- No-op and GC related updates to cluster trust bundles no longer require attest authorization when the `ClusterTrustBundleAttest`...

- Fix a bug in cronjob controller where already created jobs may be missing from the status. ([#120649...

- Fix 1.28.0 regression where adding aggregated APIService objects could cause apiserver to panic and affect...

- Fix a bug in cronjob controller where already created jobs may be missing from the status. ([#120649...

- Fix a bug in cronjob controller where already created jobs may be missing from the status. ([#120649]...

* Ignored mirror pods in PodPreset admission plugin. ([#45958](https://github.com/kubernetes/kubernetes/pull/45958), [@k82cn](https://github.com/k82cn))
* Don't try to attach volume to new node if it is already attached to another node and the volume does not support multi-attach. ([#45346](https://github.com/kubernetes/kubernetes/pull/45346), [@codablock](https://github.com/codablock))

### Upgrades

* ⬆️ Upgrade Starlette to 0.25.0. PR [#5996](https://github.com/tiangolo/fastapi/pull/5996) by [@tiangolo](https://github.com/tiangolo).
    * This solves a vulnerability that could allow denial of service attacks by using many small multipart fields/files (parts), consuming high CPU and memory.
    * Only applications using forms (e.g. file uploads) could be affected.
    * For most cases, upgrading won't have any breaking changes.

  // Whether the container runtime should close the stdin channel after it has been opened by
  // a single attach. When stdin is true the stdin stream will remain open across multiple attach
  // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
  // first client attaches to stdin, and then remains open and accepts data until the client disconnects,

### CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF)

A security issue was discovered in kube-apiserver that could allow an attacker controlled aggregated API server to redirect client traffic to any URL.  This could lead to the client performing unexpected actions as well as leaking the client's credentials to third parties. 

- [`KT-56684`](https://youtrack.jetbrains.com/issue/KT-56684) Adopt KMM UI tests to be used with IDEA
- [`KT-50952`](https://youtrack.jetbrains.com/issue/KT-50952) MPP: Commonized cinterops doesn't attach/detach to source set on configuration changes

### IDE. Navigation

- [`KT-61894`](https://youtrack.jetbrains.com/issue/KT-61894) Navigation from java sources leads to Kotlin decompiled code in case of suspend function