/monitoring-plugin/pull/654)
* [OCPBUGS-63440](https://issues.redhat.com/browse/OCPBUGS-63440): fetch metric labels with tenancy [#617](https://github.com/openshift/monitoring-plugin/pull/617)
* [OCPBUGS-63162](https://issues.redhat.com/browse/OCPBUGS-63162): [release-4.20] Improve alignment with console SDK [#604](https://github.com/openshift/monitoring-plugin/pull/604)
* [OCPBUGS-62978](https://issues.redhat.com/browse/OCPBUGS-62978): allow additional TLS config [#592](https://github.com/openshift/monitoring-plugin/pull/592)
* [Full changelog](https://github.com/openshift/monitoring-plugin/compare/bfdd3e2ff10469918fc5cafafb6621e24064d533...5a0742a9e3fd7a30de2ca4245681dc15dbdeb1c5)
### [multus-cni, multus-cni-microshift](https://github.com/openshift/multus-cni/tree/e3ce3bc447fde757b216499c5ffacab50b0e7f88)
* [OCPBUGS-73888](https://issues.redhat.com/browse/OCPBUGS-73888): update ci-operator.yaml [#274](https://github.com/openshift/multus-cni/pull/274)
* [Full changelog](https://github.com/openshift/multus-cni/compare/93556f99405e29900c5445f7bbf7c70b8935e339...e3ce3bc447fde757b216499c5ffacab50b0e7f88)
### [networking-console-plugin](https://github.com/openshift/networking-console-plugin/tree/0715daa19dd95a54cfb9ab223a8f1b6880a46b67)
* [CNV-76277](https://issues.redhat.com/browse/CNV-76277): Fix name generator with unprofessional names [#317](https://github.com/openshift/networking-console-plugin/pull/317)
* [CNV-72230](https://issues.redhat.com/browse/CNV-72230): fix networking links [#308](https://github.com/openshift/networking-console-plugin/pull/308)
* [OCPBUGS-66335](https://issues.redhat.com/browse/OCPBUGS-66335): fix flickerying in synced editor [#304](https://github.com/openshift/networking-console-plugin/pull/304)
* [CNV-72771](https://issues.redhat.com/browse/CNV-72771): fix null error [#300](https://github.com/openshift/networking-console-plugin/pull/300)
* [CNV-71965](https://issues.redhat.com/browse/CNV-71965): replacing the broken link to VirtualMachine network docs [#298](https://github.com/openshift/networking-console-plugin/pull/298)
* Hide VirtualMachine networks page in 4.20 release [#290](https://github.com/openshift/networking-console-plugin/pull/290)
* [Full changelog](https://github.com/openshift/networking-console-plugin/compare/5794348d33c6c5c738e0c32ab8faac885f3e6937...0715daa19dd95a54cfb9ab223a8f1b6880a46b67)
### [oauth-apiserver](https://github.com/openshift/oauth-apiserver/tree/e5ad4f6fdc093595f6d939eb43868ae36ae3fdaa)
* [OCPBUGS-63052](https://issues.redhat.com/browse/OCPBUGS-63052): (bugfix): useroauthaccesstokens: cast delete validation object to correct type for admission [#151](https://github.com/openshift/oauth-apiserver/pull/151)
* [OCPBUGS-61753](https://issues.redhat.com/browse/OCPBUGS-61753): Bump openshift/kubernetes-apiserver. [#147](https://github.com/openshift/oauth-apiserver/pull/147)
* [Full changelog](https://github.com/openshift/oauth-apiserver/compare/4e60f3f95d0c3215629233b6a88001730bbde86d...e5ad4f6fdc093595f6d939eb43868ae36ae3fdaa)
### [oc-mirror](https://github.com/openshift/oc-mirror/tree/f4775a263f2ddbc9f94c9349231883614dce0193)
* [OCPBUGS-64647](https://issues.redhat.com/browse/OCPBUGS-64647): fix: return only requested version [#1306](https://github.com/openshift/oc-mirror/pull/1306)
* [OCPBUGS-65787](https://issues.redhat.com/browse/OCPBUGS-65787): Remove empty status field from generated IDMS/ITMS files [#1313](https://github.com/openshift/oc-mirror/pull/1313)
