* Advanced audit policy now supports matching subresources and resource names, but the top level resource no longer matches the subresouce. For example "pods" no longer matches requests to the logs subresource of pods. Use "pods/logs" to match subresources. ([#48836](https://github.com/kubernetes/kubernetes/pull/48836), [@ericchiang](https://github.com/ericchiang))

- A new /resize subresource was added to request pod resource resizing. Update your k8s client code to utilize the /resize subresource for Pod resizing operations. ([#128266](https://github.com/kubernetes/kubernetes/pull/128266), [@AnishShah](https://github.com/AnishShah)) [SIG API Machinery, Apps, Node and Testing]

- Fixes a bug where Services using finalizers may hold onto ClusterIP and/or NodePort allocated resources for longer than expected if the finalizer is removed using the status subresource ([#120655](https://github.com/kubernetes/kubernetes/pull/120655), [@aojea](https://github.com/aojea)) [SIG Network and Testing]

- The validation of `replicas` field in the ReplicationController `/scale` subresource has been migrated to declarative validation.
  If the `DeclarativeValidation` feature gate is enabled, mismatches with existing validation are reported via metrics.

- Fixes a bug where Services using finalizers may hold onto ClusterIP and/or NodePort allocated resources for longer than expected if the finalizer is removed using the status subresource ([#120657](https://github.com/kubernetes/kubernetes/pull/120657), [@aojea](https://github.com/aojea)) [SIG Network and Testing]

- Fixed a bug where `Services` using finalizers may hold onto `ClusterIP` and/or `NodePort` allocated resources for longer than expected if the finalizer is removed using the status subresource. ([#120623](https://github.com/kubernetes/kubernetes/pull/120623), [@aojea](https://github.com/aojea))

- Promoted kubectl `--subresource` flag to stable. ([#130238](https://github.com/kubernetes/kubernetes/pull/130238), [@soltysh](https://github.com/soltysh))

    writing it has test supersource but no prod supersource.

    GWT happens to use the prod .gwt.xml, so it looks for no supersource for
    tests, either. This causes it to fail to find AtomicLongMapTest.

    Our workaround is to tell GWT that util.concurrent and all other packages
    have prod supersource, even if they have none. GWT is happy to ignore us

    writing it has test supersource but no prod supersource.

    GWT happens to use the prod .gwt.xml, so it looks for no supersource for
    tests, either. This causes it to fail to find AtomicLongMapTest.

    Our workaround is to tell GWT that util.concurrent and all other packages
    have prod supersource, even if they have none. GWT is happy to ignore us

    writing it has test supersource but no prod supersource.

    GWT happens to use the prod .gwt.xml, so it looks for no supersource for
    tests, either. This causes it to fail to find AtomicLongMapTest.

    Our workaround is to tell GWT that util.concurrent and all other packages
    have prod supersource, even if they have none. GWT is happy to ignore us