# 4.17.0-0.okd-scos-2024-09-24-104828
Created: 2024-09-24 19:31:23 +0000 UTC
Image Digest: `sha256:4a5624ec7f6b0ff0c9fb2394aecdf5c565569712204753991e742424473dd53c`
Promoted from registry.ci.openshift.org/origin/release-scos:4.17.0-0.okd-scos-2024-09-24-104828
## Changes from 4.17.0-0.okd-scos-2024-08-21-100712
### Components
* Kubectl 1.30.2
* Kubernetes upgraded from 1.30.3 to 1.30.4
* Kubernetes Tests 1.30.0
* CentOS Stream CoreOS upgraded from 418.9.202408202032-0 to 418.9.202409222032-0
### FeatureGate Changes
| FeatureGate | Default
Hypershift | Default
SelfManagedHA | DevPreviewNoUpgrade
Hypershift | DevPreviewNoUpgrade
SelfManagedHA | TechPreviewNoUpgrade
Hypershift | TechPreviewNoUpgrade
SelfManagedHA |
| :------ | :---: | :---: | :---: | :---: | :---: | :---: |
| ExternalRouteCertificate
(0 tests)| Unconditional
(Changed)| Unconditional
(Changed)| Unconditional
(Changed)| Unconditional
(Changed)| Unconditional
(Changed)| Unconditional
(Changed) |
| AWSEFSDriverVolumeMetrics
(0 tests)| Enabled
(Changed)| Enabled
(Changed)| Enabled| Enabled| Enabled| Enabled |
| OpenShiftPodSecurityAdmission
(0 tests)| Disabled
(Changed)| Disabled
(Changed)| Enabled| Enabled| Enabled| Enabled |
| ProcMountType
(0 tests)| | | Enabled
(New)| Enabled
(New)| Enabled
(New)| Enabled
(New) |
| UserNamespacesSupport
(0 tests)| | | Enabled
(New)| Enabled
(New)| Enabled
(New)| Enabled
(New) |
### New images
* [networking-console-plugin](https://github.com/openshift/networking-console-plugin) git [dbc8e452](https://github.com/openshift/networking-console-plugin/commit/dbc8e452184fd2cf7b662059dd9d5400bceef30a) `sha256:120e9c17aee20d64c60493350ba2f3e76d4ad1e172755b02fea5e9084e117153`
### Rebuilt images without code change
* stream-coreos `sha256:fbfce57574899b6fff8e6ce98a1223462128c05005173231b4184ae79b2d0999`
* stream-coreos-extensions `sha256:e401a3a8cfa5102de326a3839b0264b40140bb17b16824d2a254fac576a156cf`
### [agent-installer-api-server](https://github.com/openshift/assisted-service/tree/351c82c9f29ed61cd3566d6d9f03804ea5b69e23)
* [OCPBUGS-36577](https://issues.redhat.com/browse/OCPBUGS-36577): Switch to github.com/docker/distribution/reference to mitigate CVE-2024-3727 (#6750) [#6750](https://github.com/openshift/assisted-service/pull/6750)
* [MGMT-18575](https://issues.redhat.com/browse/MGMT-18575), [MGMT-18694](https://issues.redhat.com/browse/MGMT-18694), [OCPBUGS-41820](https://issues.redhat.com/browse/OCPBUGS-41820): Don't require mapping for names matching physical interfaces (#6745) [#6745](https://github.com/openshift/assisted-service/pull/6745)
* [Full changelog](https://github.com/openshift/assisted-service/compare/00a5eb37b615c97220cd012bc889064ae54fd3f1...351c82c9f29ed61cd3566d6d9f03804ea5b69e23)
### [aws-ebs-csi-driver-operator, azure-disk-csi-driver-operator, azure-file-csi-driver-operator](https://github.com/openshift/csi-operator/tree/df0b8234c1233cabc0085a7d63a7fd81bf05fd5a)
* [OCPBUGS-38355](https://issues.redhat.com/browse/OCPBUGS-38355): Bump openshift/api to get EFS volume metrics [#274](https://github.com/openshift/csi-operator/pull/274)
* [OCPBUGS-38736](https://issues.redhat.com/browse/OCPBUGS-38736): Some CSI driver containers missing terminationMessagePolicy [#263](https://github.com/openshift/csi-operator/pull/263)
* [OCPBUGS-38815](https://issues.redhat.com/browse/OCPBUGS-38815): add init container in EFS CSI controller pod [#265](https://github.com/openshift/csi-operator/pull/265)
* [OCPBUGS-38355](https://issues.redhat.com/browse/OCPBUGS-38355): Volume Metrics for EFS CSI Driver [#257](https://github.com/openshift/csi-operator/pull/257)
* [Full changelog](https://github.com/openshift/csi-operator/compare/eb58eebcfd4a553e53f001105be7eb48819dfc78...df0b8234c1233cabc0085a7d63a7fd81bf05fd5a)
### [azure-file-csi-driver](https://github.com/openshift/azure-file-csi-driver/tree/9f4c38c2bb28347ed5c4fd082666bfdea7382243)
* [OCPBUGS-38669](https://issues.redhat.com/browse/OCPBUGS-38669): bump mount-utils to treat ENODEV error as corrupted mount [#75](https://github.com/openshift/azure-file-csi-driver/pull/75)
* [Full changelog](https://github.com/openshift/azure-file-csi-driver/compare/f9ca14c4a02f51220960f5c20c192cced2d3ec08...9f4c38c2bb28347ed5c4fd082666bfdea7382243)
### [baremetal-installer, installer, installer-altinfra, installer-artifacts](https://github.com/openshift/installer/tree/5faddcb597e086c32fbda6115e2c672e7a246676)
* [OCPBUGS-42051](https://issues.redhat.com/browse/OCPBUGS-42051): Fix integration tests [#9018](https://github.com/openshift/installer/pull/9018)
* [OCPBUGS-41300](https://issues.redhat.com/browse/OCPBUGS-41300): Azure CAPI: Improve handling of security features configured on the MachinePools and OSDisk [#9007](https://github.com/openshift/installer/pull/9007)
* [OCPBUGS-39286](https://issues.redhat.com/browse/OCPBUGS-39286): Fix var_files syntax to work on older version of ansible [#8933](https://github.com/openshift/installer/pull/8933)
* [OCPBUGS-41896](https://issues.redhat.com/browse/OCPBUGS-41896): Add AWS c7g,m7g,r8g to tested instance types [#9005](https://github.com/openshift/installer/pull/9005)
* [OCPBUGS-41542](https://issues.redhat.com/browse/OCPBUGS-41542): Azure CAPI: Update publicAccess for Blob Containers [#9006](https://github.com/openshift/installer/pull/9006)
* [OCPBUGS-41702](https://issues.redhat.com/browse/OCPBUGS-41702): aws: bump capa to fix EIP leak on bootstrap when BYOIP [#8991](https://github.com/openshift/installer/pull/8991)
* [OCPBUGS-38933](https://issues.redhat.com/browse/OCPBUGS-38933): install-status reflects day 2 services [#8899](https://github.com/openshift/installer/pull/8899)
* [OCPBUGS-39239](https://issues.redhat.com/browse/OCPBUGS-39239), [OCPBUGS-39240](https://issues.redhat.com/browse/OCPBUGS-39240): vSphere - If template is defined skip downloading [#8926](https://github.com/openshift/installer/pull/8926)
* [OCPBUGS-41300](https://issues.redhat.com/browse/OCPBUGS-41300): Azure CAPI: Set SecurityType as a Feature while creating Gallery Image [#8990](https://github.com/openshift/installer/pull/8990)
* [OCPBUGS-41500](https://issues.redhat.com/browse/OCPBUGS-41500): Bump extract-machine-os timout to 20m [#8981](https://github.com/openshift/installer/pull/8981)
* [OCPBUGS-38963](https://issues.redhat.com/browse/OCPBUGS-38963): IngressController subnet selection in AWS [#8909](https://github.com/openshift/installer/pull/8909)
* [OCPBUGS-41542](https://issues.redhat.com/browse/OCPBUGS-41542): Azure CAPI: Fix storage account and vhd container public access [#8984](https://github.com/openshift/installer/pull/8984)
* [OCPBUGS-41539](https://issues.redhat.com/browse/OCPBUGS-41539): Pick the next available IP address for internal LB [#8980](https://github.com/openshift/installer/pull/8980)
* [OCPBUGS-38568](https://issues.redhat.com/browse/OCPBUGS-38568): Azure: Add master and worker VM IPs to both the backend pools API LoadBalancer [#8968](https://github.com/openshift/installer/pull/8968)
* [OCPBUGS-39545](https://issues.redhat.com/browse/OCPBUGS-39545), [OCPBUGS-39546](https://issues.redhat.com/browse/OCPBUGS-39546), [OCPBUGS-39547](https://issues.redhat.com/browse/OCPBUGS-39547): update vault version to 1.13.10 [#8954](https://github.com/openshift/installer/pull/8954)