* [OCPBUGS-63030](https://issues.redhat.com/browse/OCPBUGS-63030): removes unintended exec permissions [#1291](https://github.com/openshift/oc-mirror/pull/1291)
* [OCPBUGS-62463](https://issues.redhat.com/browse/OCPBUGS-62463): generate the archive only after mirroring [#1279](https://github.com/openshift/oc-mirror/pull/1279)
* [OCPBUGS-62283](https://issues.redhat.com/browse/OCPBUGS-62283): v2/cli: show binary version in output [#1276](https://github.com/openshift/oc-mirror/pull/1276)
* And 4 elided commits (e.g. from squash or rebase merges)
* [Full changelog](https://github.com/openshift/oc-mirror/compare/5adbf2c8f5fd567572fbc7c151d05781ee3ad5d7...f4775a263f2ddbc9f94c9349231883614dce0193)
### [olm-catalogd, olm-operator-controller](https://github.com/openshift/operator-framework-operator-controller/tree/3e2401f23ef666e8f33789a397d81a7d352b0a33)
* [OCPBUGS-61890](https://issues.redhat.com/browse/OCPBUGS-61890): 🐛 CRD upgrade safety fixes and ratcheting (#2123) [#527](https://github.com/openshift/operator-framework-operator-controller/pull/527)
* NO-ISSUE: add jiazha to approvers [#513](https://github.com/openshift/operator-framework-operator-controller/pull/513)
* [OCPBUGS-62811](https://issues.redhat.com/browse/OCPBUGS-62811): for incompatible test add func to wait builder and deployer SA creation by OCP controller [#503](https://github.com/openshift/operator-framework-operator-controller/pull/503)
* [OCPBUGS-62722](https://issues.redhat.com/browse/OCPBUGS-62722): (cherry-pick) Fix truncate large error messages and unhandle changes for crd upgrade safety in status conditions [#496](https://github.com/openshift/operator-framework-operator-controller/pull/496)
* [OCPBUGS-61705](https://issues.redhat.com/browse/OCPBUGS-61705): Revert "Handle service-ca cert availability/rotation" [#474](https://github.com/openshift/operator-framework-operator-controller/pull/474)
* [OCPBUGS-61563](https://issues.redhat.com/browse/OCPBUGS-61563): [OTE] Update webhook ote tests to use latest webhook-operator [#469](https://github.com/openshift/operator-framework-operator-controller/pull/469)
* [Full changelog](https://github.com/openshift/operator-framework-operator-controller/compare/cde7bf02d9e5d758311295bfc29a0466ad30c386...3e2401f23ef666e8f33789a397d81a7d352b0a33)
### [openshift-apiserver](https://github.com/openshift/openshift-apiserver/tree/34cb4762e1716c1a31a344118b8a3ad00c28d831)
* [OCPBUGS-65848](https://issues.redhat.com/browse/OCPBUGS-65848): Add ValidatingAdmissionPolicy and check for omissions next time. [#577](https://github.com/openshift/openshift-apiserver/pull/577)
* [OCPBUGS-61982](https://issues.redhat.com/browse/OCPBUGS-61982): pkg/image: conditionally parse raw image manifest [#559](https://github.com/openshift/openshift-apiserver/pull/559)
* [OCPBUGS-65814](https://issues.redhat.com/browse/OCPBUGS-65814): update pkg/image/OWNERS [#575](https://github.com/openshift/openshift-apiserver/pull/575)
* [OCPBUGS-61753](https://issues.redhat.com/browse/OCPBUGS-61753): Bump openshift/kubernetes-apiserver. [#557](https://github.com/openshift/openshift-apiserver/pull/557)
* [OCPBUGS-61494](https://issues.redhat.com/browse/OCPBUGS-61494): ensure cache invalidation after a time [#553](https://github.com/openshift/openshift-apiserver/pull/553)
* [Full changelog](https://github.com/openshift/openshift-apiserver/compare/e2f3ab791628bff23e6b074a449b4bb071cad6cd...34cb4762e1716c1a31a344118b8a3ad00c28d831)
