- Since golang 1.17 both net.ParseIP and net.ParseCIDR rejects leading zeros in the dot-decimal notation of IPv4 addresses,
  Kubernetes will keep allowing leading zeros on IPv4 address to not break the compatibility.
  IMPORTANT: Kubernetes interprets leading zeros on IPv4 addresses as decimal, users must not rely on parser alignment to not being impacted by the associated security advisory:

- Added warnings to the Services API. Kubernetes now warns for Services in the case of:
  - IPv4 addresses with leading zeros
  - IPv6 address in non-canonical format (RFC 5952) ([#114505](https://github.com/kubernetes/kubernetes/pull/114505), [@aojea](https://github.com/aojea))

**Affected Versions**:
  - kube-apiserver v1.32.0 - v1.32.5
  - kube-apiserver v1.33.0 - v1.33.1

**Fixed Versions**:
  - kube-apiserver v1.32.6
  - kube-apiserver v1.33.2

This vulnerability was reported by amitschendel.

### CLI Improvements
- The kubectl's api-resource command now has a `--sort-by` flag to sort resources by name or kind. ([#81971](https://github.com/kubernetes/kubernetes/pull/81971), [@laddng](https://github.com/laddng))

    - [Additional changes](#additional-changes)
  - [External Dependencies](#external-dependencies)
  - [Bug Fixes](#bug-fixes)
      - [General Fixes and Reliability](#general-fixes-and-reliability)
  - [Non-user-facing changes](#non-user-facing-changes)
- [v1.11.0-rc.3](#v1110-rc3)
  - [Downloads for v1.11.0-rc.3](#downloads-for-v1110-rc3)
    - [Client Binaries](#client-binaries-11)
    - [Server Binaries](#server-binaries-11)

- `kube-apiserver` added:

    - [API-Machinery](#api-machinery-1)
    - [Network](#network-1)
    - [Azure](#azure-1)
    - [Scheduling](#scheduling)
    - [Other changes](#other-changes)
  - [Non-user-facing Changes](#non-user-facing-changes)
  - [External Dependencies](#external-dependencies)
- [v1.10.0-rc.1](#v1100-rc1)
  - [Downloads for v1.10.0-rc.1](#downloads-for-v1100-rc1)
    - [Client Binaries](#client-binaries-14)

- Removed leading zeros from the etcd member ID in kubeadm log messages. ([#117919](https://github.com/kubernetes/kubernetes/pull/117919), [@dlipovetsky](https://github.com/dlipovetsky)) [SIG Cluster Lifecycle]

**Affected Versions**:
  - kube-apiserver v1.32.0 - v1.32.5
  - kube-apiserver v1.33.0 - v1.33.1

**Fixed Versions**:
  - kube-apiserver v1.32.6
  - kube-apiserver v1.33.2

This vulnerability was reported by amitschendel.

  - [Changelog since v1.31.11](#changelog-since-v13111)
  - [Important Security Information](#important-security-information)
    - [CVE-2025-5187: Nodes can delete themselves by adding an OwnerReference](#cve-2025-5187-nodes-can-delete-themselves-by-adding-an-ownerreference)
  - [Changes by Kind](#changes-by-kind)
    - [Feature](#feature)
    - [Bug or Regression](#bug-or-regression)
  - [Dependencies](#dependencies)
    - [Added](#added)