Merge pull request #96065 from wgabor0427/OSDOCS-15263

OSDOCS-15263 created z-stream release notes

Author: jeana-redhat

release_notes/ocp-4-19-release-notes.adoc

@@ -2813,6 +2813,50 @@ This section will continue to be updated over time to provide notes on enhanceme
 For any {product-title} release, always review the instructions on xref:../updating/updating_a_cluster/updating-cluster-web-console.adoc#updating-cluster-web-console[updating your cluster] properly.
 ====
 
+// 4.19.4
+[id="ocp-4-19-4_{context}"]
+=== RHSA-2025:10771 - {product-title} {product-version}.4 image release, bug fix, and security update advisory
+
+Issued: 15 July 2025
+
+{product-title} release {product-version}.4, which includes security updates, is now available. The list of bug fixes that are included in the update is documented in the link:https://access.redhat.com/errata/RHSA-2025:10771[RHSA-2025:10771] advisory. The RPM packages that are included in the update are provided by the link:https://access.redhat.com/errata/RHBA-2025:10772[RHBA-2025:10772] advisory.
+
+Space precluded documenting all of the container images for this release in the advisory.
+
+You can view the container images in this release by running the following command:
+
+[source,terminal]
+----
+$ oc adm release info 4.19.4 --pullspecs
+----
+
+[id="ocp-4-19-4-bug-fixes_{context}"]
+==== Bug fixes
+
+* Previously, when the Gateway API feature was enabled, it installed an Istio control plane configured with one pod replica and an associated `PodDisruptionBudget` setting. The `PodDisruptionBudget` setting prevented the only pod replica from being evicted, blocking cluster upgrades. With this release, the Ingress Operator prevents the Istio control plane from being configured with the `PodDisruptionBudget` setting allowing cluster upgrades. (link:https://issues.redhat.com/browse/OCPBUGS-58394[OCPBUGS-58394])
+
+* Previously, a runtime error occurred when clicking *Edit HorizontalPodAutoscaler* using the form view. With this release, the *Edit HorizontalPodAutoscaler* form view renders as expected. (link:https://issues.redhat.com/browse/OCPBUGS-58377[OCPBUGS-58377])
+
+* Previously, forward slashes were permitted in `console.tab/horizontalNav` `href` values. Starting in version 4.15, a regression resulted in forward slashes no longer working correctly when used in `href` values. With this release, forward slashes in `console.tab/horizontalNav` `href` values continue to work as expected. (link:https://issues.redhat.com/browse/OCPBUGS-58375[OCPBUGS-58375])
+
+* Previously, when a hosted cluster was configured with a proxy URL such as `\http://user:pass@host`, the authentication header was not getting forwarded by the Konnectivity proxy to the user proxy, which caused authentication to fail. With this release, the proper authentication header is sent when a user and password is specified in the proxy URL. (link:https://issues.redhat.com/browse/OCPBUGS-58335[OCPBUGS-58335])
+
+* Previously, a subset of endpoints on the console backend were gated by `TokenReview` requests to the API server. In some cases, the API server would throttle these requests, causing slower load times in the UI. With this release, the `TokenReview` gating was removed from all but one of our endpoints resulting in improved performance. (link:https://issues.redhat.com/browse/OCPBUGS-58316[OCPBUGS-58316])
+
+* Previously, the amount of requests that the oc-mirror plugin v2 sent many requests to container registries caused container registries to reject some requests with a `too many requests` error. With this release, the default values for several related parameters were adjusted to result in fewer requests being sent to the container registries. (link:https://issues.redhat.com/browse/OCPBUGS-58279[OCPBUGS-58279])
+
+* Previously, the kubelet server certificate was not updated after certificate rotation due to unauthorized access to the API server causing the cluster to start in an unhealthy state. With this release, the kubelet server certificate is updated after certificate rotation, ensuring a healthy cluster state. (link:https://issues.redhat.com/browse/OCPBUGS-58116[OCPBUGS-58116])
+
+* Previously, when on-premise installer-provisioned infrastructure deployments used the Cilium container network interface (CNI), the firewall rule that redirected traffic to the load balancer was ineffective. With this release, the rule works with the Cilium CNI and `OVNKubernetes`. (link:https://issues.redhat.com/browse/OCPBUGS-57781[OCPBUGS-57781])
+
+* Previously, deleting an `istag` resource with the `--dry-run=server` option unintentionally caused actual deletion of the image from the server. This unexpected deletion occurred due to the dry-run option being implemented incorrectly in the `oc delete istag` command. With this release, the dry-run option is now wired to the `oc delete istag` command, preventing accidental deletion of image objects and the `istag` object remains intact when using the `--dry-run=server` option. (link:https://issues.redhat.com/browse/OCPBUGS-57206[OCPBUGS-57206])
+
+* Previously, an outdated version of the Azure API prevented specifying a Capacity Reservation Group for a machine set, if that group resided in a different subscription than the one originating the server creation. With this release, {product-title} uses a newer version of the Azure API that is compatible with this configuration. (link:https://issues.redhat.com/browse/OCPBUGS-56163[OCPBUGS-56163])
+
+[id="ocp-4-19-4-updating_{context}"]
+==== Updating
+To update an {product-title} 4.19 cluster to this latest release, see xref:../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[Updating a cluster using the CLI].
+
 // 4.19.3
 [id="ocp-4-19-3_{context}"]
 === RHBA-2025:10290 - {product-title} {product-version}.3 image release, bug fix, and security update advisory
@@ -2837,7 +2881,7 @@ $ oc adm release info 4.19.3 --pullspecs
 
 * Previously, when on-prem installer-provisioned infrastructure (IPI) deployments used the Cilium container network interface (CNI), the firewall rule that redirected traffic to the load balancer was ineffective. With this release, the rule works with the Cilium CNI and `OVNKubernetes`. (link:https://issues.redhat.com/browse/OCPBUGS-57781[OCPBUGS-57781])
 
-* Previously, when you defined the `blockedImages` value in the `imageSetConfiguration` parameter for `oc-mirror v2`, you were required to provide an extensive list of image references for excluding images from mirroring. This requirement sometimes prevented the exclusion of images from mirroring because the image digests changed between executions. With this release, you can use regular expressions for the `blockedImages` value to facilitate the exclusion of images from mirroring. (link:https://issues.redhat.com/browse/OCPBUGS-56728[OCPBUGS-56728]) 
+* Previously, when you defined the `blockedImages` value in the `imageSetConfiguration` parameter for `oc-mirror v2`, you were required to provide an extensive list of image references for excluding images from mirroring. This requirement sometimes prevented the exclusion of images from mirroring because the image digests changed between executions. With this release, you can use regular expressions for the `blockedImages` value to facilitate the exclusion of images from mirroring. (link:https://issues.redhat.com/browse/OCPBUGS-56728[OCPBUGS-56728])
 
 * Previously, certain traffic patterns with large packets running between {product-title} nodes and pods triggered an {product-title} host to send Internet Control Message Protocol (ICMP) needs frag to another {product-title} host. This situation lowered the viable maximum transmission unit (MTU) in the cluster. As a consequence, executing the `ip route show cache` command generated a cached route with a lower MTU than the physical link. Packets were dropped and {product-title} components were degrading because the host did not send pod-to-pod traffic with the large packets. With this release, NF Tables rules prevent the {product-title} nodes from lowering their MTU in response to traffic patterns with large packets. (link:https://issues.redhat.com/browse/OCPBUGS-55997[OCPBUGS-55997])