* [OCPBUGS-38568](https://issues.redhat.com/browse/OCPBUGS-38568): Azure CAPI: Add check for APIServer OperatorPublishingStrategy [#8870](https://github.com/openshift/installer/pull/8870)
* [OCPBUGS-41283](https://issues.redhat.com/browse/OCPBUGS-41283): update RHCOS 4.17 bootimage metadata to 417.94.202408270355-0 [#8975](https://github.com/openshift/installer/pull/8975)
* [OCPBUGS-39495](https://issues.redhat.com/browse/OCPBUGS-39495): capi/aws/byo-vpc/multi-cidr: fix group rules [#8952](https://github.com/openshift/installer/pull/8952)
* [OCPBUGS-39433](https://issues.redhat.com/browse/OCPBUGS-39433): dropping this warning as the move from terraform is transparent to the end user [#8950](https://github.com/openshift/installer/pull/8950)
* [OCPBUGS-38752](https://issues.redhat.com/browse/OCPBUGS-38752): Remove firewall rules created by CAPG [#8948](https://github.com/openshift/installer/pull/8948)
* [OCPBUGS-38738](https://issues.redhat.com/browse/OCPBUGS-38738): pkg/infrastructure/azure: set correct cloud for BYO vnet [#8972](https://github.com/openshift/installer/pull/8972)
* [OCPBUGS-39308](https://issues.redhat.com/browse/OCPBUGS-39308): Fix to validation for GCP pre-created ServiceAccount [#8931](https://github.com/openshift/installer/pull/8931)
* [OCPBUGS-39467](https://issues.redhat.com/browse/OCPBUGS-39467): Enable TLS for virtual media in initial ironic deployment [#8947](https://github.com/openshift/installer/pull/8947)
* [OCPBUGS-39092](https://issues.redhat.com/browse/OCPBUGS-39092): Use infrastructure resource to retrieve platform type [#8914](https://github.com/openshift/installer/pull/8914)
* [OCPBUGS-38934](https://issues.redhat.com/browse/OCPBUGS-38934): failed to install Nutanix OCP 4.16 cluster with DHCP network [#8900](https://github.com/openshift/installer/pull/8900)
* [OCPBUGS-38841](https://issues.redhat.com/browse/OCPBUGS-38841): ic: validate release arch is compatible with cluster arch [#8895](https://github.com/openshift/installer/pull/8895)
* [OCPBUGS-38600](https://issues.redhat.com/browse/OCPBUGS-38600): GCP Global Address failed to destroy [#8884](https://github.com/openshift/installer/pull/8884)
* [OCPBUGS-38616](https://issues.redhat.com/browse/OCPBUGS-38616): incorrect folder gen, workaround govmomi vm folder path bug [#8867](https://github.com/openshift/installer/pull/8867)
* [OCPBUGS-39002](https://issues.redhat.com/browse/OCPBUGS-39002): Add new disk types GCP Control Plane nodes [#8903](https://github.com/openshift/installer/pull/8903)
* [OCPBUGS-38301](https://issues.redhat.com/browse/OCPBUGS-38301): upi/aws: update lambda runtime python version [#8896](https://github.com/openshift/installer/pull/8896)
* [OCPBUGS-38832](https://issues.redhat.com/browse/OCPBUGS-38832): aws: validate public-only subnets configs [#8893](https://github.com/openshift/installer/pull/8893)
* [OCPBUGS-38497](https://issues.redhat.com/browse/OCPBUGS-38497): vsphere, if secureboot is enabled, disable it in the template [#8841](https://github.com/openshift/installer/pull/8841)
* [OCPBUGS-38560](https://issues.redhat.com/browse/OCPBUGS-38560): import failure when esxi config is not the same in the cluster [#8857](https://github.com/openshift/installer/pull/8857)
* [OCPBUGS-38604](https://issues.redhat.com/browse/OCPBUGS-38604): Updated powercli configuration to allow multi vcenters [#8865](https://github.com/openshift/installer/pull/8865)
* [OCPBUGS-38738](https://issues.redhat.com/browse/OCPBUGS-38738): CAPZ USGovernmentCloud fixes [#8885](https://github.com/openshift/installer/pull/8885)
* [OCPBUGS-38534](https://issues.redhat.com/browse/OCPBUGS-38534): Resource deletion is holding up deletion process [#8849](https://github.com/openshift/installer/pull/8849)
* [OCPBUGS-38677](https://issues.redhat.com/browse/OCPBUGS-38677): upstream capv bug causes session timeout [#8874](https://github.com/openshift/installer/pull/8874)
* [OCPBUGS-38246](https://issues.redhat.com/browse/OCPBUGS-38246): Add roles needed for shared VPC [#8866](https://github.com/openshift/installer/pull/8866)
* [OCPBUGS-38692](https://issues.redhat.com/browse/OCPBUGS-38692): aws: add support for clusters with public-only subnets [#8878](https://github.com/openshift/installer/pull/8878)
* [OCPBUGS-38700](https://issues.redhat.com/browse/OCPBUGS-38700): pkg/infrastructure/azure: limit storage account to 24 characters or less [#8879](https://github.com/openshift/installer/pull/8879)
* [Full changelog](https://github.com/openshift/installer/compare/9b7cd0ae783506f31acdf2b25726e98a2599c599...5faddcb597e086c32fbda6115e2c672e7a246676)
### [baremetal-operator](https://github.com/openshift/baremetal-operator/tree/94748225f29f3a7ef7dfe5844219c3856a421903)
* [OCPBUGS-39489](https://issues.redhat.com/browse/OCPBUGS-39489): Disallow fetching secrets from namespaces different from the host's one [#377](https://github.com/openshift/baremetal-operator/pull/377)
* [OCPBUGS-38937](https://issues.redhat.com/browse/OCPBUGS-38937): [OCP] Ability to disable agent power off after deployment [#371](https://github.com/openshift/baremetal-operator/pull/371)
* [Full changelog](https://github.com/openshift/baremetal-operator/compare/054be803686491beb67d5b5552715f80493a79a8...94748225f29f3a7ef7dfe5844219c3856a421903)
### [cli, cli-artifacts, deployer, tools](https://github.com/openshift/oc/tree/bc58b3a9c70cee7b03d1943e95b48ced9357711b)
* [OCPBUGS-39090](https://issues.redhat.com/browse/OCPBUGS-39090): use proxy settings when required [#1860](https://github.com/openshift/oc/pull/1860)
* make the idle command's scale update unconditional [#1856](https://github.com/openshift/oc/pull/1856)
* [Full changelog](https://github.com/openshift/oc/compare/30c77fb30bef0cf2c4b7ab37862ae060f6faf47d...bc58b3a9c70cee7b03d1943e95b48ced9357711b)
### [cloud-credential-operator](https://github.com/openshift/cloud-credential-operator/tree/d5b0b95c40f72fc6d8444f86dbc6d65f836702e7)
* [OCPBUGS-41233](https://issues.redhat.com/browse/OCPBUGS-41233): List secrets in batches to avoid api timeout [#756](https://github.com/openshift/cloud-credential-operator/pull/756)
* [OCPBUGS-38952](https://issues.redhat.com/browse/OCPBUGS-38952): Follow-up bug fixes for CCO-572 [#751](https://github.com/openshift/cloud-credential-operator/pull/751)
* [OCPBUGS-38375](https://issues.redhat.com/browse/OCPBUGS-38375): update google.golang.org/grpc v1.65.0 [#747](https://github.com/openshift/cloud-credential-operator/pull/747)
* [Full changelog](https://github.com/openshift/cloud-credential-operator/compare/2c25ae6064a367d8e1209416329c18f569826483...d5b0b95c40f72fc6d8444f86dbc6d65f836702e7)
### [cluster-authentication-operator](https://github.com/openshift/cluster-authentication-operator/tree/8e8a31d802182c00252221e8233f2d6df609f363)
* [OCPBUGS-39021](https://issues.redhat.com/browse/OCPBUGS-39021): increase oauth-apiserver failureThreshold [#693](https://github.com/openshift/cluster-authentication-operator/pull/693)
* [Full changelog](https://github.com/openshift/cluster-authentication-operator/compare/dc429ef1d8a470720aae41b2d62e29ebd07771dd...8e8a31d802182c00252221e8233f2d6df609f363)
### [cluster-capi-operator](https://github.com/openshift/cluster-capi-operator/tree/3f893aea1fad5fe124e888453ec0c67c0186da11)
* [OCPBUGS-39309](https://issues.redhat.com/browse/OCPBUGS-39309): manifests-gen: fix: readd missing metadata [#198](https://github.com/openshift/cluster-capi-operator/pull/198)
