## Changelog since v1.8.1

### Other notable changes

* Allow for configuring etcd hostname in the manifest ([#54403](https://github.com/kubernetes/kubernetes/pull/54403), [@wojtek-t](https://github.com/wojtek-t))
* Allow standard flags in client-gen. ([#53999](https://github.com/kubernetes/kubernetes/pull/53999), [@sttts](https://github.com/sttts))

  * Allow configuration of a single security group for ELBs ([#45500](https://github.com/kubernetes/kubernetes/pull/45500), [@nbutton23](https://github.com/nbutton23))

  * Remove check that forces loadBalancerSourceRanges to be 0.0.0.0/0. ([#38636](https://github.com/kubernetes/kubernetes/pull/38636), [@dhawal55](https://github.com/dhawal55))

    * configuration scripts to allow configuration of signing duration of
    * certificates issued via the Certificate Signing Request API.

- Allow for configuration of CoreDNS replica count ([#85837](https://github.com/kubernetes/kubernetes/pull/85837), [@pickledrick](https://github.com/pickledrick)) [SIG Cluster Lifecycle]

### Other notable changes

* StatefulSet: Set hostname/subdomain fields on new Pods in addition to the deprecated annotations, to allow mitigation of Pod DNS issues upon upgrading to Kubernetes v1.7.x. ([#50942](https://github.com/kubernetes/kubernetes/pull/50942), [@enisoc](https://github.com/enisoc))
* Azure: Allow VNet to be in a separate Resource Group. ([#49725](https://github.com/kubernetes/kubernetes/pull/49725), [@sylr](https://github.com/sylr))

  - [Changelog since v1.21.4](#changelog-since-v1214)
  - [Important Security Information](#important-security-information)
    - [CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access](#cve-2021-25741-symlink-exchange-can-allow-host-filesystem-access)
  - [Changes by Kind](#changes-by-kind-8)
    - [Feature](#feature-6)
    - [Bug or Regression](#bug-or-regression-8)

### CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API

A security vulnerability has been discovered in Kubernetes windows nodes
that could allow a user with the ability to query a node's '/logs' endpoint
to execute arbitrary commands on the host.

**Affected Versions**:
  - kubelet <= v1.29.12
  - kubelet <= v1.30.8
  - kubelet <= v1.31.4

    - [Skip Volume Ownership change graduates to GA](#skip-volume-ownership-change-graduates-to-ga)
    - [Allow CSI drivers to opt-in to volume ownership and permission change graduates to GA](#allow-csi-drivers-to-opt-in-to-volume-ownership-and-permission-change-graduates-to-ga)
    - [PodSecurity graduates to Beta](#podsecurity-graduates-to-beta)

  - [Changelog since v1.22.1](#changelog-since-v1221)
  - [Important Security Information](#important-security-information-2)
    - [CVE-2021-25741: Symlink Exchange Can Allow Host Filesystem Access](#cve-2021-25741-symlink-exchange-can-allow-host-filesystem-access)
  - [Changes by Kind](#changes-by-kind-14)
    - [Feature](#feature-7)
    - [Bug or Regression](#bug-or-regression-14)
  - [Dependencies](#dependencies-15)

 - Fixes a regression in 1.17 that dropped cache-control headers on API requests ([#90468](https://github.com/kubernetes/kubernetes/pull/90468), [@liggitt](https://github.com/liggitt)) [SIG API Machinery and Testing]
 - Provides a fix to allow a cluster in a private Azure cloud to authenticate to ACR in the same cloud. ([#90425](https://github.com/kubernetes/kubernetes/pull/90425), [@DavidParks8](https://github.com/DavidParks8)) [SIG Cloud Provider]