- Excluded preemptor pod metadata in the event message ([#114923](https://github.com/kubernetes/kubernetes/pull/114923), [@mimowo](https://github.com/mimowo))
- Expanded the partial fix for https://github.com/kubernetes/kubernetes/issues/111539
  which was already started in https://github.com/kubernetes/kubernetes/pull/109706
  Specifically, we will now reduce the amount of syncs for `ETP=local` services even

- Fixed a potential deadlock in the resource quota controller. Enabled recording partial usage info for quota objects specifying multiple resources, when only some of the resources' usage can be determined. ([#74747](https://github.com/kubernetes/kubernetes/pull/74747), [@liggitt](https://github.com/liggitt))

  * Mediates issue [#36859](https://github.com/kubernetes/kubernetes/pull/36859). StatefulSet only acts on Pods whose identity matches the StatefulSet, providing a partial mediation for overlapping controllers.

### Taints and Tolerations

  - node_cpu_usage_seconds --> node_cpu_usage_seconds_total
  - container_cpu_usage_seconds --> container_cpu_usage_seconds_total

There is no mitigation from this issue.  Cluster admins should take care to secure aggregated API servers and should not grant access to mutate `APIService`s to untrusted parties.

**Affected Versions**:
  - kube-apiserver v1.25.0
  - kube-apiserver v1.24.0 - v1.24.4

There is no mitigation from this issue.  Cluster admins should take care to secure aggregated API servers and should not grant access to mutate `APIService`s to untrusted parties.

**Affected Versions**:
  - kube-apiserver v1.25.0
  - kube-apiserver v1.24.0 - v1.24.4

- The Image Locality priority function of the scheduler has been improved and is now enabled by default. With this feature enabled, nodes that have all or a partial set of images required for running a pod are preferred over other nodes, which improves pod start-up time.
- TaintNodeByCondition has been moved to Beta and is enabled by default.

- Fixes a bug where a partial EndpointSlice update could cause node name information to be dropped from endpoints that were not updated. ([#108203](https://github.com/kubernetes/kubernetes/pull/108203), [@robscott](https://github.com/robscott)) [SIG Network]

There is no mitigation from this issue.  Cluster admins should take care to secure aggregated API servers and should not grant access to mutate `APIService`s to untrusted parties.

**Affected Versions**:
  - kube-apiserver v1.25.0
  - kube-apiserver v1.24.0 - v1.24.4

There is no mitigation from this issue.  Cluster admins should take care to secure aggregated API servers and should not grant access to mutate `APIService`s to untrusted parties.

**Affected Versions**:
  - kube-apiserver v1.25.0
  - kube-apiserver v1.24.0 - v1.24.4