* [Full changelog](https://github.com/openshift/cluster-capi-operator/compare/c9af64ba67666cc8c9157e930daf30568446d2e2...3f893aea1fad5fe124e888453ec0c67c0186da11)
### [cluster-cloud-controller-manager-operator](https://github.com/openshift/cluster-cloud-controller-manager-operator/tree/f7fa87e4a55cf18a73fa40d2cf56f603d76c8b7f)
* [OCPBUGS-41941](https://issues.redhat.com/browse/OCPBUGS-41941): IBMCloud: Modify liveness probe for IBM Cloud CCM to use loopback address [#365](https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/365)
* [Full changelog](https://github.com/openshift/cluster-cloud-controller-manager-operator/compare/94da1a47269dbacf4e841ab8a3f0a0f3db2e103e...f7fa87e4a55cf18a73fa40d2cf56f603d76c8b7f)
### [cluster-config-api](https://github.com/openshift/api/tree/0a88001628266522c84e6c6c25ed5a44aced6d8b)
* [OCPBUGS-41642](https://issues.redhat.com/browse/OCPBUGS-41642): config/v1/types_cluster_version: Add v4.17 capability set [#2023](https://github.com/openshift/api/pull/2023)
* [OCPBUGS-34333](https://issues.redhat.com/browse/OCPBUGS-34333): Updating ose-cluster-config-api-container image to be consistent with ART for 4.17 [#1903](https://github.com/openshift/api/pull/1903)
* features: disable PSA [#2018](https://github.com/openshift/api/pull/2018)
* [OCPBUGS-38355](https://issues.redhat.com/browse/OCPBUGS-38355): Promote AWSEFSDriverVolumeMetrics to GA [#2020](https://github.com/openshift/api/pull/2020)
* [OCPBUGS-39300](https://issues.redhat.com/browse/OCPBUGS-39300): clean up openshift-sdn references in the API [4.17] [#2008](https://github.com/openshift/api/pull/2008)
* [OCPBUGS-38958](https://issues.redhat.com/browse/OCPBUGS-38958): [4.17] add UserNamespacesSupport/ProcMountType to tech preview features [#2011](https://github.com/openshift/api/pull/2011)
* [OCPBUGS-38605](https://issues.redhat.com/browse/OCPBUGS-38605): remove duplicate featuregate 'ExternalRouteCertificate' [#2004](https://github.com/openshift/api/pull/2004)
* [Full changelog](https://github.com/openshift/api/compare/d6942fb7294e5dea4c617bfcb26e5936dc267481...0a88001628266522c84e6c6c25ed5a44aced6d8b)
### [cluster-control-plane-machine-set-operator](https://github.com/openshift/cluster-control-plane-machine-set-operator/tree/a52da80dbb374fcb91b610cc2688cc863615f97d)
* [OCPBUGS-38643](https://issues.redhat.com/browse/OCPBUGS-38643): Add 1 minute stabilisation for clusteroperators after rollout [#321](https://github.com/openshift/cluster-control-plane-machine-set-operator/pull/321)
* [Full changelog](https://github.com/openshift/cluster-control-plane-machine-set-operator/compare/eac5d1dcabebbc1fb577c7dd93a6098888a284d3...a52da80dbb374fcb91b610cc2688cc863615f97d)
### [cluster-etcd-operator](https://github.com/openshift/cluster-etcd-operator/tree/8f04f689ce0dd513660e87ce4c12c7f0bf7747eb)
* [OCPBUGS-38454](https://issues.redhat.com/browse/OCPBUGS-38454): prefer env var over hardcoding ciphers [#1316](https://github.com/openshift/cluster-etcd-operator/pull/1316)
* NO-JIRA: degrade targetconfigcontroller on quorum loss [#1309](https://github.com/openshift/cluster-etcd-operator/pull/1309)
* [OCPBUGS-36462](https://issues.redhat.com/browse/OCPBUGS-36462): ensure ordering in member health checks [#1308](https://github.com/openshift/cluster-etcd-operator/pull/1308)
* NO-JIRA: only update envvar listeners on real changes [#1300](https://github.com/openshift/cluster-etcd-operator/pull/1300)
* [ETCD-636](https://issues.redhat.com/browse/ETCD-636): expose PruneOpts [#1297](https://github.com/openshift/cluster-etcd-operator/pull/1297)
* [ETCD-493](https://issues.redhat.com/browse/ETCD-493): Reflect etcd grafana dashboard mixin from upstream [#1291](https://github.com/openshift/cluster-etcd-operator/pull/1291)
* [ETCD-604](https://issues.redhat.com/browse/ETCD-604): Prune revisioned resources [#1292](https://github.com/openshift/cluster-etcd-operator/pull/1292)
* [OCPBUGS-36621](https://issues.redhat.com/browse/OCPBUGS-36621): Force sync on missing etcd-all-bundles configmap [#1296](https://github.com/openshift/cluster-etcd-operator/pull/1296)
* Revert "OCPBUGS-36621: add etcd-all-bundles to cvo create-only" [#1295](https://github.com/openshift/cluster-etcd-operator/pull/1295)
* [ETCD-574](https://issues.redhat.com/browse/ETCD-574): Update TLS artifact descriptions according to registry requ… [#1294](https://github.com/openshift/cluster-etcd-operator/pull/1294)
* [OCPBUGS-36621](https://issues.redhat.com/browse/OCPBUGS-36621): add etcd-all-bundles to cvo create-only [#1293](https://github.com/openshift/cluster-etcd-operator/pull/1293)
* NO-JIRA: only read signer/bundles on forced leaf generation [#1288](https://github.com/openshift/cluster-etcd-operator/pull/1288)
* [OCPBUGS-36301](https://issues.redhat.com/browse/OCPBUGS-36301): parallelize member health checks [#1286](https://github.com/openshift/cluster-etcd-operator/pull/1286)
* [OCPBUGS-36407](https://issues.redhat.com/browse/OCPBUGS-36407): Rename Dockerfile.rhel7 to Dockerfile.ocp [#1289](https://github.com/openshift/cluster-etcd-operator/pull/1289)
* [Full changelog](https://github.com/openshift/cluster-etcd-operator/compare/d82a13d2456cb89d6c64b508f80f7f6c36166c98...8f04f689ce0dd513660e87ce4c12c7f0bf7747eb)
### [cluster-image-registry-operator](https://github.com/openshift/cluster-image-registry-operator/tree/402a511b2d1cbb099f798075ef036180775e95e0)
* [OCPBUGS-38538](https://issues.redhat.com/browse/OCPBUGS-38538): Avoid Shared Access Key usage for Azure Storage Account when using Managed Identity based auth [#1103](https://github.com/openshift/cluster-image-registry-operator/pull/1103)
* [OCPBUGS-38885](https://issues.redhat.com/browse/OCPBUGS-38885): pkg/resource: invoke update-ca-trust extract with --output [#1097](https://github.com/openshift/cluster-image-registry-operator/pull/1097)
* [Full changelog](https://github.com/openshift/cluster-image-registry-operator/compare/926822add6072e450e571d11465ca4f3ebd88e4d...402a511b2d1cbb099f798075ef036180775e95e0)
### [cluster-ingress-operator](https://github.com/openshift/cluster-ingress-operator/tree/cb5306d7f68ba35b9a065d65f46c69a836556cb2)
* [OCPBUGS-39220](https://issues.redhat.com/browse/OCPBUGS-39220): Ingress operator status not degraded when canary route fails [#1136](https://github.com/openshift/cluster-ingress-operator/pull/1136)
* [OCPBUGS-38646](https://issues.redhat.com/browse/OCPBUGS-38646): Clear LB Status Parameters on LB Type Change [#1131](https://github.com/openshift/cluster-ingress-operator/pull/1131)
* [Full changelog](https://github.com/openshift/cluster-ingress-operator/compare/6c5fbab5fa4fe90d3cfbdafe0b8f6ab9ea696e27...cb5306d7f68ba35b9a065d65f46c69a836556cb2)
### [cluster-kube-apiserver-operator](https://github.com/openshift/cluster-kube-apiserver-operator/tree/937f8a77e3274c3ef8907424f4d3294ef642642e)
* [OCPBUGS-41874](https://issues.redhat.com/browse/OCPBUGS-41874): increase kube-apiserver failureThreshold [#1733](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1733)
* [OCPBUGS-34679](https://issues.redhat.com/browse/OCPBUGS-34679): revert dev cert rotation 4.17 [#1729](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1729)
* [OCPBUGS-34942](https://issues.redhat.com/browse/OCPBUGS-34942): Update APIRemovedInNextReleaseInUse for kube 1.30 / ocp 4.17 [#1698](https://github.com/openshift/cluster-kube-apiserver-operator/pull/1698)
* [Full changelog](https://github.com/openshift/cluster-kube-apiserver-operator/compare/0ecdda58434784dc1973a6f0d17a02cbbe2340d3...937f8a77e3274c3ef8907424f4d3294ef642642e)
### [cluster-monitoring-operator](https://github.com/openshift/cluster-monitoring-operator/tree/a7ed4a3751af0d5e3d96f07d9b69468397319a2a)
* [OCPBUGS-41341](https://issues.redhat.com/browse/OCPBUGS-41341): disable user-defined monitoring per object [#2458](https://github.com/openshift/cluster-monitoring-operator/pull/2458)
* [OCPBUGS-41908](https://issues.redhat.com/browse/OCPBUGS-41908): filter alerts sent to Telemeter [#2470](https://github.com/openshift/cluster-monitoring-operator/pull/2470)
* [OCPBUGS-41580](https://issues.redhat.com/browse/OCPBUGS-41580): Configure graceful shutdown for metrics-server (4.17 backport) [#2463](https://github.com/openshift/cluster-monitoring-operator/pull/2463)
* [OCPBUGS-39029](https://issues.redhat.com/browse/OCPBUGS-39029): Backport #2441 for 4.17 [#2445](https://github.com/openshift/cluster-monitoring-operator/pull/2445)
* [Full changelog](https://github.com/openshift/cluster-monitoring-operator/compare/c9a1d8d649083ce3ac717de78e9391146b5548f1...a7ed4a3751af0d5e3d96f07d9b69468397319a2a)
### [cluster-network-operator](https://github.com/openshift/cluster-network-operator/tree/a3188633549ddd7241484d733f3282bad959482b)
* [OCPBUGS-41674](https://issues.redhat.com/browse/OCPBUGS-41674): Add configurable subnets while running hybrid-overlay-node binary [#2497](https://github.com/openshift/cluster-network-operator/pull/2497)
* [OCPBUGS-41591](https://issues.redhat.com/browse/OCPBUGS-41591): Set required-scc for openshift workloads [#2490](https://github.com/openshift/cluster-network-operator/pull/2490)
* [OCPBUGS-39313](https://issues.redhat.com/browse/OCPBUGS-39313): HyperShift: do not use antiaffinity on single replica control planes [#2486](https://github.com/openshift/cluster-network-operator/pull/2486)
* [OCPBUGS-39387](https://issues.redhat.com/browse/OCPBUGS-39387): add required-scc annotation to console-plugin deployment [#2487](https://github.com/openshift/cluster-network-operator/pull/2487)
* [OCPBUGS-39425](https://issues.redhat.com/browse/OCPBUGS-39425): Preload networking plugin locales [#2489](https://github.com/openshift/cluster-network-operator/pull/2489)
* [OCPBUGS-38932](https://issues.redhat.com/browse/OCPBUGS-38932): Deploy networking-console-plugin by CNO [#2478](https://github.com/openshift/cluster-network-operator/pull/2478)
* [OCPBUGS-38932](https://issues.redhat.com/browse/OCPBUGS-38932): Add networking-console-plugin image to release payload [#2474](https://github.com/openshift/cluster-network-operator/pull/2474)
* [Full changelog](https://github.com/openshift/cluster-network-operator/compare/11377268019e214a51b1b2c2dcc14b2276624468...a3188633549ddd7241484d733f3282bad959482b)
### [cluster-node-tuning-operator](https://github.com/openshift/cluster-node-tuning-operator/tree/a4e7efa04c136b354a761508231214ac0fa1db1c)
* [OCPBUGS-39005](https://issues.redhat.com/browse/OCPBUGS-39005): Add cluster-wide proxy env file (#1145) [#1145](https://github.com/openshift/cluster-node-tuning-operator/pull/1145)
* OCPBUGS-36431 Fix generated cpu mask for 512+ cpus (#1147) [#1147](https://github.com/openshift/cluster-node-tuning-operator/pull/1147)
* [OCPBUGS-39321](https://issues.redhat.com/browse/OCPBUGS-39321): E2E: Remove checking of reserved cpus in irqbalance file (#1148) [#1148](https://github.com/openshift/cluster-node-tuning-operator/pull/1148)
* E2E: Add test to verify cpuset.cpus.exclusive is writeable (#1146) [#1146](https://github.com/openshift/cluster-node-tuning-operator/pull/1146)
* [Full changelog](https://github.com/openshift/cluster-node-tuning-operator/compare/6d625b5a887313ce4db97ce0c393fdca86df7022...a4e7efa04c136b354a761508231214ac0fa1db1c)
### [cluster-openshift-apiserver-operator](https://github.com/openshift/cluster-openshift-apiserver-operator/tree/56a90aeec7f94ddfe1be5365fe81ea3e5e52bea0)
* [OCPBUGS-41850](https://issues.redhat.com/browse/OCPBUGS-41850): increase openshift-apiserver failureThreshold [#589](https://github.com/openshift/cluster-openshift-apiserver-operator/pull/589)
* [Full changelog](https://github.com/openshift/cluster-openshift-apiserver-operator/compare/f7210cd840db46b01ec76a98cef332b8ff633701...56a90aeec7f94ddfe1be5365fe81ea3e5e52bea0)
### [cluster-policy-controller](https://github.com/openshift/cluster-policy-controller/tree/7209e90d4205dc16bf0c83fb556c3d955d942d6b)
* [OCPBUGS-41849](https://issues.redhat.com/browse/OCPBUGS-41849): pkg/psalabelsyncer: switch to PSA version 'latest' [#154](https://github.com/openshift/cluster-policy-controller/pull/154)
* [Full changelog](https://github.com/openshift/cluster-policy-controller/compare/c502ece1b8bdccdbc58a327520685d9a1d2f59cf...7209e90d4205dc16bf0c83fb556c3d955d942d6b)
### [cluster-samples-operator](https://github.com/openshift/cluster-samples-operator/tree/fde847e35856d9974ad8145b33e95bf125906b5f)
* [OKD-225](https://issues.redhat.com/browse/OKD-225): remove only the EOL CentOS 7 images [#575](https://github.com/openshift/cluster-samples-operator/pull/575)
* [OCPBUGS-39071](https://issues.redhat.com/browse/OCPBUGS-39071): Fix library-sync.sh to handle renames in unsupported samples [#565](https://github.com/openshift/cluster-samples-operator/pull/565)
* [OCPBUGS-38927](https://issues.redhat.com/browse/OCPBUGS-38927): Update Go version, API version and vendored libs to the same versions as in the openshift/api. [#564](https://github.com/openshift/cluster-samples-operator/pull/564)
* [OCPBUGS-33899](https://issues.redhat.com/browse/OCPBUGS-33899): Updating ose-cluster-samples-operator-container image to be consistent with ART for 4.17 [#547](https://github.com/openshift/cluster-samples-operator/pull/547)
* [Full changelog](https://github.com/openshift/cluster-samples-operator/compare/3956a88083778c20abcff959a7c9bfba75b77c9f...fde847e35856d9974ad8145b33e95bf125906b5f)
### [cluster-storage-operator](https://github.com/openshift/cluster-storage-operator/tree/eba39ffecf5a7a55a46443c85fd0ecd9ccc0453f)
* [OCPBUGS-38355](https://issues.redhat.com/browse/OCPBUGS-38355): Bump openshift/api to get EFS volume metrics [#501](https://github.com/openshift/cluster-storage-operator/pull/501)
* [OCPBUGS-38760](https://issues.redhat.com/browse/OCPBUGS-38760): include azure perms for route table [#503](https://github.com/openshift/cluster-storage-operator/pull/503)
* [OCPBUGS-39365](https://issues.redhat.com/browse/OCPBUGS-39365): Use restricted-v2 SCC and remove runAsUser in Hypershift [#498](https://github.com/openshift/cluster-storage-operator/pull/498)
* [Full changelog](https://github.com/openshift/cluster-storage-operator/compare/66f0d53a7050b832fed51813f24a482124ba104c...eba39ffecf5a7a55a46443c85fd0ecd9ccc0453f)
### [console](https://github.com/openshift/console/tree/9f7edb66ac0507ebdf53cc65166445f48540cdce)
* [OCPBUGS-42060](https://issues.redhat.com/browse/OCPBUGS-42060): Console crashes when ssh is selected in add secret for starting a pipeline run [#14301](https://github.com/openshift/console/pull/14301)
