openshift · tedaveryredhat · Jul 11, 2025
diff --git a/release_notes/ocp-4-18-release-notes.adoc b/release_notes/ocp-4-18-release-notes.adoc
@@ -3023,6 +3023,38 @@ This section will continue to be updated over time to provide notes on enhanceme
 For any {product-title} release, always review the instructions on xref:../updating/updating_a_cluster/updating-cluster-web-console.adoc#updating-cluster-web-console[updating your cluster] properly.
 ====
 
+// 4.18.20
+[id="ocp-4-18-20_{context}"]
+=== RHSA-2025:10767 - {product-title} {product-version}.20 bug fix and security update
+
+Issued: 16 July 2025
+
+{product-title} release {product-version}.20 is now available. The list of bug fixes that are included in the update is documented in the link:https://access.redhat.com/errata/RHSA-2025:10767[RHSA-2025:10767] advisory. The RPM packages that are included in the update are provided by the link:https://access.redhat.com/errata/RHSA-2025:10768[RHSA-2025:10768] advisory.
+
+Space precluded documenting all of the container images for this release in the advisory.
+
+You can view the container images in this release by running the following command:
+
+[source,terminal]
+----
+$ oc adm release info 4.18.20 --pullspecs
+----
+
+[id="ocp-4-18-20-bug-fixes_{context}"]
+==== Bug fixes
+
+* Previously, a subset of endpoints on the console backend were gated by `TokenReview` requests to the API server. In some cases, the API server would throttle these requests, causing slower load times in the UI. With this release, the `TokenReview` gating was removed from all but one of our endpoints resulting in improved performance. (link:https://issues.redhat.com/browse/OCPBUGS-58317[OCPBUGS-58317])
+
+* Previously, useful error messages were not generated when the`oc adm node-image create` command failed. With this release, the `oc adm node-image create` command generates error messages when the command fails. (link:https://issues.redhat.com/browse/OCPBUGS-58233[OCPBUGS-58233])
+
+* Previously, the HAProxy configuration used the `/version` endpoint for health checks causing unreliable health checks to be generated. With this release, the liveness probe is customized to use `/livez?exclude=etcd&exclude=log` on IBM Cloud for more accurate health checks avoiding disruptions due to inappropriate probe configurations on Hypershift, while retaining `/version` for other platforms. (link:https://issues.redhat.com/browse/OCPBUGS-58126[OCPBUGS-58126])
+
+* Previously, The Machine Config Operator (MCO) updated boot images without verifying that the current boot image was from the marketplace. As a consequence, the MCO overrode a marketplace boot image with a standard {product-title} installer image. With this release, the MCO references a lookup table in {aws-first} that contains all standard installer Amazon Machine Images (AMIs) in {product-title} before updating the boot image. In {gcp-first}, the MCO checks the URL header before updating the boot image. As a result, the MCO does not update machine sets that have a marketplace boot image. (link:https://issues.redhat.com/browse/OCPBUGS-58044[OCPBUGS-58044])
+
+[id="ocp-4-18-20-updating_{context}"]
+==== Updating
+To update an {product-title} 4.18 cluster to this latest release, see xref:../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[Updating a cluster using the CLI].
+
 // 4.18.19
 [id="ocp-4-18-19_{context}"]
 === RHSA-2025:9725 - {product-title} {product-version}.19 bug fix and security update