You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: release_notes/ocp-4-16-release-notes.adoc
+37Lines changed: 37 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3360,6 +3360,43 @@ This section will continue to be updated over time to provide notes on enhanceme
3360
3360
For any {product-title} release, always review the instructions on xref:../updating/updating_a_cluster/updating-cluster-web-console.adoc#updating-cluster-web-console[updating your cluster] properly.
3361
3361
====
3362
3362
3363
+
//4.16.43
3364
+
[id="ocp-4-16-43_{context}"]
3365
+
=== RHSA-2025:9765 - {product-title} {product-version}.43 bug fix and security update
3366
+
3367
+
Issued: 02 July 2025
3368
+
3369
+
{product-title} release {product-version}.43 is now available. The list of bug fixes that are included in the update is documented in the link:https://access.redhat.com/errata/RHSA-2025:9765[RHSA-2025:9765] advisory.
3370
+
3371
+
You can view the container images in this release by running the following command:
3372
+
3373
+
[source,terminal]
3374
+
----
3375
+
$ oc adm release info 4.16.43 --pullspecs
3376
+
----
3377
+
3378
+
[id="ocp-4-16-43-bug-fixes_{context}"]
3379
+
==== Bug fixes
3380
+
3381
+
* Previously, Machine Config Daemon (MCD) pods did not properly respect proxy variables during in-place upgrades. This oversight in the reconciliation process led to missing proxy configurations, causing image pull failures for users. With this release, MCD pods correctly recognize the proxy variables during in-place upgrade strategies. As a result, users no longer experience image pull failures because of proxy configuration issues, improving the upgrade experience. (link:https://issues.redhat.com/browse/OCPBUGS-57494[OCPBUGS-57494])
3382
+
3383
+
* Previously, the `/metrics` and `/metrics/cadvisor` endpoints were overlooked during testing procedures. This oversight led to intermittent failures in the `Component Readiness` test for `TargetDown` alerts, and negatively impacted overall system stability. With this release, an update to the `Google-Cadvisor` package resolves the issue that caused these test failures, and significantly improves system stability and the reliability of component readiness checks. (link:https://issues.redhat.com/browse/OCPBUGS-57290[OCPBUGS-57290])
3384
+
3385
+
* Previously, the network attachment definition (NAD) controller experienced a null pointer de-reference when it processed multiple large multi-layer network policies. This issue caused the controller to become unstable, and led to open virtual network (OVN) pod crashes. With this release, the null pointer de-reference issue is resolved. This fix prevents future OVN pod crashes, resulting in improved OVN pod stability and cluster functionality. (link:https://issues.redhat.com/browse/OCPBUGS-56242[OCPBUGS-56242])
3386
+
3387
+
* Previously, if you added a custom certificate with a Subject Alternative Name (SAN) that conflicted with the Kubernetes API server (KAS) hostname defined in the `hc.spec.services.servicePublishingStrategy` parameter, the KAS certificate was not included when generating a new payload. All new nodes that attempted to join the {hcp} cluster had certificate validation issues. With this release, a validation step prevents these conflicts and informs the user about the problem. (link:https://issues.redhat.com/browse/OCPBUGS-55697[OCPBUGS-55697])
3388
+
3389
+
* Previously, limited live migration from OpenShift SDN to OVN-Kubernetes stopped because the machine config pools (MCP) failed to properly drain nodes. This resulted in nodes remaining in a mixed Container Network Interface (CNI) state, and led to significant problems such as application unavailability and DNS resolution failures. With this release, limited live migration uses the MCP correctly to drain nodes, and ensures a seamless migration. This improvement results in smooth application availability and consistent service communication for users during the migration process. (link:https://issues.redhat.com/browse/OCPBUGS-55282[OCPBUGS-55282])
3390
+
3391
+
* Previously, routes with secure hash algorithm (SHA-1) certificate authority (CA) certificates caused the high availability proxy (`HAProxy`) reload to fail. As a consequence, service interruptions occurred during reload operations. With this release, the validation is updated to reject routes with SHA-1 CA certificates. As a result, the `HAProxy` prevents reload failures and ensures smooth operation. (link:https://issues.redhat.com/browse/OCPBUGS-49391[OCPBUGS-49391])
3392
+
3393
+
* Previously, large-scale {product-title} clusters with 4,000 egress firewall policies experienced failures in the ovn-kube controller during migration. This was due to excessively long synchronization times, which blocked migration processes and led to worker node reboots. With this release, the `InformerSyncTimeout` parameter for the `EgressFirewall` informer is increased to accommodate high-load scenarios. As a result, large-scale {product-title} cluster migrations are not halted by worker node reboots, ensuring a smoother and reliable migration operation. (link:https://issues.redhat.com/browse/OCPBUGS-48121[OCPBUGS-48121])
3394
+
3395
+
[id="ocp-4-16-43-updating_{context}"]
3396
+
==== Updating
3397
+
3398
+
To update an existing {product-title} {product-version} cluster to this latest release, see xref:../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[Updating a cluster using the CLI].
3399
+
3363
3400
//4.16.42
3364
3401
[id="ocp-4-16-42_{context}"]
3365
3402
=== RHSA-2025:8556 - {product-title} {product-version}.42 bug fix and security update
0 commit comments