- [Garbage Collector](#garbage-collector)
    - [kubeadm](#kubeadm-2)
    - [kubectl](#kubectl-1)
      - [New Commands](#new-commands)
      - [Create subcommands](#create-subcommands)
      - [Updates to existing commands](#updates-to-existing-commands)
      - [Updates to apply](#updates-to-apply)
      - [Updates to edit](#updates-to-edit)
      - [Bug fixes](#bug-fixes)

- Commands like `kubectl apply` now return errors if schema-invalid annotations are specified, rather than silently dropping the entire annotations section. ([#83552](https://github.com/kubernetes/kubernetes/pull/83552), [@liggitt](https://github.com/liggitt))...

* Fixes ability for admin/edit/view users to see controller revisions, needed for kubectl rollout commands ([#70699](https://github.com/kubernetes/kubernetes/pull/70699), [@liggitt](https://github.com/liggitt))

- `--log-flush-frequency` had no effect in several commands or was missing. Help and warning texts were not always using the right format for a command (`add_dir_header` instead of `add-dir-header`). Fixing this included cleaning up flag handling in component-base/logs: that package no longer adds flags to the global flag sets. Commands which want the klog and `--log-flush-frequency` flags must explicitly call `logs.AddFlags`; the new `cli.Run`...

block, continues to receive features and stability work required for bootstrapping production clusters efficiently. kubeadm has promoted high availability (HA) capability to beta, allowing users to use the familiar `kubeadm init` and `kubeadm join` commands to [configure and deploy an HA control plane](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/high-availability/). An entire new test suite has been created specifically for ensuring these features will stay stable over time....

- Improve kubectl's user help commands readability ([#104736](https://github.com/kubernetes/kubernetes/pull/104736), [@lauchokyip](https://github.com/lauchokyip))

A security vulnerability has been discovered in Kubernetes windows nodes
that could allow a user with the ability to query a node's '/logs' endpoint
to execute arbitrary commands on the host.

**Affected Versions**:
  - kubelet <= v1.29.12
  - kubelet <= v1.30.8
  - kubelet <= v1.31.4
  - kubelet = v1.32.0

**Fixed Versions**:
  - kubelet 1.29.13

### SIG Cluster Lifecycle

- Kubeadm: avoid detection of the container runtime for commands that do not need it ([#97849](https://github.com/kubernetes/kubernetes/pull/97849), [@pacoxu](https://github.com/pacoxu)) [SIG Cluster Lifecycle]

## Dependencies

### Added
_Nothing has changed._

### Changed

A security vulnerability has been discovered in Kubernetes windows nodes
that could allow a user with the ability to query a node's '/logs' endpoint
to execute arbitrary commands on the host.

**Affected Versions**:
  - kubelet <= v1.29.12
  - kubelet <= v1.30.8
  - kubelet <= v1.31.4
  - kubelet = v1.32.0

**Fixed Versions**:
  - kubelet 1.29.13