* [OCPBUGS-42223](https://issues.redhat.com/browse/OCPBUGS-42223): restore Spotlight removal on next click [#14314](https://github.com/openshift/console/pull/14314)
* [OCPBUGS-39181](https://issues.redhat.com/browse/OCPBUGS-39181): add Create button to Console plugins tab [#14220](https://github.com/openshift/console/pull/14220)
* [OCPBUGS-39091](https://issues.redhat.com/browse/OCPBUGS-39091): update Events ChipGroup to use integrated close [#14211](https://github.com/openshift/console/pull/14211)
* [OCPBUGS-38563](https://issues.redhat.com/browse/OCPBUGS-38563): do not directly mutate links in useMemo [#14159](https://github.com/openshift/console/pull/14159)
* [OCPBUGS-41685](https://issues.redhat.com/browse/OCPBUGS-41685): Topology screen crashes when completed pod is selected [#14276](https://github.com/openshift/console/pull/14276)
* [OCPBUGS-41482](https://issues.redhat.com/browse/OCPBUGS-41482): Unit Tests for the new Ask Lightspeed Button [#14249](https://github.com/openshift/console/pull/14249)
* [OCPBUGS-39601](https://issues.redhat.com/browse/OCPBUGS-39601): Console user settings resources misses ownerRef, removing a user results in remaining data [#14240](https://github.com/openshift/console/pull/14240)
* [OCPBUGS-41893](https://issues.redhat.com/browse/OCPBUGS-41893): Disable Extension Catalog tech preview nav item [#14289](https://github.com/openshift/console/pull/14289)
* [OCPBUGS-39110](https://issues.redhat.com/browse/OCPBUGS-39110): List of default Camel K event sources disappears when adding a custom event source [#14214](https://github.com/openshift/console/pull/14214)
* [OCPBUGS-41684](https://issues.redhat.com/browse/OCPBUGS-41684): Fix access mode selection menu issue [#14277](https://github.com/openshift/console/pull/14277)
* [OCPBUGS-41350](https://issues.redhat.com/browse/OCPBUGS-41350): Update Lightspeed logo to new standards [#14245](https://github.com/openshift/console/pull/14245)
* [OCPBUGS-41480](https://issues.redhat.com/browse/OCPBUGS-41480): improve layout and findability of Hide Lightspeed pref… [#14248](https://github.com/openshift/console/pull/14248)
* [OCPBUGS-39453](https://issues.redhat.com/browse/OCPBUGS-39453): Use vCenterCluster value from CM as primary resource [#14235](https://github.com/openshift/console/pull/14235)
* [OCPBUGS-39109](https://issues.redhat.com/browse/OCPBUGS-39109): Need to allow blank for Project/namespace when setting SA Subject in 'Project access tab' [#14213](https://github.com/openshift/console/pull/14213)
* [OCPBUGS-38903](https://issues.redhat.com/browse/OCPBUGS-38903): Networking section depends on networking-console-plugin [#14185](https://github.com/openshift/console/pull/14185)
* [OCPBUGS-38300](https://issues.redhat.com/browse/OCPBUGS-38300): Add telemetry to Lightspeed console capability [#14129](https://github.com/openshift/console/pull/14129)
* [OCPBUGS-38591](https://issues.redhat.com/browse/OCPBUGS-38591): Add support for GCP Workload Identity / Federated identity operator installs [#14160](https://github.com/openshift/console/pull/14160)
* [OCPBUGS-38427](https://issues.redhat.com/browse/OCPBUGS-38427): fix bug where cluster version text appears black in da… [#14145](https://github.com/openshift/console/pull/14145)
* [OCPBUGS-38615](https://issues.redhat.com/browse/OCPBUGS-38615): improve Lightspeed popup contents and navigation [#14163](https://github.com/openshift/console/pull/14163)
* [OCPBUGS-38395](https://issues.redhat.com/browse/OCPBUGS-38395): A value submitted in From view is wrapped with single quotation after switching to Yaml view. [#14141](https://github.com/openshift/console/pull/14141)
* [OCPBUGS-38394](https://issues.redhat.com/browse/OCPBUGS-38394): Unrelated readme opened when opening CodeReady workspaces from Quarkus using s2i quickstart [#14140](https://github.com/openshift/console/pull/14140)
* [OCPBUGS-38691](https://issues.redhat.com/browse/OCPBUGS-38691): Modifying helm e2e test to fix CI issue [#14169](https://github.com/openshift/console/pull/14169)
* [OCPBUGS-38412](https://issues.redhat.com/browse/OCPBUGS-38412): Values entered into the Instantiate Template form are automatically cleared [#14143](https://github.com/openshift/console/pull/14143)
* [Full changelog](https://github.com/openshift/console/compare/864d90910c77a2a2ecf4f87bb4e35d9604f95824...9f7edb66ac0507ebdf53cc65166445f48540cdce)
### [console-operator](https://github.com/openshift/console-operator/tree/f41009e8511cf5a042ca81d18e44137b7d11ba05)
* [OCPBUGS-38728](https://issues.redhat.com/browse/OCPBUGS-38728): Get externalOrganizationID instead of the organizationID [#926](https://github.com/openshift/console-operator/pull/926)
* [OCPBUGS-36213](https://issues.redhat.com/browse/OCPBUGS-36213): Vendor proper commit [#928](https://github.com/openshift/console-operator/pull/928)
* [Full changelog](https://github.com/openshift/console-operator/compare/0f85ea7b5efdc01675d544f9ea3535bdc069b013...f41009e8511cf5a042ca81d18e44137b7d11ba05)
### [docker-registry](https://github.com/openshift/image-registry/tree/ef9fa95763754c05beb32e1ddca406de67ae4bd6)
* [OCPBUGS-39040](https://issues.redhat.com/browse/OCPBUGS-39040): pull upstream distribution changes to use a consistent multipart chunk size [#409](https://github.com/openshift/image-registry/pull/409)
* [OCPBUGS-36521](https://issues.redhat.com/browse/OCPBUGS-36521): Rename Dockerfile [#407](https://github.com/openshift/image-registry/pull/407)
* [Full changelog](https://github.com/openshift/image-registry/compare/f6ef41b02c2fd3d3784283054206282be8d2336d...ef9fa95763754c05beb32e1ddca406de67ae4bd6)
### [hyperkube, installer-kube-apiserver-artifacts, pod](https://github.com/openshift/kubernetes/tree/d3adea4933c942000ceb2c9ca98b1920814f5b34)
* [OCPBUGS-41638](https://issues.redhat.com/browse/OCPBUGS-41638): UPSTREAM: <carry>: bump cadvisor version to fix missing network stats [#2081](https://github.com/openshift/kubernetes/pull/2081)
* [OCPBUGS-39014](https://issues.redhat.com/browse/OCPBUGS-39014): Bump 1.30.4 [#2062](https://github.com/openshift/kubernetes/pull/2062)
* [Full changelog](https://github.com/openshift/kubernetes/compare/88e7cc859c37b4aa669e2879e32de895267db9d2...d3adea4933c942000ceb2c9ca98b1920814f5b34)
### [hypershift](https://github.com/openshift/hypershift/tree/232a3c1fc0afa8e103a11963afd954c2bf9d20df)
* [OCPBUGS-41552](https://issues.redhat.com/browse/OCPBUGS-41552): Let payload generation pick the release for the NodePool [#4691](https://github.com/openshift/hypershift/pull/4691)
* chore(deps): update konflux references to 2c3426a (release-4.17) [#4774](https://github.com/openshift/hypershift/pull/4774)
* NO-JIRA: chore(deps): update konflux references (release-4.17) [#4761](https://github.com/openshift/hypershift/pull/4761)
* NO-JIRA: Security fixes for openshift-ci-security job [#4748](https://github.com/openshift/hypershift/pull/4748)
* NO-JIRA: chore(deps): update konflux references (release-4.17) [#4726](https://github.com/openshift/hypershift/pull/4726)
* [HOSTEDCP-1953](https://issues.redhat.com/browse/HOSTEDCP-1953): bump CCO version [#4694](https://github.com/openshift/hypershift/pull/4694)
* NO-JIRA: chore(deps): update konflux references (release-4.17) [#4682](https://github.com/openshift/hypershift/pull/4682)
* [OCPBUGS-41371](https://issues.redhat.com/browse/OCPBUGS-41371): CPO oauth idp converter: resolve names before dialing [#4681](https://github.com/openshift/hypershift/pull/4681)
