- Kubeadm: when adding new control plane nodes with "kubeadm join", ensure that the etcd member addition is performed only if a given member URL does not already exist in the list of members. Similarly, on "kubeadm reset" only remove an etcd member if its ID exists. ([#127620](https://github.com/kubernetes/kubernetes/pull/127620), [@SataQiu](https://github.com/SataQiu)) [SIG Cluster Lifecycle]...

Default, settings)\n    this._overlay = $(this._settings.overlayTemplate)\n\n    if (element.hasClass(CLASS_NAME_CARD)) {\n      this._parent = element\n    }\n\n    if (this._settings.source === '') {\n      throw new Error('Source url was not defined. Please specify a url in your CardRefresh source option.')\n    }\n  }\n\n  load() {\n    this._addOverlay()\n    this._settings.onLoadStart.call($(this))\n\n    $.get(this._settings.source, this._settings.params, response => {\n      if (this._settings.loadInContent)...

- If the user specifies an invalid timeout in the request URL, the request will be aborted with an HTTP 400.

pkg net, const FlagRunning = 32 #53482
pkg net, const FlagRunning Flags #53482
pkg net/http, func NewResponseController(ResponseWriter) *ResponseController #54136
pkg net/http/httputil, method (*ProxyRequest) SetURL(*url.URL) #53002
pkg net/http/httputil, method (*ProxyRequest) SetXForwarded() #53002
pkg net/http/httputil, type ProxyRequest struct #53002
pkg net/http/httputil, type ProxyRequest struct, In *http.Request #53002

- If the user specifies an invalid timeout in the request URL, the request will be aborted with an HTTP 400.

433\u043e\u0434\u0438\u043d\u0430"]},correctGrammaticalCase:function(e,a){return 1===e?a[0]:2<=e&&e<=4?a[1]:a[2]},translate:function(e,a,t){var s=br.words[t];return 1===t.length?a?s[0]:s[1]:e+" "+br.correctGrammaticalCase(e,s)}};M.defineLocale("sr-cyrl",{months:"\u0458\u0430\u043d\u0443\u0430\u0440_\u0444\u0435\u0431\u0440\u0443\u0430\u0440_\u043c\u0430\u0440\u0442_\u0430\u043f\u0440\u0438\u043b_\u043c\u0430\u0458_\u0458\u0443\u043d_\u0458\u0443\u043b_\u0430\u0432\u0433\u0443\u0441\u0442_\u0441\...

### CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF)

A security issue was discovered in kube-apiserver that could allow an attacker controlled aggregated API server to redirect client traffic to any URL.  This could lead to the client performing unexpected actions as well as leaking the client's credentials to third parties. 

pkg net, method (*DNSConfigError) Unwrap() error
pkg net, method (*OpError) Unwrap() error
pkg net, type DNSError struct, IsNotFound bool
pkg net, type ListenConfig struct, KeepAlive time.Duration
pkg net/url, method (*Error) Unwrap() error
pkg os/exec, method (*Cmd) String() string
pkg os/exec, method (*Error) Unwrap() error
pkg os, func UserConfigDir() (string, error)
pkg os, method (*LinkError) Unwrap() error

### CVE-2022-3172: Aggregated API server can cause clients to be redirected (SSRF)

A security issue was discovered in kube-apiserver that could allow an attacker controlled aggregated API server to redirect client traffic to any URL.  This could lead to the client performing unexpected actions as well as leaking the client's credentials to third parties. 

* Fix instance metadata service URL. ([#49081](https://github.com/kubernetes/kubernetes/pull/49081), [@brendandburns](https://github.com/brendandburns))