#    file-name - an exact leaf filename, regardless of path
#    path-prefix - a prefix match on the file path
#    file-prefix - a prefix match of the leaf filename (no path)
#    paths-from-repo - read a file from the repo and load file paths
#

file-prefix	zz_generated.

file-name	types.generated.go
file-name	generated.pb.go
file-name	generated.proto
file-name	types_swagger_doc_generated.go

- The e2e suite can be instructed not to wait for pods in kube-system to be ready or for all nodes to be ready by passing `--allowed-not-ready-nodes=-1` when invoking the e2e.test program. This allows callers to run subsets of the e2e suite in scenarios other than perfectly healthy clusters. ([#98781](https://github.com/kubernetes/kubernetes/pull/98781), [@...

  - [Urgent Upgrade Notes](#urgent-upgrade-notes)
    - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade)
  - [Changes by Kind](#changes-by-kind-13)
    - [Deprecation](#deprecation)
    - [API Change](#api-change-4)
    - [Feature](#feature-12)

    - [Container Images](#container-images-9)
  - [Changelog since v1.27.0](#changelog-since-v1270)
  - [Urgent Upgrade Notes](#urgent-upgrade-notes)
    - [(No, really, you MUST read this before you upgrade)](#no-really-you-must-read-this-before-you-upgrade)
  - [Changes by Kind](#changes-by-kind-9)
    - [Deprecation](#deprecation)
    - [API Change](#api-change-2)
    - [Feature](#feature-8)

  - release-managers
  - AuraSinis # 1.24 Release Notes Lead
  - cici37 # 1.23 Release Notes Lead
  - csantanapr # 1.25 Release Notes Lead
  - harshanarayana # 1.27 Release Notes Lead
  - ramrodo # 1.26 Release Notes Lead
  - sanchita-07 # 1.28 Release Notes Lead
  - fsmunoz # 1.29 Release Notes Lead
  - rashansmith # 1.30 Release Notes Lead
reviewers:
  - release-managers
  - fykaa # 1.30 Release Notes Shadow

* Changes secret, configMap, downwardAPI and projected volumes to mount read-only, instead of allowing applications to write data and then reverting it automatically. Until version 1.11, setting the feature gate ReadOnlyAPIDataVolumes=false will preserve the old behavior. ([#58720](https://github.com/kubernetes/kubernetes/pull/58720),...

This release contains changes that address the following vulnerabilities:

### CVE-2022-3162: Unauthorized read of Custom Resources

A security issue was discovered in Kubernetes where users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group they are not authorized to read.

**Affected Versions**:
  - kube-apiserver v1.25.0 - v1.25.3

### CVE-2022-3162: Unauthorized read of Custom Resources

A security issue was discovered in Kubernetes where users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group they are not authorized to read.

**Affected Versions**:
  - kube-apiserver v1.25.0 - v1.25.3

### CVE-2022-3162: Unauthorized read of Custom Resources

A security issue was discovered in Kubernetes where users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group they are not authorized to read.

**Affected Versions**:
  - kube-apiserver v1.25.0 - v1.25.3

This release contains changes that address the following vulnerabilities:

### CVE-2022-3162: Unauthorized read of Custom Resources

A security issue was discovered in Kubernetes where users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group they are not authorized to read.

**Affected Versions**:
  - kube-apiserver v1.25.0 - v1.25.3