### [openshift-controller-manager](https://github.com/openshift/openshift-controller-manager/tree/d9e543dd31e981f279c447e4f92f0dac3f665f9e)
* [OCPBUGS-61900](https://issues.redhat.com/browse/OCPBUGS-61900): Fix Dockerfile.rhel: Add OTE binary build and packaging for release-4.20 [#420](https://github.com/openshift/openshift-controller-manager/pull/420)
* [OCPBUGS-61790](https://issues.redhat.com/browse/OCPBUGS-61790): CNTRLPLANE-1308: set up openshift-tests-extension for openshift-controller-manager and add a sanity test [#418](https://github.com/openshift/openshift-controller-manager/pull/418)
* [Full changelog](https://github.com/openshift/openshift-controller-manager/compare/438d52e79d691e016d66eabfe9a53c84229db40c...d9e543dd31e981f279c447e4f92f0dac3f665f9e)
### [openstack-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-openstack/tree/d1c8e7edf11e78db401bc1672e0f17d551fe09db)
* [OCPBUGS-64814](https://issues.redhat.com/browse/OCPBUGS-64814): Merge https://github.com/kubernetes-sigs/cluster-api-provider-openstack:release-0.12 into release-4.20 [#381](https://github.com/openshift/cluster-api-provider-openstack/pull/381)
* [OCPBUGS-64814](https://issues.redhat.com/browse/OCPBUGS-64814): Fix verify step [#389](https://github.com/openshift/cluster-api-provider-openstack/pull/389)
* [Full changelog](https://github.com/openshift/cluster-api-provider-openstack/compare/e1c0f2f9e2e70843d5c42dfe3bddf70530a97b0f...d1c8e7edf11e78db401bc1672e0f17d551fe09db)
### [operator-framework-tools, operator-lifecycle-manager, operator-registry](https://github.com/openshift/operator-framework-olm/tree/0d95a7ef5d73153f5593e67bc41c0c7a53567ee6)
* [OCPBUGS-62014](https://issues.redhat.com/browse/OCPBUGS-62014): rorfs for cacheless lacks write access to /tmp/ to generate cache [#1170](https://github.com/openshift/operator-framework-olm/pull/1170)
* [OCPBUGS-64724](https://issues.redhat.com/browse/OCPBUGS-64724): Fix TOCTOU race condition in ensureInstallPlan (#3682) [#1139](https://github.com/openshift/operator-framework-olm/pull/1139)
* [OCPBUGS-61362](https://issues.redhat.com/browse/OCPBUGS-61362): [4.20] e2e stability fixes [#1077](https://github.com/openshift/operator-framework-olm/pull/1077)
* [Full changelog](https://github.com/openshift/operator-framework-olm/compare/6dddceb5ad2112b5dfc254dad60ec7dfeae2f8d5...0d95a7ef5d73153f5593e67bc41c0c7a53567ee6)
### [operator-marketplace](https://github.com/operator-framework/operator-marketplace/tree/837defb90f7fa1c811806b10dcac5e0952f2d766)
* [OCPBUGS-73876](https://issues.redhat.com/browse/OCPBUGS-73876): Update default catalog polling interval to 4h (240m) [#708](https://github.com/operator-framework/operator-marketplace/pull/708)
* [OCPBUGS-65680](https://issues.redhat.com/browse/OCPBUGS-65680): enforce client side auth requirement for metrics endpoint [#688](https://github.com/operator-framework/operator-marketplace/pull/688)
* [OCPBUGS-62216](https://issues.redhat.com/browse/OCPBUGS-62216): Remove Expect func so that the test case can use the retry logic [#667](https://github.com/operator-framework/operator-marketplace/pull/667)
* [OCPBUGS-61200](https://issues.redhat.com/browse/OCPBUGS-61200): Add NetworkPolicy for hypershift [#660](https://github.com/operator-framework/operator-marketplace/pull/660)
* [Full changelog](https://github.com/operator-framework/operator-marketplace/compare/ee5566253a7e871299c1c110f218e284256d5ca2...837defb90f7fa1c811806b10dcac5e0952f2d766)
