- The deprecated `--etcd-quorum-read` flag has been removed. Quorum reads are now always enabled when fetching data from etcd. Remove the `--etcd-quorum-read` flag from kube-apiserver invocations before upgrading.
- kube-controller-manager

// https://www.iana.org/domains/root/db/forex.html
forex

// forsale : Dog Beach, LLC
// https://www.iana.org/domains/root/db/forsale.html
forsale

// forum : Waterford Limited
// https://www.iana.org/domains/root/db/forum.html
forum

// foundation : Public Interest Registry
// https://www.iana.org/domains/root/db/foundation.html
foundation

// fox : FOX Registry, LLC

### **API Machinery**

*   The kube-apiserver `--etcd-quorum-read` flag is deprecated and the ability to switch off quorum read will be removed in a future release. ([#53795](https://github.com/kubernetes/kubernetes/pull/53795),[ @xiangpengzhao](https://github.com/xiangpengzhao))

### Feature

    For more information on deprecating auto-detecting cloud providers in kubelet, see PR [#51312](https://github.com/kubernetes/kubernetes/pull/51312) and [announcement](https://groups.google.com/forum/#!topic/kubernetes-dev/UAxwa2inbTA).

- The `PersistentVolumeLabel` admission controller in the API server is deprecated.

* Fix CVE-2019-11247: API server allows access to custom resources via wrong scope ([#80750](https://github.com/kubernetes/kubernetes/pull/80750))

See also the [security announcement for this release](https://groups.google.com/forum/#!topic/kubernetes-security-announce/vUtEcSEY6SM).

# v1.14.4

[Documentation](https://docs.k8s.io)

## Downloads for v1.14.4


filename | sha512 hash
-------- | -----------

There are no known mitigations to this vulnerability.

#### Fixed Versions

- kubelet v1.22.14
- kubelet v1.23.11
- kubelet v1.24.5
- kubelet v1.25.0


To upgrade, refer to this documentation _For core Kubernetes:_ https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster 

### Detection

* Fix CVE-2019-11247: API server allows access to custom resources via wrong scope ([#80750](https://github.com/kubernetes/kubernetes/pull/80750))

See also the [security announcement for this release](https://groups.google.com/forum/#!topic/kubernetes-security-announce/vUtEcSEY6SM).

# v1.15.1

[Documentation](https://docs.k8s.io)

## Downloads for v1.15.1


filename | sha512 hash
-------- | -----------

    * A distributed claim allows the OIDC provider to delegate a claim to a
    * separate URL.  Distributed claims are of the form as seen below, and are
    * defined in the OIDC Connect Core 1.0, section 5.6.2.
    * For details, see:
    * http://openid.net/specs/openid-connect-core-1_0.html#AggregatedDistributedClaims

There are no known mitigations to this vulnerability.

**Fixed Versions**:

- kubelet v1.22.14
- kubelet v1.23.11
- kubelet v1.24.5
- kubelet v1.25.0


To upgrade, refer to this documentation _For core Kubernetes:_ https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster 

**Detection**: