diff --git a/release_notes/ocp-4-19-release-notes.adoc b/release_notes/ocp-4-19-release-notes.adoc index da8dc3a366cf..17825d4e4298 100644 --- a/release_notes/ocp-4-19-release-notes.adoc +++ b/release_notes/ocp-4-19-release-notes.adoc @@ -2813,6 +2813,48 @@ This section will continue to be updated over time to provide notes on enhanceme For any {product-title} release, always review the instructions on xref:../updating/updating_a_cluster/updating-cluster-web-console.adoc#updating-cluster-web-console[updating your cluster] properly. ==== +// 4.19.5 +[id="ocp-4-19-5_{context}"] +=== RHSA-2025:11363 - {product-title} {product-version}.5 image release, bug fix, and security update advisory + +Issued: 22 July 2025 + +{product-title} release {product-version}.5, which includes security updates, is now available. The list of bug fixes that are included in the update is documented in the link:https://access.redhat.com/errata/RHSA-2025:11363[RHSA-2025:11363] advisory. The RPM packages that are included in the update are provided by the link:https://access.redhat.com/errata/RHBA-2025:11364[RHBA-2025:11364] advisory. + +Space precluded documenting all of the container images for this release in the advisory. + +You can view the container images in this release by running the following command: + +[source,terminal] +---- +$ oc adm release info 4.19.5 --pullspecs +---- + +[id="ocp-4-19-5-bug-fixes_{context}"] +==== Bug fixes + +* Before this update, bundle unpack jobs did not inherit control-plane tolerances from the catalog-operator that created them. As a consequence, the bundle unpack jobs ran on only worker nodes. If no worker nodes were available due to taints, then admins were unable to install or upgrade Operators on the cluster. With this release, control-plane tolerations are adopted for bundle unpack jobs so that the jobs are executed on primary nodes as part of the control plane. (link:https://issues.redhat.com/browse/OCPBUGS-59258[OCPBUGS-59258]) + +* Before this update, intermittent egress internet protocol (IP) handling due to inconsistent state updates in `OVNkubernetes`caused packet drops. These packet drops affected network traffic flow. With this release, `OVNkubernetes`pods consistently use their assigned egress IPs. As a result, dropped packages are reduced and network traffic flow is improved. (link:https://issues.redhat.com/browse/OCPBUGS-59234[OCPBUGS-59234]) + +* Before this update, the {aws-first} Cloud Provider did not set the default ping target of `HTTP:10256/healthz` for the {aws-short} Load Balancer. For the LoadBalancer Services that ran on {aws-short}, the Load Balancer object created in {aws-short} had a ping target of `TCP:32518`. As a consequence, the health probes for cluster-wide services did not work and the services were down during upgrades. With this release, the cloud config `ClusterServiceLoadBalancerHealthProbeMode` property is set to `Shared` to ensure that the config is passed to the {aws-short} Cloud Provider. As a result, the {aws-short} Load Balancers have the correct health check ping target of `HTTP:10256/healthzwhich`. (link:https://issues.redhat.com/browse/OCPBUGS-59101[OCPBUGS-59101]) + +* Before this update, the `MachineConfigOperator` (MCO) installed the `podman-etcd` agent to enable testing while waiting for the RPM Package Manager (RPM) version to reach the repositories. With this release, the agent that was installed by MCO is removed because the RPM version is available. (link:https://issues.redhat.com/browse/OCPBUGS-58894[OCPBUGS-58894]) + +* Before this update, when you ran the `oc-mirror v2` disk-to-mirror workflow without valid mirror tar files, the returned error messages did not correctly identify the problem. With this release, the `oc-mirror v2` workflow returns an error message that states `no tar archives matching "mirror_[0-9]{6}\.tar" found in ""`. (link:https://issues.redhat.com/browse/OCPBUGS-58341[OCPBUGS-58341]) + +* Before this update, the build controller searched for secrets that were linked for general use rather than specifically for the image pull. With this release, when the controller searches for the default image pull secrets, the builds use `ImagePullSecrets` that are linked to the service account. (link:https://issues.redhat.com/browse/OCPBUGS-57951[OCPBUGS-57951]) + +* Before this update, combined specification and status updates lists triggered unnecessary firmware upgrades, which caused system downtime. With this release, a firmware upgrade optimization skips unnecessary firmware upgrades when a Baseboard Management Controller (BMC) URL is added. (link:https://issues.redhat.com/browse/OCPBUGS-56765[OCPBUGS-56765]) + +* Before this update, when you defined the `blockedImages` value in the `imageSetConfiguration` parameter for `oc-mirror v2`, you were required to provide an extensive list of image references for excluding images from mirroring. This requirement sometimes prevented the exclusion of images from mirroring because the image digests changed between executions. With this release, you can use regular expressions for the `blockedImages` value to facilitate the exclusion of images from mirroring. (link:https://issues.redhat.com/browse/OCPBUGS-56728[OCPBUGS-56728]) + +* Before this update the *Observe > Metrics > query > QueryKebab > Export as csv* drop-down item did not handle a undefined title element. As a consequence, you could not export the CSV file for certain queries on the *Metrics* tab of {product-title} Lister versions 4.16, 4.17, and 4.18. With this release, the metrics download for all queries correctly handles object properties in the drop-down menu items. As a result, the CSV export for all queries works on the *Metrics* page. (link:https://issues.redhat.com/browse/OCPBUGS-52592[OCPBUGS-52592]) + +[id="ocp-4-19-5-updating_{context}"] +==== Updating +To update an {product-title} 4.19 cluster to this latest release, see xref:../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[Updating a cluster using the CLI]. + // 4.19.4 [id="ocp-4-19-4_{context}"] === RHSA-2025:10771 - {product-title} {product-version}.4 image release, bug fix, and security update advisory