### [ovn-kubernetes, ovn-kubernetes-microshift](https://github.com/openshift/ovn-kubernetes/tree/1faf1ac5bb2e604f745d93a5fe70bec93024ad7f)
* [OCPBUGS-66049](https://issues.redhat.com/browse/OCPBUGS-66049): Fix conntrack reconciliation to use service port instead of endpoint port [#2874](https://github.com/openshift/ovn-kubernetes/pull/2874)
* [OCPBUGS-64836](https://issues.redhat.com/browse/OCPBUGS-64836): back-port IP & MAC conflict detection [#2827](https://github.com/openshift/ovn-kubernetes/pull/2827)
* [OCPBUGS-65514](https://issues.redhat.com/browse/OCPBUGS-65514): [4.20] status manager: remove managedFields for deleted zone upon zone deletion [#2855](https://github.com/openshift/ovn-kubernetes/pull/2855)
* [OCPBUGS-65951](https://issues.redhat.com/browse/OCPBUGS-65951): [release-4.20]: Fix linter issues, add missing cheryy-pick bits of #2844 [#2866](https://github.com/openshift/ovn-kubernetes/pull/2866)
* [OCPBUGS-65618](https://issues.redhat.com/browse/OCPBUGS-65618): [release-4.20] OCP4: 4.18.22 EgressIP Failover does not succeed - extended downtime and no reassignment between egress-capable peers [#2865](https://github.com/openshift/ovn-kubernetes/pull/2865)
* [OCPBUGS-65605](https://issues.redhat.com/browse/OCPBUGS-65605): add lint target to run golanci natively [#2856](https://github.com/openshift/ovn-kubernetes/pull/2856)
* [OCPBUGS-64697](https://issues.redhat.com/browse/OCPBUGS-64697): [release-4.20] Referencing pod named ports within a service results in bad DNAT rules containing tcp/0 target port [#2844](https://github.com/openshift/ovn-kubernetes/pull/2844)
* [OCPBUGS-63686](https://issues.redhat.com/browse/OCPBUGS-63686): Fix stale EIP assignments during failover and controller restart [#2835](https://github.com/openshift/ovn-kubernetes/pull/2835)
* [OCPBUGS-64590](https://issues.redhat.com/browse/OCPBUGS-64590): NetPol & MultiNetPol: Process update only when spec fields and/or related annotation are updated [#2841](https://github.com/openshift/ovn-kubernetes/pull/2841)
* [OCPBUGS-63696](https://issues.redhat.com/browse/OCPBUGS-63696): Fixes OF flows to be VLAN aware as well as add DPU checks for certain features [#2837](https://github.com/openshift/ovn-kubernetes/pull/2837)
* [OCPBUGS-63007](https://issues.redhat.com/browse/OCPBUGS-63007): kubevirt: fix bad release of IPs of live migratable pods [#2801](https://github.com/openshift/ovn-kubernetes/pull/2801)
* [OCPBUGS-63577](https://issues.redhat.com/browse/OCPBUGS-63577): [release-4.20] CORENET-6055: Dockerfile: Unpin OVN and consume the latest from FDP. [#2808](https://github.com/openshift/ovn-kubernetes/pull/2808)
* [OCPBUGS-63631](https://issues.redhat.com/browse/OCPBUGS-63631): Skip Pending pods in EgressIP status updates [#2831](https://github.com/openshift/ovn-kubernetes/pull/2831)
* [OCPBUGS-62913](https://issues.redhat.com/browse/OCPBUGS-62913): Configure sec nic EIPv6 address with NODAD and maximum lifetime [#2797](https://github.com/openshift/ovn-kubernetes/pull/2797)
* [OCPBUGS-62273](https://issues.redhat.com/browse/OCPBUGS-62273): Fix EgressIP stale GARP post reboot + pod restart [#2767](https://github.com/openshift/ovn-kubernetes/pull/2767)
* [OCPBUGS-61453](https://issues.redhat.com/browse/OCPBUGS-61453): [4.20] allow default network -> localnet on the same node for any localnet subnet [#2751](https://github.com/openshift/ovn-kubernetes/pull/2751)
* [OCPBUGS-62336](https://issues.redhat.com/browse/OCPBUGS-62336): Fix EgressIP controller deadlock by sorting node locks lexicographically [#2770](https://github.com/openshift/ovn-kubernetes/pull/2770)