* [OCPBUGS-38637](https://issues.redhat.com/browse/OCPBUGS-38637): Use http dialer when dialing through proxy [#4680](https://github.com/openshift/hypershift/pull/4680)
* [OSASINFRA-3572](https://issues.redhat.com/browse/OSASINFRA-3572), [OSASINFRA-3573](https://issues.redhat.com/browse/OSASINFRA-3573): OpenStack backports for ingress [#4644](https://github.com/openshift/hypershift/pull/4644)
* [OCPBUGS-39365](https://issues.redhat.com/browse/OCPBUGS-39365): Update CSO deployment file [#4655](https://github.com/openshift/hypershift/pull/4655)
* [OCPBUGS-39452](https://issues.redhat.com/browse/OCPBUGS-39452): Fix multi-arch validation by prioritizing ReleaseImage check [#4665](https://github.com/openshift/hypershift/pull/4665)
* [OCPBUGS-39419](https://issues.redhat.com/browse/OCPBUGS-39419): handle version skewed NodePools that do not have rhel9 binaries [#4662](https://github.com/openshift/hypershift/pull/4662)
* [OCPBUGS-39371](https://issues.redhat.com/browse/OCPBUGS-39371): Fixed NodePool version validation [#4657](https://github.com/openshift/hypershift/pull/4657)
* [OCPBUGS-39234](https://issues.redhat.com/browse/OCPBUGS-39234): Set Image as mutable and trigger upgrades on Azure NodePool spec changes [#4640](https://github.com/openshift/hypershift/pull/4640)
* [HOSTEDCP-1938](https://issues.redhat.com/browse/HOSTEDCP-1938): Remove saas template in 4.17 [#4645](https://github.com/openshift/hypershift/pull/4645)
* [OCPBUGS-39225](https://issues.redhat.com/browse/OCPBUGS-39225): copy image-registry AdditionalTrustedCA configmap into HC openshift-config [#4637](https://github.com/openshift/hypershift/pull/4637)
* [OCPBUGS-39159](https://issues.redhat.com/browse/OCPBUGS-39159): regroup KAS certs into public and private certs [#4634](https://github.com/openshift/hypershift/pull/4634)
* [OCPBUGS-39102](https://issues.redhat.com/browse/OCPBUGS-39102): Add networking-console-plugin image to CNO as an env var [#4592](https://github.com/openshift/hypershift/pull/4592)
* NO-JIRA: chore(deps): update konflux references (release-4.17) [#4601](https://github.com/openshift/hypershift/pull/4601)
* [OCPBUGS-38967](https://issues.redhat.com/browse/OCPBUGS-38967): [release-4.17] Remove go workspaces [#4620](https://github.com/openshift/hypershift/pull/4620)
* [OCPBUGS-38941](https://issues.redhat.com/browse/OCPBUGS-38941): copy oapi ca-trust recursively when building trust anchor [#4614](https://github.com/openshift/hypershift/pull/4614)
* [HOSTEDCP-1861](https://issues.redhat.com/browse/HOSTEDCP-1861): cpo: separate KAS cert into internal and external [#4595](https://github.com/openshift/hypershift/pull/4595)
* [OCPBUGS-38833](https://issues.redhat.com/browse/OCPBUGS-38833): [Azure] Use infraID from infra-json if provided [#4590](https://github.com/openshift/hypershift/pull/4590)
* NO-JIRA: Fix KubeVirtNodesLiveMigratable condition for NodePools with 0 replicas [#4588](https://github.com/openshift/hypershift/pull/4588)
* [HOSTEDCP-1764](https://issues.redhat.com/browse/HOSTEDCP-1764): retrieve registryOverrides when ImageStream is not ava… [#4540](https://github.com/openshift/hypershift/pull/4540)
* NO-JIRA: Update quay.io/openshift/origin-base Docker tag to v4.16 (release-4.17) [#4573](https://github.com/openshift/hypershift/pull/4573)
* NO-JIRA: Update golang Docker tag to v1.23 (release-4.17) [#4571](https://github.com/openshift/hypershift/pull/4571)
* NO-JIRA: Update Konflux references (release-4.17) [#4570](https://github.com/openshift/hypershift/pull/4570)
* [Full changelog](https://github.com/openshift/hypershift/compare/79f0c0ce5816c0710e427787a84a7881db5d19b6...232a3c1fc0afa8e103a11963afd954c2bf9d20df)
### [ibm-vpc-block-csi-driver-operator](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/tree/8443d86bf284684b7849fa76d40795d141ef86d2)
* [OCPBUGS-42277](https://issues.redhat.com/browse/OCPBUGS-42277): Reorder static resources to create RBAC first [#128](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/pull/128)
* [Full changelog](https://github.com/openshift/ibm-vpc-block-csi-driver-operator/compare/f74c374bc09ee57a077c86d307b4544c01111956...8443d86bf284684b7849fa76d40795d141ef86d2)
### [insights-operator](https://github.com/openshift/insights-operator/tree/d44b5f1be3be9c1630b1216cd231e47758dcd30f)
* [OCPBUGS-39393](https://issues.redhat.com/browse/OCPBUGS-39393): collect some nmstate customresources (#986) (#989) [#986](https://github.com/openshift/insights-operator/pull/986)
* [OCPBUGS-32233](https://issues.redhat.com/browse/OCPBUGS-32233): Not able to enable repositories during entitled build in OCP Cluster on IBM-Z (#991) [#991](https://github.com/openshift/insights-operator/pull/991)
* [Full changelog](https://github.com/openshift/insights-operator/compare/80246495256b1a4628dd45998aa7162d8e934f78...d44b5f1be3be9c1630b1216cd231e47758dcd30f)
### [ironic](https://github.com/openshift/ironic-image/tree/f70cb6807c16e40bc0937f52e23422142ca19793)
* [OCPBUGS-41783](https://issues.redhat.com/browse/OCPBUGS-41783): Set node "alive" when inspection finished [#578](https://github.com/openshift/ironic-image/pull/578)
* [OCPBUGS-39380](https://issues.redhat.com/browse/OCPBUGS-39380): Include fixes for CVE-2024-44082 into 4.17 [#576](https://github.com/openshift/ironic-image/pull/576)
* [OCPBUGS-37365](https://issues.redhat.com/browse/OCPBUGS-37365): Update log statement to avoid logging entire node object [#573](https://github.com/openshift/ironic-image/pull/573)
* [OCPBUGS-38511](https://issues.redhat.com/browse/OCPBUGS-38511): set min version for python3-webob [#552](https://github.com/openshift/ironic-image/pull/552)
* [OCPBUGS-38784](https://issues.redhat.com/browse/OCPBUGS-38784): Update sushy to include Huwaei Fix ( Duplicate PR ) [#572](https://github.com/openshift/ironic-image/pull/572)
* [OCPBUGS-39013](https://issues.redhat.com/browse/OCPBUGS-39013): Bump ironic-lib to fix utf8 decoding issue [#568](https://github.com/openshift/ironic-image/pull/568)
* NO-ISSUE: fix scos and fcos dockerfiles to remove ironic-inspector [#567](https://github.com/openshift/ironic-image/pull/567)
* [OCPBUGS-38465](https://issues.redhat.com/browse/OCPBUGS-38465): update sushy to pick up the RAID fix [#545](https://github.com/openshift/ironic-image/pull/545)
* [OCPBUGS-38481](https://issues.redhat.com/browse/OCPBUGS-38481): Update root image [#546](https://github.com/openshift/ironic-image/pull/546)
* [OCPBUGS-37402](https://issues.redhat.com/browse/OCPBUGS-37402): bump werkzeug [#533](https://github.com/openshift/ironic-image/pull/533)
* [METAL-1094](https://issues.redhat.com/browse/METAL-1094): Sync with upstream metal3-io/ironic-image [#532](https://github.com/openshift/ironic-image/pull/532)
* [OCPBUGS-37084](https://issues.redhat.com/browse/OCPBUGS-37084): Update ironic projects to latest available [#522](https://github.com/openshift/ironic-image/pull/522)
* [METAL-1070](https://issues.redhat.com/browse/METAL-1070): Align ironic dependencies with latest upper constraints [#520](https://github.com/openshift/ironic-image/pull/520)
* [OCPBUGS-33335](https://issues.redhat.com/browse/OCPBUGS-33335): Update Python Jinja2 [#519](https://github.com/openshift/ironic-image/pull/519)
