- kubelet v1.31.0 to v1.31.5
  - kubelet v1.32.0 to v1.32.1

**Fixed Versions**:
  - kubelet 1.29.14
  - kubelet 1.30.10
  - kubelet 1.31.6
  - kubelet 1.32.2

This vulnerability was reported and fixed by Tim Allclair @tallclair from Google.


**CVSS Rating:** Medium (6.2) [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

- Number of errors reported to the metric `storage_operation_duration_seconds_count` for emptyDir decreased significantly because previously one error was reported for each projected volume created. ([#117022](https://github.com/kubernetes/kubernetes/pull/117022), [@mpatlasov](https://github.com/mpatlasov)) [SIG Storage]

            if (plugin.isExtensions() && !artifacts.isEmpty()) {
                // ignore plugin descriptor parsing errors at this point
                // these errors will reported during calculation of project build execution plan
                try {
                    pluginDescriptor = extractPluginDescriptor(artifacts.get(0), plugin);

	}

	// Dealing with error returns from close() - 'man 2 close'
	//
	// A careful programmer will check the return value of close(), since it is quite possible that
	// errors on a previous write(2) operation are reported only on the final close() that releases
	// the open file descriptor.
	//
	// Failing to check the return value when closing a file may lead to silent loss of data.

- Number of errors reported to the metric `storage_operation_duration_seconds_count` for emptyDir decreased significantly because previously one error was reported for each projected volume created. ([#117022](https://github.com/kubernetes/kubernetes/pull/117022), [@mpatlasov](https://github.com/mpatlasov)) [SIG Storage]

   * milliseconds to execute.
   */
  private static final boolean profileTests = Boolean.getBoolean("jsr166.profileTests");

  /**
   * The number of milliseconds that tests are permitted for execution without being reported, when
   * profileTests is set.
   */
  private static final long profileThreshold = Long.getLong("jsr166.profileThreshold", 100);

  @Override
  protected void runTest() throws Throwable {

- Number of errors reported to the metric `storage_operation_duration_seconds_count` for emptyDir decreased significantly because previously one error was reported for each projected volume created. ([#117022](https://github.com/kubernetes/kubernetes/pull/117022), [@mpatlasov](https://github.com/mpatlasov)) [SIG Storage]

- Fix etcd_object_counts metric reported by kube-apiserver ([#94773](https://github.com/kubernetes/kubernetes/pull/94773), [@tkashem](https://github.com/tkashem)) [SIG API Machinery]

					normKey, origKeys)
			}

			if len(origKeys[1:]) > 0 {
				// Log that extra DN mappings will not be imported.
				iamLogEvent(ctx, "import-ldap-normalize: extraneous DN mappings found for LDAP DN[%s]: %v will not be imported", origKeys[0], origKeys[1:])
			}

			// Policies mapped to the DN's are the same, so we remove the extra
			// ones from the map.

    platform.assumeHttp2Support()
    enableTlsWithTunnel()
    server.protocols = Arrays.asList(Protocol.HTTP_2, Protocol.HTTP_1_1)
    timeToFirstByte()
  }

  /**
   * Test to confirm that events are reported at the time they occur and no earlier and no later.
   * This inserts a bunch of synthetic 250 ms delays into both client and server and confirms that
   * the same delays make it back into the events.
   *