* [OCPBUGS-61239](https://issues.redhat.com/browse/OCPBUGS-61239): Skip node-encap-ips annotation in DPU host mode [#2763](https://github.com/openshift/ovn-kubernetes/pull/2763)
* [OCPBUGS-61778](https://issues.redhat.com/browse/OCPBUGS-61778): Adding ovndb-raft-functions.sh to ovnk image [#2760](https://github.com/openshift/ovn-kubernetes/pull/2760)
* [Full changelog](https://github.com/openshift/ovn-kubernetes/compare/1938041fd8f8c1fb5d376fa59faec1fef7614a92...1faf1ac5bb2e604f745d93a5fe70bec93024ad7f)
### [prometheus](https://github.com/openshift/prometheus/tree/af9b206808f8eaeb4acec7fe74ba6b145bbdc921)
* [OCPBUGS-62275](https://issues.redhat.com/browse/OCPBUGS-62275): chore(scrape): default to legacy validation/escaping scheme until utf-8 is fully supported by prometheus-operator [#273](https://github.com/openshift/prometheus/pull/273)
* [OCPBUGS-61207](https://issues.redhat.com/browse/OCPBUGS-61207): chore: compute highestTimestamp at queryManager level [#264](https://github.com/openshift/prometheus/pull/264)
* [Full changelog](https://github.com/openshift/prometheus/compare/d2244fac6491e4c08589af4e143540ad63a72bb0...af9b206808f8eaeb4acec7fe74ba6b145bbdc921)
### [prometheus-node-exporter](https://github.com/openshift/node_exporter/tree/fa749d65d8eca1cc937554baab91385a78ec8ce1)
* [OCPBUGS-63624](https://issues.redhat.com/browse/OCPBUGS-63624): bump github.com/prometheus/procfs to v0.16.1 [#173](https://github.com/openshift/node_exporter/pull/173)
* [Full changelog](https://github.com/openshift/node_exporter/compare/b548e3ede67da3cdb6eba354f396e985a8b0f2d1...fa749d65d8eca1cc937554baab91385a78ec8ce1)
### [service-ca-operator](https://github.com/openshift/service-ca-operator/tree/37e0c31790b6a954214817974a56c9a699d0cf78)
* [OCPBUGS-61966](https://issues.redhat.com/browse/OCPBUGS-61966): don't hotloop on secret creation errors [#275](https://github.com/openshift/service-ca-operator/pull/275)
* [Full changelog](https://github.com/openshift/service-ca-operator/compare/7c43fea353e9d13663e51e44788bf3c2ec737c1a...37e0c31790b6a954214817974a56c9a699d0cf78)
### [tests](https://github.com/openshift/origin/tree/e2a089fdea4ee23487994478c08ae0901ae5f1ee)
* [OCPBUGS-72395](https://issues.redhat.com/browse/OCPBUGS-72395): Unrevert TLS tests with fixes [#30668](https://github.com/openshift/origin/pull/30668)
* [OCPBUGS-72412](https://issues.redhat.com/browse/OCPBUGS-72412), [OCPBUGS-72413](https://issues.redhat.com/browse/OCPBUGS-72413): only run Netpol two at a time [#30666](https://github.com/openshift/origin/pull/30666)
* [OCPBUGS-69686](https://issues.redhat.com/browse/OCPBUGS-69686): BeforeEach was indirectly called in DetermineReleasePayloadImage [#30620](https://github.com/openshift/origin/pull/30620)
* [OCPBUGS-66072](https://issues.redhat.com/browse/OCPBUGS-66072): [release-4.20] net(virt) remove virtctl if not correctly retrieved [#30538](https://github.com/openshift/origin/pull/30538)
* [OCPBUGS-64836](https://issues.redhat.com/browse/OCPBUGS-64836): back-port IP & MAC conflict detection e2e tests [#30414](https://github.com/openshift/origin/pull/30414)
* [OCPBUGS-66963](https://issues.redhat.com/browse/OCPBUGS-66963): Fix MachineConfigNode test in two-node fencing clusters [#30540](https://github.com/openshift/origin/pull/30540)
* [OCPBUGS-66365](https://issues.redhat.com/browse/OCPBUGS-66365): update watch request limits for marketplace-operator [#30569](https://github.com/openshift/origin/pull/30569)