* [METAL-1049](https://issues.redhat.com/browse/METAL-1049): Download and install sources from local dir [#494](https://github.com/openshift/ironic-image/pull/494)
* [OCPBUGS-32261](https://issues.redhat.com/browse/OCPBUGS-32261): Update ironic-inspector to fix the memory leak [#516](https://github.com/openshift/ironic-image/pull/516)
* NO-ISSUE: Bump ironic projects versions [#514](https://github.com/openshift/ironic-image/pull/514)
* [Full changelog](https://github.com/openshift/ironic-image/compare/4ce3961c6a706f439c476b6b0a861529f76d96b0...f70cb6807c16e40bc0937f52e23422142ca19793)
### [ironic-agent](https://github.com/openshift/ironic-agent-image/tree/8c92604b7557101eb0537c5f99418829948eec26)
* [OCPBUGS-39380](https://issues.redhat.com/browse/OCPBUGS-39380): Include fixes for CVE-2024-44082 into 4.17 [#160](https://github.com/openshift/ironic-agent-image/pull/160)
* [OCPBUGS-38511](https://issues.redhat.com/browse/OCPBUGS-38511): set webob and bump werkzeug [#148](https://github.com/openshift/ironic-agent-image/pull/148)
* [OCPBUGS-38481](https://issues.redhat.com/browse/OCPBUGS-38481): Update root image [#145](https://github.com/openshift/ironic-agent-image/pull/145)
* [METAL-1049](https://issues.redhat.com/browse/METAL-1049): Download and install sources from local dir [#142](https://github.com/openshift/ironic-agent-image/pull/142)
* [OCPBUGS-37086](https://issues.redhat.com/browse/OCPBUGS-37086): Update ironic projects to latest available [#141](https://github.com/openshift/ironic-agent-image/pull/141)
* [METAL-1070](https://issues.redhat.com/browse/METAL-1070): Align ironic dependencies with latest upper constraints [#140](https://github.com/openshift/ironic-agent-image/pull/140)
* [OCPBUGS-35968](https://issues.redhat.com/browse/OCPBUGS-35968): Disable installation of .pyc files through pip [#139](https://github.com/openshift/ironic-agent-image/pull/139)
* NO-ISSUE: Bump ironic projects versions [#137](https://github.com/openshift/ironic-agent-image/pull/137)
* NO-ISSUE: Replace README with an explanation how this agent works [#138](https://github.com/openshift/ironic-agent-image/pull/138)
* [Full changelog](https://github.com/openshift/ironic-agent-image/compare/f4b86c20989a79e611a27975ac02d0f824b8e5c7...8c92604b7557101eb0537c5f99418829948eec26)
### [kube-metrics-server](https://github.com/openshift/kubernetes-metrics-server/tree/28b10b8fcc2d21fb323e79afeb46301d0c3c6e9c)
* [OCPBUGS-41580](https://issues.redhat.com/browse/OCPBUGS-41580): Wire server run options to flags. [#35](https://github.com/openshift/kubernetes-metrics-server/pull/35)
* [Full changelog](https://github.com/openshift/kubernetes-metrics-server/compare/1f68026b5733dbf242839ecee7ddf70d913abbf5...28b10b8fcc2d21fb323e79afeb46301d0c3c6e9c)
### [kube-rbac-proxy](https://github.com/openshift/kube-rbac-proxy/tree/b2d2c462e801d7b8890347c017184153c3c8eaab)
* [OCPBUGS-34057](https://issues.redhat.com/browse/OCPBUGS-34057): Updating kube-rbac-proxy-container image to be consistent with ART for 4.17 [#99](https://github.com/openshift/kube-rbac-proxy/pull/99)
* [Full changelog](https://github.com/openshift/kube-rbac-proxy/compare/8ea2c994df4296ec161023d8ff85f9ea0e383216...b2d2c462e801d7b8890347c017184153c3c8eaab)
### [machine-config-operator](https://github.com/openshift/machine-config-operator/tree/858c0a2e5965fcff48716c1db01ee76bb1eed9f2)
* [OCPBUGS-41686](https://issues.redhat.com/browse/OCPBUGS-41686): MCPs with RHEL nodes are degraded when a userCA bundle is added to the cluster [#4580](https://github.com/openshift/machine-config-operator/pull/4580)
* [OCPBUGS-41802](https://issues.redhat.com/browse/OCPBUGS-41802): When newly built images rolled out, the update progress is not displaying correctly (went 0 --> 3) [#4583](https://github.com/openshift/machine-config-operator/pull/4583)
* [OCPBUGS-41688](https://issues.redhat.com/browse/OCPBUGS-41688): Add alert for users of deprecating the Image Registry workaround [#4581](https://github.com/openshift/machine-config-operator/pull/4581)
* [OCPBUGS-41312](https://issues.redhat.com/browse/OCPBUGS-41312): CVE-2024-3727 ose-machine-config-operator-container: containers/image: digest type does not guarantee valid type [#4564](https://github.com/openshift/machine-config-operator/pull/4564)
* [OCPBUGS-38868](https://issues.redhat.com/browse/OCPBUGS-38868): Updates message verbs to use %q where appropriate [#4547](https://github.com/openshift/machine-config-operator/pull/4547)
* [OCPBUGS-38770](https://issues.redhat.com/browse/OCPBUGS-38770): SCC-pinning for openshift workloads [#4542](https://github.com/openshift/machine-config-operator/pull/4542)
* [OCPBUGS-38846](https://issues.redhat.com/browse/OCPBUGS-38846): Machine-config daemon ListPools panic during tech-preview CI runs [#4546](https://github.com/openshift/machine-config-operator/pull/4546)
* [Full changelog](https://github.com/openshift/machine-config-operator/compare/f30761f4c53ee05eab5d8887d8f4dfe7603cd20b...858c0a2e5965fcff48716c1db01ee76bb1eed9f2)
### [monitoring-plugin](https://github.com/openshift/monitoring-plugin/tree/ccaf40d66254b328a688abddef841b7763c726d6)
* NO-JIRA: Update query-browser to not use setState [#166](https://github.com/openshift/monitoring-plugin/pull/166)
* [Full changelog](https://github.com/openshift/monitoring-plugin/compare/9ef4b83ecf77d8660cfd6648ba48c435b7308e60...ccaf40d66254b328a688abddef841b7763c726d6)
### [multus-cni, multus-cni-microshift](https://github.com/openshift/multus-cni/tree/b8d8d5c0128743d5d3c188ad37004c0a4bc00337)
* [OCPBUGS-41817](https://issues.redhat.com/browse/OCPBUGS-41817): always attempt a live pod get on miss to confirm its really not there [#248](https://github.com/openshift/multus-cni/pull/248)
* [Full changelog](https://github.com/openshift/multus-cni/compare/3cba503d4b6295efd1fa1931884eab2b63c84d94...b8d8d5c0128743d5d3c188ad37004c0a4bc00337)
### [network-metrics-daemon](https://github.com/openshift/network-metrics-daemon/tree/ddb486ae8c68d228a1421c779ec8fe35fc436ccb)
* Updating ose-network-metrics-daemon-container image to be consistent with ART for 4.17 (#93) [#93](https://github.com/openshift/network-metrics-daemon/pull/93)
* swtich golint install method (#103) [#103](https://github.com/openshift/network-metrics-daemon/pull/103)
* [Full changelog](https://github.com/openshift/network-metrics-daemon/compare/f7a88331a9de217c6619dccd23bc701aa6712df8...ddb486ae8c68d228a1421c779ec8fe35fc436ccb)
### [oauth-server](https://github.com/openshift/oauth-server/tree/a44685102fbccd24a68207eacdc0a63435af5dde)
* [OCPBUGS-34248](https://issues.redhat.com/browse/OCPBUGS-34248): Updating oauth-server-container image to be consistent with ART for 4.17 [#149](https://github.com/openshift/oauth-server/pull/149)
* [Full changelog](https://github.com/openshift/oauth-server/compare/4d11d2699633c0b9372335c501fec6ac41ef7fb4...a44685102fbccd24a68207eacdc0a63435af5dde)
### [oc-mirror](https://github.com/openshift/oc-mirror/tree/c9123030d5df99847cf3779856d90ff83cf64dcb)
* [OCPBUGS-41503](https://issues.redhat.com/browse/OCPBUGS-41503): [release-4.17] oc-mirror throws error when performing delete operation with --generate (#922) [#922](https://github.com/openshift/oc-mirror/pull/922)
* [OCPBUGS-41168](https://issues.redhat.com/browse/OCPBUGS-41168): [release-4.17] Should not panic when specifying wrong loglevel for oc-mirror (#918) [#918](https://github.com/openshift/oc-mirror/pull/918)
