diff --git a/modules/zstream-4-22-1.adoc b/modules/zstream-4-22-1.adoc new file mode 100644 index 000000000000..8176a9def078 --- /dev/null +++ b/modules/zstream-4-22-1.adoc @@ -0,0 +1,49 @@ +// Module included in the following assemblies: +// +// * release_notes/ocp-4-19-release-notes.adoc + +:_mod-docs-content-type: REFERENCE +[id="zstream-4-22-1_{context}"] += RHSA-2026:25206 - {product-title} {product-version}.1 fixed issues and security update + +Issued: 16 June 2026 + +[role="_abstract"] +{product-title} release {product-version}.1 is now available. The list of fixed issues that are included in the update is documented in the link:https://access.redhat.com/errata/RHSA-2026:25206[RHSA-2026:25206] advisory. The RPM packages that are included in the update are provided by the link:https://access.redhat.com/errata/RHBA-2026:25204[RHBA-2026:25204] advisory. + +Space precluded documenting all of the container images for this release in the advisory. + +You can view the container images in this release by running the following command: + +[source,terminal] +---- +$ oc adm release info 4.22.1 --pullspecs +---- + +[id="zstream-4-22-1-fixed-issues_{context}"] +== Fixed issues + +* Before this update, pagination controls were not present at mobile resolutions since PatternFly expects both top and bottom pagination controls to be in use. With this release, pagination controls are present regardless of resolution. (link:https://issues.redhat.com/browse/OCPBUGS-84963[OCPBUGS-84963]) + +* Before this update, the `MachineSet` scale subresource lacked a valid selector, preventing autoscalers like HPA and KEDA from scaling the MachineSet. With this release, the `MachineSet` exposes an active label selector on the scale subresource, enabling scaling using autoscalers that require the label selector to be populated, such as HPA and KEDA. (link:https://issues.redhat.com/browse/OCPBUGS-85102[OCPBUGS-85102]) + +* Before this update, the Manila Container Storage Interface (CSI) driver node plugin could crash on startup if the Network File System (NFS) CSI plugin socket was not yet available, for example after a node reboot. With this release, the Manila CSI node `DaemonSet` waits for the NFS plugin socket to be ready before starting the driver, preventing crash loops due to transient startup ordering. (link:https://issues.redhat.com/browse/OCPBUGS-85532[OCPBUGS-85532]) + +* Before this update, the control plane Operator used Secret and ConfigMap resource names directly as Kubernetes volume names when building the `metrics-proxy` deployment. Because Kubernetes volume names must conform to RFC 1123 DNS label rules, which do not allow dots, the `metrics-proxy` deployment failed to create when a `ServiceMonitor` referenced a ConfigMap with dots in its name, such as `openshift-service-ca.crt`. With this update, the control plane Operator sanitizes volume names by replacing dots with dashes while preserving the original resource names in ConfigMap and Secret source references and mount paths. As a result, the `metrics-proxy` deployment is created successfully regardless of dots in referenced resource names. (link:https://issues.redhat.com/browse/OCPBUGS-86026[OCPBUGS-86026]) + +* Before this update, the `CertificateRevocationController` verified certificate revocation through the Kubernetes API Server (KAS) service load balancer, which routes to a single pod. In high availability (HA) deployments with three KAS replicas, the check could hit a pod that had loaded the updated trust bundle while others did not, causing premature state transitions in the revocation flow. With this release, the controller has been updated to verify certificate trust and revocation against every individual KAS pod by IP, rather than through the service. Certificate revocation now completes reliably in HA deployments by confirming all KAS pods have propagated the change. (link:https://issues.redhat.com/browse/OCPBUGS-86039[OCPBUGS-86039]) + +* Before this update, the web console repeatedly downloaded the full OpenAPI v2 schema at startup, after API discovery and every 5 minutes without using HTTP conditional request headers. With this release, the console caches the `ETag` from the OpenAPI responses and sends `If-None-Match` on subsequent requests. When the schema has not changed, the server returns a "304 Not Modified" response, avoiding redundant network transfers and JSON parsing. (link:https://issues.redhat.com/browse/OCPBUGS-86222[OCPBUGS-86222]) + +* Before this update, users without any projects saw a "Restricted access" error when navigating to certain resource list pages such as *Pods*, *PodDisruptionBudgets*, *RoleBindings, VolumeSnapshots*, and *Helm*. With this release, these pages now correctly display an empty state instead of the misleading `403` error. (link:https://issues.redhat.com/browse/OCPBUGS-86227[OCPBUGS-86227]) + +* Before this update, when a user applied a `MachineConfig` to install extensions, the Machine Config Operator (MCO) did not validate that all packages were installed. This would lead to situations where users believed their extension installation was successful, but packages were actually missing. With this release, the post node reboot validates that all packages associated with the user's required extension were successfully installed before reporting a successful update. If one or more packages is not present, the node, and subsequently the associated `MachineConfigPool` degrades. (link:https://issues.redhat.com/browse/OCPBUGS-86262[OCPBUGS-86262]) + +* Before this update, the macOS Option key was treated as a Meta key instead of a compose key in the pod terminal. As a consequence, characters that rely on Option key combinations, such as `@`, `{`, `}`, `|`, `\`, and `~`, could not be entered. With this release, the terminal correctly identifies macOS, so the Option key functions as a compose key as expected. (link:https://issues.redhat.com/browse/OCPBUGS-86580[OCPBUGS-86580]) + +* Before this update, the collection and emission of SELinux conflict metrics was inefficient and consumed excessive system resources. As a consequence, cluster performance degraded during metric collection cycles, leading to delayed reporting and high processor usage. With this release, the collection and emission logic has been optimized to streamline data processing. As a result, metric collection is now significantly faster, improving overall cluster performance and responsiveness. (link:https://issues.redhat.com/browse/OCPBUGS-86898[OCPBUGS-86898]) + +[id="zstream-4-22-1-updating_{context}"] +== Updating + +To update an {product-title} 4.22 cluster to this latest release, see xref:../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[Updating a cluster using the CLI]. diff --git a/release_notes/ocp-4-22-release-notes.adoc b/release_notes/ocp-4-22-release-notes.adoc index 8bf91bd47517..9db43f6a4013 100644 --- a/release_notes/ocp-4-22-release-notes.adoc +++ b/release_notes/ocp-4-22-release-notes.adoc @@ -44,3 +44,7 @@ include::modules/rn-ocp-release-notes-known-issues.adoc[leveloffset=+1] // Asynchronous errata updates include::modules/rn-ocp-release-notes-async-errata-updates.adoc[leveloffset=+1] +// zstream 4.22.1 RNs full document +include::modules/zstream-4-22-1.adoc[leveloffset=+2] + +