Which 4.y.z to 4.y'.z' updates increase vulnerability?

• 4.14.2 through 4.14.10
• 4.13.25 through 4.13.29

Which types of clusters?

• ARO clusters

What is the impact? Is it serious enough to warrant removing update recommendations?

• Adding new nodes to the cluster will fail
• Rebooting nodes will fail

How involved is remediation?

• The dnsmasq service can be restarted on each node which will return that node to Ready state until it is subsequently restarted

Is this a regression?

• Yes, the versions mentioned above changed service ordering and this has broken ARO specific dnsmasq configuration.
• Versions 4.14.10 or 4.13.30 and later resolve this issue