* [OCPBUGS-37950](https://issues.redhat.com/browse/OCPBUGS-37950): Bug fix when kubevirt image not found (#914) [#914](https://github.com/openshift/oc-mirror/pull/914)
* [Full changelog](https://github.com/openshift/oc-mirror/compare/7bb92a7df45294577d0021d8b41869a912b6ac84...c9123030d5df99847cf3779856d90ff83cf64dcb)
### [openshift-controller-manager](https://github.com/openshift/openshift-controller-manager/tree/7682a61bedd0db855bb9696bfb08f6078688ea4e)
* [OCPBUGS-39167](https://issues.redhat.com/browse/OCPBUGS-39167): replaces deprecated square/go-jose wtih go-jose/go-jose [#328](https://github.com/openshift/openshift-controller-manager/pull/328)
* [Full changelog](https://github.com/openshift/openshift-controller-manager/compare/aabcbc2cf5d944f64e6ebdbc4e0ce7f1b95bd127...7682a61bedd0db855bb9696bfb08f6078688ea4e)
### [operator-framework-tools, operator-lifecycle-manager, operator-registry](https://github.com/openshift/operator-framework-olm/tree/b0d86a042d2b36be77b3b5bca74e73194bfdeee8)
* [OCPBUGS-41549](https://issues.redhat.com/browse/OCPBUGS-41549): [4.17] adds paginating lister for evaluating CRs' upgrade fitness versus new CRDs. [#860](https://github.com/openshift/operator-framework-olm/pull/860)
* [OCPBUGS-41498](https://issues.redhat.com/browse/OCPBUGS-41498): [release-4.17] Fix e2e flake: upgrade CRD with deprecated version [#858](https://github.com/openshift/operator-framework-olm/pull/858)
* [OCPBUGS-39574](https://issues.redhat.com/browse/OCPBUGS-39574): (fix) registry pods do not come up again after node failure (#3366) [#855](https://github.com/openshift/operator-framework-olm/pull/855)
* [OCPBUGS-39458](https://issues.redhat.com/browse/OCPBUGS-39458): add optional schema migrations; default to olm.bundle.object instead of olm.csv.metadata (#1384) [#851](https://github.com/openshift/operator-framework-olm/pull/851)
* [Full changelog](https://github.com/openshift/operator-framework-olm/compare/a3a385e87bb828693ff383a383b3e33f3d575d79...b0d86a042d2b36be77b3b5bca74e73194bfdeee8)
### [operator-marketplace](https://github.com/operator-framework/operator-marketplace/tree/51f871a51fdfec73932100e13201301ddeb35fa1)
* [OCPBUGS-39297](https://issues.redhat.com/browse/OCPBUGS-39297): Replace 4.16 image references with 4.17 [#573](https://github.com/operator-framework/operator-marketplace/pull/573)
* [Full changelog](https://github.com/operator-framework/operator-marketplace/compare/794974488ac28a56f0afbbc15f290b6e32dc87b0...51f871a51fdfec73932100e13201301ddeb35fa1)
### [ovn-kubernetes, ovn-kubernetes-microshift](https://github.com/openshift/ovn-kubernetes/tree/62451d12851aebdd1a3b009a9829f8df796998ad)
* [OCPBUGS-39406](https://issues.redhat.com/browse/OCPBUGS-39406), [SDN-4919](https://issues.redhat.com/browse/SDN-4919): Downstream Merge 28th August [#2283](https://github.com/openshift/ovn-kubernetes/pull/2283)
* [SDN-4919](https://issues.redhat.com/browse/SDN-4919): Downstream Merge August 22nd [#2277](https://github.com/openshift/ovn-kubernetes/pull/2277)
* [SDN-4919](https://issues.redhat.com/browse/SDN-4919): Downstream Merge 20th August [#2274](https://github.com/openshift/ovn-kubernetes/pull/2274)
* [OCPBUGS-38267](https://issues.redhat.com/browse/OCPBUGS-38267), [OCPBUGS-38653](https://issues.redhat.com/browse/OCPBUGS-38653), [OCPBUGS-38693](https://issues.redhat.com/browse/OCPBUGS-38693): Downstream Merge 14th August 2024 [#2265](https://github.com/openshift/ovn-kubernetes/pull/2265)
* [Full changelog](https://github.com/openshift/ovn-kubernetes/compare/190304949659af8efca11d173682a373dac97792...62451d12851aebdd1a3b009a9829f8df796998ad)
### [prometheus](https://github.com/openshift/prometheus/tree/6853164ae2073146f78cbe9cbda92ebfe1e744d7)
* [OCPBUGS-38690](https://issues.redhat.com/browse/OCPBUGS-38690): Restore Prometheus functionality to accept samples with different timestamps from the same series in a single scrape. [#221](https://github.com/openshift/prometheus/pull/221)
* [Full changelog](https://github.com/openshift/prometheus/compare/64f64f906162bb99008084cc69d54c4aef79169d...6853164ae2073146f78cbe9cbda92ebfe1e744d7)
### [prometheus-config-reloader, prometheus-operator, prometheus-operator-admission-webhook](https://github.com/openshift/prometheus-operator/tree/16f1cb003f65bf11b2a0a9a9ff9f9450eb7f249c)
* [OCPBUGS-38398](https://issues.redhat.com/browse/OCPBUGS-38398): feat: sync proxy settings in Alertmanager configuration [#296](https://github.com/openshift/prometheus-operator/pull/296)
* [Full changelog](https://github.com/openshift/prometheus-operator/compare/c5867749fc83c53bd7bff290347844a543166ee3...16f1cb003f65bf11b2a0a9a9ff9f9450eb7f249c)
### [tests](https://github.com/openshift/origin/tree/ec6389f0e63380e8ec6d792e20ed1e61473ddbb3)
* [OCPBUGS-41817](https://issues.redhat.com/browse/OCPBUGS-41817): Update the NotFound case for CNI plugin to reflect changes [#29091](https://github.com/openshift/origin/pull/29091)
* [OCPBUGS-39134](https://issues.redhat.com/browse/OCPBUGS-39134): Bump timeout for the pod-network-service endpoints check [#29051](https://github.com/openshift/origin/pull/29051)
* [OCPBUGS-38674](https://issues.redhat.com/browse/OCPBUGS-38674): add unexpected ready for monitor tests [#29021](https://github.com/openshift/origin/pull/29021)
* [OCPBUGS-39254](https://issues.redhat.com/browse/OCPBUGS-39254): Change Operator Installed for Smoke Test [#29055](https://github.com/openshift/origin/pull/29055)
* [OCPBUGS-39031](https://issues.redhat.com/browse/OCPBUGS-39031): kube-apiserver rollout: wait for stability before exiting [#29047](https://github.com/openshift/origin/pull/29047)
* [Full changelog](https://github.com/openshift/origin/compare/70bb9a0b65f2f3f17e56532b35b936ab9cf38916...ec6389f0e63380e8ec6d792e20ed1e61473ddbb3)
### [vsphere-cloud-controller-manager](https://github.com/openshift/cloud-provider-vsphere/tree/07abced061d16b906b19d1eb49f9bea5c2c77662)
* [OCPBUGS-37661](https://issues.redhat.com/browse/OCPBUGS-37661): Bump otelgrpc to v0.53.0 [#74](https://github.com/openshift/cloud-provider-vsphere/pull/74)
* [Full changelog](https://github.com/openshift/cloud-provider-vsphere/compare/6464d0bb49283eebeb3ea1a3db4e4914c569dcbd...07abced061d16b906b19d1eb49f9bea5c2c77662)
### [vsphere-csi-driver-operator](https://github.com/openshift/vmware-vsphere-csi-driver-operator/tree/d97d4cee0769099004a39fcf7ff1d8f48cb0f3cc)
* [OCPBUGS-42007](https://issues.redhat.com/browse/OCPBUGS-42007): Remove conditions and controllers [#254](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/254)
* [OCPBUGS-42006](https://issues.redhat.com/browse/OCPBUGS-42006): Add check for vCenter version [#253](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/253)
* [OCPBUGS-42008](https://issues.redhat.com/browse/OCPBUGS-42008): Implement minor quality of life improvements. [#255](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/255)
* [OCPBUGS-38442](https://issues.redhat.com/browse/OCPBUGS-38442): Restart CSI driver controller pod on config change [#247](https://github.com/openshift/vmware-vsphere-csi-driver-operator/pull/247)
* [Full changelog](https://github.com/openshift/vmware-vsphere-csi-driver-operator/compare/42154e37475bea68a5e46266a96f88796621c273...d97d4cee0769099004a39fcf7ff1d8f48cb0f3cc)