diff --git a/assets/controllers/kube-apiserver/defaultconfig.yaml b/assets/controllers/kube-apiserver/defaultconfig.yaml
index 8d944f814a..d220623742 100644
--- a/assets/controllers/kube-apiserver/defaultconfig.yaml
+++ b/assets/controllers/kube-apiserver/defaultconfig.yaml
@@ -170,6 +170,11 @@ apiServerArguments:
     - /etc/kubernetes/static-pod-certs/secrets/service-network-serving-certkey/tls.crt
   tls-private-key-file:
     - /etc/kubernetes/static-pod-certs/secrets/service-network-serving-certkey/tls.key
+  # CVE-2022-3259: Set HTTP Strict Transport Security
+  # Chrome and Mozilla Firefox maintain an HSTS preload list
+  # See issue: golang.org/issue/26162
+  strict-transport-security-directives:
+    - max-age=31536000,includeSubDomains,preload
 authConfig:
   oauthMetadataFile: ""
 consolePublicURL: ""
diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json
index 5d8b500536..72709a05e6 100644
--- a/assets/release/release-aarch64.json
+++ b/assets/release/release-aarch64.json
@@ -1,6 +1,6 @@
 {
   "release": {
-    "base": "4.12.0-0.nightly-arm64-2023-01-02-175115"
+    "base": "4.12.0-0.nightly-arm64-2023-01-03-161334"
   },
   "images": {
     "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:caa0fe9b53e4b0d2c9988fc20fa745ad80817a7cec36ba098d1812fab03e2add",
diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json
index 72dd8ae453..fe9fa7bb7d 100644
--- a/assets/release/release-x86_64.json
+++ b/assets/release/release-x86_64.json
@@ -1,6 +1,6 @@
 {
   "release": {
-    "base": "4.12.0-0.nightly-2023-01-02-175114"
+    "base": "4.12.0-0.nightly-2023-01-03-161331"
   },
   "images": {
     "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9945c3f5475a37e145160d2fe6bb21948f1024a856827bc9e7d5bc882f44a750",
diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh
index cabe8bc46c..b7777ab472 100755
--- a/scripts/auto-rebase/last_rebase.sh
+++ b/scripts/auto-rebase/last_rebase.sh
@@ -1,2 +1,2 @@
 #!/bin/bash -x
-./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.12.0-0.nightly-2023-01-02-175114" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.12.0-0.nightly-arm64-2023-01-02-175115"
+./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.12.0-0.nightly-2023-01-03-161331" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.12.0-0.nightly-arm64-2023-01-03-161334"