- [Node Binaries](#node-binaries)
    - [Container Images](#container-images)
  - [Changelog since v1.21.13](#changelog-since-v12113)
  - [Dependencies](#dependencies)
    - [Added](#added)
    - [Changed](#changed)
    - [Removed](#removed)
- [v1.21.13](#v12113)
  - [Downloads for v1.21.13](#downloads-for-v12113)
    - [Source Code](#source-code-1)
    - [Client Binaries](#client-binaries-1)

  - kubelet <= v1.27.4
  - kubelet <= v1.26.7
  - kubelet <= v1.25.12
  - kubelet <= v1.24.16

**Fixed Versions**:
  - kubelet v1.28.1
  - kubelet v1.27.5
  - kubelet v1.26.8
  - kubelet v1.25.13
  - kubelet v1.24.17

This vulnerability was discovered by James Sturtevant @jsturtevant and Mark Rossetti @marosset during the process of fixing CVE-2023-3676 (that original CVE was reported by Tomer Peled @tomerpeled92)

**Affected Versions**:
  - kube-apiserver v1.25.0 - v1.25.3
  - kube-apiserver v1.24.0 - v1.24.7
  - kube-apiserver v1.23.0 - v1.23.13
  - kube-apiserver v1.22.0 - v1.22.15
  - kube-apiserver <= v1.21.?

**Fixed Versions**:
  - kube-apiserver v1.25.4

### Changed
- cloud.google.com/go/accessapproval: v1.6.0 → v1.7.1
- cloud.google.com/go/accesscontextmanager: v1.7.0 → v1.8.1
- cloud.google.com/go/aiplatform: v1.37.0 → v1.48.0
- cloud.google.com/go/analytics: v0.19.0 → v0.21.3
- cloud.google.com/go/apigateway: v1.5.0 → v1.6.1
- cloud.google.com/go/apigeeconnect: v1.5.0 → v1.6.1
- cloud.google.com/go/apigeeregistry: v0.6.0 → v0.7.1
- cloud.google.com/go/appengine: v1.7.1 → v1.8.1

- cloud.google.com/go/accessapproval: v1.7.1 → v1.7.4
- cloud.google.com/go/accesscontextmanager: v1.8.1 → v1.8.4
- cloud.google.com/go/aiplatform: v1.48.0 → v1.58.0
- cloud.google.com/go/analytics: v0.21.3 → v0.22.0
- cloud.google.com/go/apigateway: v1.6.1 → v1.6.4
- cloud.google.com/go/apigeeconnect: v1.6.1 → v1.6.4
- cloud.google.com/go/apigeeregistry: v0.7.1 → v0.8.2
- cloud.google.com/go/appengine: v1.8.1 → v1.8.4

pkg syscall (netbsd-arm64-cgo), const ETHERTYPE_WELLFLEET = 33027
pkg syscall (netbsd-arm64-cgo), const ETHERTYPE_WELLFLEET ideal-int
pkg syscall (netbsd-arm64-cgo), const ETHERTYPE_X25 = 2053
pkg syscall (netbsd-arm64-cgo), const ETHERTYPE_X25 ideal-int
pkg syscall (netbsd-arm64-cgo), const ETHERTYPE_X75 = 2049
pkg syscall (netbsd-arm64-cgo), const ETHERTYPE_X75 ideal-int

**Affected Versions**:
  - kube-apiserver v1.25.0 - v1.25.3
  - kube-apiserver v1.24.0 - v1.24.7
  - kube-apiserver v1.23.0 - v1.23.13
  - kube-apiserver v1.22.0 - v1.22.15
  - kube-apiserver <= v1.21.?

**Fixed Versions**:
  - kube-apiserver v1.25.4

  - kubelet <= v1.27.4
  - kubelet <= v1.26.7
  - kubelet <= v1.25.12
  - kubelet <= v1.24.16

**Fixed Versions**:
  - kubelet v1.28.1
  - kubelet v1.27.5
  - kubelet v1.26.8
  - kubelet v1.25.13
  - kubelet v1.24.17

This vulnerability was discovered by James Sturtevant @jsturtevant and Mark Rossetti @marosset during the process of fixing CVE-2023-3676 (that original CVE was reported by Tomer Peled @tomerpeled92)