* [OCPBUGS-66979](https://issues.redhat.com/browse/OCPBUGS-66979): Revert "OCPNODE-3912: Add a test for NodeSizing default change to OCP 4.20" [#30582](https://github.com/openshift/origin/pull/30582)
* [OCPNODE-3912](https://issues.redhat.com/browse/OCPNODE-3912): Add a test for NodeSizing default change to OCP 4.20 [#30467](https://github.com/openshift/origin/pull/30467)
* [OCPBUGS-64777](https://issues.redhat.com/browse/OCPBUGS-64777): [release-4.20] Add e2e tests for storage network policy [#30468](https://github.com/openshift/origin/pull/30468)
* [OCPBUGS-46422](https://issues.redhat.com/browse/OCPBUGS-46422): Add test that the ServiceCIDR API is blocked [4.20] [#30434](https://github.com/openshift/origin/pull/30434)
* [OCPBUGS-63656](https://issues.redhat.com/browse/OCPBUGS-63656): Redact bearertoken in TestContext [#30435](https://github.com/openshift/origin/pull/30435)
* [OCPBUGS-64598](https://issues.redhat.com/browse/OCPBUGS-64598): Updated the upgrade duration limit to 100 minutes for ppc64le [#30451](https://github.com/openshift/origin/pull/30451)
* [OCPBUGS-64593](https://issues.redhat.com/browse/OCPBUGS-64593): [release-4.20] NO-JIRA: Filter preconfiguredIPs based on cluster IP family support [#30415](https://github.com/openshift/origin/pull/30415)
* [OCPBUGS-63725](https://issues.redhat.com/browse/OCPBUGS-63725): CNTRLPLANE-1766:fix(disruption): Using correct internal LB of apiserver for monitor test on ARO and Baremetal Hypershift [#30439](https://github.com/openshift/origin/pull/30439)
* [OCPBUGS-63171](https://issues.redhat.com/browse/OCPBUGS-63171): Add imagestream update dryrun test [#30389](https://github.com/openshift/origin/pull/30389)
* [OCPBUGS-63513](https://issues.redhat.com/browse/OCPBUGS-63513): Migrate OCP-32383 to upstream [#30423](https://github.com/openshift/origin/pull/30423)
* [OCPBUGS-62841](https://issues.redhat.com/browse/OCPBUGS-62841): fix(test): prevent nil pointer dereference in ginkgo test runner [#30350](https://github.com/openshift/origin/pull/30350)
* [OCPBUGS-46422](https://issues.redhat.com/browse/OCPBUGS-46422): Skip ServiceCIDR in etcd_storage_path test (4.20) [#30257](https://github.com/openshift/origin/pull/30257)
* [OCPBUGS-62695](https://issues.redhat.com/browse/OCPBUGS-62695): cherry-pick 30270 to release-4.20 [#30335](https://github.com/openshift/origin/pull/30335)
* [OCPBUGS-62231](https://issues.redhat.com/browse/OCPBUGS-62231): network test isolation and reduced parallelization to protect cpu [#30300](https://github.com/openshift/origin/pull/30300)
* Revert "[release-4.20] OCPBUGS-62140:OCPSTRAT-2045:Automating OCPSTRAT-2045 feature in upstream" [#30303](https://github.com/openshift/origin/pull/30303)
* [OCPBUGS-62140](https://issues.redhat.com/browse/OCPBUGS-62140): OCPSTRAT-2045:Automating OCPSTRAT-2045 feature in upstream [#30299](https://github.com/openshift/origin/pull/30299)
* [OCPBUGS-61757](https://issues.redhat.com/browse/OCPBUGS-61757): test/extended/cli/adm_upgrade/recommend: Enable precheck and accept [#30260](https://github.com/openshift/origin/pull/30260)
* [OCPBUGS-62075](https://issues.redhat.com/browse/OCPBUGS-62075): Temporarily remove commatrix documentation test for rework [#30287](https://github.com/openshift/origin/pull/30287)
* [OCPBUGS-62007](https://issues.redhat.com/browse/OCPBUGS-62007): oidc: improve rollout wait times [#30284](https://github.com/openshift/origin/pull/30284)
* [CNF-18661](https://issues.redhat.com/browse/CNF-18661): Update vendor with communication matrix bug fixes on 4.20 [#30271](https://github.com/openshift/origin/pull/30271)
* [OCPBUGS-61734](https://issues.redhat.com/browse/OCPBUGS-61734): Restore retries for flaky port foward test [#30266](https://github.com/openshift/origin/pull/30266)
* [OCPBUGS-61540](https://issues.redhat.com/browse/OCPBUGS-61540): chore(extended/prometheus): 2/2: make 'targets auth' test more lenient and more resilient [#30263](https://github.com/openshift/origin/pull/30263)
* [OCPBUGS-61744](https://issues.redhat.com/browse/OCPBUGS-61744): update machines scale test [#30258](https://github.com/openshift/origin/pull/30258)
* [OCPBUGS-61732](https://issues.redhat.com/browse/OCPBUGS-61732): [release-4.20] CNTRLPLANE-945: oidc: add retry logic for Keycloak route creation [#30251](https://github.com/openshift/origin/pull/30251)
* [OCPBUGS-61731](https://issues.redhat.com/browse/OCPBUGS-61731): [release-4.20] CNTRLPLANE-945: images: add keycloak images and use them in ExternalOIDC tests [#30250](https://github.com/openshift/origin/pull/30250)
* [OCPBUGS-61600](https://issues.redhat.com/browse/OCPBUGS-61600): Skip config-operator checking when featureSet is DevPreviewNoUpgrade [#30245](https://github.com/openshift/origin/pull/30245)
* [OCPBUGS-61540](https://issues.redhat.com/browse/OCPBUGS-61540): chore(extended/prometheus): make 'targets auth' test more lenient and more resilient. [#30237](https://github.com/openshift/origin/pull/30237)
* [OCPBUGS-61478](https://issues.redhat.com/browse/OCPBUGS-61478): Add flaky kubectl logs test to the retry list to clean signal for release [#30231](https://github.com/openshift/origin/pull/30231)
* [OCPBUGS-61333](https://issues.redhat.com/browse/OCPBUGS-61333): Bump to latest openshift/kubernetes (v1.33.4) [#30228](https://github.com/openshift/origin/pull/30228)
* [OCPBUGS-61286](https://issues.redhat.com/browse/OCPBUGS-61286): Mark etcd net overload logging test as a flake [#30214](https://github.com/openshift/origin/pull/30214)
* [CNTRLPLANE-1306](https://issues.redhat.com/browse/CNTRLPLANE-1306): Enable OTE for cluster-kube-storage-version-migrator-operator [#30213](https://github.com/openshift/origin/pull/30213)
* [CNTRLPLANE-945](https://issues.redhat.com/browse/CNTRLPLANE-945): [release-4.20] CNTRLPLANE-945: improve logging, add startup probe to Keycloak Deployment [#30204](https://github.com/openshift/origin/pull/30204)
* [Full changelog](https://github.com/openshift/origin/compare/03871d11997ca936317ee56bf57f340bac09e080...e2a089fdea4ee23487994478c08ae0901ae5f1ee)
### [vsphere-cluster-api-controllers](https://github.com/openshift/cluster-api-provider-vsphere/tree/1ff9e11f5a117505d935549b96cd0d129917c015)
* [OCPBUGS-61647](https://issues.redhat.com/browse/OCPBUGS-61647): Fix unit tests [#68](https://github.com/openshift/cluster-api-provider-vsphere/pull/68)
* [Full changelog](https://github.com/openshift/cluster-api-provider-vsphere/compare/6626b2998e29189d1ff031c0a589f9c3413feac4...1ff9e11f5a117505d935549b96cd0d129917c015)
### [vsphere-problem-detector](https://github.com/openshift/vsphere-problem-detector/tree/a417b217d7f39b02ba0bc1b75aa3bf52602df189)
* [OCPBUGS-65795](https://issues.redhat.com/browse/OCPBUGS-65795): Fixed logic for vSphere compute cluster permission [#197](https://github.com/openshift/vsphere-problem-detector/pull/197)
* [Full changelog](https://github.com/openshift/vsphere-problem-detector/compare/03834d02fe4c1be7ed696379aafbff52486acb5b...a417b217d7f39b02ba0bc1b75aa